diff options
1018 files changed, 12262 insertions, 5985 deletions
diff --git a/libnDPI b/libnDPI -Subproject 1f693c3f5a5dcd9d69dffb610b9a81bd33f9538 +Subproject 0db12b1390b1cc554b927230c76b05264c05b49 diff --git a/test/results/caches_cfg/ookla.pcap.out b/test/results/caches_cfg/ookla.pcap.out index 4e6c69bc9..384ce3531 100644 --- a/test/results/caches_cfg/ookla.pcap.out +++ b/test/results/caches_cfg/ookla.pcap.out @@ -1,4 +1,4 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":52760463,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":52760463,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52760463,"pkt":"pJGxgjQ5CAAns+YuCABFAAA88ZNAAEAG5yvAqAHAuZ3l9pOeH5CL5\/\/AAAAAAKAC+vCdxwAAAgQFtAQCCArwSR4qAAAAAAEDAwc="} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52767367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52767367,"pkt":"CAAns+YupJGxgjQ5CABFAAA8AABAADkG37+5neX2wKgBwB+Qk54VD1Tvi+f\/waAS9KzB8AAAAgQFtAQCCArQXqes8EkeKgEDAwc="} @@ -12,7 +12,7 @@ 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":52803123,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52803123,"pkt":"pJGxgjQ5CAAns+YuCABFAAA07SxAAEAGxSTAqAHAWWBsqsfUH5CQmgkYQm9JZYAQAfaCuwAAAQEICkrfmqSA8vY2"} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":52803891,"pkt":"pJGxgjQ5CAAns+YuCABFAACB7S1AAEAGxNbAqAHAWWBsqsfUH5CQmgkYQm9JZYAYAfa1WgAAAQEICkrfmqSA8vY2EMGp+9vLnmHw2ahVPr\/DnjqEBMpv3qQx14PKFUDQ+Xiem1oDpE25ebBB0o3w7\/CD7T9\/W+RFeHExRQnSnZNpGp1400Jci657f6wCIgo="} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52813624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52813624,"pkt":"CAAns+YupJGxgjQ5CABFAAA0vyZAADkG+ipZYGyqwKgBwB+Qx9RCb0llkJoJZYAQAOODdAAAAQEICoDy9kNK35qk"} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491069108756336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1491069108756336,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108793565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1491069108793565,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="} @@ -30,7 +30,7 @@ 00922{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00763{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00943{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52760463,"flow_src_last_pkt_time":52824399,"flow_dst_last_pkt_time":52783053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1679653269892307} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1679653269892307} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269892307,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269892307,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA8d9tAAEAGx5vAqAGAaBDRDL7WAbvTK4fdAAAAAKAC+vCixQAAAgQFtAQCCAqNuQWwAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269908336,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGRndoENEMwKgBgAG7vtZrVEBX0yuH3qAS\/ohAMAAAAgQFeAQCCApAz3KnjbkFsAEDAw0="} @@ -52,7 +52,7 @@ 01241{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":100,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":7,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307021150,"flow_dst_last_pkt_time":1679653307026312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":2446,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307026312,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"8":"DPI (aggressive)"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3":"c279b0189edb9269da7bc43dea5e0c36","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269935522,"flow_dst_last_pkt_time":1679653269948533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1084,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":8,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307034874,"flow_dst_last_pkt_time":1679653307034855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":19822,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"8":"DPI (aggressive)"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":113,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/caches_cfg\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":113,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 113/113 ~~ skipped flows.............: 0 @@ -61,9 +61,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7798209 bytes -~~ total memory freed........: 7798209 bytes -~~ total allocations/frees...: 146558/146558 +~~ total memory allocated....: 11506748 bytes +~~ total memory freed........: 11506748 bytes +~~ total allocations/frees...: 216812/216812 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 523 chars ~~ json string max len.......: 1402 chars diff --git a/test/results/caches_cfg/teams.pcap.out b/test/results/caches_cfg/teams.pcap.out index 09eaa1b62..eb03322ba 100644 --- a/test/results/caches_cfg/teams.pcap.out +++ b/test/results/caches_cfg/teams.pcap.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00897{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 01004{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}} @@ -453,7 +453,7 @@ 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693475613,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693475613,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJMAAGwR1dQ0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693515047,"pkt":"EBMx8Tl2KDc3AG3ICABFAABg5p0AAEARo1PAqAEGNHL6e8NgDZYATAKlAAMAMCESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1238,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1238,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693516414,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693516414,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NiAbvwxDFFAAAAALAC\/\/9VoQAAAgQFtAEDAwUBAQgKMITZEwAAAAAEAgAA"} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693517336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693517336,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -470,17 +470,17 @@ 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576566,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693576566,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJUAAGwR1m40ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693582165,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgF74AAEARcjPAqAEGNHL6e8N0DZYATEppAAMAMCESpEI9x0RmdejywONbcT4ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582610,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693582610,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693597783,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="} -01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693608822,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZVAAGwGevI0cvp7wKgBBgG7w2KOQOnM8MQyAVAQCARhxAAANjIwWjCBmzCBmDBMMAkGBSsOAwIaBQAEFCmF\/GE9vi+wEg9eQg5MnsPVnv18BBQI\/iWfdOqHBMK8u46oOF8zxtFsZQITLQAGXpgoyD\/NFydgrgAAAAZemIAAGA8yMDIwMDQxNTE5MDYyMFqgERgPMjAyMDA0MTkxOTA2MjBaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTA2MjBaMA0GCSqGSIb3DQEBCwUAA4IBAQAaQYaDpwd6DNwyOUeit6mUOBXgoV06pe6ThWCURamS0COPur719YO54pzaWQ\/wQiNdRfJ+6IxdL624Y9ECjW7h0i3GVY5McK\/JE0+t8QKiDyIrzja2mdM3dr87glc0ghsX25i5Wq+uovmAq2y0kIR5ZDxPkSCewMHChNQBpgB6w7ldXqSVgO6mMxOPGIUJeCKP7XKb6HxICQ+KDOclyTMlRvOfgXDsfJ+qgS\/\/Xx69gdsXVVKuxxVgmTXKPjwc6+0PAhk7AM38T+1uvkyY+cnLoNXnWfuXwei6nw4U+wy7NBkdjTNfderi681shWsjrz7QTveMgXHXa8hDzke10XqeoIIFIzCCBR8wggUbMIIDA6ADAgECAhNuABXTTwZmllgRJK\/RAAAAFdNPMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDA0MDIxNjU4MDlaFw0yMTA0MDIxNjU4MDlaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfNV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt72xRWYGvzznDDT8NXYL9rp9+Ya3b0Z6P2wS3akQ58NdGCNNqh5bkYWl59MsBDUHv9Ef+w2CazdUk3Nynho4E8vpdECh67pX0G62DZBOiFmluBNKbuC5wy0qFpuDZifuCaL\/JIioH+qZxw1n9T+IlPYbhUIt9LEWbIcz3NKvVAjL22uCbIe4fgQeiRQY6CQMOOiKJvbVG0ji+rtc86+Mxhhl4WT\/oA0rEF\/rkByMk2VOShPm7OYdkPB4JadSsYxElQdJQqZtZ7Dx1QoI7ppuYvpwizs9bk5\/qpPbZOX2ffENmbYPX8IEIoHImvw+d5OCujhcH8ND8y2D3AEt3YOySwIDAQABo4HWMIHTMB0GA1UdDgQWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAZeWmp3UPfRLZIyUkIOP3qzADvvJHesY63Dc2ynSZnVwywgjceFf+k+yQAXU4qttDwcVbl8RAxZ3TRxOK\/tx9uYmaavtEm3swh9h5B7DCvmIXfqsJJlRpK\/OFGfcf49BNBZXJky59f8YfJ49hsiJiWchclECz2p04IejlY2rjzCMngCMT2bpAzYBsJXomAbKsVRl07LYT4CLhdIIHrd+syTeudyjkMfJb34y+qxxeDCvdd+fLKHcrxUao3ZXsd7wz3mk1EWQVaTo+Md3\/ECUv"} 01264{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1251,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041693608822,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693611913,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693625394,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693625394,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxUAAGwRBmU0cvp7wKgBBg2Ww3QAwyhaARMApyESpEI9x0RmdejywONbcT4ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAhb5VsGDC2J+oAgAAgAAc5scadqCg=="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693628354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Nx9AAGwG5wg0cvp7wKgBBgG7w2XeqFvwXFlWKYAS\/\/\/MOwAAAgQFoAEDAwgBAQQC"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693628427,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693628427,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NlAbtcWVYp3qhb8VAQIADs+gAA"} @@ -489,11 +489,11 @@ 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693640777,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJUAAGwR4QY0cvp7wKgBBg2Ww2AAoaFUAQMAhSESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHB1XGnagqAUAAYm3E8YjrBv7v21SN1g6+m0xjhRrQAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIK\/9w8VcH20Bp+o9r1mX6tB+MRypEJNYTX2DO\/tetQep"} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693654732,"pkt":"EBMx8Tl2KDc3AG3ICABFAADySXIAAEARP9\/AqAEGNHL6icN0DZYA3q9FAAMAwiESpELOvwn047sA+HEU4bYADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIW+VbBgwtifoAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACCU7UyKuDgKSJKUvk8SSs9ovhsGMp06Kok2oE1dFOuKzQ=="} -01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693658468,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJYAAGwR4NE0cvqNwKgBBg2Ww2EAw+F\/ARMApyESpELalY8VcoE3uJ+0vVMADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAiQUL8kDsWN+oAgAAgAAcwTcadqCg=="} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693668523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgYKIAAEARKUHAqAEGNHL6icN1DZYATE9EAAMAMCESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 02491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693675117,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyJAAGwG4WU0cvp7wKgBBgG7w2XeqGPBXFlW5FAQCASBlQAAW6sdwoMA3bRkqxv5VpjyajDfFXWqL4G9QZfl841dfR9SjQLMnRDtMHjHLLEHhJCKLU2ikazGCdNZMqtfaxeWquCIWw56s0bCKwmin9Y3DIsAdEejps5dwVGPEJfdlpEbIxcuBzCIRY0C23wA8SsmAke7nyJfwnrDoCjE4H7m3XXod08er9hfv0q4nITSnedP3o61Oc42o6ZTtprTcb83jeNHnfqPTx\/r7JoPcNdqLrU2S9F5B\/3\/72kY0IJW8GVz3JfVywG\/oGQZf4DtR+N9iCPyVunnsxwatk5VQeVSeoKWofbhmm5\/59\/eJyGGKNh6xcOod+zQ\/yRc87f6tHNG2YoyFngY2b4iSL5cKDGkUG4HW8AD3tnSSMB+eS+kUxAHQWzl9sk8GGj5SN\/h6yZsZx0M8Cajppy8O10hsA4MnuDtB3uK64JLD12Do4vw3+8vrlcfGCUgqrNGgRVPtSVulxGnCvWOq0JhUVItmI195Is0h3MiJgXc2KNuZpMfbIcuyiiUJx2zdkFT81nL1PidcMdiaFVUoMih7rr4UtgVbmkgKemK\/Z7z3no4iLWFOB0NszihbN+mXEPfve7ERdipQf9N4gAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4UEla9xB7d\/jmSpBKVVLelK10CaBkVyzNB5CfFq2Vw9EGuvHvbAW1BKyp3Bsxmw4tGZUET95my601cq8ZggiyFDoWX7A8m9uNDLAC1iYf6BVxxO\/5YzlDjOnCki6hwqAwJQ6WJ1+eoyuC1hC9PBkepof+VSE6XEH8AZjML5L\/Zji0uGacDxJoS0qshrtemP+eppxTbDMRpNCuUkfXi4\/xlqy5KZqPLPGtZBjDJrsAZN5QcMC77MZrrtOg78DxXA3yzHpZ2hgzL1kQrWcULF8iQ0pE4ejd4OdVFk4J7wNMDEhQWvAD347vY8pbZ4dDQCwGth8PPlPAZj\/XFBXmCGKYSH6D5ae1XVEtVC1h\/TRd1LeAzdJ9zrEkO\/OXbGwT3ooXyYr1SJVC9xKQ4xAX9qEAxTYqZZGeBexCLlq4mRv\/1E61+mZV2YOOvwgpjfoLAgMBAAGjggFCMIIBPjAdBgNVHQ4EFgQUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwJwYDVR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUF"} 01264{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1282,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041693675117,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693698272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxYAAGwRBoY0cvp7wKgBBg2Ww3QAoWPcAQMAhSESpELOvwn047sA+HEU4bYADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHObHGnagqAUAAYmiULR7BQSjV7GJ7mOy6WXuQ5anUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIJWLEhTAIKUMzT0EuyGZ9cU94RPVJanGef0JixSMSj4H"} @@ -533,16 +533,16 @@ 01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1380,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694308351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041694308351,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278787,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMhisAAEARcdvAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} -01274{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01203{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1405,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278905,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZ7QAAEARkFLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} -01274{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01203{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1406,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305290,"pkt":"KDc3AG3IEBMx8Tl2CABFAACMbOkAADURirVdR27NwKgBBj\/Mw2AAeJv\/AAEAXCESpEJpQfrkOEmJN4IqUAgABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUCA60OBRrDjRc1P+cP0BpsLC+QjmAKAAEPxxxZQ=="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1406,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1406,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305879,"pkt":"KDc3AG3IEBMx8Tl2CABFAACM2aMAADURHftdR27NwKgBBj\/Nw3QAeFT\/AAEAXCESpEKjF0z2+O91Jw0PY1cABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUo4jart22gVLrHF0JHGaI64vA9HeAKAAEUHwvEg=="} -01276{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330085,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330085,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0TLUAAEARoAHAqAEGXUduzcNgP8wAYAttAQEARCESpEJpQfrkOEmJN4IqUAiAcAAEAAAABwAgAAgAAR7efFXKj4A3AAQAAAACgDYABAAAAAEACAAUlU+ROI4McMZBUuZSU8\/gWyGrdx6AKAAE+OcqVw=="} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330306,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMkXkAAEARWyXAqAEGXUduzcNgP8wAeAk2AAEAXCESpEL9LF5WbGc54yQwO\/cABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAU1YbVJoGA61aUBne1Qcfqud7BOGOAKAAEmnK+Jw=="} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330316,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330316,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0gkYAAEARanDAqAEGXUduzcN0P80AYEblAQEARCESpEKjF0z2+O91Jw0PY1eAcAAEAAAABwAgAAgAAR7ffFXKj4A3AAQAAAACgDYABAAAAAEACAAUNbjIzLk8Htcx5rlGPdUzB6Mtkf+AKAAECmy4uA=="} @@ -555,10 +555,10 @@ 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695407379,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695407379,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0iYEAADURbjVdR27NwKgBBj\/Nw3QAYAIVAQEARCESpEJvsFtMkRg8G\/ztdLyAcAAEAAAABwAgAAgAAc5scadqCoA3AAQAAAACgDYABAAAAAEACAAUt0fBakPBlSed9Q+UJ+6ZvN9VvN+AKAAELvJkIw=="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695421892,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="} -01275{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1422,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695422685,"pkt":"KDc3AG3IEBMx8Tl2CABFAACY4AMAAG0Reyg0cvwIwKgBBg2Xw2AAhBBVAAEAaCESpEKBJ1p+KLNk2I89FPkABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACN6qKWcI9wj8gDcABAAAAAIACAAUyAS6wVT6GpHQ1gnRXe5kbQ9LDuWAKAAEokvlFA=="} -01274{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01203{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00836{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695432593,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1587041695432593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEIQwIAAEARRjXAqAEGNHL6jcNgDZYA9FdMAAQA2CESpEKfui7uErrywVVZDhwADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAWAEBAEQhEqRCk5PuKqhPmjByQQbWgHAABAAAAAcAIAAIAAEe3nxVyo+ANwAEAAAAAoA2AAQAAAABAAgAFFFp\/EIw9m0w0dRwmYyqML3\/iSKPgCgABN8vUt8ACAAgqGRf4o8r70c+bwbjLKjnyOxfHW\/RCLgda6bT0E3pUpo="} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1587041695432665,"pkt":"EBMx8Tl2KDc3AG3ICABFAACA0aoAAEARtpnAqAEGNHL8CMNgDZcAbO2O\/xAAYN6qKWcI9wj8AQEARCESpEKBJ1p+KLNk2I89FPmAcAAEAAAABwAgAAgAASyFFWBYSoA3AAQAAAACgDYABAAAAAEACAAUmYtT\/sgffZE\/GPjMTGRSk5h1N+2AKAAEPqesNg=="} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695432806,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsslcAAEAR1rvAqAEGNHL6jcNgDZYBGA46AAQA\/CESpEKGfpR3I6Wm38Zk7TUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg4ni\/MyGpn0IPPfamZXcwXcyTP9hFKqNf3gjYqNKVXl0="} @@ -640,7 +640,7 @@ 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683184989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00955{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"Skype_Teams","proto_id":"125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00955{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Skype_Teams","proto_id":"125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682697730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00872{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -677,7 +677,7 @@ 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":174,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1540,"packets-processed":1498,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":63,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":680,"global_ts_usec":1587041698021081} +00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/caches_cfg\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1540,"packets-processed":1498,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":63,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":680,"global_ts_usec":1587041698021081} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1540/1498 ~~ skipped flows.............: 0 @@ -686,9 +686,9 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8898782 bytes -~~ total memory freed........: 8898782 bytes -~~ total allocations/frees...: 149171/149171 +~~ total memory allocated....: 12606089 bytes +~~ total memory freed........: 12606089 bytes +~~ total allocations/frees...: 219425/219425 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 298 chars ~~ json string max len.......: 2504 chars diff --git a/test/results/default/1kxun.pcap.out b/test/results/default/1kxun.pcap.out index c3ff33e7d..1649c721a 100644 --- a/test/results/default/1kxun.pcap.out +++ b/test/results/default/1kxun.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104373025824,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -75,10 +75,10 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378045058,"flow_dst_last_pkt_time":1470104377634537,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104378045058,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LRgAAAER5c3AqAUv4AAA\/PCjFOsAIMFmoAAAAAABAAAAAAAABlJPX1gxQwAA\/wAB"} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104378045695,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD5ZsU6wAmcsn2BAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} -01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01077{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378045747,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045747,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378045747,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1470104378045747,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxQAAAER6ZvAqANf4AAA\/OWbFOsAJvTF9gQAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} -01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378045747,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045747,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378045747,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045747,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045830,"flow_src_last_pkt_time":1470104378045830,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045830,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378045830,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104378045830,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEEAAAER2QnAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00963{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045830,"flow_src_last_pkt_time":1470104378045830,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045830,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} @@ -133,10 +133,10 @@ 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379119373,"flow_dst_last_pkt_time":1470104379119336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379119373,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdlAAIAG5ojAqHMIarsj9sHEAFAS7Ia1AAAAAIACIAAxwAAAAgQE7AEDAwgBAQQC"} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379169121,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379169121,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379169121,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104379169121,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD1mgU6wAmi+DsIAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} -01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379169121,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379169121,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01077{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379169121,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379169121,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169283,"flow_src_last_pkt_time":1470104379169283,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379169283,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379169283,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1470104379169283,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxkAAAER6ZbAqANf4AAA\/NZoFOsAJg3d7CAAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} -01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169283,"flow_src_last_pkt_time":1470104379169283,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379169283,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169283,"flow_src_last_pkt_time":1470104379169283,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379169283,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379117826,"flow_dst_last_pkt_time":1470104379169717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379169717,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcB6nEL4Juf0WoASchCfpwAAAgQFtAEBBAIBAwMH"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1470104379169902,"flow_dst_last_pkt_time":1470104379169717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379169902,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUdpAAIAG5pPAqHMIarsj9sHAAFAm5\/RaepxC+VAQAQRRhgAA"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379169934,"flow_dst_last_pkt_time":1470104379169717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379169934,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUdpAAIAG5pPAqHMIarsj9sHAAFAm5\/RaepxC+VAQAQRRhgAA"} @@ -479,10 +479,10 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1470104407686919,"flow_dst_last_pkt_time":1470104389597943,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104407686919,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0WZNAAEAG2QnAqAUQROn9hdFtAFBAFGHVDj7nf4AREAGvkQAAAQEIChoPf3zPHNz0"} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049680,"flow_src_last_pkt_time":1470104408049680,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104408049680,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_src_last_pkt_time":1470104408049680,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104408049680,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQADyPsU6wAmMfpTdAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} -01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":780,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049680,"flow_src_last_pkt_time":1470104408049680,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104408049680,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":780,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049680,"flow_src_last_pkt_time":1470104408049680,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104408049680,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049734,"flow_src_last_pkt_time":1470104408049734,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104408049734,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_src_last_pkt_time":1470104408049734,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1470104408049734,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KyAAAAER6Y\/AqANf4AAA\/Mj7FOsAJrP2U3QAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} -01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049734,"flow_src_last_pkt_time":1470104408049734,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104408049734,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049734,"flow_src_last_pkt_time":1470104408049734,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104408049734,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_src_last_pkt_time":1470104408457883,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104408457883,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQADyPsU6wAmMfpTdAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_src_last_pkt_time":1470104408458018,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1470104408458018,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KyIAAAER6Y3AqANf4AAA\/Mj7FOsAJrP2U3QAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} 00955{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1470104408662594,"flow_dst_last_pkt_time":1470104378557102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104408662594,"pkt":"\/\/\/\/\/\/\/\/wKC7c+tHCABFAAFZOwBAAEARwM3AqH0e\/\/\/\/\/\/YA9gABRUfM\/\/+TXaAAwKC7c+tHwKh9HgAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+tHQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDI1AAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqH0e\/\/8AAFBvcnQgMTAAIAGwMAIUAQDCoLv\/\/nPrR0A="} @@ -603,11 +603,11 @@ 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1470104373232309,"flow_src_last_pkt_time":1470104412246763,"flow_dst_last_pkt_time":1470104373232309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1729,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1470104378021294,"flow_src_last_pkt_time":1470104379520951,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634699,"flow_src_last_pkt_time":1470104415729545,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1096,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -01100{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378454823,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01108{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378454823,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017777,"flow_src_last_pkt_time":1470104405998978,"flow_dst_last_pkt_time":1470104376017777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":959,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00788{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378557102,"flow_src_last_pkt_time":1470104408662594,"flow_dst_last_pkt_time":1470104378557102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":634,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00975{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104376816620,"flow_src_last_pkt_time":1470104392380425,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01111{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01119{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104378901305,"flow_src_last_pkt_time":1470104378901349,"flow_dst_last_pkt_time":1470104378905035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104377901018,"flow_src_last_pkt_time":1470104377901065,"flow_dst_last_pkt_time":1470104378954523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634537,"flow_src_last_pkt_time":1470104378045058,"flow_dst_last_pkt_time":1470104377634537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -675,13 +675,13 @@ 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104381935396,"flow_src_last_pkt_time":1470104382038651,"flow_dst_last_pkt_time":1470104381935396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104380909602,"flow_src_last_pkt_time":1470104420950055,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00785{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104385827777,"flow_src_last_pkt_time":1470104420541205,"flow_dst_last_pkt_time":1470104385827777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01101{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169283,"flow_src_last_pkt_time":1470104379271492,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01109{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169283,"flow_src_last_pkt_time":1470104379271492,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00961{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737994,"flow_dst_last_pkt_time":1470104380772526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","proto_id":"5.48","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066467,"flow_dst_last_pkt_time":1470104379115963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448739,"flow_src_last_pkt_time":1470104382858294,"flow_dst_last_pkt_time":1470104382448739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1033,"packets-processed":1032,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":11,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":684,"global_ts_usec":1654385119050609} +01120{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1033,"packets-processed":1032,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":11,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":684,"global_ts_usec":1654385119050609} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119050609,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} 01579{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} @@ -741,7 +741,7 @@ 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104406717280,"flow_src_last_pkt_time":1470104407128422,"flow_dst_last_pkt_time":1470104406717280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104409586427,"flow_src_last_pkt_time":1470104409685499,"flow_dst_last_pkt_time":1470104409586427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104406717230,"flow_src_last_pkt_time":1470104407128408,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049680,"flow_src_last_pkt_time":1470104408457883,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049680,"flow_src_last_pkt_time":1470104408457883,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00872{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104401187549,"flow_src_last_pkt_time":1470104401187549,"flow_dst_last_pkt_time":1470104401187549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -787,7 +787,7 @@ 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104416855491,"flow_src_last_pkt_time":1470104416958909,"flow_dst_last_pkt_time":1470104416855491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00954{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378454823,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378454823,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104377754759,"flow_src_last_pkt_time":1470104422868933,"flow_dst_last_pkt_time":1470104422913733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":414,"flow_dst_max_l4_payload_len":1218,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":1218,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1470104379903616,"flow_src_last_pkt_time":1470104379989707,"flow_dst_last_pkt_time":1470104379989529,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":336,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":672,"flow_dst_tot_l4_payload_len":1993,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":28,"flow_first_seen":1470104379916887,"flow_src_last_pkt_time":1470104380338807,"flow_dst_last_pkt_time":1470104380144205,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":714,"flow_dst_tot_l4_payload_len":32291,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} @@ -805,7 +805,7 @@ 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104395656981,"flow_src_last_pkt_time":1470104425762971,"flow_dst_last_pkt_time":1470104395656981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":634,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00874{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378557102,"flow_src_last_pkt_time":1470104408662594,"flow_dst_last_pkt_time":1470104378557102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":634,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378557102,"flow_src_last_pkt_time":1470104408662594,"flow_dst_last_pkt_time":1470104378557102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":634,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169283,"flow_src_last_pkt_time":1470104379271492,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169283,"flow_src_last_pkt_time":1470104379271492,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104430064732,"flow_src_last_pkt_time":1470104430064732,"flow_dst_last_pkt_time":1470104430064732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104399958731,"flow_src_last_pkt_time":1470104400059244,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00872{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -829,7 +829,7 @@ 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104376816620,"flow_src_last_pkt_time":1470104392380425,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104432630917,"flow_src_last_pkt_time":1470104432728660,"flow_dst_last_pkt_time":1470104432630917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01215{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104382125381,"flow_dst_last_pkt_time":1470104382124370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":633,"flow_src_tot_l4_payload_len":864,"flow_dst_tot_l4_payload_len":633,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -846,10 +846,10 @@ 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448739,"flow_src_last_pkt_time":1470104382858294,"flow_dst_last_pkt_time":1470104382448739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104404055376,"flow_src_last_pkt_time":1470104418595853,"flow_dst_last_pkt_time":1470104404055376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634537,"flow_src_last_pkt_time":1470104378045058,"flow_dst_last_pkt_time":1470104377634537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373127416,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634231,"flow_src_last_pkt_time":1470104378045036,"flow_dst_last_pkt_time":1470104377634231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049734,"flow_src_last_pkt_time":1470104408458018,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049734,"flow_src_last_pkt_time":1470104408458018,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1470104400162264,"flow_src_last_pkt_time":1470104408559145,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7801,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104377720702,"flow_src_last_pkt_time":1470104377820998,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104432630916,"flow_src_last_pkt_time":1470104432728657,"flow_dst_last_pkt_time":1470104432630916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1281,7 +1281,7 @@ 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385129449830,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129804228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":916,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":265,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":265,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":73,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385145095894,"flow_dst_last_pkt_time":1654385145302253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":4383,"flow_dst_tot_l4_payload_len":173462,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385139579809,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139941321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":497,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} -00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1723,"packets-processed":1723,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":14,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1284,"global_ts_usec":1654385236487007} +00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/default\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1723,"packets-processed":1723,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":14,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1284,"global_ts_usec":1654385236487007} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1723/1723 ~~ skipped flows.............: 0 @@ -1290,9 +1290,9 @@ ~~ total active/idle flows...: 197/197 ~~ total timeout flows.......: 20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8318144 bytes -~~ total memory freed........: 8318144 bytes -~~ total allocations/frees...: 151015/151015 +~~ total memory allocated....: 12023627 bytes +~~ total memory freed........: 12023627 bytes +~~ total allocations/frees...: 221269/221269 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 529 chars ~~ json string max len.......: 11852 chars diff --git a/test/results/default/443-chrome.pcap.out b/test/results/default/443-chrome.pcap.out index 1536b1715..0bb902232 100644 --- a/test/results/default/443-chrome.pcap.out +++ b/test/results/default/443-chrome.pcap.out @@ -1,10 +1,10 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581109434258190} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581109434258190} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109434258190,"flow_src_last_pkt_time":1581109434258190,"flow_dst_last_pkt_time":1581109434258190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1581109434258190,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581109434258190,"flow_dst_last_pkt_time":1581109434258190,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1581109434258190,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL9xAADQG19GyPsWCwKgBDQG7z0OMwKr+Oj0RjoAQAfVXrQAAAQEICiUvy0seKwePAbBkhQkGDSwXAwMFJB7ULkZYT314CXk9r8PlYJygP344H6B+ItT1QydBOUTT\/6D31GPVzKtOQjSVxhbT8njy8fnLCF03csGz4\/Y1RkgUVmI84ERVBP7zbdzqFVMxHmkRU4146\/GYpGt09JudxRaBFBE6RH99GaIPOIBgIxL+lVzyEaqTle8b2ooKlmYXANwIghY6MzW7vfR0m2NAd4\/mImO8\/LyUCeGK0r\/puyNRW7lwQQMAmHKJdbXl9VyEWyHoVGg2V7UztPOOS9FaOf7PI0qXcHmQjpNhC3tUdKXBoA5lr9L4gV9TtzI0jsGqvB9N6GFz+qcMvQNu9oMflyIYBhNXeC+wMS3iHkbmb6YjZ1BITgZEep9Fizk45i3xCMymSmOsda0ujEX4jtgvxVvAdOobavQSODmvW7nF0r5t9e88tMuzTz7+vTqoOaJn4Q5qSGioRtcVHnLq2LNPOuGgbZaLvf8nOa3F\/fTzsfVgOnrof2PK7x6zJRR4iLtFUyiyV0abVTIHELfIYnSCf71pFYSlMWF1kbosbMAxw+8gDHb28maLs7wPXvpNMwUQmC5zWPLwG8e+Pf\/3nur0wrn5EOul2L1tr2PBCGM7nQJnzz+Ftab4qAnCKKMUrufRAVhXA6Ue6CMSRLYliOxzGRgmHVxorbbpx87m7XMCx1xGrv\/+sMpgjOYFPN80vjeb9Ar4xkocVQgWuuKpaWdNDznMzFzG0+H1ekKy8mE\/Y4uj8aty0rTxx\/RK0gYF2CUtsmGNskEzCWUbq5MAqcp05SHkAJHGGJeLVJYaWPvGXbFa5QHn9poomy6DBa+Zu\/J+olJwYCoT+frN77wk+XmgZEGX8LeovmjP4s1R+UbEFUsUMksh6m15XB\/oDSc43HBC0ZN2fBl+EVSpfPjbG\/eOyIfLCt5fbBfnhNgvommX5LE+2Hk1er+ly1V3Bk3SksoPHjYC3atFWwOW8i0ksy3cnSr3r7urFNldk3MU3+jnEXfTimw+aCW1vRMowhmfm8PlgjcufRfy+KbXvWvcglQ5SIZzkHbMTgRIVTH0rnzAvQa5V3qwPK10Uoz7qDIouhn\/mb\/ZISHF6mBR\/IXvmgdDxCQjDF0pzdpHGlijQnscX9IYmuALydf\/N95pDI1Ksot3SwlV+ToeoAcOu03ffeX9ZWtpGReoSSLBreVK2S9eOKb7ts0O5zIIo7KsqQiv\/vBgScz8WXOWpxQ\/yJVR5ay52w6EYcainLIU7Xbc\/tjzrhulig3U\/8LJroIUx7FTN+1M\/XXQgxU1xPwXfZVd2BCyLjPf3LnCxXwnRvsKpAN+jMhuodhLSF7CgHqc20YiiLhRoKoX9HTNFjjp4NCVuyybqoR14grCEsHZOU2qhA+8BZe5VlL7unSunUXcr1PeN9gM5Jq4MVqPdpyzDhvJpSxU3Hx+L1u56H6J0VrRo\/R6fO225uB9ZADFU\/E9+rLvS3XjVihQI4Xj3oV8Yz2DHOUB7myCSIfri88nrYevcoAQbwAgIH3ZuvMVV+F7spgWZOgjijLQs9AFYfhIg77XK7GhiJW4kT1GNIqN\/59u+gIdPmDuGurVucPbruilLRCDIsr+53Us+irmCwo\/E2YPbk4a0f3NX0k+rNo92g1D9wTfG3QFRXLoBVDcr2q9BeW0PVJsavNUQM+jFbQkjfp93AvyPnmEBcWXIT002jYiClr1Y1\/emkCZ90t5YN1lLX5fUvWWgwvQ8NqFZ2zWMZciPkbKDA3g3Y+AskVzW3FFBLqR77\/aXs+9FwMDBSQUQnjU3ptBoEOyx5s5g6C1C+gxkfWLgzLDV66R77tBk395nAfOwKbaxf02lWN9Kl7ER9qk1HP5doNJPo83hbomHGy3aIU4qtqfnGI\/DWje6wuZoh6zDMTlo3NI6IL\/slMBsWm6kBIHkYOp"} 01057{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109434258190,"flow_src_last_pkt_time":1581109434258190,"flow_dst_last_pkt_time":1581109434258190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1581109434258190,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109434258190,"flow_src_last_pkt_time":1581109434258190,"flow_dst_last_pkt_time":1581109434258190,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1581109434258190,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1440,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1581109434258190} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-chrome.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1440,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1581109434258190} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7768830 bytes -~~ total memory freed........: 7768830 bytes -~~ total allocations/frees...: 146373/146373 +~~ total memory allocated....: 11477449 bytes +~~ total memory freed........: 11477449 bytes +~~ total allocations/frees...: 216627/216627 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 571 chars ~~ json string max len.......: 2505 chars diff --git a/test/results/default/443-curl.pcap.out b/test/results/default/443-curl.pcap.out index 0bc260650..b8ba6adcc 100644 --- a/test/results/default/443-curl.pcap.out +++ b/test/results/default/443-curl.pcap.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581113120474299} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581113120474299} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113120474299,"flow_dst_last_pkt_time":1581113120474299,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581113120474299,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581113120474299,"flow_dst_last_pkt_time":1581113120474299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581113120474299,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7FgtjjAbvMd3aVAAAAALAC\/\/97wQAAAgQFtAEDAwUBAQgKHmJFtwAAAAAEAgAA"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581113120474299,"flow_dst_last_pkt_time":1581113120512991,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581113120512991,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG72OOPktF9zHd2lqAS\/oj9JgAAAgQFrAQCCAolaAqTHmJFtwEDAwc="} @@ -11,7 +11,7 @@ 01407{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113120522725,"flow_dst_last_pkt_time":1581113120564527,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1581113120564527,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}} 02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113121447770,"flow_dst_last_pkt_time":1581113121447985,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":10128,"midstream":0,"thread_ts_usec":1581113121447985,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":62811.5,"max":784064,"stddev":190271.5,"var":36203257856.0,"ent":2.2,"data": [38692,38799,9627,47643,2769,1124,2,41874,4,11797,50900,31,39132,3,742,11,18,78,76,38549,8926,46564,784064,784044,367,123,462,127,121,240,248]},"pktlen": {"min":52,"avg":397.2,"max":1492,"stddev":558.7,"var":312115.0,"ent":3.8,"data": [64,60,52,569,52,1492,1492,183,52,52,178,103,109,52,52,105,108,94,119,90,52,90,52,267,52,1492,1492,52,1492,1048,52,1492]},"bins": {"c_to_s": [10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,1,0,1],"entropies": [4.367087364,5.300120831,4.945419312,4.294172764,5.100070000,7.382002354,7.456428051,6.751153946,4.945419312,4.945419312,6.263377666,5.952023029,6.200525761,4.983880997,4.930902004,5.836982250,5.780514240,5.536261082,5.983234406,5.510023117,5.215455055,5.937692642,5.060803890,7.153983116,5.060803890,7.879748821,7.892062664,5.060803890,7.868061543,7.808748245,5.060803890,7.868031502]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":58,"flow_first_seen":1581113120474299,"flow_src_last_pkt_time":1581113121570392,"flow_dst_last_pkt_time":1581113121570364,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":930,"flow_dst_tot_l4_payload_len":65886,"midstream":0,"thread_ts_usec":1581113121570392,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":109,"packets-processed":109,"total-skipped-flows":0,"total-l4-payload-len":66816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1581113121570392} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/443-curl.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":109,"packets-processed":109,"total-skipped-flows":0,"total-l4-payload-len":66816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1581113121570392} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 109/109 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7776881 bytes -~~ total memory freed........: 7776881 bytes -~~ total allocations/frees...: 146488/146488 +~~ total memory allocated....: 11485500 bytes +~~ total memory freed........: 11485500 bytes +~~ total allocations/frees...: 216742/216742 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 546 chars ~~ json string max len.......: 2167 chars diff --git a/test/results/default/443-firefox.pcap.out b/test/results/default/443-firefox.pcap.out index 31a864f71..58dd686f8 100644 --- a/test/results/default/443-firefox.pcap.out +++ b/test/results/default/443-firefox.pcap.out @@ -1,5 +1,5 @@ -00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581109488041083} +00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581109488041083} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109488041083,"flow_dst_last_pkt_time":1581109488041083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581109488041083,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581109488041083,"flow_dst_last_pkt_time":1581109488041083,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581109488041083,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs9oAbstYO2oAAAAALAC\/\/8dyQAAAgQFtAEDAwUBAQgKHivVZQAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581109488041083,"flow_dst_last_pkt_time":1581109488079587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581109488079587,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7z2h4KhDzLWDtqaAS\/ojkXQAAAgQFrAQCCAolMJ2OHivVZQEDAwc="} @@ -11,7 +11,7 @@ 01473{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109488081517,"flow_dst_last_pkt_time":1581109488123785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1581109488123785,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}} 02177{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109490061876,"flow_dst_last_pkt_time":1581109490062194,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1047,"flow_dst_tot_l4_payload_len":13867,"midstream":0,"thread_ts_usec":1581109490062194,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":130384.0,"max":1655693,"stddev":403949.6,"var":163175268352.0,"ent":2.0,"data": [38504,38612,1822,40006,4099,93,2,42327,4,2052,40671,32,38677,3,193774,83,215,231092,9994,47033,1655690,50,1655693,186,15,177,176,149,321,109,243]},"pktlen": {"min":52,"avg":518.7,"max":1492,"stddev":610.4,"var":372566.0,"ent":4.0,"data": [64,60,52,569,52,1492,1492,126,52,52,137,318,101,52,52,221,298,82,52,82,52,1492,1492,52,1492,1016,52,1492,1492,52,1492,1016]},"bins": {"c_to_s": [11,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1],"entropies": [4.367087364,5.366787434,4.894361019,5.219459057,5.100070000,7.372200966,7.462010860,6.339152336,5.022342205,5.022342205,6.101534367,7.216136456,6.184206486,5.060803890,5.060803890,6.919060707,7.232208252,5.746105194,5.176993370,5.774940014,4.930902004,7.873261929,7.864090443,5.022342205,7.874901772,7.771182060,4.983880520,7.883468628,7.853567600,4.945418835,7.868775368,7.782253265]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00985{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":316,"flow_dst_packets_processed":351,"flow_first_seen":1581109488041083,"flow_src_last_pkt_time":1581109496480905,"flow_dst_last_pkt_time":1581109496480819,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":7675,"flow_dst_tot_l4_payload_len":406398,"midstream":0,"thread_ts_usec":1581109496480905,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":667,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":667,"packets-processed":667,"total-skipped-flows":0,"total-l4-payload-len":414073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1581109496480905} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":667,"source":"cfgs\/default\/pcap\/443-firefox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":667,"packets-processed":667,"total-skipped-flows":0,"total-l4-payload-len":414073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1581109496480905} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 667/667 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7793117 bytes -~~ total memory freed........: 7793117 bytes -~~ total allocations/frees...: 147047/147047 +~~ total memory allocated....: 11501736 bytes +~~ total memory freed........: 11501736 bytes +~~ total allocations/frees...: 217301/217301 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 549 chars ~~ json string max len.......: 2182 chars diff --git a/test/results/default/443-git.pcap.out b/test/results/default/443-git.pcap.out index 7a4d3c482..134b25813 100644 --- a/test/results/default/443-git.pcap.out +++ b/test/results/default/443-git.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581113657633853} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581113657633853} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113657633853,"flow_dst_last_pkt_time":1581113657633853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581113657633853,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581113657633853,"flow_dst_last_pkt_time":1581113657633853,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581113657633853,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGeqzAqAENjFJyBNnAAbv0\/p5\/AAAAALAC\/\/+NzAAAAgQFtAEDAwUBAQgKHmpbwAAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581113657633853,"flow_dst_last_pkt_time":1581113657744320,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581113657744320,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGiLCMUnIEwKgBDQG72cCAzdDM9P6egKASb0C\/0wAAAgQFnAQCCAoOCxAaHmpbwAEDAwo="} @@ -11,7 +11,7 @@ 01524{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113657751016,"flow_dst_last_pkt_time":1581113657863749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3550,"midstream":0,"thread_ts_usec":1581113657863749,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","proto_id":"91.203","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"github.com","tls": {"version":"TLSv1.2","server_names":"github.com,www.github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84"}}} 02160{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113658139408,"flow_dst_last_pkt_time":1581113658139371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":850,"flow_dst_tot_l4_payload_len":8277,"midstream":0,"thread_ts_usec":1581113658139408,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":32615.3,"max":143502,"stddev":53225.8,"var":2832981760.0,"ent":3.2,"data": [110467,110568,6595,119379,41,9,112809,2,11075,123994,112907,571,143502,5,142911,2,6496,2,14,6523,7,6,115,82,1242,13,1267,3,237,2,227]},"pktlen": {"min":52,"avg":337.8,"max":1476,"stddev":464.4,"var":215710.4,"ent":4.0,"data": [64,60,52,569,1476,1476,754,52,52,178,103,52,259,423,126,52,52,86,344,85,52,52,52,150,52,1451,608,52,52,1451,472,52]},"bins": {"c_to_s": [14,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,3,1,1,0,0,0,0,0,1,0,1,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,0,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,0,0,1,1,0],"entropies": [4.341937065,5.174957275,4.831954479,4.223120689,6.954095364,7.397567272,7.645401001,5.014835358,4.976373672,6.355282307,5.929066658,4.937911987,6.952417850,7.419026852,6.223026752,4.937911987,4.976373672,5.637029648,7.370140076,5.726850986,4.937911987,4.937911987,4.899450302,6.443542957,4.976373672,7.866954327,7.624365330,5.014835358,5.014835358,7.857865334,7.532955170,5.014835358]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","proto_id":"91.203","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} 00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":35,"flow_first_seen":1581113657633853,"flow_src_last_pkt_time":1581113658456571,"flow_dst_last_pkt_time":1581113658456501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":881,"flow_dst_tot_l4_payload_len":31704,"midstream":0,"thread_ts_usec":1581113658456571,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Github","proto_id":"91.203","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":70,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":32585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1581113658456571} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/443-git.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":70,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":32585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1581113658456571} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 70/70 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7779266 bytes -~~ total memory freed........: 7779266 bytes -~~ total allocations/frees...: 146451/146451 +~~ total memory allocated....: 11487885 bytes +~~ total memory freed........: 11487885 bytes +~~ total allocations/frees...: 216705/216705 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 546 chars ~~ json string max len.......: 2459 chars diff --git a/test/results/default/443-opvn.pcap.out b/test/results/default/443-opvn.pcap.out index c66baf69b..35f6e6845 100644 --- a/test/results/default/443-opvn.pcap.out +++ b/test/results/default/443-opvn.pcap.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581153175528454} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581153175528454} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581153175528454,"flow_src_last_pkt_time":1581153175528454,"flow_dst_last_pkt_time":1581153175528454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581153175528454,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581153175528454,"flow_dst_last_pkt_time":1581153175528454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581153175528454,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+EfAqAFUwAzAZ87tBKpga1quAAAAALAC\/\/\/PlAAAAgQFtAEDAwUBAQgKFg2AOQAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581153175528454,"flow_dst_last_pkt_time":1581153175550065,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581153175550065,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGAkzADMBnwKgBVASqzu1gWZU1YGtar6AScSBwigAAAgQFrAQCCAocQO0VFg2AOQEDAwY="} @@ -9,7 +9,7 @@ 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1581153175528454,"flow_src_last_pkt_time":1581153176603974,"flow_dst_last_pkt_time":1581153176626109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1581153176626109,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02195{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1581153175528454,"flow_src_last_pkt_time":1581153177970762,"flow_dst_last_pkt_time":1581153177992252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3449,"flow_dst_tot_l4_payload_len":3196,"midstream":0,"thread_ts_usec":1581153177992252,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":158261.5,"max":1160659,"stddev":364282.7,"var":132701855744.0,"ent":2.7,"data": [21611,21701,1053819,1075076,968,22235,339,57386,57093,21241,11768,32975,174,239,20560,20491,9065,4,19997,11251,22162,19953,19952,207,21422,21230,137,58577,1160659,1122501,1313]},"pktlen": {"min":52,"avg":260.3,"max":1492,"stddev":407.4,"var":166005.6,"ent":3.8,"data": [64,60,52,96,52,108,52,104,52,373,52,1222,52,1492,104,55,104,1492,849,52,104,52,159,52,605,368,52,104,52,138,52,104]},"bins": {"c_to_s": [7,5,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [8,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,1,1],"entropies": [4.398337364,5.141623974,4.810735226,5.491009712,5.116507530,5.561252594,4.971283913,5.772772789,5.078045845,6.141608238,5.116507530,6.862905025,4.887658596,7.272125721,5.704599857,5.040360451,5.785276413,6.812845707,7.438625336,5.154969215,5.830996513,4.908878326,6.252464294,5.009745598,7.575043678,7.235865593,4.971283913,5.734311104,5.063528538,6.235281944,5.217375278,5.826463223]},"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":21,"flow_first_seen":1581153175528454,"flow_src_last_pkt_time":1581153184491293,"flow_dst_last_pkt_time":1581153184491180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3974,"flow_dst_tot_l4_payload_len":4543,"midstream":0,"thread_ts_usec":1581153184491293,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":46,"packets-processed":46,"total-skipped-flows":0,"total-l4-payload-len":8517,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1581153184491293} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/443-opvn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":46,"packets-processed":46,"total-skipped-flows":0,"total-l4-payload-len":8517,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1581153184491293} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 46/46 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7770135 bytes -~~ total memory freed........: 7770135 bytes -~~ total allocations/frees...: 146418/146418 +~~ total memory allocated....: 11478754 bytes +~~ total memory freed........: 11478754 bytes +~~ total allocations/frees...: 216672/216672 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 546 chars ~~ json string max len.......: 2200 chars diff --git a/test/results/default/443-safari.pcap.out b/test/results/default/443-safari.pcap.out index 88eff008e..458bbc2b5 100644 --- a/test/results/default/443-safari.pcap.out +++ b/test/results/default/443-safari.pcap.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581109359601646} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1581109359601646} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109359601646,"flow_dst_last_pkt_time":1581109359601646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1581109359601646,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1581109359601646,"flow_dst_last_pkt_time":1581109359601646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1581109359601646,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs8nAbvmgoUNAAAAALAC\/\/+6MQAAAgQFtAEDAwUBAQgKHinouAAAAAAEAgAA"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1581109359601646,"flow_dst_last_pkt_time":1581109359639845,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1581109359639845,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7zyeqmyMX5oKFDqAS\/ogx6QAAAgQFrAQCCAolLqfYHinouAEDAwc="} @@ -11,7 +11,7 @@ 01451{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109359641072,"flow_dst_last_pkt_time":1581109359683783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1581109359683783,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","tls": {"version":"TLSv1.2","server_names":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}}} 02159{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109360694080,"flow_dst_last_pkt_time":1581109360694172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":9828,"midstream":0,"thread_ts_usec":1581109360694172,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":70482.6,"max":695650,"stddev":174729.3,"var":30530334720.0,"ent":2.6,"data": [38199,38303,1123,39767,4074,97,2,42774,4,225660,264285,31,38670,4,1586,32,19,43,88,40010,28,9938,48247,695603,124,695650,120,128,123,103,125]},"pktlen": {"min":52,"avg":384.7,"max":1492,"stddev":559.6,"var":313139.8,"ent":3.8,"data": [64,60,52,285,52,1492,1492,154,52,52,137,95,101,52,52,97,94,86,380,82,52,52,82,52,1492,1492,52,1492,52,1016,52,1492]},"bins": {"c_to_s": [11,3,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1],"entropies": [4.335837364,5.333454132,4.945418835,5.728343010,5.176993370,7.389316082,7.427206516,6.413387775,4.945418835,4.906957150,6.036595821,5.811348915,6.124800682,4.945419312,4.983880520,5.883585453,5.842953205,5.796744347,7.425425053,5.590555668,5.047091484,5.085553169,5.773722649,4.983880520,7.878831863,7.880546093,4.945418835,7.877892971,4.808815002,7.814340115,4.945418835,7.877443314]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":20,"flow_first_seen":1581109359601646,"flow_src_last_pkt_time":1581109360696066,"flow_dst_last_pkt_time":1581109360695416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":797,"flow_dst_tot_l4_payload_len":16406,"midstream":0,"thread_ts_usec":1581109360696066,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":41,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":17203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1581109360696066} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/443-safari.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":41,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":17203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1581109360696066} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 41/41 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7774939 bytes -~~ total memory freed........: 7774939 bytes -~~ total allocations/frees...: 146420/146420 +~~ total memory allocated....: 11483558 bytes +~~ total memory freed........: 11483558 bytes +~~ total allocations/frees...: 216674/216674 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 548 chars ~~ json string max len.......: 2164 chars diff --git a/test/results/default/4in4tunnel.pcap.out b/test/results/default/4in4tunnel.pcap.out index c00d77c59..5e793176e 100644 --- a/test/results/default/4in4tunnel.pcap.out +++ b/test/results/default/4in4tunnel.pcap.out @@ -1,20 +1,20 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1537044271794779} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1537044271794779} 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537044271794779,"packet_id":1,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537044271794779} 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJToWAAA\/wQRSEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGxLmgACAAAEc2wQAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":1537058551803081} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":1537058551803081} 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537058551803081,"packet_id":2,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537058551803081} 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRbZwAA\/wSeOUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzGjAACAAAAJvVqAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":3,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1537082929816392} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1537082929816392} 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537082929816392,"packet_id":3,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537082929816392} 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRsDwAA\/wSNkUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzKXAACAAABmvAmAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1537138237839574} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1537138237839574} 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537138237839574,"packet_id":4,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537138237839574} 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRnMwAA\/wSSbUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzXzgACAAAE5t9oAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1537165843864842} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1537165843864842} 00298{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1537165843864842,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1537165843864842} 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_usec":1537044271794779,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJTPEAAA\/wQqkEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGz7LQACAAABZb+KAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1537165843864842} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/4in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1537165843864842} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/0 ~~ skipped flows.............: 0 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7764605 bytes -~~ total memory freed........: 7764605 bytes -~~ total allocations/frees...: 146360/146360 +~~ total memory allocated....: 11473240 bytes +~~ total memory freed........: 11473240 bytes +~~ total allocations/frees...: 216614/216614 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 303 chars ~~ json string max len.......: 637 chars diff --git a/test/results/default/4in6tunnel.pcap.out b/test/results/default/4in6tunnel.pcap.out index 280e217a7..05880fdf9 100644 --- a/test/results/default/4in6tunnel.pcap.out +++ b/test/results/default/4in6tunnel.pcap.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1543235434019243} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1543235434019243} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1543235434019243,"flow_src_last_pkt_time":1543235434019243,"flow_dst_last_pkt_time":1543235434019243,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1543235434019243,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":5} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1543235434019243,"flow_dst_last_pkt_time":1543235434019243,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"thread_ts_usec":1543235434019243,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQAANHvwQAB\/BqsfwKgAAQoKCgH7xwG73+E+ggAAAACAAv\/\/fqUAAAIEBYQBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1543235434019243,"flow_src_last_pkt_time":1543235434019243,"flow_dst_last_pkt_time":1543235434019243,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1543235434019243,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IP_in_IP","proto_id":"86","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -7,7 +7,7 @@ 00950{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1543235434019247,"flow_dst_last_pkt_time":1543235434019246,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":366,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":366,"pkt_l4_len":264,"thread_ts_usec":1543235434019247,"pkt":"AAECunaOAAAASfSHht1gAAAAAQgEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQABCHv3QAB\/BqpEwKgAAQoKCgH7xwG73+E+gwMMyo9QGAQA0icAABYDAwDbAQAA1wMDW5uXE0\/QFYUpkWO+HpgF5MI5wT9TQj14SroSH1Zl8oggjz8AALXLO9H2rxfCGsjqy7cU6\/NXDrPxEswgEUGVcfAAJsAswCvAMMAvwCTAI8AowCfACsAJwBTAEwCdAJwAPQA8ADUALwAKAQAAaAAAABEADwAADHd3dy5iaW5nLmNvbQAKAAgABgAdABcAGAALAAIBAAANABQAEgQBBQECAQQDBQMCAwICBgEGAwAjAAAAEAAOAAwCaDIIaHR0cC8xLjEAFwAAABgABgAKAwIBAP8BAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1543235434019247,"flow_dst_last_pkt_time":1543235434019248,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1514,"pkt_l4_len":1412,"thread_ts_usec":1543235434019248,"pkt":"AAECunaOAAAASfSHht1gAAAABYQEPTRKupQVKqw0AAAAAAAAACoi4BaF7ac4zFi98\/GqPyLYRQAFhEuhQABhBvQeCgoKAcCoAAEBu\/vHAwzKj9\/hP2NQEAQEHmIAABYDAxNZAgAAWgMDW5uXESPnDY6GVdXogmmrS1WdR7CnjiCJLtiMMET4LR0g70cAAGowHs5bbipHOvpkse5qjMhnnSOXdm6lLVoWT1DALwAAEgAQAAUAAwJoMgAXAAD\/AQABAAsAEccAEcQADAYwggwCMIIJ6qADAgECAhMtAAAymdcHHbfRcIpCAAAAADKZMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0xNzA3MjAxNzQ3MDhaFw0xOTA3MTAxNzQ3MDhaMBcxFTATBgNVBAMTDHd3dy5iaW5nLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqOyD7\/sOUit2AU5xoOUrdFD2wiCQmyCmP5nEBsh7fOLKKYjGNWUdfzumqBdw2Fpg1sIUPSI+b5pR9u\/gYNMtH4Aivx5J6CrFn4IFOhgzrs2GlVitrUoC9jheCrGis7gUH0hZglGqEjdJl5neUsrm31e5QyJwbyXnacl+k91de8FxrbBQKrwUcQ5sbzW8nMRIDSG0ss9ON1RYFCdc+JblurOUYfPO\/whJXqO0Ms01rklGWFKVeGj7qkJ52E0Xsw\/jJNpqe0+8AQstFZfXdWGOCgJxEIK7SzyvFbkO5VaXY9vaLDfkwWc1aVyhXCrQCMB8YD7ERtr9YuJ3qp+RBy1iMCAwEAAaOCB9AwggfMMB0GA1UdDgQWBBQJh+WFKXgwICWz3X7cbO2lKagDcDALBgNVHQ8EBAMCBLAwHwYDVR0jBBgwFoAUCP4ln3TqhwTCvLuOqDhfM8bRbGUwgawGA1UdHwSBpDCBoTCBnqCBm6CBmIZLaHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JshklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvTWljcm9zb2Z0JTIwSVQlMjBUTFMlMjBDQSUyMDUuY3JsMIGFBggrBgEFBQcBAQR5MHcwUQYIKwYBBQUHMAKGRWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL01pY3Jvc29mdCUyMElUJTIwVExTJTIwQ0ElMjA1LmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNvY3NwLmNvbTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdhNLfQoLnk3oCAWQCARAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBME0GA1UdIARGMEQwQgYJKwYBBAGCNyoBMDUwMwYIKwYBBQUHAgEWJ2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvbXNjb3JwL2NwczAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMCMAoGCCsGAQUFBwMBMIIFbQYDVR0RBIIFZDCCBWCCDHd3dy5iaW5nLmNvbYIQZGljdC5iaW5nLmNvbS5jboITKi5wbGF0Zm9ybS5iaW5nLmNvbYIKKi5iaW5nLmNvbYIIYmluZy5jb22CFmllb25saW5lLm1pY3Jvc28AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1543235434019243,"flow_src_last_pkt_time":1543235434019247,"flow_dst_last_pkt_time":1543235434019248,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":264,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":1464,"midstream":0,"thread_ts_usec":1543235434019248,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IP_in_IP","proto_id":"86","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":1780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1543235434019248} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/4in6tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":1780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1543235434019248} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766869 bytes -~~ total memory freed........: 7766869 bytes -~~ total allocations/frees...: 146375/146375 +~~ total memory allocated....: 11475488 bytes +~~ total memory freed........: 11475488 bytes +~~ total allocations/frees...: 216629/216629 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 571 chars ~~ json string max len.......: 2494 chars diff --git a/test/results/default/6in4tunnel.pcap.out b/test/results/default/6in4tunnel.pcap.out index f893df344..357a08d43 100644 --- a/test/results/default/6in4tunnel.pcap.out +++ b/test/results/default/6in4tunnel.pcap.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1444236893450580} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1444236893450580} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444236893450580,"flow_src_last_pkt_time":1444236893450580,"flow_dst_last_pkt_time":1444236893450580,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444236893450580,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1444236893450580,"flow_dst_last_pkt_time":1444236893450580,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1444236893450580,"pkt":"ACKQ3jvZAAAkzoE0CABFAAB8tYFAAP8pFzeuA0kYuGn\/GmAAAAAAQDo\/IAEEcB8XAT8+lw7\/\/nNN7CYEqIAAAQAgAAAAAAIksAGAAOC9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1444236893450580,"flow_dst_last_pkt_time":1444236893555356,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1444236893555356,"pkt":"AAAkzoE0ACKQ3jvZCABFAAB8xlZAAPgpDWK4af8argNJGGAAAAAAQDo3JgSogAABACAAAAAAAiSwASABBHAfFwE\/PpcO\/\/5zTeyBAN+9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} @@ -9,7 +9,7 @@ 02015{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1444236893450580,"flow_src_last_pkt_time":1444236901127917,"flow_dst_last_pkt_time":1444236901118187,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":276,"flow_dst_max_l4_payload_len":1877,"flow_src_tot_l4_payload_len":2127,"flow_dst_tot_l4_payload_len":4797,"midstream":0,"thread_ts_usec":1444236901127917,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":105,"avg":494998.2,"max":1005120,"stddev":454962.0,"var":206990442496.0,"ent":4.2,"data": [104776,780142,221063,1000457,1001744,1001146,1001712,1005120,1001052,1000771,1001064,1001072,1001370,999940,1001888,1003131,365420,1118,348987,4072,96728,99146,95730,758,97863,1021,105,98080,140,8789,539]},"pktlen": {"min":92,"avg":236.4,"max":1897,"stddev":383.0,"var":146712.7,"ent":4.1,"data": [124,124,186,124,124,124,124,124,124,124,124,124,124,124,124,124,124,119,119,259,247,100,100,92,296,92,1490,1897,92,92,254,145]},"bins": {"c_to_s": [0,0,4,11,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,2,8,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]},"directions": [0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,1,0,0,0,0],"entropies": [5.680680275,5.741242886,5.591180325,5.686768055,5.741242886,5.686768055,5.741242886,5.664551258,5.741242886,5.729067326,5.773500919,5.648445129,5.741242886,5.664551258,5.725113869,5.680680275,5.735155106,4.719979763,4.710355759,4.773607731,4.870984077,5.180728912,5.772128105,5.515571117,5.818006039,5.609004974,6.932967663,6.965810776,5.515571117,5.514929771,6.708754063,6.001224995]}} 00843{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1444236893450580,"flow_src_last_pkt_time":1444236901127917,"flow_dst_last_pkt_time":1444236901118187,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":276,"flow_dst_max_l4_payload_len":1877,"flow_src_tot_l4_payload_len":2127,"flow_dst_tot_l4_payload_len":4797,"midstream":0,"thread_ts_usec":1444236901127917,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00882{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":61,"flow_first_seen":1444236893450580,"flow_src_last_pkt_time":1444236915478638,"flow_dst_last_pkt_time":1444236915586195,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1470,"flow_dst_max_l4_payload_len":1877,"flow_src_tot_l4_payload_len":11600,"flow_dst_tot_l4_payload_len":24375,"midstream":0,"thread_ts_usec":1444236915586195,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} -00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":127,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":35975,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1444236915586195} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/6in4tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":127,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":35975,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1444236915586195} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 127/127 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7770436 bytes -~~ total memory freed........: 7770436 bytes -~~ total allocations/frees...: 146498/146498 +~~ total memory allocated....: 11479055 bytes +~~ total memory freed........: 11479055 bytes +~~ total allocations/frees...: 216752/216752 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 571 chars ~~ json string max len.......: 2020 chars diff --git a/test/results/default/6in6tunnel.pcap.out b/test/results/default/6in6tunnel.pcap.out index 64e217043..919f37f40 100644 --- a/test/results/default/6in6tunnel.pcap.out +++ b/test/results/default/6in6tunnel.pcap.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1335197872162188} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1335197872162188} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872162188,"flow_src_last_pkt_time":1335197872162188,"flow_dst_last_pkt_time":1335197872162188,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872162188,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1335197872162188,"flow_dst_last_pkt_time":1335197872162188,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1335197872162188,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAAht1gAAAAADQpQCABBPgABAAHAuCB\/\/5S\/\/8gAQT4AAQABwLggf\/+UpprYAAAAAAMEUDerQAAAAAAAAAAAAAAAL7vyv4AAAAAAAAAAAAAAAC6vnUwMsgADIPSWFhYWA=="} 00738{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872164220,"flow_src_last_pkt_time":1335197872164220,"flow_dst_last_pkt_time":1335197872164220,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872164220,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} @@ -8,7 +8,7 @@ 00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872162188,"flow_src_last_pkt_time":1335197872162188,"flow_dst_last_pkt_time":1335197872162188,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872164220,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} 00951{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872164220,"flow_src_last_pkt_time":1335197872164220,"flow_dst_last_pkt_time":1335197872164220,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872164220,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00739{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1335197872164220,"flow_src_last_pkt_time":1335197872164220,"flow_dst_last_pkt_time":1335197872164220,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1335197872164220,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":104,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1335197872164220} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/6in6tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":104,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1335197872164220} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7768959 bytes -~~ total memory freed........: 7768959 bytes -~~ total allocations/frees...: 146384/146384 +~~ total memory allocated....: 11477562 bytes +~~ total memory freed........: 11477562 bytes +~~ total allocations/frees...: 216638/216638 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 571 chars ~~ json string max len.......: 998 chars diff --git a/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out index e32f96a1e..91539a6d6 100644 --- a/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out +++ b/test/results/default/BGP_Cisco_hdlc_slarp.pcap.out @@ -1,5 +1,5 @@ -00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1445156939131847} +00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1445156939131847} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1445156939131847,"flow_src_last_pkt_time":1445156939131847,"flow_dst_last_pkt_time":1445156939131847,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1445156939131847,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1445156939131847,"flow_dst_last_pkt_time":1445156939131847,"flow_idle_time":7580000000,"pkt_datalink":9,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_usec":1445156939131847,"pkt":"DwAIAEXAACz4kkAAAQa2VmQQAQJkEAEBR5QAs7zqddEAAAAAYAJAABMAAAACBAW0"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1445156939131847,"flow_dst_last_pkt_time":1445156939145123,"flow_idle_time":7580000000,"pkt_datalink":9,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_usec":1445156939145123,"pkt":"DwAIAEXAACyvfwAAAQY\/amQQAQFkEAECALNHlBlZ03+86nXSYBJAACYWAAACBAW0"} @@ -8,7 +8,7 @@ 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1445156939131847,"flow_src_last_pkt_time":1445156939152099,"flow_dst_last_pkt_time":1445156939145123,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1445156939152099,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","proto_id":"13","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1445156939152099,"flow_dst_last_pkt_time":1445156939165354,"flow_idle_time":7580000000,"pkt_datalink":9,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"thread_ts_usec":1445156939165354,"pkt":"DwAIAEXAACivgAAAAQY\/bWQQAQFkEAECALNHlBlZ04C86nYLUBA\/xz3TAAA="} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1445156939131847,"flow_src_last_pkt_time":1445156989230918,"flow_dst_last_pkt_time":1445156988877283,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":151,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":269,"midstream":0,"thread_ts_usec":1445156989230918,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"BGP","proto_id":"13","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1445156989230918} +00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1445156989230918} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767159 bytes -~~ total memory freed........: 7767159 bytes -~~ total allocations/frees...: 146385/146385 +~~ total memory allocated....: 11475778 bytes +~~ total memory freed........: 11475778 bytes +~~ total allocations/frees...: 216639/216639 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 529 chars ~~ json string max len.......: 980 chars diff --git a/test/results/default/BGP_redist.pcap.out b/test/results/default/BGP_redist.pcap.out index f1a9bf3de..176f4dbff 100644 --- a/test/results/default/BGP_redist.pcap.out +++ b/test/results/default/BGP_redist.pcap.out @@ -1,12 +1,12 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1256636836167156} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1256636836167156} 00296{"error_event_id":2,"error_event_name":"Unknown L3 protocol","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1256636836167156,"packet_id":1,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","protocol":34887,"global_ts_usec":1256636836167156} 00537{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","pkt_datalink":104,"pkt_caplen":163,"pkt_type":34887,"pkt_l3_offset":4,"pkt_l4_offset":0,"pkt_len":163,"pkt_l4_len":0,"thread_ts_usec":1256636836167156,"pkt":"DwCIRwABLf5FwACbk8xAAP8G2sQCAgICBAQEBACz+C\/VqGxJPJL2UFAYP7QOoQAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/wBzAgAAAFxAAQECQAIAgAQEAAAAVkAFBAAAAGTAECAAAgBkAAAEVwAFAAAAAQIAgAAAAAAAAwCAAawQAgEAAIAOIQABgAwAAAAAAAAAAAICAgIAeAABkQAAAGQAAABkqgAAAA=="} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256636836167195,"flow_src_last_pkt_time":1256636836167195,"flow_dst_last_pkt_time":1256636836167195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1256636836167195,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":5} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1256636836167195,"flow_dst_last_pkt_time":1256636836167195,"flow_idle_time":7580000000,"pkt_datalink":104,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"thread_ts_usec":1256636836167195,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"} 01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256636836167195,"flow_src_last_pkt_time":1256636836167195,"flow_dst_last_pkt_time":1256636836167195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1256636836167195,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BGP","proto_id":"13","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256636836167195,"flow_src_last_pkt_time":1256636836167195,"flow_dst_last_pkt_time":1256636836167195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1256636836167195,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BGP","proto_id":"13","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1256636836167195} +00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/BGP_redist.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1256636836167195} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/1 ~~ skipped flows.............: 0 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766782 bytes -~~ total memory freed........: 7766782 bytes -~~ total allocations/frees...: 146372/146372 +~~ total memory allocated....: 11475401 bytes +~~ total memory freed........: 11475401 bytes +~~ total allocations/frees...: 216626/216626 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 301 chars ~~ json string max len.......: 1090 chars diff --git a/test/results/default/EAQ.pcap.out b/test/results/default/EAQ.pcap.out index ab5ed14f4..9cce24e74 100644 --- a/test/results/default/EAQ.pcap.out +++ b/test/results/default/EAQ.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1432820948562939} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1432820948562939} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820948562939,"flow_src_last_pkt_time":1432820948562939,"flow_dst_last_pkt_time":1432820948562939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820948562939,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1432820948562939,"flow_dst_last_pkt_time":1432820948562939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1432820948562939,"pkt":"ABoRAAACABoRAAABCABFAAA8xb9AAEAGRgEKCAABrcJ3MND5AFA4ezYlAAAAAKACOQisdgAAAgQFtAQCCAoABPOaAAAAAAEDAwQ="} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1432820948562939,"flow_dst_last_pkt_time":1432820948566510,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432820948566510,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGO9OtwncwCggAAQBQ0PnHhMnaOHs2JlAS\/\/+vjAAA"} @@ -266,7 +266,7 @@ 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820966101330,"flow_src_last_pkt_time":1432821030791363,"flow_dst_last_pkt_time":1432820966101330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EAQ","proto_id":"190","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1432820954931988,"flow_src_last_pkt_time":1432821041151349,"flow_dst_last_pkt_time":1432820954931988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EAQ","proto_id":"190","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432820970111371,"flow_src_last_pkt_time":1432821034791791,"flow_dst_last_pkt_time":1432820970111371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432821045664868,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EAQ","proto_id":"190","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":197,"packets-processed":197,"total-skipped-flows":0,"total-l4-payload-len":13245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":29,"current-active-flows":0,"total-active-flows":31,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":269,"global_ts_usec":1432821045664868} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/EAQ.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":197,"packets-processed":197,"total-skipped-flows":0,"total-l4-payload-len":13245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":29,"current-active-flows":0,"total-active-flows":31,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":269,"global_ts_usec":1432821045664868} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 197/197 ~~ skipped flows.............: 0 @@ -275,9 +275,9 @@ ~~ total active/idle flows...: 31/31 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7837115 bytes -~~ total memory freed........: 7837115 bytes -~~ total allocations/frees...: 146911/146911 +~~ total memory allocated....: 11545254 bytes +~~ total memory freed........: 11545254 bytes +~~ total allocations/frees...: 217165/217165 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 525 chars ~~ json string max len.......: 1206 chars diff --git a/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out index 16b228038..b00e85292 100644 --- a/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out +++ b/test/results/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1228468937630923} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1228468937630923} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468937630923,"flow_src_last_pkt_time":1228468937630923,"flow_dst_last_pkt_time":1228468937630923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468937630923,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1228468937630923,"flow_dst_last_pkt_time":1228468937630923,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1228468937630923,"pkt":"ABgYesP\/AAFbAAaHCABFAABJQq5AAEARunwKIygWChcBKguAC4AANST+IS8xIDxpTVNTPgpUPTU1NTI4MjcxM3tDPS17QVY9RFMvMS81e0FUe019fX19"} 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1228468937630923,"flow_src_last_pkt_time":1228468937630923,"flow_dst_last_pkt_time":1228468937630923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1228468937630923,"l3_proto":"ip4","src_ip":"10.35.40.22","dst_ip":"10.23.1.42","src_port":2944,"dst_port":2944,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Megaco","proto_id":"181","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -49,7 +49,7 @@ 01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1228468958657176,"flow_src_last_pkt_time":1228469042380433,"flow_dst_last_pkt_time":1228469042442455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":338,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":833,"flow_src_tot_l4_payload_len":6036,"flow_dst_tot_l4_payload_len":6141,"midstream":0,"thread_ts_usec":1228469046884194,"l3_proto":"ip4","src_ip":"138.132.169.101","dst_ip":"192.168.100.219","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":24,"flow_first_seen":1228468958651923,"flow_src_last_pkt_time":1228469042381601,"flow_dst_last_pkt_time":1228469042445270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":383,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":881,"flow_dst_max_l4_payload_len":852,"flow_src_tot_l4_payload_len":12330,"flow_dst_tot_l4_payload_len":12210,"midstream":0,"thread_ts_usec":1228469046884194,"l3_proto":"ip4","src_ip":"10.35.40.25","dst_ip":"10.35.40.200","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1228468958651179,"flow_src_last_pkt_time":1228469042379188,"flow_dst_last_pkt_time":1228469042444514,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":383,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":881,"flow_dst_max_l4_payload_len":852,"flow_src_tot_l4_payload_len":6165,"flow_dst_tot_l4_payload_len":6105,"midstream":0,"thread_ts_usec":1228469046884194,"l3_proto":"ip4","src_ip":"10.35.60.72","dst_ip":"10.35.60.100","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00664{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1552,"packets-processed":1552,"total-skipped-flows":0,"total-l4-payload-len":193116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":6,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1228469046884194} +00664{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1552,"source":"cfgs\/default\/pcap\/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1552,"packets-processed":1552,"total-skipped-flows":0,"total-l4-payload-len":193116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":6,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1228469046884194} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1552/1552 ~~ skipped flows.............: 0 @@ -58,9 +58,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7820353 bytes -~~ total memory freed........: 7820353 bytes -~~ total allocations/frees...: 147967/147967 +~~ total memory allocated....: 11528908 bytes +~~ total memory freed........: 11528908 bytes +~~ total allocations/frees...: 218221/218221 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 589 chars ~~ json string max len.......: 2357 chars diff --git a/test/results/default/IEC104.pcap.out b/test/results/default/IEC104.pcap.out index 2c75e62e8..d400807ef 100644 --- a/test/results/default/IEC104.pcap.out +++ b/test/results/default/IEC104.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1317629088495135} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1317629088495135} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317629088495135,"flow_src_last_pkt_time":1317629088495135,"flow_dst_last_pkt_time":1317629088495135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317629088495135,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1317629088495135,"flow_dst_last_pkt_time":1317629088495135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1317629088495135,"pkt":"eCvLK7lWABIAxkrACABFAAAoUqRAAH0GWeoKr9MBCndpGglk1fBIoLt3AFkTVVAQ\/elpjgAAAAAAAAAA"} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317629088520615,"flow_src_last_pkt_time":1317629088520615,"flow_dst_last_pkt_time":1317629088520615,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317629088520615,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -14,7 +14,7 @@ 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1317629089467434,"flow_dst_last_pkt_time":1317629089666296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1317629089666296,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoK+dAAIAGAAAKd2kaCq\/TAdXwCWQAWRNVSKC7mFAQAP5RXAAA"} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1317629088495135,"flow_src_last_pkt_time":1317629090498077,"flow_dst_last_pkt_time":1317629090496349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":603,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317629090498077,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1317629088520615,"flow_src_last_pkt_time":1317629088536185,"flow_dst_last_pkt_time":1317629088739193,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317629090498077,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1317629090498077} +00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/IEC104.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1317629090498077} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769336 bytes -~~ total memory freed........: 7769336 bytes -~~ total allocations/frees...: 146397/146397 +~~ total memory allocated....: 11477939 bytes +~~ total memory freed........: 11477939 bytes +~~ total allocations/frees...: 216651/216651 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 529 chars ~~ json string max len.......: 1103 chars diff --git a/test/results/default/KakaoTalk_chat.pcap.out b/test/results/default/KakaoTalk_chat.pcap.out index a2b507360..bb7bdfaa6 100644 --- a/test/results/default/KakaoTalk_chat.pcap.out +++ b/test/results/default/KakaoTalk_chat.pcap.out @@ -1,5 +1,5 @@ -00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1430069021959113} +00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1430069021959113} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069021959113,"flow_src_last_pkt_time":1430069021959113,"flow_dst_last_pkt_time":1430069021959113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069021959113,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1430069021959113,"flow_dst_last_pkt_time":1430069021959113,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1430069021959113,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwAAEAAQBHSIAoYUrwKvAEBljAANQAogKaG7QEAAAEAAAAAAAAEYXV0aAVrYWthbwNjb20AAAEAAQ=="} 01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069021959113,"flow_src_last_pkt_time":1430069021959113,"flow_dst_last_pkt_time":1430069021959113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430069021959113,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","proto_id":"5.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"auth.kakao.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -267,7 +267,7 @@ 00937{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1430069044758795,"flow_src_last_pkt_time":1430069069274054,"flow_dst_last_pkt_time":1430069069017493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":168,"midstream":1,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1430069044758795,"flow_src_last_pkt_time":1430069069274054,"flow_dst_last_pkt_time":1430069069017493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":168,"midstream":1,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1430069022104834,"flow_src_last_pkt_time":1430069022104834,"flow_dst_last_pkt_time":1430069022234626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":80,"midstream":0,"thread_ts_usec":1430069073299933,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.KakaoTalk","proto_id":"5.193","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":347,"packets-processed":347,"total-skipped-flows":0,"total-l4-payload-len":52012,"total-not-detected-flows":0,"total-guessed-flows":5,"total-detected-flows":33,"total-detection-updates":33,"total-updates":1,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":270,"global_ts_usec":1430069073299933} +00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/KakaoTalk_chat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":347,"packets-processed":347,"total-skipped-flows":0,"total-l4-payload-len":52012,"total-not-detected-flows":0,"total-guessed-flows":5,"total-detected-flows":33,"total-detection-updates":33,"total-updates":1,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":270,"global_ts_usec":1430069073299933} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 347/347 ~~ skipped flows.............: 0 @@ -276,9 +276,9 @@ ~~ total active/idle flows...: 38/38 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7984535 bytes -~~ total memory freed........: 7984535 bytes -~~ total allocations/frees...: 147353/147353 +~~ total memory allocated....: 11692562 bytes +~~ total memory freed........: 11692562 bytes +~~ total allocations/frees...: 217607/217607 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 544 chars ~~ json string max len.......: 2369 chars diff --git a/test/results/default/KakaoTalk_talk.pcap.out b/test/results/default/KakaoTalk_talk.pcap.out index 05253fc37..2370f403f 100644 --- a/test/results/default/KakaoTalk_talk.pcap.out +++ b/test/results/default/KakaoTalk_talk.pcap.out @@ -1,5 +1,5 @@ -00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1430069140120551} +00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1430069140120551} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430069140120551,"flow_src_last_pkt_time":1430069140120551,"flow_dst_last_pkt_time":1430069140120551,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1430069140120551,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1430069140120551,"flow_dst_last_pkt_time":1430069140120551,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"thread_ts_usec":1430069140120551,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAHLza0AAPwZJVQoYUrxn9jn7x00fkMsN+RcrPwfugBgApZHwAAABAQgKAAs11Jj3Xso6AAAArVkC\/4gP\/deLY5qAl+gvk5f8xql5QXAwvM9bb5tQyHwtP1GibAaltsw94jGcvj4NNAB8Nc8SXCTCPg=="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1430069140120551,"flow_dst_last_pkt_time":1430069140453803,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1430069140453803,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADRbKkAALgby1Gf2OfsKGFK8H5DHTSs\/B+7LDflVgBAADqYIAAABAQgKmPgkmwALNdQ="} @@ -141,7 +141,7 @@ 01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1430069170892951,"flow_src_last_pkt_time":1430069214736731,"flow_dst_last_pkt_time":1430069214355292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":78,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":98,"flow_src_tot_l4_payload_len":1058,"flow_dst_tot_l4_payload_len":1058,"midstream":0,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"KakaoTalk_Voice","proto_id":"194","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00935{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1430069164656714,"flow_src_last_pkt_time":1430069216559027,"flow_dst_last_pkt_time":1430069164839667,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":876,"flow_dst_tot_l4_payload_len":42,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00792{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1430069164656714,"flow_src_last_pkt_time":1430069216559027,"flow_dst_last_pkt_time":1430069164839667,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":876,"flow_dst_tot_l4_payload_len":42,"midstream":1,"thread_ts_usec":1430069216559027,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} -00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":3203,"packets-processed":3203,"total-skipped-flows":0,"total-l4-payload-len":291404,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":11,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":144,"global_ts_usec":1430069216559027} +00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3203,"source":"cfgs\/default\/pcap\/KakaoTalk_talk.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3203,"packets-processed":3203,"total-skipped-flows":0,"total-l4-payload-len":291404,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":11,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":144,"global_ts_usec":1430069216559027} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3203/3203 ~~ skipped flows.............: 0 @@ -150,9 +150,9 @@ ~~ total active/idle flows...: 20/20 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7925643 bytes -~~ total memory freed........: 7925643 bytes -~~ total allocations/frees...: 149816/149816 +~~ total memory allocated....: 11633958 bytes +~~ total memory freed........: 11633958 bytes +~~ total allocations/frees...: 220070/220070 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 542 chars ~~ json string max len.......: 2713 chars diff --git a/test/results/default/NTPv2.pcap.out b/test/results/default/NTPv2.pcap.out index 123378e81..b442b8a31 100644 --- a/test/results/default/NTPv2.pcap.out +++ b/test/results/default/NTPv2.pcap.out @@ -1,10 +1,10 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1436865383632810} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1436865383632810} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865383632810,"flow_src_last_pkt_time":1436865383632810,"flow_dst_last_pkt_time":1436865383632810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":368,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":368,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":368,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865383632810,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01000{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1436865383632810,"flow_dst_last_pkt_time":1436865383632810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"thread_ts_usec":1436865383632810,"pkt":"RIpbLCrSACaIdf8bCABFAAGMHS4AADERoZDQaF8KTi5MAgB7AFABeH6Xlw4DKgAFAEgAAAAAAAAQOgAAAAAAAAGISO9ZbawQDGUAAAABDAIHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAQZwAAAAAAAADHQLufDawQDGUAAAABuxwHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQxAAAAAAAAAa6UEgp0qwQDGUAAAABKtoHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2AAAAAAAAAWzX1q4C6wQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2wAAAAAAAAWRR3um9qwQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865383632810,"flow_src_last_pkt_time":1436865383632810,"flow_dst_last_pkt_time":1436865383632810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":368,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":368,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":368,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865383632810,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"request_code":42,"version":42}}} 01081{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865383632810,"flow_src_last_pkt_time":1436865383632810,"flow_dst_last_pkt_time":1436865383632810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":368,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":368,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":368,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865383632810,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1436865383632810} +00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1436865383632810} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766782 bytes -~~ total memory freed........: 7766782 bytes -~~ total allocations/frees...: 146372/146372 +~~ total memory allocated....: 11475401 bytes +~~ total memory freed........: 11475401 bytes +~~ total allocations/frees...: 216626/216626 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 566 chars ~~ json string max len.......: 1087 chars diff --git a/test/results/default/NTPv3.pcap.out b/test/results/default/NTPv3.pcap.out index 0e3c8eb25..948dce7d7 100644 --- a/test/results/default/NTPv3.pcap.out +++ b/test/results/default/NTPv3.pcap.out @@ -1,10 +1,10 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1436865405371462} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1436865405371462} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865405371462,"flow_src_last_pkt_time":1436865405371462,"flow_dst_last_pkt_time":1436865405371462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865405371462,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1436865405371462,"flow_dst_last_pkt_time":1436865405371462,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1436865405371462,"pkt":"RIpbLCrSACaIdf8bCABFAABMAABAADcRbcOvkIwdTi5MAgB7AFAAOLcYHAAE+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZT08RAAAAANlPTxEAAAAA"} 01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865405371462,"flow_src_last_pkt_time":1436865405371462,"flow_dst_last_pkt_time":1436865405371462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865405371462,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"request_code":0,"version":0}}} 01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865405371462,"flow_src_last_pkt_time":1436865405371462,"flow_dst_last_pkt_time":1436865405371462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865405371462,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00627{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1436865405371462} +00627{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1436865405371462} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766782 bytes -~~ total memory freed........: 7766782 bytes -~~ total allocations/frees...: 146372/146372 +~~ total memory allocated....: 11475401 bytes +~~ total memory freed........: 11475401 bytes +~~ total allocations/frees...: 216626/216626 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 566 chars ~~ json string max len.......: 1084 chars diff --git a/test/results/default/NTPv4.pcap.out b/test/results/default/NTPv4.pcap.out index 8ee658ba4..3127e3e45 100644 --- a/test/results/default/NTPv4.pcap.out +++ b/test/results/default/NTPv4.pcap.out @@ -1,10 +1,10 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1436865396190857} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1436865396190857} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865396190857,"flow_src_last_pkt_time":1436865396190857,"flow_dst_last_pkt_time":1436865396190857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865396190857,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1436865396190857,"flow_dst_last_pkt_time":1436865396190857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1436865396190857,"pkt":"RIpb2HMEACaIdf8bCABFAABMrX9AADcRaFpVFj54Ti5MCwB7AHsAOKmfIwIH6wAABFAAAAOrg7wD39lPUcMxZbhg2URXVTAzb9DZRFdVMbTpeNlPUfQtJuL0"} 01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865396190857,"flow_src_last_pkt_time":1436865396190857,"flow_dst_last_pkt_time":1436865396190857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865396190857,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","ntp": {"request_code":0,"version":0}}} 01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436865396190857,"flow_src_last_pkt_time":1436865396190857,"flow_dst_last_pkt_time":1436865396190857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436865396190857,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NTP","proto_id":"9","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00627{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1436865396190857} +00627{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/NTPv4.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1436865396190857} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766782 bytes -~~ total memory freed........: 7766782 bytes -~~ total allocations/frees...: 146372/146372 +~~ total memory allocated....: 11475401 bytes +~~ total memory freed........: 11475401 bytes +~~ total allocations/frees...: 216626/216626 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 566 chars ~~ json string max len.......: 1084 chars diff --git a/test/results/default/Oscar.pcap.out b/test/results/default/Oscar.pcap.out index 026b5cefc..3a4fe8a22 100644 --- a/test/results/default/Oscar.pcap.out +++ b/test/results/default/Oscar.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1434606464176482} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1434606464176482} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1434606464176482,"flow_src_last_pkt_time":1434606464176482,"flow_dst_last_pkt_time":1434606464176482,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1434606464176482,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1434606464176482,"flow_dst_last_pkt_time":1434606464176482,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1434606464176482,"pkt":"AAxCW5ILDE3pmjdICABFAABAZ9pAAEAGAAAKHh0Dsu0Y+fd9Abu9oGylAAAAALAC\/\/\/zOQAAAgQFtAEDAwUBAQgKFdAS4wAAAAAEAgAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1434606464176482,"flow_dst_last_pkt_time":1434606464205135,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1434606464205135,"pkt":"DE3pmjdIAAxCW5ILCABFAAAsd\/VAAG8GoM+y7Rj5Ch4dAwG7933\/L+hsvaBspmASQABaVgAAAgQFUAAA"} @@ -9,7 +9,7 @@ 01999{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1434606464176482,"flow_src_last_pkt_time":1434606524600171,"flow_dst_last_pkt_time":1434606524130160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":1138,"flow_dst_tot_l4_payload_len":3047,"midstream":0,"thread_ts_usec":1434606524600171,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":3883141.0,"max":58215154,"stddev":14267685.0,"var":203566836875264.0,"ent":1.3,"data": [28653,28776,8916,42424,33521,518,478,147,33511,33418,288,33636,843,34123,226,44565,44326,32783,32790,157,115,322,31348,31096,58175544,58215154,3,39626,1457397,1490083,502580]},"pktlen": {"min":40,"avg":172.5,"max":1400,"stddev":263.3,"var":69345.6,"ent":4.0,"data": [64,46,40,355,50,40,605,40,92,130,40,56,1400,337,40,66,46,152,497,40,270,40,252,46,335,76,46,78,40,78,46,76]},"bins": {"c_to_s": [11,4,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,1,0,0,0,0,1,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0],"entropies": [4.441382408,4.871388912,4.661769390,7.090702057,4.724371910,4.661769390,5.245636463,4.661769390,4.009517670,4.346171379,4.611769676,4.280395031,3.817430019,3.863874197,4.611769676,4.309496880,4.501398563,3.542632341,4.154665947,4.611769676,3.726292849,4.611769199,5.504406452,4.457919598,3.418277502,4.801239491,4.544876099,5.035846710,4.611769676,4.478143215,4.501398087,4.761171341]}} 01057{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":38,"flow_dst_packets_processed":33,"flow_first_seen":1434606464176482,"flow_src_last_pkt_time":1434606536630487,"flow_dst_last_pkt_time":1434606536630387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":1504,"flow_dst_tot_l4_payload_len":3946,"midstream":0,"thread_ts_usec":1434606536630487,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully encrypted flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":38,"flow_dst_packets_processed":33,"flow_first_seen":1434606464176482,"flow_src_last_pkt_time":1434606536630487,"flow_dst_last_pkt_time":1434606536630387,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":315,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":1504,"flow_dst_tot_l4_payload_len":3946,"midstream":0,"thread_ts_usec":1434606536630487,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":71,"packets-processed":71,"total-skipped-flows":0,"total-l4-payload-len":5450,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1434606536630487} +00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/Oscar.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":71,"packets-processed":71,"total-skipped-flows":0,"total-l4-payload-len":5450,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1434606536630487} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 71/71 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7770860 bytes -~~ total memory freed........: 7770860 bytes -~~ total allocations/frees...: 146443/146443 +~~ total memory allocated....: 11479479 bytes +~~ total memory freed........: 11479479 bytes +~~ total allocations/frees...: 216697/216697 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 532 chars ~~ json string max len.......: 2004 chars diff --git a/test/results/default/TivoDVR.pcap.out b/test/results/default/TivoDVR.pcap.out index 073708471..73c3c82a5 100644 --- a/test/results/default/TivoDVR.pcap.out +++ b/test/results/default/TivoDVR.pcap.out @@ -1,11 +1,11 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1659655707553802} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1659655707553802} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1659655707553802,"flow_src_last_pkt_time":1659655707553802,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":167,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1659655707553802,"l3_proto":"ip4","src_ip":"98.245.242.69","dst_ip":"255.255.255.255","src_port":2190,"dst_port":2190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1659655707553802,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":175,"thread_ts_usec":1659655707553802,"pkt":"\/\/\/\/\/\/\/\/AszAqMnfCABFIADDAABAAEAR5M9i9fJF\/\/\/\/\/wiOCI4Ar6TAVGlWb0Nvbm5lY3Q9MQpzd3ZlcnNpb249MS4wCm1ldGhvZD1icm9hZGNhc3QKaWRlbnRpdHk9dXVpZDo0ZDY5NmU2OS00NDRjLTE2NGUtOWQ0MS0xNDU5YzA5OWMwNDMKbWFjaGluZT1SNzAwMFAKcGxhdGZvcm09cGMvbWluaWRsbmEKc2VydmljZXM9VGlWb01lZGlhU2VydmVyOjgyMDAvaHR0cArT0Q=="} 01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1659655707553802,"flow_src_last_pkt_time":1659655707553802,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":167,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1659655707553802,"l3_proto":"ip4","src_ip":"98.245.242.69","dst_ip":"255.255.255.255","src_port":2190,"dst_port":2190,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TiVoConnect","proto_id":"308","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","tivoconnect": {"identity_uuid":"4d696e69-444c-164e-9d41-1459c099c043","machine":"R7000P","platform":"pc\/minidlna","services":"TiVoMediaServer:8200\/http"}}} 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1659655707554438,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":175,"thread_ts_usec":1659655707554438,"pkt":"\/\/\/\/\/\/\/\/AszAqMnfCABFIADDAABAAEAR5M9i9fJF\/\/\/\/\/wiOCI4Ar6TAVGlWb0Nvbm5lY3Q9MQpzd3ZlcnNpb249MS4wCm1ldGhvZD1icm9hZGNhc3QKaWRlbnRpdHk9dXVpZDo0ZDY5NmU2OS00NDRjLTE2NGUtOWQ0MS0xNDU5YzA5OWMwNDMKbWFjaGluZT1SNzAwMFAKcGxhdGZvcm09cGMvbWluaWRsbmEKc2VydmljZXM9VGlWb01lZGlhU2VydmVyOjgyMDAvaHR0cArT0Q=="} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1659655707553802,"flow_src_last_pkt_time":1659655707554438,"flow_dst_last_pkt_time":1659655707553802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":167,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1659655707554438,"l3_proto":"ip4","src_ip":"98.245.242.69","dst_ip":"255.255.255.255","src_port":2190,"dst_port":2190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TiVoConnect","proto_id":"308","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} -00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":334,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1659655707554438} +00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/TivoDVR.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":334,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1659655707554438} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766783 bytes -~~ total memory freed........: 7766783 bytes -~~ total allocations/frees...: 146372/146372 +~~ total memory allocated....: 11475402 bytes +~~ total memory freed........: 11475402 bytes +~~ total allocations/frees...: 216626/216626 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 568 chars ~~ json string max len.......: 1093 chars diff --git a/test/results/default/WebattackRCE.pcap.out b/test/results/default/WebattackRCE.pcap.out index b33ceaa00..351ad0e51 100644 --- a/test/results/default/WebattackRCE.pcap.out +++ b/test/results/default/WebattackRCE.pcap.out @@ -1,5 +1,5 @@ -00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1576420276577658} +00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1576420276577658} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276577658,"flow_src_last_pkt_time":1576420276577658,"flow_dst_last_pkt_time":1576420276577658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276577658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1576420276577658,"flow_dst_last_pkt_time":1576420276577658,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1576420276577658,"pkt":"AAAAAAAAAAAAAAAACABFAAC5VktAAEAG5fF\/AAABfwAAAcGIH5Al+2Gy82DXQ4AYAED+rQAAAQEICp1m+omdZvqJR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpQb3J0IENoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} 01475{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420276577658,"flow_src_last_pkt_time":1576420276577658,"flow_dst_last_pkt_time":1576420276577658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420276577658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"127.0.0.1","http": {"url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Port Check)","detected_os":"Nikto\/2.1.6"}}} @@ -3188,7 +3188,7 @@ 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277890802,"flow_src_last_pkt_time":1576420277890802,"flow_dst_last_pkt_time":1576420277890802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":147,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":147,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420278014387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277892206,"flow_src_last_pkt_time":1576420277892206,"flow_dst_last_pkt_time":1576420277892206,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":173,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":173,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420278014387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576420277893798,"flow_src_last_pkt_time":1576420277893798,"flow_dst_last_pkt_time":1576420277893798,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":187,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1576420278014387,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":797,"packets-processed":797,"total-skipped-flows":0,"total-l4-payload-len":138401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":797,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":797,"total-idle-flows":797,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3191,"global_ts_usec":1576420278014387} +00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":797,"source":"cfgs\/default\/pcap\/WebattackRCE.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":797,"packets-processed":797,"total-skipped-flows":0,"total-l4-payload-len":138401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":797,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":797,"total-idle-flows":797,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3191,"global_ts_usec":1576420278014387} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 797/797 ~~ skipped flows.............: 0 @@ -3197,9 +3197,9 @@ ~~ total active/idle flows...: 797/797 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9650805 bytes -~~ total memory freed........: 9650805 bytes -~~ total allocations/frees...: 160495/160495 +~~ total memory allocated....: 13346688 bytes +~~ total memory freed........: 13346688 bytes +~~ total allocations/frees...: 230749/230749 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 573 chars ~~ json string max len.......: 1892 chars diff --git a/test/results/default/WebattackSQLinj.pcap.out b/test/results/default/WebattackSQLinj.pcap.out index 6c76e86f4..c9b01263e 100644 --- a/test/results/default/WebattackSQLinj.pcap.out +++ b/test/results/default/WebattackSQLinj.pcap.out @@ -1,5 +1,5 @@ -00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1499348407419016} +00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1499348407419016} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499348407419016,"flow_src_last_pkt_time":1499348407419016,"flow_dst_last_pkt_time":1499348407419016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348407419016,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1499348407419016,"flow_dst_last_pkt_time":1499348407419016,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348407419016,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84aRAAD4G5CusEAABwKgKMo1kAFAWk4RJAAAAAKACchDPRwAAAgQFtAQCCAoBPmXtAAAAAAEDAwc="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1499348407419016,"flow_dst_last_pkt_time":1499348407419147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499348407419147,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWS7EzBkFpOESqAScSCpZgAAAgQFtAQCCAoD6DdgAT5l7QEDAwc="} @@ -72,7 +72,7 @@ 01318{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1499348494345596,"flow_src_last_pkt_time":1499348499355896,"flow_dst_last_pkt_time":1499348499355969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":1840,"flow_src_tot_l4_payload_len":536,"flow_dst_tot_l4_payload_len":1840,"midstream":0,"thread_ts_usec":1499348519077716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"2": {"risk":"SQL Injection","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01318{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1499348506489087,"flow_src_last_pkt_time":1499348511497289,"flow_dst_last_pkt_time":1499348511496699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":537,"flow_dst_max_l4_payload_len":1881,"flow_src_tot_l4_payload_len":537,"flow_dst_tot_l4_payload_len":1881,"midstream":0,"thread_ts_usec":1499348519077716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"2": {"risk":"SQL Injection","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01318{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1499348514064531,"flow_src_last_pkt_time":1499348519077716,"flow_dst_last_pkt_time":1499348519077129,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":600,"flow_dst_max_l4_payload_len":2701,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":4149,"midstream":0,"thread_ts_usec":1499348519077716,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"2": {"risk":"SQL Injection","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":94,"packets-processed":94,"total-skipped-flows":0,"total-l4-payload-len":23660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":75,"global_ts_usec":1499348519077716} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/WebattackSQLinj.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":94,"packets-processed":94,"total-skipped-flows":0,"total-l4-payload-len":23660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":75,"global_ts_usec":1499348519077716} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 94/94 ~~ skipped flows.............: 0 @@ -81,9 +81,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7790178 bytes -~~ total memory freed........: 7790178 bytes -~~ total allocations/frees...: 146636/146636 +~~ total memory allocated....: 11498669 bytes +~~ total memory freed........: 11498669 bytes +~~ total allocations/frees...: 216890/216890 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 553 chars ~~ json string max len.......: 1507 chars diff --git a/test/results/default/WebattackXSS.pcap.out b/test/results/default/WebattackXSS.pcap.out index 377de19b4..923db02ce 100644 --- a/test/results/default/WebattackXSS.pcap.out +++ b/test/results/default/WebattackXSS.pcap.out @@ -1,5 +1,5 @@ -00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1499346935283859} +00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1499346935283859} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499346935283859,"flow_src_last_pkt_time":1499346935283859,"flow_dst_last_pkt_time":1499346935283859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499346935283859,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1499346935283859,"flow_dst_last_pkt_time":1499346935283859,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346935283859,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wadAAD4GBCmsEAABwKgKMsuCAFAodgngAAAAAKACchCXWwAAAgQFtAQCCAoBOMhHAAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1499346935283859,"flow_dst_last_pkt_time":1499346935283960,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499346935283960,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy4I5j3VaKHYJ4aAScSBLsAAAAgQFtAQCCAoD4pm+ATjIRwEDAwc="} @@ -2515,7 +2515,7 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4734,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_src_last_pkt_time":1499347535081002,"flow_dst_last_pkt_time":1499347535081002,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347535081002,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vMpAAD4GCQasEAABwKgKMuNwAFAre67MAAAAAKACchCNugAAAgQFtAQCCAoBOxIGAAAAAAEDAwc="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4735,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":2,"flow_src_last_pkt_time":1499347535081002,"flow_dst_last_pkt_time":1499347535081123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347535081123,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ43Bd+kT3K3uuzaAScSAESAAAAgQFtAQCCAoD5ON7ATsSBgEDAwc="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4736,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":3,"flow_src_last_pkt_time":1499347535081893,"flow_dst_last_pkt_time":1499347535081123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1499347535081893,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vMtAAD4GCQ2sEAABwKgKMuNwAFAre67NXfpE+IAQAOWjTwAAAQEICgE7EgYD5ON7"} -00657{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4740,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4740,"packets-processed":4739,"total-skipped-flows":0,"total-l4-payload-len":2075670,"total-not-detected-flows":0,"total-guessed-flows":242,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":82,"total-active-flows":334,"total-idle-flows":252,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2518,"global_ts_usec":1499347536104726} +00657{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4740,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4740,"packets-processed":4739,"total-skipped-flows":0,"total-l4-payload-len":2075670,"total-not-detected-flows":0,"total-guessed-flows":242,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":82,"total-active-flows":334,"total-idle-flows":252,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2518,"global_ts_usec":1499347536104726} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4743,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1499347536332683,"flow_src_last_pkt_time":1499347536332683,"flow_dst_last_pkt_time":1499347536332683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499347536332683,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4743,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_src_last_pkt_time":1499347536332683,"flow_dst_last_pkt_time":1499347536332683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347536332683,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iGJAAD4GPW6sEAABwKgKMuN+AFBSPZtdAAAAAKACchB5IAAAAgQFtAQCCAoBOxM\/AAAAAAEDAwc="} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4744,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":2,"flow_src_last_pkt_time":1499347536332683,"flow_dst_last_pkt_time":1499347536332809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1499347536332809,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ434l0Xf0Uj2bXqAScSDzoAAAAgQFtAQCCAoD5OS0ATsTPwEDAwc="} @@ -5302,7 +5302,7 @@ 00957{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348099359601,"flow_src_last_pkt_time":1499348099360303,"flow_dst_last_pkt_time":1499348099359726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} 00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1499348099359601,"flow_src_last_pkt_time":1499348099360303,"flow_dst_last_pkt_time":1499348099359726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01320{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"finished","flow_src_packets_processed":206,"flow_dst_packets_processed":105,"flow_first_seen":1499347939286105,"flow_src_last_pkt_time":1499348006339850,"flow_dst_last_pkt_time":1499348006339926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":585,"flow_dst_max_l4_payload_len":1870,"flow_src_tot_l4_payload_len":48985,"flow_dst_tot_l4_payload_len":183687,"midstream":0,"thread_ts_usec":1499348099366088,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00658{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":9374,"packets-processed":9374,"total-skipped-flows":0,"total-l4-payload-len":4091888,"total-not-detected-flows":0,"total-guessed-flows":639,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":661,"total-idle-flows":661,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5305,"global_ts_usec":1499348099366088} +00658{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"cfgs\/default\/pcap\/WebattackXSS.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":9374,"packets-processed":9374,"total-skipped-flows":0,"total-l4-payload-len":4091888,"total-not-detected-flows":0,"total-guessed-flows":639,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":661,"total-idle-flows":661,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5305,"global_ts_usec":1499348099366088} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9374/9374 ~~ skipped flows.............: 0 @@ -5311,9 +5311,9 @@ ~~ total active/idle flows...: 661/661 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9465130 bytes -~~ total memory freed........: 9465130 bytes -~~ total allocations/frees...: 163177/163177 +~~ total memory allocated....: 13163189 bytes +~~ total memory freed........: 13163189 bytes +~~ total allocations/frees...: 233431/233431 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 550 chars ~~ json string max len.......: 2577 chars diff --git a/test/results/default/activision.pcap.out b/test/results/default/activision.pcap.out index 9f78907d6..5d0043a29 100644 --- a/test/results/default/activision.pcap.out +++ b/test/results/default/activision.pcap.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1646323526787000} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1646323526787000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646323526787000,"flow_src_last_pkt_time":1646323526787000,"flow_dst_last_pkt_time":1646323526787000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646323526787000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"108.61.235.31","src_port":3074,"dst_port":33441,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1646323526787000,"flow_dst_last_pkt_time":1646323526787000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1646323526787000,"pkt":"eJS0JASgYDjgxTWgCABFAAA5voEAAH8RYsnAqAJkbD3rHwwCgqEAJX0XDQIA093tA5YWaZgaJ69POBvAqAAVAgxsPesfoYI="} 01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646323526787000,"flow_src_last_pkt_time":1646323526787000,"flow_dst_last_pkt_time":1646323526787000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646323526787000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"108.61.235.31","src_port":3074,"dst_port":33441,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -15,7 +15,7 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1646323628122000,"flow_dst_last_pkt_time":1646323628154000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1646323628154000,"pkt":"YDjgxTWgeJS0JASgCABFAAA3hJNAADURYKEtP3A2wKgCZIe1DAIAI0xRKQoAAADOR0ROAAAAAAEAAAAAAAAAAAAAAAAA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1646323628324000,"flow_dst_last_pkt_time":1646323628154000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1646323628324000,"pkt":"eJS0JASgYDjgxTWgCABFAAAu0NYAAH8RCmfAqAJkLT9wNgwCh7UAGpZYKLBaR04AAAAAFgAAAAAEGqAA"} 01096{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646323526787000,"flow_src_last_pkt_time":1646323528362000,"flow_dst_last_pkt_time":1646323528329000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646323628926000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"108.61.235.31","src_port":3074,"dst_port":33441,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1646330186021000} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1646330186021000} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646330186021000,"flow_src_last_pkt_time":1646330186021000,"flow_dst_last_pkt_time":1646330186021000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646330186021000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.72.173.162","src_port":3074,"dst_port":34311,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1646330186021000,"flow_dst_last_pkt_time":1646330186021000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1646330186021000,"pkt":"eJS0JASgYDjgxTWgCABFAAA5ncMAAH8RmPnAqAJklEitogwChgcAJQKmDQIAJQp5Uq9Qqtxv2LxZymHAqAAVAgyUSK2iB4Y="} 01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646330186021000,"flow_src_last_pkt_time":1646330186021000,"flow_dst_last_pkt_time":1646330186021000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646330186021000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.72.173.162","src_port":3074,"dst_port":34311,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -25,7 +25,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1646330186436000,"flow_dst_last_pkt_time":1646330186357000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1646330186436000,"pkt":"eJS0JASgYDjgxTWgCABFAAAuncUAAH8RmQLAqAJklEitogwChgcAGpHFKNl9LNUBAAAAcgYAAKNJ1wsA"} 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646323628043000,"flow_src_last_pkt_time":1646323628926000,"flow_dst_last_pkt_time":1646323628858000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646330187441000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"45.63.112.54","src_port":3074,"dst_port":34741,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646323526787000,"flow_src_last_pkt_time":1646323528362000,"flow_dst_last_pkt_time":1646323528329000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646330187441000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"108.61.235.31","src_port":3074,"dst_port":33441,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":1038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1646331972616000} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":1038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1646331972616000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646331972616000,"flow_src_last_pkt_time":1646331972616000,"flow_dst_last_pkt_time":1646331972616000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646331972616000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"173.199.67.5","src_port":3074,"dst_port":37081,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1646331972616000,"flow_dst_last_pkt_time":1646331972616000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1646331972616000,"pkt":"eJS0JASgYDjgxTWgCABFAAA5EsQAAH8RdRfAqAJkrcdDBQwCkNkAJZrDDQIAgisORyh+2Z3JjlEt75TAqAAVAgytx0MF2ZA="} 01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646331972616000,"flow_src_last_pkt_time":1646331972616000,"flow_dst_last_pkt_time":1646331972616000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646331972616000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"173.199.67.5","src_port":3074,"dst_port":37081,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -35,7 +35,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1646331972856000,"flow_dst_last_pkt_time":1646331972816000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1646331972856000,"pkt":"eJS0JASgYDjgxTWgCABFAAAuEsYAAH8RdSDAqAJkrcdDBQwCkNkAGqUkKMQtpz8CAAAAVggAAAozEzkA"} 01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646330186021000,"flow_src_last_pkt_time":1646330187441000,"flow_dst_last_pkt_time":1646330187364000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646331973357000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.72.173.162","src_port":3074,"dst_port":34311,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646331972616000,"flow_src_last_pkt_time":1646331973357000,"flow_dst_last_pkt_time":1646331973318000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":29,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":191,"midstream":0,"thread_ts_usec":1646331973357000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"173.199.67.5","src_port":3074,"dst_port":37081,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Activision","proto_id":"258","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":1384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1646331973357000} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/activision.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":1384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1646331973357000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7774937 bytes -~~ total memory freed........: 7774937 bytes -~~ total allocations/frees...: 146464/146464 +~~ total memory allocated....: 11483508 bytes +~~ total memory freed........: 11483508 bytes +~~ total allocations/frees...: 216718/216718 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 539 chars ~~ json string max len.......: 1101 chars diff --git a/test/results/default/adult_content.pcap.out b/test/results/default/adult_content.pcap.out index 5ab41398e..a3ec25cc5 100644 --- a/test/results/default/adult_content.pcap.out +++ b/test/results/default/adult_content.pcap.out @@ -1,14 +1,15 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1679071239291834} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1679071239291834} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239291834,"flow_dst_last_pkt_time":1679071239291834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679071239291834,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1679071239291834,"flow_dst_last_pkt_time":1679071239291834,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1679071239291834,"pkt":"ILAB4IZiPKn0qB\/sCABFAAAwUDlAAEAR7PPAqAHHH9wbRacHAFAAHI2nAAEAACESpEJBM1FjaTROdXJPS0E="} +01185{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239291834,"flow_dst_last_pkt_time":1679071239291834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679071239291834,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1679071239291834,"flow_dst_last_pkt_time":1679071239312300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1679071239312300,"pkt":"PKn0qB\/sILAB4IZiCABFAABoeTpAADIR0bof3BtFwKgBxwBQpwcAVCaFAQEAOCESpEJBM1FjaTROdXJPS0EAIAAIAAHJnHwxD+MAAQAIAAHojl0jq6GAKwAIAAEAUB\/cG0WALAAIAAEII38AAPmAKAAEnVw8wQ=="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1679071239347013,"flow_dst_last_pkt_time":1679071239312300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1679071239347013,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA4UEdAAEAR7N3AqAHHH9wbRacHAFAAJJk0AAMACCESpEJDQlZzSWpnT21uMy8AGQAEEQAAAA=="} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1679071239347013,"flow_dst_last_pkt_time":1679071239366897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1679071239366897,"pkt":"PKn0qB\/sILAB4IZiCABFAAB4eXNAADIR0XEf3BtFwKgBxwBQpwcAZAaAARMASCESpEJDQlZzSWpnT21uMy8ACQAQAAAEAVVuYXV0aG9yaXplZAAVABBmYzdlNjU3YjkzODY1NGJmABQAE2ItZXUxNC5zdHJpcGNkbi5jb20AgCgABDFJxvQ="} -01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239347013,"flow_dst_last_pkt_time":1679071239366897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1679071239366897,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.AdultContent","proto_id":"78.108","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":34,"category":"AdultContent","hostname":"b-eu14.stripcdn.com","stun": {"num_pkts":3,"num_binding_requests":1,"num_processed_pkts":2}}} +01127{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239347013,"flow_dst_last_pkt_time":1679071239366897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1679071239366897,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.AdultContent","proto_id":"78.108","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":34,"category":"AdultContent","hostname":"b-eu14.stripcdn.com"}} 00662{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1679071239367273,"flow_dst_last_pkt_time":1679071239366897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1679071239367273,"pkt":"ILAB4IZiPKn0qB\/sCABFAACIUEtAAEAR7InAqAHHH9wbRacHAFAAdHxgAAMAWCESpEJ4VHYxS21GNEJWa2kAGQAEEQAAAAAGAAdqb2huZG9lAAAUABNiLWV1MTQuc3RyaXBjZG4uY29tAAAVABBmYzdlNjU3YjkzODY1NGJmAAgAFKX\/EIV4M7nf301az2ompIrGx4iF"} 01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":14,"flow_first_seen":1679071239291834,"flow_src_last_pkt_time":1679071239509436,"flow_dst_last_pkt_time":1679071239465594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1204,"flow_dst_max_l4_payload_len":1376,"flow_src_tot_l4_payload_len":3131,"flow_dst_tot_l4_payload_len":3791,"midstream":0,"thread_ts_usec":1679071239509436,"l3_proto":"ip4","src_ip":"192.168.1.199","dst_ip":"31.220.27.69","src_port":42759,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.AdultContent","proto_id":"78.108","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":34,"category":"AdultContent"}} -00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":25,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":6922,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1679071239509436} +00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/adult_content.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":25,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":6922,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1679071239509436} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 25/25 ~~ skipped flows.............: 0 @@ -17,10 +18,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767478 bytes -~~ total memory freed........: 7767478 bytes -~~ total allocations/frees...: 146396/146396 +~~ total memory allocated....: 11476097 bytes +~~ total memory freed........: 11476097 bytes +~~ total allocations/frees...: 216650/216650 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 547 chars -~~ json string max len.......: 1195 chars -~~ json string avg len.......: 857 chars +~~ json string max len.......: 1190 chars +~~ json string avg len.......: 867 chars diff --git a/test/results/default/afp.pcap.out b/test/results/default/afp.pcap.out index 8d71b6151..9c36be542 100644 --- a/test/results/default/afp.pcap.out +++ b/test/results/default/afp.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643275951277370} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643275951277370} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643275951277370,"flow_src_last_pkt_time":1643275951277370,"flow_dst_last_pkt_time":1643275951277370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643275951277370,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643275951277370,"flow_dst_last_pkt_time":1643275951277370,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1643275951277370,"pkt":"ABxCVgfWYPgdrn1ECABFAABKAABAAEAGgpnAqBs5wKgbi\/3bAiR+nkVXU19RioAYCHEmJgAAAQEICtTtV\/gAQrf\/AAIixgAAAAAAAAAGAAAAABEAAAIOHA=="} 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643275951277370,"flow_src_last_pkt_time":1643275951277370,"flow_dst_last_pkt_time":1643275951277370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643275951277370,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AFP","proto_id":"97","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} @@ -8,7 +8,7 @@ 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1643275951277702,"flow_dst_last_pkt_time":1643275951277547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1643275951277702,"pkt":"ABxCVgfWYPgdrn1ECABFAAA0AABAAEAGgq\/AqBs5wKgbi\/3bAiR+nkVtU19RvIAQCHBcrAAAAQEICtTtV\/gAQsM8"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643275951277715,"flow_dst_last_pkt_time":1643275951277547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1643275951277715,"pkt":"ABxCVgfWYPgdrn1ECABFAAA0AABAAEAGgq\/AqBs5wKgbi\/3bAiR+nkVtU19RvIAQCHBcrAAAAQEICtTtV\/gAQsM8"} 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":4,"flow_first_seen":1643275951277370,"flow_src_last_pkt_time":1643275952364726,"flow_dst_last_pkt_time":1643275952364172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":50,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":118,"midstream":1,"thread_ts_usec":1643275952364726,"l3_proto":"ip4","src_ip":"192.168.27.57","dst_ip":"192.168.27.139","src_port":64987,"dst_port":548,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AFP","proto_id":"97","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1643275952364726} +00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/afp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1643275952364726} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767217 bytes -~~ total memory freed........: 7767217 bytes -~~ total allocations/frees...: 146387/146387 +~~ total memory allocated....: 11475836 bytes +~~ total memory freed........: 11475836 bytes +~~ total allocations/frees...: 216641/216641 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 542 chars ~~ json string max len.......: 1099 chars diff --git a/test/results/default/agora-sd-rtn.pcap.out b/test/results/default/agora-sd-rtn.pcap.out index 2978b00ac..b8abbb423 100644 --- a/test/results/default/agora-sd-rtn.pcap.out +++ b/test/results/default/agora-sd-rtn.pcap.out @@ -1,5 +1,5 @@ -00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1649093494350000} +00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1649093494350000} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093494350000,"flow_src_last_pkt_time":1649093494350000,"flow_dst_last_pkt_time":1649093494350000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":234,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649093494350000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00829{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1649093494350000,"flow_dst_last_pkt_time":1649093494350000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649093494350000,"pkt":"eJS0JASgYDjgxTWgCABFoAEG97pAAD8RrNTAqAJkF\/i6s4vCH8IA8rYwAFo4TAAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAJfnTudXVvVf7BhRNFQtkmabzFsc4YGcbhGqIyaMUEFFQUQEAEFFU0dQVUJTQQAEpZnsPkMzYe4wgqr+jD6KkFsekH5j6BojNRIPCbkPdUaS4xdQKYVOSVvbHOo64z+26LzM8IhE1k5P6pySRtqNMEtFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 01102{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649093494350000,"flow_src_last_pkt_time":1649093494350000,"flow_dst_last_pkt_time":1649093494350000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":234,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649093494350000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":35778,"dst_port":8130,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-179.edge.agora.io"}} @@ -70,7 +70,7 @@ 01109{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649093640794000,"flow_src_last_pkt_time":1649093640842000,"flow_dst_last_pkt_time":1649093640826000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":435,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1667,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649093710879000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 01106{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649093580792000,"flow_src_last_pkt_time":1649093580849000,"flow_dst_last_pkt_time":1649093580831000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":392,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1796,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649093710879000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.77.66","src_port":44131,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 01110{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1649093640842000,"flow_src_last_pkt_time":1649093640842000,"flow_dst_last_pkt_time":1649093640842000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":325,"flow_dst_max_l4_payload_len":1219,"flow_src_tot_l4_payload_len":1546,"flow_dst_tot_l4_payload_len":4876,"midstream":0,"thread_ts_usec":1649093710879000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":46798,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":29232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":12,"current-active-flows":6,"total-active-flows":8,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1649098069656000} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":29232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":12,"current-active-flows":6,"total-active-flows":8,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1649098069656000} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098069656000,"flow_src_last_pkt_time":1649098069656000,"flow_dst_last_pkt_time":1649098069656000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":234,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649098069656000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1649098069656000,"flow_dst_last_pkt_time":1649098069656000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649098069656000,"pkt":"eJS0JASgYDjgxTWgCABFoAEGneRAAD8RBqvAqAJkF\/i6s53JH8IA8s3FANAqagAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTc5LmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAAKXiddqZ56BOXneEQ4mP388RlUbMx7s0KlWJgk5kvEFFQUQEAEFFU0dQVUJTQQAE2i0ZP5UqhloJODTaOh+IlYI+UqEvQtfYePDLs+DPY\/wb\/ex7kxsKDZa0UBpqtKFPW3cONzQvrgAKQsaxWmXF50tFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649098069656000,"flow_src_last_pkt_time":1649098069656000,"flow_dst_last_pkt_time":1649098069656000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":234,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649098069656000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"23-248-186-179.edge.agora.io"}} @@ -122,7 +122,7 @@ 01110{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098069706000,"flow_src_last_pkt_time":1649098069706000,"flow_dst_last_pkt_time":1649098069706000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1892,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098129719000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47453,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 01110{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098070259000,"flow_src_last_pkt_time":1649098070310000,"flow_dst_last_pkt_time":1649098070298000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1824,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098129719000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 01109{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098069656000,"flow_src_last_pkt_time":1649098069706000,"flow_dst_last_pkt_time":1649098069689000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":818,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":2256,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098129719000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":211,"packets-processed":210,"total-skipped-flows":0,"total-l4-payload-len":50011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":15,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":1649098819739000} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":211,"packets-processed":210,"total-skipped-flows":0,"total-l4-payload-len":50011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":15,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":1649098819739000} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098069706000,"flow_src_last_pkt_time":1649098069706000,"flow_dst_last_pkt_time":1649098069706000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1892,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098819802000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.179","src_port":47453,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":4,"flow_first_seen":1649098094676000,"flow_src_last_pkt_time":1649098094724000,"flow_dst_last_pkt_time":1649098094756000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1606,"flow_dst_tot_l4_payload_len":1508,"midstream":0,"thread_ts_usec":1649098819802000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.233.218","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098070259000,"flow_src_last_pkt_time":1649098070310000,"flow_dst_last_pkt_time":1649098070298000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1824,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649098819802000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":40393,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} @@ -163,7 +163,7 @@ 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098849713000,"flow_src_last_pkt_time":1649098849898000,"flow_dst_last_pkt_time":1649098849881000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":430,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1659,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649099059780000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":6,"flow_first_seen":1649098089567000,"flow_src_last_pkt_time":1649098819802000,"flow_dst_last_pkt_time":1649098819775000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":944,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":4213,"flow_dst_tot_l4_payload_len":2952,"midstream":0,"thread_ts_usec":1649099059780000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"104.166.161.75","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 01109{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649098909723000,"flow_src_last_pkt_time":1649098909909000,"flow_dst_last_pkt_time":1649098909895000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":398,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1627,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649099059780000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":55322,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":286,"packets-processed":285,"total-skipped-flows":0,"total-l4-payload-len":65673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":19,"current-active-flows":2,"total-active-flows":18,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":166,"global_ts_usec":1649336870173000} +00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":286,"packets-processed":285,"total-skipped-flows":0,"total-l4-payload-len":65673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":19,"current-active-flows":2,"total-active-flows":18,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":166,"global_ts_usec":1649336870173000} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336870173000,"flow_src_last_pkt_time":1649336870173000,"flow_dst_last_pkt_time":1649336870173000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649336870173000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00835{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1649336870173000,"flow_dst_last_pkt_time":1649336870173000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"thread_ts_usec":1649336870173000,"pkt":"eJS0JASgYDjgxTWgCABFoAEFneZAAD8Rl3TAqAJkgAHB37q9H8IA8S9\/AAspDQAAIQAAAAAABFNOSQAbADEyOC0xLTE5My0yMjMuZWRnZS5hZ29yYS5pb1BETUQAAENQVE+BAE5PTkMgAAABGFQvya+GSZZFzLP9EmcPktq84Ka2wtV92C\/TcDdPQUVBRAQAQUVTR1BVQlNBAASFAA2pu76c15hPua6baGLo0ixMN8vwRYUqc\/ifFG78vI1pPMSohtWw1XeLlA8Q9eztjAFhjuBR3Q4\/us8bcbydS0VYUwQAUDI1NkNDUlQoAP+XwY\/lEZgfcG0Exgi4J5nZFgkMuGiQFhKUln7foXlIqEex7RofPmI="} 01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649336870173000,"flow_src_last_pkt_time":1649336870173000,"flow_dst_last_pkt_time":1649336870173000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649336870173000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"128-1-193-223.edge.agora.io"}} @@ -226,7 +226,7 @@ 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1649336965166000,"flow_dst_last_pkt_time":1649336965165000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649336965166000,"pkt":"eJS0JASgYDjgxTWgCABFoAEGAFZAAD8RpDjAqAJkF\/i6tLq9H8IA8ukWAHKNlwAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARi0N1CFxirRT+Qnnrz\/pyBDu6aGfdoDtspPZ5eKK0FFQUQEAEFFU0dQVUJTQQAE3Cx8VYdzNil7sFRPDWbBkTVwDhDpZB0H1ndvXVYUqBYfSWs33e8hvSgcWboTgtdnoWm6BanWQW5l3Pfuz5zOwktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1649336965359000,"flow_dst_last_pkt_time":1649336965165000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649336965359000,"pkt":"eJS0JASgYDjgxTWgCABFoAEGAFtAAD8RpDPAqAJkF\/i6tLq9H8IA8ukWAHKNlwAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARi0N1CFxirRT+Qnnrz\/pyBDu6aGfdoDtspPZ5eKK0FFQUQEAEFFU0dQVUJTQQAE3Cx8VYdzNil7sFRPDWbBkTVwDhDpZB0H1ndvXVYUqBYfSWs33e8hvSgcWboTgtdnoWm6BanWQW5l3Pfuz5zOwktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1649336965359000,"flow_dst_last_pkt_time":1649336965165000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1649336965359000,"pkt":"eJS0JASgYDjgxTWgCABFoAEGAFxAAD8RpDLAqAJkF\/i6tLq9H8IA8ukWAHKNlwAAIQAAAAAABFNOSQAcADIzLTI0OC0xODYtMTgwLmVkZ2UuYWdvcmEuaW9QRE1EAABDUFRPgQBOT05DIAAAARi0N1CFxirRT+Qnnrz\/pyBDu6aGfdoDtspPZ5eKK0FFQUQEAEFFU0dQVUJTQQAE3Cx8VYdzNil7sFRPDWbBkTVwDhDpZB0H1ndvXVYUqBYfSWs33e8hvSgcWboTgtdnoWm6BanWQW5l3Pfuz5zOwktFWFMEAFAyNTZDQ1JUKAD\/l8GP5RGYH3BtBMYIuCeZ2RYJDLhokBYSlJZ+36F5SKhHse0aHz5i"} -00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":401,"packets-processed":400,"total-skipped-flows":0,"total-l4-payload-len":94737,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":23,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":229,"global_ts_usec":1649337802272000} +00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":401,"packets-processed":400,"total-skipped-flows":0,"total-l4-payload-len":94737,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":23,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":229,"global_ts_usec":1649337802272000} 01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":7,"flow_first_seen":1649336960225000,"flow_src_last_pkt_time":1649336960225000,"flow_dst_last_pkt_time":1649336960225000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":498,"flow_src_tot_l4_payload_len":699,"flow_dst_tot_l4_payload_len":3468,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":55094,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1649336897978000,"flow_src_last_pkt_time":1649337802273000,"flow_dst_last_pkt_time":1649336897978000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"199.190.44.135","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1649336965165000,"flow_src_last_pkt_time":1649336968493000,"flow_dst_last_pkt_time":1649336965165000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.248.186.180","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} @@ -235,7 +235,7 @@ 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649336954948000,"flow_src_last_pkt_time":1649336955151000,"flow_dst_last_pkt_time":1649336955137000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":1812,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.224","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649336870173000,"flow_src_last_pkt_time":1649336870432000,"flow_dst_last_pkt_time":1649336870347000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":325,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":2014,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"128.1.193.223","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1649336879948000,"flow_src_last_pkt_time":1649336881379000,"flow_dst_last_pkt_time":1649336882923000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":234,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":234,"flow_dst_max_l4_payload_len":492,"flow_src_tot_l4_payload_len":2808,"flow_dst_tot_l4_payload_len":1476,"midstream":0,"thread_ts_usec":1649337802273000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"202.226.25.166","src_port":47805,"dst_port":8130,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SD-RTN","proto_id":"171","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":403,"packets-processed":403,"total-skipped-flows":0,"total-l4-payload-len":95439,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":23,"current-active-flows":0,"total-active-flows":26,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":238,"global_ts_usec":1649337802273000} +00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/agora-sd-rtn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":403,"packets-processed":403,"total-skipped-flows":0,"total-l4-payload-len":95439,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":23,"current-active-flows":0,"total-active-flows":26,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":238,"global_ts_usec":1649337802273000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 403/403 ~~ skipped flows.............: 0 @@ -244,9 +244,9 @@ ~~ total active/idle flows...: 26/26 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7832140 bytes -~~ total memory freed........: 7832140 bytes -~~ total allocations/frees...: 147049/147049 +~~ total memory allocated....: 11540359 bytes +~~ total memory freed........: 11540359 bytes +~~ total allocations/frees...: 217303/217303 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 573 chars ~~ json string max len.......: 2185 chars diff --git a/test/results/default/ah.pcapng.out b/test/results/default/ah.pcapng.out index e23c0866b..dd48d47dc 100644 --- a/test/results/default/ah.pcapng.out +++ b/test/results/default/ah.pcapng.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587338929051893} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587338929051893} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587338929051893,"flow_src_last_pkt_time":1587338929051893,"flow_dst_last_pkt_time":1587338929051893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":358,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587338929051893,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00988{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587338929051893,"flow_dst_last_pkt_time":1587338929051893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_usec":1587338929051893,"pkt":"qrvMAAMQqrvMAAIQCABFwAGCAJ4AAP8RngIKAgMCCgMEBAH0AfQBbieYHBhp9tKboMwAAAAAAAAAACEgIggAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAAop90y3jHmNMWVGIbNRerOVFzMP5JoRLlIVT+uGcaHcUDAfZ9agub4v3ifShq9iAjKtd\/XZoIX76e0SSPXecxSXzgS1HJOpsJtzfXg96dFLBFkvBpXPHiUb1T29i2BXzdKwAAJGy943MOgVw+17TTE3RGnNSeH1Br3ZzttJxYzZbae2KMKwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABCNvuAsA4SMheroNDIs0se1c2REJAAAAHAAAQAUSA9ZB8IS5r14gXhydhU2hTnWD2w=="} 01028{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587338929051893,"flow_src_last_pkt_time":1587338929051893,"flow_dst_last_pkt_time":1587338929051893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":358,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587338929051893,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -12,7 +12,7 @@ 00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1587338931051372,"flow_dst_last_pkt_time":1587338931051869,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1587338931051869,"pkt":"qrvMAAIQqrvMAAMQCABFAAB8ABMAAP4zoTEKAwQECgIDAgEEAACvhoPvAAAAAQLuLdf7aFTxy+gQnAAAbwQABQABAAAAAAAUFyyrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavN"} 01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587338929051893,"flow_src_last_pkt_time":1587338929067839,"flow_dst_last_pkt_time":1587338929075761,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":328,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":358,"flow_src_tot_l4_payload_len":686,"flow_dst_tot_l4_payload_len":638,"midstream":0,"thread_ts_usec":1587338931051869,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587338931051372,"flow_src_last_pkt_time":1587338931051372,"flow_dst_last_pkt_time":1587338931051869,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1587338931051869,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":51,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1532,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1587338931051869} +00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ah.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1532,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1587338931051869} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769075 bytes -~~ total memory freed........: 7769075 bytes -~~ total allocations/frees...: 146388/146388 +~~ total memory allocated....: 11477678 bytes +~~ total memory freed........: 11477678 bytes +~~ total allocations/frees...: 216642/216642 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 565 chars ~~ json string max len.......: 1076 chars diff --git a/test/results/default/ajp.pcap.out b/test/results/default/ajp.pcap.out index 6f1c46c13..819044477 100644 --- a/test/results/default/ajp.pcap.out +++ b/test/results/default/ajp.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1505154584447407} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1505154584447407} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505154584447407,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505154584447407,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584447407,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9JcsXbLwAAAACgAjkI5g0AAAIEBbQEAggKTpxp5wAAAAABAwMH"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1505154584447407,"flow_dst_last_pkt_time":1505154584447547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1505154584447547,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSZfIk6AuuHLF2zCgEjiQFewAAAIEBbQEAggKHlfv2E6caecBAwMH"} @@ -40,7 +40,7 @@ 00401{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1505154584618218,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1505154584447407,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584617955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":826,"flow_dst_max_l4_payload_len":230,"flow_src_tot_l4_payload_len":1056,"flow_dst_tot_l4_payload_len":241,"midstream":0,"thread_ts_usec":1505154584618218,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1505154584618218,"flow_src_last_pkt_time":1505154584618218,"flow_dst_last_pkt_time":1505154584618218,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":826,"flow_dst_max_l4_payload_len":230,"flow_src_tot_l4_payload_len":1056,"flow_dst_tot_l4_payload_len":241,"midstream":0,"thread_ts_usec":1505154584618218,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AJP","proto_id":"139","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":38,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":2594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1505154584618218} +00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ajp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":38,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":2594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1505154584618218} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/26 ~~ skipped flows.............: 0 @@ -49,9 +49,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769655 bytes -~~ total memory freed........: 7769655 bytes -~~ total allocations/frees...: 146408/146408 +~~ total memory allocated....: 11478258 bytes +~~ total memory freed........: 11478258 bytes +~~ total allocations/frees...: 216662/216662 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 313 chars ~~ json string max len.......: 1513 chars diff --git a/test/results/default/alexa-app.pcapng.out b/test/results/default/alexa-app.pcapng.out index c11ac1e8a..bccac9d75 100644 --- a/test/results/default/alexa-app.pcapng.out +++ b/test/results/default/alexa-app.pcapng.out @@ -1,5 +1,5 @@ -00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1490976022526783} +00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1490976022526783} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1490976022526783,"packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_usec":1490976022526783} 00326{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":20,"pkt_type":6,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":20,"pkt_l4_len":0,"thread_ts_usec":1490976022526783,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCAAYAAa+BAQA="} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1490976022526847,"packet_id":2,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_usec":1490976022526847} @@ -1419,7 +1419,7 @@ 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976195545666,"flow_src_last_pkt_time":1490976195545666,"flow_dst_last_pkt_time":1490976195628315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","proto_id":"5.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1490976080485167,"flow_src_last_pkt_time":1490976081484636,"flow_dst_last_pkt_time":1490976081482994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2154,"flow_dst_tot_l4_payload_len":5486,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1490976029669574,"flow_src_last_pkt_time":1490976029669574,"flow_dst_last_pkt_time":1490976029753315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1490976198776068,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Amazon","proto_id":"5.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00659{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":3103,"packets-processed":3074,"total-skipped-flows":0,"total-l4-payload-len":987205,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":146,"total-detection-updates":150,"total-updates":77,"current-active-flows":0,"total-active-flows":160,"total-idle-flows":160,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1422,"global_ts_usec":1490976198776068} +00659{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3103,"source":"cfgs\/default\/pcap\/alexa-app.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3103,"packets-processed":3074,"total-skipped-flows":0,"total-l4-payload-len":987205,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":146,"total-detection-updates":150,"total-updates":77,"current-active-flows":0,"total-active-flows":160,"total-idle-flows":160,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1422,"global_ts_usec":1490976198776068} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3103/3074 ~~ skipped flows.............: 0 @@ -1428,9 +1428,9 @@ ~~ total active/idle flows...: 160/160 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8895855 bytes -~~ total memory freed........: 8895855 bytes -~~ total allocations/frees...: 152086/152086 +~~ total memory allocated....: 12601930 bytes +~~ total memory freed........: 12601930 bytes +~~ total allocations/frees...: 222340/222340 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 300 chars ~~ json string max len.......: 2508 chars diff --git a/test/results/default/alicloud.pcap.out b/test/results/default/alicloud.pcap.out index bdf7c6813..bff1b4bf2 100644 --- a/test/results/default/alicloud.pcap.out +++ b/test/results/default/alicloud.pcap.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1656769158766000} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1656769158766000} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656769158766000,"flow_src_last_pkt_time":1656769158766000,"flow_dst_last_pkt_time":1656769158766000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656769158766000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.12","src_port":39018,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656769158766000,"flow_dst_last_pkt_time":1656769158766000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656769158766000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8tl4AAD8GkXTAqAJkCNFoDJhqIye4YEtXAAAAAKAC\/\/8HVgAAAgQFtAQCCArIDoVmAAAAAAEDAwk="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1656769158766000,"flow_dst_last_pkt_time":1656769158786000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656769158786000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGD9MI0WgMwKgCZCMnmGqSefYnuGBLWKAScSDxJQAAAgQFrAQCCAovVu0QyA6FZgEDAwc="} @@ -7,7 +7,7 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1656769158796000,"flow_dst_last_pkt_time":1656769158786000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656769158796000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8tmAAAD8GkXLAqAJkCNFoDJhqIye4YEtYknn2KIAYAKyCegAAAQEICsgOhYQvVu0Qzvq+uoAAAAA="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656769158766000,"flow_src_last_pkt_time":1656769158796000,"flow_dst_last_pkt_time":1656769158786000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656769158796000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.12","src_port":39018,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656769158796000,"flow_dst_last_pkt_time":1656769158815000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656769158815000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0Gw9AADcG9MsI0WgMwKgCZCMnmGqSefYouGBLYIAQAOOP5AAAAQEICi9W7S3IDoWE"} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1656785748891000} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1656785748891000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656785748891000,"flow_src_last_pkt_time":1656785748891000,"flow_dst_last_pkt_time":1656785748891000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656785748891000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":41056,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1656785748891000,"flow_dst_last_pkt_time":1656785748891000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656785748891000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8A+kAAD8GYjHAqAJkCNFJxaBgIyc2ZzbYAAAAAKAC\/\/8KpQAAAgQFtAQCCAqCo3RMAAAAAAEDAwk="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1656785748891000,"flow_dst_last_pkt_time":1656785748908000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656785748908000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGLRoI0UnFwKgCZCMnoGDRcRN1Nmc22aAScSBhTAAAAgQFrAQCCAowVCL2gqN0TAEDAwc="} @@ -16,7 +16,7 @@ 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656785748891000,"flow_src_last_pkt_time":1656785748926000,"flow_dst_last_pkt_time":1656785748908000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656785748926000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":41056,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1656785748926000,"flow_dst_last_pkt_time":1656785748943000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656785748943000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0MH9AADgG\/KII0UnFwKgCZCMnoGDRcRN2Nmc24YAQAOP\/\/gAAAQEICjBUIxmCo3Rw"} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1656769158766000,"flow_src_last_pkt_time":1656769159386000,"flow_dst_last_pkt_time":1656769159345000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1656785749673000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.12","src_port":39018,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":928,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1656850884187000} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":928,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1656850884187000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656850884187000,"flow_src_last_pkt_time":1656850884187000,"flow_dst_last_pkt_time":1656850884187000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656850884187000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":38094,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1656850884187000,"flow_dst_last_pkt_time":1656850884187000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656850884187000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8Z4oAAD8G37XAqAJkCNFon5TOIye5z4t0AAAAAKAC\/\/+NLgAAAgQFtAQCCAosIFz5AAAAAAEDAwk="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1656850884187000,"flow_dst_last_pkt_time":1656850884208000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656850884208000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGD0AI0WifwKgCZCMnlM5sykifuc+LdaAScSCykQAAAgQFrAQCCAo0NX\/WLCBc+QEDAwc="} @@ -39,7 +39,7 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1656851188434000,"flow_dst_last_pkt_time":1656851188422000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1656851188434000,"pkt":"eJS0JASgYDjgxTWgCABFAAA80KEAAD8GdrvAqAJkCNFogqW+IydMgQTQEJsn\/4AYAKwi6wAAAQEICtBzJBM0OpVuzvq+uoAAAAA="} 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656851188404000,"flow_src_last_pkt_time":1656851188434000,"flow_dst_last_pkt_time":1656851188422000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656851188434000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.130","src_port":42430,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1656851188434000,"flow_dst_last_pkt_time":1656851188451000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656851188451000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0snxAADgGW+gI0WiCwKgCZCMnpb4Qmyf\/TIEE2IAQAOMwVQAAAQEICjQ6lYvQcyQT"} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":2320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":5,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1657056857762000} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":2320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":5,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1657056857762000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657056857762000,"flow_src_last_pkt_time":1657056857762000,"flow_dst_last_pkt_time":1657056857762000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657056857762000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.157","src_port":55484,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1657056857762000,"flow_dst_last_pkt_time":1657056857762000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657056857762000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8wVAAAD8GgvHAqAJkCNFrndi8IycjJbSWAAAAAKAC\/\/+9AAAAAgQFtAQCCAoBLH64AAAAAAEDAwg="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1657056857762000,"flow_dst_last_pkt_time":1657056857780000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657056857780000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGDEII0WudwKgCZCMn2Ly4f2lPIyW0l6AScSD3vQAAAgQFrAQCCApAfPHOASx+uAEDAwc="} @@ -50,7 +50,7 @@ 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1656850884187000,"flow_src_last_pkt_time":1656850884799000,"flow_dst_last_pkt_time":1656850884767000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657056858171000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":38094,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1656851188404000,"flow_src_last_pkt_time":1656851189170000,"flow_dst_last_pkt_time":1656851189132000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657056858171000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.130","src_port":42430,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1656851053621000,"flow_src_last_pkt_time":1656851054220000,"flow_dst_last_pkt_time":1656851054182000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657056858171000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.105.125","src_port":45078,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":2936,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1657229888829000} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":2936,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1657229888829000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657229888829000,"flow_src_last_pkt_time":1657229888829000,"flow_dst_last_pkt_time":1657229888829000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657229888829000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":40154,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1657229888829000,"flow_dst_last_pkt_time":1657229888829000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657229888829000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86Q0AAD8GXjLAqAJkCNFon5zaIycgtHeSAAAAAKAC\/\/9rRwAAAgQFtAQCCAoAMk\/BAAAAAAEDAwg="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1657229888829000,"flow_dst_last_pkt_time":1657229888849000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657229888849000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGD0AI0WifwKgCZCMnnNq1jGObILR3k6AScSDvdwAAAgQFrAQCCApKzKayADJPwQEDAwc="} @@ -59,7 +59,7 @@ 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657229888829000,"flow_src_last_pkt_time":1657229888862000,"flow_dst_last_pkt_time":1657229888849000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657229888862000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":40154,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1657229888862000,"flow_dst_last_pkt_time":1657229888881000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657229888881000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0xVVAADcGSfII0WifwKgCZCMnnNq1jGOcILR3m4AQAOOOMQAAAQEICkrMptIAMk\/h"} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657056857762000,"flow_src_last_pkt_time":1657056858154000,"flow_dst_last_pkt_time":1657056858171000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1657229889603000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.157","src_port":55484,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":3400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":62,"global_ts_usec":1657274814319000} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":3400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":62,"global_ts_usec":1657274814319000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657274814319000,"flow_src_last_pkt_time":1657274814319000,"flow_dst_last_pkt_time":1657274814319000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657274814319000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.105.125","src_port":42600,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1657274814319000,"flow_dst_last_pkt_time":1657274814319000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657274814319000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86\/4AAD8GWmPAqAJkCNFpfaZoIyeRsipKAAAAAKAC\/\/98qAAAAgQFtAQCCAoAUhAeAAAAAAEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1657274814319000,"flow_dst_last_pkt_time":1657274814337000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657274814337000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGDWII0Wl9wKgCZCMnpmjO401pkbIqS6AScSBYmAAAAgQFrAQCCApNekkgAFIQHgEDAwc="} @@ -68,7 +68,7 @@ 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657274814319000,"flow_src_last_pkt_time":1657274814354000,"flow_dst_last_pkt_time":1657274814337000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657274814354000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.105.125","src_port":42600,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1657274814354000,"flow_dst_last_pkt_time":1657274814372000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657274814372000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0BF5AADgGCQwI0Wl9wKgCZCMnpmjO401qkbIqU4AQAOP3SwAAAQEICk16SUMAUhBB"} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657229888829000,"flow_src_last_pkt_time":1657229889603000,"flow_dst_last_pkt_time":1657229889562000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657274815086000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.104.159","src_port":40154,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":3864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_usec":1657329378461000} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":3864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_usec":1657329378461000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657329378461000,"flow_src_last_pkt_time":1657329378461000,"flow_dst_last_pkt_time":1657329378461000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657329378461000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":51682,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1657329378461000,"flow_dst_last_pkt_time":1657329378461000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657329378461000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8hBoAAD8G4f\/AqAJkCNFJxcniIyfoxHdxAAAAAKAC\/\/8ZaAAAAgQFtAQCCAoBmMocAAAAAAEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1657329378461000,"flow_dst_last_pkt_time":1657329378480000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657329378480000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADcGLhoI0UnFwKgCZCMnyeKXKjiN6MR3cqAScSBD1wAAAgQFrAQCCApQu0P1AZjKHAEDAwc="} @@ -77,7 +77,7 @@ 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657329378461000,"flow_src_last_pkt_time":1657329378492000,"flow_dst_last_pkt_time":1657329378480000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657329378492000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":51682,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1657329378492000,"flow_dst_last_pkt_time":1657329378511000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657329378511000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0fIRAADcGsZ0I0UnFwKgCZCMnyeKXKjiO6MR3eoAQAOPikwAAAQEIClC7RBMBmMo7"} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657274814319000,"flow_src_last_pkt_time":1657274815086000,"flow_dst_last_pkt_time":1657274815046000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657329379426000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.105.125","src_port":42600,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":136,"packets-processed":135,"total-skipped-flows":0,"total-l4-payload-len":4384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":1657330328504000} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":136,"packets-processed":135,"total-skipped-flows":0,"total-l4-payload-len":4384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":1657330328504000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657330328504000,"flow_src_last_pkt_time":1657330328504000,"flow_dst_last_pkt_time":1657330328504000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657330328504000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":52228,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1657330328504000,"flow_dst_last_pkt_time":1657330328504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657330328504000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8TVAAAD8GGMrAqAJkCNFJxcwEIye\/AMGAAAAAAKAC\/\/931AAAAgQFtAQCCAoBp0k0AAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1657330328504000,"flow_dst_last_pkt_time":1657330328523000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657330328523000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGLRoI0UnFwKgCZCMnzATz8sp6vwDBgaAScSA0ZAAAAgQFrAQCCApQycMQAadJNAEDAwc="} @@ -85,7 +85,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1657330328654000,"flow_dst_last_pkt_time":1657330328523000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657330328654000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8TWEAAD8GGLnAqAJkCNFJxcwEIye\/AMGB8\/LKe4AYAVfE4gAAAQEICgGnSX1QycMQzvq+uoAAAAA="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657330328504000,"flow_src_last_pkt_time":1657330328654000,"flow_dst_last_pkt_time":1657330328523000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657330328654000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":52228,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1657330328654000,"flow_dst_last_pkt_time":1657330328673000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657330328673000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0CV1AADgGI8UI0UnFwKgCZCMnzATz8sp7vwDBiYAQAOPSfgAAAQEIClDJw6YBp0l9"} -00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":151,"packets-processed":150,"total-skipped-flows":0,"total-l4-payload-len":4848,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":88,"global_ts_usec":1657555354428000} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":151,"packets-processed":150,"total-skipped-flows":0,"total-l4-payload-len":4848,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":88,"global_ts_usec":1657555354428000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657555354428000,"flow_src_last_pkt_time":1657555354428000,"flow_dst_last_pkt_time":1657555354428000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657555354428000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":44388,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1657555354428000,"flow_dst_last_pkt_time":1657555354428000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657555354428000,"pkt":"eJS0JASgYDjgxTWgCABFAAA813sAAD8GbObAqAJkCNFrfa1kIyfBBINEAAAAAKAC\/\/\/L2gAAAgQFtAQCCAoA8S8EAAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1657555354428000,"flow_dst_last_pkt_time":1657555354448000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657555354448000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGC2II0Wt9wKgCZCMnrWQ5YTvVwQSDRaAScSCGhwAAAgQFrAQCCApeMwDBAPEvBAEDAwc="} @@ -95,7 +95,7 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1657555354460000,"flow_dst_last_pkt_time":1657555354480000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657555354480000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0Ow5AADgG0FsI0Wt9wKgCZCMnrWQ5YTvWwQSDTYAQAOMlQAAAAQEICl4zAOEA8S8l"} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657330328504000,"flow_src_last_pkt_time":1657330329394000,"flow_dst_last_pkt_time":1657330329352000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657555355094000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":52228,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1657329378461000,"flow_src_last_pkt_time":1657329378618000,"flow_dst_last_pkt_time":1657329379426000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1657555355094000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.73.197","src_port":51682,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":166,"packets-processed":165,"total-skipped-flows":0,"total-l4-payload-len":5312,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":98,"global_ts_usec":1657574851663000} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":166,"packets-processed":165,"total-skipped-flows":0,"total-l4-payload-len":5312,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":98,"global_ts_usec":1657574851663000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657574851663000,"flow_src_last_pkt_time":1657574851663000,"flow_dst_last_pkt_time":1657574851663000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657574851663000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":37160,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1657574851663000,"flow_dst_last_pkt_time":1657574851663000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657574851663000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8jBEAAD8GuFDAqAJkCNFrfZEoIyeSIbrzAAAAAKAC\/\/\/yXwAAAgQFtAQCCAoBZht6AAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1657574851663000,"flow_dst_last_pkt_time":1657574851693000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657574851693000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGC2II0Wt9wKgCZCMnkSgti4VgkiG69KAScSDtEQAAAgQFrAQCCApfXIHdAWYbegEDAwc="} @@ -104,7 +104,7 @@ 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657574851663000,"flow_src_last_pkt_time":1657574851730000,"flow_dst_last_pkt_time":1657574851693000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657574851730000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":37160,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1657574851730000,"flow_dst_last_pkt_time":1657574851773000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657574851773000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0BJxAADgGBs4I0Wt9wKgCZCMnkSgti4VhkiG6\/IAQAOOLhQAAAQEICl9cgiABZhu9"} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657555354428000,"flow_src_last_pkt_time":1657555355094000,"flow_dst_last_pkt_time":1657555355050000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657574852156000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":44388,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":181,"packets-processed":180,"total-skipped-flows":0,"total-l4-payload-len":5928,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":107,"global_ts_usec":1658234723934000} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":181,"packets-processed":180,"total-skipped-flows":0,"total-l4-payload-len":5928,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":107,"global_ts_usec":1658234723934000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1658234723934000,"flow_src_last_pkt_time":1658234723934000,"flow_dst_last_pkt_time":1658234723934000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658234723934000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.76.194","src_port":45094,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1658234723934000,"flow_dst_last_pkt_time":1658234723934000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658234723934000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8iRwAAD8G2gDAqAJkCNFMwrAmIycJ+x4TAAAAAKAC\/\/8EwAAAAgQFtAQCCAoAyS57AAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1658234723934000,"flow_dst_last_pkt_time":1658234723954000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658234723954000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGKh0I0UzCwKgCZCMnsCanYywGCfseFKAScSAQYgAAAgQFrAQCCAqGsSkaAMkuewEDAwc="} @@ -113,7 +113,7 @@ 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1658234723934000,"flow_src_last_pkt_time":1658234723972000,"flow_dst_last_pkt_time":1658234723954000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658234723972000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.76.194","src_port":45094,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1658234723972000,"flow_dst_last_pkt_time":1658234723991000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1658234723991000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0BTdAADgGJO4I0UzCwKgCZCMnsCanYywHCfseHIAQAOOvEQAAAQEICoaxKT8AyS6g"} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657574851663000,"flow_src_last_pkt_time":1657574852138000,"flow_dst_last_pkt_time":1657574852156000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1658234724424000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.125","src_port":37160,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":196,"packets-processed":195,"total-skipped-flows":0,"total-l4-payload-len":6576,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_usec":1658356775079000} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":196,"packets-processed":195,"total-skipped-flows":0,"total-l4-payload-len":6576,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_usec":1658356775079000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1658356775079000,"flow_src_last_pkt_time":1658356775079000,"flow_dst_last_pkt_time":1658356775079000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658356775079000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.122","src_port":57322,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1658356775079000,"flow_dst_last_pkt_time":1658356775079000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658356775079000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8w68AAD8GgLXAqAJkCNFret\/qIye+qJRXAAAAAKAC\/\/\/CvgAAAgQFtAQCCAoBJPayAAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1658356775079000,"flow_dst_last_pkt_time":1658356775100000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658356775100000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGC2UI0Wt6wKgCZCMn3+oQtAE7vqiUWKAScSC9tgAAAgQFrAQCCAqN7vQBAST2sgEDAwc="} @@ -122,7 +122,7 @@ 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1658356775079000,"flow_src_last_pkt_time":1658356775112000,"flow_dst_last_pkt_time":1658356775100000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658356775112000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.122","src_port":57322,"dst_port":8999,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1658356775112000,"flow_dst_last_pkt_time":1658356775133000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1658356775133000,"pkt":"YDjgxTWgeJS0JASgCABFAAA09SVAADgGFkcI0Wt6wKgCZCMn3+oQtAE8vqiUYIAQAONcbgAAAQEICo3u9CIBJPbT"} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1658234723934000,"flow_src_last_pkt_time":1658234724082000,"flow_dst_last_pkt_time":1658234724424000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1658356775409000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.76.194","src_port":45094,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":211,"packets-processed":210,"total-skipped-flows":0,"total-l4-payload-len":7224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":14,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":1658358259423000} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":211,"packets-processed":210,"total-skipped-flows":0,"total-l4-payload-len":7224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":14,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":1658358259423000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1658358259423000,"flow_src_last_pkt_time":1658358259423000,"flow_dst_last_pkt_time":1658358259423000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1658358259423000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.77.36","src_port":51774,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1658358259423000,"flow_dst_last_pkt_time":1658358259423000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658358259423000,"pkt":"eJS0JASgYDjgxTWgCABFAAA88QkAAD8GcbHAqAJkCNFNJMo+IyebGrUIAAAAAKAC\/\/+dzAAAAgQFtAQCCAoBM1J1AAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1658358259423000,"flow_dst_last_pkt_time":1658358259440000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1658358259440000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgGKbsI0U0kwKgCZCMnyj73vxTWmxq1CaAScSDP+wAAAgQFrAQCCAqODsIDATNSdQEDAwc="} @@ -132,7 +132,7 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1658358259451000,"flow_dst_last_pkt_time":1658358259468000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1658358259468000,"pkt":"YDjgxTWgeJS0JASgCABFAAA01sBAADgGUwII0U0kwKgCZCMnyj73vxTXmxq1EYAQAONuvQAAAQEICo4OwiABM1KQ"} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1658356775079000,"flow_src_last_pkt_time":1658356775222000,"flow_dst_last_pkt_time":1658356775409000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1658358259887000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.107.122","src_port":57322,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1658358259423000,"flow_src_last_pkt_time":1658358259551000,"flow_dst_last_pkt_time":1658358259887000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":184,"flow_src_tot_l4_payload_len":352,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1658358259887000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.77.36","src_port":51774,"dst_port":8999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AliCloud","proto_id":"306","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":225,"packets-processed":225,"total-skipped-flows":0,"total-l4-payload-len":7872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":135,"global_ts_usec":1658358259887000} +00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/alicloud.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":225,"packets-processed":225,"total-skipped-flows":0,"total-l4-payload-len":7872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":135,"global_ts_usec":1658358259887000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 225/225 ~~ skipped flows.............: 0 @@ -141,9 +141,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7834070 bytes -~~ total memory freed........: 7834070 bytes -~~ total allocations/frees...: 146765/146765 +~~ total memory allocated....: 11542465 bytes +~~ total memory freed........: 11542465 bytes +~~ total allocations/frees...: 217019/217019 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 546 chars ~~ json string max len.......: 985 chars diff --git a/test/results/default/among_us.pcap.out b/test/results/default/among_us.pcap.out index ad417d07b..23453807b 100644 --- a/test/results/default/among_us.pcap.out +++ b/test/results/default/among_us.pcap.out @@ -1,10 +1,10 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946681200000000} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946681200000000} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":15,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"thread_ts_usec":946681200000000,"pkt":"eJS0JASgYDjgxTWgCABFAAArJhEAAH8RqpAKAAABrGn7qvsEVgcAF2toCAABAIDZAgMGQUFBQUFB"} 01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":15,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AmongUs","proto_id":"69","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01077{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":15,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AmongUs","proto_id":"69","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":15,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":946681200000000} +00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/among_us.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":15,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":946681200000000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766782 bytes -~~ total memory freed........: 7766782 bytes -~~ total allocations/frees...: 146372/146372 +~~ total memory allocated....: 11475401 bytes +~~ total memory freed........: 11475401 bytes +~~ total allocations/frees...: 216626/216626 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 530 chars ~~ json string max len.......: 1082 chars diff --git a/test/results/default/amqp.pcap.out b/test/results/default/amqp.pcap.out index 070a9ed4c..01ca4b25e 100644 --- a/test/results/default/amqp.pcap.out +++ b/test/results/default/amqp.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1490904166118902} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1490904166118902} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490904166118902,"flow_src_last_pkt_time":1490904166118902,"flow_dst_last_pkt_time":1490904166118902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1490904166118902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1490904166118902,"flow_dst_last_pkt_time":1490904166118902,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_usec":1490904166118902,"pkt":"AAAAAAAAAAAAAAAACABFAABdxi1AAEAGdWt\/AAABfwABAaytFihPdGXjNxAmEoAYAV7\/UQAAAQEICgC+1cIAvtPNAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="} 01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1490904166118902,"flow_src_last_pkt_time":1490904166118902,"flow_dst_last_pkt_time":1490904166118902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1490904166118902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AMQP","proto_id":"192","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -25,7 +25,7 @@ 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1490904166119482,"flow_src_last_pkt_time":1490904170242659,"flow_dst_last_pkt_time":1490904170206101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":448,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":3469,"flow_dst_tot_l4_payload_len":105,"midstream":1,"thread_ts_usec":1490904170243630,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AMQP","proto_id":"192","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":54,"flow_dst_packets_processed":54,"flow_first_seen":1490904166118902,"flow_src_last_pkt_time":1490904170243601,"flow_dst_last_pkt_time":1490904170243630,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7295,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1490904170243630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AMQP","proto_id":"192","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1490904169152163,"flow_src_last_pkt_time":1490904170195756,"flow_dst_last_pkt_time":1490904170195765,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":246,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2085,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1490904170243630,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AMQP","proto_id":"192","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":160,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":12954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1490904170243630} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/amqp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":160,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":12954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1490904170243630} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 160/160 ~~ skipped flows.............: 0 @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7781833 bytes -~~ total memory freed........: 7781833 bytes -~~ total allocations/frees...: 146556/146556 +~~ total memory allocated....: 11490420 bytes +~~ total memory freed........: 11490420 bytes +~~ total allocations/frees...: 216810/216810 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 544 chars ~~ json string max len.......: 2263 chars diff --git a/test/results/default/android.pcap.out b/test/results/default/android.pcap.out index c6923c1b3..7c213597d 100644 --- a/test/results/default/android.pcap.out +++ b/test/results/default/android.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1582454769772338} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1582454769772338} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454769772338,"flow_src_last_pkt_time":1582454769772338,"flow_dst_last_pkt_time":1582454769772338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1582454769772338,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1582454769772338,"flow_dst_last_pkt_time":1582454769772338,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1582454769772338,"pkt":"xGGLNYKpxiwDYGpkCABFAABMMy4AADUGGCtfZRg1wKgCEQG7xfVNnd4qbhnKg4AYAUXNDgAAAQEICmx+XigR4ZkoFwMDABMwxZA0Xbk6ucnG2OFNZYAG8R1y"} 01037{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454769772338,"flow_src_last_pkt_time":1582454769772338,"flow_dst_last_pkt_time":1582454769772338,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1582454769772338,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -432,7 +432,7 @@ 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871061577,"flow_src_last_pkt_time":1582454871061577,"flow_dst_last_pkt_time":1582454871100485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":58,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":58,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.DataSaver","proto_id":"5.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454871600718,"flow_src_last_pkt_time":1582454871600718,"flow_dst_last_pkt_time":1582454871601103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454867723627,"flow_src_last_pkt_time":1582454867723627,"flow_dst_last_pkt_time":1582454867761577,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":53,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1582454872047699,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleServices","proto_id":"5.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":500,"packets-processed":475,"total-skipped-flows":0,"total-l4-payload-len":101980,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":60,"total-detection-updates":43,"total-updates":3,"current-active-flows":0,"total-active-flows":63,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":435,"global_ts_usec":1582454872047699} +00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/android.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":500,"packets-processed":475,"total-skipped-flows":0,"total-l4-payload-len":101980,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":60,"total-detection-updates":43,"total-updates":3,"current-active-flows":0,"total-active-flows":63,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":435,"global_ts_usec":1582454872047699} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 500/475 ~~ skipped flows.............: 0 @@ -441,9 +441,9 @@ ~~ total active/idle flows...: 63/63 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8156007 bytes -~~ total memory freed........: 8156007 bytes -~~ total allocations/frees...: 147811/147811 +~~ total memory allocated....: 11863634 bytes +~~ total memory freed........: 11863634 bytes +~~ total allocations/frees...: 218065/218065 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 546 chars ~~ json string max len.......: 2635 chars diff --git a/test/results/default/anyconnect-vpn.pcap.out b/test/results/default/anyconnect-vpn.pcap.out index 74cbb73a0..10a3a4377 100644 --- a/test/results/default/anyconnect-vpn.pcap.out +++ b/test/results/default/anyconnect-vpn.pcap.out @@ -1,5 +1,5 @@ -00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569687240992580} +00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569687240992580} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687240992580,"flow_src_last_pkt_time":1569687240992580,"flow_dst_last_pkt_time":1569687240992580,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687240992580,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569687240992580,"flow_dst_last_pkt_time":1569687240992580,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687240992580,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya80\/P93YAREABFkgAAAQEIChwNaWayL1Dq"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1569687240992580,"flow_dst_last_pkt_time":1569687241009657,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687241009657,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0BhtAADcGQni4GTg1CgAA4wBQ3jXT8\/3dxlcmvYARAOurFAAAAQEICrIv+nscDWlm"} @@ -50,10 +50,10 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1569687245379692,"flow_dst_last_pkt_time":1569687245420271,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1569687245420271,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4kvsAAPcGt2EIJWZbCgAA4wG73lYzzRbpE2g2IJASgADBAwAAAgQFtAEBCAo\/+VnGHA16ew=="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1569687245420351,"flow_dst_last_pkt_time":1569687245420271,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687245420351,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95WAbsTaDYgM80W6oAQ\/\/9YmgAAAQEIChwNeqI\/+VnG"} 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1569687245420749,"flow_dst_last_pkt_time":1569687245420271,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1569687245420749,"pkt":"LH6BsEqhNDY7z3UoCABFAADbAABAAEAGwLoKAADjCCVmW95WAbsTaDYgM80W6oAY\/\/+4KQAAAQEIChwNeqI\/+VnGFgMBAKIBAACeAwM+zYdRpoPn9yYDnCChCBgRRxI\/vte+Xuq+CHHW0pF46gAALMAswDAAnwCdwCTAKABrAD3AK8AvAJ4AnMAjwCcAZwA8ADkANQAzAC8ACgD\/AQAASQALAAQDAAECAAoACgAIABkAGAAXABMADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMAEAALAAkIaHR0cC8xLjE="} -01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687245379692,"flow_src_last_pkt_time":1569687245420749,"flow_dst_last_pkt_time":1569687245420271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687245420749,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}} +01333{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687245379692,"flow_src_last_pkt_time":1569687245420749,"flow_dst_last_pkt_time":1569687245420271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687245420749,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1569687245420749,"flow_dst_last_pkt_time":1569687245467901,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687245467901,"pkt":"NDY7z3UoLH6BsEqhCABFAAA01g8AAPcGdFEIJWZbCgAA4wG73lYzzRbqE2g2x4AQgADXxAAAAQEICj\/5WfQcDXqi"} -01377{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687245379692,"flow_src_last_pkt_time":1569687245420749,"flow_dst_last_pkt_time":1569687245469088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1569687245469088,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","advertised_alpns":"http\/1.1"}}} -01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569687245379692,"flow_src_last_pkt_time":1569687245509743,"flow_dst_last_pkt_time":1569687245547931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":5737,"midstream":0,"thread_ts_usec":1569687245547931,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","advertised_alpns":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}} +01487{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687245379692,"flow_src_last_pkt_time":1569687245420749,"flow_dst_last_pkt_time":1569687245469088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1569687245469088,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","advertised_alpns":"http\/1.1"}}} +01873{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569687245379692,"flow_src_last_pkt_time":1569687245509743,"flow_dst_last_pkt_time":1569687245547931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":5737,"midstream":0,"thread_ts_usec":1569687245547931,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","advertised_alpns":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245576189,"flow_src_last_pkt_time":1569687245576189,"flow_dst_last_pkt_time":1569687245576189,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687245576189,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1569687245576189,"flow_dst_last_pkt_time":1569687245576189,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":131,"pkt_l4_len":97,"thread_ts_usec":1569687245576189,"pkt":"LH6BsEqhNDY7z3UoCABFAAB1AABAAEAGB84KAADjNCXzrd5TAbsf\/e\/ecO3V5YAYEAD5fAAAAQEIChwNezsAjX27FwMDADwAAAAAAAAABDacZQu2ja7FJp11i4XaHEcZRuFBd8RaXcXBvhAzXAi\/k3IQYhPu9V\/rSa1OnXc4wt4EKb0="} 01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687245576189,"flow_src_last_pkt_time":1569687245576189,"flow_dst_last_pkt_time":1569687245576189,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687245576189,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"52.37.243.173","src_port":56915,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -67,12 +67,12 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1569687245688240,"flow_dst_last_pkt_time":1569687245727730,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1569687245727730,"pkt":"NDY7z3UoLH6BsEqhCABFAAA4hY0AAPcGxM8IJWZbCgAA4wG73ldszApGLud59JASgAAy9QAAAgQFtAEBCAo\/+Vr5HA17pg=="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1569687245727790,"flow_dst_last_pkt_time":1569687245727730,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687245727790,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGwWEKAADjCCVmW95XAbsu53n0bMwKR4AQ\/\/\/KjAAAAQEIChwNe8w\/+Vr5"} 00780{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1569687245728221,"flow_dst_last_pkt_time":1569687245727730,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1569687245728221,"pkt":"LH6BsEqhNDY7z3UoCABFAADbAABAAEAGwLoKAADjCCVmW95XAbsu53n0bMwKR4AY\/\/+TfQAAAQEIChwNe8w\/+Vr5FgMBAKIBAACeAwOyKS4PH48MEPNrcANjNvEKq9DZdlehvPjBqsUvxif81gAALMAswDAAnwCdwCTAKABrAD3AK8AvAJ4AnMAjwCcAZwA8ADkANQAzAC8ACgD\/AQAASQALAAQDAAECAAoACgAIABkAGAAXABMADQAgAB4GAQYCBgMFAQUCBQMEAQQCBAMDAQMCAwMCAQICAgMAEAALAAkIaHR0cC8xLjE="} -01223{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687245728221,"flow_dst_last_pkt_time":1569687245727730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687245728221,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}} +01333{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687245728221,"flow_dst_last_pkt_time":1569687245727730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687245728221,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1569687245728221,"flow_dst_last_pkt_time":1569687245771463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569687245771463,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0q70AAPcGnqMIJWZbCgAA4wG73ldszApHLud6m4AQgABJugAAAQEICj\/5WyQcDXvM"} -01377{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687245728221,"flow_dst_last_pkt_time":1569687245772680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1569687245772680,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","advertised_alpns":"http\/1.1"}}} -01763{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687245813667,"flow_dst_last_pkt_time":1569687245851826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":5792,"midstream":0,"thread_ts_usec":1569687245851826,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","advertised_alpns":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}} +01487{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687245728221,"flow_dst_last_pkt_time":1569687245772680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1569687245772680,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","advertised_alpns":"http\/1.1"}}} +01873{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687245813667,"flow_dst_last_pkt_time":1569687245851826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":5792,"midstream":0,"thread_ts_usec":1569687245851826,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","advertised_alpns":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}} 01969{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687246009851,"flow_dst_last_pkt_time":1569687246009730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6050,"flow_dst_tot_l4_payload_len":7973,"midstream":0,"thread_ts_usec":1569687246009851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":20745.2,"max":71520,"stddev":21568.3,"var":465190496.0,"ent":4.0,"data": [39490,39550,431,43733,1217,44517,40926,4,40928,1,38216,8,38254,1,33217,1,0,71520,5,38273,6102,35094,41225,217,42300,2869,5,1,44938,0,58]},"pktlen": {"min":52,"avg":490.7,"max":1500,"stddev":597.2,"var":356597.6,"ent":4.0,"data": [64,56,52,219,52,1500,52,1500,1500,52,52,1500,1167,52,52,1500,1500,1319,52,52,663,52,127,52,1161,52,345,697,105,52,52,52]},"bins": {"c_to_s": [11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,2,0,0],"s_to_c": [6,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,0,1,1,1,1,0,0,0],"entropies": [4.277806282,5.056655407,4.776611805,5.499976635,4.815073490,7.340889931,4.829590321,7.117477894,7.208638191,4.868052006,4.829590321,7.407335281,5.918903828,4.829590321,4.829590321,6.806384563,7.188310623,7.472460270,4.685171604,4.791129112,7.602285385,4.714205265,6.163617611,4.752666950,7.823616028,4.868052006,7.252848148,7.725178242,5.773176193,4.906513691,4.829590321,4.829590321]}} -01767{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687246009851,"flow_dst_last_pkt_time":1569687246009730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6050,"flow_dst_tot_l4_payload_len":7973,"midstream":0,"thread_ts_usec":1569687246009851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","advertised_alpns":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}} +01877{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687246009851,"flow_dst_last_pkt_time":1569687246009730,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6050,"flow_dst_tot_l4_payload_len":7973,"midstream":0,"thread_ts_usec":1569687246009851,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.pandion.viasat.com,pandion.viasat.com","ja3":"9f1a41f932f274fe47a992310a26a23a","ja3s":"82f0d8a75fa483d1cfe4b7085b784d7e","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US, O=Entrust, Inc., OU=See www.entrust.net\/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K","subjectDN":"C=US, ST=California, L=Carlsbad, O=Viasat Inc., CN=*.pandion.viasat.com","advertised_alpns":"http\/1.1","fingerprint":"92:70:CF:E3:69:4B:1D:F4:E2:DE:63:54:EC:DF:40:DB:F3:AC:D1:CA"}}} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1569687246096558,"flow_dst_last_pkt_time":1569687241064503,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1569687246096558,"pkt":"2DE0IHf7NDY7z3UoCABFAABAAABAAEAGJT8KAADjCgAAl95UH0ntZWziAAAAALAC\/\/8wWwAAAgQFtAEDAwUBAQgKHA19NQAAAAAEAgAA"} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1569687246426088,"flow_dst_last_pkt_time":1569687241425059,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_usec":1569687246426088,"pkt":"pHczjPFANDY7z3UoCABFAgCiAABAAEAGJN0KAADjCgAAldwAH0m4VKSqauVqJ4AYEABWlgAAAQEIChwNfn0AIdVKFwMDAGltB4Q9ZE7MwMLqA\/qW5WJXb0PHNtCROrUMkJHw\/OP719Jk7orSFs9TCm756O7SILnP3vnstuJ4xPfpszSDO6LW4XcEaWDlp33D\/dMihM\/bvEZuYHMlrzKnK9TylV815IAQKWsax0+Dp+A="} 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1569687246426088,"flow_dst_last_pkt_time":1569687246428911,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":176,"pkt_l4_len":142,"thread_ts_usec":1569687246428911,"pkt":"NDY7z3UopHczjPFACABFAgCiFAJAAEAGENsKAACVCgAA4x9J3ABq5WonuFSlGIAYARXEpwAAAQEICgAh1z8cDX59FwMDAGnSDUBTzxnFH9ckBLkGJJxtZYOnnoJTcPtGWYx7fflTVjXPGvnWJvT5kELd8Dyk7N8gqq17Y91Gw5NO81U2bwcOEaqqMVk4vbp1wYVpe8wc5fgUWL03+X7m6bLc5s5fILREqdmBY0Re1KI="} @@ -372,9 +372,9 @@ 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1569687286917856,"flow_dst_last_pkt_time":1569687286917856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1569687286917856,"pkt":"AQBeAAD7pHczjPFACABFAABEAABAAP8RkBgKAACV4AAA+xTpFOkAMI4UAAAAAAABAAAAAAAAC19nb29nbGV6b25lBF90Y3AFbG9jYWwAAAwAAQ=="} 00976{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687286917856,"flow_src_last_pkt_time":1569687286917856,"flow_dst_last_pkt_time":1569687286917856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687286917856,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlezone._tcp.local","mdns": {}}} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1569687286918076,"flow_dst_last_pkt_time":1569687286917856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":1569687286918076,"pkt":"AQBeAAD7pHczjPFACABFAABpAABAAP8Rj\/MKAACV4AAA+xTpFOkAVS3HAAAAAAABAAAAAAAAJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NgtfZ29vZ2xlem9uZQRfdGNwBWxvY2FsAAAhAAE="} -01022{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569687286917856,"flow_src_last_pkt_time":1569687286918076,"flow_dst_last_pkt_time":1569687286917856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":117,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687286918076,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local","mdns": {}}} +01143{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1569687286917856,"flow_src_last_pkt_time":1569687286918076,"flow_dst_last_pkt_time":1569687286917856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":117,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687286918076,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local","mdns": {}}} 00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1569687286918669,"flow_dst_last_pkt_time":1569687286917856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":268,"pkt_l4_len":234,"thread_ts_usec":1569687286918669,"pkt":"AQBeAAD7pHczjPFACABFAAD+AABAAP8Rj14KAACV4AAA+xTpFOkA6vJcAACEAAAAAAEAAAADC19nb29nbGV6b25lBF90Y3AFbG9jYWwAAAwAAQAAAHgAJyQ3OWQ4OGU4My03MjVjLWI3MWItYmFkMC01ODYyZDViMjIzODbADMAuABCAAQAAEZQAOCNpZD0yMERGOEZENkYzMTU5MUQyMDUwNEE5RkQ5OThDMzlFRRNfX2NvbW1vbl90aW1lX189MXwwwC4AIYABAAAAeAAtANIA8ycRJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NsAdwKsAAYABAAAAeAAECgAAlQ=="} -00986{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1569687286917856,"flow_src_last_pkt_time":1569687286918669,"flow_dst_last_pkt_time":1569687286917856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":343,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687286918669,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlezone._tcp.local","mdns": {}}} +01107{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1569687286917856,"flow_src_last_pkt_time":1569687286918669,"flow_dst_last_pkt_time":1569687286917856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":343,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687286918669,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_googlezone._tcp.local","mdns": {}}} 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_src_last_pkt_time":1569687286919025,"flow_dst_last_pkt_time":1569687286917856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1569687286919025,"pkt":"AQBeAAD7pHczjPFACABFAACsAABAAP8Rj7AKAACV4AAA+xTpFOkAmGRVAACEAAAAAAEAAAABJDc5ZDg4ZTgzLTcyNWMtYjcxYi1iYWQwLTU4NjJkNWIyMjM4NgtfZ29vZ2xlem9uZQRfdGNwBWxvY2FsAAAhgAEAAAB4AC0A0gDzJxEkNzlkODhlODMtNzI1Yy1iNzFiLWJhZDAtNTg2MmQ1YjIyMzg2wELAWQABgAEAAAB4AAQKAACV"} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687287737123,"flow_src_last_pkt_time":1569687287737123,"flow_dst_last_pkt_time":1569687287737123,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687287737123,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"224.0.0.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1569687287737123,"flow_dst_last_pkt_time":1569687287737123,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"thread_ts_usec":1569687287737123,"pkt":"AQBeAAABLH6BsEqhCABFwAAkGHoAAAEBtp0KAAAB4AAAAQkA5rYBAgVGCgAAAQAAAAAAAP\/\/Aiw="} @@ -403,7 +403,7 @@ 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":15,"flow_first_seen":1569687268746220,"flow_src_last_pkt_time":1569687268989475,"flow_dst_last_pkt_time":1569687268988395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":365,"flow_src_tot_l4_payload_len":1734,"flow_dst_tot_l4_payload_len":3157,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":54107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687261486499,"flow_src_last_pkt_time":1569687261486499,"flow_dst_last_pkt_time":1569687261506389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":103,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":103,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":57017,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1569687241656833,"flow_src_last_pkt_time":1569687287122743,"flow_dst_last_pkt_time":1569687241656833,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1920,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip6","src_ip":"fe80::2e7e:81ff:feb0:4aa1","dst_ip":"ff02::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1569687286917856,"flow_src_last_pkt_time":1569687286919025,"flow_dst_last_pkt_time":1569687286917856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":487,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1569687286917856,"flow_src_last_pkt_time":1569687286919025,"flow_dst_last_pkt_time":1569687286917856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":226,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":487,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1569687246981850,"flow_src_last_pkt_time":1569687272376985,"flow_dst_last_pkt_time":1569687246981850,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":90,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1070,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.213","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687261485620,"flow_src_last_pkt_time":1569687261485620,"flow_dst_last_pkt_time":1569687261501464,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":103,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":103,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":59222,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267799516,"flow_src_last_pkt_time":1569687267799516,"flow_dst_last_pkt_time":1569687267819793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":148,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":51060,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","proto_id":"5.238","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -423,7 +423,7 @@ 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":5,"flow_first_seen":1569687267841212,"flow_src_last_pkt_time":1569687267841212,"flow_dst_last_pkt_time":1569687288158305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.103.196","src_port":56871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687270740083,"flow_src_last_pkt_time":1569687270740083,"flow_dst_last_pkt_time":1569687270740083,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":514,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":514,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":514,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"10.0.0.227","src_port":48166,"dst_port":57547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1569687245379692,"flow_src_last_pkt_time":1569687245725905,"flow_dst_last_pkt_time":1569687245725839,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1109,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1671,"flow_dst_tot_l4_payload_len":6387,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01198{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":26,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687268824782,"flow_dst_last_pkt_time":1569687268830368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":7228,"flow_dst_tot_l4_payload_len":15224,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01308{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":26,"flow_first_seen":1569687245688240,"flow_src_last_pkt_time":1569687268824782,"flow_dst_last_pkt_time":1569687268830368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":7228,"flow_dst_tot_l4_payload_len":15224,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56919,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01320{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":44,"flow_first_seen":1569687267035097,"flow_src_last_pkt_time":1569687288874717,"flow_dst_last_pkt_time":1569687288923007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5893,"flow_dst_tot_l4_payload_len":15795,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"8.37.102.91","src_port":56929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00929{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267988009,"flow_src_last_pkt_time":1569687267988009,"flow_dst_last_pkt_time":1569687268026329,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00782{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267988009,"flow_src_last_pkt_time":1569687267988009,"flow_dst_last_pkt_time":1569687268026329,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"74.125.197.188","src_port":56874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -456,7 +456,7 @@ 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569687267481295,"flow_src_last_pkt_time":1569687267481295,"flow_dst_last_pkt_time":1569687267500594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":200,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":200,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00933{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687242476020,"flow_src_last_pkt_time":1569687242476020,"flow_dst_last_pkt_time":1569687242476020,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00930{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569687242271196,"flow_src_last_pkt_time":1569687242271196,"flow_dst_last_pkt_time":1569687242271196,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569687288923007,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":589,"packets-processed":585,"total-skipped-flows":0,"total-l4-payload-len":95415,"total-not-detected-flows":2,"total-guessed-flows":6,"total-detected-flows":61,"total-detection-updates":36,"total-updates":3,"current-active-flows":0,"total-active-flows":69,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":459,"global_ts_usec":1569687288923007} +00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/anyconnect-vpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":589,"packets-processed":585,"total-skipped-flows":0,"total-l4-payload-len":95415,"total-not-detected-flows":2,"total-guessed-flows":6,"total-detected-flows":61,"total-detection-updates":36,"total-updates":3,"current-active-flows":0,"total-active-flows":69,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":459,"global_ts_usec":1569687288923007} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 589/585 ~~ skipped flows.............: 0 @@ -465,9 +465,9 @@ ~~ total active/idle flows...: 69/69 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8024726 bytes -~~ total memory freed........: 8024726 bytes -~~ total allocations/frees...: 147787/147787 +~~ total memory allocated....: 11732257 bytes +~~ total memory freed........: 11732257 bytes +~~ total allocations/frees...: 218041/218041 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 527 chars ~~ json string max len.......: 2780 chars diff --git a/test/results/default/anydesk.pcapng.out b/test/results/default/anydesk.pcapng.out index e905a4b0e..1366f10ab 100644 --- a/test/results/default/anydesk.pcapng.out +++ b/test/results/default/anydesk.pcapng.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591342198821353} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591342198821353} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591342198821353,"flow_src_last_pkt_time":1591342198821353,"flow_dst_last_pkt_time":1591342198821353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591342198821353,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591342198821353,"flow_dst_last_pkt_time":1591342198821353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1591342198821353,"pkt":"AFBW5dKtAAwplUdeCABFAABbtopAAEAGCwXAqJWBM1PvkI3\/AFB7i54qMVwSUlAY+DR5WwAAFwMDAC7mz9mv7V5op8uDzrVlyYzGPOa22i4SIRv\/ctzVUMWyqJzhwIdSdK\/Qd7DJrcKc"} 01161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591342198821353,"flow_src_last_pkt_time":1591342198821353,"flow_dst_last_pkt_time":1591342198821353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591342198821353,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -18,7 +18,7 @@ 01835{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342199532151,"flow_dst_last_pkt_time":1591342199532596,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":2600,"midstream":0,"thread_ts_usec":1591342199532596,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}}} 01991{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342201135977,"flow_dst_last_pkt_time":1591342202739154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5696,"flow_dst_tot_l4_payload_len":5521,"midstream":0,"thread_ts_usec":1591342202739154,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":176540.0,"max":1602919,"stddev":394272.9,"var":155451113472.0,"ent":2.8,"data": [164805,164917,612,1082,165028,165426,485,455,339,338,1756,2021,164886,165169,210,191,219,307,218569,218677,606,928,1215453,1216321,7,87,855,7,2,1602919,62]},"pktlen": {"min":40,"avg":392.7,"max":1500,"stddev":555.2,"var":308238.0,"ent":3.8,"data": [60,46,40,303,46,1340,40,1340,40,46,40,1134,46,91,40,80,40,186,46,186,40,111,46,119,1500,1500,1242,46,46,46,1500,1180]},"bins": {"c_to_s": [8,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,0],"s_to_c": [9,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,1],"entropies": [4.772595406,4.903359890,4.834184170,5.369554996,4.390828609,7.460080147,4.834184170,7.770876408,4.834184170,4.609350204,4.734183788,7.619944096,4.390829086,5.750715733,4.765311718,5.803060055,4.765311718,6.743920803,4.390828609,6.830827713,4.834184170,6.275036812,4.434307098,6.390825272,7.863389492,7.871673107,7.811679363,4.390829086,4.390829086,4.390829086,7.887207985,7.841894150]}} 01839{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1591342199201196,"flow_src_last_pkt_time":1591342201135977,"flow_dst_last_pkt_time":1591342202739154,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5696,"flow_dst_tot_l4_payload_len":5521,"midstream":0,"thread_ts_usec":1591342202739154,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"AnyDesk","proto_by_ip_id":252,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","issuerDN":"CN=AnyNet Root CA, O=philandro Software GmbH, C=DE","subjectDN":"C=DE, O=philandro Software GmbH, CN=AnyNet Relay","fingerprint":"9E:08:D2:58:A9:02:CD:4F:E2:4A:26:B8:48:5C:43:0B:81:29:99:E3"}}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":62,"packets-processed":61,"total-skipped-flows":0,"total-l4-payload-len":14319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1613977585247036} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":62,"packets-processed":61,"total-skipped-flows":0,"total-l4-payload-len":14319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1613977585247036} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585247036,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1613977585247036,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C0AAIARAADAqAG7wKgBAeh3ADUAOIRW7CIBAAABAAAAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQAB"} 01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585247036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613977585247036,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"relay-3185a847.net.anydesk.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -48,7 +48,7 @@ 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595463648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1613977595463648,"pkt":"KDc3AG3I2MuK4S0uCABFAAAodEFAAIAGAADAqAG7wKgBshuey0dV\/SLLLSwO5FAQIBSE2AAA"} 01850{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1613977595407425,"flow_src_last_pkt_time":1613977595408312,"flow_dst_last_pkt_time":1613977595549041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":813,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1613977595549041,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.187","src_port":52039,"dst_port":7070,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","hostname":"","tls": {"version":"TLSv1.2","ja3":"201999283915cc31cee6b15472ef3332","ja3s":"4b505adfb4a921c5a3a39d293b0811e1","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","subjectDN":"CN=AnyDesk Client, CN=AnyDesk Client","fingerprint":"86:4F:2A:9F:24:71:FD:0D:6A:35:56:AC:D8:7B:3A:19:E8:03:CA:2E"}}} 02672{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1613977595379986,"flow_src_last_pkt_time":1613977601740964,"flow_dst_last_pkt_time":1613977601737415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3926,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5712,"flow_dst_tot_l4_payload_len":2727,"midstream":0,"thread_ts_usec":1613977601740964,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":410271.2,"max":3021750,"stddev":825943.1,"var":682181918720.0,"ent":2.9,"data": [491,529,333,431,328,10474,0,10878,39566,40320,8749,0,9516,516873,517463,1553,27804,26175,2358,56316,902900,957284,0,0,1754245,1753698,16355,71246,2966766,3021750,4006]},"pktlen": {"min":40,"avg":306.3,"max":3966,"stddev":747.4,"var":558552.1,"ent":3.1,"data": [52,52,40,285,46,46,1500,183,40,1326,46,954,80,40,87,46,75,74,46,74,40,3966,46,46,46,79,46,141,40,99,46,116]},"bins": {"c_to_s": [6,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1],"s_to_c": [11,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,1,1,0,0,1,1,1,0,1,1,0,0,1,0],"entropies": [4.461627960,4.714205742,4.680641174,5.380415440,4.190888405,4.260394573,7.726966381,6.171197891,4.680641174,7.726874828,4.303872585,7.788730145,5.640313625,4.630640984,5.698182583,4.200505257,5.465894222,5.550601006,4.303872585,5.570474148,4.680640697,7.956365585,4.157026768,4.303872585,4.190888405,5.661315441,4.260394096,6.538077354,4.630641460,6.000421047,4.260393620,6.241518974]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":26872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":7,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1663090549161771} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":26872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":7,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1663090549161771} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549161771,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549161771,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8b6ZAAEAGlofAqAGAw7WusLyEAbsbAqeoAAAAAKAC+vBE2wAAAgQFtAQCCAo49hnFAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549179486,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADYGEC7Dta6wwKgBgAG7vIT\/L0tlGwKnqaAS\/ogbxgAAAgQFtAQCCAqczD4KOPYZxQEDAwc="} @@ -64,7 +64,7 @@ 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585542630,"flow_src_last_pkt_time":1613977585542630,"flow_dst_last_pkt_time":1613977585553797,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613977585247036,"flow_src_last_pkt_time":1613977585247036,"flow_dst_last_pkt_time":1613977585260893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1663090558383202,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AnyDesk","proto_id":"5.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01343{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":27,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090607951443,"flow_dst_last_pkt_time":1663090607968067,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5903,"flow_dst_tot_l4_payload_len":3063,"midstream":0,"thread_ts_usec":1663090607968067,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":174,"packets-processed":174,"total-skipped-flows":0,"total-l4-payload-len":35838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1663090607968067} +00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/anydesk.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":174,"packets-processed":174,"total-skipped-flows":0,"total-l4-payload-len":35838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1663090607968067} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 174/174 ~~ skipped flows.............: 0 @@ -73,9 +73,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7831174 bytes -~~ total memory freed........: 7831174 bytes -~~ total allocations/frees...: 146647/146647 +~~ total memory allocated....: 11539697 bytes +~~ total memory freed........: 11539697 bytes +~~ total allocations/frees...: 216901/216901 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 532 chars ~~ json string max len.......: 2677 chars diff --git a/test/results/default/avast.pcap.out b/test/results/default/avast.pcap.out index f7697444c..927dd2794 100644 --- a/test/results/default/avast.pcap.out +++ b/test/results/default/avast.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655043322443000} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655043322443000} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655043322443000,"flow_src_last_pkt_time":1655043322443000,"flow_dst_last_pkt_time":1655043322443000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043322443000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":64357,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655043322443000,"flow_dst_last_pkt_time":1655043322443000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655043322443000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0JKZAAH8G2LbAqAJkBT42HftlAFDFZGAiAAAAAIAC+vBUewAAAgQFtAEDAwgBAQQC"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655043322443000,"flow_dst_last_pkt_time":1655043322469000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655043322469000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRWEFPjYdwKgCZABQ+2UJYJxaxWRgI3ASBbS5AQAAAgQFrAEDAwI="} @@ -7,8 +7,8 @@ 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655043322473000,"flow_dst_last_pkt_time":1655043322469000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1655043322473000,"pkt":"eJS0JASgYDjgxTWgCABFAACIJKhAAH8G2GDAqAJkBT42HftlAFDFZGAjCWCcW1AYAgRIXAAATk9TQQBgAQEAAAMBCLJaKUJSRRQAAAAA+C6zpq7EMUOR+R\/w3Dm0Io9lbBBMSUMULiKdz+pk\/a1RZ2FgDsvckO27L+4uJ680TFVOEALGS94Alg+MdKN9FpVUWsmF\/QhQ"} 00915{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655043322443000,"flow_src_last_pkt_time":1655043322473000,"flow_dst_last_pkt_time":1655043322469000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043322473000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":64357,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655043322473000,"flow_dst_last_pkt_time":1655043322499000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655043322499000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo6BxAADcGXUwFPjYdwKgCZABQ+2UJYJxbxWRgg1AQAW3opgAAAAAAAAAA"} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1655044071816000} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1655048600873000} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1655044071816000} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1655048600873000} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655048600873000,"flow_src_last_pkt_time":1655048600873000,"flow_dst_last_pkt_time":1655048600873000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655048600873000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64701,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1655048600873000,"flow_dst_last_pkt_time":1655048600873000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655048600873000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0K+lAAH8G0lvAqAJkBT41Nfy9AFA6S0u1AAAAAIAC+vDzkQAAAgQFtAEDAwgBAQQC"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1655048600873000,"flow_dst_last_pkt_time":1655048600897000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655048600897000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRkkFPjU1wKgCZABQ\/L3TPGfsOktLtnASBbTCqQAAAgQFrAEDAwI="} @@ -16,8 +16,8 @@ 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1655048600901000,"flow_dst_last_pkt_time":1655048600897000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1655048600901000,"pkt":"eJS0JASgYDjgxTWgCABFAACIK+tAAH8G0gXAqAJkBT41Nfy9AFA6S0u20zxn7VAYAgRSBAAATk9TQQBgAQEAAAMBCLJaKUJSRRQAAAAA+C6zpq7EMUOR+R\/w3Dm0Io9lbBBMSUMULiKdz+pk\/a1RZ2FgDsvckO27L+4uJ680TFVOEALGS94Alg+MdKN9FpVUWsmF\/QhQ"} 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655048600873000,"flow_src_last_pkt_time":1655048600901000,"flow_dst_last_pkt_time":1655048600897000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655048600901000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64701,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1655048600901000,"flow_dst_last_pkt_time":1655048600926000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655048600926000,"pkt":"YDjgxTWgeJS0JASgCABFAAAoaUhAADcG3QgFPjU1wKgCZABQ\/L3TPGftOktMFlAQAW3yTgAAAAAAAAAA"} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":29,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1655049392908000} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1655053076804000} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":29,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1655049392908000} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":232,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1655053076804000} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655053076804000,"flow_src_last_pkt_time":1655053076804000,"flow_dst_last_pkt_time":1655053076804000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053076804000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64903,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1655053076804000,"flow_dst_last_pkt_time":1655053076804000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655053076804000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0LApAAH8G0jrAqAJkBT41Nf2HAFDeGR0wAAAAAIAC+vB9fgAAAgQFtAEDAwgBAQQC"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1655053076804000,"flow_dst_last_pkt_time":1655053076831000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655053076831000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRkkFPjU1wKgCZABQ\/Yfi7KGu3hkdMXASBbQDJAAAAgQFrAEDAwI="} @@ -26,9 +26,9 @@ 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1655053076804000,"flow_src_last_pkt_time":1655053076836000,"flow_dst_last_pkt_time":1655053076831000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053076836000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64903,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1655053076836000,"flow_dst_last_pkt_time":1655053076863000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655053076863000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo+2lAADcGSucFPjU1wKgCZABQ\/Yfi7KGv3hkdkVAQAW0yyQAAAAAAAAAA"} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655043322443000,"flow_src_last_pkt_time":1655044071816000,"flow_dst_last_pkt_time":1655044071842000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1655053076921000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":64357,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1655053790549000} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":44,"packets-processed":43,"total-skipped-flows":0,"total-l4-payload-len":347,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1655054462572000} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":387,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1655072558567000} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1655053790549000} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":44,"packets-processed":43,"total-skipped-flows":0,"total-l4-payload-len":347,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1655054462572000} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":387,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1655072558567000} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655072558567000,"flow_src_last_pkt_time":1655072558567000,"flow_dst_last_pkt_time":1655072558567000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655072558567000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":58030,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1655072558567000,"flow_dst_last_pkt_time":1655072558567000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655072558567000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0SOJAAH8GtD7AqAJkBT42WeKuAFDHdiAUAAAAAIAC+vCq8gAAAgQFtAEDAwgBAQQC"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1655072558567000,"flow_dst_last_pkt_time":1655072558593000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655072558593000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRSUFPjZZwKgCZABQ4q5sq8EMx3YgFXASBbSHewAAAgQFrAEDAwI="} @@ -38,8 +38,8 @@ 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1655072558598000,"flow_dst_last_pkt_time":1655072558624000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655072558624000,"pkt":"YDjgxTWgeJS0JASgCABFAAAof7ZAADcGxXYFPjZZwKgCZABQ4q5sq8ENx3YgdVAQAW23IAAAAAAAAAAA"} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655048600873000,"flow_src_last_pkt_time":1655049392908000,"flow_dst_last_pkt_time":1655049392932000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1655072558681000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64701,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655053076804000,"flow_src_last_pkt_time":1655054462572000,"flow_dst_last_pkt_time":1655054462599000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1655072558681000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":64903,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":57,"packets-processed":56,"total-skipped-flows":0,"total-l4-payload-len":501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":1655073305718000} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":503,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1657055010698000} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":57,"packets-processed":56,"total-skipped-flows":0,"total-l4-payload-len":501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":1655073305718000} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":503,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1657055010698000} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657055010698000,"flow_src_last_pkt_time":1657055010698000,"flow_dst_last_pkt_time":1657055010698000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657055010698000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":49758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1657055010698000,"flow_dst_last_pkt_time":1657055010698000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657055010698000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0aRtAAH8GlSnAqAJkBT41NcJeAFAUkygfAAAAAIAC+vB3PwAAAgQFtAEDAwgBAQQC"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1657055010698000,"flow_dst_last_pkt_time":1657055010725000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657055010725000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRkkFPjU1wKgCZABQwl7SZ2G3FJMoIHASBbRNYQAAAgQFrAEDAwI="} @@ -48,9 +48,9 @@ 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657055010698000,"flow_src_last_pkt_time":1657055010734000,"flow_dst_last_pkt_time":1657055010725000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657055010734000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":49758,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1657055010734000,"flow_dst_last_pkt_time":1657055010762000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657055010762000,"pkt":"YDjgxTWgeJS0JASgCABFAAAonCZAADcGqioFPjU1wKgCZABQwl7SZ2G4FJMogFAQAW19BgAAAAAAAAAA"} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655072558567000,"flow_src_last_pkt_time":1655073554764000,"flow_dst_last_pkt_time":1655073554790000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657055010934000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":58030,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":616,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1657055653080000} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":618,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1657056295590000} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1657203798816000} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":616,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1657055653080000} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":618,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1657056295590000} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1657203798816000} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657203798816000,"flow_src_last_pkt_time":1657203798816000,"flow_dst_last_pkt_time":1657203798816000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657203798816000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":49532,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1657203798816000,"flow_dst_last_pkt_time":1657203798816000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657203798816000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ngdAAH8GXxnAqAJkBT42WcF8AFBgG1unAAAAAIAC+vD37AAAAgQFtAEDAwgBAQQC"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1657203798816000,"flow_dst_last_pkt_time":1657203798842000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657203798842000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRSUFPjZZwKgCZABQwXwE4IZnYBtbqHASBbR25gAAAgQFrAEDAwI="} @@ -59,8 +59,8 @@ 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657203798816000,"flow_src_last_pkt_time":1657203798845000,"flow_dst_last_pkt_time":1657203798842000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657203798845000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":49532,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1657203798845000,"flow_dst_last_pkt_time":1657203798871000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657203798871000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo6YhAADcGW6QFPjZZwKgCZABQwXwE4IZoYBtcCFAQAW2miwAAAAAAAAAA"} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657055010698000,"flow_src_last_pkt_time":1657056295590000,"flow_dst_last_pkt_time":1657056295616000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657203798932000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.53","src_port":49758,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":89,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":734,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":62,"global_ts_usec":1657204596088000} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":735,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1657475015947000} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":89,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":734,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":62,"global_ts_usec":1657204596088000} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":735,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1657475015947000} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657475015947000,"flow_src_last_pkt_time":1657475015947000,"flow_dst_last_pkt_time":1657475015947000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657475015947000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":58412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1657475015947000,"flow_dst_last_pkt_time":1657475015947000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657475015947000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0NRdAAH8GyEXAqAJkBT42HeQsAFCc4xvZAAAAAIAC+vDYfgAAAgQFtAEDAwgBAQQC"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1657475015947000,"flow_dst_last_pkt_time":1657475015975000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657475015975000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRWEFPjYdwKgCZABQ5CxO2JJPnOMb2nASBbQBmAAAAgQFrAEDAwI="} @@ -76,9 +76,9 @@ 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1657475603758000,"flow_dst_last_pkt_time":1657475603758000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1657475603758000,"pkt":"eJS0JASgYDjgxTWgCABFAACINWNAAH8Gx2nAqAJkBT42WdSFAFBlBx5gDIVhMlAYAgRUGwAATk9TQQBgAQEAAAMB8zwJGkJSRRQAAAAABYiCpXRH+WmBnnTxsTaTNZqejhNMSUMUljUok9KFl0dRXc72tHtQFwKSnYJAcpIFTFVOEALhpIIAlg+MdKN9FpVUWsmF\/QhQ"} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657475603758000,"flow_src_last_pkt_time":1657475603758000,"flow_dst_last_pkt_time":1657475603758000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657475603758000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":54405,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1657475603758000,"flow_dst_last_pkt_time":1657475603758000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657475603758000,"pkt":"YDjgxTWgeJS0JASgCABFAAAoYdxAADcG41AFPjZZwKgCZABQ1IUMhWEyZQcewFAQAW3pbwAAAAAAAAAA"} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":110,"packets-processed":109,"total-skipped-flows":0,"total-l4-payload-len":960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1657475721074000} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":110,"packets-processed":109,"total-skipped-flows":0,"total-l4-payload-len":960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1657475721074000} 00957{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1657475015947000,"flow_src_last_pkt_time":1657475203218000,"flow_dst_last_pkt_time":1657475603758000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":97,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657475735090000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":58412,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":113,"packets-processed":112,"total-skipped-flows":0,"total-l4-payload-len":960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":81,"global_ts_usec":1657612856239000} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":113,"packets-processed":112,"total-skipped-flows":0,"total-l4-payload-len":960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":81,"global_ts_usec":1657612856239000} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657612856239000,"flow_src_last_pkt_time":1657612856239000,"flow_dst_last_pkt_time":1657612856239000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657612856239000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":57727,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1657612856239000,"flow_dst_last_pkt_time":1657612856239000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657612856239000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DwdAAH8G7lXAqAJkBT42HeF\/AFBeZJgBAAAAAIAC+vCdggAAAgQFtAEDAwgBAQQC"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1657612856239000,"flow_dst_last_pkt_time":1657612856269000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657612856269000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRWEFPjYdwKgCZABQ4X\/x2q1EXmSYAnASBbQIpAAAAgQFrAEDAwI="} @@ -87,8 +87,8 @@ 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1657612856239000,"flow_src_last_pkt_time":1657612856291000,"flow_dst_last_pkt_time":1657612856269000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657612856291000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":57727,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1657612856291000,"flow_dst_last_pkt_time":1657612856321000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657612856321000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo9wtAADcGTl0FPjYdwKgCZABQ4X\/x2q1FXmSYYlAQAW04SQAAAAAAAAAA"} 00957{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1657475603758000,"flow_src_last_pkt_time":1657475603758000,"flow_dst_last_pkt_time":1657475749106000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657612856413000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.89","src_port":54405,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":124,"packets-processed":123,"total-skipped-flows":0,"total-l4-payload-len":1074,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_usec":1657613496559000} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":128,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":1076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_usec":1657715755306000} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":124,"packets-processed":123,"total-skipped-flows":0,"total-l4-payload-len":1074,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_usec":1657613496559000} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":128,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":1076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_usec":1657715755306000} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657715755306000,"flow_src_last_pkt_time":1657715755306000,"flow_dst_last_pkt_time":1657715755306000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657715755306000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.131","src_port":62741,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1657715755306000,"flow_dst_last_pkt_time":1657715755306000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1657715755306000,"pkt":"eJS0JASgYDjgxTWgCABFAAA07PtAAH8GEPvAqAJkBT41g\/UVAFBENDSQAAAAAIAC+vAIKAAAAgQFtAEDAwgBAQQC"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1657715755306000,"flow_dst_last_pkt_time":1657715755336000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1657715755336000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADcGRfsFPjWDwKgCZABQ9RVBYkV5RDQ0kXASBbSLjQAAAgQFrAEDAwI="} @@ -98,7 +98,7 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1657715755343000,"flow_dst_last_pkt_time":1657715755373000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1657715755373000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo+DZAADcGTcwFPjWDwKgCZABQ9RVBYkV6RDQ08VAQAW27MgAAAAAAAAAA"} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657612856239000,"flow_src_last_pkt_time":1657613709852000,"flow_dst_last_pkt_time":1657613709881000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":16,"midstream":0,"thread_ts_usec":1657715755532000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.54.29","src_port":57727,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657715755306000,"flow_src_last_pkt_time":1657716324963000,"flow_dst_last_pkt_time":1657716324992000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1657716324992000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"5.62.53.131","src_port":62741,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"AVAST","proto_id":"307","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":142,"packets-processed":142,"total-skipped-flows":0,"total-l4-payload-len":1277,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":101,"global_ts_usec":1657716324992000} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/avast.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":142,"packets-processed":142,"total-skipped-flows":0,"total-l4-payload-len":1277,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":101,"global_ts_usec":1657716324992000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 142/142 ~~ skipped flows.............: 0 @@ -107,9 +107,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7810683 bytes -~~ total memory freed........: 7810683 bytes -~~ total allocations/frees...: 146622/146622 +~~ total memory allocated....: 11519158 bytes +~~ total memory freed........: 11519158 bytes +~~ total allocations/frees...: 216876/216876 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 527 chars ~~ json string max len.......: 966 chars diff --git a/test/results/default/avast_securedns.pcapng.out b/test/results/default/avast_securedns.pcapng.out index 6f4399dea..51824ad72 100644 --- a/test/results/default/avast_securedns.pcapng.out +++ b/test/results/default/avast_securedns.pcapng.out @@ -1,10 +1,10 @@ -00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1625215624443704} +00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1625215624443704} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625215624443704,"flow_src_last_pkt_time":1625215624443704,"flow_dst_last_pkt_time":1625215624443704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625215624443704,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1625215624443704,"flow_dst_last_pkt_time":1625215624443704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625215624443704,"pkt":"eJS0JASgYDjgxTWgCABFAABDZa4AAH8ROYTAqAJktdYjleJyAbsAL0mrSMQBAAABAAAAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAAB"} 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625215624443704,"flow_src_last_pkt_time":1625215624443704,"flow_dst_last_pkt_time":1625215624443704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625215624443704,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1625215624443704,"flow_dst_last_pkt_time":1625215624563615,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625215624563615,"pkt":"YDjgxTWgeJS0JASgCABFAADM0kQAADIRGWW11iOVwKgCZAG74nIAuMIZSMSBgAABAAEAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":215,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1625241699450886} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":215,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1625241699450886} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625241699450886,"flow_src_last_pkt_time":1625241699450886,"flow_dst_last_pkt_time":1625241699450886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625241699450886,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1625241699450886,"flow_dst_last_pkt_time":1625241699450886,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625241699450886,"pkt":"eJS0JASgYDjgxTWgCABFAABDEeYAAH8RjUzAqAJktdYjle8RAbsAL9I803MBAAABAAAAAAAAATIJU0VjdVJlRE5zBUF2YXNUA0NPbQAAEAAB"} 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625241699450886,"flow_src_last_pkt_time":1625241699450886,"flow_dst_last_pkt_time":1625241699450886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625241699450886,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -18,7 +18,7 @@ 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1625241714666452,"flow_dst_last_pkt_time":1625241714666452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625241714666452,"pkt":"eJS0JASgYDjgxTWgCABFAABDXeQAAH8RQU7AqAJktdYjlfU3AbsAL3hGRwQBAAABAAAAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAAB"} 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625241714666452,"flow_src_last_pkt_time":1625241714666452,"flow_dst_last_pkt_time":1625241714666452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625241714666452,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1625241714666452,"flow_dst_last_pkt_time":1625241714787539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625241714787539,"pkt":"YDjgxTWgeJS0JASgCABFAADMRgkAADERpqC11iOVwKgCZAG79TcAuPC0RwSBgAABAAEAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1625320207133036} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1625320207133036} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625320207133036,"flow_src_last_pkt_time":1625320207133036,"flow_dst_last_pkt_time":1625320207133036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625320207133036,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1625320207133036,"flow_dst_last_pkt_time":1625320207133036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625320207133036,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9IAAH8RU2DAqAJktdYjld0FAbsALycJUJMBAAABAAAAAAAAATIJc2VjVVJlZG5TBUF2YXNUA2NvTQAAEAAB"} 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625320207133036,"flow_src_last_pkt_time":1625320207133036,"flow_dst_last_pkt_time":1625320207133036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625320207133036,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -30,7 +30,7 @@ 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625241699450886,"flow_src_last_pkt_time":1625241699450886,"flow_dst_last_pkt_time":1625241699572209,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625320209184034,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625241714666452,"flow_src_last_pkt_time":1625241714666452,"flow_dst_last_pkt_time":1625241714787539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625320209184034,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625241701462154,"flow_src_last_pkt_time":1625241701462154,"flow_dst_last_pkt_time":1625241701583055,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625320209184034,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1625321673727184} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1625321673727184} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625321673727184,"flow_src_last_pkt_time":1625321673727184,"flow_dst_last_pkt_time":1625321673727184,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625321673727184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1625321673727184,"flow_dst_last_pkt_time":1625321673727184,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625321673727184,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9wAAH8RU1bAqAJktdYjlcWVAbsAL1g+dw4BAAABAAAAAAAAATIJc2VDdXJFRE5TBUFWQXN0A0NvTQAAEAAB"} 01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625321673727184,"flow_src_last_pkt_time":1625321673727184,"flow_dst_last_pkt_time":1625321673727184,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625321673727184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -41,7 +41,7 @@ 00761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1625321675283046,"flow_dst_last_pkt_time":1625321675403948,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625321675403948,"pkt":"YDjgxTWgeJS0JASgCABFAADMuxcAADMRL5K11iOVwKgCZAG77rMAuEweEl+BgAABAAEAAAAAATIJU0VDdVJFZE5zBWFWYXNUA0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625320207133036,"flow_src_last_pkt_time":1625320207133036,"flow_dst_last_pkt_time":1625320207252515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625321675403948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625320209063685,"flow_src_last_pkt_time":1625320209063685,"flow_dst_last_pkt_time":1625320209184034,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625321675403948,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1720,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1625395217252548} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1720,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1625395217252548} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625395217252548,"flow_src_last_pkt_time":1625395217252548,"flow_dst_last_pkt_time":1625395217252548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625395217252548,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1625395217252548,"flow_dst_last_pkt_time":1625395217252548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625395217252548,"pkt":"eJS0JASgYDjgxTWgCABFAABDKckAAH8RdWnAqAJktdYjlf26AbsAL3dTP5QBAAABAAAAAAAAATIJc0VjdVJlZE5zBUFWQVNUA2NvTQAAEAAB"} 01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625395217252548,"flow_src_last_pkt_time":1625395217252548,"flow_dst_last_pkt_time":1625395217252548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625395217252548,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -52,7 +52,7 @@ 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1625395217373676,"flow_dst_last_pkt_time":1625395217373676,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625395217373676,"pkt":"YDjgxTWgeJS0JASgCABFAADMf00AADMRa1y11iOVwKgCZAG76OUAuMImoeSBgAABAAEAAAAAATIJc0VjVXJlRE5TBWF2QVNUA2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625321673727184,"flow_src_last_pkt_time":1625321673727184,"flow_dst_last_pkt_time":1625321673848204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625395217373676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625321675283046,"flow_src_last_pkt_time":1625321675283046,"flow_dst_last_pkt_time":1625321675403948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625395217373676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":2150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1625401091063741} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":2150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1625401091063741} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625401091063741,"flow_src_last_pkt_time":1625401091063741,"flow_dst_last_pkt_time":1625401091063741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625401091063741,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1625401091063741,"flow_dst_last_pkt_time":1625401091063741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625401091063741,"pkt":"eJS0JASgYDjgxTWgCABFAABDKc0AAH8RdWXAqAJktdYjlc0FAbsAL8xY+0MBAAABAAAAAAAAATIJc2VDdVJFZE5TBWF2YXNUA0NPbQAAEAAB"} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625401091063741,"flow_src_last_pkt_time":1625401091063741,"flow_dst_last_pkt_time":1625401091063741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625401091063741,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -63,14 +63,14 @@ 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1625401093323098,"flow_dst_last_pkt_time":1625401093443763,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625401093443763,"pkt":"YDjgxTWgeJS0JASgCABFAADMuwEAADIRMKi11iOVwKgCZAG71poAuIigzbWBgAABAAEAAAAAATIJc2VjVVJlRE5zBWFWQVN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625395217373676,"flow_src_last_pkt_time":1625395217373676,"flow_dst_last_pkt_time":1625395217373676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625401093443763,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625395217252548,"flow_src_last_pkt_time":1625395217252548,"flow_dst_last_pkt_time":1625395217373676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625401093443763,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":25,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":2580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_usec":1625413810414650} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":25,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":2580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_usec":1625413810414650} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625413810414650,"flow_src_last_pkt_time":1625413810414650,"flow_dst_last_pkt_time":1625413810414650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625413810414650,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1625413810414650,"flow_dst_last_pkt_time":1625413810414650,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625413810414650,"pkt":"eJS0JASgYDjgxTWgCABFAABDy3cAAH8R07rAqAJktdYjld4HAbsAL+Cz9gYBAAABAAAAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAAB"} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625413810414650,"flow_src_last_pkt_time":1625413810414650,"flow_dst_last_pkt_time":1625413810414650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625413810414650,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1625413810414650,"flow_dst_last_pkt_time":1625413810531155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625413810531155,"pkt":"YDjgxTWgeJS0JASgCABFAADMKHAAADERxDm11iOVwKgCZAG73gcAuFki9gaBgAABAAEAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625401091063741,"flow_src_last_pkt_time":1625401091063741,"flow_dst_last_pkt_time":1625401091190472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625413810531155,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625401093323098,"flow_src_last_pkt_time":1625401093323098,"flow_dst_last_pkt_time":1625401093443763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625413810531155,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":27,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":2795,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1625477697370410} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":27,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":2795,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1625477697370410} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477697370410,"flow_src_last_pkt_time":1625477697370410,"flow_dst_last_pkt_time":1625477697370410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625477697370410,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1625477697370410,"flow_dst_last_pkt_time":1625477697370410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625477697370410,"pkt":"eJS0JASgYDjgxTWgCABFAABDQqcAAH8RXIvAqAJktdYjleMrAbsAL7nVV2EBAAABAAAAAAAAATIJc0VjVVJFZE5zBWFWQVN0A0NvbQAAEAAB"} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477697370410,"flow_src_last_pkt_time":1625477697370410,"flow_dst_last_pkt_time":1625477697370410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625477697370410,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -92,7 +92,7 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1625477739836341,"flow_dst_last_pkt_time":1625477739836341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625477739836341,"pkt":"eJS0JASgYDjgxTWgCABFAABD1L8AAH8RynLAqAJktdYjldsvAbsAL1UmhCwBAAABAAAAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAAB"} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625477739836341,"flow_src_last_pkt_time":1625477739836341,"flow_dst_last_pkt_time":1625477739836341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625477739836341,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1625477739836341,"flow_dst_last_pkt_time":1625477739952878,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625477739952878,"pkt":"YDjgxTWgeJS0JASgCABFAADMDM8AADIR3tq11iOVwKgCZAG72y8AuM2UhCyBgAABAAEAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":37,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":3870,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":18,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":95,"global_ts_usec":1625482316411404} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":37,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":3870,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":18,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":95,"global_ts_usec":1625482316411404} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482316411404,"flow_src_last_pkt_time":1625482316411404,"flow_dst_last_pkt_time":1625482316411404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625482316411404,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1625482316411404,"flow_dst_last_pkt_time":1625482316411404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625482316411404,"pkt":"eJS0JASgYDjgxTWgCABFAABDyvUAAH8R1DzAqAJktdYjlfvuAbsAL4YFMq4BAAABAAAAAAAAATIJU2VDVVJFZE5zBWFWYXNUA0NvbQAAEAAB"} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482316411404,"flow_src_last_pkt_time":1625482316411404,"flow_dst_last_pkt_time":1625482316411404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625482316411404,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -137,7 +137,7 @@ 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482401089959,"flow_src_last_pkt_time":1625482401089959,"flow_dst_last_pkt_time":1625482401211672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625482486976882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":49737,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482399044158,"flow_src_last_pkt_time":1625482399044158,"flow_dst_last_pkt_time":1625482399165298,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625482486976882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50008,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482316411404,"flow_src_last_pkt_time":1625482316411404,"flow_dst_last_pkt_time":1625482316532446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625482486976882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":5590,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":7,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":140,"global_ts_usec":1625482998213179} +00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":5590,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":7,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":140,"global_ts_usec":1625482998213179} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482998213179,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998213179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625482998213179,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998213179,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625482998213179,"pkt":"eJS0JASgYDjgxTWgCABFAABDf48AAH8RH6PAqAJktdYjlfuwAbsAL9NLpcUBAAABAAAAAAAAATIJc0VjdVJlZE5TBUF2YXNUA0NvTQAAEAAB"} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625482998213179,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998213179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625482998213179,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -168,7 +168,7 @@ 00763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1625483073457882,"flow_dst_last_pkt_time":1625483073457882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625483073457882,"pkt":"YDjgxTWgeJS0JASgCABFAADMX7kAADIRi\/C11iOVwKgCZAG7zMEAuDeuSIGBgAABAAEAAAAAATIJc2VDVXJlZE5zBWFWQVNUA2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625483010449914,"flow_src_last_pkt_time":1625483010449914,"flow_dst_last_pkt_time":1625483010570990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625483073457882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59613,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482998213179,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998333968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625483073457882,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":6665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":9,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":171,"global_ts_usec":1625511643408589} +00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":6665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":9,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":171,"global_ts_usec":1625511643408589} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625511643408589,"flow_src_last_pkt_time":1625511643408589,"flow_dst_last_pkt_time":1625511643408589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625511643408589,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1625511643408589,"flow_dst_last_pkt_time":1625511643408589,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625511643408589,"pkt":"eJS0JASgYDjgxTWgCABFAABDhScAAH8RGgvAqAJktdYjlehSAbsAL7NiOO0BAAABAAAAAAAAATIJU2VDVVJFZG5zBUFWYVN0A2NPTQAAEAAB"} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625511643408589,"flow_src_last_pkt_time":1625511643408589,"flow_dst_last_pkt_time":1625511643408589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625511643408589,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -182,7 +182,7 @@ 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625482998213179,"flow_src_last_pkt_time":1625482998213179,"flow_dst_last_pkt_time":1625482998333968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625511645546487,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625483073457882,"flow_src_last_pkt_time":1625483073457882,"flow_dst_last_pkt_time":1625483073457882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625511645546487,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625483073336987,"flow_src_last_pkt_time":1625483073336987,"flow_dst_last_pkt_time":1625483073457882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625511645546487,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":7095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":33,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":185,"global_ts_usec":1625556065479179} +00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":7095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":33,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":185,"global_ts_usec":1625556065479179} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556065479179,"flow_src_last_pkt_time":1625556065479179,"flow_dst_last_pkt_time":1625556065479179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625556065479179,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1625556065479179,"flow_dst_last_pkt_time":1625556065479179,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625556065479179,"pkt":"eJS0JASgYDjgxTWgCABFAABDHAQAAH8Rgy7AqAJktdYjldqMAbsAL9sh3zMBAAABAAAAAAAAATIJU2VDVXJlRG5zBUF2QVNUA0NPbQAAEAAB"} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556065479179,"flow_src_last_pkt_time":1625556065479179,"flow_dst_last_pkt_time":1625556065479179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625556065479179,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -200,7 +200,7 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1625556102196787,"flow_dst_last_pkt_time":1625556102196787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625556102196787,"pkt":"eJS0JASgYDjgxTWgCABFAABDGwgAAH8RhCrAqAJktdYjldUVAbsAL6kdFo8BAAABAAAAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAAB"} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625556102196787,"flow_src_last_pkt_time":1625556102196787,"flow_dst_last_pkt_time":1625556102196787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625556102196787,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1625556102196787,"flow_dst_last_pkt_time":1625556102314591,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1625556102314591,"pkt":"YDjgxTWgeJS0JASgCABFAADMmGEAADMRUki11iOVwKgCZAG71RUAuCGMFo+BgAABAAEAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":7779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":9,"current-active-flows":4,"total-active-flows":37,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":203,"global_ts_usec":1625558730271025} +00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":7779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":9,"current-active-flows":4,"total-active-flows":37,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":203,"global_ts_usec":1625558730271025} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625558730271025,"flow_src_last_pkt_time":1625558730271025,"flow_dst_last_pkt_time":1625558730271025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625558730271025,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1625558730271025,"flow_dst_last_pkt_time":1625558730271025,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1625558730271025,"pkt":"eJS0JASgYDjgxTWgCABFAABDLFIAAH8RcuDAqAJktdYjldXoAbsALw4O0KsBAAABAAAAAAAAATIJU0VDdXJlZE5zBUFWYVNUA2NvTQAAEAAB"} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625558730271025,"flow_src_last_pkt_time":1625558730271025,"flow_dst_last_pkt_time":1625558730271025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625558730271025,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} @@ -215,7 +215,7 @@ 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625556100118860,"flow_src_last_pkt_time":1625556100118860,"flow_dst_last_pkt_time":1625556100236729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625558735164269,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625556102196787,"flow_src_last_pkt_time":1625556102196787,"flow_dst_last_pkt_time":1625556102314591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625558735164269,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625558730271025,"flow_src_last_pkt_time":1625558730271025,"flow_dst_last_pkt_time":1625558730389235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1625558735164269,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"AVASTSecureDNS","proto_id":"263","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":8209,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":9,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":218,"global_ts_usec":1625558735164269} +00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/avast_securedns.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":8209,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":9,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":218,"global_ts_usec":1625558735164269} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 77/77 ~~ skipped flows.............: 0 @@ -224,9 +224,9 @@ ~~ total active/idle flows...: 39/39 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7850610 bytes -~~ total memory freed........: 7850610 bytes -~~ total allocations/frees...: 146866/146866 +~~ total memory allocated....: 11558621 bytes +~~ total memory freed........: 11558621 bytes +~~ total allocations/frees...: 217120/217120 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 574 chars ~~ json string max len.......: 1118 chars diff --git a/test/results/default/bacnet.pcap.out b/test/results/default/bacnet.pcap.out index a10c00ee8..dd98e3d90 100644 --- a/test/results/default/bacnet.pcap.out +++ b/test/results/default/bacnet.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1680268949991615} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1680268949991615} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268949991615,"flow_src_last_pkt_time":1680268949991615,"flow_dst_last_pkt_time":1680268949991615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268949991615,"l3_proto":"ip4","src_ip":"65.49.20.98","dst_ip":"90.147.69.219","src_port":53234,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1680268949991615,"flow_dst_last_pkt_time":1680268949991615,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680268949991615,"pkt":"bs1PogZtPJTVQTiBCABFAAAt1DEAAPMR\/YxBMRRiWpNF28\/yusAAGQAAgQoAEQEEAAWpDAwCP\/\/\/GUsA"} 01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268949991615,"flow_src_last_pkt_time":1680268949991615,"flow_dst_last_pkt_time":1680268949991615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268949991615,"l3_proto":"ip4","src_ip":"65.49.20.98","dst_ip":"90.147.69.219","src_port":53234,"dst_port":47808,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} @@ -14,24 +14,24 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1680269481013331,"flow_dst_last_pkt_time":1680269481013331,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680269481013331,"pkt":"bpHurUgdPJTVQTiBCABFAAAt1DEAAPMRTUFAPsWmWpNF1Y84usAAGQAAgQoAEQEEAAXcDAwCP\/\/\/GUsA"} 01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269481013331,"flow_src_last_pkt_time":1680269481013331,"flow_dst_last_pkt_time":1680269481013331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269481013331,"l3_proto":"ip4","src_ip":"64.62.197.166","dst_ip":"90.147.69.213","src_port":36664,"dst_port":47808,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 01092{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269401152467,"flow_src_last_pkt_time":1680269401152467,"flow_dst_last_pkt_time":1680269401152467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269481013331,"l3_proto":"ip4","src_ip":"198.235.24.166","dst_ip":"90.147.69.222","src_port":56883,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":68,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1680270793239173} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":68,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1680270793239173} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270793239173,"flow_src_last_pkt_time":1680270793239173,"flow_dst_last_pkt_time":1680270793239173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"198.235.24.39","dst_ip":"90.147.69.210","src_port":54587,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1680270793239173,"flow_dst_last_pkt_time":1680270793239173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680270793239173,"pkt":"AAwp30Y4PJTVQTiBCABFAAAt1DEAAPoRbRbG6xgnWpNF0tU7usAAGQAAgQoAEQEEAAUBDAwCP\/\/\/GUsA"} 01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270793239173,"flow_src_last_pkt_time":1680270793239173,"flow_dst_last_pkt_time":1680270793239173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"198.235.24.39","dst_ip":"90.147.69.210","src_port":54587,"dst_port":47808,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269401152467,"flow_src_last_pkt_time":1680269401152467,"flow_dst_last_pkt_time":1680269401152467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"198.235.24.166","dst_ip":"90.147.69.222","src_port":56883,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269481013331,"flow_src_last_pkt_time":1680269481013331,"flow_dst_last_pkt_time":1680269481013331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"64.62.197.166","dst_ip":"90.147.69.213","src_port":36664,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269473899742,"flow_src_last_pkt_time":1680269473899742,"flow_dst_last_pkt_time":1680269473899742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270793239173,"l3_proto":"ip4","src_ip":"64.62.197.26","dst_ip":"90.147.69.221","src_port":36992,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":85,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1680271991867802} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":85,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1680271991867802} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271991867802,"flow_src_last_pkt_time":1680271991867802,"flow_dst_last_pkt_time":1680271991867802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271991867802,"l3_proto":"ip4","src_ip":"167.94.138.111","dst_ip":"90.147.69.212","src_port":27041,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1680271991867802,"flow_dst_last_pkt_time":1680271991867802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680271991867802,"pkt":"ipffLU2SPJTVQTiBCABFCAAtP98AACQRhKSnXopvWpNF1GmhusAAGe\/YgQoAEQEEAAUBDAwCP\/\/\/GUsA"} 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271991867802,"flow_src_last_pkt_time":1680271991867802,"flow_dst_last_pkt_time":1680271991867802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271991867802,"l3_proto":"ip4","src_ip":"167.94.138.111","dst_ip":"90.147.69.212","src_port":27041,"dst_port":47808,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270793239173,"flow_src_last_pkt_time":1680270793239173,"flow_dst_last_pkt_time":1680270793239173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271991867802,"l3_proto":"ip4","src_ip":"198.235.24.39","dst_ip":"90.147.69.210","src_port":54587,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":102,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1680273941879740} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":102,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1680273941879740} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273941879740,"flow_src_last_pkt_time":1680273941879740,"flow_dst_last_pkt_time":1680273941879740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273941879740,"l3_proto":"ip4","src_ip":"162.142.125.140","dst_ip":"90.147.69.217","src_port":63852,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1680273941879740,"flow_dst_last_pkt_time":1680273941879740,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680273941879740,"pkt":"moT+\/Ph8PJTVQTiBCABFAAAt\/WwAACcR1cyijn2MWpNF2flsusAAGXG7gQoAEQEEAAUBDAwCP\/\/\/GUsA"} 01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273941879740,"flow_src_last_pkt_time":1680273941879740,"flow_dst_last_pkt_time":1680273941879740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273941879740,"l3_proto":"ip4","src_ip":"162.142.125.140","dst_ip":"90.147.69.217","src_port":63852,"dst_port":47808,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271991867802,"flow_src_last_pkt_time":1680271991867802,"flow_dst_last_pkt_time":1680271991867802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273941879740,"l3_proto":"ip4","src_ip":"167.94.138.111","dst_ip":"90.147.69.212","src_port":27041,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":119,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1680278570937544} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":119,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1680278570937544} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278570937544,"flow_src_last_pkt_time":1680278570937544,"flow_dst_last_pkt_time":1680278570937544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278570937544,"l3_proto":"ip4","src_ip":"198.235.24.45","dst_ip":"90.147.69.219","src_port":51922,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1680278570937544,"flow_dst_last_pkt_time":1680278570937544,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680278570937544,"pkt":"bs1PogZtPJTVQTiBCABFAAAt1DEAAPoRbQfG6xgtWpNF28rSusAAGQAAgQoAEQEEAAUBDAwCP\/\/\/GUsA"} 01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278570937544,"flow_src_last_pkt_time":1680278570937544,"flow_dst_last_pkt_time":1680278570937544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278570937544,"l3_proto":"ip4","src_ip":"198.235.24.45","dst_ip":"90.147.69.219","src_port":51922,"dst_port":47808,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} @@ -40,7 +40,7 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1680278735577357,"flow_dst_last_pkt_time":1680278735577357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":25,"thread_ts_usec":1680278735577357,"pkt":"bs1PogZtPJTVQTiBCABFAAAt7PQAACcR5kqijn2EWpNF23RWusAAGfbXgQoAEQEEAAUBDAwCP\/\/\/GUsA"} 01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278735577357,"flow_src_last_pkt_time":1680278735577357,"flow_dst_last_pkt_time":1680278735577357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278735577357,"l3_proto":"ip4","src_ip":"162.142.125.132","dst_ip":"90.147.69.219","src_port":29782,"dst_port":47808,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 01092{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278570937544,"flow_src_last_pkt_time":1680278570937544,"flow_dst_last_pkt_time":1680278570937544,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":17,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278735577357,"l3_proto":"ip4","src_ip":"198.235.24.45","dst_ip":"90.147.69.219","src_port":51922,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":153,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1681133167315255} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":153,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1681133167315255} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133167315255,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133167315255,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1681133167315255,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1681133167315255,"pkt":"AQIDBAUGABorPE1eCABFAAAoq9VAAEARkffMrLH\/zKyxn7rAusAAFPoNgQsADAEg\/\/8A\/xAI"} 01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133167315255,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133167315255,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} @@ -54,7 +54,7 @@ 01098{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133274409641,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133274409641,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 01099{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133345185904,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":231,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133345185904,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1681133167315255,"flow_src_last_pkt_time":1681133388520203,"flow_dst_last_pkt_time":1681133167315255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681133388520203,"l3_proto":"ip4","src_ip":"204.172.177.255","dst_ip":"204.172.177.159","src_port":47808,"dst_port":47808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BACnet","proto_id":"334","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":31,"category":"IoT-Scada"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":398,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1681133388520203} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bacnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":398,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1681133388520203} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 23/23 ~~ skipped flows.............: 0 @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7786752 bytes -~~ total memory freed........: 7786752 bytes -~~ total allocations/frees...: 146493/146493 +~~ total memory allocated....: 11495227 bytes +~~ total memory freed........: 11495227 bytes +~~ total allocations/frees...: 216747/216747 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 533 chars ~~ json string max len.......: 1104 chars diff --git a/test/results/default/bad-dns-traffic.pcap.out b/test/results/default/bad-dns-traffic.pcap.out index 12fe395f4..bbde96a41 100644 --- a/test/results/default/bad-dns-traffic.pcap.out +++ b/test/results/default/bad-dns-traffic.pcap.out @@ -1,42 +1,42 @@ -00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1486012623234684} +00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1486012623234684} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012623234684,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012623234684,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1486012623234684,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1486012623234684,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3821AAEARVP\/AqCtbBAICBIx+ADUAYyoIa68BAAABAAAAAAAAODA1ZTEwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="} -01350{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012623234684,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012623234684,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01456{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012623234684,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012623234684,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1486012624242985,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1486012624242985,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB38+5AAEARVH7AqCtbBAICBIx+ADUAY73N0g0BAAABAAAAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="} -01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012624242985,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012624242985,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01465{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012624242985,"flow_dst_last_pkt_time":1486012623234684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012624242985,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1486012624242985,"flow_dst_last_pkt_time":1486012624325522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1486012624325522,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1jH4AhhPK0g2BgAABAAEAAAAAODk1ODcwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEjYzNGYwMGE2MjEwMTBhMDAwMMBF"} -01363{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012624242985,"flow_dst_last_pkt_time":1486012624325522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":126,"midstream":0,"thread_ts_usec":1486012624325522,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}} +01469{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012624242985,"flow_dst_last_pkt_time":1486012624325522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":126,"midstream":0,"thread_ts_usec":1486012624325522,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1486012624325823,"flow_dst_last_pkt_time":1486012624325522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1486012624325823,"pkt":"AhoR+f4q5LMYS\/DDCABFAABR8\/FAAEARVKHAqCtbBAICBIx+ADUAPZ97lHsBAAABAAAAAAAAEjdjZDUwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAQAAE="} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1486012624325823,"flow_dst_last_pkt_time":1486012624382053,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1486012624382053,"pkt":"5LMYS\/DDAhoR+f4qCABFAABwAABAADMRVXQEAgIEwKgrWwA1jH4AXFjwlHuBgAABAAEAAAAAEjdjZDUwMWE2MjFjMzYyMDEwYQxza3VsbHNlY2xhYnMDb3JnAAAQAAHADAAQAAEAAAA8ABMSOTZiMjAxYTYyMTAxMGFjMzYy"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012635073060,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012635073060,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1486012635073060,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1486012635073060,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+zhAAEARTTTAqCtbBAICBNwiADUAYwrvCk0BAAABAAAAAAAAODI0NDMwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="} -01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012635073060,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012635073060,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01457{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012635073060,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012635073060,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1486012636079520,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1486012636079520,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3+7NAAEARTLnAqCtbBAICBNwiADUAY1S7n3sBAAABAAAAAAAAODZiNTAwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="} -01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012636079520,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012636079520,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01465{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012636079520,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012636079520,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1486012637085359,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1486012637085359,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/ElAAEARTCPAqCtbBAICBNwiADUAY0RMqrgBAAABAAAAAAAAOGUxOGYwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="} -01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012637085359,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012637085359,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01465{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012637085359,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012637085359,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1486012638093433,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1486012638093433,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/K5AAEARS77AqCtbBAICBNwiADUAY1PDy0gBAAABAAAAAAAAODQ2YjEwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAAUAAQ=="} -01359{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012638093433,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":364,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012638093433,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01465{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012638093433,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":364,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012638093433,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":5,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1486012639101974,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1486012639101974,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3\/ZNAAEARStnAqCtbBAICBNwiADUAY\/RRFrgBAAABAAAAAAAAOGM3NTkwMGZkZjUyNTMyMDAyMTYzNmY2ZDZkNjE2ZTY0MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAABAAAQ=="} -01360{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012639101974,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":455,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012639101974,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":16,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} -01364{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012639101974,"flow_dst_last_pkt_time":1486012639174914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":122,"flow_src_tot_l4_payload_len":455,"flow_dst_tot_l4_payload_len":122,"midstream":0,"thread_ts_usec":1486012639174914,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}} -02489{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012651592518,"flow_dst_last_pkt_time":1486012651846910,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":1392,"flow_dst_tot_l4_payload_len":1397,"midstream":0,"thread_ts_usec":1486012651846910,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":63089,"avg":1073977.6,"max":4101854,"stddev":689094.3,"var":474850951168.0,"ent":4.7,"data": [1006460,1005839,1008074,1008541,4101854,73173,63089,1023925,1006666,2080907,1018755,962463,1014062,1012614,1013561,1040293,1038247,1060225,1011738,991100,1041523,1066575,1017786,982256,1029549,1026193,1027755,1007446,2080430,166358,305851]},"pktlen": {"min":81,"avg":115.2,"max":309,"stddev":50.6,"var":2560.6,"ent":4.9,"data": [119,119,119,119,119,150,81,116,81,81,112,81,114,81,116,81,114,81,114,81,112,81,114,81,116,81,114,81,81,160,276,309]},"bins": {"c_to_s": [0,13,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1],"entropies": [4.888009548,4.952452183,4.965347767,4.979370117,4.967788696,4.929614544,5.009302616,4.960116863,5.043313503,5.058685303,5.000692368,5.003250122,5.011343002,4.956934929,5.038347244,4.966254234,5.016212940,4.953866959,4.986301899,5.024673939,4.983958244,4.935227871,4.998669147,4.940047741,4.970242500,4.999982357,4.987974167,4.999982834,5.024673939,4.881881237,4.176499844,4.325556755]},"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01206{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012630535623,"flow_dst_last_pkt_time":1486012630741119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":705,"flow_dst_tot_l4_payload_len":915,"midstream":0,"thread_ts_usec":1486012676167582,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01212{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":120,"flow_dst_packets_processed":89,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012686228125,"flow_dst_last_pkt_time":1486012686227663,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":26440,"flow_dst_tot_l4_payload_len":22745,"midstream":0,"thread_ts_usec":1486012686228125,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01206{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":367,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012630535623,"flow_dst_last_pkt_time":1486012630741119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":705,"flow_dst_tot_l4_payload_len":915,"midstream":0,"thread_ts_usec":1486012726429073,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01466{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012639101974,"flow_dst_last_pkt_time":1486012635073060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":455,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012639101974,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":16,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01470{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012639101974,"flow_dst_last_pkt_time":1486012639174914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":122,"flow_src_tot_l4_payload_len":455,"flow_dst_tot_l4_payload_len":122,"midstream":0,"thread_ts_usec":1486012639174914,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":16,"rsp_type":16,"rsp_addr":"0.0.0.0"}}} +02595{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012651592518,"flow_dst_last_pkt_time":1486012651846910,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":1392,"flow_dst_tot_l4_payload_len":1397,"midstream":0,"thread_ts_usec":1486012651846910,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":63089,"avg":1073977.6,"max":4101854,"stddev":689094.3,"var":474850951168.0,"ent":4.7,"data": [1006460,1005839,1008074,1008541,4101854,73173,63089,1023925,1006666,2080907,1018755,962463,1014062,1012614,1013561,1040293,1038247,1060225,1011738,991100,1041523,1066575,1017786,982256,1029549,1026193,1027755,1007446,2080430,166358,305851]},"pktlen": {"min":81,"avg":115.2,"max":309,"stddev":50.6,"var":2560.6,"ent":4.9,"data": [119,119,119,119,119,150,81,116,81,81,112,81,114,81,116,81,114,81,114,81,112,81,114,81,116,81,114,81,81,160,276,309]},"bins": {"c_to_s": [0,13,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1],"entropies": [4.888009548,4.952452183,4.965347767,4.979370117,4.967788696,4.929614544,5.009302616,4.960116863,5.043313503,5.058685303,5.000692368,5.003250122,5.011343002,4.956934929,5.038347244,4.966254234,5.016212940,4.953866959,4.986301899,5.024673939,4.983958244,4.935227871,4.998669147,4.940047741,4.970242500,4.999982357,4.987974167,4.999982834,5.024673939,4.881881237,4.176499844,4.325556755]},"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01312{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012630535623,"flow_dst_last_pkt_time":1486012630741119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":705,"flow_dst_tot_l4_payload_len":915,"midstream":0,"thread_ts_usec":1486012676167582,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01318{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":120,"flow_dst_packets_processed":89,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012686228125,"flow_dst_last_pkt_time":1486012686227663,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":26440,"flow_dst_tot_l4_payload_len":22745,"midstream":0,"thread_ts_usec":1486012686228125,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01312{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":367,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012630535623,"flow_dst_last_pkt_time":1486012630741119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":705,"flow_dst_tot_l4_payload_len":915,"midstream":0,"thread_ts_usec":1486012726429073,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012730177697,"flow_src_last_pkt_time":1486012730177697,"flow_dst_last_pkt_time":1486012730177697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012730177697,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1486012730177697,"flow_dst_last_pkt_time":1486012730177697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1486012730177697,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3Lk5AAEARGh\/AqCtbBAICBLdxADUAYz49\/HsBAAABAAAAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="} -01352{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012730177697,"flow_src_last_pkt_time":1486012730177697,"flow_dst_last_pkt_time":1486012730177697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012730177697,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01458{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486012730177697,"flow_src_last_pkt_time":1486012730177697,"flow_dst_last_pkt_time":1486012730177697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486012730177697,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1486012730177697,"flow_dst_last_pkt_time":1486012730381593,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1486012730381593,"pkt":"5LMYS\/DDAhoR+f4qCABFAACaAABAADMRVUoEAgIEwKgrWwA1t3EAhvb+\/HuBgAABAAEAAAAAOGEwNTcwMGU2ZGE4MzUxMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAcAMAA8AAQAAADwAFwAKEmRlNjkwMGU2ZGE2ZWEyMDAwMMBF"} -01364{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1486012730177697,"flow_src_last_pkt_time":1486012730177697,"flow_dst_last_pkt_time":1486012730381593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":126,"midstream":0,"thread_ts_usec":1486012730381593,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}} +01470{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1486012730177697,"flow_src_last_pkt_time":1486012730177697,"flow_dst_last_pkt_time":1486012730381593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":126,"midstream":0,"thread_ts_usec":1486012730381593,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}}} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1486012730381905,"flow_dst_last_pkt_time":1486012730381593,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1486012730381905,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRLntAAEARGhjAqCtbBAICBLdxADUAPY6IeT8BAAABAAAAAAAAEmI1NDEwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAE="} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1486012730381905,"flow_dst_last_pkt_time":1486012730437815,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1486012730437815,"pkt":"5LMYS\/DDAhoR+f4qCABFAAB0AABAADMRVXAEAgIEwKgrWwA1t3EAYGtAeT+BgAABAAEAAAAAEmI1NDEwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAPAAHADAAPAAEAAAA8ABcAChI1YzRmMDFlNmRhNmVhMjgzNTHAHw=="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1486012731395086,"flow_dst_last_pkt_time":1486012730437815,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1486012731395086,"pkt":"AhoR+f4q5LMYS\/DDCABFAABRL1lAAEARGTrAqCtbBAICBLdxADUAPbE6V7kBAAABAAAAAAAAEjMxNzMwMWU2ZGE4MzUxNmVhMgxza3VsbHNlY2xhYnMDb3JnAAAQAAE="} -01203{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1486012730177697,"flow_src_last_pkt_time":1486012733574897,"flow_dst_last_pkt_time":1486012733669835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":632,"flow_dst_tot_l4_payload_len":863,"midstream":0,"thread_ts_usec":1486012733669835,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01211{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":203,"flow_dst_packets_processed":146,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012727434811,"flow_dst_last_pkt_time":1486012727540477,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":43062,"flow_dst_tot_l4_payload_len":37153,"midstream":0,"thread_ts_usec":1486012733669835,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01204{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012630535623,"flow_dst_last_pkt_time":1486012630741119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":705,"flow_dst_tot_l4_payload_len":915,"midstream":0,"thread_ts_usec":1486012733669835,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":382,"packets-processed":382,"total-skipped-flows":0,"total-l4-payload-len":83330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":8,"total-updates":3,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1486012733669835} +01309{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1486012730177697,"flow_src_last_pkt_time":1486012733574897,"flow_dst_last_pkt_time":1486012733669835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":632,"flow_dst_tot_l4_payload_len":863,"midstream":0,"thread_ts_usec":1486012733669835,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01317{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":203,"flow_dst_packets_processed":146,"flow_first_seen":1486012635073060,"flow_src_last_pkt_time":1486012727434811,"flow_dst_last_pkt_time":1486012727540477,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":248,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":43062,"flow_dst_tot_l4_payload_len":37153,"midstream":0,"thread_ts_usec":1486012733669835,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01310{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1486012623234684,"flow_src_last_pkt_time":1486012630535623,"flow_dst_last_pkt_time":1486012630741119,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":187,"flow_src_tot_l4_payload_len":705,"flow_dst_tot_l4_payload_len":915,"midstream":0,"thread_ts_usec":1486012733669835,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/bad-dns-traffic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":382,"packets-processed":382,"total-skipped-flows":0,"total-l4-payload-len":83330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":8,"total-updates":3,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1486012733669835} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 382/382 ~~ skipped flows.............: 0 @@ -45,10 +45,10 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7782451 bytes -~~ total memory freed........: 7782451 bytes -~~ total allocations/frees...: 146781/146781 +~~ total memory allocated....: 11491038 bytes +~~ total memory freed........: 11491038 bytes +~~ total allocations/frees...: 217035/217035 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 576 chars -~~ json string max len.......: 2494 chars -~~ json string avg len.......: 1534 chars +~~ json string max len.......: 2600 chars +~~ json string avg len.......: 1587 chars diff --git a/test/results/default/badpackets.pcap.out b/test/results/default/badpackets.pcap.out index ce5109a58..be332efa0 100644 --- a/test/results/default/badpackets.pcap.out +++ b/test/results/default/badpackets.pcap.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1495451029466717} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1495451029466717} 00316{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451029466717,"packet_id":1,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":237,"global_ts_usec":1495451029466717} 00659{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":271,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcP1QgAOcRe9CDTlH+zLpQ5QA1zGcGtUqtAWiFkwABAAAADAABC3BobDFzcHJ0MTA4AmFkA2RsYQNtaWwAAAEAAcAbAAYAAQAAAh0ALQhlYWdsZWliMcAYC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAh0AmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="} 00316{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451030401327,"packet_id":2,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":271,"global_ts_usec":1495451030401327} @@ -122,7 +122,7 @@ 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="} 00316{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451620868987,"packet_id":59,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":9,"global_ts_usec":1495451620868987} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":60,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":1495451632004127} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":60,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":1495451632004127} 00317{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451632004127,"packet_id":60,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":602,"global_ts_usec":1495451632004127} 01151{"packet_event_id":1,"packet_event_name":"packet","packet_id":60,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":636,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":636,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsh4gADYR8CWCDh0fzLpQ5QA1H4MIImMAvk+EEAABAAIABgAJBG5jYmkDbmxtA25paANnb3YAAAEAAcAMAAEAAQABUYAABIIOHW7ADAAuAAEAAVGAASQAAQcEAAFRgFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgAkf1HSoxN8AcwUdKY7WYciGx3geHak0EvSutU7odDo4dq+NlD8O\/xERFOOtnm1OnbmotJrAyzkKRKq2LhHEAKnpnQ\/7o4BV5VPHkuyi+TApDKVmXneUpTyPtHjKhT2CXt\/fyExp+B7ruJjC+Pcr5ZslqwQv1r1rPCkU5Mhz4yMR3BggA0Hh5V6YsPB3ZKTiKS\/eiA5iAmjeNxUPq28qT0hVjLTG5jO15eNmG2vPLSE3IUKr1s52HiMixNOjA9zTiA\/KJ+hR8CkVUQekEXmvwf9VBsUpBGDeS2mGNHxD+rzAlEWmLXNCGAh5Oui3uYYiuNNDR79YStEu6BCY8ZmkvsqwFAAAgABAAAOEAAMCWRuczEtbmNiacBQwFAAAgABAAAOEAAGA25zM8BZwFAAAgABAAAOEAAMCWRuczItbmNiacBQwFAAAgABAAAOEAAFAm5zwFnAUAACAAEAAA4QAAYDbnMywFnAUAAuAAEAAA4QASQAAgcEAAAOEFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgA+EebMkCne2CNH9\/msBB1ttxS45FhdXCD5iR18dVqPuT200zDdV4BFS01NU4MYeoc3XDyOxIWfU7WKy5Zs94YsWp3mz1cDLKuZG3MK\/hBxOol\/fcuIoTQU9\/sE"} 00317{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451636457182,"packet_id":61,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":231,"global_ts_usec":1495451636457182} @@ -191,7 +191,7 @@ 00949{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":486,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFKAXcMaIgADQR\/37IE0oVzLpQ5QA1cggHjFp0zlSEEAABAAMABQAKA25zMgZwb3AtcHIDcm5wAmJyAAAcAAHADAAcAAEAAAEsABAoAQCCAAAABgAAAAAAAAAgwAwALgABAAABLAChABwFBAAAASxYVstzWC8+c5NwBnBvcC1wcgNybnACYnIA1\/aeIOiXLVAUlf7X0fXFedFXWKq9aABVNOZ7r5rykMv0fMN9YxDR4Cfp\/zKvuFMArhl0vnp4MXdTgWKEiqk59GY+\/xomF5ijzP3\/hVLiW7e0IYJ1yWiBQh1jhcv34Y3bAKrfDk1MJeqnDbo4Bp88Wdfr5Y21wV56qV8eT6SlXOXADAAuAAEAAAEsAKEAHAUEAAABLFhWy3NYLz5zpzoGcG9wLXByA3JucAJicgCVDEMFJZu9EAXpnfRWZ2RVItWA0n+KJu9IaIVJmIMhajSIQT3VrNMeLfYGRUUl45s\/7N7SoIMSnISlGlhJNpFBgZCcSGA0oztlFfMwzcS\/I5CcKCU3SWRb5uEagRV84Bme6gzJXmBlBbKvNmLJm1Vjve6LCM8hoD8VZqG7vv8jFcEKAAIAAQAAASwABQJuc8EKwQoAAgABAAABLAACwAzBCgAC"} 00317{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451915752227,"packet_id":93,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_usec":1495451915752227} 00664{"packet_event_id":1,"packet_event_name":"packet","packet_id":93,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcZssgAOcRVFmDTlH+zLpQ5QA1TRMGuBtHRUGFkwABAAAADAABCkhRMDFXRUYwMDEDRElSAkFEA0RMQQNNSUwAAAEAAcAeAAYAAQAAA2gALQhlYWdsZWliMcAbC3JhbmR5LnNtaXRowB53sikrAAAqMAAABDgACTqAAAADhMAeAC4AAQAAA2gAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":93,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":194,"global_ts_usec":1495451915752227} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":93,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":194,"global_ts_usec":1495451915752227} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 93/0 ~~ skipped flows.............: 0 @@ -200,9 +200,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7764605 bytes -~~ total memory freed........: 7764605 bytes -~~ total allocations/frees...: 146360/146360 +~~ total memory allocated....: 11473240 bytes +~~ total memory freed........: 11473240 bytes +~~ total allocations/frees...: 216614/216614 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 320 chars ~~ json string max len.......: 2335 chars diff --git a/test/results/default/bets.pcapng.out b/test/results/default/bets.pcapng.out new file mode 100644 index 000000000..5fd66c21c --- /dev/null +++ b/test/results/default/bets.pcapng.out @@ -0,0 +1,29 @@ +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1693252376328241} +00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376328241,"flow_dst_last_pkt_time":1693252376328241,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1693252376328241,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} +00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1693252376328241,"flow_dst_last_pkt_time":1693252376328241,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":64,"pkt_l4_len":44,"thread_ts_usec":1693252376328241,"pkt":"RQAAQAAAQABABvsXwKgKAg3gZxbqwwG7A+7xFgAAAACwAv\/\/lHwAAAIEBWQBAwMGAQEICjEzUHgAAAAABAIAAA=="} +00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1693252376328241,"flow_dst_last_pkt_time":1693252376373304,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1693252376373304,"pkt":"RQAAPAAAQAD1BkYbDeBnFsCoCgIBu+rDfMJDrwPu8RegEv\/\/nUwAAAIEBaAEAggKSjv9NzEzUHgBAwMJ"} +00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1693252376373327,"flow_dst_last_pkt_time":1693252376373304,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1693252376373327,"pkt":"RQAANAAAQABABvsjwKgKAg3gZxbqwwG7A+7xF3zCQ7CAEAgEw9UAAAEBCAoxM1ClSjv9Nw=="} +00965{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1693252376374043,"flow_dst_last_pkt_time":1693252376373304,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":380,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":380,"pkt_l4_len":360,"thread_ts_usec":1693252376374043,"pkt":"RQABfAAAQABABvnbwKgKAg3gZxbqwwG7A+7xF3zCQ7CAGAgEHo0AAAEBCAoxM1ClSjv9NxYDAQFDAQABPwMDwABk4guyTxhZCw+GLxoVbHFTKe0wXKQIKjfXpYO0MBQgaRcSNkWDHUwKFQ\/xX0r86c\/n28v92ZnIHyKw4WCLfcYAYhMDEwITAcypzKjMqsAwwCzAKMAkwBTACgCfAGsAOf+FAMQAiACBAJ0APQA1AMAAhMAvwCvAJ8AjwBPACQCeAGcAMwC+AEUAnAA8AC8AugBBwBHABwAFAATAEsAIABYACgD\/AQAAlAArAAkIAwQDAwMCAwEAMwAmACQAHQAg4K+nU26wL5q0EcrSAPZbMBwmwfa4+K20LRLRPSLNBiMAAAAXABUAABJ3d3cuMTA4NGJldHMxMC5jb20ACwACAQAACgAKAAgAHQAXABgAGQANABgAFggGBgEGAwgFBQEFAwgEBAEEAwIBAgMAEAAOAAwCaDIIaHR0cC8xLjE="} +01173{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376374043,"flow_dst_last_pkt_time":1693252376373304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1693252376374043,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.1084bets10.com","tls": {"version":"TLSv1.2","ja3":"375c6162a492dfbf2795909110ce8424","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1693252376374043,"flow_dst_last_pkt_time":1693252376419072,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1693252376419072,"pkt":"RQAANHFFAAD1BhTeDeBnFsCoCgIBu+rDfMJDsAPu8l+AEACDyeAAAAEBCApKO\/1lMTNQpQ=="} +01218{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376374043,"flow_dst_last_pkt_time":1693252376420557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1693252376420557,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.1084bets10.com","tls": {"version":"TLSv1.3","ja3":"375c6162a492dfbf2795909110ce8424","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01956{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376473051,"flow_dst_last_pkt_time":1693252376516940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":573,"flow_dst_tot_l4_payload_len":6919,"midstream":0,"thread_ts_usec":1693252376516940,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":10758.4,"max":46532,"stddev":18210.4,"var":331618016.0,"ent":3.2,"data": [45063,45086,716,45768,1485,46532,228,223,359,358,497,1,497,2530,35,126,50,44471,1044,896,1,81,43759,187,180,74,3041,2969,1675,39830,5747]},"pktlen": {"min":52,"avg":286.8,"max":1420,"stddev":477.2,"var":227739.3,"ent":3.6,"data": [64,60,52,380,52,1420,52,1420,52,1420,52,1420,93,52,58,110,138,116,52,52,52,52,198,52,123,52,83,1241,52,52,52,52]},"bins": {"c_to_s": [12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,0,1,0,0,1,1],"entropies": [4.359427452,5.254205704,5.077241421,6.193246841,5.115703106,7.830681801,5.024262905,7.844112873,5.154164791,7.881240845,5.115703106,7.848938465,5.975646019,5.115703106,4.911536217,6.119595051,6.468632221,6.137733459,5.192626476,5.154164791,5.154164791,5.192626476,6.778203011,5.077241421,6.239024639,5.154164791,5.561018467,7.842863560,5.115703106,4.979099274,5.154164791,5.154164791]}} +01221{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376473051,"flow_dst_last_pkt_time":1693252376516940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":573,"flow_dst_tot_l4_payload_len":6919,"midstream":0,"thread_ts_usec":1693252376516940,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.1084bets10.com","tls": {"version":"TLSv1.3","ja3":"375c6162a492dfbf2795909110ce8424","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +00965{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1693252376328241,"flow_src_last_pkt_time":1693252376516972,"flow_dst_last_pkt_time":1693252376516940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":573,"flow_dst_tot_l4_payload_len":6919,"midstream":0,"thread_ts_usec":1693252376516972,"l3_proto":"ip4","src_ip":"192.168.10.2","dst_ip":"13.224.103.22","src_port":60099,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/bets.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":7492,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1693252376516972} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 33/33 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 7492 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 11492260 bytes +~~ total memory freed........: 11492260 bytes +~~ total allocations/frees...: 216665/216665 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 528 chars +~~ json string max len.......: 1961 chars +~~ json string avg len.......: 1219 chars diff --git a/test/results/default/bitcoin.pcap.out b/test/results/default/bitcoin.pcap.out index 91fd0a7ff..50993f044 100644 --- a/test/results/default/bitcoin.pcap.out +++ b/test/results/default/bitcoin.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1301327937725033} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1301327937725033} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301327937725033,"flow_src_last_pkt_time":1301327937725033,"flow_dst_last_pkt_time":1301327937725033,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301327937725033,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1301327937725033,"flow_dst_last_pkt_time":1301327937725033,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1301327937725033,"pkt":"ACPrIpS0ACNshovhCABFAACdb3BAAEAGdmXAqAGOvKXVqdgVII1UFpaF9ORId4AY\/\/\/XwQAAAQEICicy22Mwkrss+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABBsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/vKXVqSCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/AqAGOII3ZMDrPGxAeDAD6vQEA"} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301327937725033,"flow_src_last_pkt_time":1301327937725033,"flow_dst_last_pkt_time":1301327937725033,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301327937725033,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -30,7 +30,7 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1301328472925065,"flow_dst_last_pkt_time":1301328473077893,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1301328473077893,"pkt":"ACNshovhACPrIpS0CABFAABIMqxAAG8GgXNCRFMWwKgBjiCN2Ff1mJ36LY+1yIAY\/5avrAAAAQEICgBK7W4nMvBG+b602XZlcmFjawAAAAAAAAAAAAA="} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1301328472925065,"flow_dst_last_pkt_time":1301328487120277,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1301328487120277,"pkt":"ACNshovhACPrIpS0CABFAABxMvRAAG8GgQJCRFMWwKgBjiCN2Ff1mJ4OLY+1yIAY\/5YyzAAAAQEICgBK7fonMvBH+b602WludgAAAAAAAAAAACUAAAAXvAGWAQEAAAAYqnCtA4JeCfSWUZFYsh6sAyMBtBHVR6Y5dbVZJO1sMQ=="} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1301328472925065,"flow_dst_last_pkt_time":1301328526763444,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1301328526763444,"pkt":"ACNshovhACPrIpS0CABFAABxM2VAAG8GgJFCRFMWwKgBjiCN2Ff1mJ5LLY+1yIAY\/5bHMAAAAQEICgBK74cnMvDT+b602WludgAAAAAAAAAAACUAAAAOAWk4AQEAAACmU2ocFfjbk6bwRfCWT0dV1t0G5OkxndgzFqeVZZtzHw=="} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":215,"packets-processed":214,"total-skipped-flows":0,"total-l4-payload-len":260266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1301328538215424} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":215,"packets-processed":214,"total-skipped-flows":0,"total-l4-payload-len":260266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1301328538215424} 02391{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1301328472925065,"flow_src_last_pkt_time":1301328607711436,"flow_dst_last_pkt_time":1301328616076718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":9102,"flow_dst_tot_l4_payload_len":23653,"midstream":1,"thread_ts_usec":1301328616076718,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":8965742.0,"max":134322478,"stddev":25481870.0,"var":649325705166848.0,"ent":2.2,"data": [62318,90510,14042384,39643167,11451980,9238604,22700384,134322478,190526,216456,52,56784,49,15,11,45582876,5468,2949,79677,2390,56420,14875,38291,1106,29429,10233,41403,43,29590,11803,15753]},"pktlen": {"min":72,"avg":1075.6,"max":1500,"stddev":630.5,"var":397582.1,"ent":4.7,"data": [157,157,72,113,113,113,168,113,96,1500,1500,1500,1500,1500,1500,317,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0],"s_to_c": [1,4,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0]},"directions": [0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.314049721,4.516415119,5.159438610,5.621953964,5.629888535,5.436272144,5.232412338,5.492824554,5.047397614,6.620144367,6.645269394,6.641551971,6.624248028,6.652445793,6.650110245,6.173855782,3.519509792,3.418695927,3.522331953,3.473526716,3.458976030,3.461488724,3.521340132,3.498308420,3.439558506,3.445366859,3.488321781,3.470211506,3.484444618,3.500530481,3.521874428,3.458418369]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301328699728375,"flow_src_last_pkt_time":1301328699728375,"flow_dst_last_pkt_time":1301328699728375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301328699728375,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1301328699728375,"flow_dst_last_pkt_time":1301328699728375,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1301328699728375,"pkt":"ACPrIpS0ACNshovhCABFAACdK9RAAEAGd8TAqAGOw9oQsthoII1BDXcu4yOzE4AY\/\/9L7wAAAQEICicy+R8AACIN+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAAA7s5BNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/w9oQsiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII38Ree1v7hQ3gC4wAEA"} @@ -40,7 +40,7 @@ 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1301328699728375,"flow_dst_last_pkt_time":1301328717164944,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_usec":1301328717164944,"pkt":"ACNshovhACPrIpS0CABFAABrBgZAAHUGaMTD2hCywKgBjiCN2GjjI7OQQQ13l4AYAQQrZwAAAQEICgAAKOAnMvki+b602WFkZHIAAAAAAAAAAB8AAABr2MyYATqzkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/1XJqP0gjQ=="} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1301328699728375,"flow_dst_last_pkt_time":1301328728615715,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_usec":1301328728615715,"pkt":"ACNshovhACPrIpS0CABFAABrByNAAHUGZ6fD2hCywKgBjiCN2GjjI7PHQQ13l4AYAQSkaAAAAQEICgAALVknMvnN+b602WFkZHIAAAAAAAAAAB8AAAATXr9rAUCzkE0BAAAAAAAAAAAAAAAAAAAAAAD\/\/4FhwkwgjQ=="} 02403{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":26,"flow_first_seen":1301328699728375,"flow_src_last_pkt_time":1301328741904043,"flow_dst_last_pkt_time":1301328743741542,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5826,"flow_dst_tot_l4_payload_len":27918,"midstream":1,"thread_ts_usec":1301328743741542,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":2780285.0,"max":41186439,"stddev":7975567.0,"var":63609669419008.0,"ent":2.2,"data": [128208,113258,17195103,11450771,3438749,6775,2755264,41186439,319900,321845,34,347450,8283500,31885,35035,52689,19022,36630,49289,41130,63903,2317,29070,27748,37436,32734,49198,24571,33724,41084,34074]},"pktlen": {"min":72,"avg":1106.5,"max":1500,"stddev":621.5,"var":386298.0,"ent":4.7,"data": [157,157,72,107,107,107,107,113,96,1500,1500,1500,1385,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500]},"bins": {"c_to_s": [0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,3,0,0],"s_to_c": [1,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0]},"directions": [0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.383668423,4.444240093,4.982605934,4.668665886,4.713104248,4.762123585,4.780815601,5.560832977,4.996669769,6.587570190,6.648486137,6.600738525,6.599431038,3.406774759,3.373550653,3.345058441,3.338595867,3.355129480,3.392081499,3.337737560,3.285459280,3.329736471,3.341146708,3.315114975,3.270951748,3.318075180,3.308751106,3.279112339,3.298598528,3.384484768,3.426392555,3.339625120]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":495,"packets-processed":494,"total-skipped-flows":0,"total-l4-payload-len":520135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1301329138452825} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":495,"packets-processed":494,"total-skipped-flows":0,"total-l4-payload-len":520135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1301329138452825} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301329304767401,"flow_src_last_pkt_time":1301329304767401,"flow_dst_last_pkt_time":1301329304767401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301329304767401,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1301329304767401,"flow_dst_last_pkt_time":1301329304767401,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1301329304767401,"pkt":"ACPrIpS0ACNshovhCABFAACdDAhAAEAGDmvAqAGOuDqld9i\/II0stRatNDMFDIAY\/\/9S8AAAAQEICiczELoAVdzf+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAACYtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/uDqldyCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII0b7ZMAlkQ1dwALwwEA"} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1301329304767401,"flow_src_last_pkt_time":1301329304767401,"flow_dst_last_pkt_time":1301329304767401,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1301329304767401,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} @@ -48,14 +48,14 @@ 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1301329305005443,"flow_dst_last_pkt_time":1301329304813916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_usec":1301329305005443,"pkt":"ACPrIpS0ACNshovhCABFAACX6RJAAEAGMWbAqAGOuDqld9i\/II0stRcWNDMFdYAY\/\/+hogAAAQEICiczEL0AVdz7+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZYWRkcgAAAAAAAAAAHwAAAKr+QCYBbLWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHiCN"} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1301329309391663,"flow_dst_last_pkt_time":1301329304813916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1301329309391663,"pkt":"ACPrIpS0ACNshovhCABFAABxpRVAAEAGdYnAqAGOuDqld9i\/II0stRd5NDMFdYAY\/\/\/QMQAAAQEICiczEOgAVd0S+b602WludgAAAAAAAAAAACUAAAAM+O86AQEAAABjYqN6+8l5NV5ILuoyGWmRHhZ4vrImNA17xLD+35pOKQ=="} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1301329331545459,"flow_dst_last_pkt_time":1301329304813916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1301329331545459,"pkt":"ACPrIpS0ACNshovhCABFAABx5FNAAEAGNkvAqAGOuDqld9i\/II0stRe2NDMFdYAY\/\/+YyAAAAQEICiczEcYAVd7J+b602WludgAAAAAAAAAAACUAAACKqR5BAQEAAADko5gKOXTkTY\/EAL+Sv3gEjdoxRRE7Qf9xD2E6EXEwBA=="} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":622,"packets-processed":621,"total-skipped-flows":0,"total-l4-payload-len":537564,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1301329743430837} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":622,"packets-processed":621,"total-skipped-flows":0,"total-l4-payload-len":537564,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1301329743430837} 01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":117,"flow_first_seen":1301328319392147,"flow_src_last_pkt_time":1301329810648952,"flow_dst_last_pkt_time":1301328837883797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":25033,"flow_dst_tot_l4_payload_len":127108,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":47,"flow_dst_packets_processed":72,"flow_first_seen":1301328699728375,"flow_src_last_pkt_time":1301329743430837,"flow_dst_last_pkt_time":1301329807659230,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":23722,"flow_dst_tot_l4_payload_len":51175,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01117{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":3,"flow_first_seen":1301329304767401,"flow_src_last_pkt_time":1301329810839993,"flow_dst_last_pkt_time":1301329452712485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":1061,"flow_src_tot_l4_payload_len":1498,"flow_dst_tot_l4_payload_len":1186,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":65,"flow_dst_packets_processed":96,"flow_first_seen":1301328472925065,"flow_src_last_pkt_time":1301329809784023,"flow_dst_last_pkt_time":1301329809936278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":40981,"flow_dst_tot_l4_payload_len":64003,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":3,"flow_first_seen":1301327937725033,"flow_src_last_pkt_time":1301327939000921,"flow_dst_last_pkt_time":1301327938227159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":105,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":20617,"flow_dst_tot_l4_payload_len":1573,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":137,"flow_first_seen":1301328089970465,"flow_src_last_pkt_time":1301328231627793,"flow_dst_last_pkt_time":1301328420526745,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":181987,"midstream":1,"thread_ts_usec":1301329810839993,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BITCOIN","proto_id":"343","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-payload-len":539032,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_usec":1301329810839993} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/bitcoin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-payload-len":539032,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_usec":1301329810839993} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 637/637 ~~ skipped flows.............: 0 @@ -64,9 +64,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7795966 bytes -~~ total memory freed........: 7795966 bytes -~~ total allocations/frees...: 147063/147063 +~~ total memory allocated....: 11504505 bytes +~~ total memory freed........: 11504505 bytes +~~ total allocations/frees...: 217317/217317 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 568 chars ~~ json string max len.......: 2493 chars diff --git a/test/results/default/bittorrent.pcap.out b/test/results/default/bittorrent.pcap.out index 06b6f6ada..1f9622ad3 100644 --- a/test/results/default/bittorrent.pcap.out +++ b/test/results/default/bittorrent.pcap.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1455469967246718} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1455469967246718} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967246718,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469967246718,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1455469967246718,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="} 01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469967246718,"flow_src_last_pkt_time":1455469967246718,"flow_dst_last_pkt_time":1455469967246718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469967246718,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}}} @@ -161,7 +161,7 @@ 01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1455469974358684,"flow_src_last_pkt_time":1455469975341953,"flow_dst_last_pkt_time":1455469976244642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":639,"flow_src_tot_l4_payload_len":451,"flow_dst_tot_l4_payload_len":686,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01218{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469969441488,"flow_src_last_pkt_time":1455469969441488,"flow_dst_last_pkt_time":1455469969441488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01219{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455469975407300,"flow_src_last_pkt_time":1455469975407300,"flow_dst_last_pkt_time":1455469975407300,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455469982106134,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":299,"packets-processed":299,"total-skipped-flows":0,"total-l4-payload-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1455469982106134} +00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/bittorrent.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":299,"packets-processed":299,"total-skipped-flows":0,"total-l4-payload-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1455469982106134} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 299/299 ~~ skipped flows.............: 0 @@ -170,9 +170,9 @@ ~~ total active/idle flows...: 24/24 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7869884 bytes -~~ total memory freed........: 7869884 bytes -~~ total allocations/frees...: 146945/146945 +~~ total memory allocated....: 11578135 bytes +~~ total memory freed........: 11578135 bytes +~~ total allocations/frees...: 217199/217199 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 569 chars ~~ json string max len.......: 2508 chars diff --git a/test/results/default/bittorrent_tcp_miss.pcapng.out b/test/results/default/bittorrent_tcp_miss.pcapng.out index eba8bd901..1848a0762 100644 --- a/test/results/default/bittorrent_tcp_miss.pcapng.out +++ b/test/results/default/bittorrent_tcp_miss.pcapng.out @@ -1,5 +1,5 @@ -00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1673446123917965} +00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1673446123917965} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446123917965,"flow_dst_last_pkt_time":1673446123917965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1673446123917965,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1673446123917965,"flow_dst_last_pkt_time":1673446123917965,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1673446123917965,"pkt":"UlQARf4hvGGTecRkCABFAAA8AbRAAEAGffTAqHoiskfOAb9bGuH76ArUAAAAAKAC\/\/\/tPAAAAgQFtAQCCAqT2yrZAAAAAAEDAwg="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1673446123917965,"flow_dst_last_pkt_time":1673446123936638,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1673446123936638,"pkt":"vGGTecRkUlQARf4hCABFAAA0vJhAAHgGixeyR84BwKh6Ihrhv1taDkQc++gK1YAS\/\/802wAAAgQFoAEDAwgBAQQC"} @@ -9,7 +9,7 @@ 01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446124058520,"flow_dst_last_pkt_time":1673446124076131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":424,"flow_src_tot_l4_payload_len":737,"flow_dst_tot_l4_payload_len":1043,"midstream":0,"thread_ts_usec":1673446124076131,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":"0f6b9cd2b7da4de9b6c846203920e3da49cdb795"}}} 02331{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446124132868,"flow_dst_last_pkt_time":1673446124132335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1025,"flow_dst_tot_l4_payload_len":22693,"midstream":0,"thread_ts_usec":1673446124132868,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":13847.5,"max":64959,"stddev":17166.0,"var":294672928.0,"ent":3.8,"data": [18673,26924,29858,64959,29324,33873,54911,20576,19623,21996,21047,6908,279,229,213,159,199,287,569,92,484,33856,18,24514,384,131,356,353,18454,16,8]},"pktlen": {"min":40,"avg":782.2,"max":1480,"stddev":666.4,"var":444053.7,"ent":4.4,"data": [60,52,40,238,464,40,511,280,108,419,328,90,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,40,40,1480,1480,1480,1480,1480,40,40,40]},"bins": {"c_to_s": [8,0,1,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,1,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0]},"directions": [0,1,0,0,1,0,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,0],"entropies": [4.679967880,5.131024837,4.765311718,7.106909752,7.520512581,4.903055668,7.548049450,7.183899879,6.238460064,5.624160767,5.095487118,4.067485332,7.834874630,7.871198177,7.882282257,7.884436607,7.876652241,7.857866764,7.878300190,7.864074230,7.855942726,7.876870155,4.853056431,4.803055763,7.863341808,7.865004539,7.869568825,7.874233246,7.854714394,4.853055954,4.903056145,4.853055954]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01131{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":67,"flow_first_seen":1673446123917965,"flow_src_last_pkt_time":1673446124222811,"flow_dst_last_pkt_time":1673446124229821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1093,"flow_dst_tot_l4_payload_len":90373,"midstream":0,"thread_ts_usec":1673446124229821,"l3_proto":"ip4","src_ip":"192.168.122.34","dst_ip":"178.71.206.1","src_port":48987,"dst_port":6881,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":91466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1673446124229821} +00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/bittorrent_tcp_miss.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":91466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1673446124229821} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7771701 bytes -~~ total memory freed........: 7771701 bytes -~~ total allocations/frees...: 146472/146472 +~~ total memory allocated....: 11480320 bytes +~~ total memory freed........: 11480320 bytes +~~ total allocations/frees...: 216726/216726 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 543 chars ~~ json string max len.......: 2336 chars diff --git a/test/results/default/bittorrent_utp.pcap.out b/test/results/default/bittorrent_utp.pcap.out index 8d661f4a8..ae4082cff 100644 --- a/test/results/default/bittorrent_utp.pcap.out +++ b/test/results/default/bittorrent_utp.pcap.out @@ -1,5 +1,5 @@ -00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1456385034843882} +00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1456385034843882} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1456385034843882,"flow_src_last_pkt_time":1456385034843882,"flow_dst_last_pkt_time":1456385034843882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1456385034843882,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1456385034843882,"flow_dst_last_pkt_time":1456385034843882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1456385034843882,"pkt":"xCwDBkn+LFbcjDU0CABFCACEN6IAAHARjPNS83ErwKgBBf3Jn\/8AcJbNZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AdimJ292LCw98nSvKCf40fHeZTE6cTk6Z2V0X3BlZXJzMTp0MjoOYTE6djQ6TFQBATE6eTE6cWU="} 01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1456385034843882,"flow_src_last_pkt_time":1456385034843882,"flow_dst_last_pkt_time":1456385034843882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1456385034843882,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} @@ -9,7 +9,7 @@ 00827{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1456385040390819,"flow_dst_last_pkt_time":1456385040274157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_usec":1456385040390819,"pkt":"xCwDBkn+LFbcjDU0CABFCADuPhxAAHARRg9S83ErwKgBBf3Jn\/8A2oQHAQBTAxDwaHYJ8SkXABAAAOf2ScYTQml0VG9ycmVudCBwcm90b2NvbAAAAAAAGAAFDKTI5\/smo1Sxp6oVuuryYGfGaBEtTFQxMTAwLTFGYTUzMVJ0THV2dwAAAHEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf\/\/\/\/\/\/\/\/\/\/\/\/\/7\/\/ff\/+\/\/\/\/v++\/7\/\/f\/f\/\/\/t\/+5gAAAAAEB"} 02372{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1456385034843882,"flow_src_last_pkt_time":1456385041276103,"flow_dst_last_pkt_time":1456385041181191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":477,"flow_src_tot_l4_payload_len":14142,"flow_dst_tot_l4_payload_len":872,"midstream":0,"thread_ts_usec":1456385041276103,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":959,"avg":411920.3,"max":5430275,"stddev":1202360.0,"var":1445669502976.0,"ent":2.4,"data": [4392194,1037924,5430275,116819,116920,100471,240441,139898,4463,110556,115010,959,58628,60551,88152,88141,37493,37665,24480,24365,43679,55465,11575,11793,11863,53659,52777,104119,173318,8337,17540]},"pktlen": {"min":48,"avg":497.2,"max":1500,"stddev":600.8,"var":360942.7,"ent":4.0,"data": [132,132,48,58,238,505,48,48,103,257,48,48,132,1500,54,1500,54,1500,54,1500,54,82,1500,54,1500,54,1500,48,48,1037,1037,1037]},"bins": {"c_to_s": [3,0,0,3,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0],"s_to_c": [11,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0],"entropies": [5.803075790,5.866444111,4.474482536,4.231768131,4.447527885,5.267382622,4.667174816,5.259760857,3.872052193,5.423846722,5.259760857,4.750508785,5.806200504,7.847329140,4.531593323,7.839333057,4.619647026,7.837954521,4.582609653,7.820847988,4.619647026,4.109564304,7.831181049,4.693720818,7.634190559,4.693720818,7.787273407,4.892893314,4.750508785,7.761264801,7.781966686,7.702743530]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":47,"flow_dst_packets_processed":39,"flow_first_seen":1456385034843882,"flow_src_last_pkt_time":1456385044298958,"flow_dst_last_pkt_time":1456385054059812,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1472,"flow_dst_max_l4_payload_len":477,"flow_src_tot_l4_payload_len":34679,"flow_dst_tot_l4_payload_len":3198,"midstream":0,"thread_ts_usec":1456385054059812,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":86,"packets-processed":86,"total-skipped-flows":0,"total-l4-payload-len":37877,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1456385054059812} +00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/bittorrent_utp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":86,"packets-processed":86,"total-skipped-flows":0,"total-l4-payload-len":37877,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1456385054059812} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 86/86 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769247 bytes -~~ total memory freed........: 7769247 bytes -~~ total allocations/frees...: 146457/146457 +~~ total memory allocated....: 11477866 bytes +~~ total memory freed........: 11477866 bytes +~~ total allocations/frees...: 216711/216711 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 548 chars ~~ json string max len.......: 2377 chars diff --git a/test/results/default/bjnp.pcap.out b/test/results/default/bjnp.pcap.out index 9514ebd03..ad34238ad 100644 --- a/test/results/default/bjnp.pcap.out +++ b/test/results/default/bjnp.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1467725378685790} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1467725378685790} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725378685790,"flow_src_last_pkt_time":1467725378685790,"flow_dst_last_pkt_time":1467725378685790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725378685790,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1467725378685790,"flow_dst_last_pkt_time":1467725378685790,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":46,"pkt_l4_len":24,"thread_ts_usec":1467725378685790,"pkt":"RQAALAmDAAB5EfxOwKi5jcCoARHDpyGkABg0Q0JKTlACAQAAF6QAAAAAAADK6w=="} 01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725378685790,"flow_src_last_pkt_time":1467725378685790,"flow_dst_last_pkt_time":1467725378685790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725378685790,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.17","src_port":50087,"dst_port":8612,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BJNP","proto_id":"204","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -40,7 +40,7 @@ 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725384113794,"flow_src_last_pkt_time":1467725384113794,"flow_dst_last_pkt_time":1467725384113794,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725385329792,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.3","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BJNP","proto_id":"204","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725383909788,"flow_src_last_pkt_time":1467725383909788,"flow_dst_last_pkt_time":1467725383909788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725385329792,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.2","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BJNP","proto_id":"204","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467725383705789,"flow_src_last_pkt_time":1467725383705789,"flow_dst_last_pkt_time":1467725383705789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467725385329792,"l3_proto":"ip4","src_ip":"192.168.185.141","dst_ip":"192.168.1.1","src_port":50089,"dst_port":8612,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BJNP","proto_id":"204","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1467725385329792} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/bjnp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1467725385329792} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -49,9 +49,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7786375 bytes -~~ total memory freed........: 7786375 bytes -~~ total allocations/frees...: 146480/146480 +~~ total memory allocated....: 11494850 bytes +~~ total memory freed........: 11494850 bytes +~~ total allocations/frees...: 216734/216734 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 517 chars ~~ json string max len.......: 1095 chars diff --git a/test/results/default/bot.pcap.out b/test/results/default/bot.pcap.out index 3d8e3a6f8..398ae797d 100644 --- a/test/results/default/bot.pcap.out +++ b/test/results/default/bot.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645108240233170} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645108240233170} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645108240233170,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233170,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1645108240233170,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQIAMBFSQABuBooHKE2nJFkfSNz9AABQtwbJ7AAAAABwwvrwl9EAAAIEBaABAQQC"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645108240233170,"flow_dst_last_pkt_time":1645108240233579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1645108240233579,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAMAAAQAA\/BspbWR9I3ChNpyQAUP0AWPWTl7cGye1wEnIQNMAAAAIEBbQBAQQC"} @@ -9,7 +9,7 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1645108240339700,"flow_dst_last_pkt_time":1645108240340261,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_usec":1645108240340261,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAKO4IQAA\/BtxaWR9I3ChNpyQAUP0AWPWTmLcGyylQEHVAXRgAAAAAtTpUPQ=="} 02250{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":25,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108240455112,"flow_dst_last_pkt_time":1645108240455337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":33120,"midstream":0,"thread_ts_usec":1645108240455337,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":14326.1,"max":114244,"stddev":36180.2,"var":1309009792.0,"ent":2.2,"data": [409,106526,4,106682,7609,64,117,61,7,4,842,8,6,4,114244,282,105363,69,4,6,123,5,6,4,232,8,61,8,763,123,465]},"pktlen": {"min":46,"avg":1086.5,"max":1480,"stddev":631.2,"var":398369.0,"ent":4.6,"data": [48,48,46,356,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480]},"bins": {"c_to_s": [6,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1],"entropies": [4.668832779,4.823934078,4.705051422,5.553816795,4.685968399,6.426275253,7.497505188,7.820932388,7.830261230,7.797591209,7.805040359,7.821845531,7.816341877,7.795114517,7.064133644,4.748529911,4.585274220,7.814039707,7.815784454,7.820162296,7.814042091,7.827082157,7.799123287,7.792435646,7.357606411,5.923022270,7.867007732,5.467782974,4.930641174,4.661573410,4.661573410,5.117170334]},"ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01081{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":115,"flow_dst_packets_processed":287,"flow_first_seen":1645108240233170,"flow_src_last_pkt_time":1645108245896135,"flow_dst_last_pkt_time":1645108245896491,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":316,"flow_dst_tot_l4_payload_len":406780,"midstream":0,"thread_ts_usec":1645108245896491,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"44": {"risk":"Crawler\/Bot","severity":"Low","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":402,"packets-processed":402,"total-skipped-flows":0,"total-l4-payload-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1645108245896491} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/bot.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":402,"packets-processed":402,"total-skipped-flows":0,"total-l4-payload-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1645108245896491} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 402/402 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7778640 bytes -~~ total memory freed........: 7778640 bytes -~~ total allocations/frees...: 146779/146779 +~~ total memory allocated....: 11487259 bytes +~~ total memory freed........: 11487259 bytes +~~ total allocations/frees...: 217033/217033 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 541 chars ~~ json string max len.......: 2255 chars diff --git a/test/results/default/bt-dns.pcap.out b/test/results/default/bt-dns.pcap.out index b0edf48a6..9a2c3dd9a 100644 --- a/test/results/default/bt-dns.pcap.out +++ b/test/results/default/bt-dns.pcap.out @@ -1,11 +1,11 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00733{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":78726493,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78726493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":78726493,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.3","src_port":59751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78726493,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":78726493,"pkt":"UlQAEjUDCAAn5uVZCABFAAA6fBwAAIARpoUKAAIPCgACA+lnADUAJvPGb\/EBAAABAAAAAAAACHV0b3JyZW50A2NvbQAAAQAB"} 01150{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":78726493,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78726493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":78726493,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.3","src_port":59751,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.BitTorrent","proto_id":"5.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"utorrent.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78730365,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":78730365,"pkt":"CAAn5uVZUlQAEjUCCABFAABKEKAAAEARUfIKAAIDCgACDwA16WcANruUb\/GBgAABAAEAAAAACHV0b3JyZW50A2NvbQAAAQABwAwAAQABAAAC5wAEYo+SBw=="} 01040{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":78726493,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78730365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":78730365,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.3","src_port":59751,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.BitTorrent","proto_id":"5.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"utorrent.com","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"98.143.146.7"}}} 00935{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":78726493,"flow_src_last_pkt_time":78726493,"flow_dst_last_pkt_time":78730365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":78730365,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.2.3","src_port":59751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.BitTorrent","proto_id":"5.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00620{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":76,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":78730365} +00620{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-dns.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":76,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":78730365} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766811 bytes -~~ total memory freed........: 7766811 bytes -~~ total allocations/frees...: 146373/146373 +~~ total memory allocated....: 11475430 bytes +~~ total memory freed........: 11475430 bytes +~~ total allocations/frees...: 216627/216627 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 528 chars ~~ json string max len.......: 1155 chars diff --git a/test/results/default/bt-http.pcapng.out b/test/results/default/bt-http.pcapng.out index 813f79727..f68239af7 100644 --- a/test/results/default/bt-http.pcapng.out +++ b/test/results/default/bt-http.pcapng.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631962352376282} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631962352376282} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631962352376282,"flow_src_last_pkt_time":1631962352376282,"flow_dst_last_pkt_time":1631962352376282,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631962352376282,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"176.31.225.118","src_port":46882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631962352376282,"flow_dst_last_pkt_time":1631962352376282,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1631962352376282,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8rHZAAEAGOofAqAGAsB\/hdrciAFDsRCPNAAAAAKACC2gBUwAAAgQFtAQCCApMENP4AAAAAAEDAwA="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1631962352376282,"flow_dst_last_pkt_time":1631962352393006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1631962352393006,"pkt":"PKn0qB\/spJGxgjQ5CABFAAAsAABAADMG9A2wH+F2wKgBgABQtyLpFLp77EQjzmASRHCYbQAAAgQCGAAA"} @@ -8,7 +8,7 @@ 01312{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1631962352376282,"flow_src_last_pkt_time":1631962352393146,"flow_dst_last_pkt_time":1631962352393006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":370,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631962352393146,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"176.31.225.118","src_port":46882,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.BitTorrent","proto_id":"7.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"tracker.trackerfix.com","http": {"url":"tracker.trackerfix.com\/announce?info_hash=%aa7i%c4S%0d%de%06%24%18s%da%d4%3a%b5%cc%ec%2c%e6%22&peer_id=-TR2940-chho92c56pul&port=51413&uploaded=0&downloaded=0&left=282050560&numwant=80&key=3b5502cc&compact=1&supportcrypto=1&requirecrypto=1&event=started","code":0,"content_type":"","user_agent":"Transmission\/2.94"}}} 00986{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1631962352393146,"flow_dst_last_pkt_time":1631962352417837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":394,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":394,"pkt_l4_len":360,"thread_ts_usec":1631962352417837,"pkt":"PKn0qB\/spJGxgjQ5CABFAAF8AABAADMG8r2wH+F2wKgBgABQtyLpFLp87EQlQFAZRHAAXAAASFRUUC8xLjEgMzA3IFRlbXBvcmFyeSBSZWRpcmVjdA0KQ29ubmVjdGlvbjogY2xvc2UNClByYWdtYTogbm8tY2FjaGUNCmNhY2hlLWNvbnRyb2w6IG5vLWNhY2hlDQpMb2NhdGlvbjogL2Fubm91bmNlP2luZm9faGFzaD0lYWE3aSVjNFMlMGQlZGUlMDYlMjQlMThzJWRhJWQ0JTNhJWI1JWNjJWVjJTJjJWU2JTIyJnBlZXJfaWQ9LVRSMjk0MC1jaGhvOTJjNTZwdWwmcG9ydD01MTQxMyZ1cGxvYWRlZD0wJmRvd25sb2FkZWQ9MCZsZWZ0PTI4MjA1MDU2MCZudW13YW50PTgwJmtleT0zYjU1MDJjYyZjb21wYWN0PTEmc3VwcG9ydGNyeXB0bz0xJnJlcXVpcmVjcnlwdG89MSZldmVudD1zdGFydGVkDQoNCg=="} 00986{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":2,"flow_first_seen":1631962352376282,"flow_src_last_pkt_time":1631962409934151,"flow_dst_last_pkt_time":1631962352417837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":340,"flow_src_tot_l4_payload_len":370,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":1631962409934151,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"176.31.225.118","src_port":46882,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.BitTorrent","proto_id":"7.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":710,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1631962409934151} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/bt-http.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":710,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1631962409934151} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767773 bytes -~~ total memory freed........: 7767773 bytes -~~ total allocations/frees...: 146400/146400 +~~ total memory allocated....: 11476392 bytes +~~ total memory freed........: 11476392 bytes +~~ total allocations/frees...: 216654/216654 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 533 chars ~~ json string max len.......: 1317 chars diff --git a/test/results/default/bt_search.pcap.out b/test/results/default/bt_search.pcap.out index c1de14870..78da6fd52 100644 --- a/test/results/default/bt_search.pcap.out +++ b/test/results/default/bt_search.pcap.out @@ -1,11 +1,11 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1430752225251619} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1430752225251619} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430752225251619,"flow_src_last_pkt_time":1430752225251619,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":119,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430752225251619,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1430752225251619,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_usec":1430752225251619,"pkt":"AQBeQJiPABZEH1lmCABFAACTaOEAAP8RCRrAqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="} 00964{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1430752225251619,"flow_src_last_pkt_time":1430752225251619,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":119,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430752225251619,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1430752525284866,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_usec":1430752525284866,"pkt":"AQBeQJiPABZEH1lmCABFAACTCiwAAP8RZ8\/AqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="} 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1430752225251619,"flow_src_last_pkt_time":1430752525284866,"flow_dst_last_pkt_time":1430752225251619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":119,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":238,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1430752525284866,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":238,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1430752525284866} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/bt_search.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":238,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1430752525284866} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766783 bytes -~~ total memory freed........: 7766783 bytes -~~ total allocations/frees...: 146372/146372 +~~ total memory allocated....: 11475402 bytes +~~ total memory freed........: 11475402 bytes +~~ total allocations/frees...: 216626/216626 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 570 chars ~~ json string max len.......: 969 chars diff --git a/test/results/default/cachefly.pcapng.out b/test/results/default/cachefly.pcapng.out index 46931d467..84596664e 100644 --- a/test/results/default/cachefly.pcapng.out +++ b/test/results/default/cachefly.pcapng.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639053996915968} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639053996915968} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639053996915968,"flow_src_last_pkt_time":1639053996915968,"flow_dst_last_pkt_time":1639053996915968,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639053996915968,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639053996915968,"flow_dst_last_pkt_time":1639053996915968,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1639053996915968,"pkt":"AAAAAAAAAAEAzkGkCABFAAA8AABAADgGbggKCgoBwKgAAQG7qvYcGrARC\/df8aASOJAXeAAAAgQFtAQCCAr4WKdZ8aCtGAEDAwk="} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639053996915968,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1639053997244536,"pkt":"AAAAAAAAAAEAzkGkCABFAAI5KtdAAD8GOjTAqAABCgoKAar2AbsL91\/xHBqwEoAYAECN7gAAAQEICvGgrmz4WKdZFgMBAgABAAH8AwN5I1ozU7xInxtJozbyruWCcUxU4dIiuEr772yEdl+IjiA8lzzThjK9JFGzvzmsOf5jh+xiqEIzY+\/b\/bu2q\/rhKgAgysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTKioAAAAAABcAFQAAEmFwcHR2LmNhY2hlZmx5Lm5ldAAXAAD\/AQABAAAKAAoACBoaAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApGhoAAQAAHQAgnPDvY\/VXlPM6JRGRsi41pgbweEr23XZr7mS8KeaUbX0ALQACAQEAKwALCjo6AwQDAwMCAwEAGwADAgACRGkABQADAmgyiooAAQAAFQDBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} @@ -10,7 +10,7 @@ 02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639053997267562,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"thread_ts_usec":1639053997267562,"pkt":"AAAAAAAAAAEAzkGkCABFAAV41QlAADgGk8IKCgoBwKgAAQG7qvYcGrqaC\/dh9oAQAB\/vzwAAAQEICvhYqLjxoK5sqdvCyNy5nJl8pz8yig1\/0ToWo4n9G1+jQBkpHuvmq3mui3JaLfaWEYzTozJ2lSjwdmADNIQmGCVoo94GYNcxHUw+jfmGsG3KkH41Yf7PGpFbZe91rp+mBxc2VnnNt\/WxNR7dl4m8J1f4MhQYldwt9akxZAnON84h2ZASWPhsdS8bH6k8KebX8pwcPYKtvKQUwxNRMSLJJqTTpzIw85wYyhANgqvE838DGLsCL8jxxhy5+0fKuXi4mwFbgmqDattP32RRoTk1s8zPgwN00cv2z\/4ylTPyDqwpuCc8mgAEUjCCBE4wggM2oAMCAQICDQHuXyId\/GI71DM6hVcwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTgxMTIxMDAwMDAwWhcNMjgxMTIxMDAwMDAwWjBQMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEmMCQGA1UEAxMdR2xvYmFsU2lnbiBSU0EgT1YgU1NMIENBIDIwMTgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnWsnVDBghACPVlw\/rrt1caGtrj1BgE3qBy5fujophlEsmefYEpyr7pNpWu+6gpPB7in9VH0eTYQ1ucVE6JSQIL4zh94nWks+vs6c\/MO213yGu\/vVEF\/3YY9kv04Faa1\/TR7Cs8qs7JHlPH8cu6rkVOnwYTGmztSBZCV4pw2PmLkZbqpSQSQ658PVKoQkvfDRN0LwAxQZVeQbOotAQ8UhD6LlatZVVvTHSGz2GvqHsDRLbLJkkrUfCbwPmenC1cMzNJyyljI7CGDySyS5zbwYQVpNAqqPFUvvlxQXWaWhcBrnuUYnhig5BTZuSkAqJ6RZr7+91vnpGuONHih0cLqdPAgMBAAGjggEpMIIBJTAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH\/BAgwBgEB\/wIBADAdBgNVHQ4EFgQU+O9\/8s14Z6jeb48kjYjxhwMCs+swHwYDVR0jBBgwFoAUj\/BLf6guRSSuTVD6Y5qL3uLdG7wwPgYIKwYBBQUHAQEEMjAwMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5jb20vcm9vdHIzMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5jb20vcm9vdC1yMy5jcmwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQCZkMgtX0KK1Atm25gDcxHUiIZSKFOK+63f\/XOOOmcE28NTFHAUCXzD4PjXHJgaosQ+2+kA48pwsvEiMCFW29OteV6BWAttFIA19W9dHeuaRwX\/WY0AsUDakJiWGrpsbX+M9bOA34xkczaWeXlpdOq\/+J4Bj6CVaY3phLrp5dSIONt4O5jQNnspsNJSGJDeUkMArmonyBSehpWs4YAxMH6aJbuLrAQjppkA6PHSJuwPfjuKK5I4Ex2Phs2GUkfmNHxbpAI+imF8InZTWpRTM4a4kqhyr6H5UocfMaX8sIFXL830ztz2JM+n4jSQaJ3+qvGpmhLMm8DGw6ilsCF+3kj2AANjMIIDXzCCAkegAwIBAgILBA=="} 02702{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1639053996915968,"flow_src_last_pkt_time":1639053997267567,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5242,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639053997267567,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cachefly","proto_id":"91.289","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"apptv.cachefly.net","tls": {"version":"TLSv1.2","server_names":"*.cachefly.net,get.taxcycle.com,books24x7.com,siteclosed.overdrive.com,c.adventurerv.net,download.acoustica.com,cdn.arstechnica.net,ocp.cscglobal.com,cdn-w.gettraffic.com,cf.cdn.poundstopocket.co.uk,cf.cdn.cashnetusa.com,cf.cdn.quickquid.co.uk,downloads.oncenter.com,cache.green1020.com,software.onthehub.com,code.murdoog.com,img.tradepub.com,images.overdrive.com,static.readyflowers.com,cdn.richrelevance.com,qastatic.richrelevance.net,cache.agilebits.com,cachefly.alfredapp.com,download.fosshub.com,cdncontent.skillsoftcompliance.com,cdnlibrary.qual.skillport.com,cdnlibrary.skillport.com,cdnlibrary.skillport.eu,cdnlibrary-otls.skillport.com,st-cdn01.net-perform.com,assets.yandycdn.com,cdn.nexternal.com,www.workcred.org,img.sedoparking.com,www.standardsboostbusiness.org,cdn.sparklingsociety.net,smartupdate1.centralpointnow.com,cdn.edgeuno.com,downloads.pdf-xchange.com,cachefly.kinematics.com,cachefly.discoverinspire.com,static.volotea.com,*.cachefly.com,*.pluralsight.com,*.cdn.overdrive.com,*.contentreserve.com,*.listen.overdrivechina.cn,*.od-cdn.com,*.overdrivechina.cn,*.read.overdrivechina.cn,*.rbxcdn.com,*.books24x7.com,*.ansi.org,*.livee.com,cachefly.net","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=US, ST=Illinois, L=Chicago, O=Cachenetworks, LLC, CN=*.cachefly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"14:84:4F:1F:E8:A1:78:8A:12:27:36:B8:42:AB:42:52:FC:3B:C4:BA"}}} 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1639053996915968,"flow_src_last_pkt_time":1639053997267567,"flow_dst_last_pkt_time":1639053997244536,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5242,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639053997267567,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":43766,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":5759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1639053997267567} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/cachefly.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":5759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1639053997267567} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7816421 bytes -~~ total memory freed........: 7816421 bytes -~~ total allocations/frees...: 146442/146442 +~~ total memory allocated....: 11525040 bytes +~~ total memory freed........: 11525040 bytes +~~ total allocations/frees...: 216696/216696 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 561 chars ~~ json string max len.......: 2707 chars diff --git a/test/results/default/can.pcap.out b/test/results/default/can.pcap.out new file mode 100644 index 000000000..c1348b7e7 --- /dev/null +++ b/test/results/default/can.pcap.out @@ -0,0 +1,51 @@ +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1682849329089168} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849329089168,"flow_src_last_pkt_time":1682849329089168,"flow_dst_last_pkt_time":1682849329089168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849329089168,"l3_proto":"ip4","src_ip":"207.134.64.89","dst_ip":"48.220.224.78","src_port":36251,"dst_port":11898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1682849329089168,"flow_dst_last_pkt_time":1682849329089168,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1682849329089168,"pkt":"mgwp30Y4PJTVQTiBCABFAABJTkoAAO4ROSvPhkBZMNzgTo2bLnoANQAASVNPMTE4OTgBAmoS8QkIOyDWcAAA\/3\/9EABqE\/EJCDsgIG7\/\/\/\/\/\/xAAAWD\/"} +01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849329089168,"flow_src_last_pkt_time":1682849329089168,"flow_dst_last_pkt_time":1682849329089168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849329089168,"l3_proto":"ip4","src_ip":"207.134.64.89","dst_ip":"48.220.224.78","src_port":36251,"dst_port":11898,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849375322090,"flow_src_last_pkt_time":1682849375322090,"flow_dst_last_pkt_time":1682849375322090,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849375322090,"l3_proto":"ip4","src_ip":"55.97.32.36","dst_ip":"61.40.63.42","src_port":56551,"dst_port":25353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1682849375322090,"flow_dst_last_pkt_time":1682849375322090,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1682849375322090,"pkt":"ioT+\/Ph8PJTVQTiBCABFAABJTkoAAO4ROSU3YSAkPSg\/KtznYwkANQAASVNPMTE4OTgBAmoS8QkIOyDWcAAA\/3\/9EABqE\/EJCDsgIG7\/\/\/\/\/\/xAAAWD\/"} +01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849375322090,"flow_src_last_pkt_time":1682849375322090,"flow_dst_last_pkt_time":1682849375322090,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849375322090,"l3_proto":"ip4","src_ip":"55.97.32.36","dst_ip":"61.40.63.42","src_port":56551,"dst_port":25353,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +01102{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849329089168,"flow_src_last_pkt_time":1682849329089168,"flow_dst_last_pkt_time":1682849329089168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849375322090,"l3_proto":"ip4","src_ip":"207.134.64.89","dst_ip":"48.220.224.78","src_port":36251,"dst_port":11898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849396372123,"flow_src_last_pkt_time":1682849396372123,"flow_dst_last_pkt_time":1682849396372123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849396372123,"l3_proto":"ip4","src_ip":"128.244.36.46","dst_ip":"196.77.109.252","src_port":34952,"dst_port":11898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1682849396372123,"flow_dst_last_pkt_time":1682849396372123,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1682849396372123,"pkt":"AJffLU2SPJTVQTiBCABFAABJTkoAAO4ROSqA9CQuxE1t\/IiILnoANQAASVNPMTE4OTgBAmoS8QkIOyDWcAAA\/3\/9EABqE\/EJCDsgIG7\/\/\/\/\/\/xAAAWD\/"} +01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849396372123,"flow_src_last_pkt_time":1682849396372123,"flow_dst_last_pkt_time":1682849396372123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849396372123,"l3_proto":"ip4","src_ip":"128.244.36.46","dst_ip":"196.77.109.252","src_port":34952,"dst_port":11898,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849396372123,"flow_src_last_pkt_time":1682849396372123,"flow_dst_last_pkt_time":1682849396372123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849396372123,"l3_proto":"ip4","src_ip":"103.183.191.240","dst_ip":"73.121.85.123","src_port":46565,"dst_port":63575,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1682849396372123,"flow_dst_last_pkt_time":1682849396372123,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1682849396372123,"pkt":"bgwp30Y4PJTVQTiBCABFAABJTkoAAO0ROiBnt7\/wSXlVe7Xl+FcANQAASVNPMTE4OTgBAmoS8QkIOyDWcAAA\/3\/9EABqE\/EJCDsgIG7\/\/\/\/\/\/xAAAWD\/"} +01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849396372123,"flow_src_last_pkt_time":1682849396372123,"flow_dst_last_pkt_time":1682849396372123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849396372123,"l3_proto":"ip4","src_ip":"103.183.191.240","dst_ip":"73.121.85.123","src_port":46565,"dst_port":63575,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849400339358,"flow_src_last_pkt_time":1682849400339358,"flow_dst_last_pkt_time":1682849400339358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849400339358,"l3_proto":"ip4","src_ip":"247.111.83.65","dst_ip":"172.44.102.53","src_port":53276,"dst_port":11898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1682849400339358,"flow_dst_last_pkt_time":1682849400339358,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1682849400339358,"pkt":"3gwp30Y4PJTVQTiBCABFAABJTkoAAO4ROSH3b1NBrCxmNdAcLnoANQAASVNPMTE4OTgBAmoS8QkIOyDWcAAA\/3\/9EABqE\/EJCDsgIG7\/\/\/\/\/\/xAAAWD\/"} +01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849400339358,"flow_src_last_pkt_time":1682849400339358,"flow_dst_last_pkt_time":1682849400339358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849400339358,"l3_proto":"ip4","src_ip":"247.111.83.65","dst_ip":"172.44.102.53","src_port":53276,"dst_port":11898,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849407311637,"flow_src_last_pkt_time":1682849407311637,"flow_dst_last_pkt_time":1682849407311637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849407311637,"l3_proto":"ip4","src_ip":"248.12.123.236","dst_ip":"69.120.47.124","src_port":39411,"dst_port":540,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1682849407311637,"flow_dst_last_pkt_time":1682849407311637,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1682849407311637,"pkt":"ijHC4dyOPJTVQTiBCABFAABJTkoAAO4ROSb4DHvsRXgvfJnzAhwANQAASVNPMTE4OTgBAmoS8QkIOyDWcAAA\/3\/9EABqE\/EJCDsgIG7\/\/\/\/\/\/xAAAWD\/"} +01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849407311637,"flow_src_last_pkt_time":1682849407311637,"flow_dst_last_pkt_time":1682849407311637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849407311637,"l3_proto":"ip4","src_ip":"248.12.123.236","dst_ip":"69.120.47.124","src_port":39411,"dst_port":540,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849407311637,"flow_src_last_pkt_time":1682849407311637,"flow_dst_last_pkt_time":1682849407311637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849407311637,"l3_proto":"ip4","src_ip":"156.187.243.113","dst_ip":"211.116.172.72","src_port":52611,"dst_port":11898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1682849407311637,"flow_dst_last_pkt_time":1682849407311637,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1682849407311637,"pkt":"AM1PogZtPJTVQTiBCABFAABJTkoAAO0ROiOcu\/Nx03SsSM2DLnoANQAASVNPMTE4OTgBAmoS8QkIOyDWcAAA\/3\/9EABqE\/EJCDsgIG7\/\/\/\/\/\/xAAAWD\/"} +01064{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849407311637,"flow_src_last_pkt_time":1682849407311637,"flow_dst_last_pkt_time":1682849407311637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849407311637,"l3_proto":"ip4","src_ip":"156.187.243.113","dst_ip":"211.116.172.72","src_port":52611,"dst_port":11898,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849417335803,"flow_src_last_pkt_time":1682849417335803,"flow_dst_last_pkt_time":1682849417335803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"140.194.231.1","dst_ip":"89.92.174.8","src_port":58665,"dst_port":32367,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1682849417335803,"flow_dst_last_pkt_time":1682849417335803,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1682849417335803,"pkt":"AAwp30Y4PJTVQTiBCABFAABJTkoAAO4ROSyMwucBWVyuCOUpfm8ANQAASVNPMTE4OTgBAmoS8QkIOyDWcAAA\/3\/9EABqE\/EJCDsgIG7\/\/\/\/\/\/xAAAWD\/"} +01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849417335803,"flow_src_last_pkt_time":1682849417335803,"flow_dst_last_pkt_time":1682849417335803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"140.194.231.1","dst_ip":"89.92.174.8","src_port":58665,"dst_port":32367,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849396372123,"flow_src_last_pkt_time":1682849396372123,"flow_dst_last_pkt_time":1682849396372123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"128.244.36.46","dst_ip":"196.77.109.252","src_port":34952,"dst_port":11898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849407311637,"flow_src_last_pkt_time":1682849407311637,"flow_dst_last_pkt_time":1682849407311637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"248.12.123.236","dst_ip":"69.120.47.124","src_port":39411,"dst_port":540,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849375322090,"flow_src_last_pkt_time":1682849375322090,"flow_dst_last_pkt_time":1682849375322090,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"55.97.32.36","dst_ip":"61.40.63.42","src_port":56551,"dst_port":25353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849417335803,"flow_src_last_pkt_time":1682849417335803,"flow_dst_last_pkt_time":1682849417335803,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"140.194.231.1","dst_ip":"89.92.174.8","src_port":58665,"dst_port":32367,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849400339358,"flow_src_last_pkt_time":1682849400339358,"flow_dst_last_pkt_time":1682849400339358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"247.111.83.65","dst_ip":"172.44.102.53","src_port":53276,"dst_port":11898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849407311637,"flow_src_last_pkt_time":1682849407311637,"flow_dst_last_pkt_time":1682849407311637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"156.187.243.113","dst_ip":"211.116.172.72","src_port":52611,"dst_port":11898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849396372123,"flow_src_last_pkt_time":1682849396372123,"flow_dst_last_pkt_time":1682849396372123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"103.183.191.240","dst_ip":"73.121.85.123","src_port":46565,"dst_port":63575,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682849329089168,"flow_src_last_pkt_time":1682849329089168,"flow_dst_last_pkt_time":1682849329089168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682849417335803,"l3_proto":"ip4","src_ip":"207.134.64.89","dst_ip":"48.220.224.78","src_port":36251,"dst_port":11898,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Controller_Area_Network","proto_id":"352","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +00627{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/can.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1682849417335803} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 8/8 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 360 bytes +~~ total detected protocols..: 8 +~~ total active/idle flows...: 8/8 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 11490528 bytes +~~ total memory freed........: 11490528 bytes +~~ total allocations/frees...: 216710/216710 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 564 chars +~~ json string max len.......: 1108 chars +~~ json string avg len.......: 835 chars diff --git a/test/results/default/capwap.pcap.out b/test/results/default/capwap.pcap.out index bf75bf531..b119eebf4 100644 --- a/test/results/default/capwap.pcap.out +++ b/test/results/default/capwap.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1422328949167396} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1422328949167396} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422328949167396,"flow_src_last_pkt_time":1422328949167396,"flow_dst_last_pkt_time":1422328949167396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422328949167396,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1422328949167396,"flow_dst_last_pkt_time":1422328949167396,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_usec":1422328949167396,"pkt":"uDhh8wWsJOmzR64gCABFwABdANlAAH8RZJPAqAoJwKgKChR+MFsASQAAAQAAABX+\/wABAAAAAAABADCRUl3gOBqBz\/u8XElQaHVuhYA4Oyehwv8gEXQ+BVAOU1L6bxnlZCgpb3mFtLC\/ZhI="} 01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1422328949167396,"flow_src_last_pkt_time":1422328949167396,"flow_dst_last_pkt_time":1422328949167396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":65,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":65,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422328949167396,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -67,7 +67,7 @@ 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1422329005766358,"flow_src_last_pkt_time":1422329136181810,"flow_dst_last_pkt_time":1422329005766358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":492,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1422329175528388,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":106,"flow_dst_packets_processed":111,"flow_first_seen":1422329005767224,"flow_src_last_pkt_time":1422329174862523,"flow_dst_last_pkt_time":1422329174862030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1457,"flow_dst_max_l4_payload_len":1457,"flow_src_tot_l4_payload_len":21692,"flow_dst_tot_l4_payload_len":32868,"midstream":0,"thread_ts_usec":1422329175528388,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":170,"flow_dst_packets_processed":3,"flow_first_seen":1422329017533285,"flow_src_last_pkt_time":1422329175528388,"flow_dst_last_pkt_time":1422329139638529,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":428,"flow_dst_max_l4_payload_len":126,"flow_src_tot_l4_payload_len":26325,"flow_dst_tot_l4_payload_len":311,"midstream":0,"thread_ts_usec":1422329175528388,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CAPWAP","proto_id":"247","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":422,"packets-processed":397,"total-skipped-flows":0,"total-l4-payload-len":81835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":70,"global_ts_usec":1422329175528388} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/capwap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":422,"packets-processed":397,"total-skipped-flows":0,"total-l4-payload-len":81835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":70,"global_ts_usec":1422329175528388} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 422/397 ~~ skipped flows.............: 0 @@ -76,9 +76,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7786802 bytes -~~ total memory freed........: 7786802 bytes -~~ total allocations/frees...: 146810/146810 +~~ total memory allocated....: 11495357 bytes +~~ total memory freed........: 11495357 bytes +~~ total allocations/frees...: 217064/217064 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 297 chars ~~ json string max len.......: 2383 chars diff --git a/test/results/default/capwap_data.pcapng.out b/test/results/default/capwap_data.pcapng.out index e0a1a3f30..4ddf21db5 100644 --- a/test/results/default/capwap_data.pcapng.out +++ b/test/results/default/capwap_data.pcapng.out @@ -1,5 +1,5 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1517901568789948} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1517901568789948} 00301{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1517901568789948,"packet_id":1,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1517901568789948} 00513{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":158,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":158,"pkt_l4_len":0,"thread_ts_usec":1517901568789948,"pkt":"AAAAAAAIpMZPO7OrgQCAXoEAgAMIAEUAAIhUOUAA\/hEG9qwyZJusEGRXoTAUfwB0AAAAIAMgAAAAAAS\/IwAAAAAAEQgsAISALStFkFTyAeGymRDzEeruwXYwqqoDAAAACABFAAA8ISJAAEAGPxwKAQNESn2CvLexAbsLIWFuAAAAAKAC\/\/8HGAAAAgQFtAQCCAoAIUBMAAAAAAEDAwg="} 00301{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1517901568789948,"packet_id":2,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1517901568789948} @@ -28,7 +28,7 @@ 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":142,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":142,"pkt_l4_len":0,"thread_ts_usec":1517901568789948,"pkt":"AAAAAAAIpMZPO7OrgQBgXoEAYAQIAEUAAHggA0AA\/RE8PKwQZFesMmSbFH+hMABkAAAAEAMA4D0AAAIIAABU8gHhspmEgC0rRZDkxyKquU8AAKqqAwAAAAgARQAANHZKQABABun7Sn2CvAoBA0QBu7ex0fR0XgshYhuAEABnUOoAAAEBCAqbZQIUACFAVw=="} 00303{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1517901568910933,"packet_id":14,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1517901568910933} 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":142,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":142,"pkt_l4_len":0,"thread_ts_usec":1517901568789948,"pkt":"AAAAAAAIpMZPO7OrgQBgXoEAYAQIAEUAAHggBEAA\/RE8O6wQZFesMmSbFH+hMABkAAAAEAMA4D4AAAIIAABU8gHhspmEgC0rRZDkxyKquU8AAKqqAwAAAAgARQAANHZLQABABun6Sn2CvAoBA0QBu7ex0fR0XgshYhuAEQBnUOkAAAEBCAqbZQIUACFAVw=="} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":14,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1517901568910933} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/capwap_data.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":14,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1517901568910933} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/0 ~~ skipped flows.............: 0 @@ -37,9 +37,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7764605 bytes -~~ total memory freed........: 7764605 bytes -~~ total allocations/frees...: 146360/146360 +~~ total memory allocated....: 11473240 bytes +~~ total memory freed........: 11473240 bytes +~~ total allocations/frees...: 216614/216614 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 306 chars ~~ json string max len.......: 738 chars diff --git a/test/results/default/cassandra.pcap.out b/test/results/default/cassandra.pcap.out index ce63220e3..e2b8e4d5e 100644 --- a/test/results/default/cassandra.pcap.out +++ b/test/results/default/cassandra.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1450889498032587} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1450889498032587} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1450889498032587,"flow_src_last_pkt_time":1450889498032587,"flow_dst_last_pkt_time":1450889498032587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1450889498032587,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1450889498032587,"flow_dst_last_pkt_time":1450889498032587,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1450889498032587,"pkt":"AAAAAAAAAAAAAAAACABFAAA86nRAAEAGUkV\/AAABfwAAAbXII1K9tHk3AAAAAKACqqr+MAAAAgT\/1wQCCAon7JNDAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1450889498032587,"flow_dst_last_pkt_time":1450889498032598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1450889498032598,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStcjswQ7evbR5OKASqqr+MAAAAgT\/1wQCCAon7JNDJ+yTQwEDAwc="} @@ -18,7 +18,7 @@ 02183{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1450889498074112,"flow_src_last_pkt_time":1450889535475611,"flow_dst_last_pkt_time":1450889531765769,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":11446,"flow_src_tot_l4_payload_len":794,"flow_dst_tot_l4_payload_len":12001,"midstream":0,"thread_ts_usec":1450889535475611,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":2293327.5,"max":25937061,"stddev":6507358.0,"var":42345709961216.0,"ent":2.0,"data": [13,21,671,688,5291,5315,288,749,1660,4537,3374,25897068,25937061,6031,46634,674,28,18,1162,1117,2315,1239,3343,41722,7689860,7730331,832,186,642,40128,3670158]},"pktlen": {"min":52,"avg":452.3,"max":11498,"stddev":1984.7,"var":3939065.0,"ent":1.7,"data": [60,60,52,61,52,113,52,83,61,126,11498,52,187,52,99,126,52,125,52,133,130,52,143,275,52,99,80,52,87,80,52,277]},"bins": {"c_to_s": [10,2,4,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.423614979,4.826748371,4.697768211,4.527300358,4.697767735,5.244243145,4.697768211,4.935437202,4.551833153,5.263758659,3.921820164,4.805645943,5.681179523,4.659306049,5.163017273,5.385207176,4.659306049,5.483267784,4.659306049,4.881966591,5.109060287,4.805645943,5.340395927,5.132059097,4.728722572,5.154477119,4.869704247,4.637282848,4.956277847,4.844704151,4.584303856,5.709095955]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","proto_id":"264","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":75,"flow_dst_packets_processed":69,"flow_first_seen":1450889498032587,"flow_src_last_pkt_time":1450889698077770,"flow_dst_last_pkt_time":1450889698077758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":396,"flow_dst_max_l4_payload_len":25148,"flow_src_tot_l4_payload_len":4772,"flow_dst_tot_l4_payload_len":73452,"midstream":0,"thread_ts_usec":1450889698077770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","proto_id":"264","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":74,"flow_dst_packets_processed":68,"flow_first_seen":1450889498074112,"flow_src_last_pkt_time":1450889698077769,"flow_dst_last_pkt_time":1450889698077759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":333,"flow_dst_max_l4_payload_len":11446,"flow_src_tot_l4_payload_len":4963,"flow_dst_tot_l4_payload_len":23921,"midstream":0,"thread_ts_usec":1450889698077770,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Cassandra","proto_id":"264","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":286,"packets-processed":286,"total-skipped-flows":0,"total-l4-payload-len":107108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1450889698077770} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/cassandra.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":286,"packets-processed":286,"total-skipped-flows":0,"total-l4-payload-len":107108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1450889698077770} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 286/286 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7781291 bytes -~~ total memory freed........: 7781291 bytes -~~ total allocations/frees...: 146670/146670 +~~ total memory allocated....: 11489894 bytes +~~ total memory freed........: 11489894 bytes +~~ total allocations/frees...: 216924/216924 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 548 chars ~~ json string max len.......: 2202 chars diff --git a/test/results/default/check_mk_new.pcap.out b/test/results/default/check_mk_new.pcap.out index cbe404318..b39df676c 100644 --- a/test/results/default/check_mk_new.pcap.out +++ b/test/results/default/check_mk_new.pcap.out @@ -1,5 +1,5 @@ -00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1512031663734797} +00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1512031663734797} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1512031663734797,"flow_src_last_pkt_time":1512031663734797,"flow_dst_last_pkt_time":1512031663734797,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1512031663734797,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1512031663734797,"flow_dst_last_pkt_time":1512031663734797,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1512031663734797,"pkt":"RjIA9qTs8soKyPpECABFEAA8gwhAAEAGbgrAqGQWwKhkMuZ2GZzVcug3AAAAAKACchA4TQAAAgQFtAQCCAorDGs\/AAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1512031663734797,"flow_dst_last_pkt_time":1512031663734824,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1512031663734824,"pkt":"8soKyPpERjIA9qTsCABFAAA8AABAAEAG8SLAqGQywKhkFhmc5nZuqQJN1XLoOKAScSBJyAAAAgQFtAQCCAoWUVydKwxrPwEDAwc="} @@ -9,7 +9,7 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1512031663737046,"flow_dst_last_pkt_time":1512031663736952,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1512031663737046,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwpAAEAGbhDAqGQWwKhkMuZ2GZzVcug4bqkCXYAQAOVJwAAAAQEICisMa0AWUVye"} 02128{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1512031663734797,"flow_src_last_pkt_time":1512031663748376,"flow_dst_last_pkt_time":1512031663748413,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":502,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":1376,"midstream":0,"thread_ts_usec":1512031663748413,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":27,"avg":877.3,"max":2128,"stddev":812.2,"var":659616.6,"ent":4.3,"data": [27,188,2128,2061,102,68,67,104,1865,1834,72,90,1254,1242,147,158,91,94,1228,1205,176,172,1964,1988,1810,1805,1867,1907,699,663,119]},"pktlen": {"min":52,"avg":95.5,"max":554,"stddev":116.8,"var":13650.4,"ent":4.4,"data": [60,60,52,67,52,317,52,62,52,53,52,61,52,554,52,61,52,70,52,463,52,68,52,68,52,69,52,65,52,117,52,61]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.777318954,5.266787052,5.116507530,5.382888317,4.972088814,5.429334641,5.063528538,5.369284153,5.025067329,5.119153976,5.025067329,5.200747967,5.025067329,3.834031105,5.063528538,5.200747967,4.972088814,5.439786434,5.116507530,4.356705666,5.078045845,5.383426666,5.078045845,5.414306641,5.078045845,5.456064701,5.116507530,5.341373920,5.010550022,5.388670444,5.116507530,5.245910168]},"ndpi": {"confidence": {"6":"DPI"},"proto":"CHECKMK","proto_id":"138","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00987{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":49,"flow_first_seen":1512031663734797,"flow_src_last_pkt_time":1512031663775626,"flow_dst_last_pkt_time":1512031663775645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":4096,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":13758,"midstream":0,"thread_ts_usec":1512031663775645,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CHECKMK","proto_id":"138","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":98,"packets-processed":98,"total-skipped-flows":0,"total-l4-payload-len":13758,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1512031663775645} +00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/check_mk_new.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":98,"packets-processed":98,"total-skipped-flows":0,"total-l4-payload-len":13758,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1512031663775645} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 98/98 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769595 bytes -~~ total memory freed........: 7769595 bytes -~~ total allocations/frees...: 146469/146469 +~~ total memory allocated....: 11478214 bytes +~~ total memory freed........: 11478214 bytes +~~ total allocations/frees...: 216723/216723 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 550 chars ~~ json string max len.......: 2133 chars diff --git a/test/results/default/chrome.pcap.out b/test/results/default/chrome.pcap.out index a7986b5d9..c628cbe19 100644 --- a/test/results/default/chrome.pcap.out +++ b/test/results/default/chrome.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1620902507870345} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1620902507870345} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620902507870345,"flow_src_last_pkt_time":1620902507870345,"flow_dst_last_pkt_time":1620902507870345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620902507870345,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1620902507870345,"flow_dst_last_pkt_time":1620902507870345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620902507870345,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuJAbsdWbUDAAAAALAC\/\/8TEgAAAgQFtAEDAwUBAQgKM3SSOAAAAAAEAgAA"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1620902507870345,"flow_dst_last_pkt_time":1620902507899110,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620902507899110,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4lEvFS6HVm1BKAS\/og8HwAAAgQFrAQCCAo6mxVSM3SSOAEDAwc="} @@ -54,7 +54,7 @@ 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":15,"flow_first_seen":1620902509273191,"flow_src_last_pkt_time":1620902509367004,"flow_dst_last_pkt_time":1620902509367096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":706,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1421,"flow_dst_tot_l4_payload_len":13523,"midstream":0,"thread_ts_usec":1620902509373854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1620902509274034,"flow_src_last_pkt_time":1620902509373854,"flow_dst_last_pkt_time":1620902509373839,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":706,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1303,"flow_dst_tot_l4_payload_len":14272,"midstream":0,"thread_ts_usec":1620902509373854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1620902509276446,"flow_src_last_pkt_time":1620902509367151,"flow_dst_last_pkt_time":1620902509367101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":706,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1303,"flow_dst_tot_l4_payload_len":3889,"midstream":0,"thread_ts_usec":1620902509373854,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":127,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":59629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1620902509373854} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/chrome.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":127,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":59629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1620902509373854} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 127/127 ~~ skipped flows.............: 0 @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7967950 bytes -~~ total memory freed........: 7967950 bytes -~~ total allocations/frees...: 146603/146603 +~~ total memory allocated....: 11676489 bytes +~~ total memory freed........: 11676489 bytes +~~ total allocations/frees...: 216857/216857 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 544 chars ~~ json string max len.......: 1409 chars diff --git a/test/results/default/citrix.pcap.out b/test/results/default/citrix.pcap.out index 4c4e0dbf9..0cbf930bc 100644 --- a/test/results/default/citrix.pcap.out +++ b/test/results/default/citrix.pcap.out @@ -1,4 +1,4 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00704{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":0,"flow_src_last_pkt_time":0,"flow_dst_last_pkt_time":0,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":0,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":0,"flow_dst_last_pkt_time":0,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_usec":0,"pkt":"4F+5aekiABUXp3WjCABFAAAsrYMAAIAGYjoVAAAIFgAAB7CpBdYP1me4AAAAAGACgAC\/CQAAAgQFtAAA6CmQmA=="} 00500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":0,"flow_dst_last_pkt_time":2099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":24,"thread_ts_usec":2099,"pkt":"ABUXp3Wj4F+5aekiCABFAAAsrVIAAH4GZGsWAAAHFQAACAXWsKkP1nFlD9ZnuWASgAA9vQAAAgQFtAAA3WOanQ=="} @@ -8,7 +8,7 @@ 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":8200,"flow_dst_last_pkt_time":8192,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":26,"thread_ts_usec":8200,"pkt":"4F+5aekiABUXp3WjCABFAAAurYUAAIAGYjYVAAAIFgAAB7CpBdYP1me5D9ZxbFAYgABLowAAf39JQ0EA5qZLtQ=="} 02051{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":5,"flow_first_seen":0,"flow_src_last_pkt_time":72692,"flow_dst_last_pkt_time":72684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":343,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":1670,"flow_dst_tot_l4_payload_len":114,"midstream":0,"thread_ts_usec":72692,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":4689.5,"max":56256,"stddev":12448.2,"var":154958800.0,"ent":2.6,"data": [2099,2106,6093,6094,4120,7122,1007,6,6,6,6,1006,1007,7,5,13,6,1007,6,5,2009,7,5,6,5,1007,5,56256,46119,4116,4114]},"pktlen": {"min":50,"avg":100.3,"max":387,"stddev":63.6,"var":4041.6,"ent":4.8,"data": [50,50,50,50,50,62,198,107,87,88,91,387,83,211,95,133,103,97,95,103,98,83,83,83,100,103,97,95,128,50,50,50]},"bins": {"c_to_s": [5,18,1,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0],"entropies": [4.094119072,4.506643772,4.039021015,4.568367004,4.528367043,4.245353222,5.186970711,4.576177120,4.820792675,4.800546169,4.260721207,4.770667076,4.545018196,3.338554859,4.081573486,4.165511131,4.056994915,4.437763214,4.102537632,4.181773186,4.332800388,4.481823921,4.388646603,4.394422054,4.212355614,4.095830441,4.246722221,4.279045105,4.048637390,4.188758850,4.256690979,4.322698593]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Citrix","proto_id":"132","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00927{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":75,"flow_dst_packets_processed":25,"flow_first_seen":0,"flow_src_last_pkt_time":1581384,"flow_dst_last_pkt_time":1605466,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":855,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":3874,"flow_dst_tot_l4_payload_len":1616,"midstream":0,"thread_ts_usec":1605466,"l3_proto":"ip4","src_ip":"21.0.0.8","dst_ip":"22.0.0.7","src_port":45225,"dst_port":1494,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Citrix","proto_id":"132","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":5490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1605466} +00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/citrix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":5490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1605466} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769653 bytes -~~ total memory freed........: 7769653 bytes -~~ total allocations/frees...: 146471/146471 +~~ total memory allocated....: 11478272 bytes +~~ total memory freed........: 11478272 bytes +~~ total allocations/frees...: 216725/216725 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 500 chars ~~ json string max len.......: 2056 chars diff --git a/test/results/default/cloudflare-warp.pcap.out b/test/results/default/cloudflare-warp.pcap.out index 619e9d8e3..7d3f5e59d 100644 --- a/test/results/default/cloudflare-warp.pcap.out +++ b/test/results/default/cloudflare-warp.pcap.out @@ -1,5 +1,5 @@ -00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1656230932729365} +00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1656230932729365} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230932729365,"flow_src_last_pkt_time":1656230932729365,"flow_dst_last_pkt_time":1656230932729365,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656230932729365,"l3_proto":"ip4","src_ip":"10.158.134.93","dst_ip":"142.251.42.106","src_port":55512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656230932729365,"flow_dst_last_pkt_time":1656230932729365,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1656230932729365,"pkt":"ABoRAAACABoRAAABCABFAAA0l3RAAEAGWO8KnoZdjvsqatjYAbtyVk7QfkNIjoAUAYa94wAAAQEICgCjbMKzFenn"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656230932996308,"flow_src_last_pkt_time":1656230932996308,"flow_dst_last_pkt_time":1656230932996308,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656230932996308,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"159.138.85.48","src_port":42344,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -60,7 +60,7 @@ 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1656230939663767,"flow_src_last_pkt_time":1656230939818921,"flow_dst_last_pkt_time":1656230939818981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":301,"flow_dst_max_l4_payload_len":2837,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":2837,"midstream":0,"thread_ts_usec":1656230939819684,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45606,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1656230939671699,"flow_src_last_pkt_time":1656230939819619,"flow_dst_last_pkt_time":1656230939819684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":186,"flow_dst_max_l4_payload_len":2800,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":2838,"midstream":0,"thread_ts_usec":1656230939819684,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.18.47.234","src_port":45610,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1656230934073116,"flow_src_last_pkt_time":1656230934969472,"flow_dst_last_pkt_time":1656230934919257,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":236,"flow_src_tot_l4_payload_len":992,"flow_dst_tot_l4_payload_len":439,"midstream":0,"thread_ts_usec":1656230939819684,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"157.240.16.32","src_port":40214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":63,"packets-processed":63,"total-skipped-flows":0,"total-l4-payload-len":8443,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1656230939819684} +00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/cloudflare-warp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":63,"packets-processed":63,"total-skipped-flows":0,"total-l4-payload-len":8443,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1656230939819684} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 63/63 ~~ skipped flows.............: 0 @@ -69,9 +69,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7806115 bytes -~~ total memory freed........: 7806115 bytes -~~ total allocations/frees...: 146536/146536 +~~ total memory allocated....: 11514622 bytes +~~ total memory freed........: 11514622 bytes +~~ total allocations/frees...: 216790/216790 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 538 chars ~~ json string max len.......: 1547 chars diff --git a/test/results/default/coap_mqtt.pcap.out b/test/results/default/coap_mqtt.pcap.out index 62e13ac35..e326c5452 100644 --- a/test/results/default/coap_mqtt.pcap.out +++ b/test/results/default/coap_mqtt.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1333957710293035} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1333957710293035} 00809{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957710293035,"flow_src_last_pkt_time":1333957710293035,"flow_dst_last_pkt_time":1333957710293035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957710293035,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1333957710293035,"flow_dst_last_pkt_time":1333957710293035,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1333957710293035,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nMWMwAg\/RpDAQXKchYzKy53ZWxsLWtub3duBGNvcmU="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957710293035,"flow_src_last_pkt_time":1333957710293035,"flow_dst_last_pkt_time":1333957710293035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957710293035,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} @@ -15,7 +15,7 @@ 00809{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957720773953,"flow_src_last_pkt_time":1333957720773953,"flow_dst_last_pkt_time":1333957720773953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957720773953,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1333957720773953,"flow_dst_last_pkt_time":1333957720773953,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"thread_ts_usec":1333957720773953,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACQRQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7ncWMwAkKH5FAYp0chYzKy53ZWxsLWtub3duBGNvcmUQEj3U"} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1333957720773953,"flow_src_last_pkt_time":1333957720773953,"flow_dst_last_pkt_time":1333957720773953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1333957720773953,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1375090528017876} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1375090528017876} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090528017876,"flow_src_last_pkt_time":1375090528017876,"flow_dst_last_pkt_time":1375090528017876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090528017876,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1375090528017876,"flow_dst_last_pkt_time":1375090528017876,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":81,"pkt_l4_len":27,"thread_ts_usec":1375090528017876,"pkt":"uCfrprIvACTop0mhht1gAAAAABsRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADgtsWMwAblIJCAekbB5C4c2VwYXJhdGUQ0SMR"} 01031{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1375090528017876,"flow_src_last_pkt_time":1375090528017876,"flow_dst_last_pkt_time":1375090528017876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1375090528017876,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} @@ -43,7 +43,7 @@ 01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1375090926676575,"flow_src_last_pkt_time":1375090935026698,"flow_dst_last_pkt_time":1375090935086791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":11,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1375091005672713,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":50250,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} 01075{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1375090935240020,"flow_src_last_pkt_time":1375091005616928,"flow_dst_last_pkt_time":1375091005672713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":11,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":15,"midstream":0,"thread_ts_usec":1375091005672713,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"COAP","proto_id":"27","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1375091022221897,"flow_dst_last_pkt_time":1375091005672713,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_usec":1375091022221897,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAfsB9ABJUkt3N0b3JhZ2UKbXlyZXNvdXJjZQ=="} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1455907243976582} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1455907243976582} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907243976582,"flow_src_last_pkt_time":1455907243976582,"flow_dst_last_pkt_time":1455907243976582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455907243976582,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1455907243976582,"flow_dst_last_pkt_time":1455907243976582,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1455907243976582,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELhAAIAG+F7AqDgBwKg4ZdESRF16higakEiEGVAYAQAwoAAAwAAAAAAA"} 01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907243976582,"flow_src_last_pkt_time":1455907243976582,"flow_dst_last_pkt_time":1455907243976582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1455907243976582,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -118,7 +118,7 @@ 01217{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":35,"flow_first_seen":1455907258332152,"flow_src_last_pkt_time":1455907272399051,"flow_dst_last_pkt_time":1455907272398939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":578,"flow_dst_tot_l4_payload_len":808,"midstream":1,"thread_ts_usec":1455907286608960,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01217{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":26,"flow_first_seen":1455907271483430,"flow_src_last_pkt_time":1455907272398966,"flow_dst_last_pkt_time":1455907272399057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":806,"flow_dst_tot_l4_payload_len":576,"midstream":1,"thread_ts_usec":1455907286608960,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":41,"flow_first_seen":1455907267002212,"flow_src_last_pkt_time":1455907272399063,"flow_dst_last_pkt_time":1455907272398989,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":730,"flow_dst_tot_l4_payload_len":907,"midstream":0,"thread_ts_usec":1455907286608960,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1082,"packets-processed":1080,"total-skipped-flows":0,"total-l4-payload-len":53303,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":121,"global_ts_usec":1455907286608960} +00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1082,"source":"cfgs\/default\/pcap\/coap_mqtt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1082,"packets-processed":1080,"total-skipped-flows":0,"total-l4-payload-len":53303,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":121,"global_ts_usec":1455907286608960} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1082/1080 ~~ skipped flows.............: 0 @@ -127,9 +127,9 @@ ~~ total active/idle flows...: 16/16 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7838485 bytes -~~ total memory freed........: 7838485 bytes -~~ total allocations/frees...: 147620/147620 +~~ total memory allocated....: 11546864 bytes +~~ total memory freed........: 11546864 bytes +~~ total allocations/frees...: 217874/217874 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 534 chars ~~ json string max len.......: 2431 chars diff --git a/test/results/default/collectd.pcap.out b/test/results/default/collectd.pcap.out index b10a6913d..8580ef0cb 100644 --- a/test/results/default/collectd.pcap.out +++ b/test/results/default/collectd.pcap.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946742154132991} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946742154132991} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742154132991,"flow_src_last_pkt_time":946742154132991,"flow_dst_last_pkt_time":946742154132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946742154132991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02283{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946742154132991,"flow_dst_last_pkt_time":946742154132991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_usec":946742154132991,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAY7gZOIFNgNKAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"} 00991{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742154132991,"flow_src_last_pkt_time":946742154132991,"flow_dst_last_pkt_time":946742154132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946742154132991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box","collectd": {"client_username":""}}} @@ -8,7 +8,7 @@ 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742156132991,"flow_src_last_pkt_time":946742156132991,"flow_dst_last_pkt_time":946742156132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946742156132991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02285{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":946742156132991,"flow_dst_last_pkt_time":946742156132991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1368,"pkt_l4_len":1334,"thread_ts_usec":946742156132991,"pkt":"AAAAAAAAAAAAAAAACABFAAVKil5AAEARrUJ\/AAABfwAAAYzgZOIFNgNKAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh0gIgY30AAkADAAAAAKAAAAA\/\/8ACGNwdQAAAwAGMQAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiByMEAAwAGMwAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiBcUEAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUz8ACAAMGKqHSAiB0JMAAwAGMAAABQAJaWRsZQAABgAPAAECAAAAAABG4skACAAMGKqHSAiB3pAAAwAGMgAABgAPAAECAAAAAABKYAwACAAMGKqHSAiB1uQAAwAGMQAABgAPAAECAAAAAABIjKAACAAMGKqHSAiB5qEAAwAGMwAABgAPAAECAAAAAABJKEEACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAJdXNlZAAABgAPAAEBAAAAAGaR7UEABQANYnVmZmVyZWQAAAYADwABAQAAAABgfcBBAAgADBiqh0gIgR9KAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAQ\/5AAgADBiqh0gIg2eWAAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUAC2NhY2hlZAAABgAPAAEBAAAAABRC50EACAAMGKqHSAiBMQAAAgAIY3B1AAADAAYyAAAEAAhjcHUAAAUADmludGVycnVwdAAABgAPAAECAAAAAAAA0OkACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAADA25dBAAgADBiqh0gIgb+WAAIACGNwdQAAAwAGMgAABAAIY3B1AAAFAApzdGVhbAAABgAPAAECAAAAAAAAAAAACAAMGKqHSAiDZ5YAAgALbWVtb3J5AAADAAUAAAQAC21lbW9yeQAABQAOYXZhaWxhYmxlAAAGAA8AAQEAAAAA6E7rQQAFAAlmcmVlAAAGAA8AAQEAAAAAwJ+1QQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAgTKlBAAgADBiqh0qIftQ9AAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaxWwAIAAwYqodKiH8nRwADAAYxAAAGAA8AAQIAAAAAABX6SQAIAAwYqodKiH9osQADAAYyAAAGAA8AAQIAAAAAABQajAAIAAwYqodKiH+V7gADAAYzAAAGAA8AAQIAAAAAABX6jAAIAAwYqodKiH\/NZwADAAYwAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKtmAAgADBiqh0qIgA6xAAMABjEAAAYADwABAgAAAAAABKpXAAgADBiqh0qIgBbKAAMABjIAAAYADwABAgAAAAAABKBGAAgADBiqh0qIgB0cAAMABjMAAAYADwABAgAAAAAABI2rAAgADBiqh0qIgCfPAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAEPsAAgADBiqh0qIgC9\/AAMABjEAAAYADwABAgAAAAAAAEPBAAgADBiqh0qIgDfpAAMABjIAAAYADwABAgAAAAAAAEdVAAgADBiqh0qIgD96AAMABjMAAAYADwABAgAAAAAAAD6AAAgADBiqh0qIgEcAAAMABjAAAAUACW5pY2UAAAYADwABAgAAAAAAAAAm"} 00991{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742156132991,"flow_src_last_pkt_time":946742156132991,"flow_dst_last_pkt_time":946742156132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946742156132991,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36064,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box","collectd": {"client_username":""}}} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":3978,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":946746151465954} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":3978,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":946746151465954} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465954,"flow_src_last_pkt_time":946746151465954,"flow_dst_last_pkt_time":946746151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1366,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1366,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":946746151465954,"flow_dst_last_pkt_time":946746151465954,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1408,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1408,"pkt_l4_len":1374,"thread_ts_usec":946746151465954,"pkt":"AAAAAAAAAAAAAAAACABFAAVysRJAAAERFprAqLIj78BKQpqYZOIFXrI+AhAFVv\/\/dXNlcsEiWwf\/ecmHq20KMKY60TNgWTifxhUWZCzzOonut\/nBLF1H9\/qjrU5R7\/H5O\/9DCfuI7YKK9r+lg3rOUKcDtnx6k3gtNCOgHQsqM7rGW+eN33S1hv\/QWiqJh22vfUfr7Wz7pYGKApBiZvpQtTEhc5hAetf3FPDtHKTWmaIAv9tpMJ\/C1iMPcZFdIsr2dDPokYbKhkO7YK1VgRFBm2eTLctpolFTqtNDbNm7ZZj+J4aMD2mZJnGIwYcXGtrkRXSRyBums+W0\/jz8zVPv3F9mqHBPDINnDWvpLDLobIdObIJno8I9jJWIUvexsFajL\/Ozn6gm5h5Bbary3bFaI1eTK9\/2PtGLDA75C4TnHGlqTybsnLPrgfJgwREyLUHKyyjysSqq3nmcDjg2jxv7jB\/7C1x4ERVxqcLGWKVSyPtJGgd833gDOhBdG4xbUSAQLAZ93ZhNhqDYpSH1iLu4WeSFrvXELH+6cym0Y6TgPbHb995Xd4eeznstGpKVPXUMBMYKyolrAJf5IhADYmfwsVbHYwmMY4b+7dLe8Xm4J6pnNHkCQ8D8q\/xlIjpnUrS9OVed\/2DlDBS1QStbE\/5D9qtP1vKoQWi7aNQljNk4LIQq71gjvpOQoYs5A2fU7jqs5Cj7g1YVzvRN1szG+q0InctAJFWNqveI4E4VlH\/arcTeRtG6STEypPhnpvREi8Y1HMoKqCoQ2XNXh6LreKH8j13m7n5IUINrWLGczoOvwh46DPuvBo2KGeZrJslABigBIDcj82i9s8gLnjLw9\/JZ2x7gkouGNhGSwI6E+HHJlTbRNuUsv\/6rZpEcDEihG4n3z7Vt80LO+ANJQ1PEO96u3kHeqsvkky84XapbdS3hpG\/ZxbNSNY8nK4OCSOQQ8HmKfoJVs6uDOBd\/wp2958CwlilWA+S7vIiQ1XgDMWkpnLBj0SxBkzaVjTocJQTqqyWTwe3IhhIJv81ISkko8HlqeLw6ucXInaAjACXZe+tWeEVUOeFlwkGIIzC1N4S0VtZ61SexhHWzr\/i9+G9ZKKsehcu3XJBgh1f60wB6VdfrKhuC5O+DjSawaWC4SpBpu+HXc5ivM+uiz5tYgYFHvZZNAX520+pU7SYW1nlm8z8\/p7hrSy4or4XEkX6alUhb2dPGHzFD8JaAiNPkifbtDixhZdVcES3WwpR0Ee8a2+96wN6EZWNgwUs7rB2p7yVJHR76cDlQ4Kn2ZsRDtijNF38f24MQDLxP4V3sCe2kxcWUIAwjR6dboGGToHbd4gC7kvh\/FM9CeCXw8edRrjHiX4wnTLxVl9Tka0gXAevnElxIQ6DbX8f3r7039o6XRuqpxn0ACZ1UjAWdNP5AnrGPEDhQYcbCL1rrIoiDXNbcbYfPGBMR0rENIqKDB4er0OJ0AMEmws1dKMgg8kdYXjcu2lTLVY4\/4d9fGNXECu0E+IBVi1I\/a05N27robtMnHhQS3RLkMgdw2UHSJmRpgA2AeN7d5fzdRb1cndtHczkpZ4DqnETqYT245MmiMyzhppvI8TfDhCd1ynjvTf\/tCkooHN2LdiiRy3Nwel6jnMS4sDovy8cCEn9qicofWJUG7y5a\/VIh54v0RwEEnumWw\/ZdPXVhbMfahFcQa0uAqmRQ+1dUag87w7YOq0bDC6ojsLdQ0XEWCC562cwnsSkgbZ5fTl3ZKIGjfA5C2IbcoLoeLIRL87MyrjfoqdSbenCEN1JHvCKm8MwRfUxtBnRG6JvCJKg82EHDqygdxWBY5xyz+WlvhZcsZvu\/jKGESQRQiW2wuv9DlwnzHiLS\/qJ\/XT4Fpxe9+g=="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946746151465954,"flow_src_last_pkt_time":946746151465954,"flow_dst_last_pkt_time":946746151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1366,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1366,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39577,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -17,7 +17,7 @@ 00984{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742155132991,"flow_src_last_pkt_time":946742155132991,"flow_dst_last_pkt_time":946742155132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"","collectd": {"client_username":""}}} 00774{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742155132991,"flow_src_last_pkt_time":946742155132991,"flow_dst_last_pkt_time":946742155132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36320,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946742154132991,"flow_src_last_pkt_time":946742154132991,"flow_dst_last_pkt_time":946742154132991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946746151465954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":6710,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1655315218479780} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":6710,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1655315218479780} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655315218479780,"flow_src_last_pkt_time":1655315218479780,"flow_dst_last_pkt_time":1655315218479780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1344,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1344,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315218479780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1655315218479780,"flow_dst_last_pkt_time":1655315218479780,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1386,"pkt_l4_len":1352,"thread_ts_usec":1655315218479780,"pkt":"AAAAAAAAAAAAAAAACABFAAVcLQ9AAEARCoB\/AAABfwAAAdN6ZOIFSANcAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqhsIetVOvAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAlpZGxlAAAGAA8AAQIAAAAAAEh8igAIAAwYqobCHrR67QADAAYxAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAMQAIAAwYqobCHrVLVQADAAYyAAAFAAlpZGxlAAAGAA8AAQIAAAAAAEm00wAIAAwYqobCHryG+AACAAttZW1vcnkAAAMABQAABAALbWVtb3J5AAAFAAl1c2VkAAAGAA8AAQEAAAAA2BLtQQAFAA1idWZmZXJlZAAABgAPAAEBAAAAANBcwEEABQALY2FjaGVkAAAGAA8AAQEAAAAAynjmQQAFAAlmcmVlAAAGAA8AAQEAAAAAkCfAQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAAAE3+tBAAUAEHNsYWJfdW5yZWNsAAAGAA8AAQEAAAAAANaXQQAFAA5zbGFiX3JlY2wAAAYADwABAQAAAAAg7ahBAAgADBiqhsSesjKdAAIACGNwdQAAAwAGMAAABAAIY3B1AAAFAAl1c2VyAAAGAA8AAQIAAAAAABaX1gAIAAwYqobEnrJfCQADAAYyAAAGAA8AAQIAAAAAABQBWwAIAAwYqobEnrKDcQADAAYzAAAGAA8AAQIAAAAAABXhLQAIAAwYqobEnrLCpgADAAYxAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABKFFAAgADBiqhsSess\/yAAMABjAAAAUACXdhaXQAAAYADwABAgAAAAAAAENLAAgADBiqhsSesk3YAAMABjEAAAUACXVzZXIAAAYADwABAgAAAAAAFeA2AAgADBiqhsSestJFAAUACXdhaXQAAAYADwABAgAAAAAAAENGAAgADBiqhsSesqjuAAMABjAAAAUAC3N5c3RlbQAABgAPAAECAAAAAAAEokkACAAMGKqGxJ6yx68AAwAGMwAABgAPAAECAAAAAAAEhJAACAAMGKqGxJ6y1z0ABQAJd2FpdAAABgAPAAECAAAAAAAAPhAACAAMGKqGxJ6y2ckAAwAGMAAABQAJbmljZQAABgAPAAECAAAAAAAAACYACAAMGKqGxJ6y3FYAAwAGMQAABgAPAAECAAAAAAAAADEACAAMGKqGxJ6y4OIAAwAGMwAABgAPAAECAAAAAAAAADAACAAMGKqGxJ6yxTgAAwAGMgAABQALc3lzdGVtAAAGAA8AAQIAAAAAAASXNwAIAAwYqobEnrLUXAAFAAl3YWl0AAAGAA8AAQIAAAAAAABGMAAIAAwYqobEnrLuvwAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAAM\/mAAgADBiqhsSesvscAAMABjAAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAAOnzAAgADBiqhsSesv0mAAMABjEAAAYADwABAgAAAAAAAHMKAAgADBiqhsSesuvPAAUADmludGVycnVwdAAABgAPAAECAAAAAAAAo1oACAAMGKqGxJ6y8H0AAwAGMwAABgAPAAECAAAAAAAAbUsACAAMGKqGxJ6y\/yAAAwAGMgAABQAMc29mdGlycQAABgAPAAECAAAAAAAAUq8ACAAMGKqGxJ6zBsgAAwAGMAAABQAKc3RlYWwAAAYADwABAgAAAAAAAAAAAAgADBiqhsSeswuRAAMABjIAAAYADwABAgAAAAAAAAAAAAgADBiqhsSest6\/AAUACW5pY2UAAAYADwABAgAAAAAAAAAr"} 00995{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655315218479780,"flow_src_last_pkt_time":1655315218479780,"flow_dst_last_pkt_time":1655315218479780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1344,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1344,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315218479780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54138,"dst_port":25826,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"devlap.fritz.box","collectd": {"client_username":""}}} @@ -58,7 +58,7 @@ 02278{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1655315774132712,"flow_dst_last_pkt_time":1655315734133371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1362,"pkt_l4_len":1328,"thread_ts_usec":1655315774132712,"pkt":"AAAAAAAAAAAAAAAACABFAAVEkBxAAEARp4p\/AAABfwAAAY\/gZOIFMANEAAAAFWRldmxhcC5mcml0ei5ib3gAAAgADBiqh00IfHOfAAkADAAAAAKAAAAAAAIACGNwdQAAAwAGMwAABAAIY3B1AAAFAAl3YWl0AAAGAA8AAQIAAAAAAAA+hgAIAAwYqodNCHx3BQADAAYxAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAMQAIAAwYqodNCHx4iwADAAYyAAAGAA8AAQIAAAAAAAAAKwAIAAwYqodNCHx6GAADAAYzAAAGAA8AAQIAAAAAAAAAMAAIAAwYqodNCHx+YwADAAYwAAAFAA5pbnRlcnJ1cHQAAAYADwABAgAAAAAAARAEAAgADBiqh00IfIBJAAMABjEAAAYADwABAgAAAAAAAKTtAAgADBiqh00IfIIYAAMABjIAAAYADwABAgAAAAAAAND4AAgADBiqh00IfIQ5AAMABjMAAAYADwABAgAAAAAAAG48AAgADBiqh00IfIc5AAMABjAAAAUADHNvZnRpcnEAAAYADwABAgAAAAAAAOv6AAgADBiqh00IfImlAAMABjEAAAYADwABAgAAAAAAAHQyAAgADBiqh00IfIuXAAMABjIAAAYADwABAgAAAAAAAFNGAAgADBiqh00IfI3qAAMABjMAAAYADwABAgAAAAAAADrxAAgADBiqh00IfJJ8AAMABjAAAAUACnN0ZWFsAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodNCHyUxQADAAYxAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodNCHzGWgADAAYyAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodNCHzI6AADAAYzAAAGAA8AAQIAAAAAAAAAAAAIAAwYqodNCHzNbwADAAYwAAAFAAlpZGxlAAAGAA8AAQIAAAAAAEbooAAIAAwYqodNCHzQVwADAAYxAAAGAA8AAQIAAAAAAEiSpwAIAAwYqodNCHzSjwADAAYyAAAGAA8AAQIAAAAAAEpmKAAIAAwYqodNCHzffgADAAYzAAAGAA8AAQIAAAAAAEkuRwAIAAwYqodNCHxvHAADAAYwAAAFAAl3YWl0AAAGAA8AAQIAAAAAAABD8QAIAAwYqodNCHxw\/QADAAYxAAAGAA8AAQIAAAAAAABDwgAIAAwYqodNCHx1BQADAAYwAAAFAAluaWNlAAAGAA8AAQIAAAAAAAAAJgAIAAwYqodNCHxoDgADAAYzAAAFAAtzeXN0ZW0AAAYADwABAgAAAAAABI3eAAgADBiqh00Igvk5AAIAC21lbW9yeQAAAwAFAAAEAAttZW1vcnkAAAUACXVzZWQAAAYADwABAQAAAAAkwe1BAAUADWJ1ZmZlcmVkAAAGAA8AAQEAAAAAsH7AQQAFAA5hdmFpbGFibGUAAAYADwABAQAAAACUIetBAAUAC2NhY2hlZAAABgAPAAEBAAAAADpG50EABQAQc2xhYl91bnJlY2wAAAYADwABAQAAAAAA35dBAAUADnNsYWJfcmVjbAAABgAPAAEBAAAAAOBOqUEABQAJZnJlZQAABgAPAAEBAAAAAKD8s0EACAAMGKqHT4h9FSwAAgAIY3B1AAADAAYwAAAEAAhjcHUAAAUACXVzZXIAAAYADwABAgAAAAAAFrKDAAgADBiqh0+IfXU9AAMABjIAAAYADwABAgAAAAAAFBusAAgADBiqh0+IfY6xAAMABjMAAAYADwABAgAAAAAAFfvCAAgADBiqh0+IfUlfAAMABjEAAAYADwABAgAAAAAAFftv"} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1655315734133371,"flow_src_last_pkt_time":1655315784133517,"flow_dst_last_pkt_time":1655315734133371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1299,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1338,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9255,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315784133517,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":0,"flow_first_seen":1655315313991539,"flow_src_last_pkt_time":1655315720484900,"flow_dst_last_pkt_time":1655315313991539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63954,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315804133071,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":90410,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":0,"total-updates":13,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":61,"global_ts_usec":1655315824133020} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":90410,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":0,"total-updates":13,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":61,"global_ts_usec":1655315824133020} 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1655315734133371,"flow_src_last_pkt_time":1655315834133390,"flow_dst_last_pkt_time":1655315734133371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1299,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1338,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":17165,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315834133390,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":36832,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":0,"flow_first_seen":1655315313991539,"flow_src_last_pkt_time":1655315720484900,"flow_dst_last_pkt_time":1655315313991539,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":151,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63954,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655315854133128,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35988,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655316151465954,"flow_src_last_pkt_time":1655316151465954,"flow_dst_last_pkt_time":1655316151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1366,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1366,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655316151465954,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -71,7 +71,7 @@ 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1655316181464412,"flow_dst_last_pkt_time":1655316151465954,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"thread_ts_usec":1655316181464412,"pkt":"AAAAAAAAAAAAAAAACABFAAV8xlhAAAERAUrAqLIj78BKQpqYZOIFaLJIAhAFYAAEdXNlcvgFFMcC7YLnXJdq6iy8vLKCzAlatvrBwkJrE96Ca8hAiNz7UuTaNB2VAQDjZhwW8It9Bw6C5dOcFYI7dtaUsqoM3W+UcjrrT3TlmYGZdLqeSCurY+PxhiyPEjq83Kx+9cfb79V6QQOle6UCpNHC5cTbJxieSFgnAJf5U9l1Wb2Zfo1KITT5S1JLK2mB2AhZBzMiAmW7nDv1DYwK1E3Ja+k+cy\/02WZLSF\/4MBU6ElL5un4wRJoLZFKsiRQoRARw+w\/tYjnuompfoCUOnxEAbNO\/ScH8GQMAqxRKubol4sJ34rEuem1hVbus9EhIVHVsndZrfW\/t5p0Ymc5PzzUJQhytc9t0mG8bp8PtBJoOuuKTjAIjgsK6HRvDbBosq8UVWLvRCpGzUMDmhXWm3M3Af\/19vdeNFYDrdeKZl4\/Tiot7Jk4SGJUVLdwRLYXJKVNSDLc+\/2NLSCP3hRgGgkJTram0IrQaOBKTrnVgzs9JG1xVsFY3JAvYZrm2EEmpxYtYVR8eAIattMv0OJ3RVFlsmMqg2eeGd75jusMSQqGOYY1i5+3CJ6pT6\/OSbK6qzW2BKd9B3UtkkBxo5RqaHboxPGcWFP9ceXeIXdp\/k9R+0PKCuHshX4\/ZHPPCpR0XFfXp9ONx\/WS97lCYY1KkrhKcbgcrld\/cVsBWi3ZVWyfgaaD6tDUL73yYB\/HDjD60VIkxHTkOgzHXADKncbnDzeOxTs5w0AyZB8\/y7yXDLHrObGSiP544LREjSMwjQLBMcUwvJSy66lkhW\/720bRu7\/Z8J3zhwUEPu76N0yVimaSbZvDSdiQmOesMZp1xdVC+R5mnJ73b9P1BiCPtcZkSaeIxzVphD0E4FDMO7n639Sb3etUlxEH994EWaUuWyatwWzuPuI6aHd5gs7\/5k9edMeE7INONDor97aMkxNjH45LA7FQQWLxlNG82ECskPeh9eRHEhD01c4OjHspfBLQoWdPKm+FuT9rOuIsOyJjB0CB7yyo2\/sBwQOapu2nKKop3WGOhCekvJa8bGT\/fwtNBu6y9lvflXlB4w+cUn9LHVPd8c55suJBYjaTEjGtpJPPQr5FwLCPb0VQ+d76LnIgPOOqrAXHe8nl5hlL4FQA7x5adn04mFDCeAPZXtv3rDB6BTBpZsMjvH4YfYynU9GuxvQYioQ9CNBjF0HVnHlzElnx8hwrjTUPNs7ClrDa96mzZfFyVb5Nj4ECxJ7iPAuWcneVIn7uPEC1z\/zkMfgUIsDmTIKqAQvLZN5NLHlkeqdFQcGQp+m5b0LZKFsewnwU5Wom6dY70EU47NKObNczXhUieeY9QRG8ZpIRK+A4vdFu4A8IN3hwZbEZfdhEMiiCqXyoGEygAKQQfCZfxj5XXH9P2FkFQR8fFVjJU18UTLX6PfK\/7x1yL3qTxAbbviPoXAsfqh5waRw9YMEb08B\/WYQmyFCYElXrknFcIHnXPqkU6DC7RINGNFZLWpq\/U3L1Isb6\/W1gOsLiDJnMWmPhnseLBCoBKrB1KOZjMd5s+mfB4dnHLTtT5sF2scQr93OceGFLqdFl0POX\/v3abJ4ZP2yYha2NExOMtruFRBbxZ4HF\/wdGc+VkB4AzCn99BfYbV5VwNloBfugi\/5X5G1iqiqGAVZiDPU+u0nZUCeYsB1q9K1\/NmpGiEgNdo81WcEYmMARdF9xmvcOnLMmdOcMlv63fln5KBSKO4HZPzLvwD0pI0AUYlGah1oa9\/zk4QeMBIubH+v1XKARl5SmOXRRBqDat7eVIysKApBnDoFsDxGDTZUVDOsGf4TgfdFNvZu6lJeMPeugL+z+wgF+k="} 02189{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1655316182371478,"flow_dst_last_pkt_time":1655316151465954,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1655316182371478,"pkt":"AAAAAAAAAAAAAAAACABFAATsxv9AAAERATPAqLIj78BKQpqYZOIE2LG4AhAE0AAEdXNlcnP\/uCtk9UXV2KF4JOzP1M1v7q6jawqniLWeIANnL2\/k3sSyHPr3tqTLnAuukLSfxlpixnPsEPx0Zo4Oww1TgylacBsRLCY9L9BPZIhwPUd9+1cDwsYbIA++HJQi+hVC4mgKe4VGv0zjBGe7+ifIIww2jGaTY1Blgv9t7vC9d7ndAN0HBkDs8O\/zvgWZaJvfq4fGvb\/5XmfhyyZ4qLYRdYtSabVScBoObPSfn5ouUsYUF07PMfBvtxV\/apbRdODDfM8eEU3cHVtvDHVfPNHmDKMgO4Z8IosjUrwCc0maYz2m53Uumq1aZqaehZvpt7lahc85fSLehC5NpUixm0Lx+h\/ujjdNrvcaMhw1JlCmSJTwtM\/EgbZpDVag1G5bvmZXLcmg0VE5QVODMtPUOiFVnxHuZ7em8M5APoD2YV5OJuwO1S203xtd9p5GwaU\/p7xn+Vad6uNBMssyRZd1DFsDqNec\/2mUnEeYzQ0y65upIZH9vGNerHd5wExkz7FsIMx3S13uUvn4wDqBrafmQ+FDkktQOlPQKQCp\/7L2mGfKxv\/eoKvpMWMnLuCqjwfSk4fidgiUs\/m4w95YyqeonfzSrcqoqHJ3fyWyw+5xgHEDZacDV4Ns+TmWUKkOgyvJwE+b\/SQWMv\/jfPynda2l0vcIL+hkEpUrZFILSjN89wKmjBSCYPHxh5mXQE6zJIA1\/lm42Ws2JT2S+ySIj5lF+j3LavgWzu6LgcWm3kC80BQusAMGRm5HX7lv+eo7wfeyjF9kwzkXfUzjp8u6PpnZjLLYU0KH9cwFxoJy3O1cDLvkBRdM3BZq9ulTYUekIh71M7sgzqXVnK69LZBSDnT0gFbc8EVuq\/baI30HbLnm6v4phtxorZGfNfwUKiOVg1+m92hZ33VoHullyAzE63i5HEz23N63w1OMMidtcwnQQNv5nLpw3\/rGyhBPakrtlZMqHYa7IKPmIEnvypW5odQzFUn+ewMgVF7IheAe5ktL5eVlqRIBuwuHWex66FM8PsAJ+0GFiVQDT90ORRBulv\/nwrzAF73B2UEjuT7o1XSdo2yzYV+fg0tuAFh+J7b40tEzGMHkSNLR1nFhaO5GaNm72JV6B4GV3KcI7XYFIsQkCMlVJFvhtZvlEEzzKyBObmFid+xH1F+FLuVe\/sawgjTtvxhAeoMv0XwePMnlzUAkaHBI+ToVrXG9TuIYXHfng\/Zvydp8Rup0i1kr6nlU0SjI9FoU7GEx3Af9YoSVdhTuAuvx9gAyHT0\/40EQiUpaScFUKZZzI3+kiAckU5y6lSp2C2D\/KFh\/8TiJ0y\/DQMZrU7s8eIlBc0ciTshw9ABtMfOmuuAgqDx\/GJnXt2TA1+EOW+NMitt+822JWDfRDzWsygrDddbT8Fzr6C7F7UlvifDEWmgAE\/nt78d+PtDMW1S9lGNvzBeXE\/+a22PprpuD7c9xntPU\/aEWUALWBlFO1SgekTxdJK57eae6wWZtWku9YoU7jyqN5MGxMWGFbfQAvQJ3TqPi7FKY+5b3645lan5PFGzus6rBQOo4ZZj5QGYP9SPBCyLQ15ugjV+nlLKc3PQZGgTgCS\/O9M4yjl3lOf2xkK+f0evs7+kT1\/NYdqtOmB5psJPQhvhx32w="} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1655316151465954,"flow_src_last_pkt_time":1655316182371478,"flow_dst_last_pkt_time":1655316151465954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1392,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6745,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655316182371478,"l3_proto":"ip4","src_ip":"192.168.178.35","dst_ip":"239.192.74.66","src_port":39576,"dst_port":25826,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"collectd","proto_id":"298","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":81,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":105984,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":6,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":74,"global_ts_usec":1655316182371478} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/collectd.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":81,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":105984,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":6,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":74,"global_ts_usec":1655316182371478} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 81/81 ~~ skipped flows.............: 0 @@ -80,9 +80,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7786202 bytes -~~ total memory freed........: 7786202 bytes -~~ total allocations/frees...: 146537/146537 +~~ total memory allocated....: 11494693 bytes +~~ total memory freed........: 11494693 bytes +~~ total allocations/frees...: 216791/216791 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 569 chars ~~ json string max len.......: 2401 chars diff --git a/test/results/default/corba.pcap.out b/test/results/default/corba.pcap.out index ad584e921..c90ff808a 100644 --- a/test/results/default/corba.pcap.out +++ b/test/results/default/corba.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614768020788858} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614768020788858} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614768020789512,"flow_src_last_pkt_time":1614768020789512,"flow_dst_last_pkt_time":1614768020789512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614768020789512,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614768020789512,"flow_dst_last_pkt_time":1614768020789512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614768020789512,"pkt":"5kBKB+riApXG95NLCABFAAAwnOsAAIAGAAAKZQACCmYAAiIWA4SwjQfnAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614768020789512,"flow_dst_last_pkt_time":1614768020790963,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614768020790963,"pkt":"ApXG95NL5kBKB+riCABFAAAwnN4AAH8GihsKZgACCmUAAgOEIhawjRxgsI0H6HASgAFEQgAAAgQFtAMDAQA="} @@ -24,7 +24,7 @@ 00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1614768020789512,"flow_src_last_pkt_time":1614768020792090,"flow_dst_last_pkt_time":1614768020792457,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":268,"flow_dst_max_l4_payload_len":494,"flow_src_tot_l4_payload_len":268,"flow_dst_tot_l4_payload_len":494,"midstream":0,"thread_ts_usec":1614768020795904,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8726,"dst_port":900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","proto_id":"168","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1614768020792107,"flow_src_last_pkt_time":1614768020794502,"flow_dst_last_pkt_time":1614768020794733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":257,"flow_src_tot_l4_payload_len":564,"flow_dst_tot_l4_payload_len":483,"midstream":0,"thread_ts_usec":1614768020795904,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8727,"dst_port":1049,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","proto_id":"168","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00961{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1614768020794508,"flow_src_last_pkt_time":1614768020795904,"flow_dst_last_pkt_time":1614768020795900,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":322,"flow_dst_max_l4_payload_len":266,"flow_src_tot_l4_payload_len":322,"flow_dst_tot_l4_payload_len":266,"midstream":0,"thread_ts_usec":1614768020795904,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":8728,"dst_port":61191,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Corba","proto_id":"168","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":25,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":2397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1614768020795904} +00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/corba.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":25,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":2397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1614768020795904} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 25/22 ~~ skipped flows.............: 0 @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777831 bytes -~~ total memory freed........: 7777831 bytes -~~ total allocations/frees...: 146418/146418 +~~ total memory allocated....: 11486418 bytes +~~ total memory freed........: 11486418 bytes +~~ total allocations/frees...: 216672/216672 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 535 chars ~~ json string max len.......: 1190 chars diff --git a/test/results/default/cpha.pcap.out b/test/results/default/cpha.pcap.out index 83b8300fa..a9a0db95d 100644 --- a/test/results/default/cpha.pcap.out +++ b/test/results/default/cpha.pcap.out @@ -1,10 +1,10 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1603354463286532} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1603354463286532} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286532,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603354463286532,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":96,"pkt_l4_len":58,"thread_ts_usec":1603354463286532,"pkt":"AQBeFQMBAAAAAAEBgQAAFQgARQAATgAAAAD\/EQyKAAAAAKwVAwAftB+0ADpJ\/BqQDDEnhQABABZ5PgAB\/\/7gSgEAAAIAAQAACAoAAgADAAQAAAIECQAAAAkAAAAAAAIA"} 00906{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286532,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603354463286532,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"CPHA","proto_id":"53","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00945{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603354463286532,"flow_src_last_pkt_time":1603354463286532,"flow_dst_last_pkt_time":1603354463286532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603354463286532,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CPHA","proto_id":"53","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} -00626{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1603354463286532} +00626{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/cpha.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1603354463286532} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766754 bytes -~~ total memory freed........: 7766754 bytes -~~ total allocations/frees...: 146371/146371 +~~ total memory allocated....: 11475373 bytes +~~ total memory freed........: 11475373 bytes +~~ total allocations/frees...: 216625/216625 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 565 chars ~~ json string max len.......: 950 chars diff --git a/test/results/default/crawler_false_positive.pcapng.out b/test/results/default/crawler_false_positive.pcapng.out index 45b6c9076..77e12f821 100644 --- a/test/results/default/crawler_false_positive.pcapng.out +++ b/test/results/default/crawler_false_positive.pcapng.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666892509284373} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666892509284373} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892509284373,"flow_src_last_pkt_time":1666892509284373,"flow_dst_last_pkt_time":1666892509284373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892509284373,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.184.220.29","src_port":38291,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666892509284373,"flow_dst_last_pkt_time":1666892509284373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666892509284373,"pkt":"CL6sCxduJjb1W8R1CABFAAA8KY5AAEAGChTAqAycXbjcHZWTAFBs+j0RAAAAAKAC\/\/\/HSwAAAgQFtAQCCArcRF1kAAAAAAEDAwk="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1666892509284373,"flow_dst_last_pkt_time":1666892509292073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666892509292073,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8tqIAADgGxP9duNwdwKgMnABQlZO39n5kbPo9EqAS\/\/9z+AAAAgQFtAQCCApFkddV3ERdZAEDAwk="} @@ -9,7 +9,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1666892509294998,"flow_dst_last_pkt_time":1666892509302404,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666892509302404,"pkt":"Jjb1W8R1CL6sCxduCABFAAA0tqMAADgGxQZduNwdwKgMnABQlZO39n5lbPo9I4AQAICiHwAAAQEICkWR12DcRF1v"} 01043{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1666892509284373,"flow_src_last_pkt_time":1666892509303435,"flow_dst_last_pkt_time":1666892509302404,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892509303435,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.184.220.29","src_port":38291,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web","hostname":"ocsp.digicert.com","http": {"request_content_type":"application\/ocsp-request"}}} 00986{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1666892509284373,"flow_src_last_pkt_time":1666892509319173,"flow_dst_last_pkt_time":1666892509318297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":799,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":799,"midstream":0,"thread_ts_usec":1666892509319173,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.184.220.29","src_port":38291,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}} -00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1034,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1666892509319173} +00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/crawler_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1034,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1666892509319173} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767206 bytes -~~ total memory freed........: 7767206 bytes -~~ total allocations/frees...: 146388/146388 +~~ total memory allocated....: 11475825 bytes +~~ total memory freed........: 11475825 bytes +~~ total allocations/frees...: 216642/216642 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 562 chars ~~ json string max len.......: 1093 chars diff --git a/test/results/default/crynet.pcap.out b/test/results/default/crynet.pcap.out index 9b3099499..0da0fd185 100644 --- a/test/results/default/crynet.pcap.out +++ b/test/results/default/crynet.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1663053319315000} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1663053319315000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663053319315000,"flow_src_last_pkt_time":1663053319315000,"flow_dst_last_pkt_time":1663053319315000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663053319315000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.97","src_port":61837,"dst_port":25383,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1663053319315000,"flow_dst_last_pkt_time":1663053319315000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1663053319315000,"pkt":"eJS0JASgYDjgxTWgCABFAABiTCIAAH8RZ1zAqAJkTp92YfGNYycATjhrPAAACO0AAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAEAAAAAAAAAARHZiPEYhJ98Ekv15rJNB070HsYAjtelIOS7\/FaGTcNxA=="} 01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663053319315000,"flow_src_last_pkt_time":1663053319315000,"flow_dst_last_pkt_time":1663053319315000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663053319315000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.97","src_port":61837,"dst_port":25383,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -7,7 +7,7 @@ 00838{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1663053319427000,"flow_dst_last_pkt_time":1663053319426000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1663053319427000,"pkt":"eJS0JASgYDjgxTWgCABFAAENTCMAAH8RZrDAqAJkTp92YfGNYycA+dc4twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKALLez3wAN7++JPrzMT38iX1WAjfTctCz5DQW2Gr52YR6j8NlMBYhOJtQoUHxWCr79vIUajpzWXoiTJxxi4wkpAsXoa6o3PGme6\/1vAonPYaENBaP83tcQBWM5F7CctUortxGxwNJCzC9Ng4j6g\/M10VJx\/+uWwf2XNZu+YTz0cFhVKD8b3EyMN0OKFLxjveSPCFnaIrDkrsYSHksMYnidzTlDmbVkI\/TwEtMTUGYmv\/K8tH5HZVgkUeK3w2NFKXJmMwkHObFIIO9Wtu40KY6w=="} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1663053319451000,"flow_dst_last_pkt_time":1663053319426000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1663053319451000,"pkt":"eJS0JASgYDjgxTWgCABFAABeTCQAAH8RZ17AqAJkTp92YfGNYycASqIEu1TNMFI7KjNcy30zZh7kTKyCtibj5Ew6S3L3XbNweck02v9yC85o1\/QG3mAVSF2v178BxRBCueTrL00RuPSJPkfw"} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1663053319456000,"flow_dst_last_pkt_time":1663053319426000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1663053319456000,"pkt":"eJS0JASgYDjgxTWgCABFAABOTCUAAH8RZ23AqAJkTp92YfGNYycAOmtU9A4B7\/sy9rQJaZpS1ZjPxtRWqt1UsEDlsdYvzNiHXlYQ36yJt6tP5zK6OP2iIuXDoH0="} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":1299,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1663054340264000} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":1299,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1663054340264000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663054340264000,"flow_src_last_pkt_time":1663054340264000,"flow_dst_last_pkt_time":1663054340264000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663054340264000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"37.58.56.245","src_port":56333,"dst_port":20250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663054340264000,"flow_dst_last_pkt_time":1663054340264000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1663054340264000,"pkt":"eJS0JASgYDjgxTWgCABFAABi6scAAH8RL4jAqAJkJTo49dwNTxoATkBTPAAACO0AAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAIAAAAAAAAAAjxLoziqJeNB3TOIAvp1HVUPwwhoEa8nhYPd5MbnCISkw=="} 01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663054340264000,"flow_src_last_pkt_time":1663054340264000,"flow_dst_last_pkt_time":1663054340264000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663054340264000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"37.58.56.245","src_port":56333,"dst_port":20250,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -16,7 +16,7 @@ 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1663054340492000,"flow_dst_last_pkt_time":1663054340492000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1663054340492000,"pkt":"eJS0JASgYDjgxTWgCABFAAD96skAAH8RLuvAqAJkJTo49dwNTxoA6Ti1twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAh3drXUfBsymjYclKxpc0nfGK4TXfQ\/ZSFodhwO7TchiHrNe49me58e8bAAF0I5F+veDMTcPaTIoyhzRIr6m6Z+CQOrG3Nvv5hothMloBht44k3gby0eyZA8TY4qdQtt6AYi3PRm5uclYvCq7ZM0GzREHOCsM\/h3pJ8dIne0rl8Yv9UgWddpCFQWkiWUe8V0eVdRqpF4eAMBu6EaVBsGFq1obTzwAbq+Z\/AwxrK1Xtv1qLyBe4BTjjP7SPqWmHWyI"} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1663054340511000,"flow_dst_last_pkt_time":1663054340492000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1663054340511000,"pkt":"eJS0JASgYDjgxTWgCABFAABe6soAAH8RL4nAqAJkJTo49dwNTxoASie1u6Um18UiAc6pJXjjl\/HaNSDy6KAZaciEAaWBHHD0wMybHHlIRagmxlljIDbFX86yQQAXEeT6hI04WN7LK1Fbtr9a"} 01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1663053319315000,"flow_src_last_pkt_time":1663053319756000,"flow_dst_last_pkt_time":1663053319426000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1166,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1663054340750000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.97","src_port":61837,"dst_port":25383,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":2653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1663085644364000} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":2653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1663085644364000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663085644364000,"flow_src_last_pkt_time":1663085644364000,"flow_dst_last_pkt_time":1663085644364000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663085644364000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.230.222","src_port":56970,"dst_port":28665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1663085644364000,"flow_dst_last_pkt_time":1663085644364000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1663085644364000,"pkt":"eJS0JASgYDjgxTWgCABFAABiEW8AAH8RLCHAqAJkVBDm3t6Kb\/kATnW6PAAACO0AAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAMAAAAAAAAAAxNRIfGTwR+QCEti3EMpFVQUjpXNe1F8lY80rv42uT7UA=="} 01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663085644364000,"flow_src_last_pkt_time":1663085644364000,"flow_dst_last_pkt_time":1663085644364000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663085644364000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.230.222","src_port":56970,"dst_port":28665,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -25,7 +25,7 @@ 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1663085644862000,"flow_dst_last_pkt_time":1663085644862000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1663085644862000,"pkt":"eJS0JASgYDjgxTWgCABFAAD9EXEAAH8RK4TAqAJkVBDm3t6Kb\/kA6Sf1twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7h+WQPdzYtRujvIv99Gk4jK5CTYtKMcC8UdvPHTkwMgv+CqSO\/LPaCHfKYn\/qLUXKya\/WMk8UEbZcOxwqjti+zv7dA6vrTWc2C\/bio3R8dE2bVVZbga+3ONnGrLsbTsX0xoj2QaGBCLAdRWxgab3ISN7Kk+HGnPTiKc7GqjMvt66EEvs79X9BPSniUDFUWQ7OB3ZrrH+fG8WChwJChWKyc1UHcxBPrsbIkc7Zz+aZYp63dfaXDBKUO5TM6wJXKs5"} 00598{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1663085644878000,"flow_dst_last_pkt_time":1663085644862000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1663085644878000,"pkt":"eJS0JASgYDjgxTWgCABFAABeEXIAAH8RLCLAqAJkVBDm3t6Kb\/kASp3Du8hOJwkzpDMeJIiqYysbahdAbCneww7mPP0qdlopQndRNSW4Hvz1o7Z0XzePGFOyamSlKQFqSXW59rtF9f1o0hC2"} 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1663054340264000,"flow_src_last_pkt_time":1663054340750000,"flow_dst_last_pkt_time":1663054340651000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":266,"midstream":0,"thread_ts_usec":1663085645134000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"37.58.56.245","src_port":56333,"dst_port":20250,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":4099,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1663087012386000} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":4099,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1663087012386000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663087012386000,"flow_src_last_pkt_time":1663087012386000,"flow_dst_last_pkt_time":1663087012386000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663087012386000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.98.94","src_port":55645,"dst_port":28375,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1663087012386000,"flow_dst_last_pkt_time":1663087012386000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1663087012386000,"pkt":"eJS0JASgYDjgxTWgCABFAABiWwwAAH8RbHXAqAJkTp9iXtldbtcATsvtPAAACO0AAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAEAAAAAAAAAARP2yVOOppoNSzHVb7aVJGzvGqD\/2urmHg+Q2g7KegnkQ=="} 01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663087012386000,"flow_src_last_pkt_time":1663087012386000,"flow_dst_last_pkt_time":1663087012386000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663087012386000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.98.94","src_port":55645,"dst_port":28375,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -33,21 +33,47 @@ 00815{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1663087012587000,"flow_dst_last_pkt_time":1663087012586000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1663087012587000,"pkt":"eJS0JASgYDjgxTWgCABFAAD9Ww0AAH8Ra9nAqAJkTp9iXtldbtcA6YnItwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvVZ34+lki8x58DFZ+zhzaJkcNNjmYSytxOZNglrQYMLqbCMdjyBDvvlg7QncjdB8kB4ZKspaCO9dVm+NgbvUigMTjTfP\/6svTHK+9iJ3UvyM23s6g3\/DB4c7rNY9qNZetaXf6ZsG0wQID9WBHtpPjK7Opq71Q2SZh\/2+mT2\/ya3mzm7wu4UGo8jzwK7qJ5BpjRRJgRkmr+7EZGnzc0VcSs\/0Bu4Hqw4WHY2ieDCwGiGvSMMZWlO6u9PowZ0DoktN"} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1663087012600000,"flow_dst_last_pkt_time":1663087012586000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1663087012600000,"pkt":"eJS0JASgYDjgxTWgCABFAABeWw4AAH8RbHfAqAJkTp9iXtldbtcASiuhu7hTlkLWJMqukwgQRylK5qgiLSt9XVj0u0sQ8ebeC3F2lAmzaT1fMxkq7a+2soe7OxLP59ZLK7oofqm79eExsFje"} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1663087012606000,"flow_dst_last_pkt_time":1663087012586000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1663087012606000,"pkt":"eJS0JASgYDjgxTWgCABFAABOWw8AAH8RbIbAqAJkTp9iXtldbtcAOmEb9J0pHkeKMvM7Xkxdv+3E0sy5KB0kANOKPFc0\/VebRRnb5+QoZ3Mrtf9BC\/abuZwnrKw="} -01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1663087012386000,"flow_src_last_pkt_time":1663087012873000,"flow_dst_last_pkt_time":1663087012586000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1293,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1663087012873000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.98.94","src_port":55645,"dst_port":28375,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1663085644364000,"flow_src_last_pkt_time":1663085645134000,"flow_dst_last_pkt_time":1663085644862000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1313,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1663087012873000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.230.222","src_port":56970,"dst_port":28665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":5525,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1663087012873000} +01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1663085644364000,"flow_src_last_pkt_time":1663085645134000,"flow_dst_last_pkt_time":1663085644862000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1313,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1663087012873000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.230.222","src_port":56970,"dst_port":28665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":5525,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1690748853317402} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690748853317402,"flow_src_last_pkt_time":1690748853317402,"flow_dst_last_pkt_time":1690748853317402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690748853317402,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.248.143","src_port":60751,"dst_port":30098,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1690748853317402,"flow_dst_last_pkt_time":1690748853317402,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1690748853317402,"pkt":"eJS0JASgYDjgxTWgCABFAABiGQIAAH8REt3AqAJkVBD4j+1PdZIATnKmPAAAC\/YAAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAJAAAAAAAAAAkdjp3RMzFPjpS+Wr+8IHfk2zWlV90jwStZ3EBEfsVDkg=="} +01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690748853317402,"flow_src_last_pkt_time":1690748853317402,"flow_dst_last_pkt_time":1690748853317402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690748853317402,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.248.143","src_port":60751,"dst_port":30098,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1690748853317402,"flow_dst_last_pkt_time":1690748853462657,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1690748853462657,"pkt":"YDjgxTWgeJS0JASgCABFAAChe5tAADgRtwRUEPiPwKgCZHWS7U8AjahxhwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvOTZOe4P0DZgiaoge5\/c8zylzlNCivNTmM9gUgl8Fu01j6CVJrxMp+z0AGAdVSMP1W2aGyI\/TGSAuR3Pxhu\/ogAAAAG9EWhr0ePdge3K\/5DZLAhiT1pbS8hCcN\/HSxEJHMjK7A=="} +00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1690748853463050,"flow_dst_last_pkt_time":1690748853462657,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1690748853463050,"pkt":"eJS0JASgYDjgxTWgCABFAAD9GQMAAH8REkHAqAJkVBD4j+1PdZIA6dtCtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGP5AMEWN9jmtzmLg96IsebM\/lRznPR7uebXeg1uyKmwx+YjzIdkT2A7I2MthEJXpofpQOKMzT2Rr0hTOlbU7devu7oOeX4b8kEVoQcwgdC0UpGkRuN44XGJ2l495Ov3RtSZtiUnqy3INEAzvowx6MnkELMRQJCWMBwpPoH8hbnARatxa4USpd0pjwh1JrDtKKmsaPv+OvEf+EoO4DQOkHwW8wT3oGCndSxJuGF00UvmX6U2Q7ghiO6zJRGqSWizy"} +00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1690748853484493,"flow_dst_last_pkt_time":1690748853462657,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_usec":1690748853484493,"pkt":"eJS0JASgYDjgxTWgCABFAABuGQQAAH8REs\/AqAJkVBD4j+1PdZIAWtoWuyE4AgMLTvEu1MTUHFdLOVb3xfWbBZv5c265TNEQuyejvS0VENHtmRyYJ1A1ThAYKCh2gzrBWRsvCvDJ0vbOEdNpFrqU17qTPlI4t7sztb+X3Q=="} +00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1690748853490046,"flow_dst_last_pkt_time":1690748853462657,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1690748853490046,"pkt":"eJS0JASgYDjgxTWgCABFAABOGQUAAH8REu7AqAJkVBD4j+1PdZIAOu7W9NPce2yB9yPwzoAoOL6DUNeP\/77ovO5hlRaxQCpzIJ1leyDl93TsWEUNU1MBY8PGNIs="} +01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1663087012386000,"flow_src_last_pkt_time":1663087012873000,"flow_dst_last_pkt_time":1663087012586000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1293,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1690748853790269,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.98.94","src_port":55645,"dst_port":28375,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690749275638306,"flow_src_last_pkt_time":1690749275638306,"flow_dst_last_pkt_time":1690749275638306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690749275638306,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.106.139","src_port":60224,"dst_port":28343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1690749275638306,"flow_dst_last_pkt_time":1690749275638306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1690749275638306,"pkt":"eJS0JASgYDjgxTWgCABFAABiI8AAAH8Rm5TAqAJkTp9qi+tAbrcATk99PAAAC\/YAAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAALAAAAAAAAAAthIw+gM83nIs9thPnP7qe2XLd0yBlxQ9zsY5cIKbNozw=="} +01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690749275638306,"flow_src_last_pkt_time":1690749275638306,"flow_dst_last_pkt_time":1690749275638306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690749275638306,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.106.139","src_port":60224,"dst_port":28343,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1690749275845281,"flow_dst_last_pkt_time":1690749275638306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1690749275845281,"pkt":"eJS0JASgYDjgxTWgCABFAABiI8EAAH8Rm5PAqAJkTp9qi+tAbrcATk99PAAAC\/YAAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAALAAAAAAAAAAthIw+gM83nIs9thPnP7qe2XLd0yBlxQ9zsY5cIKbNozw=="} +00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1690749275845281,"flow_dst_last_pkt_time":1690749276055867,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1690749276055867,"pkt":"YDjgxTWgeJS0JASgCABFAAChPu1AADgRhyhOn2qLwKgCZG6360AAjZWthwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACzsW+6QNg+DOm22+4YA906RNueXQUhVRk88lmTZb0epdiT3j8XUHWF6eIP4D3c3bi4S5ztOWQ45kmtpBmZpOZnQAAAAE8OX1W0UFXMxlT\/fYxEQAtUp31+SQFXkCmWkH2\/2EKTA=="} +00840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1690749276056149,"flow_dst_last_pkt_time":1690749276055867,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":283,"pkt_l4_len":249,"thread_ts_usec":1690749276056149,"pkt":"eJS0JASgYDjgxTWgCABFAAENI8IAAH8RmufAqAJkTp9qi+tAbrcA+U1QtwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAug8yp8Qv8TeWfHQtc3YYH0QzMa6rPBBh7r86MQSgH+LNvWKGO1aam6d5zesL+sUrF6Ua+4CYT4UxlWoLk8it1sGIVwsHw8kPIqURbyn87lSjBx+EtL3kcCJd9kbwqoHNYYl8vr8h\/pQyPDY\/ybl6Qwn\/XMkSLUm2ozx+ocAL3SGobGPEaWQ9OWNjOTl7uDiKpBrygQ3id7tOI36I6GmEl\/Tp54jwr5vadXwcWL1EaB7bvcFBmu9\/MyRxHuzsWY\/Iy1vmeVBmRgJ+QgzZSkyjLg=="} +00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1690749276072688,"flow_dst_last_pkt_time":1690749276055867,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_usec":1690749276072688,"pkt":"eJS0JASgYDjgxTWgCABFAABuI8MAAH8Rm4XAqAJkTp9qi+tAbrcAWmUpu3tPZAeQ46M6mABOvfTiLmhjk5Eo7IVF5El0OH9Oalhsd6e845+k7R3mRhdmSAjukoEpvToeTF5uw4+ZNVffp2IhCQbEzT+aUmfmbrcP3OMEDg=="} +01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1690748853317402,"flow_src_last_pkt_time":1690748853790269,"flow_dst_last_pkt_time":1690748853462657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1150,"flow_dst_tot_l4_payload_len":133,"midstream":0,"thread_ts_usec":1690749276312337,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"84.16.248.143","src_port":60751,"dst_port":30098,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":8210,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_usec":1690750256496605} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690750256496605,"flow_src_last_pkt_time":1690750256496605,"flow_dst_last_pkt_time":1690750256496605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690750256496605,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.143","src_port":55460,"dst_port":21931,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1690750256496605,"flow_dst_last_pkt_time":1690750256496605,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1690750256496605,"pkt":"eJS0JASgYDjgxTWgCABFAABivOoAAH8R9mXAqAJkTp92j9ikVasATlq9PAAAC\/YAAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAHAAAAAAAAAAcaZmSmn4yqST2dsNw5sE0qvA1Y7T4SUNxW2dvvvwLc+w=="} +01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690750256496605,"flow_src_last_pkt_time":1690750256496605,"flow_dst_last_pkt_time":1690750256496605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":70,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":70,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690750256496605,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.143","src_port":55460,"dst_port":21931,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1690750256749930,"flow_dst_last_pkt_time":1690750256496605,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1690750256749930,"pkt":"eJS0JASgYDjgxTWgCABFAABivOsAAH8R9mTAqAJkTp92j9ikVasATlq9PAAAC\/YAAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAHAAAAAAAAAAcaZmSmn4yqST2dsNw5sE0qvA1Y7T4SUNxW2dvvvwLc+w=="} +00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1690750257016787,"flow_dst_last_pkt_time":1690750256496605,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1690750257016787,"pkt":"eJS0JASgYDjgxTWgCABFAABivOwAAH8R9mPAqAJkTp92j9ikVasATlq9PAAAC\/YAAAAAAAAAAAAAAAEAAAAHAAAAAwcAAAAHAAAAAAAAAAcaZmSmn4yqST2dsNw5sE0qvA1Y7T4SUNxW2dvvvwLc+w=="} +00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1690750257016787,"flow_dst_last_pkt_time":1690750257223019,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1690750257223019,"pkt":"YDjgxTWgeJS0JASgCABFAACh7\/5AADkRyRJOn3aPwKgCZFWr2KQAjXYqhwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8dpRYQ+oNgGmLuIRx8o3yqGljPRSQdKg6s3ezQfd1fFfc8W50rmMGhRKqYvRWSqBS+yTBzDYMRASmWsy5F8aPQAAAAE2AjgcjCwPjZjKtR64trQyF9DwO6AwDZRSMKKRxDbkOg=="} +00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1690750257223299,"flow_dst_last_pkt_time":1690750257223019,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":267,"pkt_l4_len":233,"thread_ts_usec":1690750257223299,"pkt":"eJS0JASgYDjgxTWgCABFAAD9vO0AAH8R9cfAqAJkTp92j9ikVasA6U89twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJayDQss1yqjCVCoRYctWeyPGeh+rCqtfCAIezh5tfYD49Oxy7cP6xgAn1J2UkUSha0Yjsn7UHAsO+lM\/OP0MxdkHqrKyWhPVzyEGXJI+V1GZ5uZtKBSxmQ2LpU\/fF1GAhhx4zkZTb6htgJ9EmSVdNHDsFhdFkst7D5VTXje47jWx68FCg42Rr02\/Qmpgfh4mPfHHczsTnssYMMZB0Psd4i03cSDcEnIP2kzIf0IYx8G8rXQ3qhVAEUIr1uuv2oqp"} +01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1690749275638306,"flow_src_last_pkt_time":1690749276312337,"flow_dst_last_pkt_time":1690749276197934,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":241,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1136,"flow_dst_tot_l4_payload_len":266,"midstream":0,"thread_ts_usec":1690750257436073,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.106.139","src_port":60224,"dst_port":28343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1690750256496605,"flow_src_last_pkt_time":1690750257417113,"flow_dst_last_pkt_time":1690750257436073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":133,"flow_src_tot_l4_payload_len":1058,"flow_dst_tot_l4_payload_len":399,"midstream":0,"thread_ts_usec":1690750257436073,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"78.159.118.143","src_port":55460,"dst_port":21931,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CryNetwork","proto_id":"314","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/crynet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":105,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":9667,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_usec":1690750257436073} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 60/60 +~~ packets captured/processed: 105/105 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 5525 bytes -~~ total detected protocols..: 4 -~~ total active/idle flows...: 4/4 +~~ total layer4 data length..: 9667 bytes +~~ total detected protocols..: 7 +~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7774937 bytes -~~ total memory freed........: 7774937 bytes -~~ total allocations/frees...: 146464/146464 +~~ total memory allocated....: 11491209 bytes +~~ total memory freed........: 11491209 bytes +~~ total allocations/frees...: 216796/216796 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 567 chars -~~ json string max len.......: 1100 chars -~~ json string avg len.......: 832 chars +~~ json string max len.......: 1102 chars +~~ json string avg len.......: 833 chars diff --git a/test/results/default/custom_categories.pcapng.out b/test/results/default/custom_categories.pcapng.out new file mode 100644 index 000000000..b4294fc35 --- /dev/null +++ b/test/results/default/custom_categories.pcapng.out @@ -0,0 +1,45 @@ +00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":921159918266121} +00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159918266121,"flow_dst_last_pkt_time":921159918266121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":921159918266121,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":921159918266121,"flow_dst_last_pkt_time":921159918266121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":921159918266121,"pkt":"AGCXrkniAACGApxRht1gAAAAACgGQCABDbgAAQAAAAAAAAAAAAEgAQ24AgAAAAAAAAAAAAAB\/NBRhNZ28yEAAAAAoAIgAOtZAAACBAWgAQMDAAEBCAoACMpXAAAAAA=="} +00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":921159918266121,"flow_dst_last_pkt_time":921159918323110,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":921159918323110,"pkt":"AACGApxRAGCXrkniht1gAAAAACgGPSABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABUYT80Ax6BePWdvMioBIhXG9FAAACBATEAQMDAAEBCAoAAWklAAjKVw=="} +00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":921159918323652,"flow_dst_last_pkt_time":921159918323110,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":921159918323652,"pkt":"AGCXrkniAACGApxRht1gAAAAACAGQCABDbgAAQAAAAAAAAAAAAEgAQ24AgAAAAAAAAAAAAAB\/NBRhNZ28yIMegXkgBAhXJoZAAABAQgKAAjKVwABaSU="} +00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":921159918323652,"flow_dst_last_pkt_time":921159918402990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":101,"pkt_l4_len":47,"thread_ts_usec":921159918402990,"pkt":"AACGApxRAGCXrkniht1gAAAAAC8GPSABDbgCAAAAAAAAAAAAAAEgAQ24AAEAAAAAAAAAAAABUYT80Ax6BeTWdvMigBghXPiTAAABAQgKAAFpJQAIyldTU0gtMS41LTEuMi4yNgo="} +01176{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159918323652,"flow_dst_last_pkt_time":921159918402990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":15,"midstream":0,"thread_ts_usec":921159918402990,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-1.5-1.2.26","server_signature":"","hassh_client":"","hassh_server":""}}} +00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":921159918404039,"flow_dst_last_pkt_time":921159918402990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":101,"pkt_l4_len":47,"thread_ts_usec":921159918404039,"pkt":"AGCXrkniAACGApxRht1gAAAAAC8GQCABDbgAAQAAAAAAAAAAAAEgAQ24AgAAAAAAAAAAAAAB\/NBRhNZ28yIMegXzgBghXPiEAAABAQgKAAjKVwABaSVTU0gtMS41LTEuMi4yNgo="} +01200{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159918404039,"flow_dst_last_pkt_time":921159918402990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":15,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":15,"midstream":0,"thread_ts_usec":921159918404039,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-1.5-1.2.26","server_signature":"SSH-1.5-1.2.26","hassh_client":"","hassh_server":""}}} +01204{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159918542802,"flow_dst_last_pkt_time":921159918745464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":291,"midstream":0,"thread_ts_usec":921159918745464,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-1.5-1.2.26","server_signature":"SSH-1.5-1.2.26","hassh_client":"","hassh_server":""}}} +02359{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159920416135,"flow_dst_last_pkt_time":921159920477444,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":568,"flow_src_tot_l4_payload_len":687,"flow_dst_tot_l4_payload_len":1335,"midstream":0,"thread_ts_usec":921159920477444,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":56989,"avg":140688.3,"max":385938,"stddev":76774.1,"var":5894261248.0,"ent":4.8,"data": [56989,57531,79880,80387,89216,138763,253258,182381,385938,91317,93080,94647,191269,165005,76892,108844,123707,109411,199372,90998,94037,69367,74265,78602,142565,139480,141464,314131,235639,200458,202444]},"pktlen": {"min":72,"avg":135.7,"max":640,"stddev":113.0,"var":12766.0,"ent":4.7,"data": [80,80,72,87,87,348,228,72,84,92,84,236,220,72,84,212,212,72,100,116,72,84,212,84,84,84,84,640,72,100,72,116]},"bins": {"c_to_s": [12,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,2,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [3.368683577,4.029293060,3.817690372,4.358336926,4.312359810,6.673550606,6.224353790,3.789912701,4.102612972,4.484647751,4.159218788,6.579281807,6.467639446,3.817690372,4.106600761,6.354053020,6.361316204,3.779428005,4.600508690,5.055481434,3.751650333,4.102612972,6.370564461,4.049995422,4.126422405,4.126422405,4.078803539,7.576204777,3.789912701,4.708058834,3.789912701,5.130954742]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":4626,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1372147721244685} +00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721244685,"flow_dst_last_pkt_time":1372147721244685,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1372147721244685,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1372147721244685,"flow_dst_last_pkt_time":1372147721244685,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1372147721244685,"pkt":"AA4M4kUbACNaf3GXCABFAAA87cpAAEAG1CSsGtssrB5FZ+UPABbU06naAAAAAKACOQjEsQAAAgQFtAQCCAoplUQQAAAAAAEDAwc="} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1372147721244685,"flow_dst_last_pkt_time":1372147721244833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1372147721244833,"pkt":"ACNaf3GXAA4M4kUbCABFAAA8AABAAEAGwe+sHkVnrBrbLAAW5Q9l97pw1NOp26ASFqC2AgAAAgQFtAQCCAoIsgfsKZVEEAEDAwc="} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1372147721244870,"flow_dst_last_pkt_time":1372147721244833,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1372147721244870,"pkt":"AA4M4kUbACNaf3GXCABFAAA07ctAAEAG1CusGtssrB5FZ+UPABbU06nbZfe6cYAQAHP6+wAAAQEICimVRBAIsgfs"} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1372147721244870,"flow_dst_last_pkt_time":1372147721255649,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1372147721255649,"pkt":"ACNaf3GXAA4M4kUbCABFAABJvZ1AAEAGBEWsHkVnrBrbLAAW5Q9l97px1NOp24AYAC7+eQAAAQEICgiyB\/YplUQQU1NILTEuOTktT3BlblNTSF80LjMK"} +01183{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721244870,"flow_dst_last_pkt_time":1372147721255649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":21,"midstream":0,"thread_ts_usec":1372147721255649,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-1.99-OpenSSH_4.3","server_signature":"","hassh_client":"","hassh_server":""}}} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1372147721255719,"flow_dst_last_pkt_time":1372147721255649,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1372147721255719,"pkt":"AA4M4kUbACNaf3GXCABFAAA07cxAAEAG1CqsGtssrB5FZ+UPABbU06nbZfe6hoAQAHP60QAAAQEICimVRBsIsgf2"} +01191{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721255719,"flow_dst_last_pkt_time":1372147721255649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":21,"midstream":0,"thread_ts_usec":1372147721255719,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-1.99-OpenSSH_4.3","server_signature":"","hassh_client":"","hassh_server":""}}} +01332{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721255785,"flow_dst_last_pkt_time":1372147721255649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":21,"midstream":0,"thread_ts_usec":1372147721255785,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-1.99-OpenSSH_4.3","server_signature":"SSH-2.0-OpenSSH_6.1","hassh_client":"","hassh_server":""}}} +01366{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721256013,"flow_dst_last_pkt_time":1372147721255988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":960,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":981,"flow_dst_tot_l4_payload_len":21,"midstream":0,"thread_ts_usec":1372147721256013,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-1.99-OpenSSH_4.3","server_signature":"SSH-2.0-OpenSSH_6.1","hassh_client":"D6593B3202A30B2AA9793A00F8647A0A","hassh_server":""}}} +01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721256013,"flow_dst_last_pkt_time":1372147721258988,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":960,"flow_dst_max_l4_payload_len":704,"flow_src_tot_l4_payload_len":981,"flow_dst_tot_l4_payload_len":725,"midstream":0,"thread_ts_usec":1372147721258988,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-1.99-OpenSSH_4.3","server_signature":"SSH-2.0-OpenSSH_6.1","hassh_client":"D6593B3202A30B2AA9793A00F8647A0A","hassh_server":"500033A73A293E7C36743693D0D4596B"}}} +01123{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":30,"flow_first_seen":921159918266121,"flow_src_last_pkt_time":921159923590712,"flow_dst_last_pkt_time":921159923604621,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":879,"flow_dst_tot_l4_payload_len":3747,"midstream":0,"thread_ts_usec":1372147721351034,"l3_proto":"ip6","src_ip":"2001:db8:1::1","dst_ip":"2001:db8:200::1","src_port":64720,"dst_port":20868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":85,"packets-processed":84,"total-skipped-flows":0,"total-l4-payload-len":7372,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1536820136171967} +00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1536820136171967,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1536820136171967} +00776{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":346,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":346,"pkt_l4_len":0,"thread_ts_usec":1372147721351034,"pkt":"AAAAEABx1JToDq3KgQABHYEAAHmIZBEAIXUBPgBXYA+EAwEUMjIqAQ40729DQJS+XazCCtKgIAEWcAAIQKagjjMrqmkY3CxYL7oAAAAB9z4M1SEeGqQ7VD\/8uYulUwNGJm\/OK8amyLr31U5ficc+rCHRtb\/T3cgFN7Omq98Xcc2KqKObdmG5QJsjAR6nscPvKVK5EQQ2CtXgQ2ekli85AWg\/\/9hDrwzDTYQCdc04v178i1vzDmCn1E6C0ltXFPME9jPS9nyo6OU4GZzL4WKFeXnOWd820KgwjMMCcUzamtrkQtu\/aKLDIzQKRkoT5GPfQKPWU5curqG35\/fVuD6MuVU49VS296Pb0Kuy+euctUZkgyPAOdaQzWXn8dfRYDWVRLmvOnjyARednGx7v5AEEw0GOFVD4kR8htGuevYonoWDIkWmw5\/cutFIs5NF1fWRfG6VNRiBgVSHZg=="} +01243{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1372147721244685,"flow_src_last_pkt_time":1372147721351034,"flow_dst_last_pkt_time":1372147721311475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":960,"flow_dst_max_l4_payload_len":704,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":1469,"midstream":0,"thread_ts_usec":1372147721351034,"l3_proto":"ip4","src_ip":"172.26.219.44","dst_ip":"172.30.69.103","src_port":58639,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} +00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/custom_categories.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":85,"packets-processed":84,"total-skipped-flows":0,"total-l4-payload-len":7372,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1536820136171967} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 85/84 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 7372 bytes +~~ total detected protocols..: 2 +~~ total active/idle flows...: 2/2 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 11484016 bytes +~~ total memory freed........: 11484016 bytes +~~ total allocations/frees...: 216727/216727 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 313 chars +~~ json string max len.......: 2364 chars +~~ json string avg len.......: 1345 chars diff --git a/test/results/default/custom_risk_mask.pcapng.out b/test/results/default/custom_risk_mask.pcapng.out new file mode 100644 index 000000000..e41fb06ca --- /dev/null +++ b/test/results/default/custom_risk_mask.pcapng.out @@ -0,0 +1,26 @@ +00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1470104378045695} +00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::7c0:e74e:87c3:5d93","dst_ip":"ff02::1:3","src_port":6741,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104378045695,"pkt":"MzMANk5E\/PiuTCJLht1gAAAAACYRAf6AAAAAAAAAB8DnTofDXZP\/AgAAAAAAAAAAAAAAAQADGlUU6wAmkyP2BAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} +01086{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::7c0:e74e:87c3:5d93","dst_ip":"ff02::1:3","src_port":6741,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::356b:e047:3695:f741","dst_ip":"ff02::1:3","src_port":16765,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104378045695,"pkt":"MzMA4qKC\/PiuQrGtht1gAAAAACYRAf6AAAAAAAAANWvgRzaV90H\/AgAAAAAAAAAAAAAAAQADQX0U6wAm\/Nb2BAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} +01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::356b:e047:3695:f741","dst_ip":"ff02::1:3","src_port":16765,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::7c0:e74e:87c3:5d93","dst_ip":"ff02::1:3","src_port":6741,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::356b:e047:3695:f741","dst_ip":"ff02::1:3","src_port":16765,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_risk_mask.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":60,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1470104378045695} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 2/2 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 60 bytes +~~ total detected protocols..: 2 +~~ total active/idle flows...: 2/2 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 11477506 bytes +~~ total memory freed........: 11477506 bytes +~~ total allocations/frees...: 216636/216636 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 579 chars +~~ json string max len.......: 1132 chars +~~ json string avg len.......: 850 chars diff --git a/test/results/default/custom_rules_ipv6.pcapng.out b/test/results/default/custom_rules_ipv6.pcapng.out new file mode 100644 index 000000000..22ae404bf --- /dev/null +++ b/test/results/default/custom_rules_ipv6.pcapng.out @@ -0,0 +1,41 @@ +00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":921159902141757} +00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":921159902141757,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902141757,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":921159902141757,"l3_proto":"ip6","src_ip":"3ffe:507::1:200:86ff:fe05:80da","dst_ip":"3ffe:501:4819::42","src_port":21554,"dst_port":5333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902141757,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"thread_ts_usec":921159902141757,"pkt":"AGCXun1\/AACGUYYrht1gAAAAACQRQD\/+BQcAAAABAgCG\/\/4FgNo\/\/gUBSBkAAAAAAAAAAABCVDIU1QAkkJMABgEAAAEAAAAAAAAGaXRvanVuA29yZwAA\/wAB"} +01158{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902215272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":510,"pkt_l4_len":456,"thread_ts_usec":921159902215272,"pkt":"AACGUYYrAGCXun1\/ht1gAAAAAcgR5j\/+BQFIGQAAAAAAAAAAAEI\/\/gUHAAAAAQIAhv\/+BYDaFNVUMgHInvQABoWAAAEABgACAAUGaXRvanVuA29yZwAA\/wABwAwAAgABAAAOEAAUB2NvY29udXQGaXRvanVuA29yZwDADAACAAEAAA4QABoFdGlnZXIFaGlyb28Ib3Nob2t1amkDb3JnAMAMAA8AAQAADhAAFgAKB2NvY29udXQGaXRvanVuA29yZwDADAAPAAEAAA4QABMAFARraXdpBml0b2p1bgNvcmcAwAwAAQABAAAOEAAE0qBfYcAMAAYAAQAADhAAMQZpdG9qdW4Db3JnAARyb290Bml0b2p1bgNvcmcAC+pHaAAADhAAAAEsADbugAAADhDADAACAAEAAA4QABQHY29jb251dAZpdG9qdW4Db3JnAMAMAAIAAQAADhAAGgV0aWdlcgVoaXJvbwhvc2hva3VqaQNvcmcAB2NvY29udXTADAABAAEAAA4QAATSoF9hBXRpZ2VyBWhpcm9vCG9zaG9rdWppwBMAAQABAAAOEAAE0pEh8gRraXdpwAwAHAABAAAOEAAQP\/4FAQQQAAACwN\/\/\/kcDPsFzABwAAQAADhAAED\/+BQEEEAEAUlQA\/\/7aSL\/BcwABAAEAAA4QAATSoF9j"} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":476,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1639052947771491} +00844{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947771491,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1225,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"247f:855b:5e16:3caf:3f2c:4134:9592:661b","dst_ip":"21bc:b273:7f68:88d7:77a8:585:3990:927b","src_port":100,"dst_port":1991,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1287,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1287,"pkt_l4_len":1233,"thread_ts_usec":1639052947771491,"pkt":"AAAAAAAAAAIAMzxWht1gAAAABNERPyR\/hVteFjyvPyxBNJWSZhshvLJzf2iI13eoBYU5kJJ7AGQHxwTRtFQX\/v0AAQAAAAAaDQS8AAEAAAAAGg3ty6JKrYU18U2SnV6TZ4GWPTkMaTeI9UivesrOAyLeyxCH9Ett98n\/BUnyUWlx5VOsHuSnNHK30aiWa0bQql\/OXO+\/gsGi9Vb3WsWwYwBW0pVyHQ0B46+DlfcYN9qmkFlJh9kPJ0YDdosoedP6B1hATFaaYqjsVizwYv4HbXzokGD8PNwSlO3kQDrYIDtSZtpx53PdVwuoZxmUt2\/suWUGs8IBjSst\/7lN9W\/tNGh8FPVXN62L5CDnpEZkkIUsEaeXQROB99R7U\/ALAM\/PILPWGKHcK40NY0zdzRDoPZgcslPBdXAvOL0SyOsktYL4LsfNMroozoQrT1QygQh\/o+MoyM33fxWmZDikDkltMfPc33LY24DbMLEUJSzHfiOjIRCt2AqzjcvSCQ38yEO+w9IlHTAlWBz5qVIMz7e1qCh3VJZC2Uk5DzFw28f9kldm3DfO9X7n7ddcO7HPXGEKSAl\/dwOtNCSxzRyxVMkINXT1F8R3Kr1X0P79jeYNVsXDuoN440ZxqXaTe3v0EasLalE31omPrKPox8OjFKowZ\/SB2G59InZnkarkjdu7hofmRIpcf1D0LJ3M2t8stXvQJI6nUBwyqpp5ngwHNvz79ijs5osivjMa3ty3XsPR+UNx8lznc42OZ1sGTXR0GLXtbRRqi7Z+4UroQBOGMmj+qZ8+nmZa1QVZaDNzAO8RnvnWLVhMuivh1V4phVCw91Xn3+UI\/Yq\/HuRtkiiI4kcN+I7R7A0JaMt0M2QaUHpH\/RO\/Z5WhuDGAMKrjoa7iJZvXMIIyECgYOrb7SOnPE2s3lSzDu7L3oxtwwlAylIXUQaomQnBMvB3FgbB6sUeYuhXFnMNy372f9keLastrb\/zBNJ51N\/OVuA6B8wsbBsXGn8cGnWZR2no5OrWHInzQk69yG731TtvqCHK0cXkmZv8FcaBZBELVB9ipqEVcSZkd+jnn\/t8Abzkn7pB+sMPEXMqIs5QJ7XJPl0ndMGtuhy6yPPoXAW+ICkWKMXbgJRWDbCXvYXNR4+vU\/VosznWRONI5l3QbtVvN+cDigIswYX29jz4xZcn6V4kBfpRMLOAzyovu9Kqb4CMRAAZG3cC2PKlxE5a1Le13Q1hKVJKJpAITen73s\/tG1LSh8h0ljZQqCT9vsB418MDr50io5+X4sUm3wUHzm6zfNYpxQupY1pT1JptaHZiDxZjS3ZXx6kha2vcHtmQyYyxdoRL9hcTVRT8MNr4FV7Wcl6hfgek7k1qWbCCdZejjISGI+kEtgx0Q6LVKF6ecXJ3rg4aQXVd2dslKHzHPrIAHtxUnnqmjZyXIQ2ftOFVgObSb+gEi\/MesMAdhLiYHOOuP+UEVRIAuAkdvrQn+T4E6jQ\/y2JFluy8pQnPkoLwOumUrd5SpyEaqoCaTiXWXj4KqbJyqqSa5WR\/Tqdr8FovyWg3dT0gR6zCv6HfHWt1gY7rHuLyUJN3p3vhJlqMR6cesxmaJwoXuqhhOLnvYjvUbc\/hIxS8Bbqpi4atOXiC6GVEtb4bWUS\/ux9Fq2ZwJ4B\/5D0UfjHbWiETDrnG4dRBdY8Qzx3a3pDvzONf1PZ1KOdnkPMqzglGKxtgmCYP53\/TX"} +01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947771491,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1225,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"247f:855b:5e16:3caf:3f2c:4134:9592:661b","dst_ip":"21bc:b273:7f68:88d7:77a8:585:3990:927b","src_port":100,"dst_port":1991,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00847{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947771491,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1225,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"247f:855b:5e16:3caf:3f2c:4134:9592:661b","dst_ip":"21bc:b273:7f68:88d7:77a8:585:3990:927b","src_port":36098,"dst_port":50621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1287,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1287,"pkt_l4_len":1233,"thread_ts_usec":1639052947771491,"pkt":"AAAAAAAAAAIA5Qyfht1gAAAABNERPyR\/hVteFjyvPyxBNJWSZhshvLJzf2iI13eoBYU5kJJ7jQLFvQTRqBEX\/v0AAQAAAAAaDQS8AAEAAAAAGg3ty6JKrYU18U2SnV6TZ4GWPTkMaTeI9UivesrOAyLeyxCH9Ett98n\/BUnyUWlx5VOsHuSnNHK30aiWa0bQql\/OXO+\/gsGi9Vb3WsWwYwBW0pVyHQ0B46+DlfcYN9qmkFlJh9kPJ0YDdosoedP6B1hATFaaYqjsVizwYv4HbXzokGD8PNwSlO3kQDrYIDtSZtpx53PdVwuoZxmUt2\/suWUGs8IBjSst\/7lN9W\/tNGh8FPVXN62L5CDnpEZkkIUsEaeXQROB99R7U\/ALAM\/PILPWGKHcK40NY0zdzRDoPZgcslPBdXAvOL0SyOsktYL4LsfNMroozoQrT1QygQh\/o+MoyM33fxWmZDikDkltMfPc33LY24DbMLEUJSzHfiOjIRCt2AqzjcvSCQ38yEO+w9IlHTAlWBz5qVIMz7e1qCh3VJZC2Uk5DzFw28f9kldm3DfO9X7n7ddcO7HPXGEKSAl\/dwOtNCSxzRyxVMkINXT1F8R3Kr1X0P79jeYNVsXDuoN440ZxqXaTe3v0EasLalE31omPrKPox8OjFKowZ\/SB2G59InZnkarkjdu7hofmRIpcf1D0LJ3M2t8stXvQJI6nUBwyqpp5ngwHNvz79ijs5osivjMa3ty3XsPR+UNx8lznc42OZ1sGTXR0GLXtbRRqi7Z+4UroQBOGMmj+qZ8+nmZa1QVZaDNzAO8RnvnWLVhMuivh1V4phVCw91Xn3+UI\/Yq\/HuRtkiiI4kcN+I7R7A0JaMt0M2QaUHpH\/RO\/Z5WhuDGAMKrjoa7iJZvXMIIyECgYOrb7SOnPE2s3lSzDu7L3oxtwwlAylIXUQaomQnBMvB3FgbB6sUeYuhXFnMNy372f9keLastrb\/zBNJ51N\/OVuA6B8wsbBsXGn8cGnWZR2no5OrWHInzQk69yG731TtvqCHK0cXkmZv8FcaBZBELVB9ipqEVcSZkd+jnn\/t8Abzkn7pB+sMPEXMqIs5QJ7XJPl0ndMGtuhy6yPPoXAW+ICkWKMXbgJRWDbCXvYXNR4+vU\/VosznWRONI5l3QbtVvN+cDigIswYX29jz4xZcn6V4kBfpRMLOAzyovu9Kqb4CMRAAZG3cC2PKlxE5a1Le13Q1hKVJKJpAITen73s\/tG1LSh8h0ljZQqCT9vsB418MDr50io5+X4sUm3wUHzm6zfNYpxQupY1pT1JptaHZiDxZjS3ZXx6kha2vcHtmQyYyxdoRL9hcTVRT8MNr4FV7Wcl6hfgek7k1qWbCCdZejjISGI+kEtgx0Q6LVKF6ecXJ3rg4aQXVd2dslKHzHPrIAHtxUnnqmjZyXIQ2ftOFVgObSb+gEi\/MesMAdhLiYHOOuP+UEVRIAuAkdvrQn+T4E6jQ\/y2JFluy8pQnPkoLwOumUrd5SpyEaqoCaTiXWXj4KqbJyqqSa5WR\/Tqdr8FovyWg3dT0gR6zCv6HfHWt1gY7rHuLyUJN3p3vhJlqMR6cesxmaJwoXuqhhOLnvYjvUbc\/hIxS8Bbqpi4atOXiC6GVEtb4bWUS\/ux9Fq2ZwJ4B\/5D0UfjHbWiETDrnG4dRBdY8Qzx3a3pDvzONf1PZ1KOdnkPMqzglGKxtgmCYP53\/TX"} +01110{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947771491,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1225,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"247f:855b:5e16:3caf:3f2c:4134:9592:661b","dst_ip":"21bc:b273:7f68:88d7:77a8:585:3990:927b","src_port":36098,"dst_port":50621,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00899{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":921159902141757,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902215272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":448,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"3ffe:507::1:200:86ff:fe05:80da","dst_ip":"3ffe:501:4819::42","src_port":21554,"dst_port":5333,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":921159902141757,"flow_src_last_pkt_time":921159902141757,"flow_dst_last_pkt_time":921159902215272,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":448,"midstream":0,"thread_ts_usec":1639052947771491,"l3_proto":"ip6","src_ip":"3ffe:507::1:200:86ff:fe05:80da","dst_ip":"3ffe:501:4819::42","src_port":21554,"dst_port":5333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":2926,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1697468695606215} +00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fe6c:c124","dst_ip":"ff02::1","src_port":12718,"dst_port":26993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":318,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":318,"pkt_l4_len":264,"thread_ts_usec":1697468695606215,"pkt":"MzMAAAABdKy5hQ8sht1gCiQKAQgRAf6AAAAAAAAAdqy5\/\/5swST\/AgAAAAAAAAAAAAAAAAABMa5pcQEICAkCBgD8NQAEAAAAADUABAAAAAA1AAQAAAAANQAEAAAAADUABAAAAAA1AAQAAAAANQAEAAAAADUABAAAAAACAAp0rLlswSTAqAGKNQAEAAAAAAEABnSsuWzBJAoABAAaK9ALAApVQVAtQUMtUHJvDAAFVTdQRzIDACNCWi5xY2E5NTZ4XzYuNS4yOCsxNDQ5MS4yMzAxMjcuMTYxMhYADDYuNS4yOC4xNDQ5MRUABVU3UEcyFwABABgAAQAZAAEBGgABARMABnSsuWzBJBIABAAAAGwbAAUzLjQuMScACGzPYx5MclIbKgAQoL0SJJZDS0aMz2MeTHJSGywAAQA4AAEA"} +00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fe6c:c124","dst_ip":"ff02::1","src_port":12717,"dst_port":64315,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":318,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":318,"pkt_l4_len":264,"thread_ts_usec":1697468695606215,"pkt":"MzMAAAABdKy5V61Kht1gCiQKAQgRAf6AAAAAAAAAdqy5\/\/5swST\/AgAAAAAAAAAAAAAAAAABMa37OwEIdj8CBgD8NQAEAAAAADUABAAAAAA1AAQAAAAANQAEAAAAADUABAAAAAA1AAQAAAAANQAEAAAAADUABAAAAAACAAp0rLlswSTAqAGKNQAEAAAAAAEABnSsuWzBJAoABAAaK9ALAApVQVAtQUMtUHJvDAAFVTdQRzIDACNCWi5xY2E5NTZ4XzYuNS4yOCsxNDQ5MS4yMzAxMjcuMTYxMhYADDYuNS4yOC4xNDQ5MRUABVU3UEcyFwABABgAAQAZAAEBGgABARMABnSsuWzBJBIABAAAAGwbAAUzLjQuMScACGzPYx5MclIbKgAQoL0SJJZDS0aMz2MeTHJSGywAAQA4AAEA"} +01146{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947771491,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1225,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"247f:855b:5e16:3caf:3f2c:4134:9592:661b","dst_ip":"21bc:b273:7f68:88d7:77a8:585:3990:927b","src_port":100,"dst_port":1991,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01149{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947771491,"flow_src_last_pkt_time":1639052947771491,"flow_dst_last_pkt_time":1639052947771491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1225,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1225,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1225,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"247f:855b:5e16:3caf:3f2c:4134:9592:661b","dst_ip":"21bc:b273:7f68:88d7:77a8:585:3990:927b","src_port":36098,"dst_port":50621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00887{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fe6c:c124","dst_ip":"ff02::1","src_port":12718,"dst_port":26993,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fe6c:c124","dst_ip":"ff02::1","src_port":12718,"dst_port":26993,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00887{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fe6c:c124","dst_ip":"ff02::1","src_port":12717,"dst_port":64315,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} +00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1697468695606215,"flow_src_last_pkt_time":1697468695606215,"flow_dst_last_pkt_time":1697468695606215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":256,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":256,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1697468695606215,"l3_proto":"ip6","src_ip":"fe80::76ac:b9ff:fe6c:c124","dst_ip":"ff02::1","src_port":12717,"dst_port":64315,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_ipv6.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":3438,"total-not-detected-flows":3,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1697468695606215} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 6/6 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 3438 bytes +~~ total detected protocols..: 2 +~~ total active/idle flows...: 5/5 +~~ total timeout flows.......: 1 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 11484018 bytes +~~ total memory freed........: 11484018 bytes +~~ total allocations/frees...: 216673/216673 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 580 chars +~~ json string max len.......: 2220 chars +~~ json string avg len.......: 1399 chars diff --git a/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out b/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out index 26e0a58ad..e76d21cf3 100644 --- a/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out +++ b/test/results/default/custom_rules_same-ip_multiple_ports.pcapng.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00656{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1680119132471406} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00656{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1680119132471406} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680119132471406,"flow_src_last_pkt_time":1680119132471406,"flow_dst_last_pkt_time":1680119132471406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680119132471406,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":56866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1680119132471406,"flow_dst_last_pkt_time":1680119132471406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1680119132471406,"pkt":"ILAB4IZiNObXAhsnCABFAAA8s3NAAEAGvqXAqAH1AwMDA94iAbtRdP6TAAAAAKAC+vDI0QAAAgQFtAQCCAqoD4ViAAAAAAEDAwc="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1680119133500058,"flow_dst_last_pkt_time":1680119132471406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1680119133500058,"pkt":"ILAB4IZiNObXAhsnCABFAAA8s3RAAEAGvqTAqAH1AwMDA94iAbtRdP6TAAAAAKAC+vDI0QAAAgQFtAQCCAqoD4lnAAAAAAEDAwc="} @@ -7,7 +7,7 @@ 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680119137435431,"flow_src_last_pkt_time":1680119137435431,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680119137435431,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":59682,"dst_port":444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1680119137435431,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1680119137435431,"pkt":"ILAB4IZiNObXAhsnCABFAAA8LchAAEAGRFHAqAH1AwMDA+kiAbwrwl9OAAAAAKAC+vDI0QAAAgQFtAQCCAqoD5jGAAAAAAEDAwc="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1680119138460059,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1680119138460059,"pkt":"ILAB4IZiNObXAhsnCABFAAA8LclAAEAGRFDAqAH1AwMDA+kiAbwrwl9OAAAAAKAC+vDI0QAAAgQFtAQCCAqoD5zHAAAAAAEDAwc="} -00657{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1690371375710832} +00657{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1690371375710832} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690371375710832,"flow_src_last_pkt_time":1690371375710832,"flow_dst_last_pkt_time":1690371375710832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690371375710832,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":58288,"dst_port":446,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1690371375710832,"flow_dst_last_pkt_time":1690371375710832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690371375710832,"pkt":"ILAB4IZiNObXAhsnCABFAAA8o61AAEAGzmvAqAH1AwMDA+OwAb5KplVKAAAAAKAC+vDI0QAAAgQFtAQCCApUfTfYAAAAAAEDAwc="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1690371376732151,"flow_dst_last_pkt_time":1690371375710832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690371376732151,"pkt":"ILAB4IZiNObXAhsnCABFAAA8o65AAEAGzmrAqAH1AwMDA+OwAb5KplVKAAAAAKAC+vDI0QAAAgQFtAQCCApUfTvVAAAAAAEDAwc="} @@ -18,7 +18,7 @@ 00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1680119132471406,"flow_src_last_pkt_time":1680119135516058,"flow_dst_last_pkt_time":1680119132471406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690371378748110,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":56866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01011{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1680119137435431,"flow_src_last_pkt_time":1680119138460059,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690371378748110,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":59682,"dst_port":444,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1680119137435431,"flow_src_last_pkt_time":1680119138460059,"flow_dst_last_pkt_time":1680119137435431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690371378748110,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"3.3.3.3","src_port":59682,"dst_port":444,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00659{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":2,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1690371378748110} +00659{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/custom_rules_same-ip_multiple_ports.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":2,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1690371378748110} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7771421 bytes -~~ total memory freed........: 7771421 bytes -~~ total allocations/frees...: 146406/146406 +~~ total memory allocated....: 11480008 bytes +~~ total memory freed........: 11480008 bytes +~~ total allocations/frees...: 216660/216660 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 587 chars ~~ json string max len.......: 1074 chars diff --git a/test/results/default/dazn.pcapng.out b/test/results/default/dazn.pcapng.out index 52b63dd58..a2b771dbc 100644 --- a/test/results/default/dazn.pcapng.out +++ b/test/results/default/dazn.pcapng.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1653830614885814} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1653830614885814} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1653830614885814,"flow_src_last_pkt_time":1653830614885814,"flow_dst_last_pkt_time":1653830614885814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1653830614885814,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1653830614885814,"flow_dst_last_pkt_time":1653830614885814,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1653830614885814,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8nR9AAEAGx+XAqAGANFTfOtMEAbuvwsZTAAAAAKAC+vBmfAAAAgQFtAQCCAqWAjADAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1653830614885814,"flow_dst_last_pkt_time":1653830614902501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1653830614902501,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8gywAAPQGbdg0VN86wKgBgAG70wTy6KcPr8LGVKAS\/\/+ceQAAAgQFoAQCCAqKcaCKlgIwAwEDAwk="} @@ -24,7 +24,7 @@ 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830640613975,"flow_src_last_pkt_time":1653830640634086,"flow_dst_last_pkt_time":1653830640651038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.27","src_port":46036,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830614885814,"flow_src_last_pkt_time":1653830614904478,"flow_dst_last_pkt_time":1653830614920429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.84.223.58","src_port":54020,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1653830641480609,"flow_src_last_pkt_time":1653830641501966,"flow_dst_last_pkt_time":1653830641520526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1653830641520526,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"13.226.244.30","src_port":40882,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":5835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1653830641520526} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dazn.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":5835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1653830641520526} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -33,9 +33,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7783769 bytes -~~ total memory freed........: 7783769 bytes -~~ total allocations/frees...: 146417/146417 +~~ total memory allocated....: 11492356 bytes +~~ total memory freed........: 11492356 bytes +~~ total allocations/frees...: 216671/216671 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 557 chars ~~ json string max len.......: 2497 chars diff --git a/test/results/default/dcerpc.pcap.out b/test/results/default/dcerpc.pcap.out index 9e20b4af0..5f65eb97b 100644 --- a/test/results/default/dcerpc.pcap.out +++ b/test/results/default/dcerpc.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1602860709979607} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1602860709979607} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1602860709979607,"flow_src_last_pkt_time":1602860709979607,"flow_dst_last_pkt_time":1602860709979607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":642,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":642,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860709979607,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1602860709979607,"flow_dst_last_pkt_time":1602860709979607,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"thread_ts_usec":1602860709979607,"pkt":"AA7wSJ4FABwGCybtCABFAAKeAX4AAB4RFWLAqAELwKgBFMADiJQCip8cBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAAAAP\/\/\/\/8CMgAAAAAAAAMtAAACHgAAAy0AAAAAAAACHgEBAEQBAAABCfGlMMdfbUe2f4BzQ53qrQACABwGCybt3qAAAGyXEdGCcQBkAQ0AKgAAABECWIiSAA5wbGN4YmtvbnRyNzRiNwECAGgBAAABAAGIkgAAAAIAKIAAACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAcAAAABAAAAAIAAAAEAAIABAAIAAIACAAMAAQABAAQAAgABAAYAAwABAAkAAgACAAEACAAEAAEACwECAGgBAAACAAKIkgAAAAIAKIAQACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAIAAgABAAYABAABAAkABwAAAAEAAAAAgAAAAQAAgAEAAgAAgAIAAwABAAEABAACAAEABQADAAEACAEEAEoBAAABAAAAAAAAAAAEBgAAAAQAAQAAAAEAAAABAAABAYAAAAAAAgAAAAEAAAEBgAEAAAADAAAAAQAAAQGAAgAAAAMAAAABAAABAQEEACABAAABAAAAAAABAQAA2AAAAAEAAQAAAAEAAQABAAEBAQEEACYBAAABAAAAAAACCAgABAAAAAEAAQAAAAEAAwABAAEBAQACAAEBAQEEACABAAABAAAAAAADCAAAAgAAAAEAAQAAAAEAAQABAAEBAQEEACABAAABAAAAAAAEAAgAUgAAAAEAAQAAAAEAAgACAAEBAQEDABYBAAABiJIAAAAAAAEAAwAAAQDAAKAA"} 01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1602860709979607,"flow_src_last_pkt_time":1602860709979607,"flow_dst_last_pkt_time":1602860709979607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":642,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":642,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860709979607,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RPC","proto_id":"127","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -26,7 +26,7 @@ 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1602860709993940,"flow_src_last_pkt_time":1602860710062922,"flow_dst_last_pkt_time":1602860709993940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":804,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860710071385,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RPC","proto_id":"127","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1602860709979607,"flow_src_last_pkt_time":1602860710032496,"flow_dst_last_pkt_time":1602860709979607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":953,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3454,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860710071385,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RPC","proto_id":"127","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1602860710063382,"flow_src_last_pkt_time":1602860710063386,"flow_dst_last_pkt_time":1602860710063382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1602860710071385,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RPC","proto_id":"127","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":6194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1602860710071385} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dcerpc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":6194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1602860710071385} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 ~~ skipped flows.............: 0 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7773661 bytes -~~ total memory freed........: 7773661 bytes -~~ total allocations/frees...: 146420/146420 +~~ total memory allocated....: 11482232 bytes +~~ total memory freed........: 11482232 bytes +~~ total allocations/frees...: 216674/216674 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 567 chars ~~ json string max len.......: 1808 chars diff --git a/test/results/default/dhcp-fuzz.pcapng.out b/test/results/default/dhcp-fuzz.pcapng.out index a2413b4f6..23e2afdc3 100644 --- a/test/results/default/dhcp-fuzz.pcapng.out +++ b/test/results/default/dhcp-fuzz.pcapng.out @@ -1,10 +1,10 @@ -00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1268519154926217} +00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1268519154926217} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1268519154926217,"flow_src_last_pkt_time":1268519154926217,"flow_dst_last_pkt_time":1268519154926217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1268519154926217,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00928{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1268519154926217,"flow_dst_last_pkt_time":1268519154926217,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1268519154926217,"pkt":"\/\/\/\/\/\/\/\/AB8p2i15CABFAAFIfVQAAIAR+kDAqJto\/\/\/\/\/wBEAEMBNNQyAQEGAMl5uWAAAAAAwKgBaAAAAAAAAAAAAAAAAAAfKdoteQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1wAAAAAAAFMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZQAAAAAAAAAAAABjglNjNQFqPQcBAB8p2i15DAdNSzAzODYyPDFNU0ZUIDUuMDcMAQ8DBiwuLx8h+Sv8KwPcAQD\/AAAAACUAAAAA"} 00999{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1268519154926217,"flow_src_last_pkt_time":1268519154926217,"flow_dst_last_pkt_time":1268519154926217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1268519154926217,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dhcp": {"fingerprint":"","class_ident":""}}} 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1268519154926217,"flow_src_last_pkt_time":1268519154926217,"flow_dst_last_pkt_time":1268519154926217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1268519154926217,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":300,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1268519154926217} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dhcp-fuzz.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":300,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1268519154926217} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766754 bytes -~~ total memory freed........: 7766754 bytes -~~ total allocations/frees...: 146371/146371 +~~ total memory allocated....: 11475373 bytes +~~ total memory freed........: 11475373 bytes +~~ total allocations/frees...: 216625/216625 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 572 chars ~~ json string max len.......: 1004 chars diff --git a/test/results/default/diameter.pcap.out b/test/results/default/diameter.pcap.out index 7c564d2f5..f162f3477 100644 --- a/test/results/default/diameter.pcap.out +++ b/test/results/default/diameter.pcap.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1263278878271686} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1263278878271686} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1263278878271686,"flow_src_last_pkt_time":1263278878271686,"flow_dst_last_pkt_time":1263278878271686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":344,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":344,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1263278878271686,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00988{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1263278878271686,"flow_dst_last_pkt_time":1263278878271686,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"thread_ts_usec":1263278878271686,"pkt":"ABpk3ZWLACYYlIbACABFAAGABtlAAIAGAAAKyQn1CskJC8cNDxz34fq2+LwvkFAY+gQqBAAAAQABWIAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAAAAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAbhAAAAkAAABuUAAAAwAAAACAAABukAAAA1kYmlsbAAAAAAAAaBAAAAMAAAAAQAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1263278878271686,"flow_src_last_pkt_time":1263278878271686,"flow_dst_last_pkt_time":1263278878271686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":344,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":344,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1263278878271686,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Diameter","proto_id":"237","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -8,7 +8,7 @@ 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1263278878336701,"flow_dst_last_pkt_time":1263278878344805,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_usec":1263278878344805,"pkt":"ACYYlIbAABpk3ZWLCABFAAEUlYpAAEAGe8gKyQkLCskJ9Q8cxw34vDB89+H9dlAYHVCNmAAAAQAA7EAAARAAAAAEAupJMSbwAAUAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAgAAAZ9AAAAMAAAAAQAAARZAAAAMAABBbQAAADdAAAAMzvaZ5QAAAcBAAAAMAAAABQAAAa9AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="} 00940{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1263278878350601,"flow_dst_last_pkt_time":1263278878344805,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":362,"pkt_l4_len":328,"thread_ts_usec":1263278878350601,"pkt":"ABpk3ZWLACYYlIbACABFAAFcBttAAIAGAAAKyQn1CskJC8cNDxz34f12+LwxaFAY+Cwp4AAAAQABNIAAARAAAAAEAupJMibwAAcAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAACAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAaBAAAAMAAAAAwAAAb5AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAEAAAGpQAAADAAAAWQ="} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1263278878271686,"flow_src_last_pkt_time":1263278878350601,"flow_dst_last_pkt_time":1263278878357703,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":308,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":360,"flow_dst_max_l4_payload_len":236,"flow_src_tot_l4_payload_len":1012,"flow_dst_tot_l4_payload_len":644,"midstream":1,"thread_ts_usec":1263278878357703,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Diameter","proto_id":"237","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1263278878357703} +00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/diameter.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1263278878357703} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766927 bytes -~~ total memory freed........: 7766927 bytes -~~ total allocations/frees...: 146377/146377 +~~ total memory allocated....: 11475546 bytes +~~ total memory freed........: 11475546 bytes +~~ total allocations/frees...: 216631/216631 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 569 chars ~~ json string max len.......: 1107 chars diff --git a/test/results/default/discord.pcap.out b/test/results/default/discord.pcap.out index 0fb032e87..7c85b1d40 100644 --- a/test/results/default/discord.pcap.out +++ b/test/results/default/discord.pcap.out @@ -1,4 +1,4 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00740{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":42193200,"flow_src_last_pkt_time":42193200,"flow_dst_last_pkt_time":42193200,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":42193200,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":42193200,"flow_dst_last_pkt_time":42193200,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":42193200,"pkt":"UlQAEjUCCAAnW\/mGCABFAAA8+ptAAEAGEIkKAAIPop+A6adSAbuGXfMIAAAAAKAC+vDjjQAAAgQFtAQCCAqmenD7AAAAAAEDAwc="} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":42193200,"flow_dst_last_pkt_time":42208691,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":42208691,"pkt":"CAAnW\/mGUlQAEjUCCABFAAAsAYYAAEAGSa+in4DpCgACDwG7p1IAKQQBhl3zCWAS\/\/9B4AAAAgQFtA=="} @@ -8,7 +8,7 @@ 01184{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":42193200,"flow_src_last_pkt_time":42209776,"flow_dst_last_pkt_time":42225002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":176,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":42225002,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Discord","proto_id":"91.58","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","hostname":"discord.com","tls": {"version":"TLSv1.2","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2"}}} 02202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":42209776,"flow_dst_last_pkt_time":42225262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1312,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1312,"pkt_l4_len":1278,"thread_ts_usec":42225262,"pkt":"CAAnW\/mGUlQAEjUCCABFAAUSAYsAAEAGRMSin4DpCgACDwG7p1IAKQmuhl3zuVAY\/\/\/akgAAFw0yMDAxMjcxMjQ4MDhaFw0yNDEyMzEyMzU5NTlaMEoxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZGZsYXJlLCBJbmMuMSAwHgYDVQQDExdDbG91ZGZsYXJlIEluYyBFQ0MgQ0EtMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLmtTWaZFAtG7B+B0SpQHp0DFS80En0tlriIOJuFX4+\/u03vYUbEyXPUJE\/g7hzObLNRcS9q7kwFCXfTcmKkm9ejggFoMIIBZDAdBgNVHQ4EFgQUpc436uuwdQ6UZ4i0RfrZJBCHlh8wHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9PbW5pcm9vdDIwMjUuY3JsMG0GA1UdIARmMGQwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCwYJYIZIAYb9bAECMAgGBmeBDAECATAIBgZngQwBAgIwCAYGZ4EMAQIDMA0GCSqGSIb3DQEBCwUAA4IBAQAFJB3dG7Aq65jWheM5TV5rV52CV\/zr6DGiV5BlBb4WRDhadwK5zxBCxuGSpONFJ\/gARyxoqFaZU1SPrZ5AwdAPttcNCzhIbFAsSZAGW2Qdi8xIMC7eCOKbSSLAkgwRXpaSlNX8INxWbOWSk796HMA344VJFfor4XQ5GA+32vOiV1hgT8yOlAD8Rns0MT5NR4KBOsv0iV0O700NbpwbgiTdMiVdEXhRED2gNSMEL2VvnMHRQ9fQHvMxZ1kn3WvSdQmTESQkFM8pvuYjw7iPcj\/pB8gkRFN6s7lhZaFMDsZIAMl1YwWHcEVSg9OVnUXq8OgxHX4JHwr+Pt2qPF500qyxFgMDAR8WAAEbAQABFzCCARMKAQCgggEMMIIBCAYJKwYBBQUHMAEBBIH6MIH3MIGeohYEFKXON+rrsHUOlGeItEX62SQQh5YfGA8yMDIxMDYwNDE2NTQ1OVowczBxMEkwCQYFKw4DAhoFAAQUEteLQCw1Ygb6gn+O2JIkEbSs9QQEFKXON+rrsHUOlGeItEX62SQQh5YfAhAH3YJIZrz5uC05EWraPqhcgAAYDzIwMjEwNjA0MTYzOTAyWqARGA8yMDIxMDYxMTE1NTQwMlowCgYIKoZIzj0EAwIDSAAwRQIhAMXROKXZ7Jt8Zi554DB7quPCK\/IZFlmTaZZnz0VZFHNpAiACcSV+13HWn1ohsEui9BTB3RCy2aPuehedNO\/\/FOrpQBYDAwBzDAAAbwMAHSCkniGEc6D0P0\/zc1ti1h5Xij6mTf1b+LwAXyazuTPOIQQDAEcwRQIgFOasmmQ0Pr7QbXb\/XK1MLPUyhzbInReveIgZXB8OeaoCIQC4F4W16GCAbAzpDvdw8iubNMQsnWU0ZKVkBEftiyeqwhYDAwAEDgAAAA=="} 01599{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":42193200,"flow_src_last_pkt_time":42209776,"flow_dst_last_pkt_time":42225262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":176,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":2710,"midstream":0,"thread_ts_usec":42225262,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Discord","proto_id":"91.58","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","hostname":"discord.com","tls": {"version":"TLSv1.2","server_names":"discord.com,sni.cloudflaressl.com,*.discord.com","ja3":"6f5e62edfa5933b1332ddf8b9fb3ef9d","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"31:3B:70:94:D5:DF:90:78:9C:A0:74:26:20:24:E4:3D:92:A7:57:9D"}}} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":3306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1656934210298000} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":3306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1656934210298000} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656934210298000,"flow_src_last_pkt_time":1656934210298000,"flow_dst_last_pkt_time":1656934210298000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656934210298000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.244.154","src_port":56271,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1656934210298000,"flow_dst_last_pkt_time":1656934210298000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1656934210298000,"pkt":"eJS0JASgYDjgxTWgCABFAAAkfNMAAH8RxTjAqAJkQhb0mtvPw1QAEHq2EzfK\/g4AAAA="} 01080{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656934210298000,"flow_src_last_pkt_time":1656934210298000,"flow_dst_last_pkt_time":1656934210298000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656934210298000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.244.154","src_port":56271,"dst_port":50004,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","discord": {"client_ip":""}}} @@ -34,7 +34,7 @@ 01080{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656934210363000,"flow_src_last_pkt_time":1656934210363000,"flow_dst_last_pkt_time":1656934210363000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656934210363000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.237.11","src_port":56271,"dst_port":50004,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","discord": {"client_ip":""}}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1656934210363000,"flow_dst_last_pkt_time":1656934210363000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":16,"thread_ts_usec":1656934210363000,"pkt":"YDjgxTWgeJS0JASgCABFAAAkjuxAADcRwq5CFu0LwKgCZMNU288AEItFEzfK\/gUAAAAAAAAAAAAAAAAA"} 00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":42193200,"flow_src_last_pkt_time":42233199,"flow_dst_last_pkt_time":42247831,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":176,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":3037,"midstream":0,"thread_ts_usec":1656934210363000,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.159.128.233","src_port":42834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":3402,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":2,"total-updates":0,"current-active-flows":6,"total-active-flows":7,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1657223719868000} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":3402,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":2,"total-updates":0,"current-active-flows":6,"total-active-flows":7,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1657223719868000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657223719868000,"flow_src_last_pkt_time":1657223719868000,"flow_dst_last_pkt_time":1657223719868000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657223719868000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":57955,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1657223719868000,"flow_dst_last_pkt_time":1657223719868000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657223719868000,"pkt":"eJS0JASgYDjgxTWgCABFAABmlIAAAH8R3TbAqAJkQhbEreJjw1QAUnMiAAEARgAArOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb3Q="} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1657223719868000,"flow_dst_last_pkt_time":1657223719895000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657223719895000,"pkt":"YDjgxTWgeJS0JASgCABFAABmFK9AADoRYghCFsStwKgCZMNU4mMAUpwIAAIARgAArOM4NC41OS4xMzIuMTAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4mM="} @@ -155,7 +155,7 @@ 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1657224199898000,"flow_src_last_pkt_time":1657224200131000,"flow_dst_last_pkt_time":1657224200128000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":298,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":2845,"flow_dst_tot_l4_payload_len":363,"midstream":0,"thread_ts_usec":1657224260473000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":63362,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":12,"flow_first_seen":1657224139897000,"flow_src_last_pkt_time":1657224140295000,"flow_dst_last_pkt_time":1657224140441000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":2892,"midstream":0,"thread_ts_usec":1657224260473000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":61392,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1657224079896000,"flow_src_last_pkt_time":1657224081830000,"flow_dst_last_pkt_time":1657224081824000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":1564,"flow_dst_tot_l4_payload_len":1206,"midstream":0,"thread_ts_usec":1657224260473000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":58322,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":187,"packets-processed":186,"total-skipped-flows":0,"total-l4-payload-len":41446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":2,"total-updates":25,"current-active-flows":4,"total-active-flows":19,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":158,"global_ts_usec":1657224319898000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":187,"packets-processed":186,"total-skipped-flows":0,"total-l4-payload-len":41446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":2,"total-updates":25,"current-active-flows":4,"total-active-flows":19,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":158,"global_ts_usec":1657224319898000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657224319898000,"flow_src_last_pkt_time":1657224319898000,"flow_dst_last_pkt_time":1657224319898000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657224319898000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":62379,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1657224319898000,"flow_dst_last_pkt_time":1657224319898000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657224319898000,"pkt":"eJS0JASgYDjgxTWgCABFAABmywMAAH8RprPAqAJkQhbErfOrw1QAUprMAAEARgAArOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANoI="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1657224319898000,"flow_dst_last_pkt_time":1657224319945000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657224319945000,"pkt":"YDjgxTWgeJS0JASgCABFAABmaGhAADoRDk9CFsStwKgCZMNU86sAUnl4AAIARgAArOM4NC41OS4xMzIuMTAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA86s="} @@ -260,7 +260,7 @@ 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1657224679899000,"flow_src_last_pkt_time":1657224680269000,"flow_dst_last_pkt_time":1657224680139000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":293,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":2527,"flow_dst_tot_l4_payload_len":82,"midstream":0,"thread_ts_usec":1657224860617000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":61060,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1657224739899000,"flow_src_last_pkt_time":1657224740128000,"flow_dst_last_pkt_time":1657224739929000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":299,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":3296,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1657224860617000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":63893,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":12,"flow_first_seen":1657224799899000,"flow_src_last_pkt_time":1657224800581000,"flow_dst_last_pkt_time":1657224800795000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":301,"flow_src_tot_l4_payload_len":134,"flow_dst_tot_l4_payload_len":2902,"midstream":0,"thread_ts_usec":1657224860617000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":52323,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":337,"packets-processed":336,"total-skipped-flows":0,"total-l4-payload-len":67619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":2,"total-updates":48,"current-active-flows":3,"total-active-flows":29,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":263,"global_ts_usec":1657224919900000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":337,"packets-processed":336,"total-skipped-flows":0,"total-l4-payload-len":67619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":2,"total-updates":48,"current-active-flows":3,"total-active-flows":29,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":263,"global_ts_usec":1657224919900000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657224919900000,"flow_src_last_pkt_time":1657224919900000,"flow_dst_last_pkt_time":1657224919900000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657224919900000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":65053,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1657224919900000,"flow_dst_last_pkt_time":1657224919900000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657224919900000,"pkt":"eJS0JASgYDjgxTWgCABFAABm+q8AAH8RdwfAqAJkQhbErf4dw1QAUjxpAAEARgAArOMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAinM="} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1657224919900000,"flow_dst_last_pkt_time":1657224919927000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1657224919927000,"pkt":"YDjgxTWgeJS0JASgCABFAABmvT9AADoRuXdCFsStwKgCZMNU\/h0AUmSUAAIARgAArOM4NC41OS4xMzIuMTAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\/h0="} @@ -313,7 +313,7 @@ 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":12,"flow_first_seen":1657225099902000,"flow_src_last_pkt_time":1657225101391000,"flow_dst_last_pkt_time":1657225101610000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":142,"flow_dst_tot_l4_payload_len":2892,"midstream":0,"thread_ts_usec":1657225160168000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":59240,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1657224979900000,"flow_src_last_pkt_time":1657224980585000,"flow_dst_last_pkt_time":1657224980595000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":276,"flow_dst_max_l4_payload_len":281,"flow_src_tot_l4_payload_len":1122,"flow_dst_tot_l4_payload_len":1292,"midstream":0,"thread_ts_usec":1657225160168000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":49648,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1657225159904000,"flow_src_last_pkt_time":1657225160168000,"flow_dst_last_pkt_time":1657225159930000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":1771,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1657225160168000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.196.173","src_port":62481,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":411,"packets-processed":411,"total-skipped-flows":0,"total-l4-payload-len":80760,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":2,"total-updates":57,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":316,"global_ts_usec":1657225160168000} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/discord.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":411,"packets-processed":411,"total-skipped-flows":0,"total-l4-payload-len":80760,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":2,"total-updates":57,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":316,"global_ts_usec":1657225160168000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 411/411 ~~ skipped flows.............: 0 @@ -322,9 +322,9 @@ ~~ total active/idle flows...: 34/34 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7856559 bytes -~~ total memory freed........: 7856559 bytes -~~ total allocations/frees...: 147156/147156 +~~ total memory allocated....: 11564650 bytes +~~ total memory freed........: 11564650 bytes +~~ total allocations/frees...: 217410/217410 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 2458 chars diff --git a/test/results/default/discord_mid_flow.pcap.out b/test/results/default/discord_mid_flow.pcap.out index b48c201b8..692e238ad 100644 --- a/test/results/default/discord_mid_flow.pcap.out +++ b/test/results/default/discord_mid_flow.pcap.out @@ -1,5 +1,5 @@ -00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1673444902267546} +00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1673444902267546} 00304{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444902267546,"packet_id":1,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444902267546} 00452{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":110,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1673444902267546,"pkt":"AAAAAAAAAAECAAD6gQAC9YEAAAGIZBEAPW0AUgAhRQAAUDmyQAA2EUNIQhbyhAUkjeTDUdaXADysR4HJAAcAFi\/9U3EJWSzwZdVy25rBGVhGPGQBRx\/4s1vL+mbg\/hL8rWooq\/qDozlbBiYhAAA="} 00304{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444903267716,"packet_id":2,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444903267716} @@ -32,7 +32,7 @@ 00463{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1673444902267546,"pkt":"AAAAAAAAAAECAAD6gQAC9YEAAAGIZBEAPW0AWgAhRQAAWERnAAB\/ES+LBSSN5EIW8oTWl8NRAETgQYDIAAYAFi\/9+yCCO3My0Tvo+T4AtA5exBK1zkrGAV0k2VqCPuVJGZMMW3h3lrKvNPY5LxBLvqs9ywEAgA=="} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444911267758,"packet_id":16,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444911267758} 00450{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":110,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1673444902267546,"pkt":"AAAAAAAAAAECAAD6gQAC9YEAAAGIZBEAPW0AUgAhRQAAUDzIQAA2EUAyQhbyhAUkjeTDUdaXADx1CoHJAAcAFi\/9SPerYXcFME3U81PRyMrjJiWKLfADxN490f944PcsGQYO71EGes1sJS8hAAA="} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":40,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1673444926267852} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/discord_mid_flow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":40,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1673444926267852} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 40/0 ~~ skipped flows.............: 0 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7764605 bytes -~~ total memory freed........: 7764605 bytes -~~ total allocations/frees...: 146360/146360 +~~ total memory allocated....: 11473240 bytes +~~ total memory freed........: 11473240 bytes +~~ total allocations/frees...: 216614/216614 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 309 chars ~~ json string max len.......: 645 chars diff --git a/test/results/default/dlt_ppp.pcap.out b/test/results/default/dlt_ppp.pcap.out index f1c150bf6..7a08d93c4 100644 --- a/test/results/default/dlt_ppp.pcap.out +++ b/test/results/default/dlt_ppp.pcap.out @@ -1,7 +1,7 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00272{"error_event_id":2,"error_event_name":"Unknown L3 protocol","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1031048,"packet_id":1,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","protocol":33,"global_ts_usec":1031048} 01950{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","pkt_datalink":9,"pkt_caplen":1230,"pkt_type":33,"pkt_l3_offset":2,"pkt_l4_offset":0,"pkt_len":1230,"pkt_l4_len":0,"thread_ts_usec":1031048,"pkt":"ACFFAgTMQT1AAD8RDTPBpwD8wadkZKwzAbsEuAAAz\/8AAB0MtxIpOpsU8gzQWdyoBJhpwdcARJZ0OsZN0bl8VJfvOykoeuttM0eMWHJwpGpOPAqWh0GUfp9IIe82zPEOJxxbudM5\/pOWImGkMJYnZKC4oc+Wie817ZluT3qGlbT6FmvR7wgU3ZlqiJlO4+0DRHL4d\/DzL3RfCdhaKCfxoviWr9OOaF9xayHBTgloTkVIbSLderihnwr+mk7qqrStghVdXJFtnOWHTzAMdmPpzaY99oTPzZwWklZzjG9W5shdxiA8ok\/3pt2WMY3QJIDzbHzKP+7ZsLr5YGFFIYxx1JspmQXO5+U3jVl43o7+huGmMmGYHNdWbRYYgFoAkcV642cnCac+cZPVd9ar\/XFRGfd\/WaFVK+zvTNX+exQ7Y3ZIotGRLaPFvGpj3H1W9HNWBEKODu7hETU2OX\/NaZuNjAbfxxKVTC9o6LUxoTVjag4leuFawG3pE6XLxFh9fenfXyYspIGy40nX701+znmPySuhrrYghEKqHVTFz\/fjb5y59pxDqwfx2gz+0tLjNRNMLdNY1Ag+BpNZPQBZDxS1Q4nlCfUqLKWSJpEsd+mHyUC3pRaolG8Jpu68ULGXjJ4ZKS7952WY2QtbjEtiMSGVNPERp0foW+HREy8qKb+tFgJ65NsBWY0E9\/jJGGpFUnix\/C7BDjtX\/ZgK9gfyvVQabBdj7mBntuOhNmnilWaVEIOX7CKCv2V+0LQWQOOVtmTWBQy0XrnBP7R005Av3+pdvoITeQ2zEo762fyDmFlboLbmiVV7z4cyXPPQL6MPya78HzZSLTnm3Xxv8O87bNxZE+T0J9baS33P9HRocrLvAjLFAWSMQbXzM6RAx0uu2+2kxSt4LNQRr+Nvhj9iZm0i+9tU23DVWOg6UFW+uqUPF0ds+jp9XdVBP+b6UC3e79iGd\/QTg4M7OYt7pt75ojnbr+ZjxHE8B0GZ1bPhHUhQ\/439iohTEuvizuLosg\/9ETTUUdbasnXh9D\/+SO51ABAnZvM6SDJ1pj177GYIwa\/ZqyWvarQpS41HFFKu4RYpQHjOT56xqgSjrLEWXyerkTEX8shaJqUzTf0hupuyCJ\/APa3545+ZYzvcCDGD7g4mx1kJ6bCPcx5s\/v5xv0RJBodp9K1hK4v\/DTDZxZGtU5gN0XXnA0WlvhheGJ1S\/ZaCizvBvbTeu8i2DUwd4Wme2LeIVwWL1YRsoozl32VaoHYmsfd7GuS4nwcSIq7qOKc\/v0ngj3r3ND1Z2VcoyXNbqPLJo2kpXaoXlSfOfSzoS+BYoeB3qst\/3RnzIpMan+YfjUUqTAsAH+lgJatdqf9zS60Yl5fSUpCDIosbThj4VOLqNKWrLQjA8v+93FIA3\/NFEDMSuNxj605kSA9S9GRrTJHsR5osW14O2xZRF\/BiXyz77L3\/OW35KvEzzuGXD5Apmt9048cnckQ+W8pGZui61Z81+NpEDiVl5\/7woKFPqgJn9vKV42rT4DXlRToJ8qpzLeevd936RndwoN8DMGcbfT7BT7\/CndBaHTk\/Xoi\/g0FlSSofCargF+zZqnP61iuG15DY\/IC7bC0k3NnOEoXpUUSiCOrtQOJtDXQygOL8Gb9V"} -00619{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":4,"global_ts_usec":1031048} +00619{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dlt_ppp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":4,"global_ts_usec":1031048} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/0 ~~ skipped flows.............: 0 @@ -10,9 +10,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7764605 bytes -~~ total memory freed........: 7764605 bytes -~~ total allocations/frees...: 146360/146360 +~~ total memory allocated....: 11473240 bytes +~~ total memory freed........: 11473240 bytes +~~ total allocations/frees...: 216614/216614 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 277 chars ~~ json string max len.......: 1955 chars diff --git a/test/results/default/dnp3.pcap.out b/test/results/default/dnp3.pcap.out index 7514d13c2..90e3bfcb4 100644 --- a/test/results/default/dnp3.pcap.out +++ b/test/results/default/dnp3.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1097501938503079} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1097501938503079} 00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097501938503079,"flow_src_last_pkt_time":1097501938503079,"flow_dst_last_pkt_time":1097501938503079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097501938503079,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1097501938503079,"flow_dst_last_pkt_time":1097501938503079,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097501938503079,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1097501938503079,"flow_dst_last_pkt_time":1097501938503079,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097501938503079,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} @@ -8,7 +8,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1097501938503079,"flow_dst_last_pkt_time":1097501938503280,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097501938503280,"pkt":"AFAEk3BnAAKzznBRCABFAAAwkmJAAIAGVFsKAAADCgAACE4gCuVSxjiFVRwa03AS\/\/8axQAAAgQFtAEBBAI="} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097501938503079,"flow_src_last_pkt_time":1097501938503490,"flow_dst_last_pkt_time":1097501938504844,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097501938504844,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02090{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1097501938503079,"flow_src_last_pkt_time":1097502061905496,"flow_dst_last_pkt_time":1097501941569134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1097502061905496,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":4079628.2,"max":120145678,"stddev":21203112.0,"var":449571977166848.0,"ent":0.4,"data": [0,0,201,0,0,411,0,0,1564,0,0,151649,0,0,2891882,0,0,795,0,0,3043080,0,0,21210,0,0,212002,0,0,120145678,0]},"pktlen": {"min":46,"avg":52.2,"max":65,"stddev":6.8,"var":46.8,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,65,65,65,46,46,46,57,57,57,46,46,46,64,64]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0],"entropies": [4.259637833,4.259637833,4.259637833,4.683206558,4.683206558,4.683206558,4.102729797,4.102729797,4.102729797,4.867636204,4.867636204,4.867636204,4.146208286,4.146208286,4.146208286,4.803641796,4.803641796,4.803641796,5.091148376,5.091148376,5.091148376,4.146208286,4.146208286,4.146208286,4.750165939,4.750165939,4.750165939,4.146208286,4.146208286,4.146208286,4.932524681,4.932524681]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1097502623045756} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1097502623045756} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097502623045756,"flow_src_last_pkt_time":1097502623045756,"flow_dst_last_pkt_time":1097502623045756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097502623045756,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1097502623045756,"flow_dst_last_pkt_time":1097502623045756,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097502623045756,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1097502623045756,"flow_dst_last_pkt_time":1097502623045756,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097502623045756,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="} @@ -17,7 +17,7 @@ 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1097502623045756,"flow_dst_last_pkt_time":1097502623045930,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097502623045930,"pkt":"AFAEk3BnAAKzznBRCABFAAAwkrlAAIAGVAQKAAADCgAACE4gCvNc+rZHZuVtCnAS\/\/8uwAAAAgQFtAEBBAI="} 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097502623045756,"flow_src_last_pkt_time":1097502623046134,"flow_dst_last_pkt_time":1097502623047417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097502623047417,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02093{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1097502623045756,"flow_src_last_pkt_time":1097502648521527,"flow_dst_last_pkt_time":1097502648521681,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1097502648521681,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1643603.1,"max":17487311,"stddev":4346023.5,"var":18887919796224.0,"ent":2.2,"data": [0,0,174,0,0,378,0,0,1487,0,0,181225,0,0,17203302,0,0,17487311,0,0,4814054,0,0,4907006,0,0,3276812,0,0,3079947,0]},"pktlen": {"min":46,"avg":50.8,"max":64,"stddev":7.1,"var":50.0,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,46,46,46,64,64,64,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1],"entropies": [4.259637833,4.259637833,4.259637833,4.599873543,4.599873543,4.599873543,4.032184124,4.032184124,4.032184124,4.588809967,4.588809967,4.588809967,4.075662136,4.075662136,4.075662136,4.807524681,4.807524681,4.807524681,4.075662136,4.075662136,4.075662136,4.889479637,4.889479637,4.889479637,4.102729797,4.102729797,4.102729797,4.146208286,4.146208286,4.146208286,4.146208286,4.146208286]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":79,"packets-processed":78,"total-skipped-flows":0,"total-l4-payload-len":540,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1097504102255746} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":79,"packets-processed":78,"total-skipped-flows":0,"total-l4-payload-len":540,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1097504102255746} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097504102255746,"flow_src_last_pkt_time":1097504102255746,"flow_dst_last_pkt_time":1097504102255746,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097504102255746,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1097504102255746,"flow_dst_last_pkt_time":1097504102255746,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097504102255746,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1097504102255746,"flow_dst_last_pkt_time":1097504102255746,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097504102255746,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="} @@ -27,7 +27,7 @@ 00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097504102255746,"flow_src_last_pkt_time":1097504102256118,"flow_dst_last_pkt_time":1097504102257400,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097504102257400,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00961{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":18,"flow_first_seen":1097502623045756,"flow_src_last_pkt_time":1097502648678187,"flow_dst_last_pkt_time":1097502648677871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1097504103602860,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02088{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1097504102255746,"flow_src_last_pkt_time":1097504186592304,"flow_dst_last_pkt_time":1097504103409070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1097504186592304,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":2757738.0,"max":82989444,"stddev":14650606.0,"var":214640269197312.0,"ent":0.2,"data": [0,0,167,0,0,372,0,0,1487,0,0,144969,0,0,996855,0,0,774,0,0,1141407,0,0,10263,0,0,204144,0,0,82989444,0]},"pktlen": {"min":46,"avg":52.2,"max":65,"stddev":6.8,"var":46.8,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,65,65,65,46,46,46,57,57,57,46,46,46,64,64]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0],"entropies": [4.233697891,4.233697891,4.233697891,4.698933601,4.698933601,4.698933601,4.075662136,4.075662136,4.075662136,4.854392529,4.854392529,4.854392529,4.119140625,4.119140625,4.119140625,4.817366600,4.817366600,4.817366600,5.114375591,5.114375591,5.114375591,4.162618637,4.162618637,4.162618637,4.765161514,4.765161514,4.765161514,4.075662136,4.075662136,4.075662136,4.901274681,4.901274681]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-payload-len":3957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1097505644006837} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-payload-len":3957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1097505644006837} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097505644006837,"flow_src_last_pkt_time":1097505644006837,"flow_dst_last_pkt_time":1097505644006837,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097505644006837,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1097505644006837,"flow_dst_last_pkt_time":1097505644006837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097505644006837,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1097505644006837,"flow_dst_last_pkt_time":1097505644006837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097505644006837,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="} @@ -36,7 +36,7 @@ 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1097505644006837,"flow_dst_last_pkt_time":1097505644007009,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097505644007009,"pkt":"AFAEk3BnAAKzznBRCABFAAAwxfhAAIAGIMQKAAADCgAACU4gBDiWbHn2GWoYHXAS\/\/\/awQAAAgQFtAEBBAI="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1097505644006837,"flow_src_last_pkt_time":1097505719035890,"flow_dst_last_pkt_time":1097505644007009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":15,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097505719035890,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02091{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1097505644006837,"flow_src_last_pkt_time":1097505754575976,"flow_dst_last_pkt_time":1097505754654239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":205,"midstream":0,"thread_ts_usec":1097505754654239,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7136017.5,"max":75076356,"stddev":19839044.0,"var":393587648888832.0,"ent":1.9,"data": [0,0,172,0,0,422,0,0,75028631,0,0,75076356,0,0,533,0,0,48219,0,0,553,0,0,153041,0,0,35338826,0,0,35569788,0]},"pktlen": {"min":46,"avg":52.7,"max":63,"stddev":5.9,"var":34.5,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,55,55,55,57,57,57,57,57,57,46,46,46,63,63,63,46,46,46,58,58,58,57,57]},"bins": {"c_to_s": [18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1],"entropies": [4.202244282,4.202244282,4.202244282,4.683207035,4.683207035,4.683207035,4.162618637,4.162618637,4.162618637,4.907654285,4.907654285,4.907654285,4.659897804,4.659897804,4.659897804,4.765161991,4.765161991,4.765161991,4.162618637,4.162618637,4.162618637,4.927980900,4.927980900,4.927980900,4.162619114,4.162619114,4.162619114,4.909368515,4.909368515,4.909368515,4.673142433,4.673142433]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":352,"packets-processed":351,"total-skipped-flows":0,"total-l4-payload-len":5682,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1097507785883614} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":352,"packets-processed":351,"total-skipped-flows":0,"total-l4-payload-len":5682,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1097507785883614} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097507785883614,"flow_src_last_pkt_time":1097507785883614,"flow_dst_last_pkt_time":1097507785883614,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097507785883614,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1097507785883614,"flow_dst_last_pkt_time":1097507785883614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097507785883614,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1097507785883614,"flow_dst_last_pkt_time":1097507785883614,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097507785883614,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="} @@ -45,7 +45,7 @@ 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1097507785883614,"flow_dst_last_pkt_time":1097507785883753,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097507785883753,"pkt":"AFAEk3BnAAKzznBRCABFAAAwx49AAIAGHy4KAAADCgAACE4gBD62X0jyDC0Sy3AS\/\/\/+XAAAAgQFtAEBBAI="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097507785883614,"flow_src_last_pkt_time":1097507785883944,"flow_dst_last_pkt_time":1097507785885063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097507785885063,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02079{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1097507785883614,"flow_src_last_pkt_time":1097507788771853,"flow_dst_last_pkt_time":1097507788624309,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":167,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1097507788771853,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":181578.5,"max":2639445,"stddev":625878.8,"var":391724269568.0,"ent":1.5,"data": [0,0,139,0,0,330,0,0,1310,0,0,168563,0,0,2471106,0,0,796,0,0,2639445,0,0,99801,0,0,232167,0,0,15277,0]},"pktlen": {"min":46,"avg":52.2,"max":65,"stddev":6.8,"var":46.1,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,64,64,64,46,46,46,57,57,57,46,46,46,65,65]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0],"entropies": [4.202244282,4.202244282,4.202244282,4.683207035,4.683207035,4.683207035,4.119140148,4.119140148,4.119140148,4.854392529,4.854392529,4.854392529,4.162619114,4.162619114,4.162619114,4.767277718,4.767277718,4.767277718,4.850569725,4.850569725,4.850569725,4.119140625,4.119140625,4.119140625,4.806060791,4.806060791,4.806060791,4.206097126,4.206097126,4.206097126,5.071992874,5.071992874]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":445,"packets-processed":444,"total-skipped-flows":0,"total-l4-payload-len":7101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":5,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1097510947092701} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":445,"packets-processed":444,"total-skipped-flows":0,"total-l4-payload-len":7101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":5,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1097510947092701} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097510947092701,"flow_src_last_pkt_time":1097510947092701,"flow_dst_last_pkt_time":1097510947092701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097510947092701,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1097510947092701,"flow_dst_last_pkt_time":1097510947092701,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097510947092701,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1097510947092701,"flow_dst_last_pkt_time":1097510947092701,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097510947092701,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="} @@ -54,7 +54,7 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1097510947092701,"flow_dst_last_pkt_time":1097510947092859,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097510947092859,"pkt":"AFAEk3BnAAKzznBRCABFAAAwyZlAAIAGHSQKAAADCgAACE4gBIfliDTWmKbHVHAS\/\/+iAwAAAgQFtAEBBAI="} 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097510947092701,"flow_src_last_pkt_time":1097510947093064,"flow_dst_last_pkt_time":1097510947094289,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097510947094289,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":15,"flow_first_seen":1097501938503079,"flow_src_last_pkt_time":1097502062040142,"flow_dst_last_pkt_time":1097502061912093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":153,"midstream":0,"thread_ts_usec":1097510950374117,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":472,"packets-processed":471,"total-skipped-flows":0,"total-l4-payload-len":7296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1097512255234470} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":472,"packets-processed":471,"total-skipped-flows":0,"total-l4-payload-len":7296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1097512255234470} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097512255234470,"flow_src_last_pkt_time":1097512255234470,"flow_dst_last_pkt_time":1097512255234470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097512255234470,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1097512255234470,"flow_dst_last_pkt_time":1097512255234470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097512255234470,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1097512255234470,"flow_dst_last_pkt_time":1097512255234470,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097512255234470,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="} @@ -64,7 +64,7 @@ 00918{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1097512255234470,"flow_src_last_pkt_time":1097512255234830,"flow_dst_last_pkt_time":1097512255236054,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":17,"midstream":0,"thread_ts_usec":1097512255236054,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":78,"flow_first_seen":1097504102255746,"flow_src_last_pkt_time":1097504224083555,"flow_dst_last_pkt_time":1097504223905294,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":687,"flow_dst_tot_l4_payload_len":2730,"midstream":0,"thread_ts_usec":1097512264841740,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02088{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":503,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1097512255234470,"flow_src_last_pkt_time":1097512267645965,"flow_dst_last_pkt_time":1097512267537969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":153,"midstream":0,"thread_ts_usec":1097512267645965,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":797257.9,"max":9487840,"stddev":2344670.8,"var":5497481068544.0,"ent":1.9,"data": [0,0,157,0,0,360,0,0,1427,0,0,192830,0,0,9226978,0,0,9487840,0,0,187102,0,0,2636386,0,0,2814075,0,0,167839,0]},"pktlen": {"min":46,"avg":52.8,"max":64,"stddev":7.0,"var":48.7,"ent":5.0,"data": [48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,57,57,57,46,46,46,64,64,64,57,57,57,46,46]},"bins": {"c_to_s": [20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0],"entropies": [4.217971325,4.217971325,4.217971325,4.641540051,4.641540051,4.641540051,4.032184124,4.032184124,4.032184124,4.784216881,4.784216881,4.784216881,4.075662136,4.075662136,4.075662136,4.924864769,4.924864769,4.924864769,4.906424999,4.906424999,4.906424999,4.075662136,4.075662136,4.075662136,4.924864769,4.924864769,4.924864769,4.858093739,4.858093739,4.858093739,4.075662136,4.075662136]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":505,"packets-processed":504,"total-skipped-flows":0,"total-l4-payload-len":7593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":7,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1097513177295531} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":505,"packets-processed":504,"total-skipped-flows":0,"total-l4-payload-len":7593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":7,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1097513177295531} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1097513177295531,"flow_src_last_pkt_time":1097513177295531,"flow_dst_last_pkt_time":1097513177295531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1097513177295531,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1097513177295531,"flow_dst_last_pkt_time":1097513177295531,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097513177295531,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1097513177295531,"flow_dst_last_pkt_time":1097513177295531,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1097513177295531,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="} @@ -78,7 +78,7 @@ 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":57,"flow_dst_packets_processed":36,"flow_first_seen":1097507785883614,"flow_src_last_pkt_time":1097507856257809,"flow_dst_last_pkt_time":1097507856091024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":93,"flow_src_tot_l4_payload_len":645,"flow_dst_tot_l4_payload_len":774,"midstream":0,"thread_ts_usec":1097513185107737,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":12,"flow_first_seen":1097510947092701,"flow_src_last_pkt_time":1097510959359091,"flow_dst_last_pkt_time":1097510959487180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1097513185107737,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":12,"flow_first_seen":1097512255234470,"flow_src_last_pkt_time":1097512267645965,"flow_dst_last_pkt_time":1097512267537969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":17,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":153,"midstream":0,"thread_ts_usec":1097513185107737,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNP3","proto_id":"244","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":543,"packets-processed":543,"total-skipped-flows":0,"total-l4-payload-len":7788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":81,"global_ts_usec":1097513185107737} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/dnp3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":543,"packets-processed":543,"total-skipped-flows":0,"total-l4-payload-len":7788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":81,"global_ts_usec":1097513185107737} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 543/543 ~~ skipped flows.............: 0 @@ -87,9 +87,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7797984 bytes -~~ total memory freed........: 7797984 bytes -~~ total allocations/frees...: 147007/147007 +~~ total memory allocated....: 11506491 bytes +~~ total memory freed........: 11506491 bytes +~~ total allocations/frees...: 217261/217261 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 540 chars ~~ json string max len.......: 2098 chars diff --git a/test/results/default/dns-exf.pcap.out b/test/results/default/dns-exf.pcap.out new file mode 100644 index 000000000..38764d712 --- /dev/null +++ b/test/results/default/dns-exf.pcap.out @@ -0,0 +1,24 @@ +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1694185912616950} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912616950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694185912616950,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912616950,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":163,"pkt_l4_len":129,"thread_ts_usec":1694185912616950,"pkt":"rB9rrWosDMR6zE5uCABFAACVxO0AAEARLrPAqALhwKgChrDqADUAgRda\/9UBIAABAAAAAAABOkg0c0lDTjAzKjJRQUEzUmxjM1F1ZEhoMEFBdkp5Q3hXQUtKRWhlTFU1S0xVRW9XMHpKeFVMZ0FnZS0MNFMyRmdBQUFBPT0tBHRlc3QDdHh0AAABAAEAACkQAAAAAAAADAAKAAiBti2q57F2RQ=="} +01480{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912616950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694185912616950,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912617037,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1694185912617037,"pkt":"DMR6zE5urB9rrWosCABFAACl4RtAAEAR0nTAqAKGwKgC4QA1sOoAkYda\/9WBgAABAAEAAAAAOkg0c0lDTjAzKjJRQUEzUmxjM1F1ZEhoMEFBdkp5Q3hXQUtKRWhlTFU1S0xVRW9XMHpKeFVMZ0FnZS0MNFMyRmdBQUFBPT0tBHRlc3QDdHh0AAABAAEAACkQAAAAAAAADAAKAAiBti2q57F2RcAMAAEAAQAAADwABMCoAoY="} +01484{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912617037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":137,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":137,"midstream":0,"thread_ts_usec":1694185912617037,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":41,"rsp_addr":"0.0.0.0"}}} +01316{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1694185912616950,"flow_src_last_pkt_time":1694185912616950,"flow_dst_last_pkt_time":1694185912617037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":137,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":137,"midstream":0,"thread_ts_usec":1694185912617037,"l3_proto":"ip4","src_ip":"192.168.2.225","dst_ip":"192.168.2.134","src_port":45290,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-exf.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1694185912617037} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 2/2 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 258 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 11475455 bytes +~~ total memory freed........: 11475455 bytes +~~ total allocations/frees...: 216628/216628 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 568 chars +~~ json string max len.......: 1489 chars +~~ json string avg len.......: 1014 chars diff --git a/test/results/default/dns-google-nsid.pcapng.out b/test/results/default/dns-google-nsid.pcapng.out index 5181826ae..466a99548 100644 --- a/test/results/default/dns-google-nsid.pcapng.out +++ b/test/results/default/dns-google-nsid.pcapng.out @@ -1,11 +1,11 @@ -00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1690622872644843} +00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1690622872644843} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690622872644843,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872644843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690622872644843,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b332:20d:89ab:105e","dst_ip":"2001:4860:4860::8844","src_port":41624,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872644843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1690622872644843,"pkt":"ILAB4IZiNObXAhsnht1gAfZ6ADQRQCABCwcKPcESszICDYmrEF4gAUhgSGAAAAAAAAAAAIhEopgANQA0fuyRUQEgAAEAAAAAAAEAAAIAAQAAKRAAAAAAAAAQAAMAAAAKAAjr5ips77+Grg=="} -01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690622872644843,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872644843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690622872644843,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b332:20d:89ab:105e","dst_ip":"2001:4860:4860::8844","src_port":41624,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":2,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690622872644843,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872644843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690622872644843,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b332:20d:89ab:105e","dst_ip":"2001:4860:4860::8844","src_port":41624,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":2,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00885{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872652124,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":314,"pkt_l4_len":260,"thread_ts_usec":1690622872652124,"pkt":"NObXAhsnILAB4IZiht1oBYXDAQQReyABSGBIYAAAAAAAAAAAiEQgAQsHCj3BErMyAg2JqxBeADWimAEE5j2RUYGgAAEADQAAAAEAAAIAAQAAAgABAACPzQAUAWEMcm9vdC1zZXJ2ZXJzA25ldAAAAAIAAQAAj80ABAFiwB4AAAIAAQAAj80ABAFjwB4AAAIAAQAAj80ABAFkwB4AAAIAAQAAj80ABAFlwB4AAAIAAQAAj80ABAFmwB4AAAIAAQAAj80ABAFnwB4AAAIAAQAAj80ABAFowB4AAAIAAQAAj80ABAFpwB4AAAIAAQAAj80ABAFqwB4AAAIAAQAAj80ABAFrwB4AAAIAAQAAj80ABAFswB4AAAIAAQAAj80ABAFtwB4AACkCAAAAAAAADQADAAlncGRucy1taWw="} -01094{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690622872644843,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872652124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":252,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":252,"midstream":0,"thread_ts_usec":1690622872652124,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b332:20d:89ab:105e","dst_ip":"2001:4860:4860::8844","src_port":41624,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":2,"rsp_type":2,"rsp_addr":"0.0.0.0"}}} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1690735119384155} +01095{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690622872644843,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872652124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":252,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":252,"midstream":0,"thread_ts_usec":1690622872652124,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b332:20d:89ab:105e","dst_ip":"2001:4860:4860::8844","src_port":41624,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":2,"rsp_type":2,"rsp_addr":"0.0.0.0"}}} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1690735119384155} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690735119384155,"flow_src_last_pkt_time":1690735119384155,"flow_dst_last_pkt_time":1690735119384155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690735119384155,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"8.8.4.4","src_port":58580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1690735119384155,"flow_dst_last_pkt_time":1690735119384155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1690735119384155,"pkt":"EBMx8Tl2nFg8p+7MCABFAABJMKYAAEARAADAqAEdCAgEBOTUADUANc4XTRUBIAABAAAAAAABA3d3dwRudG9wA29yZwAAAQABAAApEAAAAAAAAAQAAwAA"} 01184{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690735119384155,"flow_src_last_pkt_time":1690735119384155,"flow_dst_last_pkt_time":1690735119384155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690735119384155,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"8.8.4.4","src_port":58580,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -21,29 +21,29 @@ 01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690735126272436,"flow_src_last_pkt_time":1690735126272436,"flow_dst_last_pkt_time":1690735126272436,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690735126272436,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"8.8.4.4","src_port":51166,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.wireshark.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1690735126272436,"flow_dst_last_pkt_time":1690735126289473,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_usec":1690735126289473,"pkt":"nFg8p+7MEBMx8Tl2CABFAACFnndAADgR1h8ICAQEwKgBHQA1x94AcQAA4G+BgAABAAMAAAABA3d3dwl3aXJlc2hhcmsDb3JnAAABAAHADAABAAEAAAEsAARoGgrwwAwAAQABAAABLAAEaBoL8MAMAAEAAQAAASwABKxDSycAACkQAAAAAAAACwADAAdyOS5taWwx"} 01080{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735126272436,"flow_src_last_pkt_time":1690735126272436,"flow_dst_last_pkt_time":1690735126289473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":105,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":105,"midstream":0,"thread_ts_usec":1690735126289473,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"8.8.4.4","src_port":51166,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.wireshark.org","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.26.10.240"}}} -01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690622872644843,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872652124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":252,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":252,"midstream":0,"thread_ts_usec":1690735126289473,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b332:20d:89ab:105e","dst_ip":"2001:4860:4860::8844","src_port":41624,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690622872644843,"flow_src_last_pkt_time":1690622872644843,"flow_dst_last_pkt_time":1690622872652124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":252,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":252,"midstream":0,"thread_ts_usec":1690735126289473,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:b332:20d:89ab:105e","dst_ip":"2001:4860:4860::8844","src_port":41624,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690735295405421,"flow_src_last_pkt_time":1690735295405421,"flow_dst_last_pkt_time":1690735295405421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690735295405421,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":46618,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1690735295405421,"flow_dst_last_pkt_time":1690735295405421,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":119,"pkt_l4_len":65,"thread_ts_usec":1690735295405421,"pkt":"\/gAAAAEBknpaADBHht1gCzOhAEERQCoDsMAAAgDQAAAAAANgQAEgAUhgSGAAAAAAAAAAAIiIthoANQBBWJNj9wEgAAEAAAAAAAEDd3d3BG50b3ADb3JnAAABAAEAACkQAAAAAAAAEAADAAAACgAIiAzGOW\/kn2M="} -01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690735295405421,"flow_src_last_pkt_time":1690735295405421,"flow_dst_last_pkt_time":1690735295405421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690735295405421,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":46618,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690735295405421,"flow_src_last_pkt_time":1690735295405421,"flow_dst_last_pkt_time":1690735295405421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690735295405421,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":46618,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1690735295405421,"flow_dst_last_pkt_time":1690735295421128,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":164,"pkt_l4_len":110,"thread_ts_usec":1690735295421128,"pkt":"knpaADBH\/gAAAAEBht1oASK5AG4RfCABSGBIYAAAAAAAAAAAiIgqA7DAAAIA0AAAAAADYEABADW2GgBu2etj94GAAAEAAgAAAAEDd3d3BG50b3ADb3JnAAABAAHADAAFAAEAAA0EABQRbnRvcC1kaWdpdGFsb2NlYW7AEMAqAAEAAQAADhAABLI+xYIAACkCAAAAAAAADQADAAlncGRucy1hbXM="} -01103{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735295405421,"flow_src_last_pkt_time":1690735295405421,"flow_dst_last_pkt_time":1690735295421128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1690735295421128,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":46618,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"178.62.197.130"}}} +01104{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735295405421,"flow_src_last_pkt_time":1690735295405421,"flow_dst_last_pkt_time":1690735295421128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1690735295421128,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":46618,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.ntop.org","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"178.62.197.130"}}} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690735295434099,"flow_src_last_pkt_time":1690735295434099,"flow_dst_last_pkt_time":1690735295434099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690735295434099,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":44924,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1690735295434099,"flow_dst_last_pkt_time":1690735295434099,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"thread_ts_usec":1690735295434099,"pkt":"\/gAAAAEBknpaADBHht1gD2HyAEURQCoDsMAAAgDQAAAAAANgQAEgAUhgSGAAAAAAAAAAAIiIr3wANQBFWJcqoAEgAAEAAAAAAAEDd3d3CXdpa2lwZWRpYQJpdAAAAQABAAApEAAAAAAAABAAAwAAAAoACCHievNjAnWy"} -01219{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690735295434099,"flow_src_last_pkt_time":1690735295434099,"flow_dst_last_pkt_time":1690735295434099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690735295434099,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":44924,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Wikipedia","proto_id":"5.176","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.wikipedia.it","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690735295434099,"flow_src_last_pkt_time":1690735295434099,"flow_dst_last_pkt_time":1690735295434099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690735295434099,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":44924,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Wikipedia","proto_id":"5.176","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.wikipedia.it","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1690735295434099,"flow_dst_last_pkt_time":1690735295632475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":256,"pkt_l4_len":202,"thread_ts_usec":1690735295632475,"pkt":"knpaADBH\/gAAAAEBht1oClabAMoRfCABSGBIYAAAAAAAAAAAiIgqA7DAAAIA0AAAAAADYEABADWvfADKSl8qoIGAAAEABgAAAAEDd3d3CXdpa2lwZWRpYQJpdAAAAQABwAwABQABAAACWAARBmI3ZmQ3YgR5ZXBhA2NvbQDALgAFAAEAAAJYAB8OZDJ4MnI5eGk5cmQzc2MKY2xvdWRmcm9udANuZXQAwEsAAQABAAAAPAAEEkMnOsBLAAEAAQAAADwABBJDJxXASwABAAEAAAA8AAQSQycYwEsAAQABAAAAPAAEEkMnMwAAKQIAAAAAAAANAAMACWdwZG5zLWFtcw=="} -01110{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735295434099,"flow_src_last_pkt_time":1690735295434099,"flow_dst_last_pkt_time":1690735295632475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":194,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":194,"midstream":0,"thread_ts_usec":1690735295632475,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":44924,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Wikipedia","proto_id":"5.176","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.wikipedia.it","dns": {"num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"18.67.39.58"}}} +01111{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735295434099,"flow_src_last_pkt_time":1690735295434099,"flow_dst_last_pkt_time":1690735295632475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":194,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":194,"midstream":0,"thread_ts_usec":1690735295632475,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":44924,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Wikipedia","proto_id":"5.176","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"www.wikipedia.it","dns": {"num_queries":1,"num_answers":7,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"18.67.39.58"}}} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690735295644786,"flow_src_last_pkt_time":1690735295644786,"flow_dst_last_pkt_time":1690735295644786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690735295644786,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":43660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1690735295644786,"flow_dst_last_pkt_time":1690735295644786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":124,"pkt_l4_len":70,"thread_ts_usec":1690735295644786,"pkt":"\/gAAAAEBknpaADBHht1gBWDQAEYRQCoDsMAAAgDQAAAAAANgQAEgAUhgSGAAAAAAAAAAAIiIqowANQBGWJj6owEgAAEAAAAAAAEDd3d3CXdpcmVzaGFyawNvcmcAAAEAAQAAKRAAAAAAAAAQAAMAAAAKAAjE69aA5X934g=="} -01212{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690735295644786,"flow_src_last_pkt_time":1690735295644786,"flow_dst_last_pkt_time":1690735295644786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690735295644786,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":43660,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.wireshark.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690735295644786,"flow_src_last_pkt_time":1690735295644786,"flow_dst_last_pkt_time":1690735295644786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690735295644786,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":43660,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.wireshark.org","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1690735295644786,"flow_dst_last_pkt_time":1690735295654626,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":169,"pkt_l4_len":115,"thread_ts_usec":1690735295654626,"pkt":"knpaADBH\/gAAAAEBht1oBdwRAHMRfCABSGBIYAAAAAAAAAAAiIgqA7DAAAIA0AAAAAADYEABADWqjABziA\/6o4GAAAEAAwAAAAEDd3d3CXdpcmVzaGFyawNvcmcAAAEAAcAMAAEAAQAAASwABGgaCvDADAABAAEAAAEsAARoGgvwwAwAAQABAAABLAAErENLJwAAKQIAAAAAAAANAAMACWdwZG5zLWFtcw=="} -01105{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735295644786,"flow_src_last_pkt_time":1690735295644786,"flow_dst_last_pkt_time":1690735295654626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":107,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":107,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":43660,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.wireshark.org","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.26.10.240"}}} +01106{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735295644786,"flow_src_last_pkt_time":1690735295644786,"flow_dst_last_pkt_time":1690735295654626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":107,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":107,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":43660,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.wireshark.org","dns": {"num_queries":1,"num_answers":4,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.26.10.240"}}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735126272436,"flow_src_last_pkt_time":1690735126272436,"flow_dst_last_pkt_time":1690735126289473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":105,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":105,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"8.8.4.4","src_port":51166,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735295405421,"flow_src_last_pkt_time":1690735295405421,"flow_dst_last_pkt_time":1690735295421128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":46618,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735295434099,"flow_src_last_pkt_time":1690735295434099,"flow_dst_last_pkt_time":1690735295632475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":194,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":194,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":44924,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Wikipedia","proto_id":"5.176","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} +00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735295405421,"flow_src_last_pkt_time":1690735295405421,"flow_dst_last_pkt_time":1690735295421128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":46618,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} +01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735295434099,"flow_src_last_pkt_time":1690735295434099,"flow_dst_last_pkt_time":1690735295632475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":194,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":194,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":44924,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Wikipedia","proto_id":"5.176","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735122813182,"flow_src_last_pkt_time":1690735122813182,"flow_dst_last_pkt_time":1690735123083988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"8.8.4.4","src_port":62500,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Wikipedia","proto_id":"5.176","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735119384155,"flow_src_last_pkt_time":1690735119384155,"flow_dst_last_pkt_time":1690735119412632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"8.8.4.4","src_port":58580,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ntop","proto_id":"5.26","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735295644786,"flow_src_last_pkt_time":1690735295644786,"flow_dst_last_pkt_time":1690735295654626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":107,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":107,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":43660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":1422,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1690735295654626} +00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690735295644786,"flow_src_last_pkt_time":1690735295644786,"flow_dst_last_pkt_time":1690735295654626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":107,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":107,"midstream":0,"thread_ts_usec":1690735295654626,"l3_proto":"ip6","src_ip":"2a03:b0c0:2:d0::360:4001","dst_ip":"2001:4860:4860::8888","src_port":43660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns-google-nsid.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":1422,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1690735295654626} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -52,10 +52,10 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7780047 bytes -~~ total memory freed........: 7780047 bytes -~~ total allocations/frees...: 146451/146451 +~~ total memory allocated....: 11488570 bytes +~~ total memory freed........: 11488570 bytes +~~ total allocations/frees...: 216705/216705 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 578 chars -~~ json string max len.......: 1224 chars +~~ json string max len.......: 1225 chars ~~ json string avg len.......: 900 chars diff --git a/test/results/default/dns-invalid-chars.pcap.out b/test/results/default/dns-invalid-chars.pcap.out index c4a3e7156..3d52460e7 100644 --- a/test/results/default/dns-invalid-chars.pcap.out +++ b/test/results/default/dns-invalid-chars.pcap.out @@ -1,12 +1,12 @@ -00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946734886956538} +00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946734886956538} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886956538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946734886956538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886956538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":946734886956538,"pkt":"AAAAAAAAAAAAAAAACABFAABMyRJAAEARc4x\/AAABfwAAAYyMADUAOP5Ln2wBAAABAAAAAAAAA3d3dxdhbGx5b3VyYmEEBQZhcmViZWxvbmd0bwJjbgAAAQAB"} -01312{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886956538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946734886956538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.allyourba???arebelongto.cn","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886956538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946734886956538,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.allyourba???arebelongto.cn","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886957011,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":946734886957011,"pkt":"AAAAAAAAAAAAAAAACABFAABcAABAAEARPI9\/AAABfwAAAQA1jIwASP5bn2yBgAABAAEAAAAAA3d3dxdhbGx5b3VyYmFzZXNhcmUBAgNvbmd0bwJjbgAAAQABwAwAAQABAAAAPAAEE7mN8Q=="} -01219{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886957011,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":946734886957011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.allyourbasesare???ongto.cn","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"19.185.141.241"}}} -01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886957011,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":946734886957011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":112,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":946734886957011} +01227{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886957011,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":946734886957011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.allyourbasesare???ongto.cn","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"19.185.141.241"}}} +01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946734886956538,"flow_src_last_pkt_time":946734886956538,"flow_dst_last_pkt_time":946734886957011,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":946734886957011,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns-invalid-chars.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":112,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":946734886957011} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -15,10 +15,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766811 bytes -~~ total memory freed........: 7766811 bytes -~~ total allocations/frees...: 146373/146373 +~~ total memory allocated....: 11475430 bytes +~~ total memory freed........: 11475430 bytes +~~ total allocations/frees...: 216627/216627 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 578 chars -~~ json string max len.......: 1317 chars -~~ json string avg len.......: 936 chars +~~ json string max len.......: 1325 chars +~~ json string avg len.......: 940 chars diff --git a/test/results/default/dns-tunnel-iodine.pcap.out b/test/results/default/dns-tunnel-iodine.pcap.out index 24f5ab63c..3c85560a0 100644 --- a/test/results/default/dns-tunnel-iodine.pcap.out +++ b/test/results/default/dns-tunnel-iodine.pcap.out @@ -1,5 +1,5 @@ -00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1282356640051082} +00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1282356640051082} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356640051082,"flow_dst_last_pkt_time":1282356640051082,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1282356640051082,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1282356640051082,"flow_dst_last_pkt_time":1282356640051082,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1282356640051082,"pkt":"CAAnx266CAAnnOC0CABFAABEAABAAEARIngKAAIeCgACFK5fADUAMAHkErABAAABAAAAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAQ=="} 01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356640051082,"flow_dst_last_pkt_time":1282356640051082,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1282356640051082,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"vaaaakardli.pirate.sea","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":10,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -10,7 +10,7 @@ 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1282356640057774,"flow_dst_last_pkt_time":1282356640052258,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1282356640057774,"pkt":"CAAnx266CAAnnOC0CABFAABKAABAAEARInIKAAIeCgACFK5fADUANnlrTw4BAAABAAAAAAABBnlyYmkwMgZwaXJhdGUDc2VhAAAKAAEAACkQAAAAgAAAAA=="} 02389{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356645071860,"flow_dst_last_pkt_time":1282356640060900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":1434,"flow_src_tot_l4_payload_len":2968,"flow_dst_tot_l4_payload_len":3580,"midstream":0,"thread_ts_usec":1282356645071860,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":93,"avg":162277.3,"max":1002966,"stddev":368318.9,"var":135658823680.0,"ent":2.4,"data": [93,897,1083,5795,5715,411,342,245,227,219,217,216,215,213,212,209,230,282,586,445,177,314,494,447,227,245,1001664,1002291,1001465,1002966,1002454]},"pktlen": {"min":68,"avg":232.6,"max":1462,"stddev":286.6,"var":82112.7,"ent":4.4,"data": [68,89,89,130,74,123,109,152,118,170,124,182,104,142,120,174,74,82,74,81,74,79,309,1078,309,1462,309,309,309,309,309,309]},"bins": {"c_to_s": [0,6,4,1,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,4,1,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,0,0,0],"entropies": [4.192683220,4.481659889,4.827383041,4.928776741,4.048753262,5.135797501,4.621113777,4.797404289,4.689741611,4.823459148,5.501323700,5.868503571,5.093356609,5.373332500,5.574461937,5.911468983,4.085981369,4.376136780,4.058953762,4.299961090,4.038551807,4.297753811,4.143254280,7.508830547,3.346999884,7.575299263,4.126974583,4.140811443,4.147284031,4.120341778,4.126974583,4.140811920]},"ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01202{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":222,"flow_dst_packets_processed":212,"flow_first_seen":1282356640051082,"flow_src_last_pkt_time":1282356664538177,"flow_dst_last_pkt_time":1282356664538369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":1470,"flow_src_tot_l4_payload_len":16812,"flow_dst_tot_l4_payload_len":35212,"midstream":0,"thread_ts_usec":1282356664538369,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"23": {"risk":"Susp DNS Traffic","severity":"High","risk_score": {"total":460,"client":350,"server":110}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":438,"packets-processed":434,"total-skipped-flows":0,"total-l4-payload-len":52024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1282356664538369} +00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/dns-tunnel-iodine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":438,"packets-processed":434,"total-skipped-flows":0,"total-l4-payload-len":52024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1282356664538369} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 438/434 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7779389 bytes -~~ total memory freed........: 7779389 bytes -~~ total allocations/frees...: 146807/146807 +~~ total memory allocated....: 11488008 bytes +~~ total memory freed........: 11488008 bytes +~~ total allocations/frees...: 217061/217061 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 578 chars ~~ json string max len.......: 2394 chars diff --git a/test/results/default/dns2tcp_tunnel.pcap.out b/test/results/default/dns2tcp_tunnel.pcap.out new file mode 100644 index 000000000..03f6b9879 --- /dev/null +++ b/test/results/default/dns2tcp_tunnel.pcap.out @@ -0,0 +1,28 @@ +00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1585754662417775} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754662417775,"flow_dst_last_pkt_time":1585754662417775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1585754662417775,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1585754662417775,"flow_dst_last_pkt_time":1585754662417775,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1585754662417775,"pkt":"AAQAAQAGAAwpA+mwAAAIAEUAADxHSUAAQAYb9sCoFNMBAQEBrXQBu3Drjx4AAAAAoAL68NerAAACBAW0BAIICnay3cMAAAAAAQMDBw=="} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1585754662417775,"flow_dst_last_pkt_time":1585754662432958,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1585754662432958,"pkt":"AAAAAQAGAMGxFOsxAAAIAEUAADQAAEAAOwZoRwEBAQHAqBTTAbutdOoUh0Fw648fgBL\/\/3bwAAACBAW0AQEEAgEDAwo="} +00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1585754662432995,"flow_dst_last_pkt_time":1585754662432958,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":56,"pkt_l4_len":20,"thread_ts_usec":1585754662432995,"pkt":"AAQAAQAGAAwpA+mwAAAIAEUAAChHSkAAQAYcCcCoFNMBAQEBrXQBu3Drjx\/qFIdCUBAB9teXAAA="} +00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1585754662433349,"flow_dst_last_pkt_time":1585754662432958,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":317,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":317,"pkt_l4_len":281,"thread_ts_usec":1585754662433349,"pkt":"AAQAAQAGAAwpA+mwAAAIAEUAAS1HS0AAQAYbA8CoFNMBAQEBrXQBu3Drjx\/qFIdCUBgB9ticAAAWAwEBAAEAAPwDAzKqS22px\/CTpo78Ye4zddAa6Z5hu8dexSpfgB\/KPyM8IBW4LygEJtFvxwqfPjBrPBJXOP4MVujkXAKUlXfpjPQ8ACbAL8AwwCvALMyozKnAE8AJwBTACgCcAJ0ALwA1wBIAChMBEwMTAgEAAI0zdAAAAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAFBAMEAwMAMwAmACQAHQAg2KL+lafauJGwZq+fL+yw5OcnpvEgnE7CqQoZNJ6nnHQ="} +01377{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754662433349,"flow_dst_last_pkt_time":1585754662432958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1585754662433349,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"547df21d727c7b3a5dcb59aa0fd97c2c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}} +00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1585754662433349,"flow_dst_last_pkt_time":1585754662448228,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":62,"pkt_l4_len":20,"thread_ts_usec":1585754662448228,"pkt":"AAAAAQAGAMGxFOsxAAAIAEUAAChFqUAAOwYiqgEBAQHAqBTTAbutdOoUh0Jw65AkUBAAQrZ+AAAAAAAAAAA="} +01422{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754662433349,"flow_dst_last_pkt_time":1585754662450074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1585754662450074,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"547df21d727c7b3a5dcb59aa0fd97c2c","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}} +02392{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754667234417,"flow_dst_last_pkt_time":1585754667234382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1588,"flow_src_tot_l4_payload_len":832,"flow_dst_tot_l4_payload_len":4006,"midstream":0,"thread_ts_usec":1585754667234417,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":10,"avg":310750.0,"max":3088155,"stddev":822603.9,"var":676677156864.0,"ent":2.2,"data": [15183,15220,354,15270,1846,16739,62,53,90384,91,71,105281,44,81,14863,21,60,6014,10,5995,405,8870,6443,1568614,19,1583566,686,15609,3073223,17,3088155]},"pktlen": {"min":40,"avg":193.5,"max":1628,"stddev":364.6,"var":132965.6,"ent":3.7,"data": [60,52,40,301,46,1500,40,1628,40,104,126,164,46,46,111,40,46,71,311,71,40,144,46,46,259,71,40,202,46,344,71,40]},"bins": {"c_to_s": [9,0,2,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,0,1,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]},"directions": [0,1,0,0,1,1,0,1,0,0,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,1,0,0,1,1,1,0],"entropies": [4.667386532,4.668681622,4.543943405,5.982677937,4.205535889,7.833335876,4.543943405,7.877990246,4.493943214,6.023458481,6.306409836,6.668928623,4.205535889,4.138445377,6.120807171,4.543943405,4.249013901,5.515665054,7.178042412,5.484094143,4.446440220,6.385652542,4.249013901,4.205535889,7.207519531,5.404759407,4.543943405,6.804022312,4.205535412,7.318181038,5.501630783,4.543943405]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01204{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":28,"flow_first_seen":1585754662417775,"flow_src_last_pkt_time":1585754670430406,"flow_dst_last_pkt_time":1585754670531367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1588,"flow_src_tot_l4_payload_len":1343,"flow_dst_tot_l4_payload_len":4713,"midstream":0,"thread_ts_usec":1585754670531367,"l3_proto":"ip4","src_ip":"192.168.20.211","dst_ip":"1.1.1.1","src_port":44404,"dst_port":443,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/dns2tcp_tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":6056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1585754670531367} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 50/50 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 6056 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 11483862 bytes +~~ total memory freed........: 11483862 bytes +~~ total allocations/frees...: 216680/216680 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 543 chars +~~ json string max len.......: 2397 chars +~~ json string avg len.......: 1403 chars diff --git a/test/results/default/dns_ambiguous_names.pcap.out b/test/results/default/dns_ambiguous_names.pcap.out index e1c3b6d48..b9d7ffa1c 100644 --- a/test/results/default/dns_ambiguous_names.pcap.out +++ b/test/results/default/dns_ambiguous_names.pcap.out @@ -1,5 +1,5 @@ -00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1625744123717337} +00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1625744123717337} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123717337,"flow_src_last_pkt_time":1625744123717337,"flow_dst_last_pkt_time":1625744123717337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625744123717337,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1625744123717337,"flow_dst_last_pkt_time":1625744123717337,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1625744123717337,"pkt":"ABshv2HAVASmitEsCABFAABS3sIAAEARfvYKyAILCAgICLz3ADUAPh0yZjEBIAABAAAAAAABCjQxLWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAQAAKRAAAAAAAAAA"} 01210{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123717337,"flow_src_last_pkt_time":1625744123717337,"flow_dst_last_pkt_time":1625744123717337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625744123717337,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","proto_id":"5.238","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"41-courier.push.apple.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -27,9 +27,9 @@ 01101{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123858437,"flow_src_last_pkt_time":1625744123858437,"flow_dst_last_pkt_time":1625744123885159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":335,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":335,"midstream":0,"thread_ts_usec":1625744123885159,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57632,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.PlayStore","proto_id":"5.228","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"android.clients.google.com","dns": {"num_queries":1,"num_answers":18,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"108.177.14.101"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123890136,"flow_src_last_pkt_time":1625744123890136,"flow_dst_last_pkt_time":1625744123890136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625744123890136,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1625744123890136,"flow_dst_last_pkt_time":1625744123890136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1625744123890136,"pkt":"ABshv2HAVASmitEsCABFAABO3wwAAEARfrAKyAILCAgICKcmADUAOh0utWIBIAABAAAAAAABASoFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQABAAApEAAAAAAAAAA="} -01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123890136,"flow_src_last_pkt_time":1625744123890136,"flow_dst_last_pkt_time":1625744123890136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625744123890136,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"_.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123890136,"flow_src_last_pkt_time":1625744123890136,"flow_dst_last_pkt_time":1625744123890136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625744123890136,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"_.teams.microsoft.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1625744123890136,"flow_dst_last_pkt_time":1625744123973076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1625744123973076,"pkt":"VASmitEsEL9IThY0CABFAACY7gkAADwRc2kICAgICsgCCwA1pyYAhI+OtWKBgwABAAAAAQABASoFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQABwBQABgABAAABKwA+B25zMS0yMDUJYXp1cmUtZG5zwB4TYXp1cmVkbnMtaG9zdG1hc3RlcsAUAAAAAQAADhAAAAEsACTqAAAAASwAACkCAAAAAAAAAA=="} -01197{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123890136,"flow_src_last_pkt_time":1625744123890136,"flow_dst_last_pkt_time":1625744123973076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1625744123973076,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"_.teams.microsoft.com","dns": {"num_queries":1,"num_answers":2,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01323{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123890136,"flow_src_last_pkt_time":1625744123890136,"flow_dst_last_pkt_time":1625744123973076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1625744123973076,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","hostname":"_.teams.microsoft.com","dns": {"num_queries":1,"num_answers":2,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123977935,"flow_src_last_pkt_time":1625744123977935,"flow_dst_last_pkt_time":1625744123977935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625744123977935,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1625744123977935,"flow_dst_last_pkt_time":1625744123977935,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1625744123977935,"pkt":"ABshv2HAVASmitEsCABFAABS3y4AAEARfooKyAILCAgICKymADUAPh0yDWEBIAABAAAAAAABDHdpZGUteW91dHViZQFsBmdvb2dsZQNjb20AAAEAAQAAKRAAAAAAAAAA"} 01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625744123977935,"flow_src_last_pkt_time":1625744123977935,"flow_dst_last_pkt_time":1625744123977935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625744123977935,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44198,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"wide-youtube.l.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -58,9 +58,9 @@ 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123717337,"flow_src_last_pkt_time":1625744123717337,"flow_dst_last_pkt_time":1625744123759146,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":276,"midstream":0,"thread_ts_usec":1625744124461060,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ApplePush","proto_id":"5.238","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744124010794,"flow_src_last_pkt_time":1625744124010794,"flow_dst_last_pkt_time":1625744124069035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":46,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":46,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1625744124461060,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":52541,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleSiri","proto_id":"5.254","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123796920,"flow_src_last_pkt_time":1625744123796920,"flow_dst_last_pkt_time":1625744123823325,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":48,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":1625744124461060,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123890136,"flow_src_last_pkt_time":1625744123890136,"flow_dst_last_pkt_time":1625744123973076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1625744124461060,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} +01214{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744123890136,"flow_src_last_pkt_time":1625744123890136,"flow_dst_last_pkt_time":1625744123973076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1625744124461060,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625744124422852,"flow_src_last_pkt_time":1625744124422852,"flow_dst_last_pkt_time":1625744124461060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":76,"midstream":0,"thread_ts_usec":1625744124461060,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Instagram","proto_id":"5.211","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} -00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1625744124461060} +00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_ambiguous_names.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1625744124461060} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -69,10 +69,10 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7786689 bytes -~~ total memory freed........: 7786689 bytes -~~ total allocations/frees...: 146491/146491 +~~ total memory allocated....: 11495164 bytes +~~ total memory freed........: 11495164 bytes +~~ total allocations/frees...: 216745/216745 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 580 chars -~~ json string max len.......: 1216 chars -~~ json string avg len.......: 898 chars +~~ json string max len.......: 1328 chars +~~ json string avg len.......: 953 chars diff --git a/test/results/default/dns_doh.pcap.out b/test/results/default/dns_doh.pcap.out index b163d3724..21160d627 100644 --- a/test/results/default/dns_doh.pcap.out +++ b/test/results/default/dns_doh.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1571089200789290} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1571089200789290} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089200789290,"flow_dst_last_pkt_time":1571089200789290,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1571089200789290,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1571089200789290,"flow_dst_last_pkt_time":1571089200789290,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1571089200789290,"pkt":"WkBO7NFkeDHBvV4kCABFAABAAABAAEAGI5asFAoEaBD4+cLVAbuk7FgiAAAAALAC\/\/+OlwAAAgQFtAEDAwYBAQgKHZWyDQAAAAAEAgAA"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1571089200789290,"flow_dst_last_pkt_time":1571089200876406,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1571089200876406,"pkt":"eDHBvV4kWkBO7NFkCABFAAA0AAAAADAGc6JoEPj5rBQKBAG7wtXKYdwupOxYI4ASchB+OgAAAgQFFAEBBAIBAwMK"} @@ -10,7 +10,7 @@ 01251{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089200878306,"flow_dst_last_pkt_time":1571089200968629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1300,"midstream":0,"thread_ts_usec":1571089200968629,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"mozilla.cloudflare-dns.com","tls": {"version":"TLSv1.3","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 02166{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089201723583,"flow_dst_last_pkt_time":1571089201764372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":1424,"flow_dst_tot_l4_payload_len":4202,"midstream":0,"thread_ts_usec":1571089201764372,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":61592.7,"max":535341,"stddev":130172.4,"var":16944855040.0,"ent":3.0,"data": [87116,87208,1808,92218,5,2,90426,511,1485,930,26074,858,110,91,102733,7825,6,1,83431,1,0,17900,147557,535341,708,88830,66,525420,6,10702,6]},"pktlen": {"min":40,"avg":216.9,"max":1340,"stddev":327.3,"var":107137.2,"ent":3.9,"data": [64,52,40,557,40,1340,1340,40,40,489,40,104,210,283,119,40,577,390,71,40,40,40,71,40,102,133,102,143,40,40,244,71]},"bins": {"c_to_s": [9,2,3,1,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1],"entropies": [4.441382408,4.801308632,4.503056526,5.369568825,4.730641365,7.827131748,7.862888336,4.630641460,4.453056335,7.522860050,4.630641460,5.744826317,6.939166546,7.200489998,6.276752949,4.730641365,7.589616776,7.428659439,5.699038506,4.730641365,4.730641365,4.680641174,5.688406467,4.780641556,6.111449242,6.391828060,6.039783001,6.407779217,4.780641556,4.730641365,7.064774990,5.558194637]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":86,"flow_dst_packets_processed":56,"flow_first_seen":1571089200789290,"flow_src_last_pkt_time":1571089204031014,"flow_dst_last_pkt_time":1571089204030791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1300,"flow_src_tot_l4_payload_len":3792,"flow_dst_tot_l4_payload_len":8866,"midstream":0,"thread_ts_usec":1571089204031014,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":142,"packets-processed":142,"total-skipped-flows":0,"total-l4-payload-len":12658,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1571089204031014} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/dns_doh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":142,"packets-processed":142,"total-skipped-flows":0,"total-l4-payload-len":12658,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1571089204031014} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 142/142 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7780394 bytes -~~ total memory freed........: 7780394 bytes -~~ total allocations/frees...: 146519/146519 +~~ total memory allocated....: 11489013 bytes +~~ total memory freed........: 11489013 bytes +~~ total allocations/frees...: 216773/216773 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 529 chars ~~ json string max len.......: 2171 chars diff --git a/test/results/default/dns_dot.pcap.out b/test/results/default/dns_dot.pcap.out index 08c846849..cb4690d23 100644 --- a/test/results/default/dns_dot.pcap.out +++ b/test/results/default/dns_dot.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1572783663234722} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1572783663234722} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1572783663234722,"flow_src_last_pkt_time":1572783663234722,"flow_dst_last_pkt_time":1572783663234722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1572783663234722,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1572783663234722,"flow_dst_last_pkt_time":1572783663234722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1572783663234722,"pkt":"uCfrK5DxCAAnjau+CABFAAA8w6dAAEAGpKPAqAG5CAgICOOyA1VVRPv3AAAAAKAC+vDSnwAAAgQFtAQCCAoqL5UTAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1572783663234722,"flow_dst_last_pkt_time":1572783663269648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1572783663269648,"pkt":"CAAnjau+uCfrK5DxCABFAAA8cqUAAHcG\/qUICAgIwKgBuQNV47LuO0vYVUT7+KAS6yDKxQAAAgQFZAQCCAqOOwAQKi+VEwEDAwg="} @@ -9,7 +9,7 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1572783663269902,"flow_dst_last_pkt_time":1572783663302644,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1572783663302644,"pkt":"CAAnjau+uCfrK5DxCABFAAA0cqYAAHcG\/qwICAgIwKgBuQNV47LuO0vZVUT8voAQAPDiaAAAAQEICo47ADIqL5U2"} 01911{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1572783663234722,"flow_src_last_pkt_time":1572783663269902,"flow_dst_last_pkt_time":1572783663319899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":3069,"flow_src_tot_l4_payload_len":198,"flow_dst_tot_l4_payload_len":3069,"midstream":0,"thread_ts_usec":1572783663319899,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","tls": {"version":"TLSv1.2","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"2b341b88c742e940cfb485ce7d93dde7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53"}}} 00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":10,"flow_first_seen":1572783663234722,"flow_src_last_pkt_time":1572783666246370,"flow_dst_last_pkt_time":1572783666246346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":3069,"flow_src_tot_l4_payload_len":548,"flow_dst_tot_l4_payload_len":3721,"midstream":0,"thread_ts_usec":1572783666246370,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":4269,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1572783666246370} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/dns_dot.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":4269,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1572783666246370} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7775783 bytes -~~ total memory freed........: 7775783 bytes -~~ total allocations/frees...: 146413/146413 +~~ total memory allocated....: 11484402 bytes +~~ total memory freed........: 11484402 bytes +~~ total allocations/frees...: 216667/216667 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 545 chars ~~ json string max len.......: 1916 chars diff --git a/test/results/default/dns_exfiltration.pcap.out b/test/results/default/dns_exfiltration.pcap.out index 05a20fb84..940747294 100644 --- a/test/results/default/dns_exfiltration.pcap.out +++ b/test/results/default/dns_exfiltration.pcap.out @@ -1,5 +1,5 @@ -00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1580978146717893} +00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1580978146717893} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978146717893,"flow_dst_last_pkt_time":1580978146717893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":173,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1580978146717893,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1580978146717893,"flow_dst_last_pkt_time":1580978146717893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_usec":1580978146717893,"pkt":"qqru7hERjNzURr7ECABFAADJegRAAD8RAADAqNw4wKjLp9w1ADUAtSn4OR0BAAABAAAAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAE="} 01369{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978146717893,"flow_dst_last_pkt_time":1580978146717893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":173,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1580978146717893,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -11,7 +11,7 @@ 02497{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978160880828,"flow_dst_last_pkt_time":1580978160882236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":344,"flow_src_tot_l4_payload_len":1158,"flow_dst_tot_l4_payload_len":2183,"midstream":0,"thread_ts_usec":1580978160882236,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3976,"avg":913783.2,"max":1035526,"stddev":281798.4,"var":79410348032.0,"ent":4.8,"data": [170631,1035526,866477,1015270,1015599,4647,3976,1009971,1010376,1009201,1009121,1008475,1008435,1009499,1009380,1008042,1008120,1008655,1008570,1009773,1009797,1009990,1010112,1008960,1008939,1008465,1008353,1007666,1007763,1008795,1008694]},"pktlen": {"min":87,"avg":132.4,"max":372,"stddev":59.1,"var":3497.9,"ent":4.9,"data": [201,372,152,272,122,179,87,134,87,134,87,142,87,134,87,144,87,144,87,142,87,134,87,144,87,144,87,144,87,134,87,134]},"bins": {"c_to_s": [0,13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,13,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.667089462,4.689397812,4.760825157,4.825231075,4.676949501,4.874624252,4.717905998,4.933177948,4.565960884,4.809306622,4.614233017,4.906701565,4.640079498,4.841056824,4.601366520,4.896399975,4.614233017,4.837578773,4.621761799,4.830716610,4.594102859,4.805916786,4.652946472,4.869677067,4.607450485,4.854219437,4.621762276,4.930173397,4.677563667,4.830170631,4.546681404,4.850760937]},"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01219{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":57,"flow_dst_packets_processed":57,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978196387731,"flow_dst_last_pkt_time":1580978196389199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":344,"flow_src_tot_l4_payload_len":4115,"flow_dst_tot_l4_payload_len":7851,"midstream":0,"thread_ts_usec":1580978196389199,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01221{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":150,"flow_dst_packets_processed":150,"flow_first_seen":1580978146717893,"flow_src_last_pkt_time":1580978206706247,"flow_dst_last_pkt_time":1580978206707432,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":258,"flow_dst_max_l4_payload_len":344,"flow_src_tot_l4_payload_len":26119,"flow_dst_tot_l4_payload_len":34826,"midstream":0,"thread_ts_usec":1580978206707432,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":300,"packets-processed":300,"total-skipped-flows":0,"total-l4-payload-len":60945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1580978206707432} +00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/dns_exfiltration.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":300,"packets-processed":300,"total-skipped-flows":0,"total-l4-payload-len":60945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1580978206707432} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 300/300 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7775567 bytes -~~ total memory freed........: 7775567 bytes -~~ total allocations/frees...: 146673/146673 +~~ total memory allocated....: 11484186 bytes +~~ total memory freed........: 11484186 bytes +~~ total allocations/frees...: 216927/216927 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 577 chars ~~ json string max len.......: 2502 chars diff --git a/test/results/default/dns_fragmented.pcap.out b/test/results/default/dns_fragmented.pcap.out index fbe384d0a..8c7d7dd8a 100644 --- a/test/results/default/dns_fragmented.pcap.out +++ b/test/results/default/dns_fragmented.pcap.out @@ -1,5 +1,5 @@ -00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1558968008021140} +00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1558968008021140} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968008021140,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021140,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968008021140,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021140,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1558968008021140,"pkt":"AAwpil3XAIac51UUCABFAABE5WoAAG8R7BGs2ShMwRjj7t1oADUAMAwz1D8AEAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAAAA=="} 01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968008021140,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021140,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968008021140,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -9,16 +9,16 @@ 00651{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"thread_ts_usec":1558968008021712,"pkt":"AIac51UUAAwpil3XCABFAAD60P4AuUARLg\/BGOPurNkoTJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968010233766,"flow_src_last_pkt_time":1558968010233766,"flow_dst_last_pkt_time":1558968010233766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968010233766,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1558968010233766,"flow_dst_last_pkt_time":1558968010233766,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":120,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":120,"pkt_l4_len":66,"thread_ts_usec":1558968010233766,"pkt":"AAwpil3XAIac51UUht1gArj8AEIRayoAFFBAEwwDAAAAAAAAAQogAQRwdlsAAAAAAAAKJQBTtWEANQBC7JLpxAAQAAEAAAAAAAECcGEId2ViZXJsYWICZGUAABwAAQAAKRAAAACAAAAPAAgACwACOAAgAQRwHwsW"} -01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968010233766,"flow_src_last_pkt_time":1558968010233766,"flow_dst_last_pkt_time":1558968010233766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968010233766,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pa.weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968010233766,"flow_src_last_pkt_time":1558968010233766,"flow_dst_last_pkt_time":1558968010233766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968010233766,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pa.weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 02496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1558968010233766,"flow_dst_last_pkt_time":1558968010234445,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1510,"pkt_l4_len":1448,"thread_ts_usec":1558968010234445,"pkt":"AIac51UUAAwpil3Xht1gB4f9BbAsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMAwAAAAAAAAEKEQAAAShAPAsANbVhBeUUjunEhBAAAQACAAMACQJwYQh3ZWJlcmxhYgJkZQAAHAABwAwAHAABAAAAPAAQIAEEcB8LECQAAAAAAAAAAsAMAC4AAQAAADwBHwAcCgMAAAA8XQZZ\/FzevuyQRwh3ZWJlcmxhYgJkZQC1pnXN9aJB47xcEl0t+RyJPr\/p+1OSRyBEPleyPVcVG13SY1au\/jvJTdnRA4lySA7r3bi4LlJCEattffR4fjevK4f+NrGd0s5mJ+PRg85+C1QnHQmbvL9v+MI2zPL2z8n5PSX3Yf1y4VNvPCJ7YmzWzkyABQys7VcUh58r0Vf2MDfcX+p\/oqdfN5wH3piEMrifXVk3S1jvEgqm3k\/0jIc5bfsXYFPDiziLSsKruSCkr5Ydv6DPypeAQh8lSdezjVxYVAOnbrtC88Q7QQ04+1dWXmZGW9cG+PBKFrFDsPDKsCvsJ0ggc3+bJXpyZZ0SaqfH4Zgi8NjO\/iMCsrSxLkS9wFoAAgABAAAAPAAPA25zMgh3ZWJlcmRuc8BjwFoAAgABAAAAPAAGA25zMcF3wFoALgABAAAAPAEfAAIKAgAAADxdCgDsXOJvNZBHCHdlYmVybGFiAmRlAHSoxNqqAKym4hw9iI9\/cGB9AOyri1gZ9PRCVa3kokohNFwwgJZHh\/GYLEe5aVQ16NDPaZsaEDNFKVzAqyIPhTpD66im4JiAdIma3+zQ6MM9+50XgE4zD34pXPziEN3\/hpyx0OsRaMDdi+fLJ+VSFGsK+dEf7olAlTzREwS8gAhMxbir6bK5GyMP0HpB+N56qoJQqvHlvC11N4HQ1PiAfHGM\/e0cnoTP4HtNoJs4zlO01ipMUjuZ2yl3aHqydGgSm9jswrVneievkN6cP9\/osHneUEe3pq+Na767DBQ6GotyiL0ifYjqRt+tp11FZgz+RwhCI599k5mxFSecocr80szBjgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwXMAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8GOAAEAAQAADhAABMEY4+7BcwABAAEAAA4QAATC9wUOwY4ALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALFKzqMjh9BzTzk7te1fsFGook8hWPtH0Dh2qeLmkPiC00JY45Dj2PARXv44katX35tAeXg4ix8QZs+c1GIcPatTaDXZe6J7CgZjoERP+ecNOmJ3vNLtj8s3UGq5X1b66ao4qdZN6E8DXjYpPWxeaD+6KZd7ytQjBmRNzONHV4CNwY4ALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAEEPt\/jvpNYZTaxUf\/hq3Z6tUps6XBA9Yu325Bwy3LukMjtOntkxZ48rvFNij79Ioq3EbGxCb4PD0EVLtA5lKR6U69jYrdbsh11ahmIq4c0voBJAKVJkpfioqYTXkZCppD5DWEnFc7+3dmCZtR6n7cdLRMGXeU0ee7boqf+ntG0ywXMALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAAdbeEFbg2lg4i3rnV+6yQt2VeYizGmT\/rDt7rXbe9Gvg0bs7cCzKvh3nLNc7lfkw3Toxu3h2m\/NqvAJNkxLRmrtfxw68cyy4lkHhL2NLL3Y19jvp2qm25mZVgwcJylB9Dlvk0ReqgeiL8E1GyKZ+bYJb4PW+X45ewaJrdYFgGv4wXMALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALY71RRfBids18YMqfb3pDV95vjCv9gQTwdXg7KIz9hcjsWC4LdX4rCK4Rics7xQ5QaBNODVJNd5alz0R5hMDerxbEpzVvoggNs6EwCYRezdSpP5C3DJFx6i88C2SQ=="} -01348{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968010233766,"flow_src_last_pkt_time":1558968010233766,"flow_dst_last_pkt_time":1558968010234445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1558968010234445,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pa.weberlab.de","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}} +01349{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968010233766,"flow_src_last_pkt_time":1558968010233766,"flow_dst_last_pkt_time":1558968010234445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1558968010234445,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"pa.weberlab.de","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}} 00320{"error_event_id":12,"error_event_name":"nDPI IPv6\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1558968010234463,"packet_id":6,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":89,"global_ts_usec":1558968010234463} 00463{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":123,"pkt_l4_len":0,"thread_ts_usec":1558968010234445,"pkt":"AIac51UUAAwpil3Xht1gB4f9AEUsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMAwAAAAAAAAEKEQAFqChAPAtderZqHOphjXllMk8sHswGkSaaDoR\/AL9bqSnISQXKcnns5gAAKRAAAACAAAAPAAgACwACOAAgAQRwHwsW"} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968018074594,"flow_src_last_pkt_time":1558968018074594,"flow_dst_last_pkt_time":1558968018074594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968018074594,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1558968018074594,"flow_dst_last_pkt_time":1558968018074594,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_usec":1558968018074594,"pkt":"AAwpil3XAIac51UUht1gCQGuAEMRayoAFFBAEwwGAAAAAAAAAQUgAQRwdlsAAAAAAAAKJQBT94kANQBDODsKMgAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAABAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} -01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968018074594,"flow_src_last_pkt_time":1558968018074594,"flow_dst_last_pkt_time":1558968018074594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968018074594,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968018074594,"flow_src_last_pkt_time":1558968018074594,"flow_dst_last_pkt_time":1558968018074594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968018074594,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 02502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1558968018074594,"flow_dst_last_pkt_time":1558968018075178,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1510,"pkt_l4_len":1448,"thread_ts_usec":1558968018075178,"pkt":"AIac51UUAAwpil3Xht1gAmIVBbAsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBgAAAAAAAAEFEQAAASR\/DLMANfeJBdraSAoyhBAAAQACAAMACQNmZzIId2ViZXJsYWICZGUAAAEAAcAMAAEAAQAAADwABML3BArADAAuAAEAAAA8AR8AAQoDAAAAPF0J+51c4m0NkEcId2ViZXJsYWICZGUATmqKLyXYlD7oC1wjnJdPzxr55pJoGn6h+biEYxUlvjgkAKYGVr2OkUzNi9dPZZCT1\/wXWro5BadVhTNlYhGA9J99DHUUB5NEITFfyeoCqRwORKOIN8F3N4260XT5uRwPgDtpnX9J6IRQN3Hg639ASVUfreGkxN2At0j1oxD21UcoFDfwz5Fn7owm5vE3RP6EyTqHCPkRSCJvvZO+Lb6nyRwRS\/BgbrTAjIDB9gxMtXs7GIKlm\/T21iqqa\/CM0K3y9nYSv2Mbgyh+nhDaTp4WmMKZfRzP6DKGL+Myx7893ekGgWnaQNeZGzB3BTQVSEJFLULyYavsqtvSpVIspLF1IcBPAAIAAQAAADwADwNuczIId2ViZXJkbnPAWMBPAAIAAQAAADwABgNuczHBbMBPAC4AAQAAADwBHwACCgIAAAA8XQoA7FzibzWQRwh3ZWJlcmxhYgJkZQB0qMTaqgCspuIcPYiPf3BgfQDsq4tYGfT0QlWt5KJKITRcMICWR4fxmCxHuWlUNejQz2mbGhAzRSlcwKsiD4U6Q+uopuCYgHSJmt\/s0OjDPfudF4BOMw9+KVz84hDd\/4acsdDrEWjA3YvnyyflUhRrCvnRH+6JQJU80RMEvIAITMW4q+myuRsjD9B6QfjeeqqCUKrx5bwtdTeB0NT4gHxxjP3tHJ6Ez+B7TaCbOM5TtNYqTFI7mdspd2h6snRoEpvY7MK1Z3onr5DenD\/f6LB53lBHt6avjWu+uwwUOhqLcoi9In2I6kbfraddRWYM\/kcIQiOffZOZsRUnnKHK\/NLMwYMAHAABAAAOEAAQIAEEcHZbAAAAAAAACiUAU8FoABwAAQAADhAAECABBHAfCxawAAAAAAomAFPBgwABAAEAAA4QAATBGOPuwWgAAQABAAAOEAAEwvcFDsGDAC4AAQAADhAAnwABCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQCxSs6jI4fQc085O7XtX7BRqKJPIVj7R9A4dqni5pD4gtNCWOOQ49jwEV7+OJGrV9+bQHl4OIsfEGbPnNRiHD2rU2g12XuiewoGY6BET\/nnDTpid7zS7Y\/LN1BquV9W+umqOKnWTehPA142KT1sXmg\/uimXe8rUIwZkTczjR1eAjcGDAC4AAQAADhAAnwAcCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQBBD7f476TWGU2sVH\/4at2erVKbOlwQPWLt9uQcMty7pDI7Tp7ZMWePK7xTYo+\/SKKtxGxsQm+Dw9BFS7QOZSkelOvY2K3W7IddWoZiKuHNL6ASQClSZKX4qKmE15GQqaQ+Q1hJxXO\/t3ZgmbUep+3HS0TBl3lNHnu26Kn\/p7RtMsFoAC4AAQAADhAAnwABCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQAHW3hBW4NpYOIt651fuskLdlXmIsxpk\/6w7e6123vRr4NG7O3Asyr4d5yzXO5X5MN06Mbt4dpvzarwCTZMS0Zq7X8cOvHMsuJZB4S9jSy92NfY76dqptuZmVYMHCcpQfQ5b5NEXqoHoi\/BNRsimfm2CW+D1vl+OXsGia3WBYBr+MFoAC4AAQAADhAAnwAcCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQC2O9UUXwYnbNfGDKn296Q1feb4wr\/YEE8HV4OyiM\/YXI7FguC3V+KwiuEYnLO8UOUGgTTg1STXeWpc9EeYTA3q8WxKc1b6IIDbOhMAmEXs3UqT+QtwyRceovPAtklderZqHOphjXllMg=="} -01349{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968018074594,"flow_src_last_pkt_time":1558968018074594,"flow_dst_last_pkt_time":1558968018075178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1558968018075178,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}}} +01350{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968018074594,"flow_src_last_pkt_time":1558968018074594,"flow_dst_last_pkt_time":1558968018075178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1558968018075178,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","dns": {"num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}}} 00320{"error_event_id":12,"error_event_name":"nDPI IPv6\/L4 payload detection failed","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1558968018075197,"packet_id":9,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":78,"global_ts_usec":1558968018075197} 00452{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":112,"pkt_l4_len":0,"thread_ts_usec":1558968018075178,"pkt":"AIac51UUAAwpil3Xht1gAmIVADosQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBgAAAAAAAAEFEQAFqCR\/DLNPLB7MBpEmmg6EfwC\/W6kpyEkFynJ57OYAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968019069107,"flow_src_last_pkt_time":1558968019069107,"flow_dst_last_pkt_time":1558968019069107,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968019069107,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -30,9 +30,9 @@ 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_usec":1558968019069715,"pkt":"AIac51UUAAwpil3XCABFAAAm4hEAuUARm8rBGOPurcKpaAAADwAIAAsAAjgAIAEEcB8LFg=="} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968021013672,"flow_src_last_pkt_time":1558968021013672,"flow_dst_last_pkt_time":1558968021013672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968021013672,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1558968021013672,"flow_dst_last_pkt_time":1558968021013672,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_usec":1558968021013672,"pkt":"AAwpil3XAIac51UUht1gBi\/8AEMRayoAFFBADAwAAAAAAAAAAQYgAQRwdlsAAAAAAAAKJQBT1J4ANQBDpiukOAAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAAcAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} -01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968021013672,"flow_src_last_pkt_time":1558968021013672,"flow_dst_last_pkt_time":1558968021013672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968021013672,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968021013672,"flow_src_last_pkt_time":1558968021013672,"flow_dst_last_pkt_time":1558968021013672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968021013672,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 01658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1558968021013672,"flow_dst_last_pkt_time":1558968021014081,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":886,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":886,"pkt_l4_len":832,"thread_ts_usec":1558968021014081,"pkt":"AIac51UUAAwpil3Xht1gCbz6A0ARQCABBHB2WwAAAAAAAAolAFMqABRQQAwMAAAAAAAAAAEGADXUngNAM\/ikOIQQAAEAAAAEAAEDZmcyCHdlYmVybGFiAmRlAAAcAAHAEAAGAAEAAAA8ADwDbnMwCHdlYmVyZG5zwBkJd2VibWFzdGVyCXdlYmVybmV0egNuZXQAeFhI6QAADhAAAAOEACTqAAAAADzAEAAuAAEAAAA8AR8ABgoCAAAAPF0SKiBc6o8QkEcId2ViZXJsYWICZGUAsAsLORY9T68251zcXXrXYMubapdXlnVZdczSZ8VjQS3g0dStlbXNUxRf4FJCpZevgIdkz+OzavU4Y3EyCKf5qxw7GiEllt+hznji85+jlwbqxa7BHuVrNf4YxsbIr0kaSblmtIn8e12vMQAgQIzOeK4VKGey+3rFftx2Cs7v0mw4V0Rd+gTYttfq+PLvGu8vSZibXFxqlj86VVzTwvOCEmjqKNyjon+\/djMG\/LpzWXoT2evp9l8K1VcJU\/8uUY9ZE4WS0WjV4uuPKKqmHeTkethHG1xsLp0jKFQP8kYfYkdlxDBuNu6KhurVxO4RiM92K63vMdmIW\/4VjMYm2cPPQCBWTlI1U0hKRjVHQ1RFQ1RIN0wwRUNLTEoxTkRGNE04S8CHADIAAQAAALQAMgEAABQQM4lV2XYIwLE0ewVnw5K1+BQAQBNLJ89Pbt3WSJZWXFg+eo1pkwAGQAAAAAACwZQALgABAAAAtAEfADIKAwAAALRdChEDXOJ73JBHCHdlYmVybGFiAmRlAFwWgMgEjrA1OcHB+Qo5dWmMix1bJ7WFGsQIkPmTlF\/KVvK6k5dVU4FDCZtKPuPYCkg0XLBOcR\/wguOUuuyBL7cbjUoN0UHJur34eNeWLngpBhaxFTmuqY80vKjed0ttFQ6uVnd2OAmDzRp6YxYtTin4\/XGlVO6lMt+k2mYftwRyr5Ohjp6NH+J8dbjX7gkD3ENGAHspVLSTz4LxrhUH8dsbFK8rT\/kUhlCBvTuJYAxOkSEWqp4vVZ54PXcY61pn5KAT8mJWdw+HLsa\/lUjZNXicEmky99XDlPLcJk7OI3ZM83QYPgYAFE\/lMHbTSiiue2rS4deUwWxFmnQYlhv0FA4AACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} -01230{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968021013672,"flow_src_last_pkt_time":1558968021013672,"flow_dst_last_pkt_time":1558968021014081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":824,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":824,"midstream":0,"thread_ts_usec":1558968021014081,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01231{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968021013672,"flow_src_last_pkt_time":1558968021013672,"flow_dst_last_pkt_time":1558968021014081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":824,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":824,"midstream":0,"thread_ts_usec":1558968021014081,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968021026749,"flow_src_last_pkt_time":1558968021026749,"flow_dst_last_pkt_time":1558968021026749,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968021026749,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1558968021026749,"flow_dst_last_pkt_time":1558968021026749,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1558968021026749,"pkt":"AAwpil3XAIac51UUCABFAABEdWYAAGwRujZKfS+IwRjj7ufCADUAMBuRFagAEAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAAAA=="} 01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968021026749,"flow_src_last_pkt_time":1558968021026749,"flow_dst_last_pkt_time":1558968021026749,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968021026749,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -42,10 +42,10 @@ 00651{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"thread_ts_usec":1558968021027012,"pkt":"AIac51UUAAwpil3XCABFAAD6iTwAuUAR0PHBGOPuSn0viJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968031134211,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134211,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968031134211,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134211,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_usec":1558968031134211,"pkt":"AAwpil3XAIac51UUht1gCRS7AEMRbCoAFFBAEwwFAAAAAAAAAQ4gAQRwdlsAAAAAAAAKJQBTiIAANQBD+GeeBgAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAAcAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} -01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968031134211,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134211,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968031134211,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1558968031134211,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134211,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1558968031134211,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 01657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134623,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":886,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":886,"pkt_l4_len":832,"thread_ts_usec":1558968031134623,"pkt":"AIac51UUAAwpil3Xht1gAJ7uA0ARQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBQAAAAAAAAEOADWIgANANAyeBoQQAAEAAAAEAAEDZmcyCHdlYmVybGFiAmRlAAAcAAHAEAAGAAEAAAA8ADwDbnMwCHdlYmVyZG5zwBkJd2VibWFzdGVyCXdlYmVybmV0egNuZXQAeFhI6QAADhAAAAOEACTqAAAAADzAEAAuAAEAAAA8AR8ABgoCAAAAPF0SKiBc6o8QkEcId2ViZXJsYWICZGUAsAsLORY9T68251zcXXrXYMubapdXlnVZdczSZ8VjQS3g0dStlbXNUxRf4FJCpZevgIdkz+OzavU4Y3EyCKf5qxw7GiEllt+hznji85+jlwbqxa7BHuVrNf4YxsbIr0kaSblmtIn8e12vMQAgQIzOeK4VKGey+3rFftx2Cs7v0mw4V0Rd+gTYttfq+PLvGu8vSZibXFxqlj86VVzTwvOCEmjqKNyjon+\/djMG\/LpzWXoT2evp9l8K1VcJU\/8uUY9ZE4WS0WjV4uuPKKqmHeTkethHG1xsLp0jKFQP8kYfYkdlxDBuNu6KhurVxO4RiM92K63vMdmIW\/4VjMYm2cPPQCBWTlI1U0hKRjVHQ1RFQ1RIN0wwRUNLTEoxTkRGNE04S8CHADIAAQAAALQAMgEAABQQM4lV2XYIwLE0ewVnw5K1+BQAQBNLJ89Pbt3WSJZWXFg+eo1pkwAGQAAAAAACwZQALgABAAAAtAEfADIKAwAAALRdChEDXOJ73JBHCHdlYmVybGFiAmRlAFwWgMgEjrA1OcHB+Qo5dWmMix1bJ7WFGsQIkPmTlF\/KVvK6k5dVU4FDCZtKPuPYCkg0XLBOcR\/wguOUuuyBL7cbjUoN0UHJur34eNeWLngpBhaxFTmuqY80vKjed0ttFQ6uVnd2OAmDzRp6YxYtTin4\/XGlVO6lMt+k2mYftwRyr5Ohjp6NH+J8dbjX7gkD3ENGAHspVLSTz4LxrhUH8dsbFK8rT\/kUhlCBvTuJYAxOkSEWqp4vVZ54PXcY61pn5KAT8mJWdw+HLsa\/lUjZNXicEmky99XDlPLcJk7OI3ZM83QYPgYAFE\/lMHbTSiiue2rS4deUwWxFmnQYlhv0FA4AACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} -01230{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968031134211,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":824,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":824,"midstream":0,"thread_ts_usec":1558968031134623,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":9318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1559042371783274} +01231{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968031134211,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":824,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":824,"midstream":0,"thread_ts_usec":1558968031134623,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2.weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":9318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1559042371783274} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559042371783274,"flow_src_last_pkt_time":1559042371783274,"flow_dst_last_pkt_time":1559042371783274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559042371783274,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1559042371783274,"flow_dst_last_pkt_time":1559042371783274,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"thread_ts_usec":1559042371783274,"pkt":"CFsOoYNeAAwpfKTLht1gCrtxAEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTuhIANQBFzxq5yAEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACJyfIZPEos+4"} 01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559042371783274,"flow_src_last_pkt_time":1559042371783274,"flow_dst_last_pkt_time":1559042371783274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559042371783274,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2-mgmt.weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -67,23 +67,23 @@ 00866{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1559042374827134,"flow_dst_last_pkt_time":1559042374838965,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":300,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":300,"pkt_l4_len":246,"thread_ts_usec":1559042374838965,"pkt":"AAwpfKTLCFsOoYNeht1gBQOmAPYRPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLADW1aAD2vA3qAoUAAAEAAQACAAUIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAcAMABwAAQAAADwAECABBHAfCxawAAAAAAAAAAHAFQACAAEAAAA8AA8DbnMxCHdlYmVyZG5zwB7AFQACAAEAAAA8AAYDbnMywFLATgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwGkAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8BOAAEAAQAADhAABMEY4+7AaQABAAEAAA4QAATC9wUOAAApEAAAAAAAABwACgAYtSZQqkfMSEY\/2z8HXO0ZRm3ax03ipZX3"} 01119{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1559042374827134,"flow_src_last_pkt_time":1559042374827134,"flow_dst_last_pkt_time":1559042374838965,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":238,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":238,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":46440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"fg2-mgmt.weberlab.de","dns": {"num_queries":1,"num_answers":8,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}} 01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968008021140,"flow_src_last_pkt_time":1558968008021140,"flow_dst_last_pkt_time":1558968008021712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":1472,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01241{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968018074594,"flow_src_last_pkt_time":1558968018074594,"flow_dst_last_pkt_time":1558968018075178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968031134211,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":824,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":824,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01242{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968018074594,"flow_src_last_pkt_time":1558968018074594,"flow_dst_last_pkt_time":1558968018075178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968031134211,"flow_src_last_pkt_time":1558968031134211,"flow_dst_last_pkt_time":1558968031134623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":824,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":824,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01227{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968019069107,"flow_src_last_pkt_time":1558968019069107,"flow_dst_last_pkt_time":1558968019069715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":1472,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968021026749,"flow_src_last_pkt_time":1558968021026749,"flow_dst_last_pkt_time":1558968021027012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":1472,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968021013672,"flow_src_last_pkt_time":1558968021013672,"flow_dst_last_pkt_time":1558968021014081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":824,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":824,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01241{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968010233766,"flow_src_last_pkt_time":1558968010233766,"flow_dst_last_pkt_time":1558968010234445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":28,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":10514,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":11,"total-updates":0,"current-active-flows":4,"total-active-flows":11,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":76,"global_ts_usec":1560869882430319} +01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968021013672,"flow_src_last_pkt_time":1558968021013672,"flow_dst_last_pkt_time":1558968021014081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":824,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":824,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01242{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1558968010233766,"flow_src_last_pkt_time":1558968010233766,"flow_dst_last_pkt_time":1558968010234445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1559042374838965,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":28,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":10514,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":11,"total-updates":0,"current-active-flows":4,"total-active-flows":11,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":76,"global_ts_usec":1560869882430319} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869882430319,"flow_src_last_pkt_time":1560869882430319,"flow_dst_last_pkt_time":1560869882430319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869882430319,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1560869882430319,"flow_dst_last_pkt_time":1560869882430319,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":129,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":129,"pkt_l4_len":75,"thread_ts_usec":1560869882430319,"pkt":"CFsOoYNeAAwpfKTLht1gDk+bAEsRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABERvnYANQBL7vOR3wEgAAEAAAAAAAEFc2lnb2sQdmVydGVpbHRlc3lzdGVtZQNuZXQAAAEAAQAAKRAAAAAAAAAMAAoACKFV23rIz7mH"} -01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869882430319,"flow_src_last_pkt_time":1560869882430319,"flow_dst_last_pkt_time":1560869882430319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869882430319,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sigok.verteiltesysteme.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869882430319,"flow_src_last_pkt_time":1560869882430319,"flow_dst_last_pkt_time":1560869882430319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869882430319,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sigok.verteiltesysteme.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1560869882430319,"flow_dst_last_pkt_time":1560869882447306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":133,"pkt_l4_len":79,"thread_ts_usec":1560869882447306,"pkt":"AAwpfKTLCFsOoYNeht1gBk3UAE8RPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADW+dgBPmiKR34GgAAEAAQAAAAEFc2lnb2sQdmVydGVpbHRlc3lzdGVtZQNuZXQAAAEAAcAMAAEAAQAAADwABIZbTosAACkFrAAAAAAAAA=="} -01123{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869882430319,"flow_src_last_pkt_time":1560869882430319,"flow_dst_last_pkt_time":1560869882447306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":71,"midstream":0,"thread_ts_usec":1560869882447306,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sigok.verteiltesysteme.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"134.91.78.139"}}} +01128{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869882430319,"flow_src_last_pkt_time":1560869882430319,"flow_dst_last_pkt_time":1560869882447306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":71,"midstream":0,"thread_ts_usec":1560869882447306,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sigok.verteiltesysteme.net","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"134.91.78.139"}}} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869886413902,"flow_src_last_pkt_time":1560869886413902,"flow_dst_last_pkt_time":1560869886413902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869886413902,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1560869886413902,"flow_dst_last_pkt_time":1560869886413902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":131,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":131,"pkt_l4_len":77,"thread_ts_usec":1560869886413902,"pkt":"CFsOoYNeAAwpfKTLht1gDXJYAE0RQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABERzk4ANQBN7vX6xwEgAAEAAAAAAAEHc2lnZmFpbBB2ZXJ0ZWlsdGVzeXN0ZW1lA25ldAAAAQABAAApEAAAAAAAAAwACgAIYOOBSPgiBSs="} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869886413902,"flow_src_last_pkt_time":1560869886413902,"flow_dst_last_pkt_time":1560869886413902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869886413902,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sigfail.verteiltesysteme.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869886413902,"flow_src_last_pkt_time":1560869886413902,"flow_dst_last_pkt_time":1560869886413902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869886413902,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sigfail.verteiltesysteme.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1560869886413902,"flow_dst_last_pkt_time":1560869886443499,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":108,"pkt_l4_len":54,"thread_ts_usec":1560869886443499,"pkt":"AAwpfKTLCFsOoYNeht1gB6MtADYRPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXOTgA2KY36x4GCAAEAAAAAAAAHc2lnZmFpbBB2ZXJ0ZWlsdGVzeXN0ZW1lA25ldAAAAQAB"} -01232{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869886413902,"flow_src_last_pkt_time":1560869886413902,"flow_dst_last_pkt_time":1560869886443499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1560869886443499,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sigfail.verteiltesysteme.net","dns": {"num_queries":1,"num_answers":0,"reply_code":2,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01237{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869886413902,"flow_src_last_pkt_time":1560869886413902,"flow_dst_last_pkt_time":1560869886443499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1560869886443499,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sigfail.verteiltesysteme.net","dns": {"num_queries":1,"num_answers":0,"reply_code":2,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869889796469,"flow_src_last_pkt_time":1560869889796469,"flow_dst_last_pkt_time":1560869889796469,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869889796469,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1560869889796469,"flow_dst_last_pkt_time":1560869889796469,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":113,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":113,"pkt_l4_len":59,"thread_ts_usec":1560869889796469,"pkt":"CFsOoYNeAAwpfKTLht1gDB+KADsRQCABBHAfCxawAgwp\/\/58pMsmIAD+AAAAAAAAAAAAAAD+pWgANQA7UegG5AEgAAEAAAAAAAEHZm9ybWVsMQJkZQAAAQABAAApEAAAAAAAAAwACgAIf6ON2rCVwqA="} 01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869889796469,"flow_src_last_pkt_time":1560869889796469,"flow_dst_last_pkt_time":1560869889796469,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869889796469,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"formel1.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -115,9 +115,9 @@ 00697{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":292,"pkt_l4_len":0,"thread_ts_usec":1560869910547607,"pkt":"AAwpfKTLCFsOoYNeCABFAAEW3KUAuUARL3TBGOPuwvcFBl6hQbZluEkBQwQEC7uB5qnEntTXP5SqGQVKLxC7qNE6cyKHnHOaLFc6M7ZGIdPx4zNAweqKWt57GZ3P7usfiMKCCkCDZh6dEzOm+Gt\/T44RZQ2HCrp01hWU1aDVh\/WjEJGxnpeKral6aV7go6SChtYQKB0QtoychkpQnRa2kBkm4JsAg+9qTdiAdw09HhJvHWUpFM9bpDGMWwcnlf8HqY0xW2ob3vDNo7+6BXAfzVC3YuWmPlZvzvcC0xt3s5BgvCEnt+HEn3E0mfpKVVGnoL7U\/ZbK7\/tTSaA\/6wAAKRAAAACAAAAcAAoAGB3EBNxYDpZslD4VVl0I\/BakNFp6chM\/YQ=="} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869913732416,"flow_src_last_pkt_time":1560869913732416,"flow_dst_last_pkt_time":1560869913732416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869913732416,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1560869913732416,"flow_dst_last_pkt_time":1560869913732416,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1560869913732416,"pkt":"CFsOoYNeAAwpfKTLht1gCfvPADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER7IYANQA07tw\/fwEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAAcAAEAACkCAAAAAAAAAA=="} -01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869913732416,"flow_src_last_pkt_time":1560869913732416,"flow_dst_last_pkt_time":1560869913732416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869913732416,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ns2.weberdns.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869913732416,"flow_src_last_pkt_time":1560869913732416,"flow_dst_last_pkt_time":1560869913732416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869913732416,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ns2.weberdns.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1560869913732416,"flow_dst_last_pkt_time":1560869913751307,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":134,"pkt_l4_len":80,"thread_ts_usec":1560869913751307,"pkt":"AAwpfKTLCFsOoYNeht1gDizvAFARPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXshgBQyy0\/f4GAAAEAAQAAAAEDbnMyCHdlYmVyZG5zAmRlAAAcAAHADAAcAAEAAA4QABAgAQRwHwsWsAAAAAAKJgBTAAApBawAAAAAAAA="} -01111{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869913732416,"flow_src_last_pkt_time":1560869913732416,"flow_dst_last_pkt_time":1560869913751307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":72,"midstream":0,"thread_ts_usec":1560869913751307,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ns2.weberdns.de","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}} +01116{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869913732416,"flow_src_last_pkt_time":1560869913732416,"flow_dst_last_pkt_time":1560869913751307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":72,"midstream":0,"thread_ts_usec":1560869913751307,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ns2.weberdns.de","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}} 00819{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869913753259,"flow_src_last_pkt_time":1560869913753259,"flow_dst_last_pkt_time":1560869913753259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869913753259,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1560869913753259,"flow_dst_last_pkt_time":1560869913753259,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1560869913753259,"pkt":"AAwpYjEqAAwpfKTLht1gD07UACgGQCABBHAfCxawAgwp\/\/58pMsgAQRwHwsWsAAAAAAKJgBT3wEANSHNFggAAAAAoAJfUI5TAAACBATEBAIICoRF3zoAAAAAAQMDBw=="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1560869913753259,"flow_dst_last_pkt_time":1560869913753590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1560869913753590,"pkt":"AAwpfKTLAAwpYjEqht1gBqwSACgGQCABBHAfCxawAAAAAAomAFMgAQRwHwsWsAIMKf\/+fKTLADXfAVwH8KghzRYJoBJeYK7OAAACBATEBAIIChJ809KERd86AQMDBw=="} @@ -128,9 +128,9 @@ 01114{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1560869913753259,"flow_src_last_pkt_time":1560869913753808,"flow_dst_last_pkt_time":1560869913754562,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":1732,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":1732,"midstream":0,"thread_ts_usec":1560869913754562,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":46,"rsp_addr":"0.0.0.0"}}} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869916459087,"flow_src_last_pkt_time":1560869916459087,"flow_dst_last_pkt_time":1560869916459087,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869916459087,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1560869916459087,"flow_dst_last_pkt_time":1560869916459087,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1560869916459087,"pkt":"CFsOoYNeAAwpfKTLht1gAxE1ADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER1T4ANQA07tzo3wEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAABAAEAACkCAAAAAAAAAA=="} -01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869916459087,"flow_src_last_pkt_time":1560869916459087,"flow_dst_last_pkt_time":1560869916459087,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869916459087,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ns2.weberdns.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869916459087,"flow_src_last_pkt_time":1560869916459087,"flow_dst_last_pkt_time":1560869916459087,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869916459087,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ns2.weberdns.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1560869916459087,"flow_dst_last_pkt_time":1560869916473264,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":122,"pkt_l4_len":68,"thread_ts_usec":1560869916473264,"pkt":"AAwpfKTLCFsOoYNeht1gCEAKAEQRPCYGRwBHAAAAAAAAAAAAEREgAQRwHwsWsAIMKf\/+fKTLADXVPgBEGsro34GAAAEAAQAAAAEDbnMyCHdlYmVyZG5zAmRlAAABAAHADAABAAEAAA4QAATC9wUOAAApBawAAAAAAAA="} -01111{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869916459087,"flow_src_last_pkt_time":1560869916459087,"flow_dst_last_pkt_time":1560869916473264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1560869916473264,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ns2.weberdns.de","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.5.14"}}} +01116{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869916459087,"flow_src_last_pkt_time":1560869916459087,"flow_dst_last_pkt_time":1560869916473264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1560869916473264,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ns2.weberdns.de","dns": {"num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.5.14"}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1560869916474839,"flow_src_last_pkt_time":1560869916474839,"flow_dst_last_pkt_time":1560869916474839,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869916474839,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1560869916474839,"flow_dst_last_pkt_time":1560869916474839,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1560869916474839,"pkt":"AAwpYjEqAAwpfKTLCABFAAA8zqNAAEAG3BXC9wUGwvcFDphdADXWgnc5AAAAAKACchCQMQAAAgQFtAQCCAox8fNRAAAAAAEDAwc="} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1560869916474839,"flow_dst_last_pkt_time":1560869916475150,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1560869916475150,"pkt":"AAwpfKTLAAwpYjEqCABFAAA8AABAAEAGqrnC9wUOwvcFBgA1mF3frqtz1oJ3OqAScSDR+QAAAgQFtAQCCAqVd0imMfHzUQEDAwc="} @@ -139,17 +139,17 @@ 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1560869916474839,"flow_src_last_pkt_time":1560869916475413,"flow_dst_last_pkt_time":1560869916475150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1560869916475413,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1560869916475413,"flow_dst_last_pkt_time":1560869916475531,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1560869916475531,"pkt":"AAwpfKTLAAwpYjEqCABFAAA0gWxAAEAGKVXC9wUOwvcFBgA1mF3frqt01oJ3cIAQAONwywAAAQEICpV3SKcx8fNS"} 01074{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1560869916474839,"flow_src_last_pkt_time":1560869916475413,"flow_dst_last_pkt_time":1560869916475993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":1732,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":1732,"midstream":0,"thread_ts_usec":1560869916475993,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weberlab.de","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":46,"rsp_addr":"0.0.0.0"}}} -01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869913732416,"flow_src_last_pkt_time":1560869913732416,"flow_dst_last_pkt_time":1560869913751307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":72,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869913732416,"flow_src_last_pkt_time":1560869913732416,"flow_dst_last_pkt_time":1560869913751307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":72,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1560869916474839,"flow_src_last_pkt_time":1560869916477286,"flow_dst_last_pkt_time":1560869916477262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":1732,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":1732,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"194.247.5.14","src_port":39005,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01257{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1560869900222469,"flow_src_last_pkt_time":1560869905222619,"flow_dst_last_pkt_time":1560869905232984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":1424,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":1424,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869916459087,"flow_src_last_pkt_time":1560869916459087,"flow_dst_last_pkt_time":1560869916473264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869916459087,"flow_src_last_pkt_time":1560869916459087,"flow_dst_last_pkt_time":1560869916473264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":54590,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869886413902,"flow_src_last_pkt_time":1560869886413902,"flow_dst_last_pkt_time":1560869886443499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":69,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":69,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":52814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869882430319,"flow_src_last_pkt_time":1560869882430319,"flow_dst_last_pkt_time":1560869882447306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":71,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869882430319,"flow_src_last_pkt_time":1560869882430319,"flow_dst_last_pkt_time":1560869882447306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":71,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869889796469,"flow_src_last_pkt_time":1560869889796469,"flow_dst_last_pkt_time":1560869889815677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":55,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":42344,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869910534637,"flow_src_last_pkt_time":1560869910534637,"flow_dst_last_pkt_time":1560869910547607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":1472,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":1472,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"38": {"risk":"Fragmented DNS Message","severity":"Medium","risk_score": {"total":350,"client":295,"server":55}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1560869895045855,"flow_src_last_pkt_time":1560869895045855,"flow_dst_last_pkt_time":1560869895070558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":94,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":94,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01012{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1560869913753259,"flow_src_last_pkt_time":1560869913756066,"flow_dst_last_pkt_time":1560869913756036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":1732,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":1732,"midstream":0,"thread_ts_usec":1560869916477286,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":66,"packets-processed":59,"total-skipped-flows":0,"total-l4-payload-len":17861,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":21,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":152,"global_ts_usec":1560869916477286} +00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/dns_fragmented.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":66,"packets-processed":59,"total-skipped-flows":0,"total-l4-payload-len":17861,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":21,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":152,"global_ts_usec":1560869916477286} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 66/59 ~~ skipped flows.............: 0 @@ -158,9 +158,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7811644 bytes -~~ total memory freed........: 7811644 bytes -~~ total allocations/frees...: 146660/146660 +~~ total memory allocated....: 11519943 bytes +~~ total memory freed........: 11519943 bytes +~~ total allocations/frees...: 216914/216914 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 325 chars ~~ json string max len.......: 2522 chars diff --git a/test/results/default/dns_invert_query.pcapng.out b/test/results/default/dns_invert_query.pcapng.out index d6479c876..93347ae37 100644 --- a/test/results/default/dns_invert_query.pcapng.out +++ b/test/results/default/dns_invert_query.pcapng.out @@ -1,11 +1,11 @@ -00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744019230637} +00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744019230637} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744019230637,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019230637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744019230637,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019230637,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1618744019230637,"pkt":"AAAAAAAAAAEAVKCBCABFAABAAABAAEARzK6tk2yu9LtfAUf7ADUALMGVd\/wJAAAAAAEAAAAAAzIxNgI1OAMyMDIBNAAAAQABAAAAAAAA"} 01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744019230637,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019230637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744019230637,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"216.58.202.4","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019235548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":20,"thread_ts_usec":1618744019235548,"pkt":"AAAAAAAAAAEAVKCBCABFAAAoAABAADsR0cb0u18BrZNsrgA1R\/sAFEgWd\/yJhAAAAAAAAAAAAAA="} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1618744019230637,"flow_src_last_pkt_time":1618744019230637,"flow_dst_last_pkt_time":1618744019235548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1618744019235548,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1618744019235548} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_invert_query.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1618744019235548} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766783 bytes -~~ total memory freed........: 7766783 bytes -~~ total allocations/frees...: 146372/146372 +~~ total memory allocated....: 11475402 bytes +~~ total memory freed........: 11475402 bytes +~~ total allocations/frees...: 216626/216626 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 545 chars ~~ json string max len.......: 1070 chars diff --git a/test/results/default/dns_long_domainname.pcap.out b/test/results/default/dns_long_domainname.pcap.out index 2e445bed3..a88050213 100644 --- a/test/results/default/dns_long_domainname.pcap.out +++ b/test/results/default/dns_long_domainname.pcap.out @@ -1,12 +1,12 @@ -00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1599686652555538} +00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1599686652555538} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1599686652555538,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1599686652555538,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZsREAAEAR9yLAqAGoCAgICP8fADUARcOpi1QBAAABAAAAAAAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAQ=="} 01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1599686652555538,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_usec":1599686652578187,"pkt":"KDc3AG3IEBMx8Tl2CABFAACR3WoAAHYRlJEICAgIwKgBqAA1\/x8AfQAAi1SBgwABAAAAAQAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAcAsAAYAAQAABcMALAJucwVpY2FubgNvcmcAA25vYwNkbnPATHhn+r4AABwgAAAOEAASdQAAAA4Q"} 01216{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1599686652578187,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","dns": {"num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1599686652578187,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1599686652578187} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1599686652578187} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766835 bytes -~~ total memory freed........: 7766835 bytes -~~ total allocations/frees...: 146374/146374 +~~ total memory allocated....: 11475454 bytes +~~ total memory freed........: 11475454 bytes +~~ total allocations/frees...: 216628/216628 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 580 chars ~~ json string max len.......: 1221 chars diff --git a/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out index 19a21dbaa..0f37c2c40 100644 --- a/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/test/results/default/dnscrypt-v1-and-resolver-pings.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946735705348929} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946735705348929} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946735705348929,"flow_src_last_pkt_time":946735705348929,"flow_dst_last_pkt_time":946735705348929,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946735705348929,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946735705348929,"flow_dst_last_pkt_time":946735705348929,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946735705348929,"pkt":"REREREREZmZmZmZmCABFAAIcCf9AAL0Rd68KAAABlTjkLZX0AbsCCDw8f0cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946735705348929,"flow_src_last_pkt_time":946735705348929,"flow_dst_last_pkt_time":946735705348929,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946735705348929,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -30,7 +30,7 @@ 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":946735705349019,"flow_dst_last_pkt_time":946735705459813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946735705459813,"pkt":"ZmZmZmZmRERERERECABFAADUC58AADQRQFiVOOQtCgAAAQG7iZwAwDxIf0KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="} 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":946735705348987,"flow_dst_last_pkt_time":946735705460564,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946735705460564,"pkt":"ZmZmZmZmRERERERECABFAADUC50AADQRQFqVOOQtCgAAAQG7iqcAwDs5f0aBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="} 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":946735705349002,"flow_dst_last_pkt_time":946735705461257,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_usec":946735705461257,"pkt":"ZmZmZmZmRERERERECABFAADUC54AADQRQFmVOOQtCgAAAQG7gx0AwELEf0WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="} -00655{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":7056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":946739299327173} +00655{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":7056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":946739299327173} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299327173,"flow_src_last_pkt_time":946739299327173,"flow_dst_last_pkt_time":946739299327173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739299327173,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":946739299327173,"flow_dst_last_pkt_time":946739299327173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":946739299327173,"pkt":"REREREREZmZmZmZmCABFAAIcFypAAL0R8NAKAAABPtK0R8c8BB0CCLXvBycBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739299327173,"flow_src_last_pkt_time":946739299327173,"flow_dst_last_pkt_time":946739299327173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946739299327173,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1536,7 +1536,7 @@ 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739614386871,"flow_src_last_pkt_time":946739614386871,"flow_dst_last_pkt_time":946739614411248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":946739861499384,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739660371388,"flow_src_last_pkt_time":946739660371388,"flow_dst_last_pkt_time":946739660417793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":384,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":384,"midstream":0,"thread_ts_usec":946739861499384,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946739861286767,"flow_src_last_pkt_time":946739861286767,"flow_dst_last_pkt_time":946739861499384,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":576,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":946739861499384,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00672{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":608,"packets-processed":488,"total-skipped-flows":0,"total-l4-payload-len":289066,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":245,"total-detection-updates":0,"total-updates":200,"current-active-flows":0,"total-active-flows":245,"total-idle-flows":245,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1539,"global_ts_usec":946739861499384} +00672{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":608,"packets-processed":488,"total-skipped-flows":0,"total-l4-payload-len":289066,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":245,"total-detection-updates":0,"total-updates":200,"current-active-flows":0,"total-active-flows":245,"total-idle-flows":245,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1539,"global_ts_usec":946739861499384} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 608/488 ~~ skipped flows.............: 0 @@ -1545,9 +1545,9 @@ ~~ total active/idle flows...: 245/245 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8305017 bytes -~~ total memory freed........: 8305017 bytes -~~ total allocations/frees...: 149543/149543 +~~ total memory allocated....: 12009732 bytes +~~ total memory freed........: 12009732 bytes +~~ total allocations/frees...: 219797/219797 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 338 chars ~~ json string max len.......: 2508 chars diff --git a/test/results/default/dnscrypt-v2-doh.pcap.out b/test/results/default/dnscrypt-v2-doh.pcap.out index 618363708..dc9075866 100644 --- a/test/results/default/dnscrypt-v2-doh.pcap.out +++ b/test/results/default/dnscrypt-v2-doh.pcap.out @@ -1,5 +1,5 @@ -00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946739298533748} +00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946739298533748} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739298533748,"flow_src_last_pkt_time":946739298533748,"flow_dst_last_pkt_time":946739298533748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739298533748,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00916{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946739298533748,"flow_dst_last_pkt_time":946739298533748,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_usec":946739298533748,"pkt":"REREREREZmZmZmZmCABFAAFD4UdAAL0GsQQKAAABi2PeSNGqAbt5f9qX6vvArlAYAfYrngAAFgMBARYBAAESAwPY4R+kmwrmRkwkOvmL20MZvvmmXV\/QYaA6X4C5e+GFvyA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACA0hS9OEA\/J5twwMByNtSlpgrCPJW9Ooqwd+S9NxEdaCw=="} 01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946739298533748,"flow_src_last_pkt_time":946739298533748,"flow_dst_last_pkt_time":946739298533748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":283,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946739298533748,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"doh-2.seby.io","tls": {"version":"TLSv1.2","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} @@ -306,7 +306,7 @@ 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":946739385216755,"flow_src_last_pkt_time":946739415379583,"flow_dst_last_pkt_time":946739385379086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1008,"flow_dst_tot_l4_payload_len":3691,"midstream":1,"thread_ts_usec":946739888204388,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":946739348961764,"flow_src_last_pkt_time":946739364914261,"flow_dst_last_pkt_time":946739349138384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":962,"flow_dst_tot_l4_payload_len":4498,"midstream":1,"thread_ts_usec":946739888204388,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":946739305016448,"flow_src_last_pkt_time":946739327879370,"flow_dst_last_pkt_time":946739305154704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":288,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":996,"flow_dst_tot_l4_payload_len":4520,"midstream":1,"thread_ts_usec":946739888204388,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":577,"packets-processed":577,"total-skipped-flows":0,"total-l4-payload-len":185420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":36,"total-updates":0,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":309,"global_ts_usec":946739888204388} +00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":577,"source":"cfgs\/default\/pcap\/dnscrypt-v2-doh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":577,"packets-processed":577,"total-skipped-flows":0,"total-l4-payload-len":185420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":36,"total-updates":0,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":309,"global_ts_usec":946739888204388} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 577/577 ~~ skipped flows.............: 0 @@ -315,9 +315,9 @@ ~~ total active/idle flows...: 34/34 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8136725 bytes -~~ total memory freed........: 8136725 bytes -~~ total allocations/frees...: 147507/147507 +~~ total memory allocated....: 11844816 bytes +~~ total memory freed........: 11844816 bytes +~~ total allocations/frees...: 217761/217761 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 545 chars ~~ json string max len.......: 4788 chars diff --git a/test/results/default/dnscrypt-v2.pcap.out b/test/results/default/dnscrypt-v2.pcap.out index b48fd85de..3858c2711 100644 --- a/test/results/default/dnscrypt-v2.pcap.out +++ b/test/results/default/dnscrypt-v2.pcap.out @@ -1,5 +1,5 @@ -00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946760521313462} +00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946760521313462} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946760521313462,"flow_src_last_pkt_time":946760521313462,"flow_dst_last_pkt_time":946760521313462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1088,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1088,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946760521313462,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01994{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946760521313462,"flow_dst_last_pkt_time":946760521313462,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1130,"pkt_l4_len":1096,"thread_ts_usec":946760521313462,"pkt":"AABeAAEK6qmpVXFVCABFAARcbhBAALERNCZ\/AAABfwAAApb6FOkESCe048PqxHAbR9XexWcgBKkL3kOeOPWTE2vKv7G3b+NOW862Bvwb1rheRQpQUH1mr6e8OCu\/fibn8cYTAvsRcNZA8\/lTdO1zXx64xZvGw9jDVohyuD42K8UoR60NkNdqxmDm0qVliFWXizmljTn2lD7CTHoYDdzqjjkHmHHUYe7NejwHo7UzJLYj4uUoMZ5OBbpbxqfekl3zx\/Y\/4Zdyfk6\/03lvMbG9F2W\/akMw4XwHvq2g20\/z7ROpAn9pbnoIPgkT0bVLMUloa6KCu+fPabNALYQCzXjw1dWf3V3HgmcswkwsHKRU4IqCA\/69xcDmnZfgajXBSpNTdHGZU3HrpU7Y+zKoXZQEmeLc30bXeW5a9kf14ALJr7nP37xAYcN4G1BzEhKbbjiDg1A8CDSXiipFooV7yrAiiDZFfq27wAKZRhDngTzeslBwu2i9MUBFZfRNYKakWYXb0zhir5\/O29uGdH+oix0VAlOhQ1zI2Iy777Cmv9swWs1wCBkrJE\/94M4tHF8XTS+kICmBd4\/\/oCbnlEOyxgE0tpl\/nt7We2odNwl1bEewLva0FOnwrRvhVpfaOoXJc9u0J1yVggsuxaSQHVALa0pkLJp+\/KL1C5ympFZjeFktaMfNQOPv5Z3ESCDKvkHzBBiVXNmZyBQJjVm8OJ2VxCOFxQRcEAfIQp56nl1CI6spURDZCsZVp2WuwyXhdsymxVlmsZMvMariZ7h1rbuSEhdHqejvERJd+oAjcCDcUCZYn75DUrNO01fMsDJFP9eRjUktxwy4\/sGlfHHZsXsBQsVS+zNosEiqeQlMFWbk\/CQC\/Iy+m8JNr48sNXZTfXlgESJMZXIJGI3ZhFWluGHRiSLjWQPEgvt0+8gtmgy\/Sb56ZYrX4M7I0sBjqZhkP6vZD63SReYDlzFMUXd7hqpdFD+DjTIU374ZDUKtowMci+TNbopqyz97shtgi2xwOH9hFddB1RkG4yQjJkESvH+dEwGDhiyuqu1jbA0SFR8P5u+YYRQ+42CE\/iBU+jTsoOwxLsuWVcddU3vstbXn6rqxHgTXYGQFfuQtZFvSdKWnmTw8z9w8zndi+uHY\/vuoYXfx78owiiwhQhGyfvFoeyz6rWetZHRBw8zdBPggojOpslDYBovfLfe36dR5k4GtMpkpWYRt2em7VCMyF\/XbQIJEmhp+Ako20cMzqWuCfInK3G1X2JqV5rUe\/hqwd4JCyxrYqNuTc0r7m\/tXkqg9Pt8Nefpg\/ArWfvW+92iTAzlNVO3aq1ykTtQZiIeO81hVzagjUmsfI9nbIftuGPqsEIReSMuv5dWv6UgqYAe4C\/Xx87KHRwvxYrw2wdoQQVmttjR1\/zLAosSHz6yXxjq3yFjyK9Klg3OqBxrG0xMTunO9JWWEVDj8mxnhWJ808mUKd\/9SGzIWV6hSgWaIDqMtm18GCQPG3sT0f23Y6zC5qmo="} 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946760521313462,"flow_dst_last_pkt_time":946760521327075,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_usec":946760521327075,"pkt":"6qmpVXFVLGv1oHfACABFAAEMLuFAADYR8aV\/AAACfwAAARTplvoA+BE2cjZmbnZXajgKUFB9Zq+nvDgrv35wwPFkkokFr1FaigO8H+CEw9XZ9v94iKYdvhofH7\/r0T3rultZ9ZuMYw63KPKpYNyj1i2Vz2KxAnu1y9OcbN8hOMoWFrn1y\/BrWeycOMWNW\/UytoGW9Utt69PEyNka4RcvHRab4iJ\/YjjMR75dgU4mnlrydsdtgAPjXq8XLISW7\/42LpWK7O03ro1N2Q0h\/PZQAkZ8Yr116m7rrS+wia4dqoRvx+npPzTL2uTXQZk6coE4bD7nXs83zCQTiFsawPIKEo\/Czq95ZoX+83ElbKp2Lf2x5F0tvUmYWWas"} @@ -15,7 +15,7 @@ 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946760605285191,"flow_src_last_pkt_time":946760605285191,"flow_dst_last_pkt_time":946760605298451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1088,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1088,"flow_dst_max_l4_payload_len":368,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":368,"midstream":0,"thread_ts_usec":946760605298451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946760521313462,"flow_src_last_pkt_time":946760521313462,"flow_dst_last_pkt_time":946760521327075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1088,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1088,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":946760605298451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946760605202862,"flow_src_last_pkt_time":946760605202862,"flow_dst_last_pkt_time":946760605216429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1088,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1088,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":1088,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":946760605298451,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":4048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":946760605298451} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt-v2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":4048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":946760605298451} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7771223 bytes -~~ total memory freed........: 7771223 bytes -~~ total allocations/frees...: 146399/146399 +~~ total memory allocated....: 11479810 bytes +~~ total memory freed........: 11479810 bytes +~~ total allocations/frees...: 216653/216653 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 572 chars ~~ json string max len.......: 1999 chars diff --git a/test/results/default/dnscrypt_skype_false_positive.pcapng.out b/test/results/default/dnscrypt_skype_false_positive.pcapng.out index 851824491..472d7c126 100644 --- a/test/results/default/dnscrypt_skype_false_positive.pcapng.out +++ b/test/results/default/dnscrypt_skype_false_positive.pcapng.out @@ -1,16 +1,16 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1625015363846677} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1625015363846677} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625015363846677,"flow_src_last_pkt_time":1625015363846677,"flow_dst_last_pkt_time":1625015363846677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625015363846677,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1625015363846677,"flow_dst_last_pkt_time":1625015363846677,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":1625015363846677,"pkt":"eJS0JASgYDjgxTWgCABFcAIcMeUAAKoRYLfAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD3lhBxF+xRcXm4OudBLKFF3lXNzJRT1n1mCwEwKyGhzNUC6UkZad2AWsmuU16fgPBH\/sceAjxvXbeJaMQ9EbSG+EryR20f36x0OJcNkQYlfmM\/kN4T86L0ASqKQ0TZzuEESSiQX32uxygOna3C7y8YkubD4iZwEIg4QPEIQOdpWbEXtV\/o83jys6juVpKCDsvd9F8BJn0A7cjfMFRaUEMtODCG9KXBGEFHSZ18dK+ql0\/Pni3Dqd6Y7WU9Mlsj6IJPn77nWwLoqZYdJM9PltVUKA0BCDDZWLsJkP+knwwM996eWvPVPxNZ1KKAU+KOVJ04oTxBObGh5XZz6JStYBY6Gu1I+A7lBm6RD\/WCsjY01E5zHZUyzq\/sRzA5mq5v96ugcirzkq3k0\/Yi8TtQ9Ei2s6Y2t9FI5mQA6UNGXKigRJGNMlurE7oVNz9ZGKjrmgUROTHW19Dk8giJLA8E8v8V\/Kx+sNH6hBiMP0Nh9x\/ejK++VYPU3QRVutcD8PafmUWXqxmeXX5tAdjXoA\/bR66F4Yy0keXtHiEolfEIPbbw5Dss1Er21DaArDQUxYztwJdUkbudQ3HagiiDaY7lCwmWsiFTSiz+tzK3sS0+qynhYwsO0Zb6cGdfI="} 00860{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1625015363846677,"flow_dst_last_pkt_time":1625015363881095,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_usec":1625015363881095,"pkt":"YDjgxTWgeJS0JASgCABFAAEMb2FAADQRWrvUL+SIwKgCZAG7twoA+ISncjZmbnZXajh5YQcRfsUXF5uDrnRgM\/W0etYbRlCvzAlkKKyMUQLv0ljsGjvVtZfe\/2tl\/VnemuvYfUBk\/FlJZG2T9aqA3YLF1UTRltK97uI2ksWKJgX3BniRDpntrFamW1JEmb\/3xLyET8LVaXWh0WE97YtyY5BJWfj3a3nIABAcBULeLr+9m6kab1t2+yUw8O2x9jiPjOG9E0ybqrKAE6AYHqZ5TwJfUOjYj\/lXF7jHkO1u0hdfTacv4XB0pSOO1yv7woMURQKedSBCZ47xfNaXXx66LiGW4zFY9AWDuJNy+t3jJfjPP44rub81jFTM"} 00962{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1625015363846677,"flow_src_last_pkt_time":1625015363846677,"flow_dst_last_pkt_time":1625015363881095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":1625015363881095,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00652{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":752,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1625020200938475} +00652{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":752,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1625020200938475} 01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1625020200938475,"flow_dst_last_pkt_time":1625015363881095,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":1625020200938475,"pkt":"eJS0JASgYDjgxTWgCABFcAIcvZMAAIwR8wjAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD0vHrlH\/yRcXvmd7t8+K4M4sVr0Poj8Wk\/utpL\/xCX\/xF62azc12+nNI8QCtVvppS8TlqEq0v0z1ZL6VhUUGpPUFklJ6FIusCvwq2w1dSM6BMePG+Qo4lcOLbOLpFDdDpN7sGyBBByiu62SvizwpJiQ6P3\/ZSXKjnk+4TGpUh1Mb5c9mzEfAV3qGGdzKjeCok93Nwnvp36CiiO\/GOkE9r\/ZYsdRaCmC23bIy9acHKaDgHPfJpiFe0JUanQLCN9xYimCEsH8Zta9Ub1Y03R23fJnK8tpwkYIEBK7LZJ1F9iJoeKxBWFnz1ecGcBI1RX2es6McfzJoxkjQOuHEH6AiYPJoSwpKAve4ipq0HR\/HOtcm2eSvFhLdYG1E+T0mXDh9vYgTW5nrseVIT7nqhIq7lD3WYEFzszkgcd3k9UDRv+myTHfgeMeOMZENFmbm5E8g9X\/DmfsUhaGuiUNClJJMVj7goJjiEWrKvyoRVfrCC4PbNLMbvqDrlvRzXORnY\/CFgO7+WLg3KO2ey7CthW2BKxwYRE712SYEdOkDCt96TjkrXI1srSS+8m95DCo5Kt+A80OCrLXxvwtGpEmk4P+Hhi7NqGvVAPLHH8VQvEse4iqUK05\/zGpQspc="} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1625020200938475,"flow_dst_last_pkt_time":1625020200970253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1625020200970253,"pkt":"YDjgxTWgeJS0JASgCABFAACMI\/pAADQRpqLUL+SIwKgCZAG7twoAeAlVcjZmbnZXajhLx65R\/8kXF75ne7erN1aKqAFT9tSdFNk+\/FY4BWykKt5VBHfuRsQIXEdAWbATnDkescRMFqApy\/x1xRRyQOqpZlSFj2MoC\/ojSMDHYB0u+03LWvVBM3MXLjO1DiMtdOl\/yGx2VrztXQ=="} 01004{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1625015363846677,"flow_src_last_pkt_time":1625020200938475,"flow_dst_last_pkt_time":1625020200970253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":1024,"flow_dst_tot_l4_payload_len":352,"midstream":0,"thread_ts_usec":1625020200970253,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1625020500944370,"flow_dst_last_pkt_time":1625020200970253,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_usec":1625020500944370,"pkt":"eJS0JASgYDjgxTWgCABFcAIc0FIAALcRtUnAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD1a7lthGyhcXsTywP0kSgKzMOKxLpaXyj+9OZAFS8DY5Bm4L6EvzNq4lEGOPhLCjDamIIC0\/kBi+logo8aCs8Ykn1kcDSMHr5ohPkH5ojDFTDgfmwbydb9VkrPfnTo30VRoMTeB8FjhWHQEihOvRCilI3eOZjQ28Yfe1\/VN8xjLtW7ba4LSN2xCht1I09+EoUxpQ96D64sakFbj1gbWIfFC6mjxNpJkUYgFtEUrHrbQo6Yb4wDxxrHKxSGf5tYgGK8+4GML8fzlbAPa7o6RV3JY5yXNFJ3MnYVZDLyK7vZpuX+W0QdpvlOoXdQgu5V\/1vYCuIbYyjD1E\/aqH6T1VVYtREkaXUDd2\/HQM\/9A9d0RFNq36PferQRHvpzqWhRknav7p0NkGaOvxNr4arkI\/fXVJ5MfbPAbPxakCs4BQU\/13cQP6ZDmndNX77Vh4tfvSXHISUMO3wWRgJZ5OO3uCUlzoA70aywvlK9wHzLDRpXNBGmyqLOHKhuYIVjBo28jLGSH+k4Q\/m9sLX96Cn4Sy2hg4OVoKY8hV\/wDfOcc9a0g43ssuZX7WTWVwK498ezLekMjk8VjiXXgnBFdZzcotEoa4LInFCCX+jv6P33my\/Qi3ujnaRbTYXaA="} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1625015363846677,"flow_src_last_pkt_time":1625020500944370,"flow_dst_last_pkt_time":1625020500975955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":512,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":240,"flow_src_tot_l4_payload_len":1536,"flow_dst_tot_l4_payload_len":592,"midstream":0,"thread_ts_usec":1625020500975955,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNScrypt","proto_id":"208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00656{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":2128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1625020500975955} +00656{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":2128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1625020500975955} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766927 bytes -~~ total memory freed........: 7766927 bytes -~~ total allocations/frees...: 146377/146377 +~~ total memory allocated....: 11475546 bytes +~~ total memory freed........: 11475546 bytes +~~ total allocations/frees...: 216631/216631 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 592 chars ~~ json string max len.......: 1235 chars diff --git a/test/results/default/doh.pcapng.out b/test/results/default/doh.pcapng.out index 7f5adcb30..4f9d90efd 100644 --- a/test/results/default/doh.pcapng.out +++ b/test/results/default/doh.pcapng.out @@ -1,16 +1,16 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623220847881632} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623220847881632} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847881632,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623220847881632,"pkt":"pJGxgjQ53KYyW3JVCABFAAA8GoVAAEAGW5DAqAH9AQEBAYycAbvJgv8BAAAAAKAC+vDR+gAAAgQFtAQCCAq18KmgAAAAAAEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623220847893990,"pkt":"3KYyW3JVpJGxgjQ5CABFAAA0AABAADgGfh0BAQEBwKgB\/QG7jJzQgMYoyYL\/AoAS\/\/+80AAAAgQFtAEBBAIBAwMK"} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1623220847894289,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623220847894289,"pkt":"pJGxgjQ53KYyW3JVCABFAAAoGoZAAEAGW6PAqAH9AQEBAYycAbvJgv8C0IDGKVAQAfb7rwAAAAAAAAAA"} 00875{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":315,"pkt_l4_len":281,"thread_ts_usec":1623220847903684,"pkt":"pJGxgjQ53KYyW3JVCABFAAEtGodAAEAGWp3AqAH9AQEBAYycAbvJgv8C0IDGKVAYAfbHEwAAFgMBAQABAAD8AwPoLOpgwE25psercF8dtgS9urXcGuIXWON7hv8MEOxxwCBmK04kA9gzmAQCdEKOzz6ZUSvZIzIKAJ4xNU24mlRHDQAmzKjMqcAvwDDAK8AswBPACcAUwAoAnACdAC8ANcASAAoTAxMBEwIBAACNAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIBKfRS3py5Rs1YQ6EAtEgG+yypeHCfHggy9eoe\/nh6Bu"} -01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847903684,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"7c1e207beb00684bbbe144f1b0abe1d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01381{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847903684,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"7c1e207beb00684bbbe144f1b0abe1d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847916856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623220847916856,"pkt":"3KYyW3JVpJGxgjQ5CABFAAAoTTlAADgGMPABAQEBwKgB\/QG7jJzQgMYpyYMAB1AQAEL8XgAAAAAAAAAA"} -01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847919967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623220847919967,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"7c1e207beb00684bbbe144f1b0abe1d5","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -02275{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220894239868,"flow_dst_last_pkt_time":1623220878891197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":606,"flow_dst_tot_l4_payload_len":3569,"midstream":0,"thread_ts_usec":1623220894239868,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":2495735.5,"max":15359810,"stddev":5583085.5,"var":31170844688384.0,"ent":2.4,"data": [12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810]},"pktlen": {"min":46,"avg":174.8,"max":1500,"stddev":350.9,"var":123099.2,"ent":3.6,"data": [60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0],"entropies": [4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":61,"flow_dst_packets_processed":59,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220970655801,"flow_dst_last_pkt_time":1623220970669537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1881,"flow_dst_tot_l4_payload_len":5821,"midstream":0,"thread_ts_usec":1623220970669537,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":120,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":7702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1623220970669537} +01432{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847919967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623220847919967,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"7c1e207beb00684bbbe144f1b0abe1d5","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +02385{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220894239868,"flow_dst_last_pkt_time":1623220878891197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":606,"flow_dst_tot_l4_payload_len":3569,"midstream":0,"thread_ts_usec":1623220894239868,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":2495735.5,"max":15359810,"stddev":5583085.5,"var":31170844688384.0,"ent":2.4,"data": [12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810]},"pktlen": {"min":46,"avg":174.8,"max":1500,"stddev":350.9,"var":123099.2,"ent":3.6,"data": [60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0],"entropies": [4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01193{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":61,"flow_dst_packets_processed":59,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220970655801,"flow_dst_last_pkt_time":1623220970669537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1881,"flow_dst_tot_l4_payload_len":5821,"midstream":0,"thread_ts_usec":1623220970669537,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":120,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":7702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1623220970669537} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 120/120 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7780163 bytes -~~ total memory freed........: 7780163 bytes -~~ total allocations/frees...: 146497/146497 +~~ total memory allocated....: 11488782 bytes +~~ total memory freed........: 11488782 bytes +~~ total allocations/frees...: 216751/216751 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 535 chars -~~ json string max len.......: 2280 chars -~~ json string avg len.......: 1342 chars +~~ json string max len.......: 2390 chars +~~ json string avg len.......: 1396 chars diff --git a/test/results/default/doq.pcapng.out b/test/results/default/doq.pcapng.out index 67bbd1aaa..ca7f9a00c 100644 --- a/test/results/default/doq.pcapng.out +++ b/test/results/default/doq.pcapng.out @@ -1,8 +1,8 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1606056093199591} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1606056093199591} 00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1606056093199591,"flow_src_last_pkt_time":1606056093199591,"flow_dst_last_pkt_time":1606056093199591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1606056093199591,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02211{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1606056093199591,"flow_dst_last_pkt_time":1606056093199591,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1606056093199591,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEATYBOvN\/wAAIAhwsYltsps+WghOL+O5iCYx+QBEtgiJINLAj38+CB9CqAWNGDJ\/Ht0GdZPYPfPv0gkn+G7KypaOwXpeaLqP2vrcKno6\/xJHt9kjbL2TY4b\/m9R6nztt0oBs85JJhS7Tj\/KxdnJUR5x1KoMSoiK8Up0wKQjS6CJwz+096+5cglByj68BpzrUHMPeI6GM8BR\/Wl2qjunMufbT3ODI125lDdGTaTqNLCMEIjagI12Vrkh1+4q55QnPNmDSc9uNkJ0l5bhH58Gr3GA8HfFg35RCENcGDFpWMYVXiM4ZLQRFPmW9PqqUvAkPFdK1\/e6zKceMIWl6qFwaRZM+da6dEGVcJjr7Z+tAEETRp6uqCb9nnpAvg2AYmEND50nvVEnJ0vebAvnDE4IogXJzua2gFwFm7VLYd1uL79o4iJgu\/rwI3t1+Scpc6iAB46mZWFz3fE1WDQxwSMiil9o8+U4JW1BkjaBlJjEwDLig1LbtT\/HP47m8JDRgq00wdO+B2e1saSoPUtzWH02fRpSsRwHLssxWK\/GeM8n4na9wb14wVoOdjdGJ+KEHpdBBYTSNse3PnwWrKaaP0mh7odZYLBlgeNvTBLAUy7TPWKcxmhtN6bsS\/Yjh2568CzWxz8tWmprG6YblEP1vhUU2WDKbQBSh9+e7EH2JaN6LGpgUM6\/yeDE+g\/QCDKFbnXJHaC3VNe2EpDTrUSTzTJX2ScnDPI4dI01EvvWXSfxAJzcCmkKAUz3B\/F3DS8bS2lYESb9nSox1FCQUX1S8MhWCL4jSZ4wobqLA6VEQ7puZt\/yd5mc0snO7+JferPZwSQV1jN5hdBcuNb6kj\/JG4pzUoB7QTPQcjcnBLCPQDWDzw3nQ+Ebywtgt9T0aEFqJVOTfT95bWTz6VinV\/brwfnTHpSbkUgeBvFyaDcSzRz5tFZ0q4\/gUbfajms9qKrPFsufIU5NQtKyl5gUxP+4xC0KsglyEqg4DVy8vzlOpHC9Zo8AzpD2Cd9yZUaVpS3jLxre91YlfpTBViFMhAAL1N+wl47YhA2pgyB2GGbWg1O6K4C74tiA9XM\/lrGlbtuiyqqRmlQ+OfACiiCT0\/fwnridhEP9NjW3A9LNkp5ph6u81Z1emHsIGmFkXyP7nojGy2XKkTHlNA+eKBGol\/TUgCzHu7qPwHu5vMLlk5NNq3Od8+eHViQU1LY+OXeYFHuY2S+VSf848yXn0P1WZ\/Hf4jpB8WMcPpj0cXHyY46IsajmZ4uRB40h68eDc26RMlrZAfwBIGjks8KSh5b2f1BdJ6LJ4taZkNl8x+qPVYwRdc+lJsRkcGfu+BxMBIzhOPr2wg8uauRqGpIMGiSEXt5eLhu3VHEqTuhLQrFWRwEWEm+WzY4itmVZYx3CM7zWu6j3KhN5W5HEWKe61AmbunEuzKrb9KKf1hG4Uz72IU4aUy8+qV8fLyqPe7E\/Hm\/QiosHbq0whMHw6xHc0E9dDFb7\/w2jqW\/bhRCLrrZSTu8KDShAe9bkemwaFOWgs8zleXJrozrnvcOKNBpToZAop8FcA1V6SZ+05avECZK7qQ04Uc8xlehoG+3W27ZNgeNIiTH8MtU0A5kV6veOOCPQW7GGwaBK9iuORoisN7YKGMwzzN0ZIQ\/IailJpjg=="} -01427{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1606056093199591,"flow_src_last_pkt_time":1606056093199591,"flow_dst_last_pkt_time":1606056093199591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1606056093199591,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","quic": {"tls": {"version":"TLSv1.3","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"doq-i00","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}} +01453{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1606056093199591,"flow_src_last_pkt_time":1606056093199591,"flow_dst_last_pkt_time":1606056093199591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1606056093199591,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","quic": {"quic_version":"Draft-32","tls": {"version":"TLSv1.3","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"doq-i00","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1606056093199591,"flow_dst_last_pkt_time":1606056093201842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1606056093201842,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gTYBOvN\/wAAIAhOL+O5iCYx+Qi72eOch5MP7QBAnCxpB\/ZzHhatBCMXwxT8fSrL9Wdt\/ZFOXhnvUbk6DdAuuzdAXxro6AjNqIcuTb2Re8BepV9SRKgSpP5M7LrQffcZ9shmrS20KZKb\/ztrJeGi\/T\/Srzlr49oBUZ5XMUOjcM7DeI6CgL+ZkO5L8gOV4+8ueGIUub0wiW6+Jof5086V6cR2hj9bBsTK6z5+hag0bw2HYNhsBUUI567S6uj\/AAAgCE4v47mIJjH5CLvZ45yHkw\/tRAEwp7WGjD8jV9zAfZPHhqQ1G3rU1wu59XApa\/uBCBj\/P3rsDGNWqlRQj5q2CQMAtwoaVW5R4D\/leJG\/QScVoSAiDmPCSxR8YrHk5Y7hGxh+CuYKI4vAFyF29Gcm7XH58xSv+Y0je37cyhm71z7xP4G24oT+neWXAiCImQb8UPinjOVju\/1ZXWChdKepJDE+EqJTk8BoOpF9LvyXj5n733Xph2u5IJ\/p\/3foWmTC0fAjiMQ12dhZ6KIFgHDWW0UYsYoYGxC75AmqEL4W0ZygLN4Jp+zSt6jJsE6uSWjtu9Mwx8zRmpzIUbk2rS\/lIYNH+L8sZitAI\/mAouO1FzaXzIPuVV15eTfM\/D4HfHtnBqU5JIgEq30fGDU8vQEvr9VcBwpWT5O0sL5kG6g3W7z970vBsvCXzENm+QLPGXr10ns2jeQncf3V0s9pvLk2K4TGX8jm5gNEpFEQC6sid28q4Y5Bk2mCdnHt7MFfqeIQtVf6U3jEBxXtqNwnbDuTXuCGC9PAu0Ie4j3YiB88cN+EoNanC8QpOjA3mDQP6RbMKMlxgNT1GCSYoSSr70l\/p2Vp0WohDZeycXBsQ9txnWshMbiCp8imTkzhOWSmVNhhzqZOyuIxBEnqW6hAlYSRGGlQym+AFEpgzsjqJLjzqOLeESR5tBel8x5HwEzLLqVaja5Udf5uBnGJUVNub2RGOPiMMnZCl+iL2LRMiCHUoBDmvimDtRLtAOt2SNvH93OMwXA\/IyIrY+XO56T3mS1YSU9Ydwn6d5ywddheaImd1U\/vJ57ZtUSbUvf+DXuTp09bwzrY9tw5NZDPH\/iljKwqemZHmirnsyyz4OUNANR+9\/kuYPx2d\/ZS7953Z8P\/sqzOE3LjEyoUSRCXVL4XoEkGM23PQQcDudByAaZ+9LTgkgxPTKnHgpxcDQowxdEx+BnESQ9DwSJQM7+xTAOPC9sMDrzuSInM7z5AK+Pqrk4B2Vwy+rXo798A5XjeZBrTkCt8XwQLpXhtqaRjTnFTN9kHqTE4fN2bwWBueF8sdBSZ3aK2MK9uuf3XfveW2fg\/1tyeU\/EXgKHtRL55w3iVM91ZMotsrGhoYdGkE7MCdncoh54jfxD5eJPuIFA4F254QXkd2ttFid3O1xFmVbRo9jbjk7d2+6yRzPkKLtyJyptApw6QxkBCFBxcnQA+oUEGOkjoCUtqGfeqRlTptqqqHIGzgHL7YafvSlJW897JYtCkXn4zJMDfapn6QTBVXFY5QqgjOXt2wlG+PDpn\/mQw9NRGoj69MbbDe3NA2MYvJlkgzXKIONO\/pMfrd3koD58ywf54r7NUNGTOOHuRxW0PSRKrZNlpqXdbaK\/wnr76JF4R3R\/+EOYL7g=="} 01187{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1606056093199591,"flow_dst_last_pkt_time":1606056093201890,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":541,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":541,"pkt_l4_len":487,"thread_ts_usec":1606056093201890,"pkt":"AAAAAAAAAAAAAAAAht1gJPSDAecRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gHnAfrr\/wAAIAhOL+O5iCYx+Qi72eOch5MP7UD5fEmqw9QcMOSnUe6MDD2OecgnWjkNXdwC4dZSYxJC82j7Fa0gkq+nfYTDU9ChVEdtH45\/vQtNEQLo8\/fwDbneJcHDHavc8EGoV3PxsxkBJhE9Q9u9yCLvfi5OphDBHPeBIHPaxUcLs3S\/L\/IXKVQgfNTTVjkzoLHy1OXpC+\/dTEnbC6NPh6W28rc+x7GLNNHF1FfqMGoKlGMxFCg2HP4dP34NipPXt9vl2rd70ScFdoNK8lXc8OrIbXPCPHixiwns3JeTqs80ZysmuTQ2x3K2Z0oX8Qiv0kbMUxxeHDtUjo8dxO3WaXzqWjfDA1saoqoMHVxUCwkVWx\/nTk4v47mIJjH5cyeRXhMbCk5EqVB08GBVQ7VrDqROkZ4dznjO7Fxcyd8w3IE3VD3OcSvdJI5P\/k+2JVbsoJApIjU\/SqrAeDrs9BCVoOX+elSyfnlFmV+9qRiAxndyJco\/u++psEVtXikdkQ7Ddxgmc8mefhAnBHbf+ng4whbMJA82KtXAE9ITJwKPkOdTXiPwFa2uYw57B9+WqNDFf9ReX9HTME9BVtddLPrQ8G9aG6w3Krk5ZmHecrC9Btpgbpsrq+OkBS2cbpJHIvCTkg=="} 00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1606056093202274,"flow_dst_last_pkt_time":1606056093201890,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":279,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":279,"pkt_l4_len":225,"thread_ts_usec":1606056093202274,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiAOERQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEADhAPTg\/wAAIAi72eOch5MP7QhOL+O5iCYx+UBDpLbz6hVr3VQhQggh8jeSy4LrSByAKcA4h02NrSHlYfiZeIBfX4cUD4rj0whBaxqv8GZptq0Yh86VFZ7cihClGjSAiHi72eOch5MP7eD67j31tF9Ewc7\/cDWWW5sbKgeZ8Ni53gCKJC4UiBzoddfNqguK6L47A8v5MfBqkmPLLd375Ln\/BizbinX7j2Wb\/eMxuHFSq+9VI36g5fjgo4+MYm50K5k9Iro9bud9p1Ez1Q+5mh70eHrGquqOwXiz\/D6V"} @@ -16,7 +16,7 @@ 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1606056094761968,"flow_dst_last_pkt_time":1606056093260178,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"thread_ts_usec":1606056094761968,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQRDyQAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBDTi\/juYgmMflRQ+5iHRbV0PH6VAD4ThaqZ1CAONxwoz6WhjCyy3b7S1XIRkGal+nrRIME3nHuB4Ws4VB9TKvtbvdiy1ZVtUUE7G\/BOwkfFiH9M8cl"} 01044{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1606056093260178,"flow_src_last_pkt_time":1606056096363710,"flow_dst_last_pkt_time":1606056093260178,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":846,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1606056096363710,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01203{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":11,"flow_first_seen":1606056093199591,"flow_src_last_pkt_time":1606056093202473,"flow_dst_last_pkt_time":1606056096363686,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1504,"flow_dst_tot_l4_payload_len":2416,"midstream":0,"thread_ts_usec":1606056096363710,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":4766,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1606056096363710} +00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/doq.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":4766,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1606056096363710} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7779615 bytes -~~ total memory freed........: 7779615 bytes -~~ total allocations/frees...: 146423/146423 +~~ total memory allocated....: 11488218 bytes +~~ total memory freed........: 11488218 bytes +~~ total allocations/frees...: 216677/216677 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 566 chars ~~ json string max len.......: 2220 chars diff --git a/test/results/default/doq_adguard.pcapng.out b/test/results/default/doq_adguard.pcapng.out index 85e015e0a..7de1bea42 100644 --- a/test/results/default/doq_adguard.pcapng.out +++ b/test/results/default/doq_adguard.pcapng.out @@ -1,15 +1,15 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1608278425043144} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1608278425043144} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278425043144,"flow_dst_last_pkt_time":1608278425043144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1608278425043144,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02191{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1608278425043144,"flow_dst_last_pkt_time":1608278425043144,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1608278425043144,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYdAAEARno7AqAypXowODqBuAxAE2E0Zwf8AAB0S1uV91ARNGaKcpPbuz4JRKRijEV3+fOp1xbl+o2VPCxw5C7F1AESjjIExuU1VGYMi3qR5FgZXmV5jW\/GS3bvPGESTCXlAOuaNPS4Z9rqb5GmZjOPu5h+dEeHCBQsH0bRQhppRcffIYyvfvxi5LNyq540e1YcNLgxwEYv9mwEEutsUSgLF8qQi1vATlbVLiQwhaXITCRD653klYnm9BoO04fUR8kaaf1qYfex026282Q5EvztDSyWuA6xW\/3D3I27VAQo2GbCoqYf0QIrZOfacQartZRA3xvw5C0Iz0S7jBboiOrSPOxbet7b4p4CBzdW+POAUSVXQZZS3xQkY5PXEeYGco5aUsp3O0lAaLfFFVll\/srPVtdJxYLG5mlTKam3NxBl9gHT9gkoJzUoEmtdaRDaxhP5yiedQs+JgoW4F1fDqHPMPnBtk1UezjBjE\/COENcHIEQq2HIfbQ9Lv+kS5CfcaSKs2mUQTuvs7\/voDRF2y7TFb+uqyMeAqq3doSDMB2jHa\/EojP\/f+RrMNy\/X7kDEEcbw43eMXD1tzHjBj\/ncaLMsfP3IPyZyF35MF8e+053ploy3mGcl5fW5eZxUFM6FDjn\/9\/9yB7HR5pdMyplGzzI1OpdByhfvbVWjVUlFgtm4LcbCFS9YXIuJWVQaT92LVmTrycmBpec\/NHPi6MerrZrFPH1cWAKJm6C\/35hd09a7vURbcj2Nwu+wvQEGek3M9LNpTgKAxfeLa6jR7yY8FRi9Fslx+40aTEwGgLY10PqSAVV873bY1HrjXgee+hInU5OzwDGisUkG1vjenUqCdXtWODZ9xJFrjxkNSBVsfWyX84bL4AH0cHSMH3bXpv8DZGk6dvuB1thnl5dRd79ArhxOkLRjIKU\/spE2xAqe+laOg7FDuovO8+vb44+p0a1tCIq75DbW5Z\/3eQHDpNFbf\/ZruNBwv0I6n5NxcgHEUQaffXIlX36W8Z8AD3YDD85hA4jZxmySge94o03q\/ZMGs+bJTnaK8KlLmSNMXuFjJ7F4SdWbAr+gE3KQqFqqYY9ZfiG2QbB9\/YTG+8SQBafYwX6k2J2OEpMyUilzmDTz3a5eH47iPLgq2nb2F+k0c4RMx6bB8xhJbOXMxEbB5OktMbojYZ5\/D7JZ6FArciEMMkyFIwplniDv\/bjNCRjIZzGWltVCRAQBZZf0ds2kXzLEOIGMUpx2oFRtwDgwesKJgy9be1woTT3HVmrfv8vUkkFOD253UN9bBIfIU4elVEm8DEZ93RQ8PGCnqpWPqKVclryY+VrRX6bBv\/eydiZowniNJyXmSTkGKfOGX30rdpMaFIjV9VAFWlq4kC1zIbyb3K46JC+I+XxrKEmMLqMbO6CesmtgLUC8vVTv7LWODOF1NIRzdEgb8Qn\/9qSY3t6c\/zKgfF8YyVeS6jf5EL3te6RDnB0wZsaBklSDaR66VSY+qB2O5PnaefdIKM\/htIG2nKmWB0tq+\/dxdUHWEvheHhEbmX4TUB3cfXIIesE+zpUW6KXqwY94WHHPEMe6voxs49AJ\/2IZiFohwbn6CjrWd2PilA\/\/N7kVyw58ilFGWokoGNIRgJ61vUDU8rgEdxFK12mR1bebXKhOpf+Sf7ekcBE2R4BLb6ThrQxQ="} -01311{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278425043144,"flow_dst_last_pkt_time":1608278425043144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1608278425043144,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.adguard.com","quic": {"tls": {"version":"TLSv1.3","ja3":"1e022f87823477abd6a79c31d70062d7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"doq-i00","tls_supported_versions":"TLSv1.3"}}}} +01337{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278425043144,"flow_dst_last_pkt_time":1608278425043144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1608278425043144,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.adguard.com","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"1e022f87823477abd6a79c31d70062d7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"doq-i00","tls_supported_versions":"TLSv1.3"}}}} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1608278425043144,"flow_dst_last_pkt_time":1608278425079621,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1608278425079621,"pkt":"mt9Y+uvcCL6sCxduCABFAACoAbMAAD8RP6dejA4OwKgMqQMQoG4AlJ+l8P8AAB0RXf586nXFuX6jZU8LHDkLsXUEXOoexyg1M1\/+GZvbsGeGqJJILJUnaeRPlfaewSkJ0QM1kILJB9RkVGFQIKTOYfD\/amFvF5G2sUWGCAnPMQAxGtra+t44CL4uNVFuP1UAIYDjP5flgPs8Cfp53+s66ugMjRy2XoqR7aApyqmdoc3EHdt+2Cg="} 02190{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1608278425084825,"flow_dst_last_pkt_time":1608278425079621,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1608278425084825,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYtAAEARnorAqAypXowODqBuAxAE2FXxz\/8AAB0EXOoexxFd\/nzqdcW5fqNlTwscOQuxdUBgKDUzX\/4Zm9uwZ4aokkgslSdp5E+V9p7BKQnRAzWQgskH1GRUYVAgpM5h8P9qYW8XkbaxRYYICc8xADEa2tr63jgIvi41UW4\/VQAhgOM\/l+WA+zwJ+nnf6zrq6AyNHLZeRFASnCr8obwp9Ty5sR7kprQnC0Sv2ZcsxYzIMAthEKqYU0zMuGSEznU2JvTrq\/bykaeb5dqdGxdiszDYKDU6Jn7sPAcjUZ2gh8+BYZGe9phFiloXFkZRqkF4syIAEkOpcy2MK\/fkeUIOyP6wlwkzaY3fbmuxHrqRyLu45SBR1VMQFyHi28JYz7QmMQfDMqnuI0IWIuFKHwG0T\/v0jhF19jPBzG3JSCrPoiaSUV9rQI1kZsCKoMrGjumM68QAfolXONsAd2IYudReWz3mQrB3zOSDXc7+iPJJwc0+KS52obxIkJ0I8SZ7CLjp+FpGH++2YepZGSZYPB5rc\/4HU1bQ4ocmPERQ5l+FpQxpj4cq2AJTX05VWg9LfjDFrHE6D6oMOTTfheRhy7X3SqhzfVhy\/w3RXnv00qwNGkVr8QIR+wCM95sfw88fV3+NqmU3vnLU2z+qvvT2HlvRQm9ykjYa60lgB9sFJ5Ng9ge\/cpn16AR4r\/NoOup4fo8EeFB8cFrAVg+3WG3mgWxUdvK6oND07fFN48QrriL1y7XuIB3Fa65jgY5B4zE7vkkBXKUfGormP9hug8dHVr44WkbHCTqfFJuTHKIf9gtfJ9VQps1jhQjM952WGdM\/mFbut40pSDwrgQgdt0stO2C4PvDiwgzZaEybJzcZBHCUgM8reKIoRyLrSsWciN2b3tsFQXXaEeEGdt8Bc\/5zyh11uwNSzGQ\/Fl2k7QrJleMEWlDCFHuNFZdb7JDVOvqjlXAHTTHX0xSx0KU4aqrg\/kZVORXUFVlv\/xu8mW\/pGVbnSUQNAvLvkvHNdnu1ZPxtBzMoqU+96Xp\/DxrznNbYv32YFRLbK8kA8U4FaZhJ3oS+5KFBikdLEV9Hai2hbk8GZjN2iqviHrHccJqNkg3SIuZD5qamhaUaMG9NOa5pQ9jLJU\/ymgo7DdgKxRH8uuDjWk10CemOYV7pIj9XJEg0HHMmlI1Un6aDxtAu5UK1qm1HNb38yVa+sYeN5Ew6KHyqBUxxS4IflHX5qeqIZPOKrYg5MCubhSudLKbjcH5sXIzejKF8iZ0FlTKPdHSExxjW0QFN6bAWoLJuZE\/4kDcgHKTjdquB1S9wjg6Pah9A0AO1p8+A56ZYLVjRHdUF0Eo6bHTdn4hIgHvxPjCmO5BtWUKEeQnKGkkR8kgREjXo6GfEeHC4Vb4SCK88RJFW07bR+3U68E0sOKimZElroA+KMcE32OqnpsNULoyV7BunASAegp78gVNI0Bil4Klffm6tM6xnJr7Wx08jSGi+pGYWmiGnj3zfHIxpQuw4bIpm3S\/lud8tMnqwiD6\/bIUKO1SxVSWZBp6s2PlGyGHrgwwdIy5nXoip9OukmbhVHpu5a+3BERo9ToRhkKbGsS5gAuyL08\/F6VvMQD\/JdB+\/2rkXCT7ca7Lr49P5aV+w66D8Iwyn8BcCGyOLiGucN4S\/JjMhOeFgH9mu48hQ78o="} 02214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1608278425084825,"flow_dst_last_pkt_time":1608278425122822,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1608278425122822,"pkt":"mt9Y+uvcCL6sCxduCABFAAUAAbQAAD8RO05ejA4OwKgMqQMQoG4E7CdXyf8AAB0RXf586nXFuX6jZU8LHDkLsXUECv0qRABAlUp76TjgEqdop5UKSI\/F6C7Gd9+z58rAvv5K3VJcoj\/wbKGCvwUk7hAIZQkwS0eQW8volAE\/nQLfPF\/ox4Fu54Iz80wj9fAhhK9DPh9I3m5cX1kBTgklYoQzHtAgZePSyxHP6hihn0FPt1BzVGGJcnUShw4Fy27vLE7qS\/7U+ePnY21jz69vyKuwXZuTiiipLJ8YK+0o6f8AAB0RXf586nXFuX6jZU8LHDkLsXUECv0qREQSNEAdToqwkUBeCPSTrtq1i+\/poFtGCmte08vfTNyuyRI2BuDSMLi4bKO8pdcS2OC7T2X+MCJiync2qglwLaK\/ZU6bCtCK6b7VW919zbwzxcwIxzakqRvR\/mHdyX39t6PkLoaGvK0X2vbjcfBtb8h9mxy2cMiCG7\/xmTssSfThjiW\/NA9r+eiSMaDW26lOxC0Myi2DyzhDaTuSGSXZwR3CdWz\/ehHzTlDnGfh\/fqCFNYcS3v3UJiv+Cd0NLG44Vb9GGFrsZAF0TFEPoReaDJEc8E0xrNED0dRphUxIr\/DqFgN88iZ7j379UNmsHXy+9mWkitLF30R2ORqsURlznCsncam1RRgTWr4gcq9w4PNs52tqYlXDTCw4di7UTg\/DXRKcsZbsYlRVAfuycbyKPF0+Crf95FQRqiDvujNGcSTFX0VUkcz4Fa3pVHkQZTqBaaJldHmG75IwR2jDpJHz0f8U25KfeMiidTlxNhhm4ZqtGvKIQ4l+F6Qgx3jz+Qgf4yWjkIytmooZaorzphY\/a1kd6q15yS9OAMFDlQGdC5w9pE5P54RHRZK\/rZQvTXChmSf0vHRtYR3c1oFoJT5F8p2MZU6xhBjIUVysia54dwyFSZwbXqhUTXJrPSmDnqDfgBnK15jat6fjDPn9EWVvi7jaxG881+aOZ0xxnx8yaRNN3cCXPRxuMVSBmS7R7uoMquwsmmUOS3HlBY98FG9pd\/pxl6D9GixGNYBEezKcsx34lBBN0+GU4QtQleLTJjzhkmdkqnu\/8ysyuk3AuGjDDpL4t9TZcSgmggtEeEIAD2uQ2Zs4+WrO+VF5RxXbNWqozAUKDXdWU4IhvJksaRt8LtCWMK+Q00gsZwn3bWnNtabhQ1da83CeC15FJEtCDSDfxhmRH8vWgIrJbPgN8gB44r7wKu16DvYGW8aqf7zmsckEnkXbn9FLsfs6ALLsVL2msz6xtzgVn74SrIXydDwMfx1fXsW5dM2nkOLSCiM7YyFahko2kEAUPa6aTOfHxZLl9R7YCHnpAfkDCw04yVocKSaV5Pw7dDALMPZTFdRwdAqoyp3JhcsW4wUVqsp0PTozIQzKE7JAcqGlvFfwXzZ7er6uAZdx36hfYDgYoKAl7S301UkQuX9mm323V1dh5OybrgeBmnlr+MoKe0Mw9PiTuvSS8+Q3jyvTGx5OnutvIwmCJZ3KlkUzAfZXELr6zCDgD5WkbH12NIA\/4Eve+66VJmSimGr\/rnpAwbN5efr8WSYM7kHl8\/tHLa\/St+DGu3hHqjLCX57P6yvpn13zBn38N5nhVh4BtxHTcXl9nJ40h9Fo7xe0oRT+d04279tPg1uhRPq+kJCTbSuAl9GMdjJxVxoxsuu0aJpaqKEm+d\/QnaM4+TSccA=="} 02220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1608278425084825,"flow_dst_last_pkt_time":1608278425122888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1608278425122888,"pkt":"mt9Y+uvcCL6sCxduCABFAAUAAbUAAD8RO01ejA4OwKgMqQMQoG4E7Ejn6\/8AAB0RXf586nXFuX6jZU8LHDkLsXUECv0qRETGDa1HS+zF6UxQoqcWPtvaZD0M5D8vOuuwT1lT22BsNzW7UeqT3G1yaqqeziGQS9CbrgeN2LYCFWePpTXrCGMIZRaKZ4Dzl\/ylxVo1sZoKf5iJ77RobOd4uOVr4v1fzVtZK7SSnw2TNr9+YJLUw8RzWrFl1R5\/LuSFg\/4LBpdELaercn4cag8\/wfjYg5esjxgyw3\/DI39x6fJiEeLfYiMTQhdl4S1DvT1bf4On1cZ5Pve8aL9ZNSUV6pjz8exU6v+yozsTMJ2gReNqSJxiLOZA7Chr1rP372EcxwZOJfjuB3dtVyhjEVmDDR0MFakaOiW2TopUKwSO6tanORLdiScMWtoVB9EEXWrRqu7AHeUwMqJpJaM2sTYg9vj5V8V49eB01MwBWnW3RvuELSAA\/rr0tFC5kN8x80Q6hkUR9WERSgsSZyq2fWg2XEVb6wgyhQj7yJd8o1FbiW9te0lPExFduactwU4ZdCzzWwIfFwRTxEDa1WjbFyzhWvrV\/L8AnXhR\/fz+ImBVLIzbVNVFQzjIpkvT0AiSLhI\/Q3u+VRc1QDRm\/KyZFemkvcqHRqTa1EzbDy\/8E8zwa4LPWD4qxNxc86\/+Z2tRmJf7XxMZKQFOo0p\/mtsuZYDLoqPpnbMk+WCZqUAKJw5ylbvHbPXC16P9bvC6+EtzBwnKuIepTSqo3Idks2KPcjL1GocIhx65JvpwFw49ItI8ZlGPLwUdd\/nv1HyD8d1Q0CYp\/9+4zHKOO4YHyAjhX5MzgfB2TYJ+1KbY6eG8U+KMm575akz5nzlxw26myucQvSCqFwJ7xEC8AIJrnjWDoPOQR60myqM33dqPGKrP6kE0cAk+afxU3b\/vK+rfZEV\/Py90klu2hWkGl5in5MPx0bsWnQ0F7CXctdd02NLCht2yp7ll4ETNeFn3XM6mhON3pCvy498D54qI4zen22mbk\/WqVm3E8+JTyfl\/CzxZ4qyEDlpfxf7GEaVhJ7rqcius2EygkgEVV4xY2XRuUR766UoZs8qWnepQKnzhy\/9amls+aw28xFV3aYpewQpsypFwiv7Z7bDx+nQsJYuuS1kaashnFzhaXmhKUkxgorWYVnMEjKkzb\/IUGbuhdZstKP7O9fF7e6KKBxNLLfRS0lfTf+XipzVaJcbDwmAd2AluLDPZofxNzCj5cPuXES3Heazc8O8YpvXof3ytzfQk5x+KqUqi\/+Rxe9T3HFewik8RMi8MrjOjdYIZ51+0tdEPKmEFbsQMTFbcW172ZavX5jdgrAuD4MwmJ6wgKGaYwWwNRXhzRCSVvtIsCGrk+txykp4tvV75By2Kor6l0z9qnIl7gBOVIiHasEepsdO4OiB\/RH8LGAnt03cK3PZFqYhm2MSA6+sCm3NKMl7pHROc0Syuyaw8\/S9pn8cSw1kIUOxu0CAy6MKzrQ3zeUd8YrXWJeJn9B45tmf6F\/IZwdW6kr8sz3gshgpqCh64vBnmFxQNepWuT\/rvLhTewMp7+YSfmgGvgJk0VlvONZkv9khFJAToEnRePOuBnhUhkWLAJGxHNu\/tfIpyWrL0N3ERF4a3\/HS+2EuavJ219sPDpGBPIVfa4k5r2z4Wkv1gAWxeE7KYlcVSwrhvZRtvOqoTh68InjRMQA=="} 02326{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278427520204,"flow_dst_last_pkt_time":1608278427556259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":3388,"flow_dst_tot_l4_payload_len":9887,"midstream":0,"thread_ts_usec":1608278427556259,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":160973.4,"max":1885270,"stddev":453072.4,"var":205274628096.0,"ent":2.4,"data": [36477,41681,43201,66,19,41861,6662,38406,6603,58707,16,206479,12,419140,55,727,29151,153173,67,8229,73,10468,39556,83,37026,44980,51489,1830423,63,12,1885270]},"pktlen": {"min":59,"avg":442.8,"max":1280,"stddev":522.9,"var":273444.5,"ent":4.1,"data": [1260,168,1260,1280,1280,1270,83,84,184,81,1270,1270,1270,1270,255,59,83,84,69,292,140,86,59,69,423,59,70,59,87,89,89,69]},"bins": {"c_to_s": [4,8,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,0,0,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,1,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1],"entropies": [7.847249508,6.664321423,7.854867935,7.829421520,7.845530033,7.828608036,5.784439087,5.698686600,6.822151661,5.751563549,7.848925114,7.841618061,7.849283695,7.840007782,7.166291237,5.550272942,5.778533459,5.825033665,5.698887825,7.230185032,6.684528351,6.026679039,5.577555180,5.650410652,7.431746960,5.496964455,5.706285954,5.435783863,6.043458462,6.076747894,6.093711376,5.553960800]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":164,"flow_dst_packets_processed":132,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278463119538,"flow_dst_last_pkt_time":1608278462796456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":10308,"flow_dst_tot_l4_payload_len":21705,"midstream":0,"thread_ts_usec":1608278463119538,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":296,"packets-processed":296,"total-skipped-flows":0,"total-l4-payload-len":32013,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1608278463119538} +00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/doq_adguard.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":296,"packets-processed":296,"total-skipped-flows":0,"total-l4-payload-len":32013,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1608278463119538} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 296/296 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7785407 bytes -~~ total memory freed........: 7785407 bytes -~~ total allocations/frees...: 146688/146688 +~~ total memory allocated....: 11494026 bytes +~~ total memory freed........: 11494026 bytes +~~ total allocations/frees...: 216942/216942 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 574 chars ~~ json string max len.......: 2331 chars diff --git a/test/results/default/dos_win98_smb_netbeui.pcap.out b/test/results/default/dos_win98_smb_netbeui.pcap.out index e9d5cc5b9..bba41be0d 100644 --- a/test/results/default/dos_win98_smb_netbeui.pcap.out +++ b/test/results/default/dos_win98_smb_netbeui.pcap.out @@ -1,5 +1,5 @@ -00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1576409796586005} +00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1576409796586005} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409796586005,"packet_id":1,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586005} 00386{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_usec":1576409796586005,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACQAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAw=="} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1576409796586078,"packet_id":2,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_usec":1576409796586078} @@ -107,7 +107,7 @@ 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1576409800543745,"flow_src_last_pkt_time":1576409931837438,"flow_dst_last_pkt_time":1576409800543745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1576409797553896,"flow_src_last_pkt_time":1576409928060524,"flow_dst_last_pkt_time":1576409797553896,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":952,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1576409807597015,"flow_src_last_pkt_time":1576409923353834,"flow_dst_last_pkt_time":1576409807597015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2817,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576409931837438,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} -00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":220,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":5953,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":110,"global_ts_usec":1576409931837438} +00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/dos_win98_smb_netbeui.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":220,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":5953,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":110,"global_ts_usec":1576409931837438} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 220/62 ~~ skipped flows.............: 0 @@ -116,9 +116,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7774911 bytes -~~ total memory freed........: 7774911 bytes -~~ total allocations/frees...: 146463/146463 +~~ total memory allocated....: 11483482 bytes +~~ total memory freed........: 11483482 bytes +~~ total allocations/frees...: 216717/216717 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 311 chars ~~ json string max len.......: 2200 chars diff --git a/test/results/default/drda_db2.pcap.out b/test/results/default/drda_db2.pcap.out index 40c919dcb..5f735894f 100644 --- a/test/results/default/drda_db2.pcap.out +++ b/test/results/default/drda_db2.pcap.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1175543772220609} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1175543772220609} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1175543772220609,"flow_src_last_pkt_time":1175543772220609,"flow_dst_last_pkt_time":1175543772220609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1175543772220609,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1175543772220609,"flow_dst_last_pkt_time":1175543772220609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1175543772220609,"pkt":"AAwpfMZqAFBWwAABCABFAAAwIqBAAIAGglXAqGoBwKhqgBLvw1AKtGewAAAAAHAC\/\/\/kqAAAAgQFtAEBBAI="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1175543772220609,"flow_dst_last_pkt_time":1175543772221098,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1175543772221098,"pkt":"AFBWwAABAAwpfMZqCABFAAAwAABAAEAG5PXAqGqAwKhqAcNQEu\/9XlZHCrRnsXASFtB6IQAAAgQFtAEBBAI="} @@ -9,7 +9,7 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1175543772338468,"flow_dst_last_pkt_time":1175543772338790,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1175543772338790,"pkt":"AFBWwAABAAwpfMZqCABFAAAoelNAAEAGaqrAqGqAwKhqAcNQEu\/9XlZICrRoYFAQGSCj5gAA"} 02208{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1175543772220609,"flow_src_last_pkt_time":1175543792690997,"flow_dst_last_pkt_time":1175543792523346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":630,"flow_src_tot_l4_payload_len":2071,"flow_dst_tot_l4_payload_len":2488,"midstream":0,"thread_ts_usec":1175543792690997,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":489,"avg":1315262.1,"max":17986057,"stddev":4366159.0,"var":19063346561024.0,"ent":1.8,"data": [489,527,117332,117692,728,9146,43443,966142,1129664,349281,477633,7546,71563,64394,182669,413229,622408,30275,5528,2591,521,1606,2014,1552,1127,154254,17828332,17986057,9928,7015,168439]},"pktlen": {"min":40,"avg":183.0,"max":703,"stddev":190.6,"var":36335.2,"ent":4.3,"data": [48,48,40,215,40,147,304,40,281,40,703,40,510,50,94,40,282,670,130,51,50,94,308,441,50,94,40,369,452,50,94,40]},"bins": {"c_to_s": [10,0,1,0,0,1,0,1,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,4,0,1,0,0,0,1,0,0,0,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0],"entropies": [4.443420410,4.743162632,4.731687069,5.602320194,4.712815285,5.534297943,5.451408386,4.643942833,5.407389164,4.731687069,5.469695568,4.712814808,4.427623272,4.828757286,5.028375626,4.781687260,5.564469814,5.097215652,4.705523014,4.912525654,4.828757286,5.049652100,5.369750977,4.250173569,4.773659706,5.041621685,4.681686878,5.027119160,4.343546391,4.828757286,5.070929050,4.615311623]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DRDA","proto_id":"227","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":18,"flow_first_seen":1175543772220609,"flow_src_last_pkt_time":1175543810683631,"flow_dst_last_pkt_time":1175543810683601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":630,"flow_src_tot_l4_payload_len":2081,"flow_dst_tot_l4_payload_len":2542,"midstream":0,"thread_ts_usec":1175543810683631,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DRDA","proto_id":"227","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":4623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1175543810683631} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/drda_db2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":4623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1175543810683631} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769903 bytes -~~ total memory freed........: 7769903 bytes -~~ total allocations/frees...: 146410/146410 +~~ total memory allocated....: 11478522 bytes +~~ total memory freed........: 11478522 bytes +~~ total allocations/frees...: 216664/216664 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 531 chars ~~ json string max len.......: 2213 chars diff --git a/test/results/default/dropbox.pcap.out b/test/results/default/dropbox.pcap.out index 1988837cc..d15967fd8 100644 --- a/test/results/default/dropbox.pcap.out +++ b/test/results/default/dropbox.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1455907271481938} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1455907271481938} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907271481938,"flow_src_last_pkt_time":1455907271481938,"flow_dst_last_pkt_time":1455907271481938,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1455907271481938,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1455907271481938,"flow_dst_last_pkt_time":1455907271481938,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1455907271481938,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"} 01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1455907271481938,"flow_src_last_pkt_time":1455907271481938,"flow_dst_last_pkt_time":1455907271481938,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1455907271481938,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -32,7 +32,7 @@ 02351{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1455907274088318,"flow_src_last_pkt_time":1455907275896569,"flow_dst_last_pkt_time":1455907275902611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":1564,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1455907275902611,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50312,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1319,"avg":116856.3,"max":131359,"stddev":22365.2,"var":500202464.0,"ent":4.9,"data": [1319,105009,107122,122637,124565,114853,120385,119749,111541,123867,122956,105381,109394,122887,120099,118036,119438,130107,131359,131277,128951,120148,121275,112275,114829,128910,125477,127969,127046,125146,128537]},"pktlen": {"min":46,"avg":87.2,"max":129,"stddev":38.5,"var":1485.3,"ent":4.9,"data": [125,48,129,52,125,48,126,49,126,49,123,46,123,46,123,46,128,51,126,49,127,50,125,48,125,48,128,51,127,50,126,49]},"bins": {"c_to_s": [0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.540076256,5.126628399,5.646005154,5.238902569,5.556076050,5.011841774,5.645351887,5.124912739,5.661224842,5.124912739,5.536271572,5.045301914,5.526149273,5.010309696,5.552532196,5.088779926,5.645638943,5.155473709,5.623487949,5.027874470,5.658226013,5.203855038,5.594115257,5.084961414,5.581238747,5.084961414,5.642791271,5.201836586,5.575829029,5.148757458,5.623488426,5.043280125]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1455907275958608,"flow_dst_last_pkt_time":1455907275835251,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":103,"thread_ts_usec":1455907275958608,"pkt":"CAAnmO\/hCAAnAERyCABFAAB7FHgAAIARNEPAqDgBwKg4ZcSPRFwAZyUVQgOAaDrbckRcQXIIQnVzMTdDbWQRMv97Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjE2IEVFVCAyMDE2In0="} 02351{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1455907275690777,"flow_src_last_pkt_time":1455907277661201,"flow_dst_last_pkt_time":1455907277663998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":94,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":1561,"flow_dst_tot_l4_payload_len":329,"midstream":0,"thread_ts_usec":1455907277663998,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5091,"avg":127214.4,"max":172321,"stddev":26264.3,"var":689812928.0,"ent":4.9,"data": [5091,140506,139383,127325,129287,138036,134456,137698,141222,137865,138593,132603,133311,132101,136834,172321,164608,137809,136671,122327,121648,117128,118696,128848,133217,115516,110107,123592,124533,106749,105564]},"pktlen": {"min":45,"avg":87.1,"max":129,"stddev":38.6,"var":1487.1,"ent":4.9,"data": [127,50,128,51,123,46,123,46,126,49,123,46,122,45,127,50,125,48,129,52,126,49,124,47,125,48,129,52,124,47,128,51]},"bins": {"c_to_s": [0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.584132195,5.148756981,5.612321377,5.123405457,5.484527588,5.088779926,5.497614384,5.088779926,5.597732544,5.084096432,5.526148796,5.088780403,5.523175716,5.047409534,5.616926193,5.163855076,5.550037384,5.084961891,5.666587353,5.277364254,5.567777157,5.068690777,5.565383434,5.070440769,5.542193413,5.084961414,5.626701832,5.238902569,5.490826130,4.985334873,5.638961315,5.241052151]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":801,"packets-processed":800,"total-skipped-flows":0,"total-l4-payload-len":47076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1459182796665502} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":801,"packets-processed":800,"total-skipped-flows":0,"total-l4-payload-len":47076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1459182796665502} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182796665502,"flow_src_last_pkt_time":1459182796665502,"flow_dst_last_pkt_time":1459182796665502,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1459182796665502,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1459182796665502,"flow_dst_last_pkt_time":1459182796665502,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1459182796665502,"pkt":"8IQvSpdgeJKcD6iOCABFAABAOLtAAEARfTrAqAFpwKgB\/thvADUALFKSg5wBAAABAAAAAAAABmNsaWVudAdkcm9wYm94A2NvbQAAAQAB"} 01198{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1459182796665502,"flow_src_last_pkt_time":1459182796665502,"flow_dst_last_pkt_time":1459182796665502,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1459182796665502,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Dropbox","proto_id":"5.121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"client.dropbox.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -88,7 +88,7 @@ 00785{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":832,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1459182830673445,"flow_dst_last_pkt_time":1459182817566407,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1459182830673445,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADfRXtAAEARMoLAqAFp\/\/\/\/\/0RcRFwAy8gLeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"} 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":834,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1459182830673733,"flow_dst_last_pkt_time":1459182817566700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1459182830673733,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf2zBAAEAR2iTAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"} 00782{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1459182830673733,"flow_dst_last_pkt_time":1459182817566700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":237,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":237,"pkt_l4_len":203,"thread_ts_usec":1459182830673733,"pkt":"\/\/\/\/\/\/\/\/eJKcD6iOCABFAADf2zBAAEAR2iTAqAFpwKgB\/0RcRFwAywVkeyJob3N0X2ludCI6IDI3NDM2MzU3MDAzNjkzNDgyMzM2MDM0MTQwOTA1MTg0MTU3MzU3OSwgInZlcnNpb24iOiBbMiwgMF0sICJkaXNwbGF5bmFtZSI6ICIiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsyMDYwMzE0MCwgMTY3MTU2ODYsIDQ4NzQ1ODk1LCAxOTA3NjA0MCwgODc5NTY4MDQzLCAxMjM1MzUwMzAsIDE4MjE2NDkyMl19"} -00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":837,"packets-processed":836,"total-skipped-flows":0,"total-l4-payload-len":52930,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":6,"total-updates":0,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_usec":1535391465534592} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":837,"packets-processed":836,"total-skipped-flows":0,"total-l4-payload-len":52930,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":6,"total-updates":0,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_usec":1535391465534592} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1535391465534592,"flow_src_last_pkt_time":1535391465534592,"flow_dst_last_pkt_time":1535391465534592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":168,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391465534592,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00751{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1535391465534592,"flow_dst_last_pkt_time":1535391465534592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_usec":1535391465534592,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEWzxAAEARHT\/AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1535391465534592,"flow_src_last_pkt_time":1535391465534592,"flow_dst_last_pkt_time":1535391465534592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":168,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391465534592,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -124,7 +124,7 @@ 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1535391465534592,"flow_src_last_pkt_time":1535391525545240,"flow_dst_last_pkt_time":1535391465534592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":168,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391682514087,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1535391651170134,"flow_src_last_pkt_time":1535391682514087,"flow_dst_last_pkt_time":1535391651170134,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":163,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":489,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391682514087,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1535391465535228,"flow_src_last_pkt_time":1535391525545589,"flow_dst_last_pkt_time":1535391465535228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":168,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1535391682514087,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":848,"packets-processed":848,"total-skipped-flows":0,"total-l4-payload-len":54916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":6,"total-updates":4,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":127,"global_ts_usec":1535391682514087} +00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":848,"source":"cfgs\/default\/pcap\/dropbox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":848,"packets-processed":848,"total-skipped-flows":0,"total-l4-payload-len":54916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":6,"total-updates":4,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":127,"global_ts_usec":1535391682514087} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 848/848 ~~ skipped flows.............: 0 @@ -133,9 +133,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7821249 bytes -~~ total memory freed........: 7821249 bytes -~~ total allocations/frees...: 147367/147367 +~~ total memory allocated....: 11529644 bytes +~~ total memory freed........: 11529644 bytes +~~ total allocations/frees...: 217621/217621 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 537 chars ~~ json string max len.......: 2356 chars diff --git a/test/results/default/dtls.pcap.out b/test/results/default/dtls.pcap.out index e50fa0079..6e9adcf2a 100644 --- a/test/results/default/dtls.pcap.out +++ b/test/results/default/dtls.pcap.out @@ -1,11 +1,11 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1545143424891780} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1545143424891780} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891780,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1545143424891780,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_usec":1545143424891780,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="} 01408{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891780,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1545143424891780,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_usec":1545143424891780,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="} 00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1545143424891780,"flow_src_last_pkt_time":1545143424891780,"flow_dst_last_pkt_time":1545143424891780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":310,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1545143424891780,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00627{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1545143424891780} +00627{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/dtls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1545143424891780} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766819 bytes -~~ total memory freed........: 7766819 bytes -~~ total allocations/frees...: 146374/146374 +~~ total memory allocated....: 11475438 bytes +~~ total memory freed........: 11475438 bytes +~~ total allocations/frees...: 216628/216628 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 565 chars ~~ json string max len.......: 1413 chars diff --git a/test/results/default/dtls2.pcap.out b/test/results/default/dtls2.pcap.out index 718810278..873d09b32 100644 --- a/test/results/default/dtls2.pcap.out +++ b/test/results/default/dtls2.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1507911659748597} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1507911659748597} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911659748597,"flow_dst_last_pkt_time":1507911659748597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507911659748597,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1507911659748597,"flow_dst_last_pkt_time":1507911659748597,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":1507911659748597,"pkt":"AAAAjZtQSEb7zh73CABFAABta10AAD8Ruf09RG6Z1CDWJ8818BEAWUhKFv7\/AAAAAAAAAAAARAEAADgAAAAAAAAAOP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAAAAQADUALwAFAAQACgD7APwA\/QEA"} 01405{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911659748597,"flow_dst_last_pkt_time":1507911659748597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":81,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507911659748597,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.0","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} @@ -14,7 +14,7 @@ 01316{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911920885639,"flow_dst_last_pkt_time":1507911921101187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":1919,"midstream":0,"thread_ts_usec":1507911921101187,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01316{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":15,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507911981436327,"flow_dst_last_pkt_time":1507911981652443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":1549,"flow_dst_tot_l4_payload_len":1996,"midstream":0,"thread_ts_usec":1507911981652443,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01314{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":1507911659748597,"flow_src_last_pkt_time":1507912041681166,"flow_dst_last_pkt_time":1507912041896833,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":283,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":1658,"flow_dst_tot_l4_payload_len":2073,"midstream":0,"thread_ts_usec":1507912041896833,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":3731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":5,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1507912041896833} +00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/dtls2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":3731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":5,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1507912041896833} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767711 bytes -~~ total memory freed........: 7767711 bytes -~~ total allocations/frees...: 146405/146405 +~~ total memory allocated....: 11476330 bytes +~~ total memory freed........: 11476330 bytes +~~ total allocations/frees...: 216659/216659 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 566 chars ~~ json string max len.......: 1633 chars diff --git a/test/results/default/dtls_certificate.pcapng.out b/test/results/default/dtls_certificate.pcapng.out index 294a1b647..33c4cca7e 100644 --- a/test/results/default/dtls_certificate.pcapng.out +++ b/test/results/default/dtls_certificate.pcapng.out @@ -1,10 +1,10 @@ -00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645461580895085} +00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645461580895085} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895085,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645461580895085,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1645461580895085,"pkt":"AAEC3cZZAAAAw9EGCABFAAXASWxAADQRSEO\/Pjy+o80PtAG7l9wFrJO8Fv79AAAAAAAAAAIARQIAADkAAQAAAAAAOf79\/Kc4HE2ihqeGXU8HJgbvv17oNih5trwpTgkv9KYfrYAAwDAAABH\/AQABAAALAAQDAAECACMAABb+\/QAAAAAAAAADBPILAATmAAIAAAAABOYABOMABOAwggTcMIIDxKADAgECAhMzAAAAHLZ5tboHL3PzAAAAAAAcMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHUmVkbW9uZDEeMBwGA1UECgwVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSwwKgYDVQQDDCNNaWNyb3NvZnQgVXBkYXRlIFNlY3VyZSBTZXJ2ZXIgQ0EgMTAeFw0xNzAyMjcxMjAwMDBaFw0xOTAyMjcwMDAwMDBaMHkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdSZWRtb25kMRIwEAYDVQQKDAlNaWNyb3NvZnQxDDAKBgNVBAsMA0RTUDEhMB8GA1UEAwwYd3d3LnVwZGF0ZS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxchtkZuNapLH78mZf0URm+rRwTx\/ZkyEWQKrdPC7T\/I\/VBlNaCjkhqqLjeWcxNjAXFgHV0DQS4Ohn1NUJhGwRm+C9xnh7uNg5h\/HW\/hZG6rQQT\/YIEe4RMEDoHNucdV0ldNkVXCWmH7VdyXRHfM9s1z8dmKF9BhxFUrUndT8KN51NorrFfTkRDxgaXL\/XiTXb5jjFdTMNDoWEcfCSn+mv6sdX3THlAvFHxknV8wAjqvNtxIjUk2YFzbeaTG2Q+ckuiam9dVPaH56OySqB0JYTcsJNz1EFEanNbn3YoH9U68KtmWqXQruXynN3poT1rVwEUFs6k6P4rp9p9jisxqFTQIDAQABo4IBUTCCAU0wDgYDVR0PAQH\/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBSLiU8Spy0D\/BrMqi4FzdoDPizAuzAfBgNVHSMEGDAWgBQTA4kJqE\/7jzADbipdbCNlgXR+uzBmBgNVHR8EXzBdMFugWaBXhlVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBVcGRhdGUlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBDQSUyMDEuY3JsMHMGCCsGAQUFBwEBBGcwZTBjBggrBgEFBQcwAoZXaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBVcGRhdGUlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBDQSUyMDEuY3J0MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAD\/XXW3cyN\/n\/BsXYc461vEQJ\/MooDP0uWOe5wtrpd3XUOKUuYcOvN70FidsM66xtY3sgdh6LUV7Vd3UbwrHsVXRThb+W0JmRxLpORJHovyCUjHJdgWcwAmAecZJ4QHbPt4JGKIezh1zC7zvwpMBEph7\/DE2rRq+Bk7Vj\/NpG5hi7ChZs0a\/4ZlQ63BMdels0iVL7Gl8j2rZV6AKE6rNjGoosoCEoztRWeQE8+sRCm+Ke3bWDxj6rORsUQGgzGimwUgWsdfd3Nhsgd7TmdyKcuJKVjK3IJvBgJOkTc6Wtb9I6keqOhJz+tW6pXPpKnm\/uuS9speSYMehXhdxy6auf74W\/v0AAAAAAAAABABGDAABSQADAAAAAAA6AwAXQQTUxAnF4aD29iFX08UpvzSYHoOfJnjbLUY7FaBYVdRtgMBGO\/4Mp6YBV28sDk7JZ2MLOl9WIA=="} 01652{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895085,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645461580895085,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS.WindowsUpdate","proto_id":"30.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","tls": {"version":"DTLSv1.2","notafter":"2019-02-27 00:00:00","ja3":"","ja3s":"953c1507994f72697446de4eff6e300b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Update Secure Server CA 1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft, OU=DSP, CN=www.update.microsoft.com","fingerprint":"D1:88:0F:51:C1:01:91:72:A1:A4:6E:69:F4:33:7F:FE:3E:C4:F0:39"}}} 01230{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645461580895085,"flow_src_last_pkt_time":1645461580895085,"flow_dst_last_pkt_time":1645461580895085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645461580895085,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS.WindowsUpdate","proto_id":"30.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} -00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1645461580895085} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1645461580895085} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769051 bytes -~~ total memory freed........: 7769051 bytes -~~ total allocations/frees...: 146376/146376 +~~ total memory allocated....: 11477670 bytes +~~ total memory freed........: 11477670 bytes +~~ total allocations/frees...: 216630/216630 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 579 chars ~~ json string max len.......: 2481 chars diff --git a/test/results/default/dtls_certificate_fragments.pcap.out b/test/results/default/dtls_certificate_fragments.pcap.out index f10fc67fe..cdf5ebf5a 100644 --- a/test/results/default/dtls_certificate_fragments.pcap.out +++ b/test/results/default/dtls_certificate_fragments.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1556606275726225} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1556606275726225} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275726225,"flow_dst_last_pkt_time":1556606275726225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1556606275726225,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00949{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1556606275726225,"flow_dst_last_pkt_time":1556606275726225,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"thread_ts_usec":1556606275726225,"pkt":"AAAAp2BiAAAAtzPNCABFAAFUW5tAAD4Rr1YKusaVI9I7hpmzrZsBQKk0Fv7\/AAAAAAAAAAABKwEAAR8AAAAAAAABH\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAAACgwDDALMAowCTAFMAKAKUAowChAJ8AawBqAGkAaAA5ADgANwA2AIgAhwCGAIXAMsAuwCrAJsAPwAUAnQA9ADUAhMAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMACaAJkAmACXAEUARABDAELAMcAtwCnAJcAOwAQAnAA8AC8AlgBBAAfAEsAIABYAEwAQAA3ADcADAAoA\/wEAAFUACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"} 01436{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275726225,"flow_dst_last_pkt_time":1556606275726225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1556606275726225,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} @@ -9,7 +9,7 @@ 01480{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":332,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1556606276035205,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}}} 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":331,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":331,"pkt_l4_len":297,"thread_ts_usec":1556606276035205,"pkt":"AAAAp2BiAAAAtzPNCABFIAE94VhAAD4RKZAj0juGCrrGla2bmbMBKYUyFv7\/AAAAAAAAAAMA+wsABgsAAgAFHAAA7xmWcPJxf+syLm5kr8JFkg5FV4AlWuYVZqKRDkSXNY2wDo4JRyk7bpK3luN\/HZfToj36ViRMUxoGzOIdNQQtdLDZ9I6l5ryvVP5AVvfsfLCm9sZAxjhtLYRgCPa+oX7MDX\/1pOIA9ScqtjYO9k7rU1+EQszS6yuQBUHbzqzJDE5+Sr0FYdV0ChHOUsH5pqFWRmYkMY1kxz3WCDFqLZz3OCXgMI4dlHN4OUfYtjdlKZjojOO\/DI2VYl9JYb1bxVDvI\/jLCpX0S20qleMt33f6vetcgUgWnM2jDSMPp6PARk5VmmjgwVuZ3AbB3Md620\/oFv7\/AAAAAAAAAAQADA4AAAAAAwAAAAAAAA=="} 01979{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606275913729,"flow_dst_last_pkt_time":1556606276035205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":332,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":1749,"midstream":0,"thread_ts_usec":1556606276035205,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"41": {"risk":"TLS Cert About To Expire","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","server_names":"*.samsungmax.com,*.opera-mini.net","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA","subjectDN":"C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=*.opera-mini.net, C=NO, ST=Oslo, L=Oslo, O=Opera Software ASA, OU=Opera Max, CN=Opera Max CA","fingerprint":"2F:5F:33:93:DE:4E:8B:EA:87:19:43:1A:7A:28:C2:33:FB:10:B3:A0"}}} -00652{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":5138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1591661831005800} +00652{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":5138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1591661831005800} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831005800,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591661831005800,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1591661831005800,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_usec":1591661831005800,"pkt":"KICiDkMyVIygpBIpCABFAAC3TLlAAEARa4zAqAEaaJlXlapKw1EAo42PFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79L2+PkbrvwtAd0lRXHnV+fU0MoPLilZ8yrbMm6GEmh9kAAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQAAXAAD\/AQABAAAKAAgABgAdABcAGAALAAIBAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQA="} 01431{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831005800,"flow_dst_last_pkt_time":1591661831005800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591661831005800,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"681eb4fb79ccb6d60d35fa502c279d42","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} @@ -21,7 +21,7 @@ 01309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1591661831094429,"flow_dst_last_pkt_time":1591661831093656,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":621,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":621,"pkt_l4_len":587,"thread_ts_usec":1591661831094429,"pkt":"KICiDkMyVIygpBIpCABFAAJfTMFAAEARadzAqAEaaJlXlapKw1ECSz2PFv79AAAAAAAAAAIBLAsAASAAAQAAAAABIAABHQABGjCCARYwgb2gAwIBAgIJANEC+9dk9FU0MAoGCCqGSM49BAMCMBExDzANBgNVBAMMBldlYlJUQzAeFw0yMDA2MDgwMDE3MTBaFw0yMDA3MDkwMDE3MTBaMBExDzANBgNVBAMMBldlYlJUQzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMN4B8BcSIB8vft5RRQLAR85m\/tKuX7g5T1IYw7Hm7qhkyBdZX4OnwIFwDEfSDt3hvNzM2wWRdpiSZ6iGF90YtUwCgYIKoZIzj0EAwIDSAAwRQIgYiBJQW7KDUuAi3M9L3zwhEDpAL9q4DirUrayN1dURyMCIQD5bYw+Zs558BwlQadzNvlnhksxNHUTMmtsQ591HUXbABb+\/QAAAAAAAAADAE4QAABCAAIAAAAAAEJBBMZcbp+gpTP\/98W2Gp\/agbTEoqgz1y6bqmJbklIBPupi+fq8SYEjO9Y9JmSaRonmMNJqXH7zBblXPkmNr6nWxPMW\/v0AAAAAAAAABABXDwAASwADAAAAAABLBAMARzBFAiEAi1u+G3KaGQXoX1KGtvuQeozvmzHFR9Ra5exkC1MSZpoCIFTAFKcDyN3bpdNt1LWIF31bDpEkYEvrDTEBZbETusOEFP79AAAAAAAAAAUAAQEW\/v0AAQAAAAAAAAAwAAEAAAAAAACBA9i\/5ZXnRtf9Ph0HrY+iWRLDuMWOD5PqKOYsPS6F0szsv0blWRNP"} 01458{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1556606275726225,"flow_src_last_pkt_time":1556606278645792,"flow_dst_last_pkt_time":1556606276558755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":125,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":374,"flow_dst_max_l4_payload_len":1412,"flow_src_tot_l4_payload_len":2162,"flow_dst_tot_l4_payload_len":2976,"midstream":0,"thread_ts_usec":1591661831138018,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"41": {"risk":"TLS Cert About To Expire","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01253{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1591661831005800,"flow_src_last_pkt_time":1591661831094429,"flow_dst_last_pkt_time":1591661831138018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":155,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":579,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":889,"flow_dst_tot_l4_payload_len":3074,"midstream":0,"thread_ts_usec":1591661831138018,"l3_proto":"ip4","src_ip":"192.168.1.26","dst_ip":"104.153.87.149","src_port":43594,"dst_port":50001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.Discord","proto_id":"30.58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} -00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":9101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1591661831138018} +00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/dtls_certificate_fragments.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":9101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1591661831138018} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 26/26 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7776338 bytes -~~ total memory freed........: 7776338 bytes -~~ total allocations/frees...: 146423/146423 +~~ total memory allocated....: 11484941 bytes +~~ total memory freed........: 11484941 bytes +~~ total allocations/frees...: 216677/216677 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 587 chars ~~ json string max len.......: 2433 chars diff --git a/test/results/default/dtls_mid_sessions.pcapng.out b/test/results/default/dtls_mid_sessions.pcapng.out index 764ae6aee..0070a238a 100644 --- a/test/results/default/dtls_mid_sessions.pcapng.out +++ b/test/results/default/dtls_mid_sessions.pcapng.out @@ -1,5 +1,5 @@ -00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1644251732783352} +00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1644251732783352} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732783352,"flow_src_last_pkt_time":1644251732783352,"flow_dst_last_pkt_time":1644251732783352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251732783352,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1644251732783352,"flow_dst_last_pkt_time":1644251732783352,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"thread_ts_usec":1644251732783352,"pkt":"AAAAAAAAAAUAH77DCABFAAB5TfQAAHkRcBI11u5Bx7qXm9E2AbsAZQC2FwEAAAEAAAAA1BUAUFbLHE7KkMRUAMa+BCcg\/DTD4cWbj4CR\/ou6\/eEj1qcEoJjrsJeHH7KwZMNGTwAG1rS\/\/iatJdFhJzn0FDJ0hSfdwvHN8cKVzNzbvFPCN5Gy"} 01053{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732783352,"flow_src_last_pkt_time":1644251732783352,"flow_dst_last_pkt_time":1644251732783352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251732783352,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -28,7 +28,7 @@ 01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1644251732819831,"flow_src_last_pkt_time":1644251733371724,"flow_dst_last_pkt_time":1644251733286733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1453,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":15606,"flow_dst_tot_l4_payload_len":1540,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"121.152.255.238","src_port":443,"dst_port":8460,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644251732783352,"flow_src_last_pkt_time":1644251732783352,"flow_dst_last_pkt_time":1644251732783352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":93,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":93,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"53.214.238.65","dst_ip":"199.186.151.155","src_port":53558,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":17,"flow_first_seen":1644251732859305,"flow_src_last_pkt_time":1644251736135259,"flow_dst_last_pkt_time":1644251736133006,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":93,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1453,"flow_dst_max_l4_payload_len":791,"flow_src_tot_l4_payload_len":5737,"flow_dst_tot_l4_payload_len":3089,"midstream":0,"thread_ts_usec":1644251736135259,"l3_proto":"ip4","src_ip":"170.151.105.215","dst_ip":"72.102.179.218","src_port":443,"dst_port":62811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":91,"packets-processed":91,"total-skipped-flows":0,"total-l4-payload-len":34046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1644251736135259} +00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/dtls_mid_sessions.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":91,"packets-processed":91,"total-skipped-flows":0,"total-l4-payload-len":34046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1644251736135259} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 91/91 ~~ skipped flows.............: 0 @@ -37,9 +37,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7775836 bytes -~~ total memory freed........: 7775836 bytes -~~ total allocations/frees...: 146495/146495 +~~ total memory allocated....: 11484407 bytes +~~ total memory freed........: 11484407 bytes +~~ total allocations/frees...: 216749/216749 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 580 chars ~~ json string max len.......: 2504 chars diff --git a/test/results/default/dtls_old_version.pcapng.out b/test/results/default/dtls_old_version.pcapng.out index c516a463d..371645799 100644 --- a/test/results/default/dtls_old_version.pcapng.out +++ b/test/results/default/dtls_old_version.pcapng.out @@ -1,5 +1,5 @@ -00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388130600596} +00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388130600596} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388130600596,"flow_src_last_pkt_time":1592388130600596,"flow_dst_last_pkt_time":1592388130600596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388130600596,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388130600596,"flow_dst_last_pkt_time":1592388130600596,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1592388130600596,"pkt":"AAAAAAAAAAYArvxgCABFAAB\/OTwAAH8Ri0ElvARzRkIGgNyFAbsAaxY5FgEAAAAAAAAAAAAAVgEAAEoAAAAAAAAASgEAXunqImL3nzdrUBZ\/BhfTQm46UvY\/Zrav40oHNoY96qUgA8IpvhXWIFFe7w7KCq\/byTjgCP7o8hqBpXIG\/Tdba9gAAAIANQEA"} 01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388130600596,"flow_src_last_pkt_time":1592388130600596,"flow_dst_last_pkt_time":1592388130600596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388130600596,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -9,7 +9,7 @@ 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1592388133613774,"flow_dst_last_pkt_time":1592388133698009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1592388133698009,"pkt":"AAAAAAAAAAYArvxgCABFAABM9VcAAPIRXFhGQgaAJbwEcwG73IUAOKixFgEAAAAAAAAAAAAAIwMAABcAAAAAAAAAFwEAFJQvJfDCZcKI8kzWgOcHI1Oo1d90"} 01170{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1592388130600596,"flow_src_last_pkt_time":1592388137732924,"flow_dst_last_pkt_time":1592388137817410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":188,"flow_src_tot_l4_payload_len":416,"flow_dst_tot_l4_payload_len":284,"midstream":0,"thread_ts_usec":1592388137817410,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1592388130600596,"flow_src_last_pkt_time":1592388137732924,"flow_dst_last_pkt_time":1592388137817410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":188,"flow_src_tot_l4_payload_len":416,"flow_dst_tot_l4_payload_len":284,"midstream":0,"thread_ts_usec":1592388137817410,"l3_proto":"ip4","src_ip":"37.188.4.115","dst_ip":"70.66.6.128","src_port":56453,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1592388137817410} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/dtls_old_version.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1592388137817410} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767003 bytes -~~ total memory freed........: 7767003 bytes -~~ total allocations/frees...: 146380/146380 +~~ total memory allocated....: 11475622 bytes +~~ total memory freed........: 11475622 bytes +~~ total allocations/frees...: 216634/216634 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 579 chars ~~ json string max len.......: 1206 chars diff --git a/test/results/default/dtls_session_id_and_coockie_both.pcap.out b/test/results/default/dtls_session_id_and_coockie_both.pcap.out index 80b66dfbf..67c5f8e75 100644 --- a/test/results/default/dtls_session_id_and_coockie_both.pcap.out +++ b/test/results/default/dtls_session_id_and_coockie_both.pcap.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388499775130} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388499775130} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388499775130,"flow_src_last_pkt_time":1592388499775130,"flow_dst_last_pkt_time":1592388499775130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388499775130,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388499775130,"flow_dst_last_pkt_time":1592388499775130,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1592388499775130,"pkt":"AAAAAAAAAAEAvpsKCABFAAB\/T3sAAH8RdtO5xHHv33Rp98RRrZsAazO3Fv79AAAAAAAAAAAAVgEAAEoAAAAAAAAASv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4AAALALAEA"} 01436{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388499775130,"flow_src_last_pkt_time":1592388499775130,"flow_dst_last_pkt_time":1592388499775130,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388499775130,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} @@ -8,7 +8,7 @@ 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1592388499813030,"flow_dst_last_pkt_time":1592388499833900,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_usec":1592388499833900,"pkt":"AAAAAAAAAAcAwedSCABFAADGx3wAAPMRiorfdGn3ucRx762bxFEAspnDFv79AAAAAAAAAAEAUgIAAEYAAQAAAAAARv79h9MldvGqD4L7eTZa2NHhRQF1vlik3WVyEyjxpUYtENcgODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST7ALAAU\/v0AAAAAAAAAAgABARb+\/QABAAAAAAAAADBhiqTy6UqwzhCYCPtl5aoUaCDaK6eEDLWKYD9PQuzP3fUrM48czQrGX1gmubwFx64="} 01388{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1592388499775130,"flow_src_last_pkt_time":1592388499813030,"flow_dst_last_pkt_time":1592388499833900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":218,"midstream":0,"thread_ts_usec":1592388499833900,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"a1d48eca741e476d8ee735578a26bdbd","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}} 01237{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1592388499775130,"flow_src_last_pkt_time":1592388499813030,"flow_dst_last_pkt_time":1592388499833900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":170,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":218,"midstream":0,"thread_ts_usec":1592388499833900,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00656{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1592388499833900} +00656{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1592388499833900} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766877 bytes -~~ total memory freed........: 7766877 bytes -~~ total allocations/frees...: 146376/146376 +~~ total memory allocated....: 11475496 bytes +~~ total memory freed........: 11475496 bytes +~~ total allocations/frees...: 216630/216630 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 593 chars ~~ json string max len.......: 1441 chars diff --git a/test/results/default/edonkey.pcap.out b/test/results/default/edonkey.pcap.out index 146212bb6..f389406e9 100644 --- a/test/results/default/edonkey.pcap.out +++ b/test/results/default/edonkey.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1256627019012259} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1256627019012259} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1256627019012259,"flow_src_last_pkt_time":1256627019012259,"flow_dst_last_pkt_time":1256627019012259,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1256627019012259,"l3_proto":"ip4","src_ip":"201.15.177.227","dst_ip":"135.192.214.240","src_port":1754,"dst_port":7551,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1256627019012259,"flow_dst_last_pkt_time":1256627019012259,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1256627019012259,"pkt":"AAAAAAAAAAAAAAAACABFAAAwFXFAAHQGF7PJD7Hjh8DW8AbaHX\/iBcO2AAAAAHAC\/\/\/feQAAAgQFoAEBBAI="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1256627019012259,"flow_dst_last_pkt_time":1256627019016300,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1256627019016300,"pkt":"AAAAAAAAAAAAAAAACABFAAAwOUtAAH0G6tiHwNbwyQ+x4x1\/BtrTGFiF4gXDt3AS\/\/+ztgAAAgQFtAEBBAI="} @@ -8,7 +8,7 @@ 00707{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1256627019107420,"flow_dst_last_pkt_time":1256627019112512,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1256627019112512,"pkt":"AAAAAAAAAAAAAAAACABFAACsOWpAAH0G6j2HwNbwyQ+x4x1\/BtrTGFiG4gXEM1AY\/4OcSAAA438AAABMOjVEqDEOKB1R7VGC9M9v1Ixx9M9\/HQgAAAACAQABFQBbQ0hOXVtWZXJ5Q0RdeW91cm5hbWUDAQARPAAAAAMBAPmJHYkdAwEA+htCEzQDAQD+tAEAAAMBAPsAwAAAAgEAVQ0AVmVyeUNEIDA5MDMwNAMBAO4M6YkU1D\/OI5IQ"} 01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1256627019012259,"flow_src_last_pkt_time":1256627019107420,"flow_dst_last_pkt_time":1256627019112512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1256627019112512,"l3_proto":"ip4","src_ip":"201.15.177.227","dst_ip":"135.192.214.240","src_port":1754,"dst_port":7551,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"eDonkey","proto_id":"36","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download"}} 01092{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":11,"flow_first_seen":1256627019012259,"flow_src_last_pkt_time":1256627076408213,"flow_dst_last_pkt_time":1256627076408912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":248,"flow_dst_tot_l4_payload_len":792,"midstream":0,"thread_ts_usec":1256627076408912,"l3_proto":"ip4","src_ip":"201.15.177.227","dst_ip":"135.192.214.240","src_port":1754,"dst_port":7551,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"eDonkey","proto_id":"36","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download"}} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":1040,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1256627076408912} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/edonkey.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":1040,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1256627076408912} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769294 bytes -~~ total memory freed........: 7769294 bytes -~~ total allocations/frees...: 146389/146389 +~~ total memory allocated....: 11477913 bytes +~~ total memory freed........: 11477913 bytes +~~ total allocations/frees...: 216643/216643 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 541 chars ~~ json string max len.......: 1097 chars diff --git a/test/results/default/elasticsearch.pcap.out b/test/results/default/elasticsearch.pcap.out index fe90fd863..9bb3e5d25 100644 --- a/test/results/default/elasticsearch.pcap.out +++ b/test/results/default/elasticsearch.pcap.out @@ -1,5 +1,5 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666258196034202} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666258196034202} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258196034202,"flow_src_last_pkt_time":1666258196034202,"flow_dst_last_pkt_time":1666258196034202,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666258196034202,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.107","src_port":40282,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666258196034202,"flow_dst_last_pkt_time":1666258196034202,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666258196034202,"pkt":"ABY+v3lW+hY+\/yO1CABFAAA816FAAD4G6yisEBFmrBAQa51aJFSXRuFEAAAAAKAC9QBC8wAAAgQjAAQCCAqEzLnHAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1666258196034202,"flow_dst_last_pkt_time":1666258196036761,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666258196036761,"pkt":"+hY+\/yO1ABY+v3lWCABFAAA8AABAAEAGwMqsEBBrrBARZiRUnVr59pHXl0bhRaAS9KzUfwAAAgQjAAQCCApHXJuLhMy5xwEDAwc="} @@ -27,7 +27,7 @@ 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258220448291,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666258220448291,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1666258220448291,"pkt":"+hY+\/yO1ABY+v3lWCABFAAC9EplAAEAGrbCsEBBrrBARZiRUnWpT5e7d+a0KsYAYAeTSJwAAAQEICkdc+ueEzRkjRVMAAACDAAAAAAAAAHsBAGu7SwAAAHIBHl94cGFja19zZWN1cml0eV9hdXRoZW50aWNhdGlvblB5L2F1QXdFSFgzTjVjM1JsYlJkbGJHRnpkR2xqTFc1dlpHVXdNaTVuWVhKeUxteGhZZ2hmWDJGMGRHRmphQWhmWDJGMGRHRmphQUFFQ2dBPQA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258220448291,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666258220448291,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40298,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":38,"packets-processed":37,"total-skipped-flows":0,"total-l4-payload-len":6736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1666258921758874} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":38,"packets-processed":37,"total-skipped-flows":0,"total-l4-payload-len":6736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1666258921758874} 00986{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1666258196034202,"flow_src_last_pkt_time":1666258196256706,"flow_dst_last_pkt_time":1666258196229737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":414,"midstream":0,"thread_ts_usec":1666258923619099,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.107","src_port":40282,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666259164268444,"flow_src_last_pkt_time":1666259164268444,"flow_dst_last_pkt_time":1666259164268444,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":422,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":422,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":422,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259164268444,"l3_proto":"ip4","src_ip":"172.16.17.102","dst_ip":"172.16.16.106","src_port":48028,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1666259164268444,"flow_dst_last_pkt_time":1666259164268444,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":488,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":488,"pkt_l4_len":454,"thread_ts_usec":1666259164268444,"pkt":"ABY+soAn+hY+\/yO1CABFAAHarfFAAD4GEzysEBFmrBAQarucJFRoIUIXoUah\/oAYAebLKwAAAQEIClAEIdUYdep8RVMAAAGgAAAAAAAADI8AAGu7SwAAADAAAAEGeC1wYWNrJWluZGljZXM6ZGF0YS9yZWFkL3NlYXJjaFtwaGFzZS9xdWVyeV0WNUtpa2xFY3ZRRC01UnVUVjVIbXNlUQAAAAAAAE7GCS5raWJhbmFfMRY5YW1TRnUtMlJWbUQ3aDFUaDMwOTJBAAEBAAEAAgAAAAAAAAAAAQRib29sP4AAAAABE3NpbXBsZV9xdWVyeV9zdHJpbmc\/gAAAAAEwAAAAASp1cGdyYWRlLWFzc2lzdGFudC1yZWluZGV4LW9wZXJhdGlvbi5zdGF0dXM\/gAAA\/\/\/\/\/wAAAAAAAAABADIBAAABBGJvb2w\/gAAAAAAAAQRib29sP4AAAAABBHRlcm0\/gAAAAAR0eXBlFSN1cGdyYWRlLWFzc2lzdGFudC1yZWluZGV4LW9wZXJhdGlvbgEGZXhpc3RzP4AAAAAJbmFtZXNwYWNlAAABAAABAQExAQAAABQAAAAAAAACAQAAAAAAAX\/\/\/\/8AAAA\/gAAAv7ikpr8wAgABAAABBy5raWJhbmEDAgQFAQA="} @@ -41,7 +41,7 @@ 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258220448291,"flow_src_last_pkt_time":1666258220448291,"flow_dst_last_pkt_time":1666258220448291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40298,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666258198552605,"flow_src_last_pkt_time":1666258198552605,"flow_dst_last_pkt_time":1666258198552605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1758,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1758,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1758,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":9300,"dst_port":40342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1666258196428446,"flow_src_last_pkt_time":1666258212491705,"flow_dst_last_pkt_time":1666258212486464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2955,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666259173881713,"l3_proto":"ip4","src_ip":"172.16.16.107","dst_ip":"172.16.17.102","src_port":33288,"dst_port":9300,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Elasticsearch","proto_id":"330","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":47,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":9589,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1666259173881713} +00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/elasticsearch.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":47,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":9589,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1666259173881713} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 47/47 ~~ skipped flows.............: 0 @@ -50,9 +50,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7795340 bytes -~~ total memory freed........: 7795340 bytes -~~ total allocations/frees...: 146491/146491 +~~ total memory allocated....: 11503863 bytes +~~ total memory freed........: 11503863 bytes +~~ total allocations/frees...: 216745/216745 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 552 chars ~~ json string max len.......: 2903 chars diff --git a/test/results/default/emotet.pcap.out b/test/results/default/emotet.pcap.out index bbe67a538..257dc9a3c 100644 --- a/test/results/default/emotet.pcap.out +++ b/test/results/default/emotet.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645830066121611} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645830066121611} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830066121611,"flow_dst_last_pkt_time":1645830066121611,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645830066121611,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645830066121611,"flow_dst_last_pkt_time":1645830066121611,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1645830066121611,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0wBJAAIAGPvkKAhlmwfwWVN\/dAkvNIWS2AAAAAIAC+vBkZgAAAgQFtAEDAwgBAQQC"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645830066121611,"flow_dst_last_pkt_time":1645830066871134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1645830066871134,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsxzIAAIAGd+HB\/BZUCgIZZgJL392K6SffzSFkt2AS+vDaogAAAgQFtA=="} @@ -8,7 +8,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1645830067978107,"flow_dst_last_pkt_time":1645830067977441,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1645830067978107,"pkt":"IOUqtpPxAAgCHEeuCABFAAA9wBRAAIAGPu4KAhlmwfwWVN\/dAkvNIWS3iukoFlAY+rqhDQAARUhMTyBbMTczLjY2LjQ2Ljk3XQ0K"} 01000{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830067978107,"flow_dst_last_pkt_time":1645830068348052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":160,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":214,"midstream":0,"thread_ts_usec":1645830068348052,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"opmta1mto02nd1","smtp": {"user":"","password":"","auth_failed":0}}} 02175{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830074471734,"flow_dst_last_pkt_time":1645830074471604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":160,"flow_src_tot_l4_payload_len":898,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1645830074471734,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":254,"avg":538713.4,"max":3056402,"stddev":774055.0,"var":599161176064.0,"ent":3.7,"data": [749523,749719,1106307,1106777,773,369838,370621,895,325625,326244,506,323,737,841210,842439,907,363,438,3054676,3056402,1628,247201,247778,521,1205120,1205575,420,442964,443628,704,254]},"pktlen": {"min":40,"avg":80.8,"max":738,"stddev":121.9,"var":14849.5,"ent":4.3,"data": [52,44,40,94,61,40,200,52,40,58,72,40,42,40,58,56,40,42,40,80,77,40,86,73,40,87,46,40,48,79,40,738]},"bins": {"c_to_s": [8,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0],"entropies": [4.644789696,4.953416348,4.981687069,5.477373600,5.387795925,4.784183979,5.738989830,5.361793995,4.834184170,5.487123966,5.654376030,4.784183979,4.955064297,4.734184265,5.288679600,5.421465874,4.784183979,4.859826565,4.784183979,5.343945503,5.557319641,4.765312195,5.392617702,5.626545429,4.834184170,5.525993347,5.097266674,4.834184170,5.095175266,5.329178810,4.784184456,5.639209747]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":627,"packets-processed":626,"total-skipped-flows":0,"total-l4-payload-len":404645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1648563468993352} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":627,"packets-processed":626,"total-skipped-flows":0,"total-l4-payload-len":404645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1648563468993352} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648563468993352,"flow_src_last_pkt_time":1648563468993352,"flow_dst_last_pkt_time":1648563468993352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648563468993352,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1648563468993352,"flow_dst_last_pkt_time":1648563468993352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648563468993352,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0EddAAIAG2c0KAx1laKF\/Ftv1AFBvd7IvAAAAAIAC+vBnEwAAAgQFtAEDAwgBAQQC"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1648563468993352,"flow_dst_last_pkt_time":1648563469109116,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1648563469109116,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsoCoAAIAGi4JooX8WCgMdZQBQ2\/UuAEklb3eyMGAS+vAY8wAAAgQFtA=="} @@ -18,7 +18,7 @@ 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":631,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1648563469109583,"flow_dst_last_pkt_time":1648563469109634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1648563469109634,"pkt":"AAgCHEeuIOUqtpPxCABFAAAooCsAAIAGi4VooX8WCgMdZQBQ2\/UuAEkmb3ez7lAQ+vAu8gAA"} 02168{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":658,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1648563468993352,"flow_src_last_pkt_time":1648563469442201,"flow_dst_last_pkt_time":1648563469442152,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":1361,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":24498,"midstream":0,"thread_ts_usec":1648563469442201,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":77,"avg":28956.4,"max":204389,"stddev":59845.4,"var":3581476608.0,"ent":2.7,"data": [115764,115896,335,518,204207,77,204389,352,224,565,217,228,441,212,496,705,246,220,470,115050,221,115302,340,251,573,9235,226,9483,474,242,690]},"pktlen": {"min":40,"avg":820.0,"max":1401,"stddev":663.1,"var":439751.8,"ent":4.4,"data": [52,44,40,486,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0],"entropies": [4.710365295,4.913976669,4.680641174,5.777981758,4.621928692,7.446667671,7.722211838,4.711769104,7.820096016,7.819649696,4.730641365,7.834948540,7.865209579,4.730641365,7.838735580,7.852061272,4.780641079,7.835340023,7.853207111,4.711769104,7.851351738,7.847233772,4.780641079,7.872184753,7.855648994,4.780641079,7.879763126,7.844507217,4.680641174,7.843948364,7.837398529,4.780641079]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":831,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":303,"flow_dst_packets_processed":323,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830085160825,"flow_dst_last_pkt_time":1645830085160896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":160,"flow_src_tot_l4_payload_len":403803,"flow_dst_tot_l4_payload_len":842,"midstream":0,"thread_ts_usec":1648563473087528,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":835,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":835,"packets-processed":834,"total-skipped-flows":0,"total-l4-payload-len":582320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1650490398530577} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":835,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":835,"packets-processed":834,"total-skipped-flows":0,"total-l4-payload-len":582320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1650490398530577} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":835,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650490398530577,"flow_src_last_pkt_time":1650490398530577,"flow_dst_last_pkt_time":1650490398530577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650490398530577,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":835,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1650490398530577,"flow_dst_last_pkt_time":1650490398530577,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650490398530577,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0\/mJAAIAGv4MKBBRma6Gy0tQvAFBRzVZmAAAAAIAC\/\/+1fwAAAgQFtAEDAwgBAQQC"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":836,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1650490398530577,"flow_dst_last_pkt_time":1650490398627831,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1650490398627831,"pkt":"AAgCHEeuIOUqtpPxCABFAAAwAABAADIGC+trobLSCgQUZgBQ1C8M9mn7Uc1WZ3ASchDhvAAAAgQFbAEDAwc="} @@ -29,7 +29,7 @@ 01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":839,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1650490398530577,"flow_src_last_pkt_time":1650490398628513,"flow_dst_last_pkt_time":1650490398888771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1650490398888771,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"gandhitoday.org","http": {"url":"gandhitoday.org\/video\/6JvA8\/","code":200,"content_type":"application\/x-msdownload","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; Trident\/7.0; rv:11.0) like Gecko","detected_os":"Windows 10"}}} 02300{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":866,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1650490398530577,"flow_src_last_pkt_time":1650490399009658,"flow_dst_last_pkt_time":1650490399009514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":19432,"midstream":0,"thread_ts_usec":1650490399009658,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":40,"avg":30903.8,"max":260940,"stddev":65726.9,"var":4320020480.0,"ent":3.0,"data": [97254,97549,387,260940,260431,3204,3158,9543,9466,6236,69,6255,124,124,128,201,123,50,174,174,40,2646,2680,60630,60713,9884,9822,15114,15099,12868,12932]},"pktlen": {"min":46,"avg":657.7,"max":1428,"stddev":680.4,"var":462891.9,"ent":4.1,"data": [52,48,46,265,1428,46,1428,46,1428,46,1428,1428,46,1428,46,1428,46,1428,46,1428,46,46,1428,46,1428,46,1428,46,1428,46,1428,46]},"bins": {"c_to_s": [16,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0],"entropies": [4.633441925,5.001628399,4.330939770,5.702507019,4.791214466,4.390829086,5.521807671,4.303872585,6.000949860,4.347350597,5.983242989,6.243623734,4.347351074,5.943493843,4.390829086,4.384503365,4.390829086,4.537651062,4.347351074,4.500005245,4.390829086,4.390829086,4.575252056,4.390829086,4.522280216,4.390829086,4.470242500,4.347350597,4.561497688,4.347350597,4.580824375,4.390829086]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 00970{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1664,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":72,"flow_dst_packets_processed":136,"flow_first_seen":1648563468993352,"flow_src_last_pkt_time":1648563480808552,"flow_dst_last_pkt_time":1648563480808458,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":537,"flow_dst_max_l4_payload_len":1361,"flow_src_tot_l4_payload_len":983,"flow_dst_tot_l4_payload_len":176692,"midstream":0,"thread_ts_usec":1650490407650290,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1664,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1664,"packets-processed":1663,"total-skipped-flows":0,"total-l4-payload-len":1352571,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1650905413858492} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1664,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1664,"packets-processed":1663,"total-skipped-flows":0,"total-l4-payload-len":1352571,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1650905413858492} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650905413858492,"flow_src_last_pkt_time":1650905413858492,"flow_dst_last_pkt_time":1650905413858492,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650905413858492,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1650905413858492,"flow_dst_last_pkt_time":1650905413858492,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650905413858492,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0LKVAAIAGOLEKBBllTWkknMKFAFDxFWwgAAAAAIAC+vC+pQAAAgQFtAEDAwgBAQQC"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1665,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1650905413858492,"flow_dst_last_pkt_time":1650905414042728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650905414042728,"pkt":"AAgCHEeuIOUqtpPxCABFAAA0AABAADEGtFZNaSScCgQZZQBQwoUpbDcH8RVsIYASOQggUwAAAgQFbAEBBAIBAwMH"} @@ -61,7 +61,7 @@ 01208{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2380,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":169,"flow_dst_packets_processed":395,"flow_first_seen":1650905413858492,"flow_src_last_pkt_time":1650905415845438,"flow_dst_last_pkt_time":1650905415829075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":544316,"midstream":0,"thread_ts_usec":1650905518385458,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01315{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2380,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":61,"flow_dst_packets_processed":75,"flow_first_seen":1650905467542773,"flow_src_last_pkt_time":1650905495928769,"flow_dst_last_pkt_time":1650905472737211,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":722,"flow_dst_tot_l4_payload_len":95735,"midstream":0,"thread_ts_usec":1650905518385458,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01207{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2380,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1650905469778844,"flow_src_last_pkt_time":1650905518385458,"flow_dst_last_pkt_time":1650905473602816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":553,"flow_dst_max_l4_payload_len":660,"flow_src_tot_l4_payload_len":929,"flow_dst_tot_l4_payload_len":800,"midstream":0,"thread_ts_usec":1650905518385458,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2380,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2380,"packets-processed":2380,"total-skipped-flows":0,"total-l4-payload-len":1995225,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_usec":1650905518385458} +00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2380,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2380,"packets-processed":2380,"total-skipped-flows":0,"total-l4-payload-len":1995225,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_usec":1650905518385458} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2380/2380 ~~ skipped flows.............: 0 @@ -70,9 +70,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7870062 bytes -~~ total memory freed........: 7870062 bytes -~~ total allocations/frees...: 148838/148838 +~~ total memory allocated....: 11578601 bytes +~~ total memory freed........: 11578601 bytes +~~ total allocations/frees...: 219092/219092 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 529 chars ~~ json string max len.......: 2416 chars diff --git a/test/results/default/encrypted_sni.pcap.out b/test/results/default/encrypted_sni.pcap.out index 43dc619e4..0990dcaa8 100644 --- a/test/results/default/encrypted_sni.pcap.out +++ b/test/results/default/encrypted_sni.pcap.out @@ -1,5 +1,5 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1590680386576239} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1590680386576239} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680386576239,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_usec":1590680386576239,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="} 01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680386576239,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} @@ -12,7 +12,7 @@ 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847337,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1590680391590254} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/encrypted_sni.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1590680391590254} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7779161 bytes -~~ total memory freed........: 7779161 bytes -~~ total allocations/frees...: 146408/146408 +~~ total memory allocated....: 11487748 bytes +~~ total memory freed........: 11487748 bytes +~~ total allocations/frees...: 216662/216662 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 574 chars ~~ json string max len.......: 1507 chars diff --git a/test/results/default/epicgames.pcapng.out b/test/results/default/epicgames.pcapng.out index db12c2326..6b96458bb 100644 --- a/test/results/default/epicgames.pcapng.out +++ b/test/results/default/epicgames.pcapng.out @@ -1,5 +1,5 @@ -00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1684594463217688} +00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1684594463217688} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684594463217688,"flow_src_last_pkt_time":1684594463217688,"flow_dst_last_pkt_time":1684594463217688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684594463217688,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":49693,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1684594463217688,"flow_dst_last_pkt_time":1684594463217688,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1684594463217688,"pkt":"CL6sCxduJjb1W8R1CABFAABOdf1AAEAR1QjAqAycEp0PuMIdOqMAOpeORxogAAiYImV0BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEKE7iHg4H\/Z6HRc="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684594463538671,"flow_src_last_pkt_time":1684594463538671,"flow_dst_last_pkt_time":1684594463538671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684594463538671,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":47446,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -32,7 +32,7 @@ 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1684594463217688,"flow_src_last_pkt_time":1684594467702588,"flow_dst_last_pkt_time":1684594467772655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":444,"flow_dst_tot_l4_payload_len":337,"midstream":0,"thread_ts_usec":1684594491581525,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":49693,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1684594474564082,"flow_src_last_pkt_time":1684594474915533,"flow_dst_last_pkt_time":1684594475180053,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":952,"flow_dst_max_l4_payload_len":77,"flow_src_tot_l4_payload_len":4385,"flow_dst_tot_l4_payload_len":394,"midstream":0,"thread_ts_usec":1684594491581525,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":39322,"dst_port":9011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":13,"flow_first_seen":1684594490567237,"flow_src_last_pkt_time":1684594491581525,"flow_dst_last_pkt_time":1684594491475757,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":150,"flow_src_tot_l4_payload_len":681,"flow_dst_tot_l4_payload_len":750,"midstream":0,"thread_ts_usec":1684594491581525,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"18.157.15.184","src_port":37989,"dst_port":15011,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"EpicGames","proto_id":"340","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":81,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":7784,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1684594491581525} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/epicgames.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":81,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":7784,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1684594491581525} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 81/81 ~~ skipped flows.............: 0 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7775546 bytes -~~ total memory freed........: 7775546 bytes -~~ total allocations/frees...: 146485/146485 +~~ total memory allocated....: 11484117 bytes +~~ total memory freed........: 11484117 bytes +~~ total allocations/frees...: 216739/216739 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 572 chars ~~ json string max len.......: 984 chars diff --git a/test/results/default/esp.pcapng.out b/test/results/default/esp.pcapng.out index 6aa744337..70a884a3d 100644 --- a/test/results/default/esp.pcapng.out +++ b/test/results/default/esp.pcapng.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587340723655842} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587340723655842} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587340723655842,"flow_src_last_pkt_time":1587340723655842,"flow_dst_last_pkt_time":1587340723655842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":358,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587340723655842,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00994{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587340723655842,"flow_dst_last_pkt_time":1587340723655842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_usec":1587340723655842,"pkt":"qrvMAAMQqrvMAAIQCABFwAGCAN8AAP8RncEKAgMCCgMEBAH0AfQBbm9jBawPTRIgE\/QAAAAAAAAAACEgIggAAAAAAAABZiIAADAAAAAsAQEABAMAAAwBAAAMgA4BAAMAAAgCAAAGAwAACAMAAA0AAAAIBAAAFCgAAGgAFAAADDsDka\/duvsZYQytelWlC6NzARHfxQ9jT\/JU2Un7NCQA+jXJ08WlF7e\/NDuPTB526R8Cb4Zuk\/QhNNiyysAyBZ0W7cfOpAFmMETkjg2lvpSaO0W743zdwZbhwL5xtEDwKwAAJBinv2eNdHZsJ29wVvPTnOU5tMnnhBtj26lK3VUpGlaPKwAAF0NJU0NPLURFTEVURS1SRUFTT04rAAATQ0lTQ09WUE4tUkVWLTAyKwAAF0NJU0NPLURZTkFNSUMtUk9VVEUpAAAVRkxFWFZQTi1TVVBQT1JURUQpAAAcAABABE++qlf\/rnDMCHdomXQhhbbCu7VdAAAAHAAAQAWxbxU4srTSjW8apuj3nZ6SyjPUCQ=="} 01029{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587340723655842,"flow_src_last_pkt_time":1587340723655842,"flow_dst_last_pkt_time":1587340723655842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":358,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":358,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587340723655842,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -12,7 +12,7 @@ 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1587340725658959,"flow_dst_last_pkt_time":1587340725659995,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587340725659995,"pkt":"qrvMAAIQqrvMAAMQCABFAACYACQAAP4yoQUKAwQECgIDAvAJLLUAAAABLX+WjVQswRpYbFeiaZdQW6eWJsw6BS2eB7OP9\/5eHwi2mYpUZ6G3t755XGwuYLanMk25K6hMBwBSxcZ\/ydNZPrrxBrySAlcBAFV4v6tDTuHpnnv89BSOnoK6gF0SG3nSCAMIxyxKQV4U+ecInNO5d\/EnrgCW7OWI7NuXZg=="} 01072{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587340723655842,"flow_src_last_pkt_time":1587340723670088,"flow_dst_last_pkt_time":1587340723676343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":344,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":358,"flow_dst_max_l4_payload_len":358,"flow_src_tot_l4_payload_len":702,"flow_dst_tot_l4_payload_len":654,"midstream":0,"thread_ts_usec":1587340725659995,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","src_port":500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01039{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587340725658959,"flow_src_last_pkt_time":1587340725658959,"flow_dst_last_pkt_time":1587340725659995,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1587340725659995,"l3_proto":"ip4","src_ip":"10.2.3.2","dst_ip":"10.3.4.4","l4_proto":50,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1587340725659995} +00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/esp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1620,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1587340725659995} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769075 bytes -~~ total memory freed........: 7769075 bytes -~~ total allocations/frees...: 146388/146388 +~~ total memory allocated....: 11477678 bytes +~~ total memory freed........: 11477678 bytes +~~ total allocations/frees...: 216642/216642 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 566 chars ~~ json string max len.......: 1077 chars diff --git a/test/results/default/ethereum.pcap.out b/test/results/default/ethereum.pcap.out index ca3b63d13..f322876c3 100644 --- a/test/results/default/ethereum.pcap.out +++ b/test/results/default/ethereum.pcap.out @@ -1,30 +1,30 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1578508362274369} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1578508362274369} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508362274369,"flow_src_last_pkt_time":1578508362274369,"flow_dst_last_pkt_time":1578508362274369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508362274369,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578508362274369,"flow_dst_last_pkt_time":1578508362274369,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1578508362274369,"pkt":"KDc3AG3IEBMx8Tl2CABFAACc0mBAADURe2hXDt4ZwKgBuN11dl8AiEJtHMys6Q29AOp21rwpZSDXERjTbIzhwNph0idC5kCkV\/FDnhOUP\/GMZC9pQ1ikY4tKfgVohRJdDV\/jhdY3JkNQ8nfjTjeSnG7Ixlzbx1L2txMkADCUTD6WfRXFuzz03\/IfAAHdBMuEfwAAAYJ2X4J2X8mETxbOvYLp94CEXhYgXgU="} -01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508362274369,"flow_src_last_pkt_time":1578508362274369,"flow_dst_last_pkt_time":1578508362274369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508362274369,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508362274369,"flow_src_last_pkt_time":1578508362274369,"flow_dst_last_pkt_time":1578508362274369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508362274369,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1578508363333871,"flow_dst_last_pkt_time":1578508362274369,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1578508363333871,"pkt":"KDc3AG3IEBMx8Tl2CABFAADH0wVAADURephXDt4ZwKgBuN11dl8As\/l1jW6o\/uOLsNilE7wPPGgWLrGBgPfvOzwO1DfZyAOcgKFZ114jjOcqSahrn1BNVaBcqPiZ+5Zw3KmlNNeK6areM2YGHfDo3L4DI03KcwYwznBps1b+iFJS+0Kipikc3Gq9AQP4R7hAl090ZgbQhHWBj8BMRwa4LeNB32fKxPZW6UW3BwzH4FX8L40Uh5Yh\/LpdLpgFyY0tX7A7rx7OhPCc704eHlKGuoReFiBf"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508363692141,"flow_src_last_pkt_time":1578508363692141,"flow_dst_last_pkt_time":1578508363692141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508363692141,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1578508363692141,"flow_dst_last_pkt_time":1578508363692141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1578508363692141,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdOfxAACwR9O08vyBHwKgBuHZfdl8AicNGfxf10Wb92tmu8P4AYDHc1S9CYBd0hA8u+7bp2exSZpfjoD4stw3HK2zECpnkODZdOg6LxGWvabU8eolUhCpRWxf283jKbdR45yXwcXrtjWJbPi2JRR9Nts4CTYECrpr\/AQHeBcuErBIAAoJ2X4J2X8uETxbOvYLp94J2X4ReFiBe"} -01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508363692141,"flow_src_last_pkt_time":1578508363692141,"flow_dst_last_pkt_time":1578508363692141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508363692141,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508363692141,"flow_src_last_pkt_time":1578508363692141,"flow_dst_last_pkt_time":1578508363692141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508363692141,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364272113,"flow_src_last_pkt_time":1578508364272113,"flow_dst_last_pkt_time":1578508364272113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364272113,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364272113,"flow_dst_last_pkt_time":1578508364272113,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_usec":1578508364272113,"pkt":"KDc3AG3IEBMx8Tl2CABFCACn7eVAACURF08DcIo5wKgBuGOsdl8Ak1lonaJ3QYcb7U0uMgLRKCkYOOmsVBzd6scD1gTgbTNauX3kB3bPaDZ67w0\/6JScqj4YBzeDQtx9d9GUfbwpNwws+A3fj9N5t1f25M57T8Etpo9cRpw0Ipg9vE7GnadXMLBRAAHoBNeQAAAAAAAAAAAAAAAAAAAAAIInD4InD8mETxbOvYLp94CEXhYgYA=="} -01160{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364272113,"flow_src_last_pkt_time":1578508364272113,"flow_dst_last_pkt_time":1578508364272113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364272113,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364272113,"flow_src_last_pkt_time":1578508364272113,"flow_dst_last_pkt_time":1578508364272113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364272113,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364382390,"flow_src_last_pkt_time":1578508364382390,"flow_dst_last_pkt_time":1578508364382390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364382390,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364382390,"flow_dst_last_pkt_time":1578508364382390,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1578508364382390,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHswoAAEAR05vAqAG4A9EtT3Zfdl8As46jAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"} -01155{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364382390,"flow_src_last_pkt_time":1578508364382390,"flow_dst_last_pkt_time":1578508364382390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364382390,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Mining","proto_by_ip_id":42,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364382390,"flow_src_last_pkt_time":1578508364382390,"flow_dst_last_pkt_time":1578508364382390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364382390,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"ETHEREUM","proto_by_ip_id":354,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364382655,"flow_src_last_pkt_time":1578508364382655,"flow_dst_last_pkt_time":1578508364382655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364382655,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364382655,"flow_dst_last_pkt_time":1578508364382655,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1578508364382655,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHegkAAEARY2nAqAG4NOelbHZfdl8As+VvAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"} -01158{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364382655,"flow_src_last_pkt_time":1578508364382655,"flow_dst_last_pkt_time":1578508364382655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364382655,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364382655,"flow_src_last_pkt_time":1578508364382655,"flow_dst_last_pkt_time":1578508364382655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364382655,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364382946,"flow_src_last_pkt_time":1578508364382946,"flow_dst_last_pkt_time":1578508364382946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364382946,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364382946,"flow_dst_last_pkt_time":1578508364382946,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1578508364382946,"pkt":"EBMx8Tl2KDc3AG3ICABFAADH\/g8AAEAROunAqAG4EopsQ3Zfdl8As0D2AUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"} -01157{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364382946,"flow_src_last_pkt_time":1578508364382946,"flow_dst_last_pkt_time":1578508364382946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364382946,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Mining","proto_by_ip_id":42,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364382946,"flow_src_last_pkt_time":1578508364382946,"flow_dst_last_pkt_time":1578508364382946,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364382946,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"ETHEREUM","proto_by_ip_id":354,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364421473,"flow_src_last_pkt_time":1578508364421473,"flow_dst_last_pkt_time":1578508364421473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364421473,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364421473,"flow_dst_last_pkt_time":1578508364421473,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1578508364421473,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHWYMAAEARj8vAqAG4ImGsFnZfdl8As\/EZ15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"} -01162{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364421473,"flow_src_last_pkt_time":1578508364421473,"flow_dst_last_pkt_time":1578508364421473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364421473,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01075{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364421473,"flow_src_last_pkt_time":1578508364421473,"flow_dst_last_pkt_time":1578508364421473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364421473,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364422230,"flow_src_last_pkt_time":1578508364422230,"flow_dst_last_pkt_time":1578508364422230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364422230,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364422230,"flow_dst_last_pkt_time":1578508364422230,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1578508364422230,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcLWUAAEAR9WvAqAG4QipS9nZfdl8AiGZvYT14ALKwnMdgMCBzf19RhoDEZwfAnRP1Mz5t1CQfWH9BMW+RtakCpISLcdct0MfsiOdcBIDUccBBbd+y\/K0wDya+KeRA13HRMdUz2NPxyyUESIw4\/BeiGYIdI8USz9rYAAHdBMuEfwAAAYJ2X4J2X8mEQipS9oJ2X4CEXhYgYAU="} -01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364422230,"flow_src_last_pkt_time":1578508364422230,"flow_dst_last_pkt_time":1578508364422230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364422230,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364422230,"flow_src_last_pkt_time":1578508364422230,"flow_dst_last_pkt_time":1578508364422230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364422230,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00742{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364422710,"flow_dst_last_pkt_time":1578508364382655,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1578508364422710,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHAOAAAEAR3JLAqAG4NOelbHZfdl8As+U915lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"} 01939{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364382390,"flow_dst_last_pkt_time":1578508364519784,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"thread_ts_usec":1578508364519784,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7F1RAAC8RPN4D0S1PwKgBuHZfdl8EJ4PVaVYTvO9LrTk6yni9j9O4lLCx8c3w2iOwFQRksfASVhzN6T8K7lnXRwHY7v3+ONhElGFbYOffjDytd02o206R62nDNZ+LcEa5V5K9KHZQh029ihE8Ury3mI0LZjHE13ZDAAT5A7r5A7L4S4QjtPapgnZdgLhAO5qC1ATimkffsyZlSJIXGVIuxdFsM86E7cqAjFOnv\/8DXNCQHJBVJiDXoCE+xGUbCBkPCreAagxpFk0Kv5X\/6PhNhKUWayGCdl+Cdl+4QFK2HHRAlM9Mj+TxGD7ACVRZHZtB58hxcD+hW2XdmacQwMOkGeflfz3iQaCGa6bw7UpxurZYH9DtQSW8Gn+wiV74TYRZJmMignZfgnZfuEBNXexB6IZur6GByNXF5kqBGoYoINyuPaRzRT\/L\/XeZwo80a\/N6vMBtsgrq2ZF9h4G0sqa47Wg7uKDWSZtY6p\/o+E2EsoDD3IJ2X4J2X7hAE9D206tRuSrRWszd5+5PqyxrzPQHPgJ6M4jR3YAwA4SXyWoQd9UmDUgHBtsrr3UYDBX+DpI9ijrH8jmNKWfim\/hNhKLzoFOCdl+Cdl+4QFcgAb+wxvXRoA\/jZ6pZpvtWMqWRnDTAVCrWET9xUm+STSO+d5OO9wGG7pHu9I5ueUw\/fAd5lu3NtaUH9uwTgQX4TYQSilEcgnZfgnZfuEDrOA+HQ7eWMjwlUeqXlrKvkuj1DTxVelkYAtV5dglpnIhrBZIeo034r7N3OARecEoNp0x6OeeY\/TD1OnJUir9u+E2EMyY8T4J2X4J2X7hAjvDxlr5M7BUzw40ony1SnzUKukEALVTn0B8WrIdd1Y\/HWL6mkTC4nsoMDegX1FF++rFMqjeViKJkeSDvzXh7sPhNhChDkICCdl+Cdl+4QHLmnbcNhaAJxQnuC0km5NBqC0yHT\/O8y7iwbqWb3zIi\/JNBIGOytm1SPyhBCVXEAh08vp59waAp0Fl3XZsLDpX4TYTH56bignZggnZguEAmai5v1neViV7teAsEvO\/IJYfemYLf2+j3ix3twO4cHaO8DDPa+4MSEcEzAFsUx\/2pmlUPII1TqUXgDk2+EYuF+E2EMyZRtIJ2X4J2X7hAgHT+RrAG20B8DB\/bHPvQKm79m+Z0+BB1fJpuHmieLdFavNthxznxmL2TjLC2hF17uhr9nJ8lRGk+kyETydUasfhNhFKR3PmCdl+Cdl+4QN1yRfRd+2g8MnNCa1j1Cnr1GFpxy7vxkYduQKQx1cGeo9xW0LFVTR4sISMRFqTJvP1+kBDeZDQ7++taiTPWLVf4TYSfy1QfgnZfgnZfuEATr9aMDwnYcu1Ru9AfCYxf1j4pIYv3iEkEPcprByn6GaZXC692Pg7aNtJE7Ibn2jkRlWjrNM1fsvjqm9oBENLzhF4WIGA="} 01082{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364382390,"flow_dst_last_pkt_time":1578508364519815,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_usec":1578508364519815,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFF1VAAC8RP1MD0S1PwKgBuHZfdl8BsTR2htDCYwB7bPwVHRrppzCkGewLkUUNlB3jVcwKSsPl3PpRPPiYpogGSbVhGO6LOf+6vpmiVjQKuGK9fr9HzQor5V9uX7UyvZMEj8wMYsgT45Bz2Z7bdsQaazyQJOYgw3sXAAT5AUT5ATz4TYSi5B2ggnZfgnZfuEAwVdpN68jOobX+wHrrL2RH\/wK1ka2szeSJGHiHFFoNLEPxKwxFy33NRZ3ovPOnkwdh3qJaARUyaYeXnrMHfiPL+E2EpERrUoJ2YYJ2YbhAbVK4hBOIFxjMK61hoo+B2E1DFAGWystZDApZ1qWqMdGzPO6EtDCqKOy2kznyTf9sEf\/6IzNe3mDxF09nkCXqPPhNhCPpxYOCdl+Cdl+4QEyRwYHw012pKtGG4pX25QXUlp9AiY+SLu1l7sUn3fRNHZfvnNA3az+glcVdf8irWyfLyfxkF3pVP8czohGx7uH4TYTR+vDNgnZfgnZfuEDT1Pf73xy4M3qZSRLleOgEdgguFkAavHpg2I9RZUlU1ZSe7W107ts9v4ZrZs61PWJz3Pgt4YI56NsUnL8RZ7gNhF4WIGA="} @@ -66,17 +66,17 @@ 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523356,"flow_dst_last_pkt_time":1578508364566297,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364566297,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDf+ygMPcwKgBuHZf3TL4VGlQ8MrCSaAScSATXAAAAgQFrAQCCApfPQwNItiUTwEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364566341,"flow_dst_last_pkt_time":1578508364566297,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364566341,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGAgfAqAG4soDD3N0ydl\/wysJJ+FRpUYAQECyi6QAAAQEICiLYlHpfPQwN"} 01221{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364568148,"flow_dst_last_pkt_time":1578508364565857,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":561,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":561,"pkt_l4_len":527,"thread_ts_usec":1578508364568148,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIjAABAAEAGXj\/AqAG4I570l90ndl+E\/i4wBuq8c4AYECy0dwAAAQEICiLYlHw03AK8Ae0ENFbRMbDoR8q7\/lBVpSLdvQ0ss\/KysYDT3cgeuBsRepnhTempELxTDDzyA+2tnSS3\/ruB2mpEbWEuSedlIoj8Q+\/G+12XRxalYMJALGF\/Er1BufURk5A1YQ9d2FudC\/iAy\/0\/SQgKSDzazWMxd7m1Lzwbt1nkw8ZjTM6FPB2McyXwSH7Wjc1nUQhgSn5LWTODVqRQ+X4PuwvkifJR9XsBkh3VIgyEdaHFX8Yr3KzeLOekLEwSI0yKjH4ZLdpjDM5KKnBhg548bY6D30ay\/BaaMyf58ioyShCmLNSMSsFYyQQfVVYzvtvrZbl6LBsAaCp1QztDCCDI5Nl2M+bjMCsqt67khRdyIfZr+458mG08qKTyjO8oMmjYTZnLSmtS\/VNx\/QIJ5AL1xUckB+Ry3W4m+FfUNCXmhxM8jJ7Q4eEIQ3o0C3wBOm4q5OMhy77zHLV1U8n+1P3lzOlz1qwVcBSZ3c6jcmKjn7wAUE56CQ3m8W6n0IFKPd3C6lqMAp6k49eCxjEMbPCq3GbuLOhnLL0327qOy9StdTswkzKaOg7a3WHDZrriFvESwbOC3lodEcL\/J8VODIzTYk7iMhP3qabE+jkUi6\/1UrkkkLHqBQ7cfZ4aoH5Iqr35Sjr2YB7HO6Wo2LBxq97lA5uIai0r"} -01053{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522958,"flow_src_last_pkt_time":1578508364568148,"flow_dst_last_pkt_time":1578508364565857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":495,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":495,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364568148,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00951{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522958,"flow_src_last_pkt_time":1578508364568148,"flow_dst_last_pkt_time":1578508364565857,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":495,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":495,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364568148,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01293{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364568221,"flow_dst_last_pkt_time":1578508364566297,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":612,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":612,"pkt_l4_len":578,"thread_ts_usec":1578508364568221,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJWAABAAEAG\/+TAqAG4soDD3N0ydl\/wysJJ+FRpUYAYECwg3gAAAQEICiLYlHxfPQwNAiAEhpkrlQBwH8ddEcq0BdL83Bo3hypa+fGbFwNsVRwx6iJqkT5ihZAS\/ej6odE27zVMZrwBgqFs6p9Y1qpQoG5AV\/xzB4ClP9AB\/3NVdEZa3hbMgtTl1WhChUY7PebrIbb7y7PKnhNG+fKkKEu2x79pMd24HXnzXjog8DrnqEwTWv5KnyKedSGLXPCsTmlzQN0QJEEY6J5nOrHUU8dFU21ucoziHzGqWR5upt8sNYEWXNo6BUoTw\/WutZuGkhbYkbg5yWqRm30izxfOmiC8VyOi\/XMkx2UM3FBf8b0juv8c6D9s\/qC+0wi8mopLq4rc0gMxNoHlt+XzgDmJJFmvryPOV\/VAXW0q9oQMgKbtHFLpFdW31b4pm9vkytbPbkbcxgYGzaDvLEvKf9fu6uiqaksKWf+ZV+QAMMtjZP7GkVhpNpwxIdCnaZadlVVgG5B+NfjFmgFxDlq9z36B5kVcAWPa24LZ\/YDsz5uz6kgth55OzqmUOcrjN0\/VL65\/IbGLyC\/XZeQucYMmUi5JlCrKEYIFZvdF9RFCHhZvdXS1fXnC5BRkGI9NSx1dKmp\/59WBa70i7aYEdFQrwisFND8qlAvWK9W60aDIMUoR\/G\/TpuNnaF7w6dROBlznoePkr7Mlqpx\/UMiw+Y\/vg9yIOdXpZ2b4tI2QpgNHpymKXmH3PbTxBdPmO5c6fcZf5qmOPHf8dq+j7gt1qe6Ulo\/6iuixGxQb"} -01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523356,"flow_src_last_pkt_time":1578508364568221,"flow_dst_last_pkt_time":1578508364566297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":546,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364568221,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523356,"flow_src_last_pkt_time":1578508364568221,"flow_dst_last_pkt_time":1578508364566297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":546,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364568221,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523293,"flow_dst_last_pkt_time":1578508364569557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364569557,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGyBNZJmMiwKgBuHZf3TAEAfQVmn8HEKAScSAQTQAAAgQFrAQCCApfmkPpItiUTwEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364569615,"flow_dst_last_pkt_time":1578508364569557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364569615,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvBvAqAG4WSZjIt0wdl+afwcQBAH0FoAQECyf1wAAAQEICiLYlH1fmkPp"} 01192{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364571106,"flow_dst_last_pkt_time":1578508364569557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":539,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":539,"pkt_l4_len":505,"thread_ts_usec":1578508364571106,"pkt":"EBMx8Tl2KDc3AG3ICABFAAINAABAAEAGukLAqAG4WSZjIt0wdl+afwcQBAH0FoAYECxDKQAAAQEICiLYlH5fmkPpAdcEgS+qh2jbezyTSBMSn3K2Hympu6ADf5Hlhjv3vVL89xA433ok\/DfJinh\/mQLRmjZUTP2ynwWLoVuXup3DiktHavBeMvYUR1tKgWpIZFgiy8srilONDu7zwe36OziVlsdnfH4gSQevsTp8YzK3HiklBd\/TTzXG41FvrNfXRl0zTEnAkH0BVlO4ojSBnU\/nYt9V2hlnEaW\/mcpIq0oI11JhMcTShgByHbHchSeVwzNObDaAQftXXQb8kI5eimoPm+90BWPKsgBHFRySPtchPOCB8zI9RK+yAUPy9Xy326ZL22UBsRclJLFHStO5RO4HXPST4yDuQFk4\/9KnRJ98AT\/0plbhjnGAl98jUbiaRRduLNzZR1ZinqX7RdydZboE4IDCpbqb1\/g8WPCtd6NaVAQTTJHhSgs0gR2sVCN5w6nQL\/\/j\/IUC5jj+Na3yzuTMzHeG3Tt3xgJylfyrPTRda62GOUBHb2QVvLfiIOpfmrdpm\/RBZkb+8D8agiXAsIHe0qgMJsRKezrpQan7dnp9CRGst2ez5Ikv10YSuFE0HrQSq\/NP8A4+RHCkIvxBxl0tyCYcSeGZkRpLT4Sfg7T1+JOKVVaOIgCBzeXKsNkI\/CCGzGAPItw93RQ="} -01046{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523293,"flow_src_last_pkt_time":1578508364571106,"flow_dst_last_pkt_time":1578508364569557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":473,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":473,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364571106,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523293,"flow_src_last_pkt_time":1578508364571106,"flow_dst_last_pkt_time":1578508364569557,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":473,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":473,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364571106,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523418,"flow_dst_last_pkt_time":1578508364593446,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364593446,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGVuwi\/xdxwKgBuHZf3TMrXBsGHvlEKaAScSD3ewAAAgQFrAQCCAqnEIc7ItiUTwEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364593616,"flow_dst_last_pkt_time":1578508364593446,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364593616,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPfTAqAG4Iv8Xcd0zdl8e+UQpK1wbB4AQECyG7wAAAQEICiLYlJSnEIc7"} 01240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364595041,"flow_dst_last_pkt_time":1578508364593446,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":578,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":578,"pkt_l4_len":544,"thread_ts_usec":1578508364595041,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI0AABAAEAGO\/TAqAG4Iv8Xcd0zdl8e+UQpK1wbB4AYECw7TwAAAQEICiLYlJWnEIc7Af4E5Ftu7jhsh85mLz6DNdsr0rAu57KuMEEixSIhTUDBiDfVxvICkA5Md\/KKK0k3oE9+USvcqszUqPqZS0YzQ9lY1TT\/7cu3JyyOo6CJXkfDE4lma+SeZys01m9T952LuyvfS48J7XlHZgraHR8cc3n8HM9YAHMsuedtFBG9prv6HDrQGSb03gVP6VxROea7RSYAn+GEuUGG2+5SwvTtMvcBGDkNIFf0+rzM7Vup0UcVtmwoDndxJ\/4\/VfNR50YiBMyCiwTTtO52rPZkFb3MCR7wVc28UdXcwGsfavpyG0m1ZyTVuctUw4csneHOJU0nHt14r4rU0983EE3nyiF4JrC6UWya4O12uL7LPLkqGQJnpWpfiNUK\/CEAiwiZR+8f3CuR\/L9bCfrWwBIJAAZ69SxxRcB85802N1ESA\/KDY5oKA8in0wBWRTMOSh+WJqLWlR0xlxNbRcKueBbcg6sgqnZuuypIrzOe6pkjQ9Y92tWs1UJguFwDFK3aBIqvwRXCHt0IIRtFIjv637tCzfR4kZQX7JDqbOBeRFtA9zcohdcYuHGtI63P8PaY0lv6+B4+xY2kBnmR55inLSnZNGcaFlPXXxfXBf7FGwL4BL3G9JKfxtGcGk\/eaHYb+98xEWv\/CFZwcwGDKxGiTf6dYH3fob6Ul5r+ZFAJ378vDb+ajQc="} -01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523418,"flow_src_last_pkt_time":1578508364595041,"flow_dst_last_pkt_time":1578508364593446,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364595041,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523418,"flow_src_last_pkt_time":1578508364595041,"flow_dst_last_pkt_time":1578508364593446,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364595041,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364568221,"flow_dst_last_pkt_time":1578508364629148,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364629148,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ZWFAADQGqKWygMPcwKgBuHZf3TL4VGlR8MrEa4AQAOuv4AAAAQEICl89DDMi2JR8"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364568148,"flow_dst_last_pkt_time":1578508364629323,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364629323,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Z0xAAC0GC+IjnvSXwKgBuHZf3ScG6rxzhP4wH4AQAOvgIwAAAQEICjTcAuUi2JR8"} 01946{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364422710,"flow_dst_last_pkt_time":1578508364631547,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_usec":1578508364631547,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9McxAACoRfjA056VswKgBuHZfdl8EKSMV0Tk6zLZQqYdPasDvQYAfjhJ8qeDK0iQF1oC6v4BIFO8Ukv4XviQf8O74kSNp590utu+\/aRkEwwpxoabIrzvIzmTnyJlNpeyfgvNPwLIyg8I+w4LWPa4MA\/W2\/Jap8zB7AAT5A7z5A7T4TYQS26efgnZfgnZfuEAwkgYgUPIi4WiJg+QLzg9wGMhxPAR7azw\/xSKBAPOQbQlR3L69+mdeoxh\/qQi76RfNXeauKXl5ICJHofVK35cH+E2EUt2AH4J2YIJ2YLhAIbpA\/cDFhpXtS\/hixQb3nA9r93xmFVARyWt8mvD62Q42RXQv9d4buwnSPqvoZ8VPM1tV452Mu7b1nW6WCZP3H\/hNhJBbeIeCdl+Cdl+4QHDcQogYDcUZvsmo9wM3ftVwQss5t6Xz7SYpcIe0QCLsJRPOe\/7IMshT7rIUH59Wvzm2VWBMciyHxs11tRtvlg74TYSyPgragnZfgnZfuECktuxNZlsAPCNrxc8drmg5UZJYYlgJcgwixi3dHcHaL+SmxYYPit8ZDD0AQGDBI97zkdb5Vg5h5AMJ3ltOege3+E2Esj4dt4J2X4J2X7hAbSf3keqm\/kX1w8mhO8tfUrHPkpEON98Bfi90NSvh60PrPxJjJwxphJtd9yYNAp6bvKKmXex+Pf1jNZwIZzl1LfhNhA3mbCqCdl+Cdl+4QOL5cPG1naCZem66zt1KAC6uDCfFoxJhecyNkCxirh\/KFEuDlQVcZ87QmYypugLnAbyvaDrG2A\/fgNNcBVjcu7P4TYS524U+gnZfgnZfuEAvzWrhvDjoXJOa\/ZdCbLgHiFuGktYvbPu1Kx0QfSszMjCe5P4b3hECkMlBLQo90CRjw1UcL0V+qQHcUkhH7ixE+E2ErGlePoJ2X4J2X7hAXGqY3uhYXKqMbPC9rcGcCUaWh+Dhi0uXFAXOGFtMr99hmG7UDnrqzTA\/o5MeRw5C1b8eG9l8GAevaeYZyFb6JfhNhLaioT2Cdl+Cdl+4QIU96ApVNnmCgofL7UIVwC0ussPQFE9BZpIkW9NYXxtm+4r+lcBEpjNfLr4w84vJM4LIgefP7wW0fAmtWWHpBj34TYRZo5RJgnklgnkluED1tj7tRebZlvZCTgHMIT8H0RpJXJ6gH+sJFUxXqZs38C\/hpzENTsCSDh1o2HUHvKg2FabU7+4S+HyXXU68T+Xi+E2EM01tNoLk1oLk1rhAfag2FjkUzZm46\/aJuVMW3oNNsPORtJDs86feqI9xjoUJ09giSja9nrnxBmA4a19j\/wmY0SxfQ5ijGeyrdMEjJvhNhCPk+oyCdl+Cdl+4QD9WPrST\/PNOA12+8bgX6kV4hJFBTbV9EgAQ6hcCTUo0f0CQNtNTkrUkC7hmmUaZ\/d9jh6CLjUr6pActojR+FlyEXhYgYA=="} @@ -87,107 +87,107 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364522913,"flow_dst_last_pkt_time":1578508364646518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364646518,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGQxWi86BTwKgBuHZf3SW77REO6nqus6AScSAW9gAAAgQFrAQCCAp1Z9P7ItiUTwEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364646622,"flow_dst_last_pkt_time":1578508364646518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364646622,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNR3AqAG4ovOgU90ldl\/qeq6zu+0RD4AQECymNwAAAQEICiLYlMZ1Z9P7"} 01168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364647922,"flow_dst_last_pkt_time":1578508364646518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"thread_ts_usec":1578508364647922,"pkt":"EBMx8Tl2KDc3AG3ICABFAAH+AABAAEAGM1PAqAG4ovOgU90ldl\/qeq6zu+0RD4AYECxhVgAAAQEICiLYlMd1Z9P7AcgERo6ealhQS2J+mLynCbY1Hy1VHiXXjBEF5aZwYGsb1SkyTi2BlJLR9jlm5o9Yd4cS3KEoVJoAklWjbSq92M\/MxJ5i\/czl+D12\/rOTJp4IahyydQsdmxoEz+gZK86QtII\/+oGTj+U6VBaWExPYNq+C5V6TyVuHtDJDL3Y5atSFV0vzcy50rbayLeR0ayU7X+skthxj17LZfPA8iwm2c0WQGrMZnTOZhZMrFs3qwxnotfISDwNhBYVpVFhbc8xQauW4yRaREul0OeSJjKTRqmwVmJi81T4w2q2ijNkQBElUV02KdBr8fSu0sAI3MZj7mpO0vMclcJzVexbpn6a8CFqneMX9Apb9+9fepGMwGi2Sd\/qVXR7MMB6XN2e01TGbAUdypeN4yE4FkNu0ytSmPuRSqOixZkDpRu9orcap45t0\/IY5QKnvZ4vGh7T9AxgZLVBMyYJQoDqPZmcYhAb0Uox6lV8OBTYagrByVt\/zHKwHf0wIQ3a1Tgn6QQRhkbselkN+OOVMLmPmzwgCPNNnMubc940pqhI+cDCqm\/aqRhGmY62LP3sI4ch0mQOjJP0GeE96z1UuxyRqXNxQ46lB5SewRzVYwD3TBZA="} -01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522913,"flow_src_last_pkt_time":1578508364647922,"flow_dst_last_pkt_time":1578508364646518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":458,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":458,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364647922,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522913,"flow_src_last_pkt_time":1578508364647922,"flow_dst_last_pkt_time":1578508364646518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":458,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":458,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364647922,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364382946,"flow_dst_last_pkt_time":1578508364649773,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_usec":1578508364649773,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9Do1AACcR\/\/USimxDwKgBuHZfdl8EKXURHZU493PpfyH72WrYTKC\/rHcqyoxdJnlAGqx0IUPpfCDPrp1RbMe2PXXL\/Y0gUgYBHgBKX+LNKEC1qdxuKnvxvXevxKSr69S3rpBsxtD9oPpZta4nmfTh\/aybl9dDX7mZAQT5A7z5A7T4TYTKcBxqgnZfgnZfuECGOOF\/DUGQRmRtLD+gVTFTpr29WNtAkV6+wzvS1j2\/a652c2Up+3+CFGHvVHTbjE15jtDjeTNqp85aDPL\/y+3R+E2E1YVu74J6R4J6R7hACdquySb8h9bDyyzBVqIC4RVjIfrd43xNEhVl26cR8q+zCkRbVR7YOVOrP+cqMugQfvn+wj\/y\/7lEeLvwq\/902PhNhIpLq76Cdl+Cdl+4QPw+TE9tCaxzvKUZLrSUydGaIDt2Km6jvC1h7Hg9CIqQESMae7r6mkOxEncigdCNSYhdj\/fphc\/puhfvJzVEsBH4TYSd5phXgnZfgnZfuEBkLPllDdiGnUJSXb9oWAEuO01k9HXnM4R6tvd0I0GkOXQUhl2VOHTo9e2RsOThxTPe4UrR1rsnalRZskcUYP8N+E2EuRnM0YJv8YJv8bhAWtd39T3gGPqV5\/kAxth9r0Z21IwC3OO8ijNQxmi2ggVwJqg2W08zX0qhgUwFTxRZ7CbZwhQtBb9MNGyCEZnVqfhNhDOhFwyCdl+Cdl+4QK0vqa8HM5bIAwN2G4EpFPUp1DIN0fK8JdET2pxyCxTou65T7kwDQcRwG9J87PVp8UWu5zbalyVDTlzNuCAazd\/4TYQ0CYBEgnZfgnZfuEDgMt94d8TQv+3IGK5MVBJ+471CdMGgEuFgADFs\/sfR77hApAbinmLOWlg0KBI76fx3iPiGmIjPc2DjV6Y5S+dt+E2EI+XoE4J2X4J2X7hAIvfQZKlYQVCc0QQPwdirlpv8ThVD2qtJQ\/hHeZ\/oRum3Dym8iOrz0uJZ5KMKMAHJAax\/7cDcr+ygJhYzzSAsNPhNhBLbp5+Cdl+Cdl+4QDCSBiBQ8iLhaImD5AvOD3AYyHE8BHtrPD\/FIoEA85BtCVHcvr36Z16jGH+pCLvpF81d5q4peXkgIkeh9Urflwf4TYR82eu0gnZfgnZfuEBXvLisck0JGnGrgRqWL\/bDyJ8qsCwpUwM0sk3OmDN\/PU2NXINnOwgDzonj2zUWAZS5\/UZawhYcs8O8n12+UDva+E2EXN5bw4Jv8YJv8bhAmWLd+VP5u1ibBrgKagKp3py+njifftSzD32rmGG+J3QgFhiB28tAr4XUS33ESEXzhatHLB80xoRt5yzzOLxbKvhNhCPEd72CeRmCeRm4QEsv12Yq4nMYX4LQY5r9d7BNkGpNa1KOs2Gd6C4u3NZleL+d2v4Anfsu4uoql9o1Ksl2BdYCVg1KygwMa9DuSGuEXhYgYA=="} 01089{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364382946,"flow_dst_last_pkt_time":1578508364650052,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_usec":1578508364650052,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFDo5AACcRAm0SimxDwKgBuHZfdl8BsYIGz0wiJjKaUzFXr6IJm0KhJJHh14UxEkvPcQ\/Rk7Fgvbo\/feZhAIkP1PMVdfnmkT0ej4RbRZLeGs4r7KmIG\/NoSRob2DIRR9KSxxR5ApQK0GtL+DiOoUZ+LI2SWe0lCUL6AQT5AUT5ATz4TYSnR61sglIIglIIuEB7ukp3Oj6MzbNl3nDN0jQiNpC1V5v5rn9Rt7ZEw1VBzFla5k6rBHcylJhBRGAYzBX+17ncBsVtgVPJrKMh7nvV+E2EEop59oKMoIKMoLhASS3OSNDf3z8b3OyL7l\/Hx\/k821PEzINQHbZfniqNPVksrwSkp6jrG6UYCpQoXvgKZOetorWlposBzYkgatgcWfhNhDP\/TVmCdl2Cdl24QM3iC4E\/jtROh\/yrXbgvFZypcqA1E0NM1pmVBNhPzAEVOKwUDY19JR7HzoFwywH46oqp8Nqzrz5YKF3TzRCEzqb4TYS57vnMglLcglLcuECRN7VxzSUAEA2k0pdpV6OAanNBmMgqxX6AGOkM+qhp9apzS9PVbGdlMMSUUvnshxBsN5liOIkWGjzwRsyI7kXrhF4WIGA="} 01958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364422710,"flow_dst_last_pkt_time":1578508364650675,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_usec":1578508364650675,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ9MdRAACoRfig056VswKgBuHZfdl8EKRKyNhMNoVpKai\/zY6JtPK148+n8O0oeVuWetq0EUGeIZ+RtfSVG+aSj2EjmgE\/VzJtID8hcsMA0vo5I3RXPomPj3yUethvOHViNcPLofHHgt6Et2w\/V\/IZQwikbIBWnB9DTAQT5A7z5A7T4TYSAADOMgnZfgnZfuECzAedbnywh7LLXCkndomTntsSUpeaU+X6fjJnfrZQaB1R+H8I82rjSB7H8uOb2MmX2h8Eh6LA0rwKGlGg4GwHK+E2EItltD4JSCIJSCLhAV7xweLkhFnsF60oz420o\/7aRuvQDfeaR5dpY3JYLjsX+vIbrgixVpsHDBYr8HpBMbqyvQppwqy4HYepbXQ439vhNhLmcKfiCdl+Cdl+4QIpjJmS5Gps58YQUc3o0wkmgpBHEx1gDORbTV1rWIFwK7dVIOGdwy7ueFkd0ebURyFnWaX56rb2vwE00TcZVQc\/4TYRYYyPigm\/xgm\/xuECpd\/dXqwhUtMXwMPm+u9hAJuGJB0TlNeJH\/rhwYyfJLba1YjqffEkcEK\/elP06ULgIs+MSln0Dqh5H+5kYnNGk+E2EZc\/gMIKdZ4KdZ7hAeuBt+eVpr\/lD6zfG4rQPZ1zeBes7bOJwSykdL6ML2QKv452iWFBJMIYyvlNFnq\/\/C00h2CuZ\/anhkV9S20AZY\/hNhDTCDYuCdl+Cdl+4QLBhjnLjpcFxFmfKTcMgokq3D+uNpAukzphlJv9fJvmZpMDVt4vA7QCl\/tQeO6YywXwxPSo5mqDxT4Mhw84RQzb4TYREt8O8gnZfgnZfuEDIng59WZjTY84Fc4kJnGTPNYzt3nnlhEfJGfnOrlC6yoc7pGIyxRJAuIHlFFkehfT\/MZnQKZAPAlW4w64AegZe+E2EJox0OIJ2X4J2X7hAUcnvye\/EDV8yhpr44tuNjcH1iKn9VgwhEfiCj6tWu2I48UyT\/1NGoVARZK9OdquCOZ6CApHQbW+DYNgMbETGWvhNhANdcHOCdl+Cdl+4QD\/UX2IqmKGVR1qU9QsLqb3KjV3UDG2NojB8dIr7Jri2pn3jv\/+bXP6J9JPk1pIlWnrC4\/MFYoxS2N4EW\/3JczX4TYTOvRBhgnZfgnZfuEDSgII3zWEN0R4iExLhys3S9YgXOxu2LLtFpLUyUOie168aVDZZDdIBkFFi9sbcxATorv1KnwQmEOhtDobrFgpZ+E2E1YVu74J2X4J2X7hAOuWZ6O0wzMscIvV20fKJ6imvL0uabNom7Rtt3\/mq1Yc\/cUISC095aLfdfnNtvPxS8fkoG\/ogbmJFfhJwViVFH\/hNhC9cJiiCdnOCdnO4QGKt2+KrFMp40sLt\/0+vqoO+7cd+LGeqSI3nARXhQPO7oSmSUrCcwDSYZBC7QsBPfwF6JwXzHNJha7yydiKEG9+EXhYgYA=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364654361,"flow_src_last_pkt_time":1578508364654361,"flow_dst_last_pkt_time":1578508364654361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364654361,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364654361,"flow_dst_last_pkt_time":1578508364654361,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1578508364654361,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHl8oAAEARbG\/AqAG4gAAzjHZfdl8AswwF15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"} -01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364654361,"flow_src_last_pkt_time":1578508364654361,"flow_dst_last_pkt_time":1578508364654361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364654361,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364654361,"flow_src_last_pkt_time":1578508364654361,"flow_dst_last_pkt_time":1578508364654361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364654361,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364595041,"flow_dst_last_pkt_time":1578508364655558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364655558,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0tVBAACcGoaMi\/xdxwKgBuHZf3TMrXBsHHvlGKYAQAOuT7wAAAQEICqcQh3si2JSV"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523420,"flow_dst_last_pkt_time":1578508364657828,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364657828,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC8GWDwD0S1PwKgBuHZf3TTdrvLSmxdVZqAScSC43wAAAgQFrAQCCApOlRAnItiUTwEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364657930,"flow_dst_last_pkt_time":1578508364657828,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364657930,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGR0TAqAG4A9EtT900dl+bF1Vm3a7y04AQECxIFwAAAQEICiLYlNBOlRAn"} -02231{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364522958,"flow_src_last_pkt_time":1578508364631940,"flow_dst_last_pkt_time":1578508364658815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":495,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":735,"flow_dst_tot_l4_payload_len":512,"midstream":0,"thread_ts_usec":1578508364658815,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":7898.0,"max":63466,"stddev":18325.6,"var":335828128.0,"ent":2.4,"data": [42899,42982,2208,63466,818,46,62123,6,373,313,356,354,126,10,127,6,123,159,339,3,86,17,41,85,11,59,21,32,10,27626,14]},"pktlen": {"min":46,"avg":91.2,"max":547,"stddev":114.1,"var":13011.4,"ent":4.4,"data": [64,60,52,547,52,500,84,52,52,53,52,54,52,65,68,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.453177452,5.333454132,5.000318527,7.620707512,5.195351601,7.612061024,5.903985500,5.077241421,5.077241421,5.270098686,5.077241421,5.305542469,5.077241421,5.535423279,5.653491497,5.077241421,5.077241421,5.233812809,5.077241421,5.807060242,5.154217243,6.729629993,5.192151070,5.452736855,5.949917316,5.154217243,5.191807747,5.493040085,5.493248940,5.077241421,3.725504398,3.725504398]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +02129{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364522958,"flow_src_last_pkt_time":1578508364631940,"flow_dst_last_pkt_time":1578508364658815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":495,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":735,"flow_dst_tot_l4_payload_len":512,"midstream":0,"thread_ts_usec":1578508364658815,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":7898.0,"max":63466,"stddev":18325.6,"var":335828128.0,"ent":2.4,"data": [42899,42982,2208,63466,818,46,62123,6,373,313,356,354,126,10,127,6,123,159,339,3,86,17,41,85,11,59,21,32,10,27626,14]},"pktlen": {"min":46,"avg":91.2,"max":547,"stddev":114.1,"var":13011.4,"ent":4.4,"data": [64,60,52,547,52,500,84,52,52,53,52,54,52,65,68,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.453177452,5.333454132,5.000318527,7.620707512,5.195351601,7.612061024,5.903985500,5.077241421,5.077241421,5.270098686,5.077241421,5.305542469,5.077241421,5.535423279,5.653491497,5.077241421,5.077241421,5.233812809,5.077241421,5.807060242,5.154217243,6.729629993,5.192151070,5.452736855,5.949917316,5.154217243,5.191807747,5.493040085,5.493248940,5.077241421,3.725504398,3.725504398]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364659294,"flow_src_last_pkt_time":1578508364659294,"flow_dst_last_pkt_time":1578508364659294,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364659294,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364659294,"flow_dst_last_pkt_time":1578508364659294,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508364659294,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGv5TAqAG4KEOQgN02dl98bCWSAAAAALAC\/\/8OmwAAAgQFtAEDAwUBAQgKItiU0QAAAAAEAgAA"} 01082{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364659971,"flow_dst_last_pkt_time":1578508364657828,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":461,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":461,"pkt_l4_len":427,"thread_ts_usec":1578508364659971,"pkt":"EBMx8Tl2KDc3AG3ICABFAAG\/AABAAEAGRbnAqAG4A9EtT900dl+bF1Vm3a7y04AYECwE6gAAAQEICiLYlNJOlRAnAYkEYzsbi3U1VbPxeO8JeZGy8BDKLHIeRSKQp4\/evVyQovWvCuUArTsYbNFNxbOpHxgiMLlX0ZOeEmBKpT+zxdZ5teBbqVi3L+mm7Ze75jkvKWog+sVO61B5+CMn3LI3RoqoEIs7LzSm4dXhRB4iMDjlKoJ5ZcHwLwlkh8E9Vpo3djq3bdx6lp\/EdVYh6tyjrDNl\/j+nQfIHSl0cMW+mhrtlfSdcGh0syw23uJtUSkclaVzh1wHeEc\/bQntltm8xovFOwV9SJyedZop+oHv1QYNt8oHL9v3ZZw5lkXyC9v2DYGLqmi1M7RPz8jlmDJa9m+OtKYcpqVh3LJYWvbiP5AVvl68VRguEFNQTEiaz8u+Ok4fajiRFN+EVltIdouSx7saQkYFk1SJM9L4aBUOJFvL6FFh3igjYUWKgCjdf2qOqAGWN2QeLZkNKg69L2LgHAubee5cXm\/oVTb4ak7cxt1raQVyZh0C5KR4jqdxt3Bdo\/8IlgvyUrAcIb4sc4COpXETFl0cDGUpkbOA="} -01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523420,"flow_src_last_pkt_time":1578508364659971,"flow_dst_last_pkt_time":1578508364657828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":395,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":395,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364659971,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Mining","proto_by_ip_id":42,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -02229{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508364523356,"flow_src_last_pkt_time":1578508364663606,"flow_dst_last_pkt_time":1578508364664348,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":1106,"flow_dst_tot_l4_payload_len":612,"midstream":0,"thread_ts_usec":1578508364664348,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":9072.3,"max":62996,"stddev":18852.3,"var":355411104.0,"ent":2.7,"data": [42941,42985,1880,62851,2026,2,12,7,1,62996,2,23,5,115,83,3,1324,29,68,8,50,438,29,39,9,101,32217,29,13,30178,778]},"pktlen": {"min":52,"avg":107.8,"max":598,"stddev":122.8,"var":15078.8,"ent":4.4,"data": [64,60,52,598,52,456,84,53,208,55,52,52,52,52,68,52,52,84,53,176,55,68,84,53,100,67,68,64,64,64,324,64]},"bins": {"c_to_s": [14,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1],"entropies": [4.408572197,5.379368782,5.077241421,7.669267178,5.156889439,7.526873589,5.951604366,5.156891346,6.891885281,5.267454624,5.077241421,5.038779736,5.000318050,5.038779736,5.524744987,5.038779736,5.000318050,5.872653008,5.041009903,6.756078243,5.155787468,5.423323631,5.920271873,5.041009903,6.031247139,5.403306961,5.416114807,5.165874004,5.197124004,5.228374004,7.334465981,5.165874004]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523420,"flow_src_last_pkt_time":1578508364659971,"flow_dst_last_pkt_time":1578508364657828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":395,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":395,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364659971,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"ETHEREUM","proto_by_ip_id":354,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02127{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508364523356,"flow_src_last_pkt_time":1578508364663606,"flow_dst_last_pkt_time":1578508364664348,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":1106,"flow_dst_tot_l4_payload_len":612,"midstream":0,"thread_ts_usec":1578508364664348,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":9072.3,"max":62996,"stddev":18852.3,"var":355411104.0,"ent":2.7,"data": [42941,42985,1880,62851,2026,2,12,7,1,62996,2,23,5,115,83,3,1324,29,68,8,50,438,29,39,9,101,32217,29,13,30178,778]},"pktlen": {"min":52,"avg":107.8,"max":598,"stddev":122.8,"var":15078.8,"ent":4.4,"data": [64,60,52,598,52,456,84,53,208,55,52,52,52,52,68,52,52,84,53,176,55,68,84,53,100,67,68,64,64,64,324,64]},"bins": {"c_to_s": [14,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1],"entropies": [4.408572197,5.379368782,5.077241421,7.669267178,5.156889439,7.526873589,5.951604366,5.156891346,6.891885281,5.267454624,5.077241421,5.038779736,5.000318050,5.038779736,5.524744987,5.038779736,5.000318050,5.872653008,5.041009903,6.756078243,5.155787468,5.423323631,5.920271873,5.041009903,6.031247139,5.403306961,5.416114807,5.165874004,5.197124004,5.228374004,7.334465981,5.165874004]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364522823,"flow_dst_last_pkt_time":1578508364667606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364667606,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG8jtCKlL2wKgBuHZf3SQj+YV4f2iiaKAScSArVwAAAgQFrAQCCAodkmB\/ItiUTwEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364667656,"flow_dst_last_pkt_time":1578508364667606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364667656,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG40PAqAG4QipS9t0kdl9\/aKJoI\/mFeYAQECy6hgAAAQEICiLYlNgdkmB\/"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364632239,"flow_dst_last_pkt_time":1578508364668680,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364668680,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGF+czJjxPwKgBuHZf3TW8w0qY6ojTGKAScSDV+QAAAgQFrAQCCAphOp2qItiUuAEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364668739,"flow_dst_last_pkt_time":1578508364668680,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364668739,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGCO\/AqAG4MyY8T901dl\/qiNMYvMNKmYAQECxlkQAAAQEICiLYlNlhOp2q"} 01124{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364669552,"flow_dst_last_pkt_time":1578508364667606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":495,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":495,"pkt_l4_len":461,"thread_ts_usec":1578508364669552,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHhAABAAEAG4ZbAqAG4QipS9t0kdl9\/aKJoI\/mFeYAYECzM0QAAAQEICiLYlNkdkmB\/AasE+v2aCVNnM9qWpvTSHLoErqBLg3QSZ\/tMLN0zJwbq9Mu7q3VJWJNHr1heAKUFIH6bvGaLiNrFnIPCKtgOScwiTFw54GiWDntwJGw8S+My1sqbWwD5rVIxP74gpnGytj6O4F8rmrsyuiCsm77q8dfz211MKn3j7YhZmMWRYURZRdJFY51v9X7khyKovEo46VYW2jGC6GVtWcTrDZDFJYn1e7LsFlaqQaxOYfrD2tz9VK5oXG6zm+eA7MB4mCMofI9yaMLuWFfMklNuksZWQffmLOkkjvu+JeHXPBtaXcMyG6VQPZJt5vhTrK\/7tBIlYl8s5ITS6No1RpH0BgIPXt+46ugXdA5HzKZGb0lj1Jqo7E5sc7dPngrn9FSmEo456JbHmmJNKy0g4v\/k7zERy0mVrS+SUdpPvt6FhVgG960MG14DOtzVo3TIF3qyoLS+K3GzC41yovcXuYwGLCbuyXph1W5BQKu1Xl8AY3quLjxp+IoaGsJALixRryGkpmUSIIsbwWErVFKVYiLqsRpD+6+H6II578lFsF0CkB8cpISbWAjzV02hsEOVgzK4"} -01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522823,"flow_src_last_pkt_time":1578508364669552,"flow_dst_last_pkt_time":1578508364667606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":429,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":429,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364669552,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522823,"flow_src_last_pkt_time":1578508364669552,"flow_dst_last_pkt_time":1578508364667606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":429,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":429,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364669552,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01117{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364670234,"flow_dst_last_pkt_time":1578508364668680,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":487,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":487,"pkt_l4_len":453,"thread_ts_usec":1578508364670234,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHZAABAAEAGB0rAqAG4MyY8T901dl\/qiNMYvMNKmYAYECzM5gAAAQEICiLYlNphOp2qAaME5oGp5GvmHIWgGGU93Sb4NHYjusUApM6sRP5i8qY+HzhQdCIFLnndrt7Lyb35ijFh\/RKRZMveJjaTrvg07LR7B4kXgNNmDCnZ2mleUCoqai5pRFszdTaWzaDsM4Q3Wpw7y0J8UpUFV6JX3TRY81kn1wATSI1nzIaZiu8M7z9ugzT1Bhp5p5TFxbdeYQO6JrfMV4SRpyBXU0Rr7lBPIIFGiWnTkFtnxAhgodqQRFvRwZqLnZCsgQbUsh0fSXnkXvrGai3JM75BbyPWqwTWuWiqsasopvi+xYlm0p3aCAgHFYfwBoK2+KEvTZF1a6IBLF7ajmDeyzfdyjRL\/4Fdv1tddrUHTtxiT94TQMGrf7w+6PD94c1BvIA\/tb\/lxk1wzuF9hyaRwsvRsoh5iUSYTluqLNaUZEyWxIttTdFdUw+4KtjnqIaaVDrFEF2xOF4vZXkHdM6Nz+NtV7XrL5ILFjgViwhX3DPu4RTPwZeAt0lPJnUpfywRheWctZ\/iNqYU3QdkPrFOAx1inq1ZAUdz9ftjWvMI+49unsEi+QuvIeQbOJO4fA=="} -01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364632239,"flow_src_last_pkt_time":1578508364670234,"flow_dst_last_pkt_time":1578508364668680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":421,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364670234,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364632239,"flow_src_last_pkt_time":1578508364670234,"flow_dst_last_pkt_time":1578508364668680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":421,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364670234,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364682687,"flow_src_last_pkt_time":1578508364682687,"flow_dst_last_pkt_time":1578508364682687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364682687,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364682687,"flow_dst_last_pkt_time":1578508364682687,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508364682687,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG833AqAG4MyZRtN04dl9aLQCVAAAAALAC\/\/+JqQAAAgQFtAEDAwUBAQgKItiU5gAAAAAEAgAA"} 02056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364421473,"flow_dst_last_pkt_time":1578508364694292,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"thread_ts_usec":1578508364694292,"pkt":"KDc3AG3IEBMx8Tl2CABFAASM2BBAADcR1ngiYawWwKgBuHZfdl8EeMBgH0wTNhnEtwanpj7oWlZ\/Hp0Gak0vyLNY48lrCKzEN97iWOlAwiKU8J2As0GDwpvqMobAk\/doYUwERgBj\/dX1qwI+w93bqV+opA8zeXK5DOY5QqaAWe1EmRlafyw14V0SAAT5BAv5BAP4TYRPFs69gun3gun3uECCARRJlalZmbRgrccKpmIFHuwcnfCnxRI\/PJfvccahZWq2zhSNF3xN8PFm4Ig97uMj8JcxYkHuXulMILJ8m+Dx+E2ENiSg04J2X4J2X7hAPRqHFTz0e8oEsmOadgUbUG0\/Gq1XFXFWshB59yMDlMnzDbSaQte3vRlNp0x8bXK\/C0IExkQW+7e6O42uaIsSOfhNhG\/lALSCTtaCTta4QNKaGvf27ePtI09PYWMWWoqsTgBFWVV\/OStWx2mo9mqS58z7TiK83yibq71BZSi0CSsekwb4Zyr8nj5zQd0mqCb4TYSkhGWfgnZfgnZfuEBoaZQlH\/tAMTmENPyYivdiK6qXFlTxe+\/p6cPLqiael7D6BFBiRXZHacw3oUOaGk4+u32W1NMUjoJXk06B2mEI+E2ELzgXtoJ2X4J2X7hAZ5DyvV4L2UjTbfMTNRlwVlkkGIIkt\/VYvYJ76IXUVE6r5fvcx+2tWoDAFaFaLZO1vJw5B3fbXfeObFaJ1qahJvhNhHLbOhmCTtaCTta4QOsAfRHCWayd+ePpaQzEOGf3dXjZZgxjuurzp9q\/DaDAlIrlX0hFIpZGowqYAlmPGRQlb2Zp7G196tUzRB5lA1D4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2EI9yzYIJ2YIJ2YLhAOJyQU2JE6mr+PrqS1VpbvrNoILvKRQR+abFnLs+XgISTnL1u7Up3BqfrKb9hyDFv4+EivNbWhPn9c0jykBsfLvhNhC9ngvuCdmKCdmK4QMQewuj5qn6FtR+caLmA7fiCCCWlXl5n4eHsa\/hStv5IXJfR3qW2xYlmjRashSfhzXIk\/cArlEuFCVyLKkliTzj4TYR68x8XgglNgk7WuEDyUr+wEhCRTzC+abav+Qq8gCoJQuHHGbcH\/DZQmfl9EGgUirj+pxEJRc8L7rXREu747IWcesHQp9HRE6vORWkC+E2E1W2gk4Kvx4Kvx7hAdMXaCMYMMwBE0nd2ZguY7X9OffS41d7S\/Y+mPW\/bN2r4s5PDjCrWaOVF\/TvDBjFcUWsPiqOXMHIqsOoggNo9SvhNhE4vwp6Cdl+Cdl+4QPkOM4NqDnpAiCaFdcv7mpRSPLANloklV4wbFH\/35BGlAWuLnC96pYG30ySaUekbUEoxDdJFuDpuhxs7uesYXD\/4TYSOLK6TgnZhgnZhuEDoktJdZWuqibhkACX5AYXpi\/92jauNHaPZe57KQENT7f3lptm8vn\/KsHCyQGycNosbcDhgVNlPlUl4B5KRi2QIhF4WIGA="} 00982{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364421473,"flow_dst_last_pkt_time":1578508364694327,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_usec":1578508364694327,"pkt":"KDc3AG3IEBMx8Tl2CABFAAF02BFAADcR2Y8iYawWwKgBuHZfdl8BYBsKk2vVIKFBe5srt6TuKGLoSQyIYHTHTIh8E6CjfYCc9i8bqGNRb1RdySNn+Iv9WrBeYgM40YLK2f29HLFDjWvrLH5PzXOrZjlyFrfNSw\/LgHRZLq7JZkTKJJivek9A0KFTAQT49Pjt+E2EWSTXC4J2YYJ2YbhAKsm6hrEBgceppDA8y6y8ToI4LATCvXtK2lH6G5Ea4z\/xJThSCDAuG5MSvtPStPEkcnXcb7SOx0jpL4DMcyqusPhNhJ+KPreCdl+Cdl+4QFFks1Hi1w5Dzl6eTycY4XMH5jgPi\/IsM\/Xh\/aiCTq6KUBnNNvsH2QEEcq8Eurha1gzN35pyz9iUxxW+rcV0tUj4TYTPtOCBgg09gg09uEBD39Z7PE\/miF\/gBzQtLgOKuJmlQiP1\/EPNHjqCw\/jys2eg7dySq1uz5KP5CQPL3LPisAyyzl2cNiKWtBUo4PgQhF4WIGA="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364697110,"flow_src_last_pkt_time":1578508364697110,"flow_dst_last_pkt_time":1578508364697110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364697110,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364697110,"flow_dst_last_pkt_time":1578508364697110,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1578508364697110,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHkfoAAEARTtTAqAG4NiSg03Zfdl8As+iZ15lp9gBLtC6IaCW33is1Th50j8UHjOmT4mAffcZn+yYEl4jGBnLnkKaeXePCjndUh79\/WTQA2R4kNex3KmtFmldicE1yJNj24ZecPC4hxpTcI9qIeMXPlU0BU5Rec0LcAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBg"} -01160{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364697110,"flow_src_last_pkt_time":1578508364697110,"flow_dst_last_pkt_time":1578508364697110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364697110,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364697110,"flow_src_last_pkt_time":1578508364697110,"flow_dst_last_pkt_time":1578508364697110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364697110,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364670234,"flow_dst_last_pkt_time":1578508364712647,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364712647,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0yT1AADEGTrEzJjxPwKgBuHZf3TW8w0qZ6ojUvYAQAOtzCwAAAQEICmE6ncsi2JTa"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364714836,"flow_src_last_pkt_time":1578508364714836,"flow_dst_last_pkt_time":1578508364714836,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364714836,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364714836,"flow_dst_last_pkt_time":1578508364714836,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508364714836,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGSM3AqAG4UpHc+d05dl+ffKVSAAAAALAC\/\/\/0ywAAAgQFtAEDAwUBAQgKItiVBQAAAAAEAgAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364522827,"flow_dst_last_pkt_time":1578508364717778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364717778,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMGVBhoKtkZwKgBuHZf3SMhYrdg7BRmI6AS\/ohxlQAAAgQFoAQCCAru0q\/IItiUTwEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364717893,"flow_dst_last_pkt_time":1578508364717778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364717893,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGNyDAqAG4aCrZGd0jdl\/sFGYjIWK3YYAQEAmOFAAAAQEICiLYlQju0q\/I"} 01214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364719135,"flow_dst_last_pkt_time":1578508364717778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":556,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":556,"pkt_l4_len":522,"thread_ts_usec":1578508364719135,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIeAABAAEAGNTbAqAG4aCrZGd0jdl\/sFGYjIWK3YYAYEAln5wAAAQEICiLYlQnu0q\/IAegEP2pezgVKWt8J8LrduXpDyCo1FSJyTyJ5lbbH7EMZGv5G3Ivb1Abhvkw0dCEBVV6UxMSYllHcXVIlysO4yRAJrD5b3f1+VOKSoFLSg1WcmxxEFO5pnU9HGIUQEJOaDwrvCvMmNd\/GyeuIehvlbz29a4IXVRSSdhfjxmtwfJH+UkHpQ4uA18eIcetGchNx7gI7Oz0jMukXSf6+fHPd5WzMA+QkRtKtiOA\/Ie9P0PHPpHyImbvmHyYsAnQAyF4U1Vv15ymELSbMPh6zJQBf6IEP1\/CsQtKLagSDJKpl3a0jUjZwfj\/oq5+fdfqdkyAe+2Dk+tJ3lqwB+Dn4UKkYaFJ02\/UB95EcD\/zFU66a5SFkLQDvY3+vcobTa\/lD7OTd6xDAWEFP2BjNtfPoRyhVmxGgL4bywwcRwT6f1g2LccJsDy4U775nSR0Ycq1gnFsOfvC1Y9DaUuFcWbL7Z3JghsVJzD7MutydGKoI2UvduWqCdBRnpaAxRMcAZl5TC\/i+u2g5IW+pDMOuiS2ibZEmMWOlF4ZWAnJCS4GUFO1bcjbhwDALyFMTF0NZdpp8BmB793G\/lfe5Ar+ZIMVJs8CawDm2xKMURTt++U3mblRrsMZgCuWrzMqnUgZd5lFo1bOfVXFU2qOsmJmGig=="} -01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522827,"flow_src_last_pkt_time":1578508364719135,"flow_dst_last_pkt_time":1578508364717778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":490,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":490,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364719135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -02223{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523418,"flow_src_last_pkt_time":1578508364659019,"flow_dst_last_pkt_time":1578508364721593,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":752,"flow_dst_tot_l4_payload_len":466,"midstream":0,"thread_ts_usec":1578508364721593,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":10767.0,"max":70198,"stddev":24163.0,"var":583848512.0,"ent":2.4,"data": [70028,70198,1425,62112,2103,2,2,32,23,22,62731,3,15,11,2,8,85,118,636,45,106,25,18,64,32,95,10,50,9,63729,37]},"pktlen": {"min":46,"avg":90.3,"max":564,"stddev":111.3,"var":12394.7,"ent":4.4,"data": [64,60,52,564,52,454,84,53,54,65,68,52,52,52,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.441382408,5.346035480,5.024262905,7.573521614,5.233813286,7.579136848,5.880175591,5.270098686,5.268505573,5.525989532,5.642391205,5.062724590,5.024262905,5.024262905,5.024262905,5.062724590,5.062724590,5.272274494,5.062724590,5.967890739,5.154217243,6.729060650,5.228514671,5.477021694,5.839856625,5.078744888,5.191807270,5.462270737,5.610895157,5.115703106,3.600984097,3.600984097]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522827,"flow_src_last_pkt_time":1578508364719135,"flow_dst_last_pkt_time":1578508364717778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":490,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":490,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364719135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02121{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523418,"flow_src_last_pkt_time":1578508364659019,"flow_dst_last_pkt_time":1578508364721593,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":752,"flow_dst_tot_l4_payload_len":466,"midstream":0,"thread_ts_usec":1578508364721593,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":10767.0,"max":70198,"stddev":24163.0,"var":583848512.0,"ent":2.4,"data": [70028,70198,1425,62112,2103,2,2,32,23,22,62731,3,15,11,2,8,85,118,636,45,106,25,18,64,32,95,10,50,9,63729,37]},"pktlen": {"min":46,"avg":90.3,"max":564,"stddev":111.3,"var":12394.7,"ent":4.4,"data": [64,60,52,564,52,454,84,53,54,65,68,52,52,52,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.441382408,5.346035480,5.024262905,7.573521614,5.233813286,7.579136848,5.880175591,5.270098686,5.268505573,5.525989532,5.642391205,5.062724590,5.024262905,5.024262905,5.024262905,5.062724590,5.062724590,5.272274494,5.062724590,5.967890739,5.154217243,6.729060650,5.228514671,5.477021694,5.839856625,5.078744888,5.191807270,5.462270737,5.610895157,5.115703106,3.600984097,3.600984097]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01947{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364654361,"flow_dst_last_pkt_time":1578508364729181,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1097,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1097,"pkt_l4_len":1063,"thread_ts_usec":1578508364729181,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ7gO1AADART9iAADOMwKgBuHZfdl8EJxcg9PffAeslidE0A2XYKUWPfQSrSzELT24RQsZMkDFAUC\/8t71UobxaKgVF9YFxtOS9Li4RLrxMDnrT4k5PGgw2NDHZtKrKg8J\/d2YlScEj\/YBR+sG3bhx8yqSCwFLu+QmtAQT5A7r5A7L4TYRQniRSgnZfgnZfuEDy+3Y1qZpk8\/KZSHkhI\/dUtq2PmnojEAJ+pvc2bi3A23IJ6RM8OAW49hm6EgP+nw9QrdJ1FOvq3+1MzaqVwKmC+E2ETi\/CnoJ2X4J2X7hA+Q4zg2oOekCIJoV1y\/ualFI8sA2WiSVXjBsUf\/fkEaUBa4ucL3qlgbfTJJpR6RtQSjEN0kW4Om6HGzu56xhcP\/hNhF6CJvWCdl+Cdl+4QCa0AdVA2\/h5KxbzG7wSXhKLcgLDQf3VZM6j4pcDpEr22I0w8vjr3eeZrANzqy+B0k7Jw6sj9qOYOkYu9v1\/HcL4S4QXZGXDgsVFgLhA4dMHiHESZvaZv5XwOSEg7GIAhtTuq\/1+kuZamW7NEWy5Mx7jYjqriPSY+yi8MCrIJ809xx8ts8E05ybrI5RK9vhNhHTKaT+Cdl+Cdl+4QNscTNh1YzVnvcLB2a2lU2bz3gyaTlXXbE+pFLDVoDdFI5ADpod42cruH9wQt79YZLxlJa01FygTlV6X9wnzbsb4TYRSpWAfgnZhgnZhuECxFAegsyOgyfrql\/zztxCELDSekbbhUJf21H8iSNiW9cKP2xirrTz8RKLVHxNA2LkFNcMF8l9m+GUUJJ3wo0ve+E2EZ\/0rzIJ2X4J2X7hA0+1Q\/zfDwmqiJ4L7\/yvPXaADca3\/aoKeqi6XasejIDSTPmS2ILmdZ2LgwWGNQRAtsR66VqR5PIUppHE6JTXzu\/hNhC9aDGqCdl+Cdl+4QEWucUJTr5uswusybUrNZinvmACa+spHP3M8Ca80aMiKTDP2An9QqqbsJgkcvDnFqQSdwmVB0j3FFWWOWXchmBH4TYQ03B+BglLcglLcuEC4ECYNzxwi2kJoJQjyJ6lUniuRlC+UndNWqAZRufW0X533Ymm1WtW8x0w\/1eGqPwGeOGNfU57w7mmrZv5S0MuC+E2EoBCKUoJ2X4J2X7hA7pvrsi4uzujUwcCnzbOXM3k+PSTxp6vSaGlZ+vjNNS2DLnFg12pt76j1a3+aMxZ2sjeuJ4ACTqyhbBihj1yObfhNhLB96meCdl+Cdl+4QMGwHxHg22IaagGZCrHWyox4ceWSrkz5+TUJ7FvSKEAsyUrKnBQ1BKg4U4OyDXv653Ump5Su2Klg\/PAjth\/4FVX4TYQDCFzcgnZfgnZfuEAOe5LjgOGocDnrwWucrGwohrnh\/PIVvUNi2EPcxA3lL9o2I1kGKrrcltIHdy07g5GmzReWD9IntTCd9ncDRnHuhF4WIGA="} 01087{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364654361,"flow_dst_last_pkt_time":1578508364729798,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_usec":1578508364729798,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHFgO5AADARUk2AADOMwKgBuHZfdl8BsUbFE+HTPyEyomNSay73CyfrLD8rHnhX7vxj92G3He3rB8i3yggvxA3gI120fMxC8T5NSVg69zUML0xXdXDn6x+i1UJlYzm2ZsL8HkXRcVxsD7\/Cz8uc2cDeR5GmI31rs3BBAAT5AUT5ATz4TYRWzyr3gnZfgnZfuEAwPG4npPFCKterF6wXX6hmKDtHpPLV5Gpyh4HRvQlb1WOtMBiFa5iB1p48IlU7yQzlUhHlEKU2TAWk+UxWCOtE+E2EwKkGMYJ2X4J2X7hAXDWjwnntCdEfY7ZsbIcma6dZim0sS\/6AZlg+cBMsOylaupmT4K85DC7A88jAAB9\/AkNP7Q7FRuWOzTw655z20fhNhF\/YD6SCdl+Cdl+4QMhe7o3oH5yNMBpAbg7BFfLQiRhzAx0IcRlGupvV\/Zui89t4l4x5tGAZhBv4cgNKbiHVFqGfCeCtDh7KA5ZNUtn4TYQ2yX4zgnZfgnZfuEBWXo894U5qji3Sd9oPTupJEBwpi5JkOWop7uGO9PMehSCnS4eHg4+tauk7NJIwG19teeCjKxS93DtycMhLIWGEhF4WIGA="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364732443,"flow_src_last_pkt_time":1578508364732443,"flow_dst_last_pkt_time":1578508364732443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364732443,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364732443,"flow_dst_last_pkt_time":1578508364732443,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1578508364732443,"pkt":"EBMx8Tl2KDc3AG3ICABFAACccxcAAEAR1EDAqAG4b+UAtHZfTtYAiDTvS0gyrIvyYAXql+rzEz+AR\/cLOiJor5McpZ3aQTzvVtbxvdlPVHOvm8x2T63kxRajQJXVXM7hf79y1fQG9XWokxXgcqkKLlUPoIFVVYrTntTkZjbBJdoltYqy5v2xN8\/CAAHdBMuEfwAAAYJ2X4J2X8mEb+UAtIJO1oCEXhYgYAU="} -01162{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364732443,"flow_src_last_pkt_time":1578508364732443,"flow_dst_last_pkt_time":1578508364732443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364732443,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01075{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364732443,"flow_src_last_pkt_time":1578508364732443,"flow_dst_last_pkt_time":1578508364732443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364732443,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364682687,"flow_dst_last_pkt_time":1578508364751141,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364751141,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGCIIzJlG0wKgBuHZf3ThkB68VWi0AlqAScSALcgAAAgQFrAQCCAqBHInXItiU5gEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364751248,"flow_dst_last_pkt_time":1578508364751141,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364751248,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG84nAqAG4MyZRtN04dl9aLQCWZAevFoAQECya6gAAAQEICiLYlSaBHInX"} 01198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364752659,"flow_dst_last_pkt_time":1578508364751141,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":545,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":545,"pkt_l4_len":511,"thread_ts_usec":1578508364752659,"pkt":"EBMx8Tl2KDc3AG3ICABFAAITAABAAEAG8arAqAG4MyZRtN04dl9aLQCWZAevFoAYECzuoQAAAQEICiLYlSeBHInXAd0EVrOafIpouoTHB+BW2z3Lrv3HnCw2ZQBRlgf\/19WqTwFOA04VbQy1wFUS6HAgPfHy8NaOV77ZdRJTSAq8L7x6Kw4II\/hUO4r9f51nr5zJtR+NmQtihw\/oG2toqeE2gmxFBm\/FJEAZ3BhAyklgcpYoSgeZNb37AeD8R7SxXsV96FZAMTuwUePPPwvKLx3F3XQBJXGqmL8ZZ4kHijHRXepMXtDyrqQ3dHLW36bgCyBffbPJwK11VIZBOg1ZO\/6QcCJyM8WU+cI0sTPBasm4PzbCQgYhaSkC8C0ehkpBDkbMoXij9k0WKFOVrIEsyZ\/24n+unHUtTe\/yYV6dUpEywFRJGupzIBFEQIrlJ+R7y5h8fxbPkC6UiykbmNIdFoDGxOiSYBL3yeK7GSTvjks9NeQTQC1eqeVk6U54EyDTlZ2t2cddwvBBj+fMzUkesX+MlQsGkokjFLEpHTsTH4jgy5EiQVvgHqBHad7G9fBM4q3K7UQYmh0hkSGogPuWCsrTo\/YkV2pbe8nJuLqnzRBnEBsCwsw9rDIf0YsG5\/lfaKRt7lzM\/aZlRjLHsqGkZkpqrfD7R6MXqp\/xig+JCvg0MFvDNMp3tp3C7Lm+dgS5zbrMV4EKIIIpgqxAKcHEra4="} -01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364682687,"flow_src_last_pkt_time":1578508364752659,"flow_dst_last_pkt_time":1578508364751141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":479,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364752659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00946{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364682687,"flow_src_last_pkt_time":1578508364752659,"flow_dst_last_pkt_time":1578508364751141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":479,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364752659,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 02053{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364697110,"flow_dst_last_pkt_time":1578508364773663,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"thread_ts_usec":1578508364773663,"pkt":"KDc3AG3IEBMx8Tl2CABFGASMuzZAAC8R8ro2JKDTwKgBuHZfdl8EeHOhfS8\/VKeU4xriCeJZNmbyiR29m3N42\/uIKvLbiJlgdyaSwrO2BgcDcenrD2C97edthDBouwifboHgE3u3hLHcQi8I2aNx02z5+NzOkszQMNgplhV2V\/wYwtE8G8IvYQ3cAAT5BAv5BAP4TYRPFs69gun3gun3uECCARRJlalZmbRgrccKpmIFHuwcnfCnxRI\/PJfvccahZWq2zhSNF3xN8PFm4Ig97uMj8JcxYkHuXulMILJ8m+Dx+E2E0WGPAYLDUILDULhAQhNvCoDxAncltx4bh9WffZwzBdE\/9xF06wXJo57MMUhoLLSI90CIePrV\/tYmYiKEiyDSrJDYOlCFHmZ3pqDCwfhNhGoMJ6iCdn2Cdn24QH6QBf7Np\/9Y+eiOrugFzIsIhVcNcp\/OYct+34QkqEfvlXbuNfWnoEs1IzwGORRl6zR7xwwZW1+45dnGnJxxFET4TYTAnuIugnZfgnZfuECuDYcQjm3wJMglum1qnPXPBozHysGZ9VxiaJNnx\/kw7dAhqZoxI6CdfBdLdPaGhgI412g7XwrxymiHNjtEpybV+E2Eb+UAtIJO1oJO1rhA0poa9\/bt4+0jT09hYxZaiqxOAEVZVX85K1bHaaj2apLnzPtOIrzfKJurvUFlKLQJKx6TBvhnKvyePnNB3SaoJvhNhKSEZZ+Cdl+Cdl+4QGhplCUf+0AxOYQ0\/JiK92IrqpcWVPF77+npw8uqJp6XsPoEUGJFdkdpzDehQ5oaTj67fZbU0xSOgleTToHaYQj4TYSygMxlgsNQgsNQuEAJaLOKzWf\/o+pIN3tGz2TU0Jj7rRUsEu\/g\/J\/izFMRqT2L21hSkEIu4pwcRIudbxWCEi7R3jpR3Qx72SJ7sDxL+E2ELzgXtoJ2X4J2X7hAZ5DyvV4L2UjTbfMTNRlwVlkkGIIkt\/VYvYJ76IXUVE6r5fvcx+2tWoDAFaFaLZO1vJw5B3fbXfeObFaJ1qahJvhNhNFhtVyCw1CCw1C4QGNRrcySTkrIddsTkghzBE5yaZovlz823kaODYnxRULrhcdtfhDSmheK1rkdzx6MLgmWRkcqk5yLSRXbV7Sa9hv4TYSUZnN9gnQ9gnQ9uECK3QCjct4kYgqQwECFpzDV6FidxjszhMNuNu5KPckeHeVnNGRrmrvdWVqSm7NdhSk\/GBSTMV30P4Rv7pq1hSjo+E2ENL1ESYILzYILzbhAFgxun0r0zdyAC5SZb67xXu\/2hxGmSEaQZz1XosQe6902lrVgE71jlymkTkVmiGnjo+wcj5gGrpBHOVgGl5DUX\/hNhFCeJFKCdl+Cdl+4QPL7djWpmmTz8plIeSEj91S2rY+aeiMQAn6m9zZuLcDbcgnpEzw4Bbj2GboSA\/6fD1Ct0nUU6+rf7UzNqpXAqYL4TYRvYnEBgnZfgnZfuED0pW7OSkAUUx9PeHXwwyf7mqpd70LmGPSseSc9VRhmuql9pusBMDKDEfCCcSaAIW2BnfDoTpS113ylm2TbVhfWhF4WIGA="} 00981{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364697110,"flow_dst_last_pkt_time":1578508364773700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_usec":1578508364773700,"pkt":"KDc3AG3IEBMx8Tl2CABFGAF0uzdAAC8R9dE2JKDTwKgBuHZfdl8BYMxaEf6gK86OMmqC0hj8YCjT4Kxyd9QhLNhUWv84IcoZEEM5WLaEl0iNjPoH5MGkDBtHCCGzykqH2IyxlA4UZhPcyDumXz\/v4mlSvZfRB2yOu5AYhwCSwbpUWhfp9lpeKanwAQT49Pjt+E2EdbUsoIIrq4Irq7hAjNB3wOfdUkch\/RymD8COogkRfmtGHDZ3JfVp7qPL0g95b9d6Og4eqk7Oc5yCXUjsPCBRZNV\/OEkCcWVLTRMhqvhNhDb\/yRuCdl+Cdl+4QBkaEptJyzZcwNghsa\/yev+qS1D63n8u0YIQqdir49AX7Q7OxcqumEYHw1gpXkn8\/0NtWmRXiIMnyNsmLKeGv434TYQj3LNggnZggnZguEA4nJBTYkTqav4+upLVWlu+s2ggu8pFBH5psWcuz5eAhJOcvW7tSncGp+spv2HIMW\/j4SK81taE+f1zSPKQGx8uhF4WIGA="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364776411,"flow_src_last_pkt_time":1578508364776411,"flow_dst_last_pkt_time":1578508364776411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364776411,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364776411,"flow_dst_last_pkt_time":1578508364776411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1578508364776411,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc6zkAAEARbFTAqAG40WGPAXZfw1AAiAuoYX\/X5Uw4lffkPNHSCMW6SrDFB88ojJJssa\/u4MiJ7ftgjBcFdVPuw+tvNym45804Q6\/uLh0oQsOr0riQp0FxmC7+mATc88CsFLix8wyPMseFlTK290MHGwkPORWZli5hAQHdBMuEfwAAAYJ2X4J2X8mE0WGPAYLDUICEXhYgYAU="} -01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364776411,"flow_src_last_pkt_time":1578508364776411,"flow_dst_last_pkt_time":1578508364776411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364776411,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364776411,"flow_src_last_pkt_time":1578508364776411,"flow_dst_last_pkt_time":1578508364776411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364776411,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523039,"flow_dst_last_pkt_time":1578508364784751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364784751,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGswg056VswKgBuHZf3SosjczmxQv4NKAS\/ohsIgAAAgQFoAQCCApgPx7\/ItiUTwEDAwc="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364784843,"flow_dst_last_pkt_time":1578508364784751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364784843,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnhDAqAG4NOelbN0qdl\/FC\/g0LI3M54AQEAmIYgAAAQEICiLYlUdgPx7\/"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523109,"flow_dst_last_pkt_time":1578508364786203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364786203,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GKKu\/6qLGwKgBuHZf3SxpEHBBX7euwaAS\/ohj6AAAAgQFoAQCCAo0GJnqItiUTwEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364786273,"flow_dst_last_pkt_time":1578508364786203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364786273,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFbPAqAG4v+qixt0sdl9ft67BaRBwQoAQEAmAJwAAAQEICiLYlUg0GJnq"} 01156{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364786351,"flow_dst_last_pkt_time":1578508364784751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":516,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":516,"pkt_l4_len":482,"thread_ts_usec":1578508364786351,"pkt":"EBMx8Tl2KDc3AG3ICABFAAH2AABAAEAGnE7AqAG4NOelbN0qdl\/FC\/g0LI3M54AYEAnlyAAAAQEICiLYlUhgPx7\/AcAEc2W5VRvDPnxC6ZNXtTyqjCYGMJUjTmjJUOUKnKosvUpjeLi1KBD9Gl0SpSGXIrkNn6C7KE279Sjg7DOSGoDz87EyUEGvUMFz5FN+U0r31bAICZnXfuq0lc9rs1kf7bNjD+ORYtLIa4UJy8enNIxPAk4HwvA+3rJiQq7bf0vBIBgSlJaEL3OkbL6PMcsY6AytCbHWwQNUqzrVKw1VPJ77xU02+dwqjsZ\/lrg1uD03lNKdyEFlGJ02BeF4E8JPm\/1hoH9nxyZ0rAyA+9TJoUNufqAtqvXZoNVAIn3u4I4vwUfjQ0cH1zU1rdHXu\/0AdLT00gIkyCjc+K8qB8caufkR1jWmZQjBGcjUMPyICieFwbw7o7SC+pa398OX2A5zUFoYFrbYryFapSZRoXkA7E7gSEMsgt4gzjFWaFDjtj0gQrWn4v5OEC3H13NYTU9aT1O3BBZjFDrxgPl5OXj6YzFyTFts2likup6YT33hM88mz1kg95ej\/aoS7kzfOq0iUWTyXKiVppXe0XEz6KhMTO1k\/fmz1CFkehBQ4QXp9fBwcm3bhXe0dq1V80Nq7Aur5aw8K3KW7Z98W\/5G+9OrMGYD"} -01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523039,"flow_src_last_pkt_time":1578508364786351,"flow_dst_last_pkt_time":1578508364784751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364786351,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -02214{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1578508364632239,"flow_src_last_pkt_time":1578508364714483,"flow_dst_last_pkt_time":1578508364786943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":340,"flow_src_tot_l4_payload_len":661,"flow_dst_tot_l4_payload_len":404,"midstream":0,"thread_ts_usec":1578508364786943,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":7643.5,"max":72892,"stddev":17918.8,"var":321082976.0,"ent":2.4,"data": [36441,36500,1495,43967,497,46,63,13,18,43065,4,1,1,17,703,21,64,47,32,88,50,77,17,30,32,72892,13,7,734,1,12]},"pktlen": {"min":46,"avg":85.0,"max":473,"stddev":93.3,"var":8701.2,"ent":4.5,"data": [64,60,52,473,52,392,84,53,54,81,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46]},"bins": {"c_to_s": [15,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1],"entropies": [4.421927452,5.379368782,5.115703106,7.505434513,5.310736179,7.434167385,5.999223709,5.232362747,5.342579842,5.892141342,5.115703106,5.115703106,5.115703106,5.024262905,5.115703106,5.869502068,5.116480827,6.709120274,5.214789391,5.552071571,5.902298450,5.154217243,5.228844643,5.462270737,5.552072525,5.115703106,5.310736179,3.969498873,3.926020622,3.969498873,3.969498873,3.969498873]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523039,"flow_src_last_pkt_time":1578508364786351,"flow_dst_last_pkt_time":1578508364784751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364786351,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02112{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1578508364632239,"flow_src_last_pkt_time":1578508364714483,"flow_dst_last_pkt_time":1578508364786943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":340,"flow_src_tot_l4_payload_len":661,"flow_dst_tot_l4_payload_len":404,"midstream":0,"thread_ts_usec":1578508364786943,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":7643.5,"max":72892,"stddev":17918.8,"var":321082976.0,"ent":2.4,"data": [36441,36500,1495,43967,497,46,63,13,18,43065,4,1,1,17,703,21,64,47,32,88,50,77,17,30,32,72892,13,7,734,1,12]},"pktlen": {"min":46,"avg":85.0,"max":473,"stddev":93.3,"var":8701.2,"ent":4.5,"data": [64,60,52,473,52,392,84,53,54,81,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46]},"bins": {"c_to_s": [15,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1],"entropies": [4.421927452,5.379368782,5.115703106,7.505434513,5.310736179,7.434167385,5.999223709,5.232362747,5.342579842,5.892141342,5.115703106,5.115703106,5.115703106,5.024262905,5.115703106,5.869502068,5.116480827,6.709120274,5.214789391,5.552071571,5.902298450,5.154217243,5.228844643,5.462270737,5.552072525,5.115703106,5.310736179,3.969498873,3.926020622,3.969498873,3.969498873,3.969498873]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364787529,"flow_dst_last_pkt_time":1578508364786203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":578,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":578,"pkt_l4_len":544,"thread_ts_usec":1578508364787529,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI0AABAAEAGE7PAqAG4v+qixt0sdl9ft67BaRBwQoAYEAly\/gAAAQEICiLYlUk0GJnqAf4EJhKzdp5pxVQQvZobp5kh+TMF4U\/9E6m1Jb+siU6axKLN+2ZwcIbYufIaN4E1lBtRBxLO\/\/\/3u1CE3oPIXdiN07AhovNAxOgbgENvj3edoo4ICQLGTlBtFbWMvxdBfO+HD5jIH45SObfWIcb0dqjhtOZEdT3CoklJ2b3tMaa5KvkuVFfHwBlaXTwwgAmPHK7s0eXQe17EcT1aCvqSjCCMCCT+8SLinZlW5+mC2pjasEK2OxNuBI9ZU1j\/06qGWR\/mX19XFBQ564nSx\/vZTcv\/LDr5JZ6kVv6ACGrzgDr5ZcOBAIhv+jXwCEpZbzb5mHOVCBb2xQgQNYdfe9BePtcJjPpI\/ZB3+k3+QqRRnAqJCUvrgjfrhnoqBfnZz5Aa92zocc1VuRRwDtWXxF6l4MKhV+YtgjJTQMR2GaI4A4rUu32gdoJ92BBS2gyGJsovefVT5Lp18y4Ggu4XPQZFm31kOhjJGWGyFISukDajIOMlmXuuoktRIYXDsDK+FqGiTLBkTzEuq\/nOQwqHWqUVQv7AtprM8kmJpux9joitBQ9HjtTajRaKcZg4FiAWJsOi0hTrrxXvZLdMGiwPpOvIgWPKH9\/e48WCSCXXeAUIHyszHT55IhnBxoUaDb3mbTerDdH5IGQYH\/H3dqim9yRTiafMm4+oArTm0GJNE7en8qQ="} -01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523109,"flow_src_last_pkt_time":1578508364787529,"flow_dst_last_pkt_time":1578508364786203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364787529,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523109,"flow_src_last_pkt_time":1578508364787529,"flow_dst_last_pkt_time":1578508364786203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":512,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364787529,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364714836,"flow_dst_last_pkt_time":1578508364789015,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364789015,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGVclSkdz5wKgBuHZf3TlFnUTdn3ylU6AScSDFhwAAAgQFrAQCCAqGNr5sItiVBQEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364789130,"flow_dst_last_pkt_time":1578508364789015,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364789130,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGSNnAqAG4UpHc+d05dl+ffKVTRZ1E3oAQECxU+wAAAQEICiLYlUqGNr5s"} 01152{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364790328,"flow_dst_last_pkt_time":1578508364789015,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":508,"pkt_l4_len":474,"thread_ts_usec":1578508364790328,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHuAABAAEAGRx\/AqAG4UpHc+d05dl+ffKVTRZ1E3oAYECw2hgAAAQEICiLYlUuGNr5sAbgE+BmJLzoAbqRJcy4E\/iNtAFtLgtXpllstBclKEt5AnMXYGDdphSPJ1KIQvJTGf+9D1\/uw8EOSSNaNpRNmhN1YpzqwBB+UfOM9qX2vrU3G1YJxG2RZPME5ZUZk\/kgeZ7rIiOnYRKx6kWFUUnLZ8OsoDa3t8bX5X+9+dwsMEQyO6lSJzX\/dEyWFv6AJN2hdOJnpLC472Lu7+E2LUrGhQLC+Emyq1jOnKhDSFttfS00NHmPXwFrclYGDOLl9k+5+G3D529p9EZ6wbdj7Qz\/oRYRnaEpr2ctyJRZdjfnsWEEKb1qoRibikyw5j02Xg59M6viqKIkVIPCRQt5JerVtVIirhv22Km\/aNWFPejNJFLRRr5rwcZVcBqS+S\/tv6ngY\/ko\/\/k2gl4+\/KFrzspSi5aYNJ9t7ke+vJICy6PdG4QxxH8dkPVUkP3dIi1tg77kY0whwnoK1RAs9h5hFL1uTlk2FcOdFu2a7OtIJV6Hxt7a0VtuZleF1M98V0iWkzUB3MBf18p1iVLiMtvw\/17+Q+Xu8T9F2B88ZHPhzy4V1FQfIWioA8cFKRqsn9i6ldmWM9imMP1gRI2YqEw=="} -01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364714836,"flow_src_last_pkt_time":1578508364790328,"flow_dst_last_pkt_time":1578508364789015,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":442,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364790328,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364714836,"flow_src_last_pkt_time":1578508364790328,"flow_dst_last_pkt_time":1578508364789015,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":442,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364790328,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364647922,"flow_dst_last_pkt_time":1578508364799543,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364799543,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jZZAADIGtYai86BTwKgBuHZf3SW77REP6nqwfYAQAOuzMQAAAQEICnVn1Hci2JTH"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364659294,"flow_dst_last_pkt_time":1578508364817367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364817367,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACgG15goQ5CAwKgBuHZf3TZG9x3QfGwlk6AScSARhwAAAgQFoAQCCApyLMYFItiU0QEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364817435,"flow_dst_last_pkt_time":1578508364817367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364817435,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGv6DAqAG4KEOQgN02dl98bCWTRvcd0YAQEAmgwgAAAQEICiLYlWVyLMYF"} 01135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364819362,"flow_dst_last_pkt_time":1578508364817367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":497,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":497,"pkt_l4_len":463,"thread_ts_usec":1578508364819362,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHjAABAAEAGvfHAqAG4KEOQgN02dl98bCWTRvcd0YAYEAkbTwAAAQEICiLYlWZyLMYFAa0Ey5AJp+rqiYui2XJhTnXZBJkH5XqkpqhKXB9q3N\/UBg6aH0ITAIzQTYh41Z0vqIfdNbFjI2M7A8sN9PUiSu8TV5Cs64LQASrBDQCF8MVxSCPGNQ6BEWmSENswxL8ceRJOueTfy5OvLaHSA7FXRwT+XvNykJjth+MvcIxmFGydmjSa4fyssivk0NkecLBk\/LbiDmJu2BTeTgoXHjKEDMg87SrK1iTUWixOVjx7O2MGaELLaKpspEqTGl9xj2HeqWUHMVWd9V+dS7Y+56TCK0GPSragl2QnRf7VlQlCvw0\/MZ7iu\/AW4\/XSWDzw2rHMxbRtGn+M7VSLcDq\/Qe7Z+lWYwJUFWb9o71ZK\/rbouY4G6\/cjr45B\/iiKv9hR4avvCTKzqULT9xMbKgm+cd4Qnn+lpk7BKcksqIBdq8OmF8WO5boWxQBTm85Nir2n\/K5LqPNW5ucu43bvpiH+URwIIGtOBSqDWbESlgX5+Lt+RVXXjyMMA\/ixkSucsRdGQOvHXlsG2vz5qqJ9X2NATbeDunAC77oN2Jcn0vlr5Y\/q51yA38qsdLYzTxhlrKEm+sQ="} -01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364659294,"flow_src_last_pkt_time":1578508364819362,"flow_dst_last_pkt_time":1578508364817367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":431,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":431,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364819362,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364659294,"flow_src_last_pkt_time":1578508364819362,"flow_dst_last_pkt_time":1578508364817367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":431,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":431,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364819362,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364659971,"flow_dst_last_pkt_time":1578508364822285,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364822285,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0EGtAAC8GR9kD0S1PwKgBuHZf3TTdrvLTmxdW8YAQAOtVRwAAAQEICk6VEKsi2JTS"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523182,"flow_dst_last_pkt_time":1578508364823555,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364823555,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACYGE48SimxDwKgBuHZf3S4uwDPtE20MrKAS\/ogQ2gAAAgQFrAQCCAqmusMwItiUTwEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364823597,"flow_dst_last_pkt_time":1578508364823555,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364823597,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+ZbAqAG4EopsQ90udl8TbQysLsAz7oAQECws4QAAAQEICiLYlWmmusMw"} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364824682,"flow_src_last_pkt_time":1578508364824682,"flow_dst_last_pkt_time":1578508364824682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364824682,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364824682,"flow_dst_last_pkt_time":1578508364824682,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508364824682,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGhG3AqAG4n8tUH906dl\/csM+rAAAAALAC\/\/\/IeAAAAgQFtAEDAwUBAQgKItiVagAAAAAEAgAA"} 01270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364825302,"flow_dst_last_pkt_time":1578508364823555,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":597,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":597,"pkt_l4_len":563,"thread_ts_usec":1578508364825302,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJHAABAAEAG94PAqAG4EopsQ90udl8TbQysLsAz7oAYECykNwAAAQEICiLYlWqmusMwAhEE9VEMnxi7\/+u3S\/7SD265WwXEe4fwDjOiQLsVOQxpxalSy7LlsUK4AEo+a1Qu54SdJYKUHtZVjJeiTzpaNscMEPnLhkYVoH1ZsfMM3SzSNckPwo27vBvsTXbvepFdGGfyt6oFIMjfApJBdBhKGuhBHU6KYxOnBPvkfjAzhNAEG9ZOct\/f9PMzeR\/3HfpP\/\/foRU+R\/UwxyK3KsOUDV7ivmQnjXPHpshdWKhSI2CmV4f4t9S2wPNhYMZFG90t1+c8FUX4hZ8IJSblZ1Hw\/xRVdy1XIr79XD\/YbXUlCbMbQSwpyRMeybOWZ\/3FFKK4\/m072RVgcU5vgNs2kQIANqMn50n9GdB1kT5VpcmbfktccGTcPpL5cqtUiHf9rj39T3mWxv4q8GrISLBQTR\/tbUOSXcuAGYHTUa5PLnQdiQlMB2NU3XarTCVXOKj2xulN5GvsPX5Wy2aKOHMGmdrt9tRWyzeNSeOUUMuTlnroJDaW6hq8\/QtG57+o9cfcesHmgUsKpYao1qZUd8lFRvDjla17QhLWfcHO9Zm9qK6x9TBb29EZ6\/QlYYuy+Jy9TbYE\/LjA7KJU9R0TdX0NGBywzUrgAwjm8rFolFhr0dTH8CYc1zYL1wnwny0ezNRkgVRVqWSfxkV4mnKvCfyi9XKSx7Th9OnlEAk6m8Cg8tenmIjIAm6NyXqFCsVFiylc5ACi9wAUl"} -01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523182,"flow_src_last_pkt_time":1578508364825302,"flow_dst_last_pkt_time":1578508364823555,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":531,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364825302,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Mining","proto_by_ip_id":42,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523182,"flow_src_last_pkt_time":1578508364825302,"flow_dst_last_pkt_time":1578508364823555,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":531,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364825302,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"ETHEREUM","proto_by_ip_id":354,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364752659,"flow_dst_last_pkt_time":1578508364829266,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364829266,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0JQ9AACsG43ozJlG0wKgBuHZf3ThkB68WWi0CdYAQAOuoBwAAAQEICoEcihsi2JUn"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523185,"flow_dst_last_pkt_time":1578508364831187,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364831187,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAOcGbbUSilEcwKgBuHZf3S\/8FjKFFTVZHKASaN8k0QAAAgQFrAQCCApjgYkbItiUTwEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364831264,"flow_dst_last_pkt_time":1578508364831187,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364831264,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGFL7AqAG4EopRHN0vdl8VNVkc\/BYyhoAQECyrKAAAAQEICiLYlW9jgYkb"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364832618,"flow_src_last_pkt_time":1578508364832618,"flow_dst_last_pkt_time":1578508364832618,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364832618,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364832618,"flow_dst_last_pkt_time":1578508364832618,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508364832618,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGt9PAqAG4ouQdoN07dl+4t7BdAAAAALAC\/\/8\/HwAAAgQFtAEDAwUBAQgKItiVcAAAAAAEAgAA"} 01189{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364833343,"flow_dst_last_pkt_time":1578508364831187,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_usec":1578508364833343,"pkt":"EBMx8Tl2KDc3AG3ICABFAAILAABAAEAGEufAqAG4EopRHN0vdl8VNVkc\/BYyhoAYECzL6gAAAQEICiLYlXFjgYkbAdUEwUIR9YgFXZ9yiOt5YBH4UtFaqA+cwIzRVHYokt1jt3NSo7VChRqaTps9paUa0ngH25xMfgJbcuBsMxxTxgihIKn5VUXXgWDlNYyvU0KlT1bNUEI4mKZzhEJdNwjpMn9paKBWzu2LEMjx6bLou4eS13z\/nVxfNlGL0J7vv8\/wC8YQ1+XvQyGDWq4sjQibEugRViJciB03P97SSio3NTS6h9JYGoEfM9nybcbgUflDrSQcxM3wZhLR4RyXHFofiZ6ItK5WZXSq5pX\/rioqKS6rjD\/Od8+ItIp1Os0RxmLLf4DWm4\/UMEN2gFSO\/\/Glty20yCOSCBOfFj8FNpqoruWb3E+P4CmQ2C\/teNBBz+h3griSFolu7EDV7zs7SLm4DR4ICIyHvtuOPkeooGrl0tep6tLaxHM2ZkQOiUJRKu+5pHwHgHmEbBncVaLwnhxRCP51iVfM2TEGdhOXmZNW\/1FyvH8rso8UOfKabPq7CXCpZK38otIKu601tzRMGFOYwWIHKFmd+rKAZ\/NBoZt\/6W8POfwll5vHjI\/FLep7U77tKANlUam924r9s1XPKaPkH9fxcGGux9IUOJRyhmfvWk\/b8yyfBvntIhfV4oqnCZvlQGRKNPXA"} -01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523185,"flow_src_last_pkt_time":1578508364833343,"flow_dst_last_pkt_time":1578508364831187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":471,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364833343,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523185,"flow_src_last_pkt_time":1578508364833343,"flow_dst_last_pkt_time":1578508364831187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":471,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364833343,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523037,"flow_dst_last_pkt_time":1578508364841546,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364841546,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADcGsuQiYawWwKgBuHZf3SnE3x7vnZqFEqAS\/ojiZQAAAgQFrAQCCAoxzJM4ItiUTwEDAwc="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364669552,"flow_dst_last_pkt_time":1578508364841574,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364841574,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA05dtAADEGDGhCKlL2wKgBuHZf3SQj+YV5f2ikFYAQAOvH9gAAAQEICh2SYKIi2JTZ"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364841644,"flow_dst_last_pkt_time":1578508364841546,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364841644,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqezAqAG4ImGsFt0pdl+dmoUSxN8e8IAQECz+XAAAAQEICiLYlXkxzJM4"} 01181{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364842889,"flow_dst_last_pkt_time":1578508364841546,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":538,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":538,"pkt_l4_len":504,"thread_ts_usec":1578508364842889,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIMAABAAEAGqBTAqAG4ImGsFt0pdl+dmoUSxN8e8IAYECxvWAAAAQEICiLYlXoxzJM4AdYEGJveRyADLBVKMZahhxe8iy1nCsj88Hn+VCI1ZhH8ThkexIjKZ+gJYRQs9Q8gp0SxRWzlL5srOK7RHQgSezx5G\/2f5opTn8gDQbkYtGhwjaig5UGd3nYCtNjo3pCCtFwvkRTzqXD7Iq0dJgNpjddTaYtUSbwkACumo05BayrfheKfTdJBPJv4f77938XoB3wVQGi3+4i8FyBVBEotI1MXCvmmdMMeptmcfZ638VllMi0Rh\/VHNdjByLP5DCJhUbASWlNYq5nTN81l9oBtm6tpK0e3U71XqFmOUBgwsvscezKqJuaS5SLLWDm62tco9F1i1T9deAc+xWYOLh7B6+BPGVCW7OEK8VzLykyjEaYVNul1gMC2i3lEUxgxdhUIarKuBtjTCTnBpAdiTrbyqCyJlcP0ujLYSllDh2QJQBwLFgJXajMxYFrZusLYdYxpnC5ZIRBdqu5jmEILq8DKiERj97BbSqTxBqUCTYFh1W1cas7gmieavik5Md879U6gYGowC2B7ISqaHTDHCsFSbiSBCOT7MR0EUftgrHLkMPUsSHLzSBZIFPQ+IShfvCynVEtzTumRCr7JCgLWeSyeJC88QEtbW4KnuAEA7XeI0LoSYPB0KbF1Ag=="} -01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523037,"flow_src_last_pkt_time":1578508364842889,"flow_dst_last_pkt_time":1578508364841546,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364842889,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":363,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523037,"flow_src_last_pkt_time":1578508364842889,"flow_dst_last_pkt_time":1578508364841546,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364842889,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364522826,"flow_dst_last_pkt_time":1578508364862022,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364862022,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGeCSlFmshwKgBuHZf3SJnRYz4cyqhtKAScSBl3gAAAgQFrAQCCAo1gVUZItiUTwEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364862123,"flow_dst_last_pkt_time":1578508364862022,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364862123,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGaCzAqAG4pRZrId0idl9zKqG0Z0WM+YAQECz0WAAAAQEICiLYlY01gVUZ"} 01323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364863419,"flow_dst_last_pkt_time":1578508364862022,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":640,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":640,"pkt_l4_len":606,"thread_ts_usec":1578508364863419,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJyAABAAEAGZe7AqAG4pRZrId0idl9zKqG0Z0WM+YAYECyyoAAAAQEICiLYlY41gVUZAjwEBrdPJBbCQwcUaoZCxDis5JSdEax7zMEY4YCdFlAa+2wwGZZ36EDRJsHY24RNDnZBxeFf8+ZYUch2Et7cUHdOXQEUZ47rnkJZmX28hwqPmsvMZwp0u4SsCwU6fDyp5wu3oIPprKqawSO0UwnZY+qOmAlywjHywDySvCmDcdQBHBAbqXg1hFaS6Zu0Yt+EmQ2SXgRv2lskxE+IPCMqlp61qCZ1mhCMgaLwif0PE0IsCA4Ty7TRHTNw\/Hf6TDCrt1\/nHIlW8gmA4jbsBJFZ4LZ+iMrFvWSd\/WoyRpQV7SWRTmpkcyOKLkF6tl2IFdeTTulP3ebUqN6EVnU5au\/BAs41oHA62GK8cobjDyWi2CyTt1aND9UoQFP0l7rB\/ErpMTMKRLEA5Zuwomefcbzmr4te87Tw9oCQCNhAjDwdIOGYD+SpHBB5ILy+9YGqT5Ex3m8DlQTlIggLKSRs4in1kBUBXdUsd9iqqai5H1KXm240BSureCWGelR7oXdvMDpi3zozgae51NiLBIgx+gMQ\/e3lL4W8nVto\/mof3tKTtt98bkiqwWDH6qvnYvhbhiVFm07CuKqLpWNU9Wcgx5kxbwBbKPXf9Fq8ZzDEoB3F1fq1U+75d3yGrfUh2hXruV2WlkO+1dSAMLYM1d7nPwWFt7EhOMM+7PK06co\/LVWapNmiFCLOcJVyBl2rRvFJ1I02w1KAIchuBZOnx1S0yzLXBGNEPLiUxKE4kHe89VgmIYEJ7MA7FceloAWK1TcFJQ=="} -01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522826,"flow_src_last_pkt_time":1578508364863419,"flow_dst_last_pkt_time":1578508364862022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":574,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":574,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364863419,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364522826,"flow_src_last_pkt_time":1578508364863419,"flow_dst_last_pkt_time":1578508364862022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":574,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":574,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364863419,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01115{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":367,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364790328,"flow_dst_last_pkt_time":1578508364866266,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":488,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":488,"pkt_l4_len":454,"thread_ts_usec":1578508364866266,"pkt":"KDc3AG3IEBMx8Tl2CABFCAHa+qFAADMGWYlSkdz5wKgBuHZf3TlFnUTen3ynDYAYAOuFtQAAAQEICoY2vn8i2JVLAaQEbR9vA4hTDZTsaicm3PEQBs1j86Mycfx789yK5+er465ZfyX2n+nTL58MP0xXLKumuX4y77o14\/toVQMmgRjref+Li68nmPtzUmRtU6SEiahbKo37gS4o3M3QF24kGfey3mNBMKT5ToCRQ39nsVmniGV9g4P5ptNKDWJzjosVv\/EszkgGjDts7d78DQ7fT2aF320kValLQcix2tmbKmAHJjMXNvalPWdBFatY1S3SuGiGT248si4LQvX2LhXcMwMNmjXWSm+ZhyVJ6x8N4c0v5VGlJ7q7w0O\/iX79IUfl+TWI9iG4W1vhAosinoYpiMwZUIL688QZo6IvsuhRlPxz0382tUcXd4nr9U3qtZtBw1pnwLKQfkYdchFHLfW+8mV04ZtHZwqSa5CSmB5Qb8duMliiUFy\/ljj65J7vDVtz5fgIwfuLnqtVvR40aKApzo0dLBcVMhz+ay0+xMwy7aRazAp8CHMTMyNk1SJCyHuFy0f5ZZoRQToG5brr9QqeDUfXm1EDXAoRlASzdmea2bev430tJ6icFbvR+n7dpGFOdQOcJeM="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364523145,"flow_dst_last_pkt_time":1578508364877648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364877648,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACEGk4U0u88bwKgBuHZf3S3Pd7n11PppgaAS\/oiD+wAAAgQFoAQCCApvJb2EItiUTwEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364877742,"flow_dst_last_pkt_time":1578508364877648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364877742,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGdI3AqAG4NLvPG90tdl\/U+mmBz3e59oAQEAmf6AAAAQEICiLYlZpvJb2E"} 01261{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364879259,"flow_dst_last_pkt_time":1578508364877648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":591,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":591,"pkt_l4_len":557,"thread_ts_usec":1578508364879259,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJBAABAAEAGcoDAqAG4NLvPG90tdl\/U+mmBz3e59oAYEAlUFAAAAQEICiLYlZtvJb2EAgsE6xKTJBXQxsEIcblA8YWuGBlX2edvBfmPvBZkXHaWRp91epP7e4iIONLEkPKzPxV9IOyZHZcedpL6hYw6wInQoYlx+hppv0waMgIBWmLSTCfvWNetW7\/ShUyZAVcQPqGlZUEdnS87glSJu0TjWVcFlCwUtszBLcpoYlQWRo\/JA5Lg76kyqjO6Ew9RRl57E\/yW7YtcGLE4hzf+4phnzIJI0qrFMHBpdQYxL+0XdAiCPBejALuRJfF4GROCFL+9u7bkhR\/8x6fIWCuqxQwaWHSEHNT+nyNtVkKO\/Co5BQTXYH8NLkO3b\/3\/ef6RaOw7ll3BNFwWjwgG6whXD97UbkJQCwYvADJVjzMFiFI\/D7TLzirbinSeAkcosvdm2jW32UZLF7aFimYj7b3YKrZ5DITIlum52kZX7HdRz2dcxrT2fJRY662FpzIpDKESYgeKbNSTcDvE6lq71DP3omqTEMVuNWaobDW0\/GQ5t\/dJ6+hwQ+f3oDrVu8NtN3eJOI26wZA2QllfeJCTOYHtrV9Au5kIisZW34dRuE82YwceXJObXdwZaKBzuEMB\/dJ7R7IxdUFSfdzKeDDCom1eoEJTWquldifuxur8RpRxD978Rcw\/UDm06vv\/O4ldRcSmuf6+DQmMtWQeCRT8Z0D3nVHJ5Apy5nUhPndFWebhn8oNQ3OVevgEP4m5NWDATyCX"} -01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523145,"flow_src_last_pkt_time":1578508364879259,"flow_dst_last_pkt_time":1578508364877648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":525,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":525,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364879259,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -02223{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364682687,"flow_src_last_pkt_time":1578508364832409,"flow_dst_last_pkt_time":1578508364898847,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":439,"flow_src_tot_l4_payload_len":719,"flow_dst_tot_l4_payload_len":503,"midstream":0,"thread_ts_usec":1578508364898847,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":11802.6,"max":78584,"stddev":26563.9,"var":705640768.0,"ent":2.4,"data": [68454,68561,1411,78125,1877,68,78584,38,219,12,4,177,15,1,106,11,115,2,426,13,74,15,66,39,30,87,16,26,26,67245,39]},"pktlen": {"min":46,"avg":90.4,"max":531,"stddev":111.1,"var":12335.6,"ent":4.4,"data": [64,60,52,531,52,491,84,52,52,53,54,65,52,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.397368431,5.306893826,4.993616104,7.595185280,5.233812809,7.573578358,5.960590839,5.154164791,5.077241421,5.270098686,5.268505573,5.587528229,5.115703106,5.115703106,5.115703106,5.554157257,5.310736179,5.115703106,5.115703106,5.935094357,5.154217243,6.817276955,5.264878273,5.581483841,5.878489017,5.078744411,5.228844166,5.493040085,5.610895157,5.115703106,3.909610271,3.866132259]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -02224{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1578508364714836,"flow_src_last_pkt_time":1578508364867557,"flow_dst_last_pkt_time":1578508364919424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":682,"flow_dst_tot_l4_payload_len":486,"midstream":0,"thread_ts_usec":1578508364919424,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":11526.1,"max":77251,"stddev":26248.2,"var":688970368.0,"ent":2.4,"data": [74179,74294,1198,77251,76054,663,12,594,2,179,16,57,19,60,67,15,72,28,42,24,51962,31,247,15,13,11,81,2,10,6,105]},"pktlen": {"min":46,"avg":87.1,"max":494,"stddev":105.3,"var":11090.0,"ent":4.4,"data": [64,60,52,494,474,52,84,84,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [13,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.441382408,5.381731033,5.115703106,7.596201897,7.501367569,5.115703106,5.935592651,5.974224567,5.115703106,5.115703106,5.982713223,5.154216766,6.770318985,5.264878273,5.610895157,5.743154526,5.041008472,5.154769897,5.523809433,5.581483841,5.115703106,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364523145,"flow_src_last_pkt_time":1578508364879259,"flow_dst_last_pkt_time":1578508364877648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":525,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":525,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364879259,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02121{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364682687,"flow_src_last_pkt_time":1578508364832409,"flow_dst_last_pkt_time":1578508364898847,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":439,"flow_src_tot_l4_payload_len":719,"flow_dst_tot_l4_payload_len":503,"midstream":0,"thread_ts_usec":1578508364898847,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":11802.6,"max":78584,"stddev":26563.9,"var":705640768.0,"ent":2.4,"data": [68454,68561,1411,78125,1877,68,78584,38,219,12,4,177,15,1,106,11,115,2,426,13,74,15,66,39,30,87,16,26,26,67245,39]},"pktlen": {"min":46,"avg":90.4,"max":531,"stddev":111.1,"var":12335.6,"ent":4.4,"data": [64,60,52,531,52,491,84,52,52,53,54,65,52,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.397368431,5.306893826,4.993616104,7.595185280,5.233812809,7.573578358,5.960590839,5.154164791,5.077241421,5.270098686,5.268505573,5.587528229,5.115703106,5.115703106,5.115703106,5.554157257,5.310736179,5.115703106,5.115703106,5.935094357,5.154217243,6.817276955,5.264878273,5.581483841,5.878489017,5.078744411,5.228844166,5.493040085,5.610895157,5.115703106,3.909610271,3.866132259]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02122{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1578508364714836,"flow_src_last_pkt_time":1578508364867557,"flow_dst_last_pkt_time":1578508364919424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":682,"flow_dst_tot_l4_payload_len":486,"midstream":0,"thread_ts_usec":1578508364919424,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":11526.1,"max":77251,"stddev":26248.2,"var":688970368.0,"ent":2.4,"data": [74179,74294,1198,77251,76054,663,12,594,2,179,16,57,19,60,67,15,72,28,42,24,51962,31,247,15,13,11,81,2,10,6,105]},"pktlen": {"min":46,"avg":87.1,"max":494,"stddev":105.3,"var":11090.0,"ent":4.4,"data": [64,60,52,494,474,52,84,84,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [13,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.441382408,5.381731033,5.115703106,7.596201897,7.501367569,5.115703106,5.935592651,5.974224567,5.115703106,5.115703106,5.982713223,5.154216766,6.770318985,5.264878273,5.610895157,5.743154526,5.041008472,5.154769897,5.523809433,5.581483841,5.115703106,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364719135,"flow_dst_last_pkt_time":1578508364920071,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364920071,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0y95AACMGiEFoKtkZwKgBuHZf3SMhYrdh7BRoDYAQAfqZdwAAAQEICu7SsIki2JUJ"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364922060,"flow_src_last_pkt_time":1578508364922060,"flow_dst_last_pkt_time":1578508364922060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364922060,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364922060,"flow_dst_last_pkt_time":1578508364922060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508364922060,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+OGAAAAgQFtAEDAwUBAQgKItiVxAAAAAAEAgAA"} @@ -195,25 +195,25 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364924936,"flow_dst_last_pkt_time":1578508364924936,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508364924936,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtY\/AqAG40frwzd0+dl+QvttrAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKItiVxgAAAAAEAgAA"} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364925232,"flow_src_last_pkt_time":1578508364925232,"flow_dst_last_pkt_time":1578508364925232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364925232,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00746{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364925232,"flow_dst_last_pkt_time":1578508364925232,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1578508364925232,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHG4wAAEARgdzAqAG4I7T2qXZfdl0As6VnAUq3Z7jOf6Ug2frhkOredmKGawH96dNwPwCsVwwwAuHNRLachJG6Hj8pd5+\/iUKj3xzFalkHy\/4zo7e13\/nakEgcyoOcntMlISOmld4GtANNEoWSHW0IYrUbIiG7qvHSAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBg"} -01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364925232,"flow_src_last_pkt_time":1578508364925232,"flow_dst_last_pkt_time":1578508364925232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364925232,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364925232,"flow_src_last_pkt_time":1578508364925232,"flow_dst_last_pkt_time":1578508364925232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364925232,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364819362,"flow_dst_last_pkt_time":1578508364930055,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364930055,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0P7RAACgGl+woQ5CAwKgBuHZf3TZG9x3RfGwnQoAQAOutlAAAAQEICnIsxqEi2JVm"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364824682,"flow_dst_last_pkt_time":1578508364932308,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364932308,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGkHGfy1QfwKgBuHZf3TprW2X93LDPrKAScSCdQwAAAgQFrAQCCApPeKo9ItiVagEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364932360,"flow_dst_last_pkt_time":1578508364932308,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364932360,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGhHnAqAG4n8tUH906dl\/csM+sa1tl\/oAQECwsmQAAAQEICiLYlc1PeKo9"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364932939,"flow_src_last_pkt_time":1578508364932939,"flow_dst_last_pkt_time":1578508364932939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364932939,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1578508364932939,"flow_dst_last_pkt_time":1578508364932939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508364932939,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGvd3AqAG4Etunn90\/dl9+5\/UeAAAAALAC\/\/851wAAAgQFtAEDAwUBAQgKItiVzQAAAAAEAgAA"} 01333{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364933835,"flow_dst_last_pkt_time":1578508364932308,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":637,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":637,"pkt_l4_len":603,"thread_ts_usec":1578508364933835,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJvAABAAEAGgj7AqAG4n8tUH906dl\/csM+sa1tl\/oAYECyPNwAAAQEICiLYlc5PeKo9AjkEpygvnKchHo\/9hxvr5Qw+iboZdo3f3SG7EZvjwd7w\/2cK9Gmp6AB3QTgV0ZKNW3oRtB3OCMj3x8Ruf4hglrPOR8z4gDspichx80Fp3Ii29HmJSooT1ooAwg7QLR5ppOcGiZ0Jee4UwPmXpUCT\/zV+YSxP5MVCiOEH7pByreL9e7s\/NcDeXys4Mo2BRac\/Ej9PResGlgyJh+9FLsXYSx4qZZuwqVCSJSb2XvfEsdTUfWxG\/mlGpGgpf5whPWlAfSz7Oe20c\/f0EdzfgDI9NJpGEjPOBSos\/GuZ0hM9rufVviW2svr975inq+J81tRJ\/ITe1XewQv7g8Xh3dCaSK53YZfjTdmQ2lPtSUaUAWxaD6y7+1W9M79N28CR4hwLEamR83zpLpjhCprS98oS2yZdyQPypaWCSL5+Dc9PGnt860mDm3PmEP69QRVGEgjznQxs7cNWxBeOK2RmYlLOQN6jQA2jxoF\/oOCb3wnN1p\/QyoRd9SyLYwvhPzKpqx\/ZWP+rDLa4sxoTk+7shWb5NDLqplnmJeSxdK+pu7BT4hkAgCMiXUcfj11g2f1fEAf\/z0KfvHYTs3\/pLisnKePFZSFhM458MqwFxoShf1p5bn+un+y25Fcp4W5\/WlRb3XNf8hqwLrfEM7l5rzvGHXMjE7r9jYvWo\/\/uhbuPEvG4FWDxInlL42CndUL+cc9p0TJmh5wXFTY7uBRbaL2JUuah2gQ9\/kEYy1FwIdqoxyM5d3V9+KLYteT7hmCs\/\/g=="} -01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364824682,"flow_src_last_pkt_time":1578508364933835,"flow_dst_last_pkt_time":1578508364932308,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":571,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":571,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364933835,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -02229{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523420,"flow_src_last_pkt_time":1578508364824407,"flow_dst_last_pkt_time":1578508364936429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":395,"flow_dst_max_l4_payload_len":470,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":534,"midstream":0,"thread_ts_usec":1578508364936429,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":23032.1,"max":164457,"stddev":52707.1,"var":2778034688.0,"ent":2.4,"data": [134408,134510,2041,164457,730,163149,164,16,91,13,125,16,10,133,2,2,198,213,439,13,62,28,71,55,19,91,9,24,22,112857,28]},"pktlen": {"min":46,"avg":89.0,"max":522,"stddev":105.0,"var":11031.5,"ent":4.5,"data": [64,60,52,447,52,522,52,84,53,52,52,54,65,68,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.441382408,5.266787052,4.985801220,7.462465286,5.103911400,7.567200184,4.947339535,5.975413799,5.232362270,4.985801220,4.985801220,5.268505096,5.587528229,5.642391205,4.985801220,4.985801220,4.947339535,5.118428230,4.985801220,5.926107883,5.116480827,6.775084019,5.192151546,5.511558533,5.887475491,5.078744888,5.094675064,5.481426716,5.452735901,5.000318050,5.118428230,3.682026386]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Mining","proto_by_ip_id":42,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364824682,"flow_src_last_pkt_time":1578508364933835,"flow_dst_last_pkt_time":1578508364932308,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":571,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":571,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364933835,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02130{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523420,"flow_src_last_pkt_time":1578508364824407,"flow_dst_last_pkt_time":1578508364936429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":395,"flow_dst_max_l4_payload_len":470,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":534,"midstream":0,"thread_ts_usec":1578508364936429,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":23032.1,"max":164457,"stddev":52707.1,"var":2778034688.0,"ent":2.4,"data": [134408,134510,2041,164457,730,163149,164,16,91,13,125,16,10,133,2,2,198,213,439,13,62,28,71,55,19,91,9,24,22,112857,28]},"pktlen": {"min":46,"avg":89.0,"max":522,"stddev":105.0,"var":11031.5,"ent":4.5,"data": [64,60,52,447,52,522,52,84,53,52,52,54,65,68,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.441382408,5.266787052,4.985801220,7.462465286,5.103911400,7.567200184,4.947339535,5.975413799,5.232362270,4.985801220,4.985801220,5.268505096,5.587528229,5.642391205,4.985801220,4.985801220,4.947339535,5.118428230,4.985801220,5.926107883,5.116480827,6.775084019,5.192151546,5.511558533,5.887475491,5.078744888,5.094675064,5.481426716,5.452735901,5.000318050,5.118428230,3.682026386]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"ETHEREUM","proto_by_ip_id":354,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01953{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364925232,"flow_dst_last_pkt_time":1578508364954898,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1099,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1099,"pkt_l4_len":1065,"thread_ts_usec":1578508364954898,"pkt":"KDc3AG3IEBMx8Tl2CABFAAQ91J1AACwRmVQjtPapwKgBuHZddl8EKaTIL6PiPVD76wxxux15bHRlnSs2av4nBFSV7v4bhHiIpeAMxLmbK8f6wiaJfQicCaKdl2RU3riNA4G85e32CrySn3+r4nugeiGUNmLmJTGwe70KAk\/1yl9pMbVr5iHiC9EbAQT5A7z5A7T4TYSnVnoygnZfgnZfuECQJNyxBglNPC+n9m4t\/W08TtywpdWYdWjkRxmhkajaDCz+gK\/mbTitDTyIYj\/DM6dFql13rAhhOsl+TepFcV7R+E2EVmvzPoJ2X4J2X7hAs1lDgaitKFA3cxLdFsLwt7VebQyms4a6o\/fivZtKo8AkJ6dL4w4Dn4+\/vC\/\/JsKeSIScYYBOpqnxxVMZ+XWFxvhNhIui\/9KCdl+Cdl+4QKesUvPGk3pcExPSpjjyYak+S\/zgRaKyCtkCAnADlTupsK\/kU6vbTyjVeYLvjRqhlLfuaobh1XsP1yYWbMEwCkP4TYROL5ObgnZfgnZfuEBjjxCUsfvwMHRxTE5YrP7+ISCuREmPbKrzjoabqIoNEUz\/YRnAV2w6k47DZjKIksCMD5bt88unhn0EsLYp\/SzX+E2EXkQ3ooJ2X4J2X7hAPuP3gMJbiMdT+jVwpl443XaSBNUfQ0qZUmbru+9L8er4h7zKFM+7c1K4WVxLv0mgiZa++5g5WXQyn8nQTgubb\/hNhIpLq76Cdl+Cdl+4QPw+TE9tCaxzvKUZLrSUydGaIDt2Km6jvC1h7Hg9CIqQESMae7r6mkOxEncigdCNSYhdj\/fphc\/puhfvJzVEsBH4TYQj6yXYgnZfgnZfuEC5nQSZ\/xzD17vSEoHg\/jtmGLuRaM3q97\/3Czva8FggRyrw44MHO8OtruMk8OoTJc88hHmdKvMBoeGC+K0eEhFi+E2Ep1ZKIYJ2XYJ2XbhAYZoPsgtYlBM737vFkYUTo\/9EphiWRNvy3F9PFQKE60Wg2vh7fDKeVFJ2s+C3+rlsvule\/8FMZch7lhCdhu+rUPhNhJ3mmFeCdl+Cdl+4QGQs+WUN2IadQlJdv2hYAS47TWT0deczhHq293QjQaQ5dBSGXZU4dOj17ZGw5OHFM97hStHWuydqVFmyRxRg\/w34TYQ050sDgsVJgsVJuEDzSXu93jNII3idYaebqM1QwrATGCoZMfOLWHKo8\/HNEvGmOW1TsZdycKJciiZgh6ud1sRz67L9tP+HeODfKFTV+E2EDfsOx4J2X4J2X7hAH7mV1eGOz5WoeIocWFwRYF7ZVBDRcdtaFFH5u23BFJ62FH1ch71cEmxc8OtYpiPqb2N3y6mQjsQPeWAgtQws9vhNhCPknjSCdl+Cdl+4QFeAPtyTjNbAmZsxJ+YSStMfUptpi+Ck9CtWlo\/Fnkmot5zzhg4wYebjEaqIDMNNKgYreTwT+o6X4euclIzcKBSEXhYgYA=="} 01093{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364925232,"flow_dst_last_pkt_time":1578508364954930,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":467,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":467,"pkt_l4_len":433,"thread_ts_usec":1578508364954930,"pkt":"KDc3AG3IEBMx8Tl2CABFAAHF1J5AACwRm8sjtPapwKgBuHZddl8BsQR1SNeP1ZrG\/ZwtEcGW5vGA0sDGp78prdWhxHtDqEDU7PNKL6kZEdICkE\/ClTr5riDvJ\/S0Juy5pZvsiDZ34LyanRNXXRjpzjohXnlvDARKWl\/FPyuFUx\/5q7iG79kKNiaGAAT5AUT5ATz4TYS5GczRgm\/xgm\/xuEBa13f1PeAY+pXn+QDG2H2vRnbUjALc47yKM1DGaLaCBXAmqDZbTzNfSqGBTAVPFFnsJtnCFC0Fv0w0bIIRmdWp+E2EijsROoJ2X4J2X7hAJi3PrTUi8k0+hp72TGveiEIya6qIgjO27CDPgcM2XClPC4ML\/96HDCNIKvA6L6b3KKoTFoGm44u2hTJ2hJ9PJvhNhM+0ztiCdl+Cdl+4QCCTHaJCBMKOiAeM0+J0ILaNmDQGKBpq95aDifzAyS6BBPIijEGzkyTvF6L1V27y7PdVSWOVkbAaliLEx1mlVCv4TYRf2EBxgnX+gnX+uEAuHZY2QcmV8WQCz4M\/VG5LfG7tHam\/sFovnjhq\/yEXmxTFgIMHUbncizgn1Jn7XeiL7CoOoCVHxB7uvvn28VO3hF4WIGA="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364924936,"flow_dst_last_pkt_time":1578508364957524,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364957524,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGw5PR+vDNwKgBuHZf3T7\/g0hGkL7bbKAScSAsgwAAAgQFrAQCCAoN8FcJItiVxgEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364957613,"flow_dst_last_pkt_time":1578508364957524,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364957613,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtZvAqAG40frwzd0+dl+Qvtts\/4NIR4AQECy8HAAAAQEICiLYleUN8FcJ"} 01113{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364958746,"flow_dst_last_pkt_time":1578508364957524,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":481,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":481,"pkt_l4_len":447,"thread_ts_usec":1578508364958746,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHTAABAAEAGs\/zAqAG40frwzd0+dl+Qvtts\/4NIR4AYECw\/fgAAAQEICiLYleYN8FcJAZ0E+FMyZM6APP7oCGTdgWb3yFwhYBpKGGdHxVs6\/WFawsMKFTP1GE4bS9ZGKitYFI6X9SczYGK34fv33vN7bwOoHuDLSEmFepT6qKIXU0o52LpqO4\/\/S4iCaTUFZU25DlJm7rKyaYiQUNQs188t1MgWKQJll9l7A5c36CcJV13HcpT4uHcO11tQbpUDfAmYHf8g91oohYLCK840wTh1pzwjGdFtPtKPIlkFk1I1KlhfXLsnea7v1Q\/ShXbNxFHOeNcmQxZQK\/djTCT5xFTl26m5hPRLr7bo6oEShkma0QAzk7dx4oLmxs6xdhraZ8\/KLIrywgGOsqHtYNCAN1bYwBrh3O3VymK8Mc6Id82RS+1OENrFg+MVBhmQrqzd8EKkdPY62PYyc6nFRZKHWeOUieBs0SzBcjgQMxcKSxChYDCR9Zj7HIJe0hUt2Ra0u2gRnlW5LF\/F99KO80qZeqJg+U5xv2dN3bWuOXucPVSSrR7+GQvchgofcyhiHymQaVedRTSwqM+Y31quk7elIGo9u8xUlOwxOWWPvJhRHhOVBQ=="} -01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364924936,"flow_src_last_pkt_time":1578508364958746,"flow_dst_last_pkt_time":1578508364957524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":415,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364958746,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364924936,"flow_src_last_pkt_time":1578508364958746,"flow_dst_last_pkt_time":1578508364957524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":415,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364958746,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364832618,"flow_dst_last_pkt_time":1578508364990287,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508364990287,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGxNei5B2gwKgBuHZf3TsLfbp+uLewXqAScSA1yAAAAgQFrAQCCArR1xFdItiVcAEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1578508364990409,"flow_dst_last_pkt_time":1578508364990287,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364990409,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGt9\/AqAG4ouQdoN07dl+4t7BeC326f4AQECzE7QAAAQEICiLYlgPR1xFd"} 01109{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1578508364991987,"flow_dst_last_pkt_time":1578508364990287,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":479,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":479,"pkt_l4_len":445,"thread_ts_usec":1578508364991987,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHRAABAAEAGtkLAqAG4ouQdoN07dl+4t7BeC326f4AYECwyYQAAAQEICiLYlgTR1xFdAZsErzFRgvu+Gdxcx8TKMVxCghDEriO47E5WudgBJPwgVI5ZeUhIj6FWmZ5GxS3JxEI3bBsCNxoaNNpP01hxoKhEu1EuvoxJRf5XfcTJIGw\/MFwRUJh4HL6kR\/jn34l+sva7q\/WyBXlKzPvIRyzywJ1liXjzmxWKe2id5RSlSAow7T5WvtdWiKAb+nXnc7dkjdSjBSKUZ4TTMkO3IjWL+SKI\/3RSCrRnVPtjGYzAFMfVqRv\/uMD1bNp7y4KZ3\/jk3dviqla0NKL26oQNWkRx\/4lRibAA6HeaPLM5EgArtMUSv2WSdh06L9cv5SBvdr6sXpVDgCmt\/IBu9wB4E3kRd31zpdiB6YpVP1mIQgvvYH4AkT0mp2\/8YiSPGmkCB87975cUeLvFeYmvzgoEFASJ+ko3QR3ID+97V6SPEWW2uHZrMaeTrekStj9bkslYH4ydQQHK94CwkhOvMVHIWadQZJ822MSClpsnqpeC4mc3YVT5mKjjEGKet7TUkOlxYVXovRKIKlxDSNSeRJrI\/fo4Rx5zBxDCYkf5z665yx0="} -01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364832618,"flow_src_last_pkt_time":1578508364991987,"flow_dst_last_pkt_time":1578508364990287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":413,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":413,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364991987,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364832618,"flow_src_last_pkt_time":1578508364991987,"flow_dst_last_pkt_time":1578508364990287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":413,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":413,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508364991987,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364958746,"flow_dst_last_pkt_time":1578508364998772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508364998772,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ZbFAADIGXerR+vDNwKgBuHZf3T7\/g0hHkL7dC4AQAOvJnAAAAQEICg3wVyoi2JXm"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364786351,"flow_dst_last_pkt_time":1578508365007518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365007518,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0aAlAACsGSwc056VswKgBuHZf3SosjcznxQv59oAQAfqTrAAAAQEICmA\/IAEi2JVI"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364787529,"flow_dst_last_pkt_time":1578508365008051,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365008051,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0xtZAAC0GYdy\/6qLGwKgBuHZf3SxpEHBCX7ewwYAQAfqLMgAAAQEICjQYmu0i2JVJ"} @@ -223,31 +223,31 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365021490,"flow_dst_last_pkt_time":1578508365021490,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365021490,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGuz\/AqAG4sj4K2t1Cdl8xVnl5AAAAALAC\/\/8AHAAAAgQFtAEDAwUBAQgKItiWHgAAAAAEAgAA"} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365029590,"flow_src_last_pkt_time":1578508365029590,"flow_dst_last_pkt_time":1578508365029590,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365029590,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365029590,"flow_dst_last_pkt_time":1578508365029590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365029590,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqGLAqAG4sj4dt91Ddl+W2yuDAAAAALAC\/\/\/VpgAAAgQFtAEDAwUBAQgKItiWJgAAAAAEAgAA"} -02238{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508364924936,"flow_src_last_pkt_time":1578508365038162,"flow_dst_last_pkt_time":1578508365038195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":415,"flow_dst_max_l4_payload_len":494,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":686,"midstream":0,"thread_ts_usec":1578508365038195,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":7306.0,"max":43142,"stddev":14269.1,"var":203606176.0,"ent":2.8,"data": [32588,32677,1133,41248,3045,43142,1077,15,57,29,33,2220,3,33,1051,3,12,110,51,429,10,11,17,141,33844,34,22,20,33327,11,92]},"pktlen": {"min":52,"avg":106.0,"max":546,"stddev":112.4,"var":12624.2,"ent":4.5,"data": [64,60,52,467,52,546,52,84,53,176,55,68,84,53,195,52,52,52,68,52,84,53,100,67,68,64,64,64,64,212,164,52]},"bins": {"c_to_s": [13,3,0,2,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,1,1,1,1,0,0,1],"entropies": [4.515677452,5.379368782,5.115703106,7.628110409,5.233812809,7.621943474,5.000318050,5.854679585,5.026765347,6.739012241,5.155788422,5.511559486,6.055828571,5.194625378,6.831315041,5.038779736,5.077241421,5.077241421,5.642391205,5.077241421,5.911284924,5.154216290,6.092246532,5.582411766,5.463837624,5.146419048,5.146419048,5.177669048,5.146419048,6.910353184,6.676519394,5.156889439]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +02136{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508364924936,"flow_src_last_pkt_time":1578508365038162,"flow_dst_last_pkt_time":1578508365038195,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":415,"flow_dst_max_l4_payload_len":494,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":686,"midstream":0,"thread_ts_usec":1578508365038195,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":7306.0,"max":43142,"stddev":14269.1,"var":203606176.0,"ent":2.8,"data": [32588,32677,1133,41248,3045,43142,1077,15,57,29,33,2220,3,33,1051,3,12,110,51,429,10,11,17,141,33844,34,22,20,33327,11,92]},"pktlen": {"min":52,"avg":106.0,"max":546,"stddev":112.4,"var":12624.2,"ent":4.5,"data": [64,60,52,467,52,546,52,84,53,176,55,68,84,53,195,52,52,52,68,52,84,53,100,67,68,64,64,64,64,212,164,52]},"bins": {"c_to_s": [13,3,0,2,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,1,1,1,1,0,0,1],"entropies": [4.515677452,5.379368782,5.115703106,7.628110409,5.233812809,7.621943474,5.000318050,5.854679585,5.026765347,6.739012241,5.155788422,5.511559486,6.055828571,5.194625378,6.831315041,5.038779736,5.077241421,5.077241421,5.642391205,5.077241421,5.911284924,5.154216290,6.092246532,5.582411766,5.463837624,5.146419048,5.146419048,5.177669048,5.146419048,6.910353184,6.676519394,5.156889439]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365038942,"flow_src_last_pkt_time":1578508365038942,"flow_dst_last_pkt_time":1578508365038942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365038942,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365038942,"flow_dst_last_pkt_time":1578508365038942,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365038942,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG\/kfAqAG4DeZsKt1Edl+KMGOvAAAAALAC\/\/8AAwAAAgQFtAEDAwUBAQgKItiWLQAAAAAEAgAA"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365009842,"flow_dst_last_pkt_time":1578508365039176,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365039176,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGe3mQW3iHwKgBuHZf3UEpl2emdDhi4qAScSAVuAAAAgQFrAQCCArbhaVwItiWFAEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365039222,"flow_dst_last_pkt_time":1578508365039176,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365039222,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGb4HAqAG4kFt4h91Bdl90OGLiKZdnp4AQECylVgAAAQEICiLYli7bhaVw"} 01286{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365040566,"flow_dst_last_pkt_time":1578508365039176,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":606,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":606,"pkt_l4_len":572,"thread_ts_usec":1578508365040566,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJQAABAAEAGbWXAqAG4kFt4h91Bdl90OGLiKZdnp4AYECxqYwAAAQEICiLYli\/bhaVwAhoEqFEYWui6uaX1mTBG6rJ\/8JvXZeblYDaaKyL0iuOXiWEObGPARK82c8HTtYWWLQhhxAruLAGbxlpr9w7TvDfbVeP\/MRkgtRzc5TCtFameRcH+B+d7AFEdB4usVsU0ck8Wb5F0ikKql9UW81QbaWN2PMkJOtgVoarvJIHAhzBLIMaYXnbzlDS7VFeGTtrkaBEoCBjrBqk+AkezR\/Nv3w+HC14Kwvf\/W78CAyl6tSH14ZXV93iy7UvEP9oI+Ek9ILiFD\/ZpJgcmi1zQM+EiwWSa0UhsLPO0bS19vUIkPVsCN7VcyuAZ\/eQu2gCAFOMbcpKjM406IQF3RzQI+8St0zhrFWneji\/DwmDDltFKqKXlAW5Xi0Is6il2pY2wLukNaMGuMfoWKdNwka5Cdi1A+QGqyacgXhvTr6TyEIs+C2yw3v+D8HjPpBDWFBSwbb\/\/jdzQhUCBfp8WIW8dYat+PUpqCGdtySVtdUgDhcrRLC0kDe8LnTZEtKIGm7bqd0RsDfIgzD\/S+QZ\/Bas4wLL0si7aVjq9NydSlEwtjb2sMaxkzhwLEwQboe7wi\/mqzaFljgD8Odc2h6DZ+tfjfIP5ovETNkHB5GsyBR8lqa6f\/uD8LjuBKbJodrD8U3CVN197WCmu7PxSO96wloa6Y\/pq\/M4Hq\/lbP\/tqWBDOMzwjyvfhDX+w+gI69UUFWFhcCTkTEO51RjRg4K\/eHL3m"} -01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365009842,"flow_src_last_pkt_time":1578508365040566,"flow_dst_last_pkt_time":1578508365039176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365040566,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365009842,"flow_src_last_pkt_time":1578508365040566,"flow_dst_last_pkt_time":1578508365039176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365040566,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364933835,"flow_dst_last_pkt_time":1578508365041341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365041341,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0z6lAADQGwM+fy1QfwKgBuHZf3TprW2X+3LDR54AQAOw5ggAAAQEICk94qlgi2JXO"} -02228{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1578508364659294,"flow_src_last_pkt_time":1578508364932664,"flow_dst_last_pkt_time":1578508365043187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":431,"flow_dst_max_l4_payload_len":423,"flow_src_tot_l4_payload_len":671,"flow_dst_tot_l4_payload_len":487,"midstream":0,"thread_ts_usec":1578508365043187,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":21202.0,"max":158141,"stddev":48725.8,"var":2374199552.0,"ent":2.4,"data": [158073,158141,1927,112688,964,45,111769,2,97,24,66,10,893,34,92,13,26,143,3,148,30,48,25,111098,32,825,2,26,2,1,16]},"pktlen": {"min":46,"avg":87.3,"max":483,"stddev":103.8,"var":10779.3,"ent":4.4,"data": [64,60,52,483,52,475,84,52,52,68,68,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [14,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1],"entropies": [4.484427452,5.346035480,5.077241421,7.564687252,5.233812809,7.546903610,5.936781406,5.115703106,5.154164791,5.653491974,5.612979889,5.077241421,5.154164314,5.811898232,5.109905720,6.736226082,5.149451256,5.359375000,5.770115376,5.072169781,5.074242115,5.414525986,5.488122940,5.032077789,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +02126{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1578508364659294,"flow_src_last_pkt_time":1578508364932664,"flow_dst_last_pkt_time":1578508365043187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":431,"flow_dst_max_l4_payload_len":423,"flow_src_tot_l4_payload_len":671,"flow_dst_tot_l4_payload_len":487,"midstream":0,"thread_ts_usec":1578508365043187,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":21202.0,"max":158141,"stddev":48725.8,"var":2374199552.0,"ent":2.4,"data": [158073,158141,1927,112688,964,45,111769,2,97,24,66,10,893,34,92,13,26,143,3,148,30,48,25,111098,32,825,2,26,2,1,16]},"pktlen": {"min":46,"avg":87.3,"max":483,"stddev":103.8,"var":10779.3,"ent":4.4,"data": [64,60,52,483,52,475,84,52,52,68,68,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [14,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1],"entropies": [4.484427452,5.346035480,5.077241421,7.564687252,5.233812809,7.546903610,5.936781406,5.115703106,5.154164791,5.653491974,5.612979889,5.077241421,5.154164314,5.811898232,5.109905720,6.736226082,5.149451256,5.359375000,5.770115376,5.072169781,5.074242115,5.414525986,5.488122940,5.032077789,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365045064,"flow_src_last_pkt_time":1578508365045064,"flow_dst_last_pkt_time":1578508365045064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365045064,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365045064,"flow_dst_last_pkt_time":1578508365045064,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365045064,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGOT7AqAG4uduFPt1Fdl+PNscoAAAAALAC\/\/\/ScwAAAgQFtAEDAwUBAQgKItiWMgAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1578508364932939,"flow_dst_last_pkt_time":1578508365063785,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365063785,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACMG2uES26efwKgBuHZf3T9fy8\/Lfuf1H6ASaN8cNgAAAgQFrAQCCAoSyYNbItiVzQEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365063889,"flow_dst_last_pkt_time":1578508365063785,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365063889,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGvenAqAG4Etunn90\/dl9+5\/UfX8vPzIAQECyjNQAAAQEICiLYlkUSyYNb"} 01256{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365065166,"flow_dst_last_pkt_time":1578508365063785,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":587,"pkt_l4_len":553,"thread_ts_usec":1578508365065166,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI9AABAAEAGu+DAqAG4Etunn90\/dl9+5\/UfX8vPzIAYECwSKQAAAQEICiLYlkYSyYNbAgcExEL6k7iDCmvDnLTJQ493cMoyN1vB35yNoXPALiSuhgaS7ozJbRQbYOIH3P2cKiRvQXZnyi4u4Lw9Z+qm430tq6fsEdocQZExsicq33nFabONqvhhdUCa\/Ycdml2wvn5dpDCXVB9DNlrFeOeFE91jSn+\/t\/1SEOuxaQXmtjOwaQ1rpHIUzUgqbMGDk2Xf\/clHNIrP+8dybicogNvvQdnfbOpGdx1BoT0UQ\/cJXLKng37Bgj1WiAiOYJXJZa8JBRrhcHue5nPxDIJBjNepGAEan7DM7ryaKTAgOvU\/Di6OjPj6R7ouWTk82ibH7ElOw1FPPG5org7fTBskGPYN2GwayBKfWJqhgX9Gm1oPuX1X+g+ulBxYo6+kcnIZf2UWtLkGazBcTymT3ikMsPJcAOx6Ez506cWe12f8KbpoTZUvcT+X1eAJbGBrWT7DguMC80iDihkY\/yzY\/n3QuAZq24LNcyxoBP\/uCwVTm8qaMGfmyat1VRjTTPpp+Fj+UiG42oX6jN4ArwZ513sZwkaDYmzIysegLaM5r3\/zIAY5u9dqFaz0kd9hCdidoGIQ0QsFKfLzcRD16xeZ1Z2WCedBAjFbCQYMbcXNCoLuX9swWHUyq5fABYOQJH2AbDJ3jx4sK0iNO0HqAWR0fuWK4AaZIlse6PDKjcaLDe4h\/7OZqPG8cMv39kbM44A="} -01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364932939,"flow_src_last_pkt_time":1578508365065166,"flow_dst_last_pkt_time":1578508365063785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":521,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365065166,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508364932939,"flow_src_last_pkt_time":1578508365065166,"flow_dst_last_pkt_time":1578508365063785,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":521,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365065166,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365021490,"flow_dst_last_pkt_time":1578508365065326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365065326,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGx0OyPgrawKgBuHZf3UIGbP5HMVZ5eqAScSDZAAAAAgQFrAQCCAoLgra+ItiWHgEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365065360,"flow_dst_last_pkt_time":1578508365065326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365065360,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGu0vAqAG4sj4K2t1Cdl8xVnl6Bmz+SIAQECxokQAAAQEICiLYlkYLgra+"} 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365065549,"flow_dst_last_pkt_time":1578508364563748,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1578508365065549,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHKIQAAEAR+iHAqAG4QipS9nZfdl8As8h52l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"} 01113{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365066752,"flow_dst_last_pkt_time":1578508365065326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":481,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":481,"pkt_l4_len":447,"thread_ts_usec":1578508365066752,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHTAABAAEAGuazAqAG4sj4K2t1Cdl8xVnl6Bmz+SIAYECxOmwAAAQEICiLYlkcLgra+AZ0EfDFSBUJ6d0+2D0oST02\/uFUlU5RNbQ3HbgqvvNxJKs0OzpHFikNJND1E67AmEorBEgaJseJj+vhGZlyE+Dle+PraWO9mbRrzmtxOgCJZV4CSArT5OQKw2v896ro2qDbOnZCIAxVnAVC9t9odXFYn7H\/gYvVHuaUln5s5mZ4HQ1T8d9T9DiC9L0hrnW5hBxNsN9G8mAOE9jI8ne8sU1Ju3PpSmoLGYt\/2tMKQdKr3b6JvR46ryyF\/ggTQgDOWO+\/\/u7PHJ2w89w4U4HzsOVMmyycVcHql5kvxMaP2MLZBCuWAGfiQvP4NDhOCYJsjW3VrG5K2Se593uQZXIKHtw8sp3F8iPUqyZjRQzR+LL2nJieUq1Y8MfHd1XPGtuFN0votDo3t4Nr7vKG+x0dyopQ8vTOADKbE6V90Y1PkWCGFKzm\/uPJTFa3gZOK8RWQ3Hw7nJYtcfP6Oj2jq2M\/rl54gn8L6crAUrrqlXOvZvOmxqzmJqV2JMCHrRSAFnh\/3FkjCShQBU8f8\/+NikG8L2AStayI0zrPhTf67SIngfA=="} -01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365021490,"flow_src_last_pkt_time":1578508365066752,"flow_dst_last_pkt_time":1578508365065326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":415,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365066752,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365021490,"flow_src_last_pkt_time":1578508365066752,"flow_dst_last_pkt_time":1578508365065326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":415,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365066752,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":653,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365040566,"flow_dst_last_pkt_time":1578508365068441,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365068441,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0nAdAADQG33mQW3iHwKgBuHZf3UEpl2endDhk\/oAQAOuyXAAAAQEICtuFpY4i2JYv"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365029590,"flow_dst_last_pkt_time":1578508365074018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365074018,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGtGayPh23wKgBuHZf3UMO43zOltsrhKAScSBk2gAAAgQFrAQCCArDycEqItiWJgEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365074135,"flow_dst_last_pkt_time":1578508365074018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365074135,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGqG7AqAG4sj4dt91Ddl+W2yuEDuN8z4AQECz0awAAAQEICiLYlk3DycEq"} 01182{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365075281,"flow_dst_last_pkt_time":1578508365074018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":535,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":535,"pkt_l4_len":501,"thread_ts_usec":1578508365075281,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIJAABAAEAGppnAqAG4sj4dt91Ddl+W2yuEDuN8z4AYECyHqwAAAQEICiLYlk7DycEqAdME6NVpajcosq6RM49EGro7mYWbbbLNPN0MLR8kLHZfx0gRuQ1caCQe4U0yUSQ4FqRJFTruoIMfMjaKuB5qGb42uaZfwZcyKyxvWHFQhDs3V1cVuKsNQi9FwM92VgquU08\/I7P7tp\/yUr\/C7VdnIVV6LXyRXLY8SD6SKG8OONIDAfnYGALwXTqYNdb7hmCLjNzLez2AQTXSY0BU6PRI6I+6Xrh5qM1Dxp+uimk1eyS3NPJv+CNAfyRBfI2fRVz0Rx8+c5jquClOTtxiybAEqmdUQtmzluB0+8XEtBbdaCEUu8\/nPQGFeFM8TaJX0fehgXJmCID7QO\/ZOjjty5w+lJljUWbiQnS82Tv7ClrXA5YBJUCb7hPWdEY7D5Cr5tFcy3pQmxdYpUDw3iHqF6ZtLpJBxTh1nAmgVEIzc6Ngf22J6TZ9R35GKyScLBTruRS2zqaCP8fx5W6gqUU8sykz7bsuYPbkz+JXFT0+wtH6sOTjWji6hB8VrfktEi+dELlD8HfujNk3V1tLfHGnF6YOPbmxMRvTb1sUSfnNi2Xggbyo9qfg0\/SGNRxxb1dRKsUqwf\/i+FRRNuU4kTnBm3ou2n2sQQSnceBQMx3V07zKNuITBC74Ug=="} -01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365029590,"flow_src_last_pkt_time":1578508365075281,"flow_dst_last_pkt_time":1578508365074018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":469,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":469,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365075281,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365029590,"flow_src_last_pkt_time":1578508365075281,"flow_dst_last_pkt_time":1578508365074018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":469,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":469,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365075281,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":674,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364825302,"flow_dst_last_pkt_time":1578508365076934,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365076934,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0WHZAACYGuyASimxDwKgBuHZf3S4uwDPuE20Ov4AQAfk32AAAAQEICqa6xFgi2JVq"} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365079165,"flow_src_last_pkt_time":1578508365079165,"flow_dst_last_pkt_time":1578508365079165,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365079165,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365079165,"flow_dst_last_pkt_time":1578508365079165,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365079165,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbbDAqAG4rGlePt1Gdl8dOmrnAAAAALAC\/\/\/VAwAAAgQFtAEDAwUBAQgKItiWUQAAAAAEAgAA"} @@ -255,14 +255,14 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":702,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365045064,"flow_dst_last_pkt_time":1578508365092283,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365092283,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGSEK524U+wKgBuHZf3UWdKkNsjzbHKaASbCBIRwAAAgQFdAQCCAp\/mc8NItiWMgEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":703,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365092423,"flow_dst_last_pkt_time":1578508365092283,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365092423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGOUrAqAG4uduFPt1Fdl+PNscpnSpDbYAQEAzSvAAAAQEICiLYll1\/mc8N"} 01106{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":718,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365094017,"flow_dst_last_pkt_time":1578508365092283,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":476,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":476,"pkt_l4_len":442,"thread_ts_usec":1578508365094017,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHOAABAAEAGN7DAqAG4uduFPt1Fdl+PNscpnSpDbYAYEAwFAAAAAQEICiLYll9\/mc8NAZgEXPbdvtbTmRXtZvkhCpRu89E\/NC0evMSWxfI463ZMNvhJiUNtLl29hStqf1WWeBU1k0TTyXeOv\/rfDFTYD+juJGFonoyCsM3iL6Q9\/v964LYgEWMX9ALB4X30q9QaWo0Bm0qK9UwCQ8U15JoruS\/niDmalsIWQBLJ9q0Ij0l+QS2w4MJipV05eRX1u42NiX0nmbgf66P3ENbOZj\/1aRDDyF+yjCJSZexZkCh3TyvjVjrGklMAsE77Hx\/c36JFY8gxNN5UQueSZRyjaLRTsI3yKKslk2JbQ902NRTc1Rojsg1zBhHRq\/ORbfBLpQVnAzo9YYHG1v3ZkBmEr0D\/uZNUW7OFL1C89+KGfRCCauAg+mHJwhFjmKdLe6NbjRExzUYQIm1BV51xri9clMmcaNO1RuyCxI3E6JGhWjmuGD8Bu8l1qU7n33tia+dLRd8o+DqGHtS040to9Oiy5u2Jm96xP8m1GRaVb+lWWnQCbdKr1vIGF4mbQblvVd7WqYL7sCqoH0rk2G\/9qPEDzYYKUSpck5aEa0\/xYu4="} -01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365045064,"flow_src_last_pkt_time":1578508365094017,"flow_dst_last_pkt_time":1578508365092283,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":410,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":410,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365094017,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":718,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365045064,"flow_src_last_pkt_time":1578508365094017,"flow_dst_last_pkt_time":1578508365092283,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":410,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":410,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365094017,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":728,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365094625,"flow_src_last_pkt_time":1578508365094625,"flow_dst_last_pkt_time":1578508365094625,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365094625,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365094625,"flow_dst_last_pkt_time":1578508365094625,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365094625,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGIHjAqAG4tqKhPd1Hdl8HffxGAAAAALAC\/\/8MGQAAAgQFtAEDAwUBAQgKItiWYAAAAAAEAgAA"} -02232{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":732,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364522827,"flow_src_last_pkt_time":1578508364921758,"flow_dst_last_pkt_time":1578508365096545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":490,"flow_dst_max_l4_payload_len":467,"flow_src_tot_l4_payload_len":730,"flow_dst_tot_l4_payload_len":531,"midstream":0,"thread_ts_usec":1578508365096545,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":31375.8,"max":202293,"stddev":71334.6,"var":5088628224.0,"ent":2.4,"data": [194951,195066,1242,202293,279,25,201303,2,92,53,99,12,102,9,99,103,126,125,566,17,55,13,75,43,16,62,14,42,23,175388,354]},"pktlen": {"min":46,"avg":91.8,"max":542,"stddev":115.5,"var":13350.2,"ent":4.4,"data": [64,60,52,542,52,519,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.421927452,5.333454132,5.038780212,7.555685520,5.246409416,7.620338917,5.920769691,5.115702629,5.154164314,5.282457829,5.154164314,5.280635834,5.493683815,5.154164314,5.154164314,5.622612953,5.154164314,5.246409416,5.154164314,5.716195107,5.109905720,6.683475971,5.149451256,5.517535210,5.772800446,5.034432888,5.111279488,5.487678528,5.447609901,5.070538998,5.207947731,3.725504398]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +02130{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":732,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364522827,"flow_src_last_pkt_time":1578508364921758,"flow_dst_last_pkt_time":1578508365096545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":490,"flow_dst_max_l4_payload_len":467,"flow_src_tot_l4_payload_len":730,"flow_dst_tot_l4_payload_len":531,"midstream":0,"thread_ts_usec":1578508365096545,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":31375.8,"max":202293,"stddev":71334.6,"var":5088628224.0,"ent":2.4,"data": [194951,195066,1242,202293,279,25,201303,2,92,53,99,12,102,9,99,103,126,125,566,17,55,13,75,43,16,62,14,42,23,175388,354]},"pktlen": {"min":46,"avg":91.8,"max":542,"stddev":115.5,"var":13350.2,"ent":4.4,"data": [64,60,52,542,52,519,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.421927452,5.333454132,5.038780212,7.555685520,5.246409416,7.620338917,5.920769691,5.115702629,5.154164314,5.282457829,5.154164314,5.280635834,5.493683815,5.154164314,5.154164314,5.622612953,5.154164314,5.246409416,5.154164314,5.716195107,5.109905720,6.683475971,5.149451256,5.517535210,5.772800446,5.034432888,5.111279488,5.487678528,5.447609901,5.070538998,5.207947731,3.725504398]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365079165,"flow_dst_last_pkt_time":1578508365104666,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365104666,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAADMGeqysaV4+wKgBuHZf3UajVVX7HTpq6KAS\/ojIGAAAAgQFrAQCCAobAQsKItiWUQEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":756,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365104768,"flow_dst_last_pkt_time":1578508365104666,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365104768,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGbbzAqAG4rGlePt1Gdl8dOmroo1VV\/IAQECzlIgAAAQEICiLYlmgbAQsK"} 01189{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":757,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365105962,"flow_dst_last_pkt_time":1578508365104666,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":540,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":540,"pkt_l4_len":506,"thread_ts_usec":1578508365105962,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIOAABAAEAGa+LAqAG4rGlePt1Gdl8dOmroo1VV\/IAYECwW7QAAAQEICiLYlmkbAQsKAdgENvGWIALcyRavCBwbJt1CfNUg\/w7vVWHfH8J5KWihknwYvxplDsXdyWftAj3G+fM+tQYNeRRqV9fPAVRLVkaPykgCZGMetBWkg8g1EQ5mFEgViw63sadlIN8S9WN5GIBRApVfJbbSlMCfWJcZa0tH9XH+xD63X5naFx\/I3C1h66Om1nAJG5Ix1OtubjPWyGTU8F+rguM8ojtmeMyjjp1jZWtYEA7u9eG7fK1N7Fz3wOYh0oApyB9a4p0XRXoYqGzktKnqG2qgJ\/vVp7pWmKPFqQSD40qodQj9kGT35wOKykcoBdUL7GG\/mn8npTocOfCIlUJ4cbQ3th5eBKJWW1WxKlcppyejoAqPdrdWMU8QLppI7nY+a1pOVsyIzTtAKx84qjz778ulAgPZT9fYxUV3GWeJ9CTOyWEvSIygOEK\/WtCrKhuzO+oBsHjvkRRGfO7E47d2BnncLP0X+sMrN5GROuYTifxzQSWjbk6ZH2n\/L8C8i5DWouPFCmxx\/Nq+5zSzTuT+ld4ByyIZWtjl1e\/\/fcHy7eVWGpMQXFUHpvYms7eTjj3Upw9Njh5lpaDrp2sXm3male0wN2mS2E4hsrP1KirQ+3qCHlEQ8gbr7WvKvYCWx4+Bxpvz"} -01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365079165,"flow_src_last_pkt_time":1578508365105962,"flow_dst_last_pkt_time":1578508365104666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":474,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365105962,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":757,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365079165,"flow_src_last_pkt_time":1578508365105962,"flow_dst_last_pkt_time":1578508365104666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":474,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365105962,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":758,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365066752,"flow_dst_last_pkt_time":1578508365108162,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365108162,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0MqxAADQGlJ+yPgrawKgBuHZf3UIGbP5IMVZ7GYAQAOt2BQAAAQEICguCtusi2JZH"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364842889,"flow_dst_last_pkt_time":1578508365112960,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365112960,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0RKBAADcGbkwiYawWwKgBuHZf3SnE3x7wnZqG6oAQAfoJewAAAQEICjHMlHMi2JV6"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":774,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365075281,"flow_dst_last_pkt_time":1578508365121423,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365121423,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA04C1AADQG1ECyPh23wKgBuHZf3UMO43zPltstWYAQAOsBqQAAAQEICsPJwVgi2JZO"} @@ -270,53 +270,53 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":805,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365094017,"flow_dst_last_pkt_time":1578508365141811,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365141811,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0jFFAADEGu\/i524U+wKgBuHZf3UWdKkNtjzbIw4AQAOHgGQAAAQEICn+Zzz8i2JZf"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":806,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364991987,"flow_dst_last_pkt_time":1578508365143179,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365143179,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0qEJAADMGHJ2i5B2gwKgBuHZf3TsLfbp\/uLex+4AQAOvR8gAAAQEICtHXEfsi2JYE"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364863419,"flow_dst_last_pkt_time":1578508365149272,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365149272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA08iVAADAGhgalFmshwKgBuHZf3SJnRYz5cyqj8oAQAOwACAAAAQEICjWBVmsi2JWO"} -02236{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":842,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364824682,"flow_src_last_pkt_time":1578508365044863,"flow_dst_last_pkt_time":1578508365151822,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":571,"flow_dst_max_l4_payload_len":513,"flow_src_tot_l4_payload_len":811,"flow_dst_tot_l4_payload_len":577,"midstream":0,"thread_ts_usec":1578508365151822,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":17655.5,"max":109385,"stddev":39696.4,"var":1575808128.0,"ent":2.4,"data": [107626,107678,1475,109033,1825,109385,687,13,52,13,68,1028,198,109,79,136,133,112,7,116,2,80,130,42,5,71,30,33,21,107121,13]},"pktlen": {"min":46,"avg":95.6,"max":623,"stddev":130.9,"var":17130.1,"ent":4.3,"data": [64,60,52,623,52,565,52,84,53,176,55,68,84,52,53,52,54,52,65,68,52,52,84,52,53,52,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,0,1,1],"entropies": [4.484427452,5.379368782,5.115703583,7.654181480,5.195351601,7.665644169,5.154164791,5.911284924,5.191953182,6.883150101,5.155787945,5.581483364,5.880175591,5.115703106,5.194626331,5.115703106,5.305542946,5.115703106,5.587528229,5.730626106,5.101186275,5.091758728,5.816046715,5.156889915,5.154217243,5.062724590,5.052737236,5.322218418,5.581483364,5.139647484,3.969499111,4.012977600]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +02134{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":842,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364824682,"flow_src_last_pkt_time":1578508365044863,"flow_dst_last_pkt_time":1578508365151822,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":571,"flow_dst_max_l4_payload_len":513,"flow_src_tot_l4_payload_len":811,"flow_dst_tot_l4_payload_len":577,"midstream":0,"thread_ts_usec":1578508365151822,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":17655.5,"max":109385,"stddev":39696.4,"var":1575808128.0,"ent":2.4,"data": [107626,107678,1475,109033,1825,109385,687,13,52,13,68,1028,198,109,79,136,133,112,7,116,2,80,130,42,5,71,30,33,21,107121,13]},"pktlen": {"min":46,"avg":95.6,"max":623,"stddev":130.9,"var":17130.1,"ent":4.3,"data": [64,60,52,623,52,565,52,84,53,176,55,68,84,52,53,52,54,52,65,68,52,52,84,52,53,52,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,0,1,1],"entropies": [4.484427452,5.379368782,5.115703583,7.654181480,5.195351601,7.665644169,5.154164791,5.911284924,5.191953182,6.883150101,5.155787945,5.581483364,5.880175591,5.115703106,5.194626331,5.115703106,5.305542946,5.115703106,5.587528229,5.730626106,5.101186275,5.091758728,5.816046715,5.156889915,5.154217243,5.062724590,5.052737236,5.322218418,5.581483364,5.139647484,3.969499111,4.012977600]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365153718,"flow_src_last_pkt_time":1578508365153718,"flow_dst_last_pkt_time":1578508365153718,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365153718,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":900,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365153718,"flow_dst_last_pkt_time":1578508365153718,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365153718,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGWefAqAG4I+T6jN1Kdl95PEStAAAAALAC\/\/+LMAAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":904,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365154075,"flow_src_last_pkt_time":1578508365154075,"flow_dst_last_pkt_time":1578508365154075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365154075,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":904,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365154075,"flow_dst_last_pkt_time":1578508365154075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365154075,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4TfAqAG4iskMV91Ldl\/HR3E5AAAAALAC\/\/+X6AAAAgQFtAEDAwUBAQgKItiWjwAAAAAEAgAA"} -02231{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365029590,"flow_src_last_pkt_time":1578508365168387,"flow_dst_last_pkt_time":1578508365168448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":469,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":531,"midstream":0,"thread_ts_usec":1578508365168448,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":8956.6,"max":48881,"stddev":17793.5,"var":316609056.0,"ent":2.7,"data": [44428,44545,1146,47405,2629,34,48881,2,106,60,120,15,121,3,107,116,574,31,61,16,57,386,11,31,13,50,43304,549,42693,151,10]},"pktlen": {"min":52,"avg":92.9,"max":521,"stddev":97.8,"var":9570.5,"ent":4.5,"data": [64,60,52,521,52,370,84,52,52,53,52,177,54,52,52,68,52,84,53,176,55,68,84,53,100,67,68,52,84,52,53,56]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1],"entropies": [4.453177452,5.412702084,5.077241421,7.576026917,5.094483852,7.477237225,5.936781406,5.038779736,5.038779736,5.194627285,5.077241421,6.737099171,5.342579842,5.038780212,5.038780212,5.701214790,5.077241421,5.863666058,5.154217243,6.725339890,5.192151546,5.463837624,5.839856625,5.116481781,6.092247009,5.492858887,5.610895157,5.142373085,5.945767879,5.038779736,5.232362270,5.409769058]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +02129{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365029590,"flow_src_last_pkt_time":1578508365168387,"flow_dst_last_pkt_time":1578508365168448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":469,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":757,"flow_dst_tot_l4_payload_len":531,"midstream":0,"thread_ts_usec":1578508365168448,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":8956.6,"max":48881,"stddev":17793.5,"var":316609056.0,"ent":2.7,"data": [44428,44545,1146,47405,2629,34,48881,2,106,60,120,15,121,3,107,116,574,31,61,16,57,386,11,31,13,50,43304,549,42693,151,10]},"pktlen": {"min":52,"avg":92.9,"max":521,"stddev":97.8,"var":9570.5,"ent":4.5,"data": [64,60,52,521,52,370,84,52,52,53,52,177,54,52,52,68,52,84,53,176,55,68,84,53,100,67,68,52,84,52,53,56]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1],"entropies": [4.453177452,5.412702084,5.077241421,7.576026917,5.094483852,7.477237225,5.936781406,5.038779736,5.038779736,5.194627285,5.077241421,6.737099171,5.342579842,5.038780212,5.038780212,5.701214790,5.077241421,5.863666058,5.154217243,6.725339890,5.192151546,5.463837624,5.839856625,5.116481781,6.092247009,5.492858887,5.610895157,5.142373085,5.945767879,5.038779736,5.232362270,5.409769058]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":924,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365169225,"flow_src_last_pkt_time":1578508365169225,"flow_dst_last_pkt_time":1578508365169225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365169225,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":924,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365169225,"flow_dst_last_pkt_time":1578508365169225,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365169225,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGP33AqAG4sAmI0d1Mdl8ouUvbAAAAALAC\/\/+6CgAAAgQFtAEDAwUBAQgKItiWngAAAAAEAgAA"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":927,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365065166,"flow_dst_last_pkt_time":1578508365186550,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365186550,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA09h9AACMG5MkS26efwKgBuHZf3T9fy8\/Mfuf3KIAQANuwWwAAAQEIChLJg3wi2JZG"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":928,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365154075,"flow_dst_last_pkt_time":1578508365186673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365186673,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG7zuKyQxXwKgBuHZf3Uu6UG6Lx0dxOqAScSDP1QAAAgQFrAQCCAq1b4mgItiWjwEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":929,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365186716,"flow_dst_last_pkt_time":1578508365186673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365186716,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4UPAqAG4iskMV91Ldl\/HR3E6ulBujIAQECxfbwAAAQEICiLYlq61b4mg"} 01114{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":932,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365187928,"flow_dst_last_pkt_time":1578508365186673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":483,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":483,"pkt_l4_len":449,"thread_ts_usec":1578508365187928,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHVAABAAEAG36LAqAG4iskMV91Ldl\/HR3E6ulBujIAYECyeGgAAAQEICiLYlq+1b4mgAZ8Ej76Lsxeo0JjhmQv760+e3sDcPI+1NwtbEdQlOqM1IGu+sKFczssAjsKF1N0uSA3EFE1bjOFzOmT1oFXkmPWaqPQ0jAxsR+jtrJ3V0GFTF5BbRz1\/DMZmwP84GMD3KpQlXMSBc++ETHQX3CPcN8IgMjdR3QT0IM+uwS0uEPDQt0vCSfRyooOouihC9YtpM2aAbShI2qiEG11Ab26I3oDh8cg1fK+YeODq4vlfKF4mM+fKD6sSFgyaJ1m7dkOv1d2nBelW22p0yDyP8DpGa1+bdSyn+YdRUY1BRjeptaC0bfgepWFJ5HA66\/\/v9wbXlTEDZ3mvc\/CWL\/5b6cyw8iYzyH1QswjAEnuyStTLMTFI+xMU2sMfifZJ0P3bXe\/dbHC6F1\/88QfXI2e93pgkZBpgBSfBPzzjryponn5tfywe\/UWwEuEj8dOsFVIRxJgdI7s+pJdO1b1g+KHuKGk2wwvnxhLf8hpJ6\/wdpga\/uoA5GhdKUYfG9fU8IrF5nmEnH0DWeT2URdcwN4dH3IBbthpwloLq43NhWyrxO2tEcl5j"} -01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365154075,"flow_src_last_pkt_time":1578508365187928,"flow_dst_last_pkt_time":1578508365186673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":417,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":417,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365187928,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":932,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365154075,"flow_src_last_pkt_time":1578508365187928,"flow_dst_last_pkt_time":1578508365186673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":417,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":417,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365187928,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":954,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365189114,"flow_src_last_pkt_time":1578508365189114,"flow_dst_last_pkt_time":1578508365189114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365189114,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":954,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365189114,"flow_dst_last_pkt_time":1578508365189114,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365189114,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtk3AqAG4VdZsNN1Odl+\/h8KiAAAAALAC\/\/8jMQAAAgQFtAEDAwUBAQgKItiWsAAAAAAEAgAA"} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":955,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365189369,"flow_src_last_pkt_time":1578508365189369,"flow_dst_last_pkt_time":1578508365189369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365189369,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":955,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365189369,"flow_dst_last_pkt_time":1578508365189369,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1578508365189369,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcflcAAEARfx\/AqAG4Etunn3Zfdl8AiGnBB7Pc5ZlsDZTbUrqaaoRxeL1l7Crbcxf\/BOXFZNGdyZsOxpmBlW67u9+KWe59CkWnKw2GIsEnEKk87oxTf3me3BvKcrMQD0jXMXlBXiHkLViPnwRaOVxyx4odh7D\/BO97AAHdBMuEfwAAAYJ2X4J2X8mEEtunn4J2X4CEXhYgYQU="} -01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365189369,"flow_src_last_pkt_time":1578508365189369,"flow_dst_last_pkt_time":1578508365189369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365189369,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -02238{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":966,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365045064,"flow_src_last_pkt_time":1578508365193903,"flow_dst_last_pkt_time":1578508365193933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":410,"flow_dst_max_l4_payload_len":382,"flow_src_tot_l4_payload_len":698,"flow_dst_tot_l4_payload_len":623,"midstream":0,"thread_ts_usec":1578508365193933,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":9603.5,"max":51634,"stddev":18821.1,"var":354234048.0,"ent":2.8,"data": [47219,47359,1594,49528,3728,51634,828,16,1020,92,14,1,37,127,71,134,135,105,102,138,138,353,12,12,16,83,45623,1100,32,46342,115]},"pktlen": {"min":52,"avg":93.9,"max":462,"stddev":97.7,"var":9536.3,"ent":4.5,"data": [64,60,52,462,52,434,52,84,53,84,176,52,55,68,53,52,208,52,55,52,68,52,84,53,100,67,68,52,52,84,52,53]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,0,0,0,0,1,0,1,0,1,0,1,0,0,0,0,0,0,1,1,1,0,1],"entropies": [4.453177452,5.346035004,5.115703106,7.515024185,5.233812809,7.417223930,4.993616104,5.784938335,5.072169304,5.912971973,6.701569080,5.101185799,5.178425789,5.447610855,5.218119621,5.101185799,6.890011311,5.062724113,5.253729820,5.062724113,5.434425354,5.062724113,5.620957375,5.057926178,6.028760910,5.398105145,5.477022171,5.180834770,5.180834770,5.823570728,5.062724113,5.218119144]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":955,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365189369,"flow_src_last_pkt_time":1578508365189369,"flow_dst_last_pkt_time":1578508365189369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365189369,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02136{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":966,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365045064,"flow_src_last_pkt_time":1578508365193903,"flow_dst_last_pkt_time":1578508365193933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":410,"flow_dst_max_l4_payload_len":382,"flow_src_tot_l4_payload_len":698,"flow_dst_tot_l4_payload_len":623,"midstream":0,"thread_ts_usec":1578508365193933,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":9603.5,"max":51634,"stddev":18821.1,"var":354234048.0,"ent":2.8,"data": [47219,47359,1594,49528,3728,51634,828,16,1020,92,14,1,37,127,71,134,135,105,102,138,138,353,12,12,16,83,45623,1100,32,46342,115]},"pktlen": {"min":52,"avg":93.9,"max":462,"stddev":97.7,"var":9536.3,"ent":4.5,"data": [64,60,52,462,52,434,52,84,53,84,176,52,55,68,53,52,208,52,55,52,68,52,84,53,100,67,68,52,52,84,52,53]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,0,0,0,0,1,0,1,0,1,0,1,0,0,0,0,0,0,1,1,1,0,1],"entropies": [4.453177452,5.346035004,5.115703106,7.515024185,5.233812809,7.417223930,4.993616104,5.784938335,5.072169304,5.912971973,6.701569080,5.101185799,5.178425789,5.447610855,5.218119621,5.101185799,6.890011311,5.062724113,5.253729820,5.062724113,5.434425354,5.062724113,5.620957375,5.057926178,6.028760910,5.398105145,5.477022171,5.180834770,5.180834770,5.823570728,5.062724113,5.218119144]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":986,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1578508364879259,"flow_dst_last_pkt_time":1578508365194549,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365194549,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0UNhAACEGQrU0u88bwKgBuHZf3S3Pd7n21PprjoAQAfmqiwAAAQEICm8lvuMi2JWb"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":987,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365194618,"flow_src_last_pkt_time":1578508365194618,"flow_dst_last_pkt_time":1578508365194618,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365194618,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":987,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365194618,"flow_dst_last_pkt_time":1578508365194618,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365194618,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGkX3AqAG4ynAcat1Pdl84sWAlAAAAALAC\/\/\/nsAAAAgQFtAEDAwUBAQgKItiWswAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1015,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365169225,"flow_dst_last_pkt_time":1578508365201994,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365201994,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGTYGwCYjRwKgBuHZf3UxCOLg9KLlL3KAScSB8NwAAAgQFrAQCCAqsVDbiItiWngEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365202054,"flow_dst_last_pkt_time":1578508365201994,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365202054,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGP4nAqAG4sAmI0d1Mdl8ouUvcQji4PoAQECwL1AAAAQEICiLYlrqsVDbi"} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365203398,"flow_dst_last_pkt_time":1578508365201994,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":597,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":597,"pkt_l4_len":563,"thread_ts_usec":1578508365203398,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJHAABAAEAGPXbAqAG4sAmI0d1Mdl8ouUvcQji4PoAYECzTgAAAAQEICiLYlrusVDbiAhEE8PJpnPbySdRqYDVxMP+F\/sUREqF\/ZPapL0ZkwOKMkrT9n4zoxh41j\/glS+PHo\/5d9kUdB0t8XsUegDI2rTK1qd731I+OxYB5atRAvsAHKjhEJvXyxBlcONwpQSP\/EbY3bHhBzCKl6skIsbvrHid\/G+pdbkvCg99m5ksWTyjKeOLBOEzpnsCQQJ46PAi5Gt+cDzFuB51Q88zUU35bDXVA0lLvIw+\/X9Ad5weyrfi170rwq+ovDDRTwLnXqPpcqTfzPWDebsd\/6JjsLeqiFe0w+TGqkb7XnmvyJRXCCSwZwNWBqW2wMglzYEG7ltbYW98qdjPkjWQR+9tsbEjKGZaGADeDpJTqev97xI1vdrueDinIGP0oRJzLadvSTqC2Ltp\/C5Yi2IWcYPY8sywmbCd7WiiseixOfbruQnBYJcuCqP9v9CzDCs5AIhr5M0ZuPRMu5dbjOvMkXJ3NW6ba6vBl30SnnPSKHWyXB5KIK4IjuThpFVBpTLHLgCfrizWGDE\/hM2VI817zJI53Z4uO\/Bb+w7RrXYUFd2cFzRSZ49MZ\/vQhuKbfvsBPQ88Ow0AARIwIVnac6G2XL8ek6PHG7zFReTp7DodXUTvDgJg7wZNQ8sPEdVrTFE2Fs9IZezbTOy5TaeVX30ypx3wwNi5iz9g3SdiXLC8HImUZXOcXLmnt\/fLL7x6cPdF8T6a4GSRCrRxx"} -01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365169225,"flow_src_last_pkt_time":1578508365203398,"flow_dst_last_pkt_time":1578508365201994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":531,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365203398,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1017,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365169225,"flow_src_last_pkt_time":1578508365203398,"flow_dst_last_pkt_time":1578508365201994,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":531,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365203398,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365153718,"flow_dst_last_pkt_time":1578508365210541,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365210541,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGY+sj5PqMwKgBuHZf3UovaHbWeTxErqASbgBmbgAAAgQFjAQCCAqaQodaItiWjwEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1019,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365210643,"flow_dst_last_pkt_time":1578508365210541,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365210643,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGWfPAqAG4I+T6jN1Kdl95PESuL2h214AQECjytwAAAQEICiLYlsKaQoda"} 01170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1028,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365212245,"flow_dst_last_pkt_time":1578508365210541,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"thread_ts_usec":1578508365212245,"pkt":"EBMx8Tl2KDc3AG3ICABFAAICAABAAEAGWCXAqAG4I+T6jN1Kdl95PESuL2h214AYECioawAAAQEICiLYlsOaQodaAcwEDGHd5l7+RqBaG9K9E7p7eG1uwAqixy4kSbBlThBTBG3PJd151620cEM1KQv3FuVJ+m1O2Bl3PuHLNFy9+uCW9rXxDdjuGQLXopWglXnwA4vfKEaNoP1guYL9OWT9VrChHEKiZqWq5OPiLXJzIZxm0n+wOzc0TDxP3Ht4K\/8RxdBrGYRmBMp07Ku6MClzvshXnlOvFHLazXKckRDG1GrWhz3NC7HBzBC9vkWn4WuX0jDrGRuGgtbmHSC64XeGp91\/wQF5bA7lAbI7LP3qdWbWTriU3RLdD8BmAS\/9dis\/zPdM5RETmZgdmAGlh3YwpDE5sG4MLluRHTzgmeIW7EmXVuGjbPylkf5LQudyfHFWA8SFV8O+KuOXVRm\/H7JIFsIytQFbbnKqauEeQrW+BY51hlWUwFSH9NDdlRqtdSDGMYgECxSuxXCShGy9Px\/C7H5nI3SxVQKdMhmtMLGuO5bZFjGsHe74YCTQbrTiV5NRiVqSYealCdEu8Pya28B4kuNJe4f9BwCRIHIINgi+gSgDYgqkleDY0V8p5fcl7nNE+5TRnQ6seUsPtEv7gQuDD9lZ+LTCKuzbZiHiplBuxx7+2Bnil1lw82hEQJ2q"} -01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365153718,"flow_src_last_pkt_time":1578508365212245,"flow_dst_last_pkt_time":1578508365210541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":462,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":462,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365212245,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -02228{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1030,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523039,"flow_src_last_pkt_time":1578508365008936,"flow_dst_last_pkt_time":1578508365219392,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":453,"flow_src_tot_l4_payload_len":690,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1578508365219392,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":38137.1,"max":261804,"stddev":87113.6,"var":7588779008.0,"ent":2.3,"data": [261712,261804,1508,222767,73,3,23,221290,9,6,194,11,189,20,102,10,88,9,563,27,71,35,50,54,29,73,9,29,34,211443,15]},"pktlen": {"min":46,"avg":90.2,"max":505,"stddev":109.1,"var":11904.3,"ent":4.4,"data": [64,60,52,502,52,505,84,53,52,52,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.472632408,5.279368401,4.971284389,7.593235970,5.176993370,7.560348034,5.783750057,5.246605873,5.115703106,5.115703106,5.077241421,5.287864685,5.597605228,5.115703106,5.077241421,5.652023315,5.209868431,5.115703106,5.115703106,5.731483459,5.109905720,6.885459900,5.149450779,5.450927734,5.835707664,5.147641182,5.185353279,5.518447876,5.509750366,5.032077789,5.246409416,3.768982887]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00955{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1028,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365153718,"flow_src_last_pkt_time":1578508365212245,"flow_dst_last_pkt_time":1578508365210541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":462,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":462,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365212245,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02126{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1030,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523039,"flow_src_last_pkt_time":1578508365008936,"flow_dst_last_pkt_time":1578508365219392,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":453,"flow_src_tot_l4_payload_len":690,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1578508365219392,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":38137.1,"max":261804,"stddev":87113.6,"var":7588779008.0,"ent":2.3,"data": [261712,261804,1508,222767,73,3,23,221290,9,6,194,11,189,20,102,10,88,9,563,27,71,35,50,54,29,73,9,29,34,211443,15]},"pktlen": {"min":46,"avg":90.2,"max":505,"stddev":109.1,"var":11904.3,"ent":4.4,"data": [64,60,52,502,52,505,84,53,52,52,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.472632408,5.279368401,4.971284389,7.593235970,5.176993370,7.560348034,5.783750057,5.246605873,5.115703106,5.115703106,5.077241421,5.287864685,5.597605228,5.115703106,5.077241421,5.652023315,5.209868431,5.115703106,5.115703106,5.731483459,5.109905720,6.885459900,5.149450779,5.450927734,5.835707664,5.147641182,5.185353279,5.518447876,5.509750366,5.032077789,5.246409416,3.768982887]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1036,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365187928,"flow_dst_last_pkt_time":1578508365220554,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365220554,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0oJ9AADIGTqSKyQxXwKgBuHZf3Uu6UG6Mx0dy24AQAOts7QAAAQEICrVvicEi2Jav"} -02228{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1043,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523109,"flow_src_last_pkt_time":1578508365009640,"flow_dst_last_pkt_time":1578508365221428,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":459,"flow_src_tot_l4_payload_len":752,"flow_dst_tot_l4_payload_len":523,"midstream":0,"thread_ts_usec":1578508365221428,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":38221.0,"max":263164,"stddev":87319.6,"var":7624720896.0,"ent":2.3,"data": [263094,263164,1256,221848,245,3,9,220800,8,13,125,15,115,10,130,9,138,8,711,8,50,43,2,70,7,75,9,33,11,212620,221]},"pktlen": {"min":46,"avg":92.1,"max":564,"stddev":117.4,"var":13788.7,"ent":4.4,"data": [64,60,52,564,52,511,84,53,52,52,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.421927452,5.346035480,4.947339535,7.600792408,5.169486523,7.523147583,5.992197990,5.169249058,5.077241421,5.077241421,5.077241421,5.243598461,5.597605228,5.077241421,5.077241421,5.582098961,5.169486046,5.077241421,5.077241421,5.874339581,4.996697903,6.697847366,5.062998295,5.410989761,5.779101849,5.034433842,5.037205219,5.383756638,5.546946526,4.955154419,3.682026148,3.682026148]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +02126{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1043,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523109,"flow_src_last_pkt_time":1578508365009640,"flow_dst_last_pkt_time":1578508365221428,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":459,"flow_src_tot_l4_payload_len":752,"flow_dst_tot_l4_payload_len":523,"midstream":0,"thread_ts_usec":1578508365221428,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":38221.0,"max":263164,"stddev":87319.6,"var":7624720896.0,"ent":2.3,"data": [263094,263164,1256,221848,245,3,9,220800,8,13,125,15,115,10,130,9,138,8,711,8,50,43,2,70,7,75,9,33,11,212620,221]},"pktlen": {"min":46,"avg":92.1,"max":564,"stddev":117.4,"var":13788.7,"ent":4.4,"data": [64,60,52,564,52,511,84,53,52,52,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.421927452,5.346035480,4.947339535,7.600792408,5.169486523,7.523147583,5.992197990,5.169249058,5.077241421,5.077241421,5.077241421,5.243598461,5.597605228,5.077241421,5.077241421,5.582098961,5.169486046,5.077241421,5.077241421,5.874339581,4.996697903,6.697847366,5.062998295,5.410989761,5.779101849,5.034433842,5.037205219,5.383756638,5.546946526,4.955154419,3.682026148,3.682026148]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365189114,"flow_dst_last_pkt_time":1578508365223317,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365223317,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGxFFV1mw0wKgBuHZf3U5vpmVtv4fCo6ASOJBjegAAAgQFrAQCCApls11ZItiWsAEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1062,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365223392,"flow_dst_last_pkt_time":1578508365223317,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365223392,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtlnAqAG4VdZsNN1Odl+\/h8Kjb6ZlboAQECy6hQAAAQEICiLYls1ls11Z"} 01239{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1071,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365225314,"flow_dst_last_pkt_time":1578508365223317,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":574,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":574,"pkt_l4_len":540,"thread_ts_usec":1578508365225314,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIwAABAAEAGtF3AqAG4VdZsNN1Odl+\/h8Kjb6ZlboAYECw2MQAAAQEICiLYls9ls11ZAfoEoC3aHaIYpG5Sxx6O8FXsfPZQeNM1OJsBBwZRsqnAvPSRl\/wZXOiCwtj2F6lFdpdsX\/t7QMqDehmqQ+9vERZs9PILcJLcBml7Ez9pBoXKWo2a1xhp9o6yCMZgukG0MBan0OKAz47yPC5wnomR\/MuLddByIHP\/f\/h\/o6Qnrr1MmY+TM7SuRmDBQf8v8wWNvCAoKbXByuyrmRjJZrU2hDpQzpN4v2Bw7oyPFNlmvz0MKwBU7CqeCSZeCWaTlXhpFAlV36AIgHdE4mmb+gQtXFHUXB9WpHTuiQMm1scnmCYryQ8dOvcVFbv5TmQ8Kj2oSUGkcrB3ssC8ZytCxYX0rZedl0d0Q+DiFqxbwHcfjoh3DpqVbSn2vdfOCR2qdhWS14gskGAO0InEx6PohcRV+m1ZyFsXfOrikb4qfgfqUI9UP2KncRJp1c5Fi0tR6YuflDWYF7UGbDWjl2wRylBwf3GccEyb5dDzE4lv7AE3RKd2bMclnR+bx7IsMu5WJC07eJd26S5YVacSnSPJb+5RJ0hVb\/gBVH\/o84gCBh3u\/eMuCT7sc5gynbtDNrNRUySNxNNyIKuvBaDfYp+WLiirjjcfu85ARWFJ+YBheABUeZucfRZPhnvyjyZaHsqwqyEuFr9gtV3NhBAl2ctvT\/1EdG2AgSvAxTl8l4jvSA=="} -01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365189114,"flow_src_last_pkt_time":1578508365225314,"flow_dst_last_pkt_time":1578508365223317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":508,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":508,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365225314,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1071,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365189114,"flow_src_last_pkt_time":1578508365225314,"flow_dst_last_pkt_time":1578508365223317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":508,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":508,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365225314,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1083,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365226088,"flow_src_last_pkt_time":1578508365226088,"flow_dst_last_pkt_time":1578508365226088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365226088,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1083,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365226088,"flow_dst_last_pkt_time":1578508365226088,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365226088,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQk7AqAG4ikurvt1Rdl8erUWUAAAAALAC\/\/\/M9wAAAgQFtAEDAwUBAQgKItiW0AAAAAAEAgAA"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1084,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365203398,"flow_dst_last_pkt_time":1578508365235931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365235931,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA03PBAADIGcJiwCYjRwKgBuHZf3UxCOLg+KLlN74AQAOsY3wAAAQEICqxUNwQi2Ja7"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1104,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365239758,"flow_src_last_pkt_time":1578508365239758,"flow_dst_last_pkt_time":1578508365239758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365239758,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365239758,"flow_dst_last_pkt_time":1578508365239758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365239758,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGQhrAqAG4neaYV91Sdl9OT1qyAAAAALAC\/\/+H9wAAAgQFtAEDAwUBAQgKItiW2wAAAAAEAgAA"} -02231{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1132,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1578508365154075,"flow_src_last_pkt_time":1578508365225822,"flow_dst_last_pkt_time":1578508365257069,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":417,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":657,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1578508365257069,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":5636.8,"max":36541,"stddev":12197.5,"var":148778048.0,"ent":2.6,"data": [32598,32641,1212,33881,3882,36541,367,364,134,135,131,136,417,10,43,12,102,2,13,40,18,46,15,31120,114,13,120,11,562,50,11]},"pktlen": {"min":46,"avg":84.1,"max":469,"stddev":91.5,"var":8376.2,"ent":4.5,"data": [64,60,52,469,52,379,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46]},"bins": {"c_to_s": [14,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1],"entropies": [4.515677452,5.379368782,5.077241421,7.567195415,5.310736179,7.401209831,5.115703106,5.951604366,5.115703106,5.671802521,5.154164791,5.701214790,5.115703583,5.958903790,5.229689121,6.830620766,5.251152992,5.581483841,5.896461964,5.191953182,5.265881062,5.554578781,5.581483841,5.192626476,5.310736179,3.682026148,3.682026148,3.682026148,3.682026148,3.682026148,3.682026148,3.682026148]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +02129{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1132,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1578508365154075,"flow_src_last_pkt_time":1578508365225822,"flow_dst_last_pkt_time":1578508365257069,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":417,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":657,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1578508365257069,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":5636.8,"max":36541,"stddev":12197.5,"var":148778048.0,"ent":2.6,"data": [32598,32641,1212,33881,3882,36541,367,364,134,135,131,136,417,10,43,12,102,2,13,40,18,46,15,31120,114,13,120,11,562,50,11]},"pktlen": {"min":46,"avg":84.1,"max":469,"stddev":91.5,"var":8376.2,"ent":4.5,"data": [64,60,52,469,52,379,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46]},"bins": {"c_to_s": [14,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1],"entropies": [4.515677452,5.379368782,5.077241421,7.567195415,5.310736179,7.401209831,5.115703106,5.951604366,5.115703106,5.671802521,5.154164791,5.701214790,5.115703583,5.958903790,5.229689121,6.830620766,5.251152992,5.581483841,5.896461964,5.191953182,5.265881062,5.554578781,5.581483841,5.192626476,5.310736179,3.682026148,3.682026148,3.682026148,3.682026148,3.682026148,3.682026148,3.682026148]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1137,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365225314,"flow_dst_last_pkt_time":1578508365259805,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365259805,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0OBRAADIGjEVV1mw0wKgBuHZf3U5vpmVuv4fEn4AQAHrIFQAAAQEICmWzXX0i2JbP"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1145,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365212245,"flow_dst_last_pkt_time":1578508365266931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365266931,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0LhxAADYGNdcj5PqMwKgBuHZf3UovaHbXeTxGfIAQAOX\/8gAAAQEICppCh5Mi2JbD"} -02245{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1171,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365079165,"flow_src_last_pkt_time":1578508365271500,"flow_dst_last_pkt_time":1578508365271455,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":780,"midstream":0,"thread_ts_usec":1578508365271500,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":12407.3,"max":116020,"stddev":26211.9,"var":687065472.0,"ent":2.9,"data": [25501,25603,1194,25860,91412,116020,834,13,59,13,31,24470,23554,429,12,15,16,655,121,709,21,11,5,23284,18,24097,248,344,46,20,10]},"pktlen": {"min":52,"avg":102.3,"max":526,"stddev":108.5,"var":11769.5,"ent":4.5,"data": [64,60,52,526,52,384,52,84,53,176,55,68,292,52,84,53,100,67,52,68,52,52,52,52,260,52,52,84,52,53,55,64]},"bins": {"c_to_s": [14,4,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,1,1,1,1,1,0,0,1,0,0,0],"entropies": [4.441382408,5.289900780,4.976373672,7.566489220,5.131024361,7.376211166,5.053297043,5.896462440,5.130724430,6.832929611,5.096785545,5.533761978,7.210265636,5.053297043,5.805871487,5.055253029,5.924697399,5.492858887,5.246409416,5.480678558,5.246409416,5.169486046,5.246409416,5.246409416,7.089441776,5.193430901,4.976373672,5.702836037,5.193430901,5.130724430,5.205876350,5.255445480]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -02229{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1188,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1578508365169225,"flow_src_last_pkt_time":1578508365239481,"flow_dst_last_pkt_time":1578508365271811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":428,"flow_src_tot_l4_payload_len":771,"flow_dst_tot_l4_payload_len":492,"midstream":0,"thread_ts_usec":1578508365271811,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":5575.5,"max":34994,"stddev":12229.4,"var":149558160.0,"ent":2.5,"data": [32769,32829,1344,33937,2357,34994,270,193,122,12,123,10,417,12,70,10,89,1,14,53,11,44,42,32625,14,112,124,133,12,7,92]},"pktlen": {"min":46,"avg":90.6,"max":583,"stddev":116.9,"var":13676.1,"ent":4.4,"data": [64,60,52,583,52,480,52,84,52,68,68,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [14,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1],"entropies": [4.453177452,5.379369259,5.115703106,7.627379894,5.272274971,7.546579361,5.077241421,5.936781406,5.077241421,5.701214314,5.701214314,5.115703106,5.115703106,5.911284924,5.154217243,6.794458389,5.228514671,5.699130058,5.935094357,5.191953182,5.228844166,5.493040085,5.581483841,5.154164791,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +02143{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1171,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365079165,"flow_src_last_pkt_time":1578508365271500,"flow_dst_last_pkt_time":1578508365271455,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":810,"flow_dst_tot_l4_payload_len":780,"midstream":0,"thread_ts_usec":1578508365271500,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":12407.3,"max":116020,"stddev":26211.9,"var":687065472.0,"ent":2.9,"data": [25501,25603,1194,25860,91412,116020,834,13,59,13,31,24470,23554,429,12,15,16,655,121,709,21,11,5,23284,18,24097,248,344,46,20,10]},"pktlen": {"min":52,"avg":102.3,"max":526,"stddev":108.5,"var":11769.5,"ent":4.5,"data": [64,60,52,526,52,384,52,84,53,176,55,68,292,52,84,53,100,67,52,68,52,52,52,52,260,52,52,84,52,53,55,64]},"bins": {"c_to_s": [14,4,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,1,1,1,1,1,0,0,1,0,0,0],"entropies": [4.441382408,5.289900780,4.976373672,7.566489220,5.131024361,7.376211166,5.053297043,5.896462440,5.130724430,6.832929611,5.096785545,5.533761978,7.210265636,5.053297043,5.805871487,5.055253029,5.924697399,5.492858887,5.246409416,5.480678558,5.246409416,5.169486046,5.246409416,5.246409416,7.089441776,5.193430901,4.976373672,5.702836037,5.193430901,5.130724430,5.205876350,5.255445480]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02127{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1188,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1578508365169225,"flow_src_last_pkt_time":1578508365239481,"flow_dst_last_pkt_time":1578508365271811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":428,"flow_src_tot_l4_payload_len":771,"flow_dst_tot_l4_payload_len":492,"midstream":0,"thread_ts_usec":1578508365271811,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":5575.5,"max":34994,"stddev":12229.4,"var":149558160.0,"ent":2.5,"data": [32769,32829,1344,33937,2357,34994,270,193,122,12,123,10,417,12,70,10,89,1,14,53,11,44,42,32625,14,112,124,133,12,7,92]},"pktlen": {"min":46,"avg":90.6,"max":583,"stddev":116.9,"var":13676.1,"ent":4.4,"data": [64,60,52,583,52,480,52,84,52,68,68,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [14,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1],"entropies": [4.453177452,5.379369259,5.115703106,7.627379894,5.272274971,7.546579361,5.077241421,5.936781406,5.077241421,5.701214314,5.701214314,5.115703106,5.115703106,5.911284924,5.154217243,6.794458389,5.228514671,5.699130058,5.935094357,5.191953182,5.228844166,5.493040085,5.581483841,5.154164791,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1189,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365271977,"flow_src_last_pkt_time":1578508365271977,"flow_dst_last_pkt_time":1578508365271977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365271977,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1189,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365271977,"flow_dst_last_pkt_time":1578508365271977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365271977,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLavAqAG4M6EXDN1Udl9XVw7PAAAAALAC\/\/+2RQAAAgQFtAEDAwUBAQgKItiW9wAAAAAEAgAA"} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1195,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365279592,"flow_src_last_pkt_time":1578508365279592,"flow_dst_last_pkt_time":1578508365279592,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365279592,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -325,48 +325,48 @@ 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1208,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365295537,"flow_dst_last_pkt_time":1578508365295537,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365295537,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGbF\/AqAG4I+XoE91Wdl\/o6wkCAAAAALAC\/\/9pGwAAAgQFtAEDAwUBAQgKItiXDAAAAAAEAgAA"} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365300081,"flow_src_last_pkt_time":1578508365300081,"flow_dst_last_pkt_time":1578508365300081,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365300081,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365300081,"flow_dst_last_pkt_time":1578508365300081,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365300081,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGD8rAqAG4fNnrtN1Xdl9L2gYiAAAAALAC\/\/+scgAAAgQFtAEDAwUBAQgKItiXEAAAAAAEAgAA"} -02239{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1222,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364832618,"flow_src_last_pkt_time":1578508365154217,"flow_dst_last_pkt_time":1578508365304459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":413,"flow_dst_max_l4_payload_len":405,"flow_src_tot_l4_payload_len":653,"flow_dst_tot_l4_payload_len":469,"midstream":0,"thread_ts_usec":1578508365304459,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":25594.8,"max":159357,"stddev":56992.8,"var":3248178688.0,"ent":2.5,"data": [157669,157791,1578,152892,8130,159357,1177,13,61,20,78,1877,13,527,1,123,12,130,3,101,114,166,3,78,34,46,32,749,390,149661,614]},"pktlen": {"min":46,"avg":87.5,"max":465,"stddev":99.1,"var":9815.1,"ent":4.5,"data": [64,60,52,465,52,457,52,84,53,176,55,68,84,53,52,52,54,65,52,52,68,52,84,53,54,65,68,52,52,52,52,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,1,0,0,1,0,0,0,0,0,0,0,1,0,1,1],"entropies": [4.421927452,5.346035480,5.077241421,7.486079693,5.156889439,7.536809444,5.038779736,5.887475491,5.154217243,6.869001865,5.192151070,5.540970802,5.945767879,5.232362270,5.038779736,5.077241421,5.268505096,5.556758881,5.077241421,5.038780212,5.612979889,5.038780212,5.673190117,5.078745365,5.080696106,5.322218418,5.522660255,5.077241421,5.156889915,5.077241421,5.233813286,3.768982887]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -02240{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1231,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508364932939,"flow_src_last_pkt_time":1578508365188877,"flow_dst_last_pkt_time":1578508365309479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":490,"flow_src_tot_l4_payload_len":761,"flow_dst_tot_l4_payload_len":554,"midstream":0,"thread_ts_usec":1578508365309479,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":20402.5,"max":130950,"stddev":46194.5,"var":2133934848.0,"ent":2.4,"data": [130846,130950,1277,122765,1253,122671,155,10,149,9,88,86,123,126,124,123,256,9,49,17,28,59,7,51,29,22,20,121098,33,23,22]},"pktlen": {"min":46,"avg":93.0,"max":573,"stddev":122.2,"var":14931.5,"ent":4.3,"data": [64,60,52,573,52,542,52,84,53,52,52,67,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46]},"bins": {"c_to_s": [16,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1],"entropies": [4.484427452,5.300120831,5.038779736,7.626091480,5.156889439,7.533421516,5.077241898,5.942617416,5.156890869,5.038780212,5.038780212,5.524824619,5.077241898,5.583567619,5.077241898,5.156889439,5.038780212,5.902298450,5.116480827,6.768815994,5.105699062,5.552071571,5.744618893,5.116480827,5.117732525,5.395370483,5.552071571,5.077241421,3.926020861,3.969499111,3.969499111,3.969499111]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +02137{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1222,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364832618,"flow_src_last_pkt_time":1578508365154217,"flow_dst_last_pkt_time":1578508365304459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":413,"flow_dst_max_l4_payload_len":405,"flow_src_tot_l4_payload_len":653,"flow_dst_tot_l4_payload_len":469,"midstream":0,"thread_ts_usec":1578508365304459,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":25594.8,"max":159357,"stddev":56992.8,"var":3248178688.0,"ent":2.5,"data": [157669,157791,1578,152892,8130,159357,1177,13,61,20,78,1877,13,527,1,123,12,130,3,101,114,166,3,78,34,46,32,749,390,149661,614]},"pktlen": {"min":46,"avg":87.5,"max":465,"stddev":99.1,"var":9815.1,"ent":4.5,"data": [64,60,52,465,52,457,52,84,53,176,55,68,84,53,52,52,54,65,52,52,68,52,84,53,54,65,68,52,52,52,52,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,1,0,0,1,0,0,0,0,0,0,0,1,0,1,1],"entropies": [4.421927452,5.346035480,5.077241421,7.486079693,5.156889439,7.536809444,5.038779736,5.887475491,5.154217243,6.869001865,5.192151070,5.540970802,5.945767879,5.232362270,5.038779736,5.077241421,5.268505096,5.556758881,5.077241421,5.038780212,5.612979889,5.038780212,5.673190117,5.078745365,5.080696106,5.322218418,5.522660255,5.077241421,5.156889915,5.077241421,5.233813286,3.768982887]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02138{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1231,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508364932939,"flow_src_last_pkt_time":1578508365188877,"flow_dst_last_pkt_time":1578508365309479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":490,"flow_src_tot_l4_payload_len":761,"flow_dst_tot_l4_payload_len":554,"midstream":0,"thread_ts_usec":1578508365309479,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":20402.5,"max":130950,"stddev":46194.5,"var":2133934848.0,"ent":2.4,"data": [130846,130950,1277,122765,1253,122671,155,10,149,9,88,86,123,126,124,123,256,9,49,17,28,59,7,51,29,22,20,121098,33,23,22]},"pktlen": {"min":46,"avg":93.0,"max":573,"stddev":122.2,"var":14931.5,"ent":4.3,"data": [64,60,52,573,52,542,52,84,53,52,52,67,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46]},"bins": {"c_to_s": [16,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1],"entropies": [4.484427452,5.300120831,5.038779736,7.626091480,5.156889439,7.533421516,5.077241898,5.942617416,5.156890869,5.038780212,5.038780212,5.524824619,5.077241898,5.583567619,5.077241898,5.156889439,5.038780212,5.902298450,5.116480827,6.768815994,5.105699062,5.552071571,5.744618893,5.116480827,5.117732525,5.395370483,5.552071571,5.077241421,3.926020861,3.969499111,3.969499111,3.969499111]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365189369,"flow_dst_last_pkt_time":1578508365315790,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_usec":1578508365315790,"pkt":"KDc3AG3IEBMx8Tl2CABFAACymwlAACMRP1cS26efwKgBuHZfdl8AnsFrVj4puAH6ZgARKbHJmno0oUTDSx6ME3WyQvgYFdLFf82IMxF0n+9n2kTCv9WKp0W5OWAeoQIHesUQlOhBZUox8XuUKjSw2r\/cLxIh6clEUwjRudwx4mptlXU2a3WMaDxBAALzy4RPFs69gun3gnZfoAez3OWZbA2U21K6mmqEcXi9Zewq23MX\/wTlxWTRncmbhF4WIGEK"} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1240,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365189369,"flow_dst_last_pkt_time":1578508365315825,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1578508365315825,"pkt":"KDc3AG3IEBMx8Tl2CABFAACcmwpAACMRP2wS26efwKgBuHZfdl8AiLphceZOwZGufNXFAvXWI774ooc6PkwC6kxvzCm0BhiTs\/TWig3gE4P3+Y0lY\/Fll4rTUKnacLSuqKdSUAk7eTbz218E2dS8j3sLMJigll9ziTSt7jKgE6R7GxELpoJhO+ReAQHdBMuEEtunn4J2X4J2X8mETxbOvYLp94CEXhYgYQo="} 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1241,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365316928,"flow_dst_last_pkt_time":1578508365315825,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_usec":1578508365316928,"pkt":"EBMx8Tl2KDc3AG3ICABFAACyAmgAAEAR+vjAqAG4Etunn3Zfdl8Anj7AyKLY5AHDHkr8d6KSA+T3Tls\/POEygEa\/IYu00zDsS\/rUOw6lzLJwrJGeGp5ZbDZpK7GjW2rkr31SRKZcwxqVK3x67DtjZyUlj3CybqwG4tIXJkxmTgyRuyMntMeOtUM\/AQLzy4QS26efgnZfgnZfoHHmTsGRrnzVxQL11iO++KKHOj5MAupMb8wptAYYk7P0hF4WIGEF"} -02244{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1248,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365153718,"flow_src_last_pkt_time":1578508365327684,"flow_dst_last_pkt_time":1578508365329449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":462,"flow_dst_max_l4_payload_len":442,"flow_src_tot_l4_payload_len":750,"flow_dst_tot_l4_payload_len":778,"midstream":0,"thread_ts_usec":1578508365329449,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":11280.5,"max":57129,"stddev":22219.5,"var":493705824.0,"ent":2.8,"data": [56823,56925,1602,56390,2342,57129,531,462,124,8,117,8,162,10,51,23,20,1132,926,430,2,33,26,92,56511,32,22,55939,9,1784,32]},"pktlen": {"min":52,"avg":100.4,"max":514,"stddev":109.7,"var":12030.8,"ent":4.5,"data": [64,60,52,514,52,494,52,84,52,195,53,52,52,84,53,176,55,68,68,52,84,53,100,67,68,52,84,134,52,52,82,52]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,1,1],"entropies": [4.515677452,5.240226269,5.115703106,7.534019470,5.233812809,7.516967297,5.154164791,5.847379684,5.115703106,6.830158234,5.194627285,5.024262905,5.038780212,5.926107883,5.078744888,6.739013672,5.192151070,5.482147217,5.671802521,5.115703106,5.887475491,5.191953182,6.048761845,5.522709846,5.522660255,5.233812809,5.894998550,6.621984482,5.115703106,5.062724590,5.776439667,5.272274494]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -02237{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1264,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523182,"flow_src_last_pkt_time":1578508365078877,"flow_dst_last_pkt_time":1578508365330913,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":771,"flow_dst_tot_l4_payload_len":382,"midstream":0,"thread_ts_usec":1578508365330913,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":43981.5,"max":300415,"stddev":100376.1,"var":10075352064.0,"ent":2.3,"data": [300373,300415,1705,253379,743,11,252408,10,126,124,122,12,120,7,112,11,115,13,362,33,90,11,17,64,29,59,24,45,44,252812,30]},"pktlen": {"min":46,"avg":88.3,"max":583,"stddev":106.2,"var":11275.5,"ent":4.4,"data": [64,60,52,583,52,370,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.428027153,5.279368877,5.038780212,7.657849789,5.131024361,7.439465523,5.864164352,5.000318527,5.000318050,5.244720936,5.038779736,5.317672253,5.536067009,5.000318050,5.000318050,5.563788414,5.169486046,5.000318050,5.000318050,5.759441853,4.989030361,6.735422134,5.192151546,5.357292175,5.816047192,5.041008472,5.154769897,5.339193821,5.410754204,5.038779736,3.682026386,3.682026386]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Mining","proto_by_ip_id":42,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -02244{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1282,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523185,"flow_src_last_pkt_time":1578508365096272,"flow_dst_last_pkt_time":1578508365350710,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":711,"flow_dst_tot_l4_payload_len":486,"midstream":0,"thread_ts_usec":1578508365350710,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":45181.0,"max":308079,"stddev":102626.0,"var":10532101120.0,"ent":2.4,"data": [308002,308079,2079,260252,1619,259755,495,482,122,10,122,8,118,9,119,17,140,15,66,21,45,75,23,49,39,20,18,2347,1915,254515,36]},"pktlen": {"min":46,"avg":89.8,"max":523,"stddev":108.1,"var":11684.8,"ent":4.4,"data": [64,60,52,523,52,474,52,84,52,53,54,52,52,65,68,52,52,84,53,176,55,68,84,53,54,65,68,52,52,52,52,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,1],"entropies": [4.515677452,5.379368782,5.115703106,7.587895393,5.233812809,7.532115936,5.077241421,5.898149014,5.038779736,5.232362747,5.231468678,5.000318050,5.038779736,5.618297577,5.642390728,5.038779736,5.000318050,5.825033665,5.041009426,6.724864960,5.192151070,5.429300308,5.854679585,5.078745842,5.117733479,5.462270737,5.482147217,5.038779736,5.195351601,5.077241421,5.195351601,3.768982887]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +02142{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1248,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365153718,"flow_src_last_pkt_time":1578508365327684,"flow_dst_last_pkt_time":1578508365329449,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":462,"flow_dst_max_l4_payload_len":442,"flow_src_tot_l4_payload_len":750,"flow_dst_tot_l4_payload_len":778,"midstream":0,"thread_ts_usec":1578508365329449,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":11280.5,"max":57129,"stddev":22219.5,"var":493705824.0,"ent":2.8,"data": [56823,56925,1602,56390,2342,57129,531,462,124,8,117,8,162,10,51,23,20,1132,926,430,2,33,26,92,56511,32,22,55939,9,1784,32]},"pktlen": {"min":52,"avg":100.4,"max":514,"stddev":109.7,"var":12030.8,"ent":4.5,"data": [64,60,52,514,52,494,52,84,52,195,53,52,52,84,53,176,55,68,68,52,84,53,100,67,68,52,84,134,52,52,82,52]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,1,1],"entropies": [4.515677452,5.240226269,5.115703106,7.534019470,5.233812809,7.516967297,5.154164791,5.847379684,5.115703106,6.830158234,5.194627285,5.024262905,5.038780212,5.926107883,5.078744888,6.739013672,5.192151070,5.482147217,5.671802521,5.115703106,5.887475491,5.191953182,6.048761845,5.522709846,5.522660255,5.233812809,5.894998550,6.621984482,5.115703106,5.062724590,5.776439667,5.272274494]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02138{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1264,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523182,"flow_src_last_pkt_time":1578508365078877,"flow_dst_last_pkt_time":1578508365330913,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":771,"flow_dst_tot_l4_payload_len":382,"midstream":0,"thread_ts_usec":1578508365330913,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":43981.5,"max":300415,"stddev":100376.1,"var":10075352064.0,"ent":2.3,"data": [300373,300415,1705,253379,743,11,252408,10,126,124,122,12,120,7,112,11,115,13,362,33,90,11,17,64,29,59,24,45,44,252812,30]},"pktlen": {"min":46,"avg":88.3,"max":583,"stddev":106.2,"var":11275.5,"ent":4.4,"data": [64,60,52,583,52,370,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.428027153,5.279368877,5.038780212,7.657849789,5.131024361,7.439465523,5.864164352,5.000318527,5.000318050,5.244720936,5.038779736,5.317672253,5.536067009,5.000318050,5.000318050,5.563788414,5.169486046,5.000318050,5.000318050,5.759441853,4.989030361,6.735422134,5.192151546,5.357292175,5.816047192,5.041008472,5.154769897,5.339193821,5.410754204,5.038779736,3.682026386,3.682026386]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"ETHEREUM","proto_by_ip_id":354,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02142{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1282,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523185,"flow_src_last_pkt_time":1578508365096272,"flow_dst_last_pkt_time":1578508365350710,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":711,"flow_dst_tot_l4_payload_len":486,"midstream":0,"thread_ts_usec":1578508365350710,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":45181.0,"max":308079,"stddev":102626.0,"var":10532101120.0,"ent":2.4,"data": [308002,308079,2079,260252,1619,259755,495,482,122,10,122,8,118,9,119,17,140,15,66,21,45,75,23,49,39,20,18,2347,1915,254515,36]},"pktlen": {"min":46,"avg":89.8,"max":523,"stddev":108.1,"var":11684.8,"ent":4.4,"data": [64,60,52,523,52,474,52,84,52,53,54,52,52,65,68,52,52,84,53,176,55,68,84,53,54,65,68,52,52,52,52,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,1],"entropies": [4.515677452,5.379368782,5.115703106,7.587895393,5.233812809,7.532115936,5.077241421,5.898149014,5.038779736,5.232362747,5.231468678,5.000318050,5.038779736,5.618297577,5.642390728,5.038779736,5.000318050,5.825033665,5.041009426,6.724864960,5.192151070,5.429300308,5.854679585,5.078745842,5.117733479,5.462270737,5.482147217,5.038779736,5.195351601,5.077241421,5.195351601,3.768982887]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1315,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365408726,"flow_src_last_pkt_time":1578508365408726,"flow_dst_last_pkt_time":1578508365408726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365408726,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1315,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365408726,"flow_dst_last_pkt_time":1578508365408726,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1578508365408726,"pkt":"KDc3AG3IEBMx8Tl2CABFAACdhY9AAC4RWjq3gfKkwKgBuAQAdl8AiS5Y3VkKujBE9K5giYMoNotbt65xxd7ko3VSXKgTCSaupxKnp71rmT0XRsX6xoF5macEurqmdfib0\/9m0ybRIVy\/Qzz+\/\/zwyKtEHKyC9Xjjwvc8TLpzNetXjDWFS0pbC\/Z0AQHeBcuErBRsfYJ2X4J2X8uETxbOvYLp94J2X4ReFiBh"} -01162{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1315,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365408726,"flow_src_last_pkt_time":1578508365408726,"flow_dst_last_pkt_time":1578508365408726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365408726,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01075{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1315,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365408726,"flow_src_last_pkt_time":1578508365408726,"flow_dst_last_pkt_time":1578508365408726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365408726,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1316,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365408726,"flow_dst_last_pkt_time":1578508365409418,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_usec":1578508365409418,"pkt":"EBMx8Tl2KDc3AG3ICABFAACy8oAAAEARGzTAqAG4t4HypHZfBAAAnqbvG70JBv5PXjvCBbR1Rp7tYoTQJi2jMUD7JOn6eWv9REwRmFSXtYoHsvszWP\/amLZkv0asbrMZoJOaxU2yggG3KzVpk0IKmRZiX\/KGqSOqaOPD2NnZ\/WIPpNjQN9gDidCOAQLzy4S3gfKkggQAgnZfoN1ZCrowRPSuYImDKDaLW7euccXe5KN1UlyoEwkmrqcShF4WIGEF"} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1317,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365408726,"flow_dst_last_pkt_time":1578508365409833,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1578508365409833,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc4fIAAEARK9jAqAG4t4HypHZfBAAAiACVOpGBWjTeJor2OHTFdIkJfHanNwusT7Z+X6ZhMccUpEYH1blVudB+7Lhiy59WZ4RAivu0dgr\/6z5c18c2wNa0j2NMO4UV7uXk8QqS8l0iv7COflKJEb7GBR6jLr1IE7ZSAQHdBMuEfwAAAYJ2X4J2X8mEt4HypIIEAICEXhYgYQU="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1318,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365271977,"flow_dst_last_pkt_time":1578508365411322,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365411322,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGPK8zoRcMwKgBuHZf3VQuhVQAV1cO0KAScSARYwAAAgQFrAQCCAo+6INOItiW9wEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1319,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365411408,"flow_dst_last_pkt_time":1578508365411322,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365411408,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLbfAqAG4M6EXDN1Udl9XVw7QLoVUAYAQECygnAAAAQEICiLYl3Y+6INO"} 01319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1320,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365413075,"flow_dst_last_pkt_time":1578508365411322,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":639,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":639,"pkt_l4_len":605,"thread_ts_usec":1578508365413075,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJxAABAAEAGK3rAqAG4M6EXDN1Udl9XVw7QLoVUAYAYECyDfQAAAQEICiLYl3c+6INOAjsEhZMwnv7AYIDvDVtrVuj584tbTBHPl5FfxNiETDe4\/2bbkHyZOsBBL2pjw7L50JQ7E1u6e7FU3XqiDLBvtHiYyrNJbDsbzTSeAUmmiGGn\/rVs6lWdKtzqX+Yhe52EHPlvLH3EJKxiwLzJCxpyscYV76Mqzt3rq+U+IQ8dwmh3Nb7YKN8W\/tFY\/aFWAb+DQBv6piiVGN8793L3cIiNtkqYb7PDjTj9a+ncM9xXzaPAfp6yTqM2P3pcHJbQlDXOK6zL\/DacoT70CWvHMTvMMYG+7l3\/hTiJQjWtQWZPWxijqkdUJQhjH752XlqtwvHYViAJmgTRfE9h3NXhZdPvFlE3OSwtEiQtD6cT465FNzZ0dTChmNiu5LCCyWaKQ\/I+bjDfEgLhzs0xrzGLWfIGJ9ql5HbMedUgn9vXVbw5+MyIb5wPRO7KjKgYR0d6fMgz0VfsMPMQEs74x9tmu8LBoq06ZbKzFR3RrCkNqNFWVWB8wxhRV2y1IscRVfVZSGDcFyS3LfqvhCD9fbm6ctSysMr8LClBfsdKckU5V7Ba7MT48uPaPWJ2BOO2cQ8e5CzsJPSdwENL+PGg8oqEDsIlZDFsyhtbUoQMuq8EsBrrvTUxXLLyKiWfsv3hAZGADQvFJFgZKLVzP29GR23Tms3MsAvvZ1I81kwPVLZfpOlL8TN5aBDd1jeOEV7U7tRNdmajrAkTnSaC4RECbrWjMoc+XWcxlp43tI0NDuAj+vR0ccAA38wI6iAFENOiDpH2"} -01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1320,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365271977,"flow_src_last_pkt_time":1578508365413075,"flow_dst_last_pkt_time":1578508365411322,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":573,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365413075,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1320,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365271977,"flow_src_last_pkt_time":1578508365413075,"flow_dst_last_pkt_time":1578508365411322,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":573,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365413075,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1321,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365239758,"flow_dst_last_pkt_time":1578508365419060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365419060,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAGUh6d5phXwKgBuHZf3VIVkuQhTk9as6AScSDAlwAAAgQFrAQCCAq827CpItiW2wEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1322,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365419127,"flow_dst_last_pkt_time":1578508365419060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365419127,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQibAqAG4neaYV91Sdl9OT1qzFZLkIoAQECxPsAAAAQEICiLYl3u827Cp"} 01341{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1323,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365420924,"flow_dst_last_pkt_time":1578508365419060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":649,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":649,"pkt_l4_len":615,"thread_ts_usec":1578508365420924,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJ7AABAAEAGP9\/AqAG4neaYV91Sdl9OT1qzFZLkIoAYECzcTgAAAQEICiLYl32827CpAkUEkClDEehLobmQbbq0Gz88T6EtnrPK5m21ZMthOtQadc9Bu2BpGWCvf9sJsO1HNQSMiG\/gRXiUvC1qsMYknKuo5riP0O5pCPUXOV9\/dCGVmpEoJbX9Cu4SU8oOVVcq0BW5mBcSCXRzqVkJ6OuFKGVTETzXDICOVY5\/x4IlVl067mKLB\/y5BdW+kH6ZLpWMCALAcMn2\/N\/iuz7T4n58+LdBAiZGJcKZIWLhE0kGcJEWBFrygfok1RQVFkWtbGZu7Yv7S3BhIHHDNoh2JCQyRKUOY3W1VSS+94ol1wQvZHK2D\/7cg3DZHBIELc1hEYWnGs7+v+aH3JWQbtMvGudM\/\/TxcEs5sbHPj2iuPwUs+GWr\/ABYrJbqnLktLNlolZ93lHC2AiZh7UnQSEZTQ2C0klPi0thw4o3CnU9xvXxsrflgbGFAzwNXG03KE25YHxzaVDpGfCzy9Gr6gwSGkF3c3kmPryW7WuvlPz9g4Qw01EnLeHPggGUoZYmc0gvvD3Dsvfo9uusSrfCPX9JGhzriLcXtplCdwocezH9CR3bPV\/XtsjxN+Nr7eBjpfw3OsMQ4OAwbZ2HbAGUJo15wGuvtlDl6V61+4R5Cg4votIpuRyRgpVUBGlee0R7tb2JnAr4Yd2w1u5wUF+hroymJMt828hU4NcUZIN8xqd5NItltnYBHoXPBTsYssjGvvdmkIN35e9KfJyCJj5cohl4gdMFpEjXdRXq5jWfjrb4KRRnkt1m8IiceoNy6GFXL7gqcU9Jy\/F0tjlZ37g=="} -01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365239758,"flow_src_last_pkt_time":1578508365420924,"flow_dst_last_pkt_time":1578508365419060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":583,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":583,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365420924,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -02238{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1325,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364522826,"flow_src_last_pkt_time":1578508365153717,"flow_dst_last_pkt_time":1578508365439333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":574,"flow_dst_max_l4_payload_len":396,"flow_src_tot_l4_payload_len":814,"flow_dst_tot_l4_payload_len":460,"midstream":0,"thread_ts_usec":1578508365439333,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":49916.1,"max":339297,"stddev":113624.6,"var":12910541824.0,"ent":2.4,"data": [339196,339297,1296,287250,2535,288430,1006,11,1005,14,2,8,122,6,111,4,2,12,35,118,61,115,34,101,31,26,56,616,251,285614,33]},"pktlen": {"min":46,"avg":92.1,"max":626,"stddev":119.2,"var":14212.1,"ent":4.4,"data": [64,60,52,626,52,448,52,84,53,52,52,84,53,54,65,176,52,55,52,68,68,52,84,53,54,65,68,52,52,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,1,1],"entropies": [4.453177452,5.379368782,5.038780212,7.608707905,5.000318050,7.463840485,5.077241421,5.793924809,5.119154453,5.000318050,5.038779736,5.816047192,5.041009426,5.103753567,5.464450836,6.749572277,5.000318050,5.155787945,5.000318050,5.441635132,5.524744034,5.038779736,5.878488541,5.041008949,5.117733002,5.431501389,5.552072525,5.115703106,5.156889439,5.115703106,3.725504398,3.725504398]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1323,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365239758,"flow_src_last_pkt_time":1578508365420924,"flow_dst_last_pkt_time":1578508365419060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":583,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":583,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365420924,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02136{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1325,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364522826,"flow_src_last_pkt_time":1578508365153717,"flow_dst_last_pkt_time":1578508365439333,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":574,"flow_dst_max_l4_payload_len":396,"flow_src_tot_l4_payload_len":814,"flow_dst_tot_l4_payload_len":460,"midstream":0,"thread_ts_usec":1578508365439333,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":49916.1,"max":339297,"stddev":113624.6,"var":12910541824.0,"ent":2.4,"data": [339196,339297,1296,287250,2535,288430,1006,11,1005,14,2,8,122,6,111,4,2,12,35,118,61,115,34,101,31,26,56,616,251,285614,33]},"pktlen": {"min":46,"avg":92.1,"max":626,"stddev":119.2,"var":14212.1,"ent":4.4,"data": [64,60,52,626,52,448,52,84,53,52,52,84,53,54,65,176,52,55,52,68,68,52,84,53,54,65,68,52,52,52,46,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,1,1],"entropies": [4.453177452,5.379368782,5.038780212,7.608707905,5.000318050,7.463840485,5.077241421,5.793924809,5.119154453,5.000318050,5.038779736,5.816047192,5.041009426,5.103753567,5.464450836,6.749572277,5.000318050,5.155787945,5.000318050,5.441635132,5.524744034,5.038779736,5.878488541,5.041008949,5.117733002,5.431501389,5.552072525,5.115703106,5.156889439,5.115703106,3.725504398,3.725504398]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1339,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365279592,"flow_dst_last_pkt_time":1578508365458807,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365458807,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwG2AY0CYBEwKgBuHZf3VXR7JfX7e3rXKASaN9TlwAAAgQFrAQCCAqDIEEYItiW\/gEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1340,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365458850,"flow_dst_last_pkt_time":1578508365458807,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365458850,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxBbAqAG4NAmARN1Vdl\/t7etc0eyX2IAQECzabQAAAQEICiLYl5+DIEEY"} 01197{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1341,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365460380,"flow_dst_last_pkt_time":1578508365458807,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":538,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":538,"pkt_l4_len":504,"thread_ts_usec":1578508365460380,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIMAABAAEAGwj7AqAG4NAmARN1Vdl\/t7etc0eyX2IAYECw2bAAAAQEICiLYl6CDIEEYAdYE5LsQSZlDUqqTHDd28VIop408G8yHQ+g12SBtC4bobvsWyQ4YWXiRfGVfScHSSUnTjTpf\/+23Sz0kCTGUpeeZFIqw3JnBHdptJpv6R2QSdjwWF97DyrJFySS8bo0Z5f6iv8act5Gj4QOtF9wl7L4XXQ\/F1DNsc\/lWP2vigp16BUuZMGglwG663lAad9u0dkQ9FK2\/7\/8AOVyotPmi+JeFwCWQ8jE2NRIY\/iLlnhd84GwGpOWfGlXg2sRox3c92a0drS3o5YJyHfODCJKd193nihFVDq18n74tRhyKX6zzotiy\/kwSO6m\/\/Y8jtY8L+ZeEz+ApaHZAgbWiteJxWtEen3Z6RV1DI8tKhdynvtOMMOzz49Rx25gKK9DSlgEi54tvDDIa4VG2z8P5l1nvHLjyaLGh0LL6goab8xtTadEJUjCnY3t\/fZrnnudTuWibKhNHBZrOh1FASkf\/u4aIsAaa\/fTHS++2nsizi3dopiJ8G9PkpE7aMhPDUyHILPc8tYAJAyXN39XQYwYzL+ry\/\/lAbapCn30R24vKqkiwseOuDMtEC9yiUtZN\/ju0Qt6\/PDHFGgfGtibb9zS0CSW6nDPiDOBnf9bT0whSnVZlZ+MLutLVJqm5jA=="} -01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365279592,"flow_src_last_pkt_time":1578508365460380,"flow_dst_last_pkt_time":1578508365458807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365460380,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1341,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365279592,"flow_src_last_pkt_time":1578508365460380,"flow_dst_last_pkt_time":1578508365458807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365460380,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1342,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365461164,"flow_src_last_pkt_time":1578508365461164,"flow_dst_last_pkt_time":1578508365461164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365461164,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1342,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365461164,"flow_dst_last_pkt_time":1578508365461164,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1578508365461164,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcQtMAAEARjkPAqAG4ynAcanZfdl8AiDkPCEixaJX\/9thQC0r9cGcsCeen+iETb10JXBU9BZQL28M1nK8vCE6bMd2SC2XGliMqSbi8oqYHUjyrBa753h2KySNTFNso18+nMzMVWvdibnHX4lluxe+\/vRPiYB2kYX3uAAHdBMuEfwAAAYJ2X4J2X8mEynAcaoJ2X4CEXhYgYQU="} -01162{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1342,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365461164,"flow_src_last_pkt_time":1578508365461164,"flow_dst_last_pkt_time":1578508365461164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365461164,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01075{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1342,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365461164,"flow_src_last_pkt_time":1578508365461164,"flow_dst_last_pkt_time":1578508365461164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365461164,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1343,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365094625,"flow_dst_last_pkt_time":1578508365465293,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365465293,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACsGNXy2oqE9wKgBuHZf3Ueh\/8nUB338R6ASOJDbwAAAAgQFrAQCCAo8EmDbItiWYAEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1344,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365465408,"flow_dst_last_pkt_time":1578508365465293,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365465408,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGIITAqAG4tqKhPd1Hdl8HffxHof\/J1YAQECwxpAAAAQEICiLYl6U8EmDb"} 01256{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1345,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365466737,"flow_dst_last_pkt_time":1578508365465293,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":588,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":588,"pkt_l4_len":554,"thread_ts_usec":1578508365466737,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI+AABAAEAGHnrAqAG4tqKhPd1Hdl8HffxHof\/J1YAYECxPlAAAAQEICiLYl6Y8EmDbAggEdoa9oP2cg5WbFRFp1huJY5VX6jNWR4iP8q0\/ZL+UfNj5WPNc5X3v5yp6YKaivB+gVGyrqfEZ+GjIg4XUCsubChBVe+OydG5YXSKovd4Zvd2sMMyI2oOC03c\/\/kw7hbjJ+rbBQxdWEgnQfHb5jg0KH99eYra9BRmnscjtPZ0VPLlbqSIcGOO1IiECUgTAOnr7SvcmyLFIiAGvGrvIdBrTIX76tgcsbBfHLo9eTIxNuEIPzftpoJlQRkkJFNo8lNqUk\/8C6TDddviZkLmf4HMeMlelv0\/SasZ6LuKmyQqv+6Mt7JjKWqNyxGEEereBZV30a3IwqqLc6nUseUnNUQaHuDiCR2cYJetm4kh+05RWknax3MTWGgsKyA1\/YRLowef50NB62eOQ35t\/nBtZreItPNm4cNzObl4w+R+inyZ6li8vfc3BlOL32oXm0w2h\/yO0+x2iMoMFs5E9MhSHHxNibIum2iNU6EkUL9wtesdWPyKtSi9lBYLQsSPpaLzTCSWPERK9PKL++NBm\/U676p1bFKl4W7\/Ejrza39gV8xmvOiBamM+U+6+vGXo0NysfKdV7T+LqlOjRTzZaPkLZ\/iVcI1ZddWk4e4FedK17QLh10zktBCaEDabKeg0lqB4s1r5My9st7NMBbRXcQGzOAxWryiBkdnxlPs7Ka+FwnQf3qTCDYsXMFh2h"} -01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1345,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365094625,"flow_src_last_pkt_time":1578508365466737,"flow_dst_last_pkt_time":1578508365465293,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365466737,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1345,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365094625,"flow_src_last_pkt_time":1578508365466737,"flow_dst_last_pkt_time":1578508365465293,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365466737,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1346,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365226088,"flow_dst_last_pkt_time":1578508365485758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365485758,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC0GVVKKS6u+wKgBuHZf3VEGdfqIHq1FlaAS\/og\/VgAAAgQFrAQCCAqkAfsSItiW0AEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1347,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365485867,"flow_dst_last_pkt_time":1578508365485758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365485867,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGQlrAqAG4ikurvt1Rdl8erUWVBnX6iYAQECxbjgAAAQEICiLYl7mkAfsS"} 01281{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1348,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365487180,"flow_dst_last_pkt_time":1578508365485758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":605,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":605,"pkt_l4_len":571,"thread_ts_usec":1578508365487180,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJPAABAAEAGQD\/AqAG4ikurvt1Rdl8erUWVBnX6iYAYECxdtAAAAQEICiLYl7qkAfsSAhkEh\/JdZMRsvJD50CNbEaijDchFk3OeRxtIP9ocS2obT6LBAseQF6pytODiuXSbVf+Tmz5zqYi1Ty803nXLMzQOvNkOxSwkZkVUAfx+vDSqcJWe9hIdwkIOFWQ6Saby8ldXdWtC8ihaXIOuPl\/\/xLwvlUX\/F9SqKUKM2mTHVKVmZXgsN+9R9+ScHBB86uiM2WW9EfrUqPwS1DZZgmVd0oVjiW6ZFQZ3uPmqvpA6EbIm4iw+wZ7DthnkwGPRVZ2WbUXisIz138NTOUZM\/of5lFF2Ni55b0jr9dFQlRBYV4BTowlUzbb0h4uWSigpsDVoB+vANxwYYpZzi2g5VCJfZY0kwv2sj5u0zJyf820aBK9BeOggBjLsPc7pgxzkphmVfkJoriXillvShMJUQ87DOlRl1PLwZwUsNbx+xSd4Gci1PEnLhRjr2+OXJBia0DcecgMaNsdXFH\/Z+KB5x\/HWiSM\/B5iczT0gPqTog97WV5H8npGpr53JyOCZIkdRs6s4OiT9sjzU+5klAakPECUL6RpVCfWzm2fNKv+\/PiMlKEbfS72BxbX8uEN1Vt0pLKbA09K6PG1LiR65jTcj4prXGZrttMrIUK0cSW+Q2+OFTPpvS1jewPwUKp2bh5sojycr9XLKS4yBBP4pqTrPiuWsLhL1S9I5\/x1THo924R+UfL\/YLunQddGt+mPuZ0CGIL7Lm5eEAO\/WaRtrUCk="} -01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365226088,"flow_src_last_pkt_time":1578508365487180,"flow_dst_last_pkt_time":1578508365485758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":539,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":539,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365487180,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -02242{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1350,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523145,"flow_src_last_pkt_time":1578508365197191,"flow_dst_last_pkt_time":1578508365510722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":525,"flow_dst_max_l4_payload_len":451,"flow_src_tot_l4_payload_len":765,"flow_dst_tot_l4_payload_len":515,"midstream":0,"thread_ts_usec":1578508365510722,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":53600.7,"max":354597,"stddev":122026.8,"var":14890529792.0,"ent":2.4,"data": [354503,354597,1517,316901,1340,316735,173,101,119,114,122,127,128,12,120,9,115,122,283,10,68,11,22,44,44,48,7,18,49,313859,305]},"pktlen": {"min":46,"avg":92.4,"max":577,"stddev":118.1,"var":13953.7,"ent":4.4,"data": [64,60,52,577,52,503,52,84,52,53,52,54,52,65,68,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.515677452,5.379368782,5.077241898,7.643549442,5.207947731,7.572619438,5.077241898,5.878986835,5.077241421,5.282456875,5.077241421,5.280635357,5.077241421,5.480534077,5.670333862,5.038779736,5.077241421,5.131024361,5.038779736,5.665890694,5.034432411,6.857876301,5.113088131,5.388787270,5.793924809,5.034432888,5.037204742,5.395370483,5.418199539,4.955154419,5.131024361,3.682026386]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1348,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365226088,"flow_src_last_pkt_time":1578508365487180,"flow_dst_last_pkt_time":1578508365485758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":539,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":539,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365487180,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02140{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1350,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1578508364523145,"flow_src_last_pkt_time":1578508365197191,"flow_dst_last_pkt_time":1578508365510722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":525,"flow_dst_max_l4_payload_len":451,"flow_src_tot_l4_payload_len":765,"flow_dst_tot_l4_payload_len":515,"midstream":0,"thread_ts_usec":1578508365510722,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":53600.7,"max":354597,"stddev":122026.8,"var":14890529792.0,"ent":2.4,"data": [354503,354597,1517,316901,1340,316735,173,101,119,114,122,127,128,12,120,9,115,122,283,10,68,11,22,44,44,48,7,18,49,313859,305]},"pktlen": {"min":46,"avg":92.4,"max":577,"stddev":118.1,"var":13953.7,"ent":4.4,"data": [64,60,52,577,52,503,52,84,52,53,52,54,52,65,68,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46]},"bins": {"c_to_s": [17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1],"entropies": [4.515677452,5.379368782,5.077241898,7.643549442,5.207947731,7.572619438,5.077241898,5.878986835,5.077241421,5.282456875,5.077241421,5.280635357,5.077241421,5.480534077,5.670333862,5.038779736,5.077241421,5.131024361,5.038779736,5.665890694,5.034432411,6.857876301,5.113088131,5.388787270,5.793924809,5.034432888,5.037204742,5.395370483,5.418199539,4.955154419,5.131024361,3.682026386]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1361,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365413075,"flow_dst_last_pkt_time":1578508365553053,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365553053,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA019hAADEGZN4zoRcMwKgBuHZf3VQuhVQBV1cRDYAQAOytEQAAAQEICj7og9si2Jd3"} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1373,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365567882,"flow_src_last_pkt_time":1578508365567882,"flow_dst_last_pkt_time":1578508365567882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365567882,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1373,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365567882,"flow_dst_last_pkt_time":1578508365567882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1578508365567882,"pkt":"EBMx8Tl2KDc3AG3ICABFAACcHIoAAEARCbPAqAG4agwnqHZfdn0AiGszdDnl2LgHwUzwnp\/NUaAjl2\/6ukAyoGtKBC9U9NcJJ2SSjY1bIBQONPG3UmfcMXvTBTN6oZMu6GXIBxr9UadDckfonN6CsHl3H7EBI7wV8mnDuf+AbUa\/i02tPDo+DL09AAHdBMuEfwAAAYJ2X4J2X8mEagwnqIJ2fYCEXhYgYQU="} -01161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365567882,"flow_src_last_pkt_time":1578508365567882,"flow_dst_last_pkt_time":1578508365567882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365567882,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1373,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365567882,"flow_src_last_pkt_time":1578508365567882,"flow_dst_last_pkt_time":1578508365567882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365567882,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1385,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365588602,"flow_src_last_pkt_time":1578508365588602,"flow_dst_last_pkt_time":1578508365588602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365588602,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1385,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365588602,"flow_dst_last_pkt_time":1578508365588602,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365588602,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGVs\/AqAG4p1Z6Mt1edl9ccbjwAAAAALAC\/\/8vAQAAAgQFtAEDAwUBAQgKItiYGgAAAAAEAgAA"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1386,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365592330,"flow_src_last_pkt_time":1578508365592330,"flow_dst_last_pkt_time":1578508365592330,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365592330,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -374,54 +374,54 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1387,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365295537,"flow_dst_last_pkt_time":1578508365593653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365593653,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0AABAADQGeGsj5egTwKgBuHZf3VbzHyaM6OsJA4ASbvDSjgAAAgQFjAEBBAIBAwMH"} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1388,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365593768,"flow_dst_last_pkt_time":1578508365593653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1578508365593768,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGbHfAqAG4I+XoE91Wdl\/o6wkD8x8mjVAQIABiKQAA"} 01124{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365594975,"flow_dst_last_pkt_time":1578508365593653,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":489,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":489,"pkt_l4_len":455,"thread_ts_usec":1578508365594975,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHbAABAAEAGasTAqAG4I+XoE91Wdl\/o6wkD8x8mjVAYIAAS7gAAAbEEziim\/J0gI8gjAVY+YmyCFFnqH0s5j5T0so8TjsA51obDHc0Rqz2AdCozLs+UTk1cW9Y5OjQSK8Y31YFyoo8Sh4CTbFuJ4RxMa\/yBpXWlsq91wodmIbZ0TFzI02phx1+XzfP\/VUH7OzLCHU4h4kT8KvUeuuzDiXeRKp3KFGQiCfbiffkYqfEmxNQvkTb3bSuC7A8z6koun3pmBF22PF5x0CnRQDoed\/Ii0RtaJmiyQ4GdsJxavdJzD\/2guMA92F0O2B3er6P8w0lQ+UJuLCFacbaeCM9fT+\/GAhNt77XxcoerYekezrYhubw03HpgaHzjzy6JTcDypLc42mlWXJsvZ52w7ejgK7bcZB++5VYrmPz5YbsWfdqD+S9cUUrP0guijgLVfELMV+E0CflWtwtRP9SavemrOvy\/STy0yfl\/QD3317J6FBeo6KQy1txk5g6pQBHzb7Ex++\/1RrCeCi+2gIuN\/LSZS2IA7emeedvnVvyOQN4icPyUtjCg5FVYqUWdvItRpzo+7uX6XrHM8ZUHAl0B6HzG\/h+08MNm7+8VB7YBQ6RQi0iLtTs1obyhkH7J"} -01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1389,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365295537,"flow_src_last_pkt_time":1578508365594975,"flow_dst_last_pkt_time":1578508365593653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":435,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":435,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365594975,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1389,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365295537,"flow_src_last_pkt_time":1578508365594975,"flow_dst_last_pkt_time":1578508365593653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":435,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":435,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365594975,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1390,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365420924,"flow_dst_last_pkt_time":1578508365603422,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365603422,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA05IZAADAGbZ+d5phXwKgBuHZf3VIVkuQiTk9c+oAQAOxb8gAAAQEICrzbsV4i2Jd9"} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365619930,"flow_dst_last_pkt_time":1578508364523327,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365619930,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGH3XAqAG4BQFT4t0xdl\/cLTE7AAAAALAC\/\/\/\/rwAAAgQFtAEDAwUBAQgKItiYNwAAAAAEAgAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1414,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365194618,"flow_dst_last_pkt_time":1578508365628408,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365628408,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAACcGqoHKcBxqwKgBuHZf3U9YWyaeOLFgJqAScSDw0wAAAgQFrAQCCAonH\/CcItiWswEDAwg="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365628530,"flow_dst_last_pkt_time":1578508365628408,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365628530,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGkYnAqAG4ynAcat1Pdl84sWAmWFsmn4AQECx\/AQAAAQEICiLYmD8nH\/Cc"} 01219{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365630052,"flow_dst_last_pkt_time":1578508365628408,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":560,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":560,"pkt_l4_len":526,"thread_ts_usec":1578508365630052,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIiAABAAEAGj5vAqAG4ynAcat1Pdl84sWAmWFsmn4AYECznUgAAAQEICiLYmEAnH\/CcAewEFIjySTWjNne5ecrwaJ8uEFZ6wTzHckJ9nhOvk1tbhtUW2QAs\/NJT1OQvq1ruN09+K9w4xLSE1oPw\/JLCyqPILre12hJRVnTenujmnJQ4kZfKDPWnrIRN9tAy\/zuTBRW5GN11nkVHXlFkerHzkgQOGThWa9EquiBlzy\/kF8rSfO+9pcizDiJ8ojL\/vOGx2vK0HoHbgpiwO\/P+dJnTEN+Pje\/5LF7lgXS6h\/\/8cHwKNYmhZhwyPl2L3adaQmgedfbuj5IPGsy3KDSYKNXQjT1GL1HF9VzqZaiJYkyGXky043+jGhsqtajrdIw0itUYUcU1oW3q2mokm8j3eykCiiC+aZqOeCs2Q3jwcybKlr6JvoAf0RVO4TlY1rdZO9FBMsloUtqtyaEFnzkwONnlmtAvXaxQyXOiSyOBDMSPv2FGVcY3KKPuSOiWRc5gHtA9+Ma9LwoeUEoFRWkVQ4VDo30xD4C16YzBes\/TCLkGdcD6zIpzoes6H0PlfBaaBWO6uOw4uZthiDBNlB5Q97pvZeyNS4COaj3Usxcojpo+mX39Wjm36tvwn6skBxdaCSvSZzlLANPJ0qRh4zXodHRVpvRuwXe8ms7KastdEBlPKgZDyhrdx6bb29fra2HEK5j+u+JT4zv4AJCPo3WLfJw="} -01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365194618,"flow_src_last_pkt_time":1578508365630052,"flow_dst_last_pkt_time":1578508365628408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":494,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":494,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365630052,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1416,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365194618,"flow_src_last_pkt_time":1578508365630052,"flow_dst_last_pkt_time":1578508365628408,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":494,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":494,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365630052,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365592330,"flow_dst_last_pkt_time":1578508365631404,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365631404,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGPLJWa\/M+wKgBuHZf3V\/moIrRbH+L1qAScSBDVwAAAgQFrAQCCApQzL4rItiYHgEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365631519,"flow_dst_last_pkt_time":1578508365631404,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365631519,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLrrAqAG4VmvzPt1fdl9sf4vW5qCK0oAQECzS7AAAAQEICiLYmEFQzL4r"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365588602,"flow_dst_last_pkt_time":1578508365631569,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365631569,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMGY9OnVnoywKgBuHZf3V5M8kZiXHG48aAScSAfsAAAAgQFrAQCCArTe0haItiYGgEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365631621,"flow_dst_last_pkt_time":1578508365631569,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365631621,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVtvAqAG4p1Z6Mt1edl9ccbjxTPJGY4AQECyvQQAAAQEICiLYmEHTe0ha"} 01279{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365632984,"flow_dst_last_pkt_time":1578508365631404,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":606,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":606,"pkt_l4_len":572,"thread_ts_usec":1578508365632984,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJQAABAAEAGLJ7AqAG4VmvzPt1fdl9sf4vW5qCK0oAYECxOAwAAAQEICiLYmEJQzL4rAhoEiPjdbB4Kgwl\/PHapbSVH2zNIQK7AWWYtANw9khTPrqfFaiG7hw8fy3FHkDjGMA5jVqMoDIzdBBBvVUP6bqKBY9pYw1aVPYSZ\/GxjPlRteY8+bb3qTe1SpBlH1FX5ThLiQgUWD6\/tw8h0to43qJDr0yz+z\/ZnTYWXcLKdBELTN6nj3OnuhgVIBk8rtZUgsEfckIn9WEPCbB0dYrkhHKGgt5GynLdCdl+S5E6meb2h\/4I+MlrHqLmw+1qCvhhT9tJ3jVvSIhbpshZRhsYYo3XBbFfGsv9C4pgnKjKNn2y9njGxhAREtxMbZtNYWcHodt00ieY\/a5dad5r5vhOWGl9ftWz1jTN6cJchvW2cw7rj\/srwPZiBUf\/9ILjFvk6nKYrtLr8QVgBbS4ABS+ALElvcfLqP0KuU5onA3Jw8rzXQOYhLSb1mC+Wqcf6wqJwgNotJ8Y1QzSZDsbsQVQW\/KXBTufZVqupzNKNQmgzAHznb9DuIjWFdsOwb4CXDao5ZeiPeA55UuL1dvi7eRtSYguvi021EBxQ\/GKNOHCcaNxEFMr+xIpHh4lkybLQuyKaY+jMX7+XSH87RQfggdlAc1bKATomLc+N5DLFbMFgfh0NM+5k6gq0WEYX2PaZl3Otaeqfvl57dPy6TIg\/y+3guItFdnGQtcdFE+Du1WPHup9HI9HIawoOFK6hL9+nZFGuZbL9XMwrfOW4dkT79"} -01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365592330,"flow_src_last_pkt_time":1578508365632984,"flow_dst_last_pkt_time":1578508365631404,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365632984,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365592330,"flow_src_last_pkt_time":1578508365632984,"flow_dst_last_pkt_time":1578508365631404,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365632984,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 01077{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365633113,"flow_dst_last_pkt_time":1578508365631569,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":455,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":455,"pkt_l4_len":421,"thread_ts_usec":1578508365633113,"pkt":"EBMx8Tl2KDc3AG3ICABFAAG5AABAAEAGVVbAqAG4p1Z6Mt1edl9ccbjxTPJGY4AYECwuPgAAAQEICiLYmELTe0haAYMEZ6RWlMCufi+FQ5wsc1aYeQdeBtzI218JBnTD\/4XzF4uu5E0fGWELqanbfUzRHRnC3Ii7806UEU2AY9ictpA75dCoFoa11U4tIHuqPv5zPU5\/1ye\/zTvCDPXpoEmsBI0zIwNUY6V\/gjXAFyU17GFmr+sLBsIa6EHTUcZIHiVGxBQVuSZXRwdtyKKS1L1ouv1UavOgXI0xiX0aOUisfyAVPJu5G\/lOv4DXFYiIKEUSC4fGBvK2FseP9elGgH9sTG1nljFlF2+lW5clLyqngkDEsG8Th9XGaC4v9bVI4AZpdMO6jAky7oOJy\/8+cQ+s\/2+n8EF9Ht96RNhUZws3u1GD9gGl\/dybwejRDgNFePJDQmzNjjTCWadMck+kTt0H59V6p27ML8Ig+raZNsB\/CrgWvmG0sPuvNFoo5ehOQNQCPEl4LKvaMlbGhI6EHshUnYwJNlmY86hEYAOZqtMXemyPa9pZ3QJAJa5RVo7zQz4OuuXvnbYY9aZtxxnS25rGeeIxUCI="} -01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365588602,"flow_src_last_pkt_time":1578508365633113,"flow_dst_last_pkt_time":1578508365631569,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":389,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":389,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365633113,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365588602,"flow_src_last_pkt_time":1578508365633113,"flow_dst_last_pkt_time":1578508365631569,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":389,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":389,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365633113,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365460380,"flow_dst_last_pkt_time":1578508365652319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365652319,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA0Cs5AACwGzUA0CYBEwKgBuHZf3VXR7JfY7e3tNIAQANvnMAAAAQEICoMgQc0i2Jeg"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1447,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365632984,"flow_dst_last_pkt_time":1578508365669841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365669841,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0IvdAADIGGcNWa\/M+wKgBuHZf3V\/moIrSbH+N8oAQAOvf6QAAAQEIClDMvlIi2JhC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1449,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365633113,"flow_dst_last_pkt_time":1578508365670223,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365670223,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0acBAADMG+hqnVnoywKgBuHZf3V5M8kZjXHG6doAQAOu80gAAAQEICtN7SIQi2JhC"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1463,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365300081,"flow_dst_last_pkt_time":1578508365688431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365688431,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA8AABAACwGI8Z82eu0wKgBuHZf3VfxiPe9S9oGI6AScSAoCwAAAgQFrAQCCArI+HIBItiXEAEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1464,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365688547,"flow_dst_last_pkt_time":1578508365688431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365688547,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGD9bAqAG4fNnrtN1Xdl9L2gYj8Yj3voAQECy2XAAAAQEICiLYmHfI+HIB"} 01290{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1465,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365690049,"flow_dst_last_pkt_time":1578508365688431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":611,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":611,"pkt_l4_len":577,"thread_ts_usec":1578508365690049,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJVAABAAEAGDbXAqAG4fNnrtN1Xdl9L2gYj8Yj3voAYECzDmwAAAQEICiLYmHjI+HIBAh8EpBqek9IOd2DX3EmhTksPsRZtaZjiAo+lpZ5W2weEBnKWHQDM\/F9NsadhZ63pl3xv4ocAKVGXjfFUvBKZPAoJmuB\/bOkGr6g3QgsiHYWW4nIgEAe02a0n0ReBDRxbjbJsn3\/YJNkkgYQovoW08TU6AjTqONdN8R+e8gWmUAIK267y0hhxo5hNl0QGN35GVd4Z\/bpKroxasnTUUZkl+ETbpX7go59BNWHxd8NPWnrZJ+n\/GXBxSM9qpg1W0HDKcswUAss3Z9s3Zmd9To9DkN2h1GFu9GTLUSQYf3uSetUMPRbFqweMwBGjDuUi4Bs2ToJeGUmVlej9HFA\/3l3q5JXsKlh4K6nfHNO90M333Z+K4yB+3XT9YlHc5OcItlt8wH7eRX4SnTg00b\/SfR2kVh7mbPca6nP59EM6\/KYDq82eH9brr+HSE3aYrPnJlsNz3XCf51p84McyhI\/wzB1XYQ5\/OfE11+FPNQEsgV8RT0HvxtPReFCXcbYoki0KLc2Jc+xtu0Xe8WkSgyL\/Elm0YYrrnyyUs9qBHeXfFQI+LjwWyGpDChQT1pH5jvSB+daPeHiPVeCqqfF4vEx6qjoI1zDf0TBO6NCaCEmZjr\/fUb00V99k\/SiQMMBt+sNLGDfau+mMq9DQgpnfoJxpuksbI9PhnJUiVAO2nToGCLWxbZsfxwd\/UBJ7++AIcNnzOzewH+pSqVrSWJUwQUBxeLiPNxE="} -01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1465,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365300081,"flow_src_last_pkt_time":1578508365690049,"flow_dst_last_pkt_time":1578508365688431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":545,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365690049,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -02247{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1470,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365271977,"flow_src_last_pkt_time":1578508365699150,"flow_dst_last_pkt_time":1578508365699343,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":421,"flow_src_tot_l4_payload_len":861,"flow_dst_tot_l4_payload_len":662,"midstream":0,"thread_ts_usec":1578508365699343,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":27565.8,"max":147323,"stddev":54220.4,"var":2939852800.0,"ent":2.8,"data": [139345,139431,1667,141731,7248,147323,778,15,57,13,65,6714,5782,300,242,748,13,7,750,26,2,438,13,27,43,49,129951,188,824,130452,297]},"pktlen": {"min":52,"avg":100.2,"max":625,"stddev":122.1,"var":14898.1,"ent":4.4,"data": [64,60,52,625,52,473,52,84,53,176,55,68,84,52,53,52,202,61,68,52,52,52,84,53,100,67,68,52,52,84,52,53]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1],"entropies": [4.453177452,5.273559570,4.976373672,7.683106422,5.094483852,7.563943863,5.053297043,5.816047192,5.055253029,6.738208294,5.205876350,5.563172817,5.912971973,5.115703106,5.307834625,5.115703106,6.880195141,5.500168800,5.701214790,5.077241421,5.077241421,5.038779736,5.830870152,5.003273487,6.124698639,5.451741219,5.522660255,5.094483376,5.132945061,5.969577789,5.000318527,5.246605873]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1465,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365300081,"flow_src_last_pkt_time":1578508365690049,"flow_dst_last_pkt_time":1578508365688431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":545,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365690049,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02145{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1470,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365271977,"flow_src_last_pkt_time":1578508365699150,"flow_dst_last_pkt_time":1578508365699343,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":421,"flow_src_tot_l4_payload_len":861,"flow_dst_tot_l4_payload_len":662,"midstream":0,"thread_ts_usec":1578508365699343,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":27565.8,"max":147323,"stddev":54220.4,"var":2939852800.0,"ent":2.8,"data": [139345,139431,1667,141731,7248,147323,778,15,57,13,65,6714,5782,300,242,748,13,7,750,26,2,438,13,27,43,49,129951,188,824,130452,297]},"pktlen": {"min":52,"avg":100.2,"max":625,"stddev":122.1,"var":14898.1,"ent":4.4,"data": [64,60,52,625,52,473,52,84,53,176,55,68,84,52,53,52,202,61,68,52,52,52,84,53,100,67,68,52,52,84,52,53]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1],"entropies": [4.453177452,5.273559570,4.976373672,7.683106422,5.094483852,7.563943863,5.053297043,5.816047192,5.055253029,6.738208294,5.205876350,5.563172817,5.912971973,5.115703106,5.307834625,5.115703106,6.880195141,5.500168800,5.701214790,5.077241421,5.077241421,5.038779736,5.830870152,5.003273487,6.124698639,5.451741219,5.522660255,5.094483376,5.132945061,5.969577789,5.000318527,5.246605873]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1484,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365701530,"flow_src_last_pkt_time":1578508365701530,"flow_dst_last_pkt_time":1578508365701530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365701530,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1484,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365701530,"flow_dst_last_pkt_time":1578508365701530,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365701530,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG7OLAqAG4i6L\/0t1gdl\/B\/P6FAAAAALAC\/\/8ZigAAAgQFtAEDAwUBAQgKItiYggAAAAAEAgAA"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1517,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365712625,"flow_src_last_pkt_time":1578508365712625,"flow_dst_last_pkt_time":1578508365712625,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365712625,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1517,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365712625,"flow_dst_last_pkt_time":1578508365712625,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365712625,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGlo3AqAG4Ti+Tm91hdl8xKZuYAAAAALAC\/\/+26gAAAgQFtAEDAwUBAQgKItiYjAAAAAAEAgAA"} 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1521,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365736342,"flow_dst_last_pkt_time":1578508364732443,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1578508365736342,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHpIMAAEARoqnAqAG4b+UAtHZfTtYAsxSK2l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"} -02238{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1532,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":8,"flow_first_seen":1578508365592330,"flow_src_last_pkt_time":1578508365741203,"flow_dst_last_pkt_time":1578508365740945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":364,"flow_src_tot_l4_payload_len":929,"flow_dst_tot_l4_payload_len":812,"midstream":0,"thread_ts_usec":1578508365741203,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6,"avg":9596.4,"max":39189,"stddev":16023.4,"var":256750832.0,"ent":3.1,"data": [39074,39189,1465,38437,362,37288,763,13,47,10,88,39176,38284,307,256,561,11,34,20,89,30734,30582,269,187,28,20,37,34,54,6,63]},"pktlen": {"min":52,"avg":107.0,"max":592,"stddev":118.7,"var":14100.3,"ent":4.4,"data": [64,60,52,592,52,416,52,84,53,176,55,68,292,52,52,52,84,53,100,67,68,260,52,52,84,53,55,64,68,84,53,56]},"bins": {"c_to_s": [17,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0],"entropies": [4.484427452,5.346035480,5.077241421,7.656184673,5.233812809,7.517492771,5.077241898,5.839856625,5.102238178,6.715719223,5.192151070,5.552071571,7.256381512,5.038780212,5.118427753,5.195351124,5.807060242,5.116481304,6.072246075,5.481591702,5.581483841,7.116200924,5.038780212,5.233812809,5.744618893,5.154217243,5.228514671,5.419355392,5.552072048,5.863666058,5.154217243,5.264381886]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +02136{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1532,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":8,"flow_first_seen":1578508365592330,"flow_src_last_pkt_time":1578508365741203,"flow_dst_last_pkt_time":1578508365740945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":364,"flow_src_tot_l4_payload_len":929,"flow_dst_tot_l4_payload_len":812,"midstream":0,"thread_ts_usec":1578508365741203,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6,"avg":9596.4,"max":39189,"stddev":16023.4,"var":256750832.0,"ent":3.1,"data": [39074,39189,1465,38437,362,37288,763,13,47,10,88,39176,38284,307,256,561,11,34,20,89,30734,30582,269,187,28,20,37,34,54,6,63]},"pktlen": {"min":52,"avg":107.0,"max":592,"stddev":118.7,"var":14100.3,"ent":4.4,"data": [64,60,52,592,52,416,52,84,53,176,55,68,292,52,52,52,84,53,100,67,68,260,52,52,84,53,55,64,68,84,53,56]},"bins": {"c_to_s": [17,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0],"entropies": [4.484427452,5.346035480,5.077241421,7.656184673,5.233812809,7.517492771,5.077241898,5.839856625,5.102238178,6.715719223,5.192151070,5.552071571,7.256381512,5.038780212,5.118427753,5.195351124,5.807060242,5.116481304,6.072246075,5.481591702,5.581483841,7.116200924,5.038780212,5.233812809,5.744618893,5.154217243,5.228514671,5.419355392,5.552072048,5.863666058,5.154217243,5.264381886]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1536,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365741903,"flow_src_last_pkt_time":1578508365741903,"flow_dst_last_pkt_time":1578508365741903,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365741903,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1536,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365741903,"flow_dst_last_pkt_time":1578508365741903,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365741903,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG4nHAqAG4XkQ3ot1idl9YCAHzAAAAALAC\/\/91dwAAAgQFtAEDAwUBAQgKItiYqQAAAAAEAgAA"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1539,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365701530,"flow_dst_last_pkt_time":1578508365742943,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365742943,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIG+uaLov\/SwKgBuHZf3WDeocLiwfz+hqAS\/ogDJwAAAgQFrAQCCArjm6OzItiYggEDAwc="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365742990,"flow_dst_last_pkt_time":1578508365742943,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365742990,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG7O7AqAG4i6L\/0t1gdl\/B\/P6G3qHC44AQECwgIAAAAQEICiLYmKrjm6Oz"} 01071{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1543,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365744302,"flow_dst_last_pkt_time":1578508365742943,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":452,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":452,"pkt_l4_len":418,"thread_ts_usec":1578508365744302,"pkt":"EBMx8Tl2KDc3AG3ICABFAAG2AABAAEAG62zAqAG4i6L\/0t1gdl\/B\/P6G3qHC44AYECw86AAAAQEICiLYmKvjm6OzAYAENHCOMR2bTGVXFagrrP6AMRRXdSZyFBQAhe3AXn\/UD\/J2TEF5TMmsxTXpzQuKxUYCcseZbnZC7D6Yc0pmv1Z5txsS5jyXOTlSclCVYyVIBajV1cZcoGybREI9eyWxCKDfcsO9EpDw6GRpVfIGrAi41MI08YQYOFMuFmUdaXOwGBBkOvQvbJOv3UZxjQS\/P6iXPviQ2wCJOBH6lnf+MeMPmmbOw4n1EWuUumxXuFgXtnN7JPo4J10B6h1HnLjxJ+MAYbsKuguerCy1rm7lOzRgdXQyni9bdeP8EUKpl4H8KmWSvZ1E4ZMAZvCZjJFrYJgk6YMbmXF85LUKijeeOqXjmuGIYxlJf3w9bU1\/IBF2UUU5GZYAr+LFw4Cg5xPMNPbe9A4xAk2Nc2BzSz5lNbXZzMWV1Yk7u7Cj7i65qKu9UhOe91ZiBrpAvUxkFmrorTb5ItgUfX5XXV7DLSz9jemxfGeSemsc9UWjnmQLsmRO9mOJgas4f9bQq5Co5Ci33t8="} -01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365701530,"flow_src_last_pkt_time":1578508365744302,"flow_dst_last_pkt_time":1578508365742943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":386,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365744302,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1543,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365701530,"flow_src_last_pkt_time":1578508365744302,"flow_dst_last_pkt_time":1578508365742943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":386,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365744302,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1548,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365487180,"flow_dst_last_pkt_time":1578508365747172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365747172,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0upBAAC0GmsmKS6u+wKgBuHZf3VEGdfqJHq1HsIAQAflmoAAAAQEICqQB\/Bci2Je6"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365751805,"flow_src_last_pkt_time":1578508365751805,"flow_dst_last_pkt_time":1578508365751805,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365751805,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365751805,"flow_dst_last_pkt_time":1578508365751805,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365751805,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGLpXAqAG4I+sl2N1jdl9d8bObAAAAALAC\/\/8KAAAAAgQFtAEDAwUBAQgKItiYsQAAAAAEAgAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1567,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365712625,"flow_dst_last_pkt_time":1578508365752998,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365752998,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GqJFOL5ObwKgBuHZf3WHPYyPBMSmbmaAScSA0jAAAAgQFrAQCCApPJ9\/rItiYjAEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1568,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365753063,"flow_dst_last_pkt_time":1578508365752998,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365753063,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGlpnAqAG4Ti+Tm91hdl8xKZuZz2MjwoAQECzEHgAAAQEICiLYmLJPJ9\/r"} 01316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1569,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365754605,"flow_dst_last_pkt_time":1578508365752998,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":633,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":633,"pkt_l4_len":599,"thread_ts_usec":1578508365754605,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJrAABAAEAGlGLAqAG4Ti+Tm91hdl8xKZuZz2MjwoAYECxJTAAAAQEICiLYmLNPJ9\/rAjUEaxC968g2R\/UCKOkAMZOG2GOOWkhEE4hBMPwWXGSryh5laEOY1kWT5ispkEnM\/49AUGIIZuJkqD2akSiX\/XVah9j1CHxvoQXnNWCiYfCGLvgMMQzSq2sHb3uVyYKm6ZIChx3IU71KwVaUjNwWUK5WEKS69CEDFdEB33CJ8ZVANf1A7J2459ZkzZUYmuWuESN6qwVAnAnkW57zzCZJ6tekLSrTgxSufEuRo3rLg6y2SWrXZHsMfm8NWC\/coOdUr+hoUV\/5a6o1UoK9kWAk77KyyfipxirR8r7OAjT3q2Stt\/WbpSPWcYV2qqS9Bm4nw5FL48cIcqcdiLPSIb9dEYxC38Z6TP+rtTho8YMsg5GKttdHQR2UgIeOQIgGdeiEqpNL79eaB95gl4RjhykkyaZTqPIP1c1y7eskq6OXasaM5vYH3ha952yxGXLJ8kk\/2FJx8uYrmBx1LLHCx11u5jQNtKtpl6P3LlY88u9lsBi8XGN9pRwXfdB8uUsqhG6qxr4\/YzujpZDRhIcmXTfuFAoCyZ868l0pneYeWhzm8aVdXGngXPpPjlIlA+fh1Dr\/mlSIjt3dwk7D6Hc0GdedJcfKJqZNzCWgifQSHPMms2eXsh03tI85ZIV0zZZIkF1s1LTorhEXICW6oYC9SAvhr5ELvUJ9Gp\/pI3HsEx1stHXgNgeDS+ZTDCNpCRfRNLsSY6c722ZAI0Q6tM+xt1LeuTTvyJ+2D8LSRE2JV7ipflk\/HQZyYEle"} -01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365712625,"flow_src_last_pkt_time":1578508365754605,"flow_dst_last_pkt_time":1578508365752998,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":567,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":567,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365754605,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1569,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365712625,"flow_src_last_pkt_time":1578508365754605,"flow_dst_last_pkt_time":1578508365752998,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":567,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":567,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365754605,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1581,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365751805,"flow_dst_last_pkt_time":1578508365776923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365776923,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADsGM5kj6yXYwKgBuHZf3WOqScTQXfGznKAS\/ohykQAAAgQFrAQCCAo1IQWkItiYsQEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1582,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365777046,"flow_dst_last_pkt_time":1578508365776923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365777046,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGLqHAqAG4I+sl2N1jdl9d8bOcqknE0YAQECyPmwAAAQEICiLYmMg1IQWk"} 01272{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1583,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365778282,"flow_dst_last_pkt_time":1578508365776923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":596,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":596,"pkt_l4_len":562,"thread_ts_usec":1578508365778282,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJGAABAAEAGLI\/AqAG4I+sl2N1jdl9d8bOcqknE0YAYECw8GwAAAQEICiLYmMk1IQWkAhAE9LX9UDkdTQbLSSKVf\/o+Rbx+cVd78lZfof4WIy1rhMxz3RbpZOK+P94lXMknoMtxJdJQ4A7\/BT3XtB0RN9sUSmjLER26V8aOZ0XKqPmaES\/WPIEFoA6jFEgWSAEtlrcyP2PAwHXqAL3AbQbWGq7PeHB6kv65feTwOi0ydjhJegpyNynyq5tDvSCMsfS2rYkVvUQJGHAU1XK9mqnysHXV8shlebGWRPpI98y1Vxgu0az+7R+egzxR+1BHJN63c+WI9rT8DdcDeJ8KCs1sdnHfcQSyErvf77ZnV\/JsK35u87tFZIhBtc0ha+H7KMsboUnC9ei0iN\/8IUhS5l6devCaEtiowIFyVnWsdGX93DG2McymFU2OUXkEXXRwh3MXWAL1FOfL\/pAsIA1JMiQr\/1EwZ08w6Lj\/yH5r5mTzwJpNcgmyuo44bG5DTYaRB4B9LALur1c8OhYSmtc1hVX8t3t\/iblrMzQiGxF+F\/NAYKQqo\/hrfLdv2S4at4Q1Bcj+GaRaNOwVK2GzfBQ3qBzh0uXtO7lSIzfWd4Ic6VPqTqFQj0\/zWxTGfIn0j3loyEBQRx4YDTqeVkXtu7Is\/9MIlC0FYIpCog73jaUasZzRlH0g\/phdSxjBoehWKT1sYQjp8X9ya0ttTiK9+LoRf4iQjvixkpPAseX9BpmombBDue+eKW\/A5eOEFZroFm1HsfbstLY="} -01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365751805,"flow_src_last_pkt_time":1578508365778282,"flow_dst_last_pkt_time":1578508365776923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":530,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365778282,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1583,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365751805,"flow_src_last_pkt_time":1578508365778282,"flow_dst_last_pkt_time":1578508365776923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":530,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365778282,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365781990,"flow_dst_last_pkt_time":1578508364776411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1578508365781990,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHjqoAAEARyLjAqAG40WGPAXZfw1AAs7BF2l5Lj\/FNPSwNskN7KXHg69sINFX5NaCleeEwgXwmONn61xupKUye1QOfHD1DMyDw8Rv4bxSGME4AJ9XC7q+0Pwz+NqNAUtNYGL1TDF+F5wROIhyoide5OcgIFnuRD6baAQP4R7hAggEUSZWpWZm0YK3HCqZiBR7sHJ3wp8USPzyX73HGoWVqts4UjRd8TfDxZuCIPe7jI\/CXMWJB7l7pTCCyfJvg8YReFiBh"} -02246{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1589,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365239758,"flow_src_last_pkt_time":1578508365782730,"flow_dst_last_pkt_time":1578508365782698,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":583,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":871,"flow_dst_tot_l4_payload_len":648,"midstream":0,"thread_ts_usec":1578508365782730,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":35029.4,"max":184362,"stddev":71024.3,"var":5044451840.0,"ent":2.6,"data": [179302,179369,1797,184362,177,182759,106,62,111,97,367,12,367,8,114,117,157,11,64,17,19,306,10,10,14,156,176481,904,995,9,177632]},"pktlen": {"min":52,"avg":100.1,"max":635,"stddev":121.0,"var":14650.9,"ent":4.4,"data": [64,60,52,635,52,443,52,84,52,53,52,213,66,52,52,68,52,84,53,176,55,68,84,53,111,56,68,52,52,84,53,52]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0],"entropies": [4.515677452,5.346035480,5.038780212,7.678948879,5.233812809,7.426693916,5.115703106,5.903985023,5.115703106,5.307834625,5.115703106,7.013820648,5.585841656,5.077241421,5.077241421,5.642391205,5.038780212,5.798073769,5.116480827,6.750286102,5.119424820,5.423324585,5.821883202,5.116480827,6.247833252,5.085811138,5.423323631,5.142372608,5.156889439,5.894998550,5.270098209,5.038779736]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +02144{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1589,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365239758,"flow_src_last_pkt_time":1578508365782730,"flow_dst_last_pkt_time":1578508365782698,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":583,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":871,"flow_dst_tot_l4_payload_len":648,"midstream":0,"thread_ts_usec":1578508365782730,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":35029.4,"max":184362,"stddev":71024.3,"var":5044451840.0,"ent":2.6,"data": [179302,179369,1797,184362,177,182759,106,62,111,97,367,12,367,8,114,117,157,11,64,17,19,306,10,10,14,156,176481,904,995,9,177632]},"pktlen": {"min":52,"avg":100.1,"max":635,"stddev":121.0,"var":14650.9,"ent":4.4,"data": [64,60,52,635,52,443,52,84,52,53,52,213,66,52,52,68,52,84,53,176,55,68,84,53,111,56,68,52,52,84,53,52]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0],"entropies": [4.515677452,5.346035480,5.038780212,7.678948879,5.233812809,7.426693916,5.115703106,5.903985023,5.115703106,5.307834625,5.115703106,7.013820648,5.585841656,5.077241421,5.077241421,5.642391205,5.038780212,5.798073769,5.116480827,6.750286102,5.119424820,5.423324585,5.821883202,5.116480827,6.247833252,5.085811138,5.423323631,5.142372608,5.156889439,5.894998550,5.270098209,5.038779736]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1615,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365744302,"flow_dst_last_pkt_time":1578508365785326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365785326,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0bUpAADIGjaSLov\/SwKgBuHZf3WDeocLjwf0ACIAQAfsspAAAAQEICuObo90i2Jir"} 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1635,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365790531,"flow_dst_last_pkt_time":1578508365409833,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":189,"pkt_l4_len":155,"thread_ts_usec":1578508365790531,"pkt":"KDc3AG3IEBMx8Tl2CABFAACvhghAAC4RWa+3gfKkwKgBuAQAdl8Am4d5FgHfIftbEdGemWX9uJ16FA6k+WVbnPu2Id92nOmvNTMzJsYZhuKpgOg2BWLs9gpXt9MYEHTb4XRrvJpY9bxU7gk6CGcHLVmx9130TYh4XRLkOZ66VYrf8Hdp9jo5nr33AALwyYS3gfKkggQAgKA6kYFaNN4mivY4dMV0iQl8dqc3C6xPtn5fpmExxxSkRoReFiBh"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1636,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365754605,"flow_dst_last_pkt_time":1578508365793904,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365793904,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0MZBAAC4GdwlOL5ObwKgBuHZf3WHPYyPCMSmd0IAQAOzQ\/AAAAQEICk8n4BUi2Jiz"} @@ -429,15 +429,15 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1645,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365741903,"flow_dst_last_pkt_time":1578508365813172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365813172,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADAG8nVeRDeiwKgBuHZf3WKbomHRWAgB9KAScSDEJQAAAgQFrAQCCAppF+qfItiYqQEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1646,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365813279,"flow_dst_last_pkt_time":1578508365813172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365813279,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG4n3AqAG4XkQ3ot1idl9YCAH0m6Jh0oAQECxToAAAAQEICiLYmOdpF+qf"} 01290{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1647,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365814591,"flow_dst_last_pkt_time":1578508365813172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":613,"pkt_l4_len":579,"thread_ts_usec":1578508365814591,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJXAABAAEAG4FrAqAG4XkQ3ot1idl9YCAH0m6Jh0oAYECwXFAAAAQEICiLYmOhpF+qfAiEE37iLH4Byz5aoVSIRnj\/Qz4MQ9XDR0JF7ApiVzj4ntUnldVXSA4CHeCHd1\/eXkzJccAECqPGKuRQf+rvknIMC\/OtOHBpZCHgdYlh9xfWnJAocRvLEeyW1dproXyl1uvktLucffIdsaa6c2BS4MJCqbTvploXJIsmsceqMipXJUBjWV2VPKdFwMlXfmZKFa6ozHzQWxB+03uQQjwg6EOMavhW8dIPCLc6Tve+wDEsYuXE+toFcJ5mRy97txst\/YhfbJ0JxnhBR3cO\/U15XLrxW1t\/hwZJHJ3LnmJC7I2qsvs3CeFRF71d7Gk1mWoQjydgaczYOZzUBGWMkbo3Vl+DaP5LXHfZZXLYQTaJeBbzOAoGzGm7Lpw0IM1HKyZCRoEZrj7m5bK9AMdgjFnchyiocKfXHcusfs2YQjxWurgaSwEQKFs8T1+3dh+B3oSs8z\/aefWfCbqvwGEibR+7PIAQxZ02KE7954qZAL3mwaPBKfTB3pqiJ8OD59Xx6VcaQParzV50QhNAvZWDrV9Ucawysj+mArBGtpIGa4WspYliUgEOp71y+8bBYopILao4xL16IC1QXd+DAYWY+8iBI2yhSdXEkJrsWtYScV\/EbjYLXSddQ7GAMuZNR54+1d+\/8X2d8i78texnyACB+jGphwMoXatKNJL7gfFnqvN\/CPZi9bvy5kEbRdr0KrRSqX5ZJ8v770NGtGVtZGzmnt7NFMU40Yg=="} -01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1647,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365741903,"flow_src_last_pkt_time":1578508365814591,"flow_dst_last_pkt_time":1578508365813172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365814591,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1647,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365741903,"flow_src_last_pkt_time":1578508365814591,"flow_dst_last_pkt_time":1578508365813172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":547,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365814591,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1648,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365818517,"flow_dst_last_pkt_time":1578508365315825,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":213,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":213,"pkt_l4_len":179,"thread_ts_usec":1578508365818517,"pkt":"EBMx8Tl2KDc3AG3ICABFAADHexAAAEARgjvAqAG4Etunn3Zfdl8As7I6jzNiPJIVM3tcF4QguFz6RQGGDso0T\/4eOeRfeMWf4oyQ0IEszB80EYqWvZ5Dhv0d0QTf1b4I2pLi4d6Z91CPKy22KMZLr0TQSl9sdxLmB2kXyrRTAu4NovLwLl22EUUjAQP4R7hAGwckxV38aoEQ3R3z6i1sbxgztMaJbhd8mlK6anhGQ6H0+w6JOUS\/FIH4b+eX+gcKRXXgkrfcf69BwK1A+Siq+4ReFiBh"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1664,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365828265,"flow_src_last_pkt_time":1578508365828265,"flow_dst_last_pkt_time":1578508365828265,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365828265,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1664,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365828265,"flow_dst_last_pkt_time":1578508365828265,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365828265,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGW5bAqAG4DfsOx91mdl9PCwRhAAAAALAC\/\/\/02wAAAgQFtAEDAwUBAQgKItiY9AAAAAAEAgAA"} -02235{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1665,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1578508365701530,"flow_src_last_pkt_time":1578508365787932,"flow_dst_last_pkt_time":1578508365828317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":356,"flow_src_tot_l4_payload_len":626,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1578508365828317,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":6877.1,"max":42383,"stddev":15108.4,"var":228262896.0,"ent":2.6,"data": [41413,41460,1312,42383,1046,42119,204,192,363,356,369,368,205,23,58,13,64,62,24,80,8,25,33,39148,1363,11,132,116,14,104,121]},"pktlen": {"min":46,"avg":84.0,"max":438,"stddev":90.7,"var":8221.2,"ent":4.5,"data": [64,60,52,438,52,408,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46]},"bins": {"c_to_s": [14,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1],"entropies": [4.472632408,5.366787434,5.077241898,7.477252960,5.094483376,7.506056309,5.032077789,5.945768356,5.032077789,5.682903290,5.032077789,5.594669342,5.032077789,5.686549187,5.109905720,6.751657963,5.222177982,5.381002426,5.835707664,5.072169304,5.148315907,5.414526463,5.517535210,5.070539474,5.209868431,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +02133{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1665,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1578508365701530,"flow_src_last_pkt_time":1578508365787932,"flow_dst_last_pkt_time":1578508365828317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":356,"flow_src_tot_l4_payload_len":626,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1578508365828317,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":6877.1,"max":42383,"stddev":15108.4,"var":228262896.0,"ent":2.6,"data": [41413,41460,1312,42383,1046,42119,204,192,363,356,369,368,205,23,58,13,64,62,24,80,8,25,33,39148,1363,11,132,116,14,104,121]},"pktlen": {"min":46,"avg":84.0,"max":438,"stddev":90.7,"var":8221.2,"ent":4.5,"data": [64,60,52,438,52,408,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46]},"bins": {"c_to_s": [14,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1],"entropies": [4.472632408,5.366787434,5.077241898,7.477252960,5.094483376,7.506056309,5.032077789,5.945768356,5.032077789,5.682903290,5.032077789,5.594669342,5.032077789,5.686549187,5.109905720,6.751657963,5.222177982,5.381002426,5.835707664,5.072169304,5.148315907,5.414526463,5.517535210,5.070539474,5.209868431,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1673,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365466737,"flow_dst_last_pkt_time":1578508365837105,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365837105,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0q5tAACsGiei2oqE9wKgBuHZf3Ueh\/8nVB33+UYAQAHo91wAAAQEICjwSYk8i2Jem"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1691,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365846680,"flow_src_last_pkt_time":1578508365846680,"flow_dst_last_pkt_time":1578508365846680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365846680,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1691,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365846680,"flow_dst_last_pkt_time":1578508365846680,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365846680,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGtj\/AqAG4I+SeNN1ndl9FuX9aAAAAALAC\/\/\/dzAAAAgQFtAEDAwUBAQgKItiZBAAAAAAEAgAA"} -02253{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1700,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365279592,"flow_src_last_pkt_time":1578508365851788,"flow_dst_last_pkt_time":1578508365851734,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":428,"flow_src_tot_l4_payload_len":760,"flow_dst_tot_l4_payload_len":764,"midstream":0,"thread_ts_usec":1578508365851788,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":9,"avg":36914.1,"max":194120,"stddev":74421.4,"var":5538540544.0,"ent":2.7,"data": [179215,179258,1530,193512,372,17,192344,9,225,230,714,12,52,18,61,2845,2062,406,9,21,19,104,193755,151,777,194120,128,66,1119,26,1161]},"pktlen": {"min":52,"avg":100.2,"max":524,"stddev":109.0,"var":11872.9,"ent":4.5,"data": [64,60,52,524,52,480,84,52,52,184,52,84,53,176,55,68,80,52,84,53,100,67,68,52,52,84,52,133,52,83,52,52]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,1,0,1,1,0],"entropies": [4.453177452,5.348397732,4.961856365,7.599962234,4.933627129,7.510960579,5.832557201,4.932822704,4.932822704,6.835141659,4.894361019,5.783250809,5.064501762,6.716285229,5.069335938,5.335089684,5.759187222,4.947339535,5.789087296,5.078744888,6.152247906,5.259534836,5.434425354,4.972088337,5.025067329,5.878987312,5.038779736,6.474194050,4.961856842,5.903718472,5.154969215,4.961856842]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +02151{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1700,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365279592,"flow_src_last_pkt_time":1578508365851788,"flow_dst_last_pkt_time":1578508365851734,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":428,"flow_src_tot_l4_payload_len":760,"flow_dst_tot_l4_payload_len":764,"midstream":0,"thread_ts_usec":1578508365851788,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":9,"avg":36914.1,"max":194120,"stddev":74421.4,"var":5538540544.0,"ent":2.7,"data": [179215,179258,1530,193512,372,17,192344,9,225,230,714,12,52,18,61,2845,2062,406,9,21,19,104,193755,151,777,194120,128,66,1119,26,1161]},"pktlen": {"min":52,"avg":100.2,"max":524,"stddev":109.0,"var":11872.9,"ent":4.5,"data": [64,60,52,524,52,480,84,52,52,184,52,84,53,176,55,68,80,52,84,53,100,67,68,52,52,84,52,133,52,83,52,52]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,1,0,1,1,0],"entropies": [4.453177452,5.348397732,4.961856365,7.599962234,4.933627129,7.510960579,5.832557201,4.932822704,4.932822704,6.835141659,4.894361019,5.783250809,5.064501762,6.716285229,5.069335938,5.335089684,5.759187222,4.947339535,5.789087296,5.078744888,6.152247906,5.259534836,5.434425354,4.972088337,5.025067329,5.878987312,5.038779736,6.474194050,4.961856842,5.903718472,5.154969215,4.961856842]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1710,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365852452,"flow_src_last_pkt_time":1578508365852452,"flow_dst_last_pkt_time":1578508365852452,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365852452,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1710,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365852452,"flow_dst_last_pkt_time":1578508365852452,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508365852452,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG3OLAqAG4ijsROt1odl\/ttHvbAAAAALAC\/\/9f7QAAAgQFtAEDAwUBAQgKItiZCQAAAAAEAgAA"} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1724,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365594975,"flow_dst_last_pkt_time":1578508365881659,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1578508365881659,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoEm9AADQGZggj5egTwKgBuHZf3VbzHyaN6OsKtlAQAOd\/jwAAAAAAAAAA"} @@ -448,36 +448,36 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1771,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365846680,"flow_dst_last_pkt_time":1578508365903324,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365903324,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADUGwUMj5J40wKgBuHZf3Weyx8H3Rbl\/W6AS\/ogN9wAAAgQFrAQCCAqAlezxItiZBAEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1772,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365903403,"flow_dst_last_pkt_time":1578508365903324,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365903403,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGtkvAqAG4I+SeNN1ndl9FuX9bssfB+IAQECwq5AAAAQEICiLYmTiAlezx"} 01071{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1773,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365904731,"flow_dst_last_pkt_time":1578508365903324,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":452,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":452,"pkt_l4_len":418,"thread_ts_usec":1578508365904731,"pkt":"EBMx8Tl2KDc3AG3ICABFAAG2AABAAEAGtMnAqAG4I+SeNN1ndl9FuX9bssfB+IAYECwuKgAAAQEICiLYmTmAlezxAYAEAI1WBIPOD+hvKzPihfgTsOhWByW+C6Yhi3aeyyxqusCgQH9q37FRiEsngnOCMI7rJEwEPvgUNolGAytmmnyJRsIzn8vdMIkApueE7gMLi1YpwTjQaWrs+8xiJzorrCETkzisBPhidyCcKQ8Kr7fMnn0S3bt2fTuis2U17aEnv4rA7qNEJ8\/qQ5MkfWeXh5GUk7QhxTxf6VWzZJ9gCVFp1hgqpFInxoD2RNquVcofYzLkoB5d9NYmXmMCB\/qQogZwzumq7QPVd1imlhdTGHBWnP7S8KIIuUh8Qbp8ZLK2AYPjY11xLDym9J5RNBVK8mtNpRXDXJTPh+QjbCzaLb0dMDVQlgD9QBs\/WLOKpoOvhBwf3GhqdniMnF2B\/RZcNkHU\/1mz6h1baVoqZvvLDXKFuU4QXpkwBNr+0pNztLGHhSmPsjE71AWc7lo\/1OrevhLNW+p2gRC9\/GtyljgFr98tzwExGKsXkY2VdoZiaj0TAL+A8kThPoEqTVMfwZ8EVYI="} -01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1773,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365846680,"flow_src_last_pkt_time":1578508365904731,"flow_dst_last_pkt_time":1578508365903324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":386,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365904731,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1773,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365846680,"flow_src_last_pkt_time":1578508365904731,"flow_dst_last_pkt_time":1578508365903324,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":386,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365904731,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1774,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365919739,"flow_src_last_pkt_time":1578508365919739,"flow_dst_last_pkt_time":1578508365919739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365919739,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1774,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1578508365919739,"flow_dst_last_pkt_time":1578508365919739,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1578508365919739,"pkt":"EBMx8Tl2KDc3AG3ICABFAACc44MAAEARsuTAqAG4p1Z6MnZfdl8AiFGIcmRL\/sJ+HmBFF7n+UfEKJLvDdBgdKzSECJqxpMbuAWJCFnSyz1LOPGHXvK4XvgJfd8y9TVVaoZxiY0SgM1nuu1KcsxmveZ1Iboux45kEq0UHna5hbl98Bua+Zy2zz7pAAAHdBMuEfwAAAYJ2X4J2X8mEp1Z6MoJ2X4CEXhYgYQU="} -01161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1774,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365919739,"flow_src_last_pkt_time":1578508365919739,"flow_dst_last_pkt_time":1578508365919739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365919739,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1774,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365919739,"flow_src_last_pkt_time":1578508365919739,"flow_dst_last_pkt_time":1578508365919739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365919739,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365885366,"flow_dst_last_pkt_time":1578508365925923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508365925923,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADMG5s7PtM7YwKgBuHZf3WknDwC1nc8LZ6AScSCqDAAAAgQFrAQCCApcfI6dItiZJwEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1776,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1578508365926010,"flow_dst_last_pkt_time":1578508365925923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365926010,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2dbAqAG4z7TO2N1pdl+dzwtnJw8AtoAQECw5oAAAAQEICiLYmUxcfI6d"} 01233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1777,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":4,"flow_src_last_pkt_time":1578508365927412,"flow_dst_last_pkt_time":1578508365925923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":568,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":568,"pkt_l4_len":534,"thread_ts_usec":1578508365927412,"pkt":"EBMx8Tl2KDc3AG3ICABFAAIqAABAAEAG1+DAqAG4z7TO2N1pdl+dzwtnJw8AtoAYECz3aAAAAQEICiLYmU1cfI6dAfQEOtheYzZ3ToHpdnjPq+WTlV2N5YhX4HNfpe1NKrOUZnLF1eT\/PeeoMMIkKh\/DkVHT5erq5iLxOcqC8dq2P9yyBVP9NLipJL+0WTRaDCfOFiHp6eQuX4fc\/C1mgNozcW7bne9FJjl4PMHYYsSA\/cfk1Po4ifI83DgcIadRba3\/Lpfh5z5yYHFNZEPI6DvXWQgpBAp9MWZRHnK2h7WjiD8wEOe0ez0HD4JoWp4BbpZF8LYgL+gBjgp8rckk6fDFLIv3cC+uMNaFnCpqhBSZxmJH2km2+BJaGY+UdVvSlXi0QiW+WPWdZRcj6\/HDQ+zbwJU+0pKdv4YBHcLU\/VxaaVCQJHVrxSqBXdw01gj0Fp50lJVJ476zGKf92Kf8jOUW82E8kedUehXGuJZQ47uAEanwY6caqald0YLfNWDjPm3lcpaCUMfI\/8u7BO6+\/8zCh7WVaZ28LT8I1ki9SGCivJoHRgKXEqq+ENPd3dhz\/saYb51gTVsfgiuDB5cF02dKphNqRedTZtbSueN\/+dPjnDlI3fDrLr0zByX8auwNsXlmkWzsTEMlwd\/or+AvjTG8hkunghjoOmGqza5uwUKQUntCo9BS+5Tk10Nb6kYc7gwSsd\/9zPpGEYJ7vw4Rv96NsaInOoafZRNhi0su2r64NPkrkLStyQ=="} -01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365885366,"flow_src_last_pkt_time":1578508365927412,"flow_dst_last_pkt_time":1578508365925923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":502,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":502,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365927412,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00950{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1777,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365885366,"flow_src_last_pkt_time":1578508365927412,"flow_dst_last_pkt_time":1578508365925923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":502,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":502,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508365927412,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1780,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365919739,"flow_dst_last_pkt_time":1578508365951357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":189,"pkt_l4_len":155,"thread_ts_usec":1578508365951357,"pkt":"KDc3AG3IEBMx8Tl2CABFAACvrTpAADMRthqnVnoywKgBuHZfdl8AmyGXAff4avCCJKd8iLkYnGp5WBGcR5kwKjaGYfuGK7O5Pxha3PZrVargsE3sp+V969kCE0ZShXRyP212X0\/ogX+KLxU0BMrg9yur0MCSn4OC+hF8e78p1SovnEhcJv1j5UvsAALwyYSnVnoygnZfgKByZEv+wn4eYEUXuf5R8Qoku8N0GB0rNIQImrGkxu4BYoReFiBh"} -02235{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1796,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365741903,"flow_src_last_pkt_time":1578508365961141,"flow_dst_last_pkt_time":1578508365961206,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":504,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":840,"midstream":0,"thread_ts_usec":1578508365961206,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":14146.5,"max":75129,"stddev":28349.9,"var":803714368.0,"ent":2.7,"data": [71269,71376,1312,75129,983,32,74778,28,135,90,486,477,192,27,65,15,66,252,9,12,16,87,69614,777,19,69699,729,15,730,7,115]},"pktlen": {"min":52,"avg":105.0,"max":599,"stddev":126.8,"var":16079.3,"ent":4.4,"data": [64,60,52,599,52,556,84,52,52,195,52,69,52,84,53,176,55,68,84,53,100,67,68,52,52,84,52,134,82,52,52,52]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1],"entropies": [4.428027153,5.333454132,5.014835358,7.631373405,5.195351601,7.586966038,5.775951385,5.038780212,5.000318050,6.896724224,5.000318527,5.543021202,5.038780212,5.697000027,5.116480827,6.792954922,5.069334984,5.517535210,5.883326530,5.154216766,6.099795818,5.552560806,5.458711624,5.156889439,5.195351124,5.775951862,5.038780212,6.440905094,5.855588436,5.038779736,5.038779736,5.118428230]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +02133{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1796,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1578508365741903,"flow_src_last_pkt_time":1578508365961141,"flow_dst_last_pkt_time":1578508365961206,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":504,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":840,"midstream":0,"thread_ts_usec":1578508365961206,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":14146.5,"max":75129,"stddev":28349.9,"var":803714368.0,"ent":2.7,"data": [71269,71376,1312,75129,983,32,74778,28,135,90,486,477,192,27,65,15,66,252,9,12,16,87,69614,777,19,69699,729,15,730,7,115]},"pktlen": {"min":52,"avg":105.0,"max":599,"stddev":126.8,"var":16079.3,"ent":4.4,"data": [64,60,52,599,52,556,84,52,52,195,52,69,52,84,53,176,55,68,84,53,100,67,68,52,52,84,52,134,82,52,52,52]},"bins": {"c_to_s": [15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1],"entropies": [4.428027153,5.333454132,5.014835358,7.631373405,5.195351601,7.586966038,5.775951385,5.038780212,5.000318050,6.896724224,5.000318527,5.543021202,5.038780212,5.697000027,5.116480827,6.792954922,5.069334984,5.517535210,5.883326530,5.154216766,6.099795818,5.552560806,5.458711624,5.156889439,5.195351124,5.775951862,5.038780212,6.440905094,5.855588436,5.038779736,5.038779736,5.118428230]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1809,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365904731,"flow_dst_last_pkt_time":1578508365963465,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365963465,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0lsZAADUGKoUj5J40wKgBuHZf3Weyx8H4RbmA3YAQAfs3WAAAAQEICoCV7Ssi2Jk5"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1817,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365927412,"flow_dst_last_pkt_time":1578508365966408,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508365966408,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0ojNAADMGRKPPtM7YwKgBuHZf3WknDwC2nc8NXYAQAOtGwwAAAQEIClx8jsQi2JlN"} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1835,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508366005550,"flow_src_last_pkt_time":1578508366005550,"flow_dst_last_pkt_time":1578508366005550,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366005550,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1835,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1578508366005550,"flow_dst_last_pkt_time":1578508366005550,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508366005550,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGV9jAqAG4M1PtLN1sdl8dp4x2AAAAALAC\/\/+ZwwAAAgQFtAEDAwUBAQgKItiZlwAAAAAEAgAA"} -02238{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1847,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1578508365226088,"flow_src_last_pkt_time":1578508365751522,"flow_dst_last_pkt_time":1578508366012044,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":539,"flow_dst_max_l4_payload_len":459,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":523,"midstream":0,"thread_ts_usec":1578508366012044,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":42302.9,"max":263115,"stddev":95827.5,"var":9182917632.0,"ent":2.4,"data": [259670,259779,1313,261414,3049,263115,462,422,253,247,161,10,63,22,41,100,13,84,18,22,24,260103,45,20,93,122,13,668,28,8,8]},"pktlen": {"min":46,"avg":91.4,"max":591,"stddev":121.5,"var":14755.2,"ent":4.3,"data": [64,60,52,591,52,511,52,84,52,84,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [13,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1],"entropies": [4.484427452,5.266787052,5.014835358,7.622575283,5.176993370,7.537411690,4.937911987,5.836015701,4.937911987,5.821192741,4.937912464,5.839856625,5.055252075,6.730566502,5.133149624,5.533761024,5.816047192,4.979780197,5.094675064,5.473884583,5.364500046,5.014835358,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +02136{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1847,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1578508365226088,"flow_src_last_pkt_time":1578508365751522,"flow_dst_last_pkt_time":1578508366012044,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":539,"flow_dst_max_l4_payload_len":459,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":523,"midstream":0,"thread_ts_usec":1578508366012044,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":42302.9,"max":263115,"stddev":95827.5,"var":9182917632.0,"ent":2.4,"data": [259670,259779,1313,261414,3049,263115,462,422,253,247,161,10,63,22,41,100,13,84,18,22,24,260103,45,20,93,122,13,668,28,8,8]},"pktlen": {"min":46,"avg":91.4,"max":591,"stddev":121.5,"var":14755.2,"ent":4.3,"data": [64,60,52,591,52,511,52,84,52,84,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [13,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1],"entropies": [4.484427452,5.266787052,5.014835358,7.622575283,5.176993370,7.537411690,4.937911987,5.836015701,4.937911987,5.821192741,4.937912464,5.839856625,5.055252075,6.730566502,5.133149624,5.533761024,5.816047192,4.979780197,5.094675064,5.473884583,5.364500046,5.014835358,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1857,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508366020357,"flow_src_last_pkt_time":1578508366020357,"flow_dst_last_pkt_time":1578508366020357,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366020357,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1857,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1578508366020357,"flow_dst_last_pkt_time":1578508366020357,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508366020357,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGwhnAqAG4WGNd291tdl+CSdQcAAAAALAC\/\/9XrgAAAgQFtAEDAwUBAQgKItiZpAAAAAAEAgAA"} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1862,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1578508366029471,"flow_dst_last_pkt_time":1578508364922060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578508366029471,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGjuvAqAG4I+nFg909dl+ptEcpAAAAALAC\/\/+KMAAAAgQFtAEDAwUBAQgKItiZrAAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1883,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1578508366005550,"flow_dst_last_pkt_time":1578508366047911,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508366047911,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAAC4GadwzU+0swKgBuHZf3WzP3gWFHaeMd6AScSA1dQAAAgQFrAQCCAppVMVvItiZlwEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1884,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_src_last_pkt_time":1578508366048028,"flow_dst_last_pkt_time":1578508366047911,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508366048028,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGV+TAqAG4M1PtLN1sdl8dp4x3z94FhoAQECzFBwAAAQEICiLYmb1pVMVv"} 01315{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1885,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":4,"flow_src_last_pkt_time":1578508366049271,"flow_dst_last_pkt_time":1578508366047911,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":627,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":627,"pkt_l4_len":593,"thread_ts_usec":1578508366049271,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJlAABAAEAGVbPAqAG4M1PtLN1sdl8dp4x3z94FhoAYECzkGQAAAQEICiLYmb5pVMVvAi8E\/d9Shp1Wof8nVfGKSM7RJvZNnmo9Ga6lzZbYzi6xSLj4mEhy87UBYqhItSXH4wiYhdnDEJxLeAeplMjCZwQTwUI8r\/mqMtilbtgqJT7FHqn0KzlloleWAbZcf6RlrFtZ+F8jJ7d3e\/qZCiSBcMfqrrKnpnfxc6PIgqW5xYAYLK9yKcvSLAthK38BCICCNxyBBw7u9bug3ilfal21loP8Z1nrYKE95xWUGXfm5fAO+XMs4jFhl3lCjbaO4X7O\/JRozVxKZzbQbET0htqvSmBtotzO3mbtHUrxkXocnjFFfRVAvVFQkIv0y2lSmDhN2\/kaxj\/C9pgnKUdG9kNfypLyW1MZftVLhrXhB9NbB+8rz2h\/\/8pPaj6K1fgAlnijKLWFb1uatTe5sSuE5gwtbVsLNBM8LabHDjVaIM0\/kYnHq5r+3\/aXBoTt8dX\/gq1i3sQtVBYZmFfJqH\/SkNEzGdUjeFFGAv7VDOYmrElKcwUexLIhXyJFoioI4\/cRNch1Va2\/IlEtxbqmlzxSxGwCLmkvpyRDYfxTKPC5NyhDapWoF1kUdBp+nzPdGgI26LRewDIJuRJhKJEardu5IggSLJb5AkveE\/UbFjmbKj\/XiD2mL\/0Ba3t9izaWL9PFZQRtpRodbjv22\/8K4lmJ2HjJFnn2txGVtr0rMlkpzMuQYvRt3qcLcpw57AfIeEvnEdP+VwFcYzFTY77NGn7Bk4C7pH0Cb5Yui+\/0U8zszRFnU4LK"} -01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1885,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508366005550,"flow_src_last_pkt_time":1578508366049271,"flow_dst_last_pkt_time":1578508366047911,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":561,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":561,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366049271,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1885,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508366005550,"flow_src_last_pkt_time":1578508366049271,"flow_dst_last_pkt_time":1578508366047911,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":561,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":561,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366049271,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1886,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365852452,"flow_dst_last_pkt_time":1578508366053699,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508366053699,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQG6OaKOxE6wKgBuHZf3Wh1cVfy7bR73KAScSDVxwAAAgQFrAQCCArYuYPhItiZCQEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1887,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_src_last_pkt_time":1578508366053757,"flow_dst_last_pkt_time":1578508366053699,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508366053757,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG3O7AqAG4ijsROt1odl\/ttHvcdXFX84AQECxkxwAAAQEICiLYmcLYuYPh"} 01155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_src_last_pkt_time":1578508366055031,"flow_dst_last_pkt_time":1578508366053699,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":513,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":513,"pkt_l4_len":479,"thread_ts_usec":1578508366055031,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHzAABAAEAG2y\/AqAG4ijsROt1odl\/ttHvcdXFX84AYECxJRgAAAQEICiLYmcPYuYPhAb0EyFeCRkVW7xKjMJnkKdVN4VmEcRbZb6qac5GzUua9GdONKNMWjh5cdEV09YLTutDtYHGQDnHn76SSjHS+061NKkbohQJuV4I7kbzXsKd9Qa09IaHs8Z1\/2SlmEx9qpaxj3x\/puNCp2K1CS8MsEj1RFk8Yb0eFQtqjhLs\/FkKfwZMK9rGGqe68FOs1s1zkpiD9Vgj13\/IcntW99pt9wSexahGzJJOLD3TAKDPUeMdUj7rBi7b06Y3buzihLZVOQoWjabiMbAWHJOTcdZSv9xrxMq2SPwwKaV98\/x3+del4d1nHrx3tECAvBcIjIRX7\/ugU0u5dNNbrVfIvbOZrn0RgEVow8X\/LFaRlKusezAac574M4r9vaUCFW7kzUXZbLakP+KO3M3u6l9TNDc\/mjr+am0Hz49uo+hCGmj0lwjeEbB4DRzQI61poEZ9UBxyJyci5GsyZILcbb9e4tercN8jUjknNWYi\/WR0W8WZFZZMHMO5FCPUc467eAS+fok+tU5bA5OUk4xPuV9XutmdmDJuBWsXnaeelN5b5MWxerAH7MBBMBgR2RSH7aWdbn3cuC8hFs1vuMnNnJoxNFHd8"} -01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1888,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365852452,"flow_src_last_pkt_time":1578508366055031,"flow_dst_last_pkt_time":1578508366053699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":447,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":447,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366055031,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1888,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365852452,"flow_src_last_pkt_time":1578508366055031,"flow_dst_last_pkt_time":1578508366053699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":447,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":447,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366055031,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1889,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1578508366020357,"flow_dst_last_pkt_time":1578508366058177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508366058177,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEG0R1YY13bwKgBuHZf3W1kMpWvgknUHaAScSBLTAAAAgQFrAQCCApXTVsMItiZpAEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1890,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1578508366058290,"flow_dst_last_pkt_time":1578508366058177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508366058290,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGwiXAqAG4WGNd291tdl+CSdQdZDKVsIAQECza4gAAAQEICiLYmcZXTVsM"} 01334{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1578508366059449,"flow_dst_last_pkt_time":1578508366058177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":646,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":646,"pkt_l4_len":612,"thread_ts_usec":1578508366059449,"pkt":"EBMx8Tl2KDc3AG3ICABFAAJ4AABAAEAGv+HAqAG4WGNd291tdl+CSdQdZDKVsIAYECxi5gAAAQEICiLYmcdXTVsMAkIEkU6nNDsxTimm1+lLIM9VAtDD96FWduAKv2o7tn9pg5MVAkOlOVQb\/Xnad7N8GyCEZIAprkWLu5XsJegMQIC8fkIR9S38ycW0YYnM\/im4zvuKRhf\/c3huXgugQKX39sJV\/7Ha9xRxYzIlvSSFLsDo\/6Qn4IO++AZaabw4aKrdnQ0WMQhOnXE5cJMAPFZxbbfL8IxuO7Dz1K0i5h5bkCeK9+\/Gt3b\/VyW8c5Zhh0UkXEzpp89UPtnGpJQXAG9IqEnLXUSMD1LpV66H4a8Qc6nvfeq5vU\/xZjZAyzvEW1q5ILYGeQvc8GMntYiEgfDfED8vvMAUPdnXeTbHW1HeANMbiHXCbZhK2+gXVzpSgv74B9pnRDZnlgnutHC\/8XPbTHEZuJkR5UGgSYC46E5rszgjczIZo4pVPtCYlNkNRpKDzCOJl6sqAvlw1xq0rBJa3A1x0jnRfsq+lQgOvj3G7eSUdu7jVUEamyfkInFJZhPtc0zm5EESxm7D3cqablMR9oTI9Ezj5XKyHFmra0B9wQjEz38HdfaUDzTs8DHGPSK34n5+cl\/xlQVz4N1xqA5D8lqHtrp2yCCYjg+3V++Er7SZLvHCRxmWZYVG0WQp905J7e9aoBpaRRifRIpj8LjvV3Qav5XZ11iUErkIqvJdI3buKkfz6f42KqHb8SZRPPn2hi6vy+yjx+0yZFXPpsmgIUkO9lHJxTj+R38BFIe5uM7xzCcSI6M89NfNaAOg1fZ5DfyPg+0xi9rbBtRivyHaZkRfPw=="} -01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1891,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508366020357,"flow_src_last_pkt_time":1578508366059449,"flow_dst_last_pkt_time":1578508366058177,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":580,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366059449,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1891,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508366020357,"flow_src_last_pkt_time":1578508366059449,"flow_dst_last_pkt_time":1578508366058177,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":580,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366059449,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1892,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365690049,"flow_dst_last_pkt_time":1578508366066179,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508366066179,"pkt":"KDc3AG3IEBMx8Tl2CABFCAA0RYJAACwG3kt82eu0wKgBuHZf3VfxiPe+S9oIRIAQAOvB9QAAAQEICsj4c4ci2Jh4"} 01048{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1893,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1578508365630052,"flow_dst_last_pkt_time":1578508366066535,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":434,"pkt_l4_len":400,"thread_ts_usec":1578508366066535,"pkt":"KDc3AG3IEBMx8Tl2CABFAAGk1PdAACcG1CHKcBxqwKgBuHZf3U9YWyafOLFiFIAYAHZg7wAAAQEICicf8lQi2JhAAW4Eb4tJ4G0jm2w2X\/dME5pw7vBa9j9ujIWIKs1wYP1tPpT\/JMFATlW0qVpxMkCH9duymFjwMU5KrD3BPQhTeMFKe4hWJT3IWd5JIGgm1wRv\/epylyFqqL1ZQXmZ8+FAUctl9hZ45+DUgNYu5jDw5TE6BWg+pTb4WO9NaRwmsqvxFJkrOzTQY7RUkqeLF11yrrhmQAOk671BkBostX733SY03j5J2I89zTwy7rzP+VfVAcLjaiLu1ZCSAja37gScTIARq\/8Hi95BT9wkXsvyjDE0qz+A\/HG6CSCINuBOFCNSm+3F0L4nSkQyzhCUQvPPJGb9DRx1OV2POt4AnXmOmldfV9VssdrXMg2KbqMmmjuooxPlh5iubQXg9nnuNkC3jPI8Y3bw9bHW6SKs5FKUJ0s1h8NIvL0Jm4chNTujBy02Lz0x3JZXPgIJJJe\/4xdGFMyFazMdL5Y\/H0rbFz0t4fZ1B7x8A87E7XEr\/L5Ldp4="} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1930,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508366073881,"flow_src_last_pkt_time":1578508366073881,"flow_dst_last_pkt_time":1578508366073881,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366073881,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -485,92 +485,92 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1939,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1578508365828265,"flow_dst_last_pkt_time":1578508366081823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508366081823,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8jPoAACgGJqAN+w7HwKgBuHZf3WZ3LeB+TwsEYqASaN+zCgAAAgQFrAQCCAoTnX6eItiY9AEDAws="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1941,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_src_last_pkt_time":1578508366081862,"flow_dst_last_pkt_time":1578508366081823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508366081862,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGW6LAqAG4DfsOx91mdl9PCwRidy3gf4AQECw5oQAAAQEICiLYmdkTnX6e"} 01097{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1951,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_src_last_pkt_time":1578508366083506,"flow_dst_last_pkt_time":1578508366081823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":470,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":470,"pkt_l4_len":436,"thread_ts_usec":1578508366083506,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHIAABAAEAGWg7AqAG4DfsOx91mdl9PCwRidy3gf4AYECz5oAAAAQEICiLYmdsTnX6eAZIEFrCo0N0ttqxpYaQ6\/DDzSswuwkgUgdNkL3WZM1v1fyZ2Ylb0NhLSoQBhonZfsRcPAuF\/WO+nwsCvfGQeXaGMXAMSJ7v0OK8rWtUAPR\/+qKg\/XDdHLSziLdfWzAHrSQazvItj3Lw3XRQytKVnPvrtJorfzhpqvmlk3d37bBGJ23mvRwVp6tPmv1ESOYsCymML4zMT1t025sBho2nQSsaSJ4ZnhF0vk41IwL32D5dq21fVy5+y1NCcpufvNBWXe2eG07dRg8loNL6osx09j8oPyPKWdkxz7f\/DS6IBNmlc912u9lmrDEBrovoPr+LTCo8NesjjPWN0GGyRe3fwZ4NJTeCiNRLC8wl+lpmnFnS\/\/w+3lom\/uRfaeuXXdvZmEq8WiM6jvqdvu+VG1DiPSG4DrK31EcD8gbYHKYXiSBoMYQDJ\/z4TrLKf4Ij6fWuNND3e3uJqm4GTASLM2T5zBmJCMa1h0RvyDJ6RKhfmsA4tFXWF4FD7J9ZVLqqtXan1mlOvoM8do0UUOv6GHD3Zlxjl0SY="} -01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1951,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365828265,"flow_src_last_pkt_time":1578508366083506,"flow_dst_last_pkt_time":1578508366081823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":404,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366083506,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00952{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1951,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365828265,"flow_src_last_pkt_time":1578508366083506,"flow_dst_last_pkt_time":1578508366081823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":404,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366083506,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1952,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":5,"flow_src_last_pkt_time":1578508366049271,"flow_dst_last_pkt_time":1578508366090791,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508366090791,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0\/xlAAC4GasozU+0swKgBuHZf3WzP3gWGHaeOqIAQAOzR6gAAAQEICmlUxZoi2Jm+"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1960,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":5,"flow_src_last_pkt_time":1578508366059449,"flow_dst_last_pkt_time":1578508366096835,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508366096835,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA00c9AADEG\/1VYY13bwKgBuHZf3W1kMpWwgknWYYAQAOzntgAAAQEICldNWzMi2JnH"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1968,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_src_last_pkt_time":1578508366073881,"flow_dst_last_pkt_time":1578508366117663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578508366117663,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGSnvOvWsjwKgBuHZf3W6FBUsAADkpP6AScSCofQAAAgQFrAQCCApn2sBGItiZ0wEDAwc="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1969,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_src_last_pkt_time":1578508366117769,"flow_dst_last_pkt_time":1578508366117663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578508366117769,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPoPAqAG4zr1rI91udl8AOSk\/hQVLAYAQECw4DwAAAQEICiLYmfpn2sBG"} 01099{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1970,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1578508366119559,"flow_dst_last_pkt_time":1578508366117663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":473,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":473,"pkt_l4_len":439,"thread_ts_usec":1578508366119559,"pkt":"EBMx8Tl2KDc3AG3ICABFAAHLAABAAEAGPOzAqAG4zr1rI91udl8AOSk\/hQVLAYAYECxdpAAAAQEICiLYmftn2sBGAZUEFk3FYfNys9s55XyY23YdDU3mEgfTwzJe27SlFM87eEMrJbt8cMgfjrjKWMiVLh8DFSnipO+kUBBPaWEbU3Ynmx9QZ3LCiokcuUn7Dv\/+DsRlOpOb9d7+9uxwgEIscONdRtih2SP3JkYCA5iz3x9iSDdCsdlbaZrLb4ApkwQdkHEdITIkUszUt2IX2uTJSV+yWP5LgWIqw0LC3HCjWNkdNsXaTWnyoaf2cxQE1sr8DLAEkla6sbskUUPcZxZdZjiulq\/TmUBdEsi20dCtnTcf\/jmlhSZy3voPmKqnhBPKSsaSYV7gSfuhHvsx91uppt0PNe3c4y1gZjJmVqYegwNwd0Rhv3znUxx3KvFnJvEHZ7qFrzJd+ENToWIdx6FI8UpuevN49imKrwGh6WMiZD5f+DuvvAz7122yS8O20jeD8xnmRJeaN9NLvP5y82I4mw+mgnTQZFXTXU9XVqqqQlOkUsTMTiF0dbm32C97Qj202x3I4SGZE8nwdInxnX8nY65E\/K8JK0edlNviRiUkfu9o\/gCJI\/Y="} -01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508366073881,"flow_src_last_pkt_time":1578508366119559,"flow_dst_last_pkt_time":1578508366117663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":407,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":407,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366119559,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -02254{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1983,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1578508365712625,"flow_src_last_pkt_time":1578508366123630,"flow_dst_last_pkt_time":1578508366123331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":567,"flow_dst_max_l4_payload_len":347,"flow_src_tot_l4_payload_len":951,"flow_dst_tot_l4_payload_len":859,"midstream":0,"thread_ts_usec":1578508366123630,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":26506.8,"max":285939,"stddev":65286.3,"var":4262303488.0,"ent":2.6,"data": [40373,40438,1542,40906,246535,285939,40615,40605,699,30,144,12,23,360,16,18,29,110,39411,235,883,650,39691,157,36,21,17,63,1098,839,216]},"pktlen": {"min":52,"avg":109.6,"max":619,"stddev":120.4,"var":14503.6,"ent":4.5,"data": [64,60,52,619,52,292,64,399,52,84,53,176,55,68,84,53,100,67,68,52,52,52,116,52,84,53,55,64,68,260,52,84]},"bins": {"c_to_s": [16,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,1,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,0],"entropies": [4.453177452,5.346035480,5.077241421,7.661995411,5.233812809,7.235357285,5.194910049,7.441572666,5.062724113,5.854679585,5.191952705,6.817754745,5.228514671,5.610895157,5.854679585,5.229689121,6.152247906,5.547358990,5.581482887,5.272274494,5.272274494,5.272274494,6.375947475,5.115703106,5.887475491,5.154217243,5.264878273,5.481855392,5.592584610,7.149727345,5.077241421,5.878489017]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01095{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1578508365226088,"flow_src_last_pkt_time":1578508365751522,"flow_dst_last_pkt_time":1578508366012064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":539,"flow_dst_max_l4_payload_len":459,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":523,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365852452,"flow_src_last_pkt_time":1578508366055031,"flow_dst_last_pkt_time":1578508366053699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":447,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":447,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01095{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":27,"flow_first_seen":1578508365045064,"flow_src_last_pkt_time":1578508365195126,"flow_dst_last_pkt_time":1578508365241563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":410,"flow_dst_max_l4_payload_len":382,"flow_src_tot_l4_payload_len":762,"flow_dst_tot_l4_payload_len":798,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01101{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":24,"flow_first_seen":1578508365153718,"flow_src_last_pkt_time":1578508365329945,"flow_dst_last_pkt_time":1578508365387209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":462,"flow_dst_max_l4_payload_len":442,"flow_src_tot_l4_payload_len":814,"flow_dst_tot_l4_payload_len":842,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01211{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1578508365189369,"flow_src_last_pkt_time":1578508365818517,"flow_dst_last_pkt_time":1578508365942196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1057,"flow_src_tot_l4_payload_len":449,"flow_dst_tot_l4_payload_len":1760,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01100{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1578508365846680,"flow_src_last_pkt_time":1578508366021276,"flow_dst_last_pkt_time":1578508366076116,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":370,"flow_src_tot_l4_payload_len":626,"flow_dst_tot_l4_payload_len":642,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01093{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":21,"flow_first_seen":1578508365741903,"flow_src_last_pkt_time":1578508365962493,"flow_dst_last_pkt_time":1578508366031637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":504,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":904,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01095{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":16,"flow_first_seen":1578508364832618,"flow_src_last_pkt_time":1578508365154217,"flow_dst_last_pkt_time":1578508365305200,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":413,"flow_dst_max_l4_payload_len":405,"flow_src_tot_l4_payload_len":653,"flow_dst_tot_l4_payload_len":469,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01096{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1578508365885366,"flow_src_last_pkt_time":1578508366006501,"flow_dst_last_pkt_time":1578508366042697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":502,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":742,"flow_dst_tot_l4_payload_len":590,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01099{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":9,"flow_first_seen":1578508365295537,"flow_src_last_pkt_time":1578508365885091,"flow_dst_last_pkt_time":1578508365884827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":435,"flow_dst_max_l4_payload_len":433,"flow_src_tot_l4_payload_len":675,"flow_dst_tot_l4_payload_len":497,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01211{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364925232,"flow_src_last_pkt_time":1578508364925232,"flow_dst_last_pkt_time":1578508364954930,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1057,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1482,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01206{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364697110,"flow_src_last_pkt_time":1578508364697110,"flow_dst_last_pkt_time":1578508364773700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1136,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01200{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365567882,"flow_src_last_pkt_time":1578508365567882,"flow_dst_last_pkt_time":1578508365567882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508366073881,"flow_src_last_pkt_time":1578508366119559,"flow_dst_last_pkt_time":1578508366117663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":407,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":407,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01099{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364522958,"flow_src_last_pkt_time":1578508364631940,"flow_dst_last_pkt_time":1578508364664127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":495,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":735,"flow_dst_tot_l4_payload_len":512,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01169{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365038942,"flow_src_last_pkt_time":1578508365038942,"flow_dst_last_pkt_time":1578508365038942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1970,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508366073881,"flow_src_last_pkt_time":1578508366119559,"flow_dst_last_pkt_time":1578508366117663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":407,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":407,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366119559,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +02152{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1983,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1578508365712625,"flow_src_last_pkt_time":1578508366123630,"flow_dst_last_pkt_time":1578508366123331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":567,"flow_dst_max_l4_payload_len":347,"flow_src_tot_l4_payload_len":951,"flow_dst_tot_l4_payload_len":859,"midstream":0,"thread_ts_usec":1578508366123630,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":26506.8,"max":285939,"stddev":65286.3,"var":4262303488.0,"ent":2.6,"data": [40373,40438,1542,40906,246535,285939,40615,40605,699,30,144,12,23,360,16,18,29,110,39411,235,883,650,39691,157,36,21,17,63,1098,839,216]},"pktlen": {"min":52,"avg":109.6,"max":619,"stddev":120.4,"var":14503.6,"ent":4.5,"data": [64,60,52,619,52,292,64,399,52,84,53,176,55,68,84,53,100,67,68,52,52,52,116,52,84,53,55,64,68,260,52,84]},"bins": {"c_to_s": [16,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,1,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,0],"entropies": [4.453177452,5.346035480,5.077241421,7.661995411,5.233812809,7.235357285,5.194910049,7.441572666,5.062724113,5.854679585,5.191952705,6.817754745,5.228514671,5.610895157,5.854679585,5.229689121,6.152247906,5.547358990,5.581482887,5.272274494,5.272274494,5.272274494,6.375947475,5.115703106,5.887475491,5.154217243,5.264878273,5.481855392,5.592584610,7.149727345,5.077241421,5.878489017]},"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1578508365226088,"flow_src_last_pkt_time":1578508365751522,"flow_dst_last_pkt_time":1578508366012064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":539,"flow_dst_max_l4_payload_len":459,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":523,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.75.171.190","src_port":56657,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365852452,"flow_src_last_pkt_time":1578508366055031,"flow_dst_last_pkt_time":1578508366053699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":447,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":447,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.59.17.58","src_port":56680,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":27,"flow_first_seen":1578508365045064,"flow_src_last_pkt_time":1578508365195126,"flow_dst_last_pkt_time":1578508365241563,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":410,"flow_dst_max_l4_payload_len":382,"flow_src_tot_l4_payload_len":762,"flow_dst_tot_l4_payload_len":798,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"185.219.133.62","src_port":56645,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00999{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":24,"flow_first_seen":1578508365153718,"flow_src_last_pkt_time":1578508365329945,"flow_dst_last_pkt_time":1578508365387209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":462,"flow_dst_max_l4_payload_len":442,"flow_src_tot_l4_payload_len":814,"flow_dst_tot_l4_payload_len":842,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.250.140","src_port":56650,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1578508365189369,"flow_src_last_pkt_time":1578508365818517,"flow_dst_last_pkt_time":1578508365942196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1057,"flow_src_tot_l4_payload_len":449,"flow_dst_tot_l4_payload_len":1760,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00998{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1578508365846680,"flow_src_last_pkt_time":1578508366021276,"flow_dst_last_pkt_time":1578508366076116,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":370,"flow_src_tot_l4_payload_len":626,"flow_dst_tot_l4_payload_len":642,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.228.158.52","src_port":56679,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00991{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":21,"flow_first_seen":1578508365741903,"flow_src_last_pkt_time":1578508365962493,"flow_dst_last_pkt_time":1578508366031637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":547,"flow_dst_max_l4_payload_len":504,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":904,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"94.68.55.162","src_port":56674,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":16,"flow_first_seen":1578508364832618,"flow_src_last_pkt_time":1578508365154217,"flow_dst_last_pkt_time":1578508365305200,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":413,"flow_dst_max_l4_payload_len":405,"flow_src_tot_l4_payload_len":653,"flow_dst_tot_l4_payload_len":469,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.228.29.160","src_port":56635,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00994{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1578508365885366,"flow_src_last_pkt_time":1578508366006501,"flow_dst_last_pkt_time":1578508366042697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":502,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":742,"flow_dst_tot_l4_payload_len":590,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"207.180.206.216","src_port":56681,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":9,"flow_first_seen":1578508365295537,"flow_src_last_pkt_time":1578508365885091,"flow_dst_last_pkt_time":1578508365884827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":435,"flow_dst_max_l4_payload_len":433,"flow_src_tot_l4_payload_len":675,"flow_dst_tot_l4_payload_len":497,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.229.232.19","src_port":56662,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364925232,"flow_src_last_pkt_time":1578508364925232,"flow_dst_last_pkt_time":1578508364954930,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1057,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1482,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.180.246.169","src_port":30303,"dst_port":30301,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364697110,"flow_src_last_pkt_time":1578508364697110,"flow_dst_last_pkt_time":1578508364773700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1136,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"54.36.160.211","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365567882,"flow_src_last_pkt_time":1578508365567882,"flow_dst_last_pkt_time":1578508365567882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"106.12.39.168","src_port":30303,"dst_port":30333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508366073881,"flow_src_last_pkt_time":1578508366119559,"flow_dst_last_pkt_time":1578508366117663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":407,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":407,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"206.189.107.35","src_port":56686,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364522958,"flow_src_last_pkt_time":1578508364631940,"flow_dst_last_pkt_time":1578508364664127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":495,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":735,"flow_dst_tot_l4_payload_len":512,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.158.244.151","src_port":56615,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01082{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365038942,"flow_src_last_pkt_time":1578508365038942,"flow_dst_last_pkt_time":1578508365038942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508365038942,"flow_src_last_pkt_time":1578508365038942,"flow_dst_last_pkt_time":1578508365038942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.230.108.42","src_port":56644,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01092{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":19,"flow_first_seen":1578508364632239,"flow_src_last_pkt_time":1578508364714483,"flow_dst_last_pkt_time":1578508364787048,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":340,"flow_src_tot_l4_payload_len":661,"flow_dst_tot_l4_payload_len":404,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01093{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":20,"flow_first_seen":1578508364682687,"flow_src_last_pkt_time":1578508364832409,"flow_dst_last_pkt_time":1578508364899495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":439,"flow_src_tot_l4_payload_len":719,"flow_dst_tot_l4_payload_len":503,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01092{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1578508364523293,"flow_src_last_pkt_time":1578508364682437,"flow_dst_last_pkt_time":1578508364743147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":473,"flow_dst_max_l4_payload_len":367,"flow_src_tot_l4_payload_len":761,"flow_dst_tot_l4_payload_len":671,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1578508365189114,"flow_src_last_pkt_time":1578508365295262,"flow_dst_last_pkt_time":1578508365331677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":508,"flow_dst_max_l4_payload_len":335,"flow_src_tot_l4_payload_len":796,"flow_dst_tot_l4_payload_len":639,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01202{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364272113,"flow_src_last_pkt_time":1578508364272113,"flow_dst_last_pkt_time":1578508364272113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":24,"flow_first_seen":1578508364522826,"flow_src_last_pkt_time":1578508365153717,"flow_dst_last_pkt_time":1578508365440433,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":574,"flow_dst_max_l4_payload_len":396,"flow_src_tot_l4_payload_len":814,"flow_dst_tot_l4_payload_len":460,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01198{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508362274369,"flow_src_last_pkt_time":1578508363333871,"flow_dst_last_pkt_time":1578508362274369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":299,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01095{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":27,"flow_first_seen":1578508365239758,"flow_src_last_pkt_time":1578508365959875,"flow_dst_last_pkt_time":1578508365961099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":583,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":935,"flow_dst_tot_l4_payload_len":823,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1578508365021490,"flow_src_last_pkt_time":1578508365152992,"flow_dst_last_pkt_time":1578508365192700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":415,"flow_dst_max_l4_payload_len":333,"flow_src_tot_l4_payload_len":655,"flow_dst_tot_l4_payload_len":605,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":23,"flow_first_seen":1578508365029590,"flow_src_last_pkt_time":1578508365169345,"flow_dst_last_pkt_time":1578508365211570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":469,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":558,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1578508365588602,"flow_src_last_pkt_time":1578508365713369,"flow_dst_last_pkt_time":1578508365744961,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":389,"flow_dst_max_l4_payload_len":337,"flow_src_tot_l4_payload_len":629,"flow_dst_tot_l4_payload_len":609,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01202{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364732443,"flow_src_last_pkt_time":1578508365736342,"flow_dst_last_pkt_time":1578508364732443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":299,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01098{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":20,"flow_first_seen":1578508364523418,"flow_src_last_pkt_time":1578508364659019,"flow_dst_last_pkt_time":1578508364723459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":752,"flow_dst_tot_l4_payload_len":466,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01095{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523039,"flow_src_last_pkt_time":1578508365008936,"flow_dst_last_pkt_time":1578508365220768,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":453,"flow_src_tot_l4_payload_len":690,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01093{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":9,"flow_first_seen":1578508365712625,"flow_src_last_pkt_time":1578508366123762,"flow_dst_last_pkt_time":1578508366123331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":567,"flow_dst_max_l4_payload_len":347,"flow_src_tot_l4_payload_len":983,"flow_dst_tot_l4_payload_len":859,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01204{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1578508365919739,"flow_src_last_pkt_time":1578508365919739,"flow_dst_last_pkt_time":1578508365951357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":147,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":147,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01199{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364776411,"flow_src_last_pkt_time":1578508365781990,"flow_dst_last_pkt_time":1578508364776411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":299,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01206{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1578508364382655,"flow_src_last_pkt_time":1578508364422710,"flow_dst_last_pkt_time":1578508364651426,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1057,"flow_src_tot_l4_payload_len":342,"flow_dst_tot_l4_payload_len":2964,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01198{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508363692141,"flow_src_last_pkt_time":1578508363692141,"flow_dst_last_pkt_time":1578508363692141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01205{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1578508365408726,"flow_src_last_pkt_time":1578508365790531,"flow_dst_last_pkt_time":1578508365409833,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":150,"flow_src_tot_l4_payload_len":276,"flow_dst_tot_l4_payload_len":278,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01097{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":37,"flow_first_seen":1578508364523356,"flow_src_last_pkt_time":1578508364665328,"flow_dst_last_pkt_time":1578508364687375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":1170,"flow_dst_tot_l4_payload_len":676,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":6,"flow_first_seen":1578508365194618,"flow_src_last_pkt_time":1578508366069091,"flow_dst_last_pkt_time":1578508366068384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":494,"flow_dst_max_l4_payload_len":368,"flow_src_tot_l4_payload_len":782,"flow_dst_tot_l4_payload_len":544,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01162{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523327,"flow_src_last_pkt_time":1578508365619930,"flow_dst_last_pkt_time":1578508364523327,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":19,"flow_first_seen":1578508364632239,"flow_src_last_pkt_time":1578508364714483,"flow_dst_last_pkt_time":1578508364787048,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":421,"flow_dst_max_l4_payload_len":340,"flow_src_tot_l4_payload_len":661,"flow_dst_tot_l4_payload_len":404,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.60.79","src_port":56629,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00991{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":20,"flow_first_seen":1578508364682687,"flow_src_last_pkt_time":1578508364832409,"flow_dst_last_pkt_time":1578508364899495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":439,"flow_src_tot_l4_payload_len":719,"flow_dst_tot_l4_payload_len":503,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.38.81.180","src_port":56632,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1578508364523293,"flow_src_last_pkt_time":1578508364682437,"flow_dst_last_pkt_time":1578508364743147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":473,"flow_dst_max_l4_payload_len":367,"flow_src_tot_l4_payload_len":761,"flow_dst_tot_l4_payload_len":671,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"89.38.99.34","src_port":56624,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1578508365189114,"flow_src_last_pkt_time":1578508365295262,"flow_dst_last_pkt_time":1578508365331677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":508,"flow_dst_max_l4_payload_len":335,"flow_src_tot_l4_payload_len":796,"flow_dst_tot_l4_payload_len":639,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"85.214.108.52","src_port":56654,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508364272113,"flow_src_last_pkt_time":1578508364272113,"flow_dst_last_pkt_time":1578508364272113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"3.112.138.57","dst_ip":"192.168.1.184","src_port":25516,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":24,"flow_first_seen":1578508364522826,"flow_src_last_pkt_time":1578508365153717,"flow_dst_last_pkt_time":1578508365440433,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":574,"flow_dst_max_l4_payload_len":396,"flow_src_tot_l4_payload_len":814,"flow_dst_tot_l4_payload_len":460,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"165.22.107.33","src_port":56610,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508362274369,"flow_src_last_pkt_time":1578508363333871,"flow_dst_last_pkt_time":1578508362274369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":299,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":27,"flow_first_seen":1578508365239758,"flow_src_last_pkt_time":1578508365959875,"flow_dst_last_pkt_time":1578508365961099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":583,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":935,"flow_dst_tot_l4_payload_len":823,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"157.230.152.87","src_port":56658,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1578508365021490,"flow_src_last_pkt_time":1578508365152992,"flow_dst_last_pkt_time":1578508365192700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":415,"flow_dst_max_l4_payload_len":333,"flow_src_tot_l4_payload_len":655,"flow_dst_tot_l4_payload_len":605,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.10.218","src_port":56642,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":23,"flow_first_seen":1578508365029590,"flow_src_last_pkt_time":1578508365169345,"flow_dst_last_pkt_time":1578508365211570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":469,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":821,"flow_dst_tot_l4_payload_len":558,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.62.29.183","src_port":56643,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1578508365588602,"flow_src_last_pkt_time":1578508365713369,"flow_dst_last_pkt_time":1578508365744961,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":389,"flow_dst_max_l4_payload_len":337,"flow_src_tot_l4_payload_len":629,"flow_dst_tot_l4_payload_len":609,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":56670,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364732443,"flow_src_last_pkt_time":1578508365736342,"flow_dst_last_pkt_time":1578508364732443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":299,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"111.229.0.180","src_port":30303,"dst_port":20182,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00996{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":20,"flow_first_seen":1578508364523418,"flow_src_last_pkt_time":1578508364659019,"flow_dst_last_pkt_time":1578508364723459,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":752,"flow_dst_tot_l4_payload_len":466,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.255.23.113","src_port":56627,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523039,"flow_src_last_pkt_time":1578508365008936,"flow_dst_last_pkt_time":1578508365220768,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":453,"flow_src_tot_l4_payload_len":690,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":56618,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00991{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":9,"flow_first_seen":1578508365712625,"flow_src_last_pkt_time":1578508366123762,"flow_dst_last_pkt_time":1578508366123331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":567,"flow_dst_max_l4_payload_len":347,"flow_src_tot_l4_payload_len":983,"flow_dst_tot_l4_payload_len":859,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"78.47.147.155","src_port":56673,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01117{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1578508365919739,"flow_src_last_pkt_time":1578508365919739,"flow_dst_last_pkt_time":1578508365951357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":147,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":147,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"167.86.122.50","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364776411,"flow_src_last_pkt_time":1578508365781990,"flow_dst_last_pkt_time":1578508364776411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":299,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.97.143.1","src_port":30303,"dst_port":50000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1578508364382655,"flow_src_last_pkt_time":1578508364422710,"flow_dst_last_pkt_time":1578508364651426,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1057,"flow_src_tot_l4_payload_len":342,"flow_dst_tot_l4_payload_len":2964,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.231.165.108","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578508363692141,"flow_src_last_pkt_time":1578508363692141,"flow_dst_last_pkt_time":1578508363692141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":129,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"60.191.32.71","dst_ip":"192.168.1.184","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1578508365408726,"flow_src_last_pkt_time":1578508365790531,"flow_dst_last_pkt_time":1578508365409833,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":129,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":147,"flow_dst_max_l4_payload_len":150,"flow_src_tot_l4_payload_len":276,"flow_dst_tot_l4_payload_len":278,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"183.129.242.164","dst_ip":"192.168.1.184","src_port":1024,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":37,"flow_first_seen":1578508364523356,"flow_src_last_pkt_time":1578508364665328,"flow_dst_last_pkt_time":1578508364687375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":1170,"flow_dst_tot_l4_payload_len":676,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"178.128.195.220","src_port":56626,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":6,"flow_first_seen":1578508365194618,"flow_src_last_pkt_time":1578508366069091,"flow_dst_last_pkt_time":1578508366068384,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":494,"flow_dst_max_l4_payload_len":368,"flow_src_tot_l4_payload_len":782,"flow_dst_tot_l4_payload_len":544,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":56655,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01075{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523327,"flow_src_last_pkt_time":1578508365619930,"flow_dst_last_pkt_time":1578508364523327,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364523327,"flow_src_last_pkt_time":1578508365619930,"flow_dst_last_pkt_time":1578508364523327,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"5.1.83.226","src_port":56625,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01092{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523420,"flow_src_last_pkt_time":1578508364824407,"flow_dst_last_pkt_time":1578508364937177,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":395,"flow_dst_max_l4_payload_len":470,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":534,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Mining","proto_by_ip_id":42,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01099{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1578508364523037,"flow_src_last_pkt_time":1578508365387385,"flow_dst_last_pkt_time":1578508365656960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":395,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":667,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01172{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364922060,"flow_src_last_pkt_time":1578508366029471,"flow_dst_last_pkt_time":1578508364922060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"Mining","proto_id":"42","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523420,"flow_src_last_pkt_time":1578508364824407,"flow_dst_last_pkt_time":1578508364937177,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":395,"flow_dst_max_l4_payload_len":470,"flow_src_tot_l4_payload_len":635,"flow_dst_tot_l4_payload_len":534,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":56628,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"ETHEREUM","proto_by_ip_id":354,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":12,"flow_first_seen":1578508364523037,"flow_src_last_pkt_time":1578508365387385,"flow_dst_last_pkt_time":1578508365656960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":395,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":667,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":56617,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01085{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364922060,"flow_src_last_pkt_time":1578508366029471,"flow_dst_last_pkt_time":1578508364922060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1578508364922060,"flow_src_last_pkt_time":1578508366029471,"flow_dst_last_pkt_time":1578508364922060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.233.197.131","src_port":56637,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01093{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":29,"flow_first_seen":1578508365271977,"flow_src_last_pkt_time":1578508365706352,"flow_dst_last_pkt_time":1578508365838573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":421,"flow_src_tot_l4_payload_len":925,"flow_dst_tot_l4_payload_len":837,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01096{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":23,"flow_first_seen":1578508365279592,"flow_src_last_pkt_time":1578508365853609,"flow_dst_last_pkt_time":1578508366038811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":428,"flow_src_tot_l4_payload_len":824,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01095{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1578508364714836,"flow_src_last_pkt_time":1578508364867557,"flow_dst_last_pkt_time":1578508364919424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":682,"flow_dst_tot_l4_payload_len":486,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01095{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":5,"flow_first_seen":1578508365300081,"flow_src_last_pkt_time":1578508366073587,"flow_dst_last_pkt_time":1578508366073178,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":785,"flow_dst_tot_l4_payload_len":392,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1578508365154075,"flow_src_last_pkt_time":1578508365225822,"flow_dst_last_pkt_time":1578508365257303,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":417,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":657,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01205{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364654361,"flow_src_last_pkt_time":1578508364654361,"flow_dst_last_pkt_time":1578508364729798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1055,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":24,"flow_first_seen":1578508365079165,"flow_src_last_pkt_time":1578508365272490,"flow_dst_last_pkt_time":1578508365297317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":890,"flow_dst_tot_l4_payload_len":844,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1578508365169225,"flow_src_last_pkt_time":1578508365239481,"flow_dst_last_pkt_time":1578508365272465,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":428,"flow_src_tot_l4_payload_len":771,"flow_dst_tot_l4_payload_len":492,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01205{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1578508365461164,"flow_src_last_pkt_time":1578508365461164,"flow_dst_last_pkt_time":1578508365899554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523182,"flow_src_last_pkt_time":1578508365078877,"flow_dst_last_pkt_time":1578508365331579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":771,"flow_dst_tot_l4_payload_len":382,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Mining","proto_by_ip_id":42,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01097{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":22,"flow_first_seen":1578508364523185,"flow_src_last_pkt_time":1578508365096272,"flow_dst_last_pkt_time":1578508365354316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":711,"flow_dst_tot_l4_payload_len":486,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1578508364522823,"flow_src_last_pkt_time":1578508364669552,"flow_dst_last_pkt_time":1578508364841574,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":429,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":429,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01203{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364382390,"flow_src_last_pkt_time":1578508364382390,"flow_dst_last_pkt_time":1578508364519815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1055,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Mining","proto_by_ip_id":42,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364522827,"flow_src_last_pkt_time":1578508364921758,"flow_dst_last_pkt_time":1578508365097446,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":490,"flow_dst_max_l4_payload_len":467,"flow_src_tot_l4_payload_len":730,"flow_dst_tot_l4_payload_len":531,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01210{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364421473,"flow_src_last_pkt_time":1578508364421473,"flow_dst_last_pkt_time":1578508364694327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1136,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01096{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1578508365701530,"flow_src_last_pkt_time":1578508365787932,"flow_dst_last_pkt_time":1578508365828827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":356,"flow_src_tot_l4_payload_len":626,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01096{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523109,"flow_src_last_pkt_time":1578508365009640,"flow_dst_last_pkt_time":1578508365223101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":459,"flow_src_tot_l4_payload_len":752,"flow_dst_tot_l4_payload_len":523,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":5,"flow_first_seen":1578508365094625,"flow_src_last_pkt_time":1578508365839944,"flow_dst_last_pkt_time":1578508365839070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":488,"flow_src_tot_l4_payload_len":698,"flow_dst_tot_l4_payload_len":504,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01097{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":28,"flow_first_seen":1578508364924936,"flow_src_last_pkt_time":1578508365071322,"flow_dst_last_pkt_time":1578508365071971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":415,"flow_dst_max_l4_payload_len":494,"flow_src_tot_l4_payload_len":1151,"flow_dst_tot_l4_payload_len":894,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01099{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":19,"flow_first_seen":1578508364932939,"flow_src_last_pkt_time":1578508365188877,"flow_dst_last_pkt_time":1578508365309934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":490,"flow_src_tot_l4_payload_len":761,"flow_dst_tot_l4_payload_len":554,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1578508364659294,"flow_src_last_pkt_time":1578508364932664,"flow_dst_last_pkt_time":1578508365043688,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":431,"flow_dst_max_l4_payload_len":423,"flow_src_tot_l4_payload_len":671,"flow_dst_tot_l4_payload_len":487,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523145,"flow_src_last_pkt_time":1578508365197191,"flow_dst_last_pkt_time":1578508365511326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":525,"flow_dst_max_l4_payload_len":451,"flow_src_tot_l4_payload_len":765,"flow_dst_tot_l4_payload_len":515,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365828265,"flow_src_last_pkt_time":1578508366083506,"flow_dst_last_pkt_time":1578508366081823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":404,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01205{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364382946,"flow_src_last_pkt_time":1578508364382946,"flow_dst_last_pkt_time":1578508364650052,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1057,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1482,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Mining","proto_by_ip_id":42,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01100{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1578508365751805,"flow_src_last_pkt_time":1578508365829654,"flow_dst_last_pkt_time":1578508365853704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":354,"flow_src_tot_l4_payload_len":770,"flow_dst_tot_l4_payload_len":626,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01092{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":7,"flow_first_seen":1578508366005550,"flow_src_last_pkt_time":1578508366135917,"flow_dst_last_pkt_time":1578508366135790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":561,"flow_dst_max_l4_payload_len":366,"flow_src_tot_l4_payload_len":801,"flow_dst_tot_l4_payload_len":638,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01202{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1578508364422230,"flow_src_last_pkt_time":1578508365065549,"flow_dst_last_pkt_time":1578508364563748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":299,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":20,"flow_first_seen":1578508365592330,"flow_src_last_pkt_time":1578508365742368,"flow_dst_last_pkt_time":1578508365773616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":364,"flow_src_tot_l4_payload_len":956,"flow_dst_tot_l4_payload_len":876,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":3,"flow_first_seen":1578508366020357,"flow_src_last_pkt_time":1578508366101308,"flow_dst_last_pkt_time":1578508366100413,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":580,"flow_dst_max_l4_payload_len":397,"flow_src_tot_l4_payload_len":756,"flow_dst_tot_l4_payload_len":397,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01095{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1578508364522913,"flow_src_last_pkt_time":1578508364925728,"flow_dst_last_pkt_time":1578508365036380,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":458,"flow_dst_max_l4_payload_len":335,"flow_src_tot_l4_payload_len":698,"flow_dst_tot_l4_payload_len":543,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01095{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1578508365009842,"flow_src_last_pkt_time":1578508365099452,"flow_dst_last_pkt_time":1578508365126662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":780,"flow_dst_tot_l4_payload_len":532,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01094{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":23,"flow_first_seen":1578508364824682,"flow_src_last_pkt_time":1578508365044863,"flow_dst_last_pkt_time":1578508365152350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":571,"flow_dst_max_l4_payload_len":513,"flow_src_tot_l4_payload_len":811,"flow_dst_tot_l4_payload_len":577,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-payload-len":86968,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":74,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":573,"global_ts_usec":1578508366135917} +00991{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":29,"flow_first_seen":1578508365271977,"flow_src_last_pkt_time":1578508365706352,"flow_dst_last_pkt_time":1578508365838573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":421,"flow_src_tot_l4_payload_len":925,"flow_dst_tot_l4_payload_len":837,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.161.23.12","src_port":56660,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00994{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":23,"flow_first_seen":1578508365279592,"flow_src_last_pkt_time":1578508365853609,"flow_dst_last_pkt_time":1578508366038811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":472,"flow_dst_max_l4_payload_len":428,"flow_src_tot_l4_payload_len":824,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.9.128.68","src_port":56661,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1578508364714836,"flow_src_last_pkt_time":1578508364867557,"flow_dst_last_pkt_time":1578508364919424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":682,"flow_dst_tot_l4_payload_len":486,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"82.145.220.249","src_port":56633,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":5,"flow_first_seen":1578508365300081,"flow_src_last_pkt_time":1578508366073587,"flow_dst_last_pkt_time":1578508366073178,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":785,"flow_dst_tot_l4_payload_len":392,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"124.217.235.180","src_port":56663,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1578508365154075,"flow_src_last_pkt_time":1578508365225822,"flow_dst_last_pkt_time":1578508365257303,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":417,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":657,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"138.201.12.87","src_port":56651,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364654361,"flow_src_last_pkt_time":1578508364654361,"flow_dst_last_pkt_time":1578508364729798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1055,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"128.0.51.140","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":24,"flow_first_seen":1578508365079165,"flow_src_last_pkt_time":1578508365272490,"flow_dst_last_pkt_time":1578508365297317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":890,"flow_dst_tot_l4_payload_len":844,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"172.105.94.62","src_port":56646,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1578508365169225,"flow_src_last_pkt_time":1578508365239481,"flow_dst_last_pkt_time":1578508365272465,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":428,"flow_src_tot_l4_payload_len":771,"flow_dst_tot_l4_payload_len":492,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"176.9.136.209","src_port":56652,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1578508365461164,"flow_src_last_pkt_time":1578508365461164,"flow_dst_last_pkt_time":1578508365899554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"202.112.28.106","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523182,"flow_src_last_pkt_time":1578508365078877,"flow_dst_last_pkt_time":1578508365331579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":318,"flow_src_tot_l4_payload_len":771,"flow_dst_tot_l4_payload_len":382,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":56622,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"ETHEREUM","proto_by_ip_id":354,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":22,"flow_first_seen":1578508364523185,"flow_src_last_pkt_time":1578508365096272,"flow_dst_last_pkt_time":1578508365354316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":471,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":711,"flow_dst_tot_l4_payload_len":486,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.81.28","src_port":56623,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00985{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1578508364522823,"flow_src_last_pkt_time":1578508364669552,"flow_dst_last_pkt_time":1578508364841574,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":429,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":429,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":56612,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364382390,"flow_src_last_pkt_time":1578508364382390,"flow_dst_last_pkt_time":1578508364519815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1055,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"3.209.45.79","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"ETHEREUM","proto_by_ip_id":354,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364522827,"flow_src_last_pkt_time":1578508364921758,"flow_dst_last_pkt_time":1578508365097446,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":490,"flow_dst_max_l4_payload_len":467,"flow_src_tot_l4_payload_len":730,"flow_dst_tot_l4_payload_len":531,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"104.42.217.25","src_port":56611,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364421473,"flow_src_last_pkt_time":1578508364421473,"flow_dst_last_pkt_time":1578508364694327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1136,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1480,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"34.97.172.22","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00994{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1578508365701530,"flow_src_last_pkt_time":1578508365787932,"flow_dst_last_pkt_time":1578508365828827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":356,"flow_src_tot_l4_payload_len":626,"flow_dst_tot_l4_payload_len":420,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"139.162.255.210","src_port":56672,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00994{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523109,"flow_src_last_pkt_time":1578508365009640,"flow_dst_last_pkt_time":1578508365223101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":512,"flow_dst_max_l4_payload_len":459,"flow_src_tot_l4_payload_len":752,"flow_dst_tot_l4_payload_len":523,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"191.234.162.198","src_port":56620,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":5,"flow_first_seen":1578508365094625,"flow_src_last_pkt_time":1578508365839944,"flow_dst_last_pkt_time":1578508365839070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":488,"flow_src_tot_l4_payload_len":698,"flow_dst_tot_l4_payload_len":504,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"182.162.161.61","src_port":56647,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":28,"flow_first_seen":1578508364924936,"flow_src_last_pkt_time":1578508365071322,"flow_dst_last_pkt_time":1578508365071971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":415,"flow_dst_max_l4_payload_len":494,"flow_src_tot_l4_payload_len":1151,"flow_dst_tot_l4_payload_len":894,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"209.250.240.205","src_port":56638,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":19,"flow_first_seen":1578508364932939,"flow_src_last_pkt_time":1578508365188877,"flow_dst_last_pkt_time":1578508365309934,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":521,"flow_dst_max_l4_payload_len":490,"flow_src_tot_l4_payload_len":761,"flow_dst_tot_l4_payload_len":554,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.219.167.159","src_port":56639,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1578508364659294,"flow_src_last_pkt_time":1578508364932664,"flow_dst_last_pkt_time":1578508365043688,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":431,"flow_dst_max_l4_payload_len":423,"flow_src_tot_l4_payload_len":671,"flow_dst_tot_l4_payload_len":487,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"40.67.144.128","src_port":56630,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1578508364523145,"flow_src_last_pkt_time":1578508365197191,"flow_dst_last_pkt_time":1578508365511326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":525,"flow_dst_max_l4_payload_len":451,"flow_src_tot_l4_payload_len":765,"flow_dst_tot_l4_payload_len":515,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"52.187.207.27","src_port":56621,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578508365828265,"flow_src_last_pkt_time":1578508366083506,"flow_dst_last_pkt_time":1578508366081823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":404,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":404,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"13.251.14.199","src_port":56678,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1578508364382946,"flow_src_last_pkt_time":1578508364382946,"flow_dst_last_pkt_time":1578508364650052,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":171,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":1057,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1482,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"18.138.108.67","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"ETHEREUM","proto_by_ip_id":354,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00998{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":13,"flow_first_seen":1578508365751805,"flow_src_last_pkt_time":1578508365829654,"flow_dst_last_pkt_time":1578508365853704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":354,"flow_src_tot_l4_payload_len":770,"flow_dst_tot_l4_payload_len":626,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"35.235.37.216","src_port":56675,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":7,"flow_first_seen":1578508366005550,"flow_src_last_pkt_time":1578508366135917,"flow_dst_last_pkt_time":1578508366135790,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":561,"flow_dst_max_l4_payload_len":366,"flow_src_tot_l4_payload_len":801,"flow_dst_tot_l4_payload_len":638,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"51.83.237.44","src_port":56684,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1578508364422230,"flow_src_last_pkt_time":1578508365065549,"flow_dst_last_pkt_time":1578508364563748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":299,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"66.42.82.246","src_port":30303,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":20,"flow_first_seen":1578508365592330,"flow_src_last_pkt_time":1578508365742368,"flow_dst_last_pkt_time":1578508365773616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":364,"flow_src_tot_l4_payload_len":956,"flow_dst_tot_l4_payload_len":876,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"86.107.243.62","src_port":56671,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":3,"flow_first_seen":1578508366020357,"flow_src_last_pkt_time":1578508366101308,"flow_dst_last_pkt_time":1578508366100413,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":580,"flow_dst_max_l4_payload_len":397,"flow_src_tot_l4_payload_len":756,"flow_dst_tot_l4_payload_len":397,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"88.99.93.219","src_port":56685,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1578508364522913,"flow_src_last_pkt_time":1578508364925728,"flow_dst_last_pkt_time":1578508365036380,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":458,"flow_dst_max_l4_payload_len":335,"flow_src_tot_l4_payload_len":698,"flow_dst_tot_l4_payload_len":543,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00993{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":14,"flow_first_seen":1578508365009842,"flow_src_last_pkt_time":1578508365099452,"flow_dst_last_pkt_time":1578508365126662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":780,"flow_dst_tot_l4_payload_len":532,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":23,"flow_first_seen":1578508364824682,"flow_src_last_pkt_time":1578508365044863,"flow_dst_last_pkt_time":1578508365152350,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":571,"flow_dst_max_l4_payload_len":513,"flow_src_tot_l4_payload_len":811,"flow_dst_tot_l4_payload_len":577,"midstream":0,"thread_ts_usec":1578508366135917,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ETHEREUM","proto_id":"354","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":106,"category":"Crypto_Currency"}} +00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/ethereum.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-payload-len":86968,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":74,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":573,"global_ts_usec":1578508366135917} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2000/2000 ~~ skipped flows.............: 0 @@ -579,10 +579,10 @@ ~~ total active/idle flows...: 74/74 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7981613 bytes -~~ total memory freed........: 7981613 bytes -~~ total allocations/frees...: 149176/149176 +~~ total memory allocated....: 11689064 bytes +~~ total memory freed........: 11689064 bytes +~~ total allocations/frees...: 219430/219430 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 535 chars -~~ json string max len.......: 2259 chars -~~ json string avg len.......: 1397 chars +~~ json string max len.......: 2157 chars +~~ json string avg len.......: 1346 chars diff --git a/test/results/default/ethernetIP.pcap.out b/test/results/default/ethernetIP.pcap.out index 8cc2d6b3a..c823d8aae 100644 --- a/test/results/default/ethernetIP.pcap.out +++ b/test/results/default/ethernetIP.pcap.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1352718180263865} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1352718180263865} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180263865,"flow_src_last_pkt_time":1352718180263865,"flow_dst_last_pkt_time":1352718180263865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1352718180263865,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1352718180263865,"flow_dst_last_pkt_time":1352718180263865,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":1352718180263865,"pkt":"AAC80WDaeOfR4AJeCABFAAB6cCZAAIAGAACNUQAKjVEAU8RjrxLdiI2HlJVDUVAY+XQbbAAAcAA6AAABAhAAAAAAGjkvAAAAAAAAAAAAAAAAAAoAAgChAAQACRM1ALEAJgDkagoCIAIkAQIABgASAEwCIHIkAADOBAABAEwCIHIkACw9BAABAA=="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180263865,"flow_src_last_pkt_time":1352718180263865,"flow_dst_last_pkt_time":1352718180263865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1352718180263865,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -32,7 +32,7 @@ 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1352718180397556,"flow_src_last_pkt_time":1352718181046133,"flow_dst_last_pkt_time":1352718181017708,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":352,"flow_src_tot_l4_payload_len":1538,"flow_dst_tot_l4_payload_len":860,"midstream":1,"thread_ts_usec":1352718181050397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1352718180265384,"flow_src_last_pkt_time":1352718181047922,"flow_dst_last_pkt_time":1352718181046461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":352,"flow_dst_max_l4_payload_len":474,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":1864,"midstream":1,"thread_ts_usec":1352718181050397,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":12,"flow_first_seen":1352718180390103,"flow_src_last_pkt_time":1352718181046315,"flow_dst_last_pkt_time":1352718181050397,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":352,"flow_src_tot_l4_payload_len":1492,"flow_dst_tot_l4_payload_len":1106,"midstream":1,"thread_ts_usec":1352718181050397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":11876,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1352718181050397} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":11876,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1352718181050397} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7776097 bytes -~~ total memory freed........: 7776097 bytes -~~ total allocations/frees...: 146504/146504 +~~ total memory allocated....: 11484668 bytes +~~ total memory freed........: 11484668 bytes +~~ total allocations/frees...: 216758/216758 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 533 chars ~~ json string max len.......: 2151 chars diff --git a/test/results/default/exe_download.pcap.out b/test/results/default/exe_download.pcap.out index 332d62280..800cfba90 100644 --- a/test/results/default/exe_download.pcap.out +++ b/test/results/default/exe_download.pcap.out @@ -1,5 +1,5 @@ -00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569434051004796} +00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569434051004796} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569434051004796,"flow_src_last_pkt_time":1569434051004796,"flow_dst_last_pkt_time":1569434051004796,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569434051004796,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569434051004796,"flow_dst_last_pkt_time":1569434051004796,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569434051004796,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0AI9AAIAGAKkKCRllkFtFw8ANAFC+hvgeAAAAAIACIADegAAAAgQFtAEDAwgBAQQC"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1569434051004796,"flow_dst_last_pkt_time":1569434051324116,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1569434051324116,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsBbAAAIAGO5CQW0XDCgkZZQBQwA0+79i4vob4H2AS+vAU7QAAAgQFtA=="} @@ -10,7 +10,7 @@ 01581{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569434051004796,"flow_src_last_pkt_time":1569434051324979,"flow_dst_last_pkt_time":1569434051623372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1569434051623372,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"144.91.69.195","http": {"url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}} 02649{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1569434051004796,"flow_src_last_pkt_time":1569434051966172,"flow_dst_last_pkt_time":1569434051966041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":25896,"midstream":0,"thread_ts_usec":1569434051966172,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":62020.0,"max":319527,"stddev":115050.4,"var":13236601856.0,"ent":3.0,"data": [319320,319527,656,1120,298136,10,298579,1555,147,1842,2428,2695,9,4969,246,28639,114,28917,100748,305805,34,11,94,205204,207,207,651,10,7,7,727]},"pktlen": {"min":40,"avg":854.5,"max":1500,"stddev":668.4,"var":446708.3,"ent":4.4,"data": [52,44,40,193,40,1500,1308,40,1404,1404,40,1404,1500,1288,40,1404,1404,1404,40,40,1500,1500,1212,1404,40,1404,40,1500,1500,1500,1116,40]},"bins": {"c_to_s": [10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,2,0,0,8,0,0,7,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,1,1,1,0,1,1,1,0,0,1,1,1,1,0,1,0,1,1,1,1,0],"entropies": [4.385625362,4.876442909,4.621928215,5.761415958,4.730640888,3.668365002,0.301540941,4.621928692,0.282004327,4.382377148,4.571928501,5.688343048,5.482964993,5.437496185,4.521928310,5.899663925,5.776542664,5.685672760,4.571928501,4.571928501,5.409879208,5.378962994,5.436534882,5.744604588,4.571928978,5.603744507,4.521928787,5.738482952,5.793150902,5.592350006,5.696241856,4.571928978]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01449{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":203,"flow_dst_packets_processed":500,"flow_first_seen":1569434051004796,"flow_src_last_pkt_time":1569434056186340,"flow_dst_last_pkt_time":1569434056096541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":679332,"midstream":0,"thread_ts_usec":1569434056186340,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":703,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":703,"packets-processed":703,"total-skipped-flows":0,"total-l4-payload-len":679485,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1569434056186340} +00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":703,"source":"cfgs\/default\/pcap\/exe_download.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":703,"packets-processed":703,"total-skipped-flows":0,"total-l4-payload-len":679485,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1569434056186340} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 703/703 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7787366 bytes -~~ total memory freed........: 7787366 bytes -~~ total allocations/frees...: 147083/147083 +~~ total memory allocated....: 11495985 bytes +~~ total memory freed........: 11495985 bytes +~~ total allocations/frees...: 217337/217337 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 534 chars ~~ json string max len.......: 2654 chars diff --git a/test/results/default/exe_download_as_png.pcap.out b/test/results/default/exe_download_as_png.pcap.out index 004c726d9..6a28387e3 100644 --- a/test/results/default/exe_download_as_png.pcap.out +++ b/test/results/default/exe_download_as_png.pcap.out @@ -1,5 +1,5 @@ -00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569434903040298} +00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569434903040298} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569434903040298,"flow_src_last_pkt_time":1569434903040298,"flow_dst_last_pkt_time":1569434903040298,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569434903040298,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569434903040298,"flow_dst_last_pkt_time":1569434903040298,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569434903040298,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0Bk9AAIAGv+sKCRlluWJXucAtAFB7PMGWAAAAAIACIAAdNgAAAgQFtAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1569434903040298,"flow_dst_last_pkt_time":1569434903440451,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1569434903440451,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsESIAAIAG9SC5Yle5CgkZZQBQwC0vLgrVezzBl2AS+vAxRwAAAgQFtA=="} @@ -10,7 +10,7 @@ 01450{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569434903040298,"flow_src_last_pkt_time":1569434903441012,"flow_dst_last_pkt_time":1569434904053845,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1569434904053845,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"185.98.87.185","http": {"url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}}} 02549{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":21,"flow_first_seen":1569434903040298,"flow_src_last_pkt_time":1569434904481632,"flow_dst_last_pkt_time":1569434904508320,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":25916,"midstream":0,"thread_ts_usec":1569434904508320,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":93850.2,"max":613012,"stddev":192589.9,"var":37090865152.0,"ent":2.7,"data": [400153,400486,228,717,612677,12,613012,424,482,834,426,507,936,1134,423,1552,361,732,1082,417726,1390,103,419479,654,405,941,2596,154,2784,26602,344]},"pktlen": {"min":40,"avg":855.0,"max":1500,"stddev":664.6,"var":441668.3,"ent":4.4,"data": [52,44,40,189,40,1500,1308,40,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404]},"bins": {"c_to_s": [10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,17,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,1,0,1,1,0,1,1,0,1,1],"entropies": [4.593450069,4.921897411,4.734183788,5.453228951,4.630641460,3.420540333,0.300011843,4.784183979,0.284853339,4.608477116,4.784183979,4.479417324,3.353007078,4.684184074,3.253508806,3.476947546,4.734183788,4.057516575,5.282192707,4.734183788,5.523138046,4.632616997,4.955163479,4.715311527,4.361701965,2.729017735,4.734184265,6.268059254,4.366500378,4.734183788,4.014078617,2.777677774]},"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01342{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":163,"flow_dst_packets_processed":371,"flow_first_seen":1569434903040298,"flow_src_last_pkt_time":1569434972556095,"flow_dst_last_pkt_time":1569434912545467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":299,"flow_dst_tot_l4_payload_len":500298,"midstream":0,"thread_ts_usec":1569434972556095,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":534,"packets-processed":534,"total-skipped-flows":0,"total-l4-payload-len":500597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1569434972556095} +00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/exe_download_as_png.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":534,"packets-processed":534,"total-skipped-flows":0,"total-l4-payload-len":500597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1569434972556095} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 534/534 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7782379 bytes -~~ total memory freed........: 7782379 bytes -~~ total allocations/frees...: 146912/146912 +~~ total memory allocated....: 11490998 bytes +~~ total memory freed........: 11490998 bytes +~~ total allocations/frees...: 217166/217166 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 541 chars ~~ json string max len.......: 2554 chars diff --git a/test/results/default/facebook.pcap.out b/test/results/default/facebook.pcap.out index 1216a7430..ae21985fa 100644 --- a/test/results/default/facebook.pcap.out +++ b/test/results/default/facebook.pcap.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1472393122365661} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1472393122365661} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393122365661,"flow_dst_last_pkt_time":1472393122365661,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1472393122365661,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1472393122365661,"flow_dst_last_pkt_time":1472393122365661,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1472393122365661,"pkt":"mAyC0zx8MFLLbJwbCABFAAA84M9AAEAGjxHAqCsSQtycRMtiAbv14btyAAAAAKACchDLCQAAAgQFtAQCCAoAS1u9AAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1472393122365661,"flow_dst_last_pkt_time":1472393122668038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1472393122668038,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAE0GYuFC3JxEwKgrEgG7y2LsHfNy9eG7c6ASNpzIhwAAAgQFeAQCCAq7uwhkAEtbvQEDAwg="} @@ -20,7 +20,7 @@ 02195{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1472393123550766,"flow_src_last_pkt_time":1472393124118414,"flow_dst_last_pkt_time":1472393124118402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":992,"flow_dst_tot_l4_payload_len":15090,"midstream":0,"thread_ts_usec":1472393124118414,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":193,"avg":36622.1,"max":154982,"stddev":57898.8,"var":3352273664.0,"ent":3.3,"data": [132117,132136,193,154701,485,154982,244,3282,129361,125921,442,418,797,119231,4520,123730,627,605,1230,4940,621,5568,8878,7797,16680,916,530,1441,790,657,1444]},"pktlen": {"min":52,"avg":555.1,"max":1440,"stddev":613.3,"var":376153.1,"ent":4.1,"data": [60,60,52,569,52,198,52,103,438,133,90,90,94,52,1440,431,52,1440,576,52,1440,1440,52,1440,1440,52,1440,1440,52,1440,1440,52]},"bins": {"c_to_s": [10,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,1,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0],"entropies": [4.760014057,5.194312096,5.053297043,6.165235996,5.091758251,6.462422371,5.053297043,5.523866653,7.463335991,6.461145878,5.587870598,5.919519901,5.958845615,5.014835358,7.843218803,7.552490711,5.025067806,7.863905430,7.631061554,5.025067329,7.860723495,7.881686687,5.063529015,7.870133877,7.854965687,5.063529015,7.867281437,7.861505032,5.025067329,7.849763870,7.860621929,5.025067329]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393123408152,"flow_dst_last_pkt_time":1472393123665163,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":743,"flow_dst_tot_l4_payload_len":3732,"midstream":0,"thread_ts_usec":1472393124229315,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":22,"flow_first_seen":1472393123550766,"flow_src_last_pkt_time":1472393124218612,"flow_dst_last_pkt_time":1472393124229315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1402,"flow_dst_tot_l4_payload_len":20642,"midstream":0,"thread_ts_usec":1472393124229315,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":26519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1472393124229315} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":26519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1472393124229315} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7786064 bytes -~~ total memory freed........: 7786064 bytes -~~ total allocations/frees...: 146467/146467 +~~ total memory allocated....: 11494667 bytes +~~ total memory freed........: 11494667 bytes +~~ total allocations/frees...: 216721/216721 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 546 chars ~~ json string max len.......: 2200 chars diff --git a/test/results/default/fastcgi.pcap.out b/test/results/default/fastcgi.pcap.out index 6b2f21e39..e910f28d1 100644 --- a/test/results/default/fastcgi.pcap.out +++ b/test/results/default/fastcgi.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1280403893598699} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1280403893598699} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1280403893598699,"flow_src_last_pkt_time":1280403893598699,"flow_dst_last_pkt_time":1280403893598699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1280403893598699,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.11","src_port":38254,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1280403893598699,"flow_dst_last_pkt_time":1280403893598699,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1280403893598699,"pkt":"ABzEfBq8AAvNgo+GCABFAAA8aJRAAEAGvhQKAAAJCgAAC5VuIyi+0TJPAAAAAKACFtD1nwAAAgQFtAQCCAoi61rbAAAAAAEDAwY="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1280403893598699,"flow_dst_last_pkt_time":1280403893598868,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1280403893598868,"pkt":"AAvNgo+GABzEfBq8CABFAAA8AABAAEAGJqkKAAALCgAACSMolW5v2bTavtEyUKASFqBTYwAAAgQFtAQCCAoN02\/TIuta2wEDAwc="} @@ -9,7 +9,7 @@ 00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1280403893598699,"flow_src_last_pkt_time":1280403893599034,"flow_dst_last_pkt_time":1280403893598868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1055,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1071,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1280403893599034,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.11","src_port":38254,"dst_port":9000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FastCGI","proto_id":"310","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 02122{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1280403893598699,"flow_src_last_pkt_time":1280403895619664,"flow_dst_last_pkt_time":1280403895619673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1055,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1095,"flow_dst_tot_l4_payload_len":14480,"midstream":0,"thread_ts_usec":1280403895619673,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.11","src_port":38254,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":130385.1,"max":2020143,"stddev":496240.3,"var":246254469120.0,"ent":1.0,"data": [169,226,42,67,15,217,77,12,83,12,48,16,2019881,2020143,186,63,52,55,94,90,42,33,32,28,26,27,50,53,34,34,32]},"pktlen": {"min":52,"avg":539.2,"max":1500,"stddev":672.8,"var":452637.9,"ent":3.9,"data": [60,60,52,68,1107,60,52,60,60,52,52,52,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,0,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.423614979,4.926749229,4.700937271,4.233195782,6.033331394,4.550921917,4.686420441,4.550921917,4.550921917,4.686420441,4.624014378,4.686420441,4.724881649,7.641661644,4.854783535,7.763941288,4.854784012,7.761142254,4.777860165,7.844599247,4.891996861,7.826266289,4.815073490,7.841456413,4.815073490,7.847429752,4.815073490,7.852382183,4.891996861,7.847055912,4.815073490,7.805794239]},"ndpi": {"confidence": {"6":"DPI"},"proto":"FastCGI","proto_id":"310","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":54,"flow_first_seen":1280403893598699,"flow_src_last_pkt_time":1280403897015424,"flow_dst_last_pkt_time":1280403897015595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1055,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1095,"flow_dst_tot_l4_payload_len":64400,"midstream":0,"thread_ts_usec":1280403897015595,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.11","src_port":38254,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FastCGI","proto_id":"310","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":102,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":65495,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1280403897015595} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/fastcgi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":102,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":65495,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1280403897015595} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 102/102 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7771798 bytes -~~ total memory freed........: 7771798 bytes -~~ total allocations/frees...: 146476/146476 +~~ total memory allocated....: 11480417 bytes +~~ total memory freed........: 11480417 bytes +~~ total allocations/frees...: 216730/216730 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 546 chars ~~ json string max len.......: 2127 chars diff --git a/test/results/default/firefox.pcap.out b/test/results/default/firefox.pcap.out index 0a47ffa65..848a3074d 100644 --- a/test/results/default/firefox.pcap.out +++ b/test/results/default/firefox.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1620927997754367} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1620927997754367} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620927997754367,"flow_src_last_pkt_time":1620927997754367,"flow_dst_last_pkt_time":1620927997754367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620927997754367,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1620927997754367,"flow_dst_last_pkt_time":1620927997754367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620927997754367,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl5AbuZmizAAAAAALAC\/\/9OVwAAAgQFtAEDAwUBAQgKNAyUbQAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1620927997754367,"flow_dst_last_pkt_time":1620927997781073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620927997781073,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yXkJiZGFmZoswaAS\/oiCawAAAgQFrAQCCAo8IAcuNAyUbQEDAwc="} @@ -54,7 +54,7 @@ 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1620927999109976,"flow_src_last_pkt_time":1620927999224233,"flow_dst_last_pkt_time":1620927999224319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1130,"flow_dst_tot_l4_payload_len":9203,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1620927999111334,"flow_src_last_pkt_time":1620927999213956,"flow_dst_last_pkt_time":1620927999214178,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1130,"flow_dst_tot_l4_payload_len":12083,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1620927999112216,"flow_src_last_pkt_time":1620927999228482,"flow_dst_last_pkt_time":1620927999227832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1509,"flow_dst_tot_l4_payload_len":9549,"midstream":0,"thread_ts_usec":1620927999228482,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":129,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":51599,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1620927999228482} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/firefox.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":129,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":51599,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1620927999228482} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 129/129 ~~ skipped flows.............: 0 @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7923516 bytes -~~ total memory freed........: 7923516 bytes -~~ total allocations/frees...: 146599/146599 +~~ total memory allocated....: 11632055 bytes +~~ total memory freed........: 11632055 bytes +~~ total allocations/frees...: 216853/216853 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 545 chars ~~ json string max len.......: 1471 chars diff --git a/test/results/default/fix.pcap.out b/test/results/default/fix.pcap.out index f83b5b06d..58c5346c1 100644 --- a/test/results/default/fix.pcap.out +++ b/test/results/default/fix.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1493755109242949} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1493755109242949} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109242949,"flow_src_last_pkt_time":1493755109242949,"flow_dst_last_pkt_time":1493755109242949,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1493755109242949,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1493755109242949,"flow_dst_last_pkt_time":1493755109242949,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_usec":1493755109242949,"pkt":"THK5MeMlACJNe\/gxCABFAACKT3MAAPUGlw4IERYfwKgAFA+gqko3bYCMRQ1qAYAY\/\/+s3wAAAQEICsq+JozkIvOrOD1PATk9MDA3NQEzNT1HAQIgAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAADiEMQENwo99tuUEAAAABAAAMAwxAYm64YJmdywAAAAE="} 01034{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1493755109242949,"flow_src_last_pkt_time":1493755109242949,"flow_dst_last_pkt_time":1493755109242949,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":86,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":86,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1493755109242949,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} @@ -101,7 +101,7 @@ 01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1493755111956116,"flow_src_last_pkt_time":1493755132007515,"flow_dst_last_pkt_time":1493755131957560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":117,"flow_dst_tot_l4_payload_len":255,"midstream":1,"thread_ts_usec":1493755132120045,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} 01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1493755110320014,"flow_src_last_pkt_time":1493755130314066,"flow_dst_last_pkt_time":1493755130355530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":475,"flow_dst_tot_l4_payload_len":172,"midstream":1,"thread_ts_usec":1493755132120045,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} 01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1493755113353296,"flow_src_last_pkt_time":1493755123449395,"flow_dst_last_pkt_time":1493755123354617,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":269,"midstream":1,"thread_ts_usec":1493755132120045,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} -00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1261,"packets-processed":1261,"total-skipped-flows":0,"total-l4-payload-len":37586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":104,"global_ts_usec":1493755132120045} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/fix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1261,"packets-processed":1261,"total-skipped-flows":0,"total-l4-payload-len":37586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":104,"global_ts_usec":1493755132120045} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1261/1261 ~~ skipped flows.............: 0 @@ -110,9 +110,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7851526 bytes -~~ total memory freed........: 7851526 bytes -~~ total allocations/frees...: 147765/147765 +~~ total memory allocated....: 11559969 bytes +~~ total memory freed........: 11559969 bytes +~~ total allocations/frees...: 218019/218019 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 527 chars ~~ json string max len.......: 2339 chars diff --git a/test/results/default/fix2.pcap.out b/test/results/default/fix2.pcap.out index de85abe91..683ecabdd 100644 --- a/test/results/default/fix2.pcap.out +++ b/test/results/default/fix2.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614758889587624} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614758889587624} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614758889588862,"flow_src_last_pkt_time":1614758889588862,"flow_dst_last_pkt_time":1614758889588862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614758889588862,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614758889588862,"flow_dst_last_pkt_time":1614758889588862,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614758889588862,"pkt":"5kBKB+riApXG95NLCABFAAAweTwAAIAGAAAKZQACCmYAAoiSBAAt1D8pAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614758889589020,"flow_src_last_pkt_time":1614758889589020,"flow_dst_last_pkt_time":1614758889589020,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614758889589020,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -18,7 +18,7 @@ 02059{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1614758889589020,"flow_src_last_pkt_time":1614758889590049,"flow_dst_last_pkt_time":1614758889590048,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":762,"flow_dst_tot_l4_payload_len":801,"midstream":0,"thread_ts_usec":1614758889590049,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":66.4,"max":570,"stddev":137.8,"var":18986.0,"ent":3.3,"data": [568,570,2,146,145,106,1,105,2,16,6,26,48,7,14,19,2,2,18,19,48,49,27,0,12,37,4,6,27,0,25]},"pktlen": {"min":46,"avg":92.0,"max":160,"stddev":46.1,"var":2122.5,"ent":4.8,"data": [48,48,46,125,133,130,138,48,46,130,46,46,138,132,46,133,46,138,46,160,143,133,146,46,46,46,146,148,130,46,46,46]},"bins": {"c_to_s": [6,0,5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,1,0,0,1,1,1,0,1,1,0,1,0,1,0,1,0,1,1,1,0,1,0,1,1,0],"entropies": [3.944233894,4.517892838,3.795586348,5.115859032,5.169412613,5.333189964,5.351288795,4.517892838,3.795586109,5.341800690,4.032184601,4.032184124,5.369617462,5.205471516,4.075662613,5.190125942,3.839064360,5.365781307,3.839064360,5.331775665,5.255437374,5.190015793,5.411532879,4.075662613,4.075662613,4.075662613,5.397834301,5.453368664,5.342391014,4.075662136,4.075662613,3.839064121]},"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} 00963{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":683,"flow_dst_packets_processed":1304,"flow_first_seen":1614758889588862,"flow_src_last_pkt_time":1614758889595345,"flow_dst_last_pkt_time":1614758889595344,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":13395,"flow_dst_tot_l4_payload_len":26148,"midstream":0,"thread_ts_usec":1614758889595345,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":34962,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} 00962{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3049,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":411,"flow_dst_packets_processed":648,"flow_first_seen":1614758889589020,"flow_src_last_pkt_time":1614758889595307,"flow_dst_last_pkt_time":1614758889595305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":120,"flow_src_tot_l4_payload_len":10864,"flow_dst_tot_l4_payload_len":17549,"midstream":0,"thread_ts_usec":1614758889595345,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.9","src_port":34963,"dst_port":1024,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FIX","proto_id":"230","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":16,"category":"RPC"}} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3049,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":3049,"packets-processed":3046,"total-skipped-flows":0,"total-l4-payload-len":67956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1614758889595345} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3049,"source":"cfgs\/default\/pcap\/fix2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3049,"packets-processed":3046,"total-skipped-flows":0,"total-l4-payload-len":67956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1614758889595345} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3049/3046 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7861331 bytes -~~ total memory freed........: 7861331 bytes -~~ total allocations/frees...: 149430/149430 +~~ total memory allocated....: 11569934 bytes +~~ total memory freed........: 11569934 bytes +~~ total allocations/frees...: 219684/219684 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 535 chars ~~ json string max len.......: 2064 chars diff --git a/test/results/default/forticlient.pcap.out b/test/results/default/forticlient.pcap.out index 26c507c40..a72720d50 100644 --- a/test/results/default/forticlient.pcap.out +++ b/test/results/default/forticlient.pcap.out @@ -1,5 +1,5 @@ -00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1621067203571879} +00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1621067203571879} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621067203571879,"flow_src_last_pkt_time":1621067203571879,"flow_dst_last_pkt_time":1621067203571879,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621067203571879,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1621067203571879,"flow_dst_last_pkt_time":1621067203571879,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1621067203571879,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFtKMutlmzOAAAAALAC\/\/9bnAAAAgQFtAEDAwUBAQgKJ6c8YwAAAAAEAgAA"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1621067203571879,"flow_dst_last_pkt_time":1621067203633408,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1621067203633408,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8pJBAADQGX3NSUS4NwKgBsijL8W1kEcpBrZZsz6ASOEBvHAAAAgQFrAQCCAoGP5CkJ6c8YwEDAwo="} @@ -51,7 +51,7 @@ 00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1621067205651500,"flow_src_last_pkt_time":1621067206681899,"flow_dst_last_pkt_time":1621067206738955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":203,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":3141,"midstream":0,"thread_ts_usec":1621067222261499,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00793{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1621067206773010,"flow_src_last_pkt_time":1621067207801622,"flow_dst_last_pkt_time":1621067207860710,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":384,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":751,"flow_dst_tot_l4_payload_len":6525,"midstream":0,"thread_ts_usec":1621067222261499,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01254{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1150,"flow_dst_packets_processed":751,"flow_first_seen":1621067209199710,"flow_src_last_pkt_time":1621067222261499,"flow_dst_last_pkt_time":1621067222260652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1411,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":70643,"flow_dst_tot_l4_payload_len":206814,"midstream":0,"thread_ts_usec":1621067222261499,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.FortiClient","proto_id":"91.259","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-payload-len":298759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_usec":1621067222261499} +00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"cfgs\/default\/pcap\/forticlient.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-payload-len":298759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_usec":1621067222261499} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2000/2000 ~~ skipped flows.............: 0 @@ -60,9 +60,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7880064 bytes -~~ total memory freed........: 7880064 bytes -~~ total allocations/frees...: 148455/148455 +~~ total memory allocated....: 11588619 bytes +~~ total memory freed........: 11588619 bytes +~~ total allocations/frees...: 218709/218709 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 549 chars ~~ json string max len.......: 2457 chars diff --git a/test/results/default/ftp-start-tls.pcap.out b/test/results/default/ftp-start-tls.pcap.out index a5682eede..4f35e097c 100644 --- a/test/results/default/ftp-start-tls.pcap.out +++ b/test/results/default/ftp-start-tls.pcap.out @@ -1,5 +1,5 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1383123629078448} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1383123629078448} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1383123629078448,"flow_src_last_pkt_time":1383123629078448,"flow_dst_last_pkt_time":1383123629078448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383123629078448,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1383123629078448,"flow_dst_last_pkt_time":1383123629078448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1383123629078448,"pkt":"AAAAEAAU3NL8+wOhCABFOAAs3ocAAP8GetIK7hokCtwyTPKMABUzQlCKAAAAAGACIACjMgAAAgQCAAAA"} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1383123629078448,"flow_dst_last_pkt_time":1383123629078863,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1383123629078863,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD8G378K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"} @@ -13,7 +13,7 @@ 01945{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1383123629078448,"flow_src_last_pkt_time":1383123629152654,"flow_dst_last_pkt_time":1383123629153383,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":330,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":3206,"midstream":0,"thread_ts_usec":1383123629153383,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4811.0,"max":40376,"stddev":9556.7,"var":91331016.0,"ent":3.2,"data": [415,134,1253,15030,72,17807,3947,60,788,5,4347,3279,113,1027,2,8,2,118,3,2582,8520,40376,68,34737,4456,749,2222,1775,305,2738,2203]},"pktlen": {"min":46,"avg":160.9,"max":552,"stddev":164.2,"var":26956.4,"ent":4.4,"data": [46,46,46,46,113,113,50,46,46,71,71,190,46,46,552,552,255,552,552,255,46,370,91,91,77,122,122,77,122,122,85,130]},"bins": {"c_to_s": [4,3,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,7,0,0,0,2,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,1,0,1,1,1,1,0,1,1,1,1,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1],"entropies": [4.174477577,4.816402912,4.816402912,4.390829086,5.377844810,5.377844810,4.955727100,4.347350597,4.347350597,5.319664001,5.319664001,5.167058468,4.434307098,4.434307098,6.822389126,7.154568672,6.962697506,6.822389126,7.151652813,6.962697029,4.544876099,7.242094517,5.879006863,5.879006863,5.747309208,6.191079140,6.207472801,5.766408920,6.279234409,6.279234409,5.962334156,6.287871361]}} 01396{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1383123629078448,"flow_src_last_pkt_time":1383123629152654,"flow_dst_last_pkt_time":1383123629153383,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":330,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":3206,"midstream":0,"thread_ts_usec":1383123629153383,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"FTPS","proto_id":"311","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Unsafe","category_id":7,"category":"Download"}} 01428{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":35,"flow_first_seen":1383123629078448,"flow_src_last_pkt_time":1383123629412168,"flow_dst_last_pkt_time":1383123629233523,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":330,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":856,"flow_dst_tot_l4_payload_len":3834,"midstream":0,"thread_ts_usec":1383123629412168,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"FTPS","proto_id":"311","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Unsafe","category_id":7,"category":"Download"}} -00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":51,"packets-processed":51,"total-skipped-flows":0,"total-l4-payload-len":4690,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1383123629412168} +00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/ftp-start-tls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":51,"packets-processed":51,"total-skipped-flows":0,"total-l4-payload-len":4690,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1383123629412168} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 51/51 ~~ skipped flows.............: 0 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7774591 bytes -~~ total memory freed........: 7774591 bytes -~~ total allocations/frees...: 146430/146430 +~~ total memory allocated....: 11483210 bytes +~~ total memory freed........: 11483210 bytes +~~ total allocations/frees...: 216684/216684 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 543 chars ~~ json string max len.......: 1950 chars diff --git a/test/results/default/ftp.pcap.out b/test/results/default/ftp.pcap.out index d7d78e442..aad8f7c77 100644 --- a/test/results/default/ftp.pcap.out +++ b/test/results/default/ftp.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1552590234892296} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1552590234892296} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1552590234892296,"flow_src_last_pkt_time":1552590234892296,"flow_dst_last_pkt_time":1552590234892296,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1552590234892296,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1552590234892296,"flow_dst_last_pkt_time":1552590234892296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1552590234892296,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYGABWjI5ftAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eYmQAAAAAEAgAA"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1552590234892296,"flow_dst_last_pkt_time":1552590234919708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1552590234919708,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1AAVxgZYKsHSoyOX7qASqbA+KAAAAgQFrAQCCAoSZ\/tNO1eYmQEDAw4="} @@ -26,7 +26,7 @@ 00787{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":380,"flow_dst_packets_processed":735,"flow_first_seen":1552590241545143,"flow_src_last_pkt_time":1552590241851108,"flow_dst_last_pkt_time":1552590241878454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":1048576,"midstream":0,"thread_ts_usec":1552590243371057,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01199{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":27,"flow_first_seen":1552590234892296,"flow_src_last_pkt_time":1552590243340268,"flow_dst_last_pkt_time":1552590243371057,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":241,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":889,"midstream":0,"thread_ts_usec":1552590243371057,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download"}} 01104{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1552590236580045,"flow_src_last_pkt_time":1552590236638093,"flow_dst_last_pkt_time":1552590236666222,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":1205,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":1205,"midstream":0,"thread_ts_usec":1552590243371057,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"FTP_DATA","proto_id":"175","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1192,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1192,"packets-processed":1192,"total-skipped-flows":0,"total-l4-payload-len":1050844,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1552590243371057} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1192,"source":"cfgs\/default\/pcap\/ftp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1192,"packets-processed":1192,"total-skipped-flows":0,"total-l4-payload-len":1050844,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1552590243371057} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1192/1192 ~~ skipped flows.............: 0 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7811792 bytes -~~ total memory freed........: 7811792 bytes -~~ total allocations/frees...: 147589/147589 +~~ total memory allocated....: 11520379 bytes +~~ total memory freed........: 11520379 bytes +~~ total allocations/frees...: 217843/217843 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 542 chars ~~ json string max len.......: 2469 chars diff --git a/test/results/default/ftp_failed.pcap.out b/test/results/default/ftp_failed.pcap.out index 185ca23cf..e50324698 100644 --- a/test/results/default/ftp_failed.pcap.out +++ b/test/results/default/ftp_failed.pcap.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1574361625864342} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1574361625864342} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1574361625864342,"flow_src_last_pkt_time":1574361625864342,"flow_dst_last_pkt_time":1574361625864342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1574361625864342,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1574361625864342,"flow_dst_last_pkt_time":1574361625864342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1574361625864342,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACgGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbUAAAAAoAJwgHzLAAACBAWgBAIICpYFXqIAAAAAAQMDBw=="} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1574361625864342,"flow_dst_last_pkt_time":1574361625878212,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1574361625878212,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOACgGOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBmyZN0G2oBL\/\/zbpAAACBAWgBAIIClbTSMOWBV6iAQMDDg=="} @@ -8,7 +8,7 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1574361625977593,"flow_dst_last_pkt_time":1574361625977557,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1574361625977593,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACAGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbZwFQaBgBAA4XzDAAABAQgKlgVfE1bTSNw="} 01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1574361625864342,"flow_src_last_pkt_time":1574361631282407,"flow_dst_last_pkt_time":1574361631296434,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":1574361631296434,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download","ftp": {"user":"hello","password":"","auth_failed":1}}} 01218{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1574361625864342,"flow_src_last_pkt_time":1574361633088930,"flow_dst_last_pkt_time":1574361633102738,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":40,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1574361633102738,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":136,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1574361633102738} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ftp_failed.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":136,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1574361633102738} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769350 bytes -~~ total memory freed........: 7769350 bytes -~~ total allocations/frees...: 146391/146391 +~~ total memory allocated....: 11477969 bytes +~~ total memory freed........: 11477969 bytes +~~ total allocations/frees...: 216645/216645 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 571 chars ~~ json string max len.......: 1236 chars diff --git a/test/results/default/fuzz-2006-06-26-2594.pcap.out b/test/results/default/fuzz-2006-06-26-2594.pcap.out index 4a83559dd..e384291ae 100644 --- a/test/results/default/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/default/fuzz-2006-06-26-2594.pcap.out @@ -1,5 +1,5 @@ -00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1120469540839312} +00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1120469540839312} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120469540839312,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469540839312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1120469540839312,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120469540839312,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaYwAAIARTMHAqAECwKgB\/wCJAIkAOlu0hOcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPU0FDQUNBQ0FDQUJNAAAgAAE="} 00960{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120469540839312,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469540839312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"eci_domain"}} @@ -48,7 +48,7 @@ 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469576245476,"packet_id":23,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120469576245476} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":23,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120469574242837,"pkt":"ADCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1120469578248603,"flow_dst_last_pkt_time":1120469573246062,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469578248603,"pkt":"ADBUADRWAODtAW69CABFAABIaZwAAIARTbXAqAECwKgBAQqbADUANPFWONMBAAABAAAAAABJBF9zaXAEX3VkcANzaXAJY3liZXLyaXR5AmRrAAAhAAE="} -01330{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120469573246062,"flow_src_last_pkt_time":1120469578248603,"flow_dst_last_pkt_time":1120469573246062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469578248603,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyber?ity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01338{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120469573246062,"flow_src_last_pkt_time":1120469578248603,"flow_dst_last_pkt_time":1120469573246062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469578248603,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyber?ity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00326{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469582254242,"packet_id":25,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120469582254242} 00418{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120469578248603,"pkt":"ADBUADRWAODtAW69CABFAAB2aZ0AAIARTbTAqAECwKgBAQqbADUANPFWONMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5TWRrAAAhAAE="} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1120469589080368,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120469589080368,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaZ4AAIARTK\/AqAECwKgB\/wCJAIkAOluxhOoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} @@ -92,7 +92,7 @@ 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469554654733,"flow_src_last_pkt_time":1120469554654733,"flow_dst_last_pkt_time":1120469554654733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469620579207,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2712,"dst_port":49973,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469632829277,"flow_src_last_pkt_time":1120469632829277,"flow_dst_last_pkt_time":1120469632829277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469632829277,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1120469632829277,"flow_dst_last_pkt_time":1120469632829277,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1120469632829277,"pkt":"ADBUADRWAODtAW69CABFAAA9aaoAAIARTbLAcgECwKgBAQqfADUAKUpe7dQBAAABgAAAUgAAA2Z0cAdlY2l0ZexlA2NvbQAAAQAB"} -01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469632829277,"flow_src_last_pkt_time":1120469632829277,"flow_dst_last_pkt_time":1120469632829277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469632829277,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ftp.ecite?e.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01317{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469632829277,"flow_src_last_pkt_time":1120469632829277,"flow_dst_last_pkt_time":1120469632829277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469632829277,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ftp.ecite?e.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469633828778,"flow_src_last_pkt_time":1120469633828778,"flow_dst_last_pkt_time":1120469633828778,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469633828778,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1120469633828778,"flow_dst_last_pkt_time":1120469633828778,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1120469633828778,"pkt":"ADBUADRWEODtAW69CABFAAA9aasAAIARTbHAqAECwKgBAQqfADUAKUpe7dQBAAABAAAAAAAAA2Z0cAdlY2l0ZWxlA2NvbQAAAQAB"} 01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469633828778,"flow_src_last_pkt_time":1120469633828778,"flow_dst_last_pkt_time":1120469633828778,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469633828778,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ftp.ecitele.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -126,6 +126,7 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635046983,"flow_dst_last_pkt_time":1120469635046983,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_usec":1120469635046983,"pkt":"AKrtAW69ADBUADRWCABFEAAreQ5AADkGcR2T6gH9wKgBAgAVCKDlH5a+r53DLFgYYzbRlgAAIFUKAAAA"} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635048287,"flow_src_last_pkt_time":1120469635048287,"flow_dst_last_pkt_time":1120469635048287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120469635048287,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635048287,"flow_dst_last_pkt_time":1120469635048287,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_usec":1120469635048287,"pkt":"AODtAW69ADBUADRWCABFEABjeQ9AADkGcOST6gH9wKgBAgAVCqzlH5bBr53DLFAYYzY9pwAAIEZpbGVzIGxhcmdlciB0aGVuIDI1ME1CIHdpbGwgYmUgZGVsZXRlZCBhZnRlciA1IGRheXMgISEhDQo="} +01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635048287,"flow_src_last_pkt_time":1120469635048287,"flow_dst_last_pkt_time":1120469635048287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120469635048287,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635049544,"flow_src_last_pkt_time":1120469635049544,"flow_dst_last_pkt_time":1120469635049544,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":3,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120469635049544,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":1045,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635049544,"flow_dst_last_pkt_time":1120469635049544,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_usec":1120469635049544,"pkt":"AODtAW69ADBUADRWCABFEAAreRJAADkGcRmT6gH9wKgBAgQVCqDlH5cvr53DLFAYYzbRJQAAIA0KAAAA"} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635052210,"flow_src_last_pkt_time":1120469635052210,"flow_dst_last_pkt_time":1120469635052210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120469635052210,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -194,9 +195,9 @@ 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1120469680447016,"flow_dst_last_pkt_time":1120469680447016,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469680447016,"pkt":"ADBUADRWAODtAW69CABFAABIRc8AAIARTYLAqAECwKgBAQqkJXMANFNK1tYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469681446824,"flow_src_last_pkt_time":1120469681446824,"flow_dst_last_pkt_time":1120469681446824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469681446824,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1120469681446824,"flow_dst_last_pkt_time":1120469681446824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469681446824,"pkt":"ADBUADRWAODtAW69CABFAABIadAAAIARTYHAqAECwKgBAQqkADUANFNK1tYBAAABAAB2AAAABF9zaXAEX3VkcAMlcwAJY3liZXJjaXR5AmRrAAAhAAE="} -01324{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469681446824,"flow_src_last_pkt_time":1120469681446824,"flow_dst_last_pkt_time":1120469681446824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469681446824,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp._s?.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":2403,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01332{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469681446824,"flow_src_last_pkt_time":1120469681446824,"flow_dst_last_pkt_time":1120469681446824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469681446824,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp._s?.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":2403,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1120469683449627,"flow_dst_last_pkt_time":1120469681446824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469683449627,"pkt":"ADBUADRWAODtAW69CABFAABIYdEAAIARTYDAqAECwKgBAQqkADUANFNK1tYBAAABAAAAAAAABF9zaXAGX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAQE="} -01407{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120469681446824,"flow_src_last_pkt_time":1120469683449627,"flow_dst_last_pkt_time":1120469681446824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469683449627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01415{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120469681446824,"flow_src_last_pkt_time":1120469683449627,"flow_dst_last_pkt_time":1120469681446824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469683449627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469685131995,"flow_src_last_pkt_time":1120469685131995,"flow_dst_last_pkt_time":1120469685131995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469685131995,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":25481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1120469685131995,"flow_dst_last_pkt_time":1120469685131995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120469685131995,"pkt":"\/\/\/\/\/\/\/\/AOB2AW69CABFAABOadMAAIARTHrAqAECwKgB\/wCJY4kAOls4hPQBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUN1NEFDQUJNAHEgAAE="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469685452600,"flow_src_last_pkt_time":1120469685452600,"flow_dst_last_pkt_time":1120469685452600,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469685452600,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.17.1","src_port":2724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -395,14 +396,14 @@ 01086{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120469956232437,"flow_src_last_pkt_time":1120469956232437,"flow_dst_last_pkt_time":1120469956233923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120469956233923,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2739,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469956945492,"flow_src_last_pkt_time":1120469956945492,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469956945492,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1120469956945492,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469956945492,"pkt":"ADBUADRWAODtAW69CABFAABIakgAAIARTQnAqAECwKgBAQq0ADUANP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaSVzAGRrAAAhLwE="} -01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469956945492,"flow_src_last_pkt_time":1120469956945492,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469956945492,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyberci_s","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":25707,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01330{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469956945492,"flow_src_last_pkt_time":1120469956945492,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469956945492,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyberci_s","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":25707,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_src_last_pkt_time":1120469957944384,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469957944384,"pkt":"ADBUADRWAODtAW69CABFAABIakkAAIARTQjAqAECwKgBAQq0ADUANP0xLN82AAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01212{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120469956945492,"flow_src_last_pkt_time":1120469957944384,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469957944384,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01338{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120469956945492,"flow_src_last_pkt_time":1120469957944384,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469957944384,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1120469959947225,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469959947225,"pkt":"ADBUADRWAODtAW69CABFAABIakoAAIARTQfAqAECwKgBAQq0ADUANP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469961950106,"packet_id":186,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2151,"global_ts_usec":1120469961950106} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":186,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2151,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120469959947225,"pkt":"ADBUADRWAODtAW69CGdFAABIaksAAIARTQbAqAECwKgBAQq0ADUAPP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1120469965955887,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120469965955887,"pkt":"ADBUADRWAODtAW69CABFAABIakwAAIARTQXAqAECwKgBAQq0ADUANP0xLN8BJXMAAAAAAAAABF9zaXAEX3VkcANzaXAJc3liZXJUaXR5AmRrAAAhAAE="} -01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120469956945492,"flow_src_last_pkt_time":1120469965955887,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469965955887,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01442{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120469956945492,"flow_src_last_pkt_time":1120469965955887,"flow_dst_last_pkt_time":1120469956945492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469965955887,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469970215886,"flow_src_last_pkt_time":1120469970215886,"flow_dst_last_pkt_time":1120469970215886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469970215886,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":8329,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1120469970215886,"flow_dst_last_pkt_time":1120469970215886,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120469970215886,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOak0AAIARTADAqAECwKgB\/wCJIIkAOluRhQoBEAABAAAAAAAAIEVGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469973957831,"flow_src_last_pkt_time":1120469973957831,"flow_dst_last_pkt_time":1120469973957831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469973957831,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2741,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -484,7 +485,7 @@ 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":1120470033172606,"flow_dst_last_pkt_time":1120470033172606,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470033172606,"pkt":"ADBUADRWAODtAXO9CABFAABIamkAAIDwTOjAqAECwKgBAQq6ADUANMsPhMQBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp18mEDbmV0AAAhAAE="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470035175480,"flow_src_last_pkt_time":1120470035175480,"flow_dst_last_pkt_time":1120470035175480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470035175480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1120470035175480,"flow_dst_last_pkt_time":1120470035175480,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470035175480,"pkt":"ADBUADRWAODtAW69CABFAABIamoAAIARTOfAqAEiwKgBAQq6ADUANMsPhMQBAAABAAAAiwAABF9zaXAEX3VkcAQlcwBwB2JyVmp1bGEDbmV0AAAhAAE="} -01326{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470035175480,"flow_src_last_pkt_time":1120470035175480,"flow_dst_last_pkt_time":1120470035175480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470035175480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp._s?p.brvjula.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28679,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01334{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470035175480,"flow_src_last_pkt_time":1120470035175480,"flow_dst_last_pkt_time":1120470035175480,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470035175480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp._s?p.brvjula.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28679,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_src_last_pkt_time":1120470037178362,"flow_dst_last_pkt_time":1120470032178937,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470037178362,"pkt":"ADBUADRWAODtAW69CABFAABIamsAAIARTObAqAECwKgBAQq6ADUANMsPhMQBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhAAE="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":3,"flow_src_last_pkt_time":1120470041184152,"flow_dst_last_pkt_time":1120470032178937,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470041184152,"pkt":"ADBUADRWAKDtAW69CABFAABIamwAAIARTOXAqAECwKgBAQq6ADUANMsPhMQBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhAAE="} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469848977728,"flow_src_last_pkt_time":1120469848977728,"flow_dst_last_pkt_time":1120469848977728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470041184152,"l3_proto":"ip4","src_ip":"172.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -526,7 +527,7 @@ 01213{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470049190871,"flow_src_last_pkt_time":1120470052189909,"flow_dst_last_pkt_time":1120470049190871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470052189909,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":4,"flow_src_last_pkt_time":1120470054192756,"flow_dst_last_pkt_time":1120470049190871,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470054192756,"pkt":"ADBUADRWADbtAW69CABFAABIanQAAIARRzjAqAECwKgBAQq8ADUANCzl\/cYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":5,"flow_src_last_pkt_time":1120470058198554,"flow_dst_last_pkt_time":1120470049190871,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470058198554,"pkt":"ADBUADRWAODtAW69CABFAABIanUAAIARTNzAqAECwKgBAQq8ADUANAxC\/cYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5Aqqqqqqqqqo="} -01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470049190871,"flow_src_last_pkt_time":1120470058198554,"flow_dst_last_pkt_time":1120470049190871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470058198554,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01416{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470049190871,"flow_src_last_pkt_time":1120470058198554,"flow_dst_last_pkt_time":1120470049190871,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470058198554,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2748,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00962{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469877188186,"flow_src_last_pkt_time":1120469877188186,"flow_dst_last_pkt_time":1120469877188186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470058198554,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":169,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469877188186,"flow_src_last_pkt_time":1120469877188186,"flow_dst_last_pkt_time":1120469877188186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470058198554,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":169,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469864991331,"flow_src_last_pkt_time":1120469864991331,"flow_dst_last_pkt_time":1120469864991331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470058198554,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -552,7 +553,7 @@ 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":3,"flow_src_last_pkt_time":1120470071297608,"flow_dst_last_pkt_time":1120470066293853,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470071297608,"pkt":"ADBUADREAODtAW69CABFAABIan4AAIAR7NPAqAECwKgBAQq+ADUANBBXP8gBqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470066293853,"flow_src_last_pkt_time":1120470071297608,"flow_dst_last_pkt_time":1120470066293853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470071297608,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.voip.brujula.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_packet_id":4,"flow_src_last_pkt_time":1120470075303154,"flow_dst_last_pkt_time":1120470066293853,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470075303154,"pkt":"ADBUADZWAFjtAW69CABFAABIan8AAIARTNLAqAECwKgBAQq+ADUANBAIP8gBBAABAAAAAAAABF9zaXAEX3VkcAR2byVzAGJydWp1bGEDbmV0AAAhAAE="} -01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470066293853,"flow_src_last_pkt_time":1120470075303154,"flow_dst_last_pkt_time":1120470066293853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470075303154,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.vo_s","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":25202,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01433{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470066293853,"flow_src_last_pkt_time":1120470075303154,"flow_dst_last_pkt_time":1120470066293853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470075303154,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.vo_s","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":25202,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470019512857,"flow_src_last_pkt_time":1120470019512857,"flow_dst_last_pkt_time":1120470019512857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470075303154,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":88,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00792{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469970215886,"flow_src_last_pkt_time":1120469970215886,"flow_dst_last_pkt_time":1120469970215886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470075303154,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":8329,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00789{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469922894014,"flow_src_last_pkt_time":1120469922894014,"flow_dst_last_pkt_time":1120469922894014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470075303154,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -566,7 +567,7 @@ 01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083305056,"flow_src_last_pkt_time":1120470083305056,"flow_dst_last_pkt_time":1120470083305056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470083305056,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470083306558,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470083306558,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARt8vAqAEBwKgBAgA1Cr8AR+yxGsqAAAABAAEAAAAAATEBMCVzADEyNwdpbi1hZGRyBGFycGEAAAwAARoMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -01402{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470083306558,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12594,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01410{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470083306558,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12594,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 01026{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":4,"flow_src_last_pkt_time":1120470083308013,"flow_dst_last_pkt_time":1120470051405231,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_usec":1120470083308013,"pkt":"ADBUADRWAODtAW69CABFAAGTaoEAAIARzJjAqAECyER4URPEE8QBf5mcQ0FOQ0VMIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANN1ZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7YnJhbmNoPXo5aEc0YktucDEwNDk4NDA1My00NGNlNGE0MTE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiAiYXJpayIgPHNpcDolcwA2NjZAdm9pcC5icnVyanVsYS5uZXQ+O3RhZz02NDMzZWY5DQpUbzogPHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubkhwPg0KQ2FsbC1JRDogMTA1MDkwMjU5LTQ0NmZhZjdhQDE5Mi4xNjguJXMADQpDU2VxOiAxIENBTkNFTA0KQ29udGVudC1MZW5ndGg6JXMACk1heC1Gb3J3YXJkczogdzANClVzZXItQWdlbnQ6IE5lcm8gU0lQUFMgSVAgUGhvbmUgVmVyc2lvbiAyLjAuNTEuMTYNCg0K"} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083310624,"flow_src_last_pkt_time":1120470083310624,"flow_dst_last_pkt_time":1120470083310624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470083310624,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_src_last_pkt_time":1120470083310624,"flow_dst_last_pkt_time":1120470083310624,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470083310624,"pkt":"ADBUADRWAODtAW69CABFAABIaoIAAIARTM\/AqAECwKgBAQrAADUANLk4cMwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} @@ -653,16 +654,16 @@ 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469944224630,"flow_src_last_pkt_time":1120469944224630,"flow_dst_last_pkt_time":1120469944224630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120469940218900,"flow_src_last_pkt_time":1120469948230389,"flow_dst_last_pkt_time":1120469940218900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2738,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083305056,"flow_src_last_pkt_time":1120470083305056,"flow_dst_last_pkt_time":1120470083305056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01320{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01328{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470083310624,"flow_src_last_pkt_time":1120470088311840,"flow_dst_last_pkt_time":1120470083310624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470129594559,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00659{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":282,"packets-processed":241,"total-skipped-flows":0,"total-l4-payload-len":24511,"total-not-detected-flows":6,"total-guessed-flows":4,"total-detected-flows":70,"total-detection-updates":26,"total-updates":178,"current-active-flows":63,"total-active-flows":109,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":658,"global_ts_usec":1120470141614697} +00659{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":282,"packets-processed":241,"total-skipped-flows":0,"total-l4-payload-len":24511,"total-not-detected-flows":6,"total-guessed-flows":4,"total-detected-flows":71,"total-detection-updates":26,"total-updates":178,"current-active-flows":63,"total-active-flows":109,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":659,"global_ts_usec":1120470141614697} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470141614697,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470141614697,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_src_last_pkt_time":1120470141614697,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470141614697,"pkt":"ADBUADRWAODtAW69CABFAABIaqIAAIARTK\/AqAECwKgBAQrEADUANAAlcwABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrACVzAAE="} 01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470141614697,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470141614697,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":2,"flow_src_last_pkt_time":1120470142609990,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470142609990,"pkt":"ADBVADRWAODtAW69CABFAABIaqMAAIARTK7AqAECwKgBAQrEADUANAARKfABVwABAAAAAAAABF\/zaXAEX3VkcANzaXAJY3liZXJjaXSSAmRrAAAhAAE="} -01331{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470142609990,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470142609990,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_?ip._udp.sip.cybercit?.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470142609990,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470142609990,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_?ip._udp.sip.cybercit?.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":3,"flow_src_last_pkt_time":1120470144612843,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470144612843,"pkt":"ADBUADRWAODtAW69CABFAABIaqQAAIARTK3AqAECwKgBAQrEADUANAARKfABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01332{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470144612843,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470144612843,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470144612843,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470144612843,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":4,"flow_src_last_pkt_time":1120470146615928,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470146615928,"pkt":"ADBUADRWAODtAW69CABFAABIaqUAAIARTKzAqAECwKgBAQrEADUANAARKfABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_packet_id":5,"flow_src_last_pkt_time":1120470150621463,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470150621463,"pkt":"ADBUADRWAODtAW69CABFAABIaqYAAIARTKvAqAECwKgBAQrEADUANAARKfABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469970215886,"flow_src_last_pkt_time":1120469970215886,"flow_dst_last_pkt_time":1120469970215886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470150621463,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":8329,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}} @@ -694,7 +695,7 @@ 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158623642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470158623642,"pkt":"ADBUADRWAODtAW69CABFAABEaqcAAIARTK7AqAECwKgBAQrFADUAMEUJ3\/AAAAABAAAAAAAAATEBdgEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} 01201{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158623642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470158623642,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.v.0.127.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":2,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470158625217,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CsUARyeF3\/CAAAABAAEAAAAAAXMBMAElcwAyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -01182{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470158625217,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01308{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470158625217,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 02250{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120470161396896,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1592,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470161396896,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":741823,"avg":20017986.0,"max":47494748,"stddev":22627942.0,"var":512023754440704.0,"ent":3.9,"data": [746308,47494748,744583,751092,46512252,745680,46548540,1500555,45837567,749435,751083,46756478,741823,751085,45987992,749213,47479804,47268139,749384,47257959,751080,46297871,749788,46627979,750158,751078,45907667,749430,751084,46347688,750041]},"pktlen": {"min":78,"avg":78.0,"max":78,"stddev":0.0,"var":0.0,"ent":5.0,"data": [78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78]},"bins": {"c_to_s": [0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.275660515,4.184385777,4.229382992,4.337641239,4.229382992,4.245346546,4.229382992,4.275660515,4.299727440,4.275660515,4.292109013,4.275660515,4.337901115,4.229382992,4.229382992,4.203742027,4.250019550,4.178100586,4.229382992,4.255024433,4.194064140,4.238767147,4.229382992,4.325850487,4.194064140,4.194064140,4.264408588,4.321938515,4.255024433,4.256044388,4.229382992,3.185813189]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469973959320,"flow_src_last_pkt_time":1120469973959320,"flow_dst_last_pkt_time":1120469973959320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470162147971,"l3_proto":"ip4","src_ip":"192.168.130.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2741,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469973957831,"flow_src_last_pkt_time":1120469973957831,"flow_dst_last_pkt_time":1120469973957831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470162147971,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2741,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -707,7 +708,7 @@ 00789{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470113337845,"flow_src_last_pkt_time":1120470121594088,"flow_dst_last_pkt_time":1120470113337845,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":97,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470162147971,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470170646619,"flow_src_last_pkt_time":1120470170646619,"flow_dst_last_pkt_time":1120470170646619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470170646619,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_src_last_pkt_time":1120470170646619,"flow_dst_last_pkt_time":1120470170646619,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470170646619,"pkt":"ADBUADRWAODtAW69CABFAABIaqwAAIARTKXAqAECwKgBAQpQADUANOIMR\/IBAAABAAAAAAAABKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -01399{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470170646619,"flow_src_last_pkt_time":1120470170646619,"flow_dst_last_pkt_time":1120470170646619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470170646619,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01407{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470170646619,"flow_src_last_pkt_time":1120470170646619,"flow_dst_last_pkt_time":1120470170646619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470170646619,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470171641690,"flow_src_last_pkt_time":1120470171641690,"flow_dst_last_pkt_time":1120470171641690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470171641690,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_src_last_pkt_time":1120470171641690,"flow_dst_last_pkt_time":1120470171641690,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470171641690,"pkt":"ADBUADRWAODtAW69CABFAABIaq0AAIARTKTAqAECwKgBAQrhADUANOIMR\/IBAAABAAAAAAAABF9zaXAEX3RkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470171641690,"flow_src_last_pkt_time":1120470171641690,"flow_dst_last_pkt_time":1120470171641690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470171641690,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._tdp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -725,7 +726,7 @@ 00789{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470117343746,"flow_src_last_pkt_time":1120470117343746,"flow_dst_last_pkt_time":1120470117343746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470179653185,"l3_proto":"ip4","src_ip":"14.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470015072741,"flow_src_last_pkt_time":1120470024079690,"flow_dst_last_pkt_time":1120470015072741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470179653185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2744,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083305056,"flow_src_last_pkt_time":1120470083305056,"flow_dst_last_pkt_time":1120470083305056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470179653185,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01320{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470179653185,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01328{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470179653185,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470083310624,"flow_src_last_pkt_time":1120470088311840,"flow_dst_last_pkt_time":1120470083310624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470179653185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470129591869,"flow_src_last_pkt_time":1120470129591869,"flow_dst_last_pkt_time":1120470129593389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470179653185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470187655341,"flow_src_last_pkt_time":1120470187655341,"flow_dst_last_pkt_time":1120470187655341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470187655341,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -772,7 +773,7 @@ 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470069294518,"flow_src_last_pkt_time":1120470069294518,"flow_dst_last_pkt_time":1120470069294518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470209405938,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":10942,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470100319543,"flow_src_last_pkt_time":1120470100319543,"flow_dst_last_pkt_time":1120470100321028,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470209405938,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470113337845,"flow_src_last_pkt_time":1120470121594088,"flow_dst_last_pkt_time":1120470113337845,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":97,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470209405938,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01095{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470209405938,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01221{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470209405938,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01105{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470209405938,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01111{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":3,"flow_first_seen":1120470049696866,"flow_src_last_pkt_time":1120470110894601,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":4269,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470209405938,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00788{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470092317681,"flow_src_last_pkt_time":1120470092317681,"flow_dst_last_pkt_time":1120470092317681,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470209405938,"l3_proto":"ip4","src_ip":"192.98.1.2","dst_ip":"25.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -815,9 +816,9 @@ 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470236795395,"flow_src_last_pkt_time":1120470236795395,"flow_dst_last_pkt_time":1120470236795395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470236795395,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_src_last_pkt_time":1120470236795395,"flow_dst_last_pkt_time":1120470236795395,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470236795395,"pkt":"ADBUADRWAODtAW69CABFAABIaskAAIARTIjAqAECqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":3,"flow_src_last_pkt_time":1120470238798300,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470238798300,"pkt":"ADBUADRWAODtAW69CABFAABIasoAAIARTIfAqAECwKgBAQrMADUANEn93\/sBAAABAAAAAAAABF9zaXAEX3VkcANzDXAJY0liZXJjaXR5AmRrAAAhAAE="} -01332{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470238798300,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470238798300,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.s?p.cibercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470238798300,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470238798300,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.s?p.cibercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":4,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470242804255,"pkt":"ADBUADRWAODtAW69CABFAABIassAAIARTIbAqAECwKgBAQrMADUANEn9qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} -01512{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":170,"num_answers":254,"reply_code":10,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01520{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":170,"num_answers":254,"reply_code":10,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049185972,"flow_src_last_pkt_time":1120470049185972,"flow_dst_last_pkt_time":1120470049185972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"67.168.1.1","src_port":2747,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470032178937,"flow_src_last_pkt_time":1120470041184152,"flow_dst_last_pkt_time":1120470032178937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049187466,"flow_src_last_pkt_time":1120470049187466,"flow_dst_last_pkt_time":1120470049187466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2747,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -825,7 +826,7 @@ 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470049188993,"flow_dst_last_pkt_time":1120470049188993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":822,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":822,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":4932,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00789{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470117343746,"flow_src_last_pkt_time":1120470117343746,"flow_dst_last_pkt_time":1120470117343746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"14.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083305056,"flow_src_last_pkt_time":1120470083305056,"flow_dst_last_pkt_time":1120470083305056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01320{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01328{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470083310624,"flow_src_last_pkt_time":1120470088311840,"flow_dst_last_pkt_time":1120470083310624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470129591869,"flow_src_last_pkt_time":1120470129591869,"flow_dst_last_pkt_time":1120470129593389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470150621463,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470242804255,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -863,7 +864,7 @@ 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470086308978,"flow_src_last_pkt_time":1120470086308978,"flow_dst_last_pkt_time":1120470086308978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470259918614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"102.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470100319543,"flow_src_last_pkt_time":1120470100319543,"flow_dst_last_pkt_time":1120470100321028,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470259918614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470113337845,"flow_src_last_pkt_time":1120470121594088,"flow_dst_last_pkt_time":1120470113337845,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":97,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470259918614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01095{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470259918614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01221{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470259918614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470202676324,"flow_src_last_pkt_time":1120470208684923,"flow_dst_last_pkt_time":1120470202676324,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470259918614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01111{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":3,"flow_first_seen":1120470049696866,"flow_src_last_pkt_time":1120470110894601,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":4269,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470259918614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00788{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470092317681,"flow_src_last_pkt_time":1120470092317681,"flow_dst_last_pkt_time":1120470092317681,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470259918614,"l3_proto":"ip4","src_ip":"192.98.1.2","dst_ip":"25.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -888,7 +889,7 @@ 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470084827100,"flow_src_last_pkt_time":1120470084827100,"flow_dst_last_pkt_time":1120470084827100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":375,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470276933108,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.37.115","src_port":4292,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01222{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470085969731,"flow_src_last_pkt_time":1120470085969731,"flow_dst_last_pkt_time":1120470085969731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":265,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":265,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":265,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470276933108,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":4901,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470086308978,"flow_src_last_pkt_time":1120470086308978,"flow_dst_last_pkt_time":1120470086308978,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470276933108,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"102.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01318{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470276933108,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01326{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083306558,"flow_src_last_pkt_time":1120470083306558,"flow_dst_last_pkt_time":1120470083306558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470276933108,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2751,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470083305056,"flow_src_last_pkt_time":1120470083305056,"flow_dst_last_pkt_time":1120470083305056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470276933108,"l3_proto":"ip4","src_ip":"192.168.1.18","dst_ip":"192.168.1.1","src_port":2751,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470083310624,"flow_src_last_pkt_time":1120470088311840,"flow_dst_last_pkt_time":1120470083310624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470276933108,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470092317681,"flow_src_last_pkt_time":1120470092317681,"flow_dst_last_pkt_time":1120470092317681,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470276933108,"l3_proto":"ip4","src_ip":"192.98.1.2","dst_ip":"25.168.1.1","src_port":2752,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -910,7 +911,7 @@ 01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470098867648,"flow_src_last_pkt_time":1120470098867648,"flow_dst_last_pkt_time":1120470098867648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":375,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":375,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":375,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.169.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470236795395,"flow_src_last_pkt_time":1120470236795395,"flow_dst_last_pkt_time":1120470236795395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470233792936,"flow_src_last_pkt_time":1120470233792936,"flow_dst_last_pkt_time":1120470233792936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01420{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01428{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470284937812,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470298331768,"packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470298331768} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":357,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470284937812,"pkt":"qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470299325295,"packet_id":358,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_usec":1120470299325295} @@ -938,7 +939,7 @@ 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470259918614,"flow_src_last_pkt_time":1120470259918614,"flow_dst_last_pkt_time":1120470259918614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470307336934,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470129591869,"flow_src_last_pkt_time":1120470129591869,"flow_dst_last_pkt_time":1120470129593389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470307336934,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470150621463,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470307336934,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01095{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470307336934,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01221{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470307336934,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470175647445,"flow_src_last_pkt_time":1120470179653185,"flow_dst_last_pkt_time":1120470175647445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470307336934,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470187655341,"flow_src_last_pkt_time":1120470187655341,"flow_dst_last_pkt_time":1120470187655341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470307336934,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470202676324,"flow_src_last_pkt_time":1120470208684923,"flow_dst_last_pkt_time":1120470202676324,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470307336934,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -964,16 +965,16 @@ 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470267925643,"flow_src_last_pkt_time":1120470276933108,"flow_dst_last_pkt_time":1120470267925643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470315653366,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470327552269,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470327552269,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_src_last_pkt_time":1120470327552269,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470327552269,"pkt":"ADBUOzRWAODtAW69CABFAABIau8AAIARTGLAqAECwKgBAQrUADUANIwPneEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY6qqqqqqqqqqqqqqqqqqqqo="} -01399{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470327552269,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470327552269,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01407{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470327552269,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470327552269,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":2,"flow_src_last_pkt_time":1120470328547303,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470328547303,"pkt":"ADBUADRWAODtAW69CABFQABIavAAAIARTGHAqAECwKgBAQrUADUANIwPneEBAACQAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01407{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470328547303,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470328547303,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01415{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470328547303,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470328547303,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":3,"flow_src_last_pkt_time":1120470330550185,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470330550185,"pkt":"ADBUADRWAODtAW69CABFAABIavEAAIARTGDAqAECwKgBAQrUADUANIwPneEBAAABAAAAAAAABF9zaXAAX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01416{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470330550185,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470330550185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":24437,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01424{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470330550185,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470330550185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":24437,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470332553067,"flow_src_last_pkt_time":1120470332553067,"flow_dst_last_pkt_time":1120470332553067,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470332553067,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.184.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":1,"flow_src_last_pkt_time":1120470332553067,"flow_dst_last_pkt_time":1120470332553067,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470332553067,"pkt":"ADBUADRWAODtAW69CABFAABIavIAAIARTF\/AqAECwLgBAQrUADUANIwPneEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470332553067,"flow_src_last_pkt_time":1120470332553067,"flow_dst_last_pkt_time":1120470332553067,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470332553067,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.184.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":4,"flow_src_last_pkt_time":1120470336558847,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470336558847,"pkt":"ADBUADRWAODtAW5yCABFAABIavMAAIARTF7AqAECwKgBAQrUADUANIwPneEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAlcwBibXJjaXR5AmRrAAAhAAE="} -01412{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470336558847,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":25197,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01420{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470336558847,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":25197,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470141614697,"flow_src_last_pkt_time":1120470150621463,"flow_dst_last_pkt_time":1120470141614697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470236795395,"flow_src_last_pkt_time":1120470236795395,"flow_dst_last_pkt_time":1120470236795395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470272927556,"flow_src_last_pkt_time":1120470272927556,"flow_dst_last_pkt_time":1120470272927556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"94.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":4,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -982,7 +983,7 @@ 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470216686822,"flow_src_last_pkt_time":1120470216686822,"flow_dst_last_pkt_time":1120470216688322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470216783289,"flow_src_last_pkt_time":1120470219780912,"flow_dst_last_pkt_time":1120470216783289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470233792936,"flow_src_last_pkt_time":1120470233792936,"flow_dst_last_pkt_time":1120470233792936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01420{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01428{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470270925077,"flow_src_last_pkt_time":1120470270925077,"flow_dst_last_pkt_time":1120470270925077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470284935173,"flow_src_last_pkt_time":1120470284935173,"flow_dst_last_pkt_time":1120470284935173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2769,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470171641690,"flow_src_last_pkt_time":1120470171641690,"flow_dst_last_pkt_time":1120470171641690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470336558847,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -993,7 +994,7 @@ 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470344562295,"packet_id":377,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_usec":1120470344562295} 00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":377,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_usec":1120470344560828,"pkt":"AODtAW69ADBUADRWCABFAABbAACGAEARtz7AqAEBwKgBAgA1CtUAR5KDdOKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470170646619,"flow_src_last_pkt_time":1120470170646619,"flow_dst_last_pkt_time":1120470170646619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470352381647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470352381647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01219{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470158623642,"flow_src_last_pkt_time":1120470158623642,"flow_dst_last_pkt_time":1120470158625217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470352381647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2757,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470171641690,"flow_src_last_pkt_time":1120470171641690,"flow_dst_last_pkt_time":1120470171641690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470352381647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00757{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470187656855,"flow_src_last_pkt_time":1120470187656855,"flow_dst_last_pkt_time":1120470187656855,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":71,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":71,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":71,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470352381647,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"flow_datalink":1,"flow_max_packets":5} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470304312412,"flow_src_last_pkt_time":1120470304312412,"flow_dst_last_pkt_time":1120470304312412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470352381647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -1016,12 +1017,12 @@ 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":2,"flow_src_last_pkt_time":1120470357579070,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470357579070,"pkt":"ADBUADRWAODtAW69CABFAABIavoAAIARTFfAqAECwKgBAQrWADUANFcM0uIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 01316{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470356585263,"flow_src_last_pkt_time":1120470357579070,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470357579070,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":3,"flow_src_last_pkt_time":1120470359581956,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470359581956,"pkt":"ADBUADTdAODtAW69CABFSQBIavMAAIARTFbAqAECwKgBAQrWADUANFcM0uIBAAABAAAAAAAABF9zaXAEX3VkcAxzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01409{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470356585263,"flow_src_last_pkt_time":1120470359581956,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470359581956,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01417{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470356585263,"flow_src_last_pkt_time":1120470359581956,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470359581956,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470361584807,"flow_src_last_pkt_time":1120470361584807,"flow_dst_last_pkt_time":1120470361584807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470361584807,"l3_proto":"ip4","src_ip":"192.168.9.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_src_last_pkt_time":1120470361584807,"flow_dst_last_pkt_time":1120470361584807,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470361584807,"pkt":"ADBUAEtWAODtAW69CABFAABIavwAAIARTFXAqAkCwKgBAQrWADUANFcM2uIBAAAAAAAAJXMABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470361584807,"flow_src_last_pkt_time":1120470361584807,"flow_dst_last_pkt_time":1120470361584807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470361584807,"l3_proto":"ip4","src_ip":"192.168.9.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":4,"flow_src_last_pkt_time":1120470365590672,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470365590672,"pkt":"ADBUADRWAODtAW69CABFAABIav0AAIARTFTAqAECwKgBAQrWADUANFcM0uIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01435{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470356585263,"flow_src_last_pkt_time":1120470365590672,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01443{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470356585263,"flow_src_last_pkt_time":1120470365590672,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 01293{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470173644568,"flow_src_last_pkt_time":1120470173644568,"flow_dst_last_pkt_time":1120470173644568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470173644568,"flow_src_last_pkt_time":1120470173644568,"flow_dst_last_pkt_time":1120470173644568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470175647445,"flow_src_last_pkt_time":1120470179653185,"flow_dst_last_pkt_time":1120470175647445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1032,20 +1033,20 @@ 01100{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315340201,"flow_src_last_pkt_time":1120470315340201,"flow_dst_last_pkt_time":1120470315340201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470365590672,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373592474,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470373592474,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373592474,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470373592474,"pkt":"ADBUADRWAODtAW69CABFAABEav4AAIARTFfAqAECwKgBAQrXADUAMHoFquIAAAABAAAAAAAIATEBMAEwAzEyNwdpbi1hUWSWBGFycGEAAAwAAQ=="} -01319{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373592474,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470373592474,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-aqd?.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373592474,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470373592474,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-aqd?.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470373593968,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CtcAR1yBquKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470373593968,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}} +01228{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470373593968,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470187655341,"flow_src_last_pkt_time":1120470187655341,"flow_dst_last_pkt_time":1120470187655341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470373595117,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2759,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470336558847,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470373595117,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470385615843,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470385615843,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_src_last_pkt_time":1120470385615843,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470385615843,"pkt":"ADBUADRWAODtAW69CABFAABIawQAAIARTE3AqAECwKgBAQrYADUANPsJLuMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470385615843,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470385615843,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":2,"flow_src_last_pkt_time":1120470386610998,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470386610998,"pkt":"ADBUADRWAODtAW69CABFAABIawUAAKARTEzAqAECwKgBAQrYADUANEcJLuMBAAABAAAAAAAABV9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470386610998,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470386610998,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01416{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470386610998,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470386610998,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470388613748,"packet_id":392,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_usec":1120470388613748} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":392,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470386610998,"pkt":"ADBUADSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":3,"flow_src_last_pkt_time":1120470390616811,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470390616811,"pkt":"ADBUADRWAODtAW69CABFAABIawsAAIARTEbAqAECwKgBAQrYADUANPsJLuMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01435{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470390616811,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470390616811,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01443{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470390616811,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470390616811,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":394,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":4,"flow_src_last_pkt_time":1120470394622318,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470394622318,"pkt":"ADBUADRWAODtAW69CABFAABIayAAAIARTDHAqAECwKgBAQrYADUANPsJLuMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 01289{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470200673416,"flow_src_last_pkt_time":1120470200673416,"flow_dst_last_pkt_time":1120470200673416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470200673416,"flow_src_last_pkt_time":1120470200673416,"flow_dst_last_pkt_time":1120470200673416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1055,7 +1056,7 @@ 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470216686822,"flow_src_last_pkt_time":1120470216686822,"flow_dst_last_pkt_time":1120470216688322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470216783289,"flow_src_last_pkt_time":1120470219780912,"flow_dst_last_pkt_time":1120470216783289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470233792936,"flow_src_last_pkt_time":1120470233792936,"flow_dst_last_pkt_time":1120470233792936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01420{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01428{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470270925077,"flow_src_last_pkt_time":1120470270925077,"flow_dst_last_pkt_time":1120470270925077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470284935173,"flow_src_last_pkt_time":1120470284935173,"flow_dst_last_pkt_time":1120470284935173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2769,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":395,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470332553067,"flow_src_last_pkt_time":1120470332553067,"flow_dst_last_pkt_time":1120470332553067,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470394622318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.184.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1100,7 +1101,7 @@ 01008{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470236795395,"flow_src_last_pkt_time":1120470236795395,"flow_dst_last_pkt_time":1120470236795395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470236795395,"flow_src_last_pkt_time":1120470236795395,"flow_dst_last_pkt_time":1120470236795395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470233792936,"flow_src_last_pkt_time":1120470233792936,"flow_dst_last_pkt_time":1120470233792936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01418{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01426{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470233796341,"flow_src_last_pkt_time":1120470242804255,"flow_dst_last_pkt_time":1120470233796341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01111{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315653366,"flow_src_last_pkt_time":1120470315653366,"flow_dst_last_pkt_time":1120470315653366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470267920560,"flow_src_last_pkt_time":1120470267920560,"flow_dst_last_pkt_time":1120470267922044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470267925643,"flow_src_last_pkt_time":1120470276933108,"flow_dst_last_pkt_time":1120470267925643,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1108,7 +1109,7 @@ 01100{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315340201,"flow_src_last_pkt_time":1120470315340201,"flow_dst_last_pkt_time":1120470315340201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470336558847,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470361584807,"flow_src_last_pkt_time":1120470361584807,"flow_dst_last_pkt_time":1120470361584807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.9.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01110{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470423654060,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470431656040,"flow_src_last_pkt_time":1120470431656040,"flow_dst_last_pkt_time":1120470431656040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470431656040,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2784,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_src_last_pkt_time":1120470431656040,"flow_dst_last_pkt_time":1120470431656040,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470431656040,"pkt":"ADBUADRWAODtAW69CABFAABEa08AAIARTAbAqAECwKgBAQrgADUAMIb5neUAAAABAAAAAAAAATEBMAEwJXMANwdpbi1hZGRyqqqqqqqqqqqqqg=="} 01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":408,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470431656040,"flow_src_last_pkt_time":1120470431656040,"flow_dst_last_pkt_time":1120470431656040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470431656040,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2784,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":14087,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -1154,7 +1155,7 @@ 01100{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402625817,"flow_src_last_pkt_time":1120470402625817,"flow_dst_last_pkt_time":1120470402625817,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470448149289,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470456151196,"flow_src_last_pkt_time":1120470456151196,"flow_dst_last_pkt_time":1120470456151196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470456151196,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_src_last_pkt_time":1120470456151196,"flow_dst_last_pkt_time":1120470456151196,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470456151196,"pkt":"ADBUADRWAODtAW69CABFAABEa1kAAIARS\/zAqAECwKgBAwriADUAMED14+cAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZKxyBGFycGEAAAwAAQ=="} -01319{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470456151196,"flow_src_last_pkt_time":1120470456151196,"flow_dst_last_pkt_time":1120470456151196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470456151196,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-ad?r.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470456151196,"flow_src_last_pkt_time":1120470456151196,"flow_dst_last_pkt_time":1120470456151196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470456151196,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-ad?r.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470456152669,"packet_id":420,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_usec":1120470456152669} 00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":420,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_usec":1120470456151196,"pkt":"AODtAW69ADBUADRWCABFAABbAABACEARtz7AqAEBwKgBAgA1CuIARyNx4+eAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470456286438,"flow_src_last_pkt_time":1120470456286438,"flow_dst_last_pkt_time":1120470456286438,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470456286438,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1164,12 +1165,12 @@ 01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470456513142,"flow_src_last_pkt_time":1120470456513142,"flow_dst_last_pkt_time":1120470456513142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470456513142,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.3.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470457512769,"flow_src_last_pkt_time":1120470457512769,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470457512769,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_src_last_pkt_time":1120470457512769,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470457512769,"pkt":"ADBUADRWAODtAW69CABFAABIa1wAAIARS\/XAqAECwKgBAQrjADUANPT5NOgBAAABAAAAAAAABFtzaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470457512769,"flow_src_last_pkt_time":1120470457512769,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470457512769,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470457512769,"flow_src_last_pkt_time":1120470457512769,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470457512769,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":2,"flow_src_last_pkt_time":1120470459516362,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470459516362,"pkt":"ADBUAjRWAODtAW69CABFAABIa10AAIARS\/TAqAECwKgBAQrjADUANPT5NOgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":3,"flow_src_last_pkt_time":1120470461518537,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470461518537,"pkt":"ADBUADRWAODtAW69CABFAABIa14AAFMRS\/PAqAECwKgBAQrjADUANPT5NOgBAAABAAAAAAAABF9zaXAEX3VkcAPDaXAJa3liZXJtaXR5AmRrAAAhAAE="} -01332{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470457512769,"flow_src_last_pkt_time":1120470461518537,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470461518537,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.?ip.kybermity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470457512769,"flow_src_last_pkt_time":1120470461518537,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470461518537,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.?ip.kybermity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":4,"flow_src_last_pkt_time":1120470465524315,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470465524315,"pkt":"ADBUADRWAODtAW69CABFAABIaV8AAIARS\/LAqAECwKgBAQrjADUANPT5NOgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01332{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470457512769,"flow_src_last_pkt_time":1120470465524315,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470465524315,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470457512769,"flow_src_last_pkt_time":1120470465524315,"flow_dst_last_pkt_time":1120470457512769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470465524315,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00998{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470272927556,"flow_src_last_pkt_time":1120470272927556,"flow_dst_last_pkt_time":1120470272927556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470465524315,"l3_proto":"ip4","src_ip":"94.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":4,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470272927556,"flow_src_last_pkt_time":1120470272927556,"flow_dst_last_pkt_time":1120470272927556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470465524315,"l3_proto":"ip4","src_ip":"94.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":4,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470270925077,"flow_src_last_pkt_time":1120470270925077,"flow_dst_last_pkt_time":1120470270925077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470465524315,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1205,7 +1206,7 @@ 01100{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470315340201,"flow_src_last_pkt_time":1120470315340201,"flow_dst_last_pkt_time":1120470315340201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470327552269,"flow_src_last_pkt_time":1120470336558847,"flow_dst_last_pkt_time":1120470327552269,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470361584807,"flow_src_last_pkt_time":1120470361584807,"flow_dst_last_pkt_time":1120470361584807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.9.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01110{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470431656040,"flow_src_last_pkt_time":1120470431656040,"flow_dst_last_pkt_time":1120470431656040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2784,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01100{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470431657512,"flow_src_last_pkt_time":1120470431657512,"flow_dst_last_pkt_time":1120470431657512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470482638914,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470490640835,"flow_src_last_pkt_time":1120470490640835,"flow_dst_last_pkt_time":1120470490640835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470490640835,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1251,13 +1252,13 @@ 00794{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470447197884,"flow_src_last_pkt_time":1120470447197884,"flow_dst_last_pkt_time":1120470447197884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470496048179,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":35721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470501450887,"flow_src_last_pkt_time":1120470501450887,"flow_dst_last_pkt_time":1120470501450887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470501450887,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.67.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_src_last_pkt_time":1120470501450887,"flow_dst_last_pkt_time":1120470501450887,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470501450887,"pkt":"ADBUADRWAODtAW69CABFAABIa3QAAIARS93AqAECwKhDAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaSVzAHliZXJjaaqqqqqqqqqqqqo="} -01286{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470501450887,"flow_src_last_pkt_time":1120470501450887,"flow_dst_last_pkt_time":1120470501450887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470501450887,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.67.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":31074,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01412{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470501450887,"flow_src_last_pkt_time":1120470501450887,"flow_dst_last_pkt_time":1120470501450887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470501450887,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.67.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":31074,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509447840,"flow_src_last_pkt_time":1120470509447840,"flow_dst_last_pkt_time":1120470509447840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470509447840,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_src_last_pkt_time":1120470509447840,"flow_dst_last_pkt_time":1120470509447840,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470509447840,"pkt":"ADBUADRWAODtAW69CABFAABEeHUAAIARS+DAqAECwKgBAQroADUAMOPqQOwAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} 01201{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509447840,"flow_src_last_pkt_time":1120470509447840,"flow_dst_last_pkt_time":1120470509447840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470509447840,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470509449334,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470509449334,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEB8KgBAgA1CugAR8ZmQOyAAABkAAEAAAAAATEBMAEwAzEyNwdpbi1hGmRyBGFycGEAAFcAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -01314{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470509449334,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-a?dr.arpa","dns": {"num_queries":100,"num_answers":1,"reply_code":0,"query_type":87,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01322{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470509449334,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-a?dr.arpa","dns": {"num_queries":100,"num_answers":1,"reply_code":0,"query_type":87,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00328{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470509599796,"packet_id":454,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":498,"global_ts_usec":1120470509599796} 01017{"packet_event_id":1,"packet_event_name":"packet","packet_id":454,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":532,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":532,"pkt_l4_len":0,"thread_ts_usec":1120470509450894,"pkt":"AODtAW69ADBUADRWCABFAEMGAABAADcRiifU8iEjwKgBAhPEE8QB8vKXU0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDc5IFJFR0lTVEVSDQpGcm9tOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz0zNzBkOGU1DQpUbzogPHNpcDozNTEwNDcyM2pzaXAuY3liZSljaXR5LmRrPjt0YWc9MDAtMDQwODMtMTcwMWI2ZGQtMDUxZjVkYzMxDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNo4uMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTUuNzA7cnBvcnQ9NTA2MDticmFuY2g9ejloRzRiS25wNTc3MjYxOTctNDg0MWM3Y2QxOTIuMTY4LjEuMvQKV1dXLUF1dGhlbnRpY2F0ZTogRGlnZXN0IHJlYWxtPSJzaXAuY3lzZXJjaXR5LmRrIixub25jZT0iMTcwMWI2Y2MxY2JjOTBkMzI4ZmUxZjFhMzFhMmM0ZSIsb3BhcXVlPSIxNzAxYTEzNTFmNzA3OTUiLHN0YWxlPWZhbHNlLGFsZ29yaXRobT1NRDUNCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="} 00759{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470187656855,"flow_src_last_pkt_time":1120470187656855,"flow_dst_last_pkt_time":1120470440137922,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":71,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":71,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":71,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1120470509450894,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"flow_datalink":1,"flow_max_packets":5} @@ -1277,7 +1278,7 @@ 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402627133,"flow_src_last_pkt_time":1120470402627133,"flow_dst_last_pkt_time":1120470402627133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470542975621,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470419648352,"flow_src_last_pkt_time":1120470419648352,"flow_dst_last_pkt_time":1120470419648352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470542975621,"l3_proto":"ip4","src_ip":"0.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470356585263,"flow_src_last_pkt_time":1120470365590672,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470542975621,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01110{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470542975621,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470542975621,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470394622318,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470542975621,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470494127462,"flow_src_last_pkt_time":1120470494127462,"flow_dst_last_pkt_time":1120470494127462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470542975621,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402624214,"flow_src_last_pkt_time":1120470402624214,"flow_dst_last_pkt_time":1120470402624214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470542975621,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1303,7 +1304,7 @@ 01068{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402627133,"flow_src_last_pkt_time":1120470402627133,"flow_dst_last_pkt_time":1120470402627133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402627133,"flow_src_last_pkt_time":1120470402627133,"flow_dst_last_pkt_time":1120470402627133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470356585263,"flow_src_last_pkt_time":1120470365590672,"flow_dst_last_pkt_time":1120470356585263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2774,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470373592474,"flow_src_last_pkt_time":1120470373592474,"flow_dst_last_pkt_time":1120470373593968,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2775,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470385615843,"flow_src_last_pkt_time":1120470394622318,"flow_dst_last_pkt_time":1120470385615843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402625817,"flow_src_last_pkt_time":1120470402625817,"flow_dst_last_pkt_time":1120470402625817,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470402624214,"flow_src_last_pkt_time":1120470402624214,"flow_dst_last_pkt_time":1120470402624214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1331,7 +1332,7 @@ 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470492042418,"flow_src_last_pkt_time":1120470492042418,"flow_dst_last_pkt_time":1120470492042418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509447840,"flow_src_last_pkt_time":1120470509447840,"flow_dst_last_pkt_time":1120470509447840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470444143597,"flow_src_last_pkt_time":1120470444143597,"flow_dst_last_pkt_time":1120470444143597,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"200.168.1.2","dst_ip":"192.168.1.1","src_port":2785,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01211{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01219{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00794{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470447197884,"flow_src_last_pkt_time":1120470447197884,"flow_dst_last_pkt_time":1120470447197884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":35721,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00763{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470114910372,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470114910372,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":383,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470590283652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"flow_datalink":1,"flow_max_packets":5} 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470636050780,"packet_id":461,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_usec":1120470636050780} @@ -1369,7 +1370,7 @@ 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470501450887,"flow_src_last_pkt_time":1120470501450887,"flow_dst_last_pkt_time":1120470501450887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470637551625,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.67.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470492042418,"flow_src_last_pkt_time":1120470492042418,"flow_dst_last_pkt_time":1120470492042418,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470637551625,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509447840,"flow_src_last_pkt_time":1120470509447840,"flow_dst_last_pkt_time":1120470509447840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470637551625,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01211{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470637551625,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01219{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470637551625,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00766{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120469635127552,"flow_src_last_pkt_time":1120470284937812,"flow_dst_last_pkt_time":1120469635127552,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470637551625,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":5} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808784,"flow_src_last_pkt_time":1120470657808784,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470657808784,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_packet_id":1,"flow_src_last_pkt_time":1120470657808784,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1120470657808784,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADKXL8AAIARWOvAqAEpwKgB\/wCKAIoAtl+xEQKRTcCoASkAigCgAAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAABgAAAAAAAAAAAOgDAAAAAAAAAAAGAMEAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTYAAAA"} @@ -1420,7 +1421,7 @@ 01106{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470588783128,"flow_src_last_pkt_time":1120470588783128,"flow_dst_last_pkt_time":1120470588783128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470685610738,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01114{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":24,"flow_first_seen":1120469572981006,"flow_src_last_pkt_time":1120470268128176,"flow_dst_last_pkt_time":1120470509450894,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":306,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":593,"flow_dst_max_l4_payload_len":1076,"flow_src_tot_l4_payload_len":4595,"flow_dst_tot_l4_payload_len":7399,"midstream":0,"thread_ts_usec":1120470685610738,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509447840,"flow_src_last_pkt_time":1120470509447840,"flow_dst_last_pkt_time":1120470509447840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470685610738,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01211{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470685610738,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01219{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470685610738,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470717078746,"flow_src_last_pkt_time":1120470717078746,"flow_dst_last_pkt_time":1120470717078746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470717078746,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00929{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_src_last_pkt_time":1120470717078746,"flow_dst_last_pkt_time":1120470717078746,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1120470717078746,"pkt":"ADBUADRWAODtAW69CABFAAFIa4cAAIARSsrAqAECwKgBAQBEAEMBNA+RAQEGAAZtDDgAAAAAwKgBAgAAAAAAAAAAAAAAAN\/g7QFuvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUAAAAAAAAAAAAAAAAAAAAAYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANABjglNjNQEDPQcBAODtAW69DAdkMDAyNDY1UQsAAABkMDAyNDY1LjwITVNGVCA1LjA3CgEPAwYsLi8fISv\/AAAA"} 01161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470717078746,"flow_src_last_pkt_time":1120470717078746,"flow_dst_last_pkt_time":1120470717078746,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470717078746,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"d002465","dhcp": {"fingerprint":"1,15,3,6,44,46,47,31,33,43","class_ident":"MSFT 5.0"}}} @@ -1429,7 +1430,7 @@ 00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_src_last_pkt_time":1120470721915224,"flow_dst_last_pkt_time":1120470721915224,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":1120470721915224,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADlXM4AAIARWMHAqAEpwKgB\/wCKAYoA0YerEQJM2MCoASkAigC7AAAghU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAABGAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XbkUAAQCA\/AoATEFCMTExAAAAAAAAAAAAAAUBAxAAAA8BVaoA"} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":24,"flow_first_seen":1120469572981006,"flow_src_last_pkt_time":1120470268128176,"flow_dst_last_pkt_time":1120470509450894,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":306,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":593,"flow_dst_max_l4_payload_len":1076,"flow_src_tot_l4_payload_len":4595,"flow_dst_tot_l4_payload_len":7399,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509447840,"flow_src_last_pkt_time":1120470509447840,"flow_dst_last_pkt_time":1120470509447840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2792,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01209{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01217{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470509449334,"flow_src_last_pkt_time":1120470509449334,"flow_dst_last_pkt_time":1120470509449334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00973{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470114910372,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470114910372,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":383,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00761{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470114910372,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470114910372,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":383,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":383,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"flow_datalink":1,"flow_max_packets":5} 00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470659308076,"flow_src_last_pkt_time":1120470659308076,"flow_dst_last_pkt_time":1120470659308076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470721915224,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -1443,16 +1444,16 @@ 01106{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470588783128,"flow_src_last_pkt_time":1120470588783128,"flow_dst_last_pkt_time":1120470588783128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470733830076,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.112","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470685610738,"flow_src_last_pkt_time":1120470685610738,"flow_dst_last_pkt_time":1120470685610738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470733830076,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470684859655,"flow_src_last_pkt_time":1120470684859655,"flow_dst_last_pkt_time":1120470684859655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470733830076,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00664{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":490,"packets-processed":409,"total-skipped-flows":0,"total-l4-payload-len":39786,"total-not-detected-flows":16,"total-guessed-flows":10,"total-detected-flows":134,"total-detection-updates":55,"total-updates":489,"current-active-flows":40,"total-active-flows":189,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1446,"global_ts_usec":1120470764674629} +00664{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":490,"packets-processed":409,"total-skipped-flows":0,"total-l4-payload-len":39786,"total-not-detected-flows":16,"total-guessed-flows":10,"total-detected-flows":135,"total-detection-updates":55,"total-updates":489,"current-active-flows":40,"total-active-flows":189,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1447,"global_ts_usec":1120470764674629} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470764674629,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470764674629,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":1120470764674629,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1120470764674629,"pkt":"ADBUADRWQODtAW69CABFAAA+a48AAIARS8zAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlLQhzaXBwc3RhcgNjb20AAAEAAQ=="} 01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470764674629,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470764674629,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"re-.sippstar.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1120470765675908,"pkt":"AEtUADRWAODtAW69CABFAAA+a5AAAIARS8vAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlZwhzaXC6c3RhcgNjb20AAAEAAQ=="} -01320{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470765675908,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"reg.sip?star.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01328{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470764674629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470765675908,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"reg.sip?star.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470767678785,"packet_id":492,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_usec":1120470767678785} 00407{"packet_event_id":1,"packet_event_name":"packet","packet_id":492,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_usec":1120470765675908,"pkt":"ADBUADRWAODtAW69CABFAAA+a5EABGQRS8rAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlZwhzaXBwc3RhcgNjb20AAAEAAQ=="} 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":3,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_usec":1120470768028248,"pkt":"AODtAW69ADBUADRWCABFAACbAABAAGcRtv7AqAEBwKgBAgA1CukAh65F6OyBgAABAAEAAgACA3JlZwhzaXBwc3RhcgNjb20AAAEAAcAMAAEAAQAAAlgABFJi0SfAEAACAAEAAAJYAA8CbnMGaHNwZWVkA25ldADAEAACAAEAAAJYAAYDbnMzwEHAPgABAAEAAAUPAAQ+XcA7wFkAAQABAAAFDwAE1d1SAg=="} -01219{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470768028248,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"reg.sippstar.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.98.209.39"}}} +01227{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470768028248,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"reg.sippstar.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.98.209.39"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470774132541,"flow_src_last_pkt_time":1120470774132541,"flow_dst_last_pkt_time":1120470774132541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470774132541,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_src_last_pkt_time":1120470774132541,"flow_dst_last_pkt_time":1120470774132541,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1120470774132541,"pkt":"ADBUADRWAODtAW69CABFAAA+a5IAAIARS8nAqAECwKhsAQrqADUAKnjTXO4BAAABAAAAAHEAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="} 01196{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470774132541,"flow_src_last_pkt_time":1120470774132541,"flow_dst_last_pkt_time":1120470774132541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470774132541,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -1486,11 +1487,11 @@ 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_src_last_pkt_time":1120470779487018,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470779487018,"pkt":"ADBUADRWAODtAW69CABFAABIa5kAAIARS7jAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AkFrAAAhAAE="} 01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470779487018,"flow_src_last_pkt_time":1120470779487018,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470779487018,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.ak","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":2,"flow_src_last_pkt_time":1120470780685398,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470780685398,"pkt":"ADBUADRWAODtAW69CABFAABIa5oAAIARS7fAqAECwKgBAQrsADUANNbHUxEBAAABrQAAAAAABDtzaXAEX3VkcANzaXAJqqqqqqqqqqqqqqqqqqqqqqo="} -01408{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470779487018,"flow_src_last_pkt_time":1120470780685398,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470780685398,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01416{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470779487018,"flow_src_last_pkt_time":1120470780685398,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470780685398,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470781608802,"flow_src_last_pkt_time":1120470781608802,"flow_dst_last_pkt_time":1120470781608802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470781608802,"l3_proto":"ip4","src_ip":"192.168.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1120470781608802,"flow_dst_last_pkt_time":1120470781608802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120470781608802,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa5wAAIARSrHAqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":3,"flow_src_last_pkt_time":1120470782692043,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470782692043,"pkt":"ADBUADRWAODtAW69CABFAABIa54AAIARS7PAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01435{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470779487018,"flow_src_last_pkt_time":1120470782692043,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470782692043,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01443{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470779487018,"flow_src_last_pkt_time":1120470782692043,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470782692043,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470784796360,"packet_id":511,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470784796360} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":511,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470782692043,"pkt":"ADBUADRWAODtAW69CABFAAB6a58AAIARS7LAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAAJF9zaXAEX3VkcANzaXAJeXliZXJjaXR5AmRrAAAhAAE="} 00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":57,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120470782359884,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2842,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470782692043,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -1501,9 +1502,9 @@ 01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470788806482,"flow_src_last_pkt_time":1120470788806482,"flow_dst_last_pkt_time":1120470788806482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470788806482,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796801135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470796801135,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796801135,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470796801135,"pkt":"ADBUADRWAODtAW69CABFAABEa6EAAIARS7TAqAECwKgBAQrtADUAMFm\/yxIAAAABAAAAQAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycFwAAAwAAQ=="} -01201{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796801135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470796801135,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arp_","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796801135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470796801135,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arp_","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470796802602,"pkt":"AODtAW69ADBUADRWCABFiQBbAABAAEARtz7AqAEBwKgBAgA1Cu0ARzw7yxKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -01087{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470796802602,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}} +01228{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470796802602,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}} 01150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1120470796804243,"flow_dst_last_pkt_time":1120469635127552,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":508,"pkt_l4_len":474,"thread_ts_usec":1120470796804243,"pkt":"ADBUADRWAODtAW69CABFAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470796941095,"flow_src_last_pkt_time":1120470796941095,"flow_dst_last_pkt_time":1120470796941095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":482,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":482,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":482,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470796941095,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01172{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_src_last_pkt_time":1120470796941095,"flow_dst_last_pkt_time":1120470796941095,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"thread_ts_usec":1120470796941095,"pkt":"AODtAW69ADBUADRWCABFAAH+AABAADcRii\/U8iEjwKgBAhPEE8QB6uoyU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiAyOTg1ODE0Ny00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMg0KQ1NlcTogMSBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MWI4OWJjZA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDcyLTE3MDFiOTQxLTc3OTk0NTg0Mw0iVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmPYPWM5aEc0YktucCVzADc0Njg2LTQ1NWRiYmQ5MTkyLjE2OC4xLjINCldXYy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9uY2U9IjE3MDFiOTMzM2U4NzEzMmUxZjc0N2M1MDcyNjNkOTMiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG09TUQ1DQpDb250ZW50LUxlbmd0aDogMA0KDQo="} @@ -1530,11 +1531,11 @@ 01435{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":2,"flow_src_last_pkt_time":1120470796941095,"flow_dst_last_pkt_time":1120470814189540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":721,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":721,"pkt_l4_len":687,"thread_ts_usec":1120470814189540,"pkt":"ADBUADRWAODtAW69CABFAALDa6kAAIARFMHAqAEC1PIhIxPEE8QCr1LWUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMjcxMTExNzUtNDMzMGM5ZDYxOTIuMTY4LjEuMjtycG9ydA0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MTlkYjMxNg0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz6GCkNhbGwtSUQ6IHI5ODU4MTQ3LTQ2NWIwNzUyQDI5ODU4MDUxLTQ2NWIwN2IyDQpDb250YWN0OiBwZWwgPHNpcDozNTEwXzcyM0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9N2QzNjU1OGYzRzM2NzA1MT47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDIgUkVHSVNURVINCkNvbnRlbnQtTGVuZ3RoOiAwDQpBdXRob3JpemF0aW9uOiBEaWdlc3QgdXNlcm5hbWU9InZvaTE4MDYyIixyZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsdXJpPSJzaXA6MTkyLjE2OC4xLjIiLG5vbmNlPSIxNzAxYjkzMzNlODcxMzJlN2Y3NDdjNTA3MjYzZDkzIixvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsbmM9IhIwMDAwMDAxIixyZXNwb25zZT0iMGRmOTZlYjUyOGJiNjMwYTE2ZmQwMjUyNjE4Y2YzY2IiDQpNYXgtRm9yd2FyZHM6IDcwDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQoNCg=="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814334275,"flow_src_last_pkt_time":1120470814334275,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470814334275,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_src_last_pkt_time":1120470814334275,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470814334275,"pkt":"ADBUADRWAODtAW69CABFAABIa6oAAIARS6fAqAECwKgBAQrwADUANDG\/+BUBAAABAAAAAAAABF9zxXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814334275,"flow_src_last_pkt_time":1120470814334275,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470814334275,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_s?p._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814334275,"flow_src_last_pkt_time":1120470814334275,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470814334275,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_s?p._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00931{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":3,"flow_src_last_pkt_time":1120470814336427,"flow_dst_last_pkt_time":1120470814189540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_usec":1120470814336427,"pkt":"AODtAW69ADBUAFpWCABFAAFKAABAADcRiuPU8iEjwKgBAhPEE8QBNvufU0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiAyOTg1ODE0Ny00NjViMDc1MkAyOTg1YjA1MS00NjViMDdiMg0KQ1NlcTogMiBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWdLMTlkYjMxNg0KVG86IDxzaXA6MzUxMDQ3MjNAc2lyLmN5YmVyY2l0eWtkaz4NClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7cmVjZWl2ZWQ9ODAuMjMwLm4xOS43MDtycG9ydD01MDYwO2JyYW5jaD16OWhHNGJLbnAyNzExMTE3NS00MzMwYzlkNjE5Mi4xNjguMS4yDQpDb250ZW50LUxlbmd0aDogMA0KDQo="} 01155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":4,"flow_src_last_pkt_time":1120470814349707,"flow_dst_last_pkt_time":1120470814189540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":511,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":511,"pkt_l4_len":477,"thread_ts_usec":1120470814349707,"pkt":"AODtAW69ADBUADRWCABFAAHxAABAADcRijzU8iEjwKgBAhPEE8QB3VzrU0lQLzIuMCAyMDAgT0sNCkNhbGwtSUQ6IEg5ODU4MTQ3LTQ2NWIwNzcyQDI5ODU4MDUxLTQ2NWIwN2IyDQpDb250YWN0OiBwZWw8c2lwOjM1MTA0NzIzQDE5Mi4xNjguMS4yOjUwNjA7bGluZT03ZDM2NTU4ZjMxMzY3MDUxPjtxPTAuNTAwO2V4cGlyZXM9MTIwMA0KQ1NlcTogMiAvRUdJU6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":2,"flow_src_last_pkt_time":1120470815395587,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470815395587,"pkt":"ADBUADRWAODtAW69CABFAABIa6sAAIARS6bAqAECwKgBAQrwADUASDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01331{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":528,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470814334275,"flow_src_last_pkt_time":1120470815395587,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470815395587,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":528,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470814334275,"flow_src_last_pkt_time":1120470815395587,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470815395587,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":3,"flow_src_last_pkt_time":1120470817390327,"flow_dst_last_pkt_time":1120470814334275,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470817390327,"pkt":"ADBUADRWAODtAW69CABFAABIa6wAAIARS6XAqAECwKgBAQrwADUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470819393226,"flow_src_last_pkt_time":1120470819393226,"flow_dst_last_pkt_time":1120470819393226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_src_last_pkt_time":1120470819393226,"flow_dst_last_pkt_time":1120470819393226,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":17,"thread_ts_usec":1120470819393226,"pkt":"ADBUADRWAODtAW69CABFAAAlcwAAAIARS6TAqAECwKgBAQrwABUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3libXJjaXR5AmRrAAAhAAE="} @@ -1549,13 +1550,13 @@ 00983{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1120470658556995,"flow_src_last_pkt_time":1120470672075726,"flow_dst_last_pkt_time":1120470658556995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808784,"flow_src_last_pkt_time":1120470666317940,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} 00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470721915224,"flow_src_last_pkt_time":1120470721915224,"flow_dst_last_pkt_time":1120470721915224,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01120{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00792{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470774132541,"flow_src_last_pkt_time":1120470774132541,"flow_dst_last_pkt_time":1120470774132541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470819393226,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831400867,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470831400867,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":1,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831400867,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470831400867,"pkt":"ADBUADRWAODtAW69CABFAABEa7IAAIARS6PAqAECwKgBAQrxADUAMKq2ehcAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAQAwAAQ=="} 01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831400867,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470831400867,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_packet_id":2,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470831402371,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvEAR40yeheAAAABAAEAAAAAATEBMCVzADEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -01303{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470831402371,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470831402371,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470831403943,"flow_src_last_pkt_time":1120470831403943,"flow_dst_last_pkt_time":1120470831403943,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":474,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":474,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470831403943,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","l4_proto":0,"flow_datalink":1,"flow_max_packets":5} 01151{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_src_last_pkt_time":1120470831403943,"flow_dst_last_pkt_time":1120470831403943,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":508,"pkt_l4_len":474,"thread_ts_usec":1120470831403943,"pkt":"ADBUADRWAODtAW69CABFAAHua7MAJXMAFYzAqAEC1PIhIxPEE8QB2oO4UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMjY5MzY5tDUtNDc5ZTgzZjExOTIuMTY4LjEuMjtycG9ydA0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MTliMDYxNA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz4NCkNhbGwtSUQ6IDI5ODU4MTQ3LTQ2NWIwNzUyQDI5ODU4MDUxLTQ2NWIwN2IyDQpDb250YWN0OiBwZWwgPHNpcDozNTEwNDcyM0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9N2QzNjU1OGYzMTM2NzA1MT47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDMgUkVHSVNURVINCkNvbnRlbnQtTGVuZ3RoOiAwDQpNYXgtRm9yd2FyZHM6IDcwDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb2wgMi4wLjUxLjE2DQoNCg=="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470831516024,"flow_src_last_pkt_time":1120470831516024,"flow_dst_last_pkt_time":1120470831516024,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470831516024,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1589,16 +1590,16 @@ 00307{"error_event_id":2,"error_event_name":"Unknown L3 protocol","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470848686860,"packet_id":551,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1120470848686860} 00818{"packet_event_id":1,"packet_event_name":"packet","packet_id":551,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":382,"pkt_l4_len":0,"thread_ts_usec":1120470848682926,"pkt":"ADBUADRWAODtAW69CAA\/AAFwa7wAAIARFgHAeQEC1PIhIxPEE8QBXMMEQUNLIHNpcDowMDk3MjM5Mjg3MDQ0QHNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KRnJvbTogImFyaWsiIDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTE3NWExZGQNbENhbGwtSUQ6IDI0NDg3MzkxLTQ0OWJmMmEwQDE5Mi4xNjguMS4yDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yOjUwNjA7YnJhbmNoPXo5aEc0YktucDI0NDY2NDAyLTQ1ZGM2MWQ1MTkyLjE2OC4xLjI7cnBvcnQNClRvOiA8c2lwOjAwOTcyMzkyODcwNDRAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTBMLTA0JXMALTE3MDFiOWEwLTEzYzkyYTY3Mg0KQ1NlcTogMSBBQ0sNCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":2,"flow_src_last_pkt_time":1120470849636660,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470849636660,"pkt":"ADBUADRWAODtAW69CABFAABIa70AAIARS5TAqAECwKgBAQr0ADUANOq3JXMAAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJj6XR5AmRrAAAhAAE="} -01331{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470849636660,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyberc?ty.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470849636660,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyberc?ty.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470659308076,"flow_src_last_pkt_time":1120470659308076,"flow_dst_last_pkt_time":1120470659308076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"107.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470662062211,"flow_src_last_pkt_time":1120470662062211,"flow_dst_last_pkt_time":1120470662062211,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"115.0.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808829,"flow_src_last_pkt_time":1120470657808829,"flow_dst_last_pkt_time":1120470657808829,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.184.189.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470657808784,"flow_src_last_pkt_time":1120470666317940,"flow_dst_last_pkt_time":1120470657808784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":522,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1120470796941095,"flow_src_last_pkt_time":1120470848682926,"flow_dst_last_pkt_time":1120470848528833,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":302,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":593,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":2328,"flow_dst_tot_l4_payload_len":1504,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470798172728,"flow_src_last_pkt_time":1120470806184239,"flow_dst_last_pkt_time":1120470798172728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470849636660,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":3,"flow_src_last_pkt_time":1120470851639615,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470851639615,"pkt":"ADBUADRWAODtAW69CABFAABIa74AAIARS5PAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01332{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470851639615,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470851639615,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470851639615,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470851639615,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470853642421,"packet_id":554,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2136,"global_ts_usec":1120470853642421} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":554,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2136,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470851639615,"pkt":"ADBUADRWAODtAW69CFhFAABIa78AAIARS5LAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAET3VkcANzaXAJY3liZXJjaXR5AuRrAFchAAE="} 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470857648279,"packet_id":555,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470857648279} @@ -1611,15 +1612,15 @@ 01201{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470865651601,"flow_src_last_pkt_time":1120470865651601,"flow_dst_last_pkt_time":1120470865651601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470865651601,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470865712571,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470865712571,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_src_last_pkt_time":1120470865712571,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470865712571,"pkt":"ADBUADRWAODtAW69CABFAABIa8cAAIARS4rAqAECwKgBAQr2ADUANKezghsBAAABAAAAAAAABF9zaU0EX3VkcANzaXAJY3tiZXJbaXRNAmRrAAAhAAE="} -01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470865712571,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470865712571,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sim._udp.sip.c_ber_itm.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470865712571,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470865712571,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sim._udp.sip.c_ber_itm.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":2,"flow_src_last_pkt_time":1120470866711535,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470866711535,"pkt":"ADBUADRWAODtAW69CABFAABIa8gAAIARS4jAqAECwKgBAQr2ADUANKezghsBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJYzRiZXJjaXR5AmRrAAAhAAE="} -01213{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470866711535,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470866711535,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.c4bercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470866711535,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470866711535,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.c4bercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":3,"flow_src_last_pkt_time":1120470868714284,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470868714284,"pkt":"ADB0ADRWAODtAW69CABFAABIa8kAAIARS4jAqAECwKgBAQr2ADUANKezghsBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470868714284,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470868714284,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470868714284,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470868714284,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":4,"flow_src_last_pkt_time":1120470870717164,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470870717164,"pkt":"ADBrADRWAODtAW69CABFAABIa8oAAIARW4fAqAECwKgBAQr2ADUANKezghsBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3hiZXJjaXR5AmRrAAAhAAE="} -01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470870717164,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470870717164,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cxbercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470870717164,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470870717164,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cxbercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":5,"flow_src_last_pkt_time":1120470874723383,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470874723383,"pkt":"ADBUADRWAODtAW69CABFAABIa8sAAIARS4bAqAECwKgBAQr2ADUANKezghsBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AlFrAAAhAAE="} -01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470874723383,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.qk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470874723383,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.qk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1120470658556995,"flow_src_last_pkt_time":1120470672075726,"flow_dst_last_pkt_time":1120470658556995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470685610738,"flow_src_last_pkt_time":1120470685610738,"flow_dst_last_pkt_time":1120470685610738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01008{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470684859655,"flow_src_last_pkt_time":1120470684859655,"flow_dst_last_pkt_time":1120470684859655,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -1627,7 +1628,7 @@ 01107{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470717078746,"flow_src_last_pkt_time":1120470717078746,"flow_dst_last_pkt_time":1120470717080389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":548,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":548,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470721915224,"flow_src_last_pkt_time":1120470721915224,"flow_dst_last_pkt_time":1120470721915224,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470819393226,"flow_src_last_pkt_time":1120470819393226,"flow_dst_last_pkt_time":1120470819393226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01120{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00792{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470774132541,"flow_src_last_pkt_time":1120470774132541,"flow_dst_last_pkt_time":1120470774132541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814186350,"flow_src_last_pkt_time":1120470814186350,"flow_dst_last_pkt_time":1120470814186350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01102{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814187906,"flow_src_last_pkt_time":1120470814187906,"flow_dst_last_pkt_time":1120470814187906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470874723383,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1636,7 +1637,7 @@ 00415{"packet_event_id":1,"packet_event_name":"packet","packet_id":568,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":82,"pkt_type":2056,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":82,"pkt_l4_len":0,"thread_ts_usec":1120470877496686,"pkt":"ADBUADRWAODtAW69CAhFAABEa88AAIARS4bCqAECwKgBAQr3ADUAMHGrsxwAAAABAAAAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470882726443,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120470882726443,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvcAR1QnsxyAAAABAAEAAAAAASVzAAEwAzEyNwdpbi1hZGRyBGF2cGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} -01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470882726443,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":304,"rsp_type":12,"rsp_addr":"0.0.0.0"}}} +01410{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470882726443,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":304,"rsp_type":12,"rsp_addr":"0.0.0.0"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882846553,"flow_src_last_pkt_time":1120470882846553,"flow_dst_last_pkt_time":1120470882846553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470882846553,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":38709,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_src_last_pkt_time":1120470882846553,"flow_dst_last_pkt_time":1120470882846553,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470882846553,"pkt":"ADBUADRWAODtAW69CABFAABIa9EAAIARS4DAqAECwKgBAQr4lzUAND6uRB4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470883845876,"flow_src_last_pkt_time":1120470883845876,"flow_dst_last_pkt_time":1120470883845876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470883845876,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1652,7 +1653,7 @@ 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1120470775049884,"flow_src_last_pkt_time":1120470778053706,"flow_dst_last_pkt_time":1120470779408031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1120470885848866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470779487018,"flow_src_last_pkt_time":1120470782692043,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470885848866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00792{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470788806482,"flow_src_last_pkt_time":1120470788806482,"flow_dst_last_pkt_time":1120470788806482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470885848866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01213{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470885848866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01221{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470885848866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470832512194,"flow_src_last_pkt_time":1120470840523569,"flow_dst_last_pkt_time":1120470832512194,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470885848866,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470887851669,"packet_id":574,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43392,"global_ts_usec":1120470887851669} 00421{"packet_event_id":1,"packet_event_name":"packet","packet_id":574,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":43392,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470885848866,"pkt":"ADBUADRWAODtAW69qYBFAABI\/dQAAIARS33AqAECwKgBAXP4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaWJ5AmRrAAAhAAE="} @@ -1684,7 +1685,7 @@ 00967{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470721915224,"flow_src_last_pkt_time":1120470721915224,"flow_dst_last_pkt_time":1120470721915224,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470908872202,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":394,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}} 00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470721915224,"flow_src_last_pkt_time":1120470721915224,"flow_dst_last_pkt_time":1120470721915224,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470908872202,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":138,"dst_port":394,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1120470796941095,"flow_src_last_pkt_time":1120470900056743,"flow_dst_last_pkt_time":1120470900060556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":302,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":593,"flow_dst_max_l4_payload_len":825,"flow_src_tot_l4_payload_len":3655,"flow_dst_tot_l4_payload_len":2523,"midstream":0,"thread_ts_usec":1120470908872202,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470908872202,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470908872202,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470798172728,"flow_src_last_pkt_time":1120470806184239,"flow_dst_last_pkt_time":1120470798172728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470908872202,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470848525656,"flow_src_last_pkt_time":1120470848525656,"flow_dst_last_pkt_time":1120470848527232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470908872202,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470851639615,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470908872202,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1702,7 +1703,7 @@ 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_src_last_pkt_time":1120470924263958,"flow_dst_last_pkt_time":1120470924263958,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1120470924263958,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa+EAAIARSmzAqAECwKgB\/wCJA4kAOltBhVoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVIQ0FDQUNBQ0FDQUJNAAAgAAE="} 00758{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470399719608,"flow_src_last_pkt_time":1120470399719608,"flow_dst_last_pkt_time":1120470399719608,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470925015014,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","l4_proto":0,"flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470819393226,"flow_src_last_pkt_time":1120470819393226,"flow_dst_last_pkt_time":1120470819393226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470925015014,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470925015014,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01120{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470925015014,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00792{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470774132541,"flow_src_last_pkt_time":1120470774132541,"flow_dst_last_pkt_time":1120470774132541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470925015014,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814186350,"flow_src_last_pkt_time":1120470814186350,"flow_dst_last_pkt_time":1120470814186350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470925015014,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01102{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470814187906,"flow_src_last_pkt_time":1120470814187906,"flow_dst_last_pkt_time":1120470814187906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470925015014,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.119.2","src_port":53,"dst_port":2799,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1719,7 +1720,7 @@ 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470954427379,"packet_id":598,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470954427379} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":598,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470952424495,"pkt":"ADBUADRWAODtAW69CABFAABIa+YAEIARS6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":4,"flow_src_last_pkt_time":1120470958433169,"flow_dst_last_pkt_time":1120470949427890,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470958433169,"pkt":"ADBUADRWAODtAW69CABFAABIa+cAAIARS2rAqAECwKgBAQr8ADUANNjGUQIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1120470764674629,"flow_src_last_pkt_time":1120470765675908,"flow_dst_last_pkt_time":1120470768028248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":127,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470774132541,"flow_src_last_pkt_time":1120470774132541,"flow_dst_last_pkt_time":1120470774132541,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470834515187,"flow_src_last_pkt_time":1120470834515187,"flow_dst_last_pkt_time":1120470834515187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":18162,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470781608802,"flow_src_last_pkt_time":1120470781608802,"flow_dst_last_pkt_time":1120470781608802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1734,13 +1735,13 @@ 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1120470775049884,"flow_src_last_pkt_time":1120470778053706,"flow_dst_last_pkt_time":1120470779408031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470779487018,"flow_src_last_pkt_time":1120470782692043,"flow_dst_last_pkt_time":1120470779487018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00792{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470788806482,"flow_src_last_pkt_time":1120470788806482,"flow_dst_last_pkt_time":1120470788806482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470798172728,"flow_src_last_pkt_time":1120470806184239,"flow_dst_last_pkt_time":1120470798172728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01213{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01221{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470832512194,"flow_src_last_pkt_time":1120470840523569,"flow_dst_last_pkt_time":1120470832512194,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470848525656,"flow_src_last_pkt_time":1120470848525656,"flow_dst_last_pkt_time":1120470848527232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470851639615,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01329{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470883845876,"flow_src_last_pkt_time":1120470885848866,"flow_dst_last_pkt_time":1120470883845876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470891857378,"flow_src_last_pkt_time":1120470891857378,"flow_dst_last_pkt_time":1120470891857378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470899859727,"flow_src_last_pkt_time":1120470899859727,"flow_dst_last_pkt_time":1120470899861231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1750,7 +1751,7 @@ 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470899865018,"flow_src_last_pkt_time":1120470899865018,"flow_dst_last_pkt_time":1120470899865018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470958433169,"l3_proto":"ip4","src_ip":"192.170.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470966440815,"flow_src_last_pkt_time":1120470966440815,"flow_dst_last_pkt_time":1120470966440815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470966440815,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_packet_id":1,"flow_src_last_pkt_time":1120470966440815,"flow_dst_last_pkt_time":1120470966440815,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120470966440815,"pkt":"ADBUADRWAODtAW69CABFAABEa+gAAIARS23AqAECwKgBAQr9ADUAMIS+oAMAAAABAAAAAAAAATEBMAEwEzEyNwdpbi1hZGByBGFycGEAAAwAAQ=="} -01425{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470966440815,"flow_src_last_pkt_time":1120470966440815,"flow_dst_last_pkt_time":1120470966440815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470966440815,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127?in-ad_r?arpa???","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":227,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470966440815,"flow_src_last_pkt_time":1120470966440815,"flow_dst_last_pkt_time":1120470966440815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470966440815,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127?in-ad_r?arpa???","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470966442326,"packet_id":601,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_usec":1120470966442326} 00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":601,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_usec":1120470966440815,"pkt":"AJrtBW69ADBUADRWCABFAJFbeQBAAEARtz7AqAEBwKgBAgA1Cv0AR2c6oAOAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGTyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00328{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470966443914,"packet_id":602,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":822,"global_ts_usec":1120470966443914} @@ -1796,12 +1797,12 @@ 00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":616,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_usec":1120470983860327,"pkt":"AODtam69ADBUADRWCABFAABLAABcAEARtz7AqAEBhagBAgA1Cv8AR342iQWAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470983999111,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470983999111,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_src_last_pkt_time":1120470983999111,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470983999111,"pkt":"ADBUADRWAODtAW69CABFAABIa\/kAAIARS1jAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABOxzaXAEX3VkcANzaHAJY3liZXJjaXR5AmRrAAAhAAE="} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470983999111,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470983999111,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"?sip._udp.shp.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470983999111,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470983999111,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"?sip._udp.shp.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470984353086,"flow_src_last_pkt_time":1120470984353086,"flow_dst_last_pkt_time":1120470984353086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470984353086,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00960{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_src_last_pkt_time":1120470984353086,"flow_dst_last_pkt_time":1120470984353086,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":366,"pkt_l4_len":332,"thread_ts_usec":1120470984353086,"pkt":"ADBUADRWAODt4G69CABFAAFga\/oAAIARFdPAqAEC1PIhyRPEE8QBRC7GQUNLIHNpcDozNTEwNDcwNEBzaXAuY3liZXJjaXR5LmRrIFNJUC8yLjANCkZyb206ICJhcmlrIiA8c2lwOjM1MTA0qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470984353086,"flow_src_last_pkt_time":1120470984353086,"flow_dst_last_pkt_time":1120470984353086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470984353086,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":2,"flow_src_last_pkt_time":1120470985234614,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470985234614,"pkt":"ADBUADTZAODtAW69CABFAABIa\/sAAIARS1bAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkUQNzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01331{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470985234614,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985234614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udq.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470985234614,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985234614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udq.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985348411,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_src_last_pkt_time":1120470985348411,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1120470985348411,"pkt":"ADBUADRWAODtAW69CABFAADIa\/wAAIARFmjAqAED1PIhJHUwncgAHRjegAhvrgAABNg3lstx1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1U\/V1dXV1REEHBgYEhIeEBQXahMcGAQEBQYBAQAHBQUZEwUbGRATGQUEBAcDAgMDAAACDQ0NAAEDDQwNAAABAgMBBgYBDw4eDAMABwYAAwMGBwEEBgYbHxwRaWBiFBEQFGoTFWBpYX10UltZ10dcVlJVREtCdatzeFp8bmgUag=="} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985418358,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985418358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470985418358,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -1820,16 +1821,16 @@ 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470986363611,"packet_id":633,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":20992,"global_ts_usec":1120470986363611} 00502{"packet_event_id":1,"packet_event_name":"packet","packet_id":633,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":146,"pkt_type":20992,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":146,"pkt_l4_len":0,"thread_ts_usec":1120470985511036,"pkt":"ADBUADRWAODtAW69UgBFAACEbAVoAIARFqPAqAEC9PIhJHUxnckAcCyBgMgABjeWy3FCyQfKXvrGAwAAJMMAAAAJAAAGDIHKAAs3lstxAR0xMTg5NDI5Ny00NDMyYTlmOEAxOTIuMTY4LjEuMgYFU0lQUFMAAIHLAAY3lstxEHNlc3Npb24gc2h1dGRvd24AAAE="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":3,"flow_src_last_pkt_time":1120470987237142,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470987237142,"pkt":"ADBUADRWAODtAW69CABFAABIbAYAAIARS0vAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVR5AmRrAAAhAAE="} -01332{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470987237142,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470987237142,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470987237142,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470987237142,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120470989238019,"packet_id":635,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120470989238019} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":635,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120470987237142,"pkt":"ADBUADRWAODtAW69CABFAABIbAdtAIARS07AqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVN5AmRrAAAhAAE="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":4,"flow_src_last_pkt_time":1120470993243427,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120470993243427,"pkt":"ADBUADRWAODtAW69CABFAABIbAgAAIARS0nAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470993243427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470796801135,"flow_src_last_pkt_time":1120470796801135,"flow_dst_last_pkt_time":1120470796802602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120470993243427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470798172728,"flow_src_last_pkt_time":1120470806184239,"flow_dst_last_pkt_time":1120470798172728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470993243427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00761{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470831403943,"flow_src_last_pkt_time":1120470831403943,"flow_dst_last_pkt_time":1120470831403943,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":474,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":474,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120470993243427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","l4_proto":0,"flow_datalink":1,"flow_max_packets":5} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471001245112,"flow_src_last_pkt_time":1120471001245112,"flow_dst_last_pkt_time":1120471001245112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471001245112,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_src_last_pkt_time":1120471001245112,"flow_dst_last_pkt_time":1120471001245112,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120471001245112,"pkt":"ADBUADRWAODtAW69CABFAABEbDoAAIARSxvAqAECwKgBAQsGADUAMBixDAgAAAABEAAAAAAAATEBMAEwAzHvNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -01319{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471001245112,"flow_src_last_pkt_time":1120471001245112,"flow_dst_last_pkt_time":1120471001245112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471001245112,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.1?7.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471001245112,"flow_src_last_pkt_time":1120471001245112,"flow_dst_last_pkt_time":1120471001245112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471001245112,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.1?7.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471001263229,"flow_src_last_pkt_time":1120471001263229,"flow_dst_last_pkt_time":1120471001263229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":464,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471001263229,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_src_last_pkt_time":1120471001263229,"flow_dst_last_pkt_time":1120471001263229,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_usec":1120471001263229,"pkt":"ADBUADRWAODtAW69CABFAAHsbDsAAIARFQbAqAEC1OohIxPEE8QB2K3LUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wODg4NjAxNi00NGIxNGZlMzE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04Nzk3MWENClRvOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiAyOTg1ODFHNy00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMnMKQ29udGFjdDogcGVsIDxzaXA6MzUxMDQ3MjNAMTkyLjE2OC4xLjI6NTA2MDtsaW5lPTdkMzY1NThmMzEzNjcwNTE+O2V4cGlyZXM9MTIwMDtxBDAuNTAwDQpFeHBpcmVzOiAxMjAwDQpDU2VxOiA1IFJFR0lTVEVSDQpD\/G50ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhYmRzOiA3MA0KVXNlci1BZ2VudDoiTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuOC41MS4xNg0KDQo="} 01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471001263229,"flow_src_last_pkt_time":1120471001263229,"flow_dst_last_pkt_time":1120471001263229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":464,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471001263229,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -1842,9 +1843,9 @@ 00327{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120471004709848,"packet_id":643,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_usec":1120471004709848} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":643,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120471002706801,"pkt":"ALlUADRWAODtAW69CABFAABIbD4Au4ARSxNYqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":3,"flow_src_last_pkt_time":1120471006712546,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471006712546,"pkt":"ADBUADRWAODtAW69CABFAABIbEcAAIARSwrAqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAApAAE="} -01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120471001714162,"flow_src_last_pkt_time":1120471006712546,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471006712546,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":41,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120471001714162,"flow_src_last_pkt_time":1120471006712546,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471006712546,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":41,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":4,"flow_src_last_pkt_time":1120471010718658,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471010718658,"pkt":"ADBUADRWAODtAW6kCABFAABIbEgAAIARSwnAqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120471001714162,"flow_src_last_pkt_time":1120471010718658,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01340{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120471001714162,"flow_src_last_pkt_time":1120471010718658,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00843{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470399719608,"flow_src_last_pkt_time":1120470399719608,"flow_dst_last_pkt_time":1120470399719608,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","l4_proto":0,"ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00756{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470399719608,"flow_src_last_pkt_time":1120470399719608,"flow_dst_last_pkt_time":1120470399719608,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","l4_proto":0,"flow_datalink":1,"flow_max_packets":5} 00997{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470819393226,"flow_src_last_pkt_time":1120470819393226,"flow_dst_last_pkt_time":1120470819393226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -1858,11 +1859,11 @@ 00793{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882846553,"flow_src_last_pkt_time":1120470882846553,"flow_dst_last_pkt_time":1120470882846553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":38709,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470831516024,"flow_src_last_pkt_time":1120470831516024,"flow_dst_last_pkt_time":1120470831516024,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470908872202,"flow_src_last_pkt_time":1120470908872202,"flow_dst_last_pkt_time":1120470908872202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"128.168.1.2","dst_ip":"192.168.1.1","src_port":2810,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01213{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01221{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470832512194,"flow_src_last_pkt_time":1120470840523569,"flow_dst_last_pkt_time":1120470832512194,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470848525656,"flow_src_last_pkt_time":1120470848525656,"flow_dst_last_pkt_time":1120470848527232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470851639615,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01329{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470883845876,"flow_src_last_pkt_time":1120470885848866,"flow_dst_last_pkt_time":1120470883845876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470891857378,"flow_src_last_pkt_time":1120470891857378,"flow_dst_last_pkt_time":1120470891857378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":646,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470899859727,"flow_src_last_pkt_time":1120470899859727,"flow_dst_last_pkt_time":1120470899861231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471010718658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2809,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1884,11 +1885,11 @@ 01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":654,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120471019307986,"flow_src_last_pkt_time":1120471020302115,"flow_dst_last_pkt_time":1120471019307986,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471020302115,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":3,"flow_src_last_pkt_time":1120471022305496,"flow_dst_last_pkt_time":1120471019307986,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471022305496,"pkt":"ADBUADRWAODtAW69CABFAABIbFAAAIARSwHAqAECwKgBAQsJADUANMyuXQ0BAAABAAAAAAAABF+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":4,"flow_src_last_pkt_time":1120471024307917,"flow_dst_last_pkt_time":1120471019307986,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471024307917,"pkt":"ADBUADRWAODtAW69CABFAABIbFEAAIARSwDAqAECwKgBAQsJADUANMyuXQ0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} -01435{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120471019307986,"flow_src_last_pkt_time":1120471024307917,"flow_dst_last_pkt_time":1120471019307986,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471024307917,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01443{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120471019307986,"flow_src_last_pkt_time":1120471024307917,"flow_dst_last_pkt_time":1120471019307986,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471024307917,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":5,"flow_src_last_pkt_time":1120471028313614,"flow_dst_last_pkt_time":1120471019307986,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471028313614,"pkt":"ADBUADRWAODtARe9CABFAABIbFIAAIARSv\/AqAECwKgBAQsJADUANMyuXQ0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470834515187,"flow_src_last_pkt_time":1120470834515187,"flow_dst_last_pkt_time":1120470834515187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471028313614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":18162,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470831516024,"flow_src_last_pkt_time":1120470831516024,"flow_dst_last_pkt_time":1120470831516024,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471028313614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01211{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471028313614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01219{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470831400867,"flow_src_last_pkt_time":1120470831400867,"flow_dst_last_pkt_time":1120470831402371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471028313614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470832512194,"flow_src_last_pkt_time":1120470840523569,"flow_dst_last_pkt_time":1120470832512194,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471028313614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2802,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470865650089,"flow_src_last_pkt_time":1120470865650089,"flow_dst_last_pkt_time":1120470865650089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471028313614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2805,"dst_port":51,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01100{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470865651601,"flow_src_last_pkt_time":1120470865651601,"flow_dst_last_pkt_time":1120470865651601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471028313614,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2805,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1904,9 +1905,9 @@ 01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471033895104,"flow_src_last_pkt_time":1120471033895104,"flow_dst_last_pkt_time":1120471033895104,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":201,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":201,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471033895104,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":"d00"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036315554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036315554,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036315554,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1120471036315554,"pkt":"ADBUADRWAODtAW69CABFAABEbFQAAIARSwHAqAECwKgBAQsKADUAMJWmjw4AAAABAAAAAAAAATEBEgEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} -01319{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036315554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036315554,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.?.0.127.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036315554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036315554,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.?.0.127.in-addr.arpa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036317049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_usec":1120471036317049,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CwoAR3gijw6AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAgAwAAcAMAAwAAQAAJRAACwlsb2NhbGhvc3QA"} -01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":663,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036317049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471036317049,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}} +01228{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":663,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036317049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471036317049,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"1.0.0.127.in-addr.arpa","dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120470848525656,"flow_src_last_pkt_time":1120470848525656,"flow_dst_last_pkt_time":1120470848527232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2803,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1120470848643645,"flow_src_last_pkt_time":1120470851639615,"flow_dst_last_pkt_time":1120470848643645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01107{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470984353086,"flow_src_last_pkt_time":1120470984353086,"flow_dst_last_pkt_time":1120470984353086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":324,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471036318296,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.201","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -1922,12 +1923,12 @@ 01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471048339111,"flow_src_last_pkt_time":1120471048339111,"flow_dst_last_pkt_time":1120471048339111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471048339111,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.114","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercity.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471049334155,"flow_src_last_pkt_time":1120471049334155,"flow_dst_last_pkt_time":1120471049334155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471049334155,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_src_last_pkt_time":1120471049334155,"flow_dst_last_pkt_time":1120471049334155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471049334155,"pkt":"ADBUADRWAODtAW69CABFAABIbFcAAIARSvrAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaU15Alb4AAAhAAE="} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471049334155,"flow_src_last_pkt_time":1120471049334155,"flow_dst_last_pkt_time":1120471049334155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471049334155,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercimy.v?","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471049334155,"flow_src_last_pkt_time":1120471049334155,"flow_dst_last_pkt_time":1120471049334155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471049334155,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cybercimy.v?","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120471051336804,"packet_id":667,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18432,"global_ts_usec":1120471051336804} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":667,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":18432,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120471049334155,"pkt":"ADBUADRWAODtAW69SABFAABIbFgAAIARQvnAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471053339683,"flow_src_last_pkt_time":1120471053339683,"flow_dst_last_pkt_time":1120471053339683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471053339683,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_src_last_pkt_time":1120471053339683,"flow_dst_last_pkt_time":1120471053339683,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1120471053339683,"pkt":"ADBUADRWAODtAW69CABFAABIbFkAAIARSvjAqAECwKoBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJj8XR5AmRrAAAhAAE="} -01323{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471053339683,"flow_src_last_pkt_time":1120471053339683,"flow_dst_last_pkt_time":1120471053339683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471053339683,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyberc?ty.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01331{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471053339683,"flow_src_last_pkt_time":1120471053339683,"flow_dst_last_pkt_time":1120471053339683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471053339683,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_sip._udp.sip.cyberc?ty.dk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00307{"error_event_id":2,"error_event_name":"Unknown L3 protocol","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120471057345430,"packet_id":669,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1120471057345430} 00419{"packet_event_id":1,"packet_event_name":"packet","packet_id":669,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_usec":1120471053339683,"pkt":"ADBcADRHAODtAW69CABgAABIbFoAAIARSvfAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liRXdjaXR5AmRrAAAhgAE="} 00967{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470442140675,"flow_src_last_pkt_time":1120470442140675,"flow_dst_last_pkt_time":1120470442140675,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471053339683,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":19,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -1955,7 +1956,7 @@ 01003{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":676,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882846553,"flow_src_last_pkt_time":1120470882846553,"flow_dst_last_pkt_time":1120470882846553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471068711674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":38709,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882846553,"flow_src_last_pkt_time":1120470882846553,"flow_dst_last_pkt_time":1120470882846553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471068711674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":38709,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120470865712571,"flow_src_last_pkt_time":1120470874723383,"flow_dst_last_pkt_time":1120470865712571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471068711674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2806,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471068711674,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01327{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470882726443,"flow_src_last_pkt_time":1120470882726443,"flow_dst_last_pkt_time":1120470882726443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471068711674,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":676,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470883845876,"flow_src_last_pkt_time":1120470885848866,"flow_dst_last_pkt_time":1120470883845876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471068711674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":69,"flow_dst_packets_processed":0,"flow_first_seen":1120469540839312,"flow_src_last_pkt_time":1120471067960587,"flow_dst_last_pkt_time":1120469540839312,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3442,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471068711674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01114{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":676,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":9,"flow_first_seen":1120470796941095,"flow_src_last_pkt_time":1120471018881832,"flow_dst_last_pkt_time":1120471065350255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":302,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":669,"flow_dst_max_l4_payload_len":1065,"flow_src_tot_l4_payload_len":6145,"flow_dst_tot_l4_payload_len":4275,"midstream":0,"thread_ts_usec":1120471068711674,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -2002,7 +2003,7 @@ 00790{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1120470966852771,"flow_src_last_pkt_time":1120470975858171,"flow_dst_last_pkt_time":1120470966852771,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01301{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470983860327,"flow_src_last_pkt_time":1120470983860327,"flow_dst_last_pkt_time":1120470983860327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120470983999111,"flow_src_last_pkt_time":1120470993243427,"flow_dst_last_pkt_time":1120470983999111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01110{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036317049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01118{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036317049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01107{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470971822331,"flow_src_last_pkt_time":1120470971822331,"flow_dst_last_pkt_time":1120470971822331,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00792{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470924263958,"flow_src_last_pkt_time":1120470924263958,"flow_dst_last_pkt_time":1120470924263958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00798{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":684,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985511036,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471087098234,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -2064,7 +2065,7 @@ 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1120471001714162,"flow_src_last_pkt_time":1120471010718658,"flow_dst_last_pkt_time":1120471001714162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":176,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120471018720186,"flow_src_last_pkt_time":1120471018720186,"flow_dst_last_pkt_time":1120471018721702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1120471019307986,"flow_src_last_pkt_time":1120471028313614,"flow_dst_last_pkt_time":1120471019307986,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036317049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1120471036315554,"flow_src_last_pkt_time":1120471036315554,"flow_dst_last_pkt_time":1120471036317049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2826,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471049334155,"flow_src_last_pkt_time":1120471049334155,"flow_dst_last_pkt_time":1120471049334155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471048339111,"flow_src_last_pkt_time":1120471048339111,"flow_dst_last_pkt_time":1120471048339111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.114","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120471065347471,"flow_src_last_pkt_time":1120471065347471,"flow_dst_last_pkt_time":1120471065347471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2828,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -2096,8 +2097,7 @@ 00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635043451,"flow_src_last_pkt_time":1120469635043451,"flow_dst_last_pkt_time":1120469635043451,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01228{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635052210,"flow_src_last_pkt_time":1120469635052210,"flow_dst_last_pkt_time":1120469635052210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download","ftp": {"user":"","password":"","auth_failed":0}}} 00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635052210,"flow_src_last_pkt_time":1120469635052210,"flow_dst_last_pkt_time":1120469635052210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01227{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635048287,"flow_src_last_pkt_time":1120469635048287,"flow_dst_last_pkt_time":1120469635048287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download","ftp": {"user":"","password":"","auth_failed":0}}} -00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635048287,"flow_src_last_pkt_time":1120469635048287,"flow_dst_last_pkt_time":1120469635048287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635048287,"flow_src_last_pkt_time":1120469635048287,"flow_dst_last_pkt_time":1120469635048287,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":59,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 01008{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985511036,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985511036,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985511036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01003{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635044160,"flow_src_last_pkt_time":1120469635044160,"flow_dst_last_pkt_time":1120469635044160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":120,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -2114,18 +2114,18 @@ 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470985418358,"flow_src_last_pkt_time":1120470985418358,"flow_dst_last_pkt_time":1120470985418358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01227{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635010547,"flow_src_last_pkt_time":1120469635010547,"flow_dst_last_pkt_time":1120469635010547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","proto_id":"1","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":7,"category":"Download","ftp": {"user":"","password":"","auth_failed":0}}} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635010547,"flow_src_last_pkt_time":1120469635010547,"flow_dst_last_pkt_time":1120469635010547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120471107427770,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00665{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":691,"packets-processed":569,"total-skipped-flows":0,"total-l4-payload-len":60810,"total-not-detected-flows":39,"total-guessed-flows":28,"total-detected-flows":190,"total-detection-updates":88,"total-updates":666,"current-active-flows":0,"total-active-flows":257,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2117,"global_ts_usec":1120471107427770} +00665{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":691,"packets-processed":569,"total-skipped-flows":0,"total-l4-payload-len":60810,"total-not-detected-flows":39,"total-guessed-flows":27,"total-detected-flows":191,"total-detection-updates":88,"total-updates":666,"current-active-flows":0,"total-active-flows":257,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2117,"global_ts_usec":1120471107427770} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 691/569 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 60810 bytes -~~ total detected protocols..: 190 +~~ total detected protocols..: 191 ~~ total active/idle flows...: 257/257 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8364262 bytes -~~ total memory freed........: 8364262 bytes -~~ total allocations/frees...: 149793/149793 +~~ total memory allocated....: 12068785 bytes +~~ total memory freed........: 12068785 bytes +~~ total allocations/frees...: 220047/220047 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 311 chars ~~ json string max len.......: 2450 chars diff --git a/test/results/default/fuzz-2006-09-29-28586.pcap.out b/test/results/default/fuzz-2006-09-29-28586.pcap.out index 8897b884a..74b04696d 100644 --- a/test/results/default/fuzz-2006-09-29-28586.pcap.out +++ b/test/results/default/fuzz-2006-09-29-28586.pcap.out @@ -1,5 +1,5 @@ -00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1031854484481540} +00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1031854484481540} 00308{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1031854484481540,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_usec":1031854484481540} 00383{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":2304,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1031854484481540,"pkt":"CAAgsl17AFCLk5N8CQBFAAAo8EpAAIAGrEqsFAMFrBQDDQooAFDkFf3+yWv\/bVARIal6iQAABIGD1GDD"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854484481558,"flow_src_last_pkt_time":1031854484481558,"flow_dst_last_pkt_time":1031854484481558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854484481558,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -215,7 +215,7 @@ 00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854562321743,"flow_src_last_pkt_time":1031854562321743,"flow_dst_last_pkt_time":1031854562321743,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1460,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01088{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854535022424,"flow_src_last_pkt_time":1031854535022424,"flow_dst_last_pkt_time":1031854535022424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1031854535022424,"flow_src_last_pkt_time":1031854535022424,"flow_dst_last_pkt_time":1031854535022424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1031854568982740,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00658{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":131,"packets-processed":123,"total-skipped-flows":0,"total-l4-payload-len":25630,"total-not-detected-flows":4,"total-guessed-flows":23,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":218,"global_ts_usec":1031854568982740} +00658{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":131,"packets-processed":123,"total-skipped-flows":0,"total-l4-payload-len":25630,"total-not-detected-flows":4,"total-guessed-flows":23,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":218,"global_ts_usec":1031854568982740} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 131/123 ~~ skipped flows.............: 0 @@ -224,9 +224,9 @@ ~~ total active/idle flows...: 39/39 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7865010 bytes -~~ total memory freed........: 7865010 bytes -~~ total allocations/frees...: 146952/146952 +~~ total memory allocated....: 11573021 bytes +~~ total memory freed........: 11573021 bytes +~~ total allocations/frees...: 217206/217206 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 312 chars ~~ json string max len.......: 2512 chars diff --git a/test/results/default/fuzz-2020-02-16-11740.pcap.out b/test/results/default/fuzz-2020-02-16-11740.pcap.out index fa257a54a..ad637682d 100644 --- a/test/results/default/fuzz-2020-02-16-11740.pcap.out +++ b/test/results/default/fuzz-2020-02-16-11740.pcap.out @@ -1,5 +1,5 @@ -00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1528996067791491} +00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1528996067791491} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996067791491,"flow_src_last_pkt_time":1528996067791491,"flow_dst_last_pkt_time":1528996067791491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996067791491,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1528996067791491,"flow_dst_last_pkt_time":1528996067791491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_usec":1528996067791491,"pkt":"AAAMB6xAABRP+4rqCABFAALbIMZAAP8RAAAKDEAebOIZNXIQBxQCxwAAAQoCv14OK3h3MxRiiuPV6g7+kV4aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADikDQM2NwZbIqDjATUwMzExNDgwMjeaNTE2NDgwQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZmMtZGItYjMtMDgtZmYtMTQeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XVkZpd2NjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLUlkPTEwZmYxMGFjMDAwMDAwYjFkMWEwMjI1YiwgNWIyMmEwZDEvZmM6ZGI6YjM6MDg6ZmY6MTQvMjA1BAasFAEQIA5WWldDMlRlc3RMYWI6DAAAN2MBBgAAAAIGBgAAAEQlAAAABRQ9BgAAABNABgAAAA1BBgAAAAZRRTU2TzoCAQA4ATAzMTE0ODAyNzE1MTY0ODBAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996067791491,"flow_src_last_pkt_time":1528996067791491,"flow_dst_last_pkt_time":1528996067791491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996067791491,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -39,7 +39,7 @@ 01201{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":671,"pkt_l4_len":0,"thread_ts_usec":1528996636345360,"pkt":"AAAMB6xAABRP+4rqCABaAAKRIM5AAP8RAAAKDEAexuIZNXIQBxUCfQAABBICdf5uAQnl4Bm8CC3G2Muz0doaCgAAV8gOBFVVGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzQBNTAzMTElADAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNnHnBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIsIDViMjJhMzFjL2YwOjc5OjYwOmQxOjdkOjM3LzIxMT0GdgAAExoxAAAACQErYXVkaXQtc2Vzc2kvbi1pZD0xMGZmMTBhYzAwMDAwMGI2MWNhMzIyNWItBgAAAAFABgAAAH5BBgAAAAZRBDU2NwJbIqMhGhQAAFfIBw5WWldDMlRlc3RMYWIa1CoAV8gIBEVUGhAAAFfICwpTdGFuZGFyZBoQAABXyAsKVGVzdCBMYWIaCQAAV8gPAzEaCgAAV8gQBE5KGhEAAFfIEQtMeW5kaHVyc3QaDAAAV8gSBgAAAMkaFwAAV8gdEVZaVyBDMiBUZXN0IExhYhoLAABXyCUFVnpXGg0AADghDgcwNzA3MRoMAAA4IREGAAAAABoVAAA4IRIPSW52YWxpdCBWYWx9ZRodAAA4IRMXNDAuODA0RDgyTi03NC4xMDI4MzlXGgwAADghFAYAAAECGgwAADghFQYAAAACGhUAADghFg9TdGFkaXVtRGlyZWN0KAYAAAABHxNmMC03OS02MC1kMS03ZC0zNx4lMIAtYTctNDItZDAtZTAtMDA6VmVyaXpvbldpRmlBY2Nlc3MaDAAABYMHBsBQSpk="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996641548676,"flow_src_last_pkt_time":1528996641548676,"flow_dst_last_pkt_time":1528996641548676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996641548676,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":30764,"dst_port":12344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1528996641548676,"flow_dst_last_pkt_time":1528996641548676,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":50,"pkt_len":147,"pkt_l4_len":97,"thread_ts_usec":1528996641548676,"pkt":"ABRP+4rqcNuYVcUnCABJAACFyrZAAPsRim\/G4hk1CgxAHgcVchAAcXfuBRIAaavjNmx4LDA40fVoWG4z4qoBNTAzMTE0ODAwNjM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBsZXR3b3JrLm9yZywgNWIyMmEzMWMvZjA6Nzk6NjA6ZDE6N2RZMzcvMjEx"} -00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":19,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":4794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1528996680540870} +00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":19,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":4794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1528996680540870} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996680808327,"flow_src_last_pkt_time":1528996680808327,"flow_dst_last_pkt_time":1528996680808327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996680808327,"l3_proto":"ip4","src_ip":"198.226.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1528996680808327,"flow_dst_last_pkt_time":1528996680808327,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1528996680808327,"pkt":"ABRP+4rqcNuYVcUnCABFAADA98dAAPwRXCPG4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528996684582288,"flow_src_last_pkt_time":1528996684582288,"flow_dst_last_pkt_time":1528996684582288,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528996684582288,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -187,7 +187,7 @@ 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997212627458,"flow_src_last_pkt_time":1528997212627458,"flow_dst_last_pkt_time":1528997212627458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":703,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997266594250,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00762{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997105304205,"flow_src_last_pkt_time":1528997105304205,"flow_dst_last_pkt_time":1528997105304205,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":284,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997266594250,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":88,"flow_datalink":1,"flow_max_packets":5} 00763{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997109583874,"flow_src_last_pkt_time":1528997109583874,"flow_dst_last_pkt_time":1528997109583874,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":691,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997266594250,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":254,"flow_datalink":1,"flow_max_packets":5} -00657{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":127,"packets-processed":104,"total-skipped-flows":0,"total-l4-payload-len":44703,"total-not-detected-flows":6,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":39,"current-active-flows":13,"total-active-flows":27,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":190,"global_ts_usec":1528997294157193} +00657{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":127,"packets-processed":104,"total-skipped-flows":0,"total-l4-payload-len":44703,"total-not-detected-flows":6,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":39,"current-active-flows":13,"total-active-flows":27,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":190,"global_ts_usec":1528997294157193} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997294408774,"flow_src_last_pkt_time":1528997294408774,"flow_dst_last_pkt_time":1528997294408774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997294408774,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00794{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1528997294408774,"flow_dst_last_pkt_time":1528997294408774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528997294408774,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/xpAAPsRVa\/G4hk1ChxAHgcUchAAzU8kC0oAxWEDMLFDKTYIfgbKyEyHMfIBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE1YWUvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjIxT0oBAjRIFwEAAAEFAACfFoRHbsDvI\/+46yBaysIsAgUAAJcLQv7ORgAASiNmmimRHNuLAQACCwUAAKEH8wkM8t7F6HlgkovXWwdQEo++iUihP9VHkRTh6mD7kgU="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997294408774,"flow_src_last_pkt_time":1528997294408774,"flow_dst_last_pkt_time":1528997294408774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997294408774,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -398,7 +398,7 @@ 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997683835823,"flow_src_last_pkt_time":1528997683835823,"flow_dst_last_pkt_time":1528997683835823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":683,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":683,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997867808101,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.119.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00972{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997260021140,"flow_src_last_pkt_time":1528997260021140,"flow_dst_last_pkt_time":1528997260021140,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997867808101,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997260021140,"flow_src_last_pkt_time":1528997260021140,"flow_dst_last_pkt_time":1528997260021140,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997867808101,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"flow_datalink":1,"flow_max_packets":5} -00658{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":243,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":85740,"total-not-detected-flows":10,"total-guessed-flows":2,"total-detected-flows":38,"total-detection-updates":0,"total-updates":98,"current-active-flows":15,"total-active-flows":54,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":401,"global_ts_usec":1528997988607022} +00658{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":243,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":85740,"total-not-detected-flows":10,"total-guessed-flows":2,"total-detected-flows":38,"total-detection-updates":0,"total-updates":98,"current-active-flows":15,"total-active-flows":54,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":401,"global_ts_usec":1528997988607022} 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997988838453,"packet_id":244,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2560,"global_ts_usec":1528997988838453} 00628{"packet_event_id":1,"packet_event_name":"packet","packet_id":244,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":239,"pkt_type":2560,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_usec":1528997988607022,"pkt":"ABRP+4rqcNuYVcUnCgBFAADhCANAAPwRS8fG4hk1CgxAHgcUchAAzcqaC4QAxQGJ6Lj45v3l8O9jNbsTb\/MBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0T0oBAhBIFwEAAAEFAAD7NrjaxmMHv4vIE1TL2G1wAgUAANQK+SugcQAAjldODJoz\/yqLAQACCwUAAPFizAqNmvaDbjPlWgGZGZpQEuJJeKWQmKkvyDnGACXbYRU="} 00307{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528997989240618,"packet_id":245,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":0,"global_ts_usec":1528997989240618} @@ -583,7 +583,7 @@ 01440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_src_last_pkt_time":1528998585268788,"flow_dst_last_pkt_time":1528998576080956,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_usec":1528998585268788,"pkt":"AAAMB6xAABRP+4rqCABFAALHIWdAAP8RAAAKDEAexuIZNXIQBxQCswAAAbkCqwwIsTK62hmv9RZW9\/f12AIaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqq5ATUwMzExNDgwMjUwODY0NjKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00329{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1528998585453134,"packet_id":348,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_usec":1528998585453134} 00731{"packet_event_id":1,"packet_event_name":"packet","packet_id":348,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528998585268788,"pkt":"ABRP+4rqcNuYVcUnCABFADUwD91AAPwRQ57G4hk1CgxAHgcUchABHJkzArkBFPuMuhZj3jbkVosdPxLeAO4aCwAAV8gbBVNQQxpuAAABNxA0w9JZoXWsZGeHUoYiJ9p40yJPEfSCC1VPuzQcz\/tcT9Zniiv93vAfl8Sqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00659{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":349,"packets-processed":285,"total-skipped-flows":0,"total-l4-payload-len":123530,"total-not-detected-flows":15,"total-guessed-flows":3,"total-detected-flows":55,"total-detection-updates":0,"total-updates":132,"current-active-flows":6,"total-active-flows":76,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":586,"global_ts_usec":1528998601376404} +00659{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":349,"packets-processed":285,"total-skipped-flows":0,"total-l4-payload-len":123530,"total-not-detected-flows":15,"total-guessed-flows":3,"total-detected-flows":55,"total-detection-updates":0,"total-updates":132,"current-active-flows":6,"total-active-flows":76,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":586,"global_ts_usec":1528998601376404} 01468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":4,"flow_src_last_pkt_time":1528998601376404,"flow_dst_last_pkt_time":1528998576080956,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_usec":1528998601376404,"pkt":"AAAMB6xAABRP+4rqCABFAALbIWhAAP8RAAAKDEAexuIZNXIQBxQCxwAAAboCvwMeoZZ\/zB+Bk50RcisfPygaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFDICQlXSVNQUjEwGgkAADghDQMwNwZbIqrJATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFDaXNjb4MGAAAAAR8TZjAtNzktdDAtZDEtN2QtMzceJTAwLWE3LTRVLWQwLWUwLTAwOlZlcml6b25XaUZpQWZjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDVjOWFhMjI1YiwgNWIyMmFhYzkvZjA6Nzk6bjA6ZDE6N2Q6MzcvMjQ0BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAlAGNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6V2ANAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxrvAAA4IRQGAAABAhoMAFY4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS5kf6rm1Yn3hVOKVq3hvZUw=="} 00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":5,"flow_src_last_pkt_time":1528998601376404,"flow_dst_last_pkt_time":1528998601561020,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_usec":1528998601561020,"pkt":"ABRP+4rqcNuYVcUnCABFAADhEBRAAPwRQ7bG4hk1CgxAHgcUchAA7U+kC7oAxe81RNsNL9nkCabTe8sTdH4BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmFhYzkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjQ0T0oBAgBIFwEAAAEFAAB93OZOPyN1g5mAaIFbRevEAgUAAM9K59M2sAAACew7QKwfR6iLAQACCwUAAO6YBGpcBLQq1zvE8qMpnJxQcQNtupIsEGf0aXWvBvX8yPY="} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998605741189,"flow_src_last_pkt_time":1528998605741189,"flow_dst_last_pkt_time":1528998605741189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":629,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":629,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":629,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998605741189,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -612,7 +612,7 @@ 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998585019610,"flow_src_last_pkt_time":1528998585019610,"flow_dst_last_pkt_time":1528998585019610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998643334661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998636010967,"flow_src_last_pkt_time":1528998636010967,"flow_dst_last_pkt_time":1528998636010967,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998643334661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528998636010967,"flow_src_last_pkt_time":1528998636010967,"flow_dst_last_pkt_time":1528998636010967,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":145,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528998643334661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"flow_datalink":1,"flow_max_packets":5} -00661{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":366,"packets-processed":301,"total-skipped-flows":0,"total-l4-payload-len":129798,"total-not-detected-flows":19,"total-guessed-flows":3,"total-detected-flows":57,"total-detection-updates":0,"total-updates":133,"current-active-flows":0,"total-active-flows":79,"total-idle-flows":79,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":615,"global_ts_usec":1528998643334661} +00661{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":366,"packets-processed":301,"total-skipped-flows":0,"total-l4-payload-len":129798,"total-not-detected-flows":19,"total-guessed-flows":3,"total-detected-flows":57,"total-detection-updates":0,"total-updates":133,"current-active-flows":0,"total-active-flows":79,"total-idle-flows":79,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":615,"global_ts_usec":1528998643334661} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 366/301 ~~ skipped flows.............: 0 @@ -621,9 +621,9 @@ ~~ total active/idle flows...: 79/79 ~~ total timeout flows.......: 13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7942942 bytes -~~ total memory freed........: 7942942 bytes -~~ total allocations/frees...: 147527/147527 +~~ total memory allocated....: 11650313 bytes +~~ total memory freed........: 11650313 bytes +~~ total allocations/frees...: 217781/217781 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 312 chars ~~ json string max len.......: 2444 chars diff --git a/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out index 511ff0716..15a209cc4 100644 --- a/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out +++ b/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out @@ -1,10 +1,10 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1953631155595384} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1953631155595384} 00366{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1953631155595384,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","size":48,"expected":4093509168,"global_ts_usec":1953631155595384} 00382{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":4093509168,"pkt_l4_len":0,"thread_ts_usec":1953631155595384,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"} 00331{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1953631155595384,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","l4_data_len":14,"global_ts_usec":1953631155595384} 00382{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":4093509168,"pkt_l4_len":0,"thread_ts_usec":1953631155595384,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"} -00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1953631155595384} +00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1953631155595384} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/0 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7764605 bytes -~~ total memory freed........: 7764605 bytes -~~ total allocations/frees...: 146360/146360 +~~ total memory allocated....: 11473240 bytes +~~ total memory freed........: 11473240 bytes +~~ total allocations/frees...: 216614/216614 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 336 chars ~~ json string max len.......: 652 chars diff --git a/test/results/default/fuzz-2021-10-13.pcap.out b/test/results/default/fuzz-2021-10-13.pcap.out index 1a2b1d9ec..f17d94cb1 100644 --- a/test/results/default/fuzz-2021-10-13.pcap.out +++ b/test/results/default/fuzz-2021-10-13.pcap.out @@ -1,8 +1,8 @@ -00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":980658803882137} +00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":980658803882137} 00313{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":980658803882137,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","layer_type":3080300,"global_ts_usec":980658803882137} 00566{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","pkt_datalink":0,"pkt_caplen":197,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":524501,"pkt_l4_len":0,"thread_ts_usec":980658803882137,"pkt":"AC8AbGXLAAAAlQZ\/NAA6MDA1L3VwbG8yZD9sPTAuAAAAAAAAAAA9AAAAgAGtAAAAPAEAADUAMMkAAFsEMjk5oIBtrTHFxwpdEDIAAQBGAAAAaXAAc+dXAAAAAAAIAAoAAAD\/MvsABgAAAAAAAAAAAAAAAAAAAAAkABAAAAAAAAA8AQAAAAAACJcFAAAA\/zL7AAYAAP9NPLKhAgAAAI8NOwAAAH8AAhwAAQAAAAAAECA\/BeIoAAAAACA9eC75+f\/\/xQAAAAA="} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":980658803882137} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-10-13.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":980658803882137} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/0 ~~ skipped flows.............: 0 @@ -11,9 +11,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7764605 bytes -~~ total memory freed........: 7764605 bytes -~~ total allocations/frees...: 146360/146360 +~~ total memory allocated....: 11473240 bytes +~~ total memory freed........: 11473240 bytes +~~ total allocations/frees...: 216614/216614 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 318 chars ~~ json string max len.......: 640 chars diff --git a/test/results/default/geforcenow.pcapng.out b/test/results/default/geforcenow.pcapng.out index 303c68360..b25e9c2a8 100644 --- a/test/results/default/geforcenow.pcapng.out +++ b/test/results/default/geforcenow.pcapng.out @@ -1,5 +1,5 @@ -00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1684671871380890} +00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1684671871380890} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684671871380890,"flow_src_last_pkt_time":1684671871380890,"flow_dst_last_pkt_time":1684671871380890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684671871380890,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":57490,"dst_port":49100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1684671871380890,"flow_dst_last_pkt_time":1684671871380890,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1684671871380890,"pkt":"ILAB4IZiNObXAhsnCABFAAA8bnNAAEAGEYnAqAH1UFSnzuCSv8zOL1q0AAAAAKAC+vC67gAAAgQFtAQCCAp\/iNNhAAAAAAEDAwc="} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1684671871380890,"flow_dst_last_pkt_time":1684671871422093,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1684671871422093,"pkt":"NObXAhsnILAB4IZiCABFAAA8AABAAC4GkfxQVKfOwKgB9b\/M4JLTvM+Mzi9ataAS\/ojy\/AAAAgQFtAQCCAq2cyW7f4jTYQEDAwo="} @@ -13,15 +13,17 @@ 01747{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1684671871380890,"flow_src_last_pkt_time":1684671871611894,"flow_dst_last_pkt_time":1684671871611894,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":669,"flow_dst_max_l4_payload_len":2896,"flow_src_tot_l4_payload_len":1367,"flow_dst_tot_l4_payload_len":31825,"midstream":0,"thread_ts_usec":1684671871611894,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":57490,"dst_port":49100,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.GeForceNow","proto_id":"91.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"80-84-167-206.cloudmatchbeta.nvidiagrid.net","tls": {"version":"TLSv1.2","server_names":"prod.cloudmatchbeta.nvidiagrid.net,*.cloudmatchbeta.nvidiagrid.net","ja3":"021c7413ddeb0d58973451b0e3b19eca","ja3s":"098e26e2609212ac1bfac552fbe04127","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=Santa Clara, O=NVIDIA Corporation, CN=prod.cloudmatchbeta.nvidiagrid.net","advertised_alpns":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"8C:24:BC:2B:01:63:B9:AC:83:90:F3:A9:F9:EA:72:5E:F4:47:A2:77"}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671871710618,"flow_dst_last_pkt_time":1684671871710618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684671871710618,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1684671871710618,"flow_dst_last_pkt_time":1684671871710618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1684671871710618,"pkt":"ILAB4IZiNObXAhsnCABFAAB8NTxAAEARSnXAqAH1UFSnzszZSBQAaLs5AAEATCESpEJmZkFURGcvR3owYVkABgAJRWE1YTpKVkRSAAAAwFcABAAAA+eAKgAIwnuZSt3ewSoAJAAEbgAe\/wAIABRbjKTQjvzi9vcKvdFEaoRq\/ONY24AoAAQNZzi7"} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671871710618,"flow_dst_last_pkt_time":1684671871710618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684671871710618,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1684671871776671,"flow_dst_last_pkt_time":1684671871710618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1684671871776671,"pkt":"ILAB4IZiNObXAhsnCABFAAB8NUNAAEARSm7AqAH1UFSnzszZSBQAaLs5AAEATCESpEJla0tlZ1NwZFdvYXIABgAJRWE1YTpKVkRSAAAAwFcABAAAA+eAKgAIwnuZSt3ewSoAJAAEbgAe\/wAIABQYMoB7d2aIwJgIuBI3wy6BEencYYAoAATSvoZR"} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1684671871840001,"flow_dst_last_pkt_time":1684671871710618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1684671871840001,"pkt":"ILAB4IZiNObXAhsnCABFAAB8NUhAAEARSmnAqAH1UFSnzszZSBQAaLs5AAEATCESpEJkcjVFMmVxQTYxZnoABgAJRWE1YTpKVkRSAAAAwFcABAAAA+eAKgAIwnuZSt3ewSoAJAAEbgAe\/wAIABQWkhd4FNiOGvWn2VSo9pJzHJ6I74AoAAQGsG5+"} -01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671871840001,"flow_dst_last_pkt_time":1684671871710618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1684671871840001,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":3,"num_processed_pkts":3}}} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1684671871840001,"flow_dst_last_pkt_time":1684671871882365,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1684671871882365,"pkt":"NObXAhsnILAB4IZiCABFAABcNN8AAGwRXvJQVKfOwKgB9UgUzNkASFouAQEALCESpEJkcjVFMmVxQTYxZnoAIAAIAAHo0SsSsEoACAAURhnLH3zQvCAinCnMXYq2EhDyy7aAKAAEA6pl0w=="} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1684671871884042,"flow_dst_last_pkt_time":1684671871882365,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1684671871884042,"pkt":"ILAB4IZiNObXAhsnCABFAAC5NU5AAEARSibAqAH1UFSnzszZSBQApbt2Fv7\/AAAAAAAAAAAAkAEAAIQAAAAAAAAAhP79MP1IsuaCwvl\/YcA2OU510BmzK4mvnRXYSsRswUXHqK8AAAAWwCvAL8ypzKjACcATwArAFACcAC8ANQEAAEQAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAA4ACQAGAAEACAAHAA=="} -02305{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671872714424,"flow_dst_last_pkt_time":1684671872714517,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":661,"flow_src_tot_l4_payload_len":2076,"flow_dst_tot_l4_payload_len":2033,"midstream":0,"thread_ts_usec":1684671872714517,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":64764.7,"max":689508,"stddev":136017.0,"var":18500616192.0,"ent":3.2,"data": [66053,63330,171747,44041,99894,183824,360133,689508,48469,47134,1,0,0,0,4464,1537,52687,37,46039,42295,446,303,157,40,93,42070,315,149,228,42450,261]},"pktlen": {"min":53,"avg":156.4,"max":689,"stddev":133.9,"var":17933.5,"ent":4.7,"data": [124,124,124,92,185,185,185,185,689,568,119,358,164,107,53,95,101,101,141,137,105,109,73,113,113,113,73,85,89,105,85,105]},"bins": {"c_to_s": [0,2,5,4,4,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,3,8,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,0,0,0,0,1,0,1,1,1,1,1,1,1,0,0,1,0,1,0,0,0,0,1,1,1,1,0,1],"entropies": [5.798890114,5.760544300,5.760543823,5.699924469,4.958880424,4.982108116,4.979167461,4.994058609,6.462553024,6.717261314,4.840689182,6.641223907,6.248939514,4.353680611,3.764864683,5.258242130,6.006977558,5.841088772,6.408538342,6.349637032,5.904027939,6.047730923,5.421965599,6.049623013,6.169179440,6.109401703,5.448651314,5.635576248,5.804111004,6.095016956,5.717526436,6.095016956]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":33,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671872721652,"flow_dst_last_pkt_time":1684671872745627,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":1180,"flow_src_tot_l4_payload_len":2573,"flow_dst_tot_l4_payload_len":15508,"midstream":0,"thread_ts_usec":1684671872745627,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01400{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671871884042,"flow_dst_last_pkt_time":1684671871882365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":445,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1684671871884042,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Safe","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} +01868{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":2,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671872527893,"flow_dst_last_pkt_time":1684671872571873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":661,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":725,"midstream":0,"thread_ts_usec":1684671872571873,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"DTLS.GeForceNow","proto_id":"30.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"a9e0318114bb46bdbeef6d54e42c915f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"CN=NVIDIA GameStream","subjectDN":"CN=NVIDIA GameStream","fingerprint":"D1:FC:74:AD:A0:6F:11:C1:F4:4D:F9:4C:2B:25:88:A6:2B:6E:65:1E"}}} +02760{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671872714424,"flow_dst_last_pkt_time":1684671872714517,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":661,"flow_src_tot_l4_payload_len":2076,"flow_dst_tot_l4_payload_len":2033,"midstream":0,"thread_ts_usec":1684671872714517,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":64764.7,"max":689508,"stddev":136017.0,"var":18500616192.0,"ent":3.2,"data": [66053,63330,171747,44041,99894,183824,360133,689508,48469,47134,1,0,0,0,4464,1537,52687,37,46039,42295,446,303,157,40,93,42070,315,149,228,42450,261]},"pktlen": {"min":53,"avg":156.4,"max":689,"stddev":133.9,"var":17933.5,"ent":4.7,"data": [124,124,124,92,185,185,185,185,689,568,119,358,164,107,53,95,101,101,141,137,105,109,73,113,113,113,73,85,89,105,85,105]},"bins": {"c_to_s": [0,2,5,4,4,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,3,8,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,0,0,0,0,1,0,1,1,1,1,1,1,1,0,0,1,0,1,0,0,0,0,1,1,1,1,0,1],"entropies": [5.798890114,5.760544300,5.760543823,5.699924469,4.958880424,4.982108116,4.979167461,4.994058609,6.462553024,6.717261314,4.840689182,6.641223907,6.248939514,4.353680611,3.764864683,5.258242130,6.006977558,5.841088772,6.408538342,6.349637032,5.904027939,6.047730923,5.421965599,6.049623013,6.169179440,6.109401703,5.448651314,5.635576248,5.804111004,6.095016956,5.717526436,6.095016956]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"DTLS.GeForceNow","proto_id":"30.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":33,"flow_first_seen":1684671871710618,"flow_src_last_pkt_time":1684671872721652,"flow_dst_last_pkt_time":1684671872745627,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":1180,"flow_src_tot_l4_payload_len":2573,"flow_dst_tot_l4_payload_len":15508,"midstream":0,"thread_ts_usec":1684671872745627,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":52441,"dst_port":18452,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"32": {"risk":"TLS Cert Validity Too Long","severity":"Medium","risk_score": {"total":50,"client":25,"server":25}}},"confidence": {"6":"DPI"},"proto":"DTLS.GeForceNow","proto_id":"30.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":27,"flow_first_seen":1684671871380890,"flow_src_last_pkt_time":1684671872718418,"flow_dst_last_pkt_time":1684671871771400,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2896,"flow_dst_max_l4_payload_len":2896,"flow_src_tot_l4_payload_len":6969,"flow_dst_tot_l4_payload_len":38102,"midstream":0,"thread_ts_usec":1684671872745627,"l3_proto":"ip4","src_ip":"192.168.1.245","dst_ip":"80.84.167.206","src_port":57490,"dst_port":49100,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.GeForceNow","proto_id":"91.341","proto_by_ip":"Nvidia","proto_by_ip_id":342,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":108,"packets-processed":108,"total-skipped-flows":0,"total-l4-payload-len":63152,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1684671872745627} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/geforcenow.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":108,"packets-processed":108,"total-skipped-flows":0,"total-l4-payload-len":63152,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1684671872745627} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 108/108 ~~ skipped flows.............: 0 @@ -30,9 +32,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7836241 bytes -~~ total memory freed........: 7836241 bytes -~~ total allocations/frees...: 146505/146505 +~~ total memory allocated....: 11544939 bytes +~~ total memory freed........: 11544939 bytes +~~ total allocations/frees...: 216764/216764 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 550 chars ~~ json string max len.......: 4444 chars diff --git a/test/results/default/genshin-impact.pcap.out b/test/results/default/genshin-impact.pcap.out index 77e1e265f..4112d08c3 100644 --- a/test/results/default/genshin-impact.pcap.out +++ b/test/results/default/genshin-impact.pcap.out @@ -1,5 +1,5 @@ -00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1615497372822667} +00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1615497372822667} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1615497372822667,"flow_src_last_pkt_time":1615497372822667,"flow_dst_last_pkt_time":1615497372822667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1615497372822667,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1615497372822667,"flow_dst_last_pkt_time":1615497372822667,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1615497372822667,"pkt":"eJS0JASgYDjgxTWgCABFAAAwrR4AAD8RTEjAqAJkL\/WPVeWOVlUAHPQTAAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="} 01177{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1615497372822667,"flow_src_last_pkt_time":1615497372822667,"flow_dst_last_pkt_time":1615497372822667,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1615497372822667,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -7,7 +7,7 @@ 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1615497372883763,"flow_dst_last_pkt_time":1615497372843789,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_usec":1615497372883763,"pkt":"eJS0JASgYDjgxTWgCABFAADFrx4AAD8RSbPAqAJkL\/WPVeWOVlUAsVF7MhgDABWiDTpRAAABg6QlIwAAAAAAAAAAUQAAAOjKqWZw7UqL9Yt3c0eSZwkZnnlWAs83g1p8EKxdCAGrvC1rqvpVXt+DS9GDIp59mUEo7M9A0R8PnQy3bk3e+QGIcWRmxHcBqUQOH+f\/uJk3ozIYAwAVog06UQAAAYOkJSMBAAAAAAAAACAAAADoyqkGcO9Ki\/W6d3BfbJ9hSIrPxLFWnBNUYf2O83uxMA=="} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1615497372883763,"flow_dst_last_pkt_time":1615497372914092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"thread_ts_usec":1615497372914092,"pkt":"YDjgxTWgeJS0JASgCABFAACCK5BAADcRlYQv9Y9VwKgCZFZV5Y4Abu3mMhgDABWiDTpSAAABg6QlIwAAAAACAAAAAAAAADIYAwAVog06UgAAAYOkJSMBAAAAAgAAAAAAAAAyGAMAFaINOlEAAAHepCUjAAAAAAIAAAASAAAA6MqpBXDmSov1t3fu\/jnV8Vij"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1615497372922682,"flow_dst_last_pkt_time":1615497372914092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1615497372922682,"pkt":"eJS0JASgYDjgxTWgCABFAAA4+mEAAD8R\/vzAqAJkL\/WPVeWOVlUAJJKtMhgDABWiDTpSAAAB3qQlIwAAAAABAAAAAAAAAA=="} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":4307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1617969465739661} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":4307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1617969465739661} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1617969465739661,"flow_src_last_pkt_time":1617969465739661,"flow_dst_last_pkt_time":1617969465739661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1617969465739661,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1617969465739661,"flow_dst_last_pkt_time":1617969465739661,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1617969465739661,"pkt":"eJS0JASgYDjgxTWgCABFAAAwIDwAAD8RvwnAqAJkL\/6pbecJVlYAHFkOAAAA\/wAAAAC6msTNSZYC0v\/\/\/\/8="} 01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1617969465739661,"flow_src_last_pkt_time":1617969465739661,"flow_dst_last_pkt_time":1617969465739661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1617969465739661,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -16,7 +16,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1617969465796897,"flow_dst_last_pkt_time":1617969465822356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1617969465822356,"pkt":"YDjgxTWgeJS0JASgCABFAAA4mnVAADcRDMgv\/qltwKgCZFZW5wkAJNCqrCICAM3EmrpSAAABbMl+tgAAAAABAAAAAAAAAA=="} 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1617969465796897,"flow_dst_last_pkt_time":1617969466442121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_usec":1617969466442121,"pkt":"YDjgxTWgeJS0JASgCABFAADDnBFAADcRCqEv\/qltwKgCZFZW5wkAr58vrCICAM3EmrpRAAABP8x+tgAAAAABAAAAiwAAAOjKqWVw7UqL9cV3tYWQZx8+3lVfAt\/cHNmWKr5HDFui7AF186oJD92EHtODJcp3zBYr48tD1h1Wy1znPkPfrQyOdDY0xX4woCkAFe\/M0qGOOXqx5KQ032vvPu3M8qe6WA1GLKlWVI5iU9E1q9MYvSH7QLzYypooMZ9tX0Ab4QCSgJ54yulHLEquC+U="} 01226{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1615497372822667,"flow_src_last_pkt_time":1615497374420722,"flow_dst_last_pkt_time":1615497374454886,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":606,"flow_dst_max_l4_payload_len":1181,"flow_src_tot_l4_payload_len":1075,"flow_dst_tot_l4_payload_len":3232,"midstream":0,"thread_ts_usec":1617969467485845,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":6297,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1618759616491441} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":6297,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1618759616491441} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618759616491441,"flow_src_last_pkt_time":1618759616491441,"flow_dst_last_pkt_time":1618759616491441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618759616491441,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1618759616491441,"flow_dst_last_pkt_time":1618759616491441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1618759616491441,"pkt":"eJS0JASgYDjgxTWgCABFAAAwGRQAAD8RUQ3AqAJkCNFFv81fVlUAHHz9AAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="} 01177{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618759616491441,"flow_src_last_pkt_time":1618759616491441,"flow_dst_last_pkt_time":1618759616491441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618759616491441,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -25,7 +25,7 @@ 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1618759616572945,"flow_dst_last_pkt_time":1618759616601044,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"thread_ts_usec":1618759616601044,"pkt":"YDjgxTWgeJS0JASgCABFAACCBNZAADYRLfkI0UW\/wKgCZFZVzV8AbgXrXPECABn4gxJSAAAB+IeX5QAAAAACAAAAAAAAAFzxAgAZ+IMSUgAAAfiHl+UBAAAAAgAAAAAAAABc8QIAGfiDElEAAAFMiJflAAAAAAIAAAASAAAA6MqpBXDmSov1t3ei1GLU8Vij"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1618759616612938,"flow_dst_last_pkt_time":1618759616601044,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1618759616612938,"pkt":"eJS0JASgYDjgxTWgCABFAAA4\/jQAAD8Ra+TAqAJkCNFFv81fVlUAJJbpXPECABn4gxJSAAABTIiX5QAAAAABAAAAAAAAAA=="} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1617969465739661,"flow_src_last_pkt_time":1617969467485845,"flow_dst_last_pkt_time":1617969467482889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":298,"flow_src_tot_l4_payload_len":1047,"flow_dst_tot_l4_payload_len":943,"midstream":0,"thread_ts_usec":1618759618761347,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":8942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1650541441246000} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":8942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1650541441246000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650541441246000,"flow_src_last_pkt_time":1650541441246000,"flow_dst_last_pkt_time":1650541441246000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650541441246000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1650541441246000,"flow_dst_last_pkt_time":1650541441246000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1650541441246000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8hmVAAD8GAmXAqAJkMTO+spuOAFDYKxQrAAAAAKAC\/\/\/VsQAAAgQFtAQCCAoNnimHAAAAAAEDAwk="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1650541441246000,"flow_dst_last_pkt_time":1650541441413000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650541441413000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAAC4GmdIxM76ywKgCZABQm44lLXPY2CsULIAScUgpvgAAAgQFhgEBBAIBAwMC"} @@ -34,7 +34,7 @@ 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650541441246000,"flow_src_last_pkt_time":1650541441416000,"flow_dst_last_pkt_time":1650541441413000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650541441416000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1650541441416000,"flow_dst_last_pkt_time":1650541441582000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1650541441582000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo12pAAC4GwnMxM76ywKgCZABQm44lLXPZ2CsUVlAQHFK\/KQAAAAAAAAAA"} 01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1618759616491441,"flow_src_last_pkt_time":1618759618715293,"flow_dst_last_pkt_time":1618759618761347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":606,"flow_dst_max_l4_payload_len":354,"flow_src_tot_l4_payload_len":1681,"flow_dst_tot_l4_payload_len":964,"midstream":0,"thread_ts_usec":1650541441932000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":10917,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1650813582412000} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":10917,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1650813582412000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650813582412000,"flow_src_last_pkt_time":1650813582412000,"flow_dst_last_pkt_time":1650813582412000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650813582412000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1650813582412000,"flow_dst_last_pkt_time":1650813582412000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1650813582412000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8XGBAAD8GNXTAqAJkMTO1qJsGAFBg5zJJAAAAAKAC\/\/\/zjAAAAgQFtAQCCAo+Nj3MAAAAAAEDAwk="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1650813582412000,"flow_dst_last_pkt_time":1650813582583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650813582583000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAAC4GotwxM7WowKgCZABQmwaucKQhYOcySoAScUjS6QAAAgQFhgEBBAIBAwMC"} @@ -43,7 +43,7 @@ 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650813582412000,"flow_src_last_pkt_time":1650813582588000,"flow_dst_last_pkt_time":1650813582583000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650813582588000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1650813582588000,"flow_dst_last_pkt_time":1650813582759000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1650813582759000,"pkt":"YDjgxTWgeJS0JASgCABFAAAoY7JAAC4GPzYxM7WowKgCZABQmwaucKQiYOcydFAQHFJoVQAAAAAAAAAA"} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1650541441246000,"flow_src_last_pkt_time":1650541441932000,"flow_dst_last_pkt_time":1650541441930000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1414,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":1788,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1650813583121000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.190.178","src_port":39822,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":12925,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1655043605088000} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":12925,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1655043605088000} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655043605088000,"flow_src_last_pkt_time":1655043605088000,"flow_dst_last_pkt_time":1655043605088000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043605088000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":45246,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1655043605088000,"flow_dst_last_pkt_time":1655043605088000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655043605088000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8y9BAAD8GxgPAqAJkMTO1qLC+Jxyp+mQnAAAAAKAC\/\/\/OLAAAAgQFtAQCCArRkRhbAAAAAAEDAwk="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1655043605088000,"flow_dst_last_pkt_time":1655043605260000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655043605260000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAAC4GotwxM7WowKgCZCccsL7ZMHkgqfpkKIAScUgbtQAAAgQFhgEBBAIBAwMC"} @@ -53,7 +53,7 @@ 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1655043605265000,"flow_dst_last_pkt_time":1655043605436000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1655043605436000,"pkt":"YDjgxTWgeJS0JASgCABFAAAocDRAAC4GMrQxM7WowKgCZCccsL7ZMHkhqfpkUlAQHFKxIAAAAAAAAAAA"} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655043605088000,"flow_src_last_pkt_time":1655043605840000,"flow_dst_last_pkt_time":1655043606011000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":492,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":835,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1655043606011000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":45246,"dst_port":10012,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1650813582412000,"flow_src_last_pkt_time":1650813583121000,"flow_dst_last_pkt_time":1650813583117000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1414,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":1821,"flow_dst_tot_l4_payload_len":187,"midstream":0,"thread_ts_usec":1655043606011000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"49.51.181.168","src_port":39686,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GenshinImpact","proto_id":"257","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":90,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":13947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1655043606011000} +00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/genshin-impact.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":90,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":13947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1655043606011000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 90/90 ~~ skipped flows.............: 0 @@ -62,9 +62,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7786247 bytes -~~ total memory freed........: 7786247 bytes -~~ total allocations/frees...: 146519/146519 +~~ total memory allocated....: 11494786 bytes +~~ total memory freed........: 11494786 bytes +~~ total allocations/frees...: 216773/216773 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 537 chars ~~ json string max len.......: 1231 chars diff --git a/test/results/default/git.pcap.out b/test/results/default/git.pcap.out index 0a6b04d54..ac500b6b7 100644 --- a/test/results/default/git.pcap.out +++ b/test/results/default/git.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1460821630164056} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1460821630164056} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1460821630164056,"flow_src_last_pkt_time":1460821630164056,"flow_dst_last_pkt_time":1460821630164056,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1460821630164056,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1460821630164056,"flow_dst_last_pkt_time":1460821630164056,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1460821630164056,"pkt":"nJcm0ghCPJcOZtCOCABFAAA8Q1ZAAEAGScLAqABNBZnnFbt3JMp+hgtEAAAAAKACchB0gwAAAgQFtAQCCAoBp0gSAAAAAAEDAwo="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1460821630164056,"flow_dst_last_pkt_time":1460821630221958,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1460821630221958,"pkt":"PJcOZtCOnJcm0ghCCABFCAA8AABAAC8GnhAFmecVwKgATSTKu3dqwE5VfoYLRaASOJBfrwAAAgQFrAQCCAorjWmrAadIEgEDAwc="} @@ -9,7 +9,7 @@ 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1460821630222080,"flow_dst_last_pkt_time":1460821630278031,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1460821630278031,"pkt":"PJcOZtCOnJcm0ghCCABFCAA0J+9AAC8GdikFmecVwKgATSTKu3dqwE5WfoYLioAQAHLGLwAAAQEICiuNabkBp0gh"} 02171{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1460821630164056,"flow_src_last_pkt_time":1460821630544728,"flow_dst_last_pkt_time":1460821630545903,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":527,"flow_dst_max_l4_payload_len":2880,"flow_src_tot_l4_payload_len":605,"flow_dst_tot_l4_payload_len":19825,"midstream":0,"thread_ts_usec":1460821630545903,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":29,"avg":24597.4,"max":99851,"stddev":28614.0,"var":818762240.0,"ent":3.8,"data": [57902,57964,60,56073,43848,99851,54739,54730,537,49455,48900,45519,29,17836,63404,1849,203,2031,860,202,1063,209,208,710,439,1139,50571,205,50785,547,651]},"pktlen": {"min":52,"avg":690.9,"max":2932,"stddev":773.9,"var":598945.8,"ent":4.1,"data": [60,60,52,121,52,253,52,948,52,579,52,61,52,60,1492,52,1492,1492,52,1492,1492,52,2932,52,1492,1492,52,1492,1492,52,1492,1492]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,1]},"directions": [0,1,0,0,1,1,0,1,0,0,1,0,1,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1],"entropies": [4.739262104,5.279368877,5.115703106,5.628006458,5.195351124,5.731617451,5.115702629,4.962421417,5.154164791,5.045848370,5.195351601,5.288749218,5.233812809,5.389901161,4.890160084,5.154164791,6.262699604,7.849300385,5.154164791,7.861139297,7.866855145,5.154164791,7.887691021,5.024262905,7.851975918,7.853373528,5.154164791,7.871936798,7.800623894,5.115703106,7.834641933,7.837094784]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Git","proto_id":"226","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":15,"category":"Collaborative"}} 00970{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":49,"flow_first_seen":1460821630164056,"flow_src_last_pkt_time":1460821631220936,"flow_dst_last_pkt_time":1460821631269756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":527,"flow_dst_max_l4_payload_len":2880,"flow_src_tot_l4_payload_len":605,"flow_dst_tot_l4_payload_len":67444,"midstream":0,"thread_ts_usec":1460821631269756,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Git","proto_id":"226","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":15,"category":"Collaborative"}} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":90,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":68049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1460821631269756} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/git.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":90,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":68049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1460821631269756} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 90/90 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769363 bytes -~~ total memory freed........: 7769363 bytes -~~ total allocations/frees...: 146461/146461 +~~ total memory allocated....: 11477982 bytes +~~ total memory freed........: 11477982 bytes +~~ total allocations/frees...: 216715/216715 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 541 chars ~~ json string max len.......: 2176 chars diff --git a/test/results/default/gnutella.pcap.out b/test/results/default/gnutella.pcap.out index 130608fd7..1659f6a73 100644 --- a/test/results/default/gnutella.pcap.out +++ b/test/results/default/gnutella.pcap.out @@ -1,4 +1,4 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00269{"error_event_id":4,"error_event_name":"Packet too short","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":22,"packet_id":1,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","size":4,"expected":14,"global_ts_usec":22} 00278{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":4,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":22,"pkt":"AAAAAA=="} 00704{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":9752391,"flow_src_last_pkt_time":9752391,"flow_dst_last_pkt_time":9752391,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":9752391,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffa4:e108","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} @@ -5606,7 +5606,7 @@ 00753{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":690,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287623920,"flow_src_last_pkt_time":287623920,"flow_dst_last_pkt_time":287623920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"61.18.212.223","src_port":28681,"dst_port":50637,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00966{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251763326,"flow_src_last_pkt_time":287316376,"flow_dst_last_pkt_time":251763326,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.199.108","src_port":28681,"dst_port":56040,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00754{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":251763326,"flow_src_last_pkt_time":287316376,"flow_dst_last_pkt_time":251763326,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"36.237.199.108","src_port":28681,"dst_port":56040,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01139{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287650717,"flow_src_last_pkt_time":287650717,"flow_dst_last_pkt_time":287650717,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.206.27.26","src_port":28681,"dst_port":6578,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"7":"Match by IP"},"proto":"Tor","proto_id":"163","proto_by_ip":"Tor","proto_by_ip_id":163,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}} +00963{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287650717,"flow_src_last_pkt_time":287650717,"flow_dst_last_pkt_time":287650717,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.206.27.26","src_port":28681,"dst_port":6578,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00751{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":700,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287650717,"flow_src_last_pkt_time":287650717,"flow_dst_last_pkt_time":287650717,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"91.206.27.26","src_port":28681,"dst_port":6578,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":287314350,"flow_src_last_pkt_time":287314350,"flow_dst_last_pkt_time":287314350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"68.47.223.27","src_port":28681,"dst_port":6346,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01191{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3631,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":101162745,"flow_src_last_pkt_time":287624798,"flow_dst_last_pkt_time":177309077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":232,"flow_dst_max_l4_payload_len":727,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":3014,"midstream":0,"thread_ts_usec":478637098,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"45.31.152.112","src_port":28681,"dst_port":26851,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -6605,7 +6605,7 @@ 00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3901,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":599426218,"flow_src_last_pkt_time":599426218,"flow_dst_last_pkt_time":599426218,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599426218,"l3_proto":"ip6","src_ip":"fe80::c50d:519f:96a4:e108","dst_ip":"ff02::16","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3902,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":799,"flow_packet_id":2,"flow_src_last_pkt_time":599529292,"flow_dst_last_pkt_time":599415510,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":834,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":834,"pkt_l4_len":780,"thread_ts_usec":599529292,"pkt":"MzMAAAAMCAAn5uVZht1gB0PFAwwRAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAM+dYOdgMMdjk8P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvQnllPC93c2E6QWN0aW9uPjx3c2E6TWVzc2FnZUlEPnVybjp1dWlkOjk4Zjc0ZjcxLTZkZmMtNDYxMi05YzNjLTVjNTgwZWI4MzU5Njwvd3NhOk1lc3NhZ2VJRD48d3NkOkFwcFNlcXVlbmNlIEluc3RhbmNlSWQ9IjQ2IiBTZXF1ZW5jZUlkPSJ1cm46dXVpZDo3NjczODllMC1lZTlhLTRjMWMtYjkwMi0yMGNiODFkMjAzZTAiIE1lc3NhZ2VOdW1iZXI9IjUiPjwvd3NkOkFwcFNlcXVlbmNlPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOkJ5ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDo3NDdmM2Q5Ni02OGE3LTQzZjEtOGNiZS1lOGQ2ZGFkZDAzNTg8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOkJ5ZT48L3NvYXA6Qm9keT48L3NvYXA6RW52ZWxvcGU+"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3903,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":801,"flow_packet_id":2,"flow_src_last_pkt_time":599747316,"flow_dst_last_pkt_time":599426218,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":90,"pkt_l4_len":28,"thread_ts_usec":599747316,"pkt":"MzMAAAAWCAAn5uVZht1gAAAAACQAAf6AAAAAAAAAxQ1Rn5ak4Qj\/AgAAAAAAAAAAAAAAAAAWOgAFAgAAAQCPAOKkAAAAAQMAAAD\/AgAAAAAAAAAAAAAAAAAM"} -00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3904,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":3904,"packets-processed":3882,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":310,"total-guessed-flows":2,"total-detected-flows":401,"total-detection-updates":5,"total-updates":2519,"current-active-flows":169,"total-active-flows":801,"total-idle-flows":632,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6608,"global_ts_usec":600247140} +00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3904,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3904,"packets-processed":3882,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":311,"total-guessed-flows":1,"total-detected-flows":401,"total-detection-updates":5,"total-updates":2519,"current-active-flows":169,"total-active-flows":801,"total-idle-flows":632,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6608,"global_ts_usec":600247140} 00957{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":65062972,"flow_src_last_pkt_time":74093030,"flow_dst_last_pkt_time":65062972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.17.124.40","src_port":50212,"dst_port":6776,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00745{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":65062972,"flow_src_last_pkt_time":74093030,"flow_dst_last_pkt_time":65062972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"95.17.124.40","src_port":50212,"dst_port":6776,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":750,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":312956911,"flow_src_last_pkt_time":493286521,"flow_dst_last_pkt_time":312956911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"67.193.8.52","src_port":28681,"dst_port":38584,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} @@ -6863,7 +6863,7 @@ 01082{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":47,"flow_first_seen":71205609,"flow_src_last_pkt_time":593376712,"flow_dst_last_pkt_time":593376534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":1065,"flow_src_tot_l4_payload_len":753,"flow_dst_tot_l4_payload_len":5162,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"86.208.180.181","src_port":50249,"dst_port":45883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01187{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":95716226,"flow_src_last_pkt_time":426377575,"flow_dst_last_pkt_time":426518025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":81,"flow_dst_max_l4_payload_len":61,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":165,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"24.167.201.53","src_port":28681,"dst_port":47282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01185{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":72853189,"flow_src_last_pkt_time":553212866,"flow_dst_last_pkt_time":72853189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":599747316,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"167.114.170.156","src_port":28681,"dst_port":23844,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":3905,"packets-processed":3882,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":398,"total-guessed-flows":2,"total-detected-flows":401,"total-detection-updates":5,"total-updates":2519,"current-active-flows":0,"total-active-flows":801,"total-idle-flows":801,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6866,"global_ts_usec":600247226} +00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3905,"source":"cfgs\/default\/pcap\/gnutella.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3905,"packets-processed":3882,"total-skipped-flows":0,"total-l4-payload-len":383594,"total-not-detected-flows":399,"total-guessed-flows":1,"total-detected-flows":401,"total-detection-updates":5,"total-updates":2519,"current-active-flows":0,"total-active-flows":801,"total-idle-flows":801,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6866,"global_ts_usec":600247226} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3905/3882 ~~ skipped flows.............: 0 @@ -6872,9 +6872,9 @@ ~~ total active/idle flows...: 801/801 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9715728 bytes -~~ total memory freed........: 9715728 bytes -~~ total allocations/frees...: 159317/159317 +~~ total memory allocated....: 13411547 bytes +~~ total memory freed........: 13411547 bytes +~~ total allocations/frees...: 229571/229571 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 274 chars ~~ json string max len.......: 2354 chars diff --git a/test/results/default/google_ssl.pcap.out b/test/results/default/google_ssl.pcap.out index e30ec8deb..f014c4c42 100644 --- a/test/results/default/google_ssl.pcap.out +++ b/test/results/default/google_ssl.pcap.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1434443394683939} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1434443394683939} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1434443394683939,"flow_src_last_pkt_time":1434443394683939,"flow_dst_last_pkt_time":1434443394683939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1434443394683939,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1434443394683939,"flow_dst_last_pkt_time":1434443394683939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1434443394683939,"pkt":"AA6OTbSogMbKAJ6fCABFAAAsBqJAAEAG14usHwPg2DrUZKdTAbt6Z3LqAAAAAGACFtCOVwAAAgQFtA=="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1434443394683939,"flow_dst_last_pkt_time":1434443394717671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1434443394717671,"pkt":"gMbKAJ6fAA6OTbSoCABFAAAseLYAADMGsnfYOtRkrB8D4AG7p1PuIxETemdy62ASp5T+aAAAAgQFlgAA"} @@ -8,7 +8,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1434443394995795,"flow_dst_last_pkt_time":1434443395030206,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1434443395030206,"pkt":"gMbKAJ6fAA6OTbSoCABFAAAoeX0AADMGsbTYOtRkrB8D4AG7p1PuIxEUemdzaVAQp5QVigAAAAAAAAAA"} 00937{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1434443394683939,"flow_src_last_pkt_time":1434443401353810,"flow_dst_last_pkt_time":1434443401308882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1430,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":6924,"midstream":0,"thread_ts_usec":1434443401353810,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00790{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1434443394683939,"flow_src_last_pkt_time":1434443401353810,"flow_dst_last_pkt_time":1434443401308882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1430,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":6924,"midstream":0,"thread_ts_usec":1434443401353810,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":28,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":7568,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1434443401353810} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/google_ssl.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":28,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":7568,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1434443401353810} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 28/28 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769613 bytes -~~ total memory freed........: 7769613 bytes -~~ total allocations/frees...: 146400/146400 +~~ total memory allocated....: 11478232 bytes +~~ total memory freed........: 11478232 bytes +~~ total allocations/frees...: 216654/216654 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 532 chars ~~ json string max len.......: 942 chars diff --git a/test/results/default/googledns_android10.pcap.out b/test/results/default/googledns_android10.pcap.out index 3309fbb26..2f315c853 100644 --- a/test/results/default/googledns_android10.pcap.out +++ b/test/results/default/googledns_android10.pcap.out @@ -1,5 +1,5 @@ -00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592552824409182} +00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592552824409182} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592552824409182,"flow_src_last_pkt_time":1592552824409182,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1592552824409182,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592552824409182,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552824409182,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gpUAAHcG7tcICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT59wAAAQEIChWqa0r\/\/5Cw"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1592552824632762,"flow_dst_last_pkt_time":1592552824409182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1592552824632762,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gzYAAHcG7jYICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT5GAAAAQEIChWqbCn\/\/5Cw"} @@ -74,7 +74,7 @@ 02352{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553013061132,"flow_dst_last_pkt_time":1592553013091250,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1042,"flow_dst_tot_l4_payload_len":5862,"midstream":0,"thread_ts_usec":1592553013091250,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":78,"avg":389623.4,"max":5703762,"stddev":1387530.2,"var":1925240193024.0,"ent":1.5,"data": [14386,41870,9180,49912,17551,119,78,32502,535,103,15369,30822,15661,19948,22571,85476,5640736,5703762,20528,7552,6167,13685,17563,31103,85377,103703,33240,18803,6257,16181,17586]},"pktlen": {"min":52,"avg":268.2,"max":1470,"stddev":356.7,"var":127227.7,"ent":4.1,"data": [60,60,52,206,52,1470,1470,291,52,52,52,145,344,211,52,551,52,211,52,211,551,52,52,551,52,211,52,211,551,52,52,551]},"bins": {"c_to_s": [9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,1,0,1,1],"entropies": [4.338340282,5.027645111,4.884933472,5.431665897,4.776611805,7.047077656,7.517809868,7.078123569,4.923395157,4.961856842,4.884933472,5.934261322,7.043113232,6.764406681,4.891996861,7.507923126,5.000318527,6.783365250,4.853535175,6.745207787,7.564836025,4.961856842,4.815073490,7.579652309,4.808010578,6.780797958,4.587473392,6.752651691,7.539085865,4.961856842,4.878231525,7.529703617]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01130{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":68,"flow_dst_packets_processed":65,"flow_first_seen":1592552878549677,"flow_src_last_pkt_time":1592552996489587,"flow_dst_last_pkt_time":1592552996502369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":499,"flow_src_tot_l4_payload_len":5210,"flow_dst_tot_l4_payload_len":14618,"midstream":0,"thread_ts_usec":1592553079303170,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":121,"flow_dst_packets_processed":120,"flow_first_seen":1592553007037028,"flow_src_last_pkt_time":1592553079303170,"flow_dst_last_pkt_time":1592553079299653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":318,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":11059,"flow_dst_tot_l4_payload_len":37798,"midstream":0,"thread_ts_usec":1592553079303170,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.DoH_DoT","proto_id":"91.196","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":532,"packets-processed":532,"total-skipped-flows":0,"total-l4-payload-len":97842,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":6,"total-detection-updates":9,"total-updates":2,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":77,"global_ts_usec":1592553079303170} +00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/googledns_android10.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":532,"packets-processed":532,"total-skipped-flows":0,"total-l4-payload-len":97842,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":6,"total-detection-updates":9,"total-updates":2,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":77,"global_ts_usec":1592553079303170} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 532/532 ~~ skipped flows.............: 0 @@ -83,9 +83,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7833369 bytes -~~ total memory freed........: 7833369 bytes -~~ total allocations/frees...: 147051/147051 +~~ total memory allocated....: 11541876 bytes +~~ total memory freed........: 11541876 bytes +~~ total allocations/frees...: 217305/217305 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 545 chars ~~ json string max len.......: 2357 chars diff --git a/test/results/default/gquic.pcap.out b/test/results/default/gquic.pcap.out index d99ba24e8..f173a7180 100644 --- a/test/results/default/gquic.pcap.out +++ b/test/results/default/gquic.pcap.out @@ -1,10 +1,10 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591876186378535} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591876186378535} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591876186378535,"flow_src_last_pkt_time":1591876186378535,"flow_dst_last_pkt_time":1591876186378535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591876186378535,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02343{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591876186378535,"flow_dst_last_pkt_time":1591876186378535,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1591876186378535,"pkt":"6PckTkFdoMWJ9P+XCABFAAVieo1AAIARvdoKLAUZ2DrVo+6pAbsFTko2w1EwNTAIAXaX8XoV5u8AAEU0NFnBgsF5hkBVQ9QcdhAQB7AX4STVuX+cZkTXcyq7Q06MKI3IMV7nn3XwVsYd8lSM2UQ2Mh\/Lz0P54TH133\/BjF8sKcZx48\/VepMyZjozNf6hUhocgBAvamo29IXHVqILxpkl4wjCzjbjeV119chifFcXxaTjllFkxsh3XmLG5348E\/qK2TLLnMy43JAHw6S2e1v2BO4WXkya\/bcrsjPnQYikRvTxH8li9ZflQ5PttsYcSUtQigVmzX+3zu6YljUMgwCKrGbUc4ym0tN37M5ly\/uhm21+A6fvtyySGNQfP7wJOsR1iWGsA6NR+V\/fmgbvfd72gKd0sTHFADbRPSKYDc0XDK\/X8vG8GXGEknHbOT7DGSzLKpHYvLrwIaFjsweHE6gkta44k2oP3lJ5y\/ohylLleMWOzrznvbvHmPDTo6fznFlCwcMwiT5bU7kKdr22dfJC4HZKXgrfdx\/kyr9W7YgF8ndv1gEMp60hGoa3HeIkNrwcimMUj8lo1MQMLSdfIURLgLYuYXeqNU9nrCpCTOHF8rljnTLtemFl5GKnW4QO+Vn8YQU0wC2WniPFD0JOSE\/9\/8uhjdFWVDMbiGWhYk1SCdcSCnwwatMyU\/DcpZqDI25eb58WZqvNqtnsCmojU\/8N4SjVKXFe6sqZF9Vu2GvgHDvSqxDzjeY9qlts4TuIbe+gH+w1MKU7JxNtGZ08YyKdDEVfiklQ\/xyvSgH5AGRqlnD6igJ7NF54pjKD67q+V\/b7AzUVhGIbpajDS4rvn+fDdhXSGqLFbtHNBw9zOlfyLlg3QCkztn+awCGkuUrUQJWRuzHeXcQ9Pm+GTWr4ztxdNe8GOdcH0fw\/02FqwqbZa0xgXb6ogDH\/Z7u3OTt5CsB\/hPp4imvHezect7LAbuRcIJ+tmXKeqwNdUGoyV614kYKA0aTDm4QbBmp4nIg9dspzjXHExZ33U9zxLwZ8DYwQJDoYhywocb4+jKp5OhFT0Egt5ANj4PPsKNBEjNDxnpAKCiI11YkYMyYj1BSFJ2mKW5kFXZ2\/Uk7W0jKMRykBFSaIJ+fwu1W4yhNjDR69KpOGwGw5d47DA9U+Gj7qbRCpjgb1v145AzbIQNTU\/mwU8gqij0o+rVb\/pUEtWMRho\/Yukqvj0PDpk20u\/iMNduvSEQAQLt7IA31zZMJsdzUDXqeH4lvAJTdAXDM+BfHOutfryXO0ilZKrrhbJmj03RyAieSkoI7y9TYI7udqZUukM2QcgXS180FYjb94yLuFlXG0La9U7oT6UzgYEOrDdq4bcoWorhw9j4EjTTcsFMkNO8f65TlicSD0KdGh7ggCR8NtD2qMSi4KIMxq9IHmGPWBJODrdc1+LXcmA3ApoiY81zbK2QPTdK0LHWSdeauC3LCzY9zJ5bEtZvA4hiamdfZl4E5cxC\/raRilWW9+sNuXDrAH9rw48q66KiLSEC63yDpS1q549REO+OCEIx8SKQQoN1W6tspnVZ3EKLwuCby00TS84gP7\/ke1UZsRSUTrMeCETmkIya9DRfJn3gxYto584jg1Sk6Axi4aJ8MlnhdHfC\/0XWQrVM1UOD3\/J3K5XZUZKJ5vUWJzfBTgAe8J4\/heUMD2WmkBuQIER6hh9JGvwyZ2I6vJO7KXsorNCeXZA6iFfdtk90sqEl67LnWUAJmZ\/6NzgV\/JXrGoQRR0uqoWVC\/xj1u+c66MRH8y3Tf8DUoZ1L57SrRzGrkWBB6B2RSkfxWVzZUSCgEgPU4Lp+fnv6pDzh8zifmLUphU5Jycotx7"} -01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591876186378535,"flow_src_last_pkt_time":1591876186378535,"flow_dst_last_pkt_time":1591876186378535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591876186378535,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","quic": {"user_agent":"canary Chrome\/85.0.4169.0 Windows NT 10.0; Win64; x64"}}} +01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591876186378535,"flow_src_last_pkt_time":1591876186378535,"flow_dst_last_pkt_time":1591876186378535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591876186378535,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","quic": {"user_agent":"canary Chrome\/85.0.4169.0 Windows NT 10.0; Win64; x64","quic_version":"Q050"}}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591876186378535,"flow_src_last_pkt_time":1591876186378535,"flow_dst_last_pkt_time":1591876186378535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591876186378535,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1591876186378535} +00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gquic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1591876186378535} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777153 bytes -~~ total memory freed........: 7777153 bytes -~~ total allocations/frees...: 146392/146392 +~~ total memory allocated....: 11485772 bytes +~~ total memory freed........: 11485772 bytes +~~ total allocations/frees...: 216646/216646 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 566 chars ~~ json string max len.......: 2348 chars diff --git a/test/results/default/gtp_c.pcap.out b/test/results/default/gtp_c.pcap.out index 664deb5bd..8bc0b9f57 100644 --- a/test/results/default/gtp_c.pcap.out +++ b/test/results/default/gtp_c.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614767558813421} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614767558813421} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614767558813421,"flow_src_last_pkt_time":1614767558813421,"flow_dst_last_pkt_time":1614767558813421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":247,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614767558813421,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":1024,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00844{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614767558813421,"flow_dst_last_pkt_time":1614767558813421,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":289,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":289,"pkt_l4_len":255,"thread_ts_usec":1614767558813421,"pkt":"5kBKB+riApXG95NLCABFAAETmxkAAIARAAAKZQACCmYAAgQACEsA\/wAASCAA8wAAAABLVGIAAQAIAIlnRREiM0T1TAAGAJh2VBI0VksACAA0VniQEgEC81YADQAYmHZUEjSYdlQSNFZ4UwADAIlHVlIAAQAGTQACAAAAVwAJAIY1UpIECmUAAkcACQAIaW50ZXJuZXSAAAEAAGMAAQABTwAFAAEhFxcBfwABAAJIAAgAAAAnDwAAJw9JAAEABV0APQBJAAEABVQADQAhMQEJEMCoAQH\/\/\/8AVwAJAoQ1UpIFCmUAAlAAFgAYBwAAAAAAAAAAAAAAAAAAAAAAAAAAhAAHAAGsEGtxAAGEAAcBAawQa3IAAXIAAgAAAF8AAgAAAQ=="} 01055{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614767558813421,"flow_src_last_pkt_time":1614767558813421,"flow_dst_last_pkt_time":1614767558813421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":247,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614767558813421,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":1024,"dst_port":2123,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"GTP.GTP_C","proto_id":"152.272","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -7,7 +7,7 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1614767558814595,"flow_dst_last_pkt_time":1614767558814579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1614767558814595,"pkt":"5kBKB+riApXG95NLCABFAAA+mxoAAIARAAAKZQACCmYAAgQACEsAKgAASCQAHjVSkgZLVGIASQABAAVWAA0AGJh2VBI0mHZUEjRWeA=="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1614767558814595,"flow_dst_last_pkt_time":1614767558815505,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1614767558815505,"pkt":"ApXG95NL5kBKB+riCABFAAAzmxIAAH8Ri9kKZgACCmUAAghLBAAAHwAASCUAEzVSkgRLVGIAAgACABAAAwABAAE="} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1614767558813421,"flow_src_last_pkt_time":1614767558814595,"flow_dst_last_pkt_time":1614767558815505,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":235,"midstream":0,"thread_ts_usec":1614767558815505,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":1024,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"GTP.GTP_C","proto_id":"152.272","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1614767558815505} +00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_c.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1614767558815505} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766869 bytes -~~ total memory freed........: 7766869 bytes -~~ total allocations/frees...: 146375/146375 +~~ total memory allocated....: 11475488 bytes +~~ total memory freed........: 11475488 bytes +~~ total allocations/frees...: 216629/216629 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 542 chars ~~ json string max len.......: 1102 chars diff --git a/test/results/default/gtp_false_positive.pcapng.out b/test/results/default/gtp_false_positive.pcapng.out index 1eb23eb92..df3253610 100644 --- a/test/results/default/gtp_false_positive.pcapng.out +++ b/test/results/default/gtp_false_positive.pcapng.out @@ -1,5 +1,5 @@ -00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1638856441836839} +00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1638856441836839} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856441836839,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638856441836839,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1638856441836839,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1638856441836839,"pkt":"AAAAAAAAAAEAm1OyCABFAABDuMQAAD8R0IIYASFCPjh66HJHDToAL3+GJwAAAAJZAADIADJepW8BAAAAHa0lUAAAAAAAAAAAAAAAAAEAAAAA"} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1638856442050829,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1638856442050829,"pkt":"AAAAAAAAAAEAm1OyCABFAABDLq0AAD8RWpoYASFCPjh66HJHDToAL3+GJwAAAAJZAADIADJepW8BAAAAHa0lUAAAAAAAAAAAAAAAAAEAAAAA"} @@ -7,19 +7,19 @@ 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1638856501912725,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1638856501912725,"pkt":"AAAAAAAAAAEAm1OyCABFAABL0zoAAD8RtgQYASFCPjh66HJHDToANyFgLwAAAALBDwDIAAEAAADTFLeVMl6lbwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1638856511476253,"pkt":"AAAAAAAAAAEAm1OyCABFAABKCqAAAD8RfqAYASFCPjh66HJHDToANrRYLgAAAAIpAwDIADJepW\/TFLeVlbt0kwAAAAAAAAAAAAAAAAAAAAB\/vnSTfQEAAA=="} 00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638856511476253,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1639664897536021} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1639664897536021} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639664897536021,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639664897536021,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"thread_ts_usec":1639664897536021,"pkt":"AAAAAAAAAAgAcgnYCABFaAAk3R5AADMR+TQyB2+GZ+Fnn0JoCEsAEMsJNwMAAEIAAAAAAAAAAAA="} 01001{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639664897536021,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639664897536021,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":226,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1640630605457589} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":226,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1640630605457589} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1640630605457589,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00962{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"thread_ts_usec":1640630605457589,"pkt":"AAAAAAAAAAgAF2izCABFAAFiEjRAAD0RTyh3ub6tQlZicghLw9wBTnl2RgEAAAJ5AwDIAMWLvaZzN8g7AAAAAHAALV6UJ\/cTHdx+UcbekdlVsrIQyORBtJYGjhwit4VPN8cgIpZwuzYVz0TO+kH8rnowgXXPb2P\/JTt2WeT4FCyPlfScgvudUxqPf1kwZMd0KmXiXleYPXTNqftx0xJj\/Kb2FN1yrSOQIVUjnqcH8TbL6jgJymGUAAAAfj1DGkvghwUAAAAAAQAAAAABAAAAAAAAAAAAAgBvbQcAAAAAAAAASgABBwAAAAgAYXV0b0FsZ28BADEQAGF1dG9Jbml0TGltaXRSZXMBADAMAGF1dG9MaW1pdFJlcwEAMAcAYndlQWxnbwEAMQwAZG91Ymxlaml0dGVyAQAwCQBwcm9iZVN0cmEBADAGAHNka2JiciAAYWNrVGltZU91dDoyMDB8YWNrVGltZUxlbmd0aDo2MDA="} 01071{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639664897536021,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"GTP","proto_id":"152","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639664897536021,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01077{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1640630605457589,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"GTP","proto_id":"152","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1640630605457589,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":552,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1640630605457589} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":552,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1640630605457589} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -28,9 +28,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7771252 bytes -~~ total memory freed........: 7771252 bytes -~~ total allocations/frees...: 146400/146400 +~~ total memory allocated....: 11479839 bytes +~~ total memory freed........: 11479839 bytes +~~ total allocations/frees...: 216654/216654 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 545 chars ~~ json string max len.......: 1082 chars diff --git a/test/results/default/gtp_prime.pcapng.out b/test/results/default/gtp_prime.pcapng.out index c2f019603..ea5eafce6 100644 --- a/test/results/default/gtp_prime.pcapng.out +++ b/test/results/default/gtp_prime.pcapng.out @@ -1,8 +1,8 @@ -00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1424882324190538} +00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1424882324190538} 00299{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1424882324190538,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1424882324190538} 00699{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":300,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":300,"pkt_l4_len":0,"thread_ts_usec":1424882324190538,"pkt":"tjL\/AAFBtij\/AAFBgQAAZIEAAGcIAEXAARYAAAAAPxEI+QoKNgEKCicK\/EQNOgEC27Eu8AD0AAR+AfwA7wEBHAYA6b9gggDkgAFggwgTACEAAAAA8KQGgAQKCjUBhQQHkAAAhwVlaHJwZIgC8SGpCKAGgAQBAAAGiwEBrIIAKjAogwIDSIQCA0iFAQKGCRUCJRY4RCsAAKkQgQEIhgEJhwNMS0CIA0xLQI0JFQIlFjgBKwAAjgErjwEAsCKkIAYOKwYBBAGyfwMBAkYEAQCBAQCiCzAJAgEBAgEBgQEOkgpBTFUtTk9ERTAxlAEBlQEAlwIBAJgBA54BA58iAQG\/JAaABAoKBgOfJQMTIBCfJgkVAiUWOAArAACfJwkVAiUWOEQrAACfKAQHkAAA"} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":1424882324190538} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_prime.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":1424882324190538} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/0 ~~ skipped flows.............: 0 @@ -11,9 +11,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7764605 bytes -~~ total memory freed........: 7764605 bytes -~~ total allocations/frees...: 146360/146360 +~~ total memory allocated....: 11473240 bytes +~~ total memory freed........: 11473240 bytes +~~ total allocations/frees...: 216614/216614 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 304 chars ~~ json string max len.......: 704 chars diff --git a/test/results/default/h323-overflow.pcap.out b/test/results/default/h323-overflow.pcap.out index 77e776425..2ce2c59fc 100644 --- a/test/results/default/h323-overflow.pcap.out +++ b/test/results/default/h323-overflow.pcap.out @@ -1,10 +1,10 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946681200000000} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946681200000000} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":946681200000000,"pkt":"IiIiIiIiIiIiIiIjCABFAAAsRr1AAIAG+9DAqAEBwKgBAnppAFA5fV1j4FJ\/s1AYQD3UwAAAAwAABA=="} 01073{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} 00772{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":4,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":946681200000000} +00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323-overflow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":4,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":946681200000000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7768830 bytes -~~ total memory freed........: 7768830 bytes -~~ total allocations/frees...: 146373/146373 +~~ total memory allocated....: 11477449 bytes +~~ total memory freed........: 11477449 bytes +~~ total allocations/frees...: 216627/216627 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 541 chars ~~ json string max len.......: 1078 chars diff --git a/test/results/default/h323.pcap.out b/test/results/default/h323.pcap.out index b06030abe..38090f012 100644 --- a/test/results/default/h323.pcap.out +++ b/test/results/default/h323.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1198747079978922} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1198747079978922} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1198747079978922,"flow_src_last_pkt_time":1198747079978922,"flow_dst_last_pkt_time":1198747079978922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1198747079978922,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1198747079978922,"flow_dst_last_pkt_time":1198747079978922,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_usec":1198747079978922,"pkt":"ABj+bZZlABMh8GpfCABFAABCx9cAAIART7MRAgB8EQIAoQfyBrcALv7LAiAAAAYACJFKAAQAEQIAfAfyIgCuAQA9AAEDAIXImlEggAMBQAA="} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1198747079978922,"flow_dst_last_pkt_time":1198747080010123,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":125,"pkt_l4_len":91,"thread_ts_usec":1198747080010123,"pkt":"ABMh8GpfABj+bZZlCABFAABviRAAAIARjk0RAgChEQIAfAa3B\/IAWwaKBIAAAAYACJFKAAQ+AE8AcABlAG4ASAAzADIAMwAgAEcAYQB0AGUAawBlAGUAcABlAHIAIABvAG4AIABtAGYAbwB0AHQAZQBrAGkAbgARAgChBrc="} @@ -13,7 +13,7 @@ 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1198747081344407,"flow_src_last_pkt_time":1198747081344407,"flow_dst_last_pkt_time":1198747081402254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":46,"midstream":1,"thread_ts_usec":1198747081402254,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":7,"flow_first_seen":1198747079978922,"flow_src_last_pkt_time":1198747080556295,"flow_dst_last_pkt_time":1198747160184990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":369,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":539,"flow_dst_tot_l4_payload_len":559,"midstream":0,"thread_ts_usec":1198747160184990,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.161","src_port":2034,"dst_port":1719,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00960{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1198747081344407,"flow_src_last_pkt_time":1198747081344407,"flow_dst_last_pkt_time":1198747081402254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":153,"flow_dst_tot_l4_payload_len":46,"midstream":1,"thread_ts_usec":1198747160184990,"l3_proto":"ip4","src_ip":"17.2.0.124","dst_ip":"17.2.0.122","src_port":3032,"dst_port":1720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"H323","proto_id":"158","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1297,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1198747160184990} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/h323.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1297,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1198747160184990} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7771297 bytes -~~ total memory freed........: 7771297 bytes -~~ total allocations/frees...: 146395/146395 +~~ total memory allocated....: 11479900 bytes +~~ total memory freed........: 11479900 bytes +~~ total allocations/frees...: 216649/216649 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 561 chars ~~ json string max len.......: 1004 chars diff --git a/test/results/default/haproxy.pcap.out b/test/results/default/haproxy.pcap.out new file mode 100644 index 000000000..728ecbaa5 --- /dev/null +++ b/test/results/default/haproxy.pcap.out @@ -0,0 +1,22 @@ +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1687864379191181} +00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687864379191181,"flow_src_last_pkt_time":1687864379191181,"flow_dst_last_pkt_time":1687864379191181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1687864379191181,"l3_proto":"ip4","src_ip":"1.1.1.1","dst_ip":"2.2.2.2","src_port":48502,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00962{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1687864379191181,"flow_dst_last_pkt_time":1687864379191181,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":375,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":375,"pkt_l4_len":341,"thread_ts_usec":1687864379191181,"pkt":"+hY+jaKQ+hY+\/yO1CABFAAFpvu5AAD8GAgoBAQEBAgICAr12Abu3rOLhYNsr0IAYAebcfgAAAQEICj6dk6a+omhcUFJPWFkgVENQNCAxMS4xMTEuMTEuMTExIDIyMi4yMjIuMjIyLjIyIDUyMTc2IDQ0Mw0KFgMBAP0BAAD5AwNlfFlZ28HZabWEzRLxYxkQw8ZEWOpFUKuCCl2ET+sPiyCZoEcV\/EP3q9ibNr\/\/S8YKnRMNZ3pfRaKXBGknrdMLPAAkEwETAhMDwC\/AK8AwwCzMqcyowAnAE8AKwBQAnACdAC8ANQAKAQAAjAAAABgAFgAAE2FhYWFhYWFhYWFhYWFhYWEueHgAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBADMAJgAkAB0AIC9wHtbeNV7Yhsp5eQYXtT7TM0R+9NA5\/A60gExAg7ZMAC0AAgEBACsABQQDBAMD"} +01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687864379191181,"flow_src_last_pkt_time":1687864379191181,"flow_dst_last_pkt_time":1687864379191181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1687864379191181,"l3_proto":"ip4","src_ip":"1.1.1.1","dst_ip":"2.2.2.2","src_port":48502,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HAProxy","proto_id":"350","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}} +01074{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687864379191181,"flow_src_last_pkt_time":1687864379191181,"flow_dst_last_pkt_time":1687864379191181,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":309,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":309,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1687864379191181,"l3_proto":"ip4","src_ip":"1.1.1.1","dst_ip":"2.2.2.2","src_port":48502,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HAProxy","proto_id":"350","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}} +00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/haproxy.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1687864379191181} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 1/1 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 309 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 11477449 bytes +~~ total memory freed........: 11477449 bytes +~~ total allocations/frees...: 216627/216627 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 568 chars +~~ json string max len.......: 1079 chars +~~ json string avg len.......: 800 chars diff --git a/test/results/default/heuristic_tcp_ack_payload.pcap.out b/test/results/default/heuristic_tcp_ack_payload.pcap.out index d68ed2f92..96d2f7d4f 100644 --- a/test/results/default/heuristic_tcp_ack_payload.pcap.out +++ b/test/results/default/heuristic_tcp_ack_payload.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1681478090730262} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1681478090730262} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681478090730262,"flow_src_last_pkt_time":1681478090730262,"flow_dst_last_pkt_time":1681478090730262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681478090730262,"l3_proto":"ip4","src_ip":"194.226.199.21","dst_ip":"52.18.127.189","src_port":58155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1681478090730262,"flow_dst_last_pkt_time":1681478090730262,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681478090730262,"pkt":"QHGDrEAwoDafLnO8CABFAAA0UOtAAH0GbxHC4scVNBJ\/veMrAbsAeoaaAAAAAIAC+vDKXAAAAgQFtAEDAwgBAQQC"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1681478090730262,"flow_dst_last_pkt_time":1681478090780521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681478090780521,"pkt":"oDafLnO8QHGDrEAwCABFAAA0AABAAOkGU\/w0En+9wuLHFQG74yuLkuWcAHqGm4ASaQPrCQAAAgQFtAEBBAIBAwMI"} @@ -7,7 +7,7 @@ 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1681478090781920,"flow_dst_last_pkt_time":1681478090780521,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1681478090781920,"pkt":"QHGDrEAwoDafLnO8CABFAAItUO1AAH0GbRbC4scVNBJ\/veMrAbsAeoabi5LlnVAYAgHa5QAAFgMBAgABAAH8AwO2b8k+LCOftweDZWjvdeyR90vCYVJRMgT0j8Pik75VmCBg6yWVhOtcb9ut7Hy59sTpKH6uJec\/kZz0GzKsEDEcaAAgmpoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAbAAMCAAIAIwBp+6R1+qIJHZG7jowoeY3hRbjOQoOBSjubfpFQW9nxqfD0S5qRCzYtZk0T2UZ7jb\/+pwGkVmJwdmFtm3YHm6ODfcntPcAS93\/vLSJrkHutEM1HolLRM4QVmCnTlceE8Q\/R5iQVvIN9NJOjABIAAAALAAIBAAAKAAoACIqKAB0AFwAYADMAKwApiooAAQAAHQAg0bBrRvkzsBdk4f0tRyz\/mG183djoFkcSb2nq6iq3WmBEaQAFAAMCaDIAEAAOAAwCaDIIaHR0cC8xLjH\/AQABAAAFAAUBAAAAAAAtAAIBAQAXAAAAAAAQAA4AAAtiaXRyaXguaW5mbwANABIAEAQDCAQEAQUDCAUFAQgGBgEAKwAHBnp6AwQDA7q6AAEAABUAYwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1681478090781920,"flow_dst_last_pkt_time":1681478090832249,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1681478090832249,"pkt":"oDafLnO8QHGDrEAwCABFAAAuXV1AAOkG9qQ0En+9wuLHFQG74yuLkuWdAHqIoFAQAG6SZwAAAAAAAAAA"} 01988{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1681478090730262,"flow_src_last_pkt_time":1681478119542351,"flow_dst_last_pkt_time":1681478119592875,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1085,"flow_dst_max_l4_payload_len":2920,"flow_src_tot_l4_payload_len":2972,"flow_dst_tot_l4_payload_len":5602,"midstream":0,"thread_ts_usec":1681478119592875,"l3_proto":"ip4","src_ip":"194.226.199.21","dst_ip":"52.18.127.189","src_port":58155,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1860474.4,"max":28647677,"stddev":7030273.0,"var":49424738811904.0,"ent":1.1,"data": [50259,51105,553,51728,128,0,97,51293,1354,0,1851,500,202,193,0,51721,0,48,140,50129,407,8135,0,8098,85064,28647677,19,62,28613926,13,0]},"pktlen": {"min":42,"avg":308.7,"max":2960,"stddev":576.0,"var":331721.9,"ent":3.6,"data": [52,52,42,557,46,153,1500,2960,42,378,49,42,166,145,502,550,160,91,118,46,42,78,439,78,42,46,113,86,1125,46,46,86]},"bins": {"c_to_s": [6,2,1,2,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,3,1,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1]},"directions": [0,1,0,0,1,1,1,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,1,0,0,0,1,1,1],"entropies": [4.700937748,4.839770317,4.678030014,5.790879726,4.390829086,5.801830769,7.220153809,7.298819065,4.678030014,7.385129929,4.797285557,4.725648880,6.228291035,6.284518242,7.567343235,7.646277905,6.609186172,5.432500839,6.074527264,4.434307575,4.678030014,5.448187351,7.460664272,5.370555878,4.678030014,4.477785587,5.985470772,5.565127373,7.818080425,4.434307575,4.477785587,5.465760708]}} -00652{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":64,"packets-processed":63,"total-skipped-flows":0,"total-l4-payload-len":12346,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1681887368538349} +00652{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":64,"packets-processed":63,"total-skipped-flows":0,"total-l4-payload-len":12346,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1681887368538349} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1681887368538349,"flow_src_last_pkt_time":1681887368538349,"flow_dst_last_pkt_time":1681887368538349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1681887368538349,"l3_proto":"ip4","src_ip":"194.226.199.226","dst_ip":"8.247.226.126","src_port":34101,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1681887368538349,"flow_dst_last_pkt_time":1681887368538349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681887368538349,"pkt":"QHGDrEAwoDafLnO8CABFAAA0sahAAEAGEuHC4sfiCPfifoU1AFBr1P3sAAAAAIAC+vAOnwAAAgQFtAEBBAIBAwMH"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1681887368538349,"flow_dst_last_pkt_time":1681887368549865,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1681887368549865,"pkt":"oDafLnO8QHGDrEAwCABFAAA0+VoAADkGEi8I9+J+wuLH4gBQhTVLutKfa9T97YASpWRFuwAAAgQFtAEBBAIBAwMM"} @@ -25,7 +25,7 @@ 01987{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1681887518918488,"flow_src_last_pkt_time":1681887519032454,"flow_dst_last_pkt_time":1681887519031452,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":321,"flow_dst_max_l4_payload_len":2824,"flow_src_tot_l4_payload_len":867,"flow_dst_tot_l4_payload_len":19359,"midstream":0,"thread_ts_usec":1681887519032454,"l3_proto":"ip4","src_ip":"194.226.199.61","dst_ip":"35.241.9.150","src_port":27453,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7320.3,"max":29949,"stddev":11049.8,"var":122098208.0,"ent":3.5,"data": [24068,24393,353,24974,2405,0,38,27411,305,4695,29949,0,24556,1245,0,54,26487,9,288,44,25578,893,503,1582,287,1013,999,1290,1231,1003,1277]},"pktlen": {"min":42,"avg":672.8,"max":2864,"stddev":1000.3,"var":1000640.1,"ent":3.7,"data": [52,52,42,258,46,2088,2088,462,42,42,133,318,109,42,217,361,78,46,78,364,1452,42,1452,2864,42,42,2864,42,2864,42,2864,42]},"bins": {"c_to_s": [11,1,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,1,0,0,0,0,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,6]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,1,1,1,1,0,1,1,0,0,1,0,1,0,1,0],"entropies": [4.585552692,5.017560482,4.686327934,5.680439472,4.505982876,7.413378239,7.563780785,7.408977032,4.733946800,4.686327934,5.833590031,7.044709682,5.829442978,4.715973377,6.852140903,7.372029781,5.280656338,4.505982876,5.229373932,7.303534985,7.876083851,4.582791805,7.885684490,7.924335957,4.733946800,4.781565666,7.928474426,4.781565666,7.931355953,4.781565666,7.921189308,4.638709068]}} 00983{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":12,"flow_first_seen":1681887368538349,"flow_src_last_pkt_time":1681887368574945,"flow_dst_last_pkt_time":1681887368574890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":496,"flow_dst_max_l4_payload_len":1022,"flow_src_tot_l4_payload_len":506,"flow_dst_tot_l4_payload_len":1082,"midstream":0,"thread_ts_usec":1681887519714799,"l3_proto":"ip4","src_ip":"194.226.199.226","dst_ip":"8.247.226.126","src_port":34101,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} 00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":12,"flow_first_seen":1681887368538349,"flow_src_last_pkt_time":1681887368574945,"flow_dst_last_pkt_time":1681887368574890,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":496,"flow_dst_max_l4_payload_len":1022,"flow_src_tot_l4_payload_len":506,"flow_dst_tot_l4_payload_len":1082,"midstream":0,"thread_ts_usec":1681887519714799,"l3_proto":"ip4","src_ip":"194.226.199.226","dst_ip":"8.247.226.126","src_port":34101,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00655{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":161,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":50505,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1682070081976502} +00655{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":161,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":50505,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1682070081976502} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1682070081976502,"flow_src_last_pkt_time":1682070081976502,"flow_dst_last_pkt_time":1682070081976502,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1682070081976502,"l3_proto":"ip4","src_ip":"194.226.199.9","dst_ip":"92.223.106.21","src_port":49756,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1682070081976502,"flow_dst_last_pkt_time":1682070081976502,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070081976502,"pkt":"QHGDrEAwoDafLnO8CABFAAA01rdAAH4G1SvC4scJXN9qFcJcAbti0BbiAAAAAIAC+vDldAAAAgQFtAEDAwgBAQQC"} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1682070081976502,"flow_dst_last_pkt_time":1682070081986323,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1682070081986323,"pkt":"oDafLnO8QHGDrEAwCABFoAA0AABAADsG7kNc32oVwuLHCQG7wlyvphSeYtAW44ASpWR2qgAAAgQFtAEBBAIBAwMJ"} @@ -54,7 +54,7 @@ 00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1682070081976502,"flow_src_last_pkt_time":1682070082251822,"flow_dst_last_pkt_time":1682070082232484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2636,"flow_src_tot_l4_payload_len":618,"flow_dst_tot_l4_payload_len":4888,"midstream":0,"thread_ts_usec":1682070140596749,"l3_proto":"ip4","src_ip":"194.226.199.9","dst_ip":"92.223.106.21","src_port":49756,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00955{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":22,"flow_dst_packets_processed":16,"flow_first_seen":1682070088015038,"flow_src_last_pkt_time":1682070095296597,"flow_dst_last_pkt_time":1682070095295909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":569,"flow_dst_max_l4_payload_len":2843,"flow_src_tot_l4_payload_len":1480,"flow_dst_tot_l4_payload_len":9570,"midstream":0,"thread_ts_usec":1682070140596749,"l3_proto":"ip4","src_ip":"194.226.199.103","dst_ip":"217.69.139.59","src_port":62580,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":22,"flow_dst_packets_processed":16,"flow_first_seen":1682070088015038,"flow_src_last_pkt_time":1682070095296597,"flow_dst_last_pkt_time":1682070095295909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":569,"flow_dst_max_l4_payload_len":2843,"flow_src_tot_l4_payload_len":1480,"flow_dst_tot_l4_payload_len":9570,"midstream":0,"thread_ts_usec":1682070140596749,"l3_proto":"ip4","src_ip":"194.226.199.103","dst_ip":"217.69.139.59","src_port":62580,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00657{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":303,"packets-processed":303,"total-skipped-flows":0,"total-l4-payload-len":96601,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1682070140596749} +00657{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/heuristic_tcp_ack_payload.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":303,"packets-processed":303,"total-skipped-flows":0,"total-l4-payload-len":96601,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1682070140596749} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 303/303 ~~ skipped flows.............: 0 @@ -63,9 +63,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7798652 bytes -~~ total memory freed........: 7798652 bytes -~~ total allocations/frees...: 146738/146738 +~~ total memory allocated....: 11507191 bytes +~~ total memory freed........: 11507191 bytes +~~ total allocations/frees...: 216992/216992 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 552 chars ~~ json string max len.......: 2021 chars diff --git a/test/results/default/hots.pcapng.out b/test/results/default/hots.pcapng.out index 60ddf2645..0d30772a2 100644 --- a/test/results/default/hots.pcapng.out +++ b/test/results/default/hots.pcapng.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1654637718943449} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1654637718943449} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637718943449,"flow_dst_last_pkt_time":1654637718943449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654637718943449,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1654637718943449,"flow_dst_last_pkt_time":1654637718943449,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1654637718943449,"pkt":"XKbmnXAsHIcsX1wrCABFAAA0\/EkAAIARAADAqABJGGk4DdVGDowAIBGZ5l00AJcnFPc\/largPjZAABq8Y7Mqyf2l"} 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637718943449,"flow_dst_last_pkt_time":1654637718943449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654637718943449,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -9,7 +9,7 @@ 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1654637719137613,"flow_dst_last_pkt_time":1654637718943449,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1654637719137613,"pkt":"XKbmnXAsHIcsX1wrCABFAAA0\/E0AAIARAADAqABJGGk4DdVGDowAIBGZ5l00AE+Qups7r8mPrXxAABrIY9cLO2D3"} 02315{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637719490075,"flow_dst_last_pkt_time":1654637811243833,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":540,"midstream":0,"thread_ts_usec":1654637811243833,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3612,"avg":2995064.8,"max":91418317,"stddev":16143814.0,"var":260622725939200.0,"ent":0.2,"data": [39885,24383,63734,66162,61944,34445,30828,61113,3612,33342,62853,57422,6903,91418317,63443,62525,36602,26359,63168,62882,63116,62919,63469,62673,63217,32441,30200,63038,62887,26082,37046]},"pktlen": {"min":48,"avg":54.9,"max":60,"stddev":5.0,"var":25.2,"ent":5.0,"data": [52,48,52,52,52,52,48,52,48,52,52,52,48,52,60,60,60,48,60,60,60,60,60,60,60,60,48,60,60,60,48,60]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.946224213,4.767892838,4.792377472,4.869300842,4.946224213,4.946224213,4.809559822,4.869300842,4.767892838,4.907762527,4.946224213,4.907762527,4.752166748,4.946224213,4.432916641,4.366249561,4.366250038,3.700824261,4.366250038,4.432916641,4.332916737,4.399583340,4.199582577,4.302914619,4.287001610,4.366250038,3.742490768,4.353668213,4.366249561,4.399583340,3.742490768,4.366249561]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01105{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":21,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637719490075,"flow_dst_last_pkt_time":1654637811370381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":624,"midstream":0,"thread_ts_usec":1654637811370381,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":36,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1654783675054709} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":36,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1654783675054709} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654783675054709,"flow_src_last_pkt_time":1654783675054709,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654783675054709,"l3_proto":"ip4","src_ip":"24.105.57.183","dst_ip":"192.168.0.73","src_port":1119,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1654783675054709,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1654783675054709,"pkt":"HIcsX1wrXKbmnXAsCABFAAAwCHlAADMRLDMYaTm3wKgASQRfxbEAHHLGAAAAAAAAAAAAAAAAAABAAAnvZd4="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654783675054709,"flow_src_last_pkt_time":1654783675054709,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654783675054709,"l3_proto":"ip4","src_ip":"24.105.57.183","dst_ip":"192.168.0.73","src_port":1119,"dst_port":50609,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -18,7 +18,7 @@ 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1654783675117304,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_usec":1654783675117304,"pkt":"HIcsX1wrXKbmnXAsCABFAAB2CIBAADMRK+YYaTm3wKgASQRfxbEAYiR2AAAAAAAAAAAAAAAAAABAAAoeZeIql8nUybw4tw4pKpHcbVwYH7G3wB9ObHfM9+DMqRG8+TeH21hXAHBJ3yp55piT47VgIlh7bWtACKd7vLtppv9EBjqF2v+b"} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1654783675154334,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_usec":1654783675154334,"pkt":"HIcsX1wrXKbmnXAsCABFAAB2CJ1AADMRK8kYaTm3wKgASQRfxbEAYiRmAAAAAAAAAAAAAAAAAABAEAoeZeIql8nUybw4tw4pKpHcbVwYH7G3wB9ObHfM9+DMqRG8+TeH21hXAHBJ3yp55piT47VgIlh7bWtACKd7vLtppv9EBjqF2v+b"} 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":21,"flow_first_seen":1654637718943449,"flow_src_last_pkt_time":1654637719490075,"flow_dst_last_pkt_time":1654637811370381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":624,"midstream":0,"thread_ts_usec":1654783675999278,"l3_proto":"ip4","src_ip":"192.168.0.73","dst_ip":"24.105.56.13","src_port":54598,"dst_port":3724,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":2872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1654785317878340} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":2872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1654785317878340} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654785317878340,"flow_src_last_pkt_time":1654785317878340,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":83,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785317878340,"l3_proto":"ip4","src_ip":"24.105.57.16","dst_ip":"192.168.0.73","src_port":3724,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1654785317878340,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":125,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":125,"pkt_l4_len":91,"thread_ts_usec":1654785317878340,"pkt":"HIcsX1wrXKbmnXAsCABFAABvGAZAADMRHQ4YaTkQwKgASQ6MxbEAW4bbAAAAAAAAAAAAAAAAAABAAEsqg3hSe3s95phNudnvfQibOs38xR2pLkVG09Ss9ri5OJJni8tOOzlPJsNzb+raB889CpbXTuIgbs4COoyi16z\/8Gg="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654785317878340,"flow_src_last_pkt_time":1654785317878340,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":83,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785317878340,"l3_proto":"ip4","src_ip":"24.105.57.16","dst_ip":"192.168.0.73","src_port":3724,"dst_port":50609,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -29,7 +29,7 @@ 02324{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1654785317878340,"flow_src_last_pkt_time":1654785318886180,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2479,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785318886180,"l3_proto":"ip4","src_ip":"24.105.57.16","dst_ip":"192.168.0.73","src_port":3724,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1113,"avg":32511.0,"max":62822,"stddev":18812.4,"var":353907232.0,"ent":4.7,"data": [31758,14744,16286,4737,58380,5040,58167,42440,20509,62822,16348,46993,45239,18003,62811,27060,19191,16374,50151,13098,1113,62335,31570,31017,31934,30736,13221,50259,34089,29278,62137]},"pktlen": {"min":48,"avg":105.5,"max":150,"stddev":33.5,"var":1124.4,"ent":4.9,"data": [111,111,48,132,132,103,103,121,121,103,109,109,103,48,150,109,109,48,109,48,150,150,146,48,129,48,138,138,121,48,123,109]},"bins": {"c_to_s": [7,0,16,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.727404118,5.736169815,3.659157991,5.974259377,6.029637337,5.373315811,5.410210133,5.896153450,5.877972126,5.645791054,5.660812855,5.713362217,5.521955967,3.700824261,6.180423737,5.754983425,5.770836353,3.742490768,5.748058796,3.700824261,6.267391682,6.252244949,6.277539730,3.742491007,6.034878731,3.742490768,6.026935577,6.097950459,5.911030293,3.700824499,5.963339806,5.665075302]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1654783675054709,"flow_src_last_pkt_time":1654783675999278,"flow_dst_last_pkt_time":1654783675054709,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785319138383,"l3_proto":"ip4","src_ip":"24.105.57.183","dst_ip":"192.168.0.73","src_port":1119,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":0,"flow_first_seen":1654785317878340,"flow_src_last_pkt_time":1654785319138383,"flow_dst_last_pkt_time":1654785317878340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":122,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3073,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785319138383,"l3_proto":"ip4","src_ip":"24.105.57.16","dst_ip":"192.168.0.73","src_port":3724,"dst_port":50609,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Heroes_of_the_Storm","proto_id":"336","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":5945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1654785319138383} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/hots.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":5945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1654785319138383} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -38,9 +38,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7773949 bytes -~~ total memory freed........: 7773949 bytes -~~ total allocations/frees...: 146493/146493 +~~ total memory allocated....: 11482536 bytes +~~ total memory freed........: 11482536 bytes +~~ total allocations/frees...: 216747/216747 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 540 chars ~~ json string max len.......: 2329 chars diff --git a/test/results/default/hpvirtgrp.pcap.out b/test/results/default/hpvirtgrp.pcap.out index 295fde3b8..02edc44ef 100644 --- a/test/results/default/hpvirtgrp.pcap.out +++ b/test/results/default/hpvirtgrp.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614852331255737} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614852331255737} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614852331255737,"flow_src_last_pkt_time":1614852331255737,"flow_dst_last_pkt_time":1614852331255737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614852331255737,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614852331255737,"flow_dst_last_pkt_time":1614852331255737,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614852331255737,"pkt":"eJS0JASgYDjgxTWgCABFAAA85EJAAD8GMf7AqAJkoCzCQrXqFGfdahKJAAAAAKAC\/\/\/rnAAAAgQFtAQCCAoReGspAAAAAAEDAwg="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614852331255737,"flow_dst_last_pkt_time":1614852331284558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614852331284558,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnteoCmmbE3WoSimASchDc7QAAAgQFrAAA"} @@ -7,7 +7,7 @@ 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1614852331296153,"flow_dst_last_pkt_time":1614852331284558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614852331296153,"pkt":"eJS0JASgYDjgxTWgCABFAACs5ERAAD8GMYzAqAJkoCzCQrXqFGfdahKKAppmxVAY\/\/8HHQAAFgCEAKqIQmLfq0myi1Ms5EEjm+6cqoVS+bxA3bvOHHc5Gr2Pc4fCkAGOamMfQ3uS+B4J5cuhz68jJKVEgot70CvKeNsy83XzEd14C9vITFbQomfEQv2BBG44aXbDk7QFABdKzsf570s20zguGi2FIzxy4bDOl\/aEx4b8vTDa5Lopbwqr"} 00937{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614852331255737,"flow_src_last_pkt_time":1614852331296153,"flow_dst_last_pkt_time":1614852331284558,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614852331296153,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1614852331296153,"flow_dst_last_pkt_time":1614852331324408,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614852331324408,"pkt":"YDjgxTWgeJS0JASgCABFAAAoPalAADQG46ugLMJCwKgCZBRnteoCmmbF3WoTDlAQchD0HgAAAAAAAAAA"} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":522,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1614861892925577} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":522,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1614861892925577} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614861892925577,"flow_src_last_pkt_time":1614861892925577,"flow_dst_last_pkt_time":1614861892925577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614861892925577,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1614861892925577,"flow_dst_last_pkt_time":1614861892925577,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614861892925577,"pkt":"eJS0JASgYDjgxTWgCABFAAA85WdAAD8GMNnAqAJkoCzCQudAFGcyIeJoAAAAAKAC\/\/9iNQAAAgQFtAQCCAoAALAcAAAAAAEDAwg="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1614861892925577,"flow_dst_last_pkt_time":1614861892952589,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614861892952589,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn50AGwaaHMiHiaWASchBDFwAAAgQFrAAA"} @@ -23,7 +23,7 @@ 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1614861998769322,"flow_dst_last_pkt_time":1614861998752102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614861998769322,"pkt":"eJS0JASgYDjgxTWgCABFAACsbURAAD8GqIzAqAJkoCzCQue8FGe3KQNadGbIs1AY\/\/+TrQAAFgCEAAiEIm75Zy9VjUl+5IerSq31im9iiLiR7yC1EKTt3UZUDIvzmJzS8h4KLbNPThmQ1QigRVFIS+UyNjRfUWaAtxQmjZpmMmOXCehX0iRvSqjyAHMyTpdZ0ZK8tTSp4KvvS4Z8D9n4XXG7+pf9mkL4Vd7qfMcpPZN7co6napRCuwTA"} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614861998723587,"flow_src_last_pkt_time":1614861998769322,"flow_dst_last_pkt_time":1614861998752102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614861998769322,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1614861998769322,"flow_dst_last_pkt_time":1614861998797954,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614861998797954,"pkt":"YDjgxTWgeJS0JASgCABFAAAoFkhAADQGCw2gLMJCwKgCZBRn57x0ZsiztykD3lAQchAkAwAAAAAAAAAA"} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1614876808445263} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1614876808445263} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614876808445263,"flow_src_last_pkt_time":1614876808445263,"flow_dst_last_pkt_time":1614876808445263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614876808445263,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1614876808445263,"flow_dst_last_pkt_time":1614876808445263,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614876808445263,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MDtAAD8G5gXAqAJkoCzCQuoQFGeH4ylZAAAAAKAC\/\/91KwAAAgQFtAQCCAoAZP0\/AAAAAAEDAwg="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1614876808445263,"flow_dst_last_pkt_time":1614876808474414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614876808474414,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn6hA0hHo5h+MpWmASchCiHwAAAgQFrAAA"} @@ -33,7 +33,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1614876811615624,"flow_dst_last_pkt_time":1614876811644558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614876811644558,"pkt":"YDjgxTWgeJS0JASgCABFAAAoo01AADQGfgegLMJCwKgCZBRn6hA0hHo6h+Mp3lAQchC5UAAAAAAAAAAA"} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614861892925577,"flow_src_last_pkt_time":1614861898114372,"flow_dst_last_pkt_time":1614861898108226,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614876811951912,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614861998723587,"flow_src_last_pkt_time":1614862060685520,"flow_dst_last_pkt_time":1614862060713776,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614876811951912,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":2088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1614877863379823} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":2088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1614877863379823} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614877863379823,"flow_src_last_pkt_time":1614877863379823,"flow_dst_last_pkt_time":1614877863379823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614877863379823,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1614877863379823,"flow_dst_last_pkt_time":1614877863379823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614877863379823,"pkt":"eJS0JASgYDjgxTWgCABFAAA8nQJAAD8GeT7AqAJkoCzCQpzYFGd4ZLUSAAAAAKAC\/\/8PXgAAAgQFtAQCCAoAcTP+AAAAAAEDAwg="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1614877863379823,"flow_dst_last_pkt_time":1614877863406025,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614877863406025,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnnNj+cl67eGS1E2ASchDErAAAAgQFrAAA"} @@ -41,7 +41,7 @@ 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1614877863430508,"flow_dst_last_pkt_time":1614877863406025,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614877863430508,"pkt":"eJS0JASgYDjgxTWgCABFAACsnQRAAD8GeMzAqAJkoCzCQpzYFGd4ZLUT\/nJevFAY\/\/9h2wAAFgCEAFeCoLQYkZVucFSlTilhAUO4J2Gc\/xNv4bSVAhSEOKUK9H1p9TyCs4HXw0uhyo2PPSWpxWiXGIKnoP1IQOXwjxvjoWs1kUpThTMlaAQYVgOcRiK1tZrmLAdDEfrq3WNHZxnudDyECwqpv67F1VqOqftf2asba7gyuRDMInsQPi\/4"} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614877863379823,"flow_src_last_pkt_time":1614877863430508,"flow_dst_last_pkt_time":1614877863406025,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614877863430508,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1614877863430508,"flow_dst_last_pkt_time":1614877863456632,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614877863456632,"pkt":"YDjgxTWgeJS0JASgCABFAAAorPZAADQGdF6gLMJCwKgCZBRnnNj+cl68eGS1l1AQchDb3QAAAAAAAAAA"} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":2866,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1614880256676767} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":2866,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1614880256676767} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614880256676767,"flow_src_last_pkt_time":1614880256676767,"flow_dst_last_pkt_time":1614880256676767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614880256676767,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1614880256676767,"flow_dst_last_pkt_time":1614880256676767,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614880256676767,"pkt":"eJS0JASgYDjgxTWgCABFAAA87gNAAD8GKD3AqAJkoCzCQosyFGf2oDFeAAAAAKAC\/\/9JKQAAAgQFtAQCCAoAlBEuAAAAAAEDAwg="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1614880256676767,"flow_dst_last_pkt_time":1614880256703598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614880256703598,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnizKJqg+b9qAxX2ASchCfswAAAgQFrAAA"} @@ -49,7 +49,7 @@ 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1614880256732594,"flow_dst_last_pkt_time":1614880256703598,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614880256732594,"pkt":"eJS0JASgYDjgxTWgCABFAACs7gVAAD8GJ8vAqAJkoCzCQosyFGf2oDFfiaoPnFAY\/\/8f0QAAFgCEAJPbSCaIgYJAv72t6+9wMSbhbGCpMIHq4QEiFn9cVpoUpAzAhIkL4Drs1AaCxzLUFgA09j+Bl+RpSUp6DtaLWuhIO9Gnvu5XUzJAq3+jgAYYgyeP7mDgv3z04Kw3cGmW8nIjjnTadh4CWlfCP+aNEWF\/psIZrRbRsmwZNT1hV3yi"} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614880256676767,"flow_src_last_pkt_time":1614880256732594,"flow_dst_last_pkt_time":1614880256703598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614880256732594,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1614880256732594,"flow_dst_last_pkt_time":1614880256758583,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614880256758583,"pkt":"YDjgxTWgeJS0JASgCABFAAAoeIFAADQGqNOgLMJCwKgCZBRnizKJqg+c9qAx41AQchC25AAAAAAAAAAA"} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":3481,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1614892184461059} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":3481,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1614892184461059} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614892184461059,"flow_src_last_pkt_time":1614892184461059,"flow_dst_last_pkt_time":1614892184461059,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614892184461059,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1614892184461059,"flow_dst_last_pkt_time":1614892184461059,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614892184461059,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7JAAD8Gco7AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/8FAAAAgQFtAQCCAoBLLDpAAAAAAEDAwg="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1614892184487051,"flow_dst_last_pkt_time":1614892184461059,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614892184487051,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7NAAD8Gco3AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/4LwAAAgQFtAQCCAoBLLTOAAAAAAEDAwg="} @@ -60,7 +60,7 @@ 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614876808445263,"flow_src_last_pkt_time":1614876926772711,"flow_dst_last_pkt_time":1614876907442799,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614892185660780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1614880256676767,"flow_src_last_pkt_time":1614880490543211,"flow_dst_last_pkt_time":1614880490568599,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":122,"midstream":0,"thread_ts_usec":1614892185660780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1614877863379823,"flow_src_last_pkt_time":1614877864310689,"flow_dst_last_pkt_time":1614877864559887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":621,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614892185660780,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":4061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1614894888601792} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":4061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1614894888601792} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614894888601792,"flow_src_last_pkt_time":1614894888601792,"flow_dst_last_pkt_time":1614894888601792,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614894888601792,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1614894888601792,"flow_dst_last_pkt_time":1614894888601792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614894888601792,"pkt":"eJS0JASgYDjgxTWgCABFAAA8czZAAD8GowrAqAJkoCzCQqY4FGfLLz4YAAAAAKAC\/\/+U4AAAAgQFtAQCCAoBVchmAAAAAAEDAwg="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1614894888601792,"flow_dst_last_pkt_time":1614894888628926,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614894888628926,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpjjVSzZFyy8+GWASchAxGQAAAgQFrAAA"} @@ -68,7 +68,7 @@ 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1614894888640676,"flow_dst_last_pkt_time":1614894888628926,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1614894888640676,"pkt":"eJS0JASgYDjgxTWgCABFAACsczhAAD8GopjAqAJkoCzCQqY4FGfLLz4Z1Us2RlAY\/\/9TSQAAFgCEALAY6sFBRYGCJimG0Yasbc4USwZsJQL+15UsYRSuD34UJT0hT\/I2HwIAh0S2LuxxZ9L1ox\/LsKTAy33IDcyC7gG8qaAvQ8rXlqULmrLWq5FGmibZ+6UKLMjpqZv1GBBNOyGaMw5A5AWqgUlWQ\/HDmuJLLH3YYviE23k6BUVyxAi7"} 00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1614894888601792,"flow_src_last_pkt_time":1614894888640676,"flow_dst_last_pkt_time":1614894888628926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614894888640676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1614894888640676,"flow_dst_last_pkt_time":1614894888667157,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1614894888667157,"pkt":"YDjgxTWgeJS0JASgCABFAAAojUpAADQGlAqgLMJCwKgCZBRnpjjVSzZGyy8+nVAQchBISgAAAAAAAAAA"} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":4583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_usec":1614898090218683} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":4583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_usec":1614898090218683} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614898090218683,"flow_src_last_pkt_time":1614898090218683,"flow_dst_last_pkt_time":1614898090218683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614898090218683,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1614898090218683,"flow_dst_last_pkt_time":1614898090218683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1614898090218683,"pkt":"eJS0JASgYDjgxTWgCABFAAA8EFJAAD8GBe\/AqAJkoCzCQqcMFGeOCpYjAAAAAKAC\/\/+UDgAAAgQFtAQCCAoBYq1xAAAAAAEDAwg="} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1614898090218683,"flow_dst_last_pkt_time":1614898090245916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1614898090245916,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpwwosEHQjgqWJGASchC2bwAAAgQFrAAA"} @@ -79,7 +79,7 @@ 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614894888601792,"flow_src_last_pkt_time":1614895277741473,"flow_dst_last_pkt_time":1614895277767885,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614898324173693,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614898090218683,"flow_src_last_pkt_time":1614898324146735,"flow_dst_last_pkt_time":1614898324173693,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":365,"flow_dst_tot_l4_payload_len":157,"midstream":0,"thread_ts_usec":1614898324173693,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1614892184461059,"flow_src_last_pkt_time":1614892314018583,"flow_dst_last_pkt_time":1614892314046506,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":163,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":87,"midstream":0,"thread_ts_usec":1614898324173693,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HP_VIRTGRP","proto_id":"256","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":135,"packets-processed":135,"total-skipped-flows":0,"total-l4-payload-len":5105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":82,"global_ts_usec":1614898324173693} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/hpvirtgrp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":135,"packets-processed":135,"total-skipped-flows":0,"total-l4-payload-len":5105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":82,"global_ts_usec":1614898324173693} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 135/135 ~~ skipped flows.............: 0 @@ -88,9 +88,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7806312 bytes -~~ total memory freed........: 7806312 bytes -~~ total allocations/frees...: 146604/146604 +~~ total memory allocated....: 11514803 bytes +~~ total memory freed........: 11514803 bytes +~~ total allocations/frees...: 216858/216858 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 533 chars ~~ json string max len.......: 986 chars diff --git a/test/results/default/hsrp0.pcap.out b/test/results/default/hsrp0.pcap.out index 808de8358..e42655a42 100644 --- a/test/results/default/hsrp0.pcap.out +++ b/test/results/default/hsrp0.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1126551970888102} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1126551970888102} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551970888102,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551970888102,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_usec":1126551970888102,"pkt":"AQBeAAACAAAMB6wKgQAACggARcAAMAAAAAABESXiChyo\/eAAAAIHwQfBABw\/0wAAEAMKWgoAY2lzY28AAAAKHKj+"} 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551970888102,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551970888102,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -16,7 +16,7 @@ 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971000101,"flow_src_last_pkt_time":1126551971000101,"flow_dst_last_pkt_time":1126551971000101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551971931931,"flow_src_last_pkt_time":1126551971931931,"flow_dst_last_pkt_time":1126551971931931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00959{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1126551970888102,"flow_src_last_pkt_time":1126551970888102,"flow_dst_last_pkt_time":1126551970888102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1126551971931931,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":80,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1126551971931931} +00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hsrp0.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":80,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1126551971931931} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7773201 bytes -~~ total memory freed........: 7773201 bytes -~~ total allocations/frees...: 146404/146404 +~~ total memory allocated....: 11481772 bytes +~~ total memory freed........: 11481772 bytes +~~ total allocations/frees...: 216658/216658 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 543 chars ~~ json string max len.......: 964 chars diff --git a/test/results/default/hsrp2.pcap.out b/test/results/default/hsrp2.pcap.out index 9649f5fb2..06f1900c3 100644 --- a/test/results/default/hsrp2.pcap.out +++ b/test/results/default/hsrp2.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643795481192281} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643795481192281} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481192281,"flow_src_last_pkt_time":1643795481192281,"flow_dst_last_pkt_time":1643795481192281,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481192281,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643795481192281,"flow_dst_last_pkt_time":1643795481192281,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643795481192281,"pkt":"AQBeAABmcA9q7\/W\/CABFwABQAAAAAP8R88QKNNx94AAAZgfBB8EAPOmuASgCAAUEA5hwD2rv9b8AAABaAAALuAAAJxAKNNx+AAAAAAAAAAAAAAAAAwhjaXNjbwAAAA=="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481192281,"flow_src_last_pkt_time":1643795481192281,"flow_dst_last_pkt_time":1643795481192281,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481192281,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -8,7 +8,7 @@ 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481220314,"flow_src_last_pkt_time":1643795481220314,"flow_dst_last_pkt_time":1643795481220314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481220314,"l3_proto":"ip4","src_ip":"10.52.253.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481220314,"flow_src_last_pkt_time":1643795481220314,"flow_dst_last_pkt_time":1643795481220314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481220314,"l3_proto":"ip4","src_ip":"10.52.253.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643795481192281,"flow_src_last_pkt_time":1643795481192281,"flow_dst_last_pkt_time":1643795481192281,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643795481220314,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1643795481220314} +00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hsrp2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1643795481220314} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7768903 bytes -~~ total memory freed........: 7768903 bytes -~~ total allocations/frees...: 146382/146382 +~~ total memory allocated....: 11477506 bytes +~~ total memory freed........: 11477506 bytes +~~ total allocations/frees...: 216636/216636 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 566 chars ~~ json string max len.......: 966 chars diff --git a/test/results/default/hsrp2_ipv6.pcapng.out b/test/results/default/hsrp2_ipv6.pcapng.out index 0ce99bd58..b810f18cf 100644 --- a/test/results/default/hsrp2_ipv6.pcapng.out +++ b/test/results/default/hsrp2_ipv6.pcapng.out @@ -1,5 +1,5 @@ -00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1589369101819741} +00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1589369101819741} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369101819741,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369101819741,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1589369101819741,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_usec":1589369101819741,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAIAgQAAAAB"} 01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369101819741,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369101819741,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -20,7 +20,7 @@ 01095{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1589369104269870,"flow_src_last_pkt_time":1589369219022262,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":750,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369219022262,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1589369104269870,"flow_src_last_pkt_time":1589369235852564,"flow_dst_last_pkt_time":1589369104269870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":900,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369240383629,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1589369101819741,"flow_src_last_pkt_time":1589369240383629,"flow_dst_last_pkt_time":1589369101819741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1098,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589369240383629,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HSRP","proto_id":"282","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":36,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":1998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1589369240383629} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hsrp2_ipv6.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":36,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":1998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1589369240383629} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 36/36 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769889 bytes -~~ total memory freed........: 7769889 bytes -~~ total allocations/frees...: 146416/146416 +~~ total memory allocated....: 11478492 bytes +~~ total memory freed........: 11478492 bytes +~~ total allocations/frees...: 216670/216670 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 560 chars ~~ json string max len.......: 1100 chars diff --git a/test/results/default/http-crash-content-disposition.pcap.out b/test/results/default/http-crash-content-disposition.pcap.out index cf2c1e66a..95c41f031 100644 --- a/test/results/default/http-crash-content-disposition.pcap.out +++ b/test/results/default/http-crash-content-disposition.pcap.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1492518365663977} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1492518365663977} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492518365663977,"flow_src_last_pkt_time":1492518365663977,"flow_dst_last_pkt_time":1492518365663977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492518365663977,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1492518365663977,"flow_dst_last_pkt_time":1492518365663977,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1492518365663977,"pkt":"RQAAPNS7QABABvZlwKgAZ66BAArH4wBQe0WpbgAAAACgAjkINI0AAAIEBbQEAggKABR91QAAAAABAwMG"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1492518365663977,"flow_dst_last_pkt_time":1492518365767814,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1492518365767814,"pkt":"RQAAPAAAQAAtBt4hroEACsCoAGcAUMfjkVcfantFqW+gEjiQ\/PYAAAIEBawEAggKK6FboQAUfdUBAwMH"} @@ -8,7 +8,7 @@ 01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492518365663977,"flow_src_last_pkt_time":1492518365809063,"flow_dst_last_pkt_time":1492518365767814,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":428,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":428,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492518365809063,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"khu.sh","http": {"url":"khu.sh\/imessages.php?songify_a=3h248fIbwJ&new","code":0,"content_type":"","user_agent":"Apache-HttpClient\/UNAVAILABLE (java 1.4)","request_content_type":"text\/plain"}}} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1492518365809375,"flow_dst_last_pkt_time":1492518365767814,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":99,"pkt_l4_len":79,"thread_ts_usec":1492518365809375,"pkt":"RQAAY9S+QABABvY7wKgAZ66BAArH4wBQe0WrG5FXH2uAGADlbXAAAAEBCAoAFH3uK6FboQ0KLS01djdMaGJuYTJyZXdIcmowZV9GOHdyMFdBVlRwWTkzRVQ5aVFIRHktLQ0K"} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1492518365663977,"flow_src_last_pkt_time":1492518365809375,"flow_dst_last_pkt_time":1492518365968183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":428,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":475,"flow_dst_tot_l4_payload_len":2369,"midstream":0,"thread_ts_usec":1492518365968183,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"174.129.0.10","src_port":51171,"dst_port":80,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":2844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1492518365968183} +00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/http-crash-content-disposition.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":2844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1492518365968183} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767164 bytes -~~ total memory freed........: 7767164 bytes -~~ total allocations/frees...: 146387/146387 +~~ total memory allocated....: 11475783 bytes +~~ total memory freed........: 11475783 bytes +~~ total allocations/frees...: 216641/216641 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 552 chars ~~ json string max len.......: 1157 chars diff --git a/test/results/default/http-lines-split.pcap.out b/test/results/default/http-lines-split.pcap.out index 2a573462c..616da06e9 100644 --- a/test/results/default/http-lines-split.pcap.out +++ b/test/results/default/http-lines-split.pcap.out @@ -1,5 +1,5 @@ -00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1593713340401681} +00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1593713340401681} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593713340401681,"flow_src_last_pkt_time":1593713340401681,"flow_dst_last_pkt_time":1593713340401681,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593713340401681,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1593713340401681,"flow_dst_last_pkt_time":1593713340401681,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1593713340401681,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0t6tAAHkGyLLAqAABwKgAFJlEemkrolmxAAAAAIAC+vBZugAAAgQFtAEBBAIBAwMG"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1593713340401681,"flow_dst_last_pkt_time":1593713340401724,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1593713340401724,"pkt":"YDjgxTWgABjzZLGICABFAAA0AABAALIGR17AqAAUwKgAAXppmUT8ca\/AK6JZsoAS+vCBjAAAAgQFtAEBBAIBAwMH"} @@ -9,7 +9,7 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1593713340402042,"flow_dst_last_pkt_time":1593713340402061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1593713340402061,"pkt":"YDjgxTWgABjzZLGICABFAAAoPVdAALIGChPAqAAUwKgAAXppmUT8ca\/BK6JZ2FAQAfaBgAAA"} 01180{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1593713340401681,"flow_src_last_pkt_time":1593713340402236,"flow_dst_last_pkt_time":1593713340402061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593713340402236,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"toni.lan","http": {"url":"toni.lan:31337\/","code":0,"content_type":"","user_agent":"uclient-fetch"}}} 01104{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1593713340401681,"flow_src_last_pkt_time":1593713340404575,"flow_dst_last_pkt_time":1593713340404597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":1632,"midstream":0,"thread_ts_usec":1593713340404597,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":1699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1593713340404597} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/http-lines-split.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":1699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1593713340404597} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767217 bytes -~~ total memory freed........: 7767217 bytes -~~ total allocations/frees...: 146388/146388 +~~ total memory allocated....: 11475836 bytes +~~ total memory freed........: 11475836 bytes +~~ total allocations/frees...: 216642/216642 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 539 chars ~~ json string max len.......: 1273 chars diff --git a/test/results/default/http-manipulated.pcap.out b/test/results/default/http-manipulated.pcap.out index 417131edc..5ed4803d7 100644 --- a/test/results/default/http-manipulated.pcap.out +++ b/test/results/default/http-manipulated.pcap.out @@ -1,5 +1,5 @@ -00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946727901369326} +00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946727901369326} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946727901369326,"flow_src_last_pkt_time":946727901369326,"flow_dst_last_pkt_time":946727901369326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946727901369326,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946727901369326,"flow_dst_last_pkt_time":946727901369326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946727901369326,"pkt":"0h+5iIqPABjzZLGICABFAAA0umlAAI8Gr+7AqAAUwKgAB4NgH5BugXMeAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946727901369326,"flow_dst_last_pkt_time":946727901369648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946727901369648,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg2CKV04jboFzH4AS+vCVmQAAAgQFtAEBBAIBAwMG"} @@ -7,7 +7,7 @@ 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":946727901369701,"flow_dst_last_pkt_time":946727901369648,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":946727901369701,"pkt":"0h+5iIqPABjzZLGICABFAAB0umtAAI8Gr6zAqAAUwKgAB4NgH5BugXMfildOJFAYAfaB0gAAR0VUIC8gSFRUUC8xLjENCmhPc1Q6d3d3dy5sYW46ODA4MA0KVXNlci1BZ2VudDogY3VybC83LjY0LjANCkFjY2VwdDogKi8qDQoNCg=="} 01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":946727901369326,"flow_src_last_pkt_time":946727901369701,"flow_dst_last_pkt_time":946727901369648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946727901369701,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"wwww.lan","http": {"url":"wwww.lan:8080\/","code":0,"content_type":"","user_agent":"curl\/7.64.0"}}} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":946727901369701,"flow_dst_last_pkt_time":946727901369854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":946727901369854,"pkt":"ABjzZLGI0h+5iIqPCABFAAAoC+pAAEAGrXrAqAAHwKgAFB+Qg2CKV04kboFza1AQA+vNJAAAAAAAAAAA"} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":946729142063151} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":946729142063151} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946729142063151,"flow_src_last_pkt_time":946729142063151,"flow_dst_last_pkt_time":946729142063151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946729142063151,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946729142063151,"flow_dst_last_pkt_time":946729142063151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946729142063151,"pkt":"0h+5iIqPABjzZLGICABFAAA0svlAAL4GiF7AqAAUwKgAB4OUH5ARN20zAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":946729142063151,"flow_dst_last_pkt_time":946729142063378,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946729142063378,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg5SNfRmbETdtNIAS+vAp\/QAAAgQFtAEBBAIBAwMG"} @@ -17,7 +17,7 @@ 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":946729142063498,"flow_dst_last_pkt_time":946729142063714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":946729142063714,"pkt":"ABjzZLGI0h+5iIqPCABFAAAoDhZAAEAGq07AqAAHwKgAFB+Qg5SNfRmcETdutlAQA+pgUwAAAAAAAAAA"} 01097{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":946727901369326,"flow_src_last_pkt_time":946727901370537,"flow_dst_last_pkt_time":946727901370531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":577,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":577,"midstream":0,"thread_ts_usec":946729142137586,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":946729142063151,"flow_src_last_pkt_time":946729142137542,"flow_dst_last_pkt_time":946729142137586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":5840,"flow_src_tot_l4_payload_len":721,"flow_dst_tot_l4_payload_len":41457,"midstream":0,"thread_ts_usec":946729142137586,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":40,"packets-processed":40,"total-skipped-flows":0,"total-l4-payload-len":42831,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":946729142137586} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/http-manipulated.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":40,"packets-processed":40,"total-skipped-flows":0,"total-l4-payload-len":42831,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":946729142137586} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 40/40 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7770306 bytes -~~ total memory freed........: 7770306 bytes -~~ total allocations/frees...: 146433/146433 +~~ total memory allocated....: 11478909 bytes +~~ total memory freed........: 11478909 bytes +~~ total allocations/frees...: 216687/216687 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 536 chars ~~ json string max len.......: 1297 chars diff --git a/test/results/default/http-proxy.pcapng.out b/test/results/default/http-proxy.pcapng.out index 75141317b..557b143b1 100644 --- a/test/results/default/http-proxy.pcapng.out +++ b/test/results/default/http-proxy.pcapng.out @@ -1,5 +1,5 @@ -00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631403550651097} +00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631403550651097} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631403550651097,"flow_src_last_pkt_time":1631403550651097,"flow_dst_last_pkt_time":1631403550651097,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631403550651097,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1241,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631403550651097,"flow_dst_last_pkt_time":1631403550651097,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631403550651097,"pkt":"AAwpTU5kKBaoBOm8CABFAAA0dTpAAIAGAUDAqAFnwKgBkgTZH5Av6J9fAAAAAIAC+vD8JAAAAgQFtAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1631403550651097,"flow_dst_last_pkt_time":1631403550651156,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631403550651156,"pkt":"KBaoBOm8AAwpTU5kCABFAAA0AABAAEAGtnrAqAGSwKgBZx+QBNkyQHzDL+ifYIAS+vCEcAAAAgQFtAEBBAIBAwMH"} @@ -8,7 +8,7 @@ 01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1631403550651097,"flow_src_last_pkt_time":1631403550652392,"flow_dst_last_pkt_time":1631403550651156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":294,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631403550652392,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1241,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"http.com","http": {"url":"http:\/\/http.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko\/20100101 Firefox\/91.0","detected_os":"Windows 10"}}} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1631403550652392,"flow_dst_last_pkt_time":1631403550654092,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1631403550654092,"pkt":"KBaoBOm8AAwpTU5kCABFAAAoVkZAAEAGYEDAqAGSwKgBZx+QBNkyQHzEL+ighlAQAfWEZAAA"} 00977{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1631403550651097,"flow_src_last_pkt_time":1631403555894600,"flow_dst_last_pkt_time":1631403555894620,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":294,"flow_dst_max_l4_payload_len":716,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":716,"midstream":0,"thread_ts_usec":1631403555894620,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1241,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP_Proxy","proto_id":"131","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":1010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1631403555894620} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/http-proxy.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":1010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1631403555894620} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767220 bytes -~~ total memory freed........: 7767220 bytes -~~ total allocations/frees...: 146387/146387 +~~ total memory allocated....: 11475839 bytes +~~ total memory freed........: 11475839 bytes +~~ total allocations/frees...: 216641/216641 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 534 chars ~~ json string max len.......: 1150 chars diff --git a/test/results/default/http2.pcapng.out b/test/results/default/http2.pcapng.out new file mode 100644 index 000000000..b1d7c7b77 --- /dev/null +++ b/test/results/default/http2.pcapng.out @@ -0,0 +1,26 @@ +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591863460344658} +00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591863460344658,"flow_src_last_pkt_time":1591863460344658,"flow_dst_last_pkt_time":1591863460344658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591863460344658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37824,"dst_port":29518,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} +00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591863460344658,"flow_dst_last_pkt_time":1591863460344658,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":132,"pkt_l4_len":96,"thread_ts_usec":1591863460344658,"pkt":"AAADBAAGAAAAAAAA\/\/8IAEUAAHTWREAAQAZmPX8AAAF\/AAABk8BzThxFL\/aifuWbgBgCAP5oAAABAQgK5nwLseZ8C7FQUkkgKiBIVFRQLzIuMA0KDQpTTQ0KDQoAABIEAAAAAAAAAgAAAAAABABAAAAABgCgAAAAAAQIAAAAAABAAAAA"} +01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591863460344658,"flow_src_last_pkt_time":1591863460344658,"flow_dst_last_pkt_time":1591863460344658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1591863460344658,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37824,"dst_port":29518,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP2","proto_id":"349","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}} +00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1591863460344713,"flow_dst_last_pkt_time":1591863460344658,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":170,"pkt_l4_len":134,"thread_ts_usec":1591863460344713,"pkt":"AAADBAAGAAAAAAAA\/\/8IAEUAAJrWRUAAQAZmFn8AAAF\/AAABk8BzThxFMDaifuWbgBgCAP6OAAABAQgK5nwLseZ8C7EAAF0BBAAAAANBiwidXAuBcNwT7YXvg0WTYqHTKsQ9NLHcLCLY0EsNWkx6kYZfix110GINJj1MdEHqU4sdddBiDSY9THRB6nqT1Vlqh15FsRai2DSexgK4FwMTH1wDMTM1UIOb2as="} +00744{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1591863460344734,"flow_dst_last_pkt_time":1591863460344658,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":212,"pkt_l4_len":176,"thread_ts_usec":1591863460344734,"pkt":"AAADBAAGAAAAAAAA\/\/8IAEUAAMTWRkAAQAZl638AAAF\/AAABk8BzThxFMJyifuWbgBgCAP64AAABAQgK5nwLseZ8C7EAAIcAAQAAAAN7ImFtZlN0YXR1c1VyaSI6Imh0dHA6Ly8xMjcuMC4wLjE6Mjk1MDcvbnBjZi1jYWxsYmFjay92MS9hbWZzdGF0dXMiLCJndWFtaUxpc3QiOlt7InBsbW5JZCI6eyJtY2MiOiIyMDgiLCJtbmMiOiI5MyJ9LCJhbWZJZCI6ImNhZmUwMCJ9XX0="} +00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1591863460344734,"flow_dst_last_pkt_time":1591863460344901,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":101,"pkt_l4_len":65,"thread_ts_usec":1591863460344901,"pkt":"AAADBAAGAAAAAAAA\/\/8IAEUAAFUcL0AAQAYgcn8AAAF\/AAABc06TwKJ+5ZscRTEsgBgCAP5JAAABAQgK5nwLseZ8C7EAABgEAAAAAAAABQAQAAAAAwAAAPoABgAQAUAABAAQAAA="} +00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1591863460344734,"flow_dst_last_pkt_time":1591863460344921,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":90,"pkt_l4_len":54,"thread_ts_usec":1591863460344921,"pkt":"AAADBAAGAAAAAAAA\/\/8IAEUAAEocMEAAQAYgfH8AAAF\/AAABc06TwKJ+5bwcRTEsgBgCAP4+AAABAQgK5nwLseZ8C7EAAAAEAQAAAAAAAAQIAAAAAAAADwAB"} +01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1591863460344658,"flow_src_last_pkt_time":1591863460346370,"flow_dst_last_pkt_time":1591863460348007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":272,"midstream":1,"thread_ts_usec":1591863460348007,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37824,"dst_port":29518,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP2","proto_id":"349","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":591,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1591863460348007} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 10/10 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 591 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 11477710 bytes +~~ total memory freed........: 11477710 bytes +~~ total allocations/frees...: 216636/216636 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 568 chars +~~ json string max len.......: 1087 chars +~~ json string avg len.......: 819 chars diff --git a/test/results/default/http_asymmetric.pcapng.out b/test/results/default/http_asymmetric.pcapng.out index d62ac5246..b7823ed5d 100644 --- a/test/results/default/http_asymmetric.pcapng.out +++ b/test/results/default/http_asymmetric.pcapng.out @@ -1,5 +1,5 @@ -00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631378210394414} +00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631378210394414} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394414,"flow_src_last_pkt_time":1631378210394414,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210394414,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":1044,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631378210394414,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631378210394414,"pkt":"AAwpnvCVKBao9vgDCABFAAA0WexAAIAGAADAqAABCgoKAQQUAFAzLWQXAAAAAIAC+vADxAAAAgQFtAEDAwgBAQQC"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378210394789,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378210394789,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -16,7 +16,7 @@ 01006{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1631378210486956,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":403,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":403,"pkt_l4_len":369,"thread_ts_usec":1631378210486956,"pkt":"AAwpnvCVKBao9vgDCABFAAGFWfBAAIAGAADAqAABCgoKAQQUAFAzLWWE71XjVlAYBAI8mgAAR0VUIC9pY29ucy91YnVudHUtbG9nby5wbmcgSFRUUC8xLjENCkhvc3Q6IHByb3h5LndpcmVzaGFya2Zlc3QuYWNyb3BvbGlzLmxvY2FsDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjo5MS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzkxLjANCkFjY2VwdDogaW1hZ2Uvd2VicCwqLyoNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KRE5UOiAxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpSZWZlcmVyOiBodHRwOi8vcHJveHkud2lyZXNoYXJrZmVzdC5hY3JvcG9saXMubG9jYWwvDQoNCg=="} 01303{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394789,"flow_src_last_pkt_time":1631378215504945,"flow_dst_last_pkt_time":1631378210394789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378215504945,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1631378210394414,"flow_src_last_pkt_time":1631378215504662,"flow_dst_last_pkt_time":1631378210394414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631378215504945,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":1044,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":8665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1631378215504945} +00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/http_asymmetric.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":8665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1631378215504945} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 23/23 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7770184 bytes -~~ total memory freed........: 7770184 bytes -~~ total allocations/frees...: 146424/146424 +~~ total memory allocated....: 11478787 bytes +~~ total memory freed........: 11478787 bytes +~~ total allocations/frees...: 216678/216678 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 539 chars ~~ json string max len.......: 2520 chars diff --git a/test/results/default/http_auth.pcap.out b/test/results/default/http_auth.pcap.out index 3803e98ce..6b362ae43 100644 --- a/test/results/default/http_auth.pcap.out +++ b/test/results/default/http_auth.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1381844050222515} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1381844050222515} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844050222515,"flow_dst_last_pkt_time":1381844050222515,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1381844050222515,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1381844050222515,"flow_dst_last_pkt_time":1381844050222515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1381844050222515,"pkt":"TBfruiThKM\/pITwrCABFAABARSdAAEAGtjzAqAAEwP69qdRBAFCa4jGyAAAAALAC\/\/8jTAAAAgQFtAEDAwQBAQgKH38TuAAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1381844050222515,"flow_dst_last_pkt_time":1381844050402547,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1381844050402547,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EEDZtH9muIxs6ASOJA\/hAAAAgQFtAQCCAowzbX3H38TuAEDAwc="} @@ -9,7 +9,7 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1381844050402794,"flow_dst_last_pkt_time":1381844050596540,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1381844050596540,"pkt":"KM\/pITwrTBfruiThCABFAAA0Z\/RAADgGm3vA\/r2pwKgABABQ1EEDZtH+muI0loAQAH2ivAAAAQEICjDNtgoffxRp"} 02423{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844057134728,"flow_dst_last_pkt_time":1381844055865656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":17637,"midstream":0,"thread_ts_usec":1381844057134728,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":139,"avg":405011.4,"max":4861829,"stddev":1193509.9,"var":1424465723392.0,"ent":2.2,"data": [180032,180140,139,193993,206403,1322,401505,596,594,735,724,4027,4555,8666,4603,3019,7560,3303,5323,8621,158972,3971,162953,3627,4243,7859,2612,2607,4861805,4861829,1269016]},"pktlen": {"min":52,"avg":626.9,"max":1500,"stddev":665.6,"var":443042.2,"ent":4.1,"data": [64,60,52,791,52,1500,537,52,131,52,274,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,975,52,52,52,52]},"bins": {"c_to_s": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,0,0],"entropies": [4.441382408,5.118823051,5.130219936,5.854406357,5.046594620,5.442737579,5.621041775,5.077241421,5.402398586,5.024262905,5.623777390,5.077241421,5.441255569,5.120078564,4.955154419,5.048518181,5.069016457,5.130219936,5.089414597,5.056834221,5.053296566,5.097548008,5.174168587,5.115702629,5.356103420,5.382487297,5.046594620,5.653643131,5.038779736,5.046595097,5.130219936,5.085056305]},"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01194{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":19,"flow_first_seen":1381844050222515,"flow_src_last_pkt_time":1381844057134728,"flow_dst_last_pkt_time":1381844057320871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":739,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":739,"flow_dst_tot_l4_payload_len":17637,"midstream":0,"thread_ts_usec":1381844057320871,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":18376,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1381844057320871} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/http_auth.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":18376,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1381844057320871} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 33/33 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767955 bytes -~~ total memory freed........: 7767955 bytes -~~ total allocations/frees...: 146411/146411 +~~ total memory allocated....: 11476574 bytes +~~ total memory freed........: 11476574 bytes +~~ total allocations/frees...: 216665/216665 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 550 chars ~~ json string max len.......: 2428 chars diff --git a/test/results/default/http_connect.pcap.out b/test/results/default/http_connect.pcap.out index 823a9839c..9a17f120f 100644 --- a/test/results/default/http_connect.pcap.out +++ b/test/results/default/http_connect.pcap.out @@ -1,5 +1,5 @@ -00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631454722864133} +00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631454722864133} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631454722864133,"flow_src_last_pkt_time":1631454722864133,"flow_dst_last_pkt_time":1631454722864133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631454722864133,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631454722864133,"flow_dst_last_pkt_time":1631454722864133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631454722864133,"pkt":"AAwpTU5kKBaoBOm8CABFAAA0iNFAAIAG7ajAqAFnwKgBkgayH5A7mDABAAAAAIAC+vBd+gAAAgQFtAEDAwgBAQQC"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1631454722864133,"flow_dst_last_pkt_time":1631454722864165,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1631454722864165,"pkt":"KBaoBOm8AAwpTU5kCABFAAA0AABAAEAGtnrAqAGSwKgBZx+QBrLnDc0lO5gwAoAS+vCEcAAAAgQFtAEBBAIBAwMH"} @@ -25,7 +25,7 @@ 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1631454722867400,"flow_src_last_pkt_time":1631454722867400,"flow_dst_last_pkt_time":1631454722867500,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":55,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":55,"midstream":0,"thread_ts_usec":1631454722977251,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.2","src_port":47767,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":30,"flow_first_seen":1631454722867862,"flow_src_last_pkt_time":1631454722977215,"flow_dst_last_pkt_time":1631454722977251,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1384,"flow_src_tot_l4_payload_len":1701,"flow_dst_tot_l4_payload_len":30951,"midstream":0,"thread_ts_usec":1631454722977251,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"151.101.2.132","src_port":35968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":22,"flow_first_seen":1631454722864133,"flow_src_last_pkt_time":1631454722976969,"flow_dst_last_pkt_time":1631454722977036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":5536,"flow_src_tot_l4_payload_len":1904,"flow_dst_tot_l4_payload_len":22723,"midstream":0,"thread_ts_usec":1631454722977251,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.146","src_port":1714,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP_Connect","proto_id":"130","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":57373,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1631454722977251} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/http_connect.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":57373,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1631454722977251} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7789664 bytes -~~ total memory freed........: 7789664 bytes -~~ total allocations/frees...: 146503/146503 +~~ total memory allocated....: 11498251 bytes +~~ total memory freed........: 11498251 bytes +~~ total allocations/frees...: 216757/216757 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 535 chars ~~ json string max len.......: 2168 chars diff --git a/test/results/default/http_guessed_host_and_guessed.pcapng.out b/test/results/default/http_guessed_host_and_guessed.pcapng.out index ff9e19f03..0b2439e26 100644 --- a/test/results/default/http_guessed_host_and_guessed.pcapng.out +++ b/test/results/default/http_guessed_host_and_guessed.pcapng.out @@ -1,10 +1,10 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1662455432036237} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1662455432036237} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1662455432036237,"flow_src_last_pkt_time":1662455432036237,"flow_dst_last_pkt_time":1662455432036237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1662455432036237,"l3_proto":"ip4","src_ip":"170.33.13.5","dst_ip":"192.168.0.1","src_port":110,"dst_port":179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1662455432036237,"flow_dst_last_pkt_time":1662455432036237,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":1662455432036237,"pkt":"AAEC+XM\/AAAA511OCABFSABtI0VAAOcG+C2qIQ0FwKgAAQBuALMAAGWhAAAAxaD\/\/\/9CugAAAgT+OgQCCArnAWpiC3VqYgEDAw6Eya9BxX8AAPZJNc84IkHxNiBIVFRQLzEuMQ0KSG9zdDogcG9ybmh1Yi5jb20NCg0K"} 01338{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1662455432036237,"flow_src_last_pkt_time":1662455432036237,"flow_dst_last_pkt_time":1662455432036237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1662455432036237,"l3_proto":"ip4","src_ip":"170.33.13.5","dst_ip":"192.168.0.1","src_port":110,"dst_port":179,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"POP3","proto_id":"2","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","pop": {"user":"","password":"","auth_failed":0}}} 00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1662455432036237,"flow_src_last_pkt_time":1662455432036237,"flow_dst_last_pkt_time":1662455432036237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1662455432036237,"l3_proto":"ip4","src_ip":"170.33.13.5","dst_ip":"192.168.0.1","src_port":110,"dst_port":179,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":49,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1662455432036237} +00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_guessed_host_and_guessed.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":49,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1662455432036237} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7768850 bytes -~~ total memory freed........: 7768850 bytes -~~ total allocations/frees...: 146374/146374 +~~ total memory allocated....: 11477469 bytes +~~ total memory freed........: 11477469 bytes +~~ total allocations/frees...: 216628/216628 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 592 chars ~~ json string max len.......: 1343 chars diff --git a/test/results/default/http_invalid_server.pcap.out b/test/results/default/http_invalid_server.pcap.out index 2a0cffe08..6d7761347 100644 --- a/test/results/default/http_invalid_server.pcap.out +++ b/test/results/default/http_invalid_server.pcap.out @@ -1,5 +1,5 @@ -00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1689351610492040} +00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1689351610492040} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610492040,"flow_dst_last_pkt_time":1689351610492040,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1689351610492040,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1689351610492040,"flow_dst_last_pkt_time":1689351610492040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1689351610492040,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdj8wOt8lQAFD6kEYtAAAAALAC\/\/9gewAAAgQFtAEDAwYBAQgKTnqLxQAAAAAEAgAA"} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1689351610492040,"flow_dst_last_pkt_time":1689351610504245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1689351610504245,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAAPIGKHOPzA63wKgBHQBQyVB61nu9+pBGLqAS\/\/+ARwAAAgQFoAQCCAoTAnk8TnqLxQEDAwk="} @@ -9,7 +9,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610516723,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1689351610516723,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA07CcAAPIGfFOPzA63wKgBHQBQyVB61nu++pBGgIAQAICuFwAAAQEIChMCeUhOeovR"} 01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610504451,"flow_dst_last_pkt_time":1689351610516826,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":402,"midstream":0,"thread_ts_usec":1689351610516826,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web","hostname":"ocsp.rootg2.amazontrust.com","http": {"url":"ocsp.rootg2.amazontrust.com\/","code":200,"content_type":"application\/ocsp-response","user_agent":"**"}}} 01208{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1689351610492040,"flow_src_last_pkt_time":1689351610530140,"flow_dst_last_pkt_time":1689351610529997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":402,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":407,"midstream":0,"thread_ts_usec":1689351610530140,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"143.204.14.183","src_port":51536,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"14": {"risk":"HTTP Susp Header","severity":"High","risk_score": {"total":450,"client":405,"server":45}}},"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":5,"category":"Web"}} -00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1689351610530140} +00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/http_invalid_server.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1689351610530140} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767207 bytes -~~ total memory freed........: 7767207 bytes -~~ total allocations/frees...: 146389/146389 +~~ total memory allocated....: 11475826 bytes +~~ total memory freed........: 11475826 bytes +~~ total allocations/frees...: 216643/216643 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 557 chars ~~ json string max len.......: 1344 chars diff --git a/test/results/default/http_ipv6.pcap.out b/test/results/default/http_ipv6.pcap.out index 82aba1bf0..8bdb77597 100644 --- a/test/results/default/http_ipv6.pcap.out +++ b/test/results/default/http_ipv6.pcap.out @@ -1,15 +1,15 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1448269123954061} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1448269123954061} 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1448269123954061,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123954061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269123954061,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123954061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269123954061,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAYIBAAAAAAAACAOnk4Bu0sl6VcU0QFTgBAA8iVzAAABAQgKEg1o4A\/E+0k="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123971846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269123971846,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggEAAAAAAAAIA4qAA1AAAEAA3qswP\/+pw1MAbueThTRAVNLJelYgBABCVvaAAABAQgKD8WrNBINPNs="} 00811{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1448269127395120,"flow_src_last_pkt_time":1448269127395120,"flow_dst_last_pkt_time":1448269127395120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":182,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269127395120,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1448269127395120,"flow_dst_last_pkt_time":1448269127395120,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":268,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":268,"pkt_l4_len":214,"thread_ts_usec":1448269127395120,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAANYGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXozABuw3EcnAKcmsggBgBYRYsAAABAQgKEg1sPOPdU5wXAwMAsUohbF6hqm2iPbr5acUercfvDKKXo6eRxQREALqHMULPkKcrij9I+s937a+Ptj\/48lLHQ1Wb3SgwI5IkBSOhrv6IVrq\/yOhvf7XOjabBqvbdcaHqf1DGDHgPPOpYr+dJO5wcSH25xkyZHXLU0QNqpczDg7dKCMPOVcOltspkl5ZzoyNyh0jvlmeYCBWg6kXBip25FBniFP0s4NZksUmy3aWhoSbUDQ+LvhRDb4xtwZyJTw=="} -01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1448269127395120,"flow_src_last_pkt_time":1448269127395120,"flow_dst_last_pkt_time":1448269127395120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":182,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269127395120,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1448269127395120,"flow_src_last_pkt_time":1448269127395120,"flow_dst_last_pkt_time":1448269127395120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":182,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":182,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269127395120,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1448269127395195,"flow_dst_last_pkt_time":1448269127395120,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":124,"pkt_l4_len":70,"thread_ts_usec":1448269127395195,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAEYGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXozABuw3EcyYKcmsggBgBYRWcAAABAQgKEg1sPOPdU5wXAwMAISEEhc9+XaFrGjMSta2tz\/npJ9wouC3HutuqGdJZFlD+8g=="} 00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1448269127400446,"flow_src_last_pkt_time":1448269127400446,"flow_dst_last_pkt_time":1448269127400446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269127400446,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02351{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1448269127400446,"flow_dst_last_pkt_time":1448269127400446,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1412,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1412,"pkt_l4_len":1358,"thread_ts_usec":1448269127400446,"pkt":"UMWNrEEBeKzApw1Mht1gAAAABU4RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAEIAwAAAAAAABAXs2sBuwVOGq8NSb7i0\/DtzNZRMDI1AdhpfiGrZQ0z8Xo88wCgAQAEQ0hMTxcAAABQQUQAlQEAAFNOSQCiAQAAU1RLANwBAABWRVIA4AEAAENDUwDoAQAATk9OQwgCAABNU1BDDAIAAEFFQUQQAgAAVUFJRDACAABTQ0lEQAIAAFRDSUREAgAAUERNREgCAABTUkJGTAIAAElDU0xQAgAAUFVCU3ACAABTQ0xTdAIAAEtFWFN4AgAAQ09QVHgCAABDQ1JUkAIAAElSVFSUAgAAQ0VUVjgDAABDRkNXPAMAAFNGQ1dAAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3Lmdvb2dsZS5pdP6VATCysYcS+6UyHFs91qYSgNdeDzmk0IEyIe5t2+bJKAI2qamMt0i7KMYplR0K0jnCGwmAm\/d3HOJRMDI1eybp5+Rccf9WUtVHu\/cGtxBbc83x\/ixhHuZYGb85GDRSl0WTDzqXHGQAAABDQzEyQ2hyb21lLzQ2LjAuMjQ5MC44MCBMaW51eCB4ODZfNjRJY0N+fBRzPpi9ZOX2cffRAAAAAFg1MDkAABAAHgAAAKnIKfkyK+SzUnB6164ARpx8JYjcWyR0opR8VfpSZa5LAQAAAEMyNTWqEkFTJwbowuJjGoJ9cYVfQAt7kKmueesKxAMAMPg3G85FTSE++LOaAtQpI1KVeq729JfhjhoCsaupNHH2PFh7nIyQFBUHu\/yG69qYF+ZOXnLeZQlagMSAtKsuormBERnE1N5BArSjLGqyjEsI7xMsjf+GWiD9zqRxEMc6cBgFvzaEvMvxi2SGPZg7npVciNOVP9ZU7k0lklFQEmkIVXhAz857PhdAM9F8uaoJzSnjSvvppgNKNbAOmmtmPDeC+pIAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1448269127400446,"flow_src_last_pkt_time":1448269127400446,"flow_dst_last_pkt_time":1448269127400446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269127400446,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.it","quic": {"user_agent":"Chrome\/46.0.2490.80 Linux x86_64"}}} +01203{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1448269127400446,"flow_src_last_pkt_time":1448269127400446,"flow_dst_last_pkt_time":1448269127400446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269127400446,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.it","quic": {"user_agent":"Chrome\/46.0.2490.80 Linux x86_64","quic_version":"Q025"}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1448269127395195,"flow_dst_last_pkt_time":1448269127419269,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269127419269,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbujMApyayANxHMmgBABMJ3AAAABAQgK493E7RINbDw="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1448269127395195,"flow_dst_last_pkt_time":1448269127419302,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1448269127419302,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbujMApyayANxHNMgBABMJ2aAAABAQgK493E7RINbDw="} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1448269127395195,"flow_dst_last_pkt_time":1448269127419312,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":124,"pkt_l4_len":70,"thread_ts_usec":1448269127419312,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAAEYGOSoAFFBAAQgDAAAAAAAAEBcqAA1AAAEAA3qswP\/+pw1MAbujMApyayANxHNMgBgBMJRuAAABAQgK493E7RINbDwXAwMAIamaKXQXAEJ+l6GRGDPCWYkk8\/GIYJF1yZM9UcV466R1KQ=="} @@ -24,7 +24,7 @@ 00813{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1448269127960079,"flow_dst_last_pkt_time":1448269127960079,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":260,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":260,"pkt_l4_len":206,"thread_ts_usec":1448269127960079,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAM4RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAsMAgAAAAAAAABf12kBuwDOCoAMj5N114hr41MJBd7sKG9JfODv2KzX0uexKi4OUzkr936AyksmjfKzejWhR1IllABVz6\/Nd8+DDPRvVbNJa4sAljMB\/byd9EnDrnASdvNnincHpyqVPP90d4TSxj+ARZa\/L622T2LNfPxOM6m\/si1ZmPjMCf2wR7DzkfTBciJe2oZugnMhbWbTFVoln8LtSZhpET4oRj3Jk\/IY0Vhm0AHAVNXjHBEt89UVS7Gr6h9OBH5HRJ1TIdTk4GJ40SQl9lgo1l4eCx0="} 00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1448269127960079,"flow_dst_last_pkt_time":1448269128003411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":143,"pkt_l4_len":89,"thread_ts_usec":1448269128003411,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAAFkRMyoAFFBACwwCAAAAAAAAAF8qAA1AAAEAA3qswP\/+pw1MAbvXaQBZLuIAB1nnejc74Zg5YssedTReRP0KRIf1hcs3Aafoe+Tuwy6JT\/77UOdg9PcT9s8XDyyGEBG\/Mph8KZAg9aAfxnp6BrSLMfMbzThg3fGY8Pw0dHA="} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1448269128028795,"flow_dst_last_pkt_time":1448269128003411,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":99,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":99,"pkt_l4_len":45,"thread_ts_usec":1448269128028795,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAAC0RQCoADUAAAQADeqzA\/\/6nDUwqABRQQAsMAgAAAAAAAABf12kBuwAtCd8Mj5N114hr41MKZOnBWgR9A+MJ4bypcpF9U29vj07q+fvNp9EO"} -02383{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1448269127400446,"flow_src_last_pkt_time":1448269137275811,"flow_dst_last_pkt_time":1448269136257808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4058,"flow_dst_tot_l4_payload_len":4856,"midstream":0,"thread_ts_usec":1448269137275811,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1512,"avg":604281.6,"max":6008829,"stddev":1486148.8,"var":2208638173184.0,"ent":2.8,"data": [25363,26190,172445,219452,15689,87208,38758,110203,47003,1512,26672,45844,1752482,1778725,6798,78256,246614,318052,6008829,6008710,4760,76866,102599,174483,2367,73860,70885,142482,2922,74310,992388]},"pktlen": {"min":77,"avg":326.6,"max":1398,"stddev":376.2,"var":141514.9,"ent":4.3,"data": [1398,1398,85,1202,80,660,88,238,80,88,567,88,77,243,80,623,91,88,80,248,77,575,91,249,80,572,88,250,80,547,88,251]},"bins": {"c_to_s": [0,9,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0],"s_to_c": [2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0],"entropies": [4.737460136,7.856492996,5.340356827,7.783504963,5.237494946,7.640817642,5.426836967,6.897242546,5.228057861,5.435415268,7.531185150,5.426837444,4.923079967,6.917997837,5.187493324,7.660722733,5.627426147,5.458142281,5.212494373,6.952660084,4.934730053,7.572426796,5.495558739,6.882013798,5.262493610,7.594254971,5.480869293,6.910377979,5.237494469,7.573482990,5.374089718,6.950065613]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02384{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1448269127400446,"flow_src_last_pkt_time":1448269137275811,"flow_dst_last_pkt_time":1448269136257808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4058,"flow_dst_tot_l4_payload_len":4856,"midstream":0,"thread_ts_usec":1448269137275811,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1512,"avg":604281.6,"max":6008829,"stddev":1486148.8,"var":2208638173184.0,"ent":2.8,"data": [25363,26190,172445,219452,15689,87208,38758,110203,47003,1512,26672,45844,1752482,1778725,6798,78256,246614,318052,6008829,6008710,4760,76866,102599,174483,2367,73860,70885,142482,2922,74310,992388]},"pktlen": {"min":77,"avg":326.6,"max":1398,"stddev":376.2,"var":141514.9,"ent":4.3,"data": [1398,1398,85,1202,80,660,88,238,80,88,567,88,77,243,80,623,91,88,80,248,77,575,91,249,80,572,88,250,80,547,88,251]},"bins": {"c_to_s": [0,9,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0],"s_to_c": [2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0],"entropies": [4.737460136,7.856492996,5.340356827,7.783504963,5.237494946,7.640817642,5.426836967,6.897242546,5.228057861,5.435415268,7.531185150,5.426837444,4.923079967,6.917997837,5.187493324,7.660722733,5.627426147,5.458142281,5.212494373,6.952660084,4.934730053,7.572426796,5.495558739,6.882013798,5.262493610,7.594254971,5.480869293,6.910377979,5.237494469,7.573482990,5.374089718,6.950065613]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1448269138575377,"flow_src_last_pkt_time":1448269138575377,"flow_dst_last_pkt_time":1448269138575377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269138575377,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1448269138575377,"flow_dst_last_pkt_time":1448269138575377,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1448269138575377,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACgGQCoADUAAAQADeqzA\/\/6nDUwqA7DAAAMA0AAAAAAAcBABkm4Bu5jVbXIAAAAAoAJwgGsaAAACBAWgBAIIChINdycAAAAAAQMDBw=="} 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1448269138575474,"flow_src_last_pkt_time":1448269138575474,"flow_dst_last_pkt_time":1448269138575474,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1448269138575474,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -93,26 +93,26 @@ 00816{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1448269146905115,"flow_src_last_pkt_time":1448269146970056,"flow_dst_last_pkt_time":1448269146931566,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":2856,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":3789,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53132,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00816{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1448269146905214,"flow_src_last_pkt_time":1448269146966054,"flow_dst_last_pkt_time":1448269146929757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":224,"flow_dst_max_l4_payload_len":3547,"flow_src_tot_l4_payload_len":350,"flow_dst_tot_l4_payload_len":3789,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:197::236","src_port":53134,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00816{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1448269127395120,"flow_src_last_pkt_time":1448269127450459,"flow_dst_last_pkt_time":1448269127510990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":182,"flow_dst_max_l4_payload_len":506,"flow_src_tot_l4_payload_len":258,"flow_dst_tot_l4_payload_len":751,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":41776,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":29,"flow_first_seen":1448269127400446,"flow_src_last_pkt_time":1448269138520009,"flow_dst_last_pkt_time":1448269138494637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":5695,"flow_dst_tot_l4_payload_len":6438,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01142{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":29,"flow_first_seen":1448269127400446,"flow_src_last_pkt_time":1448269138520009,"flow_dst_last_pkt_time":1448269138494637,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":5695,"flow_dst_tot_l4_payload_len":6438,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1017","src_port":45931,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00950{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269139314022,"flow_src_last_pkt_time":1448269139314022,"flow_dst_last_pkt_time":1448269139321037,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00805{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269139314022,"flow_src_last_pkt_time":1448269139314022,"flow_dst_last_pkt_time":1448269139321037,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a02:26f0:ad:1a1::eed","src_port":60124,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00953{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269127922059,"flow_src_last_pkt_time":1448269127922059,"flow_dst_last_pkt_time":1448269127940031,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00954{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269127922059,"flow_src_last_pkt_time":1448269127922059,"flow_dst_last_pkt_time":1448269127940031,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269127922059,"flow_src_last_pkt_time":1448269127922059,"flow_dst_last_pkt_time":1448269127940031,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:803::2008","src_port":58660,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00817{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1448269138575377,"flow_src_last_pkt_time":1448269138746011,"flow_dst_last_pkt_time":1448269138745943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00817{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1448269138575474,"flow_src_last_pkt_time":1448269138746157,"flow_dst_last_pkt_time":1448269138746120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":2668,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37488,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00817{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1448269139219031,"flow_src_last_pkt_time":1448269139339552,"flow_dst_last_pkt_time":1448269139339485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37494,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01131{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":12,"flow_first_seen":1448269144450926,"flow_src_last_pkt_time":1448269144884783,"flow_dst_last_pkt_time":1448269144884725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":833,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":2757,"flow_dst_tot_l4_payload_len":10608,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:b0c0:3:d0::70:1001","src_port":37506,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} -00953{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269123954061,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123971846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00954{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269123954061,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123971846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269123954061,"flow_src_last_pkt_time":1448269123954061,"flow_dst_last_pkt_time":1448269123971846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00965{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269143410021,"flow_src_last_pkt_time":1448269143410021,"flow_dst_last_pkt_time":1448269143539406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00968{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269143410021,"flow_src_last_pkt_time":1448269143410021,"flow_dst_last_pkt_time":1448269143539406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269143410021,"flow_src_last_pkt_time":1448269143410021,"flow_dst_last_pkt_time":1448269143539406,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a03:2880:1010:3f20:face:b00c::25de","src_port":40308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00976{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1448269127960079,"flow_src_last_pkt_time":1448269128028795,"flow_dst_last_pkt_time":1448269128003411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01008{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1448269127960079,"flow_src_last_pkt_time":1448269128028795,"flow_dst_last_pkt_time":1448269128003411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} 00812{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1448269127960079,"flow_src_last_pkt_time":1448269128028795,"flow_dst_last_pkt_time":1448269128003411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":198,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":235,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::5f","src_port":55145,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00952{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269144306064,"flow_src_last_pkt_time":1448269144306064,"flow_dst_last_pkt_time":1448269144348055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00953{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269144306064,"flow_src_last_pkt_time":1448269144306064,"flow_dst_last_pkt_time":1448269144348055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269144306064,"flow_src_last_pkt_time":1448269144306064,"flow_dst_last_pkt_time":1448269144348055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00954{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269145458059,"flow_src_last_pkt_time":1448269145458059,"flow_dst_last_pkt_time":1448269145478561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00955{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269145458059,"flow_src_last_pkt_time":1448269145458059,"flow_dst_last_pkt_time":1448269145478561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1448269145458059,"flow_src_last_pkt_time":1448269145458059,"flow_dst_last_pkt_time":1448269145478561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1448269146970056,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":193,"packets-processed":193,"total-skipped-flows":0,"total-l4-payload-len":51193,"total-not-detected-flows":0,"total-guessed-flows":7,"total-detected-flows":8,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":115,"global_ts_usec":1448269146970056} +00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/http_ipv6.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":193,"packets-processed":193,"total-skipped-flows":0,"total-l4-payload-len":51193,"total-not-detected-flows":0,"total-guessed-flows":7,"total-detected-flows":8,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":115,"global_ts_usec":1448269146970056} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 193/193 ~~ skipped flows.............: 0 @@ -121,10 +121,10 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7887197 bytes -~~ total memory freed........: 7887197 bytes -~~ total allocations/frees...: 146797/146797 +~~ total memory allocated....: 11595592 bytes +~~ total memory freed........: 11595592 bytes +~~ total allocations/frees...: 217051/217051 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 570 chars -~~ json string max len.......: 2388 chars +~~ json string max len.......: 2389 chars ~~ json string avg len.......: 1479 chars diff --git a/test/results/default/http_on_sip_port.pcap.out b/test/results/default/http_on_sip_port.pcap.out index 1f6c344f7..a289e93c3 100644 --- a/test/results/default/http_on_sip_port.pcap.out +++ b/test/results/default/http_on_sip_port.pcap.out @@ -1,5 +1,5 @@ -00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744016209720} +00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744016209720} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744016209720,"flow_src_last_pkt_time":1618744016209720,"flow_dst_last_pkt_time":1618744016209720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744016209720,"l3_proto":"ip4","src_ip":"82.178.111.221","dst_ip":"45.58.148.2","src_port":5060,"dst_port":8888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744016209720,"flow_dst_last_pkt_time":1618744016209720,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1618744016209720,"pkt":"AAAAAAAAAAsAxhT1CABFAAA8sxJAAD4GBd5Ssm\/dLTqUAhPEIrha1ycbAAAAAKAC\/\/9M3wAAAgQFUAQCCAoQxK6EAAAAAAEDAwk="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744016209720,"flow_dst_last_pkt_time":1618744016342703,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744016342703,"pkt":"AAAAAAAAAAUAQPTMCABFAAA0AABAADMGw\/gtOpQCUrJv3SK4E8QPDztmWtcnHIAS\/\/\/oTwAAAgQFtAEBBAIBAwMI"} @@ -7,7 +7,7 @@ 01412{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1618744016209720,"flow_src_last_pkt_time":1618744016398438,"flow_dst_last_pkt_time":1618744016342703,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":223,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":223,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744016398438,"l3_proto":"ip4","src_ip":"82.178.111.221","dst_ip":"45.58.148.2","src_port":5060,"dst_port":8888,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"45.58.148.2","http": {"url":"45.58.148.2\/star-123456\/index.m3u8?token=89b198b8844824ca15b8b379c26fc1b7dfcba368-5KUJTJ5Y73AGIAOV-1618753174-1618742374","code":0,"content_type":"","user_agent":"exoplayer-codelab"}}} 02355{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1618744016398438,"flow_dst_last_pkt_time":1618744016532140,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1414,"pkt_l4_len":1380,"thread_ts_usec":1618744016532140,"pkt":"AAAAAAAAAAUAQPTMCABFAAV45dJAADMG2OEtOpQCUrJv3SK4E8QPDztnWtcn+1AQAQUxMQAASFRUUC8xLjEgNDAzIEZvcmJpZGRlbg0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KRGF0ZTogU3VuLCAxOCBBcHIgMjAyMSAxMTowNDo0MCBHTVQNCkNvbnRlbnQtTGVuZ3RoOiAxMTY3DQpTZXJ2ZXI6IEZsdXNzb25pYw0KWC1Sb3V0ZS1UaW1lOiAxMTINClgtUnVuLVRpbWU6IDI0MQ0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1NZXRob2RzOiBHRVQsIFBVVCwgREVMRVRFLCBPUFRJT05TDQpBY2Nlc3MtQ29udHJvbC1FeHBvc2UtSGVhZGVyczogU2VydmVyLCByYW5nZSwgWC1SdW4tVGltZSwgQ29udGVudC1MZW5ndGgsIExvY2F0aW9uDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1IZWFkZXJzOiB4LXZzYWFzLXNlc3Npb24sIHgtbm8tcmVkaXJlY3QsIG9yaWdpbiwgYXV0aG9yaXphdGlvbiwgeC1yZWFsLWlwLCBhY2NlcHQsIHJhbmdlDQpYLURlbnktUmVhc29uOiBjYWNoZWRfbmVnYXRpdmUNCg0KPCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICA8dGl0bGU+Rmx1c3NvbmljIHN0cmVhbWluZyBzZXJ2ZXI8L3RpdGxlPgogIDxtZXRhIG5hbWU9ImZyYWdtZW50IiBjb250ZW50PSIhIiAvPgogIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4KICA8bWV0YSBjaGFyc2V0PSJ1dGY4Ij4KPC9oZWFkPgo8Ym9keT4KCjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+CmJvZHkgewogIGZvbnQtZmFtaWx5OiAiSGVsdmV0aWNhIE5ldWUiLCBIZWx2ZXRpY2EsIEFyaWFsLCBzYW5zLXNlcmlmOwogIGZvbnQtc2l6ZTogMTRweDsKICBsaW5lLWhlaWdodDogMS40Mjg1NzE0Mjk7CiAgY29sb3I6ICMzMzMzMzM7Cn0KLmNvbnRhaW5lciB7CiAgbWFyZ2luLXJpZ2h0OiBhdXRvOwogIG1hcmdpbi1sZWZ0OiBhdXRvOwogIHBhZGRpbmctbGVmdDogMTVweDsKICBwYWRkaW5nLXJpZ2h0OiAxNXB4Owp9CkBtZWRpYSAobWluLXdpZHRoOiA3NjhweCkgeyAuY29udGFpbmVyIHsgbWF4LXdpZHRoOiA3NTBweDsgfSB9CkBtZWRpYSAobWluLXdpZHRoOiA5OTJweCkgeyAuY29udGFpbmVyIHsgbWF4LXdpZHRoOiA5NzBweDsgfSB9CkBtZWRpYSAobWluLXdpZHRoOiAxMjAwcHgpIHsgLmNvbnRhaW5lciB7IG1heC13aWR0aDogMTE3MHB4OyB9IH0KLnBhZ2UtaGVhZGVyIHsKICBwYWRkaW5nLWJvdHRvbTogOXB4OwogIG1hcmdpbjogNDBweCAwIDIwcHg7CiAgYm9yZGVyLWJvdHRvbTogMXB4IHNvbGlkICNlZWVlZWU7Cn0KaDEgewogIGZvbnQtc2l6ZTogMzZweDsKICBtYXJnaW4tdG9wOiAyMHB4OwogIG1hcmdpbi1ib3R0b206IDEwcHg7CiAgZm9udC13ZWlnaHQ6IDUwMDsKICBsaW5lLWhlaWdodA=="} 01329{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1618744016209720,"flow_src_last_pkt_time":1618744016398438,"flow_dst_last_pkt_time":1618744016532140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":223,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":223,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1618744016532140,"l3_proto":"ip4","src_ip":"82.178.111.221","dst_ip":"45.58.148.2","src_port":5060,"dst_port":8888,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":1583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1618744016532140} +00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_on_sip_port.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":1583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1618744016532140} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767247 bytes -~~ total memory freed........: 7767247 bytes -~~ total allocations/frees...: 146383/146383 +~~ total memory allocated....: 11475866 bytes +~~ total memory freed........: 11475866 bytes +~~ total allocations/frees...: 216637/216637 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 558 chars ~~ json string max len.......: 2360 chars diff --git a/test/results/default/http_origin_different_than_host.pcap.out b/test/results/default/http_origin_different_than_host.pcap.out index e07eac50d..4125ea618 100644 --- a/test/results/default/http_origin_different_than_host.pcap.out +++ b/test/results/default/http_origin_different_than_host.pcap.out @@ -1,5 +1,5 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666211829809412} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666211829809412} 00319{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211829809412,"packet_id":1,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211829809412} 00479{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1666211829809412,"pkt":"AAAAAAAAAAEAAAACgQBNQoEAQHEIAEUwAGCpgAAAQBGTHgqGGQUKhA+wCGgIaABMB\/0w\/wA8B+ApokUAADz3BkAAPQaM8QqMzkoSh85mhugAUDlR2BoAAAAAoAL\/\/8ZVAAACBAW0BAIICgAlLxwAAAAAAQMDCA=="} 00319{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211829952951,"packet_id":2,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211829952951} @@ -8,7 +8,7 @@ 01273{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":717,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":717,"pkt_l4_len":0,"thread_ts_usec":1666211829809412,"pkt":"AAAAAAAAAAEAAAACgQBNQoEAQHEIAEUwArevqQAAQBGKngqGGQUKhA+wCGgIaAKjA08w\/wKTB+ApokUAApP3CEAAPQaKmAqMzkoSh85mhugAUDlR2Bva3fe5gBgBVxwmAAABAQgKACUvS\/xqn1tHRVQgLz90b3ByZWZlcmVyPW9wdGF3aWRnZXRzLjM2NXNjb3Jlcy5jb20gSFRUUC8xLjENCkhvc3Q6IGNzYi5wZXJmb3JtZ3JvdXAuaW8NCkNvbm5lY3Rpb246IFVwZ3JhZGUNClByYWdtYTogbm8tY2FjaGUNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgOTsgSktNLUxYMSBCdWlsZC9IVUFXRUlKS00tTFgxOyB3dikgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgVmVyc2lvbi80LjAgQ2hyb21lLzEwNi4wLjUyNDkuMTE4IE1vYmlsZSBTYWZhcmkvNTM3LjM2DQpVcGdyYWRlOiB3ZWJzb2NrZXQNCk9yaWdpbjogaHR0cDovL29wdGF3aWRnZXRzLjM2NXNjb3Jlcy5jb20NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KQWNjZXB0LUxhbmd1YWdlOiBhci1PTSxhcjtxPTAuOSxlbi1VUztxPTAuOCxlbjtxPTAuNw0KU2VjLVdlYlNvY2tldC1LZXk6IHNiOUgzWXpZc1ZQUi9xUGdtaUxlRVE9PQ0KU2VjLVdlYlNvY2tldC1FeHRlbnNpb25zOiBwZXJtZXNzYWdlLWRlZmxhdGU7IGNsaWVudF9tYXhfd2luZG93X2JpdHMNCg0K"} 00319{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1666211830159716,"packet_id":4,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1666211830159716} 00685{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":276,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":276,"pkt_l4_len":0,"thread_ts_usec":1666211829809412,"pkt":"AAAAAAAAAAECAAD6gQANQoEAAHEIAEUAAP4wwgAAOxEQbwqED7AKhhkFCGgIaADqAAAw\/wDa39WxhkUAANrwJ0AA3wbxMRKHzmYKjM5KAFCG6Nrd97k5Udp6gBgAbjGkAAABAQgK\/GqgKwAlL0tIVFRQLzEuMSAxMDEgU3dpdGNoaW5nIFByb3RvY29scw0KRGF0ZTogV2VkLCAxOSBPY3QgMjAyMiAyMDozNzoxMCBHTVQNCkNvbm5lY3Rpb246IHVwZ3JhZGUNClVwZ3JhZGU6IHdlYnNvY2tldA0KU2VjLVdlYlNvY2tldC1BY2NlcHQ6IHhFNmRMWHh4TWFpSGFsYzcrTFFoQ01HdzNYST0NCg0K"} -00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1666211830159716} +00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/http_origin_different_than_host.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1666211830159716} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/0 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7764605 bytes -~~ total memory freed........: 7764605 bytes -~~ total allocations/frees...: 146360/146360 +~~ total memory allocated....: 11473240 bytes +~~ total memory freed........: 11473240 bytes +~~ total allocations/frees...: 216614/216614 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 324 chars ~~ json string max len.......: 1278 chars diff --git a/test/results/default/http_starting_with_reply.pcapng.out b/test/results/default/http_starting_with_reply.pcapng.out index 6383c19ab..e44daaf5a 100644 --- a/test/results/default/http_starting_with_reply.pcapng.out +++ b/test/results/default/http_starting_with_reply.pcapng.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631378210397220} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631378210397220} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210397220,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210397220,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1460,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1631378210397220,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210397220,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1631378210397220,"pkt":"KBaoBOm8AAwpTU5kCABFAAXcUgZAAEAGXszAqAGSwKgBZwBQBBTvVdXBMy1lhFAQAfUyfwAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBTYXQsIDExIFNlcCAyMDIxIDE2OjM2OjUwIEdNVA0KU2VydmVyOiBBcGFjaGUvMi40LjQxIChVYnVudHUpDQpMYXN0LU1vZGlmaWVkOiBNb24sIDA2IFNlcCAyMDIxIDAyOjAyOjE5IEdNVA0KRVRhZzogIjJhYTYtNWNiNGEwOWZmM2I5YS1nemlwIg0KQWNjZXB0LVJhbmdlczogYnl0ZXMNClZhcnk6IEFjY2VwdC1FbmNvZGluZw0KQ29udGVudC1FbmNvZGluZzogZ3ppcA0KQ29udGVudC1MZW5ndGg6IDMxMzgNCktlZXAtQWxpdmU6IHRpbWVvdXQ9NSwgbWF4PTEwMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCg0KH4sIAAAAAAAAA71a63PbNhL\/7r8CVafTJCeRlpO6siJ7JvFj0pmk8STK3fWTDyIhCWOI4AGgZDXt\/367AEjxJcrJNdXEkUgC+8Lubx\/S0eS7q\/eX099ur8nSrAS5\/fT67S+XpDcIw389vwzDq+kV+feb6bu3ZBgck6miieaGy4SKMLz+tUd6S2PScRhuNptg8zyQahFOP4QPSGuIm\/3HgSntDGIT9y6OJpbhw0ok+ryFzPDs7MzthrWETL4bDOCNkHcy5nPOYjJXckXMkpErNuM0IVLxBQfyZC4V+TTLEpPZDW+pNiRLY2pYPCYnx8PTwXA4GJ7ahx8ZGxNkroG7oFkSLVMaBwkz4Sxb6HB4Mhqdnh3D2sHAirFkNL6wWycrZqjdO2D\/zfj6vHcpE8MSM5huU9Yjkbs67xn2YEJU5CWJllRpZs4\/TW8Gox4JPSXDjWAXr1IaLdmJlx3UmtNMGHJLFyDjL4ZspLrXk9Atdhu12QpGDPDzbCKte2TFYk7PezpSjCXWes\/IZ7thRRXYaEyO04fy30v7EBSPebJoffrnEfw3k\/G27\/zkc3XHc1hZ+nt5ZB\/PaHS\/UDJL4kEkhVRj8v3V6Or19Yl\/PgcLDeZ0xcV2TP7JVEwT2icaPGWgmeLzl7tVmv8ORhgOU+NuorIDKvgClInAykwVUsZ8HawoT+5SMFwuqHTONyaKCWr4mjkyMdepoMDd0JlgXqwNj81yTEbHx4Umzm6DmTRGrsZOxdJ9weZmTGhmZOU2OOSycn+\/hZ29pIqZGnj+JzkTfzs34cnw5Ofno8oj6wZjoqXg8X7b39iXf37AgGi7O\/R1prwJl8xpc3aWy+XlHB4f\/9DB9Keb05uf99LWKURu1TeHP5WM89POOmU\/GCHL4ubGizaTIt7Lia8WNUbPS3xe1E9h3BoBSNS6yp2c3\/kA155sJBiFbegLudeAD+SH2XCmLwiavQfneHXJdscNW+0VsHmCuWwv2h30gGz5zWP7akbqY+WltZM6LUlzWjsOv\/NOswgjvOWM\/2Ib1xje4eI6HqL5RuhW7r3DPGWvPnZe3c0pVaym48hbZtQK5iP\/ZFQRpQo1wxrUeDyJAe5Y3ApCuQqHwr6ko6PJDdg1eoSaFSUL5D1w+m5vJvr7HwredVjDOoN8bwULK3nv1LvXaZd7ja7PLl+f1Pwg97m9QFZLfic\/PCr5VUW+U1Arfd4n1+XVyfDFTdf2hWLb\/fvPbs6ej06L\/cFcSEivyeKOCbYC0Q7kX7v8C3Ch33XsOWpY88Qskoo6nolMWIeVD3IdC57c9w8tWnPQkcUH19EI9c8xuQEJh6VZynXhiS1HUgnNpqt1h05V1z1LSpp2Laso2lYLXl7dXJ\/uxcZDgn6NGXKWJeprCCToDaQj9aerq0OLVrbgD\/OKf4Llr6+7YSOkU6qhcylKzZ57Vn1arkDqsVFsgC1YnWgVnfdCDurqMLM9wEDIhQzSZNEjVEAn4TuDt3C3l3M="} 01202{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631378210397220,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210397220,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1460,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1631378210397220,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} @@ -9,7 +9,7 @@ 01014{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210486956,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":403,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":403,"pkt_l4_len":369,"thread_ts_usec":1631378210486956,"pkt":"AAwpTU5kKBaoBOm8CABFAAGFWfBAAIAGAADAqAFnwKgBkgQUAFAzLWWE71XjVlAYBAKFwQAAR0VUIC9pY29ucy91YnVudHUtbG9nby5wbmcgSFRUUC8xLjENCkhvc3Q6IHByb3h5LndpcmVzaGFya2Zlc3QuYWNyb3BvbGlzLmxvY2FsDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjo5MS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzkxLjANCkFjY2VwdDogaW1hZ2Uvd2VicCwqLyoNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQ0KRE5UOiAxDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpSZWZlcmVyOiBodHRwOi8vcHJveHkud2lyZXNoYXJrZmVzdC5hY3JvcG9saXMubG9jYWwvDQoNCg=="} 01232{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1631378210397220,"flow_src_last_pkt_time":1631378210397220,"flow_dst_last_pkt_time":1631378210486956,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":557,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":349,"flow_src_tot_l4_payload_len":3477,"flow_dst_tot_l4_payload_len":349,"midstream":1,"thread_ts_usec":1631378210486956,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"proxy.wiresharkfest.acropolis.local","http": {"url":"proxy.wiresharkfest.acropolis.local\/icons\/ubuntu-logo.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko\/20100101 Firefox\/91.0","detected_os":"Windows 10"}}} 00984{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":7,"flow_first_seen":1631378210397220,"flow_src_last_pkt_time":1631378215504945,"flow_dst_last_pkt_time":1631378215504662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":349,"flow_src_tot_l4_payload_len":7613,"flow_dst_tot_l4_payload_len":688,"midstream":1,"thread_ts_usec":1631378215504945,"l3_proto":"ip4","src_ip":"192.168.1.146","dst_ip":"192.168.1.103","src_port":80,"dst_port":1044,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":8301,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1631378215504945} +00654{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/http_starting_with_reply.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":8301,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1631378215504945} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767517 bytes -~~ total memory freed........: 7767517 bytes -~~ total allocations/frees...: 146397/146397 +~~ total memory allocated....: 11476136 bytes +~~ total memory freed........: 11476136 bytes +~~ total allocations/frees...: 216651/216651 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 548 chars ~~ json string max len.......: 2529 chars diff --git a/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out b/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out index 91aef60d0..79be0778f 100644 --- a/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out +++ b/test/results/default/http_ua_splitted_in_two_pkts.pcapng.out @@ -1,5 +1,5 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1506664814072079} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1506664814072079} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1506664814072079,"flow_src_last_pkt_time":1506664814072079,"flow_dst_last_pkt_time":1506664814072079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1506664814072079,"l3_proto":"ip4","src_ip":"254.125.135.128","dst_ip":"66.152.103.45","src_port":21359,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1506664814072079,"flow_dst_last_pkt_time":1506664814072079,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1506664814072079,"pkt":"AAAAgIP1SEb77F8hCABFAAA81NpAAD8GNx7+fYeAQphnLVNvAFDG58bVAAAAAKAC\/\/8jsQAAAgQFeAQCCAoBPBIPAAAAAAEDAwc="} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1506664814072079,"flow_dst_last_pkt_time":1506664814272267,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1506664814272267,"pkt":"AAAAgIP1SEb77F8hCABFAAA8AABAAOcGY\/hCmGct\/n2HgABQU28gJ4bfxufG1qASaN\/42QAAAgQFtAQCCAonS\/NXATwSDwEDAwg="} @@ -10,7 +10,7 @@ 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1506664814304061,"flow_dst_last_pkt_time":1506664814506288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1506664814506288,"pkt":"AAAAgIP1SEb77F8hCABFAAC1dXxAAOcG7gJCmGct\/n2HgABQU28gJ4bgxufNVYAYAHwEBgAAAQEICidL854BPBI6SFRUUC8xLjEgMjAwIA0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpEYXRlOiBGcmksIDI5IFNlcCAyMDE3IDA2OjAwOjE0IEdNVA0KQ29udGVudC1MZW5ndGg6IDANCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCg0K"} 02283{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1506664814072079,"flow_src_last_pkt_time":1506664884688466,"flow_dst_last_pkt_time":1506664884891709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":358,"flow_src_tot_l4_payload_len":16613,"flow_dst_tot_l4_payload_len":1748,"midstream":0,"thread_ts_usec":1506664884891709,"l3_proto":"ip4","src_ip":"254.125.135.128","dst_ip":"66.152.103.45","src_port":21359,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2278,"avg":4562452.0,"max":23451757,"stddev":7140164.0,"var":50981941280768.0,"ent":3.5,"data": [200188,228774,3208,234021,1087486,3262,1090830,5345683,5834,5351689,23448878,3179,23451757,8290030,3196,8292329,1123787,3421,1127523,8802271,4342,8806776,19530296,2278,19532387,1784873,3657,1788814,938512,3420,943316]},"pktlen": {"min":60,"avg":626.3,"max":1440,"stddev":557.2,"var":310424.4,"ent":4.5,"data": [60,60,1440,327,181,1440,259,181,1440,535,410,1440,257,181,1440,327,181,1440,257,181,1440,461,410,1440,258,181,1440,313,181,1440,259,181]},"bins": {"c_to_s": [1,0,0,0,0,0,5,0,3,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0],"s_to_c": [1,0,0,0,8,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1],"entropies": [4.739262104,5.106893539,5.867009163,5.823337078,5.714051723,5.877876282,5.739666462,5.708738327,5.861988068,5.999320984,5.770567417,5.882071018,5.723089695,5.732763290,5.864256382,5.841103554,5.697688103,5.890019894,5.735716343,5.730837822,5.881994724,5.957257271,5.801627636,5.887722969,5.723830700,5.705350399,5.852463722,5.804970741,5.650331974,5.849934578,5.692368984,5.757890701]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":76,"flow_dst_packets_processed":39,"flow_first_seen":1506664814072079,"flow_src_last_pkt_time":1506665200702631,"flow_dst_last_pkt_time":1506665200902775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":358,"flow_src_tot_l4_payload_len":62424,"flow_dst_tot_l4_payload_len":6280,"midstream":0,"thread_ts_usec":1506665200902775,"l3_proto":"ip4","src_ip":"254.125.135.128","dst_ip":"66.152.103.45","src_port":21359,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00662{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":115,"packets-processed":115,"total-skipped-flows":0,"total-l4-payload-len":68704,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1506665200902775} +00662{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/http_ua_splitted_in_two_pkts.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":115,"packets-processed":115,"total-skipped-flows":0,"total-l4-payload-len":68704,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1506665200902775} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 115/115 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7770094 bytes -~~ total memory freed........: 7770094 bytes -~~ total allocations/frees...: 146487/146487 +~~ total memory allocated....: 11478713 bytes +~~ total memory freed........: 11478713 bytes +~~ total allocations/frees...: 216741/216741 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 582 chars ~~ json string max len.......: 2428 chars diff --git a/test/results/default/i3d.pcap.out b/test/results/default/i3d.pcap.out index 9f532b751..6dd918d59 100644 --- a/test/results/default/i3d.pcap.out +++ b/test/results/default/i3d.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643566147188000} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643566147188000} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643566147188000,"flow_src_last_pkt_time":1643566147188000,"flow_dst_last_pkt_time":1643566147188000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643566147188000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":60476,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643566147188000,"flow_dst_last_pkt_time":1643566147188000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643566147188000,"pkt":"eJS0JASgYDjgxTWgCABFAABmU1sAAH8R+EzAqAJk1aNXL+w8w1QAUphQAAEARgADz6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA95U="} 01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643566147188000,"flow_src_last_pkt_time":1643566147188000,"flow_dst_last_pkt_time":1643566147188000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643566147188000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":60476,"dst_port":50004,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -7,7 +7,7 @@ 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1643566147224000,"flow_dst_last_pkt_time":1643566147212000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1643566147224000,"pkt":"eJS0JASgYDjgxTWgCABFAACoU10AAH8R+AjAqAJk1aNXL+w8w1QAlAApkHiUJQdnxvIAA8+ovt4AAfZr38uFzZsIi8ZCCYTQPXHtOHv0CzWfwBUspYBgwVoFrs7CIolbntTbNC\/JUzHrMPTo+XsMJQLsyF07SXVZB\/s4ty9sKDXZEitaLRpRsI4IOF0cfX+Uc0Uf1VgbctkHIRIB7WkAQW7E9Ft4IwjFcGTVfDpX71058AMMAIA="} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1643566147248000,"flow_dst_last_pkt_time":1643566147212000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":185,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":185,"pkt_l4_len":151,"thread_ts_usec":1643566147248000,"pkt":"eJS0JASgYDjgxTWgCABFAACrU14AAH8R+ATAqAJk1aNXL+w8w1QAl9LykHiUJgdnyrIAA8+ovt4AAUA1qdRM+p5pr\/oqX0DhEzCeQnh79unVEDHbUO6dzrEHo2ZrwkpnXYNjri9KSft0NfMTwIic7YV89\/hFWxptbKzflgOcvR8B2Shl\/WZiU1Z\/KdIDbewpUyY21lOye5L\/XBpzfqg5wywFSTueNycE9miVE9BmO5SMOudQFQQMAIA="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643566147266000,"flow_dst_last_pkt_time":1643566147212000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":183,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":183,"pkt_l4_len":149,"thread_ts_usec":1643566147266000,"pkt":"eJS0JASgYDjgxTWgCABFAACpU18AAH8R+AXAqAJk1aNXL+w8w1QAlT\/NkHiUJwdnznIAA8+ovt4AAaP5Ah92yNJfzjWLY8WE\/BTJnxusxn0vEFtrrFPiJ6xYLwBoyHyq9NbUJFz9dnZHmE98BUSEEm1g\/uLK67zcvjWDSrCKLxOx4sj+Tlk9Iq149UdWaGtJ\/sUWb\/A24Vz1gJvdeF4k3J4DeZ1+PNY96GPVMAZTD3\/NwRsFDACA"} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":2431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1643572927206000} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":2431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1643572927206000} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643572927206000,"flow_src_last_pkt_time":1643572927206000,"flow_dst_last_pkt_time":1643572927206000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643572927206000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":55205,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643572927206000,"flow_dst_last_pkt_time":1643572927206000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643572927206000,"pkt":"eJS0JASgYDjgxTWgCABFAABmU0sAAH8R+FzAqAJk1aNXL9elw1QAUhLaAAEARgADz6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkaM="} 01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643572927206000,"flow_src_last_pkt_time":1643572927206000,"flow_dst_last_pkt_time":1643572927206000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643572927206000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":55205,"dst_port":50004,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -16,7 +16,7 @@ 01004{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1643572927260000,"flow_dst_last_pkt_time":1643572927231000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":406,"pkt_l4_len":372,"thread_ts_usec":1643572927260000,"pkt":"eJS0JASgYDjgxTWgCABFAAGIU08AAH8R9zbAqAJk1aNXL9elw1QBdHLBkHjAYRrNp\/IAA8+ovt4AAQHk2SbeSru+vmqqbBAlqKnhi8VOiprTRfevAGdGL56u0jSjwF44BlGyfOIsOe9k0bILizQNN9KH2Zs3ouDH7gMA9MStaqggeVFFdLPjTFIOSwvUil8bbIvJDO17475aYHIEDMOMgQstUnNA1RgrYS2\/2kVGl7KJZGY\/L7D3V\/CVrqy8Mdz69R1bcRh4OUlMGYs20rRHySB1Dhuk3gj5oX3QZZFzW5+1AKlyFgaMG20J+gfaDs7fR+LJlT0e6ZIGmglv7IbxFn2ezOoMl1oHeUBvAHNKh2tBHj\/gvzBn3\/p9RQD7uVLnyG8g2NlN1VCjLyvFh8dNYVS+\/1yAqn2zPJoP+JrJzw9WOJbDrEms0RCwLivIgUxmOAjwuWkis3CQGN4xLBnm5cm+kzvuz3uOJtKDlrGmtcqqXSMQb0l4w2rAPaz+w\/ddGa7GkvH8mbylSiRSECJE2x\/+OAYZgA=="} 01011{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1643572927277000,"flow_dst_last_pkt_time":1643572927231000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":416,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":416,"pkt_l4_len":382,"thread_ts_usec":1643572927277000,"pkt":"eJS0JASgYDjgxTWgCABFAAGSU1AAAH8R9yvAqAJk1aNXL9elw1QBfqV4kHjAYhrNq7IAA8+ovt4AAaUWvsT0DCayFUbzabzV8jrCDKi9xfLgbBSBd+F0MC5A+pFm70pntapcdGBWkcOJ2oBsj+J4Zj69ESkk995NOgz4qWa9pVXVwvtTkiJzlG54oXs0w5VAZ2rxJEg5VEqP+nv1E5RDoKP2xPW8K5HGyKJiu0\/uTpIYXdCxbJI2WdJND01cc6LoQfKwTvwIAKPWe0VI5agSTTuy7uGlybczfeWU99AcaDWIBivRoBkrqFIBd4hohB5csBM+jGqze6sHojZJ+Bp84hb\/kpOEfRWPRRuFJYkInwdmn\/rgt0qrGDGY7Nx6Q+l4Q7yCAdXGlZZvWRHal998LFuUaEsGR7CY01GlVfOg284fA6pzmM3AdmuhBDB+OioFOQS1sl\/4XCLOCRDdbDU7EeqPTo7TztdlkwgXxffBx0jewOZjWR3XfjE5CAFbhNK9B1i9zRJljHex1EUOznrGM6z2tTbOvpxOAz0IvjkGGYA="} 01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":2,"flow_first_seen":1643566147188000,"flow_src_last_pkt_time":1643566147407000,"flow_dst_last_pkt_time":1643566147319000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":331,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":2349,"flow_dst_tot_l4_payload_len":82,"midstream":0,"thread_ts_usec":1643572927312000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":60476,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":13434,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1643574967215000} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":13434,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1643574967215000} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643574967215000,"flow_src_last_pkt_time":1643574967215000,"flow_dst_last_pkt_time":1643574967215000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643574967215000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62620,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1643574967215000,"flow_dst_last_pkt_time":1643574967215000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643574967215000,"pkt":"eJS0JASgYDjgxTWgCABFAABm4pkAAH8RaQ7AqAJk1aNXL\/Scw1QAUnfBAAEARgADz6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8U="} 01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643574967215000,"flow_src_last_pkt_time":1643574967215000,"flow_dst_last_pkt_time":1643574967215000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643574967215000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62620,"dst_port":50004,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -34,7 +34,7 @@ 02156{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1643575387255000,"flow_dst_last_pkt_time":1643575387247000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1257,"pkt_l4_len":1223,"thread_ts_usec":1643575387255000,"pkt":"eJS0JASgYDjgxTWgCABFAATb+uwAAH8RTEbAqAJk1aNXL\/P9w1QEx8XFkGfzn+7YC1wAA8+pvt4AA8\/rBnO98lR\/HxLTpIP\/EbMQx2RnswfttY95fPW12k+sMZPRUpXQ6rdFgdvebGO7p1UVM3QV79HT48Lutvo7rBD1EQGn3G1lnzMH\/HYoOApYSztH3SoK71xEoS1y8yXoqwttVhKJwdDpP0dYo+6JgRJC8a80fv+q8dukV27\/jVfVPNuEOGAKsYLKK3d3pDVBr3zFRvp+CUrx4k8Q3SmQ3FdvyBKUErJJCQMDIji2wBw\/6oOgUQdC4DfvZgCq2ehheOE\/QsbTet00OotAumju1CQN9Ie6XatcDMZEuVkd\/D\/4BNSUP8nLk2iECQ5jtpH0za6z9XycB9r30SzB4diSF71CS3FM8x6aWeAPxHuthE+qizcIjWCTi+uD+tksuJ3IgwTOIYtLJAmqBWmSSbw6uqz8LcdkStr7tMJaqmyNp0jfhJUWKXSVLeeaB7dE8vLAU\/AaDLNlX7cI97Q9sT4yJ7Ck0Xf38Wbaf70ad0+uLgBbGKMZzc0Qinka6L0063NVp3KQEb0W7+ZtTH+F7khBVzSgEGbYSk5P6L4+w1W84JNRtMzWLexqMRbia63\/XlTmx3sjYEiOU7SeNg\/VV7tUmAh00XrF94xyB5IuISYVkB63iOTwwjLGd+XPIC+xHPrVpy7d5\/0MnalC+TtBhFqQnVaipTWP5pTB6aF4HDpdAG\/Rsi\/jlYTPiwR\/+06YhuScTKbIDskrucwHhjvSpnvj6KdX7eJb+0f\/dGV1IR6XpjxXnm16GYSfek2plgRY7BcmryqhO8+u57C4lQPTdhp9tFjWMl1dmpGwleRQLABunADSt5n52m5UHlaEuruXoTSXj9yg5uc8GO3+7UV8mGSRFe35dZLCx1fvxLHAWLieOXgy10+sPWgTzBqbHdVA8G9uU1gL0jJCQ+ge4NIeEvEK2v26py+DrxUZ60wRYOUn0g+EctdA6BkYQ7axrLaAByXKmU+xaI8PcDwzjV5piTIMfvW5xrMWnuL8uImiF2SPyss62VgrI3kAwzdR1oqaEPB3uwvPTduUQ+N4uIEjkeW8TelrAHdYXTVkcW+KD\/qD9R4sMNfYyWoSviEKw0OOIkW3\/U0JwSQqOjw1KSUDkqHq\/KyJv++I37PjSRk9mkJHQKggsRDYpWzlCTtryb8Uw1N9dk2juxtTHXxH5dFsqFyNr7JLXTkJTh7bfr6gqnKuzSbbt6h0jpTjdtLTrNwDnd+cljHqP32B+son64QJeY+jueVGuppoG7wUpq9JyqWs0peerVl4SqbRUoTVTImfH4YMaQgSagkAM1uLSfdEHTdncPe4QqZpCf6Ay8IVOgBWQUUUGJ5tOIqcY9sNHfHZj+UXJJzimbNgyQmLAVgGyrWp1k3cCO9aHcm70ZW\/fksx8g38UefAJrWV5AcZKxBoIRLhAQKQrUJrNFP2Yu7+3wkMjdrjMpb0eLnX749AFyY0EfVxc8EaD1Zvrdq9MJLJbzBl00Bvh3hnjWjJNNa8ogp\/jNsv03rLCsySZbzzJq10nEyw\/TWESfJ1nM1aVj21VveY1DdXxYRzhGtEydneMsYwjGJ8zEkLQm++YbhIJDKJH2vuRum8N8aCn074\/\/PAqyWA"} 01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1643575387216000,"flow_src_last_pkt_time":1643575387266000,"flow_dst_last_pkt_time":1643575387247000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1216,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":15879,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1643575387266000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62461,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":1,"flow_first_seen":1643574967215000,"flow_src_last_pkt_time":1643574967460000,"flow_dst_last_pkt_time":1643574967246000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1210,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":4511,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1643575387266000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.163.87.47","src_port":62620,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"i3D","proto_id":"301","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":33972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1643575387266000} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/i3d.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":33972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1643575387266000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7774937 bytes -~~ total memory freed........: 7774937 bytes -~~ total allocations/frees...: 146464/146464 +~~ total memory allocated....: 11483508 bytes +~~ total memory freed........: 11483508 bytes +~~ total allocations/frees...: 216718/216718 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 564 chars ~~ json string max len.......: 2172 chars diff --git a/test/results/default/iax.pcap.out b/test/results/default/iax.pcap.out index 9294f694a..5005de573 100644 --- a/test/results/default/iax.pcap.out +++ b/test/results/default/iax.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1123840005963862} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1123840005963862} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1123840005963862,"flow_src_last_pkt_time":1123840005963862,"flow_dst_last_pkt_time":1123840005963862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1123840005963862,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1123840005963862,"flow_dst_last_pkt_time":1123840005963862,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_usec":1123840005963862,"pkt":"AMDwli5rAOCBJ2JwCABFEABeAABAAEARAJ1SbiRUwKgCeBHZEdYASpLMgAQAAAAAAAEAAAYBCwIAAgEMNDQyMDg4MjA1MTU1Agw0NDc3ODIyNjc5NDkEAAoCZW7\/BAAAAAIMAgAAHwQLDFXW"} 01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1123840005963862,"flow_src_last_pkt_time":1123840005963862,"flow_dst_last_pkt_time":1123840005963862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1123840005963862,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IAX","proto_id":"95","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -9,7 +9,7 @@ 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1123840005971515,"flow_dst_last_pkt_time":1123840005995531,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1123840005995531,"pkt":"AOCBJ2JwAMDwli5rCABFAAAoV79AAEARqSPAqAJ4Um4kVBHWEdkAFBz1gBcABAAAAB8BAQQE"} 02306{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":5,"flow_first_seen":1123840005963862,"flow_src_last_pkt_time":1123840006456930,"flow_dst_last_pkt_time":1123840006059195,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":3882,"flow_dst_tot_l4_payload_len":372,"midstream":0,"thread_ts_usec":1123840006456930,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":948,"avg":18980.7,"max":51403,"stddev":10969.1,"var":120322248.0,"ent":4.7,"data": [2173,5097,7653,24399,24352,24724,16912,51403,9638,12261,14097,6869,22758,16765,31325,17887,20048,11489,43190,21320,13940,17067,22553,948,20517,34133,6854,21003,19904,17982,29140]},"pktlen": {"min":40,"avg":161.5,"max":200,"stddev":59.5,"var":3538.2,"ent":4.9,"data": [94,40,40,46,40,46,192,200,200,46,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192]},"bins": {"c_to_s": [3,0,1,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.666565895,4.339823723,4.439823151,4.354552269,4.384184837,4.354552269,1.312757373,1.546443224,1.322564363,4.327484608,1.142194629,1.312757373,1.944322586,1.302340746,1.312757373,1.312757373,1.312757373,1.302340746,1.312757373,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.321057439,1.335405827,1.335405827,1.335405827,1.335405827]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IAX","proto_id":"95","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":22,"flow_first_seen":1123840005963862,"flow_src_last_pkt_time":1123840006472888,"flow_dst_last_pkt_time":1123840006489877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":4046,"flow_dst_tot_l4_payload_len":3008,"midstream":0,"thread_ts_usec":1123840006489877,"l3_proto":"ip4","src_ip":"82.110.36.84","dst_ip":"192.168.2.120","src_port":4569,"dst_port":4566,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IAX","proto_id":"95","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":7054,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1123840006489877} +00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/iax.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":7054,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1123840006489877} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 50/50 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7768203 bytes -~~ total memory freed........: 7768203 bytes -~~ total allocations/frees...: 146421/146421 +~~ total memory allocated....: 11476822 bytes +~~ total memory freed........: 11476822 bytes +~~ total allocations/frees...: 216675/216675 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 524 chars ~~ json string max len.......: 2311 chars diff --git a/test/results/default/icmp-tunnel.pcap.out b/test/results/default/icmp-tunnel.pcap.out index dab1ff9c6..5a25ef3b7 100644 --- a/test/results/default/icmp-tunnel.pcap.out +++ b/test/results/default/icmp-tunnel.pcap.out @@ -1,5 +1,5 @@ -00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1360227866458898} +00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1360227866458898} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360227866459330,"flow_dst_last_pkt_time":1360227866459330,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1360227866459330,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1360227866459330,"flow_dst_last_pkt_time":1360227866459330,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1360227866459330,"pkt":"AAwpy+OCAAwpzwzBCABFAABwAABAAEABhDTAqJqDwKiahAgAAAD+\/wAARQAAVAAAQABAASPpCl8BAQpfAQIIAFvrPQgAAS1uE1EtSQYACAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} 01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360227866459330,"flow_dst_last_pkt_time":1360227866459330,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1360227866459330,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.703333}} @@ -20,7 +20,7 @@ 01188{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":128,"flow_dst_packets_processed":98,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228358273374,"flow_dst_last_pkt_time":1360228358272926,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":20874,"flow_dst_tot_l4_payload_len":16482,"midstream":0,"thread_ts_usec":1360228358273374,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":138,"flow_dst_packets_processed":107,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228402597860,"flow_dst_last_pkt_time":1360228402596581,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":22210,"flow_dst_tot_l4_payload_len":17950,"midstream":0,"thread_ts_usec":1360228402597860,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":140,"flow_dst_packets_processed":109,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228442640689,"flow_dst_last_pkt_time":1360228442640274,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":22290,"flow_dst_tot_l4_payload_len":18030,"midstream":0,"thread_ts_usec":1360228442640689,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":298,"packets-processed":251,"total-skipped-flows":0,"total-l4-payload-len":40400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":12,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1360228467662193} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":298,"packets-processed":251,"total-skipped-flows":0,"total-l4-payload-len":40400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":12,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1360228467662193} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":146,"flow_dst_packets_processed":114,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228485957206,"flow_dst_last_pkt_time":1360228485957682,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":22995,"flow_dst_tot_l4_payload_len":18623,"midstream":0,"thread_ts_usec":1360228485957682,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":154,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228522817624,"flow_dst_last_pkt_time":1360228522818134,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":28272,"flow_dst_tot_l4_payload_len":23795,"midstream":0,"thread_ts_usec":1360228522818134,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":224,"flow_dst_packets_processed":192,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228557159010,"flow_dst_last_pkt_time":1360228557159568,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":33486,"flow_dst_tot_l4_payload_len":28699,"midstream":0,"thread_ts_usec":1360228557159568,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -36,7 +36,7 @@ 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":371,"flow_dst_packets_processed":337,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228942890883,"flow_dst_last_pkt_time":1360228942891404,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":51973,"flow_dst_tot_l4_payload_len":46675,"midstream":0,"thread_ts_usec":1360228942891404,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01189{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":910,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":423,"flow_dst_packets_processed":390,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228984799284,"flow_dst_last_pkt_time":1360228984799441,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":57434,"flow_dst_tot_l4_payload_len":52234,"midstream":0,"thread_ts_usec":1360228984799441,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01187{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":961,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":448,"flow_dst_packets_processed":415,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228988973603,"flow_dst_last_pkt_time":1360228988973740,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":83334,"flow_dst_tot_l4_payload_len":78134,"midstream":0,"thread_ts_usec":1360228988973740,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":961,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":961,"packets-processed":863,"total-skipped-flows":0,"total-l4-payload-len":161468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":26,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1360228988973740} +00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":961,"source":"cfgs\/default\/pcap\/icmp-tunnel.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":961,"packets-processed":863,"total-skipped-flows":0,"total-l4-payload-len":161468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":26,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1360228988973740} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 961/863 ~~ skipped flows.............: 0 @@ -45,9 +45,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7791780 bytes -~~ total memory freed........: 7791780 bytes -~~ total allocations/frees...: 147234/147234 +~~ total memory allocated....: 11500399 bytes +~~ total memory freed........: 11500399 bytes +~~ total allocations/frees...: 217488/217488 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 572 chars ~~ json string max len.......: 2482 chars diff --git a/test/results/default/iec60780-5-104.pcap.out b/test/results/default/iec60780-5-104.pcap.out index 67b8fb8d6..e0611be09 100644 --- a/test/results/default/iec60780-5-104.pcap.out +++ b/test/results/default/iec60780-5-104.pcap.out @@ -1,5 +1,5 @@ -00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1219992231267238} +00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1219992231267238} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1219992231267238,"flow_src_last_pkt_time":1219992231267238,"flow_dst_last_pkt_time":1219992231267238,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992231267238,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1219992231267238,"flow_dst_last_pkt_time":1219992231267238,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992231267238,"pkt":"ABXFGNTMABNy14eKCABFAAAwbS5AAIAGRKWsG\/htrBv4TwYgCWR6t61JAAAAAHAC\/\/8CpgAAAgQFtAEBBAI="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1219992231267238,"flow_dst_last_pkt_time":1219992231267345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1219992231267345,"pkt":"ABNy14eKABXFGNTMCABFAAAwQVVAAIAGcH6sG\/hPrBv4bQlkBiDrZdPBeretSnAS\/\/9DbQAAAgQFtAEBBAI="} @@ -45,12 +45,12 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1219992819944348,"flow_dst_last_pkt_time":1219992819943016,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992819944348,"pkt":"ABXFGNTMABNy14eKCABFAAAubkZAAIAGQ4+sG\/htrBv4TwYqCWRBsBqQ+cLui1AY\/\/+jsAAAaAQHAAAA"} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1219992819942883,"flow_src_last_pkt_time":1219992819944348,"flow_dst_last_pkt_time":1219992819943016,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1219992819944348,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1219992819944348,"flow_dst_last_pkt_time":1219992819947305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1219992819947305,"pkt":"ABNy14eKABXFGNTMCABFAAAuQZdAAIAGcD6sG\/hPrBv4bQlkBir5wu6LQbAallAY\/\/lJFQAAaAQLAAAA"} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-payload-len":343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1219992852463357} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-payload-len":343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1219992852463357} 00983{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":10,"flow_first_seen":1219992590188368,"flow_src_last_pkt_time":1219992781349438,"flow_dst_last_pkt_time":1219992781349461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":6,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":1219992910077446,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1219992782348776,"flow_src_last_pkt_time":1219992818955088,"flow_dst_last_pkt_time":1219992818955112,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":17,"flow_dst_max_l4_payload_len":6,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":6,"midstream":0,"thread_ts_usec":1219992961194617,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 02254{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1219992819942883,"flow_src_last_pkt_time":1219992991664467,"flow_dst_last_pkt_time":1219992991860370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":94,"flow_dst_tot_l4_payload_len":207,"midstream":0,"thread_ts_usec":1219992991860370,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":133,"avg":11085131.0,"max":32516052,"stddev":10877058.0,"var":118310385483776.0,"ent":4.1,"data": [133,283,1182,4289,153898,32516052,32485009,17329020,17462619,171223,19844571,20033163,171510,19860294,20118307,25436246,25352045,204330,19828922,20215237,5341755,5765246,10455867,10671339,13934,15202,139861,131307,218735,19641453,20056039]},"pktlen": {"min":40,"avg":51.6,"max":104,"stddev":11.5,"var":132.4,"ent":5.0,"data": [48,48,46,46,46,46,56,46,56,104,46,46,56,46,46,40,56,62,46,46,40,56,46,56,62,56,62,46,63,46,46,40]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1],"entropies": [4.558206558,4.926427364,4.435436726,4.740953922,4.740953445,4.478915215,4.605515957,4.522393703,4.811381817,4.822690010,4.522393703,4.922443390,4.864342690,4.462504864,4.862554550,4.781687260,5.115302563,5.039213181,4.478915215,4.878964901,4.781687260,4.824862003,4.478915215,5.079588413,4.986872673,4.972445488,4.999047756,4.478915215,4.964986324,4.478915215,4.922443390,4.781687260]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00986{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":19,"flow_first_seen":1219992819942883,"flow_src_last_pkt_time":1219993055118751,"flow_dst_last_pkt_time":1219993055118603,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":154,"flow_dst_tot_l4_payload_len":263,"midstream":0,"thread_ts_usec":1219993055118751,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IEC60870","proto_id":"245","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":147,"packets-processed":147,"total-skipped-flows":0,"total-l4-payload-len":748,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1219993055118751} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/iec60780-5-104.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":147,"packets-processed":147,"total-skipped-flows":0,"total-l4-payload-len":748,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1219993055118751} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 147/147 ~~ skipped flows.............: 0 @@ -59,9 +59,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7781756 bytes -~~ total memory freed........: 7781756 bytes -~~ total allocations/frees...: 146573/146573 +~~ total memory allocated....: 11490295 bytes +~~ total memory freed........: 11490295 bytes +~~ total allocations/frees...: 216827/216827 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 540 chars ~~ json string max len.......: 2259 chars diff --git a/test/results/default/imap-starttls.pcap.out b/test/results/default/imap-starttls.pcap.out index 05eb484b1..97a3ad42f 100644 --- a/test/results/default/imap-starttls.pcap.out +++ b/test/results/default/imap-starttls.pcap.out @@ -1,5 +1,5 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1437584567812552} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1437584567812552} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437584567812552,"flow_src_last_pkt_time":1437584567812552,"flow_dst_last_pkt_time":1437584567812552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437584567812552,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1437584567812552,"flow_dst_last_pkt_time":1437584567812552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1437584567812552,"pkt":"kFmvW2bUaKhtGGkOCABFAABAc8pAAEAGDnPAqBE11OMRusHoAI+CJObQAAAAALAC\/\/\/XTwAAAgQFtAEDAwQBAQgKKoxROgAAAAAEAgAA"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1437584567812552,"flow_dst_last_pkt_time":1437584568002342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1437584568002342,"pkt":"aKhtGGkOkFmvW2bUCABFIAA0AABAADAGkinU4xG6wKgRNQCPwehPqEW7giTm0YASPryvAAAAAgQFtAQCAwMKAAAA"} @@ -13,7 +13,7 @@ 02001{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1437584567812552,"flow_src_last_pkt_time":1437584570639554,"flow_dst_last_pkt_time":1437584570828629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":318,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":5653,"midstream":0,"thread_ts_usec":1437584570828629,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":188486.4,"max":1677753,"stddev":378167.8,"var":143010873344.0,"ent":3.3,"data": [189790,189950,188317,188305,133,192463,259,192553,155,186504,9,186418,431,197380,166,197053,2043,207,2163,90,3747,191586,187876,1486951,1677753,168,190848,49,279,1,189432]},"pktlen": {"min":40,"avg":235.2,"max":1500,"stddev":424.6,"var":180326.2,"ent":3.6,"data": [64,52,40,311,40,54,46,267,40,52,72,46,40,358,1500,1500,40,1500,622,40,40,166,91,40,79,119,71,40,40,71,40,46]},"bins": {"c_to_s": [15,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,1,0,0,0,1,0,0,1,1,0,0,0,0,1],"entropies": [4.577819824,4.737868309,4.461769104,5.374657631,4.734183788,5.080696583,4.457919598,5.160151482,4.684183598,5.024262428,5.301461220,4.501398087,4.784183979,5.382153988,6.856912613,7.178915024,4.665312290,7.104553223,7.666580677,4.403056622,4.684184551,6.516188145,5.466528416,4.684184074,5.702392578,6.104408741,5.134844303,4.665312290,4.734184265,5.452422619,4.492897511,3.926021099]}} 01307{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1437584567812552,"flow_src_last_pkt_time":1437584570639554,"flow_dst_last_pkt_time":1437584570828629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":318,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":5653,"midstream":0,"thread_ts_usec":1437584570828629,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01337{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1437584567812552,"flow_src_last_pkt_time":1437584570639554,"flow_dst_last_pkt_time":1437584570828629,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":318,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":5653,"midstream":0,"thread_ts_usec":1437584570828629,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":6193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1437584570828629} +00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap-starttls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":6193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1437584570828629} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 ~~ skipped flows.............: 0 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7786077 bytes -~~ total memory freed........: 7786077 bytes -~~ total allocations/frees...: 146415/146415 +~~ total memory allocated....: 11494696 bytes +~~ total memory freed........: 11494696 bytes +~~ total allocations/frees...: 216669/216669 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 535 chars ~~ json string max len.......: 2006 chars diff --git a/test/results/default/imap.pcap.out b/test/results/default/imap.pcap.out index 282d0fa6c..9e6ede91e 100644 --- a/test/results/default/imap.pcap.out +++ b/test/results/default/imap.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1213095262213846} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1213095262213846} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213095262213846,"flow_src_last_pkt_time":1213095262213846,"flow_dst_last_pkt_time":1213095262213846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213095262213846,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1213095262213846,"flow_dst_last_pkt_time":1213095262213846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1213095262213846,"pkt":"AASWJ8g6ABUXJM1lCABFAAA8nkhAAEAGgSAKKAQCCigDArPdAI+IaqplAAAAAKACFtDwZgAAAgQFtAQCCAoKDDQtAAAAAAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1213095262213846,"flow_dst_last_pkt_time":1213095262213972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1213095262213972,"pkt":"ABUXJM1lAASWJ8g6CABFAAA8VURAAH8GiyQKKAMCCigEAgCPs903+0YNiGqqZqASIAAxdQAAAgQFtAEDAwgEAggKAoc1IAoMNC0="} @@ -9,7 +9,7 @@ 01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1213095262213846,"flow_src_last_pkt_time":1213095266594138,"flow_dst_last_pkt_time":1213095262264097,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":65,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":1213095266594138,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IMAP","proto_id":"4","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","imap": {"user":"samir","password":"pfres","auth_failed":0}}} 02377{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1213095262213846,"flow_src_last_pkt_time":1213095266780228,"flow_dst_last_pkt_time":1213095266780369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":696,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":1401,"midstream":0,"thread_ts_usec":1213095266780369,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":88,"avg":294609.8,"max":4331408,"stddev":1060070.4,"var":1123749068800.0,"ent":1.4,"data": [126,150,12887,12906,231,444,36852,36794,135,4330018,4331408,1394,16846,17272,39867,39540,93,199,596,39710,39393,88,905,1344,39009,38693,107,104,10836,47768,37190]},"pktlen": {"min":52,"avg":101.9,"max":748,"stddev":125.9,"var":15857.5,"ent":4.4,"data": [60,60,52,94,52,71,117,52,84,52,78,79,52,72,73,52,109,52,72,73,52,109,52,73,64,52,311,52,125,164,52,748]},"bins": {"c_to_s": [18,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,4,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1],"entropies": [4.466519356,4.994044781,4.884933472,5.545080185,4.923395157,5.188045025,5.565508366,4.846471786,5.532327652,4.923395157,5.445330620,5.491897583,4.961857319,5.242550373,5.321550369,4.892440796,5.645212650,4.899451256,5.225256920,5.331891060,4.961856842,5.594664574,4.961857319,5.357347012,5.240169048,4.961857319,5.602889538,4.923395157,5.631970406,5.824433327,4.923395157,5.541430473]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IMAP","proto_id":"4","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}} 01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":13,"flow_first_seen":1213095262213846,"flow_src_last_pkt_time":1213095266780387,"flow_dst_last_pkt_time":1213095266780369,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":696,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":1401,"midstream":0,"thread_ts_usec":1213095266780387,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IMAP","proto_id":"4","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":1580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1213095266780387} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/imap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":1580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1213095266780387} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 33/33 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769786 bytes -~~ total memory freed........: 7769786 bytes -~~ total allocations/frees...: 146406/146406 +~~ total memory allocated....: 11478405 bytes +~~ total memory freed........: 11478405 bytes +~~ total allocations/frees...: 216660/216660 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 543 chars ~~ json string max len.......: 2382 chars diff --git a/test/results/default/imaps.pcap.out b/test/results/default/imaps.pcap.out index e42506f10..54c7a9523 100644 --- a/test/results/default/imaps.pcap.out +++ b/test/results/default/imaps.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1590857744659641} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1590857744659641} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744659641,"flow_dst_last_pkt_time":1590857744659641,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1590857744659641,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1590857744659641,"flow_dst_last_pkt_time":1590857744659641,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1590857744659641,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+f\/AqAEIp2PXpMVKA+HRNM\/NAAAAALAC\/\/\/ajwAAAgQFtAEDAwUBAQgKFE2dOQAAAAAEAgAA"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1590857744659641,"flow_dst_last_pkt_time":1590857744706356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1590857744706356,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBgSnY9ekwKgBCAPhxUrMi6La0TTPzqAS\/ojr6QAAAgQFrAQCCAqpw+fsFE2dOQEDAwc="} @@ -9,7 +9,7 @@ 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1590857744710196,"flow_dst_last_pkt_time":1590857744749621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1590857744749621,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0NrtAADQGz1CnY9ekwKgBCAPhxUrMi6Lb0TTQsYAQAfwWAAAAAQEICqnD6BkUTZ1k"} 01074{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744710196,"flow_dst_last_pkt_time":1590857744765146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1590857744765146,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS.ntop","proto_id":"51.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01074{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744710196,"flow_dst_last_pkt_time":1590857744765232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":2880,"midstream":0,"thread_ts_usec":1590857744765232,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS.ntop","proto_id":"51.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":3856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1610477173150912} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":3856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1610477173150912} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477173150912,"flow_src_last_pkt_time":1610477173150912,"flow_dst_last_pkt_time":1610477173150912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477173150912,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":51529,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1610477173150912,"flow_dst_last_pkt_time":1610477173150912,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1610477173150912,"pkt":"AAAAAAAAAAUA1\/WMCABFAABAAABAAEAGZgTAqAABCgoKAclJA+FNynXdAAAAALAC\/\/82MwAAAgQFggEDAwUBAQgKD7SLwQAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1610477173152406,"flow_dst_last_pkt_time":1610477173150912,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1610477173152406,"pkt":"AAAAAAAAAAwAMjBoCABFAABAAABAAD4GaATAqAABCgoKAclJA+FNynXdAAAAALAC\/\/82PQAAAgQFeAEDAwUBAQgKD7SLwQAAAAAEAgAA"} @@ -20,7 +20,7 @@ 01064{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1610477173150912,"flow_src_last_pkt_time":1610477173290274,"flow_dst_last_pkt_time":1610477173366776,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1034,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1610477173366776,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":51529,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1590857744659641,"flow_src_last_pkt_time":1590857744949604,"flow_dst_last_pkt_time":1590857744987000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":548,"flow_dst_tot_l4_payload_len":3308,"midstream":0,"thread_ts_usec":1610477173366841,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1610477173150912,"flow_src_last_pkt_time":1610477173290274,"flow_dst_last_pkt_time":1610477173366841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1034,"flow_dst_tot_l4_payload_len":2776,"midstream":0,"thread_ts_usec":1610477173366841,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":51529,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":28,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":7666,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1610477173366841} +00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/imaps.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":28,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":7666,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1610477173366841} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 28/28 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7783528 bytes -~~ total memory freed........: 7783528 bytes -~~ total allocations/frees...: 146423/146423 +~~ total memory allocated....: 11492131 bytes +~~ total memory freed........: 11492131 bytes +~~ total allocations/frees...: 216677/216677 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 543 chars ~~ json string max len.......: 1244 chars diff --git a/test/results/default/imo.pcap.out b/test/results/default/imo.pcap.out index f701a4a50..38de28203 100644 --- a/test/results/default/imo.pcap.out +++ b/test/results/default/imo.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1646579366752245} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1646579366752245} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646579366752245,"flow_src_last_pkt_time":1646579366752245,"flow_dst_last_pkt_time":1646579366752245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646579366752245,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"185.155.137.30","src_port":49207,"dst_port":36535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1646579366752245,"flow_dst_last_pkt_time":1646579366752245,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":242,"pkt_l4_len":208,"thread_ts_usec":1646579366752245,"pkt":"CL6sCxdumt9Y+uvcCABFAADkB2xAAEARIpLAqAypuZuJHsA3jrcA0NESgTwOaEjDNFXzxmxamfOGor3xFD3A7FnCXNc+hJhFKrJOPpMIHUdqj1x7ZYe+fmL104ZlZ8QSGjgMDxxGQ47M5ARZG9YmBTkKmoomp0C2r5k7+UuqXgkHofa9I06kfQJKjgPnNwBdZocQSlex2Z6G1oBdByRvxIbfLnB1AU5Z2+ssSUPzcUN05190AJa8ogAW0Cie1vmNKFuiNZVeV2v82D2eARVTcN232VacWZMHJ\/PcqQx4XLqiWe9HSh0LDQkCIZoCAAAAAAA="} 00953{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1646579366752641,"flow_dst_last_pkt_time":1646579366752245,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_usec":1646579366752641,"pkt":"CL6sCxdumt9Y+uvcCABFAAFlB21AAEARIhDAqAypuZuJHsA3jrcBUW71gkcNAABefWxEZ6P52eWWE1NsVUgX\/f\/SEU49gh0z128SrDnndBBJ7Xzv30Qrd+KJJN6jW88s97nwOxW1SXOJ19HPmvCIhrHR5EVDIS67bqqmEITlpL2AWZxihzDdfZ9+dgCuOQIy4YhI67L+NII4MlG7p6wa+Z43u8VCM7MQ94E5SdjxWl3zDFPxVycVf7KV2xCPfzi+nLVEj6bW7qHP3SW0XSDmXsZYCq\/fkVzkG6GD9VCFwOzRvPlMFOvXxrdNScJnQTp3jwA9ixJO\/EZEvZGmxF8KX1lLWK60\/AnhsK8ResfH4lG\/M+7QsKf8h+0F6\/JreyOlSKUahDlCIMAkz9CNbMMyQvDt1lT9Ujr+5G5FKQSNp7Os7CbxgGOrC+XUDj1qcRw+csAXbivPEt1405allpHSrfAa3hDWEw734vz46COasfJjrLY="} @@ -18,7 +18,7 @@ 02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1646579366752245,"flow_src_last_pkt_time":1646579368878172,"flow_dst_last_pkt_time":1646579368918568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":182,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1224,"flow_dst_max_l4_payload_len":224,"flow_src_tot_l4_payload_len":11806,"flow_dst_tot_l4_payload_len":720,"midstream":0,"thread_ts_usec":1646579368918568,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"185.155.137.30","src_port":49207,"dst_port":36535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":24,"avg":138459.7,"max":1002796,"stddev":305661.1,"var":93428727808.0,"ent":2.8,"data": [396,41304,49,43405,10843,2151,275,10533,8077,9421,9986,55709,51,24,9743,18469,13472,314,9827,9743,9558,13513,46,69283,127192,99850,16582,835382,861703,1002796,1002553]},"pktlen": {"min":38,"avg":419.4,"max":1252,"stddev":488.9,"var":239046.1,"ent":4.1,"data": [228,357,39,146,1252,1252,210,228,1252,1252,1252,1252,108,252,39,1252,38,1252,228,38,38,38,38,39,212,125,347,124,228,39,228,39]},"bins": {"c_to_s": [0,0,0,0,0,2,5,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,1,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1],"entropies": [6.951599121,7.408638477,4.155817986,6.605685711,7.827155590,7.851851463,6.958688259,6.942827225,7.823550224,7.844932079,7.851901054,7.830797195,6.188582897,7.144678593,4.053254128,7.818601608,4.339262486,7.858332157,6.930744171,4.391894341,4.391894341,4.391894341,4.391894341,4.155817986,6.930866241,6.293650627,7.455466747,6.412575722,6.928594112,4.207099915,6.941227913,4.207099915]},"ndpi": {"confidence": {"6":"DPI"},"proto":"IMO","proto_id":"216","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":37,"flow_first_seen":1646579366870607,"flow_src_last_pkt_time":1646579370069590,"flow_dst_last_pkt_time":1646579370091576,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1052,"flow_dst_max_l4_payload_len":1039,"flow_src_tot_l4_payload_len":6713,"flow_dst_tot_l4_payload_len":11506,"midstream":0,"thread_ts_usec":1646579370091576,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.33.47.58","src_port":49207,"dst_port":57604,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IMO","proto_id":"216","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":16,"flow_first_seen":1646579366752245,"flow_src_last_pkt_time":1646579369944784,"flow_dst_last_pkt_time":1646579369921382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":182,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1224,"flow_dst_max_l4_payload_len":224,"flow_src_tot_l4_payload_len":12230,"flow_dst_tot_l4_payload_len":731,"midstream":0,"thread_ts_usec":1646579370091576,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"185.155.137.30","src_port":49207,"dst_port":36535,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IMO","proto_id":"216","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":31180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1646579370091576} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/imo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":31180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1646579370091576} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7771801 bytes -~~ total memory freed........: 7771801 bytes -~~ total allocations/frees...: 146482/146482 +~~ total memory allocated....: 11480404 bytes +~~ total memory freed........: 11480404 bytes +~~ total allocations/frees...: 216736/216736 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 2199 chars diff --git a/test/results/default/instagram.pcap.out b/test/results/default/instagram.pcap.out index 54bff0012..a791b0ca9 100644 --- a/test/results/default/instagram.pcap.out +++ b/test/results/default/instagram.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1436720898354402} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1436720898354402} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720898354402,"flow_src_last_pkt_time":1436720898354402,"flow_dst_last_pkt_time":1436720898354402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720898354402,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1436720898354402,"flow_dst_last_pkt_time":1436720898354402,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1436720898354402,"pkt":"ABsv8H60QPMIw47hCABFAAA8TypAAEAGEYLAqABnrfxrBNw+AbsehKWiAAAAAKACOQjaPgAAAgQFtAQCCAoAA+qIAAAAAAEDAwY="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720898386781,"flow_src_last_pkt_time":1436720898386781,"flow_dst_last_pkt_time":1436720898386781,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1365,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1365,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1365,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1436720898386781,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -201,7 +201,7 @@ 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1436720906017091,"flow_src_last_pkt_time":1436720906024293,"flow_dst_last_pkt_time":1436720906017091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":103,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":103,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":412,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720952611635,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720906022462,"flow_src_last_pkt_time":1436720906022462,"flow_dst_last_pkt_time":1436720906022462,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":103,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":103,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":103,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720952611635,"l3_proto":"ip4","src_ip":"192.168.0.106","dst_ip":"192.168.0.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00780{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1436720906025422,"flow_src_last_pkt_time":1436720906025422,"flow_dst_last_pkt_time":1436720906025422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1436720952611635,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.255","src_port":520,"dst_port":520,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":635,"packets-processed":633,"total-skipped-flows":0,"total-l4-payload-len":408166,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":13,"total-updates":4,"current-active-flows":32,"total-active-flows":32,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":204,"global_ts_usec":1568796253770116} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":635,"packets-processed":633,"total-skipped-flows":0,"total-l4-payload-len":408166,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":13,"total-updates":4,"current-active-flows":32,"total-active-flows":32,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":204,"global_ts_usec":1568796253770116} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568796253770116,"flow_src_last_pkt_time":1568796253770116,"flow_dst_last_pkt_time":1568796253770116,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568796253770116,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1568796253770116,"flow_dst_last_pkt_time":1568796253770116,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1568796253770116,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDLAbuZigajAAAAALAC\/\/8cPAAAAgQFtAEDAwYBAQgKDXByoQAAAAAEAgAA"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1568796253770116,"flow_dst_last_pkt_time":1568796253782515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1568796253782515,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wMv1rwrBmYoGpKASbHB3qgAAAgQFeAQCCAo6Lg6wDXByoQEDAwg="} @@ -297,7 +297,7 @@ 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":6,"flow_first_seen":1568796254524506,"flow_src_last_pkt_time":1568796254539348,"flow_dst_last_pkt_time":1568796254552721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":932,"flow_dst_tot_l4_payload_len":2243,"midstream":0,"thread_ts_usec":1568796268054084,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":10,"flow_first_seen":1568796265146962,"flow_src_last_pkt_time":1568796265177487,"flow_dst_last_pkt_time":1568796265178429,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1014,"flow_dst_tot_l4_payload_len":6430,"midstream":0,"thread_ts_usec":1568796268054084,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1568796265147078,"flow_src_last_pkt_time":1568796265178757,"flow_dst_last_pkt_time":1568796265176036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":526,"flow_dst_max_l4_payload_len":222,"flow_src_tot_l4_payload_len":1014,"flow_dst_tot_l4_payload_len":222,"midstream":0,"thread_ts_usec":1568796268054084,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":847,"packets-processed":846,"total-skipped-flows":0,"total-l4-payload-len":530270,"total-not-detected-flows":1,"total-guessed-flows":7,"total-detected-flows":30,"total-detection-updates":19,"total-updates":4,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":300,"global_ts_usec":1568796268054084} +00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":847,"source":"cfgs\/default\/pcap\/instagram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":847,"packets-processed":846,"total-skipped-flows":0,"total-l4-payload-len":530270,"total-not-detected-flows":1,"total-guessed-flows":7,"total-detected-flows":30,"total-detection-updates":19,"total-updates":4,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":300,"global_ts_usec":1568796268054084} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 847/846 ~~ skipped flows.............: 0 @@ -306,9 +306,9 @@ ~~ total active/idle flows...: 38/38 ~~ total timeout flows.......: 8 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8010283 bytes -~~ total memory freed........: 8010283 bytes -~~ total allocations/frees...: 147748/147748 +~~ total memory allocated....: 11718310 bytes +~~ total memory freed........: 11718310 bytes +~~ total allocations/frees...: 218002/218002 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 547 chars ~~ json string max len.......: 2493 chars diff --git a/test/results/default/ip_fragmented_garbage.pcap.out b/test/results/default/ip_fragmented_garbage.pcap.out index 2793be710..2e529f365 100644 --- a/test/results/default/ip_fragmented_garbage.pcap.out +++ b/test/results/default/ip_fragmented_garbage.pcap.out @@ -1,5 +1,5 @@ -00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1534244024697756} +00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1534244024697756} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534244024697756,"flow_src_last_pkt_time":1534244024697756,"flow_dst_last_pkt_time":1534244024697756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1534244024697756,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1534244024697756,"flow_dst_last_pkt_time":1534244024697756,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4mKigpKComXiUkI0AjJCUpOAAA"} 00328{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697792,"packet_id":2,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697792} @@ -148,7 +148,7 @@ 00785{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534244027129094,"flow_src_last_pkt_time":1534244027129094,"flow_dst_last_pkt_time":1534244027129094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1534244033211391,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00874{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534244031080090,"flow_src_last_pkt_time":1534244031080090,"flow_dst_last_pkt_time":1534244031080090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1534244033211391,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00786{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534244031080090,"flow_src_last_pkt_time":1534244031080090,"flow_dst_last_pkt_time":1534244031080090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1534244033211391,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9077,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":9077,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":80,"total-not-detected-flows":29,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":151,"global_ts_usec":1534244033215628} +00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9077,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":9077,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":80,"total-not-detected-flows":29,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":151,"global_ts_usec":1534244033215628} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9077/29 ~~ skipped flows.............: 0 @@ -157,9 +157,9 @@ ~~ total active/idle flows...: 29/29 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7826926 bytes -~~ total memory freed........: 7826926 bytes -~~ total allocations/frees...: 146679/146679 +~~ total memory allocated....: 11535097 bytes +~~ total memory freed........: 11535097 bytes +~~ total allocations/frees...: 216933/216933 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 333 chars ~~ json string max len.......: 879 chars diff --git a/test/results/default/iphone.pcap.out b/test/results/default/iphone.pcap.out index f65e58c0d..896540e4f 100644 --- a/test/results/default/iphone.pcap.out +++ b/test/results/default/iphone.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1582454552576659} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1582454552576659} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454552576659,"flow_src_last_pkt_time":1582454552576659,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":510,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":510,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454552576659,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1582454552576659,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"thread_ts_usec":1582454552576659,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaAFkAAEAR8inAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1582454552576659,"flow_src_last_pkt_time":1582454552576659,"flow_dst_last_pkt_time":1582454552576659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":510,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":510,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454552576659,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -354,7 +354,7 @@ 00943{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1582454595354550,"flow_src_last_pkt_time":1582454599568888,"flow_dst_last_pkt_time":1582454595354550,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454598713167,"flow_src_last_pkt_time":1582454598713167,"flow_dst_last_pkt_time":1582454598755439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiCloud","proto_id":"5.143","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1582454599929249,"flow_src_last_pkt_time":1582454599929249,"flow_dst_last_pkt_time":1582454599930239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":199,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":199,"midstream":0,"thread_ts_usec":1582454600748726,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.AppleiTunes","proto_id":"5.145","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":500,"packets-processed":486,"total-skipped-flows":0,"total-l4-payload-len":190360,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":50,"total-detection-updates":41,"total-updates":0,"current-active-flows":0,"total-active-flows":51,"total-idle-flows":51,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":357,"global_ts_usec":1582454600748726} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/iphone.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":500,"packets-processed":486,"total-skipped-flows":0,"total-l4-payload-len":190360,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":50,"total-detection-updates":41,"total-updates":0,"current-active-flows":0,"total-active-flows":51,"total-idle-flows":51,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":357,"global_ts_usec":1582454600748726} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 500/486 ~~ skipped flows.............: 0 @@ -363,9 +363,9 @@ ~~ total active/idle flows...: 51/51 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8290852 bytes -~~ total memory freed........: 8290852 bytes -~~ total allocations/frees...: 147687/147687 +~~ total memory allocated....: 11998671 bytes +~~ total memory freed........: 11998671 bytes +~~ total allocations/frees...: 217941/217941 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 528 chars ~~ json string max len.......: 3949 chars diff --git a/test/results/default/ipp.pcap.out b/test/results/default/ipp.pcap.out index 6dd5be5af..3b355b1a6 100644 --- a/test/results/default/ipp.pcap.out +++ b/test/results/default/ipp.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1210953938216729} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1210953938216729} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1210953938217203,"flow_src_last_pkt_time":1210953938217203,"flow_dst_last_pkt_time":1210953938217203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1210953938217203,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1210953938217203,"flow_dst_last_pkt_time":1210953938217203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1210953938217203,"pkt":"ABJ5gGlgABtjmL82CABFAAA84QBAAEAGMHwKCgoxCgoK+9gtAnfcBg8oAAAAAKACFtBTiQAAAgQFtAQCCAoAa+4oAAAAAAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1210953938217203,"flow_dst_last_pkt_time":1210953938217778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1210953938217778,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8U54AAEAG\/d4KCgr7CgoKMQJ32C21dp4B3AYPKaASFtAViwAAAgQFtAEDAwABAQgKAFjtJABr7ig="} @@ -25,7 +25,7 @@ 01226{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1210953938217203,"flow_src_last_pkt_time":1210953938237615,"flow_dst_last_pkt_time":1210953938237601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":430,"flow_dst_tot_l4_payload_len":501,"midstream":0,"thread_ts_usec":1210953939492942,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01232{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":150,"flow_dst_packets_processed":84,"flow_first_seen":1210953938235230,"flow_src_last_pkt_time":1210953939433071,"flow_dst_last_pkt_time":1210953939433061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2896,"flow_dst_max_l4_payload_len":201,"flow_src_tot_l4_payload_len":227621,"flow_dst_tot_l4_payload_len":370,"midstream":0,"thread_ts_usec":1210953939492942,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01227{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1210953939430652,"flow_src_last_pkt_time":1210953939492942,"flow_dst_last_pkt_time":1210953939492928,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":267,"flow_src_tot_l4_payload_len":730,"flow_dst_tot_l4_payload_len":572,"midstream":0,"thread_ts_usec":1210953939492942,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":279,"packets-processed":277,"total-skipped-flows":0,"total-l4-payload-len":230224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1210953939492942} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":279,"packets-processed":277,"total-skipped-flows":0,"total-l4-payload-len":230224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1210953939492942} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 279/277 ~~ skipped flows.............: 0 @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7779289 bytes -~~ total memory freed........: 7779289 bytes -~~ total allocations/frees...: 146682/146682 +~~ total memory allocated....: 11487876 bytes +~~ total memory freed........: 11487876 bytes +~~ total allocations/frees...: 216936/216936 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 541 chars ~~ json string max len.......: 2404 chars diff --git a/test/results/default/ipsec_isakmp_esp.pcap.out b/test/results/default/ipsec_isakmp_esp.pcap.out index fe8bb497f..9c55d389d 100644 --- a/test/results/default/ipsec_isakmp_esp.pcap.out +++ b/test/results/default/ipsec_isakmp_esp.pcap.out @@ -1,5 +1,5 @@ -00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946744635161000} +00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946744635161000} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946744635161000,"flow_dst_last_pkt_time":946744635161000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":816,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":816,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":816,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946744635161000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946744635161000,"flow_dst_last_pkt_time":946744635161000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":858,"pkt_l4_len":824,"thread_ts_usec":946744635161000,"pkt":"eJS0JASgYDjgxTWgCABFAANMRLRAAD8RBzLAqAJkbe27wTikEZQDOKGBAAAAALZO8yExpIlShrq9OQSIaVUuICMIAAAAAQAAAywjAAMQxP+M24ss5zxVviUOnYt8V91Yfad7H5TKYI1AzQJmVQ1775vqK4lAOGdGsvlvOkX2Namze+gxnoVLyUAsp8SwHxJQwtql3LAOZXSDDfTnjzJHUODCqYiBpOt6uikxP095kw8q3tMwzSSPxcuj7XnW6PzRBCGEtG5neD4sVk+l1JkUVcikyt4uOcC\/FA8QvmxhLpkegjtMpjAsxLE3vpMBtiZj+zT0jhYqc9k6vSPwaeAn85HWGyImbG4DzrmeTU5UQgHG42GPzTrJc4WLmObte9S00AsQVQ9A9LBK7HPddpmzlyoydy05a7OrcGa87mSenEZtlJg6Srp22ovHxgUAaNXH5mPObtMfqQ\/ZO07eMESAHqJ0a5Gd6IHROQKUZIGLAHdP0GpNPOgz2hcQhC5MCG8SlPoyqs7YHAhIq7dkn82ncfrQg5LG4rFBalatIKS6za3YCBaUd6HgjP76noPl8Do6aqlBwL8fyDSwzzm05t4rCUJTqDfHbdLklbf0nPbCgstxAP6c4hbiTTjn\/qk7utZRt9YQcbWpqDJcanmCdmb1nL0mJbhqNJKT0laV1UV3x3fjRglRQgmAhhs2hUSJo0d4NihfES7R2EorTgVqgQI4yo5XdLXhVuIgKP4Ku8zRjlfJmEVoLMy3a7RLdjn6RWIc0T1R9cczYK8i8MjgqoZquR76DAlISwr878UZk6Dw9jKHBkUClj00siMfCWOzBAbTMxpNKDHfy5dB\/OC4DjkU8Jx5Ww4kZ1bGo0YToz8QCnkfhb905KjwaC0BtYJKhTYqKepBpdMk1ABAYnlGAgpGml\/BnBm2gK1KR+5V00l\/SciWQJHFxEldf+2DOoJtw884NKtF1vFW7EhPfWqLyLXCFeo6LZks4jdktwG9EUQtt4BLPuvVyXAU3LtPeLt60tAwN\/SuEqqQh6CheihsGUzntaWNdK9vF\/rZwhofpjFdB6Jch8YOvyjSwYpP+j6pyZmT7Nw0n6FlxB2xOH4XiWJP3RrVBIW46wWavhUPTR1GC0LhX7Jubx5eaacA"} 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946744635161000,"flow_dst_last_pkt_time":946744635161000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":816,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":816,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":816,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946744635161000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -16,13 +16,13 @@ 01561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":946744683923000,"flow_dst_last_pkt_time":946744638499000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946744683923000,"pkt":"eJS0JASgYDjgxTWgCABFAAMkUf9AAD8R+g7AqAJkbe27wSkEAfQDEIC\/ptvAsDZxz3MAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAKPdYigCp+92KcKsuEXZlhnHEhuifLSZc8ZATBK6Am\/FFkwLlLxi01\/su8846WqabjAARNRwfB5z5193Pwphmzmp266RnBoUl\/3pz4mlU\/n9muh+gHNxHK+YFKeysDnwZmLXN750iFjSq5jxx6VyhfOwRA8rRoUTc\/7ouz932qxpKQAAJLQ7vRlmydL+Ul7bbDT08bC8+Hw80zjeO6j+Uiw0ZsUfKQAAHAAAQAQxxY4jLA7mgVTyahplR1WBbxOGLAAAABwAAEAFT\/jiVZwITEymCyywlo+4FnUs+\/Q="} 01099{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946744638478000,"flow_dst_last_pkt_time":946744638499000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":416,"flow_src_tot_l4_payload_len":6820,"flow_dst_tot_l4_payload_len":1232,"midstream":0,"thread_ts_usec":946744683994000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01097{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946744638499000,"flow_src_last_pkt_time":946744683965000,"flow_dst_last_pkt_time":946744683994000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946744683994000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":11884,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":946745300340000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":11884,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":946745300340000} 01103{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946745301909000,"flow_dst_last_pkt_time":946745301906000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":11540,"flow_dst_tot_l4_payload_len":3360,"midstream":0,"thread_ts_usec":946745301909000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01098{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946744638499000,"flow_src_last_pkt_time":946745300381000,"flow_dst_last_pkt_time":946745300411000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946745301909000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 02368{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946745723299000,"flow_dst_last_pkt_time":946745723443000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":12356,"flow_dst_tot_l4_payload_len":3648,"midstream":0,"thread_ts_usec":946745723443000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":70207096.0,"max":662067000,"stddev":185660096.0,"var":34469670203424768.0,"ent":2.0,"data": [122000,677000,771000,222000,34000,2372000,0,1000,23000,2387000,0,0,22000,24000,661960000,662067000,681000,743000,195000,34000,407000,0,0,421000,0,4000,138000,188000,12771000,421390000,408766000]},"pktlen": {"min":108,"avg":528.1,"max":1360,"stddev":468.7,"var":219671.5,"ent":4.5,"data": [844,236,140,108,124,444,1360,1360,928,1360,160,160,160,928,160,844,236,140,108,124,444,1360,1360,928,160,160,160,1056,160,108,844,236]},"bins": {"c_to_s": [0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0],"s_to_c": [0,0,3,0,7,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1],"entropies": [7.741627216,6.965078831,6.116603374,5.779674053,6.059063911,7.410885334,7.860165119,7.863566875,7.772638798,7.854592800,6.636003017,6.657938480,6.612657070,7.764769077,6.596687317,7.754736900,6.881987095,6.222157478,5.801217556,6.004589081,7.442288876,7.852550507,7.852631569,7.794322968,6.638905048,6.506283283,6.772091866,7.817639828,6.695438385,5.748310089,7.756398201,6.820323944]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01103{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":22,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946745725650000,"flow_dst_last_pkt_time":946745725647000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":16260,"flow_dst_tot_l4_payload_len":5568,"midstream":0,"thread_ts_usec":946745725650000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01098{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":946744638499000,"flow_src_last_pkt_time":946745723231000,"flow_dst_last_pkt_time":946745723263000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":6304,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":946745725650000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":62,"packets-processed":61,"total-skipped-flows":0,"total-l4-payload-len":29572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":6,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":946747247312000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":62,"packets-processed":61,"total-skipped-flows":0,"total-l4-payload-len":29572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":6,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":946747247312000} 01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":946744638499000,"flow_src_last_pkt_time":946745723231000,"flow_dst_last_pkt_time":946745723263000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":6304,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":946747248846000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01103{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":30,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946747248846000,"flow_dst_last_pkt_time":946747248843000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":20980,"flow_dst_tot_l4_payload_len":7776,"midstream":0,"thread_ts_usec":946747248846000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946747261671000,"flow_src_last_pkt_time":946747261671000,"flow_dst_last_pkt_time":946747261671000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946747261671000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -34,7 +34,7 @@ 01554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":946747358471000,"flow_dst_last_pkt_time":946747261671000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946747358471000,"pkt":"eJS0JASgYDjgxTWgCABFAAMky5lAAD8RgHTAqAJkbe27wSkEAfQDENE8Xx5ARHc3sUwAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALUzPvLATEvPAmt1+v3XgV5BrU6J8VIxBpzDlj7BbeRNWAeR+8a6CYsZa06yqW3zsF6dcdKcWUe6Yw5aaNYgBvSZpq61fWVMVSdZ8vTOeYSlweaX2ssPB\/CLmB1N5ipdRNjAgrEkk9c1K4SgeaBkstUpKGoCBtx3xfTXB+gmzf1VKQAAJNNNASfat4S6z1UcMvvGsu3JcFrPuvzdGt3NKTAK0PVQKQAAHAAAQASzXyQsxaFEsHhWCH0QAz432xWiKQAAABwAAEAFGLDWKxL5PHcyhK2S4pdCoubwZjU="} 01103{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":31,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946747248846000,"flow_dst_last_pkt_time":946747261671000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":20980,"flow_dst_tot_l4_payload_len":7856,"midstream":0,"thread_ts_usec":946747358542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01097{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946747261671000,"flow_src_last_pkt_time":946747358511000,"flow_dst_last_pkt_time":946747358542000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946747358542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":85,"packets-processed":84,"total-skipped-flows":0,"total-l4-payload-len":40332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":946748116878000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":85,"packets-processed":84,"total-skipped-flows":0,"total-l4-payload-len":40332,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":946748116878000} 01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":31,"flow_first_seen":946744635161000,"flow_src_last_pkt_time":946747248846000,"flow_dst_last_pkt_time":946747261671000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":20980,"flow_dst_tot_l4_payload_len":7856,"midstream":0,"thread_ts_usec":946748116945000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01098{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946747261671000,"flow_src_last_pkt_time":946748116917000,"flow_dst_last_pkt_time":946748116945000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946748116945000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946748252067000,"flow_src_last_pkt_time":946748252067000,"flow_dst_last_pkt_time":946748252067000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":816,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":816,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":816,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946748252067000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -61,11 +61,11 @@ 01559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":946748298621000,"flow_dst_last_pkt_time":946748266345000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946748298621000,"pkt":"eJS0JASgYDjgxTWgCABFAAMk81pAAD8RWLHAqAJkbe27wykEAfQDEL4wXlzqAsgd3NEAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAABGkLDJYlvimMVikZIJao0l8nDn5kMqeV19l95wHRHg9qC4yVoqQEAO1wxZCuFKvX1LBIU3s3wsGe2N4evBpjao\/Pny14kuwEp6ydRCF3auK2xgcGKEllo4hRl7tYj+cK0SHIn+CMGzAqT3kd2PlYpMZaQJfJG+3Ev+EkkpdUOoeKQAAJP6NnJfRkTTcKCv\/VqdU4oNffpYomKHKD1rwmiNSWBc0KQAAHAAAQATpeanOKc+14oR62Hrez\/POQ4Wy9QAAABwAAEAF\/Ci4af9LO9\/uVfyqcmROV6J9p6c="} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946747261671000,"flow_src_last_pkt_time":946748116917000,"flow_dst_last_pkt_time":946748116945000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946748298684000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01101{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":946748252067000,"flow_src_last_pkt_time":946748253414000,"flow_dst_last_pkt_time":946748266345000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":4720,"flow_dst_tot_l4_payload_len":2208,"midstream":0,"thread_ts_usec":946748298684000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":127,"packets-processed":126,"total-skipped-flows":0,"total-l4-payload-len":59936,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":12,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_usec":946748870137000} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":127,"packets-processed":126,"total-skipped-flows":0,"total-l4-payload-len":59936,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":12,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_usec":946748870137000} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":946748266345000,"flow_src_last_pkt_time":946748266345000,"flow_dst_last_pkt_time":946748266345000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":4720,"flow_dst_tot_l4_payload_len":2208,"midstream":0,"thread_ts_usec":946748871542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01103{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":15,"flow_first_seen":946748252067000,"flow_src_last_pkt_time":946748871542000,"flow_dst_last_pkt_time":946748871538000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9440,"flow_dst_tot_l4_payload_len":4336,"midstream":0,"thread_ts_usec":946748871542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01099{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946748266345000,"flow_src_last_pkt_time":946748870175000,"flow_dst_last_pkt_time":946748870202000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946748871542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":68780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":68,"global_ts_usec":946749778334000} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":68780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":68,"global_ts_usec":946749778334000} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946749778334000,"flow_src_last_pkt_time":946749778334000,"flow_dst_last_pkt_time":946749778334000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946749778334000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":946749778334000,"flow_dst_last_pkt_time":946749778334000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946749778334000,"pkt":"eJS0JASgYDjgxTWgCABFAAMk5zNAAD8RZNnAqAJkbe27wikEAfQDEPyMUUmluBAEMEQAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAEoKTmI3ubu6ZxWhplC\/I3GrOhdR2Ahrzg1cl5K7CGOqmD9LmmvBVQSrauKwYuvsfoAIPoWocHQoMo7f5ymv4IPWL+HbeAEosPePp10VCe7il3eMSwG\/INdrGrGu21qwlO\/+efSCGs3uGrG1SV6gA+E\/oPdzfBUNqf\/aMnkpkFwcKQAAJMgQNb6ePi189Vo1zI09B5mQSHqhnrJrpjWKCSmy16flKQAAHAAAQATK6hMad2HUkIE350RaQYXRyGPbFgAAABwAAEAFiTzfmy4vUiSu\/dsxMvaGgLvptZw="} 01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946749778334000,"flow_src_last_pkt_time":946749778334000,"flow_dst_last_pkt_time":946749778334000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946749778334000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -81,13 +81,13 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":946749779343000,"flow_dst_last_pkt_time":946749779338000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":946749779343000,"pkt":"eJS0JASgYDjgxTWgCABFAAB8539AAD8RZzXAqAJkbe27wjikEZQAaLvWAAAAAFFJpbgQBDBELFuvwAKAaBsuICMIAAAAAwAAAFwnAABAaLDB2lNfq5sjiritMiyPVcJ5MmrNl4SJCasAkAUouZiTrZ8tDkbm1r1Trbr79D49MfumEFkLpOp1YiWs"} 01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":946748252067000,"flow_src_last_pkt_time":946748871542000,"flow_dst_last_pkt_time":946748884718000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9440,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":946749779886000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946748266345000,"flow_src_last_pkt_time":946748870175000,"flow_dst_last_pkt_time":946748870202000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946749779886000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.195","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":165,"packets-processed":164,"total-skipped-flows":0,"total-l4-payload-len":77624,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":84,"global_ts_usec":946750800427000} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":165,"packets-processed":164,"total-skipped-flows":0,"total-l4-payload-len":77624,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":84,"global_ts_usec":946750800427000} 01562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":946750802633000,"flow_dst_last_pkt_time":946749778401000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946750802633000,"pkt":"eJS0JASgYDjgxTWgCABFAAMkr8NAAD8RnEnAqAJkbe27wikEAfQDELXOkEkalVBl\/K0AAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAPyiRqRb\/A0IFjOXjhDiq5RFCImpZ68NNwcQxBZvgJzrKNK3+3xuRAJ7jQNQpEgz+2L\/Td5c14rGxSZM6w9sUYgwqqMGXpA72jiv\/4czuKxD6SbMc+8pGVZ\/1CSN9hccLjaN\/KNarwgaRjmkaTYnGsewHe4MLp6coknVTYnEyT2TKQAAJEJGvKF8VnGtvSnxxMrOeTU3kL1E+nVj3FJ6ZUXX52S9KQAAHAAAQATEmVA1Ayed3Mzf6OPwNFqxXeNCkgAAABwAAEAFVSBGs\/2jTbJ\/AAS7m7ud3qwGOy8="} 01103{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":946749778420000,"flow_src_last_pkt_time":946750802633000,"flow_dst_last_pkt_time":946750802082000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9588,"flow_dst_tot_l4_payload_len":4224,"midstream":0,"thread_ts_usec":946750802633000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01098{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946749778334000,"flow_src_last_pkt_time":946750802633000,"flow_dst_last_pkt_time":946750802633000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946750802633000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01103{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":946749778420000,"flow_src_last_pkt_time":946750802633000,"flow_dst_last_pkt_time":946750802082000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9588,"flow_dst_tot_l4_payload_len":4224,"midstream":0,"thread_ts_usec":946750900970000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01099{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":946749778334000,"flow_src_last_pkt_time":946750900940000,"flow_dst_last_pkt_time":946750900970000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":4728,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":946750900970000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":188,"packets-processed":187,"total-skipped-flows":0,"total-l4-payload-len":88340,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_usec":946752053636000} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":188,"packets-processed":187,"total-skipped-flows":0,"total-l4-payload-len":88340,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_usec":946752053636000} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946752053636000,"flow_src_last_pkt_time":946752053636000,"flow_dst_last_pkt_time":946752053636000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946752053636000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":946752053636000,"flow_dst_last_pkt_time":946752053636000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946752053636000,"pkt":"eJS0JASgYDjgxTWgCABFAAMkWWVAAD8R8ojAqAJkbe274SkEAfQDENTXeUX3Y1A5a1kAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAALThkEvRFh99w4WJc3PWJxtg4Z5V\/W3ZXRxrm6NQH9u7KE06SIwEbersniw6hQWHyxhQ\/2rtv\/KS8MHCWu0\/UpEV6GCC8Jwl2D64n3IinW1UqpoDH3zgj5vP09DAsAYR\/lGdfNJjst9m4S0ICUVBjGwV2UlMv+ec0yUwblf\/QpdFKQAAJBN5hRLS4vKI93k9Qqglp8VdaUkpxICKhR0a7HBjyUJnKQAAHAAAQATaubyY8VWsI4Z6WQt6ODtfgtlAogAAABwAAEAFkYhaxcMPMkFLeVrj\/VCjsI8u34M="} 01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946752053636000,"flow_src_last_pkt_time":946752053636000,"flow_dst_last_pkt_time":946752053636000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946752053636000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -118,11 +118,11 @@ 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":946752615801000,"flow_dst_last_pkt_time":946752615796000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":946752615801000,"pkt":"eJS0JASgYDjgxTWgCABFAAB8YjtAAD8R7LjAqAJkbe27gzikEZQAaKKDAAAAAJOFGPFj\/apXtO8xDwLcetkuICMIAAAAAwAAAFwnAABAYgQABklwqk19f3RLLUrXcdZeQThgHvokOw7ZgiIiV+xRm\/Vegbdr0vddHFArr2AxvmIdMXYfOPpikICD"} 01203{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":946752053740000,"flow_src_last_pkt_time":946752055364000,"flow_dst_last_pkt_time":946752068592000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":4720,"flow_dst_tot_l4_payload_len":2208,"midstream":0,"thread_ts_usec":946752616641000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946752053636000,"flow_src_last_pkt_time":946752053676000,"flow_dst_last_pkt_time":946752053697000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":1576,"flow_dst_tot_l4_payload_len":340,"midstream":0,"thread_ts_usec":946752616641000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.225","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":226,"packets-processed":225,"total-skipped-flows":0,"total-l4-payload-len":106028,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":121,"global_ts_usec":946753056378000} +00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":226,"packets-processed":225,"total-skipped-flows":0,"total-l4-payload-len":106028,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":121,"global_ts_usec":946753056378000} 01559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":946753056378000,"flow_dst_last_pkt_time":946752614899000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946753056378000,"pkt":"eJS0JASgYDjgxTWgCABFAAMk4A9AAD8RbDzAqAJkbe27gykEAfQDEL8VqoLIT\/EzCLAAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAOdvu1j09owjt9UvseK9VIuxoPZR\/bYWO5S4TN7oD3jev443nVodeHch6RFayzZEki5emMomRCrgNFuvlRgaeRpHEemxNYFdAWJKFtbMtNDl30\/geXBa5nSc5USTy9ixtngfOPCaTM957Vt8FfYS+xLvKJ1ZIlggi4aea4oqGzEWKQAAJB64swUSkLQn4x1pHHMTfvky6JcWpGBjhuSQsyO5UHP2KQAAHAAAQATXS05uAu8\/AgvnrnqUJli+KXDKcwAAABwAAEAFE4a6Haq4k5w5SGwuMbDqbj1ZWRI="} 01104{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":15,"flow_first_seen":946752614924000,"flow_src_last_pkt_time":946753058099000,"flow_dst_last_pkt_time":946753058095000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9440,"flow_dst_tot_l4_payload_len":4336,"midstream":0,"thread_ts_usec":946753058099000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01202{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946752614840000,"flow_src_last_pkt_time":946753056415000,"flow_dst_last_pkt_time":946753056444000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946753058099000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":245,"packets-processed":244,"total-skipped-flows":0,"total-l4-payload-len":114872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":946756085796000} +00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":245,"packets-processed":244,"total-skipped-flows":0,"total-l4-payload-len":114872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":946756085796000} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946756085796000,"flow_src_last_pkt_time":946756085796000,"flow_dst_last_pkt_time":946756085796000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":432,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946756085796000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01106{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":946756085796000,"flow_dst_last_pkt_time":946756085796000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":474,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":474,"pkt_l4_len":440,"thread_ts_usec":946756085796000,"pkt":"eJS0JASgYDjgxTWgCABFAAHMAuBAAP0RjIXAqAJkbe27wasjEZQBuEiAAAAAAFdVWmAzg3AtUnd8qAS0wgwuICMIAAAAAQAAAawjAAGQQF79b6huHtPKErITdIUO\/QjlpSHswO\/9ioYhBnLYsJUoIUmfnUpBr3Po\/OdJJVNMepzAOvSeggL2pjZTj9dKmnR3\/PM3fhBDF8NcMDQbBXvC7QxTKJZTnUfkk881X5a\/g77eRsDByk24BKRFupHgXm9JxMuUqz9AuVOnm4NBfwKTMVXjUNEQtkAzVuhsDcyqKusYnJ81cfYdIk5LwLgUQczUBvlDCka3OorgvxScDCOZppjI661UpcnKSAOl10AUzitOXX4Sf1q4\/2+eSwMmz9NIx5gR4C8OsKHWrS46IlJialinycMwsZsTGmE66+bCHIal8y8Ar1mZux6G9skkXM0\/xDcT8HX0NJm3xHn4rYAEy6+FVyThDICTkGOQ8\/OGbAHfatyTPGmM7gUHR\/CIqk2d\/5qVY\/q+N89fy1rlbMoNv1B8muSwUse4B1yQM9+HJ7F8cmircdWKEpZAIvPkrObfa2jQuXUNlIRVLPokutIPku+Rs972Lm4Ub8AH5EGOnNdgwZBbtxuUUUg4"} 01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946756085796000,"flow_src_last_pkt_time":946756085796000,"flow_dst_last_pkt_time":946756085796000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":432,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946756085796000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":43811,"dst_port":4500,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -139,7 +139,7 @@ 01147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":946756088542000,"flow_dst_last_pkt_time":946756088542000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_usec":946756088542000,"pkt":"eJS0JASgYDjgxTWgCABFAAHsAt5AAP0RjGfAqAJkbe27wasjAfQB2PjuV1VaYDODcC0AAAAAAAAAACEgIggAAAAAAAAB0CIAAFwAAABYAQEACQMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAA4DAAAIBAAABQAAAAgEAAACKAABCAAOAAASaTFF62fUXHpfs421Rj\/gYaPc2AkWEe7D1IKcm3l6qaEq6h066W69gZ+A399DYsfZndmEGgax9bhjEGbDeL91KQ5kk8G\/ZkID33MXl58dgACMQOV2mwGoscE8xtRB+E32RcQuG7Nonwhc00cnnFpxVz54FULdUSbtCVV\/NJupUcqjc6oaj9SBnERU6TDP8ODv30ZRO8RPNYMJ\/Ci\/se1NSrmxSgCJbX4M7XFLRP+h1qNGc6gcZZyTDUYfAjaqE5Mcwoz2lDCUcBdmnuShzdw+sjHtwCatv+tdhBkIHppgjI3v+rdOmcf6h4xWdhiO2fobg7Zsnzmo+WEBgaX0p7s5KQAAGFc4NCc5\/VYp3Uji1ua\/t8i0d0i9KQAAHAAAQARFpSuayCZd17VHTR3uyF2NADufcwAAABwAAEAFsrc\/ZzzlOYJlIxNu77WxSEj0O24="} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":946752614924000,"flow_src_last_pkt_time":946753058099000,"flow_dst_last_pkt_time":946753071332000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1332,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":9440,"flow_dst_tot_l4_payload_len":4416,"midstream":0,"thread_ts_usec":946756088542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":14500,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01200{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946752614840000,"flow_src_last_pkt_time":946753056415000,"flow_dst_last_pkt_time":946753056444000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":680,"midstream":0,"thread_ts_usec":946756088542000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.131","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":268,"packets-processed":267,"total-skipped-flows":0,"total-l4-payload-len":125706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":14,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":142,"global_ts_usec":946763512822000} +00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":268,"packets-processed":267,"total-skipped-flows":0,"total-l4-payload-len":125706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":14,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":142,"global_ts_usec":946763512822000} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946763512822000,"flow_src_last_pkt_time":946763512822000,"flow_dst_last_pkt_time":946763512822000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946763512822000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":10500,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":946763512822000,"flow_dst_last_pkt_time":946763512822000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":818,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":818,"pkt_l4_len":784,"thread_ts_usec":946763512822000,"pkt":"eJS0JASgYDjgxTWgCABFAAMktR9AAD8Rly7AqAJkbe27gSkEAfQDENJ58zGl\/JiX39YAAAAAAAAAACEgIggAAAAAAAADCCIAAggCAABQAQEACAMAAAwBAAAMgA4AgAMAAAwBAAAMgA4BAAMAAAgDAAACAwAACAMAAAwDAAAIAgAAAgMAAAgCAAAFAwAACAQAAAIAAAAIBAAABQAAAbQCAQAuAwAACAEAAAMDAAAMAQAADIAOAIADAAAMAQAADIAOAMADAAAMAQAADIAOAQADAAAMAQAADYAOAIADAAAMAQAADYAOAMADAAAMAQAADYAOAQADAAAMAQAAEoAOAIADAAAMAQAAEoAOAMADAAAMAQAAEoAOAQADAAAMAQAAE4AOAIADAAAMAQAAE4AOAMADAAAMAQAAE4AOAQADAAAMAQAAFIAOAIADAAAMAQAAFIAOAMADAAAMAQAAFIAOAQADAAAIAwAAAQMAAAgDAAACAwAACAMAAAUDAAAIAwAADAMAAAgDAAANAwAACAMAAA4DAAAIAgAAAQMAAAgCAAACAwAACAIAAAQDAAAIAgAABQMAAAgCAAAGAwAACAIAAAcDAAAIBAAAAgMAAAgEAAAFAwAACAQAAA4DAAAIBAAADwMAAAgEAAAQAwAACAQAABIDAAAIBAAAEwMAAAgEAAAUAwAACAQAABUDAAAIBAAAFgMAAAgEAAAXAwAACAQAABgDAAAIBAAAGQMAAAgEAAAaAwAACAQAABsDAAAIBAAAHAMAAAgEAAAdAAAACAQAAB4oAACIAAIAAAEvBr7sbEdUTWJ9k0dBABmZc7Ejd5+fgls2LInhXPIXof0NGEf3ShDQhLWvQwyrTOHoJp6BSg\/WQ2FpE\/0RoQC4TiwB6y71I8UIovX\/cQ1SapOMuGfW9hy4WHSvXuIUgOPrCXk2h1ct5lmyWAa1qglm\/4yOrGLSsZjKKjJ5jEBzKQAAJL+95CschzVY1HdnEYlr8vcXlCOBsIZVHpL4JvobbKxYKQAAHAAAQAROj53iX5wS\/J4WHCSCKNNw1F6keAAAABwAAEAF52RZaVEd3q0Q2WSKx4bLcB8WYWw="} 01053{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946763512822000,"flow_src_last_pkt_time":946763512822000,"flow_dst_last_pkt_time":946763512822000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":776,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":776,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946763512822000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.129","src_port":10500,"dst_port":500,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} @@ -318,7 +318,7 @@ 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946763527783000,"flow_src_last_pkt_time":946763527783000,"flow_dst_last_pkt_time":946763527783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":336,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":488,"flow_dst_max_l4_payload_len":416,"flow_src_tot_l4_payload_len":1648,"flow_dst_tot_l4_payload_len":558,"midstream":0,"thread_ts_usec":946763527783000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.194","src_port":41618,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":9,"flow_first_seen":946763527783000,"flow_src_last_pkt_time":946763527783000,"flow_dst_last_pkt_time":946763527783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1156,"flow_dst_max_l4_payload_len":1156,"flow_src_tot_l4_payload_len":3212,"flow_dst_tot_l4_payload_len":5544,"midstream":0,"thread_ts_usec":946763527783000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":4500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1080,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":946763527783000,"flow_src_last_pkt_time":946763527783000,"flow_dst_last_pkt_time":946763527783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":336,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":488,"flow_dst_max_l4_payload_len":416,"flow_src_tot_l4_payload_len":1648,"flow_dst_tot_l4_payload_len":558,"midstream":0,"thread_ts_usec":946763527783000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"109.237.187.193","src_port":42593,"dst_port":500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"IPSec","proto_id":"79","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":2,"category":"VPN"}} -00656{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1080,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1080,"packets-processed":1080,"total-skipped-flows":0,"total-l4-payload-len":535322,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":20,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":321,"global_ts_usec":946763527783000} +00656{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1080,"source":"cfgs\/default\/pcap\/ipsec_isakmp_esp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1080,"packets-processed":1080,"total-skipped-flows":0,"total-l4-payload-len":535322,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":20,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":321,"global_ts_usec":946763527783000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1080/1080 ~~ skipped flows.............: 0 @@ -327,9 +327,9 @@ ~~ total active/idle flows...: 36/36 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7873309 bytes -~~ total memory freed........: 7873309 bytes -~~ total allocations/frees...: 147838/147838 +~~ total memory allocated....: 11581368 bytes +~~ total memory freed........: 11581368 bytes +~~ total allocations/frees...: 218092/218092 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 573 chars ~~ json string max len.......: 2373 chars diff --git a/test/results/default/ipv6_in_gtp.pcap.out b/test/results/default/ipv6_in_gtp.pcap.out index 61a5fe286..7c378136c 100644 --- a/test/results/default/ipv6_in_gtp.pcap.out +++ b/test/results/default/ipv6_in_gtp.pcap.out @@ -1,11 +1,11 @@ -00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1536839120404326} +00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1536839120404326} 00299{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1536839120404326,"packet_id":1,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1536839120404326} 00500{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":150,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":150,"pkt_l4_len":0,"thread_ts_usec":1536839120404326,"pkt":"AAAAAAACNLNUB8pWgQAMoYEAYAUIAEVoAIBoSQAA\/xHueQruUBoK7v5LCGgIaABsAAAw\/wBcEoCPuGAIuFIANBFAJgf8IEBSA55JCupNF\/7gnP0Al2q8Zxk+AAAAAAAAAAe\/4GQ6ADQ3SIBuFZfDWsIvMrWrNfP4Fx5OYe4CUCXgPs5ziPlz8hT\/27dLl2xtqJbPLkrE"} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":1536840494424533} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_usec":1536840494424533} 00299{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1536840494424533,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1536840494424533} 00523{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":166,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":166,"pkt_l4_len":0,"thread_ts_usec":1536839120404326,"pkt":"AAAAAAABNLNUB8pVgQAMn4EAQAIIAEVYAJD2QgAA\/xGMPAruJFwK7v5NCGgIaAB8AAAw\/wBsB0wVsGANtkgARDJAKgEEyMAUFE4AAQAClFtnYSoBBMjwAA9JAAAAAAAAAAT\/O2YDAAAAQhlm1OFxgeTba50SyREjm3lFbPc9lgrLUcRYebJHYlYzSCeWv2L\/IjSAXfS1U+Rh4DDxR7yVXb8kOaI3Xg=="} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1536840494424533} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ipv6_in_gtp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1536840494424533} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/0 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7764605 bytes -~~ total memory freed........: 7764605 bytes -~~ total allocations/frees...: 146360/146360 +~~ total memory allocated....: 11473240 bytes +~~ total memory freed........: 11473240 bytes +~~ total allocations/frees...: 216614/216614 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 304 chars ~~ json string max len.......: 637 chars diff --git a/test/results/default/irc.pcap.out b/test/results/default/irc.pcap.out index 1b138943f..8184b4a70 100644 --- a/test/results/default/irc.pcap.out +++ b/test/results/default/irc.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1387554241634815} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1387554241634815} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1387554241634815,"flow_src_last_pkt_time":1387554241634815,"flow_dst_last_pkt_time":1387554241634815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1387554241634815,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1387554241634815,"flow_dst_last_pkt_time":1387554241634815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1387554241634815,"pkt":"AAAMB6wBABNyxPHhCABFAAA8\/+BAAEAGJjUKtJz5JuVGFLNhH0BpMfDFAAAAAKACOQj\/0AAAAgQFtAQCCAq+wg8lAAAAAAEDAwc="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1387554241634815,"flow_dst_last_pkt_time":1387554241665525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1387554241665525,"pkt":"ABNyxPHhANAr0XYACABFAAA8AABAADIGNBYm5UYUCrSc+R9As2GRFS01aTHwxqASFqAOiAAAAgQFtAQCCAowSCUOvsIPJQEDAwY="} @@ -8,7 +8,7 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1387554241665610,"flow_dst_last_pkt_time":1387554241695656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1387554241695656,"pkt":"ABNyxPHhANAr0XYACABFAAA0CCBAADIGK\/4m5UYUCrSc+R9As2GRFS02aTHw6YAQAFtTTgAAAQEICjBIJRa+wg9E"} 01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1387554241634815,"flow_src_last_pkt_time":1387554241695673,"flow_dst_last_pkt_time":1387554241695929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":62,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":62,"midstream":0,"thread_ts_usec":1387554241695929,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IRC","proto_id":"65","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":9,"category":"Chat"}} 01309{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":15,"flow_first_seen":1387554241634815,"flow_src_last_pkt_time":1387554256171358,"flow_dst_last_pkt_time":1387554256201831,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":114,"flow_dst_tot_l4_payload_len":6901,"midstream":0,"thread_ts_usec":1387554256201831,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"IRC","proto_id":"65","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":9,"category":"Chat"}} -00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":29,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":7015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1387554256201831} +00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/irc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":29,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":7015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1387554256201831} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 29/29 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769669 bytes -~~ total memory freed........: 7769669 bytes -~~ total allocations/frees...: 146402/146402 +~~ total memory allocated....: 11478288 bytes +~~ total memory freed........: 11478288 bytes +~~ total allocations/frees...: 216656/216656 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 542 chars ~~ json string max len.......: 1314 chars diff --git a/test/results/default/ja3_lots_of_cipher_suites.pcap.out b/test/results/default/ja3_lots_of_cipher_suites.pcap.out index 391f40aec..1e987ac48 100644 --- a/test/results/default/ja3_lots_of_cipher_suites.pcap.out +++ b/test/results/default/ja3_lots_of_cipher_suites.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1557818846743554} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1557818846743554} 00313{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846743554,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846743554} 00407{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":74,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAADTDSUAAPwad0wrOgxIKzkH55SEBu84u1gAAAAAAgAJyEJdSAAACBAW0AQEEAgEDAwI="} 00313{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846744536,"packet_id":2,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846744536} @@ -22,7 +22,7 @@ 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAACjoB0AAPQZ7IQrOQfkKzoMSAbvlIcEFulXOLtksUBAAf8saAAAAAAAAAAA="} 00315{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1557818846965822,"packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1557818846965822} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_usec":1557818846743554,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAACifbEAAPwbBvArOgxIKzkH55SEBu84u2SwAAAAAUAQAAEcBAAAAAAAAAAA="} -00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":11,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1557818846965822} +00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":11,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1557818846965822} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/0 ~~ skipped flows.............: 0 @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7764605 bytes -~~ total memory freed........: 7764605 bytes -~~ total allocations/frees...: 146360/146360 +~~ total memory allocated....: 11473240 bytes +~~ total memory freed........: 11473240 bytes +~~ total allocations/frees...: 216614/216614 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 318 chars ~~ json string max len.......: 2360 chars diff --git a/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out index c5760b5cd..5d2b0815f 100644 --- a/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out +++ b/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -1,5 +1,5 @@ -00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1505724520744830} +00588{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00651{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1505724520744830} 00366{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724520744830,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1505724520744830} 00469{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1505724520744830,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"} 00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505724520744830,"flow_src_last_pkt_time":1505724520744830,"flow_dst_last_pkt_time":1505724520744830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505724520744830,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -34,7 +34,7 @@ 00368{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724526501639,"packet_id":25,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724526501639} 00462{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1505724526501623,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABc0zYAAEAR3TGEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3SFUAAARQAANGNWQABABin6wKiTsZd5waDkgAG7QsbjA1XaCIaAEQIjYE4AAAEBCAoAC7vkMW8PEg=="} 01139{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":14,"flow_first_seen":1505724520744830,"flow_src_last_pkt_time":1505724526501639,"flow_dst_last_pkt_time":1505724526702991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1160,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2974,"flow_dst_tot_l4_payload_len":2858,"midstream":0,"thread_ts_usec":1505724526702991,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00660{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":5832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1505724526702991} +00660{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":5832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1505724526702991} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 ~~ skipped flows.............: 0 @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767536 bytes -~~ total memory freed........: 7767536 bytes -~~ total allocations/frees...: 146398/146398 +~~ total memory allocated....: 11476155 bytes +~~ total memory freed........: 11476155 bytes +~~ total allocations/frees...: 216652/216652 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 371 chars ~~ json string max len.......: 1948 chars diff --git a/test/results/default/jabber.pcap.out b/test/results/default/jabber.pcap.out index b30d90478..ac8e492f6 100644 --- a/test/results/default/jabber.pcap.out +++ b/test/results/default/jabber.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1502379693992994} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1502379693992994} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502379723841804,"flow_src_last_pkt_time":1502379723841804,"flow_dst_last_pkt_time":1502379723841804,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502379723841804,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57094,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1502379723841804,"flow_dst_last_pkt_time":1502379723841804,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1502379723841804,"pkt":"Tl6SKSKGaFs1pN2oCABFAABAZ6hAAEAGAACsEAA+rBABit8GFGbDqJX1AAAAALAC\/\/9aGwAAAgQFtAEDAwQBAQgKTgMEJwAAAAAEAgAA"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1502379723841804,"flow_dst_last_pkt_time":1502379723842248,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1502379723842248,"pkt":"aFs1pN2oTl6SKSKGCABFAAA8AABAAEAG4NOsEAGKrBAAPhRm3wagxQKCw6iV9qASOJCmRgAAAgQFtAQCCAoAGMyaTgMEJwEDAwc="} @@ -30,7 +30,7 @@ 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1502380249631374,"flow_dst_last_pkt_time":1502380249634488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":323,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":323,"pkt_l4_len":289,"thread_ts_usec":1502380249634488,"pkt":"aFs1pN2oTl6SKSKGCABFAAE1Pq1AAEAGoS2sEAGKrBAAPhRm3ylj1cyM0mps5oAYALXYFQAAAQEICgAg0ohOCwBMPGlxIHhtbDpsYW5nPSdlbicgdG89J3RvbUBjcy14bXBwLmxhbi9kYXJrc3RhcicgZnJvbT0nY3MteG1wcC5sYW4nIHR5cGU9J3Jlc3VsdCcgaWQ9J3B1cnBsZWRkZTgwZmRhJz48Y29tbWFuZCBzdGF0dXM9J2NvbXBsZXRlZCcgc2Vzc2lvbmlkPScyMDE3LTA4LTEwVDE1OjUxOjAxLjI1MjkxMlonIG5vZGU9J3BpbmcnIHhtbG5zPSdodHRwOi8vamFiYmVyLm9yZy9wcm90b2NvbC9jb21tYW5kcyc+PG5vdGU+UG9uZzwvbm90ZT48L2NvbW1hbmQ+PC9pcT4="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1502380249634544,"flow_dst_last_pkt_time":1502380249634488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1502380249634544,"pkt":"Tl6SKSKGaFs1pN2oCABFAAA0YMNAAEAGAACsEAA+rBABit8pFGbSamzmY9XNjYAQH+9aDwAAAQEICk4LAE8AINKI"} 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1502380277582533,"flow_dst_last_pkt_time":1502380249634488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_usec":1502380277582533,"pkt":"Tl6SKSKGaFs1pN2oCABFAADNNV5AAEAGAACsEAA+rBABit8pFGbSamzmY9XNjYAYIABaqAAAAQEICk4LbPsAINKIPGlxIHR5cGU9J3NldCcgaWQ9J3B1cnBsZWRkZTgwZmRiJyB0bz0ndG9tQGNzLXhtcHAubGFuL2RhcmtzdGFyJz48Y29tbWFuZCB4bWxucz0naHR0cDovL2phYmJlci5vcmcvcHJvdG9jb2wvY29tbWFuZHMnIG5vZGU9J3BpbmcnIGFjdGlvbj0nZXhlY3V0ZScvPjwvaXE+"} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":192,"packets-processed":189,"total-skipped-flows":0,"total-l4-payload-len":28826,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1502380393542116} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":192,"packets-processed":189,"total-skipped-flows":0,"total-l4-payload-len":28826,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1502380393542116} 01084{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1502380213387324,"flow_src_last_pkt_time":1502380213388002,"flow_dst_last_pkt_time":1502380213388141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1502380400412342,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57126,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502380724652555,"flow_src_last_pkt_time":1502380724652555,"flow_dst_last_pkt_time":1502380724652555,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502380724652555,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57147,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1502380724652555,"flow_dst_last_pkt_time":1502380724652555,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1502380724652555,"pkt":"Tl6SKSKGaFs1pN2oCABFAABA60NAAEAGAACsEAA+rBABit87FGY\/5vETAAAAALAC\/\/9aGwAAAgQFtAEDAwQBAQgKThI3ywAAAAAEAgAA"} @@ -47,9 +47,9 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1502380915486271,"flow_dst_last_pkt_time":1502380915486217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1502380915486271,"pkt":"Tl6SKSKGaFs1pN2oCABFAAA0E55AAEAGAACsEAA+rBABit89FGZwJ5T3nxoW8IAQH+ZaDwAAAQEICk4VHZ0AKvuW"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1502380915486274,"flow_dst_last_pkt_time":1502380915486217,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1502380915486274,"pkt":"Tl6SKSKGaFs1pN2oCABFAAA0YBZAAEAGAACsEAA+rBABit89FGZwJ5T3nxoXaIAQH99aDwAAAQEICk4VHZ0AKvuW"} 00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":12,"flow_first_seen":1502380724652555,"flow_src_last_pkt_time":1502380725074115,"flow_dst_last_pkt_time":1502380725074074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":285,"flow_src_tot_l4_payload_len":654,"flow_dst_tot_l4_payload_len":772,"midstream":0,"thread_ts_usec":1502380919392608,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57147,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":260,"packets-processed":243,"total-skipped-flows":0,"total-l4-payload-len":34275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1502381519875958} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":260,"packets-processed":243,"total-skipped-flows":0,"total-l4-payload-len":34275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1502381519875958} 02309{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1502380915481182,"flow_src_last_pkt_time":1502381566576939,"flow_dst_last_pkt_time":1502381566616902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":463,"flow_src_tot_l4_payload_len":1086,"flow_dst_tot_l4_payload_len":2076,"midstream":1,"thread_ts_usec":1502381566616902,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57149,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":42007464.0,"max":600487770,"stddev":147104800.0,"var":21639823353708544.0,"ent":1.4,"data": [5033,2,5089,3,217021,217977,974,3684463,3688323,3876,600484177,600487770,3,3561,6,1107,1119,7791,47498,39730,447,62982,63440,253,504,186,80,2,90,46583978,46623992]},"pktlen": {"min":52,"avg":150.8,"max":515,"stddev":117.9,"var":13893.8,"ent":4.6,"data": [291,460,172,52,52,234,515,52,234,179,52,202,256,158,106,52,272,52,100,52,100,52,274,52,100,153,52,52,157,52,187,52]},"bins": {"c_to_s": [9,4,0,0,2,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,0,5,0,0,3,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1],"entropies": [5.572191238,5.460877895,5.502878189,4.891996861,4.853535175,5.455323696,5.262341499,4.891996861,5.508277893,5.549472332,4.853535175,5.489766598,5.608968258,5.516506672,5.456765175,4.747577667,5.601363182,4.800556183,5.462725163,4.870416641,5.430274010,4.908877850,5.580210686,4.647958755,5.434380531,5.509377956,4.699688911,4.762538910,5.683691025,4.646709919,5.424290180,4.908878326]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":289,"packets-processed":270,"total-skipped-flows":0,"total-l4-payload-len":36212,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1504181789350325} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":289,"packets-processed":270,"total-skipped-flows":0,"total-l4-payload-len":36212,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1504181789350325} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1504181789350325,"flow_src_last_pkt_time":1504181789350325,"flow_dst_last_pkt_time":1504181789350325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1504181789350325,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1504181789350325,"flow_dst_last_pkt_time":1504181789350325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1504181789350325,"pkt":"AAwpvhIxAFBWwAAICABFAAA0dxlAAIAGjb\/AqDoBwKg6mdDUFGaBHPlXAAAAAIACIAD5dQAAAgQFtAEDAwgBAQQC"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1504181789350325,"flow_dst_last_pkt_time":1504181789365849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1504181789365849,"pkt":"AFBWwAAIAAwpvhIxCABFAAA0AABAAEAGRNnAqDqZwKg6ARRm0NRyyKsUgRz5WIASchCJeAAAAgQFtAEBBAIBAwMH"} @@ -61,7 +61,7 @@ 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":42,"flow_first_seen":1502380175298881,"flow_src_last_pkt_time":1502380177456026,"flow_dst_last_pkt_time":1502380177455920,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":611,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2785,"flow_dst_tot_l4_payload_len":11026,"midstream":0,"thread_ts_usec":1504181789418468,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57122,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":9,"flow_first_seen":1502380249631374,"flow_src_last_pkt_time":1502380673059689,"flow_dst_last_pkt_time":1502380673059601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":415,"flow_src_tot_l4_payload_len":1810,"flow_dst_tot_l4_payload_len":1679,"midstream":1,"thread_ts_usec":1504181789418468,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57129,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":17,"flow_first_seen":1502380915481182,"flow_src_last_pkt_time":1502381571702000,"flow_dst_last_pkt_time":1502381571701912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":463,"flow_src_tot_l4_payload_len":1366,"flow_dst_tot_l4_payload_len":2292,"midstream":1,"thread_ts_usec":1504181789418468,"l3_proto":"ip4","src_ip":"172.16.0.62","dst_ip":"172.16.1.138","src_port":57149,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":302,"packets-processed":283,"total-skipped-flows":0,"total-l4-payload-len":36369,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_usec":1642668994159000} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":302,"packets-processed":283,"total-skipped-flows":0,"total-l4-payload-len":36369,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_usec":1642668994159000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642668994159000,"flow_src_last_pkt_time":1642668994159000,"flow_dst_last_pkt_time":1642668994159000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642668994159000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34218,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1642668994159000,"flow_dst_last_pkt_time":1642668994159000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642668994159000,"pkt":"eJS0JASgYDjgxTWgCABFAAA800FAAD8GO9vAqAJkoCzJZoWqFGdT1L5OAAAAAKAC\/\/8mUQAAAgQFtAQCCAoBJke0AAAAAAEDAwg="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1642668994159000,"flow_dst_last_pkt_time":1642668994188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1642668994188000,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRnhar53fA8U9S+T2ASchBjHgAAAgQFrAAA"} @@ -70,7 +70,7 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1642668994258000,"flow_dst_last_pkt_time":1642668994287000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1642668994287000,"pkt":"YDjgxTWgeJS0JASgCABFAAAoSzhAADQGzvigLMlmwKgCZBRnhar53fA9U9S+lFAQchB6jgAAAAAAAAAA"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1642668994159000,"flow_src_last_pkt_time":1642668994559000,"flow_dst_last_pkt_time":1642668994588000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1642668994588000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34218,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00964{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1504181789350325,"flow_src_last_pkt_time":1504181789417901,"flow_dst_last_pkt_time":1504181789418468,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642669000423000,"l3_proto":"ip4","src_ip":"192.168.58.1","dst_ip":"192.168.58.153","src_port":53460,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":317,"packets-processed":298,"total-skipped-flows":0,"total-l4-payload-len":36788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1642778258433000} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":317,"packets-processed":298,"total-skipped-flows":0,"total-l4-payload-len":36788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1642778258433000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642778258433000,"flow_src_last_pkt_time":1642778258433000,"flow_dst_last_pkt_time":1642778258433000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642778258433000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":37614,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1642778258433000,"flow_dst_last_pkt_time":1642778258433000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642778258433000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8d8hAAD8Gl1TAqAJkoCzJZpLuFGecNBm6AAAAAKAC\/\/9wIgAAAgQFtAQCCAoBEkznAAAAAAEDAwg="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1642778258433000,"flow_dst_last_pkt_time":1642778258461000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1642778258461000,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRnku46NBuqnDQZu2ASchBGSwAAAgQFrAAA"} @@ -79,7 +79,7 @@ 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1642778258489000,"flow_dst_last_pkt_time":1642778258516000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1642778258516000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo48VAADQGNmugLMlmwKgCZBRnku46NBurnDQaAFAQchBduwAAAAAAAAAA"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1642778258433000,"flow_src_last_pkt_time":1642778258571000,"flow_dst_last_pkt_time":1642778258598000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1642778258598000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":37614,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1642668994159000,"flow_src_last_pkt_time":1642669300326000,"flow_dst_last_pkt_time":1642669300354000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1642778258609000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34218,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":332,"packets-processed":313,"total-skipped-flows":0,"total-l4-payload-len":37207,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":82,"global_ts_usec":1643022225544000} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":332,"packets-processed":313,"total-skipped-flows":0,"total-l4-payload-len":37207,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":82,"global_ts_usec":1643022225544000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643022225544000,"flow_src_last_pkt_time":1643022225544000,"flow_dst_last_pkt_time":1643022225544000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643022225544000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":58388,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1643022225544000,"flow_dst_last_pkt_time":1643022225544000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643022225544000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8zN5AAD8GQj7AqAJkoCzJZuQUFGd9pY4kAAAAAKAC\/\/92oQAAAgQFtAQCCAoAzZ+rAAAAAAEDAwg="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1643022225544000,"flow_dst_last_pkt_time":1643022225570000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1643022225570000,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRn5BT7kgHsfaWOJWASchD3qAAAAgQFrAAA"} @@ -88,7 +88,7 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1643022225794000,"flow_dst_last_pkt_time":1643022225820000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1643022225820000,"pkt":"YDjgxTWgeJS0JASgCABFAAAonCxAADQGfgSgLMlmwKgCZBRn5BT7kgHtfaWOalAQchAPGQAAAAAAAAAA"} 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1643022225544000,"flow_src_last_pkt_time":1643022225968000,"flow_dst_last_pkt_time":1643022225994000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1643022225994000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":58388,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1642778258433000,"flow_src_last_pkt_time":1642778652194000,"flow_dst_last_pkt_time":1642778652221000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1643022226078000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":37614,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":347,"packets-processed":328,"total-skipped-flows":0,"total-l4-payload-len":37629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_usec":1644679789249000} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":347,"packets-processed":328,"total-skipped-flows":0,"total-l4-payload-len":37629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_usec":1644679789249000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644679789249000,"flow_src_last_pkt_time":1644679789249000,"flow_dst_last_pkt_time":1644679789249000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644679789249000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":41420,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1644679789249000,"flow_dst_last_pkt_time":1644679789249000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1644679789249000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86SVAAD8GJffAqAJkoCzJZqHMFGfTtLH2AAAAAKAC\/\/\/oLAAAAgQFtAQCCAoAcfbiAAAAAAEDAwg="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1644679789249000,"flow_dst_last_pkt_time":1644679789279000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1644679789279000,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGGi2gLMlmwKgCZBRnocwJMPUa07Sx92ASchC\/QwAAAgQFrAAA"} @@ -97,7 +97,7 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1644679789350000,"flow_dst_last_pkt_time":1644679789379000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1644679789379000,"pkt":"YDjgxTWgeJS0JASgCABFAAAo8ipAADQGKAagLMlmwKgCZBRnocwJMPUb07SyPFAQchDWswAAAAAAAAAA"} 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1644679789249000,"flow_src_last_pkt_time":1644679789719000,"flow_dst_last_pkt_time":1644679789612000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":16,"flow_src_tot_l4_payload_len":305,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1644679789719000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":41420,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1643022225544000,"flow_src_last_pkt_time":1643022526171000,"flow_dst_last_pkt_time":1643022526197000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":303,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1644679789757000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":58388,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":362,"packets-processed":343,"total-skipped-flows":0,"total-l4-payload-len":38037,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":100,"global_ts_usec":1655985683694000} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":362,"packets-processed":343,"total-skipped-flows":0,"total-l4-payload-len":38037,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":100,"global_ts_usec":1655985683694000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655985683694000,"flow_src_last_pkt_time":1655985683694000,"flow_dst_last_pkt_time":1655985683694000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655985683694000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34070,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1655985683694000,"flow_dst_last_pkt_time":1655985683694000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655985683694000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8eV5AAD8Glb7AqAJkoCzJZoUWFGfmtmUZAAAAAKAC\/\/8wrwAAAgQFtAQCCAoAZQT+AAAAAAEDAwg="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":363,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1655985683694000,"flow_dst_last_pkt_time":1655985683717000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1655985683717000,"pkt":"YDjgxTWgeJS0JASgCABFAAAwAABAADQGGimgLMlmwKgCZBRnhRZwZZi25rZlGnASchD1\/AAAAgQFrAEBBAI="} @@ -107,7 +107,7 @@ 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1655985683694000,"flow_src_last_pkt_time":1655985683850000,"flow_dst_last_pkt_time":1655985683872000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":236,"flow_dst_tot_l4_payload_len":53,"midstream":0,"thread_ts_usec":1655985683872000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34070,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1644679789249000,"flow_src_last_pkt_time":1644679824897000,"flow_dst_last_pkt_time":1644679789748000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":339,"flow_dst_tot_l4_payload_len":69,"midstream":0,"thread_ts_usec":1655985690292000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":41420,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1655985683694000,"flow_src_last_pkt_time":1655985963380000,"flow_dst_last_pkt_time":1655985963406000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":167,"flow_dst_max_l4_payload_len":37,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1655985963406000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.201.102","src_port":34070,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Jabber","proto_id":"67","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":376,"packets-processed":358,"total-skipped-flows":0,"total-l4-payload-len":38456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":110,"global_ts_usec":1655985963406000} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/jabber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":376,"packets-processed":358,"total-skipped-flows":0,"total-l4-payload-len":38456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":110,"global_ts_usec":1655985963406000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 376/358 ~~ skipped flows.............: 0 @@ -116,9 +116,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7825339 bytes -~~ total memory freed........: 7825339 bytes -~~ total allocations/frees...: 146862/146862 +~~ total memory allocated....: 11533782 bytes +~~ total memory freed........: 11533782 bytes +~~ total allocations/frees...: 217116/217116 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 532 chars ~~ json string max len.......: 2314 chars diff --git a/test/results/default/kerberos-error.pcap.out b/test/results/default/kerberos-error.pcap.out index 3be06af7b..a97cb07e4 100644 --- a/test/results/default/kerberos-error.pcap.out +++ b/test/results/default/kerberos-error.pcap.out @@ -1,11 +1,11 @@ -00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645515964250491} +00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645515964250491} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515964250491,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964250491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515964250491,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00905{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964250491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":333,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":333,"pkt_l4_len":295,"thread_ts_usec":1645515964250491,"pkt":"AAAAAAAAAAwAAAAIgQAH2AgARQABO06GQAA5EXItlJdPt5DHCumGqQBYASfB3GqCARswggEXoQMCAQWiAwIBCqNYMFYwSKEDAgECokEEPzA9oAMCAReiNgQ0tg4LUF+YEEIG9iUDuODnyC2ELm8B5cfw4VQNHqTH6JGB5paR4MQdd1ZJvX+lrEsYdKkZFTAKoQQCAgCVogIEAKSBsDCBraAHAwUAAIEAAKEfMB2gAwIBAaEWMBQbBGhvc3QbDG11cy1uLWNqMDcwOaIRGw9MSU5VWC5TSEVMTC5DT02jJDAioAMCAQKhGzAZGwZrcmJ0Z3QbD0xJTlVYLlNIRUxMLkNPTaURGA8yMDIyMDIyMzA3NDYwM1qmERgPMjAyMjAzMDQwNzQ2MDNapwYCBEeh+pmoGjAYAgEXAgESAgERAgEUAgETAgEQAgEZAgEa"} 01147{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515964250491,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964250491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515964250491,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"linux.shell.com","username":"mus-n-cj0709"}}} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964609203,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":148,"pkt_l4_len":110,"thread_ts_usec":1645515964609203,"pkt":"AAAAAAAAAAwAAAAIgQAH2AgARQAAgkf1AABzEX93kMcK6ZSXT7cAWIapAG6BuH5kMGKgAwIBBaEDAgEepBEYDzIwMjIwMjIyMDc0NjA0WqUFAgMOwm2mAwIBNKkRGw9MSU5VWC5TSEVMTC5DT02qJDAioAMCAQKhGzAZGwZrcmJ0Z3QbD0xJTlVYLlNIRUxMLkNPTQ=="} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1645515964250491,"flow_src_last_pkt_time":1645515964250491,"flow_dst_last_pkt_time":1645515964609203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":287,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":287,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":102,"midstream":0,"thread_ts_usec":1645515964609203,"l3_proto":"ip4","src_ip":"148.151.79.183","dst_ip":"144.199.10.233","src_port":34473,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1645515964609203} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kerberos-error.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1645515964609203} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766811 bytes -~~ total memory freed........: 7766811 bytes -~~ total allocations/frees...: 146373/146373 +~~ total memory allocated....: 11475430 bytes +~~ total memory freed........: 11475430 bytes +~~ total allocations/frees...: 216627/216627 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 575 chars ~~ json string max len.......: 1152 chars diff --git a/test/results/default/kerberos-login.pcap.out b/test/results/default/kerberos-login.pcap.out index 4c92b0ddd..3714c7d7c 100644 --- a/test/results/default/kerberos-login.pcap.out +++ b/test/results/default/kerberos-login.pcap.out @@ -1,5 +1,5 @@ -00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946716066779388} +00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946716066779388} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716066779388,"flow_src_last_pkt_time":946716066779388,"flow_dst_last_pkt_time":946716066779388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716066779388,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946716066779388,"flow_dst_last_pkt_time":946716066779388,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1253,"pkt_l4_len":1219,"thread_ts_usec":946716066779388,"pkt":"AAP\/pqsMAAP\/p6sMCABFAATXAJUAAIAREnkKAQwCCgUDAQQlAFgEw4XHbIIEtzCCBLOhAwIBBaIDAgEMo4IEMTCCBC0wggQpoQMCAQGiggQgBIIEHG6CBBgwggQUoAMCAQWhAwIBDqIHAwUAAAAAAKOCA2xhggNoMIIDZKADAgEFoQwbCkRFTllEQy5DT02iHzAdoAMCAQKhFjAUGwZrcmJ0Z3QbCkRFTllEQy5DT02jggMsMIIDKKADAgEXoQMCAQKiggMaBIIDFnaHOkbe3Ft95M1wKu8wrnnL2KoXK50Wfms4lwl+7nIzTWt\/TBTBxetLCu0b6OiVj3UpYznp3lazrMq98Qwi3aS0sEdZBoJs+Etqw0r7qbOiqGfIzfY5WW7lW95ehl68DOwN7G\/ctJKk8AVM30BgdXD8tz49IVb5LvH8kWVdyLTL7dDroB1zpLEnsskNCGiPKC2kvI4rVQFX\/skMLVm0vrv\/AnhykPJFywmuBCVaX4ilWguDR\/hhedFfzOYZ0xf7kVQmFePGaBfPtyf2tWMm316XiQ6a0ddMjedbQTEPUEaIPhU11lAXVTRXuGNNrbinzU88d0vpPunmiXEQ46Zb2aBwhA2PddlJfkphuRTiKTMYIcDx\/1mQSbo6IMs5BzF09EwRlqL20WWEy+tJbg8F96jQFX9ZfusZkqo2\/Ymtt2KIXO2vcTHWCJfKNWi2oHePkmjQVNqV44BDHKJhg2yYGzOpsCLcIH9xI3jIsbhcV3lnOJelJiIh\/BOztlBncxQJDGM8Ss5lpzuieNTaBQOQBzYsANr2gDw7i5E2tKUZxxU28uYbVQUK6KZjtJp0woRjxeXkug7EiwanRJ+ruwFN4641BrWk2WV7znZLMnOxd9Ixgq276dbW3uk8XghmBk5iO9uBY9B6bl2XBCrn0zJxWO550J7YNhBLCWnZolKhh691S4S\/sMyb9cBhQt9YOq11SPy9kRuQfEqcmeMSn67AgOzJ8mzxQ8a3rs4hfqkn1jH+UhGi1xla+MUNFmVkVcF\/s3a9sERXKT\/GEeYJDkvNw+esHfCK4jalR0pA558BA3fanPrnNu74qdrmsUgOhPibVBiVBOhTvitLl0hsJU5z6U77MFSX4UMd9nw2kPOVPhabSvF2baihVP5t9x+qShNJPWM56UisG6Ab7JzsId2uQf1lTt49iVnnhmjdWddhTtm47iqqL0nJrz7QZtWxYyMQTTtuJpTJCO76PmTywwSdY3tKlhuq3MxMZlzDeglX6VXTiBXGqdqJOfHm8VsI+LTATS2a9Dxo3ZxAgK9aL5NMKTnSmEBKpJmkgY4wgYugAwIBA6KBgwSBgGCx7fTnQzvvnXnzi9LJ0rtprAMBwPNDorbgvJI4BV8TZb2vtoAMBvn\/H0kv3attbzNMWzuI4cmR96epkzzc9Em+P1ZASZGSdvfOcM7pYzUfVYcU+almrfJGc226OPAiNqdT5WqhctEEk6M\/WBsVhSCIKFwQ0F6xriZzYptSncn2pHIwcKAHAwUAQIAAAKIMGwpERU5ZREMuQ09NoyEwH6ADAgEDoRgwFhsEaG9zdBsOeHAxLmRlbnlkYy5jb22lERgPMjAzNzA5MTMwMjQ4MDVapwYCBAvCgSioGTAXAgEXAgL\/ewIBgAIBAwIBAQIBGAIC\/3k="} 01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946716066779388,"flow_src_last_pkt_time":946716066779388,"flow_dst_last_pkt_time":946716066779388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1211,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1211,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1211,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946716066779388,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1061,"dst_port":88,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"denydc.com","username":""}}} @@ -55,7 +55,7 @@ 01101{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716067819225,"flow_src_last_pkt_time":946716067819225,"flow_dst_last_pkt_time":946716067819242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1208,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1208,"flow_dst_max_l4_payload_len":1186,"flow_src_tot_l4_payload_len":1208,"flow_dst_tot_l4_payload_len":1186,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1069,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01101{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716089644907,"flow_src_last_pkt_time":946716089644907,"flow_dst_last_pkt_time":946716089644914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1233,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1233,"flow_dst_max_l4_payload_len":1237,"flow_src_tot_l4_payload_len":1233,"flow_dst_tot_l4_payload_len":1237,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1074,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01101{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716089757898,"flow_src_last_pkt_time":946716089757898,"flow_dst_last_pkt_time":946716089757902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1219,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1219,"flow_dst_max_l4_payload_len":1205,"flow_src_tot_l4_payload_len":1219,"flow_dst_tot_l4_payload_len":1205,"midstream":0,"thread_ts_usec":946716140774142,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1076,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":25,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":29024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":7,"current-active-flows":12,"total-active-flows":12,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_usec":946724453221239} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":25,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":29024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":7,"current-active-flows":12,"total-active-flows":12,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_usec":946724453221239} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946724453221239,"flow_src_last_pkt_time":946724453221239,"flow_dst_last_pkt_time":946724453221239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946724453221239,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":946724453221239,"flow_dst_last_pkt_time":946724453221239,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":946724453221239,"pkt":"GGbam+N9uKxvNgTjCABFAAA88adAAEAGs7TAqAoMwKgKA6zgAFj7lQiGAAAAAKACchCWGgAAAgQFtAQCCAr\/\/vkhAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":946724453221239,"flow_dst_last_pkt_time":946724453221278,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":946724453221278,"pkt":"uKxvNgTjGGbam+N9CABFAAA8DbNAAIAGV6nAqAoDwKgKDABYrOCOu9eK+5UIh6ASIAAObgAAAgQFtAEDAwgEAggKM1tACf\/++SE="} @@ -77,7 +77,7 @@ 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716140476142,"flow_src_last_pkt_time":946716140476142,"flow_dst_last_pkt_time":946716140476146,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1235,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1235,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":1235,"flow_dst_tot_l4_payload_len":1228,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1092,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":946716140774135,"flow_src_last_pkt_time":946716140774135,"flow_dst_last_pkt_time":946716140774142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1221,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1221,"flow_dst_max_l4_payload_len":1202,"flow_src_tot_l4_payload_len":1221,"flow_dst_tot_l4_payload_len":1202,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"10.1.12.2","dst_ip":"10.5.3.1","src_port":1096,"dst_port":88,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00981{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":946724453221239,"flow_src_last_pkt_time":946724453222354,"flow_dst_last_pkt_time":946724453222308,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1555,"flow_dst_max_l4_payload_len":1554,"flow_src_tot_l4_payload_len":3110,"flow_dst_tot_l4_payload_len":3108,"midstream":0,"thread_ts_usec":946724453222354,"l3_proto":"ip4","src_ip":"192.168.10.12","dst_ip":"192.168.10.3","src_port":44256,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":35242,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":1,"total-updates":7,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":946724453222354} +00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/kerberos-login.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":35242,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":1,"total-updates":7,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":946724453222354} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 39/39 ~~ skipped flows.............: 0 @@ -86,9 +86,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7793688 bytes -~~ total memory freed........: 7793688 bytes -~~ total allocations/frees...: 146543/146543 +~~ total memory allocated....: 11502115 bytes +~~ total memory freed........: 11502115 bytes +~~ total allocations/frees...: 216797/216797 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 552 chars ~~ json string max len.......: 2199 chars diff --git a/test/results/default/kerberos.pcap.out b/test/results/default/kerberos.pcap.out index 666844f0d..e4ff967fc 100644 --- a/test/results/default/kerberos.pcap.out +++ b/test/results/default/kerberos.pcap.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1549337929790448} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1549337929790448} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929790448,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929790448,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00850{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_usec":1549337929790448,"pkt":"pB9ywglqAAgCHEeuCABFAAEXABdAAIAGkNisEAjJrBAICMAFAFiynbRHbznTnlAYAQAf5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDmhhcHB5Y3JhZnQub3JnoyMwIaADAgECoRowGBsGa3JidGd0Gw5oYXBweWNyYWZ0Lm9yZ6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7AFheoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="} 01133{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1549337929790448,"flow_src_last_pkt_time":1549337929790448,"flow_dst_last_pkt_time":1549337929790448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":239,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":239,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1549337929790448,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}}} @@ -187,7 +187,7 @@ 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337931220307,"flow_src_last_pkt_time":1549337931220307,"flow_dst_last_pkt_time":1549337931221192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":227,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":227,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":227,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952282970,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952283232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","proto_id":"41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1549337952282970,"flow_src_last_pkt_time":1549337952282970,"flow_dst_last_pkt_time":1549337952283232,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":356,"flow_dst_max_l4_payload_len":260,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":260,"midstream":1,"thread_ts_usec":1549337952283232,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":24133,"total-not-detected-flows":2,"total-guessed-flows":23,"total-detected-flows":11,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":190,"global_ts_usec":1549337952283232} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/kerberos.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":24133,"total-not-detected-flows":2,"total-guessed-flows":23,"total-detected-flows":11,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":190,"global_ts_usec":1549337952283232} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 77/77 ~~ skipped flows.............: 0 @@ -196,9 +196,9 @@ ~~ total active/idle flows...: 36/36 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7895366 bytes -~~ total memory freed........: 7895366 bytes -~~ total allocations/frees...: 146858/146858 +~~ total memory allocated....: 11603425 bytes +~~ total memory freed........: 11603425 bytes +~~ total allocations/frees...: 217112/217112 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 569 chars ~~ json string max len.......: 2499 chars diff --git a/test/results/default/kerberos_fuzz.pcapng.out b/test/results/default/kerberos_fuzz.pcapng.out index 85c24aa95..c7a68e6ab 100644 --- a/test/results/default/kerberos_fuzz.pcapng.out +++ b/test/results/default/kerberos_fuzz.pcapng.out @@ -1,10 +1,10 @@ -00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1633884084000000} +00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1633884084000000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633884084000000,"flow_src_last_pkt_time":1633884084000000,"flow_dst_last_pkt_time":1633884084000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1633884084000000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} 00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1633884084000000,"flow_dst_last_pkt_time":1633884084000000,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":288,"pkt_l4_len":268,"thread_ts_usec":1633884084000000,"pkt":"RSYBIAFKAAAABn0BfgQBABMAAAAAWNGOAAAAAAAAAQAgAQAAAAAAAGZfRk9VTgAGA0QNChsbGxsbGxsbGxsbJwYGBgYGBgYGBhsbG10bGwYGBgYGBgYGBg0K\/\/\/\/\/05NRWGMG2VyMUnz8\/NDQQEAAAAAAABdKgC3MFD\/AAAAAABfAAAAAAAAAEVhjGlkO\/\/\/\/\/\/\/b2VyWQAAAAAAAABNRQAAAAAAAAAAAAAAAAAAAAAATUxAU0m3MFCjL1MuMlQg80NBTk1FYYxpZDsNCv\/\/\/\/9OTUVhjBtlcjFJ8\/P\/\/\/\/\/AAAAAAAAXSoAtzBQoy9TLkFOTUVhjGlkOw0K\/\/\/\/\/zsNCv\/\/\/\/8vUy4yVEFUIPNDQU5NRWGMaWQ7DQr\/\/\/\/\/"} 01039{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633884084000000,"flow_src_last_pkt_time":1633884084000000,"flow_dst_last_pkt_time":1633884084000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1633884084000000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Kerberos","proto_id":"111","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","kerberos": {"hostname":"","domain":"r1i???ca???????]*??0p??????_???????ea?id;?????o","username":"??????"}}} 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633884084000000,"flow_src_last_pkt_time":1633884084000000,"flow_dst_last_pkt_time":1633884084000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":260,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1633884084000000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":260,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1633884084000000} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kerberos_fuzz.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":260,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1633884084000000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766754 bytes -~~ total memory freed........: 7766754 bytes -~~ total allocations/frees...: 146371/146371 +~~ total memory allocated....: 11475373 bytes +~~ total memory freed........: 11475373 bytes +~~ total allocations/frees...: 216625/216625 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 576 chars ~~ json string max len.......: 1044 chars diff --git a/test/results/default/kismet.pcap.out b/test/results/default/kismet.pcap.out index 5b056f0e9..354b82605 100644 --- a/test/results/default/kismet.pcap.out +++ b/test/results/default/kismet.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1144004385285325} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1144004385285325} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1144004385285325,"flow_src_last_pkt_time":1144004385285325,"flow_dst_last_pkt_time":1144004385285325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1144004385285325,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34065,"dst_port":2501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1144004385285325,"flow_dst_last_pkt_time":1144004385285325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1144004385285325,"pkt":"AAAAAAAAAAAAAAAACABFAAA0PIZAAIAGwDt\/AAABfwAAAYURCcWza5HWAAAAAIACf\/\/iowAAAgRADAEBBAIBAwMC"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1144004385285325,"flow_dst_last_pkt_time":1144004385285353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1144004385285353,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAIAG\/MF\/AAABfwAAAQnFhRGzPp6Js2uR14ASf\/+QygAAAgRADAEBBAIBAwMC"} @@ -9,7 +9,7 @@ 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1144004385285602,"flow_dst_last_pkt_time":1144004385285561,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1144004385285602,"pkt":"AAAAAAAAAAAAAAAACABFAAAoPIhAAIAGwEV\/AAABfwAAAYURCcWza5HXsz6fUVAQIABrKAAA"} 02234{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1144004385285325,"flow_src_last_pkt_time":1144004397698680,"flow_dst_last_pkt_time":1144004398798485,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1045,"flow_dst_max_l4_payload_len":199,"flow_src_tot_l4_payload_len":1045,"flow_dst_tot_l4_payload_len":1777,"midstream":0,"thread_ts_usec":1144004398798485,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34065,"dst_port":2501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":28,"avg":836339.2,"max":1099852,"stddev":406205.2,"var":165002641408.0,"ent":4.7,"data": [28,42,208,235,399947,399927,615244,615286,399575,399620,1099784,1099782,1099835,1099834,1099815,1099816,1099834,1099831,1099838,1099839,1099849,1099852,1099837,1099839,1099821,1099818,1099833,1099833,1099842,1099843,1099828]},"pktlen": {"min":40,"avg":128.9,"max":1085,"stddev":184.2,"var":33913.2,"ent":4.2,"data": [52,52,40,239,40,58,40,1085,40,115,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.152935505,4.370187283,4.291446209,5.295236588,4.191446304,4.892910004,4.291446209,4.891900063,4.458695412,4.585392952,4.341446400,5.037372112,4.341446400,5.005887508,4.291446686,5.014514446,4.341446400,4.979419708,4.291446686,5.025943279,4.341446400,5.016745567,4.291446686,4.993078232,4.341446400,5.021629810,4.341446400,5.025943279,4.341446400,5.025943279,4.291446209,5.037371635]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Kismet","proto_id":"309","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1144004385285325,"flow_src_last_pkt_time":1144004399898338,"flow_dst_last_pkt_time":1144004399898316,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1045,"flow_dst_max_l4_payload_len":199,"flow_src_tot_l4_payload_len":1045,"flow_dst_tot_l4_payload_len":1912,"midstream":0,"thread_ts_usec":1144004399898338,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":34065,"dst_port":2501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Kismet","proto_id":"309","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":35,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":2957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1144004399898338} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/kismet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":35,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":2957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1144004399898338} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 35/35 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769816 bytes -~~ total memory freed........: 7769816 bytes -~~ total allocations/frees...: 146407/146407 +~~ total memory allocated....: 11478435 bytes +~~ total memory freed........: 11478435 bytes +~~ total allocations/frees...: 216661/216661 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 529 chars ~~ json string max len.......: 2239 chars diff --git a/test/results/default/kontiki.pcap.out b/test/results/default/kontiki.pcap.out index a0f96710d..3afde5296 100644 --- a/test/results/default/kontiki.pcap.out +++ b/test/results/default/kontiki.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1213662195077813} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1213662195077813} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662195077813,"flow_src_last_pkt_time":1213662195077813,"flow_dst_last_pkt_time":1213662195077813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":991,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":991,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":991,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662195077813,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"255.255.255.255","src_port":19948,"dst_port":19948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1213662195077813,"flow_dst_last_pkt_time":1213662195077813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1033,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1033,"pkt_l4_len":999,"thread_ts_usec":1213662195077813,"pkt":"\/\/\/\/\/\/\/\/ABVYKKDoCABFAAP7D3UAACARXSoKGSA7\/\/\/\/\/03sTewD53pePD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxaTWVzc2FnZSB0YXJnZXQ9IlpCQlAuMS5TdWJuZXRSZXF1ZXN0IiBtaW5vcj0iMjAiIHBhcmFtaGVhZGVybGVuZ3RoPSI0OTQiIHNpZ25hdHVyZT0iNE5QY0MyZTRZVGh2ZkFESUdPd2pNRFVENjl3NURpVTNsTWdZSFZCcVZGaUZKaXdTRXZ2Yit2cVVvUllHb25NdXd5c0lxWEIyZHJJNGR0aDNVR2ZSZ3lXbU9ES0JZYVVUVys1dzJRdWpYNk5ZQW5Vc3E1cGVWdnJQZ1ZJNFNqU1JhWjhkZXM3SkptU3RZRGtramVZR3hLblVsODUzZzFFSlVRZkVQVTdEY0RHQyIgc2lnbmVyPSI2UEJrWm50NHgzampVbFk2NjdXa2M5WFZESWh4YmZGbHI0VmE5UnE5WWdSZngzczhZWUw5cVp1ZXRCaXRqdytGRDU0T3hKcnF6TzBqMVlCc1YvaEFpL3d2UnlRcFVVdm52Z0pHejNVYTc5V1FXNDFURzZBTnhoWFl1TkZxRDMwZDFoakdDa1dRalhBK0Z0UFc2WFQ4UjB3NktkZk9sNjlhSHh0WG81eEIwY2I5Ij4NCjwvWk1lc3NhZ2U+DQo8WlBhcmFtU2V0Pg0KPHBhcmFtIG5hbWU9Il9fbXNnaGRyIiB0eXBlPSJtYXAiPg0KPC9wYXJhbT4NCjxwYXJhbSBuYW1lPSJtYXAiIHR5cGU9Im1hcCI+DQo8cGFyYW0gbmFtZT0ibW9pZCIgdHlwZT0ic3RyaW5nIj5hMjQ1MmI5OC02MDdkLTIzM2MtMTFkOS1jN2MyNGRmMDQxYmY8L3BhcmFtPg0KPHBhcmFtIG5hbWU9InNlbGZyZWYiIHR5cGU9Im1hcCI+DQo8cGFyYW0gbmFtZT0iYWRkciIgdHlwZT0ic3RyaW5nIj4xMC4yNS4zMi41OTwvcGFyYW0+DQo8cGFyYW0gbmFtZT0iZXh0YWRkciIgdHlwZT0ic3RyaW5nIj42NS4yMDUuMjUxLjUxPC9wYXJhbT4NCjxwYXJhbSBuYW1lPSJwb3J0IiB0eXBlPSJ1aW50Ij44MDwvcGFyYW0+DQo8cGFyYW0gbmFtZT0idWRwcG9ydCIgdHlwZT0idWludCI+MTk5NDg8L3BhcmFtPg0KPHBhcmFtIG5hbWU9InZlcnNpb24iIHR5cGU9InN0cmluZyI+djEuMjA8L3BhcmFtPg0KPC9wYXJhbT4NCjwvcGFyYW0+DQo8L1pQYXJhbVNldD4NCg=="} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1213662198289399,"flow_src_last_pkt_time":1213662198289399,"flow_dst_last_pkt_time":1213662198289399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":311,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":311,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662198289399,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -45,7 +45,7 @@ 00870{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1213662198289399,"flow_src_last_pkt_time":1213662198301070,"flow_dst_last_pkt_time":1213662198292691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":327,"flow_dst_tot_l4_payload_len":210,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1213662198289399,"flow_src_last_pkt_time":1213662198301070,"flow_dst_last_pkt_time":1213662198292691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":210,"flow_src_tot_l4_payload_len":327,"flow_dst_tot_l4_payload_len":210,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.82","src_port":19948,"dst_port":1948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01202{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1213662198298123,"flow_src_last_pkt_time":1213662202883098,"flow_dst_last_pkt_time":1213662198298123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1213662202883546,"l3_proto":"ip4","src_ip":"10.25.32.59","dst_ip":"64.200.148.88","src_port":19948,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Kontiki","proto_id":"32","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":1,"category":"Media"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":55,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":35412,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1213662202883546} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/kontiki.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":55,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":35412,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1213662202883546} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 55/55 ~~ skipped flows.............: 0 @@ -54,9 +54,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7783356 bytes -~~ total memory freed........: 7783356 bytes -~~ total allocations/frees...: 146502/146502 +~~ total memory allocated....: 11491863 bytes +~~ total memory freed........: 11491863 bytes +~~ total allocations/frees...: 216756/216756 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 520 chars ~~ json string max len.......: 2432 chars diff --git a/test/results/default/line.pcap.out b/test/results/default/line.pcap.out index 224906aa4..36ea1d2b0 100644 --- a/test/results/default/line.pcap.out +++ b/test/results/default/line.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00616{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":608455689} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00616{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":608455689} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":608455689,"flow_src_last_pkt_time":608455689,"flow_dst_last_pkt_time":608455689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":872,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":872,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":608455689,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":608455689,"flow_dst_last_pkt_time":608455689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":914,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":914,"pkt_l4_len":880,"thread_ts_usec":608455689,"pkt":"UlQAEjUCCAAn5uVZCABFAAOEak4AAIARRmgKAAIPfdH80saTUIIDcGeR22QAuQYCG2FDK1vv9fugGrOT8etA8A80AvZDaYmouGz3h3IHV1X5ElUpOC9dlDONLPAPfVgIYt5yAAAAKxpqxcwsrZxwhx1xKWqCFVz8ThMLekrlMqzL884f90GP2NtK7Ce8hzDQNrwRj9rBBTjTz8s6H2gTPjSg0VDLz20S\/lg6tSMQGiPk18OAgr8Cvvp\/hozCjTC4rWGtBZMNzWhsdRZ0vEFqySrtoCKzbjIs8sYLfeI\/Srmdhg38hXlV6rP9b8ENgYDmhrGulF6otA0UNGy35B4kYdo\/MhPSqQjQ8pcsGIy70IR4UFuSLysmmi75oS+WVNM3dgKIvi143xwOy7qgdOdPV5c+gyBB3mtuSgX0e6xOZRh+2kBmE1\/y0Gdj0dNsXH1vof4pPU4HsRVsS0JvYE0U4YlCdanTAcZNPEnmP1noc5qyuh3us6i5xZtmZnUx0T0dXCf0c9mjorZc3Lgg0l497C2CPwMYdagIqBvgEBhiD2cLJ1VerQb93JW2WKPOLzzLgg0\/tyC748UEXnP1gVpyk34Qd6ThuEIyp\/P3Utszr2wDnYN9cXknXxovlsHtIUI308PKUR7uibVl6bPutV6morvNcIbC58Fk8I1neHuYJPbML1G3OCQjgPc+UH2RxL9dDmY3xJLGPaDlORHwLn0Y9UQRY8Lhk7amd4Z88RICqBguRbixN34f9ZzfQZMdoKSWIV7icBWCmxX4crcCBO1D2278Obn+4x7poeFXGeVaVtHFvQ6rkr5dyofRWaIN1msakDrm5L5U8AF0mUYN0+12kJO8yLievpdn6xzNd4bKeYsb3C1FFeKFwSAPzqOUDv9aT+WW4SKHyylw0pdUVK4cuveXzIF5ZRqBwY2i+cjXDSGbNnaKBH2ErXqKoIrNiwz6KvRlsA2pt5TBITtHSGuD8PCKzt2UbnDxqzPIw8XsLbhafMorn0W89jxSC0Q8Vcy5wNKz19TflD1049Gv1NMbjNbekdfzuC5B7dQh0znvHrAE2PGpwN4BiBtJYQuHSvS+0685SuSAtdMbRHQMsckK4xIqoTfFa8AuUNh26FRzuRQPpkBBXrr2KepLiEo\/cCleIvjlciTpS1Gl7qHYI81WnNc9aJzRlAfia2MhNrGqry00clXMkM3NxH01kLKkBz0CIEQ="} 01023{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":608455689,"flow_src_last_pkt_time":608455689,"flow_dst_last_pkt_time":608455689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":872,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":872,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":608455689,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -8,7 +8,7 @@ 01495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":608955846,"flow_dst_last_pkt_time":609533458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":782,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":782,"pkt_l4_len":748,"thread_ts_usec":609533458,"pkt":"CAAn5uVZUlQAEjUCCABFAAMAuboAAEARN4B90fzSCgACD1CCxpMC7Cmf2uAAZwYCV\/RJTq5P8eXNYO9XdF70Fj9KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKpZJyG\/GGz9dcm\/Mr8\/7LWMlqzk54MO7ELXqtqSqfd\/YBdqlDZSVUrL97nZoyannQ+4sHLstSS32UsGeYFShNlIkPzze5YiNYv50x\/mH\/A9pbgu69Q+WF2ip97UNP5700H4+qhxbmcY9HS8ZIxXwfhRpVqXecYovPU98m66ZIHMk3AxDUggZJzXM8Cg9Ioa5PEOWCC0RQ\/+ZM\/xmE25dREFZwuEuTY4v54VaBEf\/1fcmWRmuO56S4CdHmd3r6UrJgdv7HOPYh1FHZImH9K6Vp5v43+PDFYehvgjuZevIzB9KNNpgRaXiJIoH9HKjsrlk8bFBNxGh\/Z3wVkNzkk6aZPEyGQfpJxhMdxxwGT2MsqjyEwRxvenqN6ZiCnhNKvKa1MoubR4Q69dsKI5vcArBU28dcnpBI49S+Gue7Y63pIbagOo3yJzlth5QkSgGoh3WTgewJUJPSW2CESchMymRIYmXZ453SQiLQDUOijjH9BTXQLRM1Jktgb1Ku3YtQhwOuoynAJXV8IgsD1XNcPeHVXH4cjiPxry8hY2LXG+Dpn0+ElcIAmuYGLXgyIWmFgMDccUsS4PEmO+H98\/37Xgd\/JFCN+BdEPL8h+w8JjEm76kq4pMrFkodu9TWUlq\/f5btNgcE3NZ5tj5unKE3tunn\/9XLrY2YdRaUSo3NFlLxzIy1Ls5OLl\/yp4rUeg\/491eKamydkxVOtbP5kUPMBZAToihwFzkbtaPi\/sHlzwamjGpc5urLdFERd4ubko4hgkGPbUQFvpEefL+PiNep0MCAfLSiIccfs7kEszIxBA1tUC\/E7ZoDjNG8bd9x9za\/H5o\/i6SrM4jgqtlvtdLcuIQKuEI0hJJAH84pOvAZwnqFLwqt9Aj1HWP7oTHWsPEdIMwTkD1+nw0mJ4o="} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":609557906,"flow_dst_last_pkt_time":609533458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":609557906,"pkt":"UlQAEjUCCAAn5uVZCABFAAA6alAAAIARSbAKAAIPfdH80saTUIIAJgbQgOUAAQAAOrIJvaZ41xf3vWhbythM\/0LTmd0td5YJ"} 02276{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":608455689,"flow_src_last_pkt_time":610177798,"flow_dst_last_pkt_time":609998416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":872,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":2795,"flow_dst_tot_l4_payload_len":1792,"midstream":0,"thread_ts_usec":610177798,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"125.209.252.210","src_port":50835,"dst_port":20610,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":41,"avg":105317.3,"max":602060,"stddev":182193.2,"var":33194352640.0,"ent":3.4,"data": [500157,544706,533063,602060,13540,168,64915,55,263094,290370,5367,20000,10523,19462,58958,10024,9911,21001,21013,9059,41,8011,22020,2894,7145,6942,42069,58114,10385,99326,10443]},"pktlen": {"min":58,"avg":171.3,"max":900,"stddev":234.5,"var":54984.5,"ent":4.1,"data": [900,900,270,768,58,380,163,163,331,64,65,65,64,64,64,66,64,66,66,66,64,66,66,66,65,65,100,80,67,67,65,65]},"bins": {"c_to_s": [1,14,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,8,1,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0,1,1,1,1,1,0,0,0,0,0],"entropies": [7.775331020,7.771239281,6.645260811,7.613231659,5.193683147,7.436975479,6.710443974,6.755647659,7.369442463,5.120024681,5.136775970,5.344619274,5.143614769,5.249160290,5.311660290,5.195097923,5.186660290,5.286006927,5.346612453,5.316309452,5.217910290,5.286006451,5.255703449,5.316309929,5.252311230,5.160003662,4.125199318,4.492414474,5.378718853,5.348868370,5.240697861,5.209928036]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":51,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":7138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1663913332980371} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":51,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":7138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1663913332980371} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1663913332980371,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1663913332980371,"pkt":"iJCNB9vohKk4ukxYCABFAABkhQ9AAIAGAAAKyAN9k1ylwuHxAbtdIq0\/pMNUV1AYBAFHugAAFwMDADdo++xFfUkOJQ\/QhCWutve1sws40Q+84WpHcqg5rtUCVtgRpFPRgdwDdzjyMyfjtUsn0c73u5RW"} 01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663913332980371,"flow_src_last_pkt_time":1663913332980371,"flow_dst_last_pkt_time":1663913332980371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1663913332980371,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.165.194","src_port":57841,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -48,7 +48,7 @@ 01112{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":21,"flow_first_seen":1663913333003014,"flow_src_last_pkt_time":1663913402819217,"flow_dst_last_pkt_time":1663913403056559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":573,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3181,"flow_dst_tot_l4_payload_len":4223,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.242.232","src_port":58160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Line","proto_id":"91.315","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":66,"flow_first_seen":1663913345063942,"flow_src_last_pkt_time":1663913353743994,"flow_dst_last_pkt_time":1663913353727759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":853,"flow_dst_max_l4_payload_len":542,"flow_src_tot_l4_payload_len":12625,"flow_dst_tot_l4_payload_len":13364,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51161,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1663913367738267,"flow_src_last_pkt_time":1663913375776479,"flow_dst_last_pkt_time":1663913375810399,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":212,"flow_src_tot_l4_payload_len":688,"flow_dst_tot_l4_payload_len":836,"midstream":0,"thread_ts_usec":1663913418926686,"l3_proto":"ip4","src_ip":"10.200.3.125","dst_ip":"147.92.169.90","src_port":51170,"dst_port":29070,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LineCall","proto_id":"316","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":290,"packets-processed":290,"total-skipped-flows":0,"total-l4-payload-len":49504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1663913418926686} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/line.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":290,"packets-processed":290,"total-skipped-flows":0,"total-l4-payload-len":49504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1663913418926686} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 290/290 ~~ skipped flows.............: 0 @@ -57,9 +57,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7798192 bytes -~~ total memory freed........: 7798192 bytes -~~ total allocations/frees...: 146717/146717 +~~ total memory allocated....: 11506747 bytes +~~ total memory freed........: 11506747 bytes +~~ total allocations/frees...: 216971/216971 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 527 chars ~~ json string max len.......: 2334 chars diff --git a/test/results/default/linecall_falsepositve.pcap.out b/test/results/default/linecall_falsepositve.pcap.out index 43560e5b0..a327579f8 100644 --- a/test/results/default/linecall_falsepositve.pcap.out +++ b/test/results/default/linecall_falsepositve.pcap.out @@ -1,5 +1,5 @@ -00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1673444966772848} +00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1673444966772848} 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444966772848,"packet_id":1,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444966772848} 00561{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":191,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":191,"pkt_l4_len":0,"thread_ts_usec":1673444966772848,"pkt":"AAAAAAAAAAECAAD6gQAFq4EAAQkIAEUAAKkwrEAAPhGgXAoNgR4KCtYG2+cT5QCV4AsAAA9iAAAAAC0fSDcsMC0xQzl+eyp0QERROjMpPT1ARFJIPiU1KzJFUkh9MSFhcnIweGckSj5BYG9WQXtmW2JTX1hbKTpAQ0dIOkAlTEBBRVJnWDFrVFdiZmNbJEo+QWRsaVR7YFtVYG9IPilKXVtmaF5bJV5ZXkVSSF0xZF9XW29cWSRnPkFFUkg+ewA="} 00309{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673444966785736,"packet_id":2,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673444966785736} @@ -64,7 +64,7 @@ 00932{"packet_event_id":1,"packet_event_name":"packet","packet_id":41,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":466,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":466,"pkt_l4_len":0,"thread_ts_usec":1673444966772848,"pkt":"AAAAAAAAAAECAAD6gQAFq4EAAQkIAEUAAbwR40AAPhG+EgoNgR4KCtYG2+cT5QGo\/XgAAA92AAAAAC0fSDcsMC0xQzl+eyp0QERROjMpPT1ARFJIPiU1KzJFUkhuMShyZHwwcT4kSj4zNEUyKXtMQEM3PzQuKTktLzhAO0AlTEAtRFFHMDE7LjA0PzY9JEk9diUhJ257Ki4yJyI7MSk4PUBEYltRJVg9QERDOikxNisuLz40PSRJPVdYcWlUe0k9QGNvZF8pV1RPO2FiXyVaV1VgSCJ8MUk9QDc\/NDAkODEtNTw3PXtJPTMyPjgtKTksMi9FRz0lSTAuMUU2KDE3KS0wUUc9JDwrLTVBNyx7OykrRFFHLSk7LEBEUTs9JUk9M0RRRzAxPT1AREVHPSRJbW51LyNvezovI3RFOzApST1AJj43MSU8LC8jPDh+MTctLDMzMy4kLHx9MEM2LXs1MX0zPygvKUk9QEdUSkAlTEA0R1RKMTFMQEM4T0UxJEc7PjhPOzt7RzE+QkVFOylHO0NHVEg+JUpdW2ZoXlsxXlleRVJIXSRkX1dbb1xZe2c+QUVxYl8pYFReWW1lPiVKPmBfc15UMWdSXGJSSD4kSj5BAA=="} 00310{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1673445117157636,"packet_id":42,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1673445117157636} 00706{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":298,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":298,"pkt_l4_len":0,"thread_ts_usec":1673444966772848,"pkt":"AAAAAAAAAAECAAD6gQAFq4EAAQkIAEUAARQvkwAAdhGpCgoK1gYKDYEeE+Xb5wEADn4AAA92AAAAAC0fSDcsMC0xQzl+eyp0QUVSX1spU0FdWGheUSVVTUFFUjQ9MUk9MzZCNy0kNyxARFF9fXt4fHElQjkgKXkxNDNRRz0lWlFUU1FHPTE7MCwxPzUoJDYqQERRXlF7aV9XRFFHXClnWmJSaFY0JVlYYlVrXFkxQHcgRFFHMCQ3KjMzRTQuezQtQERROispNi4wND85LCU8PUBERDUqMT0sKzI9NCkkST1ANz80Lns5LS42QDs9KUk9MDZARz0lSTFARFE6PTFJPTM4UUc9JD09QEQidW57J3hyNUMqbSk9MTNEUUc+JUo+NEVSSDExSj5BAA=="} -00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":42,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1673445117157636} +00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/linecall_falsepositve.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":42,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1673445117157636} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 42/0 ~~ skipped flows.............: 0 @@ -73,9 +73,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7764605 bytes -~~ total memory freed........: 7764605 bytes -~~ total allocations/frees...: 146360/146360 +~~ total memory allocated....: 11473240 bytes +~~ total memory freed........: 11473240 bytes +~~ total allocations/frees...: 216614/216614 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 314 chars ~~ json string max len.......: 1290 chars diff --git a/test/results/default/lisp_registration.pcap.out b/test/results/default/lisp_registration.pcap.out index 9b4c9cc08..b0e3d5797 100644 --- a/test/results/default/lisp_registration.pcap.out +++ b/test/results/default/lisp_registration.pcap.out @@ -1,5 +1,5 @@ -00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1597152685554430} +00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1597152685554430} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597152685554430,"flow_src_last_pkt_time":1597152685554430,"flow_dst_last_pkt_time":1597152685554430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597152685554430,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1597152685554430,"flow_dst_last_pkt_time":1597152685554430,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1597152685554430,"pkt":"qrvMAAEAqrvMAAIACABFwAB0AJYAAP8RsB8KAHsCCgB7ARD2EPYAYGa4MgABAWerkx+ei5dKAAEAFLdG1odgiOW+z\/RAIKtUGCaiNO0QAAAFoAEgEAAAAAABCgAAAhYWFhYABQABCgB7AtD01FgUttPjIYPJQy5LWPIAAAAAAAAAAA=="} 01053{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597152685554430,"flow_src_last_pkt_time":1597152685554430,"flow_dst_last_pkt_time":1597152685554430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597152685554430,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LISP","proto_id":"236","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -32,7 +32,7 @@ 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1597152709936562,"flow_src_last_pkt_time":1597152709936562,"flow_dst_last_pkt_time":1597152709943547,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":468,"flow_dst_tot_l4_payload_len":400,"midstream":0,"thread_ts_usec":1597152712034854,"l3_proto":"ip4","src_ip":"10.0.123.3","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LISP","proto_id":"236","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1597152685554430,"flow_src_last_pkt_time":1597152685555426,"flow_dst_last_pkt_time":1597152685560246,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":112,"flow_src_tot_l4_payload_len":400,"flow_dst_tot_l4_payload_len":400,"midstream":0,"thread_ts_usec":1597152712034854,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":4342,"dst_port":4342,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"LISP","proto_id":"236","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1597152687289150,"flow_src_last_pkt_time":1597152687645409,"flow_dst_last_pkt_time":1597152687439147,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":448,"flow_dst_max_l4_payload_len":452,"flow_src_tot_l4_payload_len":448,"flow_dst_tot_l4_payload_len":467,"midstream":0,"thread_ts_usec":1597152712034854,"l3_proto":"ip4","src_ip":"10.0.123.2","dst_ip":"10.0.123.1","src_port":15373,"dst_port":4342,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LISP","proto_id":"236","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":3790,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1597152712034854} +00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/lisp_registration.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":3790,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1597152712034854} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -41,9 +41,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7778163 bytes -~~ total memory freed........: 7778163 bytes -~~ total allocations/frees...: 146436/146436 +~~ total memory allocated....: 11486734 bytes +~~ total memory freed........: 11486734 bytes +~~ total allocations/frees...: 216690/216690 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 548 chars ~~ json string max len.......: 1436 chars diff --git a/test/results/default/log4j-webapp-exploit.pcap.out b/test/results/default/log4j-webapp-exploit.pcap.out index b2884cbc8..8880e86ba 100644 --- a/test/results/default/log4j-webapp-exploit.pcap.out +++ b/test/results/default/log4j-webapp-exploit.pcap.out @@ -1,5 +1,5 @@ -00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639425815407353} +00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639425815407353} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639425815407353,"flow_src_last_pkt_time":1639425815407353,"flow_dst_last_pkt_time":1639425815407353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639425815407353,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639425815407353,"flow_dst_last_pkt_time":1639425815407353,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1639425815407353,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADxjYEAAPQamLqwQ7gGsEO4KB8AfkHmWgrEAAAAAoAL68JU2AAACBAW0BAIICq34shoAAAAAAQMDBw=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639425815407353,"flow_dst_last_pkt_time":1639425815407439,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1639425815407439,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADwAAEAAQAYGj6wQ7gqsEO4BH5AHwIo9\/lB5loKyoBJxIDRcAAACBAW0BAIICmhBAYSt+LIaAQMDBw=="} @@ -64,7 +64,7 @@ 01342{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1639425815910226,"flow_src_last_pkt_time":1639425815918224,"flow_dst_last_pkt_time":1639425815918340,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1352,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1548,"midstream":0,"thread_ts_usec":1639425834697105,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"40": {"risk":"Possible Exploit","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01342{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1639425834639606,"flow_src_last_pkt_time":1639425834642327,"flow_dst_last_pkt_time":1639425834642463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":1352,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":1548,"midstream":0,"thread_ts_usec":1639425834697105,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"40": {"risk":"Possible Exploit","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 01118{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1639425815682954,"flow_src_last_pkt_time":1639425833591234,"flow_dst_last_pkt_time":1639425833591196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":69,"flow_dst_max_l4_payload_len":147,"flow_src_tot_l4_payload_len":119,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1639425834697105,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"LDAP","proto_id":"112","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":426,"packets-processed":422,"total-skipped-flows":0,"total-l4-payload-len":5830,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1639425834697105} +00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/log4j-webapp-exploit.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":426,"packets-processed":422,"total-skipped-flows":0,"total-l4-payload-len":5830,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1639425834697105} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 426/422 ~~ skipped flows.............: 0 @@ -73,9 +73,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7798579 bytes -~~ total memory freed........: 7798579 bytes -~~ total allocations/frees...: 146885/146885 +~~ total memory allocated....: 11507102 bytes +~~ total memory freed........: 11507102 bytes +~~ total allocations/frees...: 217139/217139 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 310 chars ~~ json string max len.......: 1934 chars diff --git a/test/results/default/long_tls_certificate.pcap.out b/test/results/default/long_tls_certificate.pcap.out index 6f3980e4a..d802c32ca 100644 --- a/test/results/default/long_tls_certificate.pcap.out +++ b/test/results/default/long_tls_certificate.pcap.out @@ -1,5 +1,5 @@ -00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1609756181300869} +00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1609756181300869} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756181300869,"flow_dst_last_pkt_time":1609756181300869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1609756181300869,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1609756181300869,"flow_dst_last_pkt_time":1609756181300869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1609756181300869,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqknAqAE8ag9ke9glAbsIXeEZAAAAALAC\/\/9qjwAAAgQFtAEDAwUBAQgKDpRqEwAAAAAEAgAA"} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1609756181300869,"flow_dst_last_pkt_time":1609756181671657,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1609756181671657,"pkt":"KDc3AG3IEBMx8Tl2CABFAABAAABAACsGv0lqD2R7wKgBPAG72CWlbC1xCF3hGrASMqDiugAAAgQFrAEBAQEBAQEBAQEBAQEBAQEEAgAA"} @@ -12,7 +12,7 @@ 01991{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756182512712,"flow_dst_last_pkt_time":1609756182787262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":906,"flow_dst_tot_l4_payload_len":9549,"midstream":0,"thread_ts_usec":1609756182787262,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":87039.9,"max":370939,"stddev":130477.0,"var":17024251904.0,"ent":3.4,"data": [370788,370939,9373,360927,2844,76,70,354425,123,125,124,131,8073,8089,5763,200299,194564,174299,34,174324,4,2275,71,66,101,117,94097,91476,274609,24,6]},"pktlen": {"min":40,"avg":370.7,"max":1492,"stddev":546.6,"var":298744.2,"ent":3.7,"data": [64,64,40,557,46,1492,1492,1492,40,1492,40,1090,40,1090,52,166,1492,52,91,109,40,40,93,96,82,114,78,109,52,52,52,52]},"bins": {"c_to_s": [10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0]},"directions": [0,1,0,0,1,1,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,1,1,1],"entropies": [4.353732109,4.287687778,4.680641651,4.404402256,4.565872192,6.234030724,4.660021305,4.709488392,4.630641460,6.835905075,4.680641651,7.511188984,4.580641747,7.512306690,4.740514278,6.280318737,6.238153934,4.870416164,5.914383888,6.170372486,4.680641651,4.680641651,5.707346439,5.695815086,5.241580486,6.007335186,5.319273472,6.145098209,4.778975964,5.063529015,5.025067329,5.063529015]}} 05376{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756182512712,"flow_dst_last_pkt_time":1609756182787262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":906,"flow_dst_tot_l4_payload_len":9549,"midstream":0,"thread_ts_usec":1609756182787262,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","proto_id":"91.274","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacon-api.aliyuncs.com","tls": {"version":"TLSv1.2","server_names":"*.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2","subjectDN":"C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA"}}} 00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":23,"flow_first_seen":1609756181300869,"flow_src_last_pkt_time":1609756183156414,"flow_dst_last_pkt_time":1609756183162351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1073,"flow_dst_tot_l4_payload_len":11027,"midstream":0,"thread_ts_usec":1609756183162351,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Alibaba","proto_id":"91.274","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":47,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":12100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1609756183162351} +00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/long_tls_certificate.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":47,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":12100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1609756183162351} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 47/47 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8167435 bytes -~~ total memory freed........: 8167435 bytes -~~ total allocations/frees...: 146613/146613 +~~ total memory allocated....: 11876054 bytes +~~ total memory freed........: 11876054 bytes +~~ total allocations/frees...: 216867/216867 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 544 chars ~~ json string max len.......: 5381 chars diff --git a/test/results/default/lru_ipv6_caches.pcapng.out b/test/results/default/lru_ipv6_caches.pcapng.out index 60c129a47..b6fbd843b 100644 --- a/test/results/default/lru_ipv6_caches.pcapng.out +++ b/test/results/default/lru_ipv6_caches.pcapng.out @@ -1,12 +1,12 @@ -00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639052947835473} +00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639052947835473} 00835{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947835473,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":84,"pkt_l4_len":30,"thread_ts_usec":1639052947835473,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAAB4RNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgAeVVyAyQABc057KIAAAAURUN3Xuv65y9fO"} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948008616,"pkt":"AAAAAAAAAAUAny4Oht1gCOxqADoRPyDtRw9vc85gYL6LT983sIAy+\/lnaB7pa\/rOsAwAAHT9sloNlgA6KoqAyQABWl1ZNGNoadjLndjyhIQdR3eb9BFhVVqa3fOaaflunNCAAAAByaRnP87SPV4aWA=="} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1639052948274471,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948274471,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAADoRNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgA67jSAyQABc057KPtqh0GuGNqHQpVdUH9DbV7N1xxXOtXJtJqdGPOAAAAGtXeTrpTWaBsieQ=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1639052948289476,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":84,"pkt_l4_len":30,"thread_ts_usec":1639052948289476,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAAB4RNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgAecUyAyQABc057KIAAAAeHMLnCpIkbax7n"} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639052948289476,"flow_dst_last_pkt_time":1639052948301493,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948301493,"pkt":"AAAAAAAAAAUAny4Oht1gCOxqADoRPyDtRw9vc85gYL6LT983sIAy+\/lnaB7pa\/rOsAwAAHT9sloNlgA6RJGAyQABkTlfEc51q66FXyPDwam3nbBa6WicqgKI89C6hGhWlhyAAAAFFpuu1SLHCT7WvA=="} -01076{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052948665588,"flow_dst_last_pkt_time":1639052948452760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":144,"flow_src_tot_l4_payload_len":268,"flow_dst_tot_l4_payload_len":356,"midstream":0,"thread_ts_usec":1639052948665588,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":2,"num_processed_pkts":3}}} +01001{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052948289476,"flow_dst_last_pkt_time":1639052948310769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":94,"flow_dst_tot_l4_payload_len":212,"midstream":0,"thread_ts_usec":1639052948310769,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00839{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948897167,"flow_src_last_pkt_time":1639052948897167,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948897167,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27","src_port":6881,"dst_port":60506,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1639052948897167,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052948897167,"pkt":"AAAAAAAAAAgAVrKUht1gDMK7ABwRPzmRBy0zbmXsxb+l+oOtI94wJOXurC\/Ndl3Wp6Hxf1wnGuHsWgAcMekhAKzS+CpD0rrw8PwAEAAA1ElsQg=="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1639052948898635,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052948898635,"pkt":"AAAAAAAAAAgAVrKUht1gDMK7ABwRPzmRBy0zbmXsxb+l+oOtI94wJOXurC\/Ndl3Wp6Hxf1wnGuHsWgAcMDchAKzS+CpIPbrw7kIAEAAA1ElsQw=="} @@ -33,7 +33,7 @@ 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1639052959035612,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":166,"pkt_l4_len":112,"thread_ts_usec":1639052959035612,"pkt":"AAAAAAAAAAgAVrKUht1gCe0yAHARPzmRBy0zbmXsxb+l+oOtI94v2h+KwQeIpOUJ0uFEX\/NMGuEa4QBw7ZJkMTphZDI6aWQyMDrlXFuiZTjDuuw6Y5fpKld4tI\/Cxjk6aW5mb19oYXNoMjA65VxdggPDJDvaNdNt\/L2j+bkuqMllMTpxOTpnZXRfcGVlcnMxOnQyOiVoMTp2NDpMVAECMTp5MTpxZQ=="} 00836{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052961890141,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="} -01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052961892484,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1639052962142439,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052962142439,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1639052962191138,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052962191138,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="} @@ -59,11 +59,11 @@ 01614{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704415,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704415,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","notafter":"2022-06-28 23:59:59","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0"}}} 00836{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052978452441,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvABwRPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgAcl50IAQAAIRKkQlo5L3NwNkJKYzZoYw=="} -01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052978709090,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvAKARPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgCgYyEAAwCEIRKkQk1ENkhOcE43bVdyN0AAAGYJEB5qy\/i6apiRZvn3XMXkctbCLKVSgdE+etIaSO7JbOt8VgBwQ6PpOhc8GnE1mfqvDmlkq2e8sWOF\/9QSZ9+\/3ZsaHutXU4\/yA\/LvUyR73PqXq7vvVwk5ZocXkuyrjHvs93CEXbgAAAAIABTHiAxW9AnRlqecEToF0hfWjRUykA=="} 00836{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052979210381,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yABwRPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgAc0j0IAQAAIRKkQk5zWlZOMGtRWWlzeg=="} -01208{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052979210765,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAKARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCgt74AAwCEIRKkQkhCZVJqYUhKN2FOWUAAAGYJEMzluAd5ZUXHIG6GisEWroK42o70dYdL4WqSdPq9VYO3OjGxFI7w7pBgN3c6YR8KjSMY+2Ef8toiPPzGNZ6A1i89fknsYqJ9SYub5TFTaEnS4NE02DKCNshJ0L2AWj8kO7uEBsUAAAAIABTng0rXsLYilkJ4duCqCg2pGBOUjQ=="} 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1639052979218699,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979218699,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQ\/5MAAQB0IRKkQkJ5RTBTMEFLcS8yZQAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABTKxPaKL217enpIf2AGYjmMTGV454AoAATAmK\/f"} 00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1639052979381748,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979381748,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQrREAAQB0IRKkQjY4V3ltQWRhSzZoTAAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABQoQCd0hET\/ud5uUOzbGiF4yVYzZoAoAASXw0bX"} @@ -80,7 +80,7 @@ 01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052950067975,"flow_dst_last_pkt_time":1639052950546662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":144,"flow_src_tot_l4_payload_len":744,"flow_dst_tot_l4_payload_len":846,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01166{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052981556623,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1276,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01285{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1639052950309556,"flow_src_last_pkt_time":1639052960302401,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1839,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2a2f:8509:1cb2:466d:ecbf:69d6:109c:608","dst_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","src_port":62229,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":88,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_usec":1639052981556623} +00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":88,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_usec":1639052981556623} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 88/88 ~~ skipped flows.............: 0 @@ -89,9 +89,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7807684 bytes -~~ total memory freed........: 7807684 bytes -~~ total allocations/frees...: 146604/146604 +~~ total memory allocated....: 11516127 bytes +~~ total memory freed........: 11516127 bytes +~~ total allocations/frees...: 216858/216858 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 578 chars ~~ json string max len.......: 2401 chars diff --git a/test/results/default/malformed_dns.pcap.out b/test/results/default/malformed_dns.pcap.out index 3e36084e6..b5cf04f19 100644 --- a/test/results/default/malformed_dns.pcap.out +++ b/test/results/default/malformed_dns.pcap.out @@ -1,5 +1,5 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591551760342902} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591551760342902} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591551760342902,"flow_src_last_pkt_time":1591551760342902,"flow_dst_last_pkt_time":1591551760342902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591551760342902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591551760342902,"flow_dst_last_pkt_time":1591551760342902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1591551760342902,"pkt":"AAAAAAAAAAAAAAAACABFAAA4nToAAEAR33h\/AAABfwAAAcUDADUAJP43hLQBAAABAAAAAAAAA3d3dwJ4dANjb20AAAEAAQ=="} 01174{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591551760342902,"flow_src_last_pkt_time":1591551760342902,"flow_dst_last_pkt_time":1591551760342902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591551760342902,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.xt.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -9,7 +9,7 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1591551765342879,"flow_dst_last_pkt_time":1591551760372114,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1591551765342879,"pkt":"AAAAAAAAAAAAAAAACABFAAA4ny8AAEAR3YN\/AAABfwAAAcUDADUAJP43hLQBAAABAAAAAAAAA3d3dwJ4dANjb20AAAEAAQ=="} 02726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1591551765342879,"flow_dst_last_pkt_time":1591551765355529,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1430,"pkt_l4_len":1396,"thread_ts_usec":1591551765355529,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAACABFAAWIAAEAAEARd2J\/AAABfwAAAQA1xQMFdLSchLSBAAACAAIAAAAAA3d3dwJ4dANjb20AAAEAASJBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBPwAAAAA\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AQD0+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wEHAQjs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/P8BDwETARcBGNzg5Ojs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AR8BIwEnASsBLwEzATcBOLzAxMjM0NTY3ODk6Ozw9Pj8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wE\/AUMBRwFLAU8BUwFXAVsBXwFjAWcBawFvAXMBdwF4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9PsBfwGDAYcBiwGPAZMBlwGbAZ8BowGnAasBrwGzAbcBuwG\/AcMBxwHLAc8B0wHXAdsB3wHjAecB6wHvAfMB9wH4AAQABwAwAAQABAAAAAAAEQkJCQsAMAAUAAQAAAAAATANBQUE\/MDAwMDEwMDAyMDAxMTAwMTIwMDIxMDAyMjAxMDEwMjAxMTEwMTEyMDEyMTAxMjIwMjAyMTEwMjEyMDIyMTAyBQAAAAAAwP8="} 01304{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1591551760342902,"flow_src_last_pkt_time":1591551765342879,"flow_dst_last_pkt_time":1591551765368813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":5552,"midstream":0,"thread_ts_usec":1591551765368813,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"37": {"risk":"Large DNS Packet (512+ bytes)","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":5608,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1591551765368813} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/malformed_dns.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":5608,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1591551765368813} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766999 bytes -~~ total memory freed........: 7766999 bytes -~~ total allocations/frees...: 146380/146380 +~~ total memory allocated....: 11475618 bytes +~~ total memory freed........: 11475618 bytes +~~ total allocations/frees...: 216634/216634 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 559 chars ~~ json string max len.......: 2731 chars diff --git a/test/results/default/malformed_icmp.pcap.out b/test/results/default/malformed_icmp.pcap.out index 537671337..e2ea39994 100644 --- a/test/results/default/malformed_icmp.pcap.out +++ b/test/results/default/malformed_icmp.pcap.out @@ -1,10 +1,10 @@ -00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1593066612951269} +00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1593066612951269} 00752{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593066612951269,"flow_src_last_pkt_time":1593066612951269,"flow_dst_last_pkt_time":1593066612951269,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593066612951269,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1593066612951269,"flow_dst_last_pkt_time":1593066612951269,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":42,"pkt_l4_len":8,"thread_ts_usec":1593066612951269,"pkt":"AFUir8Y3AERm\/CmvCABFAAAcAAEAAEABXqPamLPV2pizNqUAWv8AAAAA"} 01129{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593066612951269,"flow_src_last_pkt_time":1593066612951269,"flow_dst_last_pkt_time":1593066612951269,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593066612951269,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01168{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593066612951269,"flow_src_last_pkt_time":1593066612951269,"flow_dst_last_pkt_time":1593066612951269,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593066612951269,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":8,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1593066612951269} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malformed_icmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":8,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1593066612951269} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766782 bytes -~~ total memory freed........: 7766782 bytes -~~ total allocations/frees...: 146372/146372 +~~ total memory allocated....: 11475401 bytes +~~ total memory freed........: 11475401 bytes +~~ total allocations/frees...: 216626/216626 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 519 chars ~~ json string max len.......: 1173 chars diff --git a/test/results/default/malware.pcap.out b/test/results/default/malware.pcap.out index c69de3516..7567d97a1 100644 --- a/test/results/default/malware.pcap.out +++ b/test/results/default/malware.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569571466977364} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569571466977364} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571466977364,"flow_src_last_pkt_time":1569571466977364,"flow_dst_last_pkt_time":1569571466977364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569571466977364,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569571466977364,"flow_dst_last_pkt_time":1569571466977364,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1569571466977364,"pkt":"CGoKOl4eMFLLbJwbCABFAABcg9cAAEARLQnAqAcHAQEBAaWCADUASMoKC6QBIAABAAAAAAABA3d3dw9pbnRlcm5ldGJhZGd1eXMDY29tAAABAAEAACkQAAAAAAAADAAKAAjrBFAObfGpig=="} 01181{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571466977364,"flow_src_last_pkt_time":1569571466977364,"flow_dst_last_pkt_time":1569571466977364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569571466977364,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.internetbadguys.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -10,7 +10,7 @@ 01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571470672893,"flow_src_last_pkt_time":1569571470672893,"flow_dst_last_pkt_time":1569571470672893,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569571470672893,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.297900}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571476362891,"flow_src_last_pkt_time":1569571476362891,"flow_dst_last_pkt_time":1569571476362891,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569571476362891,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1569571476362891,"flow_dst_last_pkt_time":1569571476362891,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1569571476362891,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0sPtAAEAGObHAqAcHkIv33IOqAFCfbfb4AAAAAIAC+vBQPgAAAgQFtAEBBAIBAwMH"} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1569579408876326} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1569579408876326} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569579408876326,"flow_src_last_pkt_time":1569579408876326,"flow_dst_last_pkt_time":1569579408876326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569579408876326,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00967{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1569579408876326,"flow_dst_last_pkt_time":1569579408876326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_usec":1569579408876326,"pkt":"CGoKOl4eMFLLbJwbCABFAAFxQQlAAEAGkCXAqAcHQ9dc0r0KAFDJvdSn63fGVVAYAfZpvAAAR0VUIC8gSFRUUC8xLjENCkhvc3Q6IHd3dy5pbnRlcm5ldGJhZGd1eXMuY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBydjo2OC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY4LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkROVDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KDQo="} 01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569579408876326,"flow_src_last_pkt_time":1569579408876326,"flow_dst_last_pkt_time":1569579408876326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569579408876326,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"OpenDNS","proto_by_ip_id":225,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.internetbadguys.com","http": {"url":"www.internetbadguys.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; rv:68.0) Gecko\/20100101 Firefox\/68.0","detected_os":"Windows 10"}}} @@ -24,25 +24,36 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1569579416830077,"flow_dst_last_pkt_time":1569579417018328,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569579417018328,"pkt":"MFLLbJwbCGoKOl4eCABFAAAoJgFAADgGtHZD11zSwKgHBwG7iaQdaco\/3Upc8VAQAO2ZSgAAAAAAAAAA"} 01237{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569579416636584,"flow_src_last_pkt_time":1569579416830077,"flow_dst_last_pkt_time":1569579417029746,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1569579417029746,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"OpenDNS","proto_by_ip_id":225,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.internetbadguys.com","tls": {"version":"TLSv1.2","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 02749{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1569579416636584,"flow_src_last_pkt_time":1569579417029833,"flow_dst_last_pkt_time":1569579417030048,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4380,"midstream":0,"thread_ts_usec":1569579417030048,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.OpenDNS","proto_id":"91.225","proto_by_ip":"OpenDNS","proto_by_ip_id":225,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.internetbadguys.com","tls": {"version":"TLSv1.2","server_names":"api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C"}}} -01076{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571476362891,"flow_src_last_pkt_time":1569571476362891,"flow_dst_last_pkt_time":1569571476362891,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} -00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571476362891,"flow_src_last_pkt_time":1569571476362891,"flow_dst_last_pkt_time":1569571476362891,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1569579416636584,"flow_src_last_pkt_time":1569579417280185,"flow_dst_last_pkt_time":1569579417280169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":674,"flow_dst_tot_l4_payload_len":5344,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01059{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571470672893,"flow_src_last_pkt_time":1569571470672893,"flow_dst_last_pkt_time":1569571470672893,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569579408876326,"flow_src_last_pkt_time":1569579408876326,"flow_dst_last_pkt_time":1569579409087861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":44,"midstream":1,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569571466977364,"flow_src_last_pkt_time":1569571466977364,"flow_dst_last_pkt_time":1569571467001085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":6587,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1569579417280185} +01076{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571476362891,"flow_src_last_pkt_time":1569571476362891,"flow_dst_last_pkt_time":1569571476362891,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} +00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571476362891,"flow_src_last_pkt_time":1569571476362891,"flow_dst_last_pkt_time":1569571476362891,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01059{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569571470672893,"flow_src_last_pkt_time":1569571470672893,"flow_dst_last_pkt_time":1569571470672893,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569571466977364,"flow_src_last_pkt_time":1569571466977364,"flow_dst_last_pkt_time":1569571467001085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":68,"midstream":0,"thread_ts_usec":1569579417280185,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":27,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":6587,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1698873191201916} +00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698873191201916,"flow_src_last_pkt_time":1698873191201916,"flow_dst_last_pkt_time":1698873191201916,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698873191201916,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"193.109.85.123","src_port":41240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1698873191201916,"flow_dst_last_pkt_time":1698873191201916,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698873191201916,"pkt":"YDjgxTWgABjzZLGICABFAAA08cpAAJsGFlTAqAAUwW1Ve6EYAbv2WX9aAAAAAIAC+vDXywAAAgQFtAEBBAIBAwMH"} +00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1698873191201916,"flow_dst_last_pkt_time":1698873191268235,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698873191268235,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0AABAADYGbR\/BbVV7wKgAFAG7oRhDPWNP9ll\/W4ASchBmPgAAAgQFrAEBBAIBAwMH"} +00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1698873191268310,"flow_dst_last_pkt_time":1698873191268235,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698873191268310,"pkt":"YDjgxTWgABjzZLGICABFAAAo8ctAAJsGFl\/AqAAUwW1Ve6EYAbv2WX9bQz1jUFAQAfbXvwAA"} +01409{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1698873191276094,"flow_dst_last_pkt_time":1698873191268235,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":706,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":706,"pkt_l4_len":672,"thread_ts_usec":1698873191276094,"pkt":"YDjgxTWgABjzZLGICABFAAK08cxAAJsGE9LAqAAUwW1Ve6EYAbv2WX9bQz1jUFAYAfbaSwAAFgMBAocBAAKDAwNZALD8xD8Q+yl+0KOqmQwd9gXJJBI9kolSl2GL2ReWNiCzs2NfI2JybZYU5Icxytbz6e632+0qvEWXLo8a8wqg1gAeEwETAxMCwCvAL8ypzKjALMAwwBPAFACcAJ0ALwA1AQACHAAAABEADwAADGhvYmJlYWNoLmNvbQAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAIgAIAAYEAwUDBgMAMwBrAGkAHQAgcjjpRBYP\/LqjyeDcLJLQffjl2smK2ysllsrTP\/YNNzsAFwBBBLl\/Nov1e2X7YY8UFT1OgkDeiwvc58iBUeWZ23ywSHc3AQjLTV+lIofWWkxEGhBcgbbZ9Htvq4dOfSXR7opV40gAKwAFBAMEAwMADQAWABQEAwUDBgMIBAgFCAYEAQUBBgECAQAtAAIBAQAcAAJAAf4NARkAAAEAAX0AIMTFqBnFG9O6mmr20NCghz9vx9Ddz6otgXsR8gyu6h7WAO+yE1\/\/QwSzZEaH6O1OxJ9t+T+v+mGq5\/odUILRIoeCTfBD8XbYXXrTh2OFwu3Fx+euNL7RqjppJqXB5FAlxffyZl7obXXRjTsHhoREObJk46izW3azMo8F16kgHph8zeguNu+hQWCNCr6k2LaOWcsIT4h5ZRJQe6mr4GGpaKynhiEGqLQHfY20kUhUK0wkx8w4ouFKNJrH1+WIUkQrAU1++cxRc1xz3E6O8+4SKSjzV4V6tBwY28soLcK5gGWXcLLqYHkrURuNrVYGsik68JJ4JfFbW\/LYtJEPEGqrYr5vPpTvf6wElHwFsr3qn\/E+8Q=="} +01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1698873191201916,"flow_src_last_pkt_time":1698873191276094,"flow_dst_last_pkt_time":1698873191268235,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":652,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698873191276094,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"193.109.85.123","src_port":41240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"hobbeach.com","tls": {"version":"TLSv1.2","ja3":"9a7f6a45c84d90c9e8baecb0c9ae8dff","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}} +00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1698873191276094,"flow_dst_last_pkt_time":1698873191342966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1698873191342966,"pkt":"ABjzZLGIYDjgxTWgCABFAAAoSE9AADYGJNzBbVV7wKgAFAG7oRhDPWNQ9lmB51AQAO8VngAAAAAAAAAA"} +01242{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1698873191201916,"flow_src_last_pkt_time":1698873191276094,"flow_dst_last_pkt_time":1698873191346145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":652,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1698873191346145,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"193.109.85.123","src_port":41240,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"hobbeach.com","tls": {"version":"TLSv1.2","ja3":"9a7f6a45c84d90c9e8baecb0c9ae8dff","ja3s":"d154fcfa5bb4f0748e1dd1992c681104","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}} +02146{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1698873191201916,"flow_src_last_pkt_time":1698873191527805,"flow_dst_last_pkt_time":1698873191527955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":652,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":1216,"flow_dst_tot_l4_payload_len":15979,"midstream":0,"thread_ts_usec":1698873191527955,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"193.109.85.123","src_port":41240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":21029.9,"max":110516,"stddev":35172.1,"var":1237078016.0,"ent":3.2,"data": [66319,66394,7784,74731,3179,70080,59,0,52,87,88,2895,69320,66866,105647,5079,239,110516,108,104,86,291,185,72,128,388,325,210,535,106,55]},"pktlen": {"min":40,"avg":579.6,"max":1492,"stddev":653.5,"var":427088.1,"ent":4.0,"data": [52,52,40,692,46,1492,40,46,121,52,1492,40,133,314,511,46,1492,1492,40,46,1367,1492,40,1492,46,1269,40,1492,1492,40,46,1492]},"bins": {"c_to_s": [9,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,9,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1,1,1,0,1,1,1,0,1,1,0,1,1],"entropies": [4.739399433,4.931210041,4.784183979,7.178894043,4.434307575,7.386115074,4.884183884,4.434307098,6.317144871,4.988526344,7.610246658,4.884183884,5.998999596,7.235376835,7.554747581,4.434307098,7.863018513,7.867267132,4.834183693,4.434307575,7.860304356,7.871340752,4.884183884,7.867784977,4.434307098,7.823972225,4.884183884,7.868661404,7.861267567,4.834183693,4.477785587,7.882142067]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":849,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":320,"flow_dst_packets_processed":503,"flow_first_seen":1698873191201916,"flow_src_last_pkt_time":1698873193021206,"flow_dst_last_pkt_time":1698873193021183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":4471,"flow_dst_tot_l4_payload_len":515612,"midstream":0,"thread_ts_usec":1698873193021206,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"193.109.85.123","src_port":41240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00785{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":849,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1569579416636584,"flow_src_last_pkt_time":1569579417280185,"flow_dst_last_pkt_time":1569579417280169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":674,"flow_dst_tot_l4_payload_len":5344,"midstream":0,"thread_ts_usec":1698873193021206,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":849,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569579408876326,"flow_src_last_pkt_time":1569579408876326,"flow_dst_last_pkt_time":1569579409087861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":329,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":329,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":329,"flow_dst_tot_l4_payload_len":44,"midstream":1,"thread_ts_usec":1698873193021206,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":849,"source":"cfgs\/default\/pcap\/malware.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":849,"packets-processed":849,"total-skipped-flows":0,"total-l4-payload-len":526670,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1698873193021206} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 26/26 +~~ packets captured/processed: 849/849 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 6587 bytes -~~ total detected protocols..: 4 -~~ total active/idle flows...: 5/5 +~~ total layer4 data length..: 526670 bytes +~~ total detected protocols..: 5 +~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7817491 bytes -~~ total memory freed........: 7817491 bytes -~~ total allocations/frees...: 146505/146505 +~~ total memory allocated....: 11556178 bytes +~~ total memory freed........: 11556178 bytes +~~ total allocations/frees...: 217598/217598 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 529 chars ~~ json string max len.......: 2754 chars -~~ json string avg len.......: 1638 chars +~~ json string avg len.......: 1640 chars diff --git a/test/results/default/memcached.cap.out b/test/results/default/memcached.cap.out index c2831a670..24ed20c77 100644 --- a/test/results/default/memcached.cap.out +++ b/test/results/default/memcached.cap.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1534343745954071} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1534343745954071} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534343745954071,"flow_src_last_pkt_time":1534343745954071,"flow_dst_last_pkt_time":1534343745954071,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1534343745954071,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1534343745954071,"flow_dst_last_pkt_time":1534343745954071,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1534343745954071,"pkt":"AAAAAAAAAAAAAAAACABFAAA8pT5AAEAGl3t\/AAABfwAAAejUK8sskd7QAAAAAKACqqr+MAAAAgT\/1wQCCAopIHvuAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1534343745954071,"flow_dst_last_pkt_time":1534343745954090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1534343745954090,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASvL6NTLJnx6LJHe0aASqqr+MAAAAgT\/1wQCCAopIHvuKSB77gEDAwc="} @@ -8,7 +8,7 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1534343745954230,"flow_dst_last_pkt_time":1534343745954238,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1534343745954238,"pkt":"AAAAAAAAAAAAAAAACABFAAA0B5VAAEAGNS1\/AAABfwAAASvL6NTLJnx7LJHe2IAQAVb+KAAAAQEICikge+4pIHvu"} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1534343745954071,"flow_src_last_pkt_time":1534343745954230,"flow_dst_last_pkt_time":1534343745954346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":1028,"midstream":0,"thread_ts_usec":1534343745954346,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Memcached","proto_id":"40","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1534343745954071,"flow_src_last_pkt_time":1534343745954749,"flow_dst_last_pkt_time":1534343745954737,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":1028,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":1028,"midstream":0,"thread_ts_usec":1534343745954749,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Memcached","proto_id":"40","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":1035,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1534343745954749} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/memcached.cap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":1035,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1534343745954749} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769091 bytes -~~ total memory freed........: 7769091 bytes -~~ total allocations/frees...: 146382/146382 +~~ total memory allocated....: 11477710 bytes +~~ total memory freed........: 11477710 bytes +~~ total allocations/frees...: 216636/216636 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 547 chars ~~ json string max len.......: 973 chars diff --git a/test/results/default/merakicloud.pcapng.out b/test/results/default/merakicloud.pcapng.out index 12bf4e219..8a65ab9e8 100644 --- a/test/results/default/merakicloud.pcapng.out +++ b/test/results/default/merakicloud.pcapng.out @@ -1,5 +1,5 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1673444916586594} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1673444916586594} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673444916586594,"flow_dst_last_pkt_time":1673444916586594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1673444916586594,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1673444916586594,"flow_dst_last_pkt_time":1673444916586594,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1673444916586594,"pkt":"AAAAAAAAAAEC+qKgCABFAACM6EcAAPkR334CJOqF0c47IrjFHLcAeI5V\/vcokQ0BAHAGihtOAAAAACpmyZcAAAAAAFYCCGO+vhsqCRUEAyQc8x5t8LeScWQ7JhVYfzr5StSHn5mSLCeBOnIKUwGFNtdHnBkECAAAAHcAUa57BQgAAIDsAACAXAcIAAAAAjgFaqcGAQQIA+DLvA=="} 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673444916586594,"flow_dst_last_pkt_time":1673444916586594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1673444916586594,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MerakiCloud","proto_id":"66","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -16,7 +16,7 @@ 01116{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673445216593721,"flow_dst_last_pkt_time":1673445216785656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":2231,"flow_dst_tot_l4_payload_len":1338,"midstream":0,"thread_ts_usec":1673445216785656,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MerakiCloud","proto_id":"66","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01116{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673445266594530,"flow_dst_last_pkt_time":1673445266791083,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":2455,"flow_dst_tot_l4_payload_len":1430,"midstream":0,"thread_ts_usec":1673445266791083,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MerakiCloud","proto_id":"66","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":22,"flow_first_seen":1673444916586594,"flow_src_last_pkt_time":1673445316595722,"flow_dst_last_pkt_time":1673445316799009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":155,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":2679,"flow_dst_tot_l4_payload_len":1522,"midstream":0,"thread_ts_usec":1673445316799009,"l3_proto":"ip4","src_ip":"2.36.234.133","dst_ip":"209.206.59.34","src_port":47301,"dst_port":7351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MerakiCloud","proto_id":"66","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":4201,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":7,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1673445316799009} +00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/merakicloud.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":4201,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":7,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1673445316799009} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7768029 bytes -~~ total memory freed........: 7768029 bytes -~~ total allocations/frees...: 146415/146415 +~~ total memory allocated....: 11476648 bytes +~~ total memory freed........: 11476648 bytes +~~ total allocations/frees...: 216669/216669 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 574 chars ~~ json string max len.......: 2432 chars diff --git a/test/results/default/mgcp.pcap.out b/test/results/default/mgcp.pcap.out new file mode 100644 index 000000000..a3c4ee022 --- /dev/null +++ b/test/results/default/mgcp.pcap.out @@ -0,0 +1,51 @@ +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1008850756991000} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850756991683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1008850756991683,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850756991683,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1008850756991683,"pkt":"AJD4ADLsABCk62CzCABFAABZAABAAEAR34isEAF0rBABdwl7CXsARe\/rUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDQpSOiBsL2hkKG4pDQpYOiAyDQoNCg=="} +01042{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850756991683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1008850756991683,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850756996076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1008850756996076,"pkt":"ABCk62CzAJD4ADLsCABFuABUAI4AADwRIkisEAF3rBABdAl7CXsAQHcHNTEwIDEgUHJvdG9jb2wgRXJyb3I6IEZvcmJpZGRlbiBwYXJhbWV0ZXIgbGluZSBwcmVzZW50Lgo="} +00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850833691559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1008850833691559,"pkt":"ABCk62CzAJD4ADLsCABFuABXAB8AADwRIrSsEAF3rBABdAl7CXsAQ7m5UlNJUCAzMTY1Njg2MCAqQGdhdGV3YXk0NC5teXBsYWNlLmNvbSBNR0NQIDEuMApSTTogcmVzdGFydAo="} +00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1008850833713523,"flow_dst_last_pkt_time":1008850833691559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":1008850833713523,"pkt":"AJD4ADLsABCk62CzCABFAAAvAABAAEAR37KsEAF0rBABdwl7CXsAG7oNMjAwIDMxNjU2ODYwIG9rDQoNCg=="} +00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1008850833723445,"flow_dst_last_pkt_time":1008850833691559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1008850833723445,"pkt":"AJD4ADLsABCk62CzCABFAABZAABAAEAR34isEAF0rBABdwl7CXsARe\/rUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDQpSOiBsL2hkKG4pDQpYOiAyDQoNCg=="} +01088{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850837735895,"flow_dst_last_pkt_time":1008850837740350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":227,"midstream":0,"thread_ts_usec":1008850837740350,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":15,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1463066849887905} +00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463066849887905,"flow_src_last_pkt_time":1463066849887905,"flow_dst_last_pkt_time":1463066849887905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463066849887905,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1463066849887905,"flow_dst_last_pkt_time":1463066849887905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1463066849887905,"pkt":"AFBWWvA7AAtFuLlqCABFaABPAQAAAP4RztYKCuRICgr0Agl7CXsAO7a8UlNJUCAyNjI2NjIxMzQgKkB2ZzIyNCBNR0NQIDAuMQpSTTogZ3JhY2VmdWwKUkQ6IDAK"} +01042{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463066849887905,"flow_src_last_pkt_time":1463066849887905,"flow_dst_last_pkt_time":1463066849887905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463066849887905,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1463066849887905,"flow_dst_last_pkt_time":1463066849888376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"thread_ts_usec":1463066849888376,"pkt":"AAtFuLlqAFBWWvA7CABFYAArAABAAEARTgMKCvQCCgrkSAl7CXsAF5QpMjAwIDI2MjY2MjEzNCAK"} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1463066853411246,"flow_dst_last_pkt_time":1463066849888376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1463066853411246,"pkt":"AFBWWvA7AAtFuLlqCABFaABIAAAAAP4Rz90KCuRICgr0Agl7CXsANBfXUlNJUCAyNjI2NjIxMzYgKkB2ZzIyNCBNR0NQIDAuMQpSTTogcmVzdGFydAo="} +00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1463066853411246,"flow_dst_last_pkt_time":1463066853412310,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"thread_ts_usec":1463066853412310,"pkt":"AAtFuLlqAFBWWvA7CABFYAArAABAAEARTgMKCvQCCgrkSAl7CXsAF5IpMjAwIDI2MjY2MjEzNiAK"} +00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1463066853411246,"flow_dst_last_pkt_time":1463066853412475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_usec":1463066853412475,"pkt":"AAtFuLlqAFBWWvA7CABFYABaAABAAEARTdQKCvQCCgrkSAl7CXsARu+2UlFOVCA4MCBBQUxOL1MyLzFAdmcyMjQgTUdDUCAwLjEKWDogMgpSOiBML2hkClE6IHByb2Nlc3MsbG9vcAo="} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850837735895,"flow_dst_last_pkt_time":1008850837740350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":227,"midstream":0,"thread_ts_usec":1463066856144135,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":27,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1589,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1686372010814355} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686372010814355,"flow_src_last_pkt_time":1686372010814355,"flow_dst_last_pkt_time":1686372010814355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686372010814355,"l3_proto":"ip4","src_ip":"187.43.37.188","dst_ip":"196.167.59.124","src_port":40798,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1686372010814355,"flow_dst_last_pkt_time":1686372010814355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1686372010814355,"pkt":"ilE1KSR8ZJY1Gdp3CABFAABUWtAAAG4RuMu7KyW8xKc7fJ9eCXsAQAAAUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDVI6IGwvaGQobikNWDogMQ0="} +01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686372010814355,"flow_src_last_pkt_time":1686372010814355,"flow_dst_last_pkt_time":1686372010814355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686372010814355,"l3_proto":"ip4","src_ip":"187.43.37.188","dst_ip":"196.167.59.124","src_port":40798,"dst_port":2427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1463066849887905,"flow_src_last_pkt_time":1463066856143684,"flow_dst_last_pkt_time":1463066856144135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":804,"flow_dst_max_l4_payload_len":62,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":166,"midstream":0,"thread_ts_usec":1686372010814355,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":28,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":1645,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1686543048544843} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686543048544843,"flow_src_last_pkt_time":1686543048544843,"flow_dst_last_pkt_time":1686543048544843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686543048544843,"l3_proto":"ip4","src_ip":"67.232.180.250","dst_ip":"186.112.128.179","src_port":38238,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1686543048544843,"flow_dst_last_pkt_time":1686543048544843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1686543048544843,"pkt":"K5AY5etoTv\/LX0MOCABFAABUkT8AAGwRhFxD6LT6unCAs5VeCXsAQAAAUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDVI6IGwvaGQobikNWDogMQ0="} +01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686543048544843,"flow_src_last_pkt_time":1686543048544843,"flow_dst_last_pkt_time":1686543048544843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686543048544843,"l3_proto":"ip4","src_ip":"67.232.180.250","dst_ip":"186.112.128.179","src_port":38238,"dst_port":2427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686372010814355,"flow_src_last_pkt_time":1686372010814355,"flow_dst_last_pkt_time":1686372010814355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686543048544843,"l3_proto":"ip4","src_ip":"187.43.37.188","dst_ip":"196.167.59.124","src_port":40798,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":29,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":1701,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1686675230897603} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675230897603,"flow_src_last_pkt_time":1686675230897603,"flow_dst_last_pkt_time":1686675230897603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675230897603,"l3_proto":"ip4","src_ip":"92.173.166.213","dst_ip":"83.250.239.33","src_port":51954,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1686675230897603,"flow_dst_last_pkt_time":1686675230897603,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1686675230897603,"pkt":"7\/8xXMRAPxLVY\/fxCABFAABUIe0AAG4R8bJcrabVU\/rvIcryCXsAQAAAUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDVI6IGwvaGQobikNWDogMQ0="} +01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675230897603,"flow_src_last_pkt_time":1686675230897603,"flow_dst_last_pkt_time":1686675230897603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675230897603,"l3_proto":"ip4","src_ip":"92.173.166.213","dst_ip":"83.250.239.33","src_port":51954,"dst_port":2427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675230897603,"flow_src_last_pkt_time":1686675230897603,"flow_dst_last_pkt_time":1686675230897603,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675230897603,"l3_proto":"ip4","src_ip":"92.173.166.213","dst_ip":"83.250.239.33","src_port":51954,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686543048544843,"flow_src_last_pkt_time":1686543048544843,"flow_dst_last_pkt_time":1686543048544843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675230897603,"l3_proto":"ip4","src_ip":"67.232.180.250","dst_ip":"186.112.128.179","src_port":38238,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/mgcp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":29,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":1757,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1686675230897603} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 29/23 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 1757 bytes +~~ total detected protocols..: 5 +~~ total active/idle flows...: 5/5 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 11484567 bytes +~~ total memory freed........: 11484567 bytes +~~ total allocations/frees...: 216692/216692 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 530 chars +~~ json string max len.......: 1093 chars +~~ json string avg len.......: 811 chars diff --git a/test/results/default/mgcp.pcapng.out b/test/results/default/mgcp.pcapng.out deleted file mode 100644 index dbded5fda..000000000 --- a/test/results/default/mgcp.pcapng.out +++ /dev/null @@ -1,36 +0,0 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1008850756991000} -00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850756991683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1008850756991683,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850756991683,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1008850756991683,"pkt":"AJD4ADLsABCk62CzCABFAABZAABAAEAR34isEAF0rBABdwl7CXsARe\/rUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDQpSOiBsL2hkKG4pDQpYOiAyDQoNCg=="} -01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850756991683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1008850756991683,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850756996076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1008850756996076,"pkt":"ABCk62CzAJD4ADLsCABFuABUAI4AADwRIkisEAF3rBABdAl7CXsAQHcHNTEwIDEgUHJvdG9jb2wgRXJyb3I6IEZvcmJpZGRlbiBwYXJhbWV0ZXIgbGluZSBwcmVzZW50Lgo="} -00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1008850756991683,"flow_dst_last_pkt_time":1008850833691559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1008850833691559,"pkt":"ABCk62CzAJD4ADLsCABFuABXAB8AADwRIrSsEAF3rBABdAl7CXsAQ7m5UlNJUCAzMTY1Njg2MCAqQGdhdGV3YXk0NC5teXBsYWNlLmNvbSBNR0NQIDEuMApSTTogcmVzdGFydAo="} -00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1008850833713523,"flow_dst_last_pkt_time":1008850833691559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":1008850833713523,"pkt":"AJD4ADLsABCk62CzCABFAAAvAABAAEAR37KsEAF0rBABdwl7CXsAG7oNMjAwIDMxNjU2ODYwIG9rDQoNCg=="} -00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1008850833723445,"flow_dst_last_pkt_time":1008850833691559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1008850833723445,"pkt":"AJD4ADLsABCk62CzCABFAABZAABAAEAR34isEAF0rBABdwl7CXsARe\/rUlFOVCAxICpAZ2F0ZXdheTQ0Lm15cGxhY2UuY29tIE1HQ1AgMC4xDQpSOiBsL2hkKG4pDQpYOiAyDQoNCg=="} -01090{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850837735895,"flow_dst_last_pkt_time":1008850837740350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":227,"midstream":0,"thread_ts_usec":1008850837740350,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":15,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1463066849887905} -00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463066849887905,"flow_src_last_pkt_time":1463066849887905,"flow_dst_last_pkt_time":1463066849887905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463066849887905,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1463066849887905,"flow_dst_last_pkt_time":1463066849887905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1463066849887905,"pkt":"AFBWWvA7AAtFuLlqCABFaABPAQAAAP4RztYKCuRICgr0Agl7CXsAO7a8UlNJUCAyNjI2NjIxMzQgKkB2ZzIyNCBNR0NQIDAuMQpSTTogZ3JhY2VmdWwKUkQ6IDAK"} -01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463066849887905,"flow_src_last_pkt_time":1463066849887905,"flow_dst_last_pkt_time":1463066849887905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":51,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":51,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":51,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463066849887905,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1463066849887905,"flow_dst_last_pkt_time":1463066849888376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"thread_ts_usec":1463066849888376,"pkt":"AAtFuLlqAFBWWvA7CABFYAArAABAAEARTgMKCvQCCgrkSAl7CXsAF5QpMjAwIDI2MjY2MjEzNCAK"} -00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1463066853411246,"flow_dst_last_pkt_time":1463066849888376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1463066853411246,"pkt":"AFBWWvA7AAtFuLlqCABFaABIAAAAAP4Rz90KCuRICgr0Agl7CXsANBfXUlNJUCAyNjI2NjIxMzYgKkB2ZzIyNCBNR0NQIDAuMQpSTTogcmVzdGFydAo="} -00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1463066853411246,"flow_dst_last_pkt_time":1463066853412310,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"thread_ts_usec":1463066853412310,"pkt":"AAtFuLlqAFBWWvA7CABFYAArAABAAEARTgMKCvQCCgrkSAl7CXsAF5IpMjAwIDI2MjY2MjEzNiAK"} -00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1463066853411246,"flow_dst_last_pkt_time":1463066853412475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":104,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":104,"pkt_l4_len":70,"thread_ts_usec":1463066853412475,"pkt":"AAtFuLlqAFBWWvA7CABFYABaAABAAEARTdQKCvQCCgrkSAl7CXsARu+2UlFOVCA4MCBBQUxOL1MyLzFAdmcyMjQgTUdDUCAwLjEKWDogMgpSOiBML2hkClE6IHByb2Nlc3MsbG9vcAo="} -01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1008850756991683,"flow_src_last_pkt_time":1008850837735895,"flow_dst_last_pkt_time":1008850837740350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":227,"midstream":0,"thread_ts_usec":1463066856144135,"l3_proto":"ip4","src_ip":"172.16.1.116","dst_ip":"172.16.1.119","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1463066849887905,"flow_src_last_pkt_time":1463066856143684,"flow_dst_last_pkt_time":1463066856144135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":804,"flow_dst_max_l4_payload_len":62,"flow_src_tot_l4_payload_len":994,"flow_dst_tot_l4_payload_len":166,"midstream":0,"thread_ts_usec":1463066856144135,"l3_proto":"ip4","src_ip":"10.10.228.72","dst_ip":"10.10.244.2","src_port":2427,"dst_port":2427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MGCP","proto_id":"94","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mgcp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":26,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1589,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1463066856144135} -~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 26/20 -~~ skipped flows.............: 0 -~~ total layer4 data length..: 1589 bytes -~~ total detected protocols..: 2 -~~ total active/idle flows...: 2/2 -~~ total timeout flows.......: 0 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769481 bytes -~~ total memory freed........: 7769481 bytes -~~ total allocations/frees...: 146402/146402 -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 532 chars -~~ json string max len.......: 1095 chars -~~ json string avg len.......: 813 chars diff --git a/test/results/default/modbus.pcap.out b/test/results/default/modbus.pcap.out index 0e6002199..0fea535db 100644 --- a/test/results/default/modbus.pcap.out +++ b/test/results/default/modbus.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1223541953927963} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1223541953927963} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1223541953927963,"flow_src_last_pkt_time":1223541953927963,"flow_dst_last_pkt_time":1223541953927963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1223541953927963,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1223541953927963,"flow_dst_last_pkt_time":1223541953927963,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1223541953927963,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/1AAIAGEGjAqG6DwKhuiggaAfZB0urG4RU6zlAY\/MYAMgAAANEAAAAGAQMAAQAB"} 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1223541953927963,"flow_src_last_pkt_time":1223541953927963,"flow_dst_last_pkt_time":1223541953927963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1223541953927963,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Modbus","proto_id":"44","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -9,7 +9,7 @@ 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1223541954942774,"flow_dst_last_pkt_time":1223541953930003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1223541954942774,"pkt":"ABzAX0kKAArkxYMKCABFAAA0jABAAIAGEGXAqG6DwKhuiggaAfZB0ure4RU65FAY\/LAAGAAAANMAAAAGAQMAAQAB"} 02305{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1223541953927963,"flow_src_last_pkt_time":1223541960939284,"flow_dst_last_pkt_time":1223541960940128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":11,"flow_src_tot_l4_payload_len":192,"flow_dst_tot_l4_payload_len":176,"midstream":1,"thread_ts_usec":1223541960940128,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":835,"avg":452370.5,"max":1014211,"stddev":497296.8,"var":247304159232.0,"ent":3.8,"data": [1135,1208,905,1013603,1014211,1539,891,986516,986873,1217,900,1000224,1000513,1187,905,1000230,1000558,1232,911,1000222,1000609,1645,915,999845,1000447,1173,835,1000242,1000645,1238,912]},"pktlen": {"min":51,"avg":51.5,"max":52,"stddev":0.5,"var":0.2,"ent":5.0,"data": [52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.526987553,4.730195045,4.438603878,4.877732754,4.429176807,4.636961937,4.429176331,4.877732754,4.622483730,4.730195045,4.589393616,4.838517189,4.622483730,4.730195045,4.550931931,4.916948318,4.569504738,4.769410610,4.627855301,4.916948318,4.622483730,4.730195045,4.627855301,4.916948795,4.622483730,4.769410610,4.627855301,4.862931252,4.607966423,4.769410610,4.627855301,4.916948318]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Modbus","proto_id":"44","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":51,"flow_first_seen":1223541953927963,"flow_src_last_pkt_time":1223541977036283,"flow_dst_last_pkt_time":1223541977037227,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":11,"flow_src_tot_l4_payload_len":612,"flow_dst_tot_l4_payload_len":561,"midstream":1,"thread_ts_usec":1223541977037227,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Modbus","proto_id":"44","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":102,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":1173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1223541977037227} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/modbus.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":102,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":1173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1223541977037227} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 102/102 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769711 bytes -~~ total memory freed........: 7769711 bytes -~~ total allocations/frees...: 146473/146473 +~~ total memory allocated....: 11478330 bytes +~~ total memory freed........: 11478330 bytes +~~ total allocations/frees...: 216727/216727 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 544 chars ~~ json string max len.......: 2310 chars diff --git a/test/results/default/monero.pcap.out b/test/results/default/monero.pcap.out index b7fd28345..3b9b7d8fe 100644 --- a/test/results/default/monero.pcap.out +++ b/test/results/default/monero.pcap.out @@ -1,25 +1,25 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1514196188350524} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1514196188350524} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514196188350524,"flow_dst_last_pkt_time":1514196188350524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196188350524,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1514196188350524,"flow_dst_last_pkt_time":1514196188350524,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196188350524,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8e7pAAEAG1e7AqAKUXhfHv7b2DQVL2\/baAAAAAKACchDZewAAAgQFtAQCCAocofANAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1514196188350524,"flow_dst_last_pkt_time":1514196188430828,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196188430828,"pkt":"cIXCQ0+ifmgbW\/gUCABF4AA8AABAADEGX8leF8e\/wKgClA0FtvbB2Ar1S9v226AScSCYUwAAAgQFtAQCCArnhI20HKHwDQEDAwc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1514196188430849,"flow_dst_last_pkt_time":1514196188430828,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1514196188430849,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA0e7tAAEAG1fXAqAKUXhfHv7b2DQVL2\/bbwdgK9oAQAOU3CgAAAQEIChyh8F7nhI20"} 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1514196188430950,"flow_dst_last_pkt_time":1514196188430828,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1514196188430950,"pkt":"fmgbW\/gUcIXCQ0+iCABFAACWe7xAAEAG1ZLAqAKUXhfHv7b2DQVL2\/bbwdgK9oAYAOVlowAAAQEIChyh8F7nhI20eyJpZCI6MSwibWV0aG9kIjoibWluaW5nLnN1YnNjcmliZSIsInBhcmFtcyI6WyJFV0JGIDAuMy40YiIsbnVsbCwiZXUxLXpjYXNoLmZseXBvb2wub3JnIiwiMzMzMyJdfQo="} -01158{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514196188430950,"flow_dst_last_pkt_time":1514196188430828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196188430950,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514196188430950,"flow_dst_last_pkt_time":1514196188430828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196188430950,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1514196188430950,"flow_dst_last_pkt_time":1514196188514006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1514196188514006,"pkt":"cIXCQ0+ifmgbW\/gUCABF4AA0hz5AADEG2JJeF8e\/wKgClA0FtvbB2Ar2S9v3PYAQAOM2lgAAAQEICueEjcgcofBe"} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196196437568,"flow_dst_last_pkt_time":1514196196437568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196196437568,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1514196196437568,"flow_dst_last_pkt_time":1514196196437568,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196196437568,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8ltZAAEAGxBLAqAKUdNOnw9JWDQXzKAOTAAAAAKACchCvSQAAAgQFtAQCCAqVhds1AAAAAAEDAwc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1514196196437568,"flow_dst_last_pkt_time":1514196196745688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1514196196745688,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAA0AABAACEGefF006fDwKgClA0F0lYVgl9O8ygDlIASchDSRAAAAgQFpAEBBAIBAwMH"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1514196196745729,"flow_dst_last_pkt_time":1514196196745688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1514196196745729,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAAoltdAAEAGxCXAqAKUdNOnw9JWDQXzKAOUFYJfT1AQAOWEMgAA"} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196196745688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_usec":1514196196745906,"pkt":"fmgbW\/gUcIXCQ0+iCABFAACKlthAAEAGw8LAqAKUdNOnw9JWDQXzKAOUFYJfT1AYAOW00gAAeyJpZCI6MSwibWV0aG9kIjoibWluaW5nLnN1YnNjcmliZSIsInBhcmFtcyI6WyJFV0JGIDAuMy40YiIsbnVsbCwiY24xLXpjYXNoLmZseXBvb2wub3JnIiwiMzMzMyJdfQo="} -01161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196196745688,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196196745906,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196196745688,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196196745906,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196197053838,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1514196197053838,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAAoOQVAACEGQPh006fDwKgClA0F0lYVgl9P8ygD9lAQAOWD0AAAAAAAAAAA"} -02442{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514196304559034,"flow_dst_last_pkt_time":1514196304640605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":8887,"flow_dst_tot_l4_payload_len":914,"midstream":0,"thread_ts_usec":1514196304640605,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":7499954.5,"max":71693099,"stddev":18613570.0,"var":346464978993152.0,"ent":2.4,"data": [80304,80325,101,83178,13,83088,126,80997,13,80884,278,117985,882322,1042483,71569648,189,71693099,19,725,81617,32242169,176,32323370,1466,82454,7432953,7432942,3511834,196,3592651,986]},"pktlen": {"min":52,"avg":358.8,"max":1500,"stddev":549.1,"var":301531.9,"ent":3.7,"data": [60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77]},"bins": {"c_to_s": [8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0],"s_to_c": [10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1],"entropies": [4.738464355,5.302482605,5.065449715,5.825911522,5.284871101,5.736679077,5.286791801,6.057295799,5.694644451,5.918534279,5.132945061,5.778033257,5.323332787,4.963134289,5.171406746,4.527909756,4.270138264,5.323332787,5.262846947,5.685556889,5.209868431,4.535019398,4.275704384,5.378232002,5.701727867,5.248330116,4.888409138,5.209868431,4.529169559,4.269546032,5.378231525,5.685557365]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -02494{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196705571136,"flow_dst_last_pkt_time":1514196705879789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":3127,"flow_dst_tot_l4_payload_len":2699,"midstream":0,"thread_ts_usec":1514196705879789,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":32857284.0,"max":170525395,"stddev":51784400.0,"var":2681624034541568.0,"ent":3.4,"data": [308120,308161,177,308150,13,308019,704,308743,11,308008,83,346736,653907,1043085,114411206,114368750,308565,308538,36863210,36863172,20419867,20419875,170525387,170525395,113243496,113243486,35871285,35871309,15564630,176,15873525]},"pktlen": {"min":40,"avg":223.6,"max":1484,"stddev":347.6,"var":120860.4,"ent":3.9,"data": [60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46]},"bins": {"c_to_s": [12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0],"s_to_c": [4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1],"entropies": [4.792549610,4.894361019,4.784183979,5.672497272,4.457919598,5.436998844,4.834184170,5.898036003,5.357152462,5.674209595,4.784183979,5.535918236,4.457919598,4.810117245,4.834183693,4.788737297,4.784183979,4.732345104,4.834184170,4.767374516,4.831687450,4.791436195,4.931686878,4.784672737,4.931686878,4.672215462,4.881687164,4.744033337,4.812814713,4.485110283,4.206100941,4.457919598]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":199,"packets-processed":198,"total-skipped-flows":0,"total-l4-payload-len":82647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1514196819733875} -01212{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":23,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514197261597871,"flow_dst_last_pkt_time":1514197261597824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":3127,"flow_dst_tot_l4_payload_len":4584,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -01214{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":159,"flow_dst_packets_processed":113,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514197279769698,"flow_dst_last_pkt_time":1514197279769664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":132641,"flow_dst_tot_l4_payload_len":5738,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":319,"packets-processed":319,"total-skipped-flows":0,"total-l4-payload-len":146090,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1514197279769698} +02325{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514196304559034,"flow_dst_last_pkt_time":1514196304640605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":8887,"flow_dst_tot_l4_payload_len":914,"midstream":0,"thread_ts_usec":1514196304640605,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":7499954.5,"max":71693099,"stddev":18613570.0,"var":346464978993152.0,"ent":2.4,"data": [80304,80325,101,83178,13,83088,126,80997,13,80884,278,117985,882322,1042483,71569648,189,71693099,19,725,81617,32242169,176,32323370,1466,82454,7432953,7432942,3511834,196,3592651,986]},"pktlen": {"min":52,"avg":358.8,"max":1500,"stddev":549.1,"var":301531.9,"ent":3.7,"data": [60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77]},"bins": {"c_to_s": [8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0],"s_to_c": [10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1],"entropies": [4.738464355,5.302482605,5.065449715,5.825911522,5.284871101,5.736679077,5.286791801,6.057295799,5.694644451,5.918534279,5.132945061,5.778033257,5.323332787,4.963134289,5.171406746,4.527909756,4.270138264,5.323332787,5.262846947,5.685556889,5.209868431,4.535019398,4.275704384,5.378232002,5.701727867,5.248330116,4.888409138,5.209868431,4.529169559,4.269546032,5.378231525,5.685557365]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +02377{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196705571136,"flow_dst_last_pkt_time":1514196705879789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":3127,"flow_dst_tot_l4_payload_len":2699,"midstream":0,"thread_ts_usec":1514196705879789,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":32857284.0,"max":170525395,"stddev":51784400.0,"var":2681624034541568.0,"ent":3.4,"data": [308120,308161,177,308150,13,308019,704,308743,11,308008,83,346736,653907,1043085,114411206,114368750,308565,308538,36863210,36863172,20419867,20419875,170525387,170525395,113243496,113243486,35871285,35871309,15564630,176,15873525]},"pktlen": {"min":40,"avg":223.6,"max":1484,"stddev":347.6,"var":120860.4,"ent":3.9,"data": [60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46]},"bins": {"c_to_s": [12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0],"s_to_c": [4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1],"entropies": [4.792549610,4.894361019,4.784183979,5.672497272,4.457919598,5.436998844,4.834184170,5.898036003,5.357152462,5.674209595,4.784183979,5.535918236,4.457919598,4.810117245,4.834183693,4.788737297,4.784183979,4.732345104,4.834184170,4.767374516,4.831687450,4.791436195,4.931686878,4.784672737,4.931686878,4.672215462,4.881687164,4.744033337,4.812814713,4.485110283,4.206100941,4.457919598]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":199,"packets-processed":198,"total-skipped-flows":0,"total-l4-payload-len":82647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1514196819733875} +01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":23,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514197261597871,"flow_dst_last_pkt_time":1514197261597824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":3127,"flow_dst_tot_l4_payload_len":4584,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":159,"flow_dst_packets_processed":113,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514197279769698,"flow_dst_last_pkt_time":1514197279769664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":132641,"flow_dst_tot_l4_payload_len":5738,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":319,"packets-processed":319,"total-skipped-flows":0,"total-l4-payload-len":146090,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1514197279769698} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 319/319 ~~ skipped flows.............: 0 @@ -28,10 +28,10 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7782248 bytes -~~ total memory freed........: 7782248 bytes -~~ total allocations/frees...: 146703/146703 +~~ total memory allocated....: 11490851 bytes +~~ total memory freed........: 11490851 bytes +~~ total allocations/frees...: 216957/216957 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 530 chars -~~ json string max len.......: 2499 chars -~~ json string avg len.......: 1503 chars +~~ json string max len.......: 2382 chars +~~ json string avg len.......: 1445 chars diff --git a/test/results/default/mongo_false_positive.pcapng.out b/test/results/default/mongo_false_positive.pcapng.out index 7f919c690..64e23f3f0 100644 --- a/test/results/default/mongo_false_positive.pcapng.out +++ b/test/results/default/mongo_false_positive.pcapng.out @@ -1,5 +1,5 @@ -00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1593581341477440} +00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1593581341477440} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593581341477440,"flow_src_last_pkt_time":1593581341477440,"flow_dst_last_pkt_time":1593581341477440,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593581341477440,"l3_proto":"ip4","src_ip":"188.75.184.20","dst_ip":"251.182.120.32","src_port":49542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1593581341477440,"flow_dst_last_pkt_time":1593581341477440,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1593581341477440,"pkt":"AAAAAAAAAAUAoyAkCABFAAA0JV9AAH8G7i28S7gU+7Z4IMGGAbvEY9K7AAAAAIACIAAM3AAAAgQFUAEDAwgBAQQC"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1593581341477440,"flow_dst_last_pkt_time":1593581341641115,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1593581341641115,"pkt":"AAAAAAAAAAUAoyAkCABFAAA0AABAADIGYI37tnggvEu4FAG7wYZmWxUYxGPSvIAS\/\/+x9gAAAgQFtAEDAwYEAgAA"} @@ -8,7 +8,7 @@ 02156{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1593581357451506,"flow_dst_last_pkt_time":1593581341827549,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1248,"pkt_l4_len":1214,"thread_ts_usec":1593581357451506,"pkt":"AAAAAAAAAAUAoyAkCABFAATSKtxAAH8G5BK8S7gU+7Z4IMGGAbvEY9ZmZlsVoFAYAQP4xQAAS0UAAAIIAVUAAASeAQAAAI\/gqM9riCEBZYhSLZSYIvOnmKRFB1NH6SXBoy7HXkHy40xvUKjvN0P2kmQjQ6DOJ\/5cEoTXNc9mpVRRLoaSI0cG53iUIfmCUiYw+Y2Sl96EE3U2XAkcPoGzDfTJB\/4Q3V2JDnKBv7l1qffhqhUQAIC6t6pZb99IWuexXkN6yB+mvcOEgMwSBf+h+EUCXgsmqP0yLGzvhkgeX28Bw3eETrEPbqAcZrSLobMjufoukl580KLwDyb2crXEgXjGPeF78olOb7Pg6sYD\/BN2j6yyAilyS\/tsTsWdhE+MCi3x5py9sPxTra7gQ0k4JVWelsjoabSCP1lmKLze8v5MMRAJvDPMj62ID+lDhFnbLhlQC6f5chGBrpOPgdJC7YHTTF4Yaf6L2LV9kjRaUcpKIzDRzI4KZEonFYhWkM5vOOS0rSPo37Rv1SVkW2EcWQ2nQMbuDtjp\/0tfEZD2geTmvG3etyx+TgAVYG\/awgCrGTG3iBmJ7IP7zvy92HfzRnvpcGwV33VQOmQy5VfPpKlN52Cr9V1cGuATB5Vh71AWy+ZYpCZzbZfNP2tvigsP0wsvXvelhfciLnm+AL8wmySYqBybE3J8dIwFlfoj7ne6sMBf4pGb7AOGBSpiJm38MExrzCRihBJLXRJ7gyu6wZOC7RBoSZhJFfDca7WbjzMcnjgrHhyKz7epOIMZ8KKfdXHIH30WC1WQoyV\/9CDm5Ir6TpnIabDx8aCrVGR2AUJbloUstI06uyojdmfgzlH2RmIEF2wn3MlvapkeTrV1P4YJJdmxgPb+FA1\/KyNKbcQxAZocuyqW5naMFGfnn8cKSFj9nazboTcTzqdyByCcDm0GrOo3lrIAZtJkE4CvuhkCMnF\/7JeMLrrHxrPW\/dOVxglbGTGZaX4aT3qhzlyIFJZcUHvZNd3L8oPPptY03zEYYfgWCY4GCrFbxLpdYS7o3iQ6k\/DOgQDA40F9R\/6bQJtbjUri8cebmGyUgBOFyL4HK+5LP6+wjr7LJLwLOZr12rvbCPH8a5EH0l1+xVGuaHOLPsAloGyPylmUINBBTcC0sBxRxaBR\/z80E26qGGDqcQyyURDhKppNliDigSFs8+fsUbS5ChJOzYl3IpHKfgGOcDcCR3WpoBdqmuOu1DoFstMVlUlLCVIoZpzTcK\/pDo3hPn1LcKZJSo+8BwXkti9ovEfAleUdmchy9h9nbK2GihR4oEJcIGKAmAFjAQTS\/er1a5369himCid2qwxR2G7q+GqiY8Cn5xeTqwJbetF0TDu5o6tQyVaRc80I8hhALVCzmghQGdamem8nIsmKHrqNvthCPs+00k05hS685h68ipvQ5I1mMeEDxQq1lu8OpLGal1I9Y3xEuO7SPNISELRvLy4gXrN6aofFkqLD8VWXc4G\/cbiW1E9zBGFi1T+pcQFhf1bs\/6QwJKdFYF5BC7W4O+tHL6pVuEXRZVBwUo+m8l\/ua1HBIbsTdUY+YmTTIi21zXssBXBCMdMJdRVAPaXcfXoiCOAqgS9a86IMwkmsfZDP8haAQx+y3AlmY8zPj52JGBOc0NBkRzLhTZ25JePs"} 01077{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1593581341477440,"flow_src_last_pkt_time":1593581425760020,"flow_dst_last_pkt_time":1593581425923470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1274,"flow_dst_max_l4_payload_len":135,"flow_src_tot_l4_payload_len":9246,"flow_dst_tot_l4_payload_len":1485,"midstream":0,"thread_ts_usec":1593581425923470,"l3_proto":"ip4","src_ip":"188.75.184.20","dst_ip":"251.182.120.32","src_port":49542,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully encrypted flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1593581341477440,"flow_src_last_pkt_time":1593581425760020,"flow_dst_last_pkt_time":1593581425923470,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1274,"flow_dst_max_l4_payload_len":135,"flow_src_tot_l4_payload_len":9246,"flow_dst_tot_l4_payload_len":1485,"midstream":0,"thread_ts_usec":1593581425923470,"l3_proto":"ip4","src_ip":"188.75.184.20","dst_ip":"251.182.120.32","src_port":49542,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":10731,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1593581425923470} +00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/mongo_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":10731,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1593581425923470} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 26/26 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769527 bytes -~~ total memory freed........: 7769527 bytes -~~ total allocations/frees...: 146397/146397 +~~ total memory allocated....: 11478146 bytes +~~ total memory freed........: 11478146 bytes +~~ total allocations/frees...: 216651/216651 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 560 chars ~~ json string max len.......: 2161 chars diff --git a/test/results/default/mongodb.pcap.out b/test/results/default/mongodb.pcap.out index 2c63563e5..f2d9c6431 100644 --- a/test/results/default/mongodb.pcap.out +++ b/test/results/default/mongodb.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1483459978959064} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1483459978959064} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459978959064,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483459978959064,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1483459978959064,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483459978959064,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQHp6QAA\/BrGvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1483459978959080,"flow_dst_last_pkt_time":1483459978959064,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483459978959080,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQHp6QAA+BrKvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="} @@ -7,7 +7,7 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1483459979301410,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483459979301410,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAANBx\/QAA\/Bg+3CgoKCgoKCgvKbmmJmGzsIz6ahkKAEBAaa4YAAAEBCApv\/F3CXOpDgA=="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1483459979301422,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483459979301422,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAANBx\/QAA+BhC3CgoKCgoKCgvKbmmJmGzsIz6ahkKAEBAaa4YAAAEBCApv\/F3CXOpDgA=="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459979301746,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483459979301746,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1483558834969479} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1483558834969479} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558834969479,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558834969479,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1483558834969479,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483558834969479,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAAQPlkQAA\/Bn5pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1483558834969493,"flow_dst_last_pkt_time":1483558834969479,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483558834969493,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAAQPlkQAA+Bn9pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="} @@ -16,7 +16,7 @@ 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1483558835130999,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1483558835130999,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAANBMKQAA+BmXQCgoKDAoKCg3ZHmmJO1oRNTuqYu6AEBAgn6wAAAEBCAoWOHXNjPy8NA=="} 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558835131940,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558835131940,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1483459978959064,"flow_src_last_pkt_time":1483459979301746,"flow_dst_last_pkt_time":1483459979210216,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483558835131940,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1483726705497076} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1483726705497076} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705497076,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705497076,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705497076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483726705497076,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAAQCMwQAA9BrgMCgoKDgoKCg\/wP2mJBNDEtQAAAACwwv\/\/uGgAAAIEBWoBAwMFAQEICjJ1xd4AAAAABAIAAA=="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1483726705497076,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483726705499673,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAA4BuBACgoKDwoKCg5pifA\/z9O+JwTQxLagUnEgLR0AAAIEBbQEAggKGQyESzJ1xd4BAwMH"} @@ -24,7 +24,7 @@ 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1483726705503964,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":128,"pkt_l4_len":90,"thread_ts_usec":1483726705503964,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQIAbrdWQAA9BiO2CgoKDgoKCg\/wP2mJBNDEts\/TviiAGBAaBDcAAAEBCAoydcXkGQyESzoAAABMBAAAAAAAANQHAAAAAAAAYWRtaW4uJGNtZAAAAAAAAQAAABMAAAAQaXNNYXN0ZXIAAQAAAAA="} 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705503964,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705503964,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1483558834969479,"flow_src_last_pkt_time":1483558835131940,"flow_dst_last_pkt_time":1483558835050109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":59,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483726705503964,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":364,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1483737232974198} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":364,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1483737232974198} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232974198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232974198,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232974198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483737232974198,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAAQB7UQAA6BjnMCgoKEAoKChHInmmJ0eCpcgAAAACwAv\/\/iv8AAAIEBWoBAwMFAQEICj5g2FMAAAAABAIAAA=="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1483737232974198,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1483737232975899,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAAyBmCkCgoKEQoKChBpicie7T3P\/tHgqXOgEkXqkCgAAAIEBbQEAggKAY8GyD5g2FMBAwMI"} @@ -32,7 +32,7 @@ 00909{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":339,"pkt_l4_len":301,"thread_ts_usec":1483737232979308,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQABQQ0wQAA6BkpvCgoKEAoKChHInmmJ0eCpc+09z\/+AGBAaUdAAAAEBCAo+YNhYAY8GyA0BAAAAAAAAAAAAANQHAAAAAAAAYWRtaW4uJGNtZAAAAAAAAQAAAOYAAAAQaXNNYXN0ZXIAAQAAAANjbGllbnQAywAAAANhcHBsaWNhdGlvbgAdAAAAAm5hbWUADgAAAE1vbmdvREIgU2hlbGwAAANkcml2ZXIAOgAAAAJuYW1lABgAAABNb25nb0RCIEludGVybmFsIENsaWVudAACdmVyc2lvbgAGAAAAMy40LjAAAANvcwBWAAAAAnR5cGUABwAAAERhcndpbgACbmFtZQAJAAAATWFjIE9TIFgAAmFyY2hpdGVjdHVyZQAHAAAAeDg2XzY0AAJ2ZXJzaW9uAAcAAAAxNi4zLjAAAAAA"} 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232979308,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483726705497076,"flow_src_last_pkt_time":1483726705503964,"flow_dst_last_pkt_time":1483726705499673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483737232979308,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":633,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1483814916005019} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":633,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1483814916005019} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916005019,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916005019,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1483814916005019,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483814916005019,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQILYQAA\/BvoMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1483814916005036,"flow_dst_last_pkt_time":1483814916005019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1483814916005036,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQILYQAA+BvsMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="} @@ -42,7 +42,7 @@ 01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916108514,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":2,"flow_first_seen":1483814916005019,"flow_src_last_pkt_time":1483814916108514,"flow_dst_last_pkt_time":1483814916098131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":73,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":73,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1483737232974198,"flow_src_last_pkt_time":1483737232979308,"flow_dst_last_pkt_time":1483737232975899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483814916108514,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MongoDB","proto_id":"60","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_usec":1483814916108514} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/mongodb.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_usec":1483814916108514} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 ~~ skipped flows.............: 0 @@ -51,9 +51,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7778260 bytes -~~ total memory freed........: 7778260 bytes -~~ total allocations/frees...: 146446/146446 +~~ total memory allocated....: 11486815 bytes +~~ total memory freed........: 11486815 bytes +~~ total allocations/frees...: 216700/216700 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 554 chars ~~ json string max len.......: 1104 chars diff --git a/test/results/default/mpeg-dash.pcap.out b/test/results/default/mpeg-dash.pcap.out index 1a706fd2e..a90d783e5 100644 --- a/test/results/default/mpeg-dash.pcap.out +++ b/test/results/default/mpeg-dash.pcap.out @@ -1,12 +1,12 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744212035234} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744212035234} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744212035234,"flow_src_last_pkt_time":1618744212035234,"flow_dst_last_pkt_time":1618744212035234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744212035234,"l3_proto":"ip4","src_ip":"10.84.1.81","dst_ip":"166.248.152.10","src_port":60926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744212035234,"flow_dst_last_pkt_time":1618744212035234,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1618744212035234,"pkt":"AAAAAAAAAAQAk2VwCABFAAA8XJFAAEAGk4MKVAFRpviYCu3+AFDXU1UdAAAAAKAC\/\/+5fwAAAgQFtAQCCArQulhbAAAAAAEDAwo="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744212035234,"flow_dst_last_pkt_time":1618744212169869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744212169869,"pkt":"AAAAAAAAAAMAbDnzCABFAAA0AABAADAGAB2m+JgKClQBUQBQ7f6v9cxW11NVHoASchAbdQAAAgQFeAEBBAIBAwMK"} 00970{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1618744212202980,"flow_dst_last_pkt_time":1618744212169869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":382,"pkt_l4_len":348,"thread_ts_usec":1618744212202980,"pkt":"AAAAAAAAAAQAk2VwCABFAAFwXJNAAEAGkk0KVAFRpviYCu3+AFDXU1Uer\/XMV1AYAFYA8wAAR0VUIC9hcy9iaWdvLWFkLWNyZWF0aXZlcy8zczMvMmxPVEE3Lm1wNCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKExpbnV4OyBBbmRyb2lkIDExOyBTTS1BNzE1RiBCdWlsZC9SUDFBLjIwMDcyMC4wMTI7IHd2KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzQuMCBDaHJvbWUvODkuMC40Mzg5LjEwNSBNb2JpbGUgU2FmYXJpLzUzNy4zNg0KYmlnby1oYXNoOiBWRkJOek8zaVZjdkdwV05kDQpIb3N0OiBnZGwubmV3cy1jZG4uc2l0ZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQoNCg=="} 01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1618744212035234,"flow_src_last_pkt_time":1618744212202980,"flow_dst_last_pkt_time":1618744212169869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744212202980,"l3_proto":"ip4","src_ip":"10.84.1.81","dst_ip":"166.248.152.10","src_port":60926,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media","hostname":"gdl.news-cdn.site","http": {"url":"gdl.news-cdn.site\/as\/bigo-ad-creatives\/3s3\/2lOTA7.mp4","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Linux; Android 11; SM-A715F Build\/RP1A.200720.012; wv) AppleWebKit\/537.36 (KHTML, like Gecko) Version\/4.0 Chrome\/89.0.4389.105 Mobile Safari\/537.36","detected_os":"Android 11"}}} 02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1618744212202980,"flow_dst_last_pkt_time":1618744212338460,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1618744212338460,"pkt":"AAAAAAAAAAMAbDnzCABFAAWg4TBAADEGGICm+JgKClQBUQBQ7f6v9cxX11NWZlAQAB7VHwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG9wZW5yZXN0eQ0KRGF0ZTogU3VuLCAxOCBBcHIgMjAyMSAxMToxMDoxMiBHTVQNCkNvbnRlbnQtVHlwZTogdmlkZW8vbXA0DQpDb250ZW50LUxlbmd0aDogNTczNDAyMA0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KS2VlcC1BbGl2ZTogdGltZW91dD0xODANCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2U9MzE1MzYwMDAwDQpBZ2U6IDUxMDMyMQ0KWC1CLUNIOiAxMg0KQWNjZXNzLUNvbnRyb2wtQWxsb3ctT3JpZ2luOiAqDQpBY2Nlc3MtQ29udHJvbC1BbGxvdy1NZXRob2RzOiBHRVQNCkFjY2VwdC1SYW5nZXM6IGJ5dGVzDQoNCgAAABhmdHlwbXA0MgAAAABtcDQyaXNvbQAAJHhtb292AAAAbG12aGQAAAAA3Jn4utyZ+LoAAKxEAAoYKAABAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAAAGGlvZHMAAAAAEICAgAcAT\/\/\/Aij\/AAAV1HRyYWsAAABcdGtoZAAAAAHcmfi63Jn4ugAAAAEAAAAAAAoYKAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAEAAAAAHgAAABDgAAAAAFUxtZGlhAAAAIG1kaGQAAAAA3Jn4utyZ+LoAAAPoAAA6mVXEAAAAAAAhaGRscgAAAAAAAAAAdmlkZQAAAAAAAAAAAAAAAAAAABUDbWluZgAAABR2bWhkAAAAAQAAAAAAAAAAAAAAJGRpbmYAAAAcZHJlZgAAAAAAAAABAAAADHVybCAAAAABAAAUw3N0YmwAAACXc3RzZAAAAAAAAAABAAAAh2F2YzEAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAHgAQ4AEgAAABIAAAAAAAAAAEOSlZUL0FWQyBDb2RpbmcAAAAAAAAAAAAAAAAAAAAAAAAY\/\/8AAAAxYXZjQwFkACj\/4QAaZ2QAKKzTAeAIn5YQAAADABAAAAMDKPGDE4ABAARo6qXLAAAAKHN0dHMAAAAAAAAAAwAAAXUAAAAoAAAAAQAAACkAAAABAAAAKAAABfBzdHN6AAAAAAAAAAAAAAF3AAB17QAATqoAADwfAABKDQAALQ8AADvvAAAXxQAAXEwAAC1ZAAAr5QAAJm4AACAKAABLlQAAQr8AAE0YAABOtQAAUW8AAFpkAABHZgAAUdsAAEcyAABAngAAZToAAFcgAAAsRQAAKiMAAExwAAA7HwAAQeIAAEQlAABNNwAAU+0AAGDfAABbEQAAWSoAAGbxAAA8+wAAa4YAAFSgAABeNwAAYlYAAGMnAABCmAAAUk0AACoeAABQmwAAKhUAAGFUAAAojwAAUS0AABpWAABcPAAAHkwAACT0AABL3QAAJLwAACcJAABcSwAAXB8AADEmAABYNQAAOTYAACO4AAAUHgAAE7AAABFSAAAVwgAAEFwAAAn+AABsdgAATC4AACvgAABNFgAAXQwAAFqsAABYdQAAVGMAAFgYAABUZgAAU8cAAFryAABg8AAAqyMAAFolAAAkVAAAY10AACpxAAAwBwAAZMwAACwZAABKewAAV54AAGyKAAB+PwAAQKUAADHWAAB1LQAANx0AAGBIAAAwugAASkMAAC3mAABZGQAAMMwAAGUbAABEVwAASzkAAGchAAA8YwAAbrIAAC2hAABElwAAYSgAAC2YAAA="} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":1728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1652784807797513} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":1728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1652784807797513} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784807797513,"flow_src_last_pkt_time":1652784807797513,"flow_dst_last_pkt_time":1652784807797513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1652784807797513,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59142,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1652784807797513,"flow_dst_last_pkt_time":1652784807797513,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1652784807797513,"pkt":"tKXvZygQwDiWIaSpCABFAAA8gI1AAEAGWyfAqAJpNqFlVecGAFDeWzbUAAAAAKAC+vAGuAAAAgQFtAQCCArGziP6AAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1652784807797513,"flow_dst_last_pkt_time":1652784807901734,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1652784807901734,"pkt":"wDiWIaSptKXvZygQCABFAAA8AABAAOwGL7Q2oWVVwKgCaQBQ5waq30sm3ls21aASaN+YUwAAAgQFrAQCCAqvHVtJxs4j+gEDAwc="} @@ -27,7 +27,7 @@ 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1652784808500848,"flow_src_last_pkt_time":1652784808501352,"flow_dst_last_pkt_time":1652784808514677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":191,"flow_src_tot_l4_payload_len":1517,"flow_dst_tot_l4_payload_len":191,"midstream":1,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"54.161.101.85","dst_ip":"192.168.2.105","src_port":80,"dst_port":59144,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1652784814543352,"flow_src_last_pkt_time":1652784814543352,"flow_dst_last_pkt_time":1652784814543352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":191,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":191,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"192.168.2.105","dst_ip":"54.161.101.85","src_port":59146,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1618744212035234,"flow_src_last_pkt_time":1618744212202980,"flow_dst_last_pkt_time":1618744212338460,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":1400,"midstream":0,"thread_ts_usec":1652784814543352,"l3_proto":"ip4","src_ip":"10.84.1.81","dst_ip":"166.248.152.10","src_port":60926,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.MpegDash","proto_id":"7.291","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":3811,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1652784814543352} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/mpeg-dash.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":3811,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1652784814543352} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7774301 bytes -~~ total memory freed........: 7774301 bytes -~~ total allocations/frees...: 146431/146431 +~~ total memory allocated....: 11482872 bytes +~~ total memory freed........: 11482872 bytes +~~ total allocations/frees...: 216685/216685 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 547 chars ~~ json string max len.......: 2481 chars diff --git a/test/results/default/mpeg.pcap.out b/test/results/default/mpeg.pcap.out index e45269554..2b6dcad2f 100644 --- a/test/results/default/mpeg.pcap.out +++ b/test/results/default/mpeg.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1434379491040018} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1434379491040018} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1434379491040018,"flow_src_last_pkt_time":1434379491040018,"flow_dst_last_pkt_time":1434379491040018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1434379491040018,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1434379491040018,"flow_dst_last_pkt_time":1434379491040018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1434379491040018,"pkt":"yGyHABajPBXCt3IOCABFAABAOE9AAEAGJUTAqFCgLmWdd9n8AFBP68YoAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKFSiGAAAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1434379491040018,"flow_dst_last_pkt_time":1434379491117076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":40,"thread_ts_usec":1434379491117076,"pkt":"PBXCt3IOyGyHABajCABFAAA8AABAADIGa5cuZZ13wKhQoABQ2fyPIjpcT+vGKaAScSAIFwAAAgQFqAQCCAoAu5vaFSiGAAEDAwhf8g=="} @@ -9,7 +9,7 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1434379491117217,"flow_dst_last_pkt_time":1434379491158095,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1434379491158095,"pkt":"PBXCt3IOyGyHABajCABFAAA0obBAADIGye4uZZ13wKhQoABQ2fyPIjpdT+vGvYAQAHamjgAAAQEICgC7m+0VKIZNJ8A="} 01086{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1434379491040018,"flow_src_last_pkt_time":1434379491117217,"flow_dst_last_pkt_time":1434379491158121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":1436,"midstream":0,"thread_ts_usec":1434379491158121,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":1,"category":"Media","hostname":"luca.ntop.org","http": {"url":"luca.ntop.org\/0.mp3","code":200,"content_type":"audio\/mpeg","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}}} 00969{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1434379491040018,"flow_src_last_pkt_time":1434379491221137,"flow_dst_last_pkt_time":1434379491221072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":9215,"midstream":0,"thread_ts_usec":1434379491221137,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.ntop","proto_id":"7.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":1,"category":"Media"}} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":9363,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1434379491221137} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/mpeg.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":9363,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1434379491221137} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767384 bytes -~~ total memory freed........: 7767384 bytes -~~ total allocations/frees...: 146394/146394 +~~ total memory allocated....: 11476003 bytes +~~ total memory freed........: 11476003 bytes +~~ total allocations/frees...: 216648/216648 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 542 chars ~~ json string max len.......: 1091 chars diff --git a/test/results/default/mpegts.pcap.out b/test/results/default/mpegts.pcap.out index 42933674b..8dc9c472a 100644 --- a/test/results/default/mpegts.pcap.out +++ b/test/results/default/mpegts.pcap.out @@ -1,10 +1,10 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1435209297954335} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1435209297954335} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435209297954335,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1316,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435209297954335,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02793{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1362,"pkt_l4_len":1324,"thread_ts_usec":1435209297954335,"pkt":"AQBeSMkXrPHfGMSBgQANHwgARQAFQAAAQAAHEaScCgEQMObIyRefIQTSBSxl6UcBARcAD7wd249nI5BqMCydEQCD1YeFyAwoYGMeHIwcYCWAHEkET\/taR\/5YANOTSagKaodBkABeSU4ooP2cAgISCfI7GswCLhYGUDAuoQXALotIDoDAaSxnQetyw1wSf\/AKkMmAETWkokF4lgj\/+lAZSgnOA6QAiGVAYA8goTB50WWTRpqMHIxOOJ8\/G9fR\/gRwAyKEkesyBkAB8oyaCwrrgKE0mAZ74p+4IoA5RfCyWS8HBk6egclHP3xARwEBGEEXVAcUcasfHBwWuxBEA0AR3\/itnAslgP4YRyyuCUAHIGOdlcBl0VAUgAPrJ4fANDAD4iy\/w8TBHHBQGqzAH4UZAHtGCiNQgPA1JISSwngX6AHm4Jf\/mKVIQhIaSD8CMAMGBoJf\/aEdACJNQ4OIkGi0bLH9Meczk8i+AAAAAQ4ShEUQIiWUxLGqxZhYCkaHcmBJHgFBLPZRvGhAjlBpCLwBHUOLiXyWkJ41IhP4BH1T\/uSXFhIJn\/tHAQEZ0kepcDEADUYFzAA1cjMHnioWBMyEDwGRt7NwM5CBuOLJQCnAKi98MAR7oiygHZNJiEoKSG4lmBgaTAxKQSf+iYWQguoQIAGwERxFmI3UAusNyXAUqSlbJ5X4WGOUAQUpObs+A8kBs4JQAaEE6oSWAdQMP\/9ghf9DiGSh5LAYDApaSdFFANnYrBjoHYtBPLLKRUBQDgP0DT\/\/ORgDyJQaGBg0vAKAK8BxyZ0AZ4JIBBDDOFjeKiGBUEcBARooBUCpMQWTeQxgYA46QHYBoSgCIhAOgHYCcAhDKgLuTwFgEYGcAGAZAG8AmQkA1JqS0AOwG5KwBKBQAa\/Alf+AOvwSQA\/sLgKAB+GoBCAGJrko0b0gVRwSf9QHYDoNQCQAIMqMFwDWAfgQnBg\/\/mSg85hwCgAiQkoDIXkxWGAeSTGBGAFG4YCT\/6WQ+AQpqEegNiL\/GrDRqRZackiI5OrlAZ43r4E0jenh7oKAIKjCCsBbeNw5Yo42RwEBGwAfQcAcRNBC\/5Z3JpRQI\/\/QCAlBZTk2chBKACsMQM4Iv\/Q0sAiADYCqACG5YMNXMdDDQLDOOlKiWGYBLwLsCN\/1yL7bI7FfbAAoJBHItxAyYj9CFdLCexAmGGF7vB7MBLz9L5WGDsERwDwKSQJIfcYImKe4c7uIjWFSGKP7CWSAC2zwgfUBhAEzwVP\/g6IJ5OIEAD+DAC0NAQgh\/9kMhk0B1uxSAKllJDAEQYAZFAUAQgk\/+DYh9IBHH\/8Q\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/0cf\/xD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/"} 00923{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435209297954335,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1316,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435209297954335,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MPEG_TS","proto_id":"198","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435209297954335,"flow_src_last_pkt_time":1435209297954335,"flow_dst_last_pkt_time":1435209297954335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1316,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1316,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1316,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1435209297954335,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MPEG_TS","proto_id":"198","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} -00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1435209297954335} +00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mpegts.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1435209297954335} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766754 bytes -~~ total memory freed........: 7766754 bytes -~~ total allocations/frees...: 146371/146371 +~~ total memory allocated....: 11475373 bytes +~~ total memory freed........: 11475373 bytes +~~ total allocations/frees...: 216625/216625 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 567 chars ~~ json string max len.......: 2798 chars diff --git a/test/results/default/mqtt.pcap.out b/test/results/default/mqtt.pcap.out index 8f6a83f7f..fa269c570 100644 --- a/test/results/default/mqtt.pcap.out +++ b/test/results/default/mqtt.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643014009283854} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643014009283854} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643014009283854,"flow_src_last_pkt_time":1643014009283854,"flow_dst_last_pkt_time":1643014009283854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643014009283854,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643014009283854,"flow_dst_last_pkt_time":1643014009283854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643014009283854,"pkt":"AAAAAAAAAAwATSywCABFAAA8AABAADQGcggKCgoBwKgAAQdbo6QZpJjZwwPwU6AS\/oijvAAAAgQFtAQCCArcK3DSu1+3wwEDAwc="} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1643014009283854,"flow_dst_last_pkt_time":1643014009286927,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_usec":1643014009286927,"pkt":"AAAAAAAAAAwATSywCABFAAB2fFxAAD8G6nHAqAABCgoKAaOkB1vDA\/BTGaSY2oAYAOXxcQAAAQEICrtfuBTcK3DSEEAABk1RSXNkcAPCABQAFmNiYWFiY2JhYmFjYmJiYmJhYWFhYWIADDAyRDUwNTAyMjNEMwAMMDJENTA1MDIyM0Qz"} @@ -12,7 +12,7 @@ 01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643014349216221,"flow_src_last_pkt_time":1643014349216221,"flow_dst_last_pkt_time":1643014349216221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643014349216221,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643014349216221,"flow_src_last_pkt_time":1643014349216221,"flow_dst_last_pkt_time":1643014349216221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":285,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643014349216221,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1643014009283854,"flow_src_last_pkt_time":1643014010067160,"flow_dst_last_pkt_time":1643014010972297,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":392,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":492,"midstream":0,"thread_ts_usec":1643014349216221,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MQTT","proto_id":"222","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1643014349216221} +00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mqtt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1643014349216221} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769162 bytes -~~ total memory freed........: 7769162 bytes -~~ total allocations/frees...: 146391/146391 +~~ total memory allocated....: 11477765 bytes +~~ total memory freed........: 11477765 bytes +~~ total allocations/frees...: 216645/216645 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 550 chars ~~ json string max len.......: 1093 chars diff --git a/test/results/default/mssql_tds.pcap.out b/test/results/default/mssql_tds.pcap.out index 57f09fe09..0a71893d3 100644 --- a/test/results/default/mssql_tds.pcap.out +++ b/test/results/default/mssql_tds.pcap.out @@ -1,12 +1,12 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1240877917888015} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1240877917888015} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1240877917888015,"flow_src_last_pkt_time":1240877917888015,"flow_dst_last_pkt_time":1240877917888015,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":190,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1240877917888015,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1240877917888015,"flow_dst_last_pkt_time":1240877917888015,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1240877917888015,"pkt":"AAwpiUrKAFBWwAABCABFAADynIJAAEAGGaUKb29vCgAAAQRXBZk+5C72WSFQkoAYAFx5qQAAAQEICgQLsN8AAVvMAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1240877917888015,"flow_src_last_pkt_time":1240877917888015,"flow_dst_last_pkt_time":1240877917888015,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":190,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":190,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1240877917888015,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1240877917888015,"flow_dst_last_pkt_time":1240877917888358,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_usec":1240877917888358,"pkt":"AFBWwAABAAwpiUrKCABFAABWA25AAIAGc1UKAAABCm9vbwWZBFdZIVCSPuQvtIAYQa2\/wgAAAQEICgABW8wEC7DfBAEAIgA1AQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="} 00939{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1240877917918653,"flow_dst_last_pkt_time":1240877917888358,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"thread_ts_usec":1240877917918653,"pkt":"AAwpiUrKAFBWwAABCABFAAFYnINAAEAGGT4Kb29vCgAAAQRXBZk+5C+0WSFQtIAYAFxIvAAAAQEICgQLsOcAAVvMAwEBJAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANDQAQABQADAAIABuAHYAYQByAGMAaABhAHIAKAA0ADAAMAAwACkALABAAFAAMQAgAGkAbgB0AAAA50AfCQTQADSQAHMAZQBsAGUAYwB0ACAAKgAgAGYAcgBvAG0AIAB0AGUAcwB0AF8AdABhAGIAbABlAF8AMQAgAHcAaABlAHIAZQAgAG4AYQBtAGUAIAA9ACAAQABQADAAIABhAG4AZAAgAGkAZAAgAD0AIABAAFAAMQAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAAAA50AfCQTQADQGAHoAegB6AAAAJgQEAgAAAA=="} 01027{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1240877917918653,"flow_dst_last_pkt_time":1240877918029044,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":424,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":424,"pkt_l4_len":390,"thread_ts_usec":1240877918029044,"pkt":"AFBWwAABAAwpiUrKCABFAAGaA29AAIAGchAKAAABCm9vbwWZBFdZIVC0PuQw2IAYQImkmQAAAQEICgABW84EC7DnBAEBZgA1AQCBBAAAAAAACQDvPAAJBNAANARuAGEAbQBlAAAAAAAJAO88AAkE0AA0B3MAdQByAG4AYQBtAGUAAAAAAAkA71AACQTQADQEYwBpAHQAeQAAAAAACAA4AmkAZADRPAB6AHoAegAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAA8AGIAYgBiACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFAAYwB4AHgAeAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAACAAAA\/xEAwQABAAAAAAAAAHkAAAAArAAAAAEAAAAAAAAmBAQBAAAA\/gAA4AAAAAAAAAAAAA=="} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":874,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1259762400004437} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":874,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1259762400004437} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1259762400004437,"flow_src_last_pkt_time":1259762400004437,"flow_dst_last_pkt_time":1259762400004437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1259762400004437,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1259762400004437,"flow_dst_last_pkt_time":1259762400004437,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1259762400004437,"pkt":"ABj+dhvGERERERESCABFAABUAAdAAEAGtr4Kb29vCgAAAQiuBZn\/ymPG\/zlOU1AYEAArKgAAAQEALAAAAQBDAE8ATQBNAEkAVAAgAFQAUgBBAE4AUwBBAEMAVABJAE8ATgA="} 01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1259762400004437,"flow_src_last_pkt_time":1259762400004437,"flow_dst_last_pkt_time":1259762400004437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1259762400004437,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} @@ -37,7 +37,7 @@ 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1259762482456090,"flow_src_last_pkt_time":1259762482456090,"flow_dst_last_pkt_time":1259762482456090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1259762482456090,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1259762482456090,"flow_dst_last_pkt_time":1259762482456090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1259762482456090,"pkt":"ABI\/\/61OABI\/\/6gdCABFAACA6VZAAIAGjUIKb29vCgAAASK4BZmoWq7z77DJrlAY\/kP\/5gAAAwkAWAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAGwBwAF8ARwBlAHQATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAFIAbwB3AEMAbwB1AG4AdAAAAA=="} 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1259762482456090,"flow_src_last_pkt_time":1259762482456090,"flow_dst_last_pkt_time":1259762482456090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1259762482456090,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":35,"packets-processed":34,"total-skipped-flows":0,"total-l4-payload-len":13137,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":8,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1278068444584977} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":35,"packets-processed":34,"total-skipped-flows":0,"total-l4-payload-len":13137,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":8,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1278068444584977} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278068444584977,"flow_src_last_pkt_time":1278068444584977,"flow_dst_last_pkt_time":1278068444584977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":218,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1278068444584977,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1278068444584977,"flow_dst_last_pkt_time":1278068444584977,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_usec":1278068444584977,"pkt":"ADAFzckRADAFzck9CABFAAECT7tAAIAGJlwKb29vCgAAAScPBZlFt6JP51MRDlAY+rgBzgAAAwEA2gAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAzIhEAVUR3ZoiZqrvM3e7\/AAAfAADnAAAJBAABMgAAAACnJAAJBAABMiQAQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqAAAmBAQBAAAAAAAmCAgtAAAAAAAAAAAApQwADAABI0VniavN7\/7cupgAACYEBGwAAAA="} 01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278068444584977,"flow_src_last_pkt_time":1278068444584977,"flow_dst_last_pkt_time":1278068444584977,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":218,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":218,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1278068444584977,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} @@ -62,7 +62,7 @@ 00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1259762474884131,"flow_src_last_pkt_time":1259762474884730,"flow_dst_last_pkt_time":1259762474884131,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":339,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8339,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1278068444666075,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278068444666075,"flow_src_last_pkt_time":1278068444666075,"flow_dst_last_pkt_time":1278068444666075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":320,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":320,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1278068444666075,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1259762482456090,"flow_src_last_pkt_time":1259762482456090,"flow_dst_last_pkt_time":1259762482456090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1278068444666075,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"MsSQL-TDS","proto_id":"114","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":14142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1278068444666075} +00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/mssql_tds.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":14142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1278068444666075} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 ~~ skipped flows.............: 0 @@ -71,9 +71,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7793531 bytes -~~ total memory freed........: 7793531 bytes -~~ total allocations/frees...: 146531/146531 +~~ total memory allocated....: 11501974 bytes +~~ total memory freed........: 11501974 bytes +~~ total allocations/frees...: 216785/216785 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 557 chars ~~ json string max len.......: 2493 chars diff --git a/test/results/default/mullvad_dns.pcap.out b/test/results/default/mullvad_dns.pcap.out index 441cd34c5..64e781cab 100644 --- a/test/results/default/mullvad_dns.pcap.out +++ b/test/results/default/mullvad_dns.pcap.out @@ -1,12 +1,12 @@ -00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1690989392454764} +00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1690989392454764} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690989392454764,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392454764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690989392454764,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"9.9.9.9","src_port":51696,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392454764,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1690989392454764,"pkt":"LpGu0BOrUqbfQmqICABFAABU8HEAAD8RPmLAqHoLCQkJCcnwADUAQE0XWYYBIAABAAAAAAABA3d3dwdtdWxsdmFkA25ldAAAAQABAAApBNAAAAAAAAwACgAIwhcGhsoKkzM="} 01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690989392454764,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392454764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690989392454764,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"9.9.9.9","src_port":51696,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Mullvad","proto_id":"5.348","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.mullvad.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392507188,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1690989392507188,"pkt":"UqbfQmqILpGu0BOrCABFAABmAu0AADgRMtUJCQkJwKh6CwA1yfAAUpRhWYaBoAABAAIAAAABA3d3dwdtdWxsdmFkA25ldAAAAQABwAwABQABAAAG1wACwBDAEAABAAEAAAALAAQtU9\/RAAApBNAAAAAAAAA="} 01083{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690989392454764,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392507188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1690989392507188,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"9.9.9.9","src_port":51696,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Mullvad","proto_id":"5.348","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.mullvad.net","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"45.83.223.209"}}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1690989392454764,"flow_src_last_pkt_time":1690989392454764,"flow_dst_last_pkt_time":1690989392507188,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1690989392507188,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"9.9.9.9","src_port":51696,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Mullvad","proto_id":"5.348","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":130,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1690989392507188} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_dns.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":130,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1690989392507188} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766811 bytes -~~ total memory freed........: 7766811 bytes -~~ total allocations/frees...: 146373/146373 +~~ total memory allocated....: 11475430 bytes +~~ total memory freed........: 11475430 bytes +~~ total allocations/frees...: 216627/216627 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 572 chars ~~ json string max len.......: 1197 chars diff --git a/test/results/default/mullvad_wireguard.pcap.out b/test/results/default/mullvad_wireguard.pcap.out index 5989f726f..15db37979 100644 --- a/test/results/default/mullvad_wireguard.pcap.out +++ b/test/results/default/mullvad_wireguard.pcap.out @@ -1,5 +1,5 @@ -00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1690989590945292} +00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1690989590945292} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690989590945292,"flow_src_last_pkt_time":1690989590945292,"flow_dst_last_pkt_time":1690989590945292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690989590945292,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"198.54.131.98","src_port":22595,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1690989590945292,"flow_dst_last_pkt_time":1690989590945292,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1690989590945292,"pkt":"LpGu0BOrUqbfQmqICABFAAB83fQAAEARGDDAqHoLxjaDYlhDE8QAaITGBAAAABV2SXkTAAAAAAAAADvIU5XIGqFEsZ+W5jn7BLiciIB2fPEUKgOh7JJ8k\/FEcfAVrKf6uU7CHWMuDpSvWjtQYEvV9cMoDP4zIz5uBNzGTNEAB8QP+U4duw0xthm\/"} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1690989590945292,"flow_dst_last_pkt_time":1690989591192470,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1690989591192470,"pkt":"UqbfQmqILpGu0BOrCABFCAB8BUcAACsRBdbGNoNiwKh6CxPEWEMAaIuGBAAAALBIEBwPAAAAAAAAAAsITpzs3Nqj\/mngBcwLuctA0JbR014xS\/DoFTXDrk8w1scffwPGXVQhk89PWb8vtw+pOPrZNyooWu5tHm9KcXVq4hier14EKnEpPtrq0py+"} @@ -8,7 +8,7 @@ 00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1690989591192829,"flow_dst_last_pkt_time":1690989591192470,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":202,"pkt_l4_len":168,"thread_ts_usec":1690989591192829,"pkt":"LpGu0BOrUqbfQmqICABFAAC83hIAAEARF9LAqHoLxjaDYlhDE8QAqIUGBAAAABV2SXkVAAAAAAAAAJ2fNtGME5zwSTdTMQkGmaiCH+Wo\/9gCMeD01GNIb8pBUhJF3FFtz4RVJRfxx9PzIa8nYPqq4P5DoSH+YsbbogMXQb97+TfgyZWaD5D38iAu+73Y9mXDRYIdZgkSk3b17pGL+yVTFX7rQWUh\/xcnUYDcXFPo8xpMcVnDhl\/Gv\/0VmzIFSzjVfEcbvM2LkUIVmw=="} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1690989591192829,"flow_dst_last_pkt_time":1690989591426538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1690989591426538,"pkt":"UqbfQmqILpGu0BOrCABFCABsBWYAACsRBcfGNoNiwKh6CxPEWEMAWOEUBAAAALBIEBwQAAAAAAAAAOmugALEfSDtPyEnUa4GVP4WD6vx6vmcdq74p5uWI8wZndweTg2aIL6E2AQEi74KoRmz+vx\/BmWI2O6toM6+Rk0="} 01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1690989590945292,"flow_src_last_pkt_time":1690989591911796,"flow_dst_last_pkt_time":1690989591911742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":672,"flow_src_tot_l4_payload_len":576,"flow_dst_tot_l4_payload_len":928,"midstream":0,"thread_ts_usec":1690989591911796,"l3_proto":"ip4","src_ip":"192.168.122.11","dst_ip":"198.54.131.98","src_port":22595,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Mullvad","proto_by_ip_id":348,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":1504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1690989591911796} +00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/mullvad_wireguard.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":1504,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1690989591911796} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767066 bytes -~~ total memory freed........: 7767066 bytes -~~ total allocations/frees...: 146382/146382 +~~ total memory allocated....: 11475685 bytes +~~ total memory freed........: 11475685 bytes +~~ total allocations/frees...: 216636/216636 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 578 chars ~~ json string max len.......: 1123 chars diff --git a/test/results/default/munin.pcap.out b/test/results/default/munin.pcap.out index 135c15e5d..7e4ca34fc 100644 --- a/test/results/default/munin.pcap.out +++ b/test/results/default/munin.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666226102691709} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666226102691709} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666226102691709,"flow_src_last_pkt_time":1666226102691709,"flow_dst_last_pkt_time":1666226102691709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666226102691709,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.103","src_port":45654,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666226102691709,"flow_dst_last_pkt_time":1666226102691709,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666226102691709,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA8V+BAAEAGaOisEBBsrBARZ7JWE1Uxv3OfAAAAAKAC9QCa0AAAAgQjAAQCCArNYOiDAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1666226102691709,"flow_dst_last_pkt_time":1666226102717855,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666226102717855,"pkt":"ABY+T3\/T+hY+\/yO1CABFAAA8AABAAD4GwsisEBFnrBAQbBNVslYbuawOMb9zoKAS\/+CLmwAAAgQFnAQCCAq\/Z5p4zWDogwEDAwc="} @@ -7,7 +7,7 @@ 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1666226102718825,"flow_dst_last_pkt_time":1666226102759806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1666226102759806,"pkt":"ABY+T3\/T+hY+\/yO1CABFAABSYdhAAD4GYNqsEBFnrBAQbBNVslYbuawPMb9zoIAYAgB0FgAAAQEICr9nmqLNYOieIyBtdW5pbiBub2RlIGF0IGtpYmFuYS1ub2RlMDEK"} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1666226102691709,"flow_src_last_pkt_time":1666226102718825,"flow_dst_last_pkt_time":1666226102759806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":30,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":30,"midstream":0,"thread_ts_usec":1666226102759806,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.103","src_port":45654,"dst_port":4949,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1666226102761116,"flow_dst_last_pkt_time":1666226102759806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666226102761116,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA0V+JAAEAGaO6sEBBsrBARZ7JWE1Uxv3OgG7msLYAQAeq3uQAAAQEICs1g6Mi\/Z5qi"} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":322,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1666249807376910} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":322,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1666249807376910} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666249807376910,"flow_src_last_pkt_time":1666249807376910,"flow_dst_last_pkt_time":1666249807376910,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666249807376910,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.102","src_port":55256,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1666249807376910,"flow_dst_last_pkt_time":1666249807376910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666249807376910,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA8eSRAAEAGR6WsEBBsrBARZtfYE1VvZhzuAAAAAKAC9QC3lwAAAgQjAAQCCAr\/Q41iAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1666249807376910,"flow_dst_last_pkt_time":1666249807402712,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666249807402712,"pkt":"ABY+T3\/T+hY+\/yO1CABFAAA8AABAAD4GwsmsEBFmrBAQbBNV19hQR58Xb2Yc76AS\/+DsEwAAAgQFnAQCCAq2AziU\/0ONYgEDAwc="} @@ -16,7 +16,7 @@ 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1666249807376910,"flow_src_last_pkt_time":1666249807404027,"flow_dst_last_pkt_time":1666249807436639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":31,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":31,"midstream":0,"thread_ts_usec":1666249807436639,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.102","src_port":55256,"dst_port":4949,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1666249807438107,"flow_dst_last_pkt_time":1666249807436639,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666249807438107,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA0eSZAAEAGR6usEBBsrBARZtfYE1VvZhzvUEefN4AQAeoYQgAAAQEICv9DjZ+2Azi1"} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1666226102691709,"flow_src_last_pkt_time":1666226102892589,"flow_dst_last_pkt_time":1666226102941764,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":262,"midstream":0,"thread_ts_usec":1666249807610393,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.103","src_port":45654,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1666266002857038} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1666266002857038} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666266002857038,"flow_src_last_pkt_time":1666266002857038,"flow_dst_last_pkt_time":1666266002857038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666266002857038,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.101","src_port":53314,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1666266002857038,"flow_dst_last_pkt_time":1666266002857038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666266002857038,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA8yJJAAEAG+DesEBBsrBARZdBCE1WX5J9vAAAAAKAC9QDfsAAAAgQjAAQCCAp1q0t5AAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1666266002857038,"flow_dst_last_pkt_time":1666266002883378,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666266002883378,"pkt":"ABY+T3\/T+hY+\/yO1CABFAAA8AABAAD4GwsqsEBFlrBAQbBNV0EJ2nLwRl+SfcKAS\/+DhLwAAAgQFnAQCCAqHPlcHdatLeQEDAwc="} @@ -25,7 +25,7 @@ 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1666266002857038,"flow_src_last_pkt_time":1666266002884343,"flow_dst_last_pkt_time":1666266002914766,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":30,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":30,"midstream":0,"thread_ts_usec":1666266002914766,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.101","src_port":53314,"dst_port":4949,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1666266002915853,"flow_dst_last_pkt_time":1666266002914766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666266002915853,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA0yJRAAEAG+D2sEBBsrBARZdBCE1WX5J9wdpy8MIAQAeoNYgAAAQEICnWrS7SHPlcn"} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1666249807376910,"flow_src_last_pkt_time":1666249807564073,"flow_dst_last_pkt_time":1666249807610393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":267,"midstream":0,"thread_ts_usec":1666266003076418,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.102","src_port":55256,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":977,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1666274401982227} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":977,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1666274401982227} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666274401982227,"flow_src_last_pkt_time":1666274401982227,"flow_dst_last_pkt_time":1666274401982227,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666274401982227,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.1","src_port":59958,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1666274401982227,"flow_dst_last_pkt_time":1666274401982227,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666274401982227,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA8CtBAAEAGtl6sEBBsrBARAeo2E1Wjl90YAAAAAKAC9QCoZQAAAgQjAAQCCAp4RB0\/AAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1666274401982227,"flow_dst_last_pkt_time":1666274402007121,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1666274402007121,"pkt":"ABY+T3\/T+hY+\/yO1CABFAAA8AABAAD8Gwi6sEBEBrBAQbBNV6ja\/dPxso5fdGaAS\/+B4GQAAAgQFnAQCCArx85TpeEQdPwEDAwc="} @@ -35,7 +35,7 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1666274402039419,"flow_dst_last_pkt_time":1666274402037918,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1666274402039419,"pkt":"+hY+\/yO1ABY+T3\/TCABFAAA0CtJAAEAGtmSsEBBsrBARAeo2E1Wjl90Zv3T8g4AQAeqkVwAAAQEICnhEHXjx85UH"} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1666266002857038,"flow_src_last_pkt_time":1666266003040348,"flow_dst_last_pkt_time":1666266003076418,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":262,"midstream":0,"thread_ts_usec":1666274402201343,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.101","src_port":53314,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1666274401982227,"flow_src_last_pkt_time":1666274402167889,"flow_dst_last_pkt_time":1666274402201343,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":365,"midstream":0,"thread_ts_usec":1666274402201343,"l3_proto":"ip4","src_ip":"172.16.16.108","dst_ip":"172.16.17.1","src_port":59958,"dst_port":4949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Munin","proto_id":"329","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":1398,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1666274402201343} +00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/munin.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":1398,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1666274402201343} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -44,9 +44,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7774937 bytes -~~ total memory freed........: 7774937 bytes -~~ total allocations/frees...: 146464/146464 +~~ total memory allocated....: 11483508 bytes +~~ total memory freed........: 11483508 bytes +~~ total allocations/frees...: 216718/216718 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 546 chars ~~ json string max len.......: 974 chars diff --git a/test/results/default/mysql-8.pcap.out b/test/results/default/mysql-8.pcap.out index 2a4f05e4a..95f6d70db 100644 --- a/test/results/default/mysql-8.pcap.out +++ b/test/results/default/mysql-8.pcap.out @@ -1,12 +1,12 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946708780103266} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946708780103266} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946708780103266,"flow_src_last_pkt_time":946708780103266,"flow_dst_last_pkt_time":946708780103266,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946708780103266,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946708780103266,"flow_dst_last_pkt_time":946708780103266,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":946708780103266,"pkt":"IiIiIiIiRERERERECABFAAA8OA9AAEAGI6zAqAFpCioSxiIiDOqSBUElAAAAAKACchDH0wAAAgQFtAQCCAoAA3kqAAAAAAEDAwY="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946708780103266,"flow_dst_last_pkt_time":946708780103549,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":946708780103549,"pkt":"REREREREIiIiIiIiCABFAAA8AABAAD8GXLsKKhLGwKgBaQzqIiISTcRTkgVBJqAScSDgsQAAAgQFtAQCCAoAARFeAAN5KgEDAwc="} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":946708780103766,"flow_dst_last_pkt_time":946708780103549,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946708780103766,"pkt":"IiIiIiIiRERERERECABFAAA0OBBAAEAGI7PAqAFpCioSxiIiDOqSBUEmEk3EVIAQAcl+1QAAAQEICgADeSoAARFe"} 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":946708780103766,"flow_dst_last_pkt_time":946708780104285,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_usec":946708780104285,"pkt":"REREREREIiIiIiIiCABFCACL1QpAAD8Gh1kKKhLGwKgBaQzqIiISTcRUkgVBJoAYAONr2QAAAQEICgABEV4AA3kqUwAAAAo4LjUuNDQtMCtkZWI4dTEAJgAAADFeaXQqciJNAP\/3CAIAD4AVAAAAAAAAAAAAAEA6PmshXjc2SlA1WABteXNxbF9uYXRpdmVfcGFzc3dvcmQA"} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946708780103266,"flow_src_last_pkt_time":946708780103766,"flow_dst_last_pkt_time":946708780104285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":87,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":87,"midstream":0,"thread_ts_usec":946708780104285,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MySQL","proto_id":"20","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":87,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1680496271190757} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":87,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1680496271190757} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680496271190757,"flow_src_last_pkt_time":1680496271190757,"flow_dst_last_pkt_time":1680496271190757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680496271190757,"l3_proto":"ip4","src_ip":"192.168.20.80","dst_ip":"192.168.20.108","src_port":47044,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1680496271190757,"flow_dst_last_pkt_time":1680496271190757,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1680496271190757,"pkt":"AAwpfT2KAAwpVaWFCABFAAA89rxAAEAGmfLAqBRQwKgUbLfEDOqzhRw2AAAAAKAC+vCqOwAAAgQFtAQCCAqnOM4fAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1680496271190757,"flow_dst_last_pkt_time":1680496271191108,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1680496271191108,"pkt":"AAwpVaWFAAwpfT2KCABFAAA8AABAAEAGkK\/AqBRswKgUUAzqt8RmaMZds4UcN6AS\/ojs2gAAAgQFtAQCCAqPB+ztpzjOHwEDAwc="} @@ -16,7 +16,7 @@ 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1680496271226579,"flow_dst_last_pkt_time":1680496271226529,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1680496271226579,"pkt":"AAwpfT2KAAwpVaWFCABFAAA09r5AAEAGmfjAqBRQwKgUbLfEDOqzhRw3ZmjGvYAQAfaqMwAAAQEICqc4zkKPB+0Q"} 00963{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946708780103266,"flow_src_last_pkt_time":946708780103766,"flow_dst_last_pkt_time":946708780104285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":87,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":87,"midstream":0,"thread_ts_usec":1680496274054528,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MySQL","proto_id":"20","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":16,"flow_first_seen":1680496271190757,"flow_src_last_pkt_time":1680496274054528,"flow_dst_last_pkt_time":1680496274054505,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":293,"flow_dst_max_l4_payload_len":2185,"flow_src_tot_l4_payload_len":808,"flow_dst_tot_l4_payload_len":2987,"midstream":0,"thread_ts_usec":1680496274054528,"l3_proto":"ip4","src_ip":"192.168.20.80","dst_ip":"192.168.20.108","src_port":47044,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MySQL","proto_id":"20","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":35,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":3882,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1680496274054528} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/mysql-8.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":35,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":3882,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1680496274054528} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 35/35 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769916 bytes -~~ total memory freed........: 7769916 bytes -~~ total allocations/frees...: 146417/146417 +~~ total memory allocated....: 11478519 bytes +~~ total memory freed........: 11478519 bytes +~~ total allocations/frees...: 216671/216671 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 542 chars ~~ json string max len.......: 983 chars diff --git a/test/results/default/natpmp.pcap.out b/test/results/default/natpmp.pcap.out index c25a24ed2..1287e2fbc 100644 --- a/test/results/default/natpmp.pcap.out +++ b/test/results/default/natpmp.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631961259127898} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1631961259127898} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631961259127898,"flow_src_last_pkt_time":1631961259127898,"flow_dst_last_pkt_time":1631961259127898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631961259127898,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.254","src_port":36852,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1631961259127898,"flow_dst_last_pkt_time":1631961259127898,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"thread_ts_usec":1631961259127898,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAAeV7pAAEARXkbAqAGAwKgB\/o\/0FOcACtYvAAA="} 01139{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631961259127898,"flow_src_last_pkt_time":1631961259127898,"flow_dst_last_pkt_time":1631961259127898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631961259127898,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.254","src_port":36852,"dst_port":5351,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","natpmp": {"result":0,"internal_port":0,"external_port":0,"external_address":"0.0.0.0"}}} @@ -8,7 +8,7 @@ 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1631961267470917,"flow_dst_last_pkt_time":1631961259156828,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1631961267470917,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAAoXGBAAEARWZbAqAGAwKgB\/o\/0FOcAFDZeAAIAAMjVyNUAAA4Q"} 01041{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1631961259127898,"flow_src_last_pkt_time":1631961267470917,"flow_dst_last_pkt_time":1631961259156828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1631961267470917,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.254","src_port":36852,"dst_port":5351,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","natpmp": {"result":0,"internal_port":51413,"external_port":51413,"external_address":"10.201.213.174"}}} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1631961267470917,"flow_dst_last_pkt_time":1631961267496338,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1631961267496338,"pkt":"PKn0qB\/spJGxgjQ5CABFAAAssMEAAEARRTHAqAH+wKgBgBTnj\/QAGPrFAIIAAAArOuXI1cjVAAAOEAAA"} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":42,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1663058610829000} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":42,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1663058610829000} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610829000,"flow_src_last_pkt_time":1663058610829000,"flow_dst_last_pkt_time":1663058610829000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058610829000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":36845,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663058610829000,"flow_dst_last_pkt_time":1663058610829000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":44,"pkt_l4_len":10,"thread_ts_usec":1663058610829000,"pkt":"eJS0JASgYDjgxTWgCABFAAAe7gNAAKIRZRXAqAJkwKgCAY\/tFOcACoXRAAA="} 01137{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610829000,"flow_src_last_pkt_time":1663058610829000,"flow_dst_last_pkt_time":1663058610829000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058610829000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":36845,"dst_port":5351,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NAT-PMP","proto_id":"312","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","natpmp": {"result":0,"internal_port":0,"external_port":0,"external_address":"0.0.0.0"}}} @@ -26,7 +26,7 @@ 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1663058622646000,"flow_src_last_pkt_time":1663058622897000,"flow_dst_last_pkt_time":1663058622646000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058622897000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":59817,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1663058622897000,"flow_src_last_pkt_time":1663058622897000,"flow_dst_last_pkt_time":1663058622897000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058622897000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":35763,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00773{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610829000,"flow_src_last_pkt_time":1663058610829000,"flow_dst_last_pkt_time":1663058610829000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058622897000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.1","src_port":36845,"dst_port":5351,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1663058622897000} +00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/natpmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1663058622897000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 ~~ skipped flows.............: 0 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7773516 bytes -~~ total memory freed........: 7773516 bytes -~~ total allocations/frees...: 146415/146415 +~~ total memory allocated....: 11482087 bytes +~~ total memory freed........: 11482087 bytes +~~ total allocations/frees...: 216669/216669 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 516 chars ~~ json string max len.......: 1153 chars diff --git a/test/results/default/nats.pcap.out b/test/results/default/nats.pcap.out index b42bba4ff..fbf499cab 100644 --- a/test/results/default/nats.pcap.out +++ b/test/results/default/nats.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1586288040558498} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1586288040558498} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1586288040558498,"flow_src_last_pkt_time":1586288040558498,"flow_dst_last_pkt_time":1586288040558498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1586288040558498,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1586288040558498,"flow_dst_last_pkt_time":1586288040558498,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1586288040558498,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB1iQQfvCJzTwAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iAAAAAAQCAAA="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1586288040558498,"flow_dst_last_pkt_time":1586288040558594,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1586288040558594,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABEH7WJA7LPw3wic09sBL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iNpSeYgQCAAA="} @@ -16,7 +16,7 @@ 00914{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1586288040575502,"flow_src_last_pkt_time":1586288040575609,"flow_dst_last_pkt_time":1586288040577107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":309,"midstream":0,"thread_ts_usec":1586288040577107,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Nats","proto_id":"68","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00956{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1586288040558498,"flow_src_last_pkt_time":1586288040570938,"flow_dst_last_pkt_time":1586288040570821,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":315,"midstream":0,"thread_ts_usec":1586288042776134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nats","proto_id":"68","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00957{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1586288040575502,"flow_src_last_pkt_time":1586288042776117,"flow_dst_last_pkt_time":1586288042776134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":309,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":321,"midstream":0,"thread_ts_usec":1586288042776134,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Nats","proto_id":"68","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1586288042776134} +00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/nats.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1586288042776134} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7773780 bytes -~~ total memory freed........: 7773780 bytes -~~ total allocations/frees...: 146411/146411 +~~ total memory allocated....: 11482383 bytes +~~ total memory freed........: 11482383 bytes +~~ total allocations/frees...: 216665/216665 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 531 chars ~~ json string max len.......: 962 chars diff --git a/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out index 8e134a7af..a75c39a2c 100644 --- a/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out +++ b/test/results/default/ndpi_match_string_subprotocol__error.pcapng.out @@ -1,5 +1,5 @@ -00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00657{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1258162014557086} +00594{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00657{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1258162014557086} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1258162014557086,"flow_src_last_pkt_time":1258162014557086,"flow_dst_last_pkt_time":1258162014557086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1258162014557086,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1258162014557086,"flow_dst_last_pkt_time":1258162014557086,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1258162014557086,"pkt":"AFBWmXinAB9to6gACABFAAA0MZpAADwGZloKAwkTCkSJdp64H5sCrVC3AAAAAIACwej09wAAAgQFZAEDAwABAQQC"} 02065{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1258162014576991,"flow_dst_last_pkt_time":1258162014557086,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1180,"pkt_l4_len":1146,"thread_ts_usec":1258162014576991,"pkt":"AFBWmXinAB9to6gACABFAASOMZxAADwGYf4KAwkTCkSJdp64H5sCrVC4lwIqi1AYwhBuiwAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aWNlIEhUVFAvMS4xDQpTT0FQQWN0aW9uOiANCkNvbnRlbnQtdHlwZToAQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogOTQ4DQoNCjxzb2FwZW52OkVudmVsb3Bl2nhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpCb2R5PgogICAgPG5zOmNvbmZpZ3VyZT4KICAgICAgPG9iamVjdE5hbWQ+TldNMzoxLTEtMS0xNy4wLjA8L29iamVjdKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} @@ -7,9 +7,9 @@ 01051{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1258162014576991,"flow_dst_last_pkt_time":1258162014582846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"thread_ts_usec":1258162014582846,"pkt":"AAAMB6wcAFBWmXinCABFAAGYOjtAAIAGGFUKRIl2CgMJEx+bnriXAiqLAq1VHlAY9oqoWgAASFRUUC8xLsUgMjAwIE9LDQpEYXRlOiBTYXQsIDE0IE5vdiAyMDA5IDAxOjJGOjI3IEdNVA0KU2VydmVyQiBTdW4gR2z6cnNGaXNoIEVudGVycHJpc2UgU2VydmVyIHYyLjENClgtUG93ZXJlZC1CeTogU2VydmxldC8yLjUNCkNvbnRlbnQtVHlw5TogdGV4dC94bWw7Y2hhcnNldD0idXRmLTgiDQpDb250ZW50LUxlbmd0aEwgMTc4DQoNCjw\/eG1sIHZlcnNpb249IjEuMCIgPz48UzpFbnZlbG9wZSB4bWxuczpTPSJodHRwOi8vc2NoZW9hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+PFM6Qm9keT48bnMyOmNvbmZpZ3VyZVJlSnBvbnNlIHhtbG5zOm5zJQAidXJpOi8vYWxjYXRlbC5jb20vYXBjLzIuMCIvPjwvUzpCb2R5PjwvUzpFbnZlbG9wZT4="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1258162014587557,"flow_dst_last_pkt_time":1258162014582846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1258162014587557,"pkt":"AFBWmXinAB9ro6gACABFAAAoMZ1AADwGZmMKAwkTCkSJdp64H5sCrVUelwIr+1AQwhBt1wAAAAAAAAAA"} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1258162014587557,"flow_dst_last_pkt_time":1258162020091627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1258162020091627,"pkt":"AAAMB6wcAFBWmXinCABFAAAoOz5AAIAGGMIKRIl2CgMJEx+bnriXAiv7Aq1VHlAR9jim6gAA"} -00661{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":1494,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1258165452647609} +00661{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":1494,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1258165452647609} 01262{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1258162014557086,"flow_src_last_pkt_time":1258165452688667,"flow_dst_last_pkt_time":1258165452688687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1126,"flow_dst_max_l4_payload_len":685,"flow_src_tot_l4_payload_len":1648,"flow_dst_tot_l4_payload_len":1053,"midstream":0,"thread_ts_usec":1258165452688687,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00666{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":2701,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1258165452688687} +00666{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":2701,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1258165452688687} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767275 bytes -~~ total memory freed........: 7767275 bytes -~~ total allocations/frees...: 146389/146389 +~~ total memory allocated....: 11475894 bytes +~~ total memory freed........: 11475894 bytes +~~ total allocations/frees...: 216643/216643 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 560 chars ~~ json string max len.......: 2070 chars diff --git a/test/results/default/nest_log_sink.pcap.out b/test/results/default/nest_log_sink.pcap.out index ae9d78aa0..d9aba08bc 100644 --- a/test/results/default/nest_log_sink.pcap.out +++ b/test/results/default/nest_log_sink.pcap.out @@ -1,16 +1,16 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1536712992228658} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1536712992228658} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536712992228658,"flow_src_last_pkt_time":1536712992228658,"flow_dst_last_pkt_time":1536712992228658,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1536712992228658,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1536712992228658,"flow_dst_last_pkt_time":1536712992228658,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1536712992228658,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2IAAP8GYxrAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1536712992228658,"flow_dst_last_pkt_time":1536712992289465,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1536712992289465,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpRAAC0G7egjrlLtwKjyDytX92zEgGGFCKi\/QFAQgdDz\/QAA"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1536713052295189,"flow_dst_last_pkt_time":1536712992289465,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1536713052295189,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2MAAP8GYxnAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1536713052295189,"flow_dst_last_pkt_time":1536713052360453,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1536713052360453,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpVAAC0G7ecjrlLtwKjyDytX92zEgGGFCKi\/QFAQgdDz\/QAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1536713052295189,"flow_dst_last_pkt_time":1536713052805060,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1536713052805060,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpZAAC0G7eYjrlLtwKjyDytX92zEgGGECKi\/QFAQgdDz\/gAA"} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":51,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1536713593921755} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":51,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1536713593921755} 02069{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1536712992228658,"flow_src_last_pkt_time":1536713593921755,"flow_dst_last_pkt_time":1536713593982239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1536713593982239,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":60807,"avg":38820860.0,"max":60122070,"stddev":28558074.0,"var":815563555209216.0,"ent":4.3,"data": [60807,60066531,60070988,444607,512208,60052382,60122070,60064103,60058548,139368,204086,59876012,59944753,60065849,60071735,305546,379257,59710128,59782330,60066153,60065042,470660,541865,60021230,60097006,60071977,60059874,163527,227320,59833996,59896720]},"pktlen": {"min":40,"avg":43.0,"max":46,"stddev":3.0,"var":9.0,"ent":5.0,"data": [46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1],"entropies": [4.501398087,4.881687164,4.457920074,4.881687164,4.881687164,4.501398087,4.457919598,4.881687164,4.501398087,4.881687164,4.881687164,4.501398087,4.501398087,4.881687164,4.501398087,4.881687164,4.881687164,4.501398087,4.501398087,4.881687164,4.414441586,4.881687164,4.881687164,4.441509247,4.501398087,4.881687164,4.501398087,4.881687164,4.881687164,4.501398087,4.501398087,4.881687164]}} 00953{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1536712992228658,"flow_src_last_pkt_time":1536713593921755,"flow_dst_last_pkt_time":1536713593982239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1536713593982239,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1536712992228658,"flow_src_last_pkt_time":1536713593921755,"flow_dst_last_pkt_time":1536713593982239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1536713593982239,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":101,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1536714195599741} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":101,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1536714195599741} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536714602587299,"flow_src_last_pkt_time":1536714602587299,"flow_dst_last_pkt_time":1536714602587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536714602587299,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1536714602587299,"flow_dst_last_pkt_time":1536714602587299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1536714602587299,"pkt":"AJD7JidrGLQwJjRACABFAABEL4kAAP8RJr3AqPIPwKjyAc5xADUAMKk+CwgBAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536714602587299,"flow_src_last_pkt_time":1536714602587299,"flow_dst_last_pkt_time":1536714602587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536714602587299,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -46,10 +46,10 @@ 00997{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":35,"flow_first_seen":1536714602612148,"flow_src_last_pkt_time":1536714607322501,"flow_dst_last_pkt_time":1536714607319686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":679,"flow_src_tot_l4_payload_len":12610,"flow_dst_tot_l4_payload_len":2221,"midstream":0,"thread_ts_usec":1536714735752625,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00995{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1536714610253460,"flow_src_last_pkt_time":1536714615546363,"flow_dst_last_pkt_time":1536714615544009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":678,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":845,"midstream":0,"thread_ts_usec":1536714735752625,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1536714602587299,"flow_src_last_pkt_time":1536714607328073,"flow_dst_last_pkt_time":1536714607527675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536714735752625,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":276,"packets-processed":215,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":2,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":49,"global_ts_usec":1536714800447381} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":276,"packets-processed":215,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":2,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":49,"global_ts_usec":1536714800447381} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1536714602587299,"flow_src_last_pkt_time":1536714607328073,"flow_dst_last_pkt_time":1536714607527675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536714795433354,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":326,"packets-processed":245,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":2,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1536715402175361} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":376,"packets-processed":275,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":2,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1536716003807368} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":326,"packets-processed":245,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":2,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_usec":1536715402175361} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":376,"packets-processed":275,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":2,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1536716003807368} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536716402804764,"flow_src_last_pkt_time":1536716402804764,"flow_dst_last_pkt_time":1536716402804764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536716402804764,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1536716402804764,"flow_dst_last_pkt_time":1536716402804764,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1536716402804764,"pkt":"AJD7JidrGLQwJjRACABFAABEL\/cAAP8RJk\/AqPIPwKjyAc5xADUAMDxpd90BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536716402804764,"flow_src_last_pkt_time":1536716402804764,"flow_dst_last_pkt_time":1536716402804764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536716402804764,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -86,8 +86,8 @@ 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1536716402804764,"flow_src_last_pkt_time":1536716407003782,"flow_dst_last_pkt_time":1536716407116756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536716532891336,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 02255{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1536716407119984,"flow_src_last_pkt_time":1536716592513963,"flow_dst_last_pkt_time":1536716532889304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":531,"flow_dst_max_l4_payload_len":677,"flow_src_tot_l4_payload_len":1941,"flow_dst_tot_l4_payload_len":1905,"midstream":0,"thread_ts_usec":1536716592513963,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6654,"avg":10037526.0,"max":60065954,"stddev":21842106.0,"var":477077551710208.0,"ent":2.6,"data": [66203,68921,634989,702416,15391,245970,1210603,1481601,108755,76207,16822,97423,70982,72827,6654,85865,79238,75829,75050,77170,97357,2619475,2881135,371772,59569035,59778516,60065954,60063694,377489,447329,59622627]},"pktlen": {"min":40,"avg":162.2,"max":717,"stddev":185.8,"var":34538.8,"ent":4.3,"data": [46,44,46,571,40,717,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,332,102,46,46,40,46,40,40,46,46]},"bins": {"c_to_s": [10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,1,0,0],"entropies": [4.390829086,5.012806416,4.434307098,6.960905552,4.931687355,7.109922409,4.501398087,5.422218800,4.931687355,7.525271416,4.762814999,5.747631550,6.463061810,7.686710835,4.434307098,6.746978760,6.772123814,6.796743393,6.668047905,6.846702099,6.720046520,4.457919121,7.263835907,5.855727196,4.441509247,4.501398087,4.981687546,4.501398087,4.981687546,4.981687546,4.501398087,4.501398087]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1536716402804764,"flow_src_last_pkt_time":1536716407003782,"flow_dst_last_pkt_time":1536716407116756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536716592575967,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":547,"packets-processed":424,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":2,"total-updates":4,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":89,"global_ts_usec":1536716652586979} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":595,"packets-processed":452,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":2,"total-updates":4,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_usec":1536717254253428} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":547,"packets-processed":424,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":2,"total-updates":4,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":89,"global_ts_usec":1536716652586979} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":595,"packets-processed":452,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":2,"total-updates":4,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_usec":1536717254253428} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536717427961883,"flow_src_last_pkt_time":1536717427961883,"flow_dst_last_pkt_time":1536717427961883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536717427961883,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1536717427961883,"flow_dst_last_pkt_time":1536717427961883,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1536717427961883,"pkt":"AJD7JidrGLQwJjRACABFAABEME8AAP8RJffAqPIPwKjyAc5xADUAMGWoTp4BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 01198{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536717427961883,"flow_src_last_pkt_time":1536717427961883,"flow_dst_last_pkt_time":1536717427961883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536717427961883,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"weave-logsink.nest.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -117,7 +117,7 @@ 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1536717427961883,"flow_src_last_pkt_time":1536717449934587,"flow_dst_last_pkt_time":1536717450088270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536717572672015,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":711,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1536717427961883,"flow_src_last_pkt_time":1536717449934587,"flow_dst_last_pkt_time":1536717450088270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":59,"flow_dst_max_l4_payload_len":127,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":183,"midstream":0,"thread_ts_usec":1536717632764427,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 02258{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":713,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1536717450091191,"flow_src_last_pkt_time":1536717692809761,"flow_dst_last_pkt_time":1536717693064770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":530,"flow_dst_max_l4_payload_len":678,"flow_src_tot_l4_payload_len":1560,"flow_dst_tot_l4_payload_len":1740,"midstream":0,"thread_ts_usec":1536717693064770,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63349,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4297,"avg":15667489.0,"max":60116188,"stddev":26141992.0,"var":683403720523776.0,"ent":3.1,"data": [65118,68086,678411,747347,17507,94704,1396423,1507704,104371,70568,14503,87690,68949,72988,7038,83601,72569,4297,74338,110547,112155,137112,59606094,59757940,60076789,60061094,60093385,60092412,60108066,60116188,184155]},"pktlen": {"min":40,"avg":145.1,"max":718,"stddev":181.0,"var":32752.9,"ent":4.2,"data": [46,44,46,570,40,718,46,92,40,244,40,100,162,669,46,220,190,46,220,201,332,102,46,46,40,46,40,46,40,46,40,40]},"bins": {"c_to_s": [10,1,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,1,0,1,1],"entropies": [4.303872585,4.967351913,4.390829086,7.000074863,4.931686878,7.083823204,4.501398087,5.370536327,4.981687069,6.850469589,4.881687164,5.621728897,6.422999859,7.639559269,4.347350597,6.781757832,6.666656017,4.544876099,6.837507248,6.783583164,7.269664764,5.833524227,4.501398087,4.390829086,4.931686878,4.457919598,4.931686878,4.501398087,4.931686878,4.501398087,4.931686878,4.981687069]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":727,"packets-processed":562,"total-skipped-flows":0,"total-l4-payload-len":56297,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":12,"total-detection-updates":3,"total-updates":6,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":120,"global_ts_usec":1536717873194026} +00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":727,"packets-processed":562,"total-skipped-flows":0,"total-l4-payload-len":56297,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":12,"total-detection-updates":3,"total-updates":6,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":120,"global_ts_usec":1536717873194026} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1536718052990525,"flow_src_last_pkt_time":1536718052990525,"flow_dst_last_pkt_time":1536718052990525,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1536718052990525,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1536718052990525,"flow_dst_last_pkt_time":1536718052990525,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1536718052990525,"pkt":"AJD7JidrGLQwJjRACABFAAAsMIsAAP8GYe3AqPIPI65S7fd2K1cJGivXAAAAAGACEgAGSAAAAgQEgAAA"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1536718052990525,"flow_dst_last_pkt_time":1536718053059160,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1536718053059160,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93aQyd5SCRor2GASaQM+4wAAAgQFtA=="} @@ -161,11 +161,11 @@ 00975{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1536718202959606,"flow_src_last_pkt_time":1536718202959606,"flow_dst_last_pkt_time":1536718202959785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1536718332214337,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 02254{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":892,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1536718206572751,"flow_src_last_pkt_time":1536718392321066,"flow_dst_last_pkt_time":1536718332214337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":532,"flow_dst_max_l4_payload_len":676,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":1904,"midstream":0,"thread_ts_usec":1536718392321066,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4658,"avg":10044835.0,"max":60173109,"stddev":21953530.0,"var":481957439864832.0,"ent":2.6,"data": [65322,67761,637540,709814,18708,293379,1174542,1481999,109107,72201,17976,90820,70287,73214,8669,96471,87696,75885,78977,77415,126677,2595650,2731016,150399,59910787,60056830,60173109,60107028,4658,60634,60165330]},"pktlen": {"min":40,"avg":162.2,"max":716,"stddev":185.8,"var":34529.8,"ent":4.3,"data": [46,44,46,572,40,716,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,332,102,46,46,40,46,40,46,40,46]},"bins": {"c_to_s": [10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0],"entropies": [4.347350597,4.967352390,4.434307098,6.920494080,4.981687546,7.105970383,4.544876099,5.378740311,4.881687164,7.440455914,4.812814713,5.615177631,6.437895298,7.618911266,4.434307098,6.860777378,6.737969398,6.892507076,6.603207111,6.959574699,6.884947777,4.457919598,7.273610592,5.848325729,4.414441586,4.501398087,4.831686974,4.544876099,4.881687164,4.501398087,4.881687164,4.544876099]},"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":896,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1536718202959606,"flow_src_last_pkt_time":1536718202959606,"flow_dst_last_pkt_time":1536718202959785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1536718392405835,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":900,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":900,"packets-processed":713,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1536718512170528} -00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":950,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":950,"packets-processed":743,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":165,"global_ts_usec":1536719113902134} -00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1000,"packets-processed":773,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":166,"global_ts_usec":1536719715232392} +00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":900,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":900,"packets-processed":713,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1536718512170528} +00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":950,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":950,"packets-processed":743,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":165,"global_ts_usec":1536719113902134} +00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1000,"packets-processed":773,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":8,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":166,"global_ts_usec":1536719715232392} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":50,"flow_dst_packets_processed":46,"flow_first_seen":1536718206572751,"flow_src_last_pkt_time":1536719715232392,"flow_dst_last_pkt_time":1536719655557559,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":532,"flow_dst_max_l4_payload_len":676,"flow_src_tot_l4_payload_len":1942,"flow_dst_tot_l4_payload_len":1904,"midstream":0,"thread_ts_usec":1536719715232392,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NestLogSink","proto_id":"43","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1000,"packets-processed":774,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":8,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":168,"global_ts_usec":1536719715232392} +00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nest_log_sink.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1000,"packets-processed":774,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":8,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":168,"global_ts_usec":1536719715232392} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1000/774 ~~ skipped flows.............: 0 @@ -174,9 +174,9 @@ ~~ total active/idle flows...: 17/17 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7848143 bytes -~~ total memory freed........: 7848143 bytes -~~ total allocations/frees...: 147333/147333 +~~ total memory allocated....: 11556506 bytes +~~ total memory freed........: 11556506 bytes +~~ total allocations/frees...: 217587/217587 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 537 chars ~~ json string max len.......: 2263 chars diff --git a/test/results/default/netbios.pcap.out b/test/results/default/netbios.pcap.out index 9ed2b0904..33adfa1aa 100644 --- a/test/results/default/netbios.pcap.out +++ b/test/results/default/netbios.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1447772210350540} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1447772210350540} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772210350540,"flow_src_last_pkt_time":1447772210350540,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772210350540,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1447772210350540,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1447772210350540,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYvYAAIARuScKAASDCgAF\/wCJAIkAOr8ep0kBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1447772210350540,"flow_src_last_pkt_time":1447772210350540,"flow_dst_last_pkt_time":1447772210350540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1447772210350540,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"xstream_hy"}} @@ -80,7 +80,7 @@ 01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772251795162,"flow_src_last_pkt_time":1447772251795162,"flow_dst_last_pkt_time":1447772251795278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":175,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772216537634,"flow_src_last_pkt_time":1447772216537634,"flow_dst_last_pkt_time":1447772216537735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}} 00769{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1447772216537634,"flow_src_last_pkt_time":1447772216537634,"flow_dst_last_pkt_time":1447772216537735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1447772269972130,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":260,"packets-processed":260,"total-skipped-flows":0,"total-l4-payload-len":13727,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":14,"total-detection-updates":0,"total-updates":3,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_usec":1447772269972130} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/netbios.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":260,"packets-processed":260,"total-skipped-flows":0,"total-l4-payload-len":13727,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":14,"total-detection-updates":0,"total-updates":3,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_usec":1447772269972130} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 260/260 ~~ skipped flows.............: 0 @@ -89,9 +89,9 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7806161 bytes -~~ total memory freed........: 7806161 bytes -~~ total allocations/frees...: 146777/146777 +~~ total memory allocated....: 11514556 bytes +~~ total memory freed........: 11514556 bytes +~~ total allocations/frees...: 217031/217031 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 538 chars ~~ json string max len.......: 2213 chars diff --git a/test/results/default/netbios_wildcard_dns_query.pcap.out b/test/results/default/netbios_wildcard_dns_query.pcap.out index 351b37882..d18392e53 100644 --- a/test/results/default/netbios_wildcard_dns_query.pcap.out +++ b/test/results/default/netbios_wildcard_dns_query.pcap.out @@ -1,10 +1,10 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1597866040493657} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1597866040493657} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597866040493657,"flow_src_last_pkt_time":1597866040493657,"flow_dst_last_pkt_time":1597866040493657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597866040493657,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1597866040493657,"flow_dst_last_pkt_time":1597866040493657,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1597866040493657,"pkt":"AAkPCQEKAFBWvdjVCABFAABOhIlAAEARHAYKAUP6CgFCFKF3ADUAOgSEgPAAEAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="} 01213{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597866040493657,"flow_src_last_pkt_time":1597866040493657,"flow_dst_last_pkt_time":1597866040493657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597866040493657,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597866040493657,"flow_src_last_pkt_time":1597866040493657,"flow_dst_last_pkt_time":1597866040493657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597866040493657,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1597866040493657} +00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netbios_wildcard_dns_query.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1597866040493657} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766782 bytes -~~ total memory freed........: 7766782 bytes -~~ total allocations/frees...: 146372/146372 +~~ total memory allocated....: 11475401 bytes +~~ total memory freed........: 11475401 bytes +~~ total allocations/frees...: 216626/216626 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 587 chars ~~ json string max len.......: 1218 chars diff --git a/test/results/default/netflix.pcap.out b/test/results/default/netflix.pcap.out index f049cbb10..3234275ae 100644 --- a/test/results/default/netflix.pcap.out +++ b/test/results/default/netflix.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1484319030789585} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1484319030789585} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319030789585,"flow_src_last_pkt_time":1484319030789585,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1484319030789585,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1484319030789585,"flow_dst_last_pkt_time":1484319030789585,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1484319030789585,"pkt":"gCqoTGHM5JjWH70UCABFAAA0e0NAAEAGcrPAqAEHNBhXBs7BAbvkIOdkTYzTZoAREADl8AAAAQEICh9kr+C2r\/ET"} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1484319032865799,"flow_src_last_pkt_time":1484319032865799,"flow_dst_last_pkt_time":1484319032865799,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1484319032865799,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -561,7 +561,7 @@ 00983{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":16,"flow_first_seen":1484319033943762,"flow_src_last_pkt_time":1484319064790823,"flow_dst_last_pkt_time":1484319064782569,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":6319,"flow_dst_tot_l4_payload_len":4171,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00983{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":17,"flow_first_seen":1484319064711690,"flow_src_last_pkt_time":1484319096924088,"flow_dst_last_pkt_time":1484319096921856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":20856,"flow_dst_tot_l4_payload_len":4094,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.NetFlix","proto_id":"91.133","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1484319064683828,"flow_src_last_pkt_time":1484319064683828,"flow_dst_last_pkt_time":1484319064699948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":41,"flow_dst_tot_l4_payload_len":206,"midstream":0,"thread_ts_usec":1484319120726362,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.NetFlix","proto_id":"5.133","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} -00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1793,"packets-processed":1793,"total-skipped-flows":0,"total-l4-payload-len":885344,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":60,"total-detection-updates":76,"total-updates":9,"current-active-flows":0,"total-active-flows":61,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":564,"global_ts_usec":1484319120726362} +00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1793,"source":"cfgs\/default\/pcap\/netflix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1793,"packets-processed":1793,"total-skipped-flows":0,"total-l4-payload-len":885344,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":60,"total-detection-updates":76,"total-updates":9,"current-active-flows":0,"total-active-flows":61,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":564,"global_ts_usec":1484319120726362} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1793/1793 ~~ skipped flows.............: 0 @@ -570,9 +570,9 @@ ~~ total active/idle flows...: 61/61 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8320381 bytes -~~ total memory freed........: 8320381 bytes -~~ total allocations/frees...: 149391/149391 +~~ total memory allocated....: 12028040 bytes +~~ total memory freed........: 12028040 bytes +~~ total allocations/frees...: 219645/219645 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 539 chars ~~ json string max len.......: 2493 chars diff --git a/test/results/default/netflow-fritz.pcap.out b/test/results/default/netflow-fritz.pcap.out index c792fd2a0..9477a5254 100644 --- a/test/results/default/netflow-fritz.pcap.out +++ b/test/results/default/netflow-fritz.pcap.out @@ -1,10 +1,10 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1498072707863157} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1498072707863157} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1498072707863157,"flow_src_last_pkt_time":1498072707863157,"flow_dst_last_pkt_time":1498072707863157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":180,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498072707863157,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1498072707863157,"flow_dst_last_pkt_time":1498072707863157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_usec":1498072707863157,"pkt":"AAwRERERAAwRIiIiCABFKADQAABAAD8R1PvAqAABwKgBAVtYCAcAvAAAAAoAtFlKxZ0CWWXEAAQBAAACAHABzQAWAAEABIDPAAQAAGjygMz\/\/wAAaPKAzf\/\/AABo8gAHAAIACwACAAYAAgCxAAEAsAABALQAAgC1AAIAAgAEAM0AAgC5AAQAuAAEAAgABAAMAAQANgAEAFgAAgAEAAEAwAABgAH\/\/wAAaPIAAwA0AdIABwABAI8ABAApAAgAKgAIACgACAEwAAIBMQAEATIABAHTAAIAAQCOAAQAUv\/\/"} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1498072707863157,"flow_src_last_pkt_time":1498072707863157,"flow_dst_last_pkt_time":1498072707863157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":180,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498072707863157,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetFlow","proto_id":"128","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1498072707863157,"flow_src_last_pkt_time":1498072707863157,"flow_dst_last_pkt_time":1498072707863157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":180,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":180,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1498072707863157,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetFlow","proto_id":"128","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1498072707863157} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflow-fritz.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1498072707863157} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766782 bytes -~~ total memory freed........: 7766782 bytes -~~ total allocations/frees...: 146372/146372 +~~ total memory allocated....: 11475401 bytes +~~ total memory freed........: 11475401 bytes +~~ total allocations/frees...: 216626/216626 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 574 chars ~~ json string max len.......: 979 chars diff --git a/test/results/default/netflowv9.pcap.out b/test/results/default/netflowv9.pcap.out index e93ddfcac..424cdf11c 100644 --- a/test/results/default/netflowv9.pcap.out +++ b/test/results/default/netflowv9.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1568213026961189} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1568213026961189} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568213026961189,"flow_src_last_pkt_time":1568213026961189,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1376,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1376,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568213026961189,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02373{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1568213026961189,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"thread_ts_usec":1568213026961189,"pkt":"ACWQ1Mz5rB9rrWosCABFAAV8LBZAAEARgqbAqAKGwKgC3r31CAkFaHVWAAkAECROCO5dZ6gMFm+miAAAAAEBAwQkAAoEJE1qKCRNaigAAAAAAAAAKAAAAAAAAAABBo0ou7J9QF7TxAskWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEzp1CRNjMsAAAAAAAUbtAAAAAAAAASjBhdDjcSK9gL7ko0BuxoAkwAAMhAAAFHMhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEzp3CRNjKAAAAAAAB2wnwAAAAAAAAZqBor2AvsXQ43EAbuSjRoAkwAAUcwAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1ybSRNcm0AAAAAAAAAKAAAAAAAAAABBoOfghRcdiVS2B5evAIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1rLyRNay8AAAAAAAAAKAAAAAAAAAABBor09llcdiVKtb1pkQIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2QhyRNkIcAAAAAAAAAKAAAAAAAAAABBor0qxxcdiVS2B5S8QIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2JWyRNiVsAAAAAAAAAKAAAAAAAAAABBoOfWVu53tNywXcEGgIAkwADMXgAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1qjSRNao0AAAAAAAAALAAAAAAAAAABBor2xOMr4aaiqY0AFgIAkwAAseAAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2OYCRNjmAAAAAAAAAAKAAAAAAAAAABBo1UlODIXai05wABvQIAkwAAS+UAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE11kyRNdisAAAAAAAACRwAAAAAAAAAKBoG7\/klQ1h8GKsoBuxsAkwAAFSIAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE11kyRNdisAAAAAAAAWPwAAAAAAAAAIBlDWHwaBu\/5JAbsqyh4AkwAAMhAAABUihHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HTSRNh00AAAAAAAAAKAAAAAAAAAABBor1FpC5r10bvgPWnAIAkwAAiv4AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2Q4yRNkOMAAAAAAAAAKAAAAAAAAAABBoOfV4ZcdiVS2B5ZXgIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEAQIAVAAKBCRNhcskTYXLAAAAAAAAAHoAAAAAAAAAARHN+8cOjVQJ2YZdADUAkwAAMhAAAEB9hHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAQcA1AAKBiRNJ\/YkTYzBAAAAAAAAELEAAAAAAAAADwYgARa4LRoyANRG8rtzEZ1EIAFMoAAAAQMAAAAAgbv\/\/PfhAbvbAGwAACKxAAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAAoGJE0n9iRNjMEAAAAAAAAIZQAAAAAAAAAMBiABTKAAAAEDAAAAAIG7\/\/wgARa4LRoyANRG8rtzEZ1EAbv34RsAbAAAMhAAACKxhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568213026961189,"flow_src_last_pkt_time":1568213026961189,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1376,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1376,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1376,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568213026961189,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NetFlow","proto_id":"128","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -8,7 +8,7 @@ 02301{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1568213026961481,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1366,"pkt_l4_len":1332,"thread_ts_usec":1568213026961481,"pkt":"ACWQ1Mz5rB9rrWosCABFAAVILBlAAEARgtfAqAKGwKgC3r31CAkFNPSKAAkAECROCO5dZ6gMFm+miwAAAAEBAwR0AAoEJE2MQyRNjEMAAAAAAAAAKAAAAAAAAAABBoG7GHW5sBu2oskQ8wIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2N2iRNjdoAAAAAAAAAKAAAAAAAAAABBo1U+k3KfY5lynQNPQIAkwAAJVUAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE18SSRNfEkAAAAAAAAAKAAAAAAAAAABBoOfK0xgJbzk0x8idgIAkwAAQZMAAzG32GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE138SRNd\/EAAAAAAAAAKAAAAAAAAAABBo0ow7ZcdiVKtb35CAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2GQyRNhkMAAAAAAAAAKAAAAAAAAAABBor0wQFcdiVKtb3HUgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2DfiRNg34AAAAAAAAAKAAAAAAAAAABBor2FrZcdiVS2B5qjAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE18PyRNfD8AAAAAAAAAKAAAAAAAAAABBo1Up0FcdiVS2B5r1QIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE17iyRNe4sAAAAAAAAAPAAAAAAAAAABBg3sBqCBu1q758J2XwIAkwAAMhAAAEB9hHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2NhiRNjYYAAAAAAAAAKAAAAAAAAAABBor1iT+zPH\/q+PWRXwIAkwAEAA8AADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2S4iRNkuIAAAAAAAAAKAAAAAAAAAABBo1UPAVcdiVKtb3HQAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1zyiRNf34AAAAAAAAAaAAAAAAAAAACBoG7N9cYhuyhXSkMOAIAkwAAemYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE10QyRNicMAAAAAAAAOTQAAAAAAAAAOBkWtkIyNVA4cyLQBuxsAkwAAMhAAAGgrhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE10VCRNiaAAAAAAAAAWCAAAAAAAAAAOBo1UDhxFrZCMAbvItBsAkwAAaCsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE19oiRNfaIAAAAAAAAAKAAAAAAAAAABBo0otGR9QF7TkZskWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoBAgCkAAoEJE1+RiRNfkYAAAAAAAACnwAAAAAAAAABEY0or7OjrOWoV\/4TxACTAAAyTAAAMhDYZ9kYj9qEeKwVnUIAAAAAACAAAAAAAAAAAAAAAAAACgQkTYvDJE2LwwAAAAAAAABBAAAAAAAAAAERjVTKyMf3HnvTFQA1AJMAAE\/5AAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAA=="} 02291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1568213026961588,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1362,"pkt_l4_len":1328,"thread_ts_usec":1568213026961588,"pkt":"ACWQ1Mz5rB9rrWosCABFAAVELBpAAEARgtrAqAKGwKgC3r31CAkFMBHrAAkAECROCO5dZ6gMFm+mjAAAAAEBAwUUAAoEJE2SMCRNkjAAAAAAAAAAKAAAAAAAAAABBo0oeEF9QF7TgbUkWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2JaCRNiWgAAAAAAAAAKAAAAAAAAAABBo1UNRi50QAh4ToRYwIAkwAAl54AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEz5IiRNcjMAAAAAAAAZGgAAAAAAAAAUBhH4kiqK9g5D6DsBuxsAkwAAMhAAAALKhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEz5KyRNcicAAAAAAAA1qwAAAAAAAAAUBor2DkMR+JIqAbvoOxsAkwAAAsoAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2AfyRNgH8AAAAAAAAAKAAAAAAAAAABBor2smFcdiVS2B5l6QIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1vXSRNb10AAAAAAAAAKAAAAAAAAAABBo0oMRxcd6AhqNceOgIAkwAAwWEAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE1wriRNcNYAAAAAAAADlQAAAAAAAAALBhcAJ1qBuwkVzSYBuxoAkwAAMhAAAEDxhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1wtyRNcQcAAAAAAAARmgAAAAAAAAAIBoG7CRUXACdaAbvNJhoAkwAAQPEAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1voCRNb6AAAAAAAAAAKAAAAAAAAAABBo1Ua7JcdiVKtb08AgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2SPCRNkjwAAAAAAAAAKAAAAAAAAAABBoOftxy5sBu2oskg6gIAkwADHowAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1zjiRNc44AAAAAAAAAKAAAAAAAAAABBor0fg92t70V0O4XDAIAkwAAECYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2SXiRNkl4AAAAAAAAAKAAAAAAAAAABBoG7fy+5sBu2oskgdQIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1zoCRNc6AAAAAAAAAAKAAAAAAAAAABBo0nrI+5sBv2sRRsPgIAkwADHowAAAKo2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2MviRNj0UAAAAAAAAE2wAAAAAAAAAGBmj0KkiK9gKH15wBuxgAkwAAMhAAADRmhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2MxyRNjxMAAAAAAAAC1wAAAAAAAAAFBor2Aodo9CpIAbvXnBgAkwAANGYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE15TyRNeU8AAAAAAAAAKAAAAAAAAAABBor1eIW5sBu2oskcOQIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAA"} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1568213026961189,"flow_src_last_pkt_time":1568213026962107,"flow_dst_last_pkt_time":1568213026961189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1320,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1376,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13468,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568213026962107,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"NetFlow","proto_id":"128","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":13468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1568213026962107} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/netflowv9.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":13468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1568213026962107} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767043 bytes -~~ total memory freed........: 7767043 bytes -~~ total allocations/frees...: 146381/146381 +~~ total memory allocated....: 11475662 bytes +~~ total memory freed........: 11475662 bytes +~~ total allocations/frees...: 216635/216635 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 570 chars ~~ json string max len.......: 2379 chars diff --git a/test/results/default/nfsv2.pcap.out b/test/results/default/nfsv2.pcap.out index d1add91e0..71781ea31 100644 --- a/test/results/default/nfsv2.pcap.out +++ b/test/results/default/nfsv2.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":944207338400000} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":944207338400000} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":944207338400000,"flow_src_last_pkt_time":944207338400000,"flow_dst_last_pkt_time":944207338400000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":944207338400000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3289,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":944207338400000,"flow_dst_last_pkt_time":944207338400000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":944207338400000,"pkt":"AMCV+E3TAMCV4Bm+CABFAABcZMIAAEAR0zSLGRYCixkWZgzZAG8ASG3iOEEWnwAAAAAAAAACAAGGoAAAAAMAAAADAAAAAAAAAAAAAAAAAAAAAAABhqUAAAABAAAAA3VkcAAAAAAAAAAAAA=="} 01161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":944207338400000,"flow_src_last_pkt_time":944207338400000,"flow_dst_last_pkt_time":944207338400000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":944207338400000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3289,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} @@ -39,7 +39,7 @@ 01207{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207338410000,"flow_src_last_pkt_time":944207338410000,"flow_dst_last_pkt_time":944207338430000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":60,"midstream":0,"thread_ts_usec":944207338890000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":671,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 01207{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207338890000,"flow_src_last_pkt_time":944207338890000,"flow_dst_last_pkt_time":944207338890000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":944207338890000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":686,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":72,"flow_dst_packets_processed":72,"flow_first_seen":944207338490000,"flow_src_last_pkt_time":944207338840000,"flow_dst_last_pkt_time":944207338840000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":9616,"flow_dst_tot_l4_payload_len":6260,"midstream":0,"thread_ts_usec":944207338890000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":1023,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":156,"packets-processed":156,"total-skipped-flows":0,"total-l4-payload-len":16592,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":944207338890000} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/nfsv2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":156,"packets-processed":156,"total-skipped-flows":0,"total-l4-payload-len":16592,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":944207338890000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 156/156 ~~ skipped flows.............: 0 @@ -48,9 +48,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7784165 bytes -~~ total memory freed........: 7784165 bytes -~~ total allocations/frees...: 146593/146593 +~~ total memory allocated....: 11492688 bytes +~~ total memory freed........: 11492688 bytes +~~ total allocations/frees...: 216847/216847 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 539 chars ~~ json string max len.......: 2246 chars diff --git a/test/results/default/nfsv3.pcap.out b/test/results/default/nfsv3.pcap.out index 73ba30df5..bb6b0781e 100644 --- a/test/results/default/nfsv3.pcap.out +++ b/test/results/default/nfsv3.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":944207397280000} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":944207397280000} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":944207397280000,"flow_src_last_pkt_time":944207397280000,"flow_dst_last_pkt_time":944207397280000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":944207397280000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3295,"dst_port":111,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":944207397280000,"flow_dst_last_pkt_time":944207397280000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":944207397280000,"pkt":"AMCV+E3TAMCV4Bm+CABFAABcZTwAAEAR0rqLGRYCixkWZgzfAG8ASDUOOENPaQAAAAAAAAACAAGGoAAAAAMAAAADAAAAAAAAAAAAAAAAAAAAAAABhqUAAAADAAAAA3VkcAAAAAAAAAAAAA=="} 01161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":944207397280000,"flow_src_last_pkt_time":944207397280000,"flow_dst_last_pkt_time":944207397280000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":944207397280000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3295,"dst_port":111,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} @@ -44,7 +44,7 @@ 01207{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207397750000,"flow_src_last_pkt_time":944207397750000,"flow_dst_last_pkt_time":944207397750000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":944207397750000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":722,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 01205{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":944207397290000,"flow_src_last_pkt_time":944207397290000,"flow_dst_last_pkt_time":944207397290000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":24,"midstream":0,"thread_ts_usec":944207397750000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":3296,"dst_port":1048,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":57,"flow_dst_packets_processed":57,"flow_first_seen":944207397400000,"flow_src_last_pkt_time":944207397690000,"flow_dst_last_pkt_time":944207397690000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":128,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":300,"flow_src_tot_l4_payload_len":8004,"flow_dst_tot_l4_payload_len":8644,"midstream":0,"thread_ts_usec":944207397750000,"l3_proto":"ip4","src_ip":"139.25.22.2","dst_ip":"139.25.22.102","src_port":1022,"dst_port":2049,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NFS","proto_id":"11","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":128,"packets-processed":128,"total-skipped-flows":0,"total-l4-payload-len":17440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_usec":944207397750000} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/nfsv3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":128,"packets-processed":128,"total-skipped-flows":0,"total-l4-payload-len":17440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_usec":944207397750000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 128/128 ~~ skipped flows.............: 0 @@ -53,9 +53,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7785501 bytes -~~ total memory freed........: 7785501 bytes -~~ total allocations/frees...: 146576/146576 +~~ total memory allocated....: 11494008 bytes +~~ total memory freed........: 11494008 bytes +~~ total allocations/frees...: 216830/216830 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 539 chars ~~ json string max len.......: 2248 chars diff --git a/test/results/default/nintendo.pcap.out b/test/results/default/nintendo.pcap.out index 769932ca5..6ceda6e78 100644 --- a/test/results/default/nintendo.pcap.out +++ b/test/results/default/nintendo.pcap.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1500731320644357} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1500731320644357} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731320644357,"flow_src_last_pkt_time":1500731320644357,"flow_dst_last_pkt_time":1500731320644357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731320644357,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1500731320644357,"flow_dst_last_pkt_time":1500731320644357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1500731320644357,"pkt":"AA6OGXEMfLuKifuECABFAABYEUEAAEARTg7AqAxyWwjzI8uXwRgARM2+MquYZAJWA8uWATPgxkj4NJP7aMnpzfBBRQUJGYsmvR+Tfti6\/9NW0mVVtdYfmAlO0lOZx8+qpE3Q9Qrr"} 01046{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1500731320644357,"flow_src_last_pkt_time":1500731320644357,"flow_dst_last_pkt_time":1500731320644357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731320644357,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -161,7 +161,7 @@ 01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1500731320764440,"flow_src_last_pkt_time":1500731321914139,"flow_dst_last_pkt_time":1500731321902107,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":704,"flow_dst_tot_l4_payload_len":628,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Nintendo","proto_id":"173","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01064{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1500731343274328,"flow_src_last_pkt_time":1500731343874408,"flow_dst_last_pkt_time":1500731343274328,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":324,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01066{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1500731342860163,"flow_src_last_pkt_time":1500731343591759,"flow_dst_last_pkt_time":1500731342860163,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":756,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1500731348756457,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1000,"packets-processed":996,"total-skipped-flows":0,"total-l4-payload-len":289225,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":15,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1500731348756457} +00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/nintendo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1000,"packets-processed":996,"total-skipped-flows":0,"total-l4-payload-len":289225,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":15,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1500731348756457} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1000/996 ~~ skipped flows.............: 0 @@ -170,9 +170,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7856597 bytes -~~ total memory freed........: 7856597 bytes -~~ total allocations/frees...: 147605/147605 +~~ total memory allocated....: 11564896 bytes +~~ total memory freed........: 11564896 bytes +~~ total allocations/frees...: 217859/217859 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 532 chars ~~ json string max len.......: 2329 chars diff --git a/test/results/default/nntp.pcap.out b/test/results/default/nntp.pcap.out index 77dc2d515..74441dc21 100644 --- a/test/results/default/nntp.pcap.out +++ b/test/results/default/nntp.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1258844926423672} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1258844926423672} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1258844926423672,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1258844926423672,"pkt":"AEBj1fcCABQqM3R+CABFAAA8fZdAAEAGv7nAqL4UwKi+BdlOAHfZ0lWUAAAAAKACFtABzgAAAgQFtAQCCAoAyCgDAAAAAAEDAwY="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1258844926423829,"pkt":"ABQqM3R+AEBj1fcCCABFAAA8AABAAEAGPVHAqL4FwKi+FAB32U6dVo1l2dJVlaASFqBxAwAAAgQFtAQCCAoKz1tgAMgoAwEDAwQ="} @@ -9,7 +9,7 @@ 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1258844926441100,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 02193{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844993785292,"flow_dst_last_pkt_time":1258844993785209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":4808,"midstream":0,"thread_ts_usec":1258844993785292,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":29,"avg":4345908.0,"max":25684268,"stddev":7782391.0,"var":60565611347968.0,"ent":3.1,"data": [157,178,17001,17072,178,379,673149,673694,608,343,40452,19518042,19565845,7986,4770071,4784435,14326,95,29,25683555,25684268,770,12078373,12090740,12467,209,55,4543973,116,4544308,283]},"pktlen": {"min":40,"avg":205.9,"max":1500,"stddev":397.4,"var":157950.1,"ent":3.6,"data": [60,60,52,176,52,65,52,99,78,52,101,52,65,1280,52,65,1500,52,172,52,83,102,52,63,1500,52,318,52,58,52,80,40]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,3,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,1,0,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,0,1,0],"entropies": [4.471673489,4.918822765,4.878231525,5.476410866,4.931209564,5.179985523,4.961856842,5.561774254,5.435857296,5.000318050,5.478010178,4.892747879,5.210754871,5.673897266,4.969671249,5.291449070,5.852569103,4.878231049,5.413592815,4.878231049,5.543476105,5.549430847,4.931209564,5.298630238,5.766685963,4.767184258,5.374790192,4.825252533,4.982897282,4.817437172,5.532413483,3.670482159]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844993785292,"flow_dst_last_pkt_time":1258844993785209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":4808,"midstream":0,"thread_ts_usec":1258844993785292,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":4921,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1258844993785292} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/nntp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":4921,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1258844993785292} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769729 bytes -~~ total memory freed........: 7769729 bytes -~~ total allocations/frees...: 146404/146404 +~~ total memory allocated....: 11478348 bytes +~~ total memory freed........: 11478348 bytes +~~ total allocations/frees...: 216658/216658 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 542 chars ~~ json string max len.......: 2198 chars diff --git a/test/results/default/no_sni.pcap.out b/test/results/default/no_sni.pcap.out index 5facf0353..54a291f04 100644 --- a/test/results/default/no_sni.pcap.out +++ b/test/results/default/no_sni.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1604822444474923} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1604822444474923} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822444474923,"flow_src_last_pkt_time":1604822444474923,"flow_dst_last_pkt_time":1604822444474923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1604822444474923,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1604822444474923,"flow_dst_last_pkt_time":1604822444474923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_usec":1604822444474923,"pkt":"EBMxuRBeeDHBvV4kCABFAABPAABAAEAGFoDAqAF3aBD5+ciDAbvkc0fPNh\/971AYEABWfwAAFwMDACKpSo7n5l1NtXHPvYJ17DEID+iXo6vcSBPbb4QBvLt6N\/RR"} 01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604822444474923,"flow_src_last_pkt_time":1604822444474923,"flow_dst_last_pkt_time":1604822444474923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1604822444474923,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -74,7 +74,7 @@ 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1604822444913120,"flow_src_last_pkt_time":1604822445727508,"flow_dst_last_pkt_time":1604822445705929,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":947,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2075,"flow_dst_tot_l4_payload_len":12913,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1604822447227531,"flow_src_last_pkt_time":1604822447574511,"flow_dst_last_pkt_time":1604822447785853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1113,"flow_dst_tot_l4_payload_len":3583,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1604822447249969,"flow_src_last_pkt_time":1604822447595974,"flow_dst_last_pkt_time":1604822447807205,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1114,"flow_dst_tot_l4_payload_len":3582,"midstream":0,"thread_ts_usec":1604822448523987,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":442,"packets-processed":442,"total-skipped-flows":0,"total-l4-payload-len":57511,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":77,"global_ts_usec":1604822448523987} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/no_sni.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":442,"packets-processed":442,"total-skipped-flows":0,"total-l4-payload-len":57511,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":77,"global_ts_usec":1604822448523987} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 442/442 ~~ skipped flows.............: 0 @@ -83,9 +83,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7840911 bytes -~~ total memory freed........: 7840911 bytes -~~ total allocations/frees...: 146928/146928 +~~ total memory allocated....: 11549418 bytes +~~ total memory freed........: 11549418 bytes +~~ total allocations/frees...: 217182/217182 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 529 chars ~~ json string max len.......: 2174 chars diff --git a/test/results/default/ocs.pcap.out b/test/results/default/ocs.pcap.out index 73b4c9da6..0808cbd03 100644 --- a/test/results/default/ocs.pcap.out +++ b/test/results/default/ocs.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1449652784341686} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1449652784341686} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652784341686,"flow_src_last_pkt_time":1449652784341686,"flow_dst_last_pkt_time":1449652784341686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652784341686,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"64.233.184.188","src_port":47699,"dst_port":5228,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1449652784341686,"flow_dst_last_pkt_time":1449652784341686,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1449652784341686,"pkt":"RQAAPKbzQABABiV4wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIdPYAAAIEBbQEAggKADWBtgAAAAABAwMG"} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786071163,"flow_src_last_pkt_time":1449652786071163,"flow_dst_last_pkt_time":1449652786071163,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652786071163,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} @@ -134,7 +134,7 @@ 00769{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786071163,"flow_src_last_pkt_time":1449652786071163,"flow_dst_last_pkt_time":1449652786071163,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":38472,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00769{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652786934111,"flow_src_last_pkt_time":1449652786934111,"flow_dst_last_pkt_time":1449652786934111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":48770,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 00770{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449652842535220,"flow_src_last_pkt_time":1449652842535220,"flow_dst_last_pkt_time":1449652842535220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449652846380718,"l3_proto":"ip4","src_ip":"192.168.180.2","dst_ip":"8.8.8.8","src_port":24245,"dst_port":53,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":946,"packets-processed":946,"total-skipped-flows":0,"total-l4-payload-len":12361,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":18,"total-detection-updates":0,"total-updates":7,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":137,"global_ts_usec":1449652846380718} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/ocs.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":946,"packets-processed":946,"total-skipped-flows":0,"total-l4-payload-len":12361,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":18,"total-detection-updates":0,"total-updates":7,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":137,"global_ts_usec":1449652846380718} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 946/946 ~~ skipped flows.............: 0 @@ -143,9 +143,9 @@ ~~ total active/idle flows...: 20/20 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7846173 bytes -~~ total memory freed........: 7846173 bytes -~~ total allocations/frees...: 147562/147562 +~~ total memory allocated....: 11554488 bytes +~~ total memory freed........: 11554488 bytes +~~ total allocations/frees...: 217816/217816 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 526 chars ~~ json string max len.......: 2379 chars diff --git a/test/results/default/ocsp.pcapng.out b/test/results/default/ocsp.pcapng.out index bfdf13455..836c504c2 100644 --- a/test/results/default/ocsp.pcapng.out +++ b/test/results/default/ocsp.pcapng.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623221248283182} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623221248283182} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623221248283182,"flow_src_last_pkt_time":1623221248283182,"flow_dst_last_pkt_time":1623221248283182,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623221248283182,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623221248283182,"flow_dst_last_pkt_time":1623221248283182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_usec":1623221248283182,"pkt":"pJGxgjQ56CrqthSFCABFAAA07YhAAIAG7ObAqAHjbUbwgsKVAFBAnkIeAAAAAIAC+vAOKQAAAgQFtAEDAwgBAQQCGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARhcrEQ=="} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623221248283182,"flow_dst_last_pkt_time":1623221248292856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":28,"thread_ts_usec":1623221248292856,"pkt":"6CrqthSFpJGxgjQ5CABFAAAwAABAADUGJXRtRvCCwKgB4wBQwpWhnw3QQJ5CH3ASOQg1lwAAAgQFtAEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx3fu3"} @@ -7,7 +7,7 @@ 01111{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1623221248318158,"flow_dst_last_pkt_time":1623221248292856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":491,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":491,"pkt_l4_len":405,"thread_ts_usec":1623221248318158,"pkt":"pJGxgjQ56CrqthSFCABFAAGp7YpAAIAG62\/AqAHjbUbwgsKVAFBAnkIfoZ8N0VAYAgFHiQAAR0VUIC9WQS9BVVRILVJPT1QvTUZFd1R6Qk5NRXN3U1RBSkJnVXJEZ01DR2dVQUJCU3c0eDV2NGJUbGl6ak5SbVRka1lTeTdxMFI5Z1FVVXRpSU9zaWZlR2J0aWZON09IQ1V5UUlDTnRBQ0VFV1hNdGp6R010MWs2TDBhQSUyQlE2dGslM0QgSFRUUC8xLjENCkNhY2hlLUNvbnRyb2w6IG1heC1hZ2UgPSAxMA0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQWNjZXB0OiAqLyoNCklmLU1vZGlmaWVkLVNpbmNlOiBXZWQsIDIxIEFwciAyMDIxIDEzOjQ5OjM4IEdNVA0KSWYtTm9uZS1NYXRjaDogImRlMDQyYTM0N2M4MzUwNDcwNTI4NTdkZTE4NThjYTA2Yjc3ZTc4NmUiDQpVc2VyLUFnZW50OiBNaWNyb3NvZnQtQ3J5cHRvQVBJLzEwLjANCkhvc3Q6IG9jc3AwNy5hY3RhbGlzLml0DQoNChmBEQkAUQBRAWQAAQAAAggAAAAAAAAAAABRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyeeDo="} 01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623221248283182,"flow_src_last_pkt_time":1623221248318158,"flow_dst_last_pkt_time":1623221248292856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":385,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":385,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623221248318158,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ocsp07.actalis.it","http": {"url":"ocsp07.actalis.it\/VA\/AUTH-ROOT\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/10.0"}}} 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623221248318158,"flow_dst_last_pkt_time":1623221248329809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":20,"thread_ts_usec":1623221248329809,"pkt":"6CrqthSFpJGxgjQ5CABFAAAoCt1AADUGGp9tRvCCwKgB4wBQwpWhnw3RQJ5DoFAQAB+YzAAAAAAAAAAAGYERCQBRAFEBZAABAAACCAAAAAAAAAAAAFEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVd3OEQ=="} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":8359,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1623222699655905} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":8359,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1623222699655905} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623222699655905,"flow_src_last_pkt_time":1623222699655905,"flow_dst_last_pkt_time":1623222699655905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623222699655905,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1623222699655905,"flow_dst_last_pkt_time":1623222699655905,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623222699655905,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8N6FAAEAG+ZTAqAGAjvq4Y9OKAFA7VkTpAAAAAKAC+vDDlAAAAgQFtAQCCAqSLZmsAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx0lW5"} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1623222699655905,"flow_dst_last_pkt_time":1623222699659281,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623222699659281,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8l3UAADkG4ECO+rhjwKgBgABQ04qgD55GO1ZE6qAS\/\/9O2gAAAgQFlgQCCAovwgGfki2ZrAEDAwgZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACT46ug"} @@ -41,7 +41,7 @@ 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1623223091739953,"flow_dst_last_pkt_time":1623223091766742,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_usec":1623223091766742,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA09eZAAC8GfBuXi4AOwKgBgABQhiREDjpl1HrQroAQAQXUjAAAAQEICnuayJLLCQ4hGYERCQMcAxwBZAMBAAACCAAAAAAAAAAAAxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JxURA=="} 00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":17,"flow_first_seen":1623222785863296,"flow_src_last_pkt_time":1623222909833905,"flow_dst_last_pkt_time":1623222909829628,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":889,"flow_src_tot_l4_payload_len":772,"flow_dst_tot_l4_payload_len":1778,"midstream":0,"thread_ts_usec":1623223091773663,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":24,"flow_first_seen":1623222699655905,"flow_src_last_pkt_time":1623222892672181,"flow_dst_last_pkt_time":1623222892670553,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":702,"flow_src_tot_l4_payload_len":788,"flow_dst_tot_l4_payload_len":1404,"midstream":0,"thread_ts_usec":1623223091773663,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":158,"packets-processed":157,"total-skipped-flows":0,"total-l4-payload-len":15999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1623226796047107} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":158,"packets-processed":157,"total-skipped-flows":0,"total-l4-payload-len":15999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1623226796047107} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623226796047107,"flow_src_last_pkt_time":1623226796047107,"flow_dst_last_pkt_time":1623226796047107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623226796047107,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1623226796047107,"flow_dst_last_pkt_time":1623226796047107,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623226796047107,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8IiFAAEAGHJ3AqAGAXbjcHbsgAFDKwHZTAAAAAKAC+vANzwAAAgQFtAQCCArJnn0eAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2uJMq"} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1623226796047107,"flow_dst_last_pkt_time":1623226796050182,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623226796050182,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8OIIAADgGTjxduNwdwKgBgABQuyB0cdYZysB2VKAS\/\/931wAAAgQFtAQCCAqXTK79yZ59HgEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApvHVR"} @@ -52,7 +52,7 @@ 00974{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1623223090984057,"flow_src_last_pkt_time":1623223156058732,"flow_dst_last_pkt_time":1623223156084748,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":393,"flow_dst_max_l4_payload_len":728,"flow_src_tot_l4_payload_len":393,"flow_dst_tot_l4_payload_len":1199,"midstream":0,"thread_ts_usec":1623226796065242,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1623223091709422,"flow_src_last_pkt_time":1623223156773701,"flow_dst_last_pkt_time":1623223156800666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":389,"flow_dst_max_l4_payload_len":472,"flow_src_tot_l4_payload_len":389,"flow_dst_tot_l4_payload_len":917,"midstream":0,"thread_ts_usec":1623226796065242,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 02274{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":189,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1623226796047107,"flow_src_last_pkt_time":1623226898935296,"flow_dst_last_pkt_time":1623226888697884,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":387,"flow_dst_max_l4_payload_len":799,"flow_src_tot_l4_payload_len":1161,"flow_dst_tot_l4_payload_len":2397,"midstream":0,"thread_ts_usec":1623226898935296,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":297,"avg":6307708.5,"max":10240173,"stddev":4932344.5,"var":24328020164608.0,"ent":4.3,"data": [3075,7547,2588,10413,297,8000,10198565,10205648,10239932,10239686,10240046,10239807,10240147,10240173,10239675,10239894,594543,595404,7786,346,7916,7271,10142015,10148632,10239909,10240023,10239943,10239865,10239954,10239944,10239922]},"pktlen": {"min":104,"avg":215.7,"max":903,"stddev":247.8,"var":61420.8,"ent":4.3,"data": [112,112,104,491,104,903,104,104,104,104,104,104,104,104,104,104,104,491,903,104,491,903,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,0],"entropies": [3.868270159,4.279380798,4.030010700,6.270659924,4.342348576,7.048072815,4.407741547,4.407741547,4.327831268,4.388510704,4.373551369,4.383797169,4.361579418,4.395769119,4.336050510,4.388510704,4.327831268,6.267565727,7.008815289,4.357307434,6.261363029,7.018546581,4.348686218,4.395769119,4.303886890,4.330818176,4.342348576,4.395769119,4.342348576,4.414999962,4.272684097,4.376538277]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":208,"packets-processed":207,"total-skipped-flows":0,"total-l4-payload-len":19557,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1623227471703092} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":208,"packets-processed":207,"total-skipped-flows":0,"total-l4-payload-len":19557,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1623227471703092} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623227471703092,"flow_src_last_pkt_time":1623227471703092,"flow_dst_last_pkt_time":1623227471703092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623227471703092,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1623227471703092,"flow_dst_last_pkt_time":1623227471703092,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623227471703092,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8CDlAAEAGLKrAqAGANFUPXMDmAFDpM3mLAAAAAKAC+vAljwAAAgQFtAQCCArD2jnWAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU0JsT"} 00627{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1623227471703092,"flow_dst_last_pkt_time":1623227471715055,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623227471715055,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8PJoAAPMGhUg0VQ9cwKgBgABQwOYt\/4+26TN5jKAS\/\/9VQwAAAgQFoAQCCAoCPQtLw9o51gEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABrMGLg"} @@ -70,7 +70,7 @@ 00977{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":23,"flow_first_seen":1623226796047107,"flow_src_last_pkt_time":1623226963037756,"flow_dst_last_pkt_time":1623226963033362,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":387,"flow_dst_max_l4_payload_len":799,"flow_src_tot_l4_payload_len":1161,"flow_dst_tot_l4_payload_len":2397,"midstream":0,"thread_ts_usec":1623227472228502,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 02275{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623227472211039,"flow_src_last_pkt_time":1623227587349174,"flow_dst_last_pkt_time":1623227584757187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":401,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":401,"flow_dst_tot_l4_payload_len":1998,"midstream":0,"thread_ts_usec":1623227587349174,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":7344654.5,"max":10240632,"stddev":4532510.5,"var":20543650660352.0,"ent":4.5,"data": [3378,7400,923,8114,615,0,9140,0,10126876,10134843,10240392,10240491,10239169,10239578,10239933,10239705,10239910,10239519,10239942,10240185,10239877,10240084,10240632,10240175,10239571,10239443,10239518,10240005,10239975,10240013,2594877]},"pktlen": {"min":104,"avg":179.5,"max":1448,"stddev":263.0,"var":69147.6,"ent":4.2,"data": [112,112,104,505,104,1448,758,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [3.821438313,4.185985565,4.099675179,6.228553295,4.350049019,6.867750645,7.448840618,4.438944817,4.354762554,4.362021446,4.304766178,4.350049019,4.400483131,4.381252289,4.400483131,4.354762554,4.328273296,4.342790604,4.381252289,4.419713974,4.400483131,4.419713974,4.373993397,4.347504139,4.362021446,4.362021446,4.400483131,4.400483131,4.400483131,4.354762554,4.381252289,4.362021446]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 02296{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623227471703092,"flow_src_last_pkt_time":1623227587366039,"flow_dst_last_pkt_time":1623227587361645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":396,"flow_dst_max_l4_payload_len":1006,"flow_src_tot_l4_payload_len":396,"flow_dst_tot_l4_payload_len":1006,"midstream":0,"thread_ts_usec":1623227587366039,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":379,"avg":7461984.0,"max":10240568,"stddev":4364520.0,"var":19049033498624.0,"ent":4.6,"data": [11963,16479,379,17094,109967,126649,9996419,10012379,10239928,10239783,10239896,10240232,10239903,10239633,10239951,10239961,10239904,10240133,10239949,10239714,10239909,10239972,10240568,10240566,10239801,10239750,10239347,10239527,3107000,3107879,16865]},"pktlen": {"min":104,"avg":148.3,"max":1110,"stddev":185.9,"var":34567.0,"ent":4.5,"data": [112,112,104,500,104,1110,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [3.872647047,4.259160519,4.034724236,6.288679600,4.284656048,6.962940216,4.381252289,4.381252289,4.315859318,4.362021446,4.250907898,4.362021446,4.335090160,4.354762554,4.277397633,4.283735275,4.335090160,4.381252289,4.315859318,4.362021446,4.284656048,4.381252289,4.284656048,4.323559761,4.335090160,4.335531712,4.296628475,4.362021446,4.315859318,4.329455853,4.250907898,4.369279861]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":275,"packets-processed":274,"total-skipped-flows":0,"total-l4-payload-len":23358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1623229632695852} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":275,"packets-processed":274,"total-skipped-flows":0,"total-l4-payload-len":23358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1623229632695852} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623229632695852,"flow_src_last_pkt_time":1623229632695852,"flow_dst_last_pkt_time":1623229632695852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623229632695852,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1623229632695852,"flow_dst_last_pkt_time":1623229632695852,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623229632695852,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA82G5AAEAGQmzAqAGAbUbwcrHKAFDtwUNWAAAAAKAC+vAcMQAAAgQFtAQCCAoRKRyhAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZRLNb"} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1623229632695852,"flow_dst_last_pkt_time":1623229632706990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_usec":1623229632706990,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADUGJdttRvBywKgBgABQscrfcozQ7cFDV6AScSAwDQAAAgQFtAQCCAq9uUvmESkcoQEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADSBFoQ"} @@ -90,7 +90,7 @@ 00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1623229632695852,"flow_src_last_pkt_time":1623229697731607,"flow_dst_last_pkt_time":1623229697742645,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":399,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":399,"flow_dst_tot_l4_payload_len":2325,"midstream":0,"thread_ts_usec":1623229853240025,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 02238{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623229850956311,"flow_src_last_pkt_time":1623229914599193,"flow_dst_last_pkt_time":1623229904370774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":387,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1159,"flow_dst_tot_l4_payload_len":5872,"midstream":0,"thread_ts_usec":1623229914599193,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":3776043.2,"max":10241196,"stddev":4797137.5,"var":23012529143808.0,"ent":3.6,"data": [12234,16624,475,17773,3362,0,21718,0,1169650,1186786,9796,0,24736,0,1031529,1046686,2550,0,18982,0,10158449,10174381,10240180,10240467,10240694,10240443,10239931,10239902,10238718,10240083,10241196]},"pktlen": {"min":104,"avg":324.2,"max":1552,"stddev":431.7,"var":186386.9,"ent":4.1,"data": [112,112,104,490,104,1552,613,104,104,490,104,1552,613,104,104,491,104,1552,614,104,104,104,104,104,104,104,104,104,104,104,104,104]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0],"entropies": [3.854789734,4.239557266,4.034724236,6.314732075,4.338077068,7.042398453,7.244339943,4.381252289,4.362021446,6.303278446,4.335968971,7.031822681,7.242278576,4.270580769,4.335531712,6.231549740,4.350049019,7.030226231,7.237232208,4.342790604,4.323559761,4.400483131,4.426972389,4.400483131,4.426972389,4.362021446,4.426972389,4.335532188,4.388510704,4.400482655,4.426972389,4.400482655]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":22,"flow_first_seen":1623229850956311,"flow_src_last_pkt_time":1623229968257993,"flow_dst_last_pkt_time":1623229968253231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":387,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1159,"flow_dst_tot_l4_payload_len":5872,"midstream":0,"thread_ts_usec":1623229968257993,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.OCSP","proto_id":"7.63","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":344,"packets-processed":344,"total-skipped-flows":0,"total-l4-payload-len":33113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":93,"global_ts_usec":1623229968257993} +00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/ocsp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":344,"packets-processed":344,"total-skipped-flows":0,"total-l4-payload-len":33113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":93,"global_ts_usec":1623229968257993} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 344/344 ~~ skipped flows.............: 0 @@ -99,9 +99,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7797776 bytes -~~ total memory freed........: 7797776 bytes -~~ total allocations/frees...: 146871/146871 +~~ total memory allocated....: 11506251 bytes +~~ total memory freed........: 11506251 bytes +~~ total allocations/frees...: 217125/217125 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 567 chars ~~ json string max len.......: 2301 chars diff --git a/test/results/default/oicq.pcap.out b/test/results/default/oicq.pcap.out index 11ab940f6..639dfa7bb 100644 --- a/test/results/default/oicq.pcap.out +++ b/test/results/default/oicq.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1680268613307049} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1680268613307049} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268613307049,"flow_src_last_pkt_time":1680268613307049,"flow_dst_last_pkt_time":1680268613307049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268613307049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60213,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1680268613307049,"flow_dst_last_pkt_time":1680268613307049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680268613307049,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPScAAH8RGbBak0XSOjwKLes1H0AANIavAjsLAAEAF1YfDHsAAAAAAAAAAAMMlJ+zUQxZy9Un0Z5pU0guyHcIAQMORwM="} 01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268613307049,"flow_src_last_pkt_time":1680268613307049,"flow_dst_last_pkt_time":1680268613307049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268613307049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60213,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -7,12 +7,12 @@ 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1680268913703107,"flow_dst_last_pkt_time":1680268913703107,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680268913703107,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPSgAAH8RGa9ak0XSOjwKLcqsH0AANFdMAjsLAAEAGFYfDHsAAAAAAAAAAJUhAaG8xF21dBTbCxrBaZ+t+aiKzUY1kAM="} 01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268913703107,"flow_src_last_pkt_time":1680268913703107,"flow_dst_last_pkt_time":1680268913703107,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268913703107,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":51884,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268613307049,"flow_src_last_pkt_time":1680268613307049,"flow_dst_last_pkt_time":1680268613307049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268913703107,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60213,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":88,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1680269514154280} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":88,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1680269514154280} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269514154280,"flow_src_last_pkt_time":1680269514154280,"flow_dst_last_pkt_time":1680269514154280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269514154280,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":52991,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1680269514154280,"flow_dst_last_pkt_time":1680269514154280,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680269514154280,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPSkAAH8RGa5ak0XSOjwKLc7\/H0AANPYkAjsLAAEAGVYfDHsAAAAAAAAAAKhtUEIbzHlgMmERsceS0laTgR+KI\/5vkgM="} 01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269514154280,"flow_src_last_pkt_time":1680269514154280,"flow_dst_last_pkt_time":1680269514154280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269514154280,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":52991,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268913703107,"flow_src_last_pkt_time":1680268913703107,"flow_dst_last_pkt_time":1680268913703107,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269514154280,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":51884,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1680270114424358} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1680270114424358} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270114424358,"flow_src_last_pkt_time":1680270114424358,"flow_dst_last_pkt_time":1680270114424358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270114424358,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60288,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1680270114424358,"flow_dst_last_pkt_time":1680270114424358,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680270114424358,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPSoAAH8RGa1ak0XSOjwKLeuAH0AANLaSAjsLAAEAGlYfDHsAAAAAAAAAAHIfgiYehh8JPACfYPLg8l+caYHP9b+9JgM="} 01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270114424358,"flow_src_last_pkt_time":1680270114424358,"flow_dst_last_pkt_time":1680270114424358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270114424358,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60288,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -21,12 +21,12 @@ 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1680270414717786,"flow_dst_last_pkt_time":1680270414717786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680270414717786,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPSsAAH8RGaxak0XSOjwKLdycH0AANEx1AjsLAAEAG1YfDHsAAAAAAAAAANpJfKYT0Ryz+aBUCJQmm3E1JJMTGfDeMAM="} 01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270414717786,"flow_src_last_pkt_time":1680270414717786,"flow_dst_last_pkt_time":1680270414717786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270414717786,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":56476,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270114424358,"flow_src_last_pkt_time":1680270114424358,"flow_dst_last_pkt_time":1680270114424358,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270414717786,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60288,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1680271315336178} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1680271315336178} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271315336178,"flow_src_last_pkt_time":1680271315336178,"flow_dst_last_pkt_time":1680271315336178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271315336178,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":63120,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1680271315336178,"flow_dst_last_pkt_time":1680271315336178,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680271315336178,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPSwAAH8RGaNak0XSOjwKLfaQH0AAPKJVAjsLAAEAHFYfDHsAAAAAAAAAAKF1kSEZtb31Z91P5eVH+3H\/XNRbq1mbBkN1QzOmufZjAw=="} 01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271315336178,"flow_src_last_pkt_time":1680271315336178,"flow_dst_last_pkt_time":1680271315336178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271315336178,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":63120,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270414717786,"flow_src_last_pkt_time":1680270414717786,"flow_dst_last_pkt_time":1680270414717786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271315336178,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":56476,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1680272216023814} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1680272216023814} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272216023814,"flow_src_last_pkt_time":1680272216023814,"flow_dst_last_pkt_time":1680272216023814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272216023814,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":65276,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1680272216023814,"flow_dst_last_pkt_time":1680272216023814,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680272216023814,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPS0AAH8RGapak0XSOjwKLf78H0AANGR+AjsLAAEAHVYfDHsAAAAAAAAAABC\/b\/FaO8NX3ow0SpVuxleAYQpSAJHDrAM="} 01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272216023814,"flow_src_last_pkt_time":1680272216023814,"flow_dst_last_pkt_time":1680272216023814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272216023814,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":65276,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -35,12 +35,12 @@ 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1680272516212933,"flow_dst_last_pkt_time":1680272516212933,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680272516212933,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPS4AAH8RGalak0XSOjwKLf2UH0AANMlWAjsLAAEAHlYfDHsAAAAAAAAAAI+qjiPRJ\/u\/cdGMS8LW+dngAZ0OFZuzPgM="} 01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272516212933,"flow_src_last_pkt_time":1680272516212933,"flow_dst_last_pkt_time":1680272516212933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272516212933,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":64916,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272216023814,"flow_src_last_pkt_time":1680272216023814,"flow_dst_last_pkt_time":1680272216023814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272516212933,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":65276,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1680273116819582} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":360,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1680273116819582} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273116819582,"flow_src_last_pkt_time":1680273116819582,"flow_dst_last_pkt_time":1680273116819582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273116819582,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":49340,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1680273116819582,"flow_dst_last_pkt_time":1680273116819582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680273116819582,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPS8AAH8RGahak0XSOjwKLcC8H0AANKFRAjsLAAEAH1YfDHsAAAAAAAAAAGiC69yGgMUx92oMUP15OHaWEtAFKBJg6gM="} 01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273116819582,"flow_src_last_pkt_time":1680273116819582,"flow_dst_last_pkt_time":1680273116819582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273116819582,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":49340,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272516212933,"flow_src_last_pkt_time":1680272516212933,"flow_dst_last_pkt_time":1680272516212933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273116819582,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":64916,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":404,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1680273717338677} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":404,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1680273717338677} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273717338677,"flow_src_last_pkt_time":1680273717338677,"flow_dst_last_pkt_time":1680273717338677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273717338677,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58434,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1680273717338677,"flow_dst_last_pkt_time":1680273717338677,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680273717338677,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTAAAH8RGadak0XSOjwKLeRCH0AANBEEAjsLAAEAIFYfDHsAAAAAAAAAAOQm9qMvASjhq0T6Cr3RQBjzmxHyj0olfgM="} 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273717338677,"flow_src_last_pkt_time":1680273717338677,"flow_dst_last_pkt_time":1680273717338677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680273717338677,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58434,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -49,12 +49,12 @@ 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1680274017625228,"flow_dst_last_pkt_time":1680274017625228,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680274017625228,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTEAAH8RGaZak0XSOjwKLdgqH0AANBk0AjsLAAEAIVYfDHsAAAAAAAAAALAMY\/61mJRnLdmXH\/a+5XvG93JYzPFyvwM="} 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680274017625228,"flow_src_last_pkt_time":1680274017625228,"flow_dst_last_pkt_time":1680274017625228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274017625228,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55338,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680273717338677,"flow_src_last_pkt_time":1680273717338677,"flow_dst_last_pkt_time":1680273717338677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274017625228,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58434,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":492,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1680274918349074} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":492,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1680274918349074} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680274918349074,"flow_src_last_pkt_time":1680274918349074,"flow_dst_last_pkt_time":1680274918349074,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274918349074,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":54233,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1680274918349074,"flow_dst_last_pkt_time":1680274918349074,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680274918349074,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPTIAAH8RGZ1ak0XSOjwKLdPZH0AAPHdfAjsLAAEAIlYfDHsAAAAAAAAAABJ4YEXvzr3zkL8fAPHU+AaqqxE1nh1DPhgzD2yLU4OaAw=="} 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680274918349074,"flow_src_last_pkt_time":1680274918349074,"flow_dst_last_pkt_time":1680274918349074,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274918349074,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":54233,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680274017625228,"flow_src_last_pkt_time":1680274017625228,"flow_dst_last_pkt_time":1680274017625228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680274918349074,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55338,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":544,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1680275819196595} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":544,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1680275819196595} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275819196595,"flow_src_last_pkt_time":1680275819196595,"flow_dst_last_pkt_time":1680275819196595,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275819196595,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55774,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1680275819196595,"flow_dst_last_pkt_time":1680275819196595,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680275819196595,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTMAAH8RGaRak0XSOjwKLdneH0AANEhvAjsLAAEAI1YfDHsAAAAAAAAAAA7tzaHdQBYXiEP2eDEHbqtlCQx3mvOOQwM="} 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275819196595,"flow_src_last_pkt_time":1680275819196595,"flow_dst_last_pkt_time":1680275819196595,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275819196595,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55774,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -63,12 +63,12 @@ 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1680276119381110,"flow_dst_last_pkt_time":1680276119381110,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680276119381110,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTQAAH8RGaNak0XSOjwKLc23H0AANGQTAjsLAAEAJFYfDHsAAAAAAAAAAH5\/86O6C\/6oc6QtupshFzvfGOzGq1kWMAM="} 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276119381110,"flow_src_last_pkt_time":1680276119381110,"flow_dst_last_pkt_time":1680276119381110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276119381110,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":52663,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275819196595,"flow_src_last_pkt_time":1680275819196595,"flow_dst_last_pkt_time":1680275819196595,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276119381110,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":55774,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":15,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":632,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":14,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_usec":1680276720080049} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":15,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":632,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":14,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_usec":1680276720080049} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276720080049,"flow_src_last_pkt_time":1680276720080049,"flow_dst_last_pkt_time":1680276720080049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276720080049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58797,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1680276720080049,"flow_dst_last_pkt_time":1680276720080049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680276720080049,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTUAAH8RGaJak0XSOjwKLeWtH0AANCNuAjsLAAEAJVYfDHsAAAAAAAAAAOfQosq40rbQVcEHr6+k1HsQqBLVBYy2SwM="} 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276720080049,"flow_src_last_pkt_time":1680276720080049,"flow_dst_last_pkt_time":1680276720080049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276720080049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":58797,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276119381110,"flow_src_last_pkt_time":1680276119381110,"flow_dst_last_pkt_time":1680276119381110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276720080049,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":52663,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":676,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":15,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_usec":1680277320536086} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":676,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":15,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_usec":1680277320536086} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277320536086,"flow_src_last_pkt_time":1680277320536086,"flow_dst_last_pkt_time":1680277320536086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277320536086,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":50315,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1680277320536086,"flow_dst_last_pkt_time":1680277320536086,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680277320536086,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTYAAH8RGaFak0XSOjwKLcSLH0AANDKiAjsLAAEAJlYfDHsAAAAAAAAAABPcV9TW4fy3oyeAa\/WodHk3effNstz6EQM="} 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277320536086,"flow_src_last_pkt_time":1680277320536086,"flow_dst_last_pkt_time":1680277320536086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277320536086,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":50315,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -77,7 +77,7 @@ 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1680277620833862,"flow_dst_last_pkt_time":1680277620833862,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680277620833862,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPTcAAH8RGaBak0XSOjwKLf6LH0AANLaQAjsLAAEAJ1YfDHsAAAAAAAAAANS9Q3kd0FmYWd3Uf+Xg+P4mhn413hSayQM="} 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277620833862,"flow_src_last_pkt_time":1680277620833862,"flow_dst_last_pkt_time":1680277620833862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277620833862,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":65163,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277320536086,"flow_src_last_pkt_time":1680277320536086,"flow_dst_last_pkt_time":1680277320536086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277620833862,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":50315,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":1680278521565201} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":1680278521565201} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278521565201,"flow_src_last_pkt_time":1680278521565201,"flow_dst_last_pkt_time":1680278521565201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278521565201,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59802,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1680278521565201,"flow_dst_last_pkt_time":1680278521565201,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680278521565201,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPTgAAH8RGZdak0XSOjwKLemaH0AAPB4SAjsLAAEAKFYfDHsAAAAAAAAAAKFll4WxNdJzXtLohsymAZ1jNPZvKGZFaXXrxKKKG7vTAw=="} 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278521565201,"flow_src_last_pkt_time":1680278521565201,"flow_dst_last_pkt_time":1680278521565201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278521565201,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59802,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -86,7 +86,7 @@ 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1680279061837712,"flow_dst_last_pkt_time":1680279061837712,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680279061837712,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPTkAAH8RGZZak0XSOjwKLewSH0AAPPJqAjsLAAEAKVYfDHsAAAAAAAAAAJhDGOK9LMdpjjjviAsbixbbc8osj3yMjsE0K023rJnBAw=="} 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279061837712,"flow_src_last_pkt_time":1680279061837712,"flow_dst_last_pkt_time":1680279061837712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279061837712,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60434,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278521565201,"flow_src_last_pkt_time":1680278521565201,"flow_dst_last_pkt_time":1680278521565201,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279061837712,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59802,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":19,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":89,"global_ts_usec":1680279121904368} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":19,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":89,"global_ts_usec":1680279121904368} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279121904368,"flow_src_last_pkt_time":1680279121904368,"flow_dst_last_pkt_time":1680279121904368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279121904368,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60436,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1680279121904368,"flow_dst_last_pkt_time":1680279121904368,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1680279121904368,"pkt":"PJTVQTiBAAwp30Y4CABFAABIPToAAH8RGZ1ak0XSOjwKLewUH0AANBeiAjsLAAEAKlYfDHsAAAAAAAAAABvY2XPSxvc7WnJKZ5fJlh+djy9P\/NTEXwM="} 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279121904368,"flow_src_last_pkt_time":1680279121904368,"flow_dst_last_pkt_time":1680279121904368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279121904368,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":60436,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -129,7 +129,7 @@ 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279662417873,"flow_src_last_pkt_time":1680279662417873,"flow_dst_last_pkt_time":1680279662417873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279662417873,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":49199,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01086{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279542287953,"flow_src_last_pkt_time":1680279542287953,"flow_dst_last_pkt_time":1680279542287953,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279662417873,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":57872,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01086{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279602360361,"flow_src_last_pkt_time":1680279602360361,"flow_dst_last_pkt_time":1680279602360361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279662417873,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59394,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":28,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":1228,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":12,"current-active-flows":3,"total-active-flows":27,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_usec":1680279722494153} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":28,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":1228,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":12,"current-active-flows":3,"total-active-flows":27,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_usec":1680279722494153} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279722494153,"flow_src_last_pkt_time":1680279722494153,"flow_dst_last_pkt_time":1680279722494153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279722494153,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":61163,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1680279722494153,"flow_dst_last_pkt_time":1680279722494153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1680279722494153,"pkt":"PJTVQTiBAAwp30Y4CABFAABQPUIAAH8RGY1ak0XSOjwKLe7rH0AAPKRcAjsLAAEAMlYfDHsAAAAAAAAAANlKD4uzkK+P1FvZR1\/HG2wowc5Ia4pes0u+tN09VwqFAw=="} 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279722494153,"flow_src_last_pkt_time":1680279722494153,"flow_dst_last_pkt_time":1680279722494153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279722494153,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":61163,"dst_port":8000,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} @@ -143,7 +143,7 @@ 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279722494153,"flow_src_last_pkt_time":1680279722494153,"flow_dst_last_pkt_time":1680279722494153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":52,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279962659139,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":61163,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279602360361,"flow_src_last_pkt_time":1680279602360361,"flow_dst_last_pkt_time":1680279602360361,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279962659139,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":59394,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279662417873,"flow_src_last_pkt_time":1680279662417873,"flow_dst_last_pkt_time":1680279662417873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279962659139,"l3_proto":"ip4","src_ip":"90.147.69.210","dst_ip":"58.60.10.45","src_port":49199,"dst_port":8000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OICQ","proto_id":"335","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":29,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":1324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":0,"total-updates":14,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":146,"global_ts_usec":1680279962659139} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/oicq.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":29,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":1324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":0,"total-updates":14,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":146,"global_ts_usec":1680279962659139} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 29/29 ~~ skipped flows.............: 0 @@ -152,9 +152,9 @@ ~~ total active/idle flows...: 29/29 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7827738 bytes -~~ total memory freed........: 7827738 bytes -~~ total allocations/frees...: 146708/146708 +~~ total memory allocated....: 11535909 bytes +~~ total memory freed........: 11535909 bytes +~~ total allocations/frees...: 216962/216962 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 565 chars ~~ json string max len.......: 1091 chars diff --git a/test/results/default/ookla.pcap.out b/test/results/default/ookla.pcap.out index 9394116d6..ebeb72732 100644 --- a/test/results/default/ookla.pcap.out +++ b/test/results/default/ookla.pcap.out @@ -1,4 +1,4 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00743{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":52760463,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":52760463,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52760463,"pkt":"pJGxgjQ5CAAns+YuCABFAAA88ZNAAEAG5yvAqAHAuZ3l9pOeH5CL5\/\/AAAAAAKAC+vCdxwAAAgQFtAQCCArwSR4qAAAAAAEDAwc="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52767367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52767367,"pkt":"CAAns+YupJGxgjQ5CABFAAA8AABAADkG37+5neX2wKgBwB+Qk54VD1Tvi+f\/waAS9KzB8AAAAgQFtAQCCArQXqes8EkeKgEDAwc="} @@ -12,7 +12,7 @@ 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":52803123,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52803123,"pkt":"pJGxgjQ5CAAns+YuCABFAAA07SxAAEAGxSTAqAHAWWBsqsfUH5CQmgkYQm9JZYAQAfaCuwAAAQEICkrfmqSA8vY2"} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":52803891,"pkt":"pJGxgjQ5CAAns+YuCABFAACB7S1AAEAGxNbAqAHAWWBsqsfUH5CQmgkYQm9JZYAYAfa1WgAAAQEICkrfmqSA8vY2EMGp+9vLnmHw2ahVPr\/DnjqEBMpv3qQx14PKFUDQ+Xiem1oDpE25ebBB0o3w7\/CD7T9\/W+RFeHExRQnSnZNpGp1400Jci657f6wCIgo="} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52813624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52813624,"pkt":"CAAns+YupJGxgjQ5CABFAAA0vyZAADkG+ipZYGyqwKgBwB+Qx9RCb0llkJoJZYAQAOODdAAAAQEICoDy9kNK35qk"} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491069108756336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1491069108756336,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108793565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1491069108793565,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="} @@ -30,7 +30,7 @@ 00919{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00760{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00940{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52760463,"flow_src_last_pkt_time":52824399,"flow_dst_last_pkt_time":52783053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1679653269892307} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1679653269892307} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269892307,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269892307,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA8d9tAAEAGx5vAqAGAaBDRDL7WAbvTK4fdAAAAAKAC+vCixQAAAgQFtAQCCAqNuQWwAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269908336,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGRndoENEMwKgBgAG7vtZrVEBX0yuH3qAS\/ohAMAAAAgQFeAQCCApAz3KnjbkFsAEDAw0="} @@ -52,7 +52,7 @@ 01238{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":7,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307021150,"flow_dst_last_pkt_time":1679653307026312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":2446,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307026312,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"8":"DPI (aggressive)"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3":"c279b0189edb9269da7bc43dea5e0c36","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269935522,"flow_dst_last_pkt_time":1679653269948533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1084,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":8,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307034874,"flow_dst_last_pkt_time":1679653307034855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":19822,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"8":"DPI (aggressive)"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":113,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":113,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 113/113 ~~ skipped flows.............: 0 @@ -61,9 +61,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7798209 bytes -~~ total memory freed........: 7798209 bytes -~~ total allocations/frees...: 146558/146558 +~~ total memory allocated....: 11506748 bytes +~~ total memory freed........: 11506748 bytes +~~ total allocations/frees...: 216812/216812 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 520 chars ~~ json string max len.......: 1399 chars diff --git a/test/results/default/openvpn.pcap.out b/test/results/default/openvpn.pcap.out index 493fe7180..6aa534996 100644 --- a/test/results/default/openvpn.pcap.out +++ b/test/results/default/openvpn.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1467904946700231} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1467904946700231} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467904946700231,"flow_dst_last_pkt_time":1467904946700231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467904946700231,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1467904946700231,"flow_dst_last_pkt_time":1467904946700231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1467904946700231,"pkt":"hCYVLjtSAA6OGXEMCABFAAA8ANVAAEAGYbLAqAFNLmXn2ursAbu+lXueAAAAAKACchBbjAAAAgQFtAQCCAoADXtLAAAAAAEDAwE="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1467904946700231,"flow_dst_last_pkt_time":1467904946755145,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1467904946755145,"pkt":"AA6OGXEMhCYVLjtSCABFoAA8AABAADQGbecuZefawKgBTQG76uxsxVWWvpV7n6AScSBx2QAAAgQFtAQCCAoANCgCAA17SwEDAwE="} @@ -8,7 +8,7 @@ 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1467904947700508,"flow_dst_last_pkt_time":1467904947752893,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1467904947752893,"pkt":"AA6OGXEMhCYVLjtSCABFoAA0fZtAADQG8FMuZefawKgBTQG76uxsxVWXvpV7y4AQOJDXpgAAAQEICgA0KPsADXuv"} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467904947700508,"flow_dst_last_pkt_time":1467904947753377,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":56,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1467904947753377,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02307{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467904948037674,"flow_dst_last_pkt_time":1467904948077757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":305,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":869,"flow_dst_tot_l4_payload_len":1940,"midstream":0,"thread_ts_usec":1467904948077757,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":124,"avg":87579.6,"max":997748,"stddev":233509.3,"var":54526590976.0,"ent":2.7,"data": [54914,54953,945324,997748,484,52895,181,76406,76231,41001,2720,125,43907,139,238,305,40498,40497,41001,40993,125,124,261,41001,40990,40292,40328,460,133,578,40117]},"pktlen": {"min":52,"avg":140.3,"max":357,"stddev":75.3,"var":5671.5,"ent":4.8,"data": [60,60,52,96,52,108,52,104,52,357,52,208,196,104,196,196,52,196,208,196,104,196,196,52,196,208,196,104,196,196,52,196]},"bins": {"c_to_s": [6,5,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,1,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,1],"entropies": [4.584255219,5.060977936,4.931210041,5.511040688,5.118428230,5.631525517,4.931210518,5.754630089,5.118428230,5.666812420,5.079966545,5.957755566,6.109939575,5.713871956,6.450070858,6.737315655,4.969671726,6.613219261,6.182499886,6.423310280,5.735399246,6.659830093,6.680945873,4.839769840,6.074276447,6.127354145,6.415046692,5.795508862,6.625069141,6.833714008,5.008133411,6.392446995]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":96,"packets-processed":95,"total-skipped-flows":0,"total-l4-payload-len":9094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1470218591746723} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":96,"packets-processed":95,"total-skipped-flows":0,"total-l4-payload-len":9094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1470218591746723} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218591746723,"flow_dst_last_pkt_time":1470218591746723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470218591746723,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1470218591746723,"flow_dst_last_pkt_time":1470218591746723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1470218591746723,"pkt":"mAyC0zx8AAjKQoXqCABFAABG3rhAAEARTXXAqCsMizuXiaIjNXAAMosJOLAsz\/G18BdPwJFmbjsSS62jkXMxe5OXItH+Y74AAAABV6HBXwAAAAAA"} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1470218591746723,"flow_dst_last_pkt_time":1470218591941902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1470218591941902,"pkt":"AAjKQoXqmAyC0zx8CABFAABSYIhAADIR2ZmLO5eJwKgrDDVwoiMAPhWBQPd\/wu\/b4j9X3sTI1WVNByO\/jAvlQThWMnDPrhMAAAABV6HBXwEAAAAAsCzP8bXwF08AAAAA"} @@ -18,7 +18,7 @@ 00722{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1470218591943377,"flow_dst_last_pkt_time":1470218592119150,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":196,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":196,"pkt_l4_len":162,"thread_ts_usec":1470218592119150,"pkt":"AAjKQoXqmAyC0zx8CABFAAC2YKNAADIR2RqLO5eJwKgrDDVwoiMAohzKIPd\/wu\/b4j9X60eERHhjQN5zfeMCAdw3JKHt7ZoAAAACV6HBXwEAAAABsCzP8bXwF08AAAABFgMDAD4CAAA6AwNhg33pw8JOvroEJqnLpGmzYm+g0be9hVzmVAUEjVB5vQDAMAAAEv8BAAEAAAsABAMAAQIADwABARYDAwWWCwAFkgAFjwACzTCCAskwggGxoAMCAQICAQEwDQ=="} 02312{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218592449269,"flow_dst_last_pkt_time":1470218592448973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":1095,"flow_dst_tot_l4_payload_len":2054,"midstream":0,"thread_ts_usec":1470218592449269,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":395,"avg":45316.0,"max":195816,"stddev":59561.3,"var":3547546112.0,"ent":3.9,"data": [195179,195816,838,177248,176180,535,476,500,395,473,450,98532,98585,29601,29590,19812,19831,411,519,50093,49983,29934,29992,20280,20221,9484,9461,38312,38344,31856,31865]},"pktlen": {"min":70,"avg":126.4,"max":331,"stddev":58.6,"var":3436.1,"ent":4.9,"data": [70,82,78,331,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78]},"bins": {"c_to_s": [0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [5.343287468,5.472147942,5.659653187,5.646926403,5.923888206,5.609391689,6.040631294,5.680029869,6.625756264,5.669331551,6.739820004,5.680030346,6.600285530,5.721633911,6.436116695,5.670351982,6.646757126,5.644711018,6.586377144,5.654388905,6.016889572,5.609391689,6.426263332,5.705670357,6.638464928,5.644710541,6.632380486,5.644710541,6.345944881,5.680030346,6.544235229,5.654388905]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":51,"flow_first_seen":1467904946700231,"flow_src_last_pkt_time":1467905010834916,"flow_dst_last_pkt_time":1467905010834882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":4602,"flow_dst_tot_l4_payload_len":4492,"midstream":0,"thread_ts_usec":1470218600860349,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":179,"packets-processed":178,"total-skipped-flows":0,"total-l4-payload-len":19167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1472334890224928} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":179,"packets-processed":178,"total-skipped-flows":0,"total-l4-payload-len":19167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1472334890224928} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334890224928,"flow_dst_last_pkt_time":1472334890224928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":42,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":42,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1472334890224928,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1472334890224928,"flow_dst_last_pkt_time":1472334890224928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1472334890224928,"pkt":"mAyC0zx8MFLLbJwbCABFAABGe8pAAEARsF3AqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZfF5v2e87DGOeGNd7GPORrKCUl+wAAAABV8IMKgAAAAAA"} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1472334892420816,"flow_dst_last_pkt_time":1472334890224928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1472334892420816,"pkt":"mAyC0zx8MFLLbJwbCABFAABGfNNAAEARr1TAqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZptsOrY2Z8Me\/lrzRmp5vsU3x26QAAAACV8IMKgAAAAAA"} @@ -29,7 +29,7 @@ 02320{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334893134977,"flow_dst_last_pkt_time":1472334893134900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":303,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":1087,"flow_dst_tot_l4_payload_len":1962,"midstream":0,"thread_ts_usec":1472334893134977,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":128,"avg":187742.6,"max":2242452,"stddev":537269.1,"var":288658030592.0,"ent":2.4,"data": [2195888,2242452,46716,128,203103,15136,218070,621,558,521,518,3451,3482,185164,185172,417,398,39454,39467,9396,9396,82274,82279,3757,3775,34199,34189,15722,15714,74305,74299]},"pktlen": {"min":70,"avg":123.3,"max":331,"stddev":58.9,"var":3466.4,"ent":4.9,"data": [70,70,82,78,331,78,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78]},"bins": {"c_to_s": [0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0],"entropies": [5.229001999,5.275360584,5.380565643,5.531448364,5.602619648,5.454524517,5.838843346,5.558109283,6.079430580,5.548431396,6.588905811,5.542146206,6.663234234,5.567787170,6.550342560,5.532467842,6.371866703,5.558108807,6.659762859,5.532467842,6.541461945,5.593428135,5.988543987,5.567787170,6.300799370,5.583750248,6.642903805,5.567787170,6.638377190,5.532467842,6.413649559,5.583750248]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":34,"flow_first_seen":1470218591746723,"flow_src_last_pkt_time":1470218600860349,"flow_dst_last_pkt_time":1470218600859207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1172,"flow_dst_max_l4_payload_len":154,"flow_src_tot_l4_payload_len":5802,"flow_dst_tot_l4_payload_len":4271,"midstream":0,"thread_ts_usec":1472334896789781,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":62,"flow_dst_packets_processed":58,"flow_first_seen":1472334890224928,"flow_src_last_pkt_time":1472334909464448,"flow_dst_last_pkt_time":1472334909465454,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1172,"flow_dst_max_l4_payload_len":1245,"flow_src_tot_l4_payload_len":8904,"flow_dst_tot_l4_payload_len":14228,"midstream":0,"thread_ts_usec":1472334909465454,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"OpenVPN","proto_id":"159","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":298,"packets-processed":298,"total-skipped-flows":0,"total-l4-payload-len":42299,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1472334909465454} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/openvpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":298,"packets-processed":298,"total-skipped-flows":0,"total-l4-payload-len":42299,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1472334909465454} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 298/298 ~~ skipped flows.............: 0 @@ -38,9 +38,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7781761 bytes -~~ total memory freed........: 7781761 bytes -~~ total allocations/frees...: 146693/146693 +~~ total memory allocated....: 11490348 bytes +~~ total memory freed........: 11490348 bytes +~~ total allocations/frees...: 216947/216947 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 545 chars ~~ json string max len.......: 2325 chars diff --git a/test/results/default/opera-vpn.pcapng.out b/test/results/default/opera-vpn.pcapng.out new file mode 100644 index 000000000..dfbd1cb45 --- /dev/null +++ b/test/results/default/opera-vpn.pcapng.out @@ -0,0 +1,633 @@ +00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1694275752994885} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275752994885,"flow_src_last_pkt_time":1694275752994885,"flow_dst_last_pkt_time":1694275752994885,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275752994885,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51398,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1694275752994885,"flow_dst_last_pkt_time":1694275752994885,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275752994885,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjGAbuXrZxyAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKE5KNpgAAAAAEAgAA"} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753007782,"flow_src_last_pkt_time":1694275753007782,"flow_dst_last_pkt_time":1694275753007782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753007782,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753007782,"flow_dst_last_pkt_time":1694275753007782,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753007782,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjHAbt4TqO0AAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKJksthwAAAAAEAgAA"} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753008024,"flow_src_last_pkt_time":1694275753008024,"flow_dst_last_pkt_time":1694275753008024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753008024,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51400,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753008024,"flow_dst_last_pkt_time":1694275753008024,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753008024,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjIAbua4gaiAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKsEmNXQAAAAAEAgAA"} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753008266,"flow_src_last_pkt_time":1694275753008266,"flow_dst_last_pkt_time":1694275753008266,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753008266,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51401,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753008266,"flow_dst_last_pkt_time":1694275753008266,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753008266,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjJAbujVq2aAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKp7WUUgAAAAAEAgAA"} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753008511,"flow_src_last_pkt_time":1694275753008511,"flow_dst_last_pkt_time":1694275753008511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753008511,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753008511,"flow_dst_last_pkt_time":1694275753008511,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753008511,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjKAbs\/5uDaAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKN2wSgQAAAAAEAgAA"} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753008755,"flow_src_last_pkt_time":1694275753008755,"flow_dst_last_pkt_time":1694275753008755,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753008755,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51403,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753008755,"flow_dst_last_pkt_time":1694275753008755,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753008755,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjLAbssMuJfAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKftuNFAAAAAAEAgAA"} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753008879,"flow_src_last_pkt_time":1694275753008879,"flow_dst_last_pkt_time":1694275753008879,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753008879,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753008879,"flow_dst_last_pkt_time":1694275753008879,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753008879,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjMAbs5XwxfAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK53msZgAAAAAEAgAA"} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753009120,"flow_src_last_pkt_time":1694275753009120,"flow_dst_last_pkt_time":1694275753009120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753009120,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51405,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753009120,"flow_dst_last_pkt_time":1694275753009120,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753009120,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjNAbvi63bCAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKc0eleQAAAAAEAgAA"} +00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753009419,"flow_src_last_pkt_time":1694275753009419,"flow_dst_last_pkt_time":1694275753009419,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753009419,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753009419,"flow_dst_last_pkt_time":1694275753009419,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753009419,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjOAbsSQKX7AAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKb6xZ3gAAAAAEAgAA"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753009538,"flow_src_last_pkt_time":1694275753009538,"flow_dst_last_pkt_time":1694275753009538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753009538,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51407,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753009538,"flow_dst_last_pkt_time":1694275753009538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753009538,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjPAbtNFNYqAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKSkMm1gAAAAAEAgAA"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753009698,"flow_src_last_pkt_time":1694275753009698,"flow_dst_last_pkt_time":1694275753009698,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753009698,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753009698,"flow_dst_last_pkt_time":1694275753009698,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753009698,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjQAbv7UAhZAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKGyigvgAAAAAEAgAA"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753009947,"flow_src_last_pkt_time":1694275753009947,"flow_dst_last_pkt_time":1694275753009947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753009947,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753009947,"flow_dst_last_pkt_time":1694275753009947,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753009947,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjRAbuZlc4bAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKyzhotAAAAAAEAgAA"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753010186,"flow_src_last_pkt_time":1694275753010186,"flow_dst_last_pkt_time":1694275753010186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753010186,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753010186,"flow_dst_last_pkt_time":1694275753010186,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753010186,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjSAbsaUzyLAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKUIIIAAAAAAAEAgAA"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753010306,"flow_src_last_pkt_time":1694275753010306,"flow_dst_last_pkt_time":1694275753010306,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753010306,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753010306,"flow_dst_last_pkt_time":1694275753010306,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753010306,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjTAbu4aAnUAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKGBnucgAAAAAEAgAA"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753010307,"flow_src_last_pkt_time":1694275753010307,"flow_dst_last_pkt_time":1694275753010307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753010307,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753010307,"flow_dst_last_pkt_time":1694275753010307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753010307,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjUAbtPXEsAAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKU+\/29AAAAAAEAgAA"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753010458,"flow_src_last_pkt_time":1694275753010458,"flow_dst_last_pkt_time":1694275753010458,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753010458,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753010458,"flow_dst_last_pkt_time":1694275753010458,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753010458,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjVAbtX1BDNAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKd0UzngAAAAAEAgAA"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753010578,"flow_src_last_pkt_time":1694275753010578,"flow_dst_last_pkt_time":1694275753010578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753010578,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51414,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753010578,"flow_dst_last_pkt_time":1694275753010578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753010578,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjWAbs4tAdsAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKKhNAmgAAAAAEAgAA"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753010697,"flow_src_last_pkt_time":1694275753010697,"flow_dst_last_pkt_time":1694275753010697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753010697,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51415,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753010697,"flow_dst_last_pkt_time":1694275753010697,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753010697,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjXAbtIZ0iBAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKIzJi6QAAAAAEAgAA"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753010817,"flow_src_last_pkt_time":1694275753010817,"flow_dst_last_pkt_time":1694275753010817,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753010817,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753010817,"flow_dst_last_pkt_time":1694275753010817,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753010817,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjYAbu5Z+2KAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKpAoZ6gAAAAAEAgAA"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753010935,"flow_src_last_pkt_time":1694275753010935,"flow_dst_last_pkt_time":1694275753010935,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753010935,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51417,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753010935,"flow_dst_last_pkt_time":1694275753010935,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753010935,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjZAbtZMflMAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKQaLZHQAAAAAEAgAA"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753011053,"flow_dst_last_pkt_time":1694275753011053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753011053,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51418,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753011053,"flow_dst_last_pkt_time":1694275753011053,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753011053,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjaAbtYJFV7AAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKJNcyngAAAAAEAgAA"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753011053,"flow_dst_last_pkt_time":1694275753011053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753011053,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753011053,"flow_dst_last_pkt_time":1694275753011053,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753011053,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjbAbuOySM9AAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKI4KHlQAAAAAEAgAA"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753011171,"flow_src_last_pkt_time":1694275753011171,"flow_dst_last_pkt_time":1694275753011171,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753011171,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753011171,"flow_dst_last_pkt_time":1694275753011171,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753011171,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjcAbtdIhCtAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK9mbQ4AAAAAAEAgAA"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753011291,"flow_src_last_pkt_time":1694275753011291,"flow_dst_last_pkt_time":1694275753011291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753011291,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51421,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753011291,"flow_dst_last_pkt_time":1694275753011291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753011291,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjdAbunjO\/XAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKaCqKPAAAAAAEAgAA"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753011292,"flow_src_last_pkt_time":1694275753011292,"flow_dst_last_pkt_time":1694275753011292,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753011292,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51422,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753011292,"flow_dst_last_pkt_time":1694275753011292,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753011292,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjeAbsmlThLAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKvXC9agAAAAAEAgAA"} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753011411,"flow_src_last_pkt_time":1694275753011411,"flow_dst_last_pkt_time":1694275753011411,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753011411,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51423,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753011411,"flow_dst_last_pkt_time":1694275753011411,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753011411,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjfAbtXqe8HAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK6CBmeAAAAAAEAgAA"} +00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1694275752994885,"flow_dst_last_pkt_time":1694275753023076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753023076,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yMYj3Z30l62cc6AS\/oghkgAAAgQFrAQCCAqZASa0E5KNpgEDAwc="} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753023141,"flow_dst_last_pkt_time":1694275753023076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753023141,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjGAbuXrZxzI92d9YAQCBYGoQAAAQEIChOSjcOZASa0"} +01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753023424,"flow_dst_last_pkt_time":1694275753023076,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753023424,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjGAbuXrZxzI92d9YAYCBYIpgAAAQEIChOSjcOZASa0FgMBAgABAAH8AwODTQ+x0ACNPOHtoKai4yCZQ20u2rDfUoEQwogUwdnnMSB8yEYE1qAtbbSGJViXkvsb6YZ5S2BjaSvP5J7n1VDmMgAgKioTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT6uoAAAASAABEaQAFAAMCaDIAMwArAClaWgABAAAdACAvd0922QaYg2tEMSKwr6XMiszOHEkrNy\/\/MmfZeGkgZwAQAA4ADAJoMghodHRwLzEuMQArAAcGCgoDBAMDAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAFAAUBAAAAAAALAAIBAAAtAAIBAQAXAAAAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AIwAAABsAAwIAAv8BAAEAAAoACgAIWloAHQAXABgqKgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275752994885,"flow_src_last_pkt_time":1694275753023424,"flow_dst_last_pkt_time":1694275753023076,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753023424,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51398,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"b96f72c556a76c5b13acec3b59f520dd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753007782,"flow_dst_last_pkt_time":1694275753035867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753035867,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yMcH4P5HeE6jtaAS\/ohCrwAAAgQFrAQCCAqZASbDJksthwEDAwc="} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753035983,"flow_dst_last_pkt_time":1694275753035867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753035983,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjHAbt4TqO1B+D+SIAQCBYGoQAAAQEICiZLLaOZASbD"} +01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753036367,"flow_dst_last_pkt_time":1694275753035867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753036367,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjHAbt4TqO1B+D+SIAYCBYIpgAAAQEICiZLLaOZASbDFgMBAgABAAH8AwMSE63FkdokmS+Fz8J0CVx\/C3da+56yXF5P+Uw6YnyBDSA5HiMw+\/OHzDUauhyPJ8JlfxwOlPgeWiegDyX+TF4QegAgqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAArAAcGmpoDBAMDRGkABQADAmgyAAUABQEAAAAAABAADgAMAmgyCGh0dHAvMS4xAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tABsAAwIAAgASAAAAIwAAAAoACgAIenoAHQAXABgADQASABAEAwgEBAEFAwgFBQEIBgYBAC0AAgEBAAsAAgEAADMAKwApenoAAQAAHQAg0pSGgcpOxt7X6rYDm+drJz1synalQGrhfKxLDUGgQgz\/AQABAAAXAADq6gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753007782,"flow_src_last_pkt_time":1694275753036367,"flow_dst_last_pkt_time":1694275753035867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753036367,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"485d321608abf60490d88c6b010221af","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753008024,"flow_dst_last_pkt_time":1694275753037252,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753037252,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yMgmGyyumuIGo6AS\/oiGtAAAAgQFrAQCCAqZASbFsEmNXQEDAwc="} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753037353,"flow_dst_last_pkt_time":1694275753037252,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753037353,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjIAbua4gajJhssr4AQCBYGoQAAAQEICrBJjXuZASbF"} +01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753037849,"flow_dst_last_pkt_time":1694275753037252,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753037849,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjIAbua4gajJhssr4AYCBYIpgAAAQEICrBJjXuZASbFFgMBAgABAAH8AwNL+atkM8wKSpDJQgNkwvRuXFo5ydk4Igg3EuddtJLY7yByKo1r+sVL5cokBL0V0OYFfUW3PxzvfUOEyYkhdywPlAAg+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTiooAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEABQAFAQAAAAAAFwAAAAsAAgEAAC0AAgEBAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tADMAKwAp+voAAQAAHQAg756NKqB\/Cf7tOGZ3m5gi5e1ynLLv\/BExgsR5ICRQX3kAEgAAACsABwba2gMEAwNEaQAFAAMCaDL\/AQABAAAKAAoACPr6AB0AFwAYACMAAAAQAA4ADAJoMghodHRwLzEuMQAbAAMCAAJ6egABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753008024,"flow_src_last_pkt_time":1694275753037849,"flow_dst_last_pkt_time":1694275753037252,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753037849,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51400,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"f40971697b0dd2827eea54ea65d19395","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753008266,"flow_dst_last_pkt_time":1694275753038325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753038325,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yMlbRPVio1atm6AS\/ojbBgAAAgQFrAQCCAqZASbGp7WUUgEDAwc="} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753038405,"flow_dst_last_pkt_time":1694275753038325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753038405,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjJAbujVq2bW0T1Y4AQCBYGoQAAAQEICqe1lHGZASbG"} +01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753038526,"flow_dst_last_pkt_time":1694275753038325,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753038526,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjJAbujVq2bW0T1Y4AYCBYIpgAAAQEICqe1lHGZASbGFgMBAgABAAH8AwPINUOA2GBWs7l8JGHdrNIJ0Uc7JZgPZ5k\/k3OtGj+eIyAUrYEo9rKtJRIFyLLtmPNIQtJuBl6QEVv+VdhQc8DBGgAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTysoAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAFwAAACsABwaamgMEAwNEaQAFAAMCaDIAGwADAgACAAoACgAIGhoAHQAXABgAMwArACkaGgABAAAdACDQ8zz5gxphaeZkXBsb0YhVONREHtsxuDVSaX2PA1ezPf8BAAEAAC0AAgEBAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tAAUABQEAAAAAACMAAAALAAIBAAAQAA4ADAJoMghodHRwLzEuMQASAAAqKgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753008266,"flow_src_last_pkt_time":1694275753038526,"flow_dst_last_pkt_time":1694275753038325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753038526,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51401,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"310fa0bcc8223ddf7149498a30f17097","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753008755,"flow_dst_last_pkt_time":1694275753039487,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753039487,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yMuguxaSLDLiYKAS\/ojm1AAAAgQFrAQCCAqZASbHftuNFAEDAwc="} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753039543,"flow_dst_last_pkt_time":1694275753039487,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753039543,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjLAbssMuJgoLsWk4AQCBYGoQAAAQEICn7bjTOZASbH"} +01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753039664,"flow_dst_last_pkt_time":1694275753039487,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753039664,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjLAbssMuJgoLsWk4AYCBYIpgAAAQEICn7bjTOZASbHFgMBAgABAAH8AwPwEt+gNZnrB+aqiYIbe4IdBRBT3gEEXfKmvq+9HWPLuCAyVaRgFk9ZybocjjzMo77JnwemW4KFcWHoPEVQFhebawAgKioTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTWloAAAAzACsAKRoaAAEAAB0AIHZUkt\/t5KT6AL2QB6\/FZxAyMlpiMZco5gfZAuyaOXJQABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAARGkABQADAmgyAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tAAsAAgEAABIAAAAjAAAACgAKAAgaGgAdABcAGAANABIAEAQDCAQEAQUDCAUFAQgGBgH\/AQABAAArAAcGamoDBAMDABcAAAAtAAIBAQAbAAMCAAK6ugABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753008755,"flow_src_last_pkt_time":1694275753039664,"flow_dst_last_pkt_time":1694275753039487,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753039664,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51403,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"58c47ed77ccd0602805bfe75ed4283ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753008879,"flow_dst_last_pkt_time":1694275753040749,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753040749,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yMyG7XXhOV8MYKAS\/ojiNAAAAgQFrAQCCAqZASbI53msZgEDAwc="} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753040797,"flow_dst_last_pkt_time":1694275753040749,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753040797,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjMAbs5Xwxghu114oAQCBYGoQAAAQEICud5rIaZASbI"} +01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753040918,"flow_dst_last_pkt_time":1694275753040749,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753040918,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjMAbs5Xwxghu114oAYCBYIpgAAAQEICud5rIaZASbIFgMBAgABAAH8AwP+LPLxj64daGunqxMwea5XKyiqIejJs9Y\/tVcQ5KNiISBXKUGB9lbjOGpaf+D09e7T5JroyL0f\/Ic5fdvWC0+MLgAgmpoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTiooAAAAFAAUBAAAAAAAtAAIBAQALAAIBAAAzACsAKWpqAAEAAB0AILfHsd6xyChl6k6BdLw4o6eco5HOeLHqqYlLnIcBPa8EABAADgAMAmgyCGh0dHAvMS4xABcAAAAbAAMCAAIACgAKAAhqagAdABcAGAAjAAAAEgAAACsABwZqagMEAwNEaQAFAAMCaDIAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20ADQASABAEAwgEBAEFAwgFBQEIBgYB\/wEAAQCamgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753008879,"flow_src_last_pkt_time":1694275753040918,"flow_dst_last_pkt_time":1694275753040749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753040918,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"afd51562845a41020a43e5d659f59308","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753009120,"flow_dst_last_pkt_time":1694275753042084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753042084,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yM20aXnn4ut2w6AS\/ogX4AAAAgQFrAQCCAqZASbJc0eleQEDAwc="} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753042116,"flow_dst_last_pkt_time":1694275753042084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753042116,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjNAbvi63bDtGl56IAQCBYGoQAAAQEICnNHpZqZASbJ"} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753009419,"flow_dst_last_pkt_time":1694275753042241,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753042241,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yM5b1aswEkCl\/KAS\/ogv0gAAAgQFrAQCCAqZASbKb6xZ3gEDAwc="} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753042269,"flow_dst_last_pkt_time":1694275753042241,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753042269,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjOAbsSQKX8W9WrMYAQCBYGoQAAAQEICm+sWf+ZASbK"} +01243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753042084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753042389,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjNAbvi63bDtGl56IAYCBYIpgAAAQEICnNHpZqZASbJFgMBAgABAAH8AwMNDmGJBtZJmmErQ1OYvrDi0OdB6KpoapreMQC7zYf26CAU2q6RLazLBRLbB1KDiXaYm4um8f86s1k9C\/yNg94kNAAgCgoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTiooAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEACwACAQAABQAFAQAAAAD\/AQABAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAjAAAAEgAAAC0AAgEBAAoACgAI6uoAHQAXABgAEAAOAAwCaDIIaHR0cC8xLjEAKwAHBrq6AwQDA0RpAAUAAwJoMgAbAAMCAAIAFwAAADMAKwAp6uoAAQAAHQAgR0wxtwpaB6jhdQtUUT0IbQRFlDhx4xM2r7W+zvSD8nO6ugABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753009120,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753042084,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753042389,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51405,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"44f9748950032beeac19dc7e2f233d77","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +01241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753042241,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753042389,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjOAbsSQKX8W9WrMYAYCBYIpgAAAQEICm+sWf+ZASbKFgMBAgABAAH8AwOf6G+piJ4EhpBoR6DjY1pXjhWeeBntMMEgc5THmSYHuiCcbUl9kHjWraAmyxNgZHE3pI7NjnPw5asZviecBH3KTAAg6uoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT2toAAAAtAAIBAURpAAUAAwJoMv8BAAEAAAoACgAI6uoAHQAXABgACwACAQAAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AMwArACnq6gABAAAdACBb78AgaBMHOaxwOTME+QtKdoakjvtm8m8nD990kSRUJAAbAAMCAAIADQASABAEAwgEBAEFAwgFBQEIBgYBABcAAAAjAAAAEgAAABAADgAMAmgyCGh0dHAvMS4xACsABwYqKgMEAwMABQAFAQAAAADq6gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753009419,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753042241,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753042389,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51406,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"31c32357f806723eb0eaab101578edf5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753008511,"flow_dst_last_pkt_time":1694275753043578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753043578,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yMoGnMmSP+bg26AS\/oh9yQAAAgQFrAQCCAqZASbGN2wSgQEDAwc="} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753043612,"flow_dst_last_pkt_time":1694275753043578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753043612,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjKAbs\/5uDbBpzJk4AQCBYGoQAAAQEICjdsEqWZASbG"} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753009698,"flow_dst_last_pkt_time":1694275753043705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753043705,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yNDMQDF5+1AIWqAS\/oj7TwAAAgQFrAQCCAqZASbMGyigvgEDAwc="} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753043732,"flow_dst_last_pkt_time":1694275753043705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753043732,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjQAbv7UAhazEAxeoAQCBYGoQAAAQEIChsooOGZASbM"} +01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753043733,"flow_dst_last_pkt_time":1694275753043578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753043733,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjKAbs\/5uDbBpzJk4AYCBYIpgAAAQEICjdsEqWZASbGFgMBAgABAAH8AwNFaTjBublFWhGwAFZAZxaOlxmdLUShYTjMNZ3d05zLRSB3Duoyp3gJDGUGPK4u0uFbMxJoQDCwT0VzvB6AUDm38gAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTqqoAAAALAAIBAP8BAAEAAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAtAAIBAURpAAUAAwJoMgAXAAAAMwArACnq6gABAAAdACDlADbl3fS2mH4GGaZWehOfQJTYFIOUOtRFCvFtCzFuNAAjAAAACgAKAAjq6gAdABcAGAAQAA4ADAJoMghodHRwLzEuMQASAAAAGwADAgACAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tACsABwa6ugMEAwOamgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753008511,"flow_src_last_pkt_time":1694275753043733,"flow_dst_last_pkt_time":1694275753043578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753043733,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51402,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"e415684488869452bd654e636a258ffc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753043852,"flow_dst_last_pkt_time":1694275753043705,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753043852,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjQAbv7UAhazEAxeoAYCBYIpgAAAQEIChsooOGZASbMFgMBAgABAAH8AwOQv40HvKuMY4T6dlmnD82RO8BDnsMdRsS4j5jvovKSfSCEZs8aZ4vmBrKxVDXepvEE9hFF21Fj9eO6NwGk5RgdYQAg+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAbAAMCAAL\/AQABAAALAAIBAAAXAAAAEgAAACsABwYqKgMEAwMABQAFAQAAAAAAEAAOAAwCaDIIaHR0cC8xLjEAIwAAAAoACgAI+voAHQAXABgALQACAQEAMwArACn6+gABAAAdACCuux4wuDlWUU1SvOvMtlp8m5VPG\/MGFM9oAB84+LhXKQANABIAEAQDCAQEAQUDCAUFAQgGBgFEaQAFAAMCaDIAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb22KigABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753009698,"flow_src_last_pkt_time":1694275753043852,"flow_dst_last_pkt_time":1694275753043705,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753043852,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"0915bf8869a023d47778f806f5d3b256","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753010306,"flow_dst_last_pkt_time":1694275753045777,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753045777,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yNPKGUHquGgJ1aAS\/ojjyQAAAgQFrAQCCAqZASbNGBnucgEDAwc="} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753045813,"flow_dst_last_pkt_time":1694275753045777,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753045813,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjTAbu4aAnVyhlB64AQCBYGoQAAAQEIChgZ7paZASbN"} +01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753045932,"flow_dst_last_pkt_time":1694275753045777,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753045932,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjTAbu4aAnVyhlB64AYCBYIpgAAAQEIChgZ7paZASbNFgMBAgABAAH8AwMIfToIxgvtsOokeLWwcfJnl89I6TXHwvA9lkxtxdJRoCCKCJx9vw+6RjES4iyp9Hb6uov2pqaoehhVFoKuaOT3xQAgenoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT2toAAAALAAIBAP8BAAEAAAUABQEAAAAAADMAKwApuroAAQAAHQAg8tuuDvktetRD6XgEZnKXyOGidOwSP5INl3x42Qs+XR4ADQASABAEAwgEBAEFAwgFBQEIBgYBABcAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQArAAcG6uoDBAMDACMAAAAtAAIBAQASAAAAGwADAgACAAoACgAIuroAHQAXABgAEAAOAAwCaDIIaHR0cC8xLjFEaQAFAAMCaDLKygABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010306,"flow_src_last_pkt_time":1694275753045932,"flow_dst_last_pkt_time":1694275753045777,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753045932,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"5ba1797d57b7ba42ce82582e43b0217f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753047174,"flow_src_last_pkt_time":1694275753047174,"flow_dst_last_pkt_time":1694275753047174,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753047174,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753047174,"flow_dst_last_pkt_time":1694275753047174,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753047174,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjgAbscW7MpAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKdtb7VQAAAAAEAgAA"} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753010307,"flow_dst_last_pkt_time":1694275753047438,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753047438,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yNQr+nh1T1xLAaAS\/ogu5QAAAgQFrAQCCAqZASbNU+\/29AEDAwc="} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753047496,"flow_dst_last_pkt_time":1694275753047438,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753047496,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjUAbtPXEsBK\/p4doAQCBYGoQAAAQEIClPv9xmZASbN"} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753009947,"flow_dst_last_pkt_time":1694275753047588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753047588,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yNFQTSbJmZXOHKAS\/oil5AAAAgQFrAQCCAqZASbMyzhotAEDAwc="} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753047616,"flow_dst_last_pkt_time":1694275753047588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753047616,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjRAbuZlc4cUE0myoAQCBYGoQAAAQEICss4aNmZASbM"} +01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753047616,"flow_dst_last_pkt_time":1694275753047438,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753047616,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjUAbtPXEsBK\/p4doAYCBYIpgAAAQEIClPv9xmZASbNFgMBAgABAAH8AwMB2sF+yhJjs9sO7yHO3piZckUy825XFmsqs61DnTQJYiAiu6fmxWrAQIweNv1GgBOn6P0+NCZM5TzkfL7YKoxe5wAguroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTWloAAAAjAAAALQACAQH\/AQABAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAbAAMCAAIAEAAOAAwCaDIIaHR0cC8xLjEAFwAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAFAAUBAAAAAAAKAAoACLq6AB0AFwAYADMAKwApuroAAQAAHQAg++99Ni5egRa0nYqeIqU3vDp9vh5Litm18Dznkzrh9zBEaQAFAAMCaDIAKwAHBtraAwQDAwASAAAACwACAQAaGgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010307,"flow_src_last_pkt_time":1694275753047616,"flow_dst_last_pkt_time":1694275753047438,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753047616,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"5c72c0972b0ef2b8d71f00feaa086760","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753047738,"flow_dst_last_pkt_time":1694275753047588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753047738,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjRAbuZlc4cUE0myoAYCBYIpgAAAQEICss4aNmZASbMFgMBAgABAAH8AwPQKCTMtar9KWwPdnulStaKry7mdCnrGzSwrgYr4WvxZCAFRu6M\/foVK+qr6Lz7k89D\/oD+ws9jnzZWxiwmtoZFNQAgmpoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTuroAAAAtAAIBAQASAAAAMwArACkqKgABAAAdACA57Q6RPcAtbfJLjsgbHWfKpAyExg39eh81Z3FTy29bMQALAAIBAERpAAUAAwJoMgAQAA4ADAJoMghodHRwLzEuMQAbAAMCAAIACgAKAAgqKgAdABcAGP8BAAEAAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAFAAUBAAAAAAAjAAAAFwAAACsABwZ6egMEAwOqqgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753009947,"flow_src_last_pkt_time":1694275753047738,"flow_dst_last_pkt_time":1694275753047588,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753047738,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"6bfdc9fce41022f28ac0de368e7164cc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753010578,"flow_dst_last_pkt_time":1694275753047740,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753047740,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yNbs0zQVOLQHbaAS\/ojs2gAAAgQFrAQCCAqZASbPKhNAmgEDAwc="} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753047858,"flow_dst_last_pkt_time":1694275753047740,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753047858,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjWAbs4tAdt7NM0FoAQCBYGoQAAAQEICioTQL+ZASbP"} +01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753047858,"flow_dst_last_pkt_time":1694275753047740,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753047858,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjWAbs4tAdt7NM0FoAYCBYIpgAAAQEICioTQL+ZASbPFgMBAgABAAH8AwO\/SkqFuTWKi3mCEUyoc\/hGYcyI\/Qf9TigwoYNTlyTC4iASbztcX0CmhjH3p2dGNgz3xzfHcl+zrympB8AgENMckwAg6uoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTmpoAAAAFAAUBAAAAAAAjAAAAKwAHBqqqAwQDAwAzACsAKSoqAAEAAB0AIG\/NOpJYBc6aA0lg5ELFLYFNUPj2SX8UNj+HBFZ29H1qABAADgAMAmgyCGh0dHAvMS4xAC0AAgEBABIAAP8BAAEAAAsAAgEAABcAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAbAAMCAAJEaQAFAAMCaDIACgAKAAgqKgAdABcAGAANABIAEAQDCAQEAQUDCAUFAQgGBgGKigABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010578,"flow_src_last_pkt_time":1694275753047858,"flow_dst_last_pkt_time":1694275753047740,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753047858,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51414,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"353b63511e111884c0a2ae1b74da2093","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753010458,"flow_dst_last_pkt_time":1694275753047901,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753047901,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yNU5JMQRV9QQzqAS\/oin1wAAAgQFrAQCCAqZASbPd0UzngEDAwc="} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753047978,"flow_dst_last_pkt_time":1694275753047901,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753047978,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjVAbtX1BDOOSTEEoAQCBYGoQAAAQEICndFM8OZASbP"} +01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753047978,"flow_dst_last_pkt_time":1694275753047901,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753047978,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjVAbtX1BDOOSTEEoAYCBYIpgAAAQEICndFM8OZASbPFgMBAgABAAH8AwMv17p7QO01CmQfP4tcGhTiyyixNtDYALe950LvoHGLsCCh4VVk89bhJNBp9Qyqmnx4SYsMnuqYPDpfYDL7ZYByxwAg6uoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTmpoAAAAXAAAAEgAAAAsAAgEAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAKAAoACJqaAB0AFwAYRGkABQADAmgyAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tADMAKwApmpoAAQAAHQAgrpLZ6NnlZU7SeavXLLzI2APqBFL8EcTd\/Dp0HJByrUYAIwAAAAUABQEAAAAAAC0AAgEBABsAAwIAAgAQAA4ADAJoMghodHRwLzEuMQArAAcGGhoDBAMD\/wEAAQDKygABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010458,"flow_src_last_pkt_time":1694275753047978,"flow_dst_last_pkt_time":1694275753047901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753047978,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51413,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"65e9700415d3b43581aa12e23afbfd7e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753010697,"flow_dst_last_pkt_time":1694275753048063,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753048063,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yNfa6s+ESGdIgqAS\/oj3HAAAAgQFrAQCCAqZASbPIzJi6QEDAwc="} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753048099,"flow_dst_last_pkt_time":1694275753048063,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753048099,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjXAbtIZ0iC2urPhYAQCBYGoQAAAQEICiMyYw6ZASbP"} +01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753048216,"flow_dst_last_pkt_time":1694275753048063,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753048216,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjXAbtIZ0iC2urPhYAYCBYIpgAAAQEICiMyYw+ZASbPFgMBAgABAAH8AwNwDHRb28PFRG1pS1eGVYauky58duCRF+nMX4qdEPychiBDFJ5R7oZjvR0zUkO4u\/0jRYDJxjF1YIoHvaA+6iCPeQAgmpoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTuroAAAAzACsAKVpaAAEAAB0AIJ21zSXxECoIEa6sRsbwMdqNPjqa5rmPQ2SJonle79ln\/wEAAQAABQAFAQAAAAAAEgAAABsAAwIAAgALAAIBAAAQAA4ADAJoMghodHRwLzEuMQANABIAEAQDCAQEAQUDCAUFAQgGBgEACgAKAAhaWgAdABcAGAAtAAIBAQAjAABEaQAFAAMCaDIAFwAAACsABwZKSgMEAwMAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb23q6gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010697,"flow_src_last_pkt_time":1694275753048216,"flow_dst_last_pkt_time":1694275753048063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753048216,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51415,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"409bb955d02abe4c9736d1184814780d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753010935,"flow_dst_last_pkt_time":1694275753049606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753049606,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yNk\/HlZrWTH5TaAS\/oi1xQAAAgQFrAQCCAqZASbQQaLZHQEDAwc="} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753049683,"flow_dst_last_pkt_time":1694275753049606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753049683,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjZAbtZMflNPx5WbIAQCBYGoQAAAQEICkGi2UWZASbQ"} +01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753049809,"flow_dst_last_pkt_time":1694275753049606,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753049809,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjZAbtZMflNPx5WbIAYCBYIpgAAAQEICkGi2UWZASbQFgMBAgABAAH8AwOf4L+M9VsMAw07XGu8mlwh4raoIQAB4\/aHJJ9sM\/lSxiBQL16L++zX0YI3F3dOSGCf73x0eg+xMNP0ki5OTSwv0gAg6uoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT+voAAAAFAAUBAAAAAAAXAAAAGwADAgACAAsAAgEAABAADgAMAmgyCGh0dHAvMS4x\/wEAAQAAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AKwAHBjo6AwQDAwAKAAoACMrKAB0AFwAYRGkABQADAmgyADMAKwApysoAAQAAHQAgFUPcsRPAGw\/TTJJWBRmA\/mr1CyYAzYmUivP66dm0hxIALQACAQEADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAjAADa2gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010935,"flow_src_last_pkt_time":1694275753049809,"flow_dst_last_pkt_time":1694275753049606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753049809,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51417,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"91ec3705bc708c10592467e78630e9bd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753010817,"flow_dst_last_pkt_time":1694275753050972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753050972,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yNhkJIzQuWfti6AS\/ohisgAAAgQFrAQCCAqZASbQpAoZ6gEDAwc="} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753051027,"flow_dst_last_pkt_time":1694275753050972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753051027,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjYAbu5Z+2LZCSM0YAQCBYGoQAAAQEICqQKGhOZASbQ"} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753009538,"flow_dst_last_pkt_time":1694275753051136,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753051136,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yM9KI6qCTRTWK6AS\/ogvngAAAgQFrAQCCAqZASbLSkMm1gEDAwc="} +01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753051145,"flow_dst_last_pkt_time":1694275753050972,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753051145,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjYAbu5Z+2LZCSM0YAYCBYIpgAAAQEICqQKGhOZASbQFgMBAgABAAH8AwMxMlmKPFianWmq0LkiAoe7MVy81MPZd0LL67qb0UysmSCJtUtGnP0gVpRC95n3FsmF8rlI5lo\/WitBhc2Fwl7T0wAgmpoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTKioAAAALAAIBAAAKAAoACOrqAB0AFwAYABAADgAMAmgyCGh0dHAvMS4xADMAKwAp6uoAAQAAHQAg6\/Zp9pEpX72jibq7qsYqAUP0svnbOY9Iu8iQw7kdFD8AKwAHBmpqAwQDA0RpAAUAAwJoMgASAAAALQACAQEADQASABAEAwgEBAEFAwgFBQEIBgYB\/wEAAQAAFwAAABsAAwIAAgAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAjAAAABQAFAQAAAAB6egABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010817,"flow_src_last_pkt_time":1694275753051145,"flow_dst_last_pkt_time":1694275753050972,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753051145,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"b2140846842f38b9416f56b0b940518a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753011053,"flow_dst_last_pkt_time":1694275753051253,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753051253,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yNvx7aeOjskjPqAS\/ojB7wAAAgQFrAQCCAqZASbRI4KHlQEDAwc="} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753051266,"flow_dst_last_pkt_time":1694275753051136,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753051266,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjPAbtNFNYrSiOqg4AQCBYGoQAAAQEICkpDJwCZASbL"} +01242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753051266,"flow_dst_last_pkt_time":1694275753051136,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753051266,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjPAbtNFNYrSiOqg4AYCBYIpgAAAQEICkpDJwCZASbLFgMBAgABAAH8AwO2ASWT3M0VHg35IOsoC4rxg+yM8ht2kCXzcJBZfWvI8CDYUXut2u+rlKMsKiVVL7V2XJY9ohxxazXdFyPYraKFmAAgqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAtAAIBAQASAAAAIwAARGkABQADAmgyADMAKwApCgoAAQAAHQAgMvhpe45cLY6UZIRedjBL9ljeEbrNWArAHGtXXlv7XxAAFwAAAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAf8BAAEAABsAAwIAAgAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAQAA4ADAJoMghodHRwLzEuMQALAAIBAAArAAcGmpoDBAMDAAoACgAICgoAHQAXABhaWgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753009538,"flow_src_last_pkt_time":1694275753051266,"flow_dst_last_pkt_time":1694275753051136,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753051266,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51407,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"ba575b0efbad4d121f0cf2b83747f586","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753051386,"flow_dst_last_pkt_time":1694275753051253,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753051386,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjbAbuOySM+8e2nj4AQCBYGoQAAAQEICiOCh72ZASbR"} +01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753051386,"flow_dst_last_pkt_time":1694275753051253,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753051386,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjbAbuOySM+8e2nj4AYCBYIpgAAAQEICiOCh72ZASbRFgMBAgABAAH8AwMC+V8XPTiT++k0blJmcrXuhw\/zDaf4ooGnYMn+WEeu9iCcpP+VNkIMCldWZPSjN8AwhdHURZq5Qdfv06nXawJ1xwAgCgoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTiooAAAArAAcGmpoDBAMDAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAbAAMCAAIACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xRGkABQADAmgyABcAAAAKAAoACFpaAB0AFwAYAAUABQEAAAAA\/wEAAQAAMwArAClaWgABAAAdACDynMECelNnzFT7h1N3x2erqt8tcFOJvePTTR2Q99LtDQAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQASAAAALQACAQH6+gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753051386,"flow_dst_last_pkt_time":1694275753051253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753051386,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51419,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"5a30a421246b25d72f6088cfa70edd09","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753011053,"flow_dst_last_pkt_time":1694275753051425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753051425,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yNqXYK6fWCRVfKAS\/ohtdgAAAgQFrAQCCAqZASbRJNcyngEDAwc="} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753051508,"flow_dst_last_pkt_time":1694275753051425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753051508,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjaAbtYJFV8l2CuoIAQCBYGoQAAAQEICiTXMsaZASbR"} +01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753051508,"flow_dst_last_pkt_time":1694275753051425,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753051508,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjaAbtYJFV8l2CuoIAYCBYIpgAAAQEICiTXMsaZASbRFgMBAgABAAH8AwOl+05\/MFLgkQ1sJ9lzWnK1Q\/HqUSfKBAf9+7U3szs9RyAxhyCRshjWjr0yhCQOxk7iBcmXcQO2ioKWmqmUruVZtAAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTuroAAAAQAA4ADAJoMghodHRwLzEuMQAXAAAALQACAQEACgAKAAgKCgAdABcAGAAFAAUBAAAAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAjAAAAEgAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQArAAcG+voDBAMDAAsAAgEA\/wEAAQAAGwADAgACADMAKwApCgoAAQAAHQAgXOpE+a70UJJ5e0EPbhtD905uwKYRWnpL0RNTChV5wWtEaQAFAAMCaDJKSgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753051508,"flow_dst_last_pkt_time":1694275753051425,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753051508,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51418,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"f19d35bfdfe64dff7bb24434aeb3e161","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753011291,"flow_dst_last_pkt_time":1694275753051590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753051590,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yN1CTBNdp4zv2KAS\/ojZEgAAAgQFrAQCCAqZASbSaCqKPAEDAwc="} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753051634,"flow_dst_last_pkt_time":1694275753051590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753051634,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjdAbunjO\/YQkwTXoAQCBYGoQAAAQEICmgqimSZASbS"} +01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753051758,"flow_dst_last_pkt_time":1694275753051590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753051758,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjdAbunjO\/YQkwTXoAYCBYIpgAAAQEICmgqimSZASbSFgMBAgABAAH8AwNxCfXm6mvBUrEkBnv1yB7PeVAhvC2noEcSr9WNGSeLqiDYiZskXSyIERuAJ6h\/jMu0\/9ajOZOF7Cy9z5z4RUrzwQAgGhoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTamoAAERpAAUAAwJoMgAFAAUBAAAAAAASAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABcAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAtAAIBAf8BAAEAACsABwZqagMEAwMAIwAAABsAAwIAAgAzACsAKUpKAAEAAB0AIObeazdPwzg5f7WnkTGuNIb59sijbpxLvTo+rI9+zLcqAAoACgAISkoAHQAXABgAEAAOAAwCaDIIaHR0cC8xLjEACwACAQC6ugABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753011291,"flow_src_last_pkt_time":1694275753051758,"flow_dst_last_pkt_time":1694275753051590,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753051758,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51421,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"3c76792950691cbb72d98c45cc2edb5d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753011171,"flow_dst_last_pkt_time":1694275753052187,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753052187,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yNxEVH7MXSIQrqAS\/ojAUAAAAgQFrAQCCAqZASbS9mbQ4AEDAwc="} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753052228,"flow_dst_last_pkt_time":1694275753052187,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753052228,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjcAbtdIhCuRFR+zYAQCBYGoQAAAQEICvZm0QqZASbS"} +01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753052349,"flow_dst_last_pkt_time":1694275753052187,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753052349,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjcAbtdIhCuRFR+zYAYCBYIpgAAAQEICvZm0QqZASbSFgMBAgABAAH8AwNE3q3MUDkcFX\/OcURtFYtC0Z4IdyyDWkMduFL2lETNiSA8cc7dp1AHlr1knoJpaNCGUxVngsSYV7bWG7SAQpPM\/AAgCgoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT2toAAAAQAA4ADAJoMghodHRwLzEuMQAtAAIBAQAXAAAAKwAHBurqAwQDAwAjAAAAMwArAClqagABAAAdACBkMLGzA1Mp+CcrJjf6EL8cKEGSMOJJgd3s68WslFqgFgANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAABsAAwIAAv8BAAEAAAUABQEAAAAAAAsAAgEAAAoACgAIamoAHQAXABhEaQAFAAMCaDIAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20aGgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753011171,"flow_src_last_pkt_time":1694275753052349,"flow_dst_last_pkt_time":1694275753052187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753052349,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"b549b9d91b0d29ef395d87455e4d4b34","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753023424,"flow_dst_last_pkt_time":1694275753053361,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753053361,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0Rl9AADQG+epNb\/dFwKgBHQG7yMYj3Z31l62eeIAQAfpKogAAAQEICpkBJtUTko3D"} +00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753011411,"flow_dst_last_pkt_time":1694275753053874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753053874,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yN+MpzG4V6nvCKAS\/ohk2gAAAgQFrAQCCAqZASbT6CBmeAEDAwc="} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753053911,"flow_dst_last_pkt_time":1694275753053874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753053911,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjfAbtXqe8IjKcxuYAQCBYGoQAAAQEICuggZqOZASbT"} +01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753054030,"flow_dst_last_pkt_time":1694275753053874,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753054030,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjfAbtXqe8IjKcxuYAYCBYIpgAAAQEICuggZqOZASbTFgMBAgABAAH8AwPgk5iDe8bQICF9ik4uymFrkjZ6We6Rc3R3uTz+SnyRliA2pwpUGQi0EQ2eTZgCzNm\/g8lIgHeVg9rboAEg7dHKuQAgqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTCgoAAAAXAAAACgAKAAgaGgAdABcAGP8BAAEAAAsAAgEAAC0AAgEBACsABwYqKgMEAwMAIwAAAAUABQEAAAAAAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tABsAAwIAAgASAAAAMwArACkaGgABAAAdACBcK1ooqyyaV8IvdbI6SLX8snrz\/kAUzx\/G1JDwz7N0NkRpAAUAAwJoMgANABIAEAQDCAQEAQUDCAUFAQgGBgEAEAAOAAwCaDIIaHR0cC8xLjEqKgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753011411,"flow_src_last_pkt_time":1694275753054030,"flow_dst_last_pkt_time":1694275753053874,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753054030,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51423,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"e88871a92704f433ae0f5850f26ad461","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275752994885,"flow_src_last_pkt_time":1694275753023424,"flow_dst_last_pkt_time":1694275753054777,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753054777,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51398,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"b96f72c556a76c5b13acec3b59f520dd","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753011292,"flow_dst_last_pkt_time":1694275753055353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753055353,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yN4RXjtKJpU4TKAS\/oiSIQAAAgQFrAQCCAqZASbTvXC9agEDAwc="} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753055394,"flow_dst_last_pkt_time":1694275753055353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753055394,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjeAbsmlThMEV47S4AQCBYGoQAAAQEICr1wvZaZASbT"} +01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753055633,"flow_dst_last_pkt_time":1694275753055353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753055633,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjeAbsmlThMEV47S4AYCBYIpgAAAQEICr1wvZaZASbTFgMBAgABAAH8AwO63NXFDeACdCuoqM43zuX4dmL+a0iByOoDp0iey7dpaiAHm\/BNxl2QeF9M4A4cEI2TzyXXVMHPArJ+4u7I6ZOWUQAguroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTOjoAAAALAAIBAAAtAAIBAQAbAAMCAAIAMwArACkqKgABAAAdACABOwWbCHaZR1v2eBxrUIrgGxzpIwqewtt9vD7BuaHDNwAQAA4ADAJoMghodHRwLzEuMf8BAAEARGkABQADAmgyABcAAAAjAAAADQASABAEAwgEBAEFAwgFBQEIBgYBACsABwaamgMEAwMABQAFAQAAAAAAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AEgAAAAoACgAIKioAHQAXABja2gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753011292,"flow_src_last_pkt_time":1694275753055633,"flow_dst_last_pkt_time":1694275753055353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753055633,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51422,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"d53e8a0d8d816665d3b20df18429aa53","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753060213,"flow_src_last_pkt_time":1694275753060213,"flow_dst_last_pkt_time":1694275753060213,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753060213,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51425,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753060213,"flow_dst_last_pkt_time":1694275753060213,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753060213,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjhAbsMLJvYAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK+1B6OAAAAAAEAgAA"} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753036367,"flow_dst_last_pkt_time":1694275753063184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753063184,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0MmhAADYGC+JNb\/dFwKgBHQG7yMcH4P5IeE6luoAQAfprxgAAAQEICpkBJt4mSy2j"} +01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753007782,"flow_src_last_pkt_time":1694275753036367,"flow_dst_last_pkt_time":1694275753064783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753064783,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"485d321608abf60490d88c6b010221af","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753038526,"flow_dst_last_pkt_time":1694275753064783,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753064783,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0hCNAADYGuiZNb\/dFwKgBHQG7yMlbRPVjo1avoIAQAfoEHAAAAQEICpkBJuCntZRx"} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753037849,"flow_dst_last_pkt_time":1694275753064784,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753064784,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0y51AADYGcqxNb\/dFwKgBHQG7yMgmGyyvmuIIqIAQAfqvygAAAQEICpkBJt+wSY17"} +01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753008024,"flow_src_last_pkt_time":1694275753037849,"flow_dst_last_pkt_time":1694275753066150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753066150,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51400,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"f40971697b0dd2827eea54ea65d19395","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753008266,"flow_src_last_pkt_time":1694275753038526,"flow_dst_last_pkt_time":1694275753066343,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753066343,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51401,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"310fa0bcc8223ddf7149498a30f17097","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753039664,"flow_dst_last_pkt_time":1694275753066673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753066673,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA09wBAADQGSUlNb\/dFwKgBHQG7yMuguxaTLDLkZYAQAfoP6gAAAQEICpkBJuF+240z"} +01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753008755,"flow_src_last_pkt_time":1694275753039664,"flow_dst_last_pkt_time":1694275753067683,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753067683,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51403,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"58c47ed77ccd0602805bfe75ed4283ba","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753040918,"flow_dst_last_pkt_time":1694275753068057,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753068057,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0c9NAADQGzHZNb\/dFwKgBHQG7yMyG7XXiOV8OZYAQAfoLSQAAAQEICpkBJuLneayG"} +01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753008879,"flow_src_last_pkt_time":1694275753040918,"flow_dst_last_pkt_time":1694275753068417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753068417,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51404,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"afd51562845a41020a43e5d659f59308","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753068676,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753068676,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0L0ZAADQGEQRNb\/dFwKgBHQG7yM20aXno4ut4yIAQAfpA8gAAAQEICpkBJuRzR6Wa"} +01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753009120,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753069758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753069758,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51405,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"44f9748950032beeac19dc7e2f233d77","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753069903,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753069903,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0HcpAADQGIoBNb\/dFwKgBHQG7yM5b1asxEkCoAYAQAfpY5QAAAQEICpkBJuRvrFn\/"} +01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753009419,"flow_src_last_pkt_time":1694275753042389,"flow_dst_last_pkt_time":1694275753070279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753070279,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51406,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"31c32357f806723eb0eaab101578edf5","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753043852,"flow_dst_last_pkt_time":1694275753070550,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753070550,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0IIdAADQGH8NNb\/dFwKgBHQG7yNDMQDF6+1AKX4AQAfokYQAAAQEICpkBJuYbKKDh"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753009698,"flow_src_last_pkt_time":1694275753043852,"flow_dst_last_pkt_time":1694275753070896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753070896,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51408,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"0915bf8869a023d47778f806f5d3b256","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753045932,"flow_dst_last_pkt_time":1694275753071853,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753071853,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0Mm1AADYGC91Nb\/dFwKgBHQG7yNPKGUHruGgL2oAQAfoM2gAAAQEICpkBJucYGe6W"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010306,"flow_src_last_pkt_time":1694275753045932,"flow_dst_last_pkt_time":1694275753073432,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753073432,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51411,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"5ba1797d57b7ba42ce82582e43b0217f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753047858,"flow_dst_last_pkt_time":1694275753074752,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753074752,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0oxxAADQGnS1Nb\/dFwKgBHQG7yNbs0zQWOLQJcoAQAfoV6AAAAQEICpkBJusqE0C\/"} +00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753043733,"flow_dst_last_pkt_time":1694275753074821,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753074821,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0YOlAADQG32BNb\/dFwKgBHQG7yMoGnMmTP+bi4IAQAfqm0wAAAQEICpkBJuY3bBKl"} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753047174,"flow_dst_last_pkt_time":1694275753074991,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753074991,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yOAj9thWHFuzKqAS\/oh6bwAAAgQFrAQCCAqZASbpdtb7VQEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753075027,"flow_dst_last_pkt_time":1694275753074991,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753075027,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjgAbscW7MqI\/bYV4AQCBYGoQAAAQEICnbW+3GZASbp"} +01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753075147,"flow_dst_last_pkt_time":1694275753074991,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753075147,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjgAbscW7MqI\/bYV4AYCBYIpgAAAQEICnbW+3GZASbpFgMBAgABAAH8AwMAaM9E1qsyvsbW1mEEOrhQI\/tP7HCTsDGXxojCbxP0hiBMKuzReOMS2n+MznvgOZ16hhYLmWQnnDO6hWsBG5wnkAAgmpoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAKAAoACCoqAB0AFwAYAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tAAsAAgEAADMAKwApKioAAQAAHQAg63Ywd3332nVb83WebcRvWtF3Y88KFvNUPVWV7xWySR4AGwADAgAC\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAIwAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAtAAIBAQAXAABEaQAFAAMCaDIAEgAAAAUABQEAAAAAACsABwY6OgMEAwO6ugABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753047174,"flow_src_last_pkt_time":1694275753075147,"flow_dst_last_pkt_time":1694275753074991,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753075147,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51424,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"634bc7704b8a81fccb407b4db9998e0b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753075692,"flow_src_last_pkt_time":1694275753075692,"flow_dst_last_pkt_time":1694275753075692,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753075692,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51426,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753075692,"flow_dst_last_pkt_time":1694275753075692,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753075692,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjiAbuHIvesAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKPiR2xQAAAAAEAgAA"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010578,"flow_src_last_pkt_time":1694275753047858,"flow_dst_last_pkt_time":1694275753076003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753076003,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51414,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"353b63511e111884c0a2ae1b74da2093","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753047616,"flow_dst_last_pkt_time":1694275753076208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753076208,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0EsRAADYGK4ZNb\/dFwKgBHQG7yNQr+nh2T1xNBoAQAfpX8QAAAQEICpkBJupT7\/cZ"} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753048216,"flow_dst_last_pkt_time":1694275753076209,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753076209,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0659AADQGVKpNb\/dFwKgBHQG7yNfa6s+FSGdKh4AQAfogKQAAAQEICpkBJusjMmMP"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010307,"flow_src_last_pkt_time":1694275753047616,"flow_dst_last_pkt_time":1694275753076753,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753076753,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51412,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"5c72c0972b0ef2b8d71f00feaa086760","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +01233{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753008511,"flow_src_last_pkt_time":1694275753043733,"flow_dst_last_pkt_time":1694275753077419,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753077419,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51402,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"e415684488869452bd654e636a258ffc","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010697,"flow_src_last_pkt_time":1694275753048216,"flow_dst_last_pkt_time":1694275753077872,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753077872,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51415,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"409bb955d02abe4c9736d1184814780d","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753047738,"flow_dst_last_pkt_time":1694275753078520,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1694275753078520,"pkt":"nFg8p+7MEBMx8Tl2CABFAAXUDL9AADYGK+tNb\/dFwKgBHQG7yNFQTSbKmZXQIYAQAfqj6AAAAQEICpkBJuzLOGjZFgMDAHoCAAB2AwOQtL5kY4gC6HeTjm0JfrxLKejWS4\/RpTJzjVnQIOCLICAFRu6M\/foVK+qr6Lz7k89D\/oD+ws9jnzZWxiwmtoZFNRMBAAAuACsAAgMEADMAJAAdACAw5qNzPxtnIiWos7zWWxNnB61ODiTmKsiWkWx3srCOBRQDAwABARcDAwAmjVL\/SYY7mTswYFm2pVZEFM95P2bLhLdRc34qPLvCELl1Squ79R0XAwMIgOTpowIziQZK+t\/jx+3UMdW0IDbZEk9BgLWdBpdTh9njT79cWQ5Ooeorv\/Dix8n7Kp+cTAoweD7if1YpWOtn99h+iYmtKlLzTQiRIy7rUCH2chG8iNjsMDMcCxMgSBgFcl\/Qxnd0KCbLNLXkr9EaKCT5VG5KcT12cDDLoQrgJN0r4L4sQ1oDN\/Vf1vjgPPfn+yPCzS\/W\/A7NUk0BmUZTT96FkKuwPUb7y5QYGi4CskrkNpg8z9y0GhafEfBGWV34\/hpXrLLKQ7kqTsop2Y5bdqgC04eMw6ZixOChzugITvqNCMFE5hwJKFqdQybavcYPNAeVkwU00n9IhEqWya3LuVovt7CwMEPdc\/5JKm8daG6bE+x8N0syecTq9d5FnjYh3nI+5C5rgCAIDQiOkHcdLk838nUHWllTyClET2bR\/hon0iB8GwMu6po6ZBN5LjzlXRSZ479Nu2Ct6M9DgD32P6n+LkbLrkl7vBuwSkEdCDERLSTtWfJd0rVEAiBCDc3bnAR8K56tR5t7td7NAE3+8TX3e06fVYAkBpeLMqdU1gtc9JroH0\/0wQIpwfPekurd1yl4U42GtSqHKrD5qANRFL6rrQGhu2jBTyyLSTkI760cgc44yVRxMq\/UanuFqeA42NZTk0xcpByNkZOMhvjmXdsrNSbplZ0JdhUSwxr62TWsGnj8L0wFKt2Vw6kXaOCvcae0Pu8Qk5NRn\/tduKRLHKgzdSZkc2K9La3qzQSfZe2MP0ilxumj\/s3SoiFDHJSU3iibpIoWT7aadXcHBfUiUMWLh4ebrErIecfGLvRWm\/lABoGwP6tRXzU1bYjqaqP4WXnEgbapIvic1paV2fgRM8c7m\/E3r+qB\/V1h5w\/DWjAE2MYjXdTjVDBgx3vjvdzfqb7HZWnVVroZoQXC5nqu3og669WlK3Yhb8D22dgwxgvTgwKQ7Xb7xq5f3KDyOFtgN9PvkRPw6xBUqKy50WOeK5VxVnYvPh+6uSuLU9LRX81wR+1dljk5UfYW8i1HsslRx0\/tHVsOaslxocCncdIsqXCkHQL2n4mbsZ4ezEhT1yDlPnt7f6K8cfWhJq4Scm8YEXqOAXXNY\/jZ0ItVS7yPDfhM6BYjjKVXZ02BSnhzzZRXjE97wTkijjVqXXykVWiEjfBHlSxKc5hB\/JwvvWplM64LfGbf3Z38fl1z+SSG8joUUR7wI7kLcazj3KZ39OvNydrszsmgZywsDx1De7nS9iVX7YzypESFVQmgOonhzhWawYFQtcP7Ni8sp0I8uWxmhtoxiEMGoaP\/S9dEUATf7LUS1h+ei+Pi5UemnMRYQOYNwymSGQbYkJJ747RFYZV7AVRbwDGE3iFSHXc2yd12cAyXgH6WbuClSaNO6wQXeWmXtz8W5viVrYwENLOgv36xwSG7xmW71aNIEDEPllFBQTSAfAQPDhdDHgdfvpiNv\/mu5o0zN4+7hKjKaG9U\/qBt8qpPG5\/j4jigKQNgxzUh\/G57LY+wnMrYm2P8wjByZQNJnB0V48oOBfGdTmFcmL3n5mDyqw5z4ejoSwtL\/gCPXKvewDBAjpo\/d8guM7C0Fg18jQmvwqQH\/YcbacV3M37pCGIn2ve3VxSB8\/5En\/HabfyeSI3kFkkPKe4Gexpqc5yEss6eEDW09DevoVr0A7FjH8ivBvSIzYZnnJsp"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1694275753009947,"flow_src_last_pkt_time":1694275753047738,"flow_dst_last_pkt_time":1694275753078520,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753078520,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51409,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"6bfdc9fce41022f28ac0de368e7164cc","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753047978,"flow_dst_last_pkt_time":1694275753078940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753078940,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0Rh9AADYG+CpNb\/dFwKgBHQG7yNU5JMQSV9QS04AQAfrQ4wAAAQEICpkBJux3RTPD"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010458,"flow_src_last_pkt_time":1694275753047978,"flow_dst_last_pkt_time":1694275753079170,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753079170,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51413,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"65e9700415d3b43581aa12e23afbfd7e","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753049809,"flow_dst_last_pkt_time":1694275753079966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753079966,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA08S9AADYGTRpNb\/dFwKgBHQG7yNk\/HlZsWTH7UoAQAfrezgAAAQEICpkBJu1BotlF"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010935,"flow_src_last_pkt_time":1694275753049809,"flow_dst_last_pkt_time":1694275753080428,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753080428,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51417,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"91ec3705bc708c10592467e78630e9bd","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753051386,"flow_dst_last_pkt_time":1694275753080518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753080518,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0V+ZAADQG6GNNb\/dFwKgBHQG7yNvx7aePjsklQ4AQAfrq+AAAAQEICpkBJu4jgoe9"} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753051145,"flow_dst_last_pkt_time":1694275753080518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753080518,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0HV9AADYGIOtNb\/dFwKgBHQG7yNhkJIzRuWfvkIAQAfqLuQAAAQEICpkBJu6kChoT"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753051386,"flow_dst_last_pkt_time":1694275753080768,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753080768,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51419,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"5a30a421246b25d72f6088cfa70edd09","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753051758,"flow_dst_last_pkt_time":1694275753081776,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753081776,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0sshAADYGi4FNb\/dFwKgBHQG7yN1CTBNep4zx3YAQAfoCHAAAAQEICpkBJu9oKopk"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010817,"flow_src_last_pkt_time":1694275753051145,"flow_dst_last_pkt_time":1694275753082002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753082002,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"b2140846842f38b9416f56b0b940518a","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753011291,"flow_src_last_pkt_time":1694275753051758,"flow_dst_last_pkt_time":1694275753082207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753082207,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51421,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"3c76792950691cbb72d98c45cc2edb5d","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753051508,"flow_dst_last_pkt_time":1694275753082450,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753082450,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0NypAADQGCSBNb\/dFwKgBHQG7yNqXYK6gWCRXgYAQAfqWfgAAAQEICpkBJu8k1zLG"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753051508,"flow_dst_last_pkt_time":1694275753082954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753082954,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51418,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"f19d35bfdfe64dff7bb24434aeb3e161","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753052349,"flow_dst_last_pkt_time":1694275753083220,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753083220,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0whFAADQGfjhNb\/dFwKgBHQG7yNxEVH7NXSISs4AQAfrpVQAAAQEICpkBJvH2ZtEK"} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753054030,"flow_dst_last_pkt_time":1694275753083337,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753083337,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0ZNpAADQG229Nb\/dFwKgBHQG7yN+MpzG5V6nxDYAQAfqN3wAAAQEICpkBJvHoIGaj"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753011171,"flow_src_last_pkt_time":1694275753052349,"flow_dst_last_pkt_time":1694275753083724,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753083724,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51420,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"b549b9d91b0d29ef395d87455e4d4b34","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753011411,"flow_src_last_pkt_time":1694275753054030,"flow_dst_last_pkt_time":1694275753083939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753083939,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51423,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"e88871a92704f433ae0f5850f26ad461","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753055633,"flow_dst_last_pkt_time":1694275753085371,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753085371,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0h1hAADYGtvFNb\/dFwKgBHQG7yN4RXjtLJpU6UYAQAfq7JQAAAQEICpkBJvG9cL2W"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753011292,"flow_src_last_pkt_time":1694275753055633,"flow_dst_last_pkt_time":1694275753085635,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753085635,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51422,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"d53e8a0d8d816665d3b20df18429aa53","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753051266,"flow_dst_last_pkt_time":1694275753085843,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753085843,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA09DhAADYGShFNb\/dFwKgBHQG7yM9KI6qDTRTYMIAQAfpYngAAAQEICpkBJu9KQycA"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753009538,"flow_src_last_pkt_time":1694275753051266,"flow_dst_last_pkt_time":1694275753086242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753086242,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51407,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"ba575b0efbad4d121f0cf2b83747f586","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753060213,"flow_dst_last_pkt_time":1694275753087370,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753087370,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yOFaEOXgDCyb2aAS\/oha4AAAAgQFrAQCCAqZASb2+1B6OAEDAwc="} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753087419,"flow_dst_last_pkt_time":1694275753087370,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753087419,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjhAbsMLJvZWhDl4YAQCBYGoQAAAQEICvtQelOZASb2"} +01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753087542,"flow_dst_last_pkt_time":1694275753087370,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753087542,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjhAbsMLJvZWhDl4YAYCBYIpgAAAQEICvtQelSZASb2FgMBAgABAAH8AwM978zFWmYaZzNJU6cS71hmtUbzS\/IjEpADX4smiBCVMiAk0ymhRd9a3HIDUvCXYGlgwQefqHI2cszDDaVKUqDuQwAgWloTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT2toAAERpAAUAAwJoMgArAAcGGhoDBAMDAAsAAgEAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAjAAAAMwArACna2gABAAAdACDCykCp\/pzIhDFed2Mw3pbPzZrJqCk6zSc1AQg9HOatXP8BAAEAABIAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAbAAMCAAIABQAFAQAAAAAALQACAQEACgAKAAja2gAdABcAGAAQAA4ADAJoMghodHRwLzEuMQAXAADq6gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753060213,"flow_src_last_pkt_time":1694275753087542,"flow_dst_last_pkt_time":1694275753087370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753087542,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51425,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"36fbe47608c33e82b4919ff004bf468f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753095564,"flow_src_last_pkt_time":1694275753095564,"flow_dst_last_pkt_time":1694275753095564,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753095564,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753095564,"flow_dst_last_pkt_time":1694275753095564,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753095564,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjjAbtxmezmAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK\/yT5UAAAAAAEAgAA"} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753075147,"flow_dst_last_pkt_time":1694275753102496,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753102496,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA06KdAADQGV6JNb\/dFwKgBHQG7yOAj9thXHFu1L4AQAfqjhQAAAQEICpkBJwV21vtx"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753047174,"flow_src_last_pkt_time":1694275753075147,"flow_dst_last_pkt_time":1694275753102981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753102981,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51424,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"634bc7704b8a81fccb407b4db9998e0b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753075692,"flow_dst_last_pkt_time":1694275753102983,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753102983,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yOJTmkKUhyL3raAS\/ojuZwAAAgQFrAQCCAqZAScFPiR2xQEDAwc="} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753103137,"flow_dst_last_pkt_time":1694275753102983,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753103137,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjiAbuHIvetU5pClYAQCBYGoQAAAQEICj4kduGZAScF"} +01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753103379,"flow_dst_last_pkt_time":1694275753102983,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753103379,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjiAbuHIvetU5pClYAYCBYIpgAAAQEICj4kduGZAScFFgMBAgABAAH8AwOeSfTqCtJ2rkLboZiHZE42Yy3Y4JSacXoijo9ZN9HsOyA1DHsrfRzFI\/SIX1857h5fX1toeg9FZumRSMsR1nNCSwAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTamoAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAQAA4ADAJoMghodHRwLzEuMQAjAAAAKwAHBtraAwQDAwAFAAUBAAAAAP8BAAEAADMAKwApWloAAQAAHQAgSM\/PUUiJuTk56zGUgjTaU9vjsMTCFL7FjzUpdanmdmoAFwAAAAoACgAIWloAHQAXABgALQACAQEAGwADAgACABIAAAALAAIBAERpAAUAAwJoMgANABIAEAQDCAQEAQUDCAUFAQgGBgFaWgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753075692,"flow_src_last_pkt_time":1694275753103379,"flow_dst_last_pkt_time":1694275753102983,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753103379,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51426,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"18b2b5202ea281d1e8133ba4d9034218","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753113486,"flow_src_last_pkt_time":1694275753113486,"flow_dst_last_pkt_time":1694275753113486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753113486,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753113486,"flow_dst_last_pkt_time":1694275753113486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753113486,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjkAbv10zkuAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKA94uygAAAAAEAgAA"} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753087542,"flow_dst_last_pkt_time":1694275753116407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753116407,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0EHFAADQGL9lNb\/dFwKgBHQG7yOFaEOXhDCyd3oAQAfqD9gAAAQEICpkBJxL7UHpU"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753060213,"flow_src_last_pkt_time":1694275753087542,"flow_dst_last_pkt_time":1694275753116834,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753116834,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51425,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"36fbe47608c33e82b4919ff004bf468f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02157{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275752994885,"flow_src_last_pkt_time":1694275753121216,"flow_dst_last_pkt_time":1694275753121178,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1435,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2555,"flow_dst_tot_l4_payload_len":9721,"midstream":0,"thread_ts_usec":1694275753121216,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51398,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8149.2,"max":34618,"stddev":12737.5,"var":162242736.0,"ent":3.3,"data": [28191,28256,283,30285,1416,31381,64,120,948,119,28177,1,7508,34618,94,21,126,0,26424,2466,28884,208,153,177,2,183,1142,1139,116,1,121]},"pktlen": {"min":52,"avg":436.2,"max":1492,"stddev":558.2,"var":311541.9,"ent":3.9,"data": [64,60,52,569,52,1492,52,1129,52,116,1487,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1492,704,52,1492,52,1492,88,52]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0],"entropies": [4.178360939,5.246035099,4.774691582,4.415835857,5.101991177,7.845096111,4.813152790,7.816174030,4.813152790,5.959872246,7.864091396,5.063529491,5.101990700,5.947135925,4.774691582,5.903012753,5.583068848,4.736229897,7.593397617,5.063529015,7.799862385,4.813152790,7.782990932,4.813152790,7.842496395,7.670236111,4.813152790,7.890326023,4.813152790,7.859270096,5.992159843,4.813152790]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753095564,"flow_dst_last_pkt_time":1694275753122969,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753122969,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yOPTLOlNcZns56AS\/oikyQAAAgQFrAQCCAqZAScZ\/yT5UAEDAwc="} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753123019,"flow_dst_last_pkt_time":1694275753122969,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753123019,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjjAbtxmezn0yzpToAQCBYGoQAAAQEICv8k+WqZAScZ"} +01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753123142,"flow_dst_last_pkt_time":1694275753122969,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753123142,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjjAbtxmezn0yzpToAYCBYIpgAAAQEICv8k+WqZAScZFgMBAgABAAH8AwO+3OoQZijlf8A2h9n0OeqcQ5dYOBPg\/i+GwYr8qUAD5iA6VEsuEIKouDuJMIxf2lqrWoG1HCqVahM\/sYbFT+6PqgAgqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT+voAAAALAAIBAAAzACsAKRoaAAEAAB0AIF0QHZnD08AORlF22cFvCroYKgo2lPDJsZA8pQM5cHxEABIAAAAtAAIBAQAFAAUBAAAAAAAXAAAAEAAOAAwCaDIIaHR0cC8xLjH\/AQABAERpAAUAAwJoMgAKAAoACBoaAB0AFwAYACsABwY6OgMEAwMAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AIwAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAbAAMCAAJ6egABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753095564,"flow_src_last_pkt_time":1694275753123142,"flow_dst_last_pkt_time":1694275753122969,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753123142,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"6b5bd5ac6bb016b178ad970087122ccd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753103379,"flow_dst_last_pkt_time":1694275753130045,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753130045,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0UINAADQG78ZNb\/dFwKgBHQG7yOJTmkKVhyL5soAQAfoXfgAAAQEICpkBJyE+JHbh"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753075692,"flow_src_last_pkt_time":1694275753103379,"flow_dst_last_pkt_time":1694275753130960,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753130960,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51426,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"18b2b5202ea281d1e8133ba4d9034218","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02159{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753009698,"flow_src_last_pkt_time":1694275753134178,"flow_dst_last_pkt_time":1694275753134052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2535,"flow_dst_tot_l4_payload_len":8771,"midstream":0,"thread_ts_usec":1694275753134178,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8026.9,"max":34034,"stddev":12706.7,"var":161459696.0,"ent":3.3,"data": [34007,34034,120,26845,346,27090,181,236,237,0,25956,954,6635,33230,67,118,1011,961,118,26387,361,26641,249,1,247,838,838,491,25,487,123]},"pktlen": {"min":52,"avg":405.9,"max":1492,"stddev":517.2,"var":267501.9,"ent":3.9,"data": [64,60,52,569,52,1492,52,1127,52,116,1467,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,1308,52,1098,764,52,52]},"bins": {"c_to_s": [12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,0],"entropies": [4.178360939,5.100120068,4.630272388,4.446496964,5.025067329,7.849304199,4.721712589,7.817786694,4.683250904,5.830391407,7.874171257,4.868495941,4.986605644,5.938840389,4.683250904,5.952818394,4.683250904,5.583068848,4.683250904,7.597726345,4.986605644,7.836946011,4.721712589,7.867290497,7.710337639,4.683250904,7.851277351,4.721712589,7.801111221,7.717481613,4.683250904,4.721712589]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02160{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753010307,"flow_src_last_pkt_time":1694275753138329,"flow_dst_last_pkt_time":1694275753138409,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1431,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2551,"flow_dst_tot_l4_payload_len":8409,"midstream":0,"thread_ts_usec":1694275753138409,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8262.1,"max":37189,"stddev":13372.1,"var":178813616.0,"ent":3.3,"data": [37131,37189,120,28770,545,29160,956,1038,124,0,26740,1657,3275,31465,58,61,121,120,26978,870,27738,217,211,38,75,126,42,122,581,488,108]},"pktlen": {"min":52,"avg":395.1,"max":1492,"stddev":500.8,"var":250764.7,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1483,52,52,91,52,93,76,52,591,52,1098,52,1492,52,704,1098,52,262,52,1098,52,401]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1],"entropies": [4.120111465,5.252541542,4.661227226,4.441981792,4.948143959,7.847444057,4.683250904,7.789011955,4.644789219,5.829818249,7.858657837,4.895165443,4.986605644,5.925158024,4.774691105,5.883030891,5.556753159,4.774691105,7.602227688,4.972088814,7.810331345,4.697768211,7.874945164,4.774691105,7.745232582,7.827443600,4.697768211,7.147191525,4.774691105,7.818018913,4.736229420,7.413194656]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02160{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753010697,"flow_src_last_pkt_time":1694275753141835,"flow_dst_last_pkt_time":1694275753141802,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1431,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2551,"flow_dst_tot_l4_payload_len":7566,"midstream":0,"thread_ts_usec":1694275753141835,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51415,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8459.5,"max":37402,"stddev":13521.3,"var":182824576.0,"ent":3.3,"data": [37366,37402,117,28146,1663,29721,111,122,119,118,27804,404,4631,32553,112,121,47,128,0,26100,3386,29397,42,119,612,539,200,202,480,1,480]},"pktlen": {"min":52,"avg":368.8,"max":1492,"stddev":501.9,"var":251883.6,"ent":3.9,"data": [64,60,52,569,52,1492,52,1129,52,116,1483,52,52,91,52,93,52,76,52,591,52,1098,52,258,52,1098,52,1098,52,1492,213,52]},"bins": {"c_to_s": [12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0],"entropies": [4.178360939,5.179368496,4.697768211,4.427728176,5.063529015,7.851000309,4.813152790,7.845917702,4.813152790,5.983621120,7.867543221,5.101990700,5.063529491,5.947135925,4.813152790,6.003946304,4.813152790,5.601069927,4.813152790,7.593391895,5.101990700,7.833882809,4.813152790,7.234455585,4.813152790,7.825290203,4.813152790,7.825061321,4.813152790,7.862779140,6.971473694,4.813152790]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":635,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753113486,"flow_dst_last_pkt_time":1694275753142675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753142675,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yORhYSrT9dM5L6AS\/ojKRwAAAgQFrAQCCAqZAScsA94uygEDAwc="} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":636,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753142784,"flow_dst_last_pkt_time":1694275753142675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753142784,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjkAbv10zkvYWEq1IAQCBYGoQAAAQEICgPeLueZAScs"} +01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753142784,"flow_dst_last_pkt_time":1694275753142675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753142784,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjkAbv10zkvYWEq1IAYCBYIpgAAAQEICgPeLueZAScsFgMBAgABAAH8AwM9+deeUZ5R7+mlt4TS58yeiQvNl5z3bZC6XROM1OeqAyAu3XFgIji8OUQckLLZR\/woofIsVuhM3zOKDE29y9w8CAAgqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTKioAAERpAAUAAwJoMgAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQAzACsAKTo6AAEAAB0AIHH1LR4B4FRmX8x1yBPkBNV0AvrCgHTrMhZ4kWhalpF7\/wEAAQAALQACAQEAKwAHBoqKAwQDAwAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQASAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABsAAwIAAgAjAAAACwACAQAACgAKAAg6OgAdABcAGAAXAADq6gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753113486,"flow_src_last_pkt_time":1694275753142784,"flow_dst_last_pkt_time":1694275753142675,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753142784,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"6788ea2a94927e5619dd027181568c48","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02164{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":638,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753007782,"flow_src_last_pkt_time":1694275753142905,"flow_dst_last_pkt_time":1694275753142461,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2621,"flow_dst_tot_l4_payload_len":9162,"midstream":0,"thread_ts_usec":1694275753142905,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8703.3,"max":45949,"stddev":13302.1,"var":176947024.0,"ent":3.4,"data": [28085,28201,384,27317,1599,28469,1125,1106,357,0,25792,1376,19099,44,45949,800,799,122,26622,2279,28787,165,155,47,119,188,122,139,2,151,402]},"pktlen": {"min":52,"avg":420.8,"max":1492,"stddev":536.5,"var":287782.9,"ent":3.9,"data": [64,60,52,569,52,1492,52,1127,52,116,1467,52,52,91,93,52,76,52,591,52,1098,52,1492,52,704,52,1492,52,1318,751,52,138]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0],"entropies": [4.178360939,5.179368496,4.697768211,4.465671062,5.101990700,7.854944706,4.697768211,7.809875011,4.697768211,5.873664379,7.864662647,4.986606121,5.025067806,5.925158024,6.076579094,4.736229897,5.645633221,4.736229897,7.572972775,5.101990700,7.820736408,4.697768211,7.844255924,4.774691582,7.700018883,4.774691582,7.863183498,4.774691582,7.845855713,7.759230137,4.736229897,6.349943638]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02161{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753008024,"flow_src_last_pkt_time":1694275753144458,"flow_dst_last_pkt_time":1694275753144423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2539,"flow_dst_tot_l4_payload_len":8881,"midstream":0,"thread_ts_usec":1694275753144458,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51400,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8801.1,"max":47938,"stddev":13711.5,"var":188006496.0,"ent":3.3,"data": [29228,29329,496,27532,1366,28331,220,238,238,0,26638,1246,20216,47938,148,128,210,130,125,27634,166,27681,1407,1417,201,1,197,181,1,4,186]},"pktlen": {"min":52,"avg":409.5,"max":1492,"stddev":521.5,"var":271995.4,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,704,52,1492,272,469,52]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,1,1,0],"entropies": [4.096405983,5.212701797,4.644789696,4.448392391,4.948143959,7.855043888,4.659306526,7.778649330,4.659306526,5.925388336,7.864681721,4.986606121,4.986606121,5.916862488,4.721712589,5.903012753,4.721712589,5.593001842,4.721712589,7.630004406,4.972088814,7.828086376,4.661227226,7.798528194,4.736229897,7.867074966,7.685452938,4.736229897,7.846663475,7.118988514,7.517958641,4.736229897]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02156{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":662,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753010935,"flow_src_last_pkt_time":1694275753146122,"flow_dst_last_pkt_time":1694275753146003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1433,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2553,"flow_dst_tot_l4_payload_len":7460,"midstream":0,"thread_ts_usec":1694275753146122,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51417,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":8717.9,"max":38748,"stddev":14019.5,"var":196545520.0,"ent":3.3,"data": [38671,38748,126,30360,462,30642,89,118,233,1,27599,252,6053,33665,105,127,447,509,1,27532,2440,29902,175,1,181,283,257,543,552,56,125]},"pktlen": {"min":52,"avg":365.5,"max":1492,"stddev":491.4,"var":241507.3,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1485,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,626,52,1098,52,134,52]},"bins": {"c_to_s": [12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0],"entropies": [4.147110939,5.212701797,4.644789219,4.419518471,5.010550022,7.853214264,4.774691105,7.858500004,4.721712589,5.816802502,7.850301266,5.025067329,4.945418835,5.753163815,4.699688435,5.800758362,4.699688435,5.445039272,4.661226749,7.578277588,5.025067329,7.822142601,4.774691105,7.862545013,7.686777592,4.774691105,7.647759438,4.697767735,7.804819107,4.774691105,6.356986523,4.774691105]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":693,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753123142,"flow_dst_last_pkt_time":1694275753150312,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753150312,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0MK9AADQGD5tNb\/dFwKgBHQG7yOPTLOlOcZnu7IAQAfrN4QAAAQEICpkBJzX\/JPlq"} +02159{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":703,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753010578,"flow_src_last_pkt_time":1694275753151836,"flow_dst_last_pkt_time":1694275753151965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2535,"flow_dst_tot_l4_payload_len":8275,"midstream":0,"thread_ts_usec":1694275753151965,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51414,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9117.6,"max":45816,"stddev":14297.3,"var":204412768.0,"ent":3.3,"data": [37162,37280,0,27012,1251,28169,142,144,236,0,24468,55,1310,20125,101,45816,3,283,299,125,27321,439,27637,64,125,1224,1180,265,244,162,3]},"pktlen": {"min":52,"avg":390.4,"max":1492,"stddev":502.9,"var":252956.0,"ent":3.9,"data": [64,60,52,569,52,1492,52,1127,52,116,1467,52,52,52,91,93,52,52,76,52,591,52,1098,52,478,52,1098,52,1098,52,1492,704]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1],"entropies": [4.127655983,5.133453369,4.644789219,4.442614079,5.010550022,7.867527962,4.721712589,7.795043945,4.721712589,5.873665333,7.874347687,5.025067329,5.063529015,4.972088814,5.857666969,5.888303280,4.736229897,4.736229897,5.530437469,4.774691582,7.632213593,5.063529015,7.815135002,4.813152790,7.516163349,4.774691582,7.824700832,4.774691582,7.838304520,4.813152790,7.871241570,7.673780441]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":709,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753095564,"flow_src_last_pkt_time":1694275753123142,"flow_dst_last_pkt_time":1694275753152492,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753152492,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51427,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"6b5bd5ac6bb016b178ad970087122ccd","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02160{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":735,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753008266,"flow_src_last_pkt_time":1694275753154865,"flow_dst_last_pkt_time":1694275753154833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2545,"flow_dst_tot_l4_payload_len":8486,"midstream":0,"thread_ts_usec":1694275753154865,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51401,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9457.0,"max":57833,"stddev":15109.6,"var":228298688.0,"ent":3.3,"data": [30059,30139,121,26458,1560,27891,273,238,151,119,26523,1202,30388,57833,85,122,81,120,0,27714,879,28536,122,121,521,511,442,436,259,1,261]},"pktlen": {"min":52,"avg":397.3,"max":1492,"stddev":525.3,"var":275956.2,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1477,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,52,704,52,1492,294,52]},"bins": {"c_to_s": [12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0],"entropies": [4.178360939,5.279368877,4.774691582,4.459428787,5.101990700,7.858173370,4.813153267,7.814331532,4.813153267,5.795908928,7.870773792,5.101990700,5.101990700,5.819097996,4.736229897,5.874914646,4.736229897,5.671948910,4.736229897,7.660532475,5.140452385,7.835998535,4.721712589,7.805009365,4.721712589,7.869886875,4.760174274,7.682819366,4.721712589,7.854982853,7.199785709,4.721712589]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02157{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":764,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753009419,"flow_src_last_pkt_time":1694275753158311,"flow_dst_last_pkt_time":1694275753158853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1423,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2629,"flow_dst_tot_l4_payload_len":5409,"midstream":0,"thread_ts_usec":1694275753158853,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":9623.4,"max":32850,"stddev":13236.8,"var":175211552.0,"ent":3.5,"data": [32822,32850,120,27662,376,27946,271,248,235,1,26293,93,195,4698,40,31099,4,93,128,330,26028,1860,27534,192,2,191,460,26582,1656,27746,571]},"pktlen": {"min":52,"avg":303.8,"max":1492,"stddev":468.3,"var":219308.0,"ent":3.8,"data": [64,60,52,569,52,1492,52,1128,52,116,1475,52,52,52,91,93,52,52,76,52,591,52,1098,52,1492,58,52,138,52,253,52,148]},"bins": {"c_to_s": [10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [9,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,0,1,1,0,1],"entropies": [4.127655983,5.133453369,4.683250904,4.385419369,4.830034256,7.850477219,4.608248234,7.807518482,4.608248234,5.853418827,7.877923965,4.834680080,4.796218395,4.906957626,5.894884586,5.904536724,4.721712589,4.721712589,5.593001842,4.668734074,7.673239231,4.986606121,7.827546597,4.721712589,7.875779629,5.149026394,4.721712589,6.340921402,4.948144436,7.214760303,4.721712589,6.508280754]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02161{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":780,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753010458,"flow_src_last_pkt_time":1694275753160166,"flow_dst_last_pkt_time":1694275753160196,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2537,"flow_dst_tot_l4_payload_len":8486,"midstream":0,"thread_ts_usec":1694275753160196,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9659.5,"max":47892,"stddev":14864.2,"var":220945344.0,"ent":3.4,"data": [37443,37520,0,31039,230,31281,756,693,168,119,26825,1309,20041,47892,47,125,1434,1377,127,27044,1932,28829,219,1,220,947,1,949,415,408,55]},"pktlen": {"min":52,"avg":397.1,"max":1492,"stddev":521.5,"var":271947.3,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1469,52,52,91,52,93,52,76,52,591,52,1098,52,1492,84,52,1492,488,52,1098,52,478]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,3,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1],"entropies": [4.166565895,5.266787052,4.683250904,4.450848103,5.049012184,7.868894100,4.760174274,7.809042931,4.760174274,6.025981426,7.854910374,5.010550499,5.049012184,5.960818291,4.721712589,5.823785782,4.721712589,5.583068848,4.721712589,7.577066422,5.010550499,7.844899654,4.721712589,7.868763924,5.716469765,4.683250904,7.879194260,7.500804424,4.668734074,7.816272259,4.668734074,7.492917061]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02167{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":784,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753011411,"flow_src_last_pkt_time":1694275753160289,"flow_dst_last_pkt_time":1694275753159777,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2637,"flow_dst_tot_l4_payload_len":7805,"midstream":0,"thread_ts_usec":1694275753160289,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51423,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":9588.5,"max":42500,"stddev":14819.9,"var":219628112.0,"ent":3.4,"data": [42463,42500,119,29463,602,29958,1392,1439,247,122,27883,1112,12444,41014,45,92,125,125,28056,1293,29226,41,114,120,122,207,1,146,3152,3211,410]},"pktlen": {"min":52,"avg":378.9,"max":1492,"stddev":495.6,"var":245645.3,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,52,93,76,52,591,52,1098,52,498,52,1098,52,1492,280,52,1031,52,154]},"bins": {"c_to_s": [11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,1,0,0],"entropies": [4.209610939,5.246035099,4.721712589,4.433995724,4.986605644,7.852614403,4.774691582,7.817167759,4.813152790,5.929040432,7.881704807,5.063529015,5.101990700,5.894884586,4.813152790,5.896419048,5.617452621,4.813152790,7.620222092,5.063529015,7.845986366,4.683250904,7.566019058,4.774691582,7.827028751,4.644789696,7.851744652,7.184281826,4.774691582,7.812285900,4.813152790,6.413293362]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02164{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753008879,"flow_src_last_pkt_time":1694275753162369,"flow_dst_last_pkt_time":1694275753162335,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2625,"flow_dst_tot_l4_payload_len":5446,"midstream":0,"thread_ts_usec":1694275753162369,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":61,"avg":9901.5,"max":35392,"stddev":13373.8,"var":178858320.0,"ent":3.6,"data": [31870,31918,121,27308,360,27608,216,135,344,119,27071,91,8695,35392,71,129,454,392,117,26214,2368,73,28538,61,120,366,26467,1676,27723,461,468]},"pktlen": {"min":52,"avg":304.8,"max":1492,"stddev":439.8,"var":193461.1,"ent":3.9,"data": [64,60,52,569,52,1492,52,1127,52,116,1471,52,52,91,52,93,52,76,52,591,52,1098,1098,52,475,52,138,52,256,52,160,52]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,0,0,1,1,0,1,0],"entropies": [4.178360939,5.179368496,4.697768211,4.427928448,4.986605644,7.845541954,4.774691105,7.849080086,4.774691105,6.028837204,7.873513699,4.950065136,5.063529015,5.925158024,4.774691582,5.873390675,4.736229897,5.523987770,4.697768211,7.661135674,4.948144436,7.806570530,7.811303139,4.813152790,7.582667351,4.813152790,6.279094696,5.063529015,7.051534653,4.774691105,6.624751091,4.684499741]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":831,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753011292,"flow_src_last_pkt_time":1694275753166316,"flow_dst_last_pkt_time":1694275753166678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1421,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2541,"flow_dst_tot_l4_payload_len":9163,"midstream":0,"thread_ts_usec":1694275753166678,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51422,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":10013.2,"max":48988,"stddev":15986.5,"var":255567600.0,"ent":3.3,"data": [44061,44102,239,30018,264,30040,207,250,123,121,30414,88,18728,75,48988,80,122,121,27969,1800,29639,117,121,365,353,460,455,344,2,350,394]},"pktlen": {"min":52,"avg":418.4,"max":1492,"stddev":525.0,"var":275583.3,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1473,52,52,91,93,52,76,52,591,52,1098,52,1098,52,1492,52,704,52,1492,272,52,751]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1],"entropies": [4.178360939,5.246035099,4.697768211,4.444307327,4.986605644,7.858404160,4.683250904,7.859000683,4.683251381,5.785824299,7.825480938,5.010550499,4.972088814,5.791733265,5.917924881,4.668733597,5.504121304,4.668733597,7.698892593,4.972088337,7.790446758,4.774691105,7.834311962,4.736229420,7.876884937,4.736229420,7.700201511,4.774691105,7.851491928,7.204756260,4.774691105,7.708614826]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02164{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":838,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753011171,"flow_src_last_pkt_time":1694275753167066,"flow_dst_last_pkt_time":1694275753166584,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1429,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2635,"flow_dst_tot_l4_payload_len":8408,"midstream":0,"thread_ts_usec":1694275753167066,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":10042.2,"max":50801,"stddev":15725.4,"var":247287696.0,"ent":3.3,"data": [41016,41057,121,31033,504,31399,60,120,121,121,29284,90,21659,50801,97,54,122,123,27483,995,28323,1260,2,1294,176,145,1654,1649,46,119,380]},"pktlen": {"min":52,"avg":397.7,"max":1492,"stddev":512.5,"var":262691.9,"ent":3.9,"data": [64,60,52,569,52,1492,52,1127,52,116,1481,52,52,91,52,93,76,52,591,52,1098,52,1492,704,52,1308,52,1098,52,401,52,138]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,0],"entropies": [4.178360939,5.246035099,4.697768211,4.439740181,5.025067806,7.849346638,4.813152790,7.832521439,4.813152790,6.046078682,7.858734608,5.063529015,4.972088814,5.947135448,4.774691105,5.959411621,5.609384537,4.774691582,7.659573078,5.063529015,7.800069332,4.813152790,7.867509365,7.726592064,4.813152790,7.833529949,4.813152790,7.841988087,4.774691105,7.470952988,4.774691105,6.384398460]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02166{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":854,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753008755,"flow_src_last_pkt_time":1694275753168577,"flow_dst_last_pkt_time":1694275753168228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2693,"flow_dst_tot_l4_payload_len":6724,"midstream":0,"thread_ts_usec":1694275753168577,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51403,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":45,"avg":10299.8,"max":54249,"stddev":15529.8,"var":241174704.0,"ent":3.4,"data": [30732,30788,121,27186,1010,28059,320,308,250,119,26416,1146,47,27001,54249,45,82,125,126,27432,16741,44044,620,622,141,245,218,124,336,322,320]},"pktlen": {"min":52,"avg":346.9,"max":1492,"stddev":471.5,"var":222289.8,"ent":3.9,"data": [64,60,52,569,52,1492,52,1127,52,116,1477,52,52,52,91,52,93,76,52,591,52,1098,52,1098,52,922,52,1098,52,149,52,200]},"bins": {"c_to_s": [11,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,0],"entropies": [4.209610939,5.212701797,4.697768211,4.393926620,4.911602974,7.839852333,4.774691105,7.844349861,4.774691105,5.884398460,7.869220257,5.025067329,4.972088814,4.950064659,5.741038799,4.736229420,5.917925358,5.466558933,4.774691105,7.588748932,4.986605644,7.821203709,4.721712589,7.844308853,4.721712589,7.750556469,4.683250904,7.837769032,4.774691582,6.556000710,4.774691105,6.785351276]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":855,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753010306,"flow_src_last_pkt_time":1694275753140859,"flow_dst_last_pkt_time":1694275753169011,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1431,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2647,"flow_dst_tot_l4_payload_len":8540,"midstream":0,"thread_ts_usec":1694275753169011,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9330.9,"max":35953,"stddev":13596.4,"var":184862544.0,"ent":3.5,"data": [35471,35507,119,26076,1579,27544,91,119,131,118,25702,1279,9274,35953,78,119,62,122,0,26721,2955,29610,279,257,260,7,269,85,120,565,28786]},"pktlen": {"min":52,"avg":402.2,"max":1492,"stddev":504.9,"var":254904.0,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1483,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,704,52,790,52,148,1050]},"bins": {"c_to_s": [11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1],"entropies": [4.209610939,5.279368877,4.736229897,4.435394764,5.025067806,7.849986076,4.774691582,7.816172600,4.774691582,5.942630291,7.852092266,5.101990700,5.101990700,5.837246418,4.774691582,5.982440948,4.774691582,5.576618671,4.736229897,7.621116638,5.010550499,7.824245453,4.774691582,7.795956612,4.774691582,7.864316463,7.690004826,4.774691582,7.748708725,4.736229897,6.344797611,7.815868378]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":869,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753142784,"flow_dst_last_pkt_time":1694275753171094,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753171094,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0vxVAADQGgTRNb\/dFwKgBHQG7yORhYSrU9dM7NIAQAfrzWwAAAQEICpkBJ0kD3i7n"} +01234{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":870,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753113486,"flow_src_last_pkt_time":1694275753142784,"flow_dst_last_pkt_time":1694275753171568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753171568,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51428,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"6788ea2a94927e5619dd027181568c48","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02168{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":883,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1694275753010817,"flow_src_last_pkt_time":1694275753177076,"flow_dst_last_pkt_time":1694275753177040,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2705,"flow_dst_tot_l4_payload_len":8575,"midstream":0,"thread_ts_usec":1694275753177076,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":10725.2,"max":40210,"stddev":14136.1,"var":199829872.0,"ent":3.7,"data": [40155,40210,118,29546,1484,32,30956,130,118,29821,29534,73,5139,1,43,5341,249,21300,7591,1187,29771,1326,1,1305,322,1,339,513,26647,1554,27675]},"pktlen": {"min":52,"avg":405.9,"max":1492,"stddev":519.4,"var":269778.8,"ent":4.0,"data": [64,60,52,569,52,1492,1128,52,116,1477,64,116,52,91,93,76,52,591,64,52,1098,52,1492,704,52,1492,437,52,148,52,1044,52]},"bins": {"c_to_s": [8,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,1,0,1,1,1,1,0,0,1,1,1,0,1,1,0,1,1,0,0,1,1,0],"entropies": [4.178360939,5.246035576,4.736229897,4.451525211,5.025067806,7.851028919,7.841320515,4.683251381,5.845689774,7.851963997,5.095714092,5.862931252,5.063529491,5.828950882,5.853408813,5.564821243,4.774691582,7.624622345,5.013759136,5.025067806,7.806596279,4.736229897,7.888963223,7.655417442,4.736229897,7.887620449,7.459178448,4.736229897,6.419945717,4.948144436,7.802871704,4.697768211]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02165{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":902,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753181968,"flow_dst_last_pkt_time":1694275753181931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1423,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2629,"flow_dst_tot_l4_payload_len":6694,"midstream":0,"thread_ts_usec":1694275753181968,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11025.6,"max":42176,"stddev":14970.6,"var":224118160.0,"ent":3.6,"data": [40200,40333,0,29265,250,29416,955,942,236,0,27565,267,14559,42176,48,64,120,122,27961,1022,28875,175,1,143,1506,56,1572,296,25767,1217,26684]},"pktlen": {"min":52,"avg":344.0,"max":1492,"stddev":469.5,"var":220464.4,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1475,52,52,91,52,93,76,52,591,52,1098,52,1304,258,52,1098,408,52,138,52,220,52]},"bins": {"c_to_s": [10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,0,0,1,1,0],"entropies": [4.178360939,5.212701797,4.736229897,4.457423210,5.101990700,7.859472275,4.813152790,7.821522236,4.774691105,5.908147335,7.865066528,5.101990700,5.063529015,5.960818291,4.760174274,5.969052792,5.655566216,4.760174274,7.669263363,5.025067806,7.837982178,4.736229897,7.822892189,7.107737064,4.697768211,7.815825462,7.463544846,4.774691105,6.328453064,5.063529015,6.893532276,4.760174274]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02164{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":910,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753008511,"flow_src_last_pkt_time":1694275753183247,"flow_dst_last_pkt_time":1694275753183183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2623,"flow_dst_tot_l4_payload_len":6562,"midstream":0,"thread_ts_usec":1694275753183247,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11271.2,"max":37291,"stddev":15316.9,"var":234607568.0,"ent":3.6,"data": [35067,35101,121,31243,2598,33715,62,123,121,122,30764,1478,5295,37291,91,17,119,0,31795,2206,33934,52,121,454,401,354,339,394,31850,1346,32834]},"pktlen": {"min":52,"avg":339.7,"max":1492,"stddev":452.7,"var":204941.1,"ent":3.9,"data": [64,60,52,569,52,1492,52,1129,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,478,52,1098,52,831,52,138,52,696,52]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,0],"entropies": [4.209610939,5.179368496,4.721712589,4.376677036,4.986605644,7.859937668,4.721712589,7.809227943,4.721712589,5.884397507,7.882050514,5.025067329,5.025067329,5.969113827,4.760174274,5.896419525,5.601069927,4.760174274,7.617297173,5.063529015,7.812593937,4.721712589,7.472612858,4.760174274,7.815999031,4.760174274,7.750735760,4.760174274,6.306466579,5.063529015,7.681465626,4.760174274]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02165{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":926,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753009947,"flow_src_last_pkt_time":1694275753190642,"flow_dst_last_pkt_time":1694275753190604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2652,"flow_dst_tot_l4_payload_len":7050,"midstream":0,"thread_ts_usec":1694275753190642,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11656.5,"max":42830,"stddev":15509.2,"var":240534432.0,"ent":3.6,"data": [37641,37669,122,30932,30809,365,359,234,0,1081,28219,125,13538,90,42830,82,126,127,30589,8705,39120,209,1,217,210,2,212,369,27476,1392,28501]},"pktlen": {"min":52,"avg":355.8,"max":1492,"stddev":507.1,"var":257111.1,"ent":3.8,"data": [64,60,52,569,1492,52,1129,52,116,1469,52,52,52,91,93,52,76,52,591,52,1098,52,1492,104,52,1492,191,52,167,52,364,52]},"bins": {"c_to_s": [10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,3,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,1,1,0,1,1,0,0,1,1,0],"entropies": [4.178360939,5.212701797,4.659306526,4.447139740,7.836527824,4.736229420,7.767614841,4.736229420,5.894271851,7.877666473,5.025067329,5.025067329,5.063529015,5.769754887,5.939430714,4.736229420,5.566686153,4.697768211,7.623016357,5.025067329,7.805258274,4.697768211,7.847285748,6.048765182,4.736229420,7.855422497,6.871173859,4.736229420,6.530988693,5.063529015,7.389711380,4.697768211]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02157{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":930,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753009538,"flow_src_last_pkt_time":1694275753193215,"flow_dst_last_pkt_time":1694275753193132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2621,"flow_dst_tot_l4_payload_len":5447,"midstream":0,"thread_ts_usec":1694275753193215,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51407,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11847.5,"max":41728,"stddev":16572.4,"var":274645792.0,"ent":3.5,"data": [41598,41728,0,34707,399,35026,175,154,163,121,34762,0,3302,37788,86,63,118,122,1,32235,2268,34416,220,2,211,493,31249,2458,33213,70,123]},"pktlen": {"min":52,"avg":304.8,"max":1492,"stddev":467.2,"var":218265.1,"ent":3.8,"data": [64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,52,93,76,52,52,591,52,1098,52,1492,81,52,138,52,256,52,160,52]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [8,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,0],"entropies": [4.147110939,5.179368019,4.607576370,4.429833412,4.935547352,7.821596622,4.644789219,7.819688320,4.697767735,5.881542683,7.877672672,4.933627129,4.933627129,5.719061375,4.659306526,5.757747173,5.619317532,4.659306526,4.659306526,7.664516449,4.842186451,7.786534309,4.697768211,7.867120743,5.724120617,4.697768211,6.207040787,4.972088814,7.139867306,4.697768211,6.557415485,4.697768211]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02161{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":964,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753060213,"flow_src_last_pkt_time":1694275753198352,"flow_dst_last_pkt_time":1694275753197430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2745,"flow_dst_tot_l4_payload_len":9164,"midstream":0,"thread_ts_usec":1694275753198352,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51425,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8882.5,"max":50345,"stddev":14003.5,"var":196096992.0,"ent":3.3,"data": [27157,27206,123,29037,427,29330,231,232,241,0,27359,222,22931,1,97,50345,121,124,27189,1143,28117,156,2,162,1144,1136,71,50,124,747,131]},"pktlen": {"min":52,"avg":424.8,"max":1492,"stddev":534.6,"var":285801.5,"ent":4.0,"data": [64,60,52,569,52,1492,52,1129,52,116,1471,52,52,91,93,76,52,52,591,52,1098,52,1492,704,52,1492,52,1318,751,52,138,172]},"bins": {"c_to_s": [10,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,1,0,1,0,1,1,0,0,0],"entropies": [4.209610939,5.212701797,4.697768211,4.430381775,4.972088814,7.831830978,4.774691582,7.834631920,4.736229897,6.007369518,7.874694824,4.972088814,4.972089291,5.916862488,5.917925358,5.581203938,4.630272388,4.683250904,7.641548634,5.010550499,7.824396610,4.697768211,7.855073452,7.695503235,4.736229897,7.858574867,4.722961426,7.844436646,7.722222328,4.813152790,6.238277912,6.529501915]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":995,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753219923,"flow_src_last_pkt_time":1694275753219923,"flow_dst_last_pkt_time":1694275753219923,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753219923,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753219923,"flow_dst_last_pkt_time":1694275753219923,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753219923,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjlAbva25hvAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKfinbRgAAAAAEAgAA"} +02166{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1001,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753011291,"flow_src_last_pkt_time":1694275753180675,"flow_dst_last_pkt_time":1694275753221816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1435,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2767,"flow_dst_tot_l4_payload_len":6420,"midstream":0,"thread_ts_usec":1694275753221816,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51421,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":12255.1,"max":44216,"stddev":15125.0,"var":228764112.0,"ent":3.7,"data": [40299,40343,124,30186,431,30472,64,119,121,0,28424,28256,43,24580,44,24672,139,123,118,1066,25809,17441,44216,241,1,244,69,124,452,25369,16319]},"pktlen": {"min":52,"avg":340.5,"max":1492,"stddev":468.2,"var":219238.8,"ent":3.9,"data": [64,60,52,569,52,1492,52,1129,52,116,1487,64,116,52,91,93,52,76,52,591,64,52,1098,52,1492,528,52,627,52,200,52,314]},"bins": {"c_to_s": [9,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [8,2,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,0,1,1,1,0,1,0,0,1,1,1,0,1,1,0,1,0,0,1,1],"entropies": [4.209610939,5.212701797,4.774691582,4.489540100,5.063529015,7.845232010,4.774691105,7.804675102,4.736229897,5.959010601,7.859256268,5.003524780,5.924528122,5.063529015,5.834337711,5.851885319,4.697768211,5.540369987,4.697768211,7.556878090,5.064464092,5.063529491,7.803599358,4.813152790,7.886528015,7.601737499,4.813152790,7.681864262,4.774691105,6.865619183,5.140452385,7.274557590]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1015,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1694275753075692,"flow_src_last_pkt_time":1694275753225736,"flow_dst_last_pkt_time":1694275753225564,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1405,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4223,"flow_dst_tot_l4_payload_len":3280,"midstream":0,"thread_ts_usec":1694275753225736,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51426,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9674.7,"max":39115,"stddev":12958.0,"var":167909664.0,"ent":3.6,"data": [27291,27445,242,27062,915,27635,268,269,243,1,25746,2753,10885,39115,124,1,128,123,26644,50,26584,1506,127,0,26847,154,147,25515,985,987,124]},"pktlen": {"min":52,"avg":287.1,"max":1492,"stddev":439.4,"var":193071.9,"ent":3.8,"data": [64,60,52,569,52,1492,52,1127,52,116,1457,52,52,91,52,93,76,52,638,52,322,52,138,172,1444,52,52,329,52,166,52,105]},"bins": {"c_to_s": [9,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0],"s_to_c": [8,2,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,0,0,0,1,1,1,0,1,0,0],"entropies": [4.178360939,5.179368496,4.736229897,4.451442719,5.101990700,7.855612755,4.774691582,7.821052074,4.774691582,5.928754330,7.865749836,5.049012184,4.986606121,5.872906685,4.736229420,5.939430237,5.629250526,4.774691105,7.645300865,5.022342205,7.275319099,4.646709919,6.334646702,6.685357571,7.844326973,5.025067329,4.909682274,7.333026409,4.697768211,6.563022614,4.736229897,5.884029388]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02159{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1021,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1694275753095564,"flow_src_last_pkt_time":1694275753215265,"flow_dst_last_pkt_time":1694275753244261,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1407,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3200,"flow_dst_tot_l4_payload_len":6066,"midstream":0,"thread_ts_usec":1694275753244261,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":8658.0,"max":32709,"stddev":12376.3,"var":153173968.0,"ent":3.5,"data": [27405,27455,123,27343,2180,29389,115,120,240,126,26858,95,500,5575,91,32709,16,126,1,26132,265,26337,1265,2,41,1309,1639,127,27052,2,3760]},"pktlen": {"min":52,"avg":342.2,"max":1492,"stddev":472.2,"var":222950.1,"ent":3.9,"data": [64,60,52,569,52,1492,52,1127,52,116,1459,52,52,52,91,93,52,76,52,591,52,1098,52,1492,84,759,52,154,623,52,52,274]},"bins": {"c_to_s": [8,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0],"s_to_c": [9,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,1,1,1,0,0,0,1,1,1],"entropies": [4.166565418,5.212701321,4.736229897,4.447693825,5.063529015,7.850970268,4.644789219,7.831824303,4.774691105,5.828448296,7.865114689,5.025067329,5.025067329,5.063529015,5.947135925,5.904537201,4.736229420,5.645633221,4.736229420,7.688971996,5.025067329,7.810829163,4.736229420,7.880811214,5.807558537,7.653332710,4.646038055,6.559681416,7.595835686,4.950064659,4.950064659,7.108043671]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02157{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1055,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1694275753113486,"flow_src_last_pkt_time":1694275753247747,"flow_dst_last_pkt_time":1694275753248774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1413,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2533,"flow_dst_tot_l4_payload_len":8800,"midstream":0,"thread_ts_usec":1694275753248774,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8695.1,"max":46206,"stddev":13620.0,"var":185505120.0,"ent":3.3,"data": [29189,29298,0,28419,474,28809,47,121,261,1,26368,45,20060,46206,97,42,126,127,26036,2857,28740,228,125,317,128,167,2,127,1084,47,1]},"pktlen": {"min":52,"avg":406.8,"max":1492,"stddev":492.9,"var":242924.9,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1465,52,52,91,52,93,76,52,591,52,1098,52,478,1098,52,52,1492,488,52,1098,478,366]},"bins": {"c_to_s": [10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,1,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,0,1,1,0,1,1,1],"entropies": [4.135315895,5.133453369,4.736229897,4.413607597,4.948144436,7.837077618,4.736229420,7.809660912,4.644789219,5.945995808,7.872262478,4.972088337,4.895165443,5.776699543,4.683250904,5.823787212,5.514054298,4.683250904,7.623888969,4.948144436,7.840501308,4.774691105,7.500792027,7.821016312,4.774691105,4.774691105,7.866648197,7.538662910,4.774691105,7.828972340,7.548777103,7.435549259]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1066,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753219923,"flow_dst_last_pkt_time":1694275753251061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753251061,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yOVIKF9r2tuYcKAS\/ohDbAAAAgQFrAQCCAqZASeWfinbRgEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1067,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753251177,"flow_dst_last_pkt_time":1694275753251061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753251177,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjlAbva25hwSChfbIAQCBYGoQAAAQEICn4p22WZASeW"} +01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1069,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753251434,"flow_dst_last_pkt_time":1694275753251061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753251434,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjlAbva25hwSChfbIAYCBYIpgAAAQEICn4p22WZASeWFgMBAgABAAH8AwM\/vb5WfKAvu6fz6v\/7KbFyVvMn\/aL6uOFWxqtuxnLFwiBQy+suJjuj+jP5vuedVGTiSzAFyQ8W8mCEEURdMBRxnAAgOjoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAArAAcG+voDBAMD\/wEAAQAALQACAQEAEgAAABcAAAAKAAoACNraAB0AFwAYACMAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAzACsAKdraAAEAAB0AIG3nDZctsQi0XlT5DFQdTiD9tUTWNg+9LO96XX+NRg8pAAUABQEAAAAAAAsAAgEAABsAAwIAAgANABIAEAQDCAQEAQUDCAUFAQgGBgFaWgABAAAVAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01292{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1069,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753219923,"flow_src_last_pkt_time":1694275753251434,"flow_dst_last_pkt_time":1694275753251061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753251434,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51429,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"b02753cad3bdb6463fc2bc97e8cc794c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1136,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753251434,"flow_dst_last_pkt_time":1694275753282014,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753282014,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0LwRAADQGEUZNb\/dFwKgBHQG7yOVIKF9s2tuadYAQAfpsfAAAAQEICpkBJ7V+Kdtl"} +01337{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1138,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753219923,"flow_src_last_pkt_time":1694275753251434,"flow_dst_last_pkt_time":1694275753283400,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753283400,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51429,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"b02753cad3bdb6463fc2bc97e8cc794c","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1142,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275753284172,"flow_src_last_pkt_time":1694275753284172,"flow_dst_last_pkt_time":1694275753284172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753284172,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51430,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1694275753284172,"flow_dst_last_pkt_time":1694275753284172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275753284172,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjmAbtQJVz7AAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK+RQBPQAAAAAEAgAA"} +00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1235,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1694275753284172,"flow_dst_last_pkt_time":1694275753312288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275753312288,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yOYfynEvUCVc\/KAS\/oh\/DgAAAgQFrAQCCAqZASfW+RQBPQEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1236,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1694275753312381,"flow_dst_last_pkt_time":1694275753312288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753312381,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjmAbtQJVz8H8pxMIAQCBYGoQAAAQEICvkUAVmZASfW"} +01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1694275753312502,"flow_dst_last_pkt_time":1694275753312288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275753312502,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjmAbtQJVz8H8pxMIAYCBYIpgAAAQEICvkUAVmZASfWFgMBAgABAAH8AwN0cGcIVOrXJL8XwB88mgODwv9vxvv5pXm2MzL\/0VrVTiDSBKD0SuFY9pYcsNQNRYQiY\/2hD8B11UK13eDBcfCc5gAg+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTuroAAERpAAUAAwJoMgAKAAoACJqaAB0AFwAYADMAKwApmpoAAQAAHQAgT\/1RBvWNpdOMVIxT3TwBBCQunviPjrOX0EPQufzxincAKwAHBioqAwQDAwAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAjAAAACwACAQAALQACAQEADQASABAEAwgEBAEFAwgFBQEIBgYBABcAAAASAAAAGwADAgACAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29t\/wEAAQBqagABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1237,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275753284172,"flow_src_last_pkt_time":1694275753312502,"flow_dst_last_pkt_time":1694275753312288,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275753312502,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51430,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"936e6ce83ab4f11d1ce3ffb026e44b8e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02167{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1245,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753303434,"flow_dst_last_pkt_time":1694275753329187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2751,"flow_dst_tot_l4_payload_len":5916,"midstream":0,"thread_ts_usec":1694275753329187,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51418,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":19694.0,"max":107916,"stddev":28481.2,"var":811176192.0,"ent":3.5,"data": [40372,40455,0,31025,504,31473,64,120,123,121,29003,46,28780,26348,55847,82165,54,124,222,149,126,26281,81732,107916,74,66,120,53,121,588,26443]},"pktlen": {"min":52,"avg":324.2,"max":1492,"stddev":448.2,"var":200860.4,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1471,64,52,116,64,91,52,93,52,76,52,591,52,1098,52,498,1098,52,810,52,200,52]},"bins": {"c_to_s": [10,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [8,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1],"entropies": [4.178360939,5.246035099,4.736229897,4.451611042,5.063529015,7.858956337,4.721712589,7.794020176,4.774691582,5.846198559,7.861629963,5.088054180,5.025067806,5.788827896,5.119304180,5.893327236,4.774691582,5.874913692,4.774691582,5.517536640,4.774691582,7.634633541,5.025067806,7.812478542,4.774691582,7.541460991,7.811731815,4.736229897,7.709799290,4.774691582,6.858570576,5.025067806]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1694275753312502,"flow_dst_last_pkt_time":1694275753340708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275753340708,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0rfdAADYGkFJNb\/dFwKgBHQG7yOYfynEwUCVfAYAQAfqoJAAAAQEICpkBJ\/L5FAFZ"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1250,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275753284172,"flow_src_last_pkt_time":1694275753312502,"flow_dst_last_pkt_time":1694275753342153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275753342153,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51430,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"936e6ce83ab4f11d1ce3ffb026e44b8e","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02301{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1271,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753219923,"flow_src_last_pkt_time":1694275753359055,"flow_dst_last_pkt_time":1694275753358210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1272,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2678,"flow_dst_tot_l4_payload_len":9521,"midstream":0,"thread_ts_usec":1694275753359055,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":8949.0,"max":36574,"stddev":13973.5,"var":195257968.0,"ent":3.4,"data": [31138,31254,257,30953,1386,32001,76,122,2814,124,33216,1227,5063,38,3,36574,123,31144,2873,33906,253,2,224,204,200,196,193,515,523,580,237]},"pktlen": {"min":52,"avg":433.8,"max":1492,"stddev":539.4,"var":290977.1,"ent":4.0,"data": [64,60,52,569,52,1492,52,1113,52,116,1324,52,52,91,93,76,52,591,52,1098,52,1492,704,52,1492,52,1492,52,950,52,138,252]},"bins": {"c_to_s": [10,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,0,0],"entropies": [4.147110939,5.246035099,4.736229897,4.159043312,5.025067329,7.830972195,4.774691105,7.815896988,4.774691105,5.994354248,7.858992100,5.063529015,5.025067329,5.872906685,5.982440948,5.514054298,4.697767735,7.582472324,4.986605644,7.813449383,4.697767735,7.878967285,7.719236851,4.644789219,7.881211758,4.530653477,7.866177559,4.569114685,7.756382465,4.569115162,6.282574654,6.984082222]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02162{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1307,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753284172,"flow_src_last_pkt_time":1694275753403236,"flow_dst_last_pkt_time":1694275753403327,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1413,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2533,"flow_dst_tot_l4_payload_len":8778,"midstream":0,"thread_ts_usec":1694275753403327,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51430,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":7684.5,"max":30516,"stddev":12314.1,"var":151637984.0,"ent":3.3,"data": [28116,28209,121,28420,1445,29693,83,119,119,121,26978,42,1,3719,23,47,30516,125,126,27397,1558,28748,106,127,112,124,266,202,721,714,121]},"pktlen": {"min":52,"avg":406.1,"max":1492,"stddev":507.8,"var":257847.6,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1465,52,52,52,91,93,76,52,52,591,52,1098,52,1098,52,1098,52,1308,52,1098,52,770]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.148671150,5.252541542,4.699688911,4.452308655,4.900255203,7.863777637,4.658501625,7.817848682,4.658502102,5.889846802,7.854816914,5.022342205,5.060803890,4.983880520,5.919770718,5.835650444,5.512189865,4.738150120,4.738150120,7.652456760,4.985801220,7.818130970,4.738150120,7.801731110,4.738150120,7.818451881,4.738150120,7.852583885,4.738150120,7.834556580,4.738150120,7.715612888]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02174{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1351,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275753047174,"flow_src_last_pkt_time":1694275753460341,"flow_dst_last_pkt_time":1694275753460301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2577,"flow_dst_tot_l4_payload_len":10202,"midstream":0,"thread_ts_usec":1694275753460341,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":26654.6,"max":180430,"stddev":53880.0,"var":2903055104.0,"ent":2.9,"data": [27817,27853,120,27505,485,27870,364,362,389,121,26699,1946,152292,180430,83,1,121,136,27341,146601,173862,1373,2,1303,114,121,157,5,141,342,338]},"pktlen": {"min":52,"avg":452.0,"max":1492,"stddev":548.4,"var":300791.0,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,52,93,76,52,629,52,1098,52,1492,704,52,1098,52,1492,704,52,1358,52]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,1,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0],"entropies": [4.209610939,5.246035099,4.774691582,4.406749725,5.063529015,7.869228363,4.774691105,7.824818134,4.813152790,5.949138165,7.883416653,5.025067329,5.101990700,5.776699543,4.774691105,5.990557671,5.627385616,4.774691105,7.667889118,5.063529015,7.841457844,4.813152790,7.862190723,7.708991528,4.813152790,7.806630135,4.774691105,7.855051994,7.713768005,4.813152790,7.857409000,4.684499741]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1694275754010923,"flow_dst_last_pkt_time":1694275753010186,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275754010923,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjSAbsaUzyLAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKUIIL6QAAAAAEAgAA"} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1694275754010923,"flow_dst_last_pkt_time":1694275754038464,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275754038464,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yNLpJ5fDGlM8jKAS\/oiAgwAAAgQFrAQCCAqZASqsUIIL6QEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1694275754038604,"flow_dst_last_pkt_time":1694275754038464,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754038604,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjSAbsaUzyM6SeXxIAQCBYGoQAAAQEIClCCDAWZASqs"} +01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1694275754038928,"flow_dst_last_pkt_time":1694275754038464,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275754038928,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjSAbsaUzyM6SeXxIAYCBYIpgAAAQEIClCCDAWZASqsFgMBAgABAAH8AwMpblNmYGMr2+VJsbgcAw6KwGJgQByz31xIngw5ZDglwyBr5JoB1bKPbRrkBei8AmZowvzektL79y1j5bFVzzCahQAguroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT6uoAAAAXAAAACgAKAAjKygAdABcAGAALAAIBAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAbAAMCAAIAIwAAAC0AAgEB\/wEAAQBEaQAFAAMCaDIAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAEgAAACsABwaqqgMEAwMAMwArACnKygABAAAdACAfVvRSEsN+a6\/5pQu73ENwGwQIlWQua6eLxVZxnTJUNwANABIAEAQDCAQEAQUDCAUFAQgGBgGqqgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1694275753010186,"flow_src_last_pkt_time":1694275754038928,"flow_dst_last_pkt_time":1694275754038464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754038928,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"cd653a825c6c269bdd28283252c5ca8c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1424,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1694275753010186,"flow_src_last_pkt_time":1694275754038928,"flow_dst_last_pkt_time":1694275754067676,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754067676,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51410,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"cd653a825c6c269bdd28283252c5ca8c","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1431,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275754087463,"flow_src_last_pkt_time":1694275754087463,"flow_dst_last_pkt_time":1694275754087463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754087463,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51432,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1431,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1694275754087463,"flow_dst_last_pkt_time":1694275754087463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275754087463,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjoAbtXdiucAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKSZgLiAAAAAAEAgAA"} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1442,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275754109202,"flow_src_last_pkt_time":1694275754109202,"flow_dst_last_pkt_time":1694275754109202,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754109202,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1442,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1694275754109202,"flow_dst_last_pkt_time":1694275754109202,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275754109202,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjpAbvjtpAFAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK\/e7LrAAAAAAEAgAA"} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1447,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1694275754087463,"flow_dst_last_pkt_time":1694275754114575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275754114575,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yOhElg3jV3YrnaAS\/oiJqQAAAgQFrAQCCAqZASr5SZgLiAEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1448,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1694275754114687,"flow_dst_last_pkt_time":1694275754114575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754114687,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjoAbtXdiudRJYN5IAQCBYGoQAAAQEICkmYC6SZASr5"} +01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1449,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1694275754115657,"flow_dst_last_pkt_time":1694275754114575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275754115657,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjoAbtXdiudRJYN5IAYCBYIpgAAAQEICkmYC6SZASr5FgMBAgABAAH8AwP9232\/YqRYp72+g0kUgBmvBkaVngkWmUUip3Zv8OurtCAuHxuTywKZ4zZe29LhhKK6pU+TM\/fr38OAJ4kLEkmlfQAgenoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTCgoAAAArAAcGenoDBAMDABAADgAMAmgyCGh0dHAvMS4x\/wEAAQAAEgAAAAoACgAIGhoAHQAXABgABQAFAQAAAAAACwACAQAAFwAAACMAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAzACsAKRoaAAEAAB0AIHil1hmRNrGReAIJWcaVBi5y\/R2Y6DbWnpppdDlfBtNXRGkABQADAmgyAC0AAgEBAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAbAAMCAAKKigABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1449,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754087463,"flow_src_last_pkt_time":1694275754115657,"flow_dst_last_pkt_time":1694275754114575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754115657,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"4afc46d232d77551effc9cce3df35f16","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1451,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275754128769,"flow_src_last_pkt_time":1694275754128769,"flow_dst_last_pkt_time":1694275754128769,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754128769,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51435,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1451,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1694275754128769,"flow_dst_last_pkt_time":1694275754128769,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275754128769,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjrAbskWJ9iAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKkoTmRgAAAAAEAgAA"} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1458,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1694275754109202,"flow_dst_last_pkt_time":1694275754135968,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275754135968,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yOmxIYcq47aQBqAS\/og+mgAAAgQFrAQCCAqZASsP\/e7LrAEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1460,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_src_last_pkt_time":1694275754136155,"flow_dst_last_pkt_time":1694275754135968,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754136155,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjpAbvjtpAGsSGHK4AQCBYGoQAAAQEICv3uy8eZASsP"} +01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1461,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1694275754136275,"flow_dst_last_pkt_time":1694275754135968,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275754136275,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjpAbvjtpAGsSGHK4AYCBYIpgAAAQEICv3uy8eZASsPFgMBAgABAAH8AwONua86aJNQlHQjz2pRVetaFBx5Eg\/UPYfL9CvJxFiLICCPfnhSpztKKpmNbFTxvds9ns+RK\/cA5Xu1Nym72Z6SggAgenoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTuroAAAAFAAUBAAAAAAASAAAAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb21EaQAFAAMCaDIAEAAOAAwCaDIIaHR0cC8xLjEAFwAAAC0AAgEBAAsAAgEAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAzACsAKYqKAAEAAB0AIPWNkqMW1zGkkUHfnZujpHSNTA0+xDnDW4HB5kc+yi1wACsABwZqagMEAwP\/AQABAAAbAAMCAAIAIwAAAAoACgAIiooAHQAXABiKigABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1461,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754109202,"flow_src_last_pkt_time":1694275754136275,"flow_dst_last_pkt_time":1694275754135968,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754136275,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51433,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"263749057f858bb5c2f786931adb108e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1468,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1694275754115657,"flow_dst_last_pkt_time":1694275754143203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754143203,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0islAADYGs4BNb\/dFwKgBHQG7yOhElg3kV3YtooAQAfqyvgAAAQEICpkBKxZJmAuk"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1469,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754087463,"flow_src_last_pkt_time":1694275754115657,"flow_dst_last_pkt_time":1694275754144689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754144689,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51432,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"4afc46d232d77551effc9cce3df35f16","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1478,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1694275754128769,"flow_dst_last_pkt_time":1694275754156159,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275754156159,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yOsw6MPGJFifY6AS\/oiC8wAAAgQFrAQCCAqZASsjkoTmRgEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1479,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1694275754156249,"flow_dst_last_pkt_time":1694275754156159,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754156249,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjrAbskWJ9jMOjDx4AQCBYGoQAAAQEICpKE5mKZASsj"} +01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1480,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1694275754156498,"flow_dst_last_pkt_time":1694275754156159,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275754156498,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjrAbskWJ9jMOjDx4AYCBYIpgAAAQEICpKE5mKZASsjFgMBAgABAAH8AwM5HdE6f2RqdAedwNiNBVBoeWt\/3C1idy74sZsoxY0lySDFMbyVm7aVtSia4atqOJYPhSbuo1q+QLZ7YpfOQunTfQAgqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTiooAAAAFAAUBAAAAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAjAAAACgAKAAhKSgAdABcAGAAtAAIBAQAXAAAAEAAOAAwCaDIIaHR0cC8xLjEAEgAA\/wEAAQAAKwAHBioqAwQDA0RpAAUAAwJoMgANABIAEAQDCAQEAQUDCAUFAQgGBgEAGwADAgACADMAKwApSkoAAQAAHQAgJB+tkl3Sdyfw+u0UTtiVaLS4V0PPYiS+78yVNoRXGhQACwACAQBqagABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1480,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754128769,"flow_src_last_pkt_time":1694275754156498,"flow_dst_last_pkt_time":1694275754156159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754156498,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51435,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"2d6e42ac63c9ed1a1694e4165bde6d99","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1481,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1694275754136275,"flow_dst_last_pkt_time":1694275754163249,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754163249,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0PaZAADYGAKRNb\/dFwKgBHQG7yOmxIYcr47aSC4AQAfpnsgAAAQEICpkBKyr97svH"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1482,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754109202,"flow_src_last_pkt_time":1694275754136275,"flow_dst_last_pkt_time":1694275754163811,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754163811,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51433,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"263749057f858bb5c2f786931adb108e","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02178{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1489,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753010186,"flow_src_last_pkt_time":1694275754138286,"flow_dst_last_pkt_time":1694275754165611,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1407,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2642,"flow_dst_tot_l4_payload_len":6894,"midstream":0,"thread_ts_usec":1694275754165611,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":73662.1,"max":1028278,"stddev":247407.8,"var":61210599424.0,"ent":1.8,"data": [1000737,1028278,27681,324,28645,567,28844,691,697,1111,253,27150,1201,8852,39,35837,4,101,123,600,27345,2874,29634,1307,3,1324,123,129,802,27302,947]},"pktlen": {"min":52,"avg":351.0,"max":1492,"stddev":482.3,"var":232616.9,"ent":3.9,"data": [64,64,60,52,569,52,1492,52,1129,52,116,1459,52,52,91,93,52,52,76,52,591,52,1098,52,1492,528,52,1067,52,167,52,348]},"bins": {"c_to_s": [11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0],"s_to_c": [7,2,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,1,0,0,1,1],"entropies": [4.088861465,4.209610939,5.212701797,4.774691582,4.424145699,5.101990700,7.850503922,4.813152790,7.848980427,4.736229420,5.914655209,7.855607510,5.063529015,5.010550022,5.849371433,5.990558147,4.697768211,4.697767735,5.653701305,4.699688435,7.598402977,4.947340012,7.796793461,4.813152790,7.865888596,7.585998535,4.813152790,7.790732861,4.684499741,6.595388412,5.101990700,7.308109760]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1494,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275754173951,"flow_src_last_pkt_time":1694275754173951,"flow_dst_last_pkt_time":1694275754173951,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754173951,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51436,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1694275754173951,"flow_dst_last_pkt_time":1694275754173951,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275754173951,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjsAbtXXCyTAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKjSiZ1wAAAAAEAgAA"} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1495,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1694275754156498,"flow_dst_last_pkt_time":1694275754183341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754183341,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA07A5AADQGVDtNb\/dFwKgBHQG7yOsw6MPHJFihaIAQAfqsCgAAAQEICpkBKz6ShOZi"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1496,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754128769,"flow_src_last_pkt_time":1694275754156498,"flow_dst_last_pkt_time":1694275754184697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754184697,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51435,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"2d6e42ac63c9ed1a1694e4165bde6d99","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1502,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275754185416,"flow_src_last_pkt_time":1694275754185416,"flow_dst_last_pkt_time":1694275754185416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754185416,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51437,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1502,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1694275754185416,"flow_dst_last_pkt_time":1694275754185416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275754185416,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjtAbv3qQ1dAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK8GJ7VAAAAAAEAgAA"} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1504,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275754188438,"flow_src_last_pkt_time":1694275754188438,"flow_dst_last_pkt_time":1694275754188438,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754188438,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51438,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1504,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1694275754188438,"flow_dst_last_pkt_time":1694275754188438,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275754188438,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjuAbtbos4HAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKDw8BxQAAAAAEAgAA"} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1517,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1694275754173951,"flow_dst_last_pkt_time":1694275754202041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275754202041,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yOyTSe32V1wslKAS\/oiHygAAAgQFrAQCCAqZAStQjSiZ1wEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1518,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1694275754202105,"flow_dst_last_pkt_time":1694275754202041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754202105,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjsAbtXXCyUk0nt94AQCBYGoQAAAQEICo0omfOZAStQ"} +01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1519,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1694275754202227,"flow_dst_last_pkt_time":1694275754202041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275754202227,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjsAbtXXCyUk0nt94AYCBYIpgAAAQEICo0omfOZAStQFgMBAgABAAH8AwPXIzcRPLRaTHpxU1Ikqi+RRRLkBmxDx5mQ\/nqgxQxymiAKOfEZ8irOMg130vlHqNJeS2a+8iQwvTpHCYAYxd0q0gAgysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTOjoAAAAKAAoACHp6AB0AFwAYAAsAAgEAABsAAwIAAgASAABEaQAFAAMCaDIAEAAOAAwCaDIIaHR0cC8xLjH\/AQABAAAzACsAKXp6AAEAAB0AIArnhdF+CKge8ZlSyjxw3ModMcWTS1ohLb9lbfdAVWZ\/ACMAAAArAAcGqqoDBAMDAC0AAgEBABcAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQANABIAEAQDCAQEAQUDCAUFAQgGBgEABQAFAQAAAABaWgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1519,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754173951,"flow_src_last_pkt_time":1694275754202227,"flow_dst_last_pkt_time":1694275754202041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754202227,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51436,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"9b0e7583c7ef3a345ec5a06e7cb11acc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1532,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1694275754188438,"flow_dst_last_pkt_time":1694275754215808,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275754215808,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yO5wE5csW6LOCKAS\/ohyKgAAAgQFrAQCCAqZAStgDw8BxQEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1533,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1694275754215878,"flow_dst_last_pkt_time":1694275754215808,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754215878,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjuAbtbos4IcBOXLYAQCBYGoQAAAQEICg8PAeGZAStg"} +01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1534,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1694275754216002,"flow_dst_last_pkt_time":1694275754215808,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275754216002,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjuAbtbos4IcBOXLYAYCBYIpgAAAQEICg8PAeGZAStgFgMBAgABAAH8AwNG6xajGlbC\/+0Mg3802vqK7PT820hA\/OUqpwbJodeJRSCu4HKLkAwPGESVtKP5YQa4eWnSp1lasFdXgsRu5DidXAAgSkoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTSkoAAAAFAAUBAAAAAAAXAAAAIwAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAtAAIBAURpAAUAAwJoMgAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAbAAMCAAIAEgAAAAsAAgEAACsABwb6+gMEAwP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQAKAAoACHp6AB0AFwAYADMAKwApenoAAQAAHQAg9gADJmcEWvYAoSIp57c\/zAs3QIQSoFgMjRwzaJ0uzWBaWgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1534,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754188438,"flow_src_last_pkt_time":1694275754216002,"flow_dst_last_pkt_time":1694275754215808,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754216002,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51438,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"1cd1a944e2d3347798156aa08a0a306a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1535,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1694275754185416,"flow_dst_last_pkt_time":1694275754217215,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275754217215,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yO07+LOT96kNXqAS\/ohTpAAAAgQFrAQCCAqZAStb8GJ7VAEDAwc="} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1536,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1694275754217283,"flow_dst_last_pkt_time":1694275754217215,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754217283,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjtAbv3qQ1eO\/izlIAQCBYGoQAAAQEICvBie3SZAStb"} +01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1537,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1694275754217409,"flow_dst_last_pkt_time":1694275754217215,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275754217409,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjtAbv3qQ1eO\/izlIAYCBYIpgAAAQEICvBie3SZAStbFgMBAgABAAH8AwPWlM2q21bYPWVm3dZI6NdZaIu\/vQUL2gFO8bChUYM0AiBnthjfWBtIiah+hdPpKJVWGpyXbLFZjjeSELhkUjMDhwAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTWloAAAAtAAIBAQAFAAUBAAAAAAAQAA4ADAJoMghodHRwLzEuMQAKAAoACDo6AB0AFwAYABIAAP8BAAEAADMAKwApOjoAAQAAHQAgek6VDYMXDlUlzMI82KSXZzbNoqUNGXaTNP70H2d9aDoAKwAHBmpqAwQDAwAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQALAAIBAAAXAABEaQAFAAMCaDIADQASABAEAwgEBAEFAwgFBQEIBgYBABsAAwIAAgAjAAB6egABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1537,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754185416,"flow_src_last_pkt_time":1694275754217409,"flow_dst_last_pkt_time":1694275754217215,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754217409,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51437,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"443c0128c0380aacb46492308cacdcaf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1550,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275754109202,"flow_src_last_pkt_time":1694275754222775,"flow_dst_last_pkt_time":1694275754222809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2535,"flow_dst_tot_l4_payload_len":8486,"midstream":0,"thread_ts_usec":1694275754222809,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":53,"avg":7328.4,"max":29008,"stddev":11707.9,"var":137075808.0,"ent":3.3,"data": [26766,26953,120,27281,562,27629,813,839,433,121,25853,1242,2546,29008,63,61,121,118,26073,1611,53,27591,133,175,125,306,255,75,54,127,73]},"pktlen": {"min":52,"avg":397.0,"max":1492,"stddev":481.5,"var":231822.5,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,52,93,76,52,591,52,1098,478,52,52,1098,52,1098,52,882,1098,52,478]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1,0,0,1,0,1,0,1,1,0,1],"entropies": [4.178360939,5.212701797,4.683251381,4.451683044,5.026988029,7.857296467,4.697768211,7.828640461,4.774691582,5.911512852,7.851897717,5.065449715,5.065449715,5.871349335,4.813152790,5.937906265,5.653701305,4.813152790,7.646155357,5.026988029,7.825329781,7.531569481,4.736229897,4.736229897,7.828527451,4.736229897,7.810995102,4.736229897,7.729085922,7.824745655,4.736229897,7.451065063]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1561,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1694275754202227,"flow_dst_last_pkt_time":1694275754229437,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754229437,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0CLlAADQGN5FNb\/dFwKgBHQG7yOyTSe33V1wumYAQAfqw4AAAAQEICpkBK2yNKJnz"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1562,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754173951,"flow_src_last_pkt_time":1694275754202227,"flow_dst_last_pkt_time":1694275754230968,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754230968,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51436,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"9b0e7583c7ef3a345ec5a06e7cb11acc","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02167{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1579,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275754087463,"flow_src_last_pkt_time":1694275754234003,"flow_dst_last_pkt_time":1694275754234527,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2545,"flow_dst_tot_l4_payload_len":8833,"midstream":0,"thread_ts_usec":1694275754234527,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51432,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":50,"avg":9471.1,"max":57872,"stddev":15017.5,"var":225526784.0,"ent":3.3,"data": [27112,27224,970,28628,1486,29076,93,121,228,122,26977,75,31206,57872,54,125,1121,1044,121,26899,2278,29074,159,50,173,133,201,126,164,131,561]},"pktlen": {"min":52,"avg":408.2,"max":1492,"stddev":535.4,"var":286624.8,"ent":3.9,"data": [64,60,52,569,52,1492,52,1127,52,116,1477,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,52,1492,52,1318,52,422]},"bins": {"c_to_s": [12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1],"entropies": [4.209610939,5.279368401,4.774691582,4.405547142,5.101990700,7.842993259,4.813152790,7.800993443,4.774691582,5.883537769,7.866736889,5.101990700,5.101990700,5.842633247,4.813152790,5.929789066,4.774691582,5.655566216,4.813152790,7.597860336,5.140452385,7.840083122,4.774691105,7.865912437,7.702890873,4.813152790,4.813152790,7.872797966,4.738150120,7.842354298,4.813152790,7.483771801]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1584,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1694275754216002,"flow_dst_last_pkt_time":1694275754242059,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754242059,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA004pAADQGbL9Nb\/dFwKgBHQG7yO5wE5ctW6LQDYAQAfqbQwAAAQEICpkBK3kPDwHh"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1585,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754188438,"flow_src_last_pkt_time":1694275754216002,"flow_dst_last_pkt_time":1694275754243526,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754243526,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51438,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"1cd1a944e2d3347798156aa08a0a306a","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1591,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1694275754217409,"flow_dst_last_pkt_time":1694275754248180,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754248180,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0aa1AADQG1pxNb\/dFwKgBHQG7yO07+LOU96kPY4AQAfp8sgAAAQEICpkBK3vwYnt0"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1593,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754185416,"flow_src_last_pkt_time":1694275754217409,"flow_dst_last_pkt_time":1694275754249808,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754249808,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51437,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"443c0128c0380aacb46492308cacdcaf","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02165{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1615,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275754128769,"flow_src_last_pkt_time":1694275754253928,"flow_dst_last_pkt_time":1694275754254386,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2537,"flow_dst_tot_l4_payload_len":8915,"midstream":0,"thread_ts_usec":1694275754254386,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51435,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":8089.5,"max":39082,"stddev":12490.1,"var":156003200.0,"ent":3.4,"data": [27390,27480,249,27182,1356,28286,92,124,218,120,25685,1244,12558,39082,57,53,128,120,26494,1303,27676,948,933,253,252,356,358,124,2,133,520]},"pktlen": {"min":52,"avg":410.5,"max":1492,"stddev":518.8,"var":269178.6,"ent":4.0,"data": [64,60,52,569,52,1492,52,1129,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,478,52,1098,52,1492,52,1492,520,52,480]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1],"entropies": [4.209610939,5.279368401,4.774691582,4.462305069,5.063529491,7.853986740,4.774691105,7.855288506,4.774691105,5.946134090,7.851401806,5.025067329,5.063529015,5.938840866,4.813152790,5.967528820,5.698264599,4.813152790,7.638842583,5.063529015,7.796915054,4.813152790,7.480909824,4.813152790,7.834682941,4.813152790,7.873820305,4.813152790,7.873530388,7.590673923,4.813152790,7.535659313]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1626,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275754263304,"flow_src_last_pkt_time":1694275754263304,"flow_dst_last_pkt_time":1694275754263304,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754263304,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51440,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1626,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1694275754263304,"flow_dst_last_pkt_time":1694275754263304,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275754263304,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjwAbuqEt3PAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKkvM+WAAAAAAEAgAA"} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1654,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1694275754263304,"flow_dst_last_pkt_time":1694275754291134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275754291134,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yPAm9ybIqhLd0KAS\/ogMsAAAAgQFrAQCCAqZASupkvM+WAEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1655,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1694275754291189,"flow_dst_last_pkt_time":1694275754291134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754291189,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjwAbuqEt3QJvcmyYAQCBYGoQAAAQEICpLzPnSZASup"} +01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1657,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1694275754291310,"flow_dst_last_pkt_time":1694275754291134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275754291310,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjwAbuqEt3QJvcmyYAYCBYIpgAAAQEICpLzPnSZASupFgMBAgABAAH8AwN\/rsPnuyo3H49M01ABYjRatkcMtX5alBP1e\/Pb1uUsmyBmyGpKj7FISvX4QoLaix1HzsLqrCJb0xYNbU+5WxJO0wAgKioTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTamoAAP8BAAEAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQALAAIBAAAtAAIBAQAzACsAKWpqAAEAAB0AIDnkd89JPA\/2gWK\/OWmqfmleNhCyIfV\/vvmvf8MVsfBbABsAAwIAAgAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbURpAAUAAwJoMgAFAAUBAAAAAAASAAAACgAKAAhqagAdABcAGAAQAA4ADAJoMghodHRwLzEuMQArAAcG6uoDBAMDACMAAAAXAAC6ugABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1657,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754263304,"flow_src_last_pkt_time":1694275754291310,"flow_dst_last_pkt_time":1694275754291134,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754291310,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51440,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"4de89109ff6576c4d8b4a6688718f393","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1669,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1694275754291310,"flow_dst_last_pkt_time":1694275754318236,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754318236,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0xMFAADQGe4hNb\/dFwKgBHQG7yPAm9ybJqhLf1YAQAfo1xgAAAQEICpkBK8WS8z50"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1670,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754263304,"flow_src_last_pkt_time":1694275754291310,"flow_dst_last_pkt_time":1694275754318782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754318782,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51440,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"4de89109ff6576c4d8b4a6688718f393","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1681,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1694275754173951,"flow_src_last_pkt_time":1694275754292941,"flow_dst_last_pkt_time":1694275754328160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1405,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2611,"flow_dst_tot_l4_payload_len":7674,"midstream":0,"thread_ts_usec":1694275754328160,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51436,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":8812.9,"max":31849,"stddev":12624.9,"var":159387984.0,"ent":3.5,"data": [28090,28154,122,27396,1531,28788,99,125,193,123,28156,1244,2735,31849,112,25,122,123,27184,1733,28734,219,1,215,186,2,1,198,244,27002,8493]},"pktlen": {"min":52,"avg":374.0,"max":1492,"stddev":504.4,"var":254392.6,"ent":3.9,"data": [64,60,52,569,52,1492,52,1129,52,116,1457,52,52,91,52,93,76,52,591,52,1098,52,1492,104,52,1492,280,367,52,138,52,584]},"bins": {"c_to_s": [9,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0],"s_to_c": [7,3,0,0,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,1,0,0,1,1],"entropies": [4.209610939,5.246035099,4.697768211,4.397861958,4.933627129,7.849544525,4.736229897,7.854951859,4.697768211,5.908147812,7.836333752,4.986606121,4.895165920,5.871349335,4.736229897,5.888302803,5.497672081,4.721712589,7.584928513,5.010550499,7.818240643,4.813152790,7.867399693,6.028574944,4.813152790,7.871778011,7.226988792,7.308317184,4.813152790,6.285698891,4.986605644,7.638573647]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1772,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275754263304,"flow_src_last_pkt_time":1694275754389266,"flow_dst_last_pkt_time":1694275754415554,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1423,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3051,"flow_dst_tot_l4_payload_len":5838,"midstream":0,"thread_ts_usec":1694275754415554,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51440,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":8974.6,"max":35635,"stddev":12697.2,"var":161217744.0,"ent":3.5,"data": [27830,27885,121,27102,546,27529,840,830,274,126,26171,1039,8743,35,35635,102,131,1,26009,5343,31325,209,25,1,154,122,1581,125,123,26933,1322]},"pktlen": {"min":52,"avg":330.4,"max":1492,"stddev":469.3,"var":220240.5,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1475,52,52,91,93,52,76,52,591,52,1098,52,1492,704,132,52,52,154,172,338,52,52]},"bins": {"c_to_s": [9,0,1,2,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [8,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,1,1],"entropies": [4.209610939,5.146035194,4.697768211,4.450056553,5.025067806,7.871761799,4.774691105,7.827337265,4.774691105,5.826527119,7.855667114,4.986606121,5.063529015,5.820655346,5.916401386,4.774691105,5.655566216,4.774691105,7.614426613,4.986605644,7.813764095,4.736229897,7.864622593,7.699440479,6.489213943,4.736229420,4.774691105,6.518905640,6.645439148,7.327331066,4.986606121,5.025067806]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1842,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1694275754188438,"flow_src_last_pkt_time":1694275754475502,"flow_dst_last_pkt_time":1694275754475507,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1413,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2533,"flow_dst_tot_l4_payload_len":8279,"midstream":0,"thread_ts_usec":1694275754475507,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51438,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":18520.4,"max":122292,"stddev":34250.8,"var":1173117056.0,"ent":3.1,"data": [27370,27440,124,26251,1467,27581,100,125,157,123,25729,67,66,96709,2,0,122292,121,27232,81194,37,108357,4,312,254,158,1,174,324,312,50]},"pktlen": {"min":52,"avg":390.5,"max":1492,"stddev":496.9,"var":246958.9,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1465,52,52,52,91,93,76,52,591,52,1098,478,52,52,1098,52,1492,488,52,1098,52,271]},"bins": {"c_to_s": [10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0,0,1,0,1,1,0,1,0,1],"entropies": [4.117421150,5.152541161,4.608248711,4.401409626,4.983880997,7.842836380,4.699688911,7.824921131,4.581578732,5.856733322,7.868278027,4.823332310,4.784870625,4.900255680,5.703821182,5.805127621,5.574754238,4.736229897,7.640416622,5.025067806,7.817220211,7.464954376,4.774691582,4.774691582,7.829095840,4.774691582,7.861445904,7.528592587,4.774691582,7.822453022,4.774691582,7.145882607]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02164{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1857,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275754185416,"flow_src_last_pkt_time":1694275754496344,"flow_dst_last_pkt_time":1694275754497122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2563,"flow_dst_tot_l4_payload_len":8121,"midstream":0,"thread_ts_usec":1694275754497122,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51437,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":20085.0,"max":125695,"stddev":35873.1,"var":1286878848.0,"ent":3.2,"data": [31799,31867,126,30965,1628,32465,1019,1033,262,1,0,31031,1096,93829,43,125695,4,89,120,120,31052,87826,46,118780,6,267,258,180,3,191,833]},"pktlen": {"min":52,"avg":386.5,"max":1492,"stddev":502.3,"var":252311.9,"ent":3.9,"data": [64,60,52,569,52,1492,52,1129,52,116,1492,55,52,52,91,93,52,52,76,52,591,52,1098,498,52,52,1098,52,1492,528,52,1098]},"bins": {"c_to_s": [12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,0,1,1,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1,1,0,1],"entropies": [4.178360939,5.246035099,4.736229897,4.456433773,5.025067806,7.868185997,4.736229897,7.769486904,4.774691105,6.000862122,7.872904778,4.784469604,4.986606121,5.025067806,5.938840389,5.931313515,4.774691105,4.774691105,5.645633221,4.774691105,7.597790718,5.025067329,7.806124210,7.590561867,4.774691105,4.774691105,7.804361820,4.736229420,7.860854626,7.518534660,4.774691105,7.830554485]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1875,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275754588065,"flow_src_last_pkt_time":1694275754588065,"flow_dst_last_pkt_time":1694275754588065,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754588065,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51441,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1875,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1694275754588065,"flow_dst_last_pkt_time":1694275754588065,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275754588065,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjxAbvuf721AAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKzEUEDQAAAAAEAgAA"} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1880,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1694275754588065,"flow_dst_last_pkt_time":1694275754615021,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275754615021,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yPHllHPF7n+9tqAS\/ojcdAAAAgQFrAQCCAqZASzuzEUEDQEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1881,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1694275754615121,"flow_dst_last_pkt_time":1694275754615021,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754615121,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjxAbvuf7225ZRzxoAQCBYGoQAAAQEICsxFBCiZASzu"} +01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1882,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1694275754615277,"flow_dst_last_pkt_time":1694275754615021,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275754615277,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjxAbvuf7225ZRzxoAYCBYIpgAAAQEICsxFBCiZASzuFgMBAgABAAH8AwMHlbsF8BakUAzjaA8e28V6EiKBP2Y43pfzj1u7FbexziB706YBATmvEbUO1DztFMgx1ZTh1DKfzqr6PZAA9CzfNgAgGhoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTmpoAAAAbAAMCAAL\/AQABAAAKAAoACCoqAB0AFwAYAC0AAgEBAAsAAgEAACsABwZ6egMEAwMAFwAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkqKgABAAAdACB4OgQdbZ8h0gvzv\/MVy5kx6ZLWI5ybIJZR7Y+qN5ppPQAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAAjAABEaQAFAAMCaDL6+gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1882,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275754588065,"flow_src_last_pkt_time":1694275754615277,"flow_dst_last_pkt_time":1694275754615021,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275754615277,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51441,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"ed5a9e40cd25a82b75ab0bd29f1bbc85","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1887,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1694275754615277,"flow_dst_last_pkt_time":1694275754642143,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275754642143,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0MxVAADQGDTVNb\/dFwKgBHQG7yPHllHPG7n+\/u4AQAfoFjQAAAQEICpkBLQnMRQQo"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1888,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275754588065,"flow_src_last_pkt_time":1694275754615277,"flow_dst_last_pkt_time":1694275754642602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275754642602,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51441,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"ed5a9e40cd25a82b75ab0bd29f1bbc85","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02167{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1919,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275754588065,"flow_src_last_pkt_time":1694275754887605,"flow_dst_last_pkt_time":1694275754887567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1413,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2533,"flow_dst_tot_l4_payload_len":8280,"midstream":0,"thread_ts_usec":1694275754887605,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51441,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":19323.9,"max":124559,"stddev":35992.1,"var":1295428992.0,"ent":3.1,"data": [26956,27056,156,27122,459,99,27426,137,584,128,26592,49,98688,124559,1229,1205,60,121,122,26221,91359,117424,203,146,254,2,1,259,207,1,217]},"pktlen": {"min":52,"avg":390.5,"max":1492,"stddev":500.1,"var":250056.1,"ent":4.0,"data": [64,60,52,569,52,1492,1129,52,52,116,1465,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,704,262,52,1098,271,52]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,1,0,1,1,0],"entropies": [4.123520851,5.154205322,4.683250904,4.412162781,5.010550022,7.834381104,7.791237831,4.721712589,4.721712589,5.949137688,7.879240513,4.948143959,4.909682274,5.859224319,4.721712589,5.771135330,4.721712589,5.514053822,4.721712589,7.619722366,4.972088814,7.835969448,4.760174274,7.801455021,4.760174274,7.874300480,7.673749924,7.163529873,4.721712589,7.815165997,7.164249420,4.721712589]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2003,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275755172671,"flow_src_last_pkt_time":1694275755172671,"flow_dst_last_pkt_time":1694275755172671,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755172671,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51442,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2003,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1694275755172671,"flow_dst_last_pkt_time":1694275755172671,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275755172671,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjyAbu2e3zpAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKO0TVawAAAAAEAgAA"} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2013,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1694275755172671,"flow_dst_last_pkt_time":1694275755199573,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275755199573,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yPLHzMixtnt86qAS\/ojbegAAAgQFrAQCCAqZAS82O0TVawEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2014,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1694275755199634,"flow_dst_last_pkt_time":1694275755199573,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755199634,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjyAbu2e3zqx8zIsoAQCBYGoQAAAQEICjtE1YaZAS82"} +01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2015,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1694275755199755,"flow_dst_last_pkt_time":1694275755199573,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275755199755,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjyAbu2e3zqx8zIsoAYCBYIpgAAAQEICjtE1YaZAS82FgMBAgABAAH8AwOhVdMZUZw2Ta90\/AmuRH8LafDWkwL7wvE25AdctOZZISDjd9upw8Ab8sW9OvFMqqdB0NZftfYem1nTiaIzIPDvVgAgiooTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTqqoAAAAQAA4ADAJoMghodHRwLzEuMQAjAABEaQAFAAMCaDIAGwADAgACAAUABQEAAAAAAAoACgAIWloAHQAXABgACwACAQAAEgAAACsABwaqqgMEAwMAFwAAADMAKwApWloAAQAAHQAgqiMn9qWVoOPvY2IKnREXjvIIuQHHjYv1xpkb9D\/c8GsADQASABAEAwgEBAEFAwgFBQEIBgYB\/wEAAQAALQACAQEAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20qKgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2015,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755172671,"flow_src_last_pkt_time":1694275755199755,"flow_dst_last_pkt_time":1694275755199573,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755199755,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51442,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"6666840c6dacae658c91615526eff942","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2017,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275755218416,"flow_src_last_pkt_time":1694275755218416,"flow_dst_last_pkt_time":1694275755218416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755218416,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51443,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2017,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1694275755218416,"flow_dst_last_pkt_time":1694275755218416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275755218416,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RcjzAbsxEndzAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKDDVGtwAAAAAEAgAA"} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2018,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275755218537,"flow_src_last_pkt_time":1694275755218537,"flow_dst_last_pkt_time":1694275755218537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755218537,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51444,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2018,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1694275755218537,"flow_dst_last_pkt_time":1694275755218537,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275755218537,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3Rcj0AbsZWwXAAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK9tU+aQAAAAAEAgAA"} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2020,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1694275755199755,"flow_dst_last_pkt_time":1694275755229473,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755229473,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0yV5AADYGdOtNb\/dFwKgBHQG7yPLHzMiytnt+74AQAfoEkAAAAQEICpkBL1Q7RNWG"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2021,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755172671,"flow_src_last_pkt_time":1694275755199755,"flow_dst_last_pkt_time":1694275755230954,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755230954,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51442,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"6666840c6dacae658c91615526eff942","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2034,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1694275755218416,"flow_dst_last_pkt_time":1694275755247149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275755247149,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yPPwt3LIMRJ3dKAS\/ohQ6wAAAgQFrAQCCAqZAS9mDDVGtwEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2035,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1694275755247226,"flow_dst_last_pkt_time":1694275755247149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755247226,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RcjzAbsxEnd08LdyyYAQCBYGoQAAAQEICgw1RtOZAS9m"} +01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2036,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1694275755247350,"flow_dst_last_pkt_time":1694275755247149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275755247350,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RcjzAbsxEnd08LdyyYAYCBYIpgAAAQEICgw1RtOZAS9mFgMBAgABAAH8AwPFjNLmli8qJUGnkKqv53i2tmSxoEoiyOnh0h\/j1WqyqiBkC5aN3NuUvinFD+Nvqi\/akQQ38IO0byUIcM\/65gz+hwAgGhoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAbAAMCAAIACgAKAAiqqgAdABcAGERpAAUAAwJoMgAFAAUBAAAAAAAXAAAACwACAQAAEAAOAAwCaDIIaHR0cC8xLjEADQASABAEAwgEBAEFAwgFBQEIBgYBADMAKwApqqoAAQAAHQAg\/bQXccLlpFNqnBu8SkXCxG+3zZiXwi0L+HX4yTDtPiIALQACAQEAEgAAACMAAAArAAcGOjoDBAMD\/wEAAQAAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb226ugABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2036,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755218416,"flow_src_last_pkt_time":1694275755247350,"flow_dst_last_pkt_time":1694275755247149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755247350,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51443,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"b22f4dc436b0a4d4bf71853f6f750b65","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2037,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1694275755218537,"flow_dst_last_pkt_time":1694275755248368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275755248368,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yPSeqGkrGVsFwaAS\/ohTrgAAAgQFrAQCCAqZAS9m9tU+aQEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2038,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1694275755248433,"flow_dst_last_pkt_time":1694275755248368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755248433,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3Rcj0AbsZWwXBnqhpLIAQCBYGoQAAAQEICvbVPoeZAS9m"} +01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2039,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1694275755248555,"flow_dst_last_pkt_time":1694275755248368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275755248555,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3Rcj0AbsZWwXBnqhpLIAYCBYIpgAAAQEICvbVPoeZAS9mFgMBAgABAAH8AwOXWZu5liF7DjpaLjXmN8QJTZ29QnGv6uJwC0pLqR3JXiB4Soa50lspWbCFxCEkUynBz0JVrwHxuSVJ1+OuOMBpdwAgmpoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAASAAAAMwArACmKigABAAAdACDG71m3mFhvex+B2KW7+V0MB\/2VNx3XUCiW20mTH\/qDCgAtAAIBAQAbAAMCAAIAKwAHBkpKAwQDAwALAAIBAAAFAAUBAAAAAAAjAAAAFwAARGkABQADAmgyAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tABAADgAMAmgyCGh0dHAvMS4xAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAKAAoACIqKAB0AFwAY\/wEAAQBaWgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2039,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755218537,"flow_src_last_pkt_time":1694275755248555,"flow_dst_last_pkt_time":1694275755248368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755248555,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51444,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"0db0f419a58896c0dee4527e22867862","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2042,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1694275755247350,"flow_dst_last_pkt_time":1694275755274581,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755274581,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0EW1AADQGLt1Nb\/dFwKgBHQG7yPPwt3LJMRJ5eYAQAfp6AgAAAQEICpkBL4EMNUbT"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2043,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755218416,"flow_src_last_pkt_time":1694275755247350,"flow_dst_last_pkt_time":1694275755275149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755275149,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51443,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"b22f4dc436b0a4d4bf71853f6f750b65","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2046,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1694275755248555,"flow_dst_last_pkt_time":1694275755275947,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755275947,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0tNVAADQGi3RNb\/dFwKgBHQG7yPSeqGksGVsHxoAQAfp8wQAAAQEICpkBL4P21T6H"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2050,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755218537,"flow_src_last_pkt_time":1694275755248555,"flow_dst_last_pkt_time":1694275755277274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755277274,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51444,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"0db0f419a58896c0dee4527e22867862","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02160{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2088,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275755218416,"flow_src_last_pkt_time":1694275755349874,"flow_dst_last_pkt_time":1694275755349765,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2606,"flow_dst_tot_l4_payload_len":9313,"midstream":0,"thread_ts_usec":1694275755349874,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51443,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":8477.6,"max":41933,"stddev":13035.7,"var":169929040.0,"ent":3.4,"data": [28733,28810,124,27432,568,27899,751,720,296,128,25888,48,1133,15243,41,41933,6,108,146,127,27209,2863,29923,284,1,245,248,248,797,2,853]},"pktlen": {"min":52,"avg":425.1,"max":1492,"stddev":548.5,"var":300824.4,"ent":3.9,"data": [64,60,52,569,52,1492,52,1129,52,116,1469,52,52,52,91,93,52,52,76,52,660,52,1098,52,1492,704,52,1492,52,1492,726,52]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,1,0,1,1,0],"entropies": [4.209610939,5.179368496,4.774691582,4.431435585,5.063529015,7.849660397,4.774691105,7.813685417,4.736229420,5.936122894,7.856051445,5.025067329,5.025067329,5.025067329,5.982796192,5.960935116,4.813152790,4.813152790,5.708197594,4.760174274,7.601703644,5.025067329,7.811446667,4.774691105,7.878164768,7.722664356,4.813152790,7.861680031,4.813152790,7.862159729,7.756608009,4.813152790]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02169{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2173,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275755218537,"flow_src_last_pkt_time":1694275755474480,"flow_dst_last_pkt_time":1694275755477173,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1409,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3336,"flow_dst_tot_l4_payload_len":4222,"midstream":0,"thread_ts_usec":1694275755477173,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51444,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":16599.3,"max":98727,"stddev":25221.2,"var":636110208.0,"ent":3.6,"data": [29831,29896,122,27579,1327,48,28784,126,253,1,26948,50,14095,65,40762,94,124,130,27112,1236,28283,675,27392,96809,124,98727,36,1194,29729,125,2902]},"pktlen": {"min":52,"avg":288.8,"max":1492,"stddev":419.8,"var":176233.3,"ent":3.9,"data": [64,60,52,569,52,1492,1128,52,52,116,1461,52,52,91,93,52,76,52,608,52,527,52,138,52,172,583,52,52,133,52,105,1098]},"bins": {"c_to_s": [8,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [9,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,0,0,1,0,0,1,1,1,0,0,1],"entropies": [4.147110939,5.179368496,4.736229897,4.460231304,5.025067329,7.857233524,7.810930252,4.736229897,4.646038055,5.957015991,7.839579105,4.911603451,4.950064659,5.831859112,5.853408813,4.774691105,5.645633221,4.774691105,7.545179844,5.063529015,7.596055508,4.774691105,6.332621574,4.972088814,6.592332363,7.682801247,5.025067806,5.063529015,6.338855743,4.736229420,5.810498714,7.810382843]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2231,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275755591179,"flow_src_last_pkt_time":1694275755591179,"flow_dst_last_pkt_time":1694275755591179,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755591179,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51449,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2231,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1694275755591179,"flow_dst_last_pkt_time":1694275755591179,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275755591179,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3Rcj5AbtaWrGpAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK4tGJNwAAAAAEAgAA"} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2233,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275755597605,"flow_src_last_pkt_time":1694275755597605,"flow_dst_last_pkt_time":1694275755597605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755597605,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51450,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2233,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1694275755597605,"flow_dst_last_pkt_time":1694275755597605,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275755597605,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3Rcj6Abslx6hHAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKtdkSOAAAAAAEAgAA"} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2235,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275755603186,"flow_src_last_pkt_time":1694275755603186,"flow_dst_last_pkt_time":1694275755603186,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755603186,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51451,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2235,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1694275755603186,"flow_dst_last_pkt_time":1694275755603186,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275755603186,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3Rcj7AbsTyBVHAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKc6G7nwAAAAAEAgAA"} +02172{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2249,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275755172671,"flow_src_last_pkt_time":1694275755613943,"flow_dst_last_pkt_time":1694275755614159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2539,"flow_dst_tot_l4_payload_len":10775,"midstream":0,"thread_ts_usec":1694275755614159,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51442,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":28476.1,"max":207447,"stddev":57513.3,"var":3307776000.0,"ent":2.9,"data": [26902,26963,121,29900,1481,31249,81,125,248,1,25748,1209,169429,1,1,207447,0,42810,141766,173253,84,120,1278,1193,231,237,210,196,90,119,267]},"pktlen": {"min":52,"avg":468.7,"max":1492,"stddev":574.1,"var":329541.2,"ent":4.0,"data": [64,60,52,569,52,1492,52,1127,52,116,1471,52,52,91,93,76,52,591,52,1098,52,498,52,1098,52,1492,52,1492,52,1492,52,1350]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,1,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.209610939,5.246035576,4.736229897,4.445782185,5.101990700,7.858139992,4.813153267,7.810012341,4.774691582,5.942630291,7.861597538,5.063529015,5.101990700,5.967556477,5.777929783,5.602934837,4.813152790,7.591184616,5.140452385,7.832652569,4.774691105,7.585302353,4.813152790,7.814891338,4.774691105,7.866682053,4.813152790,7.861637592,4.813152790,7.840278625,4.813152790,7.855187416]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2256,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1694275755591179,"flow_dst_last_pkt_time":1694275755617537,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275755617537,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yPns8LUkWlqxqqAS\/oiUQQAAAgQFrAQCCAqZATDZ4tGJNwEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2257,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1694275755617582,"flow_dst_last_pkt_time":1694275755617537,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755617582,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3Rcj5AbtaWrGq7PC1JYAQCBYGoQAAAQEICuLRiVKZATDZ"} +01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2258,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1694275755617701,"flow_dst_last_pkt_time":1694275755617537,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275755617701,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3Rcj5AbtaWrGq7PC1JYAYCBYIpgAAAQEICuLRiVKZATDZFgMBAgABAAH8AwNBblVKS2hPon0Q7u5q0xBF+xrnRq078gmjdgo56P9T4CCXGI8MGVPdjueAlRhAUrFr25cxEy6524S25poNYBcieQAgOjoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTuroAAERpAAUAAwJoMgAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAALAAIBAAArAAcGmpoDBAMDABcAAAAjAAD\/AQABAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApiooAAQAAHQAg\/12Z2e3qk6WpBKLIlwyRN4APIJI3xyWNZK7lHuj55wEACgAKAAiKigAdABcAGAAtAAIBAQAbAAMCAALKygABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2258,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755591179,"flow_src_last_pkt_time":1694275755617701,"flow_dst_last_pkt_time":1694275755617537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755617701,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51449,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"5b895f864c5e0255be1e527a0f8d44b3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2263,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1694275755597605,"flow_dst_last_pkt_time":1694275755623725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275755623725,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yPrIerr5JceoSKAS\/oiUyAAAAgQFrAQCCAqZATDftdkSOAEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2264,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1694275755623772,"flow_dst_last_pkt_time":1694275755623725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755623772,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3Rcj6Abslx6hIyHq6+oAQCBYGoQAAAQEICrXZElKZATDf"} +01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2265,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1694275755623890,"flow_dst_last_pkt_time":1694275755623725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275755623890,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3Rcj6Abslx6hIyHq6+oAYCBYIpgAAAQEICrXZElKZATDfFgMBAgABAAH8AwMzNyawml\/KOra9wtXm9ZfZKXBENN+GtHDnrb\/+1u8mwCBZFiQ5C0IkSnggbrQr3Gtg0IBEDW6gvPfCxApYEDODlQAgKioTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTmpoAAAAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgFEaQAFAAMCaDIAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AEAAOAAwCaDIIaHR0cC8xLjEACwACAQAAEgAAADMAKwApmpoAAQAAHQAgr8moM6nHczuCpkYXd+tGZYykCqqU\/7FqOBRpVxUuLFcAKwAHBtraAwQDAwAKAAoACJqaAB0AFwAYABsAAwIAAgAjAAAAFwAA\/wEAAQAALQACAQH6+gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2265,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755597605,"flow_src_last_pkt_time":1694275755623890,"flow_dst_last_pkt_time":1694275755623725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755623890,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51450,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"13336f4a1d32920be14b7ab819cf7856","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2267,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275755624913,"flow_src_last_pkt_time":1694275755624913,"flow_dst_last_pkt_time":1694275755624913,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755624913,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2267,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1694275755624913,"flow_dst_last_pkt_time":1694275755624913,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275755624913,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3Rcj8Abvzl+xlAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK4treRwAAAAAEAgAA"} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2273,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1694275755603186,"flow_dst_last_pkt_time":1694275755629945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275755629945,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yPtmlCswE8gVSKAS\/ojEQQAAAgQFrAQCCAqZATDlc6G7nwEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2274,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1694275755629981,"flow_dst_last_pkt_time":1694275755629945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755629981,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3Rcj7AbsTyBVIZpQrMYAQCBYGoQAAAQEICnOhu7qZATDl"} +01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2275,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1694275755630099,"flow_dst_last_pkt_time":1694275755629945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275755630099,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3Rcj7AbsTyBVIZpQrMYAYCBYIpgAAAQEICnOhu7qZATDlFgMBAgABAAH8AwPSXSGnWGRpvK6AQdh9X7VjiU0531JEWyzEgTJj\/X5fJiDJiMDHxqTv\/uw1ZiyYFt1kVMh48ORdzq5MoVZHMPWdBgAgysoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTKioAAP8BAAEARGkABQADAmgyAAoACgAImpoAHQAXABgAEAAOAAwCaDIIaHR0cC8xLjEADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAALAAIBAAArAAcGamoDBAMDAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tABsAAwIAAgAXAAAABQAFAQAAAAAALQACAQEAMwArACmamgABAAAdACBRisHa5iUV0jEGFK0NDJj17ej2vV\/EIzpGN0BOiEZVEgAjAAA6OgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2275,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755603186,"flow_src_last_pkt_time":1694275755630099,"flow_dst_last_pkt_time":1694275755629945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755630099,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51451,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"24893e4411f07f81c140a8dee7689f4f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2278,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1694275755617701,"flow_dst_last_pkt_time":1694275755644515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755644515,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA04MVAADQGX4RNb\/dFwKgBHQG7yPns8LUlWlqzr4AQAfq9WgAAAQEICpkBMPPi0YlS"} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2280,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275755644863,"flow_src_last_pkt_time":1694275755644863,"flow_dst_last_pkt_time":1694275755644863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755644863,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51453,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2280,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1694275755644863,"flow_dst_last_pkt_time":1694275755644863,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275755644863,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3Rcj9Abt\/JbSWAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKYGFwSwAAAAAEAgAA"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2281,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755591179,"flow_src_last_pkt_time":1694275755617701,"flow_dst_last_pkt_time":1694275755645050,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755645050,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51449,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"5b895f864c5e0255be1e527a0f8d44b3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2287,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1694275755623890,"flow_dst_last_pkt_time":1694275755649436,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755649436,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0a2lAADQG1OBNb\/dFwKgBHQG7yPrIerr6JceqTYAQAfq94gAAAQEICpkBMPm12RJS"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2288,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755597605,"flow_src_last_pkt_time":1694275755623890,"flow_dst_last_pkt_time":1694275755651006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755651006,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51450,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"13336f4a1d32920be14b7ab819cf7856","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2297,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1694275755624913,"flow_dst_last_pkt_time":1694275755652295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275755652295,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yPw7GJOu85fsZqAS\/og+WAAAAgQFrAQCCAqZATD74treRwEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2298,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1694275755652361,"flow_dst_last_pkt_time":1694275755652295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755652361,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3Rcj8Abvzl+xmOxiTr4AQCBYGoQAAAQEICuLa3mOZATD7"} +01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2299,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1694275755652483,"flow_dst_last_pkt_time":1694275755652295,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275755652483,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3Rcj8Abvzl+xmOxiTr4AYCBYIpgAAAQEICuLa3mOZATD7FgMBAgABAAH8AwPm69jZyChAAcbLoQo\/fO9eOC1idWAm054SZMWB\/+CuLyBLb8XpDsCR00jON1OyF4XBrCyw6GBV\/\/cZDN2rLnWwOwAgWloTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTenoAAAAzACsAKXp6AAEAAB0AIGTNJqj1zAMFw4wmyB4qNLeEUV4lVmcsyJRj7pGcVWdh\/wEAAQAALQACAQEAKwAHBoqKAwQDAwASAAAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tAAoACgAIenoAHQAXABgAGwADAgACRGkABQADAmgyAAsAAgEAABcAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEqKgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2299,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755624913,"flow_src_last_pkt_time":1694275755652483,"flow_dst_last_pkt_time":1694275755652295,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755652483,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"21da300403df11ae32db088408a85dc4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2301,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1694275755630099,"flow_dst_last_pkt_time":1694275755656946,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755656946,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0J2FAADYGFulNb\/dFwKgBHQG7yPtmlCsxE8gXTYAQAfrtWQAAAQEICpkBMQBzobu6"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2302,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755603186,"flow_src_last_pkt_time":1694275755630099,"flow_dst_last_pkt_time":1694275755658497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755658497,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51451,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"24893e4411f07f81c140a8dee7689f4f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2313,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1694275755644863,"flow_dst_last_pkt_time":1694275755673430,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275755673430,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yP2vUhtKfyW0l6AS\/ojfJAAAAgQFrAQCCAqZATEPYGFwSwEDAwc="} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2314,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1694275755673505,"flow_dst_last_pkt_time":1694275755673430,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755673505,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3Rcj9Abt\/JbSXr1IbS4AQCBYGoQAAAQEICmBhcGeZATEP"} +01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2315,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1694275755673634,"flow_dst_last_pkt_time":1694275755673430,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275755673634,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3Rcj9Abt\/JbSXr1IbS4AYCBYIpgAAAQEICmBhcGeZATEPFgMBAgABAAH8AwPjfg0tVSLoSaetEBjHNBrhhpNUCGsMaaWreh2gW2amuiCxrHVOVlfkefsnz10FmlSXfPfN\/yUHQTkZGojc8Bad7AAgOjoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTCgoAAAASAAAACgAKAAja2gAdABcAGAALAAIBAAAXAAD\/AQABAAAQAA4ADAJoMghodHRwLzEuMQAbAAMCAAIAIwAAAAUABQEAAAAAAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAtAAIBAQArAAcGOjoDBAMDRGkABQADAmgyADMAKwAp2toAAQAAHQAgMw2JWdOk+fH36BPMY3CgwQT9bdL71BRHrzqp\/yCbk0KKigABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2315,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755644863,"flow_src_last_pkt_time":1694275755673634,"flow_dst_last_pkt_time":1694275755673430,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755673634,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51453,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"ef6e2a9a1f67eb7b02766703f54ce119","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2325,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1694275755652483,"flow_dst_last_pkt_time":1694275755679588,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755679588,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0x6FAADQGeKhNb\/dFwKgBHQG7yPw7GJOv85fua4AQAfpnbwAAAQEICpkBMRbi2t5j"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2326,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755624913,"flow_src_last_pkt_time":1694275755652483,"flow_dst_last_pkt_time":1694275755680066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755680066,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"21da300403df11ae32db088408a85dc4","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2340,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1694275755673634,"flow_dst_last_pkt_time":1694275755700731,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755700731,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0sN1AADYGjWxNb\/dFwKgBHQG7yP2vUhtLfyW2nIAQAfoIOwAAAQEICpkBMStgYXBn"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2341,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755644863,"flow_src_last_pkt_time":1694275755673634,"flow_dst_last_pkt_time":1694275755702233,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755702233,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51453,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"ef6e2a9a1f67eb7b02766703f54ce119","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02168{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2379,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275755591179,"flow_src_last_pkt_time":1694275755734383,"flow_dst_last_pkt_time":1694275755734310,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1407,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3172,"flow_dst_tot_l4_payload_len":6067,"midstream":0,"thread_ts_usec":1694275755734383,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51449,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9236.6,"max":31972,"stddev":12441.7,"var":154796832.0,"ent":3.6,"data": [26358,26403,119,26978,535,27389,852,861,254,0,25874,1241,5086,31972,77,55,125,128,26000,1592,27438,118,120,294,291,271,123,25492,1251,1328,27710]},"pktlen": {"min":52,"avg":341.3,"max":1492,"stddev":465.2,"var":216385.7,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1459,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1185,52,154,595,52,52,274,52]},"bins": {"c_to_s": [10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0],"s_to_c": [8,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,0,0,1,1,1,0],"entropies": [4.178360939,5.246035099,4.736229897,4.450769901,5.010550499,7.831455231,4.774691582,7.821967602,4.736229897,5.812989712,7.870883465,4.948144436,4.909682751,5.871349335,4.774691105,5.904536724,5.655566216,4.774691582,7.625833035,4.948144436,7.843266964,4.697768211,7.834841251,4.697768211,7.848744392,4.697768211,6.287255287,7.592099667,4.986606121,5.063529491,7.216260910,4.774691582]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02156{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2383,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275755597605,"flow_src_last_pkt_time":1694275755713599,"flow_dst_last_pkt_time":1694275755739336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1409,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3510,"flow_dst_tot_l4_payload_len":3095,"midstream":0,"thread_ts_usec":1694275755739336,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51450,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8313.7,"max":34384,"stddev":12122.2,"var":146947904.0,"ent":3.4,"data": [26120,26167,118,25711,1570,27175,107,127,259,0,25689,37,1216,7698,47,34384,92,136,131,25849,1397,27101,130,125,1,139,1,24899,84,1176,39]},"pktlen": {"min":52,"avg":259.0,"max":1492,"stddev":395.4,"var":156313.4,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1461,52,52,52,91,93,52,76,52,608,52,527,52,138,172,603,155,156,52,52,52,52]},"bins": {"c_to_s": [7,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [11,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1],"entropies": [4.178360939,5.133453369,4.659306526,4.424107075,4.933627605,7.842966080,4.659306526,7.815097809,4.697768211,5.880172253,7.882228851,5.025067329,4.986605644,5.063529015,5.903180122,5.794164658,4.736229897,5.497671604,4.736229897,7.663942814,5.063529015,7.601342678,4.736229897,6.248495102,6.650170803,7.628144741,6.482193947,6.486794472,4.986605644,4.909682274,4.986605644,4.948143959]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02165{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2437,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1694275755624913,"flow_src_last_pkt_time":1694275755770788,"flow_dst_last_pkt_time":1694275755770628,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3302,"flow_dst_tot_l4_payload_len":3177,"midstream":0,"thread_ts_usec":1694275755770788,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":43,"avg":9406.1,"max":33781,"stddev":12793.0,"var":163659648.0,"ent":3.6,"data": [27382,27448,122,27293,478,27639,107,126,188,128,26067,466,7577,48,33781,141,1198,1103,126,27510,414,27780,313,119,120,26168,43,846,118,26619,122]},"pktlen": {"min":52,"avg":255.1,"max":1492,"stddev":395.4,"var":156328.1,"ent":3.8,"data": [64,60,52,569,52,1492,52,1129,52,116,1469,52,52,91,93,52,52,76,52,612,52,527,52,138,172,537,52,52,52,133,52,105]},"bins": {"c_to_s": [9,1,2,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [9,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,1,0,0,1,1,0,0,0,0,1,1,1,1,0,0],"entropies": [4.209610939,5.279368401,4.774691582,4.425284386,5.025067329,7.843840599,4.774691105,7.790525913,4.813152790,5.903921127,7.861433029,5.063529491,5.049012184,6.057025433,5.917924881,4.736229897,4.736229897,5.619317532,4.774691582,7.620691299,5.063529491,7.641309261,4.813152790,6.272734165,6.614942074,7.499053478,5.063529491,5.025067329,5.063529015,6.509944439,4.774691582,5.864982128]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2443,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275755774249,"flow_src_last_pkt_time":1694275755774249,"flow_dst_last_pkt_time":1694275755774249,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755774249,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51454,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2443,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1694275755774249,"flow_dst_last_pkt_time":1694275755774249,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275755774249,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3Rcj+AbvXXEehAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK7FSJ4gAAAAAEAgAA"} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2450,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1694275755774249,"flow_dst_last_pkt_time":1694275755805902,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275755805902,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yP6NE3Ex11xHoqAS\/ogaLQAAAgQFrAQCCAqZATGR7FSJ4gEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2451,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1694275755806023,"flow_dst_last_pkt_time":1694275755805902,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755806023,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3Rcj+AbvXXEeijRNxMoAQCBYGoQAAAQEICuxUigKZATGR"} +01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2452,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1694275755806268,"flow_dst_last_pkt_time":1694275755805902,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275755806268,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3Rcj+AbvXXEeijRNxMoAYCBYIpgAAAQEICuxUigKZATGRFgMBAgABAAH8AwNGpkj\/QkdpAIrwvOPJBDEHpKp68mgEznrUbNTQfiZJsyAd3ZVLEIna1q4yvnuXDdQka2nzoE2cvsv\/1uL3Wp88lAAg2toTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTamoAAAAKAAoACNraAB0AFwAYAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQArAAcGuroDBAMDABsAAwIAAgAXAAAAIwAAADMAKwAp2toAAQAAHQAga+Vf4pVuQc3pJIAVNiRKKR6ZRWnKOOpIiR3oxeYU2FAAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20ALQACAQEAEAAOAAwCaDIIaHR0cC8xLjFEaQAFAAMCaDL\/AQABAAAFAAUBAAAAAAASAAAACwACAQBaWgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2452,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275755774249,"flow_src_last_pkt_time":1694275755806268,"flow_dst_last_pkt_time":1694275755805902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275755806268,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51454,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"b9673546747d1952575dd5a057ad34e4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2459,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1694275755806268,"flow_dst_last_pkt_time":1694275755837073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275755837073,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0z9BAADYGbnlNb\/dFwKgBHQG7yP6NE3Ey11xJp4AQAfpDPAAAAQEICpkBMbDsVIoC"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2462,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275755774249,"flow_src_last_pkt_time":1694275755806268,"flow_dst_last_pkt_time":1694275755838478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275755838478,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51454,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"b9673546747d1952575dd5a057ad34e4","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02171{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2502,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275755603186,"flow_src_last_pkt_time":1694275756014048,"flow_dst_last_pkt_time":1694275756014007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2539,"flow_dst_tot_l4_payload_len":9684,"midstream":0,"thread_ts_usec":1694275756014048,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51451,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":26505.9,"max":177926,"stddev":53972.7,"var":2913053696.0,"ent":2.9,"data": [26759,26795,118,27001,1551,46,28496,132,175,128,25738,41,152514,31,61,177926,5,125,123,26062,149084,174977,1329,1279,230,2,212,261,250,111,121]},"pktlen": {"min":52,"avg":434.6,"max":1492,"stddev":557.9,"var":311277.2,"ent":3.9,"data": [64,60,52,569,52,1492,1128,52,52,116,1471,52,52,91,93,76,52,52,52,591,52,1098,52,1098,52,1492,704,52,1492,52,1492,52]},"bins": {"c_to_s": [12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0],"entropies": [4.147110939,5.212701797,4.659306526,4.448028564,4.911602974,7.852905273,7.816896915,4.584303856,4.584303856,5.874025345,7.854696274,5.063529015,5.025067329,5.806972980,5.845292091,5.602934361,4.697768211,4.697768211,4.697768211,7.632014751,5.101990700,7.819012642,4.736229420,7.817387581,4.697767735,7.876556396,7.676926613,4.683250904,7.875154495,4.736229420,7.877687454,4.736229420]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2519,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275756080159,"flow_src_last_pkt_time":1694275756080159,"flow_dst_last_pkt_time":1694275756080159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756080159,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51455,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2519,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1694275756080159,"flow_dst_last_pkt_time":1694275756080159,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275756080159,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3Rcj\/Abt3vHaUAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKlsYSZQAAAAAEAgAA"} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2521,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275756081462,"flow_src_last_pkt_time":1694275756081462,"flow_dst_last_pkt_time":1694275756081462,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756081462,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51456,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2521,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1694275756081462,"flow_dst_last_pkt_time":1694275756081462,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275756081462,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RckAAbu7rSimAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKF4gg1QAAAAAEAgAA"} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2531,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1694275756081462,"flow_dst_last_pkt_time":1694275756108504,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275756108504,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yQBQuQp\/u60op6AS\/og0igAAAgQFrAQCCAqZATLDF4gg1QEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2532,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_src_last_pkt_time":1694275756108597,"flow_dst_last_pkt_time":1694275756108504,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275756108597,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckAAbu7rSinULkKgIAQCBYGoQAAAQEICheIIPCZATLD"} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2533,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1694275756080159,"flow_dst_last_pkt_time":1694275756108690,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275756108690,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yP+UKzdid7x2laAS\/ohJawAAAgQFrAQCCAqZATLClsYSZQEDAwc="} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2534,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1694275756108729,"flow_dst_last_pkt_time":1694275756108690,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275756108729,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3Rcj\/Abt3vHaVlCs3Y4AQCBYGoQAAAQEICpbGEoKZATLC"} +01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2535,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_src_last_pkt_time":1694275756108850,"flow_dst_last_pkt_time":1694275756108504,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275756108850,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckAAbu7rSinULkKgIAYCBYIpgAAAQEICheIIPCZATLDFgMBAgABAAH8AwOM7K9r300z2h3rvxRH7Rl9yxRzM1Eajc3TrkdtPvoZhSClQjBmN3Q61Yy+jBa3DuhmcxxZUH\/3ij1QjPpb\/CvGqAAgGhoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTiooAAERpAAUAAwJoMv8BAAEAAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tACsABwb6+gMEAwMAGwADAgACACMAAAAFAAUBAAAAAAAXAAAACgAKAAhqagAdABcAGAASAAAAMwArAClqagABAAAdACCf1Sjjo7JDU2jqP41GT6oPNZbdTh1FSwoBDhmpDiSgUQANABIAEAQDCAQEAQUDCAUFAQgGBgEAEAAOAAwCaDIIaHR0cC8xLjEALQACAQEACwACAQD6+gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2535,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275756081462,"flow_src_last_pkt_time":1694275756108850,"flow_dst_last_pkt_time":1694275756108504,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756108850,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51456,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"bee75f12c56aaceb252c1f9ace4b1cfd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2536,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1694275756108979,"flow_dst_last_pkt_time":1694275756108690,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275756108979,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3Rcj\/Abt3vHaVlCs3Y4AYCBYIpgAAAQEICpbGEoKZATLCFgMBAgABAAH8AwPXTqsLkJaS8zXGTCy1QJTfEgiACXVjVo5t8xtkmY0qsSCMuGesL6fk78zK5qVbvLRqUWqXlbnvKiVC8Se7EZCa2gAgOjoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTGhoAAAAjAAAAEgAAABcAAAAKAAoACHp6AB0AFwAYADMAKwApenoAAQAAHQAgw5SV1kcLdXMNO11pOT8xJb6deEH4NnMba76OAOnl6WREaQAFAAMCaDIACwACAQD\/AQABAAAtAAIBAQANABIAEAQDCAQEAQUDCAUFAQgGBgEAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAGwADAgACAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tACsABwZqagMEAwPKygABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2536,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275756080159,"flow_src_last_pkt_time":1694275756108979,"flow_dst_last_pkt_time":1694275756108690,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756108979,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51455,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"16c00cfec64cfdd4975fc3e3c286e38c","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2577,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1694275756108850,"flow_dst_last_pkt_time":1694275756136634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275756136634,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0YjtAADYG3A5Nb\/dFwKgBHQG7yQBQuQqAu60qrIAQAfpdoQAAAQEICpkBMt8XiCDw"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2579,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275756081462,"flow_src_last_pkt_time":1694275756108850,"flow_dst_last_pkt_time":1694275756136942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275756136942,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51456,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"bee75f12c56aaceb252c1f9ace4b1cfd","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2583,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1694275756108979,"flow_dst_last_pkt_time":1694275756137319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275756137319,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0QAdAADYG\/kJNb\/dFwKgBHQG7yP+UKzdjd7x4moAQAfpyfwAAAQEICpkBMt+WxhKC"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2586,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275756080159,"flow_src_last_pkt_time":1694275756108979,"flow_dst_last_pkt_time":1694275756138504,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275756138504,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51455,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"16c00cfec64cfdd4975fc3e3c286e38c","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2620,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275756164882,"flow_src_last_pkt_time":1694275756164882,"flow_dst_last_pkt_time":1694275756164882,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756164882,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51457,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2620,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1694275756164882,"flow_dst_last_pkt_time":1694275756164882,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275756164882,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RckBAbuE6sSOAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKUA6QSwAAAAAEAgAA"} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2637,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275756187552,"flow_src_last_pkt_time":1694275756187552,"flow_dst_last_pkt_time":1694275756187552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756187552,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2637,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1694275756187552,"flow_dst_last_pkt_time":1694275756187552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275756187552,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RckCAbucGNUrAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKvI36SAAAAAAEAgAA"} +02177{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2641,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753009120,"flow_src_last_pkt_time":1694275756164761,"flow_dst_last_pkt_time":1694275756191079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2631,"flow_dst_tot_l4_payload_len":5434,"midstream":0,"thread_ts_usec":1694275756191079,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51405,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":204438.7,"max":3028448,"stddev":738279.9,"var":545057275904.0,"ent":1.4,"data": [32964,32996,273,26592,1082,27406,144,136,285,120,25958,1124,8873,77,35629,68,119,0,26186,2068,28216,70,1,121,490,28240,27689,64,125,3002036,3028448]},"pktlen": {"min":52,"avg":304.7,"max":1492,"stddev":439.9,"var":193493.4,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1477,52,52,91,93,52,76,52,591,52,1098,52,1098,453,52,138,253,52,148,52,52,76]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,0,1],"entropies": [4.209610939,5.246035099,4.774691582,4.420200825,5.025067806,7.829051495,4.774691582,7.819931984,4.774691582,5.987846851,7.875611782,4.983880997,4.908878326,5.871349335,5.923196793,4.774691105,5.708197594,4.774691105,7.636032581,4.986606121,7.818279266,4.736229420,7.801599503,7.569772243,4.736229897,6.311936855,7.068438053,4.774691582,6.574057102,4.721713066,4.554598331,5.645633221]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2646,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275756191905,"flow_src_last_pkt_time":1694275756191905,"flow_dst_last_pkt_time":1694275756191905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756191905,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2646,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1694275756191905,"flow_dst_last_pkt_time":1694275756191905,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275756191905,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RckDAbvYAmV1AAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKDFmkGwAAAAAEAgAA"} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2653,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1694275756164882,"flow_dst_last_pkt_time":1694275756192719,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275756192719,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yQFLPB7PhOrEj6AS\/ogYQAAAAgQFrAQCCAqZATMXUA6QSwEDAwc="} +00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2654,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1694275756192739,"flow_dst_last_pkt_time":1694275756192719,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1694275756192739,"pkt":"EBMx8Tl2nFg8p+7MCABFAAAoAABAAEAGAADAqAEdTW\/3RckBAbuE6sSPAAAAAFAEAAAGlQAA"} +02166{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2683,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275756081462,"flow_src_last_pkt_time":1694275756197896,"flow_dst_last_pkt_time":1694275756197489,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2757,"flow_dst_tot_l4_payload_len":7806,"midstream":0,"thread_ts_usec":1694275756197896,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51456,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":7498.7,"max":29172,"stddev":11790.7,"var":139021392.0,"ent":3.3,"data": [27042,27135,253,28130,308,28116,318,342,332,119,25709,1248,2682,29172,43,72,124,122,26046,2216,12,28139,226,234,133,1,118,1841,1868,239,121]},"pktlen": {"min":52,"avg":382.7,"max":1492,"stddev":493.6,"var":243675.8,"ent":4.0,"data": [64,60,52,569,52,1492,52,1129,52,116,1467,52,52,91,52,93,76,52,591,52,1098,498,52,1098,52,1492,280,52,1031,52,154,172]},"bins": {"c_to_s": [10,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,1,0,0,0],"entropies": [4.057611465,5.140226364,4.569115162,4.404561043,4.950064659,7.834033489,4.646038055,7.817556381,4.684499741,5.905292034,7.874547005,4.988526344,4.950064659,5.827393532,4.646038055,5.989033699,5.601069927,4.646038055,7.663946152,4.950064659,7.823734760,7.493938446,4.646038055,7.819445610,4.684499741,7.867714405,7.130248070,4.684499741,7.799648762,4.646038055,6.450882912,6.556802750]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02171{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2699,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275755774249,"flow_src_last_pkt_time":1694275756207687,"flow_dst_last_pkt_time":1694275756207582,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2535,"flow_dst_tot_l4_payload_len":9100,"midstream":0,"thread_ts_usec":1694275756207687,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51454,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":27960.4,"max":189078,"stddev":55173.8,"var":3044153088.0,"ent":3.0,"data": [31653,31774,245,31171,1405,32268,101,124,448,124,30661,1238,157604,35,61,189078,8,296,34803,142830,177289,211,153,1171,1,1182,327,2,319,59,130]},"pktlen": {"min":52,"avg":416.2,"max":1492,"stddev":521.0,"var":271438.6,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,93,76,52,52,591,52,1098,52,1098,52,1492,528,52,1492,704,52,432,52]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,0,1,0],"entropies": [4.209610939,5.246035099,4.774691582,4.416579723,5.140452385,7.839653492,4.813152790,7.785371780,4.760174274,5.936122894,7.846436977,5.063529015,5.063529015,5.879644871,5.969053268,5.602934837,4.736229897,4.697768211,7.620181084,5.101990700,7.843691349,4.813152790,7.822920799,4.813152790,7.851342678,7.594365120,4.774691105,7.855309486,7.713972569,4.813152790,7.540598392,4.774691105]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2704,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1694275756187552,"flow_dst_last_pkt_time":1694275756214646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275756214646,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yQKNKt9\/nBjVLKAS\/ogXQgAAAgQFrAQCCAqZATMtvI36SAEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2705,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_src_last_pkt_time":1694275756214771,"flow_dst_last_pkt_time":1694275756214646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275756214771,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckCAbucGNUsjSrfgIAQCBYGoQAAAQEICryN+mOZATMt"} +01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2706,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_src_last_pkt_time":1694275756214911,"flow_dst_last_pkt_time":1694275756214646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275756214911,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckCAbucGNUsjSrfgIAYCBYIpgAAAQEICryN+mOZATMtFgMBAgABAAH8AwNnw8gnfDAFWO+Hl53t21Euu+C8oHZ7SXHZwzw9+e0OLSBVy\/r4UDBV6rPVBy4OmrKlAWChubsgtffqTEAVL2mz2wAgGhoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTOjoAAAArAAcGiooDBAMDAAoACgAICgoAHQAXABgALQACAQEABQAFAQAAAAAAEAAOAAwCaDIIaHR0cC8xLjEAFwAA\/wEAAQAADQASABAEAwgEBAEFAwgFBQEIBgYBAAsAAgEAADMAKwApCgoAAQAAHQAgAoZWbW46VpoaOsd4IkSTdo+DM6fRkqp0JtgEuFJLTywAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AGwADAgACRGkABQADAmgyABIAAAAjAACqqgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2706,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275756187552,"flow_src_last_pkt_time":1694275756214911,"flow_dst_last_pkt_time":1694275756214646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756214911,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"596e09444efe3757f9974d243d25949b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2723,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1694275756191905,"flow_dst_last_pkt_time":1694275756219595,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275756219595,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yQOThP8U2AJldqAS\/ogrewAAAgQFrAQCCAqZATMyDFmkGwEDAwc="} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2724,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1694275756219633,"flow_dst_last_pkt_time":1694275756219595,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275756219633,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckDAbvYAmV2k4T\/FYAQCBYGoQAAAQEICgxZpDeZATMy"} +01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2725,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1694275756219808,"flow_dst_last_pkt_time":1694275756219595,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275756219808,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckDAbvYAmV2k4T\/FYAYCBYIpgAAAQEICgxZpDeZATMyFgMBAgABAAH8AwNBNv+Y\/DH9B20XHXt0ZqTurHoF50VNINlEZv99MTJGOSCQ8z7ZV\/HpGGxJwJ0tAajAz2nSrtq3T5+M24\/qOi9MuQAgqqoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTqqoAAAAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQAbAAMCAAIAKwAHBoqKAwQDAwAtAAIBAQAXAAAAEgAAAAsAAgEAAAoACgAISkoAHQAXABgADQASABAEAwgEBAEFAwgFBQEIBgYBADMAKwApSkoAAQAAHQAgLDBinOAJBszBXDfShk5HdsbMBf8PDXMMTUiCAGYAxXUABQAFAQAAAAD\/AQABAAAQAA4ADAJoMghodHRwLzEuMQAjAABEaQAFAAMCaDJKSgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2725,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275756191905,"flow_src_last_pkt_time":1694275756219808,"flow_dst_last_pkt_time":1694275756219595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275756219808,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51459,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"b8ba2f6d9b71a289e9da715328744d81","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2741,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":5,"flow_src_last_pkt_time":1694275756214911,"flow_dst_last_pkt_time":1694275756242245,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275756242245,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0hZxAADQGuq1Nb\/dFwKgBHQG7yQKNKt+AnBjXMYAQAfpAWgAAAQEICpkBM0i8jfpj"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2742,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275756187552,"flow_src_last_pkt_time":1694275756214911,"flow_dst_last_pkt_time":1694275756242648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275756242648,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51458,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"596e09444efe3757f9974d243d25949b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02167{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2748,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1694275756080159,"flow_src_last_pkt_time":1694275756218848,"flow_dst_last_pkt_time":1694275756245531,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1427,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3189,"flow_dst_tot_l4_payload_len":5886,"midstream":0,"thread_ts_usec":1694275756245531,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51455,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":9808.4,"max":40366,"stddev":13809.4,"var":190699552.0,"ent":3.5,"data": [28531,28570,250,28629,1185,29555,134,124,267,118,26941,101,1109,12512,89,40366,5,43,124,125,28603,7847,36269,163,146,214,213,1933,252,372,29271]},"pktlen": {"min":52,"avg":336.2,"max":1492,"stddev":468.3,"var":219266.8,"ent":3.9,"data": [64,60,52,569,52,1492,52,1127,52,116,1479,52,52,52,91,93,52,52,76,52,591,52,1098,52,1098,52,1227,52,154,172,472,52]},"bins": {"c_to_s": [10,0,1,2,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,0,1,0,0,0,0,1],"entropies": [4.166565418,5.279368877,4.774691582,4.430949211,5.101990700,7.842145920,4.774691105,7.799477100,4.813152790,5.983621120,7.876667023,5.025067806,5.063529015,5.063529015,5.960818291,5.831904411,4.774691105,4.813152790,5.708197594,4.813152790,7.600764751,5.025067329,7.816476822,4.721712589,7.827829361,4.774691105,7.836764812,4.736229420,6.433209896,6.698522568,7.518699646,5.063529015]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2751,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1694275756219808,"flow_dst_last_pkt_time":1694275756247037,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275756247037,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0BdlAADQGOnFNb\/dFwKgBHQG7yQOThP8V2AJne4AQAfpUkQAAAQEICpkBM04MWaQ3"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2752,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275756191905,"flow_src_last_pkt_time":1694275756219808,"flow_dst_last_pkt_time":1694275756248501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275756248501,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51459,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"b8ba2f6d9b71a289e9da715328744d81","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02169{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2801,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275756187552,"flow_src_last_pkt_time":1694275756577868,"flow_dst_last_pkt_time":1694275756577990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2577,"flow_dst_tot_l4_payload_len":9683,"midstream":0,"thread_ts_usec":1694275756577990,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":25185.6,"max":168868,"stddev":50651.2,"var":2565544448.0,"ent":2.9,"data": [27094,27219,140,27599,403,50,27790,124,210,124,27860,31,1170,140065,28,97,168868,8,128,152,26059,139165,165009,162,127,199,4,132,297,285,155]},"pktlen": {"min":52,"avg":435.8,"max":1492,"stddev":558.3,"var":311649.1,"ent":3.9,"data": [64,60,52,569,52,1492,1127,52,52,116,1471,52,52,52,91,93,76,52,52,52,629,52,1098,52,1098,52,1492,704,52,1492,52,1492]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,0,1,0,1],"entropies": [4.158905983,5.166786671,4.697768211,4.399245262,4.909682274,7.840191841,7.837791443,4.774691105,4.774691105,5.907286644,7.869675636,5.025067329,5.025067329,4.986605644,5.819097996,5.982440948,5.566686153,4.774691105,4.774691105,4.736229420,7.644417763,4.972088814,7.819730759,4.736229897,7.832448483,4.697768211,7.850809574,7.662927151,4.697767735,7.873144627,4.736229897,7.877857685]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02172{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2821,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275756191905,"flow_src_last_pkt_time":1694275756606219,"flow_dst_last_pkt_time":1694275756606317,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2539,"flow_dst_tot_l4_payload_len":10554,"midstream":0,"thread_ts_usec":1694275756606317,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":26733.1,"max":179170,"stddev":54307.3,"var":2949282048.0,"ent":2.9,"data": [27690,27728,175,27442,1464,28727,129,124,359,0,26913,42,152474,93,179170,44,121,134,26069,150399,176325,210,1,149,254,243,674,685,383,374,131]},"pktlen": {"min":52,"avg":461.8,"max":1492,"stddev":572.2,"var":327423.8,"ent":4.0,"data": [64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,93,52,76,52,591,52,1098,52,1492,528,52,1492,52,704,52,1492,52,1492]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,5,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,1],"entropies": [4.115860939,5.187539101,4.774691582,4.327563286,5.101990700,7.840719700,4.813152790,7.804496288,4.774691582,5.815793037,7.862992764,5.025067806,5.025067806,5.864611149,5.947547913,4.659306526,5.576618671,4.697768211,7.529841423,4.972088337,7.829462051,4.736229897,7.845654964,7.517898083,4.736229897,7.877416134,4.736229897,7.672642231,4.697768211,7.880493164,4.736229897,7.866563320]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02182{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2834,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275755644863,"flow_src_last_pkt_time":1694275756803516,"flow_dst_last_pkt_time":1694275756803699,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2537,"flow_dst_tot_l4_payload_len":8089,"midstream":0,"thread_ts_usec":1694275756803699,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51453,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":74757.7,"max":603769,"stddev":151196.5,"var":22860367872.0,"ent":3.1,"data": [28567,28642,129,27301,1502,62,28686,142,190,134,27027,9,1142,153835,37,181617,5,73,125,121,27364,146477,39,173708,128,603728,16,603769,141336,141257,321]},"pktlen": {"min":52,"avg":384.7,"max":1492,"stddev":500.5,"var":250468.6,"ent":3.9,"data": [64,60,52,569,52,1492,1127,52,52,116,1469,52,52,52,91,93,52,52,76,52,591,52,1098,498,52,52,1098,498,52,1098,52,1492]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,1,0,0,1,1,0,1,0,1],"entropies": [4.178360939,5.312702179,4.774691582,4.445541382,5.101990700,7.861453056,7.846636772,4.813152790,4.774691582,5.959870815,7.889067650,5.063529015,5.063529015,5.101990700,5.864611149,5.931313515,4.721712589,4.774691582,5.602934361,4.774691582,7.639420509,5.063529015,7.797530651,7.576140404,4.774691105,4.774691105,7.824387074,7.597716331,4.736229897,7.815874100,4.736229897,7.871171951]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2881,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275757175284,"flow_src_last_pkt_time":1694275757175284,"flow_dst_last_pkt_time":1694275757175284,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275757175284,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2881,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1694275757175284,"flow_dst_last_pkt_time":1694275757175284,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275757175284,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RckEAbsA2lUaAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKqjKEHgAAAAAEAgAA"} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2884,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1694275757175284,"flow_dst_last_pkt_time":1694275757202538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275757202538,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yQTa1adBANpVG6AS\/oihzAAAAgQFrAQCCAqZATcJqjKEHgEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2886,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1694275757202671,"flow_dst_last_pkt_time":1694275757202538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275757202671,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckEAbsA2lUb2tWnQoAQCBYGoQAAAQEICqoyhDqZATcJ"} +01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2888,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_src_last_pkt_time":1694275757202800,"flow_dst_last_pkt_time":1694275757202538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275757202800,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckEAbsA2lUb2tWnQoAYCBYIpgAAAQEICqoyhDqZATcJFgMBAgABAAH8AwNRgbdL1jrYmZzbKg6OewNyR0JGc02qMCLDUqgmR6tAMCBduzxx279jzta\/p+XXZA52M+RYXaE2I\/siVxr+IhTtyAAgWloTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTiooAAAAtAAIBAURpAAUAAwJoMgANABIAEAQDCAQEAQUDCAUFAQgGBgEAEAAOAAwCaDIIaHR0cC8xLjEAKwAHBnp6AwQDAwAXAAAACgAKAAj6+gAdABcAGAAzACsAKfr6AAEAAB0AINWBoUSwbDxBCTlXVcPQWkKmD4pq7dwgGcgLZ\/THOqA6\/wEAAQAACwACAQAAIwAAAAUABQEAAAAAABsAAwIAAgAAABcAFQAAEmV1MC5zZWMtdHVubmVsLmNvbQASAADa2gABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2888,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275757175284,"flow_src_last_pkt_time":1694275757202800,"flow_dst_last_pkt_time":1694275757202538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275757202800,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"7654fdd2ea04b50342e102324ebb3179","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2889,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1694275757202800,"flow_dst_last_pkt_time":1694275757229570,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275757229570,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0oBpAADYGni9Nb\/dFwKgBHQG7yQTa1adCANpXIIAQAfrK4wAAAQEICpkBNySqMoQ6"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2890,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275757175284,"flow_src_last_pkt_time":1694275757202800,"flow_dst_last_pkt_time":1694275757230136,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275757230136,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"7654fdd2ea04b50342e102324ebb3179","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02172{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2916,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1694275757175284,"flow_src_last_pkt_time":1694275757492754,"flow_dst_last_pkt_time":1694275757486971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1411,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2617,"flow_dst_tot_l4_payload_len":7118,"midstream":0,"thread_ts_usec":1694275757492754,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6,"avg":20295.4,"max":188406,"stddev":45762.7,"var":2094228736.0,"ent":2.9,"data": [27254,27387,129,27032,566,27436,735,685,380,130,25909,1236,11364,39,38078,94,6,123,122,26035,2846,28696,200,49,199,114,132,128,188214,188406,5433]},"pktlen": {"min":52,"avg":356.8,"max":1492,"stddev":487.6,"var":237730.2,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1463,52,52,91,93,52,76,52,52,591,52,1098,52,1492,704,52,1098,52,52,366,52,138]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,0,1,1,0,1,1,0,1,0,0,1,0,0],"entropies": [4.077066422,5.160978794,4.646038532,4.421825409,5.026988029,7.840250015,4.684499741,7.833176136,4.684499741,5.919390202,7.872871399,4.873141289,4.988526344,5.885031700,5.697600365,4.646038055,5.627385616,4.646038055,4.646038055,7.556904316,5.026988029,7.815989971,4.684499741,7.887370586,7.723536015,4.607576847,7.814508438,4.646038055,4.684499741,7.322398663,4.646038532,6.244566441]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2935,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275758612709,"flow_src_last_pkt_time":1694275758612709,"flow_dst_last_pkt_time":1694275758612709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275758612709,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51461,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2935,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1694275758612709,"flow_dst_last_pkt_time":1694275758612709,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275758612709,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RckFAbtKmLxUAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgK0v6ROQAAAAAEAgAA"} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2939,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1694275758612709,"flow_dst_last_pkt_time":1694275758639698,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275758639698,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yQXKIzzxSpi8VaAS\/ogwUAAAAgQFrAQCCAqZATyn0v6ROQEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2940,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1694275758639812,"flow_dst_last_pkt_time":1694275758639698,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275758639812,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckFAbtKmLxVyiM88oAQCBYGoQAAAQEICtL+kVSZATyn"} +01247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2941,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1694275758640288,"flow_dst_last_pkt_time":1694275758639698,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275758640288,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckFAbtKmLxVyiM88oAYCBYIpgAAAQEICtL+kVSZATynFgMBAgABAAH8AwN+uLsqBAiO4\/T2gv6l\/h+YM0offsZXXQQ9hyBKjWsmdCCHKfgX8MqVfuHE4Qs4Cwr4wWwfQPHSyLOHM3dt1G+VOgAguroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTmpoAAAAKAAoACOrqAB0AFwAY\/wEAAQAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKerqAAEAAB0AIKDxU9tki5HGSwpEQEPLB8zO7X43GPs9hptGxb4me0ZBABAADgAMAmgyCGh0dHAvMS4xAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tACsABwZKSgMEAwNEaQAFAAMCaDIAFwAAABsAAwIAAgAFAAUBAAAAAAALAAIBAAAjAAAALQACAQF6egABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2941,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275758612709,"flow_src_last_pkt_time":1694275758640288,"flow_dst_last_pkt_time":1694275758639698,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275758640288,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51461,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"f981da9e71acc8636b6cc19bd9e24bfc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2942,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1694275758640288,"flow_dst_last_pkt_time":1694275758667002,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275758667002,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0GmdAADQGJeNNb\/dFwKgBHQG7yQXKIzzySpi+WoAQAfpZZwAAAQEICpkBPMPS\/pFU"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2943,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275758612709,"flow_src_last_pkt_time":1694275758640288,"flow_dst_last_pkt_time":1694275758668504,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275758668504,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51461,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"f981da9e71acc8636b6cc19bd9e24bfc","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02164{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2969,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275758612709,"flow_src_last_pkt_time":1694275758738453,"flow_dst_last_pkt_time":1694275758738392,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1407,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2527,"flow_dst_tot_l4_payload_len":8501,"midstream":0,"thread_ts_usec":1694275758738453,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51461,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":8110.5,"max":34325,"stddev":12021.4,"var":144513856.0,"ent":3.5,"data": [26989,27103,476,27304,1502,28303,101,128,1167,252,26989,1174,7556,104,2,34325,132,503,26102,2855,93,28446,7,100,127,213,3,165,4504,92,4610]},"pktlen": {"min":52,"avg":397.2,"max":1492,"stddev":485.1,"var":235309.8,"ent":4.0,"data": [64,60,52,569,52,1492,52,1127,52,116,1459,52,52,91,93,76,52,52,591,52,1098,1098,52,52,922,52,1098,250,52,1098,682,52]},"bins": {"c_to_s": [11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0],"s_to_c": [6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1,0,1,1,0],"entropies": [4.178360939,5.133453369,4.736229897,4.428386688,5.025067806,7.849509239,4.813152790,7.802417278,4.813152790,6.007369995,7.864824772,5.063529491,5.101990700,5.901622772,6.003946304,5.734513283,4.813152790,4.774691105,7.663514614,5.010550499,7.834642410,7.832502365,4.774691582,4.774691582,7.779919624,4.646038532,7.825356483,7.156414032,4.774691582,7.856326580,7.713139534,4.774691582]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2992,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275759126273,"flow_src_last_pkt_time":1694275759126273,"flow_dst_last_pkt_time":1694275759126273,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275759126273,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2992,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1694275759126273,"flow_dst_last_pkt_time":1694275759126273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275759126273,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RckGAbvpEOEVAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKGCjLzwAAAAAEAgAA"} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3001,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1694275759126273,"flow_dst_last_pkt_time":1694275759153431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275759153431,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yQZcM6686RDhFqAS\/ojneQAAAgQFrAQCCAqZAT6oGCjLzwEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3002,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1694275759153533,"flow_dst_last_pkt_time":1694275759153431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275759153533,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckGAbvpEOEWXDOuvYAQCBYGoQAAAQEIChgoy+uZAT6o"} +01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3003,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1694275759153797,"flow_dst_last_pkt_time":1694275759153431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275759153797,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckGAbvpEOEWXDOuvYAYCBYIpgAAAQEIChgoy+uZAT6oFgMBAgABAAH8AwPtOSCl1AmO481ttvg+kA7ObplwQgbPR4k\/fXx98d4\/\/CB+7cjGIJoRGVq6EiiNdx9IavTI6urgYgki0sK2GITaOAAg+voTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTamoAAAAXAAAABQAFAQAAAAAAEgAA\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEACgAKAAhaWgAdABcAGAAzACsAKVpaAAEAAB0AICSlEksPOFFIWe\/Xm2+8N7OTvzExWd6ozxIzsF40biIjACMAAAAtAAIBAQArAAcGCgoDBAMDABsAAwIAAgALAAIBAERpAAUAAwJoMgANABIAEAQDCAQEAQUDCAUFAQgGBgEAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb21KSgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3003,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275759126273,"flow_src_last_pkt_time":1694275759153797,"flow_dst_last_pkt_time":1694275759153431,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275759153797,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"1d647afc208e5db7a49d19f0a21255a9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3007,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1694275759153797,"flow_dst_last_pkt_time":1694275759180767,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275759180767,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0e\/hAADQGxFFNb\/dFwKgBHQG7yQZcM6696RDjG4AQAfoQkAAAAQEICpkBPsQYKMvr"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3008,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275759126273,"flow_src_last_pkt_time":1694275759153797,"flow_dst_last_pkt_time":1694275759182241,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275759182241,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"1d647afc208e5db7a49d19f0a21255a9","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3035,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275759126273,"flow_src_last_pkt_time":1694275759247598,"flow_dst_last_pkt_time":1694275759246301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1439,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2655,"flow_dst_tot_l4_payload_len":7569,"midstream":0,"thread_ts_usec":1694275759247598,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":7785.6,"max":32741,"stddev":12080.7,"var":145943504.0,"ent":3.4,"data": [27158,27260,264,27336,1474,28531,98,125,379,124,27001,35,6211,88,32741,44,126,128,26061,2835,28773,1190,1136,275,289,191,3,28,204,127,1118]},"pktlen": {"min":52,"avg":372.1,"max":1492,"stddev":488.6,"var":238772.9,"ent":3.9,"data": [64,60,52,569,52,1492,52,1129,52,116,1491,52,52,91,93,52,76,52,591,52,1098,52,258,52,1098,52,1492,704,610,52,52,148]},"bins": {"c_to_s": [11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,1,1,0,0,0],"entropies": [4.158905983,5.212701797,4.606328011,4.444310665,4.933627605,7.829864025,4.683251381,7.824939728,4.683251381,5.818936348,7.869243145,4.933627605,4.873141766,5.864611149,5.939429760,4.721712589,5.629250050,4.683250904,7.585559368,4.870416641,7.823579788,4.668734074,7.166376114,4.721712589,7.832537174,4.721712589,7.894383907,7.689051628,7.673301697,4.721712589,4.683250904,6.386294842]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3052,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275760146551,"flow_src_last_pkt_time":1694275760146551,"flow_dst_last_pkt_time":1694275760146551,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760146551,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51463,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3052,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1694275760146551,"flow_dst_last_pkt_time":1694275760146551,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275760146551,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RckHAbsostIaAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKz+dkDQAAAAAEAgAA"} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3054,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275760159362,"flow_src_last_pkt_time":1694275760159362,"flow_dst_last_pkt_time":1694275760159362,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760159362,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3054,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1694275760159362,"flow_dst_last_pkt_time":1694275760159362,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275760159362,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RckIAbtCbTWIAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKS2y7GwAAAAAEAgAA"} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3058,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1694275760146551,"flow_dst_last_pkt_time":1694275760173411,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275760173411,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADQGQEJNb\/dFwKgBHQG7yQc13AijKLLSG6AS\/ogvSgAAAgQFrAQCCAqZAUKkz+dkDQEDAwc="} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3059,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1694275760173512,"flow_dst_last_pkt_time":1694275760173411,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275760173512,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckHAbsostIbNdwIpIAQCBYGoQAAAQEICs\/nZCiZAUKk"} +01248{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3060,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":4,"flow_src_last_pkt_time":1694275760173637,"flow_dst_last_pkt_time":1694275760173411,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275760173637,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckHAbsostIbNdwIpIAYCBYIpgAAAQEICs\/nZCiZAUKkFgMBAgABAAH8AwP0h\/WDQgQIX0XFRAQWypaCIuiaDBsTscvuBB1Mz1jHRSAJDApWsAB8AhKd06yoFqy9hv9ISpbSlv9fTXjOsls\/NgAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTysoAAAAQAA4ADAJoMghodHRwLzEuMQAbAAMCAAIAEgAAAAoACgAIGhoAHQAXABgALQACAQEADQASABAEAwgEBAEFAwgFBQEIBgYB\/wEAAQBEaQAFAAMCaDIAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AKwAHBkpKAwQDAwAXAAAABQAFAQAAAAAAIwAAADMAKwApGhoAAQAAHQAgBkhdfATxLWEWavv3mJWsQQ86T+tiWYduNooS+8vA82YACwACAQAqKgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3060,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275760146551,"flow_src_last_pkt_time":1694275760173637,"flow_dst_last_pkt_time":1694275760173411,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760173637,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51463,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"7c1faee465b44a6322237d36a83f056e","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3064,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1694275760159362,"flow_dst_last_pkt_time":1694275760187176,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275760187176,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yQg3ZSjWQm01iaAS\/oi9xAAAAgQFrAQCCAqZAUKxS2y7GwEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3065,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_src_last_pkt_time":1694275760187256,"flow_dst_last_pkt_time":1694275760187176,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275760187256,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckIAbtCbTWJN2Uo14AQCBYGoQAAAQEICktsuzeZAUKx"} +01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3066,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":4,"flow_src_last_pkt_time":1694275760187749,"flow_dst_last_pkt_time":1694275760187176,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275760187749,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckIAbtCbTWJN2Uo14AYCBYIpgAAAQEICktsuzeZAUKxFgMBAgABAAH8AwNpp6QytMYLhbOW+c6+tO0B4JkvbhFVMaZ6HMNT8ysmQCCGztDZPLdxOVqhwhdLaN7m4MEhCpLflfoqBvqpCbgAsQAgWloTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGTqqoAAERpAAUAAwJoMgAzACsAKZqaAAEAAB0AIMB+C8stvN97iLg9+OJOEghhiD+ynUdRAUPfHfPpkO82AC0AAgEBABcAAAArAAcGamoDBAMDAAoACgAImpoAHQAXABgAIwAAABAADgAMAmgyCGh0dHAvMS4x\/wEAAQAAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AGwADAgACAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQALAAIBAAAFAAUBAAAAAAASAAAqKgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3066,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275760159362,"flow_src_last_pkt_time":1694275760187749,"flow_dst_last_pkt_time":1694275760187176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760187749,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51464,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"11faa0c756a165d2f663a0316c0cca79","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3068,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275760188445,"flow_src_last_pkt_time":1694275760188445,"flow_dst_last_pkt_time":1694275760188445,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760188445,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51465,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3068,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1694275760188445,"flow_dst_last_pkt_time":1694275760188445,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275760188445,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RckJAbu1qhDYAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKfEZQ+AAAAAAEAgAA"} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3069,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":5,"flow_src_last_pkt_time":1694275760173637,"flow_dst_last_pkt_time":1694275760199496,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275760199496,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0wCBAADQGgClNb\/dFwKgBHQG7yQc13AikKLLUIIAQAfpYYgAAAQEICpkBQr\/P52Qo"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3070,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275760146551,"flow_src_last_pkt_time":1694275760173637,"flow_dst_last_pkt_time":1694275760200987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275760200987,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51463,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"7c1faee465b44a6322237d36a83f056e","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3079,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1694275760188445,"flow_dst_last_pkt_time":1694275760214953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275760214953,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yQliG7B1taoQ2aAS\/oj2DAAAAgQFrAQCCAqZAULOfEZQ+AEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3081,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_src_last_pkt_time":1694275760215101,"flow_dst_last_pkt_time":1694275760214953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275760215101,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckJAbu1qhDZYhuwdoAQCBYGoQAAAQEICnxGURKZAULO"} +01245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3082,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1694275760215222,"flow_dst_last_pkt_time":1694275760214953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275760215222,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckJAbu1qhDZYhuwdoAYCBYIpgAAAQEICnxGURKZAULOFgMBAgABAAH8AwNwq9rnH9nESDwqeFwjkyKKIsYAnDEl8FOmEmYNIS0HoiDt7kP6TDrf4LAJ1mGmwiciM0StMDXrn2sLhm729+hgYwAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT6uoAAERpAAUAAwJoMgANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAACsABwbq6gMEAwMACwACAQAABQAFAQAAAAAALQACAQEAIwAAABsAAwIAAgAQAA4ADAJoMghodHRwLzEuMQAKAAoACJqaAB0AFwAY\/wEAAQAAFwAAAAAAFwAVAAASZXUwLnNlYy10dW5uZWwuY29tADMAKwApmpoAAQAAHQAg53mjWe8c2SbWiidkJuOPAGJ8wJZTo11ZJqoGFZRZ5zuamgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3082,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275760188445,"flow_src_last_pkt_time":1694275760215222,"flow_dst_last_pkt_time":1694275760214953,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760215222,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51465,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"1a3204516366db8b9a04341acd5a5664","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3083,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":5,"flow_src_last_pkt_time":1694275760187749,"flow_dst_last_pkt_time":1694275760215879,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275760215879,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA06y5AADYGUxtNb\/dFwKgBHQG7yQg3ZSjXQm03joAQAfrm2gAAAQEICpkBQs1LbLs3"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3084,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275760159362,"flow_src_last_pkt_time":1694275760187749,"flow_dst_last_pkt_time":1694275760216464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275760216464,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51464,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"11faa0c756a165d2f663a0316c0cca79","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3098,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1694275760215222,"flow_dst_last_pkt_time":1694275760242161,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275760242161,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0inRAADYGs9VNb\/dFwKgBHQG7yQliG7B2taoS3oAQAfofJgAAAQEICpkBQul8RlES"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3099,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275760188445,"flow_src_last_pkt_time":1694275760215222,"flow_dst_last_pkt_time":1694275760242630,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275760242630,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51465,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"1a3204516366db8b9a04341acd5a5664","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +02165{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3125,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1694275760146551,"flow_src_last_pkt_time":1694275760266903,"flow_dst_last_pkt_time":1694275760266114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3230,"flow_dst_tot_l4_payload_len":7417,"midstream":0,"thread_ts_usec":1694275760266903,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51463,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":7739.2,"max":34150,"stddev":11949.0,"var":142778768.0,"ent":3.4,"data": [26860,26961,125,26085,1491,27383,122,123,242,127,25664,1246,7571,34150,91,48,121,120,26079,2785,28777,348,308,864,864,307,2,302,498,123,128]},"pktlen": {"min":52,"avg":385.3,"max":1492,"stddev":506.9,"var":256960.2,"ent":3.9,"data": [64,60,52,569,52,1492,52,1128,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,1492,52,704,52,1492,271,52,138,172,539]},"bins": {"c_to_s": [10,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0],"entropies": [4.209610939,5.179368496,4.644789696,4.375918865,4.909683228,7.825483322,4.736229897,7.837041378,4.736229897,5.880172253,7.862580299,5.025067329,5.025067329,6.035048008,4.774691582,5.939430237,5.550303459,4.774691582,7.634554863,4.895165443,7.804163456,4.646038532,7.867358208,4.646038532,7.727935791,4.646038532,7.871103287,7.172240257,4.646038532,6.254072189,6.532965183,7.611578465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02164{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3162,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1694275760159362,"flow_src_last_pkt_time":1694275760281658,"flow_dst_last_pkt_time":1694275760309664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2641,"flow_dst_tot_l4_payload_len":8573,"midstream":0,"thread_ts_usec":1694275760309664,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":8793.5,"max":31869,"stddev":12758.7,"var":162784304.0,"ent":3.5,"data": [27814,27894,493,28703,585,28762,647,649,242,123,27168,43,5005,31869,89,47,126,129,27303,4099,31345,165,134,214,2,194,86,122,214,26695,1637]},"pktlen": {"min":52,"avg":403.1,"max":1492,"stddev":505.2,"var":255231.4,"ent":4.0,"data": [64,60,52,569,52,1492,52,1127,52,116,1477,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1492,704,52,830,52,148,52,1044]},"bins": {"c_to_s": [10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0],"s_to_c": [7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1],"entropies": [4.147110939,5.166787148,4.606328011,4.419630051,4.933627129,7.819243431,4.659306526,7.802917004,4.659306526,5.959871769,7.870406628,4.986605644,4.948144436,5.947135925,4.697768211,5.982440948,5.655566216,4.697768211,7.635627747,5.025067329,7.836093426,4.697768211,7.836949825,4.736229897,7.868122101,7.667487621,4.697768211,7.753278255,4.736229897,6.269422054,5.025067329,7.793452740]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +02168{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3175,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275760188445,"flow_src_last_pkt_time":1694275760330661,"flow_dst_last_pkt_time":1694275760330585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1407,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3236,"flow_dst_tot_l4_payload_len":6065,"midstream":0,"thread_ts_usec":1694275760330661,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51465,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":50,"avg":9172.8,"max":31292,"stddev":12464.9,"var":155373488.0,"ent":3.6,"data": [26508,26656,121,27208,469,27459,90,122,166,118,25308,1248,5045,31292,95,50,135,141,26082,1531,27473,147,145,226,218,285,128,25620,80,2433,27757]},"pktlen": {"min":52,"avg":343.3,"max":1492,"stddev":466.3,"var":217422.7,"ent":3.9,"data": [64,60,52,569,52,1492,52,1127,52,116,1459,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1184,52,154,659,52,52,274,52]},"bins": {"c_to_s": [10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0],"s_to_c": [8,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,0,0,1,1,1,0],"entropies": [4.209610939,5.279368401,4.736229897,4.419954300,5.101990700,7.829117298,4.813152790,7.823664188,4.813152790,6.035345554,7.863707542,5.140452385,5.101990700,5.872906685,4.813152790,5.931313038,5.576619148,4.813152790,7.646970272,5.101990700,7.820407391,4.813152790,7.792932510,4.813152790,7.834312439,4.813152790,6.429463387,7.615536690,4.948144436,5.025067806,7.217590809,4.736229897]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3187,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1694275760781591,"flow_src_last_pkt_time":1694275760781591,"flow_dst_last_pkt_time":1694275760781591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760781591,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51466,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3187,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1694275760781591,"flow_dst_last_pkt_time":1694275760781591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1694275760781591,"pkt":"EBMx8Tl2nFg8p+7MCABFAABAAABAAEAGAADAqAEdTW\/3RckKAbtwWZBmAAAAALAC\/\/8GrQAAAgQFtAEDAwYBAQgKstODKwAAAAAEAgAA"} +00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3191,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1694275760781591,"flow_dst_last_pkt_time":1694275760809649,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1694275760809649,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA8AABAADYGPkJNb\/dFwKgBHQG7yQpXe4oCcFmQZ6AS\/oiBzwAAAgQFrAQCCAqZAUUgstODKwEDAwc="} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3192,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_src_last_pkt_time":1694275760809762,"flow_dst_last_pkt_time":1694275760809649,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275760809762,"pkt":"EBMx8Tl2nFg8p+7MCABFAAA0AABAAEAGAADAqAEdTW\/3RckKAbtwWZBnV3uKA4AQCBYGoQAAAQEICrLTg0iZAUUg"} +01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3193,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1694275760810216,"flow_dst_last_pkt_time":1694275760809649,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1694275760810216,"pkt":"EBMx8Tl2nFg8p+7MCABFAAI5AABAAEAGAADAqAEdTW\/3RckKAbtwWZBnV3uKA4AYCBYIpgAAAQEICrLTg0iZAUUgFgMBAgABAAH8AwMcStvOoK1PvGyLvPomCMe4g17RR2Ios3Ij2sGLVhiyFyAXNM2FUJaORzz9vtHxQgIa3+19krk+yoiBQN9xuDB+5wAguroTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAGT2toAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAFwAAACMAAAAbAAMCAAIAMwArACmqqgABAAAdACCXd7kNP5tiRcelLXrBSojcQuxUknDRPQqeRCSBfUcaTf8BAAEAAC0AAgEBAAoACgAIqqoAHQAXABhEaQAFAAMCaDIACwACAQAABQAFAQAAAAAAAAAXABUAABJldTAuc2VjLXR1bm5lbC5jb20AKwAHBioqAwQDAwAQAA4ADAJoMghodHRwLzEuMQASAAAaGgABAAAVAMUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3193,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1694275760781591,"flow_src_last_pkt_time":1694275760810216,"flow_dst_last_pkt_time":1694275760809649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760810216,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51466,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.2","ja3":"d47894a5f64c516049e142a21f8c9ce3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3194,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":5,"flow_src_last_pkt_time":1694275760810216,"flow_dst_last_pkt_time":1694275760838303,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1694275760838303,"pkt":"nFg8p+7MEBMx8Tl2CABFAAA0ToFAADYG78hNb\/dFwKgBHQG7yQpXe4oDcFmSbIAQAfqq5AAAAQEICpkBRTyy04NI"} +01235{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3195,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1694275760781591,"flow_src_last_pkt_time":1694275760810216,"flow_dst_last_pkt_time":1694275760839754,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1694275760839754,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51466,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"eu0.sec-tunnel.com","tls": {"version":"TLSv1.3","ja3":"d47894a5f64c516049e142a21f8c9ce3","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":31,"flow_first_seen":1694275752994885,"flow_src_last_pkt_time":1694275754671493,"flow_dst_last_pkt_time":1694275754696753,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1435,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4006,"flow_dst_tot_l4_payload_len":13647,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51398,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00988{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":20,"flow_first_seen":1694275753007782,"flow_src_last_pkt_time":1694275755651319,"flow_dst_last_pkt_time":1694275755651115,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2621,"flow_dst_tot_l4_payload_len":9416,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":23,"flow_first_seen":1694275753008024,"flow_src_last_pkt_time":1694275753379590,"flow_dst_last_pkt_time":1694275753379462,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3394,"flow_dst_tot_l4_payload_len":10647,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51400,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00988{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":22,"flow_first_seen":1694275753008266,"flow_src_last_pkt_time":1694275756217382,"flow_dst_last_pkt_time":1694275756217225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2631,"flow_dst_tot_l4_payload_len":9179,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51401,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1694275753008511,"flow_src_last_pkt_time":1694275753183247,"flow_dst_last_pkt_time":1694275753183183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2623,"flow_dst_tot_l4_payload_len":6562,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00988{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1694275753008755,"flow_src_last_pkt_time":1694275755198376,"flow_dst_last_pkt_time":1694275755198349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2693,"flow_dst_tot_l4_payload_len":7032,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51403,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00988{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":18,"flow_first_seen":1694275753008879,"flow_src_last_pkt_time":1694275755246191,"flow_dst_last_pkt_time":1694275755246080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2625,"flow_dst_tot_l4_payload_len":5470,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00988{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":17,"flow_first_seen":1694275753009120,"flow_src_last_pkt_time":1694275756191229,"flow_dst_last_pkt_time":1694275756191080,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2631,"flow_dst_tot_l4_payload_len":5434,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51405,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00988{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1694275753009419,"flow_src_last_pkt_time":1694275754214740,"flow_dst_last_pkt_time":1694275754214689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1423,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2629,"flow_dst_tot_l4_payload_len":5433,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":20,"flow_first_seen":1694275753009538,"flow_src_last_pkt_time":1694275756159463,"flow_dst_last_pkt_time":1694275756159340,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3298,"flow_dst_tot_l4_payload_len":6379,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51407,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":20,"flow_first_seen":1694275753009698,"flow_src_last_pkt_time":1694275755623654,"flow_dst_last_pkt_time":1694275755623519,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2621,"flow_dst_tot_l4_payload_len":9025,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51408,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1694275753009947,"flow_src_last_pkt_time":1694275754291190,"flow_dst_last_pkt_time":1694275754291088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2652,"flow_dst_tot_l4_payload_len":7074,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":18,"flow_first_seen":1694275753010186,"flow_src_last_pkt_time":1694275754200960,"flow_dst_last_pkt_time":1694275754200860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1407,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2642,"flow_dst_tot_l4_payload_len":6918,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1694275753010306,"flow_src_last_pkt_time":1694275753169062,"flow_dst_last_pkt_time":1694275753169011,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1431,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2647,"flow_dst_tot_l4_payload_len":8540,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1694275753010307,"flow_src_last_pkt_time":1694275756107586,"flow_dst_last_pkt_time":1694275756107561,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1431,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2637,"flow_dst_tot_l4_payload_len":8663,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51412,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":20,"flow_first_seen":1694275753010458,"flow_src_last_pkt_time":1694275753188309,"flow_dst_last_pkt_time":1694275753188132,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2623,"flow_dst_tot_l4_payload_len":9041,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51413,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":24,"flow_first_seen":1694275753010578,"flow_src_last_pkt_time":1694275754112296,"flow_dst_last_pkt_time":1694275754112253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2621,"flow_dst_tot_l4_payload_len":11075,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51414,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":23,"flow_first_seen":1694275753010697,"flow_src_last_pkt_time":1694275759148813,"flow_dst_last_pkt_time":1694275759219268,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4590,"flow_dst_tot_l4_payload_len":9082,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51415,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":20,"flow_first_seen":1694275753010817,"flow_src_last_pkt_time":1694275755246321,"flow_dst_last_pkt_time":1694275755246234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2705,"flow_dst_tot_l4_payload_len":8599,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1694275753010935,"flow_src_last_pkt_time":1694275753173357,"flow_dst_last_pkt_time":1694275753173313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1433,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2649,"flow_dst_tot_l4_payload_len":8460,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51417,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275756107460,"flow_dst_last_pkt_time":1694275756107412,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2751,"flow_dst_tot_l4_payload_len":6224,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51418,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":18,"flow_first_seen":1694275753011053,"flow_src_last_pkt_time":1694275753182216,"flow_dst_last_pkt_time":1694275753182079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1423,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2629,"flow_dst_tot_l4_payload_len":6778,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1694275753011171,"flow_src_last_pkt_time":1694275754154858,"flow_dst_last_pkt_time":1694275754154752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1429,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2635,"flow_dst_tot_l4_payload_len":8684,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":19,"flow_first_seen":1694275753011291,"flow_src_last_pkt_time":1694275760172350,"flow_dst_last_pkt_time":1694275760172277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1435,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2767,"flow_dst_tot_l4_payload_len":6444,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51421,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1694275753011292,"flow_src_last_pkt_time":1694275755672237,"flow_dst_last_pkt_time":1694275755672163,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1421,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2627,"flow_dst_tot_l4_payload_len":9417,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51422,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":18,"flow_first_seen":1694275753011411,"flow_src_last_pkt_time":1694275753188183,"flow_dst_last_pkt_time":1694275753188129,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2637,"flow_dst_tot_l4_payload_len":8385,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51423,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":25,"flow_first_seen":1694275753047174,"flow_src_last_pkt_time":1694275754614866,"flow_dst_last_pkt_time":1694275754614749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":5017,"flow_dst_tot_l4_payload_len":12921,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51424,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":83,"flow_dst_packets_processed":105,"flow_first_seen":1694275753060213,"flow_src_last_pkt_time":1694275753307185,"flow_dst_last_pkt_time":1694275753307133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3289,"flow_dst_tot_l4_payload_len":125684,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51425,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":92,"flow_dst_packets_processed":129,"flow_first_seen":1694275753075692,"flow_src_last_pkt_time":1694275756161800,"flow_dst_last_pkt_time":1694275756161153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1405,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":6599,"flow_dst_tot_l4_payload_len":129363,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51426,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1694275753095564,"flow_src_last_pkt_time":1694275754134699,"flow_dst_last_pkt_time":1694275754134602,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1407,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3723,"flow_dst_tot_l4_payload_len":6312,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51427,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":27,"flow_first_seen":1694275753113486,"flow_src_last_pkt_time":1694275753278592,"flow_dst_last_pkt_time":1694275753351697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1413,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3371,"flow_dst_tot_l4_payload_len":11546,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51428,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":21,"flow_first_seen":1694275753219923,"flow_src_last_pkt_time":1694275753400542,"flow_dst_last_pkt_time":1694275753400510,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1272,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2678,"flow_dst_tot_l4_payload_len":10245,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51429,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":120,"flow_dst_packets_processed":145,"flow_first_seen":1694275753284172,"flow_src_last_pkt_time":1694275755153114,"flow_dst_last_pkt_time":1694275755152998,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1413,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4751,"flow_dst_tot_l4_payload_len":161112,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51430,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":22,"flow_first_seen":1694275754087463,"flow_src_last_pkt_time":1694275754326106,"flow_dst_last_pkt_time":1694275754325940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3604,"flow_dst_tot_l4_payload_len":10369,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51432,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":23,"flow_first_seen":1694275754109202,"flow_src_last_pkt_time":1694275755629864,"flow_dst_last_pkt_time":1694275755629720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2621,"flow_dst_tot_l4_payload_len":9048,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51433,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":23,"flow_first_seen":1694275754128769,"flow_src_last_pkt_time":1694275754333457,"flow_dst_last_pkt_time":1694275754333312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3506,"flow_dst_tot_l4_payload_len":10580,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51435,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":18,"flow_first_seen":1694275754173951,"flow_src_last_pkt_time":1694275754328191,"flow_dst_last_pkt_time":1694275754328160,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1405,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2611,"flow_dst_tot_l4_payload_len":7674,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51436,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":21,"flow_first_seen":1694275754185416,"flow_src_last_pkt_time":1694275754619434,"flow_dst_last_pkt_time":1694275754619312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3316,"flow_dst_tot_l4_payload_len":8742,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51437,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":24,"flow_first_seen":1694275754188438,"flow_src_last_pkt_time":1694275754586997,"flow_dst_last_pkt_time":1694275754611756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1413,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3365,"flow_dst_tot_l4_payload_len":8995,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51438,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1694275754263304,"flow_src_last_pkt_time":1694275754425939,"flow_dst_last_pkt_time":1694275754488010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1423,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3104,"flow_dst_tot_l4_payload_len":6288,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51440,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":28,"flow_first_seen":1694275754588065,"flow_src_last_pkt_time":1694275755014912,"flow_dst_last_pkt_time":1694275755031726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1413,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3520,"flow_dst_tot_l4_payload_len":11830,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51441,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":40,"flow_first_seen":1694275755172671,"flow_src_last_pkt_time":1694275760186139,"flow_dst_last_pkt_time":1694275760186051,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":5588,"flow_dst_tot_l4_payload_len":26249,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51442,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":20,"flow_first_seen":1694275755218416,"flow_src_last_pkt_time":1694275755617351,"flow_dst_last_pkt_time":1694275755617330,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2692,"flow_dst_tot_l4_payload_len":9337,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51443,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":32,"flow_first_seen":1694275755218537,"flow_src_last_pkt_time":1694275755505433,"flow_dst_last_pkt_time":1694275755505381,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1409,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3336,"flow_dst_tot_l4_payload_len":23846,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51444,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1694275755591179,"flow_src_last_pkt_time":1694275755801107,"flow_dst_last_pkt_time":1694275755800881,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1407,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3172,"flow_dst_tot_l4_payload_len":6091,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51449,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":39,"flow_first_seen":1694275755597605,"flow_src_last_pkt_time":1694275755769689,"flow_dst_last_pkt_time":1694275755769620,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1409,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3563,"flow_dst_tot_l4_payload_len":29649,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51450,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":23,"flow_first_seen":1694275755603186,"flow_src_last_pkt_time":1694275760214965,"flow_dst_last_pkt_time":1694275760214865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4336,"flow_dst_tot_l4_payload_len":11628,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51451,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":18,"flow_first_seen":1694275755624913,"flow_src_last_pkt_time":1694275755772284,"flow_dst_last_pkt_time":1694275755840491,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1417,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3302,"flow_dst_tot_l4_payload_len":4489,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":28,"flow_first_seen":1694275755644863,"flow_src_last_pkt_time":1694275757202671,"flow_dst_last_pkt_time":1694275757202420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":6305,"flow_dst_tot_l4_payload_len":11348,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51453,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":24,"flow_first_seen":1694275755774249,"flow_src_last_pkt_time":1694275759157216,"flow_dst_last_pkt_time":1694275759157148,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":4763,"flow_dst_tot_l4_payload_len":10622,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51454,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1694275756080159,"flow_src_last_pkt_time":1694275756253230,"flow_dst_last_pkt_time":1694275756323026,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1427,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3242,"flow_dst_tot_l4_payload_len":6511,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51455,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":24,"flow_first_seen":1694275756081462,"flow_src_last_pkt_time":1694275756226056,"flow_dst_last_pkt_time":1694275756299263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3359,"flow_dst_tot_l4_payload_len":10334,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51456,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +01055{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1694275756164882,"flow_src_last_pkt_time":1694275756192739,"flow_dst_last_pkt_time":1694275756192719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51457,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00781{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1694275756164882,"flow_src_last_pkt_time":1694275756192739,"flow_dst_last_pkt_time":1694275756192719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51457,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":36,"flow_first_seen":1694275756187552,"flow_src_last_pkt_time":1694275758638654,"flow_dst_last_pkt_time":1694275758638393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":7516,"flow_dst_tot_l4_payload_len":21188,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51458,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":20,"flow_first_seen":1694275756191905,"flow_src_last_pkt_time":1694275756784557,"flow_dst_last_pkt_time":1694275756784394,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1419,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2879,"flow_dst_tot_l4_payload_len":11034,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51459,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":24,"flow_first_seen":1694275757175284,"flow_src_last_pkt_time":1694275757530986,"flow_dst_last_pkt_time":1694275757600549,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1411,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3301,"flow_dst_tot_l4_payload_len":10115,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":26,"flow_first_seen":1694275758612709,"flow_src_last_pkt_time":1694275758915829,"flow_dst_last_pkt_time":1694275758915641,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1407,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3241,"flow_dst_tot_l4_payload_len":9645,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51461,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":23,"flow_first_seen":1694275759126273,"flow_src_last_pkt_time":1694275759280147,"flow_dst_last_pkt_time":1694275759305569,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1439,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3790,"flow_dst_tot_l4_payload_len":9033,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":28,"flow_first_seen":1694275760146551,"flow_src_last_pkt_time":1694275760401775,"flow_dst_last_pkt_time":1694275760430537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":5835,"flow_dst_tot_l4_payload_len":9424,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51463,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":17,"flow_first_seen":1694275760159362,"flow_src_last_pkt_time":1694275760309706,"flow_dst_last_pkt_time":1694275760309664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1425,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2641,"flow_dst_tot_l4_payload_len":8573,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00989{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1694275760188445,"flow_src_last_pkt_time":1694275760807493,"flow_dst_last_pkt_time":1694275760807237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1407,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3236,"flow_dst_tot_l4_payload_len":6089,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51465,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.OperaVPN","proto_id":"91.339","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1694275760781591,"flow_src_last_pkt_time":1694275760841495,"flow_dst_last_pkt_time":1694275760839879,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1415,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1996,"flow_dst_tot_l4_payload_len":2516,"midstream":0,"thread_ts_usec":1694275760841495,"l3_proto":"ip4","src_ip":"192.168.1.29","dst_ip":"77.111.247.69","src_port":51466,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3200,"source":"cfgs\/default\/pcap\/opera-vpn.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3200,"packets-processed":3200,"total-skipped-flows":0,"total-l4-payload-len":1186790,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":61,"total-detection-updates":61,"total-updates":0,"current-active-flows":0,"total-active-flows":62,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":618,"global_ts_usec":1694275760841495} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 3200/3200 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 1186790 bytes +~~ total detected protocols..: 61 +~~ total active/idle flows...: 62/62 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 12093067 bytes +~~ total memory freed........: 12093067 bytes +~~ total allocations/frees...: 220803/220803 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 538 chars +~~ json string max len.......: 2513 chars +~~ json string avg len.......: 1525 chars diff --git a/test/results/default/oracle12.pcapng.out b/test/results/default/oracle12.pcapng.out index c68b17802..80d450a77 100644 --- a/test/results/default/oracle12.pcapng.out +++ b/test/results/default/oracle12.pcapng.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1481291750025382} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1481291750025382} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1481291750025382,"flow_src_last_pkt_time":1481291750025382,"flow_dst_last_pkt_time":1481291750025382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1481291750025382,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.72.139","src_port":40226,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1481291750025382,"flow_dst_last_pkt_time":1481291750025382,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1481291750025382,"pkt":"UlQAEjUCCAAn5\/q0CABFAAA8b5VAAEAGbI0KAAIPCgBIi50iBfF8VCT6AAAAAKACchBeyAAAAgQFtAQCCAoFQUtvAAAAAAEDAwc="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1481291750025382,"flow_dst_last_pkt_time":1481291750026998,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1481291750026998,"pkt":"CAAn5\/q0UlQAEjUCCABFAAAsAf4AAEAGGjUKAEiLCgACDwXxnSIAeB4BfFQk+2AS\/\/\/WoAAAAgQFtAAA"} @@ -8,7 +8,7 @@ 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1481291750027196,"flow_dst_last_pkt_time":1481291750027391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1481291750027391,"pkt":"CAAn5\/q0UlQAEjUCCABFAAAoAf8AAEAGGjgKAEiLCgACDwXxnSIAeB4CfFQlz1AQ\/\/\/tiQAAAAAAAAAA"} 00944{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1481291750025382,"flow_src_last_pkt_time":1481291750055490,"flow_dst_last_pkt_time":1481291750054984,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":239,"flow_src_tot_l4_payload_len":941,"flow_dst_tot_l4_payload_len":441,"midstream":0,"thread_ts_usec":1481291750055490,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.72.139","src_port":40226,"dst_port":1521,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Oracle","proto_id":"167","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1481291750025382,"flow_src_last_pkt_time":1481291750055490,"flow_dst_last_pkt_time":1481291750054984,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":233,"flow_dst_max_l4_payload_len":239,"flow_src_tot_l4_payload_len":941,"flow_dst_tot_l4_payload_len":441,"midstream":0,"thread_ts_usec":1481291750055490,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"10.0.72.139","src_port":40226,"dst_port":1521,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1382,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1481291750055490} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/oracle12.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1382,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1481291750055490} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769381 bytes -~~ total memory freed........: 7769381 bytes -~~ total allocations/frees...: 146392/146392 +~~ total memory allocated....: 11478000 bytes +~~ total memory freed........: 11478000 bytes +~~ total allocations/frees...: 216646/216646 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 533 chars ~~ json string max len.......: 949 chars diff --git a/test/results/default/os_detected.pcapng.out b/test/results/default/os_detected.pcapng.out index d71d2c9a2..991d8b697 100644 --- a/test/results/default/os_detected.pcapng.out +++ b/test/results/default/os_detected.pcapng.out @@ -1,10 +1,10 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1611427514609727} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1611427514609727} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1611427514609727,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1611427514609727,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1611427514609727,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAZdFAAEAR\/ePAqAGACAgICJuNAbsE7AYLxP8AAB0Inw\/JO07eNjIIgxX\/XKNBIUIARMqZ8UiDvq\/ZLsUdz0scSMu9YDA5XC\/EJ\/VWdcKmIJjpSLXMxg05sWM0HmWuizvek0EXnlQzmUN9ovr2\/hk4L4+drmSHxo9NOB+GUfgxVDY8jS5sYut7pzwyS1v0Tzd0E1TyJIWDsBfvZlI4bbIIRlefQgOB0WdUqMEfHzxzcbGs6dNO+9vDaznNJ4dGUWqyjTrP1xrbA5ARI5dTVb4R+7D0v8orWpuNvxjoiVb36LCsfL0SbVo2GhqQoHke+Z\/B2D+0+r7INWQc1iHzAG+HeNlA1LtOtYyHAJVB+P59vqKsfmDTE8RgVpXe1x30lS+4YR7jaekw9qCyZHC0kKXvmsPCqZ\/9qa5gMMsfGTjnOTdcid5WA6CyHhSK2HTQW4GkzXHYPreaFIFRc0y9+aMq1Mfl97S1vnvDvIbG91Np67AM6LV1xuilkclYvUim1l1JoFQCUfe6m3PyP+gIQTFerpfrZHjXHVmed8ZubnloXre0\/Z3B2Oh1fmjBjrSNQGdC4YK\/DVld8Ug+FRG0kxgDMCgRJ2S9dOYEMkKgzq\/BKvgwUYmMidXS+F+tMJvoHQSzv3bhpGgehHuZOqNIC3d6Rty6h0nPb+BYsf5E1IpIcwzMB2CvZbT77jViKMoAt5RtufWUmoQ2qymcAa7AXbvCL5L7qI\/1oplTPNm0Ysi0JSUXXf61rlCNL1vc+XNbLSeTg2Vz2fPTbPH7hg\/8qinCri68WhuYiT\/rvuXkVqGxWKJq5b1oM\/AIky7+yMfObOfk9kQ3thgac0pRO1LAAwjECH\/XdGHuEsxIejknnknLjBpjmS+2c+909N0TGc\/NPsDPdaLmN10HnCVLaT1WmruOxWZDa3gV1s3K4IKU6NwqVeHNSYO5xx5HEC7tZU+y4E74cmfLayIxxbdgkahHRv9ATyXrtMLRAHqK8ZsoIIw0D9NAPBA355APW3UhJ\/Z9ZHxppKcR2\/OPN1KQqoIrhRGT9bUzB7Xkn\/VMWRYSTXTiaAYMcb8dRkENbKtVWSIk9LJFrE8pIXivmB2tWlt1t6y+TR30oU1\/NUX3jGhxE7t44s+NhGXfBpl2YQbF4zUhYeZAUzU9QbWzyGdZYarMNxVUgYeW9stlVHB0y\/otPwbX9mpoJ+Dy1FXdgrsIv1LAkh1\/3bdSFFfKVJUwX6EGqQRQU02j\/r+E7RZ0bE01QtNNSuMRMdJX2zJtopXBwZLz8h67datSO+I1wfoRzj4VUG35Q8hcFywG\/xq04McVVySWGNnMos9RmQkhysf\/lc3FuHHnMMA\/XcGqeB2biYiiwAKDCGuBCGTLrEYhV1yIzE4vEhvJvg325fJl3DNeUSuAwqKe9SjUjQtv+EVpEiYxaR6X90zwFDBlHdBDDCfh3iS1o2jSGLUvocncy0jQz8qak7nPw6oMW\/gU8WvBhkEaY\/b26hw+tYWakl5yNVwxnF\/7PKfJyyyPpmjSH2ycL45nydbEY1t1GYpcV+P7AunIs6enuyUp9NNdtbH\/d0RuYFGsVW1287YLi13LwF56RtlC\/tVGquwfxdqcbniCbYb8LvlGF6r32UjuoiuACdgmkrt6Wf7sAVkRHeYLY5bLkD+o6H+JIwDjoOA\/yI8iOw0QceAwvS35vC2IO56LiInTgA=="} -01507{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1611427514609727,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1611427514609727,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","quic": {"user_agent":"Mozilla\/5.0 (Windows NT 5.2; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit\/531.21.10 (KHTML, like Gecko)","tls": {"version":"TLSv1.3","ja3":"9addef84847d700f759746b237c405c8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -01203{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1611427514609727,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1611427514609727,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1611427514609727} +01643{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1611427514609727,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1611427514609727,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","quic": {"user_agent":"Mozilla\/5.0 (Windows NT 5.2; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit\/531.21.10 (KHTML, like Gecko)","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"9addef84847d700f759746b237c405c8","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01313{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1611427514609727,"flow_src_last_pkt_time":1611427514609727,"flow_dst_last_pkt_time":1611427514609727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1611427514609727,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/os_detected.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1611427514609727} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777036 bytes -~~ total memory freed........: 7777036 bytes -~~ total allocations/frees...: 146395/146395 +~~ total memory allocated....: 11485655 bytes +~~ total memory freed........: 11485655 bytes +~~ total allocations/frees...: 216649/216649 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 574 chars ~~ json string max len.......: 2231 chars diff --git a/test/results/default/ospfv2_add_new_prefix.pcap.out b/test/results/default/ospfv2_add_new_prefix.pcap.out index 41734806a..049eae023 100644 --- a/test/results/default/ospfv2_add_new_prefix.pcap.out +++ b/test/results/default/ospfv2_add_new_prefix.pcap.out @@ -1,11 +1,11 @@ -00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1596626889276433} +00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1596626889276433} 00748{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1596626889276433,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626889276433,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1596626889276433,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"flow_datalink":1,"flow_max_packets":5} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626889276433,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1596626889276433,"pkt":"qrvMAAEwqrvMAAowCABFwABsAPoAAAFZj3MKAQoKCgEKAQIEAFisEAAKAAAABqsnAAAAAAAAAAAAAAAAAAEAASIBrBAACqwQAAqAAAASxYoAPAAAAAMKAAAK\/\/\/\/\/wMAAAGsEAAK\/\/\/\/\/wMAAAEKAQoKCgEKCgIAAAo="} 01022{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1596626889276433,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626889276433,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1596626889276433,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OSPF","proto_id":"85","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626891781999,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1596626891781999,"pkt":"qrvMAAowqrvMAAEwCABFwABAAqkAAAFZjfAKAQoBCgEKCgIFACwKAAABAAAABjO3AAAAAAAAAAAAAAABIgGsEAAKrBAACoAAABLFigA8"} 01063{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1596626889276433,"flow_src_last_pkt_time":1596626889276433,"flow_dst_last_pkt_time":1596626891781999,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1596626891781999,"l3_proto":"ip4","src_ip":"10.1.10.10","dst_ip":"10.1.10.1","l4_proto":89,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"OSPF","proto_id":"85","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1596626891781999} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ospfv2_add_new_prefix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1596626891781999} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766811 bytes -~~ total memory freed........: 7766811 bytes -~~ total allocations/frees...: 146373/146373 +~~ total memory allocated....: 11475430 bytes +~~ total memory freed........: 11475430 bytes +~~ total allocations/frees...: 216627/216627 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 574 chars ~~ json string max len.......: 1068 chars diff --git a/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out index 69ac43066..f5a3408dc 100644 --- a/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/test/results/default/ossfuzz_seed_fake_traces_1.pcapng.out @@ -1,10 +1,10 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675096016031349} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675096016031349} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675096016031349,"flow_src_last_pkt_time":1675096016031349,"flow_dst_last_pkt_time":1675096016031349,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675096016031349,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1,"dst_port":2,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675096016031349,"flow_dst_last_pkt_time":1675096016031349,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1675096016031349,"pkt":"RQAAMAABAABAEXy6fwAAAX8AAAEAAQACAByhgP\/\/\/\/8AAAAAAAAAAAAAAAAwMDAA"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1675096016031349,"flow_dst_last_pkt_time":1675096025685767,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1675096025685767,"pkt":"RQAAMAABAABAEXy6fwAAAX8AAAEAAgABAByhgP\/\/\/\/8AAAAAAAAAAAAAAAAwMDAA"} 00928{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1675096016031349,"flow_src_last_pkt_time":1675096016031349,"flow_dst_last_pkt_time":1675096025685767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":20,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":20,"midstream":0,"thread_ts_usec":1675096025685767,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1,"dst_port":2,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"HalfLife2","proto_id":"75","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":40,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1675103063534227} +00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":40,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1675103063534227} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675103063534227,"flow_src_last_pkt_time":1675103063534227,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675103063534227,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1119,"dst_port":1120,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1675103063534227,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1675103063534227,"pkt":"RQAAMAABAABAEXy6fwAAAX8AAAEEXwRgAByFgVhYWFhYWFhYWFhYWFhYWFhYWFhY"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1675103071542564,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1675103071542564,"pkt":"RQAAMAABAABAEXy6fwAAAX8AAAEEXwRgAByFgVhYWFhYWFhYWFhYWFhYWFhYWFhY"} @@ -12,30 +12,30 @@ 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1675103109092009,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":103,"pkt_l4_len":83,"thread_ts_usec":1675103109092009,"pkt":"RQAAZwABAABAEXyDfwAAAX8AAAEEXwRgAFPbwVhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWA=="} 00795{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1675103063534227,"flow_src_last_pkt_time":1675103109092009,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":75,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675103109092009,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1119,"dst_port":1120,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1675103123821322,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":48,"pkt_l4_len":28,"thread_ts_usec":1675103123821322,"pkt":"RQAAMAABAABAEXy6fwAAAX8AAAEEXwRgAByFgVhYWFhYWFhYWFhYWFhYWFhYWFhY"} +01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1675103063534227,"flow_src_last_pkt_time":1675103123821322,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":75,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675103123821322,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1119,"dst_port":1120,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 01244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1675103229245464,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":576,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":576,"pkt_l4_len":556,"thread_ts_usec":1675103229245464,"pkt":"RQACQAABAABAEXqqfwAAAX8AAAEEXwRgAixmRlhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhY"} -00796{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1675103063534227,"flow_src_last_pkt_time":1675103229245464,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675103229245464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1119,"dst_port":1120,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} -01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1675103063534227,"flow_src_last_pkt_time":1675103268067687,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2263,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675103268067687,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1119,"dst_port":1120,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":2303,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1675104043107099} +01107{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1675103063534227,"flow_src_last_pkt_time":1675103229245464,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":683,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675103229245464,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1119,"dst_port":1120,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} +00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":2303,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1675104043107099} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104043107099,"flow_src_last_pkt_time":1675104043107099,"flow_dst_last_pkt_time":1675104043107099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104043107099,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.206.130","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1675104043107099,"flow_dst_last_pkt_time":1675104043107099,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":50,"pkt_l4_len":30,"thread_ts_usec":1675104043107099,"pkt":"RQAAMgABAABABt2ZwKgBgAyBzoIAAQRfAAAAAAAAAABQACAABe8AAEoAAApmAgrtLWY="} 01179{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104043107099,"flow_src_last_pkt_time":1675104043107099,"flow_dst_last_pkt_time":1675104043107099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104043107099,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.206.130","src_port":1,"dst_port":1119,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1675103063534227,"flow_src_last_pkt_time":1675103268067687,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2263,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675104043107099,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1119,"dst_port":1120,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1675103063534227,"flow_src_last_pkt_time":1675103268067687,"flow_dst_last_pkt_time":1675103063534227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2263,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675104043107099,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1119,"dst_port":1120,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104061731093,"flow_src_last_pkt_time":1675104061731093,"flow_dst_last_pkt_time":1675104061731093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104061731093,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"121.254.200.130","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1675104061731093,"flow_dst_last_pkt_time":1675104061731093,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":50,"pkt_l4_len":30,"thread_ts_usec":1675104061731093,"pkt":"RQAAMgABAABABnYcwKgBgHn+yIIAAQRfAAAAAAAAAABQACAAnnEAAEoAAApmAgrtLWY="} 01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104061731093,"flow_src_last_pkt_time":1675104061731093,"flow_dst_last_pkt_time":1675104061731093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104061731093,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"121.254.200.130","src_port":1,"dst_port":1119,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104074459668,"flow_src_last_pkt_time":1675104074459668,"flow_dst_last_pkt_time":1675104074459668,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104074459668,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.9.66.76","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1675104074459668,"flow_dst_last_pkt_time":1675104074459668,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":50,"pkt_l4_len":30,"thread_ts_usec":1675104074459668,"pkt":"RQAAMgABAABABqxHwKgBgMoJQkwAAQRfAAAAAAAAAABQACAA1JwAAEoAAApmAgrtLWY="} -01176{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104074459668,"flow_src_last_pkt_time":1675104074459668,"flow_dst_last_pkt_time":1675104074459668,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104074459668,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.9.66.76","src_port":1,"dst_port":1119,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104074459668,"flow_src_last_pkt_time":1675104074459668,"flow_dst_last_pkt_time":1675104074459668,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104074459668,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.9.66.76","src_port":1,"dst_port":1119,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104087883689,"flow_src_last_pkt_time":1675104087883689,"flow_dst_last_pkt_time":1675104087883689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104087883689,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.236.254","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1675104087883689,"flow_dst_last_pkt_time":1675104087883689,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":50,"pkt_l4_len":30,"thread_ts_usec":1675104087883689,"pkt":"RQAAMgABAABABr8dwKgBgAyB7P4AAQRfAAAAAAAAAABQACAA53IAAEoAAApmAgrtLWY="} 01179{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104087883689,"flow_src_last_pkt_time":1675104087883689,"flow_dst_last_pkt_time":1675104087883689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675104087883689,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.236.254","src_port":1,"dst_port":1119,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":15,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":2343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":2,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1675107987924579} +00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":15,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":2343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":2,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1675107987924579} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675107987924579,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675107987924579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675107987924579,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675107987924579,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":32,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":32,"pkt_l4_len":12,"thread_ts_usec":1675107987924579,"pkt":"RQAAIAABAABAEXzKfwAAAX8AAAEAZADIAAzHjzkYAAA="} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675108033027780,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":36,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":36,"pkt_l4_len":16,"thread_ts_usec":1675108033027780,"pkt":"RQAAJAABAABAEXzGfwAAAX8AAAEAyABkABDGhzoYAAAAAAAA"} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1675107987924579,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675108033027780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1675108033027780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1675107987924579,"flow_src_last_pkt_time":1675107987924579,"flow_dst_last_pkt_time":1675108033027780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1675108033027780,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":2355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":3,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1675168617695568} +00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":2355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":3,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1675168617695568} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675168617695568,"flow_src_last_pkt_time":1675168617695568,"flow_dst_last_pkt_time":1675168617695568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":113,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":17788,"dst_port":17788,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1675168617695568,"flow_dst_last_pkt_time":1675168617695568,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":141,"pkt_l4_len":121,"thread_ts_usec":1675168617695568,"pkt":"RQAAjQABAABAEXxdfwAAAX8AAAFFfEV8AHnX9HEARHRxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQUFN0cmVhbQAAAAAAAAAAAAAA"} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675168617695568,"flow_src_last_pkt_time":1675168617695568,"flow_dst_last_pkt_time":1675168617695568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":113,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":113,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":113,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":17788,"dst_port":17788,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"PPStream","proto_id":"54","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} @@ -43,8 +43,8 @@ 01221{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104061731093,"flow_src_last_pkt_time":1675104061731093,"flow_dst_last_pkt_time":1675104061731093,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"121.254.200.130","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01220{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104087883689,"flow_src_last_pkt_time":1675104087883689,"flow_dst_last_pkt_time":1675104087883689,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.236.254","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01220{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104043107099,"flow_src_last_pkt_time":1675104043107099,"flow_dst_last_pkt_time":1675104043107099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"12.129.206.130","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -01217{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104074459668,"flow_src_last_pkt_time":1675104074459668,"flow_dst_last_pkt_time":1675104074459668,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.9.66.76","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":2468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_usec":1675181007355625} +01221{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675104074459668,"flow_src_last_pkt_time":1675104074459668,"flow_dst_last_pkt_time":1675104074459668,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675168617695568,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.9.66.76","src_port":1,"dst_port":1119,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":2468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_usec":1675181007355625} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675181007355625,"flow_src_last_pkt_time":1675181007355625,"flow_dst_last_pkt_time":1675181007355625,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675181007355625,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"1.2.3.4","src_port":1,"dst_port":10,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1675181007355625,"flow_dst_last_pkt_time":1675181007355625,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":41,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":41,"pkt_l4_len":21,"thread_ts_usec":1675181007355625,"pkt":"RQAAKQABAABABrSgwKgBgAECAwQAAQAKAAAAAAAAAABQACAAyaoAAAA="} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1675181007355625,"flow_dst_last_pkt_time":1675181007355625,"flow_idle_time":7580000000,"pkt_datalink":228,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":129,"pkt_l4_len":109,"thread_ts_usec":1675181007355625,"pkt":"RQAAgQABAABABrRIwKgBgAECAwQAAQAKAAAAAQAAAABQACAAUjUAABYDAQBUAQAAUAMBTWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgTWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA0AQAABQAAAAAA"} @@ -56,7 +56,7 @@ 01294{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675181080065603,"flow_src_last_pkt_time":1675181373264924,"flow_dst_last_pkt_time":1675181080065603,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675181373264924,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"1.2.3.4","src_port":1,"dst_port":11,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01334{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675181007355625,"flow_src_last_pkt_time":1675181007355625,"flow_dst_last_pkt_time":1675181007355625,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":90,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675181373264924,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"1.2.3.4","src_port":1,"dst_port":10,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} 01335{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675181080065603,"flow_src_last_pkt_time":1675181373264924,"flow_dst_last_pkt_time":1675181080065603,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":83,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675181373264924,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"1.2.3.4","src_port":1,"dst_port":11,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"Gnutella","proto_id":"35","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Potentially Dangerous","category_id":7,"category":"Download"}} -00659{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":21,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":2641,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":3,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1675181373264924} +00659{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":21,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":2641,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":3,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1675181373264924} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 21/21 ~~ skipped flows.............: 0 @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7790874 bytes -~~ total memory freed........: 7790874 bytes -~~ total allocations/frees...: 146499/146499 +~~ total memory allocated....: 11499349 bytes +~~ total memory freed........: 11499349 bytes +~~ total allocations/frees...: 216753/216753 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 523 chars ~~ json string max len.......: 1340 chars diff --git a/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out index e4551ac05..94f149e19 100644 --- a/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out +++ b/test/results/default/ossfuzz_seed_fake_traces_2.pcapng.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1258844926423672} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1258844926423672} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1258844926423672,"l3_proto":"ip4","src_ip":"172.26.235.166","dst_ip":"172.30.92.62","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1258844926423672,"pkt":"AEBjsiExABQqZoWVCABFAAA8fZdAAEAGHQesGuumrB5cPtlOAHfZ0lWUAAAAAKACFtBfGwAAAgQFtAQCCAoAyCgDAAAAAAEDAwY="} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926423672,"flow_dst_last_pkt_time":1258844926423672,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1258844926423672,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -14,7 +14,7 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1258844926440922,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1258844926440922,"pkt":"AEBj1fcCABQqM3R+CABFAAA0fZlAAEAGv7\/AqL4UwKi+BdlOAHfZ0lWVnVaN4oAQAFy1jAAAAQEICgDIKAcKz1tk"} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1258844926441100,"l3_proto":"ip4","src_ip":"172.26.235.166","dst_ip":"172.30.92.62","src_port":55630,"dst_port":119,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00947{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1258844926441100,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00653{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1532126321356858} +00653{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1532126321356858} 00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532126321356858,"l3_proto":"ip4","src_ip":"10.147.205.42","dst_ip":"10.45.123.132","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00734{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_usec":1532126321356858,"pkt":"ouY0KRatOjbl\/kz4CABFiACwAksAAEARGfwKk80qCi17hKnGymwAnLj3AQAAANg30DBfzsfI5cji4\/eYnu9gwijYIynWArax4rudBo+Jz51NRTJ4D20nJk97mHAf3Cek7ACutr7NvvIzLxtAhMrbk4I5NcASriVeeyXv8TlAwyH6a9ZqKoewYdsUMBc+k39Wk0neKFbcXyYWdj7ur8BTOwHdll5+x2l24o9oPWcSAAAAAAAAAAAAAAAAAAAAAA=="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532126321356858,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -24,7 +24,7 @@ 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1532126321359376,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1532126321359376,"l3_proto":"ip4","src_ip":"172.26.235.166","dst_ip":"172.30.92.62","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1258844926423672,"flow_src_last_pkt_time":1258844926441100,"flow_dst_last_pkt_time":1258844926440830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":6,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1532126321359376,"l3_proto":"ip4","src_ip":"192.168.190.20","dst_ip":"192.168.190.5","src_port":55630,"dst_port":119,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Usenet","proto_id":"93","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00653{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1576629231599706} +00653{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1576629231599706} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576629231599706,"flow_src_last_pkt_time":1576629231599706,"flow_dst_last_pkt_time":1576629231599706,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576629231599706,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59038,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1576629231599706,"flow_dst_last_pkt_time":1576629231599706,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1576629231599706,"pkt":"CAAnw1r8CgAnAAAECABFAABAAABAAEAGuVisEBT0rBAUS+aeFThYp3nnAAAAALDC\/\/9fRwAAAgQFtAEDAwYBAQgKmyLsDAAAAAAEAgAA"} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1576629231599706,"flow_dst_last_pkt_time":1576629231600017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1576629231600017,"pkt":"CgAnAAAECAAnw1r8CABFAAA8AABAAEAGuVysEBRLrBAU9BU45p59bstLWKd56KBScSDq+wAAAgQFtAQCCApyjFlXmyLsDAEDAwc="} @@ -36,7 +36,7 @@ 00806{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1576629231620123,"l3_proto":"ip4","src_ip":"10.147.205.42","dst_ip":"10.45.123.132","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1576629231599706,"flow_src_last_pkt_time":1576629231620123,"flow_dst_last_pkt_time":1576629231620055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1576629231620123,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59038,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1576629231620123,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":708,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1576629231620123} +00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":708,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1576629231620123} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 26/26 ~~ skipped flows.............: 0 @@ -45,9 +45,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7782243 bytes -~~ total memory freed........: 7782243 bytes -~~ total allocations/frees...: 146444/146444 +~~ total memory allocated....: 11490798 bytes +~~ total memory freed........: 11490798 bytes +~~ total allocations/frees...: 216698/216698 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 566 chars ~~ json string max len.......: 995 chars diff --git a/test/results/default/ossfuzz_seed_fake_traces_3.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_3.pcapng.out index 45ace2e1e..82c1a175d 100644 --- a/test/results/default/ossfuzz_seed_fake_traces_3.pcapng.out +++ b/test/results/default/ossfuzz_seed_fake_traces_3.pcapng.out @@ -1,5 +1,5 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675169383880258} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675169383880258} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675169383880258,"flow_src_last_pkt_time":1675169383880258,"flow_dst_last_pkt_time":1675169383880258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675169383880258,"l3_proto":"ip4","src_ip":"192.168.16.173","dst_ip":"93.184.216.34","src_port":60546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675169383880258,"flow_dst_last_pkt_time":1675169383880258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675169383880258,"pkt":"pJGxF+92NObXAhsnCABFAAA8dkRAAEAGvUfAqBCtXbjYIuyCAFDeViVwAAAAAKAC+vAHXwAAAgQFtAQCCAqduWMmAAAAAAEDAwc="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1675169383880258,"flow_dst_last_pkt_time":1675169383978373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675169383978373,"pkt":"NObXAhsnpJGxF+92CABFAAA8PgMAADcGPolduNgiwKgQrQBQ7IKpQ+eb3lYlcaAS\/\/\/BQgAAAgQFrAQCCAoxuMtwnbljJgEDAwk="} @@ -7,7 +7,7 @@ 00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1675169383978640,"flow_dst_last_pkt_time":1675169383978373,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_usec":1675169383978640,"pkt":"pJGxF+92NObXAhsnCABFAACGdkZAAEAGvPvAqBCtXbjYIuyCAFDeViVxqUPnnIAYAfYHqQAAAQEICp25Y4gxuMtwR0VUIC9tYXBsZXN0b3J5LyBIVFRQLzEuMQ0KSG9zdDogZXhhbXBsZS5jb20NClVzZXItQWdlbnQ6IEFzcElOZXQNCkFjY2VwdDogKi8qDQoNCg=="} 00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675169383880258,"flow_src_last_pkt_time":1675169383978640,"flow_dst_last_pkt_time":1675169383978373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675169383978640,"l3_proto":"ip4","src_ip":"192.168.16.173","dst_ip":"93.184.216.34","src_port":60546,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"MapleStory","proto_id":"113","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675169383880258,"flow_src_last_pkt_time":1675169383978640,"flow_dst_last_pkt_time":1675169383978373,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675169383978640,"l3_proto":"ip4","src_ip":"192.168.16.173","dst_ip":"93.184.216.34","src_port":60546,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":82,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1675169383978640} +00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_3.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":82,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1675169383978640} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766901 bytes -~~ total memory freed........: 7766901 bytes -~~ total allocations/frees...: 146377/146377 +~~ total memory allocated....: 11475520 bytes +~~ total memory freed........: 11475520 bytes +~~ total allocations/frees...: 216631/216631 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 566 chars ~~ json string max len.......: 950 chars diff --git a/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out b/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out index 1b71271be..6d28c1e65 100644 --- a/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out +++ b/test/results/default/ossfuzz_seed_fake_traces_4.pcapng.out @@ -1,11 +1,11 @@ -00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675108086330330} +00584{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675108086330330} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675108086330330,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108086330330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675108086330330,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108086330330,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":32,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":32,"pkt_l4_len":12,"thread_ts_usec":1675108086330330,"pkt":"RQAAIAABAABAEXzKfwAAAX8AAAEAZADIAAzHjzkYAAA="} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108097027766,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":36,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":36,"pkt_l4_len":16,"thread_ts_usec":1675108097027766,"pkt":"RQAAJAABAABAEXzGfwAAAX8AAAEAyABkABDFhzsYAAAAAAAA"} 00872{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1675108086330330,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108097027766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1675108097027766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00787{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1675108086330330,"flow_src_last_pkt_time":1675108086330330,"flow_dst_last_pkt_time":1675108097027766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1675108097027766,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":100,"dst_port":200,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} -00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":12,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1675108097027766} +00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ossfuzz_seed_fake_traces_4.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":12,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1675108097027766} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766811 bytes -~~ total memory freed........: 7766811 bytes -~~ total allocations/frees...: 146373/146373 +~~ total memory allocated....: 11475430 bytes +~~ total memory freed........: 11475430 bytes +~~ total allocations/frees...: 216627/216627 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 522 chars ~~ json string max len.......: 877 chars diff --git a/test/results/default/pgm.pcap.out b/test/results/default/pgm.pcap.out index 87d5df637..d239953fc 100644 --- a/test/results/default/pgm.pcap.out +++ b/test/results/default/pgm.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1654564815455078} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1654564815455078} 00735{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654564815455078,"flow_src_last_pkt_time":1654564815455078,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654564815455078,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1654564815455078,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1654564815455078,"pkt":"AQBeAAEviFH7P19UCABFAAA4C7VAABRxIuMK9ECa6wABL9YlAHsAAEcBCvRAmtYlACQAAaJCAFHoKABR6ecAAQAACvRAmg=="} 00884{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654564815455078,"flow_src_last_pkt_time":1654564815455078,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654564815455078,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"ndpi": {"confidence": {"6":"DPI"},"proto":"PGM","proto_id":"296","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -9,7 +9,7 @@ 02247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1654564816353345,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":1344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1344,"pkt_l4_len":1310,"thread_ts_usec":1654564816353345,"pkt":"AQBeAAEviFH7P19UCABFAAUyDpFAABRxGw0K9ECa6wABL9YlAHsEAKv+CvRAmtYlBR4AUenrAFHoKENTQQCABAAAbQAFAFBBUkFNAAAAAAAAAAAAAAAAAAAAAP\/\/AADXyjEBPQAAAAr0QJoAAAAAM38AAAAAAAABAAAAAQAAACoAAAAAAA4AAABBQ0NPVU5UX0xJTUlUUwAAAAAAEAAAAEFMR09SSVRITV9UUkFERVIAAAAAAAwAAABBTk5PVU5DRU1FTlQAAAAAAAUAAABCRVRBUwAAAAAADQAAAENUT19BTEdPUklUSE0AAAAAAAsAAABDVk9MX0VOR0lORQAAAAAABAAAAERBWVMAAAAAAAkAAABESVZJREVORFMAAAAAAAgAAABFWENIX01BUAAAAAAAEwAAAEVYRV9FWENIQU5HRV9TWU1CT0wAAAAAAAMAAABGRUUAAAAAAA0AAABGRlRfQUxHT1JJVEhNAAAAAAAIAAAARklUX1RFUk0AAAAAAAcAAABIT0xJREFZAAAAAAAKAAAASU1WX1JFR0lPTgAAAAAACAAAAElNVl9URVJNAAAAAAANAAAASU5TVF9FWENIX01BUAAAAAAACQAAAElOVkVOVE9SWQAAAAAAEgAAAElOVkVOVE9SWV9FWENIQU5HRQAAAAAABgAAAExJTUlUUwAAAAAADgAAAE1BS09fQUxHT1JJVEhNAAAAAAAPAAAATUFLT19QRVJNSVNTSU9OAAAAAAAOAAAATUFLT19QT1JURk9MSU8AAAAAAAsAAABNQUtPX1RSQURFUgAAAAAACwAAAE1BTlVBTF9SQVRFAAAAAAANAAAAT1BTX0FMR09SSVRITQAAAAAADQAAAE9QVF9BTEdPUklUSE0AAAAAAAwAAABPUkRFUl9MSU1JVFMAAAAAAA0AAABPU1RfQUxHT1JJVEhNAAAAAAAMAAAAT1NUX01PTUVOVFVNAAAAAAAJAAAAUE9SVEZPTElPAAAAAAATAAAAUE9SVEZPTElPX0FMR09SSVRITQAAAAAAEwAAAFBPUlRGT0xJT19JTlZFTlRPUlkAAAAAABAAAABQT1JURk9MSU9fTElNSVRTAAAAAAATAAAAUE9TX0VYQ0hBTkdFX1NZTUJPTAAAAAAADAAAAFBPU19FWENIX01BUAAAAAAABwAAAFBST0RVQ1QAAAAAAA8AAABSQVRFX0FESlVTVE1FTlQAAAAAAAoAAABSSVNLX0pQTV8xAAAAAAAOAAAAUklTS19WT0xfTU9WRVMAAAAAAAUAAABST0xMUwAAAAAABgAAAFNZTUJPTAAAAAAADQAAAFNZTUJPTF9MSU1JVFMAAAAAAAgAAABUSUNLX01BUAAAAAAACQAAAFRJQ0tfU0laRQAAAAAACgAAAFVOREVSTFlJTkcAAAAAAAsAAABWT0xfRklUVElORwAAAAAACQAAAFZPTF9NT1ZFUwAAAAAACAAAAFZPTF9QQVRIAAAAAAAPAAAAVk9MX1BBVEhfUkVHSU9OAAAAAAAKAAAAVk9MX1JFR0lPTgAAAAAACgAAAFZPTF9TWU1CT0wAAAAAAAgAAABWT0xfVEVSTQAAAAAABwAAAFZUX0lORk8AAAAAAAsAAABWVF9JTkZPX01BUAAAAAAABgAAAFZUX01BUAAAAAAADQAAAFhHVF9BTEdPUklUSE0AAAAAAA0AAABYSEZfQUxHT1JJVEhNAAAAAAANAAAAWElCX0FMR09SSVRITQAAAAAAEAAAAERFRkxFQ1RPUl9TWU1CT0wA"} 02142{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1654564815455078,"flow_src_last_pkt_time":1654564817394846,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1310,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5416,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654564817394846,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":16,"avg":62573.2,"max":840685,"stddev":155726.8,"var":24250839040.0,"ent":2.9,"data": [840685,20786,25,36771,5581,109,6559,20,17008,16,14904,14731,16,37275,29,168236,95027,1618,67043,1565,11009,51225,29,243023,25455,15996,6391,15033,3510,84,240009]},"pktlen": {"min":56,"avg":189.2,"max":1330,"stddev":214.8,"var":46132.5,"ent":4.5,"data": [56,115,113,307,1330,192,112,116,156,271,238,319,165,117,213,299,115,127,134,114,115,130,132,131,114,121,119,120,119,121,112,113]},"bins": {"c_to_s": [0,1,9,12,2,1,2,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [4.207933426,3.772077084,3.737904549,4.289524555,3.977143764,4.305780411,3.733274460,3.889899492,4.148006916,4.292365074,4.336574078,4.226692677,4.062590599,3.930770159,4.197418690,4.412383080,3.835077763,3.796297789,4.342565060,3.788575172,3.851600647,4.257427692,4.309153080,4.246764660,3.757787228,3.886102915,3.938454628,3.971912861,3.968787670,3.964792728,3.751131535,3.773303032]},"ndpi": {"confidence": {"6":"DPI"},"proto":"PGM","proto_id":"296","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00935{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1000,"flow_dst_packets_processed":0,"flow_first_seen":1654564815455078,"flow_src_last_pkt_time":1654564894361003,"flow_dst_last_pkt_time":1654564815455078,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1310,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":162302,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654564894361003,"l3_proto":"ip4","src_ip":"10.244.64.154","dst_ip":"235.0.1.47","l4_proto":113,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PGM","proto_id":"296","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1000,"packets-processed":1000,"total-skipped-flows":0,"total-l4-payload-len":162302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1654564894361003} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/pgm.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1000,"packets-processed":1000,"total-skipped-flows":0,"total-l4-payload-len":162302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1654564894361003} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1000/1000 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7795725 bytes -~~ total memory freed........: 7795725 bytes -~~ total allocations/frees...: 147370/147370 +~~ total memory allocated....: 11504344 bytes +~~ total memory freed........: 11504344 bytes +~~ total allocations/frees...: 217624/217624 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 548 chars ~~ json string max len.......: 2252 chars diff --git a/test/results/default/pgsql.pcap.out b/test/results/default/pgsql.pcap.out index 034f1240a..f1339a151 100644 --- a/test/results/default/pgsql.pcap.out +++ b/test/results/default/pgsql.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1103453983214636} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1103453983214636} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1103453983214636,"flow_src_last_pkt_time":1103453983214636,"flow_dst_last_pkt_time":1103453983214636,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1103453983214636,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1103453983214636,"flow_dst_last_pkt_time":1103453983214636,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1103453983214636,"pkt":"AAAAAAAAAAAAAAAACABFAAA8\/wlAAEAGPbB\/AAABfwAAAbNqFTjJW\/IgAAAAAKACf\/\/rIgAAAgRADAQCCAoTQg0pAAAAAAEDAwA="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1103453983214636,"flow_dst_last_pkt_time":1103453983214658,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1103453983214658,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAARU4s2rJRrU9yVvyIaASf\/9MIgAAAgRADAQCCAoTQg0pE0INKQEDAwA="} @@ -14,7 +14,7 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1103453983217721,"flow_dst_last_pkt_time":1103453983217769,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1103453983217769,"pkt":"AAAAAAAAAAAAAAAACABFAAA07zdAAEAGTYp\/AAABfwAAARU4s2vJSeIdyQGw44AQf\/\/J7gAAAQEIChNCDSwTQg0s"} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1103453983214636,"flow_src_last_pkt_time":1103453983217592,"flow_dst_last_pkt_time":1103453983217889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":13,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":13,"midstream":0,"thread_ts_usec":1103453983217889,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45930,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1103453983215699,"flow_src_last_pkt_time":1103453983217721,"flow_dst_last_pkt_time":1103453983217976,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":13,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":13,"midstream":0,"thread_ts_usec":1103453983217976,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":45931,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":2103,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1576629230565518} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":2103,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1576629230565518} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1576629230565518,"flow_src_last_pkt_time":1576629230565518,"flow_dst_last_pkt_time":1576629230565518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1576629230565518,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59036,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1576629230565518,"flow_dst_last_pkt_time":1576629230565518,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1576629230565518,"pkt":"CAAnw1r8CgAnAAAECABFAABAAABAAEAGuVisEBT0rBAUS+acFThi3YI3AAAAALDC\/\/9QBQAAAgQFtAEDAwYBAQgKmyLoygAAAAAEAgAA"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1576629230565518,"flow_dst_last_pkt_time":1576629230566452,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1576629230566452,"pkt":"CgAnAAAECAAnw1r8CABFAAA8AABAAEAGuVysEBRLrBAU9BU45py6PR0kYt2COKBScSBRGwAAAgQFtAQCCApyjFVOmyLoygEDAwc="} @@ -49,7 +49,7 @@ 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1576629230719290,"flow_src_last_pkt_time":1576629230724239,"flow_dst_last_pkt_time":1576629230724197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":25,"midstream":0,"thread_ts_usec":1576629231631971,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59037,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1576629231599706,"flow_src_last_pkt_time":1576629231620123,"flow_dst_last_pkt_time":1576629231620055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":1,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":1,"midstream":0,"thread_ts_usec":1576629231631971,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59038,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1576629231618664,"flow_src_last_pkt_time":1576629231631971,"flow_dst_last_pkt_time":1576629231631919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":109,"flow_dst_max_l4_payload_len":389,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":507,"midstream":0,"thread_ts_usec":1576629231631971,"l3_proto":"ip4","src_ip":"172.16.20.244","dst_ip":"172.16.20.75","src_port":59039,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} -00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":88,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":2993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1576629231631971} +00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/pgsql.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":88,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":2993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1576629231631971} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 88/88 ~~ skipped flows.............: 0 @@ -58,9 +58,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7792333 bytes -~~ total memory freed........: 7792333 bytes -~~ total allocations/frees...: 146520/146520 +~~ total memory allocated....: 11500872 bytes +~~ total memory freed........: 11500872 bytes +~~ total allocations/frees...: 216774/216774 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 544 chars ~~ json string max len.......: 982 chars diff --git a/test/results/default/pim.pcap.out b/test/results/default/pim.pcap.out index f02adbb07..133637e3f 100644 --- a/test/results/default/pim.pcap.out +++ b/test/results/default/pim.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655247781655191} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655247781655191} 00737{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655247781655191,"flow_src_last_pkt_time":1655247781655191,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655247781655191,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655247781655191,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1655247781655191,"pkt":"AQBeAAANUC+oqN+8CABFwABKmKkAAAFns0PAqMvq4AAADSMAIEwBAMCoy+kAAgDSAQAAIOY+QvwAAQAAAQAHIAql5gIBAAAg5jwrAwABAAABAAcgCqXmAg=="} 00889{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655247781655191,"flow_src_last_pkt_time":1655247781655191,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655247781655191,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_PIM","proto_id":"297","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -8,7 +8,7 @@ 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655247784655491,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1655247784655491,"pkt":"AQBeAAANUC+oqN+8CABFwABKmKwAAAFns0DAqMvq4AAADSMAbUgBAMCoy+kAAgDSAQAAIOY+AP8AAQAAAQAHIAql5gIBAAAg5jwgBAABAAABAAcgCqXmAg=="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655247785655415,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1655247785655415,"pkt":"AQBeAAANUC+oqN+8CABFwABKmK0AAAFnsz\/AqMvq4AAADSMAbUsBAMCoy+kAAgDSAQAAIOY+AP4AAQAAAQAHIAql5gIBAAAg5jwgAgABAAABAAcgCqXmAg=="} 00931{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1655247781655191,"flow_src_last_pkt_time":1655247790665297,"flow_dst_last_pkt_time":1655247781655191,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655247790665297,"l3_proto":"ip4","src_ip":"192.168.203.234","dst_ip":"224.0.0.13","l4_proto":103,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IP_PIM","proto_id":"297","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1655247790665297} +00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pim.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1655247790665297} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767015 bytes -~~ total memory freed........: 7767015 bytes -~~ total allocations/frees...: 146380/146380 +~~ total memory allocated....: 11475634 bytes +~~ total memory freed........: 11475634 bytes +~~ total allocations/frees...: 216634/216634 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 564 chars ~~ json string max len.......: 936 chars diff --git a/test/results/default/pinterest.pcap.out b/test/results/default/pinterest.pcap.out index 652c7d8f4..666bd8876 100644 --- a/test/results/default/pinterest.pcap.out +++ b/test/results/default/pinterest.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1605289710318889} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1605289710318889} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289710318889,"flow_src_last_pkt_time":1605289710318889,"flow_dst_last_pkt_time":1605289710318889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289710318889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1605289710318889,"flow_dst_last_pkt_time":1605289710318889,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289710318889,"pkt":"qtsDr8lk5EKm5WPyht1gCMmjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUgYwBu9VDYL21LWgegBAB9TESAAABAQgKz6ojDMK4Yvg="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1605289710318889,"flow_dst_last_pkt_time":1605289710576735,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289710576735,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuBjLUtaB7VQ2C+gBALgY8wAAABAQgKwrkTpM+oCrY="} @@ -86,30 +86,30 @@ 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714558209,"flow_dst_last_pkt_time":1605289714581709,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714581709,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3uEYmtpAnJzl+oBJXgPrGAAACBAV4AQMDAwQCCArCuSOMlddk7w=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714581729,"flow_dst_last_pkt_time":1605289714581709,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714581729,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/ACAGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX5GJraRgBAB+37BAAABAQgKlddlBsK5I4w="} 01270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714581709,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714581951,"pkt":"qtsDr8lk5EKm5WPyht1gA76\/AiUGQCoBywEgSYsHmR3shSjf9ikmABkBAAB6CwAAAAAAAAAAt7gBuycnOX5GJraRgBgB++f0AAABAQgKlddlBsK5I4wWAwECAAEAAfwDA7PLbVBgOtGRFhhfXAbYAkw+iamYdzT9SXPsS7L7okIYINk7eET2yUrnprJJWKNt0no0P\/s4mMGITC6JI+53t7c2ACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPKygAAAAAAGQAXAAAUc2Vzc2lvbnMuYnVnc25hZy5jb20AFwAA\/wEAAQAACgAKAAj6+gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKfr6AAEAAB0AIEvxzjt0\/5GP3sZor6cdXi69M2D9HpE5Nb1aEh4mkXoQAC0AAgEBACsACwpaWgMEAwMDAgMBABsAAwIAAlpaAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714581709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714581951,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"sessions.bugsnag.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01221{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714581709,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714581951,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"sessions.bugsnag.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714590794,"flow_dst_last_pkt_time":1605289714590794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714590794,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714590794,"flow_dst_last_pkt_time":1605289714590794,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714590794,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGoAAAAAoAL9IGNfAAACBAWgBAIICskVTwYAAAAAAQMDBw=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714613987,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714613987,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYAGQEAAHoLAAAAAAAAAAAqAcsBIEmLB5kd7IUo3\/YpAbu3uEYmtpEnJzuDgBALMHNnAAABAQgKwrkjrJXXZQY="} -01260{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714615889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289714615889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"sessions.bugsnag.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01266{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714581951,"flow_dst_last_pkt_time":1605289714615889,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289714615889,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"sessions.bugsnag.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714590794,"flow_dst_last_pkt_time":1605289714616815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714616815,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbue9py+eGX+6kRroBJXgA2NAAACBAV4AQMDAwQCCArCuSOwyRVPBg=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714616828,"flow_dst_last_pkt_time":1605289714616815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714616828,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGucvnhmgBAB+5GEAAABAQgKyRVPIMK5I7A="} 01273{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714616815,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714617005,"pkt":"qtsDr8lk5EKm5WPyht1gDTn6AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAEnvYBu\/7qRGucvnhmgBgB+6l5AAABAQgKyRVPIMK5I7AWAwECAAEAAfwDA\/Gk\/9Vg1\/Yj6dUUpOb5DX8WmaenXohw9y+Qd4DnqktzIAb2YuarrlKbgL6YLTJZPQe97f1AtvLN8fLaoxVIuyFiACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZO6ugAAAAAAEwARAAAOd3d3Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAjq6gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKerqAAEAAB0AIJML4p8NHh5Io\/9KcRl6BBOqQlWgp4uJ9mxBuu8Y\/4wPAC0AAgEBACsACwrq6gMEAwMDAgMBABsAAwIAAlpaAAEAABUAzgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714616815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714617005,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":183,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714616815,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714617005,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714651291,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714651291,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbue9py+eGb+6kZwgBALMIYoAAABAQgKwrkj0skVTyA="} 00810{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714658043,"flow_dst_last_pkt_time":1605289714658043,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714658043,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714658043,"flow_dst_last_pkt_time":1605289714658043,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714658043,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSXwAAAAAoAL9ILsUAAACBAWgBAIICs+qM\/8AAAAAAQMDBw=="} -01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714660765,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289714660765,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01279{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714617005,"flow_dst_last_pkt_time":1605289714660765,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289714660765,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714658043,"flow_dst_last_pkt_time":1605289714697878,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714697878,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuCAAsx4c9qQ0l9oBJXgI0UAAACBAV4AQMDAwQCCArCuSQBz6oz\/w=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714697936,"flow_dst_last_pkt_time":1605289714697878,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714697936,"pkt":"qtsDr8lk5EKm5WPyht1gCBesACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSX0LMeHQgBAB+xD+AAABAQgKz6o0J8K5JAE="} 01270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714698324,"flow_dst_last_pkt_time":1605289714697878,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714698324,"pkt":"qtsDr8lk5EKm5WPyht1gCBesAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUggABu2pDSX0LMeHQgBgB++hnAAABAQgKz6o0KMK5JAEWAwECAAEAAfwDA9jVKfntEh25nXj1BFZE6ZFc6lyzI+CshbYOPn0Jce38IK9kDSD6\/4FSA\/aOBvpuajY1lLZq5tukFPFFFO\/eMmwPACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAGwAZAAAWYWNjb3VudHMucGludGVyZXN0LmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgyukN47oVi6AebwU11bCozo+bX5ZAWB5eRNnx4Nhm1GIALQACAQEAKwALCoqKAwQDAwMCAwEAGwADAgACamoAAQAAFQDGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714698324,"flow_dst_last_pkt_time":1605289714697878,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714698324,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"accounts.pinterest.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -02183{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714712098,"flow_dst_last_pkt_time":1605289714737758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1066,"flow_dst_tot_l4_payload_len":4645,"midstream":0,"thread_ts_usec":1605289714737758,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8653.8,"max":43788,"stddev":13864.0,"var":192210288.0,"ent":3.4,"data": [26021,26034,177,34476,9474,0,43788,3,51,24,2375,110,130,39176,1,238,310,37117,263,3095,2873,7183,1,0,7144,49,3,681,625,589,26257]},"pktlen": {"min":72,"avg":251.0,"max":1280,"stddev":327.8,"var":107441.1,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,289,72,136,164,395,72,72,72,652,72,103,103,72,493,818,267,72,72,72,111,72,111,72]},"bins": {"c_to_s": [12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,1,0,0,0,1,0,0,1],"entropies": [4.845952034,5.276737213,5.243131161,4.473354340,5.090543747,7.802321434,7.843567848,5.288201809,5.260424137,7.108726978,5.260424137,6.180178165,6.552865028,7.368058681,5.107836723,5.135614395,5.097352028,7.652834892,5.232646942,5.827667713,5.769781590,5.232646942,7.502712727,7.757375717,7.029527187,5.232646465,5.260424137,5.288201809,5.925748348,5.260424137,5.889372826,5.107836723]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02184{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289714712098,"flow_dst_last_pkt_time":1605289714737758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1066,"flow_dst_tot_l4_payload_len":4645,"midstream":0,"thread_ts_usec":1605289714737758,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8653.8,"max":43788,"stddev":13864.0,"var":192210288.0,"ent":3.4,"data": [26021,26034,177,34476,9474,0,43788,3,51,24,2375,110,130,39176,1,238,310,37117,263,3095,2873,7183,1,0,7144,49,3,681,625,589,26257]},"pktlen": {"min":72,"avg":251.0,"max":1280,"stddev":327.8,"var":107441.1,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,289,72,136,164,395,72,72,72,652,72,103,103,72,493,818,267,72,72,72,111,72,111,72]},"bins": {"c_to_s": [12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,1,0,0,0,1,0,0,1],"entropies": [4.845952034,5.276737213,5.243131161,4.473354340,5.090543747,7.802321434,7.843567848,5.288201809,5.260424137,7.108726978,5.260424137,6.180178165,6.552865028,7.368058681,5.107836723,5.135614395,5.097352028,7.652834892,5.232646942,5.827667713,5.769781590,5.232646942,7.502712727,7.757375717,7.029527187,5.232646465,5.260424137,5.288201809,5.925748348,5.260424137,5.889372826,5.107836723]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1605289714698324,"flow_dst_last_pkt_time":1605289714737758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714737758,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuCAAsx4dBqQ0uCgBALMAWbAAABAQgKwrkkKc+qNCg="} 01324{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714698324,"flow_dst_last_pkt_time":1605289714739608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605289714739608,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"accounts.pinterest.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 03104{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714739677,"flow_dst_last_pkt_time":1605289714740234,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5240,"midstream":0,"thread_ts_usec":1605289714740234,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"accounts.pinterest.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}} 00809{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714782619,"flow_dst_last_pkt_time":1605289714782619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289714782619,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1605289714782619,"flow_dst_last_pkt_time":1605289714782619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714782619,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACgGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqIAAAAAoAL9IEOtAAACBAWgBAIICnRgZN4AAAAAAQMDBw=="} -02166{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714795031,"flow_dst_last_pkt_time":1605289714793606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1778,"flow_dst_tot_l4_payload_len":5802,"midstream":0,"thread_ts_usec":1605289714795031,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15232.9,"max":132689,"stddev":29577.9,"var":874849472.0,"ent":3.1,"data": [23500,23520,222,32278,1902,1,0,33966,35,25,324,0,242,8,1731,75,102,35078,5741,3731,0,1,42641,14,135,39228,93613,132689,1225,118,74]},"pktlen": {"min":72,"avg":309.4,"max":1280,"stddev":401.1,"var":160869.7,"ent":4.1,"data": [80,80,72,589,72,1280,1280,1280,72,72,72,1280,173,72,72,136,164,451,72,72,652,103,72,72,72,103,72,330,72,111,229,571]},"bins": {"c_to_s": [11,1,2,0,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0],"entropies": [4.656593323,5.123788357,5.017778397,4.494572163,4.850525856,7.806178570,7.820445061,7.825618267,4.990000248,4.985159874,5.017777920,7.793226242,6.582598209,5.045556068,5.045556068,6.051473618,6.341272354,7.424715996,4.850525856,4.812263489,7.613498688,5.540113449,4.850525856,5.073333740,5.073333740,5.737332821,4.822747707,7.185048103,5.017778397,5.884420395,6.843392372,7.591670513]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +02172{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289714795031,"flow_dst_last_pkt_time":1605289714793606,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1778,"flow_dst_tot_l4_payload_len":5802,"midstream":0,"thread_ts_usec":1605289714795031,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15232.9,"max":132689,"stddev":29577.9,"var":874849472.0,"ent":3.1,"data": [23500,23520,222,32278,1902,1,0,33966,35,25,324,0,242,8,1731,75,102,35078,5741,3731,0,1,42641,14,135,39228,93613,132689,1225,118,74]},"pktlen": {"min":72,"avg":309.4,"max":1280,"stddev":401.1,"var":160869.7,"ent":4.1,"data": [80,80,72,589,72,1280,1280,1280,72,72,72,1280,173,72,72,136,164,451,72,72,652,103,72,72,72,103,72,330,72,111,229,571]},"bins": {"c_to_s": [11,1,2,0,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0],"entropies": [4.656593323,5.123788357,5.017778397,4.494572163,4.850525856,7.806178570,7.820445061,7.825618267,4.990000248,4.985159874,5.017777920,7.793226242,6.582598209,5.045556068,5.045556068,6.051473618,6.341272354,7.424715996,4.850525856,4.812263489,7.613498688,5.540113449,4.850525856,5.073333740,5.073333740,5.737332821,4.822747707,7.185048103,5.017778397,5.884420395,6.843392372,7.591670513]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":260,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1605289714782619,"flow_dst_last_pkt_time":1605289714832909,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289714832909,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoETkIAHQAAAAAAAAAAByAqAcsBIEmLB5kd7IUo3\/YpAbve2qyyOFrOS7qjoBJXgB0bAAACBAV4AQMDAwQCCArCuSSHdGBk3g=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1605289714832956,"flow_dst_last_pkt_time":1605289714832909,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289714832956,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqOssjhbgBAB+6D6AAABAQgKdGBlEMK5JIc="} 01270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1605289714833176,"flow_dst_last_pkt_time":1605289714832909,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289714833176,"pkt":"qtsDr8lk5EKm5WPyht1gCp8uAiUGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3toBu85LuqOssjhbgBgB+9wiAAABAQgKdGBlEcK5JIcWAwECAAEAAfwDA\/Ezw4mbUrI42jPHW\/R2JVq8HiENkzAbEci0fYqAxMkBIKC\/V9JydIygOtZAUS0JoPRGfzSMLpt5E5aZDM7pIRYPACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGAAWAAATaW1hZ2VzLnVuc3BsYXNoLmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgXafHcjSuu0lDRwVYnybRA+hptEDEqNkxm07M0aaWohAALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACGhoAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} @@ -126,60 +126,60 @@ 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715133578,"flow_dst_last_pkt_time":1605289715210396,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715210396,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJfoEpGV7hz5n4oBJXgLSTAAACBAV4AQMDAwQCCArCuSXYOIhOCA=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1605289715210445,"flow_dst_last_pkt_time":1605289715210396,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715210445,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfiBKRlfgBAB+zhYAAABAQgKOIhOVcK5Jdg="} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715210396,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289715212290,"pkt":"qtsDr8lk5EKm5WPyht1gAUyOAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACADyX4Bu+HPmfiBKRlfgBgB+6OKAAABAQgKOIhOV8K5JdgWAwECAAEAAfwDAyko5RIhdw7iSMvL+JxYqZMyWbwdT4mua+Aq4PLn7o6AIHiamGncKVvaC4Qe+Wkd02CeOTDRVPAoUdvjHzZzHWAnACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOKigAAAAAAFAASAAAPd3d3LmdzdGF0aWMuY29tABcAAP8BAAEAAAoACgAIWloAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClaWgABAAAdACCRstqE9fnS4cN2o44Xylwq4VObB7JF4wgnATR+54QtdwAtAAIBAQArAAsKuroDBAMDAwIDAQAbAAMCAAL6+gABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715210396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715212290,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715210396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715212290,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715221747,"flow_dst_last_pkt_time":1605289715221747,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715221747,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1605289715221747,"flow_dst_last_pkt_time":1605289715221747,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715221747,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0CzwAAAAAoAL9ILgWAAACBAWgBAIICnB0noAAAAAAAQMDBw=="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715257682,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715257682,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbvJfoEpGV\/hz5v9gBALMCzUAAABAQgKwrkmIDiITlc="} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715221747,"flow_dst_last_pkt_time":1605289715273354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715273354,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUkNYqBSe29As9oBJXgJmfAAACBAV4AQMDAwQCCArCuSYncHSegA=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1605289715273482,"flow_dst_last_pkt_time":1605289715273354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715273482,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0Cz3WKgUogBAB+x19AAABAQgKcHSetMK5Jic="} 01268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715273354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289715274121,"pkt":"qtsDr8lk5EKm5WPyht1gDRmqAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1JABu7b0Cz3WKgUogBgB+5ZOAAABAQgKcHSetcK5JicWAwECAAEAAfwDA\/Wo9zH9kIsC3p0+x0Ogp3CBXjA+aSeyGzEE6vb9ZTk9IJABGD2ndVeTf+odvyDjSMzv7BNGBBHaaAJBgxYc9sAYACDKyhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAFAASAAAPYXBpcy5nb29nbGUuY29tABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACB2WXZxKMS9tF781JcLrIeE0V3s7s7Xei6L\/wVkpPzjGAAtAAIBAQArAAsK+voDBAMDAwIDAQAbAAMCAALq6gABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715273354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715274121,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715273354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715274121,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715274358,"flow_dst_last_pkt_time":1605289715274358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715274358,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1605289715274358,"flow_dst_last_pkt_time":1605289715274358,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715274358,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACgGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIYAAAAAoAL9IIqeAAACBAWgBAIICrhM3AoAAAAAAQMDBw=="} -01279{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715287643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289715287643,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289715212290,"flow_dst_last_pkt_time":1605289715287643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289715287643,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715274358,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715301345,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoDKIDwMAAT+s6wDAAAAAMqAcsBIEmLB5kd7IUo3\/YpAbvIXBJtCi5yubyHoBJXgCqsAAACBAV4AQMDAwQCCArCuSZZuEzcCg=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715301345,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvUkNYqBSi29A1CgBALMBIOAAABAQgKwrkmW3B0nrU="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1605289715301435,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715301435,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIcSbQovgBAB+66iAAABAQgKuEzcJcK5Jlk="} 01271{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289715301671,"pkt":"qtsDr8lk5EKm5WPyht1gCiKuAiUGQCoBywEgSYsHmR3shSjf9ikqAyiA8DAAE\/rOsAwAAAADyFwBu3K5vIcSbQovgBgB+0gHAAABAQgKuEzcJcK5JlkWAwECAAEAAfwDA5gekqpKhlC2ipL2zI8L5\/kv3e0nxnbXEmgavka1LHWVIBeXyfu8UN0TfZ\/W27lJZzaKDZAJHcd7oBhNLgsTwfr\/ACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAGQAXAAAUY29ubmVjdC5mYWNlYm9vay5uZXQAFwAA\/wEAAQAACgAKAAi6ugAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKbq6AAEAAB0AIGc+3YDJXOpck3uyogqFw1bonkkYAWZ3xkO5tRdYSBRhAC0AAgEBACsACwoaGgMEAwMDAgMBABsAAwIAAurqAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01250{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715301671,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"connect.facebook.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -01279{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715321807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289715321807,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01253{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715301345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715301671,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"connect.facebook.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715274121,"flow_dst_last_pkt_time":1605289715321807,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289715321807,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715333683,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715333683,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoDKIDwMAAT+s6wDAAAAAMqAcsBIEmLB5kd7IUo3\/YpAbvIXBJtCi9yub6MgBALMKNIAAABAQgKwrkmebhM3CU="} -01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715333684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1380,"midstream":0,"thread_ts_usec":1605289715333684,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"connect.facebook.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -02183{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715471680,"flow_dst_last_pkt_time":1605289715427326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":1347,"flow_dst_tot_l4_payload_len":5004,"midstream":0,"thread_ts_usec":1605289715471680,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11299.7,"max":93180,"stddev":21751.5,"var":473125984.0,"ent":3.0,"data": [26987,27077,236,32338,1,0,32042,17,3873,399,116,64739,93180,2,1,290,2,3,2,24343,46,12,9,157,3,2,82,23,41,4388,39879]},"pktlen": {"min":72,"avg":271.0,"max":1452,"stddev":368.4,"var":135732.3,"ent":4.1,"data": [80,80,72,589,72,1452,979,72,72,136,164,330,330,72,72,72,251,152,116,653,72,72,72,72,483,1452,114,72,72,72,103,199]},"bins": {"c_to_s": [12,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,1,1,0,0,0,0,0],"entropies": [5.086080074,5.358260632,5.421088219,4.582517624,5.325077534,7.824724197,7.800261974,5.487128258,5.459350586,6.217577457,6.494597435,7.339631081,7.344889641,5.269522190,5.231259823,5.286815166,7.021345615,6.361854553,5.947217464,7.648275852,5.393310547,5.421088219,5.393310547,5.448865891,7.531715393,7.878327370,6.086453915,5.448865891,5.421088219,5.365532398,5.884278774,6.731818199]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +01298{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715301671,"flow_dst_last_pkt_time":1605289715333684,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1380,"midstream":0,"thread_ts_usec":1605289715333684,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"connect.facebook.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715471680,"flow_dst_last_pkt_time":1605289715427326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":1347,"flow_dst_tot_l4_payload_len":5004,"midstream":0,"thread_ts_usec":1605289715471680,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11299.7,"max":93180,"stddev":21751.5,"var":473125984.0,"ent":3.0,"data": [26987,27077,236,32338,1,0,32042,17,3873,399,116,64739,93180,2,1,290,2,3,2,24343,46,12,9,157,3,2,82,23,41,4388,39879]},"pktlen": {"min":72,"avg":271.0,"max":1452,"stddev":368.4,"var":135732.3,"ent":4.1,"data": [80,80,72,589,72,1452,979,72,72,136,164,330,330,72,72,72,251,152,116,653,72,72,72,72,483,1452,114,72,72,72,103,199]},"bins": {"c_to_s": [12,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,1,1,0,0,0,0,0],"entropies": [5.086080074,5.358260632,5.421088219,4.582517624,5.325077534,7.824724197,7.800261974,5.487128258,5.459350586,6.217577457,6.494597435,7.339631081,7.344889641,5.269522190,5.231259823,5.286815166,7.021345615,6.361854553,5.947217464,7.648275852,5.393310547,5.421088219,5.393310547,5.448865891,7.531715393,7.878327370,6.086453915,5.448865891,5.421088219,5.365532398,5.884278774,6.731818199]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289715782853,"flow_dst_last_pkt_time":1605289715782853,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715782853,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1605289715782853,"flow_dst_last_pkt_time":1605289715782853,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715782853,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACgGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWoAAAAAoAL9IBbyAAACBAWgBAIICmcfa8wAAAAAAQMDBw=="} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715782853,"flow_dst_last_pkt_time":1605289715833903,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715833903,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoDKIDxHwCD+s6wDAAAJd4qAcsBIEmLB5kd7IUo3\/YpAbvrtAAp+EJkW7VroBJXgNkoAAACBAV4AQMDAwQCCArCuShfZx9rzA=="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1605289715833970,"flow_dst_last_pkt_time":1605289715833903,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289715833970,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEACAGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWsAKfhDgBAB+10HAAABAQgKZx9r\/8K5KF8="} 01270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289715833903,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289715834672,"pkt":"qtsDr8lk5EKm5WPyht1gAWIEAiUGQCoBywEgSYsHmR3shSjf9ikqAyiA8R8Ag\/rOsAwAACXe67QBu2RbtWsAKfhDgBgB+\/QzAAABAQgKZx9sAMK5KF8WAwECAAEAAfwDA15ScC6cz0Mm40ZOuOfJU9tsVGcffyVHK66YSdKRGbaAIPaARvdX8cCHMx9rMsZJhiJlEhn0QL88TbX34lqqt\/OKACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAFQATAAAQd3d3LmZhY2Vib29rLmNvbQAXAAD\/AQABAAAKAAoACCoqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApKioAAQAAHQAgpYv7qRG6do7VtNy5242ZZbX6mD8VP8lQEUUuZeSYdj0ALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACCgoAAQAAFQDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289715833903,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715834672,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289715833903,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715834672,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289715966342,"flow_dst_last_pkt_time":1605289715966342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289715966342,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1605289715966342,"flow_dst_last_pkt_time":1605289715966342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289715966342,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B4AAAAAoAL9IFQFAAACBAWgBAIICqkvSd0AAAAAAQMDBw=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289716018193,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716018193,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoDKIDxHwCD+s6wDAAAJd4qAcsBIEmLB5kd7IUo3\/YpAbvrtAAp+ENkW7dwgBALMFGYAAABAQgKwrkok2cfbAA="} -01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289716018194,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1380,"midstream":0,"thread_ts_usec":1605289716018194,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289715834672,"flow_dst_last_pkt_time":1605289716018194,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1380,"midstream":0,"thread_ts_usec":1605289716018194,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1605289715966342,"flow_dst_last_pkt_time":1605289716021823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289716021823,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6rg79HT9v4ewfoBJXgOHBAAACBAV4AQMDAwQCCArCuSkJqS9J3Q=="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1605289716021899,"flow_dst_last_pkt_time":1605289716021823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716021899,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B8O\/R1AgBAB+2WcAAABAQgKqS9KFMK5KQk="} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716021823,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289716024503,"pkt":"qtsDr8lk5EKm5WPyht1gDvs7AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAKuq4Bu2\/h7B8O\/R1AgBgB+960AAABAQgKqS9KF8K5KQkWAwECAAEAAfwDAz7PSjjgfHJf+nCfn3DPMxydUwVUjvYQFiNHK08caRmgIChBHphlkCrDONZuzjKATga3CNpgPdLG1nC8FJaIcfu7ACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAJAAiAAAfY29udGVudC1hdXRvZmlsbC5nb29nbGVhcGlzLmNvbQAXAAD\/AQABAAAKAAoACGpqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApamoAAQAAHQAgphW3bcEnLefm+sIpksFu2OouFtq8r6bigf0SizCebCQALQACAQEAKwALCpqaAwQDAwMCAwEAGwADAgACCgoAAQAAFQC9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716021823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289716024503,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01259{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716021823,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289716024503,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716066903,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716066903,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbu6rg79HUBv4e4kgBALMFoOAAABAQgKwrkpWqkvShc="} -01303{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716084706,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289716084706,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01304{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289716024503,"flow_dst_last_pkt_time":1605289716084706,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289716084706,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716168715,"flow_dst_last_pkt_time":1605289716168715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289716168715,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00796{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1605289716168715,"flow_dst_last_pkt_time":1605289716168715,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":244,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":244,"pkt_l4_len":190,"thread_ts_usec":1605289716168715,"pkt":"qtsDr8lk5EKm5WPyht1gB32\/AL4GQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADqioBu9lam\/a\/4e68gBgE1TyJAAABAQgKZPSVcMK4jAQXAwMAmbA2YtBqXOwsPZhf0xplQUhs5uebiQ6HrXX0rQcB3CzDNqt6KEFEtOrnLbiyKoAl0\/PfpLU5lSyfN4b6GWAPMuxRzKK1mYHeU6cm19ssJsGj28uoKpDNJuLbc68jHie5jcE8\/swMHjb\/rsshDlUuBkbS0PBg+fBq\/uDg8aBU7dQCoscpqfDhz7OaLw8PBcid6Woaoneonk0XRQ=="} -01084{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716168715,"flow_dst_last_pkt_time":1605289716168715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289716168715,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716168715,"flow_dst_last_pkt_time":1605289716168715,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":158,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289716168715,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1605289716168917,"flow_dst_last_pkt_time":1605289716168715,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":209,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":209,"pkt_l4_len":155,"thread_ts_usec":1605289716168917,"pkt":"qtsDr8lk5EKm5WPyht1gB32\/AJsGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACADqioBu9lanJS\/4e68gBgE1YEBAAABAQgKZPSVcMK4jAQXAwMAT0+KQ56NjlMHGW+d6G5ddduewRHnDyQJNOhFGSBeS16m4KVAja7XHlyuQrxKoq24Sn8bLVvUYgiRl0ogV926yAF+\/eBnK0DefdFCPgWpP6kXAwMAIh\/Eke2gVwnwKuWIWa9HbFAoJdRk5f1TigycRztSwvhmbFo="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1605289716168917,"flow_dst_last_pkt_time":1605289716192184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716192184,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/h7rzZWpyUgBALf8h0AAABAQgKwrkp2GT0lXA="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1605289716168917,"flow_dst_last_pkt_time":1605289716192344,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289716192344,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/h7rzZWp0PgBALj8fpAAABAQgKwrkp2GT0lXA="} 00839{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1605289716168917,"flow_dst_last_pkt_time":1605289716197451,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":277,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":277,"pkt_l4_len":223,"thread_ts_usec":1605289716197451,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAAN8GPSoAFFBABwgFAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbuqKr\/h7rzZWp0PgBgLjwvfAAABAQgKwrkp2WT0lXAXAwMAuvbpCprhIHZOm+s71xjln8W5wRXAEZMMYHzFfgrc8Qz4ihOFNdXXrcK7V3sZoCmBJ+9UP9pq7hG1hJyCeP+MFNZTxO2gaK55QvARJT791YHr2a9N\/48L6BIqY0g9tYfn4yZI8zlroZ226D4je2OGOYeBFXAt\/SWtduBHYRboL2SojJhXdPVjX\/gNGYSfvf2cQ4Gmy4NkAXucZYn6wYVA\/ALz1WSrztJHvD8qTVY2ZZ3gbVGKtvonmOvlwA=="} -02151{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716199465,"flow_dst_last_pkt_time":1605289716199511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":21058,"midstream":1,"thread_ts_usec":1605289716199511,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1985.4,"max":28590,"stddev":6415.7,"var":41161208.0,"ent":1.8,"data": [202,23469,160,5107,2,28590,251,1,1,2,214,4,31,0,19,391,1,0,1,397,8,1304,0,0,1,0,1316,72,1,1,0]},"pktlen": {"min":72,"avg":738.8,"max":1280,"stddev":578.2,"var":334348.7,"ent":4.5,"data": [230,195,72,72,263,1280,72,1280,1280,1280,1280,72,72,1280,1280,72,1280,1280,1280,1280,72,72,1280,1280,237,111,199,72,1280,1280,1280,1280]},"bins": {"c_to_s": [7,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,1,0,1,1,1,1],"entropies": [6.948834896,6.675073147,5.125129700,5.125129700,6.977108479,7.855700493,5.182512760,7.824506283,7.846910477,7.827116013,7.838431835,5.116472721,5.137442112,7.839233875,7.849976540,5.154735088,7.852743149,7.835449219,7.826992035,7.859686375,5.182512760,5.182512760,7.806921482,7.824195862,6.883517742,5.810838699,6.706934929,5.109664440,7.833899021,7.836830139,7.838667870,7.830160618]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +02152{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716199465,"flow_dst_last_pkt_time":1605289716199511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":21058,"midstream":1,"thread_ts_usec":1605289716199511,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1985.4,"max":28590,"stddev":6415.7,"var":41161208.0,"ent":1.8,"data": [202,23469,160,5107,2,28590,251,1,1,2,214,4,31,0,19,391,1,0,1,397,8,1304,0,0,1,0,1316,72,1,1,0]},"pktlen": {"min":72,"avg":738.8,"max":1280,"stddev":578.2,"var":334348.7,"ent":4.5,"data": [230,195,72,72,263,1280,72,1280,1280,1280,1280,72,72,1280,1280,72,1280,1280,1280,1280,72,72,1280,1280,237,111,199,72,1280,1280,1280,1280]},"bins": {"c_to_s": [7,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,1,0,1,1,1,1],"entropies": [6.948834896,6.675073147,5.125129700,5.125129700,6.977108479,7.855700493,5.182512760,7.824506283,7.846910477,7.827116013,7.838431835,5.116472721,5.137442112,7.839233875,7.849976540,5.154735088,7.852743149,7.835449219,7.826992035,7.859686375,5.182512760,5.182512760,7.806921482,7.824195862,6.883517742,5.810838699,6.706934929,5.109664440,7.833899021,7.836830139,7.838667870,7.830160618]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717548570,"flow_dst_last_pkt_time":1605289717548570,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289717548570,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1605289717548570,"flow_dst_last_pkt_time":1605289717548570,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289717548570,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD4AAAAAoAL9ID+FAAACBAWgBAIICjGG9eUAAAAAAQMDBw=="} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1605289717548570,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289717572004,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR75juz2g\/oBJXgHfiAAACBAV4AQMDAwQCCArCuS86MYb15Q=="} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1605289717572182,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289717572182,"pkt":"qtsDr8lk5EKm5WPyht1gD67DACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD+L0e+ZgBAB+\/vbAAABAQgKMYb1\/cK5Lzo="} 01268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289717572787,"pkt":"qtsDr8lk5EKm5WPyht1gD67DAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACANn74Bu+7PaD+L0e+ZgBgB+0DvAAABAQgKMYb1\/cK5LzoWAwECAAEAAfwDA800cC9OVh30oKukmv7TjuGOfIQsAXjOcIds0bgi09HFIBoSrrmErFO1TCZKJVvIhS6wQO5Ret2I7u3t0EJASsOHACBaWhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAGAAWAAATYWNjb3VudHMuZ29vZ2xlLmNvbQAXAAD\/AQABAAAKAAoACHp6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApenoAAQAAHQAg3SQzsRLwlL1ZHWLzcJyUxb7R5EthsHkv9Gz6Dx5HIhsALQACAQEAKwALCoqKAwQDAwMCAwEAGwADAgACysoAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289717572787,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717572004,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289717572787,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717599829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289717599829,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIA0qAcsBIEmLB5kd7IUo3\/YpAbufvovR75nuz2pEgBALMPCFAAABAQgKwrkvVjGG9f0="} -01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717605090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289717605090,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -02210{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289717653626,"flow_dst_last_pkt_time":1605289716195463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1605289717653626,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":61819.5,"max":1485939,"stddev":260701.6,"var":67965321216.0,"ent":1.6,"data": [55481,55557,2604,45080,17803,15,60231,16,286,275,9398,2484,606,42880,0,228,1,30633,193,14864,14650,23014,0,23014,8,85,0,70,1606,29384,1485939]},"pktlen": {"min":72,"avg":238.1,"max":1280,"stddev":317.7,"var":100919.6,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,573,72,136,164,444,72,72,72,652,72,103,103,72,462,135,72,72,111,72,72,111,72,237]},"bins": {"c_to_s": [11,1,2,0,0,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,0],"entropies": [4.830388546,5.236173153,5.083273411,4.664566517,5.024503708,7.801916599,7.849427700,5.232646465,5.204868793,7.603487968,5.204868793,6.090775967,6.470489025,7.520395279,5.107836723,5.107836723,5.080059052,7.600295067,5.194384098,5.756132126,5.672693253,5.166606426,7.483500957,6.249640465,5.177091122,5.204868793,5.886195660,5.135614395,5.204868793,5.955920696,5.135614395,6.860337257]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -02187{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717681759,"flow_dst_last_pkt_time":1605289717681662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":959,"flow_dst_tot_l4_payload_len":10121,"midstream":0,"thread_ts_usec":1605289717681759,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8589.7,"max":42968,"stddev":12964.6,"var":168080032.0,"ent":3.5,"data": [23434,23612,605,27825,5261,2,0,32335,48,7,3191,171,159,42968,880,1,157,40413,894,3393,2534,21369,1,21337,22,7799,1,0,1,7829,32]},"pktlen": {"min":72,"avg":418.8,"max":1280,"stddev":492.4,"var":242485.9,"ent":4.1,"data": [80,80,72,589,72,1280,1280,322,72,72,72,136,164,327,72,72,72,652,72,103,103,72,876,1280,72,72,1280,1280,1280,1280,72,72]},"bins": {"c_to_s": [12,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,1,1,0,0],"entropies": [4.905389309,5.361174107,5.232646465,4.557852268,5.107836723,7.817549706,7.840916157,7.180346489,5.232646465,5.260424137,5.260424137,6.185771942,6.393667221,7.196280479,5.107836723,5.107836723,5.107836723,7.630718231,5.204868793,5.782878876,5.796528339,5.222161770,7.750598431,7.833017826,5.260424137,5.260424137,7.845281124,7.848848343,7.857541561,7.841633797,5.194384098,5.232646465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01284{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717572787,"flow_dst_last_pkt_time":1605289717605090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289717605090,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +02211{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289717653626,"flow_dst_last_pkt_time":1605289716195463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":4020,"midstream":0,"thread_ts_usec":1605289717653626,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":61819.5,"max":1485939,"stddev":260701.6,"var":67965321216.0,"ent":1.6,"data": [55481,55557,2604,45080,17803,15,60231,16,286,275,9398,2484,606,42880,0,228,1,30633,193,14864,14650,23014,0,23014,8,85,0,70,1606,29384,1485939]},"pktlen": {"min":72,"avg":238.1,"max":1280,"stddev":317.7,"var":100919.6,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,573,72,136,164,444,72,72,72,652,72,103,103,72,462,135,72,72,111,72,72,111,72,237]},"bins": {"c_to_s": [11,1,2,0,0,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,0],"entropies": [4.830388546,5.236173153,5.083273411,4.664566517,5.024503708,7.801916599,7.849427700,5.232646465,5.204868793,7.603487968,5.204868793,6.090775967,6.470489025,7.520395279,5.107836723,5.107836723,5.080059052,7.600295067,5.194384098,5.756132126,5.672693253,5.166606426,7.483500957,6.249640465,5.177091122,5.204868793,5.886195660,5.135614395,5.204868793,5.955920696,5.135614395,6.860337257]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02188{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289717681759,"flow_dst_last_pkt_time":1605289717681662,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":959,"flow_dst_tot_l4_payload_len":10121,"midstream":0,"thread_ts_usec":1605289717681759,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8589.7,"max":42968,"stddev":12964.6,"var":168080032.0,"ent":3.5,"data": [23434,23612,605,27825,5261,2,0,32335,48,7,3191,171,159,42968,880,1,157,40413,894,3393,2534,21369,1,21337,22,7799,1,0,1,7829,32]},"pktlen": {"min":72,"avg":418.8,"max":1280,"stddev":492.4,"var":242485.9,"ent":4.1,"data": [80,80,72,589,72,1280,1280,322,72,72,72,136,164,327,72,72,72,652,72,103,103,72,876,1280,72,72,1280,1280,1280,1280,72,72]},"bins": {"c_to_s": [12,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,1,1,0,0],"entropies": [4.905389309,5.361174107,5.232646465,4.557852268,5.107836723,7.817549706,7.840916157,7.180346489,5.232646465,5.260424137,5.260424137,6.185771942,6.393667221,7.196280479,5.107836723,5.107836723,5.107836723,7.630718231,5.204868793,5.782878876,5.796528339,5.222161770,7.750598431,7.833017826,5.260424137,5.260424137,7.845281124,7.848848343,7.857541561,7.841633797,5.194384098,5.232646465]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00809{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":686,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289718346936,"flow_src_last_pkt_time":1605289718346936,"flow_dst_last_pkt_time":1605289718346936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289718346936,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":686,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1605289718346936,"flow_dst_last_pkt_time":1605289718346936,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289718346936,"pkt":"qtsDr8lk5EKm5WPyht1gDn7LACAGQCoBywEgSYsHmR3shSjf9ikqBE5CAB0AAAAAAAAAAAcg3mwBu1MbKQQ2nwhTgBBf5ZGnAAABAQgKdGByysK4e5A="} 00816{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":687,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289718347032,"flow_src_last_pkt_time":1605289718347032,"flow_dst_last_pkt_time":1605289718347032,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289718347032,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -224,13 +224,13 @@ 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":748,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1605289732972740,"flow_dst_last_pkt_time":1605289733019634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605289733019634,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuwRmgG99MLvByLoBJXgOQ\/AAACBAV4AQMDAwQCCArCuWuDWG5gMg=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":749,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1605289733019649,"flow_dst_last_pkt_time":1605289733019634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733019649,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HItoBvfUgBAB+2giAAABAQgKWG5gYcK5a4M="} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":750,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733019634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605289733019850,"pkt":"qtsDr8lk5EKm5WPyht1gD7s\/AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAOsEYBuwu8HItoBvfUgBgB+1dmAAABAQgKWG5gYcK5a4MWAwECAAEAAfwDA\/e7AWI4IOqe24e3Dy8GtjgX\/HGd3ql+YvtlwSVKxHHMIG0UA7UP8cWM1+OIpoJabPxwYFuj3vVPyVClxgciYoq4ACAqKhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAHQAbAAAYd3d3Lmdvb2dsZS1hbmFseXRpY3MuY29tABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACB3ZVhMGdknHjr8mYsq4A0iDM3P9MVWSPmKERKJV0rOKQAtAAIBAQArAAsKuroDBAMDAwIDAQAbAAMCAAL6+gABAAAVAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":750,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733019634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289733019850,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":750,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733019634,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289733019850,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":751,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1605289733006105,"flow_dst_last_pkt_time":1605289733055452,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733055452,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoETkIAHQAAAAAAAAAAAIQqAcsBIEmLB5kd7IUo3\/YpAbuWkkELYhsjTam+gBALMDa6AAABAQgKwrlrnNZiabM="} 01320{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":752,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733006105,"flow_dst_last_pkt_time":1605289733059043,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605289733059043,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"assets.pinterest.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 03100{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":757,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733059060,"flow_dst_last_pkt_time":1605289733060311,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289733060311,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"assets.pinterest.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733131664,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605289733131664,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbuwRmgG99QLvB6QgBALMFy2AAABAQgKwrlrtVhuYGE="} -01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":774,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733177092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289733177092,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -02185{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":802,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733216831,"flow_dst_last_pkt_time":1605289733216812,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":969,"flow_dst_tot_l4_payload_len":9927,"midstream":0,"thread_ts_usec":1605289733216831,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15747.2,"max":157269,"stddev":35268.1,"var":1243837184.0,"ent":2.7,"data": [46894,46909,201,112030,45428,0,2,157269,9,5,2935,270,2964,37660,1,0,1100,1,0,32562,12,3,631,955,1,0,0,308,7,3,3]},"pktlen": {"min":72,"avg":413.0,"max":1280,"stddev":486.7,"var":236885.8,"ent":4.1,"data": [80,80,72,589,72,1280,1280,549,72,72,72,136,164,337,72,72,72,652,486,1280,72,72,72,103,1280,1280,1280,1280,72,72,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0],"entropies": [4.855388165,5.286173344,5.149313450,4.600729942,5.080059052,7.797164440,7.832664490,7.507453918,5.138828754,5.081305504,5.166606903,6.092433929,6.575641632,7.259848118,5.043183804,5.097352505,5.052281380,7.626473904,7.461633682,7.832756042,5.149313450,5.132019997,5.083273411,5.775549889,7.833918095,7.851273537,7.839205742,7.857754707,5.121535778,5.177091122,5.111051083,5.177091122]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} +01301{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":774,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733019850,"flow_dst_last_pkt_time":1605289733177092,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605289733177092,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":802,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733216831,"flow_dst_last_pkt_time":1605289733216812,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":969,"flow_dst_tot_l4_payload_len":9927,"midstream":0,"thread_ts_usec":1605289733216831,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":15747.2,"max":157269,"stddev":35268.1,"var":1243837184.0,"ent":2.7,"data": [46894,46909,201,112030,45428,0,2,157269,9,5,2935,270,2964,37660,1,0,1100,1,0,32562,12,3,631,955,1,0,0,308,7,3,3]},"pktlen": {"min":72,"avg":413.0,"max":1280,"stddev":486.7,"var":236885.8,"ent":4.1,"data": [80,80,72,589,72,1280,1280,549,72,72,72,136,164,337,72,72,72,652,486,1280,72,72,72,103,1280,1280,1280,1280,72,72,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0],"entropies": [4.855388165,5.286173344,5.149313450,4.600729942,5.080059052,7.797164440,7.832664490,7.507453918,5.138828754,5.081305504,5.166606903,6.092433929,6.575641632,7.259848118,5.043183804,5.097352505,5.052281380,7.626473904,7.461633682,7.832756042,5.149313450,5.132019997,5.083273411,5.775549889,7.833918095,7.851273537,7.839205742,7.857754707,5.121535778,5.177091122,5.111051083,5.177091122]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01987{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":829,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733287022,"flow_dst_last_pkt_time":1605289733341107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1151,"flow_dst_tot_l4_payload_len":10308,"midstream":0,"thread_ts_usec":1605289733341107,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":22897.1,"max":135965,"stddev":39614.3,"var":1569289984.0,"ent":3.2,"data": [46509,46553,392,49783,3591,0,52945,10,1267,1,1272,3,2358,266,496,109019,0,0,1,0,1,105909,5,6,6499,35807,111148,135965,1,2,0]},"pktlen": {"min":72,"avg":430.6,"max":1460,"stddev":544.3,"var":296293.8,"ent":4.0,"data": [80,80,72,589,72,1460,1460,72,72,1460,1230,72,72,165,171,338,72,72,330,138,72,570,72,72,72,110,72,210,72,1460,1460,1460]},"bins": {"c_to_s": [9,1,1,1,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,6,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,0,1,1,1,1],"entropies": [4.684510231,5.128057957,5.091930866,4.525407314,4.980900764,6.391155720,5.165083408,5.175263882,5.175263882,7.346390247,7.633969307,5.175263882,5.109223843,6.098253250,6.329233170,7.209453583,5.008678436,4.970416069,7.086939812,6.058278084,4.925345421,7.519527912,5.175263882,5.147486210,5.175263882,5.594966412,4.980900764,6.689027309,4.980900764,7.853739262,7.845409870,7.847467899]}} 03104{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":829,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733287022,"flow_dst_last_pkt_time":1605289733341107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1151,"flow_dst_tot_l4_payload_len":10308,"midstream":0,"thread_ts_usec":1605289733341107,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"assets.pinterest.com","tls": {"version":"TLSv1.2","server_names":"*.pinterest.com,pinterest.in,*.pinterest.co,pinterest.co,*.pinterest.pe,pinterest.pe,*.pinterest.be,pinterest.be,*.pinterest.in,*.pinterest.ph,*.pinterest.ec,pinterest.ph,*.pinterest.cl,*.pinimg.com,*.pinterest.es,pinterest.es,*.pinterest.nz,pinterest.nz,pinterest.ec,pinterest.hu,pinterest.ca,pinterest.id,*.pinterest.nl,pinterest.nl,*.pinterest.tw,pinterest.tw,*.pinterest.th,pinterest.th,*.pinterest.id,*.pinterest.vn,*.pinterest.hu,pinterest.vn,*.pinterest.uk,pinterest.uk,*.pinterest.ru,pinterest.ru,*.pinterest.it,pinterest.it,pinterest.fr,pinterest.cl,*.pinterest.fr,*.pinterest.jp,*.pinterest.ca,pinterest.com,pin.it,*.pinterest.se,*.pinterest.pt,*.pinterest.mx,*.pinterest.kr,*.pinterest.ie,pinterest.engineering,*.pinterest.dk,*.pinterest.de,*.pinterest.ch,*.pinterest.at,*.pinterestmail.com,*.pinterest.engineering,*.pinterest.info,pinterest.info,pinimg.com,pinterestmail.com,pinterest.de,pinterest.dk,pinterest.ie,pinterest.jp,pinterest.kr,pinterest.mx,pinterest.pt,pinterest.se,pinterest.at,pinterest.ch,pinterest.co.at,*.pinterest.com.uy,pinterest.co.kr,pinterest.co.uk,*.pinterest.com.au,pinterest.com.au,pinterest.com.mx,*.pinterest.co.nz,pinterest.co.nz,pinterest.com.pe,pinterest.com.uy,*.pinterest.co.in,pinterest.com.py,*.pinterest.com.py,pinterest.com.bo,*.pinterest.com.bo,pinterest.com.ec,*.pinterest.com.ec,pinterest.co.in,*.pinterest.com.pe,*.pinterest.com.mx,pinterest.com.vn,*.pinterest.com.vn,*.pinterest.co.uk,*.pinterest.co.kr,*.pinterest.co.at,*.testing.pinterest.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Pinterest, Inc., CN=*.pinterest.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"1E:D0:5D:9F:0D:82:46:B3:60:5F:11:FB:64:D5:28:35:37:40:7A:4E"}}} 00810{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":864,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733399863,"flow_dst_last_pkt_time":1605289733399863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605289733399863,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -244,25 +244,25 @@ 03205{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":875,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733466898,"flow_dst_last_pkt_time":1605289733468841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5240,"midstream":0,"thread_ts_usec":1605289733468841,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"js-agent.newrelic.com","tls": {"version":"TLSv1.2","server_names":"f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0"}}} 01983{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":895,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733500742,"flow_dst_last_pkt_time":1605289733511200,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":8749,"midstream":0,"thread_ts_usec":1605289733511200,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":6845.7,"max":45476,"stddev":12150.2,"var":147627232.0,"ent":3.2,"data": [20965,21014,506,37100,8905,1,45476,39,2004,2,1,1,1959,29,12,7,90,33,7803,454,394,31006,1,387,1,22756,38,359,8296,2575,2]},"pktlen": {"min":72,"avg":377.7,"max":1120,"stddev":441.2,"var":194656.5,"ent":4.1,"data": [80,80,72,589,72,1120,1120,72,72,1120,1120,1120,1120,72,72,72,72,113,72,165,171,342,72,72,330,138,72,72,110,72,1120,1120]},"bins": {"c_to_s": [11,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,0,1,1,1],"entropies": [4.809510231,5.143908501,5.203041553,4.540377140,5.064233780,6.870509624,5.058271885,5.230819225,5.230819225,6.720662117,7.193079948,7.346520901,7.621092319,5.230819225,5.137001038,5.203041553,5.175263882,5.649272442,5.175263405,6.019917488,6.380431175,7.094295502,5.064233780,5.064233780,7.049797535,6.150704861,5.203041077,5.203041553,5.667691708,5.008678436,7.799199581,7.796170235]}} 03208{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":895,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733500742,"flow_dst_last_pkt_time":1605289733511200,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":8749,"midstream":0,"thread_ts_usec":1605289733511200,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"js-agent.newrelic.com","tls": {"version":"TLSv1.2","server_names":"f4.shared.global.fastly.net,*.500px.com,*.500px.net,*.500px.org,*.acceptance.habitat.sh,*.api.swiftype.com,*.art19.com,*.brave.com,*.chef.co,*.chef.io,*.cookpad.com,*.evbstatic.com,*.eventbrite.com,*.experiencepoint.com,*.fs.pastbook.com,*.fs.quploads.com,*.ftcdn.net,*.fubo.tv,*.getchef.com,*.githash.fubo.tv,*.habitat.sh,*.inspec.io,*.issuu.com,*.isu.pub,*.jimdo-dev-staging.com,*.jimdo-stable-staging.com,*.lulus.com,*.mansion-market.com,*.marfeel.com,*.massrel.io,*.meetu.ps,*.meetup.com,*.meetupstatic.com,*.newrelic.com,*.opscode.com,*.perimeterx.net,*.production.cdn.art19.com,*.staging.art19.com,*.staging.cdn.art19.com,*.swiftype.com,*.tissuu.com,*.video.franklyinc.com,*.wikihow.com,*.worldnow.com,500px.com,500px.net,500px.org,a1.awin1.com,acceptance.habitat.sh,api.swiftype.com,app.birchbox.com,app.staging.birchbox.com,app.staging.birchbox.es,art19.com,brave.com,cdn-f.adsmoloco.com,cdn.evbuc.com,cdn.polyfills.io,chef.co,chef.io,content.gamefuel.info,evbuc.com,experiencepoint.com,fast.appcues.com,fast.wistia.com,fast.wistia.net,fast.wistia.st,fubo.tv,getchef.com,githash.fubo.tv,habitat.sh,hbbtv.6play.fr,houstontexans.com,insight.atpi.com,inspec.io,jimdo-dev-staging.com,jimdo-stable-staging.com,link.sg.booking.com,mansion-market.com,media.bunited.com,meetu.ps,meetup.com,meetupstatic.com,onairhls.malimarcdn.net,opscode.com,perimeterx.net,polyfill.webservices.ft.com,qa.polyfills.io,raiders.com,s.sg.booking.com,s.swiftypecdn.com,static.birchbox.com,swiftype.com,viverepiusani.it,wikihow.com,wistia.com,www.dwin2.com,www.houstontexans.com,www.raiders.com,www.wada-ama.org","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f4.shared.global.fastly.net","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"BE:28:82:77:5B:06:41:1F:70:84:BD:A4:B9:FB:F0:BC:B1:B5:E3:A0"}}} -00961{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289712203025,"flow_src_last_pkt_time":1605289712203025,"flow_dst_last_pkt_time":1605289712420176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00962{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289712203025,"flow_src_last_pkt_time":1605289712203025,"flow_dst_last_pkt_time":1605289712420176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00816{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289712203025,"flow_src_last_pkt_time":1605289712203025,"flow_dst_last_pkt_time":1605289712420176,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:807::200a","src_port":40876,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289715028550,"flow_dst_last_pkt_time":1605289715083530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1817,"flow_dst_tot_l4_payload_len":6047,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01023{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":52,"flow_dst_packets_processed":74,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289731068178,"flow_dst_last_pkt_time":1605289731068352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2450,"flow_src_tot_l4_payload_len":1960,"flow_dst_tot_l4_payload_len":47763,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":35,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733369116,"flow_dst_last_pkt_time":1605289733399291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1420,"flow_dst_tot_l4_payload_len":23429,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} +01004{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":21,"flow_first_seen":1605289714558209,"flow_src_last_pkt_time":1605289715028550,"flow_dst_last_pkt_time":1605289715083530,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1817,"flow_dst_tot_l4_payload_len":6047,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":47032,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":52,"flow_dst_packets_processed":74,"flow_first_seen":1605289717548570,"flow_src_last_pkt_time":1605289731068178,"flow_dst_last_pkt_time":1605289731068352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2450,"flow_src_tot_l4_payload_len":1960,"flow_dst_tot_l4_payload_len":47763,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200d","src_port":40894,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01036{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":35,"flow_first_seen":1605289732972740,"flow_src_last_pkt_time":1605289733369116,"flow_dst_last_pkt_time":1605289733399291,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1420,"flow_dst_tot_l4_payload_len":23429,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01043{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":26,"flow_first_seen":1605289733399863,"flow_src_last_pkt_time":1605289733513603,"flow_dst_last_pkt_time":1605289733529878,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1017,"flow_dst_tot_l4_payload_len":17914,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7a6e","src_port":40114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement"}} -00962{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289726574867,"flow_src_last_pkt_time":1605289726574867,"flow_dst_last_pkt_time":1605289726621964,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289726574867,"flow_src_last_pkt_time":1605289726574867,"flow_dst_last_pkt_time":1605289726621964,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289726574867,"flow_src_last_pkt_time":1605289726574867,"flow_dst_last_pkt_time":1605289726621964,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51446,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347032,"flow_src_last_pkt_time":1605289718347032,"flow_dst_last_pkt_time":1605289718378828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347032,"flow_src_last_pkt_time":1605289718347032,"flow_dst_last_pkt_time":1605289718378828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347032,"flow_src_last_pkt_time":1605289718347032,"flow_dst_last_pkt_time":1605289718378828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51472,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1605289715133578,"flow_src_last_pkt_time":1605289715291964,"flow_dst_last_pkt_time":1605289715335666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":987,"flow_dst_tot_l4_payload_len":3695,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2003","src_port":51582,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00954{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289720502835,"flow_src_last_pkt_time":1605289720502835,"flow_dst_last_pkt_time":1605289720592524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289720502835,"flow_src_last_pkt_time":1605289720502835,"flow_dst_last_pkt_time":1605289720592524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38402,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00954{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722610839,"flow_src_last_pkt_time":1605289722610839,"flow_dst_last_pkt_time":1605289722642415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722610839,"flow_src_last_pkt_time":1605289722610839,"flow_dst_last_pkt_time":1605289722642415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38406,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":33,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716200922,"flow_dst_last_pkt_time":1605289716373420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":31865,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00962{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289726582828,"flow_src_last_pkt_time":1605289726582828,"flow_dst_last_pkt_time":1605289726637788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":33,"flow_first_seen":1605289716168715,"flow_src_last_pkt_time":1605289716200922,"flow_dst_last_pkt_time":1605289716373420,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":158,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":31865,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":43562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289726582828,"flow_src_last_pkt_time":1605289726582828,"flow_dst_last_pkt_time":1605289726637788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289726582828,"flow_src_last_pkt_time":1605289726582828,"flow_dst_last_pkt_time":1605289726637788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47682,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01035{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":43,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715612656,"flow_dst_last_pkt_time":1605289715612650,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":12420,"flow_src_tot_l4_payload_len":1347,"flow_dst_tot_l4_payload_len":65670,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":43,"flow_first_seen":1605289715274358,"flow_src_last_pkt_time":1605289715612656,"flow_dst_last_pkt_time":1605289715612650,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":12420,"flow_src_tot_l4_payload_len":1347,"flow_dst_tot_l4_payload_len":65670,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f030:13:face:b00c::3","src_port":51292,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00955{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718346936,"flow_src_last_pkt_time":1605289718346936,"flow_dst_last_pkt_time":1605289718372054,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718346936,"flow_src_last_pkt_time":1605289718346936,"flow_dst_last_pkt_time":1605289718372054,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":56940,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":21,"flow_first_seen":1605289714142423,"flow_src_last_pkt_time":1605289714260622,"flow_dst_last_pkt_time":1605289714262914,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":954,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":2837,"flow_dst_tot_l4_payload_len":16750,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38512,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} @@ -272,32 +272,32 @@ 00817{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1605289714142728,"flow_src_last_pkt_time":1605289714258540,"flow_dst_last_pkt_time":1605289714258483,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00817{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1605289714142790,"flow_src_last_pkt_time":1605289714259884,"flow_dst_last_pkt_time":1605289714259808,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5322,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38522,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":29,"flow_first_seen":1605289732959160,"flow_src_last_pkt_time":1605289733342911,"flow_dst_last_pkt_time":1605289733342856,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1151,"flow_dst_tot_l4_payload_len":25827,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::84","src_port":38546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":30,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289733369025,"flow_dst_last_pkt_time":1605289733391818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":4693,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":30,"flow_first_seen":1605289715966342,"flow_src_last_pkt_time":1605289733369025,"flow_dst_last_pkt_time":1605289733391818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1665,"flow_dst_tot_l4_payload_len":4693,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::200a","src_port":47790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":17,"flow_first_seen":1605289714782619,"flow_src_last_pkt_time":1605289714903101,"flow_dst_last_pkt_time":1605289714903940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1077,"flow_dst_tot_l4_payload_len":13949,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a04:4e42:1d::720","src_port":57050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media"}} 00956{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714251006,"flow_src_last_pkt_time":1605289714251006,"flow_dst_last_pkt_time":1605289714288932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714251006,"flow_src_last_pkt_time":1605289714251006,"flow_dst_last_pkt_time":1605289714288932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:13e2","src_port":34626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347050,"flow_src_last_pkt_time":1605289718347050,"flow_dst_last_pkt_time":1605289718378828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347050,"flow_src_last_pkt_time":1605289718347050,"flow_dst_last_pkt_time":1605289718378828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347050,"flow_src_last_pkt_time":1605289718347050,"flow_dst_last_pkt_time":1605289718378828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54308,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":5,"flow_first_seen":1605289715221747,"flow_src_last_pkt_time":1605289715325511,"flow_dst_last_pkt_time":1605289715321808,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":934,"flow_dst_tot_l4_payload_len":2656,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54416,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00956{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714250965,"flow_src_last_pkt_time":1605289714250965,"flow_dst_last_pkt_time":1605289714281312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714250965,"flow_src_last_pkt_time":1605289714250965,"flow_dst_last_pkt_time":1605289714281312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33156,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00955{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289710318889,"flow_src_last_pkt_time":1605289710318889,"flow_dst_last_pkt_time":1605289710576735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289710318889,"flow_src_last_pkt_time":1605289710318889,"flow_dst_last_pkt_time":1605289710576735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714250997,"flow_src_last_pkt_time":1605289714250997,"flow_dst_last_pkt_time":1605289714288930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714250997,"flow_src_last_pkt_time":1605289714250997,"flow_dst_last_pkt_time":1605289714288930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289714250997,"flow_src_last_pkt_time":1605289714250997,"flow_dst_last_pkt_time":1605289714288930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":58726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1605289715782853,"flow_src_last_pkt_time":1605289716038376,"flow_dst_last_pkt_time":1605289716066900,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1380,"flow_src_tot_l4_payload_len":1043,"flow_dst_tot_l4_payload_len":2288,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a03:2880:f11f:83:face:b00c::25de","src_port":60340,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":20,"flow_first_seen":1605289713743557,"flow_src_last_pkt_time":1605289713845515,"flow_dst_last_pkt_time":1605289714059635,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":11154,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1605289714658043,"flow_src_last_pkt_time":1605289714873042,"flow_dst_last_pkt_time":1605289714873010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1043,"flow_dst_tot_l4_payload_len":6264,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33280,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Pinterest","proto_id":"91.183","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00962{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289728586992,"flow_src_last_pkt_time":1605289728586992,"flow_dst_last_pkt_time":1605289728804556,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289728586992,"flow_src_last_pkt_time":1605289728586992,"flow_dst_last_pkt_time":1605289728804556,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289728586992,"flow_src_last_pkt_time":1605289728586992,"flow_dst_last_pkt_time":1605289728804556,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":64,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289716450552,"flow_dst_last_pkt_time":1605289716476438,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":7739,"flow_dst_tot_l4_payload_len":31241,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00962{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289728586958,"flow_src_last_pkt_time":1605289728586958,"flow_dst_last_pkt_time":1605289728804207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":64,"flow_first_seen":1605289714590794,"flow_src_last_pkt_time":1605289716450552,"flow_dst_last_pkt_time":1605289716476438,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":7739,"flow_dst_tot_l4_payload_len":31241,"midstream":0,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2004","src_port":40694,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289728586958,"flow_src_last_pkt_time":1605289728586958,"flow_dst_last_pkt_time":1605289728804207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289728586958,"flow_src_last_pkt_time":1605289728586958,"flow_dst_last_pkt_time":1605289728804207,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":48890,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00962{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347065,"flow_src_last_pkt_time":1605289718347065,"flow_dst_last_pkt_time":1605289718378827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00963{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347065,"flow_src_last_pkt_time":1605289718347065,"flow_dst_last_pkt_time":1605289718378827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289718347065,"flow_src_last_pkt_time":1605289718347065,"flow_dst_last_pkt_time":1605289718378827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00955{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722442860,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722621701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00961{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722442860,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722621701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00810{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605289722442860,"flow_src_last_pkt_time":1605289722442860,"flow_dst_last_pkt_time":1605289722621701,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605289733529878,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":911,"packets-processed":911,"total-skipped-flows":0,"total-l4-payload-len":367869,"total-not-detected-flows":0,"total-guessed-flows":16,"total-detected-flows":21,"total-detection-updates":36,"total-updates":0,"current-active-flows":0,"total-active-flows":37,"total-idle-flows":37,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":300,"global_ts_usec":1605289733529878} +00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/pinterest.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":911,"packets-processed":911,"total-skipped-flows":0,"total-l4-payload-len":367869,"total-not-detected-flows":0,"total-guessed-flows":16,"total-detected-flows":21,"total-detection-updates":36,"total-updates":0,"current-active-flows":0,"total-active-flows":37,"total-idle-flows":37,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":300,"global_ts_usec":1605289733529878} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 911/911 ~~ skipped flows.............: 0 @@ -306,9 +306,9 @@ ~~ total active/idle flows...: 37/37 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8943369 bytes -~~ total memory freed........: 8943369 bytes -~~ total allocations/frees...: 148921/148921 +~~ total memory allocated....: 12651412 bytes +~~ total memory freed........: 12651412 bytes +~~ total allocations/frees...: 219175/219175 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 570 chars ~~ json string max len.......: 3531 chars diff --git a/test/results/default/pluralsight.pcap.out b/test/results/default/pluralsight.pcap.out index cfbee6c03..46d7b46f6 100644 --- a/test/results/default/pluralsight.pcap.out +++ b/test/results/default/pluralsight.pcap.out @@ -1,5 +1,5 @@ -00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648373355763733} +00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648373355763733} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355763733,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355763733,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8t1dAAEAGzuTAqAGANkW8EqaSAbs5mmmUAAAAAKAC+vDIPgAAAgQFtAQCCAqK+PnbAAAAAAEDAwc="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355952180,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOAG5js2RbwSwKgBgAG7ppJ9QO7SOZpplaASaN998gAAAgQFtAQCCApSMR4Hivj52wEDAwg="} @@ -56,7 +56,7 @@ 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357890274,"flow_dst_last_pkt_time":1648373357906518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357907751,"flow_dst_last_pkt_time":1648373357922416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373356146750,"flow_dst_last_pkt_time":1648373356334094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":5848,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1648373359681609} +00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1648373359681609} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 ~~ skipped flows.............: 0 @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7837115 bytes -~~ total memory freed........: 7837115 bytes -~~ total allocations/frees...: 146526/146526 +~~ total memory allocated....: 11545654 bytes +~~ total memory freed........: 11545654 bytes +~~ total allocations/frees...: 216780/216780 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 553 chars ~~ json string max len.......: 2523 chars diff --git a/test/results/default/pop3.pcap.out b/test/results/default/pop3.pcap.out index 1cc6e3d0e..3cde4a72b 100644 --- a/test/results/default/pop3.pcap.out +++ b/test/results/default/pop3.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1349776771892023} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1349776771892023} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1349776771892023,"flow_src_last_pkt_time":1349776771892023,"flow_dst_last_pkt_time":1349776771892023,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1349776771892023,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1349776771892023,"flow_dst_last_pkt_time":1349776771892023,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1349776771892023,"pkt":"ABffs8QAAMCfw1sHCABFEAA8\/wtAAEAGdh2P4eW1StAFHInXAG5gksK3AAAAAKACFtDFsQAAAgQFtAQCCAoAYD28AAAAAAEDAwY="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1349776771892023,"flow_dst_last_pkt_time":1349776772030343,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1349776772030343,"pkt":"AMCfw1sHABffs8QACABFAAA8AABAADUGgDlK0AUcj+HltQBuidcdXnV7YJLCuKASFqDzqQAAAgQFtAQCCApTpKX2AGA9vAEDAwk="} @@ -7,7 +7,7 @@ 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1349776772030396,"flow_dst_last_pkt_time":1349776772168746,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1349776772168746,"pkt":"AMCfw1sHABffs8QACABFAABX02RAADUGrLlK0AUcj+HltQBuidcdXnV8YJLCuIAYAAzvdAAAAQEIClOkphgAYD5GK09LIFBPUCBzZXJ2ZXIgcmVhZHkgSCBtaWdteHVzMDA1DQo="} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1349776772168788,"flow_dst_last_pkt_time":1349776772168746,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1349776772168788,"pkt":"ABffs8QAAMCfw1sHCABFEAA0\/w1AAEAGdiOP4eW1StAFHInXAG5gksK4HV51n4AQAFzFqQAAAQEICgBgPtFTpKYY"} 01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1349776771892023,"flow_src_last_pkt_time":1349776780730528,"flow_dst_last_pkt_time":1349776777636137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":60,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1349776780730528,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email","pop": {"user":"cicciopernacchio@mail.com","password":"pippozzo","auth_failed":0}}} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":32,"packets-processed":31,"total-skipped-flows":0,"total-l4-payload-len":1853,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1377201663814560} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":32,"packets-processed":31,"total-skipped-flows":0,"total-l4-payload-len":1853,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1377201663814560} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377201663814560,"flow_src_last_pkt_time":1377201663814560,"flow_dst_last_pkt_time":1377201663814560,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377201663814560,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26272,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1377201663814560,"flow_dst_last_pkt_time":1377201663814560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201663814560,"pkt":"TBfrZBZJyPczS4I3CABFAAA0TaRAAIAGB+rAqAAE1OMPpmagAG635okIAAAAAIACIAAB4wAAAgQFtAEDAwIBAQQC"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1377201663814560,"flow_dst_last_pkt_time":1377201663880379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1377201663880379,"pkt":"yPczS4I3TBfrZBZJCABFAAA0AABAADkGnI7U4w+mwKgABABuZqD\/+KO8t+aJCYASFtBnRQAAAgQFtAEBBAIBAwMJ"} @@ -50,7 +50,7 @@ 00776{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1377201698254021,"flow_src_last_pkt_time":1377201698460579,"flow_dst_last_pkt_time":1377201698507279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":175,"midstream":0,"thread_ts_usec":1377201785011707,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26304,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01076{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1377201700505011,"flow_src_last_pkt_time":1377201701042241,"flow_dst_last_pkt_time":1377201701091336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":91,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":297,"midstream":0,"thread_ts_usec":1377201785011707,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26308,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}} 01082{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":30,"flow_first_seen":1377201783749577,"flow_src_last_pkt_time":1377201784963062,"flow_dst_last_pkt_time":1377201785011707,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":19651,"midstream":0,"thread_ts_usec":1377201785011707,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"212.227.15.166","src_port":26383,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POP3","proto_id":"2","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":3,"category":"Email"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":144,"packets-processed":144,"total-skipped-flows":0,"total-l4-payload-len":22700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1377201785011707} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/pop3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":144,"packets-processed":144,"total-skipped-flows":0,"total-l4-payload-len":22700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1377201785011707} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 144/144 ~~ skipped flows.............: 0 @@ -59,9 +59,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7794028 bytes -~~ total memory freed........: 7794028 bytes -~~ total allocations/frees...: 146578/146578 +~~ total memory allocated....: 11502567 bytes +~~ total memory freed........: 11502567 bytes +~~ total allocations/frees...: 216832/216832 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 527 chars ~~ json string max len.......: 2298 chars diff --git a/test/results/default/pop3_stls.pcap.out b/test/results/default/pop3_stls.pcap.out index b46272dea..3ef6fa707 100644 --- a/test/results/default/pop3_stls.pcap.out +++ b/test/results/default/pop3_stls.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1346096808946579} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1346096808946579} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096808946579,"flow_dst_last_pkt_time":1346096808946579,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1346096808946579,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1346096808946579,"flow_dst_last_pkt_time":1346096808946579,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1346096808946579,"pkt":"ABqMFgo4nI6ZO0MBCABFAAA0SZ1AAIAGaj\/AqBQSSPkpNMWXAG5IB2JyAAAAAIACIACXrwAAAgQFtAEDAwIBAQQC"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1346096808946579,"flow_dst_last_pkt_time":1346096809014772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1346096809014772,"pkt":"nI6ZO0MBABqMFgo4CABFAAA0AABAADEGAt1I+Sk0wKgUEgBuxZf63xAkSAdic4ASFtCVygAAAgQFtAEBBAIBAwMC"} @@ -13,7 +13,7 @@ 02017{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096812985585,"flow_dst_last_pkt_time":1346096813059760,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":648,"flow_dst_tot_l4_payload_len":5522,"midstream":0,"thread_ts_usec":1346096813059760,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":215,"avg":262973.8,"max":2072094,"stddev":524859.6,"var":275477528576.0,"ent":3.3,"data": [68193,68972,68661,120626,119751,1003135,1075317,72544,524,70840,70284,69545,70981,215,69915,69104,262,69187,6957,114416,36010,229437,154000,2002867,2072094,69067,658,117241,116699,68875,75810]},"pktlen": {"min":40,"avg":234.5,"max":1500,"stddev":417.0,"var":173868.9,"ent":3.7,"data": [52,52,40,51,46,46,68,46,46,189,46,77,208,1500,1500,40,1500,400,40,354,46,278,71,46,93,71,46,208,84,89,82,89]},"bins": {"c_to_s": [9,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,4,0,0,1,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1],"entropies": [4.492581844,4.801308632,4.734183788,5.157432556,4.996070385,4.501398087,5.447610855,4.952592373,4.501398087,5.483742237,5.012480259,5.432518482,5.539906025,7.142385483,7.103268623,4.734183788,6.899816990,7.242932796,4.784183979,7.363773823,4.501398087,6.985215187,5.760285378,4.501398087,5.843768597,5.665146351,4.501398087,6.988708973,5.939931870,5.954314232,5.674627304,5.896972179]}} 01171{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096812985585,"flow_dst_last_pkt_time":1346096813059760,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":648,"flow_dst_tot_l4_payload_len":5522,"midstream":0,"thread_ts_usec":1346096813059760,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01201{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":30,"flow_first_seen":1346096808946579,"flow_src_last_pkt_time":1346096814309972,"flow_dst_last_pkt_time":1346096814377321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":314,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":805,"flow_dst_tot_l4_payload_len":7462,"midstream":0,"thread_ts_usec":1346096814377321,"l3_proto":"ip4","src_ip":"192.168.20.18","dst_ip":"72.249.41.52","src_port":50583,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":53,"packets-processed":53,"total-skipped-flows":0,"total-l4-payload-len":8267,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1346096814377321} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/pop3_stls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":53,"packets-processed":53,"total-skipped-flows":0,"total-l4-payload-len":8267,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1346096814377321} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 53/53 ~~ skipped flows.............: 0 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7786555 bytes -~~ total memory freed........: 7786555 bytes -~~ total allocations/frees...: 146435/146435 +~~ total memory allocated....: 11495174 bytes +~~ total memory freed........: 11495174 bytes +~~ total allocations/frees...: 216689/216689 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 531 chars ~~ json string max len.......: 2022 chars diff --git a/test/results/default/pops.pcapng.out b/test/results/default/pops.pcapng.out index 633ad4d8b..7dbb29d96 100644 --- a/test/results/default/pops.pcapng.out +++ b/test/results/default/pops.pcapng.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614938117011128} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614938117011128} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938117011128,"flow_src_last_pkt_time":1614938117011128,"flow_dst_last_pkt_time":1614938117011128,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938117011128,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614938117011128,"flow_dst_last_pkt_time":1614938117011128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1614938117011128,"pkt":"AAAAAAAAAAgACwgJCABFAAA0BaxAAH8GIWTAqAABCgoKAdclA+N8RI7kAAAAAIACIACU+AAAAgQE7AEDAwIBAQQC"} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614938117011128,"flow_dst_last_pkt_time":1614938117270908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1614938117270908,"pkt":"AAAAAAAAAAgACwgJCABFAAA0AABAADMGcxAKCgoBwKgAAQPj1yVpzHIcfESO5YASchBmIQAAAgQFtAEBBAIBAwMH"} @@ -9,7 +9,7 @@ 01062{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1614938117011128,"flow_src_last_pkt_time":1614938117298382,"flow_dst_last_pkt_time":1614938117559599,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1260,"midstream":0,"thread_ts_usec":1614938117559599,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"POPS","proto_id":"23","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1614938117298382,"flow_dst_last_pkt_time":1614938117559643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1314,"pkt_l4_len":1280,"thread_ts_usec":1614938117559643,"pkt":"AAAAAAAAAAgACwgJCABFAAUUApJAADMGa54KCgoBwKgAAQPj1yVpzHcJfESPnVAQAO37bQAAAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF1Kj57XgAABAMASDBGAiEA8j5baLiEIkTcbcZDABP4GJpWXp+06QQVFV630SxUILYCIQCDK32qxQgusvwfZLztsKe1sExloQAz78NZOf78r+fvzwB2AFzcQ5L+5qtFRLFemtRW5hA3+9X6R9yhc5SyXub2xw7KAAABdSo+fKAAAAQDAEcwRQIgJT0AYFVnglOCOaGN7l1SKLjGXhuzMTCXCBmGdX42LTgCIQCfWe+ZBNqoJSwcEADrGXYZNr0\/9Heh713uW+5hOa2VGjANBgkqhkiG9w0BAQsFAAOCAQEA0Qmjspa\/kI1EQ6yfcRTHLjt5vvDewoH2UzJ4cLdAPXM27Cp\/11UUUl4HrRDZAbA+HQVP3cQkEYalNzb2lLXsdilDG+U+DmO0IzpUJcOT72BFiqdI6lVVf7rbadDzITyfZHiawnHnynoXooWk\/wt3aFZ11wac1zGjK6L31+lmwno6esiT6G52J791KjLuT5SCkGrQn3wFeTFN1+aNUXkem1ekPkX4J4CuT2rAymo4g\/OzzwLTw5ozywc4vhY1q2TyVP94XMQ2Hx3zHwcBaV3Ou5GA+S1JJi2ljvslmQ6cbEleC3BDXcKzCFtPo6YVHBLnIYNCZN\/X6IskUXfhP5tGZwAFBDCCBQAwggPooAMCAQICAQcwDQYJKoZIhvcNAQELBQAwgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0xMTA1MDMwNzAwMDBaFw0zMTA1MDMwNzAwMDBaMIHGMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEzMDEGA1UECxMqaHR0cDovL2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMTQwMgYDVQQDEytTdGFyZmllbGQgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ZBmS+z5RnGpIIO+6Wy\/SslIaYF1Tm0k9ssXE\/iwcVmEemsrhaQ0tRbly8zpQXAspC7W+jJ94ajelBCsMcHA2Gr\/WSerdtb8C3RruKeuP8RU9LQxRN2TVoykTF6bicskg5viV3232BIfyYVt9NGA8VCbh67UCxAF+ye6KG0X6Q7WTbk5VQb\/CiQFfi\/GHXJs1IspjFd92tnrZhrTT6fff1LEMMWlyQ4CxVO\/dzhoBiTDZsg3fjAeRXEjNf+Q2Cqdjeewkk08fyoKk9zNFkZl92CEi3ZLkSdzFJLg6u6PFuqNDj52F799iYCAREPnLeBDCXXaNuit24k69V0SjiMEgwIDAQABo4IBLDCCASgwDwYDVR0TAQH\/BAUwAwEB\/zAOBgNVHQ8BAf8E"} 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1614938117011128,"flow_src_last_pkt_time":1614938117298382,"flow_dst_last_pkt_time":1614938117559643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":184,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":2520,"midstream":0,"thread_ts_usec":1614938117559643,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"10.10.10.1","src_port":55077,"dst_port":995,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":2704,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1614938117559643} +00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pops.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":2704,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1614938117559643} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7773425 bytes -~~ total memory freed........: 7773425 bytes -~~ total allocations/frees...: 146380/146380 +~~ total memory allocated....: 11482044 bytes +~~ total memory freed........: 11482044 bytes +~~ total allocations/frees...: 216634/216634 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 544 chars ~~ json string max len.......: 2228 chars diff --git a/test/results/default/pps.pcap.out b/test/results/default/pps.pcap.out index b6d432539..e142fc386 100644 --- a/test/results/default/pps.pcap.out +++ b/test/results/default/pps.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1467353136432546} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1467353136432546} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353136432546,"flow_src_last_pkt_time":1467353136432546,"flow_dst_last_pkt_time":1467353136432546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1065,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1065,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1065,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353136432546,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01954{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1467353136432546,"flow_dst_last_pkt_time":1467353136432546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1107,"pkt_l4_len":1073,"thread_ts_usec":1467353136432546,"pkt":"ABxCjnAxTF4M6gNlCABFAARFnt8AAHkRY4kBrQXiwKhzCFhsWQkEMf8ywISVs7ORwenTFHKVo6On5uSI0FSEcN6hpKSkpNyhoaGhoaGhpZUqLaxIFnIc1o9j1V\/jBxJYgTJzuNolbzVZ0R0xZInD9kisn9RUmqrxmfaOfWLidBLnlikkHNGned0J8w\/52jjY0bi7jWD1Ne30q1o07ZUYUv\/QbvJH0F4eDOmx08v7Bn20GVMFMCjodWpNTNXJ2SexjrFeI6FN4QYXCHMojb7c\/PEThAYazMCmu0O\/roaBRseEPs6rkTe8cp9cAvQ\/n5mjopI2U8mnsMzLdAnslhYT0HUp9qJVwLrEv01esKN2ht\/bwWWVF5TQquAB9v7Wt6e2OQ8vuih+Atb\/n4iLmHyAs8+DFzXEuSUKcpvamkMM7UM6hef8q9KNvY9qWQR1Tk9ycKmbR0smL1JeXfm85kJMbN\/EYgsXVxKaRK2Rv1yY1dyGePuc3UEjPL+KzMtadixFRQ2hL7UpDi17vDigTJ7AYF91J2Ja6BY8r45GbA0qcKjT\/2PMj0bcxGB5DZVExfvPgmT3pnLIXAIQCOuPxcK1euFQEq3Apr\/U+RUfsQg\/rkRxZFaG23hIOWdbuHAYWf162Ln84BIDQyIvmVPxm8HZfjSFxo5lT3SAnYhEraONvTPmIXSleQ0yKdGJXnTmaDvKNiI7tvMq4Ue8NItBFyrpaz\/ey7wisHK9g6RaTXC2Chi58N03IkAUbldcXIkAS5oXnhiCl8IRbYlSyiMzSearcyriLmt1A2oCZsMGjLI+Vg\/QQvFWKc8MUtJXDD\/3\/zP8XOVOsXbwqPjP0oQ7zs+cPcwh\/zsX++z5sEE67YjR9MZx16gb1c6v0nV6LooYTawJrbu4mQmfFZzBirmdYpVDc4DqSieyA3bfOctfLgZnR3dYSCqNYYEecOcnZB43DJPn8EapO45onRSmMzS98N7TjaXmivBMLMEYQUMWDdAQR+RohVRWZ8yz03QldhdX5BlmxjsyF+QH4XhdR0TNLGfQpBdbvPuC7brPT34pQ\/bB6DZ6ODmbu+A2bFlwaKRZQmJpDJEqSpl\/j8OazBmvo4z1ZZoiN2qDNKYSKtk5sX2V4oom7Mnsk9hlp\/P7QgLEBpxQ6BCZB+MVDHR5MiRiLZDeVw70iySjxEYrchS3jdcNstavegpWpk9whZhUojqFPGvCcQT6tmKjbQIj5Hu8ksUMNE+8BTHM8uZtK\/5DEb5Sp8gJi14\/rPknXLsL1+u4QhASTCXJWfbflBR6pE5s+QTIeXdrRWYqM9thmBhP+C3ZF+iPYB\/m3bwwcBgmvlLrzojH5FQZ4K8lHE7ijUN9HVDnNUbnZc73qehkk0VqLJlMqTyl7jKytXnNXEqS0p7S2OdJ0s12tQ48KCHUsQqmAui3sLr0tFku+q\/\/8h3kbG7OZisKcU6BzQvEtOBdMqyPELwAAAAA"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1467353136432546,"flow_dst_last_pkt_time":1467353136432852,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1467353136432852,"pkt":"TF4M6gNlABxCjnAxCABFAABBfzYAAIARgDbAqHMIAa0F4lkJWGwALVw+2oCeu7uZyeHbHHqdq6urqq6n\/nt+fn5+wr+\/v7+\/v7+7W6Rb\/w=="} @@ -658,7 +658,7 @@ 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1467353189784236,"flow_src_last_pkt_time":1467353196145488,"flow_dst_last_pkt_time":1467353189784236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":431,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":511,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8571,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00990{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833715,"flow_src_last_pkt_time":1467353136834565,"flow_dst_last_pkt_time":1467353136833715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833715,"flow_src_last_pkt_time":1467353136834565,"flow_dst_last_pkt_time":1467353136833715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1261,"packets-processed":1261,"total-skipped-flows":0,"total-l4-payload-len":490303,"total-not-detected-flows":29,"total-guessed-flows":2,"total-detected-flows":76,"total-detection-updates":9,"total-updates":35,"current-active-flows":0,"total-active-flows":107,"total-idle-flows":107,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":661,"global_ts_usec":1467353203157237} +00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1261,"packets-processed":1261,"total-skipped-flows":0,"total-l4-payload-len":490303,"total-not-detected-flows":29,"total-guessed-flows":2,"total-detected-flows":76,"total-detection-updates":9,"total-updates":35,"current-active-flows":0,"total-active-flows":107,"total-idle-flows":107,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":661,"global_ts_usec":1467353203157237} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1261/1261 ~~ skipped flows.............: 0 @@ -667,9 +667,9 @@ ~~ total active/idle flows...: 107/107 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8075608 bytes -~~ total memory freed........: 8075608 bytes -~~ total allocations/frees...: 149900/149900 +~~ total memory allocated....: 11782531 bytes +~~ total memory freed........: 11782531 bytes +~~ total allocations/frees...: 220154/220154 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 527 chars ~~ json string max len.......: 2351 chars diff --git a/test/results/default/pptp.pcap.out b/test/results/default/pptp.pcap.out index 2eaaa5744..cc9c4cbcf 100644 --- a/test/results/default/pptp.pcap.out +++ b/test/results/default/pptp.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1451895531141577} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1451895531141577} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1451895531141577,"flow_src_last_pkt_time":1451895531141577,"flow_dst_last_pkt_time":1451895531141577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1451895531141577,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1451895531141577,"flow_dst_last_pkt_time":1451895531141577,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1451895531141577,"pkt":"AhoR+E9+0N+aZRdHCABFAAA8SqVAAEAGB\/LAqCsWv2U9AaGWBrt+ULaEAAAAAKACchAUeAAAAgQFtAQCCAoAB\/whAAAAAAEDAwo="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1451895531141577,"flow_dst_last_pkt_time":1451895531183155,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1451895531183155,"pkt":"0N+aZRdHAhoR+E9+CABFUAA8Q2pAAPwGUty\/ZT0BwKgrFga7oZZ1tjA4flC2haASD5Yd2AAAAgQFMgEBCAoLt6rxAAf8IQQCAAA="} @@ -8,7 +8,7 @@ 00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1451895531141577,"flow_src_last_pkt_time":1451895531183451,"flow_dst_last_pkt_time":1451895531183155,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1451895531183451,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"PPTP","proto_id":"115","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1451895531183451,"flow_dst_last_pkt_time":1451895531235075,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1451895531235075,"pkt":"0N+aZRdHAhoR+E9+CABFUAA0Q8NAAPwGUou\/ZT0BwKgrFga7oZZ1tjA5flC3IYAQEDJHpQAAAQEICgu3qyIAB\/ws"} 00965{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1451895531141577,"flow_src_last_pkt_time":1451895536574011,"flow_dst_last_pkt_time":1451895536573938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":356,"flow_dst_tot_l4_payload_len":384,"midstream":0,"thread_ts_usec":1451895536574011,"l3_proto":"ip4","src_ip":"192.168.43.22","dst_ip":"191.101.61.1","src_port":41366,"dst_port":1723,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"PPTP","proto_id":"115","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":740,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1451895536574011} +00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/pptp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":740,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1451895536574011} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769497 bytes -~~ total memory freed........: 7769497 bytes -~~ total allocations/frees...: 146396/146396 +~~ total memory allocated....: 11478116 bytes +~~ total memory freed........: 11478116 bytes +~~ total allocations/frees...: 216650/216650 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 544 chars ~~ json string max len.......: 970 chars diff --git a/test/results/default/protobuf.pcap.out b/test/results/default/protobuf.pcap.out new file mode 100644 index 000000000..e3cdbc5d0 --- /dev/null +++ b/test/results/default/protobuf.pcap.out @@ -0,0 +1,62 @@ +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1698073727888861} +00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698073727888861,"flow_src_last_pkt_time":1698073727888861,"flow_dst_last_pkt_time":1698073727888861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698073727888861,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52392,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1698073727888861,"flow_dst_last_pkt_time":1698073727888861,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698073727888861,"pkt":"AAAAAAAAAAAAAAAACABFAAA03e5AAJAGDtN\/AAABfwAAAcyoMDkdqwhsAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"} +00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1698073727888861,"flow_dst_last_pkt_time":1698073727888873,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698073727888873,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAJAG7MF\/AAABfwAAATA5zKjehuu5HasIbYAS\/9f+KAAAAgT\/1wEBBAIBAwMH"} +00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1698073727888883,"flow_dst_last_pkt_time":1698073727888873,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698073727888883,"pkt":"AAAAAAAAAAAAAAAACABFAAAo3e9AAJAGDt5\/AAABfwAAAcyoMDkdqwht3obrulAQAgD+HAAA"} +00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1698073727888912,"flow_dst_last_pkt_time":1698073727888873,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1698073727888912,"pkt":"AAAAAAAAAAAAAAAACABFAABs3fBAAJAGDpl\/AAABfwAAAcyoMDkdqwht3obrulAYAgD+YAAAEgNibGEiCQgBEgV0ZXN0MSIJCAISBXRlc3QyIgkIAxIFdGVzdDMt8yOnRDHnHafoiOSUQDikA0IIQUFBQUJCQkJYAwo="} +00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1698073727888861,"flow_src_last_pkt_time":1698073727888912,"flow_dst_last_pkt_time":1698073727888873,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698073727888912,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52392,"dst_port":12345,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} +00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1698073727888912,"flow_dst_last_pkt_time":1698073727888919,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698073727888919,"pkt":"AAAAAAAAAAAAAAAACABFAAAo6hdAAJAGArZ\/AAABfwAAATA5zKjehuu6HasIsVAQAgD+HAAA"} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":284,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1698080984189366} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698080984189366,"flow_src_last_pkt_time":1698080984189366,"flow_dst_last_pkt_time":1698080984189366,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698080984189366,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51680,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1698080984189366,"flow_dst_last_pkt_time":1698080984189366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698080984189366,"pkt":"AAAAAAAAAAAAAAAACABFAAA0LOBAAIIGzeF\/AAABfwAAAcngMDmHrWfCAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"} +00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1698080984189366,"flow_dst_last_pkt_time":1698080984189379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698080984189379,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAIIG+sF\/AAABfwAAATA5yeDA+8keh61nw4AS\/9f+KAAAAgT\/1wEBBAIBAwMH"} +00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1698080984189391,"flow_dst_last_pkt_time":1698080984189379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698080984189391,"pkt":"AAAAAAAAAAAAAAAACABFAAAoLOFAAIIGzex\/AAABfwAAAcngMDmHrWfDwPvJH1AQAgD+HAAA"} +00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1698080984189428,"flow_dst_last_pkt_time":1698080984189379,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1698080984189428,"pkt":"AAAAAAAAAAAAAAAACABFAAA6LOJAAIIGzdl\/AAABfwAAAcngMDmHrWfDwPvJH1AYAgD+LgAAOP\/\/\/\/8HUP\/\/\/\/\/\/\/\/\/\/\/wEK"} +00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1698080984189428,"flow_dst_last_pkt_time":1698080984189436,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698080984189436,"pkt":"AAAAAAAAAAAAAAAACABFAAAo6alAAIIGESR\/AAABfwAAATA5yeDA+8kfh61n1VAQAgD+HAAA"} +00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1698073727888861,"flow_src_last_pkt_time":1698073797890442,"flow_dst_last_pkt_time":1698073797890423,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698080984189436,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":52392,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} +00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1698080984189366,"flow_src_last_pkt_time":1698081014189987,"flow_dst_last_pkt_time":1698081004189871,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698081014189987,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51680,"dst_port":12345,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":37,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":374,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1698081882092605} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698081882092605,"flow_src_last_pkt_time":1698081882092605,"flow_dst_last_pkt_time":1698081882092605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698081882092605,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":39786,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1698081882092605,"flow_dst_last_pkt_time":1698081882092605,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698081882092605,"pkt":"AAAAAAAAAAAAAAAACABFAAA0\/YtAAMEGvjV\/AAABfwAAAZtqMDmCwWFGAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"} +00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1698081882092605,"flow_dst_last_pkt_time":1698081882092621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698081882092621,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAMEGu8F\/AAABfwAAATA5m2rz+Zn5gsFhR4AS\/9f+KAAAAgT\/1wEBBAIBAwMH"} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1698081882092636,"flow_dst_last_pkt_time":1698081882092621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698081882092636,"pkt":"AAAAAAAAAAAAAAAACABFAAAo\/YxAAMEGvkB\/AAABfwAAAZtqMDmCwWFH8\/mZ+lAQAgD+HAAA"} +01307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1698081882092686,"flow_dst_last_pkt_time":1698081882092621,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1698081882092686,"pkt":"AAAAAAAAAAAAAAAACABFAAJO\/Y1AAMEGvBl\/AAABfwAAAZtqMDmCwWFH8\/mZ+lAYAgAAQwAAEr0DTG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2NpbmcgZWxpdCwgc2VkIGRvIGVpdXNtb2QgdGVtcG9yIGluY2lkaWR1bnQgdXQgbGFib3JlIGV0IGRvbG9yZSBtYWduYSBhbGlxdWEuIFV0IGVuaW0gYWQgbWluaW0gdmVuaWFtLCBxdWlzIG5vc3RydWQgZXhlcmNpdGF0aW9uIHVsbGFtY28gbGFib3JpcyBuaXNpIHV0IGFsaXF1aXAgZXggZWEgY29tbW9kbyBjb25zZXF1YXQuIER1aXMgYXV0ZSBpcnVyZSBkb2xvciBpbiByZXByZWhlbmRlcml0IGluIHZvbHVwdGF0ZSB2ZWxpdCBlc3NlIGNpbGx1bSBkb2xvcmUgZXUgZnVnaWF0IG51bGxhIHBhcmlhdHVyLiBFeGNlcHRldXIgc2ludCBvY2NhZWNhdCBjdXBpZGF0YXQgbm9uIHByb2lkZW50LCBzdW50IGluIGN1bHBhIHF1aSBvZmZpY2lhIGRlc2VydW50IG1vbGxpdCBhbmltIGlkIGVzdCBsYWJvcnVtLhoFdmFsdWUiEgj\/\/\/\/\/\/\/\/\/\/\/8BEgV0ZXN0MSISCP\/\/\/\/\/\/\/\/\/\/\/wESBXRlc3QyIhII\/\/\/\/\/\/\/\/\/\/\/\/ARIFdGVzdDM4\/\/\/\/\/wdCGEFBQUFCQkJCQUFBQUJCQkJBQUFBQkJCQlgCCg=="} +00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1698081882092605,"flow_src_last_pkt_time":1698081882092686,"flow_dst_last_pkt_time":1698081882092621,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":550,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":550,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698081882092686,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":39786,"dst_port":12345,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} +00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1698081882092686,"flow_dst_last_pkt_time":1698081882092697,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698081882092697,"pkt":"AAAAAAAAAAAAAAAACABFAAAo\/YRAAMEGvkh\/AAABfwAAATA5m2rz+Zn6gsFjbVAQAfz+HAAA"} +00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":7,"flow_first_seen":1698080984189366,"flow_src_last_pkt_time":1698081034190396,"flow_dst_last_pkt_time":1698081034190368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":90,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698081882092697,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51680,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":45,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":924,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1698083246943488} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698083246943488,"flow_src_last_pkt_time":1698083246943488,"flow_dst_last_pkt_time":1698083246943488,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698083246943488,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":42358,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1698083246943488,"flow_dst_last_pkt_time":1698083246943488,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698083246943488,"pkt":"AAAAAAAAAAAAAAAACABFAAA04rBAAJwG\/hB\/AAABfwAAAaV2MDmpa4jnAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"} +00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1698083246943488,"flow_dst_last_pkt_time":1698083246943511,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698083246943511,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAJwG4MF\/AAABfwAAATA5pXZXI6mhqWuI6IAS\/9f+KAAAAgT\/1wEBBAIBAwMH"} +00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1698083246943533,"flow_dst_last_pkt_time":1698083246943511,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698083246943533,"pkt":"AAAAAAAAAAAAAAAACABFAAAo4rFAAJwG\/ht\/AAABfwAAAaV2MDmpa4joVyOpolAQAgD+HAAA"} +00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1698083246943596,"flow_dst_last_pkt_time":1698083246943511,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":87,"thread_ts_usec":1698083246943596,"pkt":"AAAAAAAAAAAAAAAACABFAABr4rJAAJwG\/dd\/AAABfwAAAaV2MDmpa4joVyOpolAYAgD+XwAAEgNibGEiCQgBEgV0ZXN0MSIJCAISBXRlc3QyIgkIAxIFdGVzdDMt8yOnRDHnHafoiOSUQDikA0IIQUFBQUJCQkJYAw=="} +00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1698083246943488,"flow_src_last_pkt_time":1698083246943596,"flow_dst_last_pkt_time":1698083246943511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698083246943596,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":42358,"dst_port":12345,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} +00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1698083246943596,"flow_dst_last_pkt_time":1698083246943613,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698083246943613,"pkt":"AAAAAAAAAAAAAAAACABFAAAoxGZAAJwGHGd\/AAABfwAAATA5pXZXI6miqWuJK1AQAgD+HAAA"} +00960{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1698081882092605,"flow_src_last_pkt_time":1698081892093087,"flow_dst_last_pkt_time":1698081892093022,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":550,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":550,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698083246943712,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":39786,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1698349716647378} +00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1698349716647378,"flow_src_last_pkt_time":1698349716647378,"flow_dst_last_pkt_time":1698349716647378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698349716647378,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59030,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1698349716647378,"flow_dst_last_pkt_time":1698349716647378,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698349716647378,"pkt":"AAAAAAAAAAAAAAAACABFAAA0QzZAAKkGkIt\/AAABfwAAAeaWMDkAqb1mAAAAAIAC\/9f+KAAAAgT\/1wEBBAIBAwMH"} +00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1698349716647378,"flow_dst_last_pkt_time":1698349716647390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1698349716647390,"pkt":"AAAAAAAAAAAAAAAACABFAAA0AABAAKkG08F\/AAABfwAAATA55pYXbk5qAKm9Z4AS\/9f+KAAAAgT\/1wEBBAIBAwMH"} +00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1698349716647402,"flow_dst_last_pkt_time":1698349716647390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698349716647402,"pkt":"AAAAAAAAAAAAAAAACABFAAAoQzdAAKkGkJZ\/AAABfwAAAeaWMDkAqb1nF25Oa1AQAgD+HAAA"} +00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1698349716647435,"flow_dst_last_pkt_time":1698349716647390,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_usec":1698349716647435,"pkt":"AAAAAAAAAAAAAAAACABFAACHQzhAAKkGkDZ\/AAABfwAAAeaWMDkAqb1nF25Oa1AYAgD+ewAAEgRkb25lyaYPeFY0EgAAAADJpg8hQ2WHeFY0EsmmD3hWNBIAAAAAyaYPIUNlh3hWNBLJpg94VjQSAAAAAMmmDyFDZYd4VjQSyaYPeFY0EgAAAADJpg8hQ2WHeFY0Ego="} +00920{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1698349716647378,"flow_src_last_pkt_time":1698349716647435,"flow_dst_last_pkt_time":1698349716647390,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":95,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":95,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698349716647435,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59030,"dst_port":12345,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} +00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1698349716647435,"flow_dst_last_pkt_time":1698349716647442,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1698349716647442,"pkt":"AAAAAAAAAAAAAAAACABFAAAoZpdAAKkGbTZ\/AAABfwAAATA55pYXbk5rAKm9xlAQAf\/+HAAA"} +00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1698083246943488,"flow_src_last_pkt_time":1698083246943712,"flow_dst_last_pkt_time":1698083246943682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698349719647622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":42358,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} +00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1698349716647378,"flow_src_last_pkt_time":1698349719647622,"flow_dst_last_pkt_time":1698349719647600,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":95,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":95,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1698349719647622,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59030,"dst_port":12345,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Protobuf","proto_id":"353","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/protobuf.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":1086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_usec":1698349719647622} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 60/60 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 1086 bytes +~~ total detected protocols..: 5 +~~ total active/idle flows...: 5/5 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 11495880 bytes +~~ total memory freed........: 11495880 bytes +~~ total allocations/frees...: 216734/216734 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 531 chars +~~ json string max len.......: 1312 chars +~~ json string avg len.......: 920 chars diff --git a/test/results/default/protonvpn.pcap.out b/test/results/default/protonvpn.pcap.out index d41ee265f..00cfe16f4 100644 --- a/test/results/default/protonvpn.pcap.out +++ b/test/results/default/protonvpn.pcap.out @@ -1,4 +1,4 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00742{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":34930679,"flow_src_last_pkt_time":34930679,"flow_dst_last_pkt_time":34930679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":34930679,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":34930679,"flow_dst_last_pkt_time":34930679,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":34930679,"pkt":"UlQAEjUCCAAns+YuCABFAAA8D8BAAEAGxbkKAAIPuZ+flJOyAbvBn1OFAAAAAKAC+vAjGgAAAgQFtAQCCAq0w2VcAAAAAAEDAwc="} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":34930679,"flow_dst_last_pkt_time":34952976,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":34952976,"pkt":"CAAns+YuUlQAEjUCCABFAAAsACQAAEAGFWa5n5+UCgACDwG7k7IAC7gBwZ9ThmAS\/\/\/QMwAAAgQFtA=="} @@ -15,14 +15,14 @@ 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":50921855,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":50921855,"pkt":"UlQAEjUCCAAns+YuCABFAAA8ggNAAEAR0DsKAAIP2RcDTOFlAbsAKDHlBAAAAFqA0k4AAAAAAAAAALO1qui1E3gr64yba6DzHY0="} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":50923026,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":50923026,"pkt":"UlQAEjUCCAAns+YuCABFAACMggRAAEARz+oKAAIP2RcDTOFlAbsAeC0gBAAAAFqA0k4BAAAAAAAAAF4\/Rs\/bZ5rJgjR49A7fwbBmyr\/63WBJDwuVnzl4A4pXfnPOZYLKRVrAFPmUTxZtFFUY\/ygw5snpyOqRAP6xav5VAHNARAiOiRt60FdTFozGozRICRBukHLcFDs4iULCdA=="} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":50926430,"flow_dst_last_pkt_time":50921032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":50926430,"pkt":"UlQAEjUCCAAns+YuCABFAACMggdAAEARz+cKAAIP2RcDTOFlAbsAeBOmBAAAAFqA0k4CAAAAAAAAAD+yacW+Jee9sR0ypoOh8MaQ9gxbsztxJ2kZqazGAeL5NW1pKQLnHbPaHw3gPyLDD2rfIVvAXcZtIMwiZTZxrxOlD0VgEqedFRP3HFFojGTkub8sZpeXm7iOxsEEbnhzOQ=="} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":41,"packets-processed":40,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1690392292895682} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":41,"packets-processed":40,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1690392292895682} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690392292895682,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"2.58.241.67","dst_ip":"8.8.8.8","src_port":37710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690392292895682,"pkt":"ILAB6wYYNObX3kTiCABFAAA8lQ9AAEAGoh8COvFDCAgICJNOAbuMC89NAAAAAKAC+vAL\/QAAAgQFtAQCCApqQ+LfAAAAAAEDAwc="} 01080{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":5,"flow_first_seen":50897445,"flow_src_last_pkt_time":50986726,"flow_dst_last_pkt_time":50986365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":176,"flow_src_tot_l4_payload_len":868,"flow_dst_tot_l4_payload_len":604,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"217.23.3.76","src_port":57701,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"ProtonVPN","proto_by_ip_id":344,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00764{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":34930679,"flow_src_last_pkt_time":35025668,"flow_dst_last_pkt_time":35025741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":756,"flow_dst_tot_l4_payload_len":5847,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"185.159.159.148","src_port":37810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01152{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690392292895682,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"2.58.241.67","dst_ip":"8.8.8.8","src_port":37710,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"45": {"risk":"Anonymous Subscriber","severity":"Medium","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00770{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690392292895682,"flow_src_last_pkt_time":1690392292895682,"flow_dst_last_pkt_time":1690392292895682,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690392292895682,"l3_proto":"ip4","src_ip":"2.58.241.67","dst_ip":"8.8.8.8","src_port":37710,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":41,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1690392292895682} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/protonvpn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":41,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1690392292895682} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 41/41 ~~ skipped flows.............: 0 @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7788881 bytes -~~ total memory freed........: 7788881 bytes -~~ total allocations/frees...: 146450/146450 +~~ total memory allocated....: 11497468 bytes +~~ total memory freed........: 11497468 bytes +~~ total allocations/frees...: 216704/216704 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 510 chars ~~ json string max len.......: 1527 chars diff --git a/test/results/default/psiphon3.pcap.out b/test/results/default/psiphon3.pcap.out index 5d3449933..0ab6a422b 100644 --- a/test/results/default/psiphon3.pcap.out +++ b/test/results/default/psiphon3.pcap.out @@ -1,18 +1,18 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1613865079123029} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1613865079123029} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079123029,"flow_dst_last_pkt_time":1613865079123029,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613865079123029,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1613865079123029,"flow_dst_last_pkt_time":1613865079123029,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1613865079123029,"pkt":"RQAAPJ+KQABABtpRwKgAZ2gSl76ebQG7Qi4DFAAAAACgAv\/\/BPgAAAIEBbQEAggKAB2cngAAAAABAwMJ"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1613865079129032,"flow_dst_last_pkt_time":1613865079123029,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":60,"pkt_l4_len":40,"thread_ts_usec":1613865079129032,"pkt":"RQAAPJ+KQABABtpRwKgAZ2gSl76ebQG7Qi4DFAAAAACgAv\/\/BPgAAAIEBbQEAggKAB2cngAAAAABAwMJ"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1613865079129032,"flow_dst_last_pkt_time":1613865079140404,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1613865079140404,"pkt":"RQAANAAAQAA8Bn3kaBKXvsCoAGcBu55t3jKOvkIuAxWAEv\/\/W\/0AAAIEBXgBAQQCAQMDCg=="} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1613865079129032,"flow_dst_last_pkt_time":1613865079140404,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":52,"pkt_l4_len":32,"thread_ts_usec":1613865079140404,"pkt":"RQAANAAAQAA8Bn3kaBKXvsCoAGcBu55t3jKOvkIuAxWAEv\/\/W\/0AAAIEBXgBAQQCAQMDCg=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1613865079143404,"flow_dst_last_pkt_time":1613865079140404,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":40,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":40,"pkt_l4_len":20,"thread_ts_usec":1613865079143404,"pkt":"RQAAKJ+LQABABtpkwKgAZ2gSl76ebQG7Qi4DFd4yjr9QEACsm+oAAA=="} -01229{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079143404,"flow_dst_last_pkt_time":1613865079140404,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613865079143404,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"2d703033628575a99d44820c43b84876","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}} -01315{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079144402,"flow_dst_last_pkt_time":1613865079168363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1613865079168363,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"2d703033628575a99d44820c43b84876","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2"}}} -01631{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079144402,"flow_dst_last_pkt_time":1613865079168363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":2422,"midstream":0,"thread_ts_usec":1613865079168363,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Psiphon","proto_id":"91.303","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"","tls": {"version":"TLSv1.2","server_names":"sni.cloudflaressl.com,psiphon3.net,*.psiphon3.net","ja3":"2d703033628575a99d44820c43b84876","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"49:30:DE:8F:B7:AF:C3:76:40:09:44:15:B4:6B:D9:8F:BE:0C:6B:0C"}}} +01339{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079143404,"flow_dst_last_pkt_time":1613865079140404,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":168,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613865079143404,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"2d703033628575a99d44820c43b84876","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}} +01425{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079144402,"flow_dst_last_pkt_time":1613865079168363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1613865079168363,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"2d703033628575a99d44820c43b84876","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2"}}} +01741{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079144402,"flow_dst_last_pkt_time":1613865079168363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":2422,"midstream":0,"thread_ts_usec":1613865079168363,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS.Psiphon","proto_id":"91.303","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"","tls": {"version":"TLSv1.2","server_names":"sni.cloudflaressl.com,psiphon3.net,*.psiphon3.net","ja3":"2d703033628575a99d44820c43b84876","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"49:30:DE:8F:B7:AF:C3:76:40:09:44:15:B4:6B:D9:8F:BE:0C:6B:0C"}}} 01956{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079254264,"flow_dst_last_pkt_time":1613865079202653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1008,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2038,"flow_dst_tot_l4_payload_len":5498,"midstream":0,"thread_ts_usec":1613865079254264,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":6801.9,"max":46102,"stddev":10684.6,"var":114161304.0,"ent":3.6,"data": [6003,17375,0,14372,0,0,998,15961,7000,4998,0,0,3002,27963,1997,2998,1002,0,7002,25852,0,1389,0,0,4047,20760,1037,46102,1001,0,0]},"pktlen": {"min":40,"avg":277.5,"max":1500,"stddev":421.9,"var":177964.3,"ent":3.8,"data": [60,60,52,52,40,208,40,208,40,40,1500,1002,1500,1002,40,40,40,40,133,133,40,40,298,109,298,109,40,40,133,417,78,1048]},"bins": {"c_to_s": [10,1,3,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,0,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0],"entropies": [4.559092522,4.559092522,4.801308632,4.801308632,4.780641556,5.412927151,4.780641556,5.412927151,4.780641079,4.780641079,6.953819275,7.189953327,6.953819275,7.189953327,4.780641556,4.780641556,4.780641556,4.780641556,5.944580555,5.944580555,4.780641079,4.780641079,7.039272308,5.966729164,7.039272308,5.966729164,4.730641365,4.730641365,6.272472382,7.310267448,5.370555401,7.811244488]}} -01635{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079254264,"flow_dst_last_pkt_time":1613865079202653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1008,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2038,"flow_dst_tot_l4_payload_len":5498,"midstream":0,"thread_ts_usec":1613865079254264,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Psiphon","proto_id":"91.303","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"","tls": {"version":"TLSv1.2","server_names":"sni.cloudflaressl.com,psiphon3.net,*.psiphon3.net","ja3":"2d703033628575a99d44820c43b84876","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"49:30:DE:8F:B7:AF:C3:76:40:09:44:15:B4:6B:D9:8F:BE:0C:6B:0C"}}} -01116{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":30,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079845431,"flow_dst_last_pkt_time":1613865079841273,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1008,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3700,"flow_dst_tot_l4_payload_len":5574,"midstream":0,"thread_ts_usec":1613865079845431,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS.Psiphon","proto_id":"91.303","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":62,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":9274,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1613865079845431} +01745{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079254264,"flow_dst_last_pkt_time":1613865079202653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1008,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2038,"flow_dst_tot_l4_payload_len":5498,"midstream":0,"thread_ts_usec":1613865079254264,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS.Psiphon","proto_id":"91.303","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"","tls": {"version":"TLSv1.2","server_names":"sni.cloudflaressl.com,psiphon3.net,*.psiphon3.net","ja3":"2d703033628575a99d44820c43b84876","ja3s":"eca9b8f0f3eae50309eaf901cb822d9b","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"49:30:DE:8F:B7:AF:C3:76:40:09:44:15:B4:6B:D9:8F:BE:0C:6B:0C"}}} +01226{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":30,"flow_first_seen":1613865079123029,"flow_src_last_pkt_time":1613865079845431,"flow_dst_last_pkt_time":1613865079841273,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1008,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3700,"flow_dst_tot_l4_payload_len":5574,"midstream":0,"thread_ts_usec":1613865079845431,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"104.18.151.190","src_port":40557,"dst_port":443,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS.Psiphon","proto_id":"91.303","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/psiphon3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":62,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":9274,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1613865079845431} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 62/62 ~~ skipped flows.............: 0 @@ -21,10 +21,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7775271 bytes -~~ total memory freed........: 7775271 bytes -~~ total allocations/frees...: 146444/146444 +~~ total memory allocated....: 11483890 bytes +~~ total memory freed........: 11483890 bytes +~~ total allocations/frees...: 216698/216698 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 514 chars ~~ json string max len.......: 1961 chars -~~ json string avg len.......: 1219 chars +~~ json string avg len.......: 1222 chars diff --git a/test/results/default/punycode-idn.pcap.out b/test/results/default/punycode-idn.pcap.out index 3ca539d5d..46b73ddd6 100644 --- a/test/results/default/punycode-idn.pcap.out +++ b/test/results/default/punycode-idn.pcap.out @@ -1,5 +1,5 @@ -00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643874953669881} +00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643874953669881} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643874953669881,"flow_src_last_pkt_time":1643874953669881,"flow_dst_last_pkt_time":1643874953669881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643874953669881,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643874953669881,"flow_dst_last_pkt_time":1643874953669881,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1643874953669881,"pkt":"BBjWBrNamAGnpQyTCABFAAA3T1gAAEARpYDAqAKMwKgCAbHQADUAI+SVpXsBAAABAAAAAAAAAWkEc2NkbgJjbwAAAQAB"} 01183{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643874953669881,"flow_src_last_pkt_time":1643874953669881,"flow_dst_last_pkt_time":1643874953669881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643874953669881,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Spotify","proto_id":"5.156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"i.scdn.co","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -20,7 +20,7 @@ 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1643874953669881,"flow_src_last_pkt_time":1643874953669881,"flow_dst_last_pkt_time":1643874953689789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":86,"midstream":0,"thread_ts_usec":1643874962305077,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Spotify","proto_id":"5.156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1643874953695008,"flow_src_last_pkt_time":1643874953695008,"flow_dst_last_pkt_time":1643874953696562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":39,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":39,"midstream":0,"thread_ts_usec":1643874962305077,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":60156,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01184{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1643874961730191,"flow_src_last_pkt_time":1643874962305077,"flow_dst_last_pkt_time":1643874962304897,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":83,"flow_dst_max_l4_payload_len":711,"flow_src_tot_l4_payload_len":166,"flow_dst_tot_l4_payload_len":711,"midstream":0,"thread_ts_usec":1643874962305077,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"42": {"risk":"IDN Domain Name","severity":"Low","risk_score": {"total":350,"client":295,"server":55}},"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1643874962305077} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/punycode-idn.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1643874962305077} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7771642 bytes -~~ total memory freed........: 7771642 bytes -~~ total allocations/frees...: 146416/146416 +~~ total memory allocated....: 11480229 bytes +~~ total memory freed........: 11480229 bytes +~~ total allocations/frees...: 216670/216670 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 536 chars ~~ json string max len.......: 1298 chars diff --git a/test/results/default/quic-23.pcap.out b/test/results/default/quic-23.pcap.out index d5488f10e..65e69b4a1 100644 --- a/test/results/default/quic-23.pcap.out +++ b/test/results/default/quic-23.pcap.out @@ -1,14 +1,14 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1568282515655367} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1568282515655367} 00834{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568282515655367,"flow_src_last_pkt_time":1568282515655367,"flow_dst_last_pkt_time":1568282515655367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1280,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568282515655367,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02277{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1568282515655367,"flow_dst_last_pkt_time":1568282515655367,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1342,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1342,"pkt_l4_len":1288,"thread_ts_usec":1568282515655367,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5BQgRQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwUI0EbI\/wAAFwhgax2p4Mt\/UAjcZWkdxzWqcwBE5rEFViXUV0In7d2dXZD4W8++zjZDJBAgmoI+svdNaYLoeL2jqHl80IO9pEfUmkgFWLrT4IlQo8t\/87yXQq3IRCWsbaCVh5W99qNLF16ofVb625RKhJQKN3iU3vpP3WaISyCxGoJXiHsP7sj27ny7LXNNKzH3JhZ3bhiQLS2umcd29X6XChqhAWZjn23A4EHWtq4oNdhkFu8LZI\/zfG+rUZSQr5lxakbHyPuebWPbqVuz09T5esBIjonthwzDSYvYZa0ySbIdmaeXdhlU+E4gLC4WHroq5LZx9pnr7yREt9Dp2HJiUOt1EMzTCveDJnfcPHqR1d6\/YEuvBxkwGcxK7MQsgXVVjQjLsVYM3zgE\/nenut5XK3K7bJeAGfZxUrn\/Y\/S6NaLxM1FgdUyaPkXMATL13fHOLn2TPbUyanoNHsWUaGSz60C+oUnJItBjv49AfcrV5AnxAjninyCVT7ilbuKRBYQ5SPLHeBsT\/NbnYJzK0I1Zj3I7weUUkkcrweRBiR069XTJtWYqzSUqWU5sALkglRvuf6xbvYulQ0jX8ozHEripA5ju8KQBmPJZP7WSUIMlyS8g26Pb2k443GZRz9hlPYNrTsHRc88FbzG8+ahhy1UIvmg27b6gKLWKeoPRPqT\/23G0Wo1ikM4FoXKXzvnDWe1X8Z9PVn+LOSHYR1LqJoMp2f2mWQv847crRAwAw1YWxPVKlFpXb0rR+0hsSK+RIdQgAqDBA2QX26xlMLPLaV5FnoRKfTJi7o9j6TamnIQyR\/b\/g\/IDH2Be62ORQ7K4p27Oyqju5N6C9b0vid0F4+gZ13RNe5vPbvcGGwDUSCHzH5HuKrGh25US\/X91xJ8gist97L0Lrq0S80URKpcxHqC0QxbI4sgi04MOC\/6\/5f2icaiX5IcU\/hdojFqggO95m2grFOU8yda1Z+a+0B+UTPAWzUgGxyOkCthMdR1xVGZfRvlXwGjfBMd6dc\/vwfyp1b8YonfSnSW3vRZZoOvGgqRgE1cEyUD4uXR+I9J+U7b3lAENyqEE6S4PVFwPk4xcaNCNEAFsAmLQRfMnqgm4EclQ2fu\/X4rXYn\/w4VPhxSJ7gZUA4NgNeVynLRKqHUa727Gwo4yXA2fLLCZot4qNfI9GV8gEGhiMrmnJDuuHONvYi8VFwSgiQP9jsRAqGAnvDEEaUirzATf+CkE90c9u9BJN208aRmeL0Hgd\/ZHM6TlLySnssgUghAaObIZXCdBIsYxzkTGX3jv35junPGfSl4SRLk2gvnSptlPR\/Rn6scXnHyxcxY1Tth69QcUpqe9cAH3STuQaFNZjD1dVf2R7djGBGP8XFpAEp4Da6SL0QShqq2TI46wOMWpyGEWgp5CuFAlZyh9lsxPPSVCNRF6ZIHFDEA176ay7PnXocWlpL62qyFOm8ITDpOqmFNLCDdEm1Gb4uY5DgmlqhAIdCuIUzNcLPBAucHSIQlvc6jwsUov+EyqsbCmhoguNjYqYWkTXfROVcd+bJTmI+cPOgPBBwa2oOWk+BLrQ6aBz1dQvhb5YuoZMwA09AEkY+2M7NcQxKjjOU+yU4Hx1Fn0nTrg3sFfxY6wAlusfFhQgzHz4cuAwlvBXae00jqiXWXUvQQ1Rtfra3X+TNbZCCp1e2k+Vki2RypB\/ckwHS7gD9wnM+\/\/rgzF\/7w=="} -01338{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568282515655367,"flow_src_last_pkt_time":1568282515655367,"flow_dst_last_pkt_time":1568282515655367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1280,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568282515655367,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"quic.aiortc.org","quic": {"tls": {"version":"TLSv1.3","ja3":"d9e7bdb15af8e499820ca74a68affd78","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-22","tls_supported_versions":"TLSv1.3"}}}} +01364{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568282515655367,"flow_src_last_pkt_time":1568282515655367,"flow_dst_last_pkt_time":1568282515655367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1280,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568282515655367,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"quic.aiortc.org","quic": {"quic_version":"Draft-23","tls": {"version":"TLSv1.3","ja3":"d9e7bdb15af8e499820ca74a68affd78","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-22","tls_supported_versions":"TLSv1.3"}}}} 02273{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1568282515655367,"flow_dst_last_pkt_time":1568282515692122,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1342,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1342,"pkt_l4_len":1288,"thread_ts_usec":1568282515692122,"pkt":"nLbQWTW8nJcmWLFfht1jg4MNBQgRKzvMmZH6urrhzSri\/bO+xasuSndNJv1\/m3hbLRtPimPHAbvEowUIuNfA\/wAAFwjcZWkdxzWqcwhFc8YEuuNHtABAtpp6lo422zhpwEmkM9jMJwXgbUjN1owR7TPZ1JXY0x3to1D6g0dAafVV30k+fGVC\/0C4Lnu2sLDcx8bF+ojnk3GSUQTIdHu8ZX\/oVbrFn8IuIOJ3OaMKQNh30NDOQmduQ87svdAwpsnJ5RCWJgsXaKkJYeNxtTrcf\/UMkEEGwqmH7iXERiPPP6YaygHazOGgvsi3IgRqxtSyogodVJFIEF7\/I\/hK4c4fV\/Fp6TOnZq7yPU8RHUGd6f8AABcI3GVpHcc1qnMIRXPGBLrjR7REF+M5klzW6SVGEmXEZf3SgmWO3YJGZMJzHMMmsHpZMJuleNbNpwTfLHRv+w8U8jTxrick9JoK2C0BLjMMU4lyZBfsOtqy8CVjK71G6biWjirvwKveDUbbdnabD6oNKRkjU10KrpsRv07\/rr3\/DxiYNICA4+aqMz+EOwXWo58jzMZwzCPamN69kB0IxZj8SzHACrAvpI3mhJaTesCVi09n+Vjx8LN1j9+ciB82njpNGQqupy7Qg1DSJdzbPwEAh71uJyF2iB3iJGpO+cy2cML4KVvm81IPGXCiOmV58o3v5\/zmODjNmo2sfVOW9wf6PkvwpMzRrLhfpb7g\/8GFhwl4Yw4+ghn0eekbQWZnpZKkF4+ktWY8mTGVecRfIhXVpZaHrV6+jU8BF4DL68+dkgY\/AI15OZZ52IXevPDJv5nQvF4MBVYN4PDEtox+qpac1LTHNAeqQxSa69g15gLUO1TxuS1ywL2AY+BTIWioy9hE61HxGs\/ZqgzZK9mcRJcA1dvWBNaIUiSpdORjz8n0pKG8K\/4ou3pHJN8tLdmk66Qlvhq4T7hwQDIwVgb9q3keP6FrYLSeg\/J0qh+c2s9xPzmAsIVg9ZVDDHWX3Bcun6KxexZ4flHGnhxx5gihdcmy838IeEFcy7du2wwafPbat0Jj+jGrpEh+yIEM+DtfZqs9yQEdy\/MqTQFZpt+aZuMVHvsRxgp9ckGC0lTv66FWbXDl0UazKFBVhBALr2J0iQx9RaI2aenslg1ZNK4Bc+Cb91EVBWrZM10MM25SZ+fC29ATKbXKDxWyuH+nM3ACeSqc9x6e7lODjH2H79xEPA8nXIZozszF8WDBA9K6wgnma97DIVxV4gV9QTaSzRRZf7GOTqGIfycjVC4dW+EtiHjVND4FWrZia3IFSniSe\/c6Z8zy01Y4U7isxhUZE84FRn4gZ+V\/LlAqURAOifpcMdrbloG+azDOECnPpupOebIuXwWz7aOW1fuY\/H1I+R4NtFDR8J3Xw+payk7QhXdsFx5GWInJP3dTMaCf7cVsQwH9u0KYAcwhL8Cwh+DnwFPiuH4IialTTqxwU\/T+06FOuOrMPq+bKnPZ5FwJAgHNilWYjP7NfZyL47Oq9aVGecGeTMEVn1UOO1QiFCmqyGvATws+6y3jOAqvQGQaZwrrHaE+V+KOl6f9J9WMLa6SkuWVKt++KVL5CFRWylgx+1d9Uek8ct9jA8ZlmfNzZ9cA+5HqJ1DeuTlGJqOlBCtnXfinCTal7z1JN5uB10EcGFFvKfAbK7xwlVGsEn6XXUBj0DLCMr40cur5GW3A0wuiby+nlkq7AslBw7l3uUqOibKhCVQJrTyCrMLKjl7uaVf6toOqyI\/5H1Aamf9JQmaiBUuE66iZeoeNEFEyhhGDVA=="} 01840{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1568282515655367,"flow_dst_last_pkt_time":1568282515692143,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1017,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1017,"pkt_l4_len":963,"thread_ts_usec":1568282515692143,"pkt":"nLbQWTW8nJcmWLFfht1jg4MNA8MRKzvMmZH6urrhzSri\/bO+xasuSndNJv1\/m3hbLRtPimPHAbvEowPDFkLs\/wAAFwjcZWkdxzWqcwhFc8YEuuNHtEMUyYrBFar3hn3903Wyiwal5ts19EiC\/\/0o403TuQXHzpo07QLjQNsCS6rfVQ9h\/bhZfcPHM1NTnnZdcI\/w+qZX0yTnNRovgdVWw6cVvyMMf\/AR4wKYphPcoUgcwsn7KReOxOm3nR3LYOawLtgN5YWMmql7MzZUW1CzcSjBB+M6TJiRoKw93nPerpbhVcyLUx25I3\/NADqEJnBz21jEouIL682I+IDJYwKoa48yaEr6CLTsyyGj\/lts\/4JjTKWASRBqsw7OY\/PZ+1W1OwDSwb\/PFJvlZQUl\/G5xBYfmg9n3A5KSgPg+AWI0iah3p4kBgWKDCRmgMv5aLdZqf97KuUEYmV3E77OatXFisUIwNgupj2ZBePSzcVFv6BviacQ0eIFnW\/WBQ8G99nQvGQgIVYRbS86l3ozgh4LzmRsw5Qx1M20rfV7sH8J5eDfvoJvM8Kt39vBoA2a\/YDhQooz13TukgVejyLKskuIKc854y2yoygBAiap3h\/2UZI1Hy+ylvot5B+\/VTalIWeEUdzPMUhYFiTMO6\/2d1DRzWkipTCjRPVLHWEScPJdEJ+VMNpVWsin+bWqHvT4BQnmP9jratt0VWOV2ObUqvupTouCJiGV9bM1dHvlMD7MRwtSrbsmRdsKZ3s9ntmpvH57yloY2vd7s1jXD5Tju8J3B+9DUXz6xNltvws\/LFUo2CSsbLQjNtWY3s5dPyf5CxKUWscmwismYbV97k961UCmVvPNlUhdtJ0fKJNxq75eNdsxnG3\/awZI3OuFYwxViRQiZCNMdgzOZGSKYfAy7Lp\/MhmSQ7bAc+NzZptzeI2dGY6EavQ3CQJraclZiH\/R2wGoMhKXvX1vwKDaGVZ6fDICtnupheoKdKLVVe1JbFxgSvP1CvU\/Fz5zvnUrUFgqsCm6EqZc9b0Nx46hJuQ+nXvuD7J3wzTSb4pIdJo3654drX\/so2eyJPJ93U+qbVr7vq7ywwBxcwDyk3BB58zXgOMZkN4mMUtFH32aXAokBlkhQ6f8WPzuTxuiyG3qJM8aRb4I2zN7cmOkjaJPcEMZK3GVpHcc1qnNubgcg9n\/B+tCxShTYqf9BsxGc4HfmCIwhwjiuwdU27nolghC\/g0vijyYzvRU15Q2hMyPcrtTOsXP1UDcSAxAEOHoM9K86QNjMEWUkGPI0wcCBc5w6OEh9AHnk5JwjWpUceKbwoH7jh6GuoflfGRMbCEmAFjB4Wu0Zq5vel1+DIem2Tl+i"} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1568282515693812,"flow_dst_last_pkt_time":1568282515692143,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":159,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":159,"pkt_l4_len":105,"thread_ts_usec":1568282515693812,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5AGkRQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwBp0e\/G\/wAAFwhFc8YEuuNHtAjcZWkdxzWqcwBAF6fDAMMAJhGASeFDmt2B3PV5oRmlcgvC6v8AABcIRXPGBLrjR7QI3GVpHcc1qnNAF9ROAvn0lqrzo1vnuX+cMCbpFjsj7q4P"} 01028{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1568282515696184,"flow_dst_last_pkt_time":1568282515692143,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":422,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":422,"pkt_l4_len":368,"thread_ts_usec":1568282515696184,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5AXARQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwFw4G3t\/wAAFwhFc8YEuuNHtAjcZWkdxzWqc0BPvLjwGAX6prrgTX3a3E9nV\/neLy6f6D1aL4AW7ZFFhtBTGIbvF48hHGdbgiiU81tgt+vmodZ2RG8bv++nz9H+TrtSRG\/V1bZo0rRqEJ6uLXtFc8YEuuNHtHe3YJ2mYY5Kj7VLPlyFWTxVj3D4ynrgMtP+ES8J5hYlasmgbcBjiaeIIGSM78XD0ZetULbmnYcr+261YjWGmgCHllE6ESDqENGKO9\/x6EPOzep5GXe6WsLwnro5QyXOgBT4DvhCB3s2Y5VMa71Sq8ea4xzabidQXJjSHOOoKBNwBetck2ZXZdBc22naoNcPPENdt+s1XW\/6i6FmYBAofaF5GgIdqv6jzc3ryObFofA1sVmUhrut2xxxw\/HgFM3t2fgK4\/Jlix6BDZV98FXGVnpQWoXGUnU7Jf1K1riT2lPHPc9slQktbx5sUNLfGBqV\/vYSeh7Nq1c="} 01150{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1568282515655367,"flow_src_last_pkt_time":1568282515734274,"flow_dst_last_pkt_time":1568282515762416,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1280,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":1993,"flow_dst_tot_l4_payload_len":3958,"midstream":0,"thread_ts_usec":1568282515762416,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":5951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1568282515762416} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-23.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":5951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1568282515762416} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777515 bytes -~~ total memory freed........: 7777515 bytes -~~ total allocations/frees...: 146412/146412 +~~ total memory allocated....: 11486134 bytes +~~ total memory freed........: 11486134 bytes +~~ total allocations/frees...: 216666/216666 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 568 chars ~~ json string max len.......: 2282 chars diff --git a/test/results/default/quic-24.pcap.out b/test/results/default/quic-24.pcap.out index ac4943605..96b76b64e 100644 --- a/test/results/default/quic-24.pcap.out +++ b/test/results/default/quic-24.pcap.out @@ -1,14 +1,14 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1574209133040250} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1574209133040250} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1574209133040250,"flow_src_last_pkt_time":1574209133040250,"flow_dst_last_pkt_time":1574209133040250,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1574209133040250,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02206{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1574209133040250,"flow_dst_last_pkt_time":1574209133040250,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1574209133040250,"pkt":"ClnTQ78Jzivom94WCABFAAUA04pAAEARTk4KCQABCgkAAqHcAbsE7BkSw\/8AABgSKZqySaf1jUZ9aFypIIlM688aEfXDUlabjvj32ExHj28K\/LzWAES33jM5bR+MtpU1BLUazwIKZfi2UUsjupyQtwh0cwaTGSNsc3ziOvMvl5HeN7dnqFzrpWV5xSzaGXCCKPfdH3vP8j3J6ZLIzElZQZR3emJo528x+jgZIHOdaSnx3DWXxF2zh+YTIF4T7iX6QufVjaqbZGcqLfU2h5UhvDV4FwyX3uhlDNyKeZHYtgm98LQqq4\/RRT1KTyGKWwsLmYKiT2RZhGfdnj7cabAAzsX7Lk2p9chyJNCYC2rvLfiUJPAyxycnjNSX2Lj6Aqa8nfo2RgXdwfCaQgxab+TGB6bvb9v+EsUoxuSJh+r\/RN\/6YKeOx43w+asFLV8uu4y7ez42UTvh8WhWB9gu2sFvRZZAH2gXrPZjvaMUKjvUztSfZobDePj\/3bGH7ParnvadIlRAYU9Q2+DurqTinGpGLj1JdKLQoxeMx5eGSPtbuqNyirKapdyXJ8ZKCVjdL9m2B38WlanD9I0yGpWtoLvsOi8f8x\/fhHjJnp\/JSreuYABX7IvE9OH17Ka\/DYXSP3horLga3cmeawXPCcyfSVzp0vy3ZIaVNlu8tvkbFVJwffn9HIFK6HKNWjCpRF+ahuWdOTEeIZZ7i7JR8vw5bYFyaufxilZin8M6RIaJMeMrQc4vvfUfbDjsZuuyfMbD+CtkYjt3ODwFx3+9dnCnls3bcnN\/LK\/fVogu1W6dC2V8OgzkkQDp+glgaZFK3x1y9W9tAnAfcG86bUqaAVXac16E+jbjt3xUVxE3wSFwqpaXR87jZ7puVI7a++RK4x\/CPU7cBx4HxakipMRXAW7+Zzm5Uylji8R1ndMJge591UykzR\/a1rIFwcUFafwyzFwutVakAK\/iM4YhBMTpFZmHTyv44rZt\/SzvRW3ChO61o38I1VeCK0g8ZFXOiuIW\/pELm4Rr3xBh76iDlvWF6YcC0+i92ff1n2MDPlwUBp2JPBEhF9KRkoluOW0vEGZjgOTNF0WO0oSPjp6cRmPu7QFACVxUUAGGJ52pSjmae6FO4iTNFAYtrcv+HXjZLY56ae9mCQOyLL1m06CQPGFQiHOPr2CJqh4awJXrhUafIQCu5ugPi3shAySSxxSNpoi1XFyoXHmAfehBuKAMDEBi\/K2+sO4vF3gp9aph5gyVGEs0pc0rnIKidNla3xHEAlRzhJVd750Uscx9utTZFhNIJHFYbXnWol4tLG+jZZli4l18thfxYBatUVfQbpNdD\/lD+eYzZtOp7YtW1ZKF+ROaDrWxEjfCdVtcjK18Uyjgz5TeZuG7pFJ5t3qyXb+n\/5MzCAN9XPJPpQiYdvqPfvMUwezKWPFBlXc3KAr8TrBHXbzxwj68KugT8kPF6Hf1ZknvffVMbgWpKERCnzNCkdVDHz0qsfdTxN1E8gHLdnzTTb4wYHbDra2Qy1AzeGTZ5VuCqGVCxMyMSucpv1SUY2NRHw7nEKVm2pvwZDPcCeEad3kICbdC4XAMVUx0Mf\/rJlO1G38DhZUFTtkiOIXY+C24n5VM7VxZQ+dzu2YG1ROOR1dGwLm4sR7mTJIH6rldcwpGAOA19nihJl7wI7sV3QgaIXVtqDL9j\/YH7Q44xODtLK6dfnLZ9llZp8VromtwQj2StAFDoQ=="} -01270{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1574209133040250,"flow_src_last_pkt_time":1574209133040250,"flow_dst_last_pkt_time":1574209133040250,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1574209133040250,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost","quic": {"tls": {"version":"TLSv1.3","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-24","tls_supported_versions":"TLSv1.3"}}}} +01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1574209133040250,"flow_src_last_pkt_time":1574209133040250,"flow_dst_last_pkt_time":1574209133040250,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1574209133040250,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost","quic": {"quic_version":"Draft-24","tls": {"version":"TLSv1.3","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-24","tls_supported_versions":"TLSv1.3"}}}} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1574209133040250,"flow_dst_last_pkt_time":1574209133041078,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_usec":1574209133041078,"pkt":"zivom94WClnTQ78JCABFAACjQSNAAEAR5RIKCQACCgkAAQG7odwAjxS18P8AABgR9cNSVpuO+PfYTEePbwr8vNYSuDzEUSnLqX7jSNZH88cG3IWnEimaskmn9Y1GfWhcqSCJTOvPGgt6q75e4Qn+zUFJSyFY0SIiHRpQLjIDBESVGuKc8OTad8PhKZ1BA74OASFH4nOmQVGBciF1MYu4zBXJkM1rI\/zCp6CTKJAyA9IF"} 02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1574209133041861,"flow_dst_last_pkt_time":1574209133041078,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1574209133041861,"pkt":"ClnTQ78Jzivom94WCABFAAUA04tAAEARTk0KCQABCgkAAqHcAbsE7BkSzv8AABgSuDzEUSnLqX7jSNZH88cG3IWnEfXDUlabjvj32ExHj28K\/LzWQEoLequ+XuEJ\/s1BSUshWNEiIh0aUC4yAwRElRrinPDk2nfD4SmdQQO+DgEhR+JzpkFRgXIhdTGLuMwVyZDNayP8wqegkyiQMgPSBURs4UrqJXSOmdlzOQkT83Thm0cw7nGhY1Dqr9WBER804ydL76SsuNgGBxQl7a0HOKMMpAXLx8NIbh0fGKNE2byFJvnpcszX0hTK6rJr5u2g5MPDhCWVAqZWA\/ogTmUNM\/hiTPfQkeihINkuu2xiOaqPKq8sMuQjF678ZOS3GHn+0TKDo1\/YbLwJy\/ZpXJGxt30cfRSaAH1ZjGC\/le3BtTf6Ee25IG79XjyhHYyykWI2qhKWR0WZIipTrVnQ8OQ9VFey3MfNakIGaPPsyV69yfAmkmASAVXFu7Mo6y0Wz\/k+XakzO7FNz+SVS8r\/HampTgbi4jZsv70uNhIa7mA4qtW67mQ4Rtz5mrDrLhqz2cchVuQJJMooj0k2Xmg5SrVAA8L+yguIaKrDD971nuLq358VPAy8fRB724dILFO0lMVCte\/by\/Z5smTmpZsXjBALsYbcl4FVVEwEstKsA+gV11h+TKoi0PysZzUv4Co6O8\/IBnHMvA3aNldZ6T2\/ehbVZg8kV+TWp68hUC2ZNn0WR\/hIHa\/ud6KCIM2HuunHoyDST3M99tIIw9T05lx57290aLBbTURhE0FEw+sGowcXu3C80nVKiDimHMp1c6mqiWhDKZbGOAdpIWwpYqyGb1wbm5oAoXEAR7Mc+jjR0J8zJlFvt86aEVTtTJma3fejOJ3C6CfSBtcEM9aVUQVmL1wf7Fi6TTqbbFA9hnROhk7vqewbhtVmirjNaHoW3nHcl5Ky2MEXCHIhVYecuDZG8tKTrUF\/HFpCaGl9ktkqkasn0g56PGXthtx8q15PYDSjv9yWDxzwqk6QO6Yvxw5QtpcdW836IfXVH9twCWk7tokUrBa+jkGq4sxymyp8HJzlBaLvbaRQuaENeIm3CsGj3g9j2MS5rx5x6bLrNsqG7vyWFoKKK6rqr6vFuCF2irBVzzRdUFclg1SSHgOpaIic+xLUKXq+lZZKiY1RKji5vWjtQKTKYEV029kaxm787YffQ8yTZZB6Hh6BkDWEPJYKpvcHrYxyRBFLQRGWx4ITq5kdTA0MWD1a5s3\/Tz1ghAL0hkcPsti\/Um+kiW+XSNOONWqykERpHTJUdF9XR9VjidFyK82bmGKcNXGpEf6KxiEWWOfrwygEpxaXYc1XPpi+3jqe95\/5QRYGsINOcrD5IkF6QniULDRMMwwkr\/ECjICIiZDSB0yvurV+rIeACZwQwc9BCfZ20PoMtA9Sb0+HvwlI89lLwU1WoQ\/uQFCU2G+iaFma79WKu7nfdJy0UCSpgYk\/WwxenGfaRqde0duIKqJ4VQR7DQ\/1P+Fdg7iOLJglPQ16bgg\/VS+HMi5ElBV9H43KK0X9+d\/wx6yTnUwB9LBosIDE739HoREBuU9qFyhmlmKq9iiXdK9S72zzDVpgLdZ5NTJCzLKyehhNiJq3WHWlmpoiXXclIQS2qvLhF3s8CmoQTCIFD2YwbMLNLc3NR5kX4hROEBrWwC9+79LiHN5YezdiHlgZ3UHXQ0QcCITAtA=="} 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1574209133041861,"flow_dst_last_pkt_time":1574209133046090,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1574209133046090,"pkt":"zivom94WClnTQ78JCABFAACaQSRAAEAR5RoKCQACCgkAAQG7odwAhhSswv8AABgR9cNSVpuO+PfYTEePbwr8vNYS4JjP5xnPhXULMwsGez9pmn\/bAEBR7JWFbqBk4i5AJ7l7qSlE+tX2yrubmhFzRlx21yBiPVDLnRsXzX9MvNztVp29bxmR1P08S3NdkCTmJvy4iWq\/7WRG5bc9bbtXoIExxVobW\/gF"} 02202{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1574209133047397,"flow_dst_last_pkt_time":1574209133046090,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1574209133047397,"pkt":"ClnTQ78Jzivom94WCABFAAUA041AAEARTksKCQABCgkAAqHcAbsE7BkSzf8AABgS4JjP5xnPhXULMwsGez9pmn\/bEfXDUlabjvj32ExHj28K\/LzWQEoLequ+XuEJ\/s1BSUshWNEiIh0aUC4yAwRElRrinPDk2nfD4SmdQQO+DgEhR+JzpkFRgXIhdTGLuMwVyZDNayP8wqegkyiQMgPSBURsHHBv+mMkgMKbL1L8HaaigAV7t4eD5XPruskWTZTpFm1h9Cm3DzPxeQvTSEwHtDrEOpz6YFy82UDJYYLzV8itjsSuAl3BN2XPA7e06ZEWotlL9Br9TZWw4p83NDVQGkChBgIL6f1nIN2ojZvrHvpzk0MfCiu\/boqXdpIsBERYdwXRPlbEhxdUMcMYA7eh8N4TKuC9HmChlfkHaTI9GkWRyMAMzxtZMhCl3LoimMkhWCfqmVgDVhtz4Dif9R3RkIY9hzuUCMKU7oaOOUiDfZuxIU3WloNXp8o12YBXza0fzRQpYGqa7piZ7PVUXOGcUM\/cFuqscmeLVQOsoy4i4CGC+MSSW43OpT+j2aHawId4E4DeDRugsomOlKszLuMP4ykA2XzxEcbZMu330eInLeApkaX+snpful9w18f09BHmkH10HjWW+o+8oFuEG0J2hwlJ3TmZuH+IBwCzohntVbymn7aQKhoP0MV8t5fXtaD3vzu3igqOoz64Q+7\/Sx9TpI8jZHMY5bI6Kx+leY4ybxXsUaY9q0gvlZcgyTiYn8SSRvRZMXNcQW2xksYLy8WttjxWgRkmFmsQrwrmI+8rN1prhvjqtq9svG38UVICHD+O9YB6LgA6f2DnN5DLokrYt0c0SwvSqZm2zBXMqoCDF3Mvxf5duIyZR8amJWjBMoLkZN+I+jb+DRrnFUITzuCvlxJQBLZbBvmXcpD7KXKyeyqlEx5yPFydiu3Ptcszr+5KTMkbP82kPXV\/bjI4L9oBErJhJCans3wo72EkAcuKLd6CCThJXE7Eh\/LDUjZHt\/8eNb7S3jzPF8xwguDIHq5S3aAjhS3QICFDHNn54BjdvvO5iW7zqJCZLSz3CwZ1+MRXms7+nxM12o9227S7LvP9CKQt3pRuzfLorLdpjg9GKs8caLZS\/zPBPaxxYsAkVs\/TxyqkBKa+anVJ99dxXNbDJQmTbQiadhbUe5CTXS5up1QYApDHCBfC0uOVL5lGIcrbl3PMnI1Dz2NdmW84pfg6c+eP0VFTKo0ia+JMYIRzTujqTSk0FE2waqFp3fDr8Hyu8mFx9hmtHgkYMyRj0Bt4LlwBJ79sxjVaEgTqHIx9xF9TjPLkAQXWiLTUTtZO41N3FxjyHC7iUvDol\/CotNpvZxVVNzqh35++58kx3dGzWg7RNObbhbgYckZgts8lfGtJHdaWCmm68Pkjb25Blv1HmPokRC5N98vgYvduuuS7fDGGlvtjz\/JIS10RWkuAlJb\/TeU30L5OeUDpr4zmcBbCs18tprlmixC6jVnlsoejFSyGESEQ56JY+Y6YELlJh011Icv+\/BxJXul2kP65qokwiQy6MoaIpxYelTFp5PRef54cjqcJi3DU8ahYYjMd+pFAh\/vGQ66+sQubQDPeRB01N5+3eG5Zyh2ZkNxzZLSsfMGkHSVTT3SqZ+mT2IOgPbQy8Y2nObPD5adavrO8MXO+JeqH6a5Ct3KlMPOBt4e134vezowr\/x2Ai2BFLL0Buw=="} 01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1574209133040250,"flow_src_last_pkt_time":1574209163081103,"flow_dst_last_pkt_time":1574209133073692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":4378,"flow_dst_tot_l4_payload_len":2992,"midstream":0,"thread_ts_usec":1574209163081103,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":7370,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1574209163081103} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-24.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":7370,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1574209163081103} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777296 bytes -~~ total memory freed........: 7777296 bytes -~~ total allocations/frees...: 146407/146407 +~~ total memory allocated....: 11485915 bytes +~~ total memory freed........: 11485915 bytes +~~ total allocations/frees...: 216661/216661 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 568 chars ~~ json string max len.......: 2215 chars diff --git a/test/results/default/quic-27.pcap.out b/test/results/default/quic-27.pcap.out index d602fb470..88303be31 100644 --- a/test/results/default/quic-27.pcap.out +++ b/test/results/default/quic-27.pcap.out @@ -1,14 +1,14 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388075915836} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388075915836} 00817{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388075915836,"flow_src_last_pkt_time":1592388075915836,"flow_dst_last_pkt_time":1592388075915836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1330,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1330,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388075915836,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02350{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388075915836,"flow_dst_last_pkt_time":1592388075915836,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_usec":1592388075915836,"pkt":"AAAAAAAAAAgA1Oceht1gB9AaBToRPz70IZT0pjUDQM0HFABXxOQvPWTRnVlUmwAAAAAAACAO+uUBuwU6BFLF\/wAAGwh7p3UKjzv1VgAARSBBNb8rxExjuvv1Ye++hbc9om0DU4NnwSG\/3UebQzKe+\/ChMR6f65IjHiAPoLAAXROmLqaJFJBg9Sjii5GNpIY1s7jLmFqalAiGP2eQLOW5rgxDWycwtAoSDO71eI9T1Uq7EBmGHvnPmeSBFCTAwbphrP9uMLPyAc17USwCikZDlt2XGVMfiXze2ila5iBclIpM\/nqIjbZDUUYzdC34yYbr54VrUe33DQppusK5QzTfqS+3bRJeNmvfVjhputwGoNup+0y7rJDCwpxgcjG0dCKgMjLHOmSc3TOXpHySWsU8YrZhzLttd3CTZRM5WZ+WibgEID8\/Y94\/jmGwbweD3Pfo3Ppwfbm6t+wCItY8yBKRQ+H5v5jedjzP\/LjrRtljajhGcJZd6HJgjueiAiaEAdj7fx0T9yjCxPVImLtLHfXPo558xAwXVU83pzT9xavzftzVp99vYm\/GU\/kg1VYfnH4H1qpMlTlic\/Q6Q8iLnCNGJ9LIhtmYFfunAmiyObADRsU4B6j4HoJX3if+mucsKdp+8N3ugLjM4uwUvOF7XyACDpCZ\/G3\/5X5J\/zKZkqDPUYvuluMsSOj8B9WlMWtbGerp5EjqolIlNnjYomDTKeHIxZZRBaJp\/QOHxqWVWl+MlH9KWaLg+UuJ1tkD\/z7oSb+H1aPInCB0q4IOfY52jC5M0sAyNUCCRYRJtlGM\/qM0P8wM\/vcpX4GIrlML77jxP6dU5SrTUTaXASv8j9337neVie5dGU901jPeI0ibTEPO5jmp5JTAiUrtWT\/OPLGl6+AqDrvj2iLYI6MfHf54Ll0eSJwKxczdOyajjbkW+wF4mDNBcrHs+Iy+NLs84KPkQaEHysgP5fydEh4OpzytKTjbeDrjBTG9KcUWYmBar2q8HpPFclPVfMJzlgzmG1ymiPOmBJDgqQ3ZUM2g855ht6g7tzCMio0LrDHG0qDTQGyGwGnOACHMF4aRlNBHHPXjD0AWFg5ITC\/muG1btVnHCRMRKjcJbcwgB5knd4j3yLyF5jIDRSKNhE6Ac48oXpl\/X8QX7id\/RdTdMTE+I9ImLp3efowsLaCMtmIEe+7JeD8HXS\/DHY7CcQC7QJJxTExlt1pZ1J8VxZQ\/Rin8crO7sCUZAX\/MAmOTczrCmlYKxmfZCym\/VBLaEls1IO\/vlhGhIazJ4ec+unaATLsbpA8gpl3A6fA\/mtphj6B2kmQmdb4PDBkjLGlUB9TA\/hWCdu8okA42ElpefKLs7iaYvj9eGjbpH4CtZIsn81hYHam0KixsLnFD01WT2G3jWF4\/p32XASEAIX2fGqhIl42kT79V0gWU\/zHFYX4d1dqE0R0QvDLgaBR5adJ\/AQSCQX30uHxQBsrPiDAUle40F0f\/CKLbXDtfvQg3i0EyI3KXCW22kEkJyctCWU066Vqsp6MiM5DPCQw20QD2L38WJTrzFxYD7gmCe1AwoQFfD6gqTnrS3Tj0ht5GTD8vsEYZ0oezjMP8XuBMCjClE8hToMxgRyaUKQoJ4zuAen+tMutEa2m48+u5jHJEJljGjHC4LHZWMR3906vXde+zdCg1ShHY11L\/Bz5vKrplIBCiT9vl3ZYNjO6hBlbKS8VP\/yg6gsLQ9AigFTHxstN+VusbiYbo8JJgQWEcDGy2dI9GZZqPmAAFQeJAEQIBnrb965lc\/aHxPwoSZtBKWldoAMiE22ownQezP3boCQ596Xlhlq\/aTLkj8uddR096XdeUuOzAUI7eEPdA9iCr"} -01401{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388075915836,"flow_src_last_pkt_time":1592388075915836,"flow_dst_last_pkt_time":1592388075915836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1330,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1330,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388075915836,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","quic": {"user_agent":"beta Chrome\/84.0.4147.45 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"1e022f87823477abd6a79c31d70062d7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-27","tls_supported_versions":"TLSv1.3"}}}} +01427{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388075915836,"flow_src_last_pkt_time":1592388075915836,"flow_dst_last_pkt_time":1592388075915836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1330,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1330,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1330,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388075915836,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","quic": {"user_agent":"beta Chrome\/84.0.4147.45 Windows NT 10.0; Win64; x64","quic_version":"Draft-27","tls": {"version":"TLSv1.3","ja3":"1e022f87823477abd6a79c31d70062d7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-27","tls_supported_versions":"TLSv1.3"}}}} 02347{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1592388075915836,"flow_dst_last_pkt_time":1592388075921678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_usec":1592388075921678,"pkt":"AAAAAAAAAAIA6W2Tht1gAAAABToROC89ZNGdWVSbAAAAAAAAIA4+9CGU9KY1A0DNBxQAV8TkAbv65QU6\/nTM\/wAAGwAIe6d1Co879VYARSBTj79W6cwNvYIa4eRJRqYVEF\/FFQs4\/YFJNsPxXKvEgdRDTO3utbDdVpsr9xE5Fa\/TpG177HOYaSrCAz5Jo2+BV5oFjmMd9bTEkWInl1UOdHKW2niDF5nMaLe02aYd0mp25Hmgx4h+P4ZNUU2g7lMQwO8oh5pyFwebO4ynZaVfKfuvlderCYi9W3A+nCI5swIBOg\/\/GR\/eRpRy+l1xUDMEIkXKJ9xm\/36tgV9mPj+QnGLik9ENPu+ZN+Me0EJ5sHt5U9N9HC21bIxbx2522Px9RzM8EV5k0bNaVeSUX6Kx86PSOGKlOzKToSyBuVcP\/8Y\/pj31FFMn4jXKSKIZkR4jdHKqC8A0U8JWz+lo5qygK0a0s0j3vnz5UfxKqxBqYcCTRyIv0ihPq9lNS2XBnJHxjyGSIIPIjQ8xsASU2vSfjgEk5w8+ci+un+2IlNQ9pkFNXyipoW9wTbokYSnOTxLk6sFfH3dsyfqGWWE1tcdt7fy7oyiEsvZGRhn\/L+h2S5jSKsdHx7NdNgIdO39fvhXOA8HjSqb3VALAtyj6ehundx3BZcRNfsuUa5ZwC219uau0CpTuX2Tcg4sLjnvZG2Lvryln9pXYVKexJ7M82YgjmrH3wKorHuQt5fR9o7MWyn4djeqsrjK1KyRTCzgfjFDh3HyEU84LAmn6y\/vAo6GV5tlhx7mhZNMKhoPxPwLQjI9LlPc\/eMbJSDiPSdtQN0Aka6OS5JgFtfkS4GGEZrqH3Wmy218ogEMrR323mHZfknuU+di+qZFkdH\/EQiWObuHXwvxT+d8mUKnyAB02BTcx6ikllxkk+7Anulz\/alZEZCKgpjN62uDEL1zgUQWaEwOMai6Bq8aLpyIjWmfI3mXlEoQL9YGtvFU3NA0ZJr0FsSmnF79XixoAiidGmVLveJwbz2v70EltiOw6GW4XT1Nx8GJbOHEb4lw8Nf+y1YmbiOSl6N6MqAV+LTudvCC93HluIlhU0E3uX9LGDS+ScDF\/SXTW4zk9DPu\/I2vtwGCJX81Rv1WV8uy3YU63ClpeYXvX7h3rAbpodg\/tjIJpSxX8PbWv2L+X7I9n9ASbVRLPybgw1VXro90q6rMYVQ\/J4rPmhLpWzdEAazqGLHFi9KCGNiyg\/RvVoTwUKLYJ2wN2A7fA5TkKjD7w9oSn095bN7P+h75McGVrIyVqdEh4yuOB+Tvz9c62lXezMJJBw0zLwBGL\/8fc+U1+0HGaZ8c8r\/a9gzaAu\/1hL\/GX6BDxGvNlvCbNJSR7uYc+tLK+p8LJwdEE6O1NRlrVaqPbBG+gZN39wLrBIi\/4C1PvaV8uwXWpwJT4\/2iKYJmYuzWYHqOYb26qPVfaWtKa8zR+ytS6h93OrCLmPemuHc\/JEUEpO0dp8igHMSUL1C+oRr6S3mhQFj3DoLOC25YV2Nz23shcZvt4jUGqP33atbdN9fs6Z6FU668dqDsydPhc\/SLsWEHLNI2dYaUpYVsKq4rnVyNmOwE\/6yXFioayjL1rahnUdwSUA+95p6JoySDTBjZ0UNSLSl7C2+U5OFwI7ckGRhoW0KKahovJhm17+fTYxdp+9HuvzWSSUY0fZvLQBV7yxLsR4PcQVPaqkZsrRSNzLBu5zsWgsJ7iTP5Pui\/izmglDfXm4vEH6laDbuG6URrQ7dv3yhcwEz\/QEq4E36vx+7mzPgws4U6N6vHcQkT\/3gkAaI1tEvZMgcRaUphUC3VFG3nl7XwQxFcW31F+TgbWi2aESvVU"} 02343{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1592388075957479,"flow_dst_last_pkt_time":1592388075921678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_usec":1592388075957479,"pkt":"AAAAAAAAAAgA1Oceht1gB9AaBToRPz70IZT0pjUDQM0HFABXxOQvPWTRnVlUmwAAAAAAACAO+uUBuwU6q+fA\/wAAGwh7p3UKjzv1VgAARSD7U2hL0O88k3UZXjUbrBBd+WZB0UG\/j7758xlBZzizfYUS+JxzLcKYGo8WQzFU7GyiuzvE8f9eov2KYsEVwanC7Vc9pLDljUq9fi2hrf+FzyyRcUlliaDQXxX7n1Ivm9KRXOqnnKdmfHVEvBFAffLmUIXWbO+YgkFjGfD8GnPXDCrAqvwlSSmWge5izab1xOS9Wo1XnWifp0lpGLQpE1MqqxNhBIDxbfaVbjuMEAWyrxRLEqh16GZ0\/jsodxxqlZew4w347xtEtqPzlLyHr4poFBV0Y0YYyCJ1yuoIhaXm+33Z+1T2cYWE7O6I9WEk+mBcGSHxZEZP4CaDr0T3d2jgKsNoKY7bkKT1W4j+vuMJDFuHBaV9SRkGAElCQfGPawy8Ys82dsHnmEEyzp8V6ce7FzsZZVA9JPutVgoejftdzH\/RLPkp8RBEvUi+HMOKcmfLfnWgmtZUoG2P5WRsd4keUAJzFzPu8JDFkn8Qz7I2ryzN2cOlRhia\/jz4PgIUt+4ZQKXncNfyTzS2OteWVaV9zMESXfyvD0pVAT08qEHRc6laTl0ufuUQBtHn5CKjoJYFHspiVeCiJegPMoj4HilpDrhpSZdELNW8O6lX\/+Ya\/E5+xP\/XiQg9mVqUhmMopCMRpiLIe2Y5jGt3vKxJGa5gox\/Ao+2MtfZQZSIoFcP8KluOAfCrb5sGinc+sTc+ZKeAOQmz2FRpTh4fxO1mAo2o9ZJLguqcLrOlyxUUSOHnuLgNLS7XObH1LUUip1vPpeYTmlqzrANNh9EYL2PlIErptyjoZYKQJ8rGcKFCKO11+88Wp\/LRi79APRPkY6RnAKucyRnsrN5ZraDdPgKee842vxIdbP4CvpQKByezNr0Y4u9e5janU208elx\/zNNPzGR9+gsEJIstRXxFey8H0re4AXkIgXjqAReUAEftPwSWT1yW9+jva9RQbrdrR5MlklIvCCr\/7U5+3OUw9\/43s\/O3pgzG2DXT5bg3D27JwIW8euuy95GFovl\/nwOfDJmNLw18bQ3hbUqIFcvmzSmF4CVgS8f8nD5zXQn0Y6t6H\/0dRw6m\/fNV\/hHkJp2gXqQ7165w9HG2aJNS+9mCFSeYNr4H2pXUCnIsj\/Pby8rM4BOGLZX6zg3e6S5gFfYBAXTKRGfLDh+HC8x9D89XnWP0cyQWheKUU2YWacOr4WVE0zJK4qj2v39Y03nQgSY7Oa54R2PRMjuzzTSkaITdQ1fo\/eapkrPXa1eGFgwwF6EMe47fkokLHjscKhQ9hUwVD1WZo132hEoWEgCk6GBm9kpFczYiEdZUPhpULGvCKI1iCSBgMjY4vkSPjkj\/CUDk9lkmQxFPWmRRIn5bNqB\/16pGMD5AZgW1l2kOJo5CYfNF1x84eGg+l3fSTIrHWDb7BvF8kmCbEpzK5xtWGHGjxOpk\/7a+pTOyHHSCngxZDzPdni8BcsxtcevFPBg2cOlxb2H\/0wK6HxkRNoGyDH5CwTV\/9XVHoipCcVdCRMqh2JweXzA8wyDxryIMQur2tx3A0CW64wtn\/h7BSyKnDTRXR1V+Wa7DymTTmnRiQ6l5f3ecwcceih\/JZP\/GSUvQLB1MZBKOprH4Whg11Rc2g4AjShZ7+YxYeeQtOgNFCRS53FA6JbVYqDpNySia3zORBhbds4Rqs3FtKCEuzx1fAYtgyzWdf8adqeSwRKSlOPPdqsVh5zsBNqK4beqT9\/RPVDkfR2bjUTRJesgqyVO6iWDbnnnAdtd3"} 02337{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1592388075957479,"flow_dst_last_pkt_time":1592388076028071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_usec":1592388076028071,"pkt":"AAAAAAAAAAIA6W2Tht1gAAAABToROC89ZNGdWVSbAAAAAAAAIA4+9CGU9KY1A0DNBxQAV8TkAbv65QU6ViHv\/wAAGwAIe6d1Co879VZFIRhTciPGRElj\/q2UJV8WLuy+v+X6eYq5nfLS\/1g27PmgUSjybm5KzQzU1ILEhmniPOAZEvqheEyUNT3LDVYKkiUNtyVizLS+ix05UKwF9ULcCkrPIH2L1yPWwyFY4cNmCg5gqYtxA3Cd8FBtd7huXtciiCUG3GeekKTzDtj3mZ+8a9Kr7COQN+1+KOPGR1jsFDY8WBXFdrZD5ySECX4kUsUr19bjb\/U5cZvpbI9cdcp5bwfzrC2mH6vd4a7R7sGpYQC\/LmTmcUYGX34JRALcKFzBObhoO2vaDi7novDaIcCjAgVKgIi2QDsp0UHLCVfN6EaAaXbvuQGWGiPLw9zau68I+RrJ6y0kJVxIbdnl\/EUZWmki\/uzG7tgnHXtuPP4eyAbjSMJ0hjsteGZnRo8ugg1QBkP3BhHBIDcYpS7Rg5p+Q87bHy7pRrvmcYBKovHJI1C9UPa2SFGuec7pa\/6HIeRhWWTMUnz\/ZwqGW8sEZEBwfq8qOUwgi\/B\/AddMPb0L8G7SIQ6+A8kHT0aXnCw79xDImZQvGx+xV4Q8IQAkfmLfJgljliS\/pFSe7vKQTDUfFC487WlTMSbh8p4v14NGz4\/+IbJnlPne+z3aiBWY4W5BT+eNpvI1FrAsB6dTWYb1WMRGu+babBDC7DyDPqG37z1zhaan\/jgx4fju6203mIVVCgDDa4YMwuMWuzKcp++h85i7nfzPqf7Wk8JcZqDZQ7\/7XjA0cDDeckdiS7HK2HclGO5lmUAmfBv6xhN3kqSBMN6IqsmjPmE60BN1fOygdU+Te\/f2Zs3Hxj7prJm6c8So+FZaiXzdcjyeQIKQ7Qv7uvRxvkajwom8lMmtPepS8E1yN2bhced3EHv6plGn43Vp+3XSbgOKY9S2AogFV857hcfhi+38yUYhyudlbkP279FCQJSOQonnRS8vvcxIp1D3jJKLwM7lBzaN71oIr+jZYmimJVYS+TZyf2NTpdZEOqUdfyfjGsgBeO+zxCodqOAYfcQN6t\/ocUaCgoHwIrFh0DNA8BNDZ3BGwDpWjDGxjT2MDsyXTPzdJOrwupelUXdrY5ldlO0BOU4mi86dMKwmn3N98YIh7Xk16l5iWGVTV4G7BiDgSJjCmtvL4gIyWDqlNk4rKdN30XBAMceNyzUL3I+J9QvbqKGfekV6XugZlAoULV4ad+umJRK2vmBuKK0I6o4wTokYu28rX8sUaoMhaobdOad13wg48RmxbjTjdVBAPfX1KeyZee+F+tEvJH5c76CbSftxDPZQcvK0IFFWHU3fXRowm7y0cXr5ihgo+viz0RYExACCOzUg7yyTUEr1K5pmd+JJe\/u6dmlpru9YEnDkl0FaQ69KgHJy4lAr1a6N7vOW5UVyYYpXufTEaXlc\/8T1+66MUdctqR87rt+GkJYJBgPUPk4vo26994MdlTljOZGjiPv2mj5\/nUWzoMXcG2WfI4Qc6qCD4Pv1VD6RdmOwoJjV\/su+wg4zNBn5R6iJ+ATQnf2WSumgGNmoSRr4mJgiWWxiEWYUww8aIC7q0BmFcfSOGzsQu+p4VSWP6YjS77bvflLoX3O75q7WJVNOS+lJu43OyzHz5fgIDeXGokHeXy9NpCGJdtgA3NQbjooA3dcAcQ4tGZv6kkVjgPSkmu0AJzjNvJuEpULFm5FZxpfYNwEra0h8ooobuNRKlg4azk0ZN39GAv2Rb82ENGYGAK8P6\/LrlPwKtRzuXRWUzO0rErD\/GlE5wROht4c6ajGM"} 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1592388075957479,"flow_dst_last_pkt_time":1592388076028126,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_usec":1592388076028126,"pkt":"AAAAAAAAAAIA6W2Tht1gAAAABToROC89ZNGdWVSbAAAAAAAAIA4+9CGU9KY1A0DNBxQAV8TkAbv65QU6Cu\/h\/wAAGwAIe6d1Co879VZFISUoS3c1LeI1f3kGlK6\/QNOr\/NABLaBx5LTjTiMM9smnvfjoOua+FQJnE+ZH3t9qb\/LL3ilj\/FL3JWoQ5AsutZ2v0Ov5AHIE\/ZIUWiM\/b1\/Psqe7HjCEfGa\/Pn04VrjRCrsUglRK8pqyMk+t9GQppn+F+FNln3t\/Ds1nPF8o5QqtUE\/q8LSytE5W4tmuafAvGb28tHvlqcR\/91RGVeuyv4ZdYWnJdOAVFbjKuvIKEBKANwTaD3AkFWVEqaZvu2l7N+bGHJMJgiqgp+9b0cttal7FMoGFs6adg3LTgTWujkwfJekftt71zIfnuU+0PrD0d1qsB9TfSCuwGwbbbDRgYG8XVwL8zxmRLn9Auhuso8795903Gpq9LAC7cKoiShGW3C0jUGDF2xTE5Ylh6zMUGg6TDya5bEvipHZ153rW7TWJT4vkCkw69eqhsXJvjw4jYdOmvyvgSYObUpBV9iMJbMO+hRaTJxltiDxz92XCBsPx8yqbUs2tFBONzhIyzkw6xcC\/ZeQUgpLso2N\/diUisa0e7nV+xuLNdIjwkxLf7DoY9I1jzeq6G50DsNvHoUCKgd3CqYNQEn6n3zvfWs0l1E+3sjvio+tlZOFbR5\/DYOBTvbtb5ssrxMIMX8I3hPzw9rkivT0lYBRX+etHZhXt8hIL1OE+80IRt8mWNHPnEXuvPuDJByNp6x\/JtjAfFDInDCqMZK5djoXSTtUp6qQpvlMtB5m7uyaaysgNqyHnSwGOB1dQccM7cak0t+MN\/+IlDtPj\/wmwqBImSV0mDKjXywQ7bsYfqHPAw4CcwzLo9zcIEtNjvcoF\/TZi238\/qiq1vOsMzk+82E4taf5+VHAoT267xBTLDM+smuKoEbkSDtxc4QmjrDMSSWkWQOyC8j+c8nyi51Tgg9IM+iQxLRMFa1CGft8h+1xKuJc\/FoiSqN62L+IA1P\/LA6XLD1NcjJXY8IFwooUg5\/l4urKJmXSLnA14ps26fW5korJedu9wd8F7Xmfcc1UPazcpuQfJHQG7YeUVyqtcnf\/M50G948rp3i8MlfdgRmcCkEymW6bJzm9H1yUPHWWVg8HOVbIhOYXhjPZBSQAlSaAvFYwI0hnoFbYkJj+9n2WEPggdOcoa14iw5SpNWfyjQ7xR+ONzyW6OQ6pGo\/5atAj5QVcoQwnpzOt5tX8qNfNp+ZLgOF6ctVOufCLbzzxeGWcDSRiSqOuzJgCM2yRC6LvUvJkH91CInawmzFG3KkPQdB+K5Jeq9ffHYQN97+fJAdP1OG16UX\/SX3t9htwnBd5Z2+nh6hjwV4n1SIuOG3Hkxljd3DTBhpYrha5Q6nDeBc80QdbhiBU+OOsYLrGr5FFnb7THO1Vnn24CyVDvtg15ACcXDu5+GlJ8RYCR2Wabyq5m4hTyIb0TZAJQQbQFrD4b0mSxbusJpuXWArhNyDl\/EBNhAQww3zF3I9SOtZCwpTDRceQbTQOAJV7CfIzUtg8zRWTrK7m31aSg+RyqaQizvPHdNQMSy\/YFccGhfumDWmke3xEkgTdSt8YZMA\/WkC3aY4yD7Wur7Pzm6lg+b3UbI0ywVjTd\/xHuOKwpoNWGHWnV5hMMRvNQhiEaJSz6nqjVsSK7kruepr8Ko0ZQkHqE88t8AwjTdaguGXi2F0WBsYS18MpGKpw47jOcMsAq0ON0Xc5cprtI18jJDmrM5xRj17Fxa6cgxyolfwWbwqSt2+gabY+qJoNGuHEvOX+LyDBXyyTtHBoULbRF"} 01143{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1592388075915836,"flow_src_last_pkt_time":1592388084312705,"flow_dst_last_pkt_time":1592388084373772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1330,"flow_dst_max_l4_payload_len":1330,"flow_src_tot_l4_payload_len":5523,"flow_dst_tot_l4_payload_len":6124,"midstream":0,"thread_ts_usec":1592388084373772,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":11647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1592388084373772} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-27.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":11647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1592388084373772} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777677 bytes -~~ total memory freed........: 7777677 bytes -~~ total allocations/frees...: 146413/146413 +~~ total memory allocated....: 11486296 bytes +~~ total memory freed........: 11486296 bytes +~~ total allocations/frees...: 216667/216667 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 568 chars ~~ json string max len.......: 2355 chars diff --git a/test/results/default/quic-28.pcap.out b/test/results/default/quic-28.pcap.out index 3615739d8..6d3f394c6 100644 --- a/test/results/default/quic-28.pcap.out +++ b/test/results/default/quic-28.pcap.out @@ -1,15 +1,15 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591267474847575} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591267474847575} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474847575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591267474847575,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474847575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1591267474847575,"pkt":"7jdRvai\/bmImQfCgCABFAATMbsBAAEARSUwKCQACaBoL8OrKAbsEuILewf8AABwQgoOBp4aIL+MPCXOdR4KiFxRAxLpnL0UX1efsgg\/VSxB4df2ozABEgmEZ7SPB63FDIt1\/BNmaABrW7\/a2mJ6Qg87qxio5qp+Au1rZycjjs1xq27TUqOstzWUVkmwpCYXpvpOqlbwTvnFsXueqMWKDAlTPVsrztIv2pHHHaD8h888fq\/JGG\/YMsyu4siFFo62sUPCzYnviiGb9Ejlp4qwUTq4AjO99Rthdv2GbNC\/OStXSWSDjD\/leZL9UJEZcJ3LhlgqAVgxUVrxuE0rbeF3i8aF9iakAqxlqpoDj1+5t7ILe8xHKg8FUG1XnL5zpn1\/qeTvTEm18Ejt5DZJvb7rSMM3y0kFKOsdK3+oTGrisBL0Fe\/eBZ9f4xHzZvM5y3BCl2N6qMFMX+sMnr8ggfIKSQlAxo6qy68ZM170NeiI1bIaY98nIrG3zZt3dnHbbcgfFiN6lFzYaQLJBtV\/WEYTHy0okUamYC\/5cNM9tSXVBXfneC5HIpPjBuuyE4+LzF5EWg6rp8zulZ5VOTIetNIdJsnU+GlxyeY+BVtCQCCyWElUlL9X91YgIZ8MpCHxRq8ZJCkmY4nF34gFHgfsegffKnBAav99zdzm50AvMu4lP1B1F6cRA2HMPmAvCgUL1IKMcacz2eCZBB7FWHguZbpDdL2+wruFSVOAWeB+lE\/kuyF3MF8D5tAMKtEitOKdhqy3C3qGvZcZVGOZKPWGr2BC7JbZdFGIyYmNwp\/bvvX8XvDggJHwe6xhqAz5sua3BsvUJ1vySN4kKaHQ3EYKLbPPRjDwQinHrO49sFr8oWJyt7OK1yq06uwrlP3p4sqV3\/tL4FsOHtHVAI5LvRB8KISYciiug2cmuSgzkDgaTo\/e3D\/u+rCXDQ3xoip3ktBsckfTnGfFRGZIYxKdaQnHhOXiTzFQ6mSTNof1wHefWEQube1a92cmaAPSGQOt3LWbH6N8\/qM1mTakjE+QJv0K3HWVx+nbk2qFqJc+rHv1Ie37Z2+wHGh0NjwgX3P+8AdCqq6tgRzOpAdLNRrnirmseM\/zZQ0+cDRuw83pFP+UWZ+PCK3wKRZu1IhQ2h6D6lcGAbZA9ehc5yOvz0v1LsR84aEk1FsEGNTqF56I+GB\/2xRH4N5F5aeUjnenJzGpEQkofmIzcU+knq+dcQuuDHuOTLNDIaiPO+4HYzT5IY6vCSgCHcPgQVRcUuuSg\/GpGaVSknd81XIsamcRfeqURHQ1MVwmLxgOMP3+I5HFeghmJ+ki2zeRb+13f3SNlS\/RoVNOTrzjA86oM8wlv5t\/i38dgJDMR2ZvO+tz4iV7y7Y3T7RFYvvK2F7LLOH5ZrOKSeJb1SNqfpAw6nEHN8am8q6WcZIClcZqDQiuuDV2HpT1RM8QezzenJxkksNL2P07lZwI9HU4P7Ayp4wWZ6zeiRYoRywRS5R5VWfF7StuaGYuXatUeylxdjHJ8UwmFRvFoXP+8SlDa8jkz\/qhABAK7x0AzjsV\/3jzRSi1nVL9yl92ydFm7OXWFMLaMdafTsMx6SG3eTR9qPpGQqQKfrm9F1wk7utXsAM9DKqSLm\/MYVhMIgqodecjchaLAXg4QPX1N"} -01294{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474847575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591267474847575,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.wireshark.org","quic": {"tls": {"version":"TLSv1.3","ja3":"1e022f87823477abd6a79c31d70062d7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-28,h3-27","tls_supported_versions":"TLSv1.3"}}}} +01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474847575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591267474847575,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.wireshark.org","quic": {"quic_version":"Draft-28","tls": {"version":"TLSv1.3","ja3":"1e022f87823477abd6a79c31d70062d7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-28,h3-27","tls_supported_versions":"TLSv1.3"}}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474861209,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1591267474861209,"pkt":"bmImQfCg7jdRvai\/CABFAABL8YhAADkR0gRoGgvwCgkAAgG76soANzParQAAAAAUQMS6Zy9FF9Xn7IIP1UsQeHX9qMwQgoOBp4aIL+MPCXOdR4KiF\/8AABs="} 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1591267474861366,"flow_dst_last_pkt_time":1591267474861209,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1591267474861366,"pkt":"7jdRvai\/bmImQfCgCABFAATMbsJAAEARSUoKCQACaBoL8OrKAbsEuILewv8AABsQgoOBp4aIL+MPCXOdR4KiFxRAxLpnL0UX1efsgg\/VSxB4df2ozABEgps603pxkyOuWqOuDCBHqFD5j6Z3HbedH1LdiS7r9g7eF1q+4GbQDzwEnV9STArM0Em4niSxcOP14YGEMbCxBeurtCEC8Tmf6DBDqyOKEQqlh98RR0FuyctJCM99u6oRT6urYJjdL6PSSu3YTL8HY6NviKj+LkpdTz6KmCgYvbgKd7NEhPEXmVYO+dL7mTC6YtcnEsrAHQU704mlKvqtFGL2\/5msnq\/TWBIk6bybV0DxYkGzE2Dnlwtw+dvrt9SpZJQBYmvuqQWRkw7Xl0Ri5Ou\/YH0Nf3CEwfW93dKkzcyI\/xYg9i+2QKy1ICjIZ\/JAWTdEHFRK8O6Gl0vStYOHFWBxnM\/YifVgYZg0OsrKE2RfzjKKmCKUpNz\/eEInpy3g7Oy6BASDjgCLyqH4KHC0RkRyxMeAwO\/4Ueuev5PR+GIZT6RPX+8eDG+GEJz8bGHJ80oLKupj5MfUtk1+qegg2dzVfHgOvprBxIArXCNmBUVNivV7wlObqf87COabZiPrwNrq3bed\/ALhpVnLbXDu3mPYFozof6hWLQUSRUCvRIP+L3zyyxfAOLZZ711TySAZxpgSSNbMb5wMga2ZxBCZGIiJBujBs0RFh65ea1D90334s1gOATeyFD6G0Y5nni0vv93RqV0rCUx5NmKsmees6Lb5Tn92zzlLElQ0tJj8i0NV+A1o9UmRJisTfKPDHGhnjIKCy7tWmA\/6WnyjC5MVpEofvbOp6VSLzrYFEbs4xO0nP5EWcI9akrhkBkR4BVPvA3BR\/JNC6qdA6XjZq7vEC4PK42e5TCzz\/lS4AoqV6qY+iOUqeRm\/KZeFGwLXw2YBxOFGvLQSYLCrM0JT+ZZ\/+YM0cgNTb4UsfslWeAa\/dEDn2K0d5vlVIufoqB2DscZriUDfkBrMe3p2BYO28jOG0dIt\/\/+wVszbGGjaG2DAkiTDrcM67+fz7k2j14PiNbU6+l0I0CfyoRbB67XXdFnPllMtNEGiR4aBRcQCCchbCVwdD7xGfKg8VLCKykEzUES\/y7hiagE2xpKTSbAUtzMYTnIbSLikbFGyfUOpyFdt16r3gk3qkldqup8CI9vmdvD1rvxsFHFdQKlm4ct28WVqNsM7AcMCYS4IdY3fjlHdgQeFzGauOLiE2HquU8FAgRipNJCs2vXSgmlj6qxAuSretb3YYCFUtS5vV7VhzZ\/si5aRaf72K7CkGDHBs9yzIrPzdtDp1CIjAcpqkTgTiqw5a7bneWQdm6knt9coPgKABTdfR1Wfei0Q3edydbubwRd1QyG5zjI0T9bXVZf85BmVvZ\/oiH86E0oC1c6Hyl3M4ke1W9+ncVNagK7XEVU\/lQ9u6NvkLWq7c7LzCfIQKMjglkD6IZxuZzbgX+IVXu+2\/W0iJnR1BIZqRhI1sURkCMk5kSbefJtA\/3ss1rR1eV5WU9Nj63Lk8fki45wlDZBMYeXWKNBze+M4K2DVnLaUMILrXDsu6YTHRFaaXufk6rRMF0IUC\/p6LhqvtpFhBb7T6xRXz1tVkXrpMYBZz4xjGSbfGjFB"} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1591267474861366,"flow_dst_last_pkt_time":1591267474875141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_usec":1591267474875141,"pkt":"bmImQfCg7jdRvai\/CABFAABj8Y9AADkR0eVoGgvwCgkAAgG76soAT+eKyv8AABsUQMS6Zy9FF9Xn7IIP1UsQeHX9qMwU0rPlqKVxohC0BrmDOppdYLs59TAAFv5HsDxxmd5VEpKl2hES\/adSPHMDBUM="} 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1591267474861366,"flow_dst_last_pkt_time":1591267474876194,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":203,"pkt_l4_len":169,"thread_ts_usec":1591267474876194,"pkt":"bmImQfCg7jdRvai\/CABFAAC98ZBAADkR0YpoGgvwCgkAAgG76soAqc9DwP8AABsUQMS6Zy9FF9Xn7IIP1UsQeHX9qMwU0rPlqKVxohC0BrmDOppdYLs59TAAQG\/1pyxQuqr\/rtpFC2WVmtFOhv9JrpeHuopL7hMPE9fxl6sTSmvxfRAUwl+0yU2EdY5OnjwmP8hll9t175YCQMzKJKMegfWSiSk2V1nk0gFVDaY\/3+57WXWRq1p2wGvEOZh04iEYFueX23hrwDr59zo="} 02261{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267474935131,"flow_dst_last_pkt_time":1591267474949617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1197,"flow_src_tot_l4_payload_len":4297,"flow_dst_tot_l4_payload_len":5362,"midstream":0,"thread_ts_usec":1591267474949617,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":6116.1,"max":20960,"stddev":7174.9,"var":51478880.0,"ent":3.9,"data": [13634,13791,13932,1053,15111,1394,4,2,2195,342,15,8,10,14715,11,4,4,3,4,4,3,13849,1181,10523,11750,5487,19948,6547,20960,4038,19076]},"pktlen": {"min":71,"avg":329.8,"max":1228,"stddev":425.6,"var":181138.2,"ent":4.0,"data": [1228,75,1228,99,189,1228,1224,1225,245,138,89,71,71,154,98,543,71,71,96,71,71,71,71,71,686,71,133,71,845,71,108,72]},"bins": {"c_to_s": [0,6,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,9,3,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,0,1,1,0,0,1,1,0,0,1],"entropies": [7.825420856,5.391368389,7.839229107,6.043497086,6.731246471,7.843968391,7.815639019,7.852266788,7.065521240,6.543905735,6.067143917,5.873550892,5.873550892,6.748120308,6.120771885,7.600786686,5.845381737,5.732706547,6.072868347,5.683273315,5.722074032,5.818619251,5.778411865,5.760875225,7.744878292,5.750242710,6.580695629,5.778411865,7.773950577,5.873550892,6.249063969,5.721802711]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":219,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267477602863,"flow_dst_last_pkt_time":1591267477602221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":5428,"flow_dst_tot_l4_payload_len":230739,"midstream":0,"thread_ts_usec":1591267477602863,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":253,"packets-processed":253,"total-skipped-flows":0,"total-l4-payload-len":236167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1591267477602863} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":253,"packets-processed":253,"total-skipped-flows":0,"total-l4-payload-len":236167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1591267477602863} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 253/253 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7784099 bytes -~~ total memory freed........: 7784099 bytes -~~ total allocations/frees...: 146645/146645 +~~ total memory allocated....: 11492718 bytes +~~ total memory freed........: 11492718 bytes +~~ total allocations/frees...: 216899/216899 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 568 chars ~~ json string max len.......: 2266 chars diff --git a/test/results/default/quic-29.pcap.out b/test/results/default/quic-29.pcap.out index 3a2af7087..2f1a22fc4 100644 --- a/test/results/default/quic-29.pcap.out +++ b/test/results/default/quic-29.pcap.out @@ -1,14 +1,14 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592171671664832} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592171671664832} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592171671664832,"flow_src_last_pkt_time":1592171671664832,"flow_dst_last_pkt_time":1592171671664832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592171671664832,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02206{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592171671664832,"flow_dst_last_pkt_time":1592171671664832,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1592171671664832,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8Z1AAEARMDsKCQABCgkAAo7sAbsE7BkSwv8AAB0S824HvwtwiO8oxx1Iisqv85\/8EUOUTtoYvrflSLONN1vzwqO8AES3Q7WQp5eFbP47Q12xYKXOiuR8OKc8Zd+z5\/wDTiaB2gylmmpfXoWWnW9m4cfo29uCTrqUeoQcDlNjFKjOZThrp+QrfaDvzF+TP2mbdVAn5DVFyc3TGw9yc6eNagzixiAUYroBLFYv1DYB54ctmkUUCF38C+LrP5XSP2Zcs3QEOQDdiNvhWKUx+vneyJD2Ddv1Of313oIRItyeXVn2LxKac2RjP4PRAhodOpWDrnkB66u8HOFxUv4Q9HU8anll\/ZatcRtN\/kzzFFzf5YoYXwbtiynEhfyRDYp9NIa5aU5ngHDoeAIY8EqAjkZzDBZrpJEN70XKdgxbZ09x248vkii\/BYPsm8gwjS+Z+NMDUp5BndSqJan6LYduiBKS1FQ2ECMHPifIAeRkFfGsYIjcHELHJvd3bjIuQ5jcLDQ11GM29Aqw0CMdlCZ0GZUFJPoOBYtbWkB+AArzMv7l1fpdC85LE6kYaNSupy\/kxn4q0Fd9nlOil4czF7np40hmUQT5zuUOIMe57G4ak0l7jLPPFgnjPcuJ5+bhZHgxqEou6YPiVeaRUocITEWkE47FVdJ4XctN7CMWrbtrVTRyiKoG5jKjipRDy+FAnWpWY5dsQU4VKty4nhdiXpcyaazCMiTBlzAZlJ+9vVzyUo2gVZTdT1AmyQCJjmCzYg+wq4NqxE5hDx4BVlFY7VlIfT+LOXZeM++nsIOJaY7JaSW2i+1ji7jGvwvZ+l6xB5JTnisqnUTdF8GRkRAiTg25HBspHwtWrq\/Po4lqvzDZYM3JiaCh5C8UbvK9JJyDT8vEGu5LZu4vyW+zCsCEy6HtYm+Tl+y0wBH9TYuhybK9k4L\/MkebKAkQQeZPvBNwHsBWnmGK44Fke47qlm10TFPJJuYjv3s2WkxpofqtAF0qtGkvoZjB6BMweDMLBzljRd+MpcpgKx6R7LMPjs6dfEoyR\/++4fMZPmZ5nKh9L2NomKnJgnI\/Q7cjkj8+4G7DpTq\/5CiPCn768EbsWDr31eOflbsg2q5K0cAqBbvuSWrrcKEWWT9pbchcsh+CF4s8+eUg6FJomv69IBBZDRAHTYWn3VGlccxntEoW7HpxMfIbSnMt1P6bfNeHK9ADAu1LaTZlKkjjmK+gbjyes7l1CGt0SYwE5uDE0ieZjOn+NT2n96TJjl6343hGsZGGMospEVXz6DJx68jscskAGRLftunAK4Wcrbm0MVyZUbf68HXckrAHSl5ZN\/gbwXjHwC\/6kW\/aiMNhQdY8NhboJQcKwTMbOAeVwKF1KGzLGKNIqA8cRIBh1T1WLCqei3k8gd\/C7bxKNgXzYeJGw\/scGAKCWrce0B8GF8XORgu1hVv6Mwd\/suBo\/oG9g9Uq0JP+2Gj4EQHkZYzIbeC00Rkd0VLJzec5p8sOl7k1oJ2JxQnDqWq6c8EgrVrSv8x08C46hCl\/izdOK7GvwGEQaUkOOkL0AriEREHoeCFJRFtP85AqwidJch8tbK+7ugQPN0bUklhiKNfnQ3Ch72i6f0K8Dx8w3Oub6KBk7WsmEtFBIijRDgwb5rVjtiIuJyF+6hegy2WW6xf3iWQ7NMMjWxMe231j5YtMgDPBTVbFARaKzxZnq\/YZAw=="} -01270{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592171671664832,"flow_src_last_pkt_time":1592171671664832,"flow_dst_last_pkt_time":1592171671664832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592171671664832,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost","quic": {"tls": {"version":"TLSv1.3","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592171671664832,"flow_src_last_pkt_time":1592171671664832,"flow_dst_last_pkt_time":1592171671664832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592171671664832,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"localhost","quic": {"quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00670{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1592171671664832,"flow_dst_last_pkt_time":1592171671665593,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_usec":1592171671665593,"pkt":"7jdRvai\/bmImQfCgCABFAACRmvtAAEARi0wKCQACCgkAAQG7juwAfRSj8P8AAB0RQ5RO2hi+t+VIs403W\/PCo7wSLpoy7UXJBmrU+awywdI8GeSAtpBzddspmsO4wBFhAc+lOZRs3AvW96rBMIqSb8d5pE1izlVnQvJ\/MknH+txz1mHxROZRbUIezbGG599\/tfDcAoDEnt9M4O+IUzLE"} 02211{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1592171671666257,"flow_dst_last_pkt_time":1592171671665593,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1592171671666257,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8Z5AAEARMDoKCQABCgkAAo7sAbsE7BkSzv8AAB0SLpoy7UXJBmrU+awywdI8GeSAEUOUTtoYvrflSLONN1vzwqO8O7aQc3XbKZrDuMARYQHPpTmUbNwL1veqwTCKkm\/HeaRNYs5VZ0LyfzJJx\/rcc9Zh8UTmUW1CHs2xhuffRHwK3nve7Gs3tZecUJrzqDFyJk9VgauDIb0Z+rvJbpolNkK6o7LgasAqmBRAbZcMPXVvUfKsLiSsD4SILcWD+XvuWr3Bh6tm+Qfkza+b6iZPubm3DVwSuys\/Xdp90g3J3Xk1P0fVr4\/DBW7XGGDkoxhXT\/JK9l4UPRIVyi5S\/s\/HCP+EDwylk5NF4afjQaGSFHvpGz1rfWgSbWW9+sMKYreG0NJGBDTiOkzrmoNuPwZsLcClKrT8DHkz+OgR9k4HlGmCBbxjhS5EqHAPTN0p9tNIZWR+C\/qUiEONzWWHajForYbyQn2DUiK6yBo+OQYvqxa3oZpGE1ifu6+st0otshaii7hYat8QkKrneLy15mdLcw7PZ9xSTYArs9hr4+vj1cqKUtxqRPTiLF4dCvRIhEX4wsiVHTQs1H5VlPwKxJq579LyeS+qFj4KdmvZBFiZFw+OSy3NncA0jvHpvDNazCZw8\/tYybqvtyop8EVUiQlHyJg8YNQ+aWO8ypOTwvNIGYKTaPxXZMvN35yLXrvtf4haVdzH0G1+kC1uUCGWP2BWNjQ\/TVG8grG7RsHGbnZn8RfXhU4qdScFjhJ31TwgAH0lYn4+u9lnJAIs5sT9WTUkrdZcS\/sM3LeHI6MKWpycP8D28jlxLUcx\/dMgCF27Jh3BsCbctlNdL8hYW38Zr2U49ykd7WZpXsGAA1nzsNfuIwfkQE4VyGHnLjXrXxRxrD6N7QDeL7eK3kUjZyC5W534QYFYrh0HWuZfiukwt3neFrc0vgyMMdUKTmaa96v1P5OJVaakJ7Ko50Ic\/ccvWMdP83+NPcs+7HRXK4yG1yRzMwkmF0e\/57Dhb4ZsYBnI3JAGnaJwAbPLn7nBCtX11JVis76ALA\/EFVyoyCMj1RVsAHT\/DccWKXtdquQdm5INifNuOA564SVFMA0ccofKzicAZJiC7kfXk6QXdl0MLrIa5kBoBc0Jy5c\/hRqi1jxPFSJ4InRQNc9l\/l2XOPXUXc7GNf40YnCF9ge02seRVw5QgAxzztym8sQ\/GYuUd0UgGwdukDWiwqiuJGtn0Mf0hSpoDxXo0GxXy5ROaCq+Yj9+rOhxfWf+y2j1esQpB+lboWDqRNGPph3H9QluST7Lui0v+n2oEV84+fsaSRoIRNleP\/qkuvCpXsIrFGtk7NdB1Z8Zdm3+Q8oB0824BsnbIqBS6PVSMa5uQ7IDT19Rii201P9HjbIFdWd6f4nkoa7QLBzeQZCl5mk4NmwWPlKeVRJy8VolVes2J755oyt5f4B18ZbY7A13RZDfxUDmg9vvPRXS5gGtrj7EEBsE5b+jNiBsYGPfCajHLvvXuZJzWTgs5GIF2fZMlW3pKokAdhk\/JtyHS9+vfZXldxcnCxBcwh\/+X5Jvp0OY666uN2Hix0VsHswxfto+CE3l1fROmKv5hQv6DrppojEXU\/Bywn1HyxPBMx4G4LIAeSl0XzQ9LpI\/snJgv3oFDbMQMXW6dKIL6toQLmRPmeW2MoTht4gvwKXj8RRQP4umFHd\/MZAMVQ=="} 00681{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1592171671666257,"flow_dst_last_pkt_time":1592171671669893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1592171671669893,"pkt":"7jdRvai\/bmImQfCgCABFAACamvxAAEARi0IKCQACCgkAAQG7juwAhhSsyf8AAB0RQ5RO2hi+t+VIs403W\/PCo7wSuOhEpZ26G1apwTYmb8yCval\/AEBRPcuzOLEauCutm8Cg9Aw7MEJCqo0x9rzS4t7RXw9ZHJwjm4cjcaToOiMOaFfu+VVWYB5tVycdZGiAgFBsUfDxzpzoGAp5IeyX8RBhrIPQ+UnY"} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1592171671671308,"flow_dst_last_pkt_time":1592171671669893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1592171671671308,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8aBAAEARMDgKCQABCgkAAo7sAbsE7BkSzP8AAB0SuOhEpZ26G1apwTYmb8yCval\/EUOUTtoYvrflSLONN1vzwqO8O7aQc3XbKZrDuMARYQHPpTmUbNwL1veqwTCKkm\/HeaRNYs5VZ0LyfzJJx\/rcc9Zh8UTmUW1CHs2xhuffRHxHyuth7w4wAlhBFzSbC5OjU44\/1Io1dfhnPLBERJDclqgYkhsGCW5n5pq4++z17AmNcn8dBqWB48xy31i6C8\/7XLxAdE6MTkI1znSj0vPZF3m092HE5ICx5Cq8tPNqgLlGyC4nLFjq9OvRGmiuiF1TIpM9PmTRo8CoFdISqcZiGUU3ZatNhq0BrGHwqcNi5TGpNATNj+HPUET0xXmYCe8+PpzJ03gSTlzB0FLjb7iGX7ScJzGIFrKQ0gxbXNX3pdkMqQzBo0EnthbcmLKitGXotm1rEcUwvAV2ofjpp+dpKuUM0Owe+S7aqtPBkDFA45e1ipUu3IPJnxQFqqPunboo+Hnv3g9HksDbGOV3\/88bS6N0HERX9+EEPSf+jFcHugxRyYYN\/nLcw3xaDYPvLEu\/7m+N0ENIH2eff2kSd\/4XAYxOrjtXzzXRz0ZawsdnnAulk+tBvPHcTQAHUIJtSG+aaebsXHD40\/zcrQasAOlyD6+yxXtZkfWCz6DKTsNoXXFNYoferb8IbDYILPjauQdiYr\/Fqo4b8wg9zsOUqrTzOoLvaV1yqY6LGS5ESEAk+jr3ZvB3fzAjmUOGFx2kYo4hL1jK\/EcQPM5W10+VV3AoK53O1\/QDStMfKAH8\/GDuEx9GqesH0qCt5vMkOqn5YK1S7fYqFQJ0GQz1CMuXWrBTC2CpitU+UBl95E6pJUw+3rLOJIBV3NR9umg3dlzgZskQRIcO79GrkmsL6EakUlWb0zm1fkXRDVTVfkzGUPboF+IMWjDBLtqq0ad1m\/KEYu7JQMB2PIUND0ZOxU+8ur4pEZXiMKJMG\/vwK0qb80\/Sn812LEChKfMFqSLohC2gQC\/NCnWpwdff+PmCNJuaL7vvsQA+2EOqwBf3200Pla7XD+8mVcbikS\/Axog1Qu9D4fpVUG1Li3QEQ4yRBnPcG79jBpRS28cTqfVW5YH7i1z4Fqql03+ZGuyEqkhrg406IpTvdPVviAPFL6DVkypnWagcwF88ejZKMTBlSjOr\/eOnsSl23grex3BTGaO74gsy9a58KneVSew6h0i8MIAQY6ELejtpPDdIQT86X5SIhP9cpOQmuAOMAq68Vn9EEpUauLD0Ge\/pPsj020Ul4kT8YAmuqz2gf\/kHYlT+\/P\/xA7QdRVyw2RjbzYPDYQRVXfhs94sPTmHrCVUkiCWYkJMxWHBeSC2ADg8+ZvTBGDo1xzCm5P52WKcTaM0hKTzFhYXwpuMbeF5P5pR52zCrQWIE+qQW4s8tAphPljw12Jq6qoamxgL4\/mTWk84qzfcREKHpYIkc9qxIJr5H9EucfXGvqqcetWkoTg81lO9Haye5wgzOsUzheY9Lh1TUgo0WRNXVUuSv\/JGnmIG5uovTlVRwenPJouIS+CmrkTUvFwZ2e2QG\/xLBHcJ9L4V+YN+31gwg116TB1\/ngwjfvqla5cotuv7AWW+WckNMQGoS2EYDWJH4Uq0ZUbTENG\/qanNdGm8G85c0h2dl0eq8kn4sXYTc7lihVx7DpaoIJtYZ4ewJlA=="} 01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":9,"flow_first_seen":1592171671664832,"flow_src_last_pkt_time":1592171671699048,"flow_dst_last_pkt_time":1592171671697674,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":42,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":4303,"flow_dst_tot_l4_payload_len":4453,"midstream":0,"thread_ts_usec":1592171671699048,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":8756,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1592171671699048} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic-29.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":8756,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1592171671699048} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777296 bytes -~~ total memory freed........: 7777296 bytes -~~ total allocations/frees...: 146407/146407 +~~ total memory allocated....: 11485915 bytes +~~ total memory freed........: 11485915 bytes +~~ total allocations/frees...: 216661/216661 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 568 chars ~~ json string max len.......: 2220 chars diff --git a/test/results/default/quic-33.pcapng.out b/test/results/default/quic-33.pcapng.out index 04d5245bd..f1a8747b5 100644 --- a/test/results/default/quic-33.pcapng.out +++ b/test/results/default/quic-33.pcapng.out @@ -1,14 +1,14 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1607938456563491} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1607938456563491} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1607938456563491,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456563491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1607938456563491,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456563491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1607938456563491,"pkt":"AAAAAAAAAAAAAAAAht1gIDHwBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAByOYRWwTYBOvLAAAAAQiH9eh3C8+VTAijB72XkxHdoQBEtoviUAck6tyLLoPW9VDwFsyJg3YOj5\/ZBBxoLZq+uwOezSI+NQXptD5by+TGWuPRPrDAYZviuXsVHC7HmqDeEDG8QAq3dV\/xeXm5rkywye7b+vdo1p1fctM\/Oux9r7eV+Bkfx5+wJ0fdvlhyFGnTrwdcg8+4C7doPPgPdg\/HlJ+WJBdBNlB5bMDPwE7kBX2Dh4rUsRtMuI8UcuXEYHPlESOyFKyqmw1DOdGJ\/piVc003W0\/LEq1Eo7qm+0VXxD0O2HOCIiEHQSR0LHjT1VxLfzhAmJaat83P4NhBjDwwPEBaziMk5Xx7FlGTbjmQXwNdCCRvlZwHV8Z1FjV1KFEWUlByB6YIRcrWgtYq\/i+4joHr0arERD7m6OPY7fw34Aislp\/J5tfwN5lpBEW4eq0YBQWIW+o0WsbDygLLOE8qK7VrIW545\/s6vWmiqY\/nX3eqKbXLLa\/FVUoUAYah6VY+54jT2WSxlVbjRbKzNCmQ7iFaNpCpIEDqRUT3251KkF2ic95oNqA7SdIHar3DhA1BLknCroi9vMu8dB8ZQzinHdG0dXM7MT\/3xjsj6W1BusBxpaKNCgk4AWnV4woWWMHuv3AkSN3SkyzvUkLVvh69eozjggDPPRwSQSUAzHDWzbhw1M0maJHN9uf4A3ju1BNcFXtgNbzbLvZ8jRjuvbV5+sT2dKCIGszHbDe\/k7VIj14F5Oz9yEIDLSjcjUNYxAEtmmIW3gkE0URoURbr4fR+9IcL0qzkw6dXZu343bgbz5HR6MUnSxTpV9fqwSf9hnrNjraoPMA+2dRpP1Zgg8SJxppmH92oRToz9aDvX2GEC3Onm3NhLiCy9XRFGhGu\/fP4euaO\/LhZROPQcNzbK0KhgrgIkbbcdw+GG0U1DyrSN2MCSa0G\/gdd0iXjRkpuSltfEWcs6h5VKXYCs0nARTLsAmshRBI4tBnyE8czB9KDGhDi69S4dxLc2GhDvI7sBC3oYplXnPFpYJ5UZlYX4x4JzCNfzPKJLkB1GZ\/\/fH4d4Bdn3o+N0leV4SXwVyj8+XQXm2lqcn0l4280XR1PY9wT7WxHSwRDVHU1WF+J6uEthL0G\/TTOA8IENfk0c9FtN1gtuZbVqEenj8UavApG8YgiwEFLw3lw7QwEpdl2suMFgNMJ9GKiLgGbJ0iDoFumS7lgCZ\/nQNWC5kLAQ+6RwzRxTfyP7COmrj9VOCl2+wDLTe3MfV2rc9okYbhZWBQ90PNxn4RsPjc\/Y6ROnBtAhNHbhNOY4vkKTiqPf\/zXa6gyKLJwM4B2ikSmnMEc6pOt0km1BxO3IMATJR3y2TyvQwDT4h3LmpQf0gEdwRzggs5B+E7eqr4GF3leCUThvLN07bE6f2xjlfM9GVfW\/hyXIlfEkPiVHs0uNEuAtqja9wjv+TVSELvsqoLajQtysd2XscH\/uqkhI80k6EzletW\/z347Tefjbi7un6kw52zxXR3upATGEcY8WECkFSms+LV3Cbtq+fVkM8LR8ZIcoDoUWH511e8PHOE07KwOpTJwROur3JKswX2UtackuKBEnRIb2VrFAu8O8Bq\/G9385WeZn1kznfucxDKavwZd9obaQ66d2I\/H3+7RezClYA=="} -01572{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1607938456563491,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456563491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1607938456563491,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","quic": {"tls": {"version":"TLSv1.3","ja3":"0299b052ace53a14c3a04aceb5efd247","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}} +01703{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1607938456563491,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456563491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1607938456563491,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"0299b052ace53a14c3a04aceb5efd247","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}} 02214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456566304,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1607938456566304,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gTYBOuKAAAAAQijB72XkxHdoQg7VxcI2Jvc+wBAmyNACkF8YFqpKbrULKoDb19+uZg6qvjJtwEJ\/uOaQSa3OSU6O4kzdS3stlDlI1x0pxU6U1p+48IkszqoivEYtB69bd+ITaYbTkxaelp3jMONrgP7+RVKaRNSt1HkpjhOcLPrzWczoHNZnIhNfvDy2JT2t08AucggcJe2\/4B\/vdnrtpqK6V\/yqwGFTMu1rQIkxS92C6tKauoy9+VqrwAAAAEIowe9l5MR3aEIO1cXCNib3PtEAuCsTgG\/NlsvOl6GJP2fa9o99BT145OKWZuTcmr433tc4jI7eA6S9XkiunJFKo6ZwPI0CMllqhzpZg\/M2oExoGin\/1BGN9cmCUQfuYgNqfFCtG+9ndT9HYjrsBCdjtJLmxL7rPr9q0tjGpDyuXZi9R4mNROPUrln\/PkhZzgiM0sHtdd5p\/bNeUYtEqE7ldAVt6\/n44lU+YN3SU+JWXbqssVrfvVzr36h3ab7fYZ2wDsFWfe3UAXx72w0FuOOYB7+7UQe00b5Z0z5SyfSm4P9dPYqojw9+jCHeJHd8IAkR4khzwJfJ3q7ZLCXjemRtbjS+jOnIFHSC581L8cRfFE0puRn3ZcyA6eigK1\/b\/IulmnDweMhm5uzPfRzVpuYtDAmfupBBO\/lq0x9UE6G6aXlrZk5pUsV\/Pqkms2\/6G+WtFFZQVjHMyjk00Lt801D4RBFQF6Pahphh1rFyerbrHyGpVjzLCCjQyphY+Ef9GwnSwZSXfDtl5l6V75F8hdBb7eRQwoSsYy2TAPUn+5EgUUMa1L0FdqwqulhpTwuiKxlEjCwVmTxOQ9cg0ckmklTggiUpDihR6CGEJh4wbwQvtSQI7moaNImb3zhI+1KDCqOesSmC0luDPiQ6HVXRRmZBTcfdXaVe6yn8aOTSuCvFQcYVZJMmDXWA3tjd8oaA17lJRBbd52Hesk8cJ\/YJxx85q2dKnHlb3PDDd1GsYUOHckqW9oBPW3OnKOCPAmLbdAwZewxw5NCtlvRr65YuEBJebGFHlf1HDlzUGnZEYOFz7QCUVI0Cm1TQGPnrse0LdnJMU4XAsVFTZ0rmN1WZ7lpL6siOc2kDO70InGs0erREqxP56ACsZJMVSLIWh+Wtd1TXT7s1cqcJTYFE1niy2vrWekG6gLj5S6d+RexzQMJFxrY7r+11SACpmCHMFInRkZ2X9ItKQsY5EbZalkFRVlIPVyM4egzMKz9sn52T\/vMFKgNzwFrf2sp17iUQaz1IyM4BWPhByUmfVEtsPpNhTudVAjT+DAK93H3WyrArXi\/C2kIO6kQjQL8MrdQf21Vn+lMg29055+PrObIIyJyGedJEXiBJHhcPUZyzw5wKIN3qGujdkkwR3NWZGQsR9D9oFcHebuLVvyY9rfcmZsewBxwBuE+3j7ZET5hnurVax3LpMwvKOC7lHimTxsExq+Apn9MfGeNafcclrRpd8qOhu5Y\/D9oPxLb43JPWxWrwE9\/H\/\/i9MLl+t0zWNInh13oyE1g07E++NmYobon6Smh\/KGoGULC6seHfmLDTFHYkzCH+jMiW6zoYiu7MVxzW\/pT13bjivVb6\/E5Iu6Gt0D2z7Y6bkUG7P9GxtXA2I4cOhOe8m7St\/U9gg=="} 01549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456566431,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":805,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":805,"pkt_l4_len":751,"thread_ts_usec":1607938456566431,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvAu8RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gLvAwKiAAAAAQijB72XkxHdoQg7VxcI2Jvc+0EX7RIgJstg2q\/pC81tAEQflatapq\/RZQEybKUVkOQrHxIiM3xbz3ZbafCyVgp9YFd+JrcvMCpFHqt9ha4UaWT\/CVOhVDMl+x8Qz2Pi7UbhXXzBIpETH8Z7GAVhwJp3720klhijkJwcoDMcJhlagIc47WtHZyC2\/NvYhyD6pe18qYPoUjuwqv+wJE\/ZuFV52ejpLWx76nNhIhGaoM22WiUW2N20UYQh0kubnK8ydedmguDEIxF73mmjfBjQU7d+\/kjc6w69nvaNM1WUtVe+1pIxu53jikC+jWmnb37byYPq9yuXiC3\/7jLmxfDtd9m0NACttAKJA\/JNnc1mj5nC7Y4hcumqIR3HrbC6nuLoYsXX2Zp0f9UgYV0fEqMHvZeTEd2hiKBY6bJdCuJKiCqdgeiTl8HqX5mvvlLWJPlmCEJCqIrxf4AkkUVGE4BSMBWdBgCOEniMLjdilc+qHYhwYNZ7tIGoZF6d6e+Y9Yje+rmHUnbpVz7jAirlBT5H70Gx8i7gxMgFdddmzogwCmelHc7wvmzlC3bbPNEkyFgFvBjt104z4kXXH0FdVNTjvLWqMrMbCISgSyaKcGImnAuSczuqI+IdDAVMV3KZetnbRYTODT0MnkiyhjZS2c2FGhXiSczCoL+nOf5G7u0IMQ1S2B5gWkWA4zkPvuFc+aQWgo\/5D9qUsPB6Q6\/Lj7MI5fOlLauhfzQmW9GNJRpuqdg3\/ZmECJ9z4HnHnfJd1luO6tXDuMawQhxYeD2xpO\/QqBEAH7sAsFTq\/abn1uTe8vqVNYsZRf0hwJAKRW\/BJxg25OGxhUlcywIb3vGZoq+dJmTxYWX\/eqXVDs+dco62ygOlroB9wJoypHt\/D+y7eYcgKaWYE3hnP28kNmmEQuWhfqoLHNJTZas1p5oY5kezaxnU27xSuQXqGdvZdYxhIaICM8EHXUKIOqW8fx5oue03v9+86w=="} 02508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1607938456563491,"flow_dst_last_pkt_time":1607938456566452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1502,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1502,"pkt_l4_len":1448,"thread_ts_usec":1607938456566452,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvBagRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gWoBbtZowe9l5MR3aGoPMUlC8ojkveWDrnmED9W5sa4X9wCktDzDDXCYZSRQMxMbCVxwWOrGcoL7RjNrb\/aR0XYpCUrMVMGYc7NbMVcmFh+U7ptII9ng3LovEtfWD+Vs23WbaIHZ861LaEHA\/O3BXXbVKR+D5AvGegGrVyCDUDTVwsI0xjlHU6np3nq2hUuH8yJbDa8RRLpXgKEnKNLc11Kr0rcxDebjOz1dBKCk6MJE+RaErF7rEtrFcdkqX2anO2s+oQdnjsu5lzh2gt+Pax4A51\/PBeBgwzAMnnreukUaaOMmSVWTRc\/VoG6UCj\/Tagguq1zlSUsuPKfS4A\/Hj9PMCdEQl7Hayptql87eJvYWKvnKSw09TobsgFvbTKw8NsJvq53AE7lTrO3TaA+nGZFRkq+M1ZrN2+BdXW26C2KraejfRHNrX6gAfXr\/p6NjeOzTSfUp6nCX0A3akd5q4pDQzfTm\/ZODmJRSSua6qoJNXn0ZXKLdWfGo2HyscrTneMhF6bQ007r+YHFANXKovRp2EPpw\/UJ\/vmL8V6IY0+HgZbj0\/d8FIx79RtbyabSwl8zeJibsQ1efkYJNgJ++\/KCwNGDs8asJAde9mkZ\/dD1+61ArTNYb49TexSktCvy4pG\/lsRXKxM72Y\/+4TJXT4xFdvuvm+PYjyD61bnMUmH40\/yen\/A\/WgtDFdjYfUH767jw9eFdVWB3ZsqeIHitWtMaap9xJIluBD+y2SxNS2T8mAjyctwWenF7C6shXsh0qrLybxoQ0mpuErDwRdnKd4mSsuqiuoQGfGbICbCc2dii\/7aSWW9g0280LQsrjBCl\/YvBCm88jWP2XY0b7UwDAZYeSSdHwaFhBXowhDhxXzH8R0g9ke2rFjs\/\/TBqq0T\/ZB1XqZLLhRVNSNff9p8XMZhqF6nYP3WZjj1DqFa2r\/223NsQ6wlp7tG634D7micOuvJWURO+AlGXtvI7zygsUz0CgkusaQEP4TAWCgn0lXeK6Jy3aZ6m0zQtfsa2SiY0Pyf1PWTuWCeXEhhqN0+G6HwVWdmaL2uYxjn01+QKvB6cqgjzUHj7ISnkgdtIrQ+jDb3\/YuMI9cxUejbp+0glcdsH4JO3WK3bIkjHXe4nJtvi554x5sT83RqdBEWrCT8Hz8DvHMAfbR+\/XpS4NJ6rIBJZTfZnrcqqNHxc+q5Z3+z9E3mEki3zOsCZbUzk0otiSbbusPTJ7Es\/ZnRISPdeCvvH5UBZA\/ITRUTY11l7ptIDwkxD3Q2fTkbX2WLeZoRV1F5rZs22rukFjdfZFbVimjaztzg6Wex3ilHTBU66\/wagcJ+boiTqvzD9shT8g+9ztRyM6oDrvueAWdlAP374US8GzN2ocd+LWy3Qh0kD76f8cnFVOhNIJ74ji8WV\/lEp7vTYYUDMrlFJm1g2QBxreEzVyyxzw\/kWu2secXUHFiuq\/aLl8lirZilXXB6BKhwYA6VsFx\/wQgXMGW7N576ppMuzN4q3u6+qKsFRgykE6xWMCIu8rfyHPKLU8hwJI\/Un9U+WP4ym96BQBToDbbY5w60F\/Fn+reGqzEXYBrNxFHbTy+34B9XFDXGRJuNXJEdt2xpxpJ4rLfkfhcpUBhpHxNFrGGx2u1ISXuanPkdl0U8p9iUo64xVk85WGi67+\/Po3\/vbJft1SNF4cB9lwe3oY2I+j\/MHJ8WFVg+W3w5clz+ifKEtQv0lEwiQL+Eicb9gfq3tlAR\/Zi7S7qlLM5dHBagD9XgE\/DssV\/nw3KYmdu4Cl7igYDAaGwJ\/prNC9sgv+k4qxakCz31iRthWoHa0gjjPRWdkJJ2NsNi51hPYr48FsvBgPM\/Y\/atiNkibfUawrvmDvK1kNir+duSpeLrnsGaquwEZKhLjOOhl7z2u7XrHBakQNuP2txJ4w+obo1p2YnKmbYM="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1607938456566937,"flow_dst_last_pkt_time":1607938456566452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":115,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":115,"pkt_l4_len":61,"thread_ts_usec":1607938456566937,"pkt":"AAAAAAAAAAAAAAAAht1gIDHwAD0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAByOYRWwA9AFCoAAAAAQg7VxcI2Jvc+wijB72XkxHdoUAcmTt8MUVh5MfFjPiR6HrZ0x4AXuWw5hgay8870A=="} -01306{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1607938456563491,"flow_src_last_pkt_time":1607938456567204,"flow_dst_last_pkt_time":1607938456567051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1432,"flow_dst_tot_l4_payload_len":3470,"midstream":0,"thread_ts_usec":1607938456567204,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":4902,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1607938456567204} +01416{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1607938456563491,"flow_src_last_pkt_time":1607938456567204,"flow_dst_last_pkt_time":1607938456567051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1432,"flow_dst_tot_l4_payload_len":3470,"midstream":0,"thread_ts_usec":1607938456567204,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic-33.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":4902,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1607938456567204} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777130 bytes -~~ total memory freed........: 7777130 bytes -~~ total allocations/frees...: 146399/146399 +~~ total memory allocated....: 11485749 bytes +~~ total memory freed........: 11485749 bytes +~~ total allocations/frees...: 216653/216653 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 570 chars ~~ json string max len.......: 2513 chars diff --git a/test/results/default/quic-34.pcap.out b/test/results/default/quic-34.pcap.out index 6370a2ed9..82717cddc 100644 --- a/test/results/default/quic-34.pcap.out +++ b/test/results/default/quic-34.pcap.out @@ -1,13 +1,13 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1646827637244077} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1646827637244077} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646827637244077,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637244077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646827637244077,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02213{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637244077,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1646827637244077,"pkt":"CAAnfrFjCgAnAAAACABFAgUATWVAAEAR9m3AqDgBwKg4xtpIEVsE7ChNxv8AACIIoSj95jI1XLcIjUy3QAcovkkARMqtPUg7uXRSK4kMXX53Es5onLzxtRemVGyuMExaFbMut6vDuqB2U\/DpzOfUlq0FvRt9rUJpjW6yDtUJ\/70ztz+CDYIV8VpKhQLQtYfPD3mmkKn2FxkrrQO4KafazVucb4cvV7T4N0u43AnJcMtc4d\/GXnMaac4VfAlfHe4y11Dgg0O+0aKijzEWoPXxyRR4t51aC7Nkbv\/0J5dgWKDBQk9w37dytb5zwjbfQHpRVluNBzZHs5I4DMZ\/JnNB+PrUyuyBmXrp0gR2XnwVjzQ3flNPFgcQgu2\/JTVF0L13Ckxt\/+QZlc9B3wBoysEquMpFluVCxlhpsJNoFK7jPg3r2c+uxRQG0p8pcZpnvTksWL+f8WqFT5coLPPdZlZwBn02RKfGTA+uAZ0LaE0O1ka34WEpgqpoVc8fayaTadrjLyO\/JlS+dq\/Kdd3y9KPe38jjexcirOrW1+qlPzhwIx8piSprhOCyEQY2+fljrQNCpUoPKvzdasj+8Y\/vgOi4aANXTAspd+NPZCshlwQpGBYQdC7CEZbf5QlwUnySFyecnPIsokfcy7EJCJxGVFXATop39f5agqqDgJBBxbV7Vy06FK1qkx\/0u8uhGfVjqVKRKmprwi9X1kSSqhXt2GH8bZxjiM01oC4BQV78N199Rg9tYJupRv8l6yvhDS9rct08zWWNVxr58lebQUaKNYadQRmZaFtRmnN0sxjkvcxweUxbZooL7E4GGIqIljR4ZhLlzlK3E7B66OJGtQAC7VyR46GafnwhTxp3HrOyLyoZp0Rw7xcWItz9Tv6lT2BoA4Y0DSNY9olTp+DPyrMnUG0vqRxzRhJ8374jg6MVKZMEa\/87MY2irhA8kK8hZoC3M19FTaOnneltuWAhMrf+Q8t8BAlD7kUkH6oHx9vkYnEZiK9+\/sfx6Qq8taGMG\/mcWDWaYEb3NXAZqmf41FHteU\/OwdmlZSqoqDS5DlVhB2wq7tLwmLKxoxTkhjVXaunTU\/kfczBDm1AwklxFw3Hw5J5l+LHrwOolcProF6qLDBkbDOvOptyE1ll3vB0t4SH06Wr36sHzRz1uCQR21A9SHZvKyJK\/SCg1uApsLqdmJZ1f\/+1id8zTEwjq1qmsHED38lQ4CrlbWfoLvOR3f3s\/z\/QkitvfGtHhVZt0j0WepakKe07\/NGHX1V0dM0mTgqZKJh2Io3kvFvctAo6sUjbANXF0S8wxlOujZbFzW1LOki1CXDYWdPlq+SJtyeBxUEDNzFZ71VrbnwsnJNOpHvvMzPqdRV+ndVLZfpyQXSEsFc65QVoQNOu0MGerIkZa7wLe0y4mX0pnI8L\/R\/y1JTawqiJeeUx8r1l44ku\/g3ZE2uSVEJxuuTdY8TSHXRMxr7nqZuOWpvSIaUcGS3Q1TZnsiOTFYcvBWzEbQ72OmSRWUJzCCABBzidjiDpGWzPkhe8\/ROyjlc\/5TRQg67rXC2fAj53uXQRWw3a6jszT4xodZsJKooKIos5G3CpYzzQSJCrtOeOr5\/ce4c+q3Hx2rzKhdgv5WRhVAr2UV23TNUJd0OkmVeoZzs9v+FDb0PtPPYVDKHvjJqHAzOy1dUyjTbdc+UjRQ\/Xh3vEMPhsnnFc+0+ln6b2hntZL0z9eF8yMJK4KNw=="} -01652{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646827637244077,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637244077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646827637244077,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","quic": {"tls": {"version":"TLSv1.3","ja3":"0299b052ace53a14c3a04aceb5efd247","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}} +01788{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646827637244077,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637244077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646827637244077,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","quic": {"quic_version":"Draft-34","tls": {"version":"TLSv1.3","ja3":"0299b052ace53a14c3a04aceb5efd247","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}} 02213{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637247874,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1646827637247874,"pkt":"CgAnAAAACAAnfrFjCABFAgUAqq4AAEAR2STAqDjGwKg4ARFb2kgE7EgDif8AACIIjUy3QAcovkkIkbyxu2YmbzcAQJwuFyenENUqJ+JAUUd0pzPM6YfLXJbr4Ls6WaBQnpeEVYscLYmqST86NZIZE4bUhuMV7nVVeeqYe8GuuwtatPAGGTW6q7p5GlzaMgwDpbi8BdNdLtW13Hqdt9WnjpqVBlTPXGjJKFNPYUL1p5wtvsDZQ4TlC3npqKXhES1sS6J094lDKZtXU+v7T8eCFSNuI7Td4nHjGGqNqUKgJSus\/wAAIgiNTLdAByi+SQiRvLG7ZiZvN0QVSPjoxHY6BY1VSgy5etewIoW+11THSEpbinUyFsFkXsGASC8punYhUcJKCOC4rBIzaCstKMtMJHeFT+sUXNNib04LBnzYQKYceojlYPsGe5Ro3OtptLvx4kbgnpc62cqQ1nxvDHT\/fJKWJpgJvoU08oiVUiGs3B1bAvXl\/Wd+wkAF\/wAEMtHf7gZ1kaIq4RaPvn5a9A7UzqeEBuYGDShEpWXMe8q8vuDy24QsQNetariaa4kyNHYl4QdNhygXx\/G6ImAU3U1WThFZHC7AGd0gIgLIGzJf\/9m58rpSdM8Ie6D0sH7LUz+QS+Z4XNqqQcfZPaTaAVOFR6VUyiMeaj3F8bkj\/3MFBH1Z7mXRy8N0qVksEG1OlaU1eLaFjqcM9ZlnatIXhDVNsU98jz1VfTd5sFlnZuyyy7JoZ94aXeRH\/zazdoWlaXePukQ+pl9yYFQPdkgJYi+xKQurw0sw\/SIjNt6qV1Kt0\/FKxwfio1WQ7xlNXzsikFbr81oDdnzQYE6rGMYuxy0RnbfRhLVdsGTc9\/tp7zhIS4DV21JLjrv9UwKPcwJ4JD\/1Rxmkn3Jgw\/xQKXSa6JKSiLv0t\/weF0kbZssWUTcVDcUkDhsJSAH0njJoT2cFwm4lWcM5\/27nvncmYaxDvQXBfFPVW+m3Kwufpk8Xq\/eZbeo\/gSSLUYZOuQu+1ySiHDi5lLzsrpugFKrtUw8ayavMdKrm7oT2ZHXYsRczEGy\/6j7hln+rc24EWxZc0x2eirzNMVxjgu\/0CooTXqD4vghqN1FykIiDm0ZniCVUNexnbGWB7jTgFGcio0\/OnikmQ4dYt56aiM9sIGNcOvsTnFVh+cqJS5HY98vC1U2OBDew6qoIOHDQ21GKLwwRZV1T6U5f6o+37jaPoC1trLLadI2tORnFYqRZm7glwbD9lNFVr+PbofAndUgCf6Zk2CDaE686Awtk3d4hYhQQ3WNznovhVpr8uhbkmAY+WL7y023sNxtRIBnWlXFZPHQuiB37VW1mvmc13p6ljSnKt94wjvyH1FOprPa3tga3zWcYEvWdg5Xqw1ju7gmEzi+VGOvWFAXTzHEhgyFz4BPL84om6p0ALU6sMz8ZdCVqy3kojlACSWsh5\/A6tV3eZJDcnfn7IV6RS+dpvmNwYoFMJn6YSfH1ddeM9mWwCcbnxFV4aWagX1z8fcqVLI6IMYAb37L0\/zdSO2uZe\/h4kSA2SLJTWfPj+TnqT2qI8MlPDZYgXs2XiIdxOOzSUnZDmRgGIMADHBZPrEl6WERC1eVKU\/qCzCib8\/Q0YyKXEfqbm+ia9lXh1\/rbg1B\/\/CXdzCHVzZc3ir8TnofN+5SG6M6PapINQPVY7HwnTlqNqDNVMVGtlLYsPe7LMJnAoGEI2aKSrQZRaA=="} 01488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637247940,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"thread_ts_usec":1646827637247940,"pkt":"CgAnAAAACAAnfrFjCABFAgLwqq8AAEAR2zPAqDjGwKg4ARFb2kgC3Huyr\/8AACIIjUy3QAcovkkIkbyxu2YmbzdBBIfexsm7espBXzGKaZrAS7pggZDUUIfbdQ\/09SYdxmJiPOboVA5GNyIN0WKEZEb2ChDB1GilmJgW7Qp24EMucpJ8B17AVuDTPfEx7nyxUZnDxLnOV1NZxSPDEwEtlJluh20qRikrub3PX5DmXIcRaHLRejZJ9hsaCYWsq6n5Gfas0GF7MLGzHn117Y0pGUO2eqVFiwenMssI9+ug1E1aDiNVvZMQKSFdyDe9LiLFeCdes2+kAlg73TsTCPbewTMdEgVZBgLZaqO0un1mix5Qt6BKTBkVA8VSZ95v+EfSMYEwA9xZi0jAFqqTGyp+ZP95tU0r4nGCl85tIQDBKXfcBXQge764C41Mt0AHKL5JAwe7F8jwhPqhtghmuHu5o5uyPLm0TwLbmCTREzsDZ3DsGt5qVRU9QIvOhWBrh4V4uljh\/BtTxVptxRkCktu+NWT04G8qsIYXDgRKJUfYMbGUdCKTsE7gC0FAzqopaBfgolmLGZhX7ZxOjTG5NpEGFq+sEmPjGPlDauhq8NTECzVYfToMEehRp8C3bVLHR8m\/W+k90FLQ1TlaEbOqjuZyM\/9ouIFSCmQMPUymc3wxlPi0V28D1yaErAIjX4TP0GolGAZO78ybzC72YMWFqgmnosw3ju1DxFOnMm4S5978OZU\/wmbSWd91srzQp2fOyLvD3wvvNCgP73nEBs88atgYEK5VcrbDFNBrhyEvYixxRMTIqYTLkuWudZVMFEpbA6nhu6WPpaKYD3hORyKUUBLP\/t\/DIvXUYAsZ4s7fmfApFG7wJnzGak9JU7Tkzy0XAM9yEGedigZBltqQA4wPLvuXascBjTXzqxcRPwVbbiOpsQwIpMGnMJz4+XgHNI2WaH8iPl9H\/sYwWUugeEAk511PGx++JwUxDqTYxBlG36Eym55D9c1vN\/8RDw+9AAMguw=="} 02455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637247974,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1482,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1482,"pkt_l4_len":1448,"thread_ts_usec":1646827637247974,"pkt":"CgAnAAAACAAnfrFjCABFAgW8qq9AAEARmGfAqDjGwKg4ARFb2kgFqI1IDI1Mt0AHKL5JJhXLILeyY0WWPPDGqu29pNjeQrsiCTUma2TcFGcgbIzRZdr6JWtplLqpt4qp74KLFQm7PESBrbW0e3kxD7S6yxhRI9JMLupNpVNheQDAE\/K7XDfSJm30AU1TktsrpLm7TfiD8USojXAxktLUfFjAiN6LG6fZddkhXh9AYZ7\/h0cSCCBipC+n3QCl4ZZLZob0nwewGNweDzedLSJHUiGlnnueifyEhuiUGtXgMNSJQ2JCiSHUKseCTMenBQSit9kmsy7m3CDkV8IpQHFpr\/KQRujoM5BDa8Yse\/Kl72IM405uisqQWn\/dXsCi5ce0bromjyo8SztDtTdIO91cc6sieObVALVrCc80ocAoEYgJTF5jiB7H5bYa3WWexHOJ0RxlkZABh5u2jRD60ENUaaMQfRFLTHtUlzezGzCFCF2IcS+WMBhwrHXLKOqpraJzqb1zDOgJyBdik0G2V7FsAOmmWq3kzNfjGuZ9T+fzSlxcobToHpyKVTh6yk3HH\/NbQjEutFtjDN8kzm6LZzftTMHupCPhu4ZLvz3A+qM2A1zwi5jSX7eTyP43nddNE8lSxbMriLhIHzadZrX75JISFbO5VwDvJNjuwIti4mRzJx\/4KzmR2yO+rvFcWV0dZs0\/MF6uYevBnu2YYbkzfUlVDt3QOqbxYzfYCPmQ52L75hajvvSWRTptBZWSpmDGOJ4XTD4avP\/kx9dpBnYVyb7KTOWud3jCtY9Dy0IFLUvwQTXGMQvxY1rW6hgIdpP+kthOl\/nWzDcHa\/PUhjS5EgK7B4SmuoeF3ytxRLbZxnjULC98CUv5fo7Ts14EjgMrhQbXmvegnsHXM\/e81QlFpnv8g5MxanFkxvc8tpr5XG8iFjGEj0B5WpJtuN7iq3z7nOCacYdJnYIiQ1mj01qFmCvBgbk7YWiMeiphglTgqhzvKbmvdg64HnjW1Es3AsdqJIZcqRus1DnD6rJkzYrRXchiyBhuQib+k4UQlm5hCqRnHhCo0J6LX8G3XGKSCadYx0g\/je+W+T0O4r2F5fhnLGmT5SAaG0edh3T2twOAFHIE1AKO0jwTDI8WzmuX8IYPD0YnpDPvt17DYPFIyDeOH5gIqsgYQjFZlXs0IHo2lM5JW0A12vTGEMsk8+9e6Z5fzuyATmFSi\/OqkgDSsNxnDgACPXJNiajuXioxc3erSKiDoxs9ouJzkif1wm\/7ixnjoy5M0DOvckjBD\/OuCCshIfuURfWTv6hvrPEQlix1SFn3RMCx1Pk8jg9thsFNFl\/Ho4MdvMw2RhXIz1+gcRUh14NXK1ApyZGsrTB7ViLQn5jNKtp2pdyf3KZPbaFL0Y7xQwOI0mvHL8HI43doiRf2crOMA1e0xs022LMvm5ySxZslF3z12zvalkvgvXb5OTKfwdssL2Oe\/UhdSppJObBzjA+FEs6Qfqh5bbz5aLbnxUlfYLmaNH+0BGi0hDTR9gZKHvTc2n4i900kDzzljVKsSlloNHgG4EshpTKWF2qFT2gsSKXypzJ7NmQ828JJYAZILIPg+FVeltdmCKZo2lO8FnakEKnB+A1cgn3\/xiCZQ+iDtSE0PJPFtZhhnpzFVQskhj6YomziDSO1a9fnQS0ICnwazdMcaC79GE+Zu7g1HThSx1E+aCxOD5MiNFMbrPUttd31nncq5ZDTQlklu9YFBeFEnNhjw7XV5SoHsICDX3Y807hcaww8O+S3\/ZZCHYrSiEoVXHK08+KrmgIfxu+0uDlNCswB4hQR1\/YEd7kLTjTbBWxK5h2KWCvESNP9hSvk0ChuucR4GXTRQ8ZJIb6PxRfICjZ8FJPDMEqg\/LMJKaLCiKRq62PLTEgbmtE7W7wFMwBCvtRBZFheSD6YcHVovYACuFKvgHYWtpT3Rd1wYRfqLJlwTjGraxth34Sw"} -01326{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1646827637244077,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637247974,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":3416,"midstream":0,"thread_ts_usec":1646827637247974,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":4668,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1646827637247974} +01436{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":3,"flow_first_seen":1646827637244077,"flow_src_last_pkt_time":1646827637244077,"flow_dst_last_pkt_time":1646827637247974,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":3416,"midstream":0,"thread_ts_usec":1646827637247974,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":55880,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-34.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":4668,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1646827637247974} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777145 bytes -~~ total memory freed........: 7777145 bytes -~~ total allocations/frees...: 146396/146396 +~~ total memory allocated....: 11485764 bytes +~~ total memory freed........: 11485764 bytes +~~ total allocations/frees...: 216650/216650 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 568 chars ~~ json string max len.......: 2460 chars diff --git a/test/results/default/quic-forcing-vn-with-data.pcapng.out b/test/results/default/quic-forcing-vn-with-data.pcapng.out index 617275c09..b7050fe66 100644 --- a/test/results/default/quic-forcing-vn-with-data.pcapng.out +++ b/test/results/default/quic-forcing-vn-with-data.pcapng.out @@ -1,15 +1,15 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1679647550075975} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1679647550075975} 00805{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679647550075975,"flow_src_last_pkt_time":1679647550075975,"flow_dst_last_pkt_time":1679647550075975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679647550075975,"l3_proto":"ip4","src_ip":"192.168.56.103","dst_ip":"192.168.56.104","src_port":55523,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1679647550075975,"flow_dst_last_pkt_time":1679647550075975,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1679647550075975,"pkt":"CAAnf+BDCAAn8IWkCABFAATMhJpAAEARv2bAqDhnwKg4aNjjEVEEuDJfz7q6uroQVl708WxeHhsa5mBcIA3qIxSa1qUCjpCO14+hDyjRFC7TMDsu8ABBMJ\/Xmnp2jeT+WoWwVvVQ1b6O31rw\/qrqxPBc6dRBLf3lEnWUBd3\/w\/JQS4pKYmUdU5xWZGvD8Ne8oIH04WmJmwXaQ\/wvsWrbYxMO92iL54vc6xp1YgRdxw06FeOPLguy4cuHkDCcnYaGKZtOt7y8kZNvtvYqVsxKCmdDYro3zFaHRpQGMtI\/2BuaZBboKETxeu8KUSeXMOryg\/KX2YYDmA7UmGc3kubU3ivUS1f+9ssIOdiFDX3AjohVcBNsmGvrXwTji3o4Dv2KTrLwBHjARD+\/HIuQNvwgHIVOT5\/pWNHA5WLk3tGMFGtipZ3L0RwYWrpR0zUek07xhYkSEEfPEtxXB+OXiXWb+BcdhWB\/SBgLI2MZqCKctIdHgsKw9gQe9RKvDyUP9hML1+k5xfL1Z\/EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01203{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679647550075975,"flow_src_last_pkt_time":1679647550075975,"flow_dst_last_pkt_time":1679647550075975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679647550075975,"l3_proto":"ip4","src_ip":"192.168.56.103","dst_ip":"192.168.56.104","src_port":55523,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679647550075975,"flow_src_last_pkt_time":1679647550075975,"flow_dst_last_pkt_time":1679647550075975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679647550075975,"l3_proto":"ip4","src_ip":"192.168.56.103","dst_ip":"192.168.56.104","src_port":55523,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1679647550075975,"flow_dst_last_pkt_time":1679647550076388,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_usec":1679647550076388,"pkt":"CAAn8IWkCAAnf+BDCABFAABXibFAAEARvsTAqDhowKg4ZxFR2OMAQ\/J0nwAAAAAUmtalAo6QjtePoQ8o0RQu0zA7LvAQVl708WxeHhsa5mBcIA3qIwAAAAH\/AAAd\/wAAHP8AABs="} 02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1679647550077389,"flow_dst_last_pkt_time":1679647550076388,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1679647550077389,"pkt":"CAAnf+BDCAAn8IWkCABFAATMhJtAAEARv2XAqDhnwKg4aNjjEVEEuNtQwgAAAAEQVl708WxeHhsa5mBcIA3qIxSa1qUCjpCO14+hDyjRFC7TMDsu8ABBMA54Th2uKKBTyuFZSj\/k\/wVni1\/VEb4BwEd2wFchfVvbsaxQSyafFU602xdhY\/hqar3jkXSMDx4Yap9GDIKZkoKX712k+krCrY1LxWCZrqSZ5o\/n+IAhPJv6cc1afVhlFktUj7Ej5rZTIzF3usencZcTKebYdF+AofoUiIpMDeGk5q40inVVx2Tq3oiUvrWff2oHgfyzHIPYWDBQJzGlYdeJeXC8ovohighPQjpowSQ0MAQJbZn8zvwsLjPhaNP87kkehttCVjTBObELNAx8vzApvZ4jVGUqRU1\/g1tZlIH8u4AP15PU12drUf16x1tPlNvnJKiF8GunDRZjKaGQA6rtxYnlafWaArCeN7VOyBATjJkYKwZaZcohVq9\/pCDytSn6SR1eUTlsjMkcUWeYHuYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01476{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1679647550075975,"flow_src_last_pkt_time":1679647550077389,"flow_dst_last_pkt_time":1679647550076388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":2400,"flow_dst_tot_l4_payload_len":59,"midstream":0,"thread_ts_usec":1679647550077389,"l3_proto":"ip4","src_ip":"192.168.56.103","dst_ip":"192.168.56.104","src_port":55523,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","quic": {"tls": {"version":"TLSv1.3","ja3":"86871fd0d48de0c82beec154cd3f1744","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3,h3-29,h3-28,h3-27,hq-interop,hq-29,hq-28,hq-27,http\/0.9","tls_supported_versions":"TLSv1.3"}}}} +01607{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1679647550075975,"flow_src_last_pkt_time":1679647550077389,"flow_dst_last_pkt_time":1679647550076388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":2400,"flow_dst_tot_l4_payload_len":59,"midstream":0,"thread_ts_usec":1679647550077389,"l3_proto":"ip4","src_ip":"192.168.56.103","dst_ip":"192.168.56.104","src_port":55523,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"86871fd0d48de0c82beec154cd3f1744","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3,h3-29,h3-28,h3-27,hq-interop,hq-29,hq-28,hq-27,http\/0.9","tls_supported_versions":"TLSv1.3"}}}} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1679647550077389,"flow_dst_last_pkt_time":1679647550077628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":1679647550077628,"pkt":"CAAn8IWkCAAnf+BDCABFAACBibJAAEARvpnAqDhowKg4ZxFR2OMAbfKe8AAAAAEUmtalAo6QjtePoQ8o0RQu0zA7LvAUcWOciqnjsDzc3SKuu6g5K5ExooZxdWljaGUAAAAAAAAAAAAA\/\/\/AqDhnVl708WxeHhsa5mBcIA3qI4k9mX2UyYvHNrwCtPdyFmY="} 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1679647550078584,"flow_dst_last_pkt_time":1679647550077628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1679647550078584,"pkt":"CAAnf+BDCAAn8IWkCABFAATMhJxAAEARv2TAqDhnwKg4aNjjEVEEuO20wAAAAAEUcWOciqnjsDzc3SKuu6g5K5ExooYUmtalAo6QjtePoQ8o0RQu0zA7LvAmcXVpY2hlAAAAAAAAAAAAAP\/\/wKg4Z1Ze9PFsXh4bGuZgXCAN6iNBMBQ6vULpecHOMAGYvn9a7v5AvMXNhHDADjN9w8+4JawyIsFcXHSykMFbD54LHYQ0Y0\/gglw5uN0p44Z+7ai6KXvl9RuyJhEtdciJ+dYAYmzMp2MiXXnkeLuE7JLbpEpT6gFTjs4NN7ToadJAWHHhNOX60rnA9b5iTYa0VCKX7vVloRLUhxpcePABr\/SxFgF5LMJGd87ISOSaIaeoCltsIM8MOeB3o1aJEgNsGDysB\/iMwRNBSdVFP7ziX73ptxXwVuRIPMSsvRNOYSXyJinUqBZWtKWf3C2oKmz9VL8pHiF1GH8SnrZmbB4PXoA2kAqm\/7vQUDXwqk97ThrGeX2UciEQiyQkeuDFANh6SgmEVjeCan9sdW84wWot93kMdgpOk9VZI9f+t6L8EyrjtnFkadoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01238{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1679647550075975,"flow_src_last_pkt_time":1679647550087772,"flow_dst_last_pkt_time":1679647550087186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":5466,"flow_dst_tot_l4_payload_len":2691,"midstream":0,"thread_ts_usec":1679647550087772,"l3_proto":"ip4","src_ip":"192.168.56.103","dst_ip":"192.168.56.104","src_port":55523,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":21,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":8157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1679647550087772} +01348{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":8,"flow_first_seen":1679647550075975,"flow_src_last_pkt_time":1679647550087772,"flow_dst_last_pkt_time":1679647550087186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":5466,"flow_dst_tot_l4_payload_len":2691,"midstream":0,"thread_ts_usec":1679647550087772,"l3_proto":"ip4","src_ip":"192.168.56.103","dst_ip":"192.168.56.104","src_port":55523,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic-forcing-vn-with-data.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":21,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":8157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1679647550087772} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 21/21 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7775718 bytes -~~ total memory freed........: 7775718 bytes -~~ total allocations/frees...: 146413/146413 +~~ total memory allocated....: 11484337 bytes +~~ total memory freed........: 11484337 bytes +~~ total allocations/frees...: 216667/216667 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 588 chars ~~ json string max len.......: 2149 chars diff --git a/test/results/default/quic-fuzz-overflow.pcapng.out b/test/results/default/quic-fuzz-overflow.pcapng.out index 4d58d390f..e5dcf5908 100644 --- a/test/results/default/quic-fuzz-overflow.pcapng.out +++ b/test/results/default/quic-fuzz-overflow.pcapng.out @@ -1,10 +1,10 @@ -00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1633957625000000} +00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1633957625000000} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633957625000000,"flow_src_last_pkt_time":1633957625000000,"flow_dst_last_pkt_time":1633957625000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1633957625000000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5} 03089{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1633957625000000,"flow_dst_last_pkt_time":1633957625000000,"flow_idle_time":200000000,"pkt_datalink":228,"pkt_caplen":1280,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":1280,"pkt_l4_len":1260,"thread_ts_usec":1633957625000000,"pkt":"RSAFACAgIAAgESAg\/\/\/\/\/\/\/\/\/yAgICAgICAgIMhRMDI0ICAgICAgICAgICD\/\/yD\/\/\/\/\/\/yAgIAAAoAEgBENITE8gACAgVUFJRP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAg\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICA="} -01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633957625000000,"flow_src_last_pkt_time":1633957625000000,"flow_dst_last_pkt_time":1633957625000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1633957625000000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633957625000000,"flow_src_last_pkt_time":1633957625000000,"flow_dst_last_pkt_time":1633957625000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1633957625000000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Q024"}}} 01227{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1633957625000000,"flow_src_last_pkt_time":1633957625000000,"flow_dst_last_pkt_time":1633957625000000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1633957625000000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1633957625000000} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-fuzz-overflow.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1633957625000000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766754 bytes -~~ total memory freed........: 7766754 bytes -~~ total allocations/frees...: 146371/146371 +~~ total memory allocated....: 11475373 bytes +~~ total memory freed........: 11475373 bytes +~~ total allocations/frees...: 216625/216625 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 581 chars ~~ json string max len.......: 3094 chars diff --git a/test/results/default/quic-mvfst-22.pcap.out b/test/results/default/quic-mvfst-22.pcap.out index ac37030bc..32373f46f 100644 --- a/test/results/default/quic-mvfst-22.pcap.out +++ b/test/results/default/quic-mvfst-22.pcap.out @@ -1,7 +1,7 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00749{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":24710880,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24710880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":24710880,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24710880,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":24710880,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEARtN0KAAIPHw1WCIsRAbsE2LapyfrOsAEIVt4FS0mAWdwAAES+glHsK6O\/Oq7IqxunKa1n3XFv8eVEdrO\/buZ2LMAVEB2NyWCg6hfO6EP+vLVLmftkS1PJQqVl7L+7l7BI482Kpj4ofT9JnOQ0xEE4Vys3R4pwXiPc1lMJx32RX9zKYm+Z1fbMOyayi7zU0q+i63OayYrYD3jSt+Vvv7BMyIgMJ2yBRML4Cvl27dkQOy02PKy9hJb4U9IakyZ9jxJvJUG6tfB\/LJZUaX2z8xaFt+J6lEY3AOj1WgBxHOY78xSQcl0cfAaJSIKcA9Vn4sv\/fiPAKil0a5hIx6QXM2jiv4vFSqcgQHPhjbxlmksCUD71+BcElvTx09somsejpTEXOX5DumiTu+RmoxzAPxad\/yoHUmpVtJwSnjk0zwlToGO6SDPnEODnYt3LIvHRsx7mnFExLWnr+yQHfYFCeLNMctGGZBMubCx4gjt048OWguRvM18ud1xw3iRiS5rez8OMJIfcMnRlbnJA4MyOhWSWUbuYwKHXBZjNJSArgDpEssUAVBEOZQpnBVnXDGsqdTXz0eM1y7mnenMoiYqQeMnNMBDyturRKjEAiVgPEzOZ8CufggYEMfnAHCuOwF04gvqplTrrZWKOSNpdQNeFrRsWk7y1RbIKw3b8jWOTzA\/3wnocU7LCIqLpjBDheYw+YKL\/QStNjvcf462QDT2fMTEzd2qFUE5\/HIdvgFCjr11QAYfzSa9caF4orrxStMFBMwLrngiPEoNK2oL1ixSvqcDH1eCryay+ufbCfgtp9mN21cP9bS1fp+KOtJdRjk+WwIrnLE7yFL2kPl4Y1ub8Ic+0DgBOwxUrYa0lSq611ixLqvgBVVHqkVlsmy5FzYlt4nKwAzaE+UMlVSse0y5ciP9QYj7PgUOQsYRJLOdnUB1nb1cLIVzISsr9mEOc4Z\/V5yQfx0Je4KZnrBbnTxqzPJmczioPnEqWI3SSJQvibzfqftopphp69YYIvmngwQ9boqS8nu\/0Z90F4tXrXlEqVlkyt8z345OCJheKM35O3g1+gtDgXes9IlOq0VZHWc1xWYAyu3e5lYps9GawHgztTKd5Dh6phItAr7WJdjC7E5+Hw0Djk+jR2QPNAEyXNvBFWYdDCSKqCL0EW4k8u46MkhLkYoD\/U5LiEaiB5YSuGX8HZDJEwdOPPEWcT2hknjUDiQIy7tuEeBHkZxly3y9r8TtSEnAlDGbBVFAT+DI1sU7ifZHKOelnaNbzJX29JqcLfJH6OdFC035GL8QU1vvk19qbGftY3DBf6EJAhrCyEG8T68nr4mpyNVonkDSzrMh1qFjIZcwFXjgWWM6+wxfrI7EB5HOgW0H2RU+8jBV8bTAp0cYUEIW83AlhSIGJhaN4hzo4QbiQ\/NEKSL4V6HA7r2y3QQu7WQiGeuhWzieHC\/re+NOqmY8UZ2Nbtc52d9K25gQKE7BXNhq2zsjuIhLJme7BBI75RlEqF\/camjLVcquotPgLUp7uXIyomz0zmkrCGiGxy4HlklTCcE1ashYaXZA\/9HX39Pj6qB+WKglzfibh+ldNWXcB79RaHBC3E7rGwoRJM5jkaMEkWLJVppPuZZUXD0CLZZ5SItvsTmJ1D5A5i3llXNLFE2q4czLsPbe5Ft7r2t0="} -01301{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":24710880,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24710880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":24710880,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","quic": {"tls": {"version":"TLSv1.3","ja3":"a3795d067fbf6f44c8657f9e9cbae493","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05,h1q-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":24710880,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24710880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":24710880,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","quic": {"quic_version":"MVFST-22","tls": {"version":"TLSv1.3","ja3":"a3795d067fbf6f44c8657f9e9cbae493","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05,h1q-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}}} 02197{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24717506,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":24717506,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAAYAAEAR9MMfDVYICgACDwG7ixEE7JMhzPrOsAEACEhjA85S+SrVAETSp3xd4I3jcnRue9L34hUuKLzlfpPUk0DMF1\/VFxThZTibHyGTQPaeM6iOotElwwAC1lRX5vIn9ya6YsAZzR1T20xEKAiW3eJkBYrfQ3apmceqTTBCX0bJxPnVeRIzBODDHWoJM4cXlDC\/p3lohjBDIh+3Pmk8tNap58UqGgjHnaigatc5CgFJHJWL+Kd1f9qcpuyZT1uB\/ns\/WT+PLudF\/jQ9707j1mFbnqiURY6nhTe97ZArhq7t1JVJAsO33k150ABBjgVdT\/6wgI8ik0OKmmJMbfb2L+7Ixq0YAACyySDSzQt+wcslS6ksj5zkeJG1dT9Y35jxFQSLUO32yxmbwQFG+b4QvZMRJyJvqfQ7oSMncZe7gs3wgTuaXe5geZfkx17MmRYXTYrf9pvAukh+MM4Q8hjt2gZyy+8MqEokO31Taq32iXjDeFgjn7q\/sQ6rvlxCVyZt8Ccaw1VxzzUAQNXg6QrtjGJsnqKEgZqyevLn4vgbCyEPYSqzUTMTMLMrTP+YLSeAUyD\/0KlFtPE0vwwFCXwILzsVlF8Hrkegr6zVR+h\/fNZFiUKr8jA4htexop3\/TtMjF2PSObMi\/B\/O4yOQK7dMjsb7j6HNoUatgqnfa\/Ep22MPaFjhmHCE5j8WrQYwGpwTuF1k+FX+IBnWV4aUFnYpvfr221AiaeRWseWythbDWPKdPOoQEd\/nzlYGC5Oxk\/91qMZSP6Qi8tEzsAHdyiB9WngqFXo1pqCT6\/T6hHvEqNor+wZ910MK6fQ\/Z\/7idL3\/nnBnU9m8lqNNZM0XegQQnU8+PD\/XZhQjxUwoqqNWAXTx+KKl5uQmMcpN8TieU3aBwrb2x1xcZVNXnjwFxiEsI7kDQg0bAdgGrjrWKUk4cVimEMb0EC3L3V2ZK9Ef+8sswkJ6ekYpwvMTIYU4ZOYeN6c9agkkoqzbCCHeRQql9R0YriJFUFgYENUK5b9nwRNBW+A+lZE8ptuzw5xsFcuyBXpjCKYIgsmKcLlQPkBkV4L5QGZQzzBmN2GgfUAEzN8WWVN0hJqYa9YhcX7zxmRv9gsMitNksaFnr6AlihFLFZqlT9Y648AprztjF7njBZZ3u+CXpZkG7Px2yrrdTouwjAToPn\/AdVmPPTHV6xKp99fDbwaMyfL+yOcnJ2plbK+wkS1jsiP\/yDk9VzA04xL0657ViUEAuv3t4Pev7pI\/DIFdRVSmTSWKvywkuBVJ\/VJOp\/6cO+Cy5FlDhTQR7H8evMXUaEHp69QHfF8fPUAjUyJ7IMeXXtuK3UkzI7UvsOqWVYGkA2OumbWmFRfgS9XBGi3DmR5otgit5Y81MAvHsCQ0V0IB2P\/yq9sRuL6R8TwF63sAvaPwfsPjICjHyZ2krnIlWXUbArKvncQeHm1H6y9ztqgfn+NTwpQWRfi71aj5FP2C+U3RB9l5HqGgyZJ9tt\/Xiom3MonkmdTNfE9C0G+zTKbgAzuir0+laGJim+TV37+wtcreN2P4GKPPo2goOCnc140xbDBLn4BL2axie9RcUyuxXK9wAWvijAfXal3f1DydwVZ8LxwK8o06yHcTKFQ\/sXJaHnxv2HTtF\/v0IBQjQRHILVxnhCjAh73MlFUFSG3zJQ2aU164W5cGJFQS3\/OOJsBbuI1J+KjSFQ=="} 02194{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24717680,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":24717680,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAAgAAEAR9MEfDVYICgACDwG7ixEE7GUmy\/rOsAEACEhjA85S+SrVAETSuH7quCgS8Qh0D\/bDO3gFDyLADGIuWnyCygbJxoXjp96KXvspho+865YDAISOGlOK6zOTsHDQAebkiFhwjAE3CGShccg0NcaDyS5u33R8Osm0onTcQUcavm+SMZHNxND0mAg59a7z7rYhXIsBKLYSznCIFNmBhvnQ+54HWzq4kDWVLL0ptfvb3giThFXk1AIMtBbaQwMGxHg\/8x0s7Ppw1zOCvbNuFb2SaGK8woqt2broJB\/xJJE2S1FwZCmQqqrE1mHTwDi+8M\/OC1IyVNxKVB8saqcFSbFe3BJEULgEgbvBwmfmNN7Wau\/J6gJxg5w745\/ujGtOLBoEAnkzp3XoTJN0Y42xyNe7RF+e2AS8staHpKBMbgG4b2fukqv0W5QWMOb9XdlK5lappO8kEpmoLvACo9Sy1bI0dfdz52edGlrvLjFy2h3zOMrwDHWDRiYmPSAbJ9pyo+VCqFMWVDhQI4ZmsKudQZcU+vReqpUp36fwM5gOtsh2Hk\/S0k+EHqDAZZLNzSF4Yr5ZabIDN\/R6biJU+FbtoUG+RJBpWcvmHAUftMbmErNWLgTpRpllj3nUl2F8eMASJGjRK8oYFrTV1fl7xjdeBam93XysGVWS92VND4SDvDULI6TRr\/337rNSj3EREqThlcSaMocH0kz+\/upNhJQxDeelV1RY26qv9bW8VdFma6p7uhfRK2roH3G5uc\/+tiG6qdmRct7WQoGsbTeaFFwB7Ji7Wtb9Amekof3OVUrPd+6iV+W3mM4hQL9kRTkFzHEd\/WA\/+8ZmZ+0XzQrpy3WwRvRc4DmvV7nvOYs8y+909LdGLV6CpRLEK1604OVZbyXxVxq8+mD19ElUn1g8QnbzGBFa3Eif7B0cGdFF8WqgYvqe7ufF46ZJs8QD63+SQv8gGxmUo3SJWQ3Yfj1uYEYSEfqi43AQxOFbKmd5oqszRdikvUk0Zh8XMjntw3CR4tWh1lqTR3LIN8Lt7A9gIRX8+3G76YoaDY2JIMjxOuLYIRBVe\/VWBuKPMLqRCv4wvIDach8GKJmbI9PTQ01q1Z5kL\/zM7jTdFAlentpckr6+ua\/D6t6rLd0nkkL8d+15pg8\/FKhrDBHA4Ml4BRHizjz4SpRJ2QEiV\/niWkbX1e0hkpcbZ2xmOFDZW\/9O8RjAOdM08kiCSbKZTUpnl9P0qLKtjystpZa5q8OrBMgSHUgHM1S7geU06smT7+czbBGnnd5A+6PV0mPwqueT\/OUV15fL2NUOxgfqhC8iKqRfJcjzm8CssrkrLVEfaPmw7D7KOm7\/2J64iyqOubriFO6KrbjP+1qKiLmCaqNeEy3JTylMKWsH5UVovtnGGCKeolJjanKSFdzQ0naGenN7GlArcfV78Zclt+QC9mK2mtHkEiOwhoeprg\/zQujUyWH4lxZTrhtEFhlJUvQKpPst4HYEqZgxQPGS5nmr51v1f2cwzcaORxf3cXeVVh\/GKwiwMjI8VaKzhRxAoKZZ3g1TUl61dqF4liU6GnZkX+YBlPJ80vXLVfIDc4zwsjaBUxk1pJO\/LOLCp5buKJ87EbzIoejsqFXfFarTVLwKw\/2KUHEIwDL1x1rU0t6Q+Ap29yyER+brp4OyVHhD6T7u9LrfjXexdQfUgnSNX1Ib4LZ7OO\/KrQ=="} 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":24710880,"flow_dst_last_pkt_time":24717704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":24717704,"pkt":"CAAnANMtUlQAEjUCCABFAADdAAkAAEAR+OMfDVYICgACDwG7ixEAyZUL7\/rOsAEACEhjA85S+SrVQLDZmqvdE4MW8rOoM9w1rs1Ve9xUoq2hsNz4FSoH+8IX1y4OMQxrypqkjJmRSoxWAG4K1BtToT05DqZDXPA37W+oiuzYsAIvdZTBfcaW6sfsKLCaOVSC5AxtXemXyvLz4KBgZJ2jBsRg2KsMK\/6hkk97+qIGO71thTOTR2Uxubh0E8pSeU\/BRpDPuhyvo23drRHiiQm7fVAfdcFggcOmmrpSxhmnVdz7bvCj8OeBJ0wnOg=="} @@ -9,7 +9,7 @@ 02287{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":24710880,"flow_src_last_pkt_time":27201767,"flow_dst_last_pkt_time":27283563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":6836,"flow_dst_tot_l4_payload_len":11997,"midstream":0,"thread_ts_usec":27283563,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":163341.0,"max":2090987,"stddev":507077.5,"var":257127612416.0,"ent":2.1,"data": [6626,174,24,23,15783,192,68,25740,0,16544,24398,2090987,2072824,30640,212689,1822,115,243417,45,25374,21896,80671,49,21,8,9,96673,35817,60860,70,11]},"pktlen": {"min":52,"avg":616.5,"max":1280,"stddev":577.0,"var":332915.8,"ent":4.3,"data": [1260,1280,1280,221,81,1260,106,95,66,261,59,52,1128,56,60,598,1260,1221,56,56,60,52,1280,1280,1280,1280,84,65,52,1280,1280,1280]},"bins": {"c_to_s": [1,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,3,0,0,0,0,0,0,0,0,0],"s_to_c": [6,3,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,1,0,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,1,1,1,1],"entropies": [7.865873814,7.840335846,7.856841087,6.935217857,5.841008663,7.844548225,5.975329399,6.068257332,5.408033371,7.120600224,5.413970470,5.168682098,7.824946880,5.206433296,5.433454037,7.633729935,7.839689255,7.820494652,5.385004520,5.200210571,5.379368782,5.130220413,7.847099781,7.835284233,7.857980728,7.824029922,5.854679585,5.473884106,5.168681622,7.866020203,7.849047184,7.840563774]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 01092{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":188,"flow_dst_packets_processed":301,"flow_first_seen":24710880,"flow_src_last_pkt_time":74905965,"flow_dst_last_pkt_time":74922862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":72648,"flow_dst_tot_l4_payload_len":195043,"midstream":0,"thread_ts_usec":74922862,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":188,"flow_dst_packets_processed":302,"flow_first_seen":24710880,"flow_src_last_pkt_time":74905965,"flow_dst_last_pkt_time":139922848,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":72648,"flow_dst_tot_l4_payload_len":195075,"midstream":0,"thread_ts_usec":139922848,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":490,"packets-processed":490,"total-skipped-flows":0,"total-l4-payload-len":267723,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":139922848} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/quic-mvfst-22.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":490,"packets-processed":490,"total-skipped-flows":0,"total-l4-payload-len":267723,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":139922848} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 490/490 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7791084 bytes -~~ total memory freed........: 7791084 bytes -~~ total allocations/frees...: 146882/146882 +~~ total memory allocated....: 11499703 bytes +~~ total memory freed........: 11499703 bytes +~~ total allocations/frees...: 217136/217136 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 568 chars ~~ json string max len.......: 2292 chars diff --git a/test/results/default/quic-mvfst-22_decryption_error.pcap.out b/test/results/default/quic-mvfst-22_decryption_error.pcap.out index 52ec34ecd..6f9dba26a 100644 --- a/test/results/default/quic-mvfst-22_decryption_error.pcap.out +++ b/test/results/default/quic-mvfst-22_decryption_error.pcap.out @@ -1,14 +1,14 @@ -00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1593498296832000} +00586{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00649{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1593498296832000} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593498296832000,"flow_src_last_pkt_time":1593498296832000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593498296832000,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5} 02182{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1593498296832000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":1260,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":1260,"pkt_l4_len":1240,"thread_ts_usec":1593498296832000,"pkt":"RTgE7B0GAABAEeVBCuYoqF5h4ZLy9AG7BNgTGcP6zrABCEACR1YBz3h7AABEvkgDSkdXT8KDRtZ6SuR9aklyes\/l4Sioa5nXAcPGveAb5Mb0k7uBERsrnzBa9uno+scwKQJ+8HaE7SwNRWaJ0B+VYq5sgzaHE9BksItfZB05b19PkWz3XaOJPeabOxbegkEde\/7BgQc2iMQiMZifq3YQkFbpelKpfZ8UxZbKFKO8T8enNpDFvm79StOLsc58r6VUI7R7RX2Dh+7UvHc8w55LVS4nFdKyvt+gLMAzuTrAqSRX04ucEX43SZLKcpJ+X+iK\/v9u1yLmGT\/8hHS\/A3VBUuWVRkAqUr3zRxflhV5CjsXky9idxKWm4C9Pn6cw4624LuYteYIUWOTHQHv3zV5\/rnXQxed5aHO337llijw0yLFxpnpOUEtoxTKtZZeNyR3\/hCIkY3n14k3gHfYXZl5t7DMoJYBnIHHhmdFCOK4sdCcKtpOlPKhDiv0BdCMImPxwr5CZ3d0NvKvNFKbylEYXGyw6diXHrADpP1Bpo7IsDo6OECekYHLzamw7fo5GRjTg4wyZ585sRHNOY5UQ14urjp6qTgyJaK+bJQKQXSG\/jPsJRoA3bT9RYwhd92VXr\/SRpMsMI1dgiAabVuN6aapjwqQ05GcX1xWXUOswELHBWeda+RZSG0ealfCxTmgk\/LmTIARNNTXtxke0sf\/IlfnV3ikcr9NqDIrI6of1G3cZfUQGBWE6gBVL5hH\/8pDG4T4ZpNiYz4Y0kEK9VRD1GZ0w6BCqlt\/kg2zd6ahgaI4n0T7BllqMO01YZ1t9pyXJShYy7a1\/GE3TCKsHNgIVU+OzGaBubO2O8foCsTRqluuqUPhG3n2E8MHmbHfrbqadkpRwbm5mHSUiRHvHPOMZ3uD3xF6j764aqPOQrl01dj1iQP+qGIcEY5l4ogPeALtV3hU5f7bpvLSDPKVoHsWvz++bxVzr7sgAnGREUzsxKt4SUYuRzz53icFmvd9rxNmgOaF+PEw\/dQIcNJqpxX8ulzLr4tUIjHsZy8Y3w0WHWlRvXX5BFt\/FNL6D1z9p+LMmNXuSPqVvh56LVqzeEf7uD4SQyYHHodFZUSZh4UJZfGLFC0eeFNy2qBWMNwCptrLdwN5PCZlQ07ewM1OmYFXib\/9zYOSk4B0N24Ml1I3V+BUt9Q\/f7In0Lo1bYVhzoFFJnm1wIhEDEaXvsKWXwZTHPIpl1Hz1I\/6Yq3hsX1N3dtM00S1An2mdoc9+06efV9TeSDkQwX8r+ZabNOKTRtHqXDe1Wl+aE\/ZahNHsuY3HnDuGINcHsBCTv1ovOmoDAi0RUdYM0lPaGHSMu61RpKW5cRQ0Cdy0+WZXfm0NBcMkEOs1K83zDl3Ni0ybs6vWiqa45kxw7H1vC362nLorQvhZdy7wTrE4RWiFGT0Xccp4Rl8QprALjpWqFcS7MPnifCUJZzLuwLuogz6ePAO7YscFlIza4b2sSjihSJrD9QLuOyhifjzSEn4amVk5ivqXVE+QZ1R7NVlYJU0wlh1SwakKVblsHRVpjkjVrp5to9V854cET1W0se7gIi2a7oXoLvW8CT8NdthxNrd\/AUaazo7KSGS96THBAG+HmraPSIMT5EEnSDc\/KXc1EWvMFe0xKOugeQC4v6tFGa5dLsgNI0TE"} -01086{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593498296832000,"flow_src_last_pkt_time":1593498296832000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593498296832000,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01111{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1593498296832000,"flow_src_last_pkt_time":1593498296832000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1593498296832000,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"MVFST-22"}}} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1593498296833000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":106,"pkt_l4_len":86,"thread_ts_usec":1593498296833000,"pkt":"RQAAapbBAABAEXBACuYoqF5h4ZLy9AG7AFbkKub6zrABCEACR1YBz3h7AD4ztLOg+8\/NWUDesKp0sDyq9wl\/qnK\/iaP4qknLwsMfEkvd24lrwL0JnOo2eK80vHLhCKIp2AiTqDI94jB8\/Q=="} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1593498296833000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":106,"pkt_l4_len":86,"thread_ts_usec":1593498296833000,"pkt":"RQAAapbBAABAEXBACuYoqF5h4ZLy9AG7AFbkKub6zrABCEACR1YBz3h7AD4ztLOg+8\/NWUDesKp0sDyq9wl\/qnK\/iaP4qknLwsMfEkvd24lrwL0JnOo2eK80vHLhCKIp2AiTqDI94jB8\/Q=="} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1593498296833000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":106,"pkt_l4_len":86,"thread_ts_usec":1593498296833000,"pkt":"RTgAapbBAABAEXAICuYoqF5h4ZLy9AG7AFbkKub6zrABCEACR1YBz3h7AD4ztLOg+8\/NWUDesKp0sDyq9wl\/qnK\/iaP4qknLwsMfEkvd24lrwL0JnOo2eK80vHLhCKIp2AiTqDI94jB8\/Q=="} 01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1593498296833000,"flow_dst_last_pkt_time":1593498296832000,"flow_idle_time":200000000,"pkt_datalink":12,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":698,"pkt_l4_len":678,"thread_ts_usec":1593498296833000,"pkt":"RQACurDPAABAEVPiCuYoqF5h4ZLy9AG7AqZJuU5AAkdWAc94e8TV08o58cInQhPfXEiH4R0yyR9AqFdJP97dW9QPxH5QALs4W48u\/A\/lmN+Z1gHpoOM1PLHjFfJbJb+kTSEeMOTQm72wgJFh+SbVesiWwZpXw+U97IhYBLP3WiFpBRQqDumQUeDiPkGwyTmNP9TNRpuF5QXHv1kPwiigyC2fJbgUUnl9e+zGQ79Cz8Bs\/eLwhmD1t2VJ7Cd7RuwKu2Fjort3XX4whsN7E7gB18XviaUhr5XnESzxgkyjbQ2IfYB1sJV2o4NiOWtS1g6oecOKw+P0SfmOdI8cA9W3q6oJEd81gYI3RSx3xGFnp9Oqu5Hc1vqbqNObKzndCPUi\/ewslI8ItQbC0BI4e50MqqScJSR\/5Vl6GG0TgIA0bMt3EG4lRLe0LXPxOgts4PbF21wxQKa7Tv1beWim5pfI+OGmD3DMiWSvIdPZw4l\/5hMQFemEjraWnBk1V\/\/OrAI2iv\/RsuB4yz9sORUhXLWck60hCb1uyIqNiRD+xW3bPH7r3P6z4UKMSlVVvqUDaRMdKibqynDHOOAWSj7+sP8Bf90ZLULJRyJUvi97ONtn16Gv8dO0\/jgeS3zlXeoqRUMEdvWBCLl6ExIUXPrzQxsNhsLrDhpW\/tDjV8bVc6b9OLSI4orbGjrxJjgcK689zWXeFHPekaWBT4LUjVMZvHiddSwc8CEIhbTIYZZ\/KM3XZ3ulglZV9+vPGct4VamjTqRcgHkoqQdwsrno2odIMs10yxJGOEmQN8Cw6E4hVNmBXDs81Q+k7pqJy1KFzOnCXOnG+YjtFuf9t7vMgoxn\/Mbid1XY3cSPVo6pJwkgIo3JrJMF3FGhAG1utFi6vz1QEXDtf6Aad0WCniKSed4SL+b04FPKN0pE40Yv1Qo="} 01117{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":1,"flow_first_seen":1593498296832000,"flow_src_last_pkt_time":1593498296833000,"flow_dst_last_pkt_time":1593498296835000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":38,"flow_src_tot_l4_payload_len":3572,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1593498296835000,"l3_proto":"ip4","src_ip":"10.230.40.168","dst_ip":"94.97.225.146","src_port":62196,"dst_port":443,"l4_proto":"udp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00658{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":3610,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1593498296835000} +00658{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":3610,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1593498296835000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777152 bytes -~~ total memory freed........: 7777152 bytes -~~ total allocations/frees...: 146401/146401 +~~ total memory allocated....: 11485771 bytes +~~ total memory freed........: 11485771 bytes +~~ total allocations/frees...: 216655/216655 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 591 chars ~~ json string max len.......: 2187 chars diff --git a/test/results/default/quic-mvfst-27.pcapng.out b/test/results/default/quic-mvfst-27.pcapng.out index dce6589a5..42cf188ef 100644 --- a/test/results/default/quic-mvfst-27.pcapng.out +++ b/test/results/default/quic-mvfst-27.pcapng.out @@ -1,13 +1,13 @@ -00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00754{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1240,"thread_ts_usec":41432902,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEAR6jcKAAIPRav6D4x1AbsE2OWQzPrOsAIIrbuyBEpv1K8AAES+140kYx8r1I1jytRmSbOd1I6+euAu\/WCog0hZ7CK2vbiQaDsUNhduZ4TaOU+YwMwzr4tFRPY4WVcwFZYxf3JpeyRLGb56IxYnrJ+wVEN3bI7bVdKHF8LObpsuaNgGvwptfsH+rDACd3BONx\/QShlSNEGgtojOTAb3IBxaMPoBBrqk2vcqdCneK9x+zToW6kQDTdEd1IieGWgR+hdSwpMJLkz6epIDIJvr2+7hnKY8vsay1GJiKAlvxUurjQpspuMDfgvdh0iM6M1FrTv7rKzGyRXK46jvoMQof1iOAPHATgwqM4ZuYMuNvt\/y0p1tz148IXIa\/fLbIf\/jtx8RB3egC2zhGA2mbRbaurTTw48eZ\/8+UmFX\/pGgD39VTuQ0iy3fwQ4KqkHSAZwYDfMrqtGQuy3zdVoOJcB1EfGcQ\/j15ErCmDlRT7vkVVWnNzp5ac2qQ30IkEy79yMP2uQl+qcNCK7LBv3ES0ZAYMoMzeMHxcHojmxmY7m9pU8\/6TN1mmhBOL55YskIGgF5b9dubHYOHRFbIoVzLmlUMAC3n\/J8icXYhMzF+2LMmkFk5V6Ftpg6RFwazyDsV1VvAG0px\/ZReUsDZc2BpKOvPXUMcmmbi7J+4xk79GjDWU7qn9No\/9OgaUBSqlTMXjLKVw1AQS9DQbbP6Ljm2tjkBmxsNgiaX3ZHZdlEZ39g+pfa+C3d0\/Me91SnnyzofgyFHFf\/FZrz8kZlG+cPy3y6jToJU9oYVkDn4scTl9+EJRhVW2fiSh2BpNrkr1jxBS6nl0AbZVVuTjZo1emeItVe2pTwk9uLFdXZ\/CsWVBwjAwBQ8vxgzBGFWe9Cz3WpWkEzkAzQeOKzfLIFJb1PdMquNCwMajA4Jx\/Cl8vTf2306+VAoELddtYLnop0Ayp+TxS0Rn4I5pIhgtvtCnBaEOMmPLVrk2Tj6N4i6o4MT6NN2UsGMhl2jrLGVEchP8VeBBOrUPQTIvY+Xm1UQd6ud\/GSXz1lmW9JWN\/jvl2VrC\/dEdNNNDsuFT5DVQqiDS81yxHlMqpnUJtGOqdXBxl\/ipvbbIFVJMAxqaqhOIq9lLXVi0WRSrle2jY8C6byBzVmaXR9ob+Wj5JgOJ4dl6+zmTJfROyutrX06SLZW3iXBCGlGsJZa3VoAGsKr8R2PPaQW1IM5QBB1\/g3l2+\/8cMTpVbSj+AToLePRXNLpaht6\/i0lf5tmm5WeIZEw\/kp8XgE1IVG1OwCHdXi3LW8Ju6ZT6+NSDZYRl5iCIMOLeH+Uqa7zxr6BPSdijI5fZHwJ7CyzIIsLtNldUOOeWaUdszlpTm5UglrnEBk\/8+KIWEVomulKHSD78LbyMa2ZwRhHyUIoQUx3u628eG5WvmgiPmoWBpQq0SAcNJkibSZlfyukZBXk6ytoD7RL+6u7B+gDbgoIKW3EI2Vygx0786PDvzKNz\/jICcqh071958oOMWvZwK4wNNnPl+hmatacx8NLqlbU4\/qy23i+aLaPb\/wBxpmPXyakND4mOvFt3dmh\/yOVbINbAdZZ958R4K\/VXTGhgBSkxwXbKGKq+I\/xQwGAiri3PaDQBO6NYoKc0jqzc3rTGw44eUPJeiqQ8qEhbvrsfPi3A+VS5FRGlwZaAkkAdoB2gRkAwEAAAAAAAAAAAAAABYAAQACACEB2gAAAAAAAAAAAAAAAAAAAAANY6kd"} -01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","quic": {"tls": {"version":"TLSv1.3","ja3":"61d8a93ff379660087082a82411f19a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}}} +01325{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","quic": {"quic_version":"MVFST-27","tls": {"version":"TLSv1.3","ja3":"61d8a93ff379660087082a82411f19a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}}} 02266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464206,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464206,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHoAAEARKapFq\/oPCgACDwG7jHUE7DGTx\/rOsAIACGUZSqSBwJ2mAETSQ4uzcebnNMDWiCLwgEqse1zwFbQeUwCYbirASYBY9Wqb\/AVucNo+1QzVbJaW9TpMoqvmNgwqhyeKJHn4nzURskXOXtyoQu1UCn4VWBURvJjr0Pri5khEPw4xAwDV7X2Rmmpwaw6btUsOaonrqKF\/SrLeyArFzwB+JFVws5mjdog13nZj3AyrnfXROIcoKcafi5iIMUPL8fCRhq9X7vo879HkMFFe\/UL0Z6KfMxRHk\/gm5EOke7DkOtpvDqjM8A17vn\/YA\/LmKAMC318G22YHyWoexSGb3BcRVBGh\/JnZslVfKZDHgCPKBJ6TZoECS2S1Lkq5nHD0FrjB28JkpPGddocsvTJ4gXR11CtFRogKRhcL6ToomCWSsXQm4N4h+xa8EUgP+Qp0EvdNEgFlkK7QzIbTOeUkbO0qojWV6pfET3Iov+\/apIMX2oqertd1yP5huAQbmPBJDrUV5aSXJ2n4942yy8nej3YOzA3244Ppj3KJ1FI9fYQWy94tzkcAq0MyyNAtAzVQrMQHV9+ftrN2eaUEuTAr5G712uv1AnCx12zkzS\/bPkH5HakesCqHiBdPHaH4mxGfceFuvWrXvk9k8noKiLgriTnvQwp\/saWNDkm8kvfm9PpqQm+XgxMCJ0tq2pG80BHbTgRQV8MdZ11XnvblfPEVlDFLqayo6KQYDuE9pUfQ+9AqEaxGVZRMSVRaIpJDPVqd0UHWM8ATc92GN71YPW\/frstXWA7sGYASVobLo1b3c8kYQSBM7dcU\/iqAkl+FksHEaC1aLZjGfaRKtnrpTDuyyUXcztv9cqa5wo9RQzervEK0UxM3gVjtBBX1mCaBfaZIZdXvbDZThkMu9RGphMLYrx9SqWAcKRkM9YhQ4qnUOJEDTD2qoX8miGa+JoKbQ6qKnL2RRJM\/0dLcmr8S6LVgNf3TuED+N3hbsZ9OBQ7xHjHnYpm\/+OxE3iCQ7O\/MjCEYbY876HUh2UXvGhRXGh19ilKbwQQLH+dz5uix38Q4qECRqV09vmTz3Swbe+BtJ26CqtxI2DYiDUkT56hG4GnrWss\/5mqds3b7uwxVTv8iRTcgWALX6YR8I8LcEwnW6P35r6yzQ8NmLvjaaqZkC\/6YKBBhBFJ4gpdUENYZBLszMz\/0jCicUWKWyfwMDGVvAlcFM7uVWLy8jO0qLX37EScSwg3DeIeQr72\/VcJHLle0Tm+dHFDyuGwxcML\/AaZe6mgicoiyETeB09Smyq9Y78I5wTornR4T1K0JN64JfYcnJe1\/YmYcW1VlHkcIRW6sSa0q5r9kPM+iCHOL7wY9T6OnVogbkFJzee5fZ+Oq9S8PvlK+4jsPkUzDv6d3+PRuP5JWYWDpXd8Qhym58OswJSKelR1rmXKN2C\/uxVLv3kgZxbiHXFdSArCkFj5BWP4WtRYPeuQ5VALz9l8XUPpyq\/09yKtHs\/TW2KvPCNoNxInVtL\/9V7UyFB2cFMukn2UUKBEJJUOWG0p+3sALv+tMcZpDx9cDnCtfccjlF6qNg6Io5OabNDbmM3UDOyuHva8jvqAsKtELxYaeOp5rbZaQ+wK7lDWDooe0BUvE8YL9NWtHK\/I2zrwe4HzXFx1p5ULH4KoSajttOnTnVRnoaPTH5vR+8nV092hE6ZD\/6m9zExloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAACg8yWg="} 02266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464217,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464217,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHsAAEARKalFq\/oPCgACDwG7jHUE7Icwx\/rOsAIACGUZSqSBwJ2mAETStSk6pRwdyId1aH4WX4pVsk+hVtbLW4hKoqKIUKSo9tdUjjTVL5Yto7M3DICwaAoLYXCD+5dqw0TmZSrfqNiW2qJkNrsg0k\/kAdqV7j6+J9emg0iopVNY8z94Dkdknf05ci\/NoDXo7jX0aTp1J6GxxB8erH\/0SWZ+DyrbIMZ0xZ5SuS1DqMnN61NBKxN4\/jPv9ciPfLFFXyU0okn\/oJgJdQ4WrwMnOPK0yukS3dDQKMu5v+5h3OqBwQW1oLHmZA6rMWwlnpuiFU739YXcxuHETmzC2NOSBa0FZ1xSGByNv0mIS\/veQS6ztyCKi6cmIt52Goz5V26xn8ITbWRMKyzCQ9ygzGjFLSLB+V+ogEf08ganfO6W0dHJdPTEHqx274QToI6nzYBz8eQeCAoVd4nrh3slWslWTkHeQVW8sENY6mHlCHceqCHC8YwsKeoSN\/4JG6l1w4zyPArMZGkKB7jSxPuUQCGzOht7pw5Gk5Gp83Di44gZYUIyNVymDB16sT39aoraDeo5r5qBdNZ91SsMzaUcukPc+uOFPSAz0EuZbTe9n8OtdEkkzeGl9cG18rBcD7tfjxG18gi\/aTc\/Qsb2KdP82bZ\/OipJydJdUpM++DNflKBUq6VmZNq\/mEwBZaf36uML1LJOAoceV1rx2cgE7b5Wa2y583PSIvc0y8yCVCHd7UpFmIJOJrYMAiOgNdkL9i8G7a60vJ0BffKaiILbh52Cd\/gZSExquDEnfPS9pscJ3chfy\/\/FZGZ2CQbE65G5r2LgRj1a0KrZ\/O4ML+0k9MQaf9He5c\/jILvUKyvJwLUWG3lSoXOphrxABdatvx5PAii2lwtYhrYvxbQdkmGsIRtsvgWyth\/48R3yefn+bIHFq+Ln\/mQ4+8W6h+y9VYGjLy+j1gNFUujglm08r+aneixuCDo8NVE+WAW9F9bx6GkTQPaTP2\/obE0Ej5h95N8FRRXbNl8Q32+hc1BcPW7PYZhe4s7f99gVOs1PvusSkQjfl9x1h6vbtCoGsaxvv+KkMXJr040is81X8KUUNFqu8hZlZbEQdDUlK04iWVHyjfijDT4J15Tv7e9ZlWiE8P4TthJEkS\/V\/B6UFWx7NxNha5AI5q7ShAs7c3HMWi7ShahE0cUHWo1N0zwF8\/WnAGHEQUC8y4BhBQ7EaKwJ5nulzruzqp+D0MI00rZhOKTfBp6FWu0gmkwjBtMV14lN3KiO+Fugvl0PPD7usXWaKzR2dw4JslfP5IRxZB5PlrUhggAF+4XvJxhjRYhltzgO0VmcidYbokhyBxc5p8EN7Brdd5jbC5KWU5ziyf1Xh75DhXXM9GVyTUDxQyOG\/19oznEsnm6HNfViWsEBqqhaXc1PD0G1Ath517JUA\/pAp9aK6ha0kEfZOISLrdAh\/wfyRh1qF0vTiaYWT3z2kewwb2CKR6DkEQkLWuW6ksgBnomifnuXO\/A4qhCgYZUw8feNCqTOFonKJtx2NUnViJDtqHr07cnNA2vZFiN+8SsLW130LG60Uj0wsHpIPMQDNy88BvEV2fH8Yk1GkJTndWveloeKe4e8X8FUWonC0LnETHyEJoR6mY698HICIqyNVbCWwwIZl3RhkLsYcNRGWOHE1xH8nz2KWwIwVPQWegjsOIMvejTuWRloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAB\/S7Lg="} 02268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464239,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHwAAEARKahFq\/oPCgACDwG7jHUE7Pun4vrOsAIACGUZSqSBwJ2mRNPUKyAFTiIR2D9LmWONp\/pKu58K8xL2QH3MMLvlIm5wZVpJfJuwyJ\/1M3tSAzTO7kjPI3eHBb9IFzJ5EM102smu6+dh1QdA\/XWl13B5U7mJXfZdgiMmoH6TMFeO9l59NUWVB3FrB1D+83n8F9jw5BVmkY2OPbmS9uXhO3oLJjNvzhgiz9LiL0Peg4iBHPZ3bnefg84NyqMA6bGiBHjw8O\/pggXBHbm0y039at\/mEzBf62LN0g+jv6L2c7tRnEpUns4cJX54tQ1bXJ5Hhxh3rT54lw4rrebaQCbwFhibEvqZWGljIGdjbOpa6liHVVmRN2tu\/GBhyOGb0StB\/jpkBjcqcM94pTjas7+bYnRrk8ZSgYviOw8nDLpc2na4yCaDVIVl\/pzppcM74NTbQKve3Nar7W9KbDiDSaMAENX7mwhYQ18bwd3uHY8CUMOGjo\/8euzZjkZ0fqCDRE3vdm4KLl5+4\/UkQuBZWoFk\/P2Heh0\/lgddV3IePrdA6fNLSr8BKSgLGA1ZasEncG2JczdCSpW32pij29+anl+pMYgG1xzrztWUD1ETcf6lrUI11Nrj+82\/V73yznpeq7b9VscUvGV9OZECREHrcvb+pZDpYZL6JhF9swDp8CcOJJW+kip95Ov52baFifgdWzSPIduRrqIdERwwU6uq\/xmextGbx1KqKtby8DZc51UT3zzVMYep8bkl6y02VlktPuEK9u+QMd79lD6CIjW6qp5UxTZUtg8jrVUa2qNaqIekUrye4Bzl97pIPdBT4PssDCFsKgu31Bpm8CKL+2xWNmPLUcDOBBgIHzzDBuznQ7cBUCzjZlif+hxsEmJy3g5g3\/xJNTjxK+car7ACp7B+H1R5WQpkSDWn\/gKlYeGIPW5T8mOqp4WAHeTZest5awJfealSj\/CfwMs\/1Df7bfDUHTG14VDKd\/hRegDw1cfzcn3rS+uwWfXIm+mNshIKscMmPDsExmAokd+CvN0JuzdGOibtj3vbwDU4vsLbdbgOXENLxvYoEKqOPmpluuCqkWSQX\/UTadmXu44AWmWGdRQUpe32qb\/M0fPPEznTo\/4YrREjJ5jLnXRjbVI3HR4NPEZW1W\/9+X5lPYycQDN0lnl1dTk4utJeAg2p\/gP3JOV+wA1ygYJ5wU1GjgsOdz+EiDWtAQ93xX+7PqU0RTfcJAMwYHLO8gHD8UmTyvey2jiJJMc\/NrEBM1a76byOqZW2ZpMIDjRCtGhGFGhw4tu7OsejTzxA6T4fkSVAM0RcHzuFFeX1yZp3G8u6suFgzreLYuvmcBrNhHUTfsEKl4+aUnvPAuGzXCYIejrOiP9DSMGN8i\/AdhOoP+4i52mM3bH5MLyVmx9EYwfM0+yRTPLIifi4gzjoQl39CwhJ5abQwEmy5yGBYVxIliLKOrnnK4U00GmZhnCirgfPFCTOe\/qKCIPE7b86iKQ6zDr+wGAH8x1\/Vr6JDpHoyfytADR6TA1MJzboAI\/u+WxBW60Mr8wra7Ky8MTEMtqEAV4MNy3QwSj+5Boi9v6UaR+XFmEdKxTqXYP3bAo1k89toaHV8RAROwWdWZYQWji2vw49SgOlspTK5LeZbdfL6JCEHPDOXosDytI1rgaUPivx6K5pOY3FnYb2NgiqwzaVvc4sqLOH\/hloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAImdn5Q="} 02270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464304,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464304,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAH0AAEARKadFq\/oPCgACDwG7jHUE7NYs4\/rOsAIACGUZSqSBwJ2mRNOp9fQvn1f7lG72Bw+E6NBO8LR8mD6RkYoGJj7YIoOLkr2BWwfK0spPYy+zYGWX+a+c9rHGaE\/8AFsGVmGd26vTDA2yukmOJUfOmTtJz95HrnPFSG+\/TXHqQjk5klIE16FLBeiNi6m\/ct8wPGJ9RUbZqJaLVts+GZFzeMSRX+eYZERYnLYtPQPOywMGAZR5dzRsdw3jDQYkcN53aPm0lceepojo42lKerw8v6LOu22kD+71z4QDa4KbQzfUDp3LH6BpZQ6IsP9xHtu8kvC1sMujkXVqWo4PwU1vr8utquEF9g6Edj1O8CnayP2acmvLS9hrhF7CGL\/\/\/DnocizH0vNxW1ov+oyWwjbcB4cKqjTFeavm8o80oXs5etE\/0w5eFp+lmQaKzY0Y3yFmQ4u8brDlmcVIExhEgggZeFVC9lL9oOJw+T9YQyahiK65vbSi1+dot2yavrzsTWJiTor0nyNgEiCiviGKK3Ugt6GYCifHXPC+ko\/\/b1QvveO8QmYiv8AP2V\/SWNC14hUcS+VAN8JRlCbBPMNZf5CGc1GwEg+7a4289LEunmnUX2jPN9vYfHH58+XntmHmuXoNXd+GAXGmBpL3pm9he0pLxavwsdTVC6qK8sKWNygxAdWjfNWfqF5l0iTI6JYa4\/y33xaYPcLxg2NKR5k5UeV+DbMoZh5oLZlH+HG0w8grzsBY0UqgdK4AyP+poGSbQAEMRSIkOomtrtelNM\/CJ7PizVrNKpGbp+EpEXMTlKKu9mAH5wfJW5yjomiaaWvGIaq7gLWY9llWYvKDLPe+Ot\/Zlo70lUm2Wen8purBfU4\/v6CMzqcAGFEkRA8xMmhdxqR55Nj0wKZs+RQeJinGAS0a8g3PGJbOybsinObB6I0QXHDA\/BCZjPyuqT029QJULHNw4IqshshnGFg3nbzChRrWQc0AiB5OcsWclYM82EXN8ST8RvLF1WKcSxiSUqZRBPt4kZeVgU6dUletzdTTtDjmZcMX6Dpoo8d0S1zQL01nH0uioe7eYaw9k\/Piatckxd0yCv9fyOSwNFhCKxpC1GXBWqlnzr5Xkx8pHwnfnGUKyYsQ42dNNkbszwP1I6YjcrEdp4kQ3sTLrEmlVAvA4aTA0MKDmYMzxz3zBJIZV6dv1qjp7tD0dSAly35BlkwSJjGxKF9J5GgFKfSnvAs\/OiBf9hVa+A6yxuM4HtZTS\/zRldyW57HwUxn5Qy4K6cscwe\/7EfDGt+KoQI83PH5+fargDPhSWZK8UtA+jWy2oF5ALL8zgGosqXNMsOm5dKcPAdecM\/pz1MIewkul7sxt\/JgvAFL67lq7QvvnpQzr8lJgqwZzwBrBvGj9NKkaDXeHsynidTbkbLez1tjvdUEDeISKE7lW\/ojOz\/Lqe\/T7KSL5gyQyjF97d9xNrPNTeh\/HfJdKZ\/zWpQOiu67yweKqxgA9dorbSGAD+RdOGT7rQYJQusp\/jzG9SNrMyUzV7HK3K\/pEUqwZWMz+QAHUA3RloM07jN1F3nkICmQ4z3jHqqH2nY3JfZ5N0+1Qbuerb\/7N+BqOS9LICONl+GduIvQlJ6k18z\/aBuv25LlGUp9XFoS9b0Hk1oEaH7ReOgL6Cc+6IEzZSF3euyrFMEVMA\/mrlSkSX25Uc7jz7gii7RloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAPxWaP0="} 01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":13,"flow_first_seen":41432902,"flow_src_last_pkt_time":50364890,"flow_dst_last_pkt_time":50392661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":2538,"flow_dst_tot_l4_payload_len":6981,"midstream":0,"thread_ts_usec":50392661,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":50392661} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":50392661} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777444 bytes -~~ total memory freed........: 7777444 bytes -~~ total allocations/frees...: 146412/146412 +~~ total memory allocated....: 11486063 bytes +~~ total memory freed........: 11486063 bytes +~~ total allocations/frees...: 216666/216666 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 576 chars ~~ json string max len.......: 2275 chars diff --git a/test/results/default/quic-mvfst-exp.pcap.out b/test/results/default/quic-mvfst-exp.pcap.out index f0863aed0..ea07f7d8d 100644 --- a/test/results/default/quic-mvfst-exp.pcap.out +++ b/test/results/default/quic-mvfst-exp.pcap.out @@ -1,14 +1,14 @@ -00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1600365863681233} +00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1600365863681233} 00836{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600365863681233,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863681233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600365863681233,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02224{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863681233,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1600365863681233,"pkt":"AAAAAAAAAAsAUu6Rht1gBpyIBNgRPyqszffVBngHkJIHX6lj9Ks\/Zezp\/nFuKvrOsAwAADWO4PMBuwTY\/EXK+s6wDgg1+NsuZhAnFwAARL4kVSVotvSiGmEI+vf+6CaV5hF7i\/CNKP0SXP7gxh\/sxeTenPB321XyE03WMCMX5b0eBa3DvRz2ddP3nWt6RdJ6WlZ9RTUGfAgTt+boE098trxFEsZIDO4\/DGShxxtoHXyvbFJFZJY0NVf+5UIwrXhHYlSki1K9uuFNSNm\/ALl0YIaUgr\/hopr4M+GsiGyiXAxXGDCmRgFFJroypQa7DZkA\/BSQvOBo1rqXUCQO+Y2WWIxccuRC5scGp+LAauwOKvDUuqswyG3OiHxvk+4qy\/tgRCHGZHD5raZzP7vxY5Zs6GXSOIKOFNW9+pK0jmGVAbreKgkrE9sNhCR5J7EDI\/UBo5nIVV7hZ+6dUskPxqT226TZBRzj0d\/LhQMJiWr\/Qtbyf20wKLkGnJvpCUZRODDUv\/HGzAiYKec9iLyl0xI4dsRlBPj3\/qk96+vHWCFBI5LJgkJSDIg2Oo0As+19Rmue72aosPjR8lHRyP7b2qSVRFvzkCL3hktDhhGNO2\/8vk6Dat1dxesYiMWkhhopkoH3vOXEevmQ1BrZpcIa7nhP0ob5JIk\/hYvfODfiXG2nnd65+lyb3xKLOkY1QOG2eHx4XtxJxV95ybltVj+AOro0Qb33f0uOBVhhxvPUxRnp1BveoGGqIq\/gfX6EzojL9Sr70hu0h97z51g5q\/G2yqDMTtMccVw+1tkM704jcVZPtS1KIRHzNry1Wih4L55uLybOgft8GHReUqVXO1rtmuTmjHvXxkkq+hW3ZO6Zpt9Zifkk1BLxuaoYoAdg22ALnpTN7VcYCixWlGY122eH2AkgeHYXtrQFh65CCR9dukVHEdRzSFLcF70tHYbZmR+Hm+VVpk48niHEmJvv4wz9TBdQco4TCXjTYLJ6WcVyXCnuHUIWmzQviL8DqcqYSvAxXtEwy\/ABThsNXM6AftQYLRXbcYkYcHWoidGESnafRJGVZwQz25kCkv7ZqgFWYx1xBNnbz9WMnFbBke3DlYRgpZd0ntBDhPehb1WGgxtlkSGO7bjYqCQFYUxhzr1MjEh8JkUM3KCwxgTJlwEoiFSZNBGWOnQnoaXqibsTGdkQ5xDUg\/xJIomN6D9X+YN7QfJRKDelG4gB\/R7MztnSA22E0XjX\/\/YRNN+qvPmrVWdwLFx5rwOTZ2Bwq1XJX0Y4X9FYc8xlkhOJreo9JcUXHssUuTUo6BWARFU9bhlwavKy3u7J0kMozdjG\/WbocG2iKuKdvYnwlwF4XA49pUvEDnV0LhAGSigDeY9WEVq5NPU8kaL0aKpcV9sZJjCTDkCQvVnASsCd3+zuMIFTH\/wm3IfeUdpSYh69FBYn0JPZJnE\/f2WC+G83QQZNTxoXLd9yFjxvmJQ7W1L4zZf2d490E4pdqLfAEFuTNKFuLGgQ+LZN4YH\/5qowNrJyvVezIyiysoAoiKoYlx0R5mslIlSfPbwSJbTB1uxs3rqeOf8ivbtSiOzeCzsWNJXJslzqZupoGqw7\/SmaFxzLXGXzdi02UgxbJUV3MNetwoWntiOQ\/Z\/49uutTCmO52WyUtp6uT2QPgpYOad0YVkiJmMQURNTDa6EXQiGewAMntXsHYGBjMrsKmJQ9FFiiK9Zn62NIBtpITbvAg=="} -01393{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600365863681233,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863681233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600365863681233,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.FbookReelStory","proto_id":"188.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"video.fmct2-3.fna.fbcdn.net","quic": {"tls": {"version":"TLSv1.3","ja3":"61d8a93ff379660087082a82411f19a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}}} +01420{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600365863681233,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863681233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600365863681233,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.FbookReelStory","proto_id":"188.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"video.fmct2-3.fna.fbcdn.net","quic": {"quic_version":"MVFST-EXP","tls": {"version":"TLSv1.3","ja3":"61d8a93ff379660087082a82411f19a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}}} 02213{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863701938,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1600365863701938,"pkt":"AAAAAAAAAAoAaIxPht1gAAAABNgROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wTYmwjO+s6wDgAIQAXJhFchLk8ARL4QIqQn9j8g7J8Bh4qCkeFtB5\/0FGTn+dKSN5WCFIbqlv7bVzxI20ou9DR4wZtJJ1tiJ+xKr0U8bw68OiZZpHUxdfAbQt5z9nLh6LwQjhupiCyRyGRG4tZtrrKw42zS4Ryis2IGVu85jtVJ5nO+V0iHkiCiLoE8hCZ0cGFWISDSv1dY3S14L6Uo3v29iGRvafufSczvMFlG6pV1Odn60vjKDyGOsjNfQ9JF1v3zXLwm1apIxIVcfBTY7dYxW+7A\/6rJf9YKYeoWeijbkQb34JP1dRaHcbT0etmi0uxefz\/YpbkDoFCI2oRZYlTE23H22X2\/8qTclFOyvh9\/vrwFZRygQGeuEH0eSUfPKF67ybi2A9VLUgtZeELBeNOyIaY60evevqb5J2vN5l8HhG0zOtje8P2BEWzkJo0Csm59hN04WUIa5ATdibyB79oIitMR\/RT8b5BC7j9v8ipjp7vZOZEdpCwIDJgn2+33CJSdL94AfQkLgk+uiUPVfgG6UfHrZnytLApyrmygXaAukdakyxq8klTjQRRDyfNa3VwsyyGBmq5gY8nskXcJNY50BpTnu2okLH4hDlVPoMhoCfYEzT7EHkcCPMiRCP1enF\/yeF8dCloVpkR+7DVld9MS6A1Lm8Vh1cgyHuQtCdgJL16zetK\/eyN+QHBXERWmIl3nQXc4BBMK5ejTHXiedJd7krVe8qEtgPgfs9wmex+wAK7s5a4apAlIsdt8wz8irGiTLVD13enE0LCSiK+iT4XC+unYkKdA\/Y+wC15ozprq5ssSs4BUO4\/LwAxujOwLjXa68Kc\/HILSJzhfUsfYNAz8ZOR1P4+bGu9drz2VDwRHLiESKyby173GizQy9QPlUMhgv8zZQ9s8\/V4XeqMJ2FBmnAhANLW8ozDP3m1tk1Eysb4\/m\/zhRgvMN6Md\/gGHDzGnf86ee9efaPJdzEGlKuMWsJB9rG8dFeoooOlhDVE0RcRoPulOkfUBVPkd5y1hJVChJAS8upfL7rieCvjioLCngyXZRWw5EtbWEua8f58+BR4BcVUt44qeVBM19jSN8fMZZCruGfLvFJ8LXrWCMFf8QO9ppSf6AUMeDx2xJm\/vFPFkKj8USDUUV3A4BGBehJmSMJTIQdNx+L65jyOdOELItpQ53YcWuejF0bJ6ksEA2i+ns6L\/A4TyViXUhBAVmjDLSCellA9lXrJ4FKFi2ddTtc7XO4WCnc0rXB48fPr0idZPP5kV7JjzsYEnZ8xNPrb2\/crCya5nVZMRH13HQUZZTbK+kcSm91aipEqc2RxTK15a3fE2lVuvJTMS7pY+WzcwkPFNhssmcyRE4TsroEk6noloCsxsQjvyZSEcSwSKx4KJegr4NeCh6RxPXe153PB1fX43\/bpL23QEtBIoibzoy6LAuxzsnv2SoFcWb+0UW2hrfng6tjiLOL78QaL2I0pt8Q8p5cHXe8AZixhNLMuBlkVaMkSQfTYE7a0q89JM+YV0fG49Y5VAbDOBtfzmYnlO9p9ri9AifV7FZEwCvdDlnQ+KvbXRJdIOtcMSTz6mCvUiZ2cGGkiUCLImG1NMuhrftxnzx3oMcBYdm8CBM4CS3ZhaADSEfSg2j+9P8DImBKXKQw=="} 02219{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863701971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1600365863701971,"pkt":"AAAAAAAAAAoAaIxPht1gAAAABNgROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wTYHDzk+s6wDgAIQAXJhFchLk9Ev6msTcUGYFaKjK1nnOGqPfgGmbd2yH7YezNJksz4ObKOyK4ooRfPYXnIwINVzU9kFmpDrySNcGo7oy085NMAXtrRBQxP\/BNGfiNh2k7HVEmtnbBrN9B4q0PdqBJlnR3nfvlqn4KMbB+v3pyflyp0t2eXjVN9BCvAEWt1323hMhRhYp7IjuM\/7LS+4JZqwAit2H9\/as8+O1Z3qJKcua5iRqQUGQX4hx+lXxOP6XwWXKQ9UBS95a7rhiJrqp9UhK13hVq2njbzA2RTKn+s6aobHuCe7WYl8MS0v+T1I2mq6xhFweTuG3hdPnqOkRm4ZoVgOJD0lCKOsJoqR\/flxx3xDBRfRXA8iUDaNTTEDU\/z02HAUlthQ7j4NctXjWeuXBBlOg7myIMc\/qdP9kFsh+WR6c3MixjpAvWeqwTgRfaK9+1rOtle4mwbhL9JoI7ra+3Gv2NscrKYby4y26dOybmnMTxwtUycCSAskoGy0VBL8N4JHmZ24PfumlXDiIGg2TKa89dG5C\/HkH2BkzPa1N4KDB4DWk6vrxpVEaDtN+T4HBAwv5vr27n4ZsI+e+KkpDTUVeRt50at0s6GoBT3dU0bS5u7btTCPh9Q1wT2QzGXBx7LpZUB7WKGCAuzDm\/R\/0DsgE98U+jp\/GQA0cAouUv\/ia5B4dArOX2Hrh68\/LWZUcgSOk4Mb6isI1HW4FG8qqFdvzMsYyg1nY6\/mwkjTgfzcUcT8HuT8b3VEAFl1iojo++o6URU0CqxVGRv\/\/1U12juUa9BOlngQwkpzTFGYZpnjBvHYYqGgaZguBUx+OsJazqFqHN19AyL0Cexa75QT9qZtk9tlxGc5gUfqCX+xv3PoF1DxwRReTjQ6GUHNrQvfC+a6lJLkY2Bl3ty6kTSniC0uwNMTlaRzlXCmLXOF\/spgpAb4J+XbuA0NFIBJPbBj0R9yb2qZMfcDSVc01ubKMDR7P8+q\/ujxavqxlOlRZ7sWwAht5G68KiSsHb\/3\/\/02Hn9LDN5RMC7i0XnG5j+4mV0HA\/xhs5p4cwjOIcpOhsDt89zfffoiq59dKLm9k8JMdheqZnJmgMgBN6WVdrtRW3QVuAWi5RMKLwkPwNbBlRiZ7vzcC0isWQeIhVQokyi3N3zirO2CgYfmItTVGQ2zRdOvhKQCqtBpADZshhP71+ve\/mG\/ZuBnSTjROHtGsF0IToyFyclFG850LYNt2AK7xXn6KoFoVxoXz2L1VgOHjSwdoUQ19OP2FjGJxXDbRibAbzK8ZTPhWbes9V2wQus09AwDRo1tAPoOt8iAFo0luKi1hunaWIbYQU7ulHqooKgCNKaw7Wpw5p7aBaAi2l+FM0QE0XvSek9UgM9xUI8mGJp9C08XT9sbpCwgHL3HCxNUV5PMTiLkvNmY4VY0RA6MyaCk5fo74e5RCmQDSSqS96ehyCpgP+n+wZ6UBRKek9YDjVH4RHvmZCvYco7SKBDJbbMddFHN3+HFbSO2rxv8iuy6DZaiePYnuW\/mxUn+OUffPWu97Jt4A0bz8W3eamvrlSSbu6c70YR1qFE42450VRE4NhhFL8v\/i0jKrz069uRv1GcqnqW1Vv22X49oie0v9YMThrSkmy8c0tELsKMRwtXMA=="} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863701971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1600365863701971,"pkt":"AAAAAAAAAAoAaIxPht1gAAAABNgROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wTY3BDg+s6wDgAIQAXJhFchLk9Evyyob5bYFNRx94bIG8Pq3hC5er0qmaO\/vmymM8o\/cApqIrJy2g30SejxFFp4qLrHRBshhLdfXAgbewyxghqNYdqo4k4fpzcK0xKawv3CgvxOHcjXBqnCGSVcOt5upMpAgkw54ZxaWqJXqyhFuwUnmywtzo46yC6KvzQQc9tfL1B9K3oU+MT0vl22vWb+0Lf+ZPccL0Zt1Vo7c7S+L6sEFDGA+z74v400bOtFD5pPoySzO82f2RI+aD0cO71iR8QdY1NDbmd4X7Moe\/yOsMq005\/rpHUk2+xJ2FPzq8yHfLobQcqchii0EMfDk1rPsS89JSeCNY+vs0QJr7nQooTrHMjcFcBWoVkNz4ZMShcT+41geU9drLAJFokpeyDmOzN01RApZm2IhjjYCjQouWgT\/RoPALA70snIVGTxUaI8effEdV\/esvRgO0wPS3ufzmveSbRNR1KcV3V6t4SuvG2+qOGFSPTdVrzd7HwpgVkYmpC9kmjvG8DKo22x7ZojgSkioA0bYQ3x\/KLQBexVHIB4Fzaf4jo+Lvjudx7sa5tts2dktvsRG3D+O4zxLAMtTsnECcINoJkxhsYW9jjkGEoUHGbtEErWBfZfnh8zXYheEpRjjsN2JBNbpwEir2p3EFFNuMzs+J+nsSyty4dS\/NSH4115DAW4aZcQSwLfK4aN+vZKGwIXYj1E4VOhcmeni9823p5qJQhVsRpFzsv3nflFBO\/2jt2Ejyv0rmMMyF5E9UNOP58UMq+sLQ+NnFaJNiaL7FPFtdEziXyVmwzDrEseD3Xtqj5WXao2ssrb9ELRX3v2h0LqYPqr38ho12KiIjeOF89DmimQh\/R84lVnYxOM45NO1EI2fjHnuvSSpL++OZVJ3Pdv3A6wgrpI+DlboZ3MxMau3oF11F74N2YkE4kQ+yG51LL46zd8RHea7sUx7RrEcm2QsOvwgrrU\/Z3y\/quTgZ9MyMsxzAE5Z2ywzGQJ+tVm99R+d0LrBTiXATdH0bTOf+ppS6xyk\/7sY9nVoFyAXPE7MDiKYXlY2h1SMzUHpL8AmcR3wAnQ1a2QDFvWLtLKW\/btEjTf2b7ByngLAfA8CkwmSsL24kpXymT\/ZhRFFnqnXNK9CXSLgl53RVBDcmmqQgxqUnZfIldLBt46O0LHX2Q+Q92YDI4WDBqGsgXXpY\/4py77CpzvWsdICv+Cv6g0K52IxIthchxDT18F1aoGuaKPfIYvjZakAYa1kpKN8XUWEQ7w+enUpmmYfpZ0xOh9vG6o0hjQVu8X2GXtJb4GVQQKUT63WyKMfspY++Flxrxr5vkDm1GmVTyDQiHqlpI270U5lH9CYOYQz2cKc5fxJWES2\/\/WZtNqYINm4e4GZUsTXenMiwdd918MZCq4CFYETnbAUx0P0X1v+Rxh6KAau2EE4GKnCJgPdrvzKpOHtaC0U8wdRmYn9lK0BTXw3++M2TAKJ7kPt1R4W4mdVG9PQQGlwVWPyWPj5pWt2DnNBHNUXj0FX3zRrt\/7+DrzSqWNFKrYcEaRLurEvc9I9wibxxwcGNF\/IAT\/PHR810uEvT7csMZR4O5za7JiCcKZYtoTcWmUJTM+hP1+5SQaIyACBf1xadt+PZzeKqrxvwpLFA=="} 01300{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1600365863681233,"flow_dst_last_pkt_time":1600365863701971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":613,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":613,"pkt_l4_len":559,"thread_ts_usec":1600365863701971,"pkt":"AAAAAAAAAAoAaIxPht1gAAAAAi8ROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wIvdFPn+s6wDgAIQAXJhFchLk9CFmcM73CUh95lmczPmpzf5ZNI8IeO1WAp+GYM7Ki28TOD3rDqZeVpJ4eVbE3sXqFxAv48SfZC4RA1WIY6\/RvKVhj17YMRO1B\/ABoaHyk5UDr7StQpOuCHwbL8GyJkK8V\/AfNgFOoeaf0RiSxe3Z189tM2PUGiQ6SWWFDQ\/HsxYbe0cn6JAXiZk5EN1Wm6zkCb+qzQabFz5TgK\/Qo7I\/hLmPt4Cnsy7Zv4BmmkYC8j5YaLcbyLo0WZBB6VGUUcEFHgI+MccFtfD7y\/Soyos3ZZf4ARZE32lJQwHciqD1QkvR6oVrSAqPEM9SngERqYruFpkL\/ha7bCEe3C68LXjWs2M0uOGQc8CM6fQ+pVCklz0cpuyl4QBvIZREZAHMzJrTfW1oGcQ\/tTjPoG4CffvnsGgn0uH3PabZriRqEQ9hOWyC11Ea8bdNWvNOuuSjB13uS2KuLfV5xAJx2sMMZRF35OBURgpm1oSsp6lG3J5oIWyJEk\/NN9pTMisKM1Lb+h132vTa4Zt9oBWjd\/a2\/995t8CfXGS+9lrd20XD75zGzc6S9RXwKzEP\/M1lvotW7ueHDsV4tqmu+8XxnGd4cCaTSnMpiogUMUXsYzcPFojS+oAI7YLxyoSj9ftVhfwyRA1t4Na6tBzC24NM9W\/hbT7AZlW0YX5gE+8LXmfFB9Gktd\/l2tIPsJspF\/u+DabDf\/9et1Fgqr0dP0uw=="} 01174{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":21,"flow_first_seen":1600365863681233,"flow_src_last_pkt_time":1600365863836720,"flow_dst_last_pkt_time":1600365863839043,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":3496,"flow_dst_tot_l4_payload_len":20953,"midstream":0,"thread_ts_usec":1600365863839043,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.FbookReelStory","proto_id":"188.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":24449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1600365863839043} +00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic-mvfst-exp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":24449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1600365863839043} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777737 bytes -~~ total memory freed........: 7777737 bytes -~~ total allocations/frees...: 146422/146422 +~~ total memory allocated....: 11486356 bytes +~~ total memory freed........: 11486356 bytes +~~ total allocations/frees...: 216676/216676 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 575 chars ~~ json string max len.......: 2229 chars diff --git a/test/results/default/quic-v2.pcapng.out b/test/results/default/quic-v2.pcapng.out index 0995caa3f..b789bc431 100644 --- a/test/results/default/quic-v2.pcapng.out +++ b/test/results/default/quic-v2.pcapng.out @@ -1,14 +1,14 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1671528048896780} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1671528048896780} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671528048896780,"flow_src_last_pkt_time":1671528048896780,"flow_dst_last_pkt_time":1671528048896780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671528048896780,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":42086,"dst_port":4443,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1671528048896780,"flow_dst_last_pkt_time":1671528048896780,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":1296,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":1296,"pkt_l4_len":1240,"thread_ts_usec":1671528048896780,"pkt":"AAADBAAGAAAAAAAAAACG3WArmusE2BFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAGkZhFbBNgE69ZrM0PPCAcmJyZC\/C6yCBH\/\/epFJCK4MqGWwvoV7EqZs5m5EW6yxe8jMGVCOjOsFtsb58R1QeHbyTN7wDJrFztAv8sR0ltkfQ6BQcif1dT+CuBqOkliOSyekcLhs5IK4\/EqcSiu1Vc2I2kZCMmWKpNsq+GH5az05AR+b+iINMh+SMq2M23PZZk03\/wTPgtGcudOgaDYAdQf1qvbbgTCfZyDF3HiyP4OAl\/iKBimU\/YJu\/f1ADkrg1eb2y71BQd5X3v3pjyTnpxrgpLZ+vv9Da\/xk1DMsxxHOYHdz\/NeLURGVCejzo9fkdp4w16Ueb9tNytawgEphEx3BSVBBA1PLxVn3d2G6+CxjvzeZtEJjuejMOx3HfXtyZuqqFPvcrCkm2hdl2+DYA5bvtEvscEj4Ym5CnWFvz47xC7wF9Bgy0Y4pOaTzJ4EkWvl6mv18LRqqhZmGdxGWg3bJbiSJiFrcNxJAUKE7lEso7o1TN0m\/cOjbl5BaTBp5\/qJ+0XYxoeALINiRA14qyxyfngnr1ZjvpOd1IiKziIUGV0OiGH337zAw8iGwD7iQk2WAZIBAVjAFnN7Wm7a8J8T9l2DDkdsQaB8fmut\/B\/y4qcLDxrVUe9Cng72sNhbCDTAj\/3vcK8XRa1huDOBM5aArjm5yS5c24R19e\/Xt2s\/eHcSZDGWC2Clphs6Eu4eXx7qeVixbQxIWZv09r7jazNDzwgHJicmQvwusggR\/\/3qRSQiuEKjbkbUQfjD91bGCNQXlD+3eo\/cE7mUA+W7lNaoCdZ837\/+ANaHhiU22Ny7mg2Uo6oIDI\/kA3nVLT+YKlIa+ZANgDT7CuUEsoBz3FmhicEmq5\/mNliNEDT53ADrsB6HKdZjQE4A8OOOkCr3LiuSOH3KuWvqK0Rbjz9sK6+z\/AGqFSv4dMjUs7Rr+\/W2FnoTnKTNpxqRd2KzATp7bnvLn+b8E7MhNjbdlziRdOVtYzAqH94vIJOOIMe8a9\/oiQUotTxy8fNG1ajZZKRvL0nqVU6zdUqHiMru1\/xuSazSUwLz+OU7EXMmSkQ+ZlvAnTpz8YPtPeuQl0psmTzQqm+uJOI\/7y5JNBbYWPmB3aRjLjBrdUTsn7ZcFEuutFbIlbr24xD2EVN76OB+Tr3ew4PEVf6IJTmwj6AHOn5mzF7oH4Nt\/sPvQ9d9wwsmDr4X8cE+tgmJfLo2SOvgp9rlCf3f3fKQ5p16JaxdsZIN1YBsYWX+SQX8zdljVWNog8l31o2YdnLB2Wxu+uGb+nSU+Jtm1h4JgIR0SEY4NEhbB1FYM+00rhga37Tsdpg2pibU76JAxvHwEKHxQsn5SO3eCghAtmyeJIaY9FY5ftTcbD4+xbrHGBKtQeNlMei6Yvryacu85Vrl4yAdRD81BOqXJ3h60g\/wuOc+2g18Ui\/UZ77sYC96U22hwkgmIwXSbv4h8X3bm1QJ\/hkUWqPfFinVo4HIMDUoT8lJQQp8HWbnJ80ulrDCZkdU36fHxGW+ZVXkYr+DuUBKTyZrDfADc\/jeI7kMKMkqnDPnplqmJYyx1bJuwfdMBUMNZ8ASLhnA9bBm4WcnFFwAR+d7gRPUHnNFZ5X1xttm1Mqqt9JcGKcqFj11uexFaRRssg3lrESzZbA0Ur5MBXNLKGA8"} -01372{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671528048896780,"flow_src_last_pkt_time":1671528048896780,"flow_dst_last_pkt_time":1671528048896780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671528048896780,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":42086,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"test","quic": {"tls": {"version":"TLSv1.3","ja3":"5e685944fc983af5eabcc813add3dca1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} +01393{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671528048896780,"flow_src_last_pkt_time":1671528048896780,"flow_dst_last_pkt_time":1671528048896780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671528048896780,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":42086,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"test","quic": {"quic_version":"V-2","tls": {"version":"TLSv1.3","ja3":"5e685944fc983af5eabcc813add3dca1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} 03319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1671528048896780,"flow_dst_last_pkt_time":1671528048898552,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":2098,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":2098,"pkt_l4_len":2042,"thread_ts_usec":1671528048898552,"pkt":"AAADBAAGAAAAAAAAAACG3WAtsGwH+hFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAERW6RmB\/oIDZRrM0PPCBH\/\/epFJCK4CLhE1vcYdf0dAECeub3wiS33UZiAjFXSnrkz+xz20KQdqwYuXyhhaJMxwiXPvJDe6E\/P4ZccFj3UhjHR6peFb\/wBeNdsheCMQAuSU6N7zask\/nfxnVvQF+ugE5+N+\/D4tNO3IysKJHXkOSJsFM2VHrY9CPjjkYdrrtg7pJncWXh2d1JCiLY8j\/8upHL\/RKqugiJgGpEVW6lPop38Tqqgxzlsq5nWMdpxd7O3azNDzwgR\/\/3qRSQiuAi4RNb3GHX9HUP\/HsX3+iTvuIocwN9hYKy1\/GqB6tIfRTfHcVW3VwgRd6tlLNGMEWyBzuaNGaCTBzAsdjtPBGvQjSVqgrvWoTsBtHyBXMNVN6RBP6D8vy7LBgnvTaKE5G7XGzKEgfz+m6laExkwcj8HiepBf1f8Rb2bOkPdvj5VUqjLxnXzHYmb\/+NKnTBnpMdoDBf6q\/9RN7xGl2bKzu5zeZqO3RxWypEe1TOyWoLmuzSSIkYabqaAugYK4cKcwBgztoKubjb7nd++PGA5PD5O\/d76mRsoZQ77XeFI+PcfOpeX\/0FPwem5ci0zspUhK7XY+O3o0S32CIuM4Dp4zQxaXlpEwGPL0QVOoQPwAuPXVZaqQu2K5RiJKCm0T9Rut06MfWBP5+8II0uTk10X0xAcPK4mtMan5b3B\/cvtLDOHHCoBsnpt+0NG1wTNnOHE8dDTh8\/q6muVRmyy9xc+7Yp6tCVuJsVznK7IE4lZHQXR8\/Z8h4+ohIDjwrc4ubE3qt7gXqHU2KugdUook7ebvfCxyi8IS\/cQSDkPNISgQitdCnwVpMhkRx7gUHApdIbBngPieZ5uZFOK\/hNz3VANXvvpdVJcsHI+KvePtIDtmxBhU98b3KaKAHaNYh1tjDiGtTPos9hrUWwBMX29Jg85anlOCsY4PuFrZkb5GmLgZv7hmxjr4TEAqXaHuSfZ4B4fNqcJrD0o\/NSKu7q1mS\/wMeiNvy+jsVbDfHE\/UpAbVfTfUI68+O901PPENCJ5DFPh539kWW8Le3l6Ph3CbdxtFggYrG2LFySePOap5TdzeFxbs6z2ekiKNDolPoKQQDOP3982GfD9BJyv1EBNcDYXex4dvjnAwNBjupd3mi\/qALh\/zBQKSknAWCyvgCCLa1o0Qe\/PAN1OsVnN8A5gGvMeqI\/jsEQjJiXyh54irEtrhO6wRXuvR2wpkeu5tNZ3pK331dgNyM+2OIDhPq8Xf\/oBpXzqK3VrkuWrCKvGkladm\/vPr22+jZbfQ6dFokqaTDi8SuRc8Mjd9QVnAWMpBnkiCz3SmlNoy3Ff6Ky4rVnpDd9h0OU7OdqZC23h4YHgSkQ7cIhtDgF7RY\/I5I2t\/5K7ItkSzLxAjuLPnaQy8fXx8jYPI44CX8iqZxuDxK41SkqK45Xcw7NZ0UGExhclph6a8ACb3FoFPcBkYYEm9mTSj7GBbv8jAai2C5klgFxnBJT6M4gfIDEAhc6rMDQCJi+hSWxKrdhzQF9+x93uJQszidHWhK2H\/PhQz2P3iQAf+iaP6bhndfzMOGgcgS6FsQhZV7+DMzcblLXQcAbtUkBIAXdaXhvraw8hx4Qh2lYklEmdwQDvRM8o7J\/VipSykQDR8FMrp9ys9JQ9dZJmuWszQ88IEf\/96kUkIrgIuETW9xh1\/R1BUpnwhmjGT+ndWi5NHLsYUQsNMSvpA8TBwvjZkxliQMaC1RKHMPzLImp0atIQMF0chBIxQPR27dc5I1pbMbNTRJ2yTQEtCZfIjaakm+LPCMCLGSlLi9Wg5E0Kjv4qh5M1i\/EV1eHhEAOpbtgrN1iz02GCa9bl0JfJZbpZwfq\/cKV17+tyCVB8svNdL7X\/E6bJyTQBvuodVQwFlAP5VFYbmZJqrUcRfvbUcOXojzg+1oJxwiIp1KlBWjnOJ0X4ezjIFsxxHH4qKZ7d4cnoIcRAFYRbyr9JxLiJZ6ZUiu+YiiZVArJmT0JqXpBI1biE0f7fRRRfR2plqOX2Ge+CIP3xw3bRMZQU7tEqqSG+h64kEeSem3bFpm8e5lpaaY3SM6fP2Xh26H4dbRWmEgYY6s4UIn6HrMkC8\/WncIHQ38FZ1lUlelGDnJmXJ\/Ph3bo8o1fukKi4SRH\/\/epFJCK4RGwAvHqZ1naXbmZDKl0teDuH23V9arrMyJEDYodp5RJyucoM\/CAprfUeiRzcLNFzMZtx2EJ+OJXYtHTee+s4PZNb\/K3W7PIlDfDhu1bBapzJF1NDmkDDIqowAiLOT07\/d7jdOSRI62I6Hlk9+8euWAeBvLLW+e7g\/DpiYBWS0Migc72rvtWkiimcj3JZmRXId+Uw1e\/KVAxVEhYaUx9qYo+ZfJMVGEDvcABr0vTcp3WlHp1Hl\/d1feluOUfF3oXKRXzpaOf9wqatbL+CQVOUTnFQGMPi90F47Go\/oEGELQBSPk3CEmEcoZHDMrS\/KS90HsSucHQhzp\/c6q8vFGwYr6zzjm5EQ9l8Kr8QRK2Q\/CEFtksNs7PvrqBLCaOusNjF4KGW6xVrMcHRSA3KO6CYLK+AEtYhy16g8N2Bjkc3KXWnssibrqyYLDy2RtSUMMvSjFZ6jeANuCMDNB8lIshR5mVzKl4hR\/35nxkPjJGtgSJAUZzX9oKUcHr+fsa\/3KKVjlLooum7p92ii8RBuUW\/wSFoEo0joaBidUG8OxFLQlSYrk3+jpn5fNPJfoZy4w=="} 02501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1671528048896780,"flow_dst_last_pkt_time":1671528048898573,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":1504,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":1504,"pkt_l4_len":1448,"thread_ts_usec":1671528048898573,"pkt":"AAADBAAGAAAAAAAAAACG3WAtsGwFqBFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAERW6RmBagFu1ER\/\/3qRSQiuCqRaCk+8UnU2hK2K9d9zPPVIGvbI0XgGM9XPiwx9z9NvjusGABXX4fKlodEz3\/id\/TtpZO42fEoM4he9lExQo2pZpaaZl6UK0elqYA4MzBfG2BDaYXCfb7XUS7s7eDGExf+n4wwi41TsQJz7OHaXYoWsgX8deJEEK381SEw24hQHtmEzjIparc6IZCDobm\/Cc5IKgh27ct\/BgSR0VNq3mrvZYC+WZ1grEV8qCk3HpKNzfiHjbnyR3mJVOijYoNAhHQkKmMj9+6awCcDioyFLKC2pecDX3NXmKd8Coil4SbyMwAbNvmt0IhANqGXXbzPcSOxxPEZ\/i3m4CoUrjM5YO2jgeWzqPhi7zRXM7gjta0zHnwc3t9vYwK1mIAdawBkyueeDc1Zh8KfD0GznAwX6p5kf7LRyDd6S8Z3ADEq\/afL7xCghZpbJDBnAO4qBmvmjFkUWIQoDWhuMVpAVGaIwQJmKUEcKEVOxWEiyDAIlA3KmYzbBjdAm+X05N3mfMmokgtQDtrkfPdgBFfpWmlU8VSbHkbd9iQKKCrQHuTgRBykHec3k86vdTshOy6X5tZmzQXjN7gj\/ERINmVbwls3BhoEypFl6ZyjNxSgYVXmv8CK1r+WSIt8flcGrODQ2ghJAT9vtSCF0NoiGjhh9x+cG\/CXbP72M8yvW6Ay+yhCny65VoajsAVmhb2LehUEnFTEAOEImMqmycKzzFXPFb6SnVfetULH7dWeWsn7jF9feGH4tBNTI12HDMH0o1M+lXjvwWZvOFtgJRB0r9RmLrseZlsmK9y\/4OqoxQQ9EOUAzkA+i+QcLDFe8az81h06K6Q+4pwLk7bxXRflHegFO+ueiuVMfWcJdO7N2R3J5IM9Fsl4L\/ynt\/L0OMKQL1Qm++KoIPqSodD\/NNWziLj2Zt9SHL9OOuCu6d5efFRlt+9QnJgyHe\/RwSdT+l4J+3e93UmqkkmLqSdXMlwq\/aPT6AJfA9hB5CD7LO5PUYb\/RjfwNhSlJ9arMAH5VggEfMB+oCmknp2rw1zTZUalVvcpGwUCU7fhCAWBBtAbTr2q6QJZtOyRYWgvQ8SsUqv3v1XC1HPWkBRhKUza49jLm6xLMBlj\/R6AHqa3PNJcJ3KpfQ1ye0qaS4NVKVEvx4z87U\/LSaBeEURB\/ZLDyMPJSnf5ffTN6pechCohN5KGVbQoEZ0awvlzo3rLPzejF++7sekRY3kmNiT9w6A0A4BgiHLI6ZEVzN7v9UYBJFj9hbK\/wp5oQVjM69j3tvn7Q61kLo9C64x3YquNX0sZFWLnb+UfSh+RkZaq9s3GkyddBSdcQqw8tlimWFM4hlz56B\/xZVFjmSn6Ubf8Gu7xnPFH2IBB5At74GWUWdH7kPezZB\/rs238PZAci6l\/6rD6NcsRJ4a3fuJUnHAClUgA89XIw\/MsDUmZp5bcNT5IiHuBrrdbPy0PiOGUQMDLT6eE6rI9RdxImjMb18LkSnuj4p74nBom6ygA5SrGvdLmdQ7ItNbq+XZPkNAYh2GRapzqiUHQRIerrIB5\/jAuOlCf3hXnHR0YsTaoXwjo7IyFxZBnD84RQMspgbvG78gMbIj6nC9JPMwf0cin+vefUaWFhj4vOZqsHX4b7XmWIt+5SvbLk6D6Yb\/P2ei+4QwTeo1cM1XlhCcNLV+fYQD3ibenx22NwKZOMf6AAIPcyRkn+5\/ksvf+CJnIPLmY018C2ynvWkuwa3XK2h3VFTsn5E42PeDWkZX2zvXkrituU+EFDZUGSiQigY3m2TfyOmwfNJC4EhezWKW5gf\/AFodFnr3IAzmFG03PCLbEVJElyF\/KvNzOF3jzjgANnmTRC6QAoqmd\/6DAW1xVnd9OLZLlEP8NhJj6adej4pJf+doWWHcRY+a24l809CkqDU2hwg7aJgyN6A=="} 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1671528048898845,"flow_dst_last_pkt_time":1671528048898573,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":212,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":212,"pkt_l4_len":156,"thread_ts_usec":1671528048898845,"pkt":"AAADBAAGAAAAAAAAAACG3WArmusAnBFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAGkZhFbAJwAr7ZrM0PPCLhE1vcYdf0dCBH\/\/epFJCK4QEQjqN6ZuLL9MJJBLiNhJeBu1W1LK2Dw2EpAnvhN3X7\/Bjzg6IFOJXDuMbvIvafcgeSIFtrBbbfsrmqtp\/0BDJ4uUOkjFg64RNb3GHX9HW16DJaZYrP5pKZaca6ZmRU9khKs082+s7\/8kvB0maTbmbBpsZJQfB3KjOhCfyU="} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1671528048898856,"flow_dst_last_pkt_time":1671528048898573,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":119,"pkt_type":34525,"pkt_l3_offset":16,"pkt_l4_offset":56,"pkt_len":119,"pkt_l4_len":63,"thread_ts_usec":1671528048898856,"pkt":"AAADBAAGAAAAAAAAAACG3WArmusAPxFAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAGkZhFbAD8AUgi4RNb3GHX9HTahAC59jOEgM22nHO6jxIbeEiGpaXFX16v56wRTMhB+4p34Eoum6PVghpele\/s="} 01199{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":11,"flow_first_seen":1671528048896780,"flow_src_last_pkt_time":1671528049435550,"flow_dst_last_pkt_time":1671528049400903,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":2034,"flow_src_tot_l4_payload_len":2222,"flow_dst_tot_l4_payload_len":9532,"midstream":0,"thread_ts_usec":1671528049435550,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":42086,"dst_port":4443,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":11754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1671528049435550} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic-v2.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":11754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1671528049435550} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7775935 bytes -~~ total memory freed........: 7775935 bytes -~~ total allocations/frees...: 146411/146411 +~~ total memory allocated....: 11484554 bytes +~~ total memory freed........: 11484554 bytes +~~ total allocations/frees...: 216665/216665 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 570 chars ~~ json string max len.......: 3324 chars diff --git a/test/results/default/quic.pcap.out b/test/results/default/quic.pcap.out index 31735c93c..872960781 100644 --- a/test/results/default/quic.pcap.out +++ b/test/results/default/quic.pcap.out @@ -1,46 +1,46 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1431155536815947} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1431155536815947} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431155536815947,"flow_src_last_pkt_time":1431155536815947,"flow_dst_last_pkt_time":1431155536815947,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431155536815947,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1431155536815947,"flow_dst_last_pkt_time":1431155536815947,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1431155536815947,"pkt":"ZHACjT05eJKcD6iOCABFAAViHYdAAEARqU7AqAFt2DrUZeHpAbsFTjSmDbLeXfFPVUXrUTAyNAE7bomG+Dzzt6arXQUBoAEABENITE8YAAAAUEFEAIcBAABTTkkAlgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQkAgAAU0NJRDQCAABUQ0lEOAIAAFBETUQ8AgAAU1JCRkACAABJQ1NMRAIAAFBVQlNkAgAAU0NMU2gCAABLRVhTbAIAAENPUFRsAgAAQ0NSVIQCAABDR1NUiAIAAElSVFSMAgAAQ0VUVjADAABDRkNXNAMAAFNGQ1c4AwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLW1haWwuZ29vZ2xlLmNvbT0+v6ewgcRvrlDFl4IgCKBtLSXVw73kkvbSDmvcmOf2TBMxulvrGz8yGTFdF5jLNEfrxdDYlT46wVhRMDI0OZ\/5U0D3\/sl7Junn5Fxx\/1VNs1C1kCtxr0CV9UPILNoJ6w2heNOu0THXmZnbqXjfZAAAAEFFU0diZXRhIENocm9tZS80My4wLjIzNTcuNDWSgFuKS9buSt4mHNzF5UW8AAAAAFg1MDkAAAQAHgAAALUiugwS5Xe6lV7+35SrDjhQNi2XDPMM\/SAa6745q60xAQAAAEMyNTWyymQS2aTzwxJH\/U1CkeUIQAt7kKmueetRQklDOGABACXmg4KWna0TB6ed5h20iLVA1zTe0FGDOptzFKaIlVwv9K6LN7uMdA4zwVZIB1iByXkmIDPeaAjR8KDHiEXiLMdlilnNIxXrsf36+nSmAywD99MMia5QSojDYPQnkx\/kpc2+WkgLuTD7x6JugKntVJ0OcgBRa3ZbeaVzbIzXT9DutsK0zdmFTlT7PzF\/1Y0KupYf9uk4kqnlGvQLoUuyyKbFovu6AACgAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01143{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431155536815947,"flow_src_last_pkt_time":1431155536815947,"flow_dst_last_pkt_time":1431155536815947,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431155536815947,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GMail","proto_id":"188.122","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"mail.google.com","quic": {"user_agent":"beta Chrome\/43.0.2357.45"}}} +01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431155536815947,"flow_src_last_pkt_time":1431155536815947,"flow_dst_last_pkt_time":1431155536815947,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431155536815947,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GMail","proto_id":"188.122","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"mail.google.com","quic": {"user_agent":"beta Chrome\/43.0.2357.45","quic_version":"Q024"}}} 01105{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1431155536861947,"flow_dst_last_pkt_time":1431155536815947,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":478,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":478,"pkt_l4_len":444,"thread_ts_usec":1431155536861947,"pkt":"ZHACjT05eJKcD6iOCABFAAHQHY9AAEARrNjAqAFt2DrUZeHpAbsBvNDyDbLeXfFPVUXrUTAyNAKdxuQD3gljSLhQUOfLRbUHNhGyhVA9b2u4w1RW9E4SCZCpycMJZccQCIwgTfygJ\/6u\/OxyXHQ8t9GsIUVpGN5BSEz\/EaopIjzG0oey+J14dhVaQT5clZ4hX2alMKUnKCpX2UHp8k4gIBE+BTaDbhx4sVltZ3YRbFd1slVBcwxCCDis9hGoXWyhcUU9TpSCvPXqyDIBYGsw8hGUNxjvWcC36dLiKPlQ1A++VHlkjzGxGsfgIrij15t0O6lgXxVbA\/HpW3G2ebAmsKraKCAnkkUtJl3AOI\/J2OljPOJ8ybsb8ihq0NT5yt7I6jw60az5CR6QV4lZS\/t+fQsKeKH0MrEQhH3b6f+BZUKI9uikSR4hfQxA8xYeMMFcn\/fjScjPTaUqPoQqgHKJPMZAaJaOIXR\/06t5\/mWN79wAQ5uIfj\/sSvnF2vA+Wg+Ct+7u2iMK\/1hOAY0\/EO0phnuWYuhnxN7rmjjYiKKpzjb+WYnzCHocgbS6q4u8VmchP8qd2Emms7CkStzYV\/CAUZKEnfSvajU\/RaVfjhz9giNrW3Dr5B1Mu7zIwMFBEg=="} 02337{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1431155536861947,"flow_dst_last_pkt_time":1431155536876004,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1431155536876004,"pkt":"eJKcD6iOZHACjT05CABFAAVi+w8AADYRFcbYOtRlwKgBbQG74ekFTrySAAED7yXOnwe7pFDDfekcKJR3Jy2sqO+OrEMBkrmlA5460PLSsQWLxQP3oiY5d8U9vyThqGCVEM5n\/b30dAd2DjWMikTcCyMma2f07JhYHF3MMGVgNWOe6MGYINMPJ609w8TfRzFDXO2Hv3Rd+Io3\/xrzZn4oPs6zhHI1yq2C3Bu04kRZDHQePoRj30\/8HvjxNKB4JiKyE+zKdMREBQ3JOi\/Z6sOIMbX9akogkYpnl7ng6wuSDWdU0O6S17QqQ\/PZNbWcKj10ybS4iwVQA0f8amB7S9uZIaouXNiBUNnVoBkvwUNJHLfYTkO7Lcrh9\/y6VuU0sUqC5BwPmW+2ikCeMngUD1xHT1Lx5xcuKKpYgNXg5fiz8miFT9HCjdjO6B4AMX2tdmMxafKWE\/OE83wkxbiDjermaqDLFN43iZrsa77dngVKSa0JOoliFCpsBQc+8MPNJciywBt2F7RgKowH2h+9Qk9ORQtDAbuXMpSiJJWSUWGURbG9ZouMcFzy3aCPhH9WEaiDxSqv5bG1C+4++Ap3JmLZGydHT1SxVwfUUCxHryOH1SJLcVb8wYjogx1ZyV2hUKKGb\/LTkrzKQgQmaow0b30+zmXo8EqAqNi+pbkwMCjRuhbpSGWkDycL5nwxuP9Ml3fkw+Nua2MwUp0EfcBQbRU9wNgqxQ9uJseySfgLNd277XFk6kBsEbZHLkwoqVC16i6UXqO9Bq9Qa6OSE4HmTd0ZK\/TJwTkvyZH7HArDOO\/IcXlmUhCYygfBL2Q5ZpNExxrN9hs9fyUTlDAy\/fKVbi1DmTvb8UQ08IKIHR88Yq94i78i11E4Ck+d\/mt1HMNvsgPj2pD+djmLPe2eSTH37Jk2vmFRiqCOpbpsl49D\/VP3D6Iqy69k4ASDn2RRISJtJTG3B4eSG0UcIyl51iCsWhHCXqo+IYYFVP5DZZddk8U1w9uBnJXeOg1TXZTOMI0ol6bS146IgKA69vbLEVfalKBSuGdHvDKyOMSnLak5kQ2gF6fQS9y3naenu5fopH54EXjO3jjfmTVJmGvZC\/P1NiZtWEgaqDhB2DugL5t17Tc3VwmJfqg+3eAVYWabEKtkMdIl3iArLACUUBNCZz1HkomKYV+WYy79+d13Y8v1fzFaFyLLqqM4eyurBPDRG\/+y1oiSpL+pmxwnbgxI3utzVErOYH+5lhn82g\/+Ii+SkdpS0RH4VCbqV\/v0Y4Y5Od4xYJhouL7GcBe5gBVDLL2wvDGN\/2TxDwPjLE+A3+O2Fa4G5F\/+gjnrsB0wdiL\/ilvOHsRXVpnfbw+QbFdGjFQzBh00mHjlv+hyldAVX6DRrmAyZqfHl4R8DYS3AwjxssPWDwDtSUMlQQpikBERZ9MMlFb4xTKRR\/wBi8a8Irtzx\/kIza\/1v2NJPtS13JBH+AEVAHqIKkeVWhalz8eieG0tc75G2spbagtiyakNL\/rq+i0PePLukIW0MDDsvi7O7dn\/0fwGspoErTl6j3PKwj7+sTyyEqAVRQx1M7OB+kmMDRumZ6Ct9DotkVa72qOqLha\/8xxMPobKOFlHa3535yRdBIpdRmga9bEYopLGGzkYHAzAiGpiXAo7oYF9gbpS7a5ciOCtFbOspMqjc6us7YE1Fk9eZR8mOK3nE7WlV4miQCj5Ye\/jSzjCwJgC1JXYSzigmV7HoFUEa9032KRB3TfddhJ9qY+MTGbbTrJ2h+zE2tLE+GlMJ43i68EjkXl4FQgRWpuP1j6L9IzE9WrKG1pRl60aGD77YrqqhZeBKTB3VaLzjU5uW3RnvxwpEMU20qKXXlS1"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1431155536876734,"flow_dst_last_pkt_time":1431155536876004,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1431155536876734,"pkt":"ZHACjT05eJKcD6iOCABFAABBHZJAAEARrmTAqAFt2DrUZeHpAbsALSjiDLLeXfFPVUXrA67v5IKthu5daKgPQycb1I+P+X02zD7nMJ4gZg=="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1431155536876734,"flow_dst_last_pkt_time":1431155536941384,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1431155536941384,"pkt":"eJKcD6iOZHACjT05CABFAAA8+xkAADYRGuLYOtRlwKgBbQG74ekAKOqdAAIPpl2KFMpJfDQ+pZaM0w+K\/5VnEsUISIlT4r5r+nE="} 02338{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1431155536815947,"flow_src_last_pkt_time":1431155545866860,"flow_dst_last_pkt_time":1431155545859249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4333,"flow_dst_tot_l4_payload_len":4661,"midstream":0,"thread_ts_usec":1431155545866860,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":583684.4,"max":3197585,"stddev":963931.8,"var":929164558336.0,"ent":3.4,"data": [46000,60057,14787,65380,2487,93393,168067,168088,622738,681338,42,58036,3119141,3197585,40,12,54064,25544,1951118,28580,2034695,28303,25,7,56884,470823,496378,2190158,2289756,44685,126004]},"pktlen": {"min":47,"avg":309.1,"max":1378,"stddev":382.9,"var":146578.8,"ent":4.1,"data": [1378,464,1378,65,60,711,68,711,65,200,494,56,68,180,156,55,87,68,65,241,149,63,57,226,47,74,201,65,1176,63,744,455]},"bins": {"c_to_s": [0,8,0,1,1,1,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0],"s_to_c": [4,4,0,0,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,0],"entropies": [4.785362720,7.506221294,7.842458248,5.653138161,5.515064240,7.661302567,5.705106735,7.653655529,5.683907509,6.901843548,7.549375057,5.423249722,5.793341637,6.893099785,6.626470089,5.353907585,6.017427444,5.664593697,5.555222511,7.050589561,6.613369942,5.496887207,5.372109413,7.016873360,5.139485359,5.793843269,6.920541286,5.579985619,7.860387802,5.401647568,7.762588978,7.570559025]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GMail","proto_id":"188.122","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":237528,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1461850699450756} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":237528,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1461850699450756} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1461850699450756,"flow_src_last_pkt_time":1461850699450756,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1461850699450756,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1461850699450756,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1461850699450756,"pkt":"OGO7P47K7LHXhMJyCABFAAViImxAAEAR\/xgKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwHak8zsp30I9q698IIAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1461850699450756,"flow_src_last_pkt_time":1461850699450756,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1461850699450756,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01302{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1461850699450756,"flow_src_last_pkt_time":1461850699450756,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1461850699450756,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Q033"}}} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1461850699600955,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1461850699600955,"pkt":"OGO7P47K7LHXhMJyCABFAAViIotAAEAR\/vkKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwKbXvfkbQpZgkUtS3wAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1461850699901030,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1461850699901030,"pkt":"OGO7P47K7LHXhMJyCABFAAViIsFAAEAR\/sMKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwNQcq6EZWnphcq9nqEAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1461850700501096,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1461850700501096,"pkt":"OGO7P47K7LHXhMJyCABFAAViI1JAAEAR\/jIKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwSJFGwp3LQh28QKtVwAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1461850701701181,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1461850701701181,"pkt":"OGO7P47K7LHXhMJyCABFAAViI7NAAEAR\/dEKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwVe6cdVWYyeyFNdPaUAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":161,"flow_dst_packets_processed":252,"flow_first_seen":1431155536815947,"flow_src_last_pkt_time":1431155574747686,"flow_dst_last_pkt_time":1431155574746268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":17168,"flow_dst_tot_l4_payload_len":220360,"midstream":0,"thread_ts_usec":1461850703450276,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GMail","proto_id":"188.122","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":420,"packets-processed":419,"total-skipped-flows":0,"total-l4-payload-len":244348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1463060980301154} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":420,"packets-processed":419,"total-skipped-flows":0,"total-l4-payload-len":244348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1463060980301154} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980301154,"flow_src_last_pkt_time":1463060980301154,"flow_dst_last_pkt_time":1463060980301154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980301154,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1463060980301154,"flow_dst_last_pkt_time":1463060980301154,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980301154,"pkt":"8IQvSpdgeJKcD6iOCABFAAViG\/5AAEARmp7AqAFprNkQBLJlAbsFTr+DDUPl1BjSnP0KUTAyNQFyZIfG66V5bj99kfIBoAEABENITE8XAAAAUEFEAIgBAABTTkkAlgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3Lmdvb2dsZS5jb21PyGNIiSYlWYMNKJNAlwv39ix54lRFVA6paRsUl4FQy0hWHom6FQQ9JcZPH9joUxX+SDLF1j\/DSdX0UTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn06ylDo5Ug9+nOea5qJJts1jMXRdJCxw2QvK85nmQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjQarjm3cTKFpJVCrT7eADgKAAAAAFg1MDkAABAAHgAAAMpYWB84oseWX+q27ipmj\/RQLfsZQqQtGKexDF79uuJfAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5Cprnnr7MUAAJJnZtEbkxP245vVr56GfjMCMAwif3n\/lWOThmdSnoedzP2jx+7ZPMWRBUv\/hZavd3FPUhQwHHwpvJJDzRcoSGYXtOQyhcYCVpGlxHD65Db8HFfgEKEx\/YlE\/aFaPqB1XqWWzf4zDCgIc\/Djzy4R\/py4JVjfq9V0ooIkHbH+8mAcpgdNt3gj0SeICAOM6wnOXFVXQaU2KKd\/llBTkdtTIS8p4UckAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980301154,"flow_src_last_pkt_time":1463060980301154,"flow_dst_last_pkt_time":1463060980301154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980301154,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}} +01171{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980301154,"flow_src_last_pkt_time":1463060980301154,"flow_dst_last_pkt_time":1463060980301154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980301154,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64","quic_version":"Q025"}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980313862,"flow_src_last_pkt_time":1463060980313862,"flow_dst_last_pkt_time":1463060980313862,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980313862,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1463060980313862,"flow_dst_last_pkt_time":1463060980313862,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1463060980313862,"pkt":"8IQvSpdgeJKcD6iOCABFAACUtgVAAEARBWbAqAFprNkQA54NAbsAgHEsDKM2rKXAEd7wIt3qCq5m3TavpAsTDbAsFGxmQjrMNGgPLp5\/67eBvHP3BJ3FiMAS4anKHt6qD2LZa9lkPD+xi9VHkCY0QuwL2qSbKNzU+YmHNEsRyVDptUSV5HeCE\/peVLnXWfr\/zBYlTVvhdUjE1rsevsCPj6RN"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980336240,"flow_src_last_pkt_time":1463060980336240,"flow_dst_last_pkt_time":1463060980336240,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980336240,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1463060980336240,"flow_dst_last_pkt_time":1463060980336240,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980336240,"pkt":"8IQvSpdgeJKcD6iOCABFAAVieqhAAEARTajAqAFp2DrS7oaGAbsFThSMDaSWOQdzcSypUTAyNQHV5wqJLuvacsEa2ggBoAEABENITE8XAAAAUEFEAFEBAABTTkkAYAEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS13d3cueW91dHViZS5jb205fPBATCqFxnBl7Xv68Z9fD9Nmah0fi4FMd4fkZ11E\/CzEloDogZdL\/nncpFiRZ2yDvER3hyJLRuKPu2yNKulWJLAj1kd1TL1O1ht+4DYSFzHaxW1I0SXh61LEyPn0ZJNHzIO4+v+uSwxJi411oZGLUTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn0IqnIQgaTDzQq3tVtNNLVAtwTevP964BOlEvwfGQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjSzHyexPo2T9WCZD4U6m8alAAAAAFg1MDkAABAAHgAAAGluEpDbken\/KU7Y\/ELsDAQ\/jJay9FDlf0UZ5YuPrPZyAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrcNABADyUl7\/h6mDtG4NsOVvVuJ1PZcqwDa87DQJ80CEFy8NfQNViwNoS56F6e843IHdgyXgGBymFoVuWTPeBJJ3oxBn7RKC7ZZ3lBjoLLbk9XTVRW+SbaYvzMJPMbCMtrqm0FX1EDkyftTNYRo2oN8jHq308RLDWGOdHHpxuN7oxivKsZVduus4FvpUAikTROVWqLCaDklpl4qgg4HMAiksVv2oDrqCwAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01148{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980336240,"flow_src_last_pkt_time":1463060980336240,"flow_dst_last_pkt_time":1463060980336240,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980336240,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}} +01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980336240,"flow_src_last_pkt_time":1463060980336240,"flow_dst_last_pkt_time":1463060980336240,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980336240,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64","quic_version":"Q025"}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980349794,"flow_src_last_pkt_time":1463060980349794,"flow_dst_last_pkt_time":1463060980349794,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980349794,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02320{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1463060980349794,"flow_dst_last_pkt_time":1463060980349794,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980349794,"pkt":"8IQvSpdgeJKcD6iOCABFAAViOWpAAEARi2bAqAFp2DrWbr09AbsFTixPDZgh\/ntZ+3x4UTAyNQEexu19QA91RUfxOasBoAEABENITE8XAAAAUEFEAD0BAABTTkkASAEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0taS55dGltZy5jb20wbVd\/xJG3uBvID0WAK+ohpx7cyOJ2dtebsPJwjywjfFuGDbC64HOW7daWVAssjrQthDJVGy+I6s+aKoR7mAYJDhdEEUKOBhWT8KdUZ+QsCFwZeIYkra13fPULR+kjxZwRpLY7sCam2MMIw19PW15Bf2xgAD\/plCBqG73f91yMrvU7pcyTjshGUTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn0h3jC79n8KmTTqLGBqNDsO\/+yFOWZXiuGsfLkAWQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjS7Vl7XCOzOLURPKzlhG40eAAAAAFg1MDkAABAAHgAAAFNDC7W8XmRlWw2IWugDdRStg\/GKmfFye59SXxQJoGstAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrbhIBAFhkMdLsvVn8dBclelTniFgmv7sivZhjmekneMr+6hkdFDGQb\/mkcgr5pmlxB2Adl4UO+Q5ZRPsivx7E2pdvMReaoISz1dlKFlGYuAatdBRMcJaEN+iNYNqPa0KmC4oIMq310RgCpJw2LDB3pVyVeASJBnCusnfTUVrGDsYCI0tVvwmaJscLHqtT1URTpBOCGDqnTS9VwZ\/TQa7YakZ29aLWPRkUAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980349794,"flow_src_last_pkt_time":1463060980349794,"flow_dst_last_pkt_time":1463060980349794,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980349794,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}} +01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980349794,"flow_src_last_pkt_time":1463060980349794,"flow_dst_last_pkt_time":1463060980349794,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980349794,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64","quic_version":"Q025"}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980356958,"flow_src_last_pkt_time":1463060980356958,"flow_dst_last_pkt_time":1463060980356958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980356958,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1463060980356958,"flow_dst_last_pkt_time":1463060980356958,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980356958,"pkt":"8IQvSpdgeJKcD6iOCABFAAViY+ZAAEARbXXAqAFp2DrJ45xeAbsFTrsoDSo6NO9En0amUTAyNQHxQPc0oXq52GqfzEUBoAEUBUNITE8PAAAAUEFEACcEAABTTkkAOAQAAFZFUgA8BAAAQ0NTAEwEAABNU1BDUAQAAFVBSURwBAAAVENJRHQEAABQRE1EeAQAAFNSQkZ8BAAASUNTTIAEAABTQ0xThAQAAENPUFSIBAAASVJUVIwEAABDRkNXkAQAAFNGQ1eUBAAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLWZvbnRzLmdzdGF0aWMuY29tUTAyNXsm6efkXHH\/AeiBYJKSGuhkAAAAQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjQAAAAAWDUwOQAAEAAeAAAAAQAAAEZJWEQ2AwEAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01154{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980356958,"flow_src_last_pkt_time":1463060980356958,"flow_dst_last_pkt_time":1463060980356958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980356958,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}} +01176{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980356958,"flow_src_last_pkt_time":1463060980356958,"flow_dst_last_pkt_time":1463060980356958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980356958,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64","quic_version":"Q025"}}} 01558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1463060980358580,"flow_dst_last_pkt_time":1463060980336240,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":816,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":816,"pkt_l4_len":782,"thread_ts_usec":1463060980358580,"pkt":"8IQvSpdgeJKcD6iOCABFAAMieqxAAEART+TAqAFp2DrS7oaGAbsDDnUSDaSWOQdzcSypUTAyNQKic+J8GjVsfJMsdsljddNYUoaFl0z7yC+b\/wr4VU+uLim9cSDoCfQ+BQHWf7axGI\/0otFRZnw6Kt8qBdaHMLIkdKcN8wdByZN\/oxJ5hHJiGBr5fiEEYQesGjd7ktKww8RLAeoDPzO5xHVx6UhHPdcfqLCO0OUirBVeLWv0B2O9yzbQVc1VH+bmliqhUEJvrnRG4cr78AW8g3wScWC4rwYpeJVk\/IAAQQ57Dki1DMwjrpTDHht\/5ZKfx0L6ARDMsMT4o5zF\/akZnbDa0ujEPexxAMZmDGeFTAQkCIMwA\/gA3J1r7aP1KpIssFW81KVjJ5iXRD5YwhMXjujhZlTD7FpkokyBosoiaYQ9OlBELgrsv\/9qDO2wxdYuRfMHHiN5v5dCIbRSeNjSHrD5k38mY1aUywqkMP+2CUbD2epWgY5pAU9yj7pwB44jlPLOPZlRDlPzYteeLN3w3AP\/lAuGaox0e\/nN6hJNNlHNcIQxZHPP2S1Nn2pwslhn\/VZ\/sLfiYbgNEJ7jii0Xgsq+CMf0fQRIuCSQdHqU2jrdN+ANDhT5dE3khD4eoPHs8vCv4BKfMl7gejkwwAW2mHRMOqa7T9bOfmL\/xQjsgJk39nF1RjCMAK12Xi+dtOGE9IgQxbz9zSmgmL2yfIbOnXdI+bTM22zfHQn6FUtzcayZDzqJ6V1SbCofsr53iOUBUvhiUNinYAVziLfoiiMvfHEE5p0lanDdKZb0YpgPqdNQd16jKwJjqhYbmKL4sSrdZfI7oqtHDzJwMafbASoNSGD3Uv4mKwYKsjq2Gt5i5gDh3DTXlk8HfNKd3wJG6rjWcXbXKzMhv54KIsq1aZ1I4i1ag8lQ0v10wAGcat1qElIOAsfiTGWepgC8HR8kDowOKSvfud74VVvyn31uOyJudA\/cCGuSQ\/d7qs9IBWEXiAAAuMK7hXoYMc\/2wJckDypsBIy3x5hskbJa1d0Ahy9jqEdMlnrF69g47VNiGR6icm7nProfol9M2gJRYOL9DgN\/"} 02339{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1463060980301154,"flow_dst_last_pkt_time":1463060980361060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980361060,"pkt":"eJKcD6iO8IQvSpdgCABFAAViEvYAADMR8Kas2RAEwKgBaQG7smUFTookAAGQybRh4NjU1uL582WDWYRD2dtjLe0ntuD1Rv2\/b2fKGeJD6xTTVAUMsP2lDwoVXXJwitAjM1Ss3TeNIyNiPaVEHvBHWgnmTCyfAFo80jSe0xJw6Ybz6w3BHKed9Mf4LC34oG\/VIDlHTxzV6KkXcvqfJ+U14RSVhKW3KAUcxQl5Qnl+FE6bIGsShbMSV6P+UWlpqynVxRJTYzRSpGWAchBBRlF7EhFWsrYnblyXrD3VTjEqg879fRXYm2D6G+l3V3l4hCc8odvANTzc501Sej7x6oDCtVRndJ56LpiERNpHUkSjmM00+Wy1dbMT\/Vm99GrTmWmQ58Bhd7+x\/sycdH8p6kPEaBRymR3LuujKz\/Gp3cYG3YCBKEJqKQbhAu5X3FQ9PXBc+M62o93W9PU8b6NIWgn7PPkt\/looi8HdoxE9N0Q1KeX\/DgvtM+nwxVmrskJK6Thzut4c\/pKoeIdgzgc3\/jHyNkNEOaEuYipEhpS0\/Q+tOI16w+YZPxlDlM2uXgEDMcZKpZ3i643hutLioOhndNrgTa+7hlc5d+9fBUPIG4kEo\/3qe\/1sIW96DdumLgeq7hN8q9ipK\/OYJXgatYkOUytQ0BidBbi0s1rXKIV0\/20SDyn2cTxo7WHBdcfDH2uOAi\/TCrRfDAaRNQYOzMWy\/oZuiEP4GWby88PrtsqP7zlBhlOROw4HDIjA48YJ3izoMulzCHWEfBSraR6GRvLlvTobSdvt\/z+UVvoGEaNUxGfD3NV\/ys6k8iURbaIUpy8FqGPXqO5y1+eef+JbMhHxVscn06dBggRMWGOOEqj0iilT1RKBH9sFsvyyAlIRcyu73\/dSHY+X7jFjSREVA2KvZo6yurWHJdfQmRknszSHCEHvhyALYDYo7SRCnZFDn5E9W3gfJx9JMvRGkKHXuxSF3xLvoY5nZEGBaR+XmmVlyrTJABRhDpbAmZ5n4r9hBYxhQHxcHxiGFFAZf8z0g25Mt1TpS14HKgYd19UYag4E9v9SK0NipYTC9fTFM1QGWJgR0BKWBdAxjVtOeAxGYzbRhH6dsuYtciI4zHHsc2k8CUrpT7INwMysA9v0qD2r5uYmQ8cWNQI093fnUkc1ZiLc0jIwKw1r5S6aXpzTXj770vHeucOObKGH\/cu1fclnWip+hpVKiVNyqyTuHufVLPShgYbyGVCuWpZPLDtm2Jgl78SGXcMPJqMT\/eMThOsXIuSLcIkh41PVNQKxF5sBj\/BOj5ESvnmDK6QkupJ4WgD36Qg55pRhbyhTXn3wlt2Wr\/yvzjY+U2Y7nfQG6dNeCf\/ZR4o941mW0nR93XyOa+USW4ElVSAKkaXcwrIvcK8SdED4dYTXRprenIgGMn8eEVkFhh5c+SVUq+XERE8IzY1QaFHpJZP8fwhzTmsejKR4iNGy5hDCfipCmLS34n3Ti+BCtXRamD+5SfxUJJlOaGuDx1ZxsJ+DRIsQP+0kLMojxKXXv8fxv+kjUQYTnOJebQGi1vj1CqRIxf5a70YpuiubpyNGMG3LRDDgT1bz3u8MXCO6UUeWAw7iQ0bpGgmPr47zuIVkRhe2cIWsbNBRCq+DfTxqyI5xdGH+ZdSvdGdcCnw7eeyZKURtoMVPU9ujTUcxOz5LcEN\/TxALvQe7jb0VWnhZrurBM\/tZX7uY\/NVzfAVeTgxdzrV78G5uYYEagOMAWzfqvOVOd0DJVYOhYStQVf878CnlBQP9yq8zVHiaudHd7jYBpAflemve6zr2sCq3IlfpR3vKBjLqbY7vKTWflGz9T6iOy4tB+9SN2sXj4A2cmfb4"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980364728,"flow_src_last_pkt_time":1463060980364728,"flow_dst_last_pkt_time":1463060980364728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980364728,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02318{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1463060980364728,"flow_dst_last_pkt_time":1463060980364728,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980364728,"pkt":"8IQvSpdgeJKcD6iOCABFAAViJrhAAEARqpjAqAFp2DrJ7tp+AbsFTrs0DdvEpLUMteNnUTAyNQF\/L3UOAoUxuEbp+7YBoAEABENITE8XAAAAUEFEAFcBAABTTkkAYgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zLnl0aW1nLmNvbbTKJy3aOx+44evN5g4\/bhdbtR7MQzwZCntatSQ+G8ewpnq2IX6bmQGJ6u0gPE\/alKxhVCh5gNqzZa48ANz\/fzn8t\/OZMVjaOBqhnSl8gs5MAKWKvx2rs4aeJgBO0M1ar5HmEtqD1e+f9L6rfh+tUTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn0S2TVLqHgVarrziXF9vRgZfRbyyeop0hCtvyBkGQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjSnz1A5VQjBXngqx54WDpGpAAAAAFg1MDkAABAAHgAAAAEtDDoRyfLDyY7FDWPOtGGCrqeP59Ev12tUbO63fzUkAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrhREBANWx00HuRXMG0vkL7viDDbkIpOBViFNO6g+NNdysNjd851pEDUZpbHOuJYtW0iX4hBg5fY5j3AROZ3LGqn4GtUunxLSKIjTGQCqElPyRHXp8aZanMkwEPAt6EM7grDPd5Xwii1XuJA6M67q0oAq4SWvvMG1sUGL2sjhrCJT2dHXvhq+Y03p2EXtsBsu4SwWblRpFN82TNjK4JK6xcJx5X0VS7I5kAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980364728,"flow_src_last_pkt_time":1463060980364728,"flow_dst_last_pkt_time":1463060980364728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980364728,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"s.ytimg.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}} +01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980364728,"flow_src_last_pkt_time":1463060980364728,"flow_dst_last_pkt_time":1463060980364728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980364728,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"s.ytimg.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64","quic_version":"Q025"}}} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1463060980313862,"flow_dst_last_pkt_time":1463060980377579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_usec":1463060980377579,"pkt":"eJKcD6iO8IQvSpdgCABFAABtTPkAADMRu5ms2RADwKgBaQG7ng0AWd\/uADd2O2oBZL+pVdP7tzva+fHvZhkEEtFfk705wPfWHPtzaQLZxSHnInASbTD2097V+S960VCK+SG68+SzP6VbXn8\/e\/F4Y7OlxWw39RE6om32"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980378719,"flow_src_last_pkt_time":1463060980378719,"flow_dst_last_pkt_time":1463060980378719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980378719,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02318{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1463060980378719,"flow_dst_last_pkt_time":1463060980378719,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980378719,"pkt":"8IQvSpdgeJKcD6iOCABFAAViJXJAAEARouvAqAFp2DrS4dI5AbsFTmmUDQ+yIGZd4AviUTAyNQGAeAVQdnPN3KBdghsAoAEABENITE8XAAAAUEFEAFMBAABTTkkAYAEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXl0My5nZ3BodC5jb23Qhl3t4O7jCNI4\/86cd6fedmETl+HX+i21qzSEiNb4OJfB1Z4x91CByMieITzxdi32+v4DBxDEfj4iCcg46VL\/PH8fxOKMEzAFEjMjm3TRFNLXbtT6qGv6iFQOxYDkzP0ABTP7FYiXHH9noNffRk12UTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn02TPR2k9zoZDH1PYmCZf2Zt1J713FQWCpFni4GGQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjQlEdwQCcHdE7bz3Yek8lX\/AAAAAFg1MDkAABAAHgAAAHebYWUW7CksegbNUHmoS00JCUhXrcp5peVS86L6lokeAQAAAEMyNTVGSVhEYnkO9pznNwziYxqCfXGFX0ALe5CprnnrLQMBAMirDAfWX8CjXhckfelJ8XlBmAh34iT31gIDz8lnlm4Q\/bpdZ31E6\/Xb4Zw1dQ4d56j0Eolero2q9ipFB5AjgjU5le2N8ZGkm7r3g24DXoIf95dR23D5dPhHt4gzaLbSHu3jXT7dZ4nC9v+kOJu9q4K2bd+Xl47r9Vjbe0PzK8JTkSpeZDmRHU3bz95Toi6T6fqfvQJWfNqRdNdObQaDdl8+eoJfAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01146{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980378719,"flow_src_last_pkt_time":1463060980378719,"flow_dst_last_pkt_time":1463060980378719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980378719,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}}} +01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463060980378719,"flow_src_last_pkt_time":1463060980378719,"flow_dst_last_pkt_time":1463060980378719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980378719,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","quic": {"user_agent":"Chrome\/49.0.2623.87 Linux x86_64","quic_version":"Q025"}}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1463060980388256,"flow_dst_last_pkt_time":1463060980361060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1463060980388256,"pkt":"8IQvSpdgeJKcD6iOCABFAABBHBJAAEARn6vAqAFprNkQBLJlAbsALZ9GDEPl1BjSnP0KAohkBW4mjqf+lWrwMPohYA0CsIfpCV\/yUKbgEg=="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1463060980404996,"flow_dst_last_pkt_time":1463060980377579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1463060980404996,"pkt":"8IQvSpdgeJKcD6iOCABFAABBthxAAEARBaLAqAFprNkQA54NAbsALeHSDKM2rKXAEd7wI3gnMNVg\/Bju+TzyuAKq97AJFlbG89vA9kIRtA=="} 02333{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1463060980358580,"flow_dst_last_pkt_time":1463060980407046,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980407046,"pkt":"eJKcD6iO8IQvSpdgCABFAAVi+XIAADIRHN7YOtLuwKgBaQG7hoYFTgeIDKSWOQdzcSypAcCvMwGYTq6shxzW1ACAAVJFSgAGAAAAU1RLAHIAAABTTk8AqgAAAFBST0bxAAAAU0NGR4QBAABSUkVKiAEAAENSVP9UBQAA1qWbZaKGGMNu4n0IFd5qvoUTzfScMrQM62F5Klyoy\/gr13Knz1tigfd0ZqNrTwQKxsh0E3PeOsScdXLYKjs8qyiEuOy1a7C4zg63fuUtHJYgH7qkJ5NPVCX92UrREjVCY9dWARG+L7cbZT7AgaahFE1+Dc9xqUra0W3ZNGbmcka6SHMYwJHMeW3B7eVH3uELXrdKJ+QLpbj4b09tDQ\/XNJTmasaKcqcHQQkwRQIgPMYj0Pf7PCP2uxgZgQXPwKb2tHTcOJUmmbK8MQNIgfsCIQDeu6cth5DDb1874iP6IpBL709rtt3G3ayeVYw33VYBN1NDRkcHAAAAQUVBRAgAAABTQ0lEGAAAAFBETUQcAAAAUFVCUz8AAABLRVhTQwAAAE9CSVRLAAAARVhQWVMAAABBRVNHQ0MyMO4xNazIxw51CPh92NozyjFDSElEIAAArqfGpWlX\/ID+ijs5XuaY5l76DioG\/jdi0YAeXXF\/CmtDMjU1eOLS2hoopbZAEzdXAAAAAA0AAAABAwHogWCSkhroAwAAAAN7Junn5Fxx\/wAAAAAA\/wYAAHi7c1AtxPvNxgAsudi+GzSx3oe04Tic2NatWf922kf0hhwVG1mgwsAMmIdMgPkF1p4zMDcyN7AwtgR1otKwWsXBw+UMTDdp+UV5mYmwBMnOw+ubX5pXAkpdYZmp5XB38SC7S9RAGOwuHh4tYJiChMGRGwkUZgf68ZwtsPnBAWYwM7IzOzGwvF91fdMNT2Ud1a7MlSledVlybaZOW\/IT25eYrq8qUp7OLmq33YHB9tcRfpb4rOn2rfYyM5bOl9xpdepuGi\/LiYsHpi9uYuk3aGLpJlSANTGD+wiCLE3MrkCOYxOKA5t4tfQS81KK8jPBDZ4mMSC3oCA1Lz0zLxVZmZCWXnJOfmkKspgYzCDdxLzEnMqSzORisDg3woJEZE5OEx+S1XqZeaj8rAJUfml2Ez+yU\/USi9AFStEEktBVJOejCeRWoAmUoGspy0Nyc0oqEie1GImTVoTEyShF4mSWIHHycpA4BSicElCgQjiJKcAiABJ4cMdARPKaRGACQNncVGCLAqxMECZalpmSmg8WAsVrcQmwYEwGaeNF4gEluYDcshJDJLYRmA00PTe1pAioClk10Chg2yUjE1xANQmAeDloMV+ZX1pSmpSqm5efnJ+fnQlPTFBxNGWpKaWQKhyWQICpJTcdzJGCJ7+czNS8kmJke7iRkyYLSH0TG1Aa2MZpEsGa9LiQkyyWYONC8hYXuGiGmMYBdqdeEjC6kT0ggs35SA0q9gaDDKRiOQZYsGgjFbjy0DKwIDsTyVf67p6O7kbgElUbqQyHKYYGgyGyDlC5jtTI273NV8E2Yd+C1ye2dnFOb2eeVW6ug9bQQS6rsfaMFCEtB2DVhdYd4WBjS2\/kARbTBgaQpo6mgbqB6gLlBYqE\/JODrSszjftYydWvQWHrJl8LaGcoCDtX+zF57w+1k7kVtnVpynvVDocqpnI0GGrun+excBbbk\/WtwdM1pruv4DC9rbrjjuzUh5nbWX\/pvc8t5nyiovfjwmtmI4UJXPKZTu5BF9\/Zcy1\/ucu1+fj1my\/1QiLLjwa6eC40ny7X1+yaMeXv6+AnN8+Hscy0b3aWiM\/4f24pi0LZ9UUc95\/XzHjyptDwc\/Gl7CxFnY+ZRZOXZM9a4Our\/25u"} @@ -59,17 +59,17 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1463060980460380,"flow_dst_last_pkt_time":1463060980434758,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1463060980460380,"pkt":"8IQvSpdgeJKcD6iOCABFAABBHB5AAEARn5\/AqAFprNkQBLJlAbsALTJ2DEPl1BjSnP0KAzjJULyfLco0lkyo8NxPEjOmoNDcdH7jUMYuMg=="} 02330{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1463060980378719,"flow_dst_last_pkt_time":1463060980460459,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463060980460459,"pkt":"eJKcD6iO8IQvSpdgCABFAAVifaoAADIRmLPYOtLhwKgBaQG70jkFThU9AAFbOkhXLI3U967KCL3cJUfMqLc5FSrY4cYs3xypa7qHkPMQkfyihNqC28UhBOL3e\/5TBI7YTG0J23OmdlC7GgmCbVWFBre3mnIHOH5gNl6B4pV+JLE9LheDJBWLfps\/P5l5aMhy6p4xkqOtVn+84yrn69vnIGngY2UUctisj\/\/7qbGHoU7KjFVZvLiLnesCjZPEQ9bmtTdxJ8NIoohV99NBrL3ZR\/mRKqFg6ck1jjGMancWDX9uCodwuw+nFeiwhdNiUXqpCyb8WsgjNJlQgx5Jzfa6dxFwnJS2EsJzy1jow479DEUJQyupcHux9LBb4IxdT8f537ef70Ew4CvWu3Iba3a+sRfT8oSLt0CF8xrbGmeBEnSqbecBn6F2MYjUF2gtYKqmlv2GpssQgCf+y1IgiyKvJBAFYATvIM5Yoz\/5ASrdVp19my0ed8fkjXD\/9hI6BqGDwauf0bTx1RLAMhLrvl6pXAmkTiy9XjRAKtxJq+C1D4UKHSSI2+YjymrUAqCH3KRAZmA0Bxs3bF5O\/PSuozCEiM1fA6uKcRzdnnQiYy07+fjPtlVxQByhag2n\/cAPz+kuIj8MMSN1yDveDuOdF8jXFe5s9mrKD8JMfRZctDC3tl6y0RDe95cUiGF72q+hrAL\/PnaEp3C0gWLN0HrD0R9JOOxmp7Auh7povQU79kvL0xqyh4jnZ\/Eauv5xfJJ9WERDrqx3CTTuciqZlam2PDCCuo1MW4zttYvjA3nx3zF4aGwysEzvVFN3YL6hVQjdDA4G9W2+Ef0aVvJ6dwImjNYp4R0XlWhoyOCtNc6n9KHJ2lGiAOWbtoy+eIkUgerfolxpj29D8pTuvRSA6xSdgniEhkWz2S88FBK7lsS9dfKhGidfIxn3mpcstFKBaupKzVmBUCAqw1Z9aWdecUTnIY67owXaqxfverdyb0S4+uAKmDm4p8KZN+VbJFG\/ylg0sBWP80mInpEbGS7MrNOzG+nWmwobpNpDfkH6k4MJahEdbTJwc8F0zwrc9OBje09p8uO+iXNyZJSmFPRBYsNZ4SG8aHlZEWwk1zN++dYeWoX+nUUYJD4SmFHSyUSfF3Ib+mhP8VYivL+Z49LFaGNAB7KGxHv6fvGdSutX9bFiP1ZkAEhpweNPt8+O3nQTWj927mHvqPFEoMfTdYknC6NXf1NUkjL0SCHGhtXTgom7sP8gds1oLZBN2H5EejX\/eUCiWr6Vz0O2ty3vLiEaKe45R6dpcVbZGDcZnogU1oKhCd5eIW5VCS9ZoxdQUXYVQ5OVZmD0+lXGLDhaxED1Sg0QBEID7Gyk3XlpIelSpdCcj7XZyy+fDz5peeAIHd7A\/NT1xszFkW3dJpaVelwRfVQ2Tajy6IY3aeRniays5OlSdDEGtZvz+UGoOACWTNtx+Bck5uH4c3U2F4B+CPTc7F0hvJL623HEU79LiEo5zzmsjK4jgrRtPE6Ujm4ZpuNfqh8tPnhC9+Bi2Aja+3eezVsTpRflcLiQs0+wiUrXwIMtQYHLDjHEkGkWCaZ1nNn1+gwpcra6WAb6OHVPMNzrYJK0SrAHU0\/USbaXPZLFNMj2alWPs47VfDow3\/W3uXsLSYKoanH+Y+vNHJPIWjV0xMRUN6pTJE7IVb0BTnZ7b0D3Y4\/SxaKloeNxIuesxRvodNcMI\/1buC5kqkJStpYaf7KVkJyh1GHdI8GrmxoF2MSLqGY6lT0vPgbFD4MZreGOa5Sssczsczl+luw+iYguWV7SHDSmHfZxeBgkr589fC51KvvuWXNd3GZS5QlUqIxlrJRMHt8X"} 01307{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1461850699450756,"flow_src_last_pkt_time":1461850703450276,"flow_dst_last_pkt_time":1461850699450756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":70,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6820,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463060980460459,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":450,"packets-processed":449,"total-skipped-flows":0,"total-l4-payload-len":271275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":9,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":62,"global_ts_usec":1463075953299562} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":450,"packets-processed":449,"total-skipped-flows":0,"total-l4-payload-len":271275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":9,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":62,"global_ts_usec":1463075953299562} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463075953299562,"flow_src_last_pkt_time":1463075953299562,"flow_dst_last_pkt_time":1463075953299562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463075953299562,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1463075953299562,"flow_dst_last_pkt_time":1463075953299562,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463075953299562,"pkt":"6HTmLPTkABlmWmaMCABFAAViaTtAAEARXzHAqAFt2DrSzomkAbsFTpsFDby767UFbXetUTAzMAEh5i93uTUS22zwlS0AoAEABENITE8aAAAAUEFEAEYBAABTTkkAVQEAAFNUSwCPAQAAVkVSAJMBAABDQ1MAowEAAE5PTkPDAQAATVNQQ8cBAABBRUFEywEAAFVBSUTsAQAAU0NJRPwBAABUQ0lEAAIAAFBETUQEAgAAU1JCRggCAABJQ1NMDAIAAE5PTlAsAgAAUFVCU0wCAABTQ0xTUAIAAEtFWFNUAgAAWExDVFwCAABDU0NUXAIAAENPUFRgAgAAQ0NSVHgCAABJUlRUfAIAAENFVFYgAwAAQ0ZDVyQDAABTRkNXKAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3LnlvdXR1YmUuY29teFwziXjGfp0+iLiPa5NFRFyqDFkuaiall82sYIzujJV2eEmSxVGrXgdwnEo24jy3PXEgwhIODsHz2lEwMzB7Junn5Fxx\/wHogWCSkhroVzTEcXji0toaKKW2C\/sjLL4Hx\/uc6Fh9FqIQ4mtE7XBkAAAAQ0MyMENocm9tZS81MC4wLjI2NjEuMTAyIExpbnV4IHg4Nl82NO4xNazIxw51CPh92NozyjEAAAAAWDUwOQAAEAAeAAAAV2LXIh+dp84WNbuB7eLfYt7CEN3uuVCwsaMPVZLZkwAcWv3ewLeWKh8oWp+ADGqv7hr4e6BITFL34pf63u8lTgEAAABDMjU1Ve9eTSHF9WVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrQX4AAJnDlbsORKBU4xOKlwWO9P4E5XFal5z7hzqpwhe\/gMX+Blclu+PZJjQ25zzFRxooIRN4BrBfLQmDdxaJYtqVNyhOzgBZdHzyh0tqgzeC9Fkja7K8HfjiuAyeK8FHD1egJgrMDFGpXlhTM816keOEywC8bzRfESJQUt0PZFKBRrh3m2XPL+hfh5e34YbH0wkaQLc6HM0z36TboZSwOAF93TLAofZgAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01150{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463075953299562,"flow_src_last_pkt_time":1463075953299562,"flow_dst_last_pkt_time":1463075953299562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463075953299562,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","quic": {"user_agent":"Chrome\/50.0.2661.102 Linux x86_64"}}} +01172{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463075953299562,"flow_src_last_pkt_time":1463075953299562,"flow_dst_last_pkt_time":1463075953299562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463075953299562,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","quic": {"user_agent":"Chrome\/50.0.2661.102 Linux x86_64","quic_version":"Q030"}}} 00977{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1463075953300127,"flow_dst_last_pkt_time":1463075953299562,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":387,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":387,"pkt_l4_len":353,"thread_ts_usec":1463075953300127,"pkt":"6HTmLPTkABlmWmaMCABFAAF1aTxAAEARYx3AqAFt2DrSzomkAbsBYbFkDby767UFbXetUTAzMAIyT2zFCwKRbjpW5pKGcwa\/zOYtI4ibM\/DXTo+3hM8QHjQop2VE57N\/4px1Dr2rh1Of6fuprsXKXOLDTQHDMOztLE0ibzNUs5cviwMINA8HUKs1w\/8wSCAJg+c5E0s64vzHKdQ5N4AY1I+whZj+YXv7QX9bQtyBCP0WJRsK41puLJyY\/5rYf1WXDzsnCxRRei33WDvMsb+MNKppe2kXK4Q1DqzsKviobjh+ZnTmMaJFKxfjljXwNv0dsW2Nhjh9NEpVNdRUHHe+L\/umz5nJPSc8m3xsZrs27PfAfYs3O4DQT7zrN+rUD1tvAlM6ojpuYBXQUKIqFg6jkPkLtz0lnT5ofUC3bxq1J8gFqtExK3aj\/kH0as9Y1tYZiRMdgBmqLNq1Ru6unJsdETbKAQha1+Pgo4qtxiVVhohC7TEjAQj3UwwRrwKowX6bUvpY"} 02327{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1463075953300127,"flow_dst_last_pkt_time":1463075953334920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463075953334920,"pkt":"ABlmWmaM6HTmLPTkCABFAAViGxkAADQR+VPYOtLOwKgBbQG7iaQFTgWwDLy767UFbXetARhGCjp5JYP2NRSCDQGAAVJFSgAHAAAAU1RLADwAAABTTk8AdAAAAFBST0a7AAAAU0NGR04BAABSUkVKUgEAAENTQ1RGAgAAQ1JU\/xIGAAAt19AYB5aaMKurHRM81LpDG06F1\/HgjIAXnLSYHoaRDG+YCx4gYrs3k43pE\/W5utsyegd0CLIV4fasqoZkRpVLMtnpS+sIRqrbfvgjIL2IUeZTlSGu\/7+bU4Z+Ij1vgEEcToZ\/00OYAYgC+05liNl+ov97hTBFAiBs6kS1HuLjC8x7gQEfBCOAowmjvDZU885lgtcWaGEy0QIhAPm+1mJq5QK6WHRPaEUwOfyND\/8ufeGnt66391Aj9lqnU0NGRwcAAABBRUFECAAAAFNDSUQYAAAAUERNRBwAAABQVUJTPwAAAEtFWFNDAAAAT0JJVEsAAABFWFBZUwAAAEFFU0dDQzIwWGClOjtYNIHfmiHJ0bGFX0NISUQgAACup8alaVf8gP6KOzle5pjmXvoOKgb+N2LRgB5dcX8Ka0MyNTUSxc3dEjis6kATN1cAAAAADQAAAADyAHcA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo\/csAAAFUe1HMJwAABAMASDBGAiEAqHfzHEY9KN1QjXeaiZlcHt6ybhyDsnLIoo6e82Zg73ACIQCveMl0OwuTrVY5LqDcb5TIihLD6ZAJQlUDU68E5\/BK6AB3AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABVHtRyfMAAAQDAEgwRgIhAMWc6riI2T4lmoQuPyvTrFTQuoCnh6VaWJBNwHgCZloKAiEAiHJhhSnJcrUXaDEZQLClSBLKToA3CEOVFu+IPvrOhh4BAwHogWCSkhroAwAAAAN7Junn5Fxx\/wAAAAAA\/wYAAHi7c1AtxPvNxgAsudi+GzSx3oe04Tic2NatWf922kf0hhwVG1mgwsAMmIdMgPkF1p4zMDcyN7AwtgR1otKwWsXBw+UMTDdp+UV5mYmwBMnOw+ubX5pXAkpdYZmp5XB38SC7S9RAGOwuHh4tYJiChMGRGwkUZgf68ZwtsPnBAWYwM7IzOzGwvF91fdMNT2Ud1a7MlSledVlybaZOW\/IT25eYrq8qUp7OLmq33YHB9tcRfpb4rOn2rfYyM5bOl9xpdepuGi\/LiYsHpi9uYuk3aGLpJlSANTGD+wiCLE3MrkCOYxOKA5t4tfQS81KK8jPBDZ4mMSC3oCA1Lz0zLxVZmZCWXnJOfmkKspgYzCDdxLzEnMqSzORisDg3woJEZE5OEx+S1XqZeaj8rAJUfml2Ez+yU\/USi9AFStEEktBVJOejCeRWoAmUoGspy0Nyc0oqEie1GImTVoTEyShF4mSWIHHycpA4BSicElCgQjiJKcAiABJ4cMdARPKaRGACQNncVGCLAqxMECZalpmSmg8WAsVrcQmwYEwGaeNF4gEluYDcshJDJLYRmA00PTe1pAioClk10Chg2yUjE1xANQmAeDloMV+ZX1pSmpSqm5efnJ+fnQlPTFBxNGWpKaWQKhyWQICpJTcdzJGCJ7+czNS8kmJke7iRkyYLSH0TG1Aa2MZpEsGa9LiQkyyWYONC8hYXuGiGmMYBdqdeEjC6kT0ggs35SA0q9gaDDKRiOQZYsGgjFbjy0DKwIDsTyVf67p6O7kbgElUbqQyHKYYGgyGyDlC5jtTI273NV8E2Yd+C1ye2dnFOb2eeVW6ug9bQQS6rsfaMFCEtB2DVhdYd4WBjS2\/kARbTBgaQ"} 02323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1463075953300127,"flow_dst_last_pkt_time":1463075953334963,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463075953334963,"pkt":"ABlmWmaM6HTmLPTkCABFAAViGxoAADQR+VLYOtLOwKgBbQG7iaQFTn+aDLy767UFbXetAjcEx0PBrMP0Mk6hSQCkAS0FJQGmjqaBuoHqAuUFioT8k4OtKzON+1jJ1a9BYesmXwtoZygIO1f7MXnvD7WTuRW2dWnKe9UOhyqmcjQYau6f57FwFtuT9a3B0zWmu6\/gML2tuuOO7NSHmdtZf+m9zy3mfKKi9+PCa2YjhQlc8plO7kEX39lzLX+5y7X5+PWbL\/VCIsuPBrp4LjSfLtfX7Jox5e\/r4Cc3z4exzLRvdpaIz\/h\/bimLQtn1RRz3n9fMePKm0PBz8aXsLEWdj5lFk5dkz1rg66v\/bm7SZ4uw2wqzBVIbeU\/6rO+YXbjq4OEa1TIXBpPNElHFLxc4XGYuW5q1X+7Ls7qnT43ZtD\/5mu3V+ll5brrjxuk3J31gMTd4kny\/\/2W8wqGSvKd39b5MWp26xxgAOnpZFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02329{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1463075953340612,"flow_dst_last_pkt_time":1463075953334963,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1463075953340612,"pkt":"6HTmLPTkABlmWmaMCABFAAViaURAAEARXyjAqAFt2DrSzomkAbsFTjuODLy767UFbXetA5AoC1nXMuDNsryepwFAAgFLEgEA4JgAAAYAAqQBAAQABENITE8bAAAAUEFEAAQBAABTTkkAEwEAAFNUSwBPAQAAU05PAIcBAABWRVIAiwEAAENDUwCbAQAATk9OQ7sBAABNU1BDvwEAAEFFQUTDAQAAVUFJROQBAABTQ0lE9AEAAFRDSUT4AQAAUERNRPwBAABTUkJGAAIAAElDU0wEAgAATk9OUCQCAABQVUJTRAIAAFNDTFNIAgAAS0VYU0wCAABYTENUVAIAAENTQ1RUAgAAQ09QVFgCAABDQ1JUcAIAAElSVFR0AgAAQ0VUVhgDAABDRkNXHAMAAFNGQ1cgAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS13d3cueW91dHViZS5jb20t19AYB5aaMKurHRM81LpDG06F1\/HgjIAXnLSYHoaRDG+YCx4gYrs3k43pE\/W5utsyegd0CLIV4fasqoZkRpVLMtnpS+sIRqrbfvgjIL2IUeZTlSGu\/7+bU4Z+Ij1vgEEcToZ\/00OYAYgC+05liNl+ov97hVEwMzB7Junn5Fxx\/wHogWCSkhroVzTEcRLFzd0SOKzq+zk+mmsJWuphk1V0lOwLwQaCtEVkAAAAQ0MyMENocm9tZS81MC4wLjI2NjEuMTAyIExpbnV4IHg4Nl82NFhgpTo7WDSB35ohydGxhV8AAAAAWDUwOQAAEAAeAAAAC\/h+hADy9UF9DtF\/5hsJflX9lpR4jxEZW13eD4Inz\/77x5rVwibkGp1mguQM3JFnP0\/pCunhZLgVQuGPzw\/mMQEAAABDMjU1Ve9eTSHF9WVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrQX4AAJnjbhk5TD\/ODs2TqaUMwxu67ShCzPfkFA65FbK21znR0q1zZidLzW\/F\/yyTMu4LUplgEwTzPx\/Cpv4QFsRjD5LoV\/V7mHtXI1TyJDoDCcXS9mjq9LGSRD7btROYRgpKlFbMNj4+UHP+JESXYYf+R4+5w3QLECQuncXrEDewfoYOi6pFY4l4uH9PvKDYgLdn8764cGh2cFKSvAnNt\/t5JO7XvJ40AADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02312{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1463075953299562,"flow_src_last_pkt_time":1463075954259331,"flow_dst_last_pkt_time":1463075954259852,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3706,"flow_dst_tot_l4_payload_len":22849,"midstream":0,"thread_ts_usec":1463075954259852,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":61937.4,"max":828641,"stddev":198595.2,"var":39440068608.0,"ent":2.0,"data": [565,35358,43,40485,132,24017,25957,16828,62,532,35459,51659,446,11,26638,25576,828641,25,803246,620,371,204,811,210,360,238,291,204,540,286,244]},"pktlen": {"min":61,"avg":857.8,"max":1378,"stddev":620.8,"var":385421.5,"ent":4.5,"data": [1378,373,1378,1378,1378,369,65,68,1378,61,61,71,1378,1378,1174,68,65,1378,1378,68,1378,1378,1378,68,1378,68,1378,1378,1378,68,1378,1378]},"bins": {"c_to_s": [0,8,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,16,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,0,1,1,1,0,1,1,1,0,0,1,1,0,1,1,1,0,1,0,1,1,1,0,1,1],"entropies": [5.050794601,7.427186489,7.589700222,2.645882607,5.424244404,7.418235779,5.309068680,5.493865013,7.858019829,5.512544155,5.545331001,5.716576576,7.892964363,7.881204605,7.816042900,5.554157257,5.641524315,7.888419628,7.861907005,5.675695419,7.860325336,7.873119831,7.856549263,5.635182381,7.861664295,5.694005013,7.863921165,7.839401245,7.861547947,5.558049202,7.862613201,7.852869511]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1463060980356958,"flow_src_last_pkt_time":1463060980457563,"flow_dst_last_pkt_time":1463060980449085,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2740,"flow_dst_tot_l4_payload_len":2737,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.227","src_port":40030,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00944{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1463060980313862,"flow_src_last_pkt_time":1463060980404996,"flow_dst_last_pkt_time":1463060980377579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +00975{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1463060980313862,"flow_src_last_pkt_time":1463060980404996,"flow_dst_last_pkt_time":1463060980377579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1463060980313862,"flow_src_last_pkt_time":1463060980404996,"flow_dst_last_pkt_time":1463060980377579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":81,"flow_src_tot_l4_payload_len":157,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.3","src_port":40461,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1463060980349794,"flow_src_last_pkt_time":1463060980446140,"flow_dst_last_pkt_time":1463060980419797,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":1387,"flow_dst_tot_l4_payload_len":1350,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.214.110","src_port":48445,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1463060980336240,"flow_src_last_pkt_time":1463060980436239,"flow_dst_last_pkt_time":1463060980427767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3514,"flow_dst_tot_l4_payload_len":2737,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.238","src_port":34438,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} @@ -77,7 +77,7 @@ 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":44,"flow_first_seen":1463075953299562,"flow_src_last_pkt_time":1463075954280999,"flow_dst_last_pkt_time":1463075954300949,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4226,"flow_dst_tot_l4_payload_len":51309,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463060980378719,"flow_src_last_pkt_time":1463060980378719,"flow_dst_last_pkt_time":1463060980460459,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":1350,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1463060980364728,"flow_src_last_pkt_time":1463060980449696,"flow_dst_last_pkt_time":1463060980446842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":2700,"midstream":0,"thread_ts_usec":1463075954300949,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":518,"packets-processed":518,"total-skipped-flows":0,"total-l4-payload-len":326810,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":1463075954300949} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/quic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":518,"packets-processed":518,"total-skipped-flows":0,"total-l4-payload-len":326810,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":1463075954300949} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 518/518 ~~ skipped flows.............: 0 @@ -86,9 +86,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7801364 bytes -~~ total memory freed........: 7801364 bytes -~~ total allocations/frees...: 146996/146996 +~~ total memory allocated....: 11509839 bytes +~~ total memory freed........: 11509839 bytes +~~ total allocations/frees...: 217250/217250 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 554 chars ~~ json string max len.......: 2348 chars diff --git a/test/results/default/quic046.pcap.out b/test/results/default/quic046.pcap.out index f75410ab5..be502866c 100644 --- a/test/results/default/quic046.pcap.out +++ b/test/results/default/quic046.pcap.out @@ -1,15 +1,15 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1584456191933380} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1584456191933380} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1584456191933380,"flow_src_last_pkt_time":1584456191933380,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1584456191933380,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1584456191933380,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1584456191933380,"pkt":"ILABHGh4AJqdnpsZCABFAAViVw9AAIARNVbAqAHs2DrOVsWbAbsFTsB3w1EwNDZQtKT59fQu3TkAAAABmZPTs83+bYJOmUXloAEEAENITE8ZAAAAUEFEAPABAABTTkkA+wEAAFNUSwAxAgAAVkVSADUCAABDQ1MARQIAAE5PTkNlAgAAQUVBRGkCAABVQUlEmAIAAFNDSUSoAgAAVENJRKwCAABQRE1EsAIAAFNNSEy0AgAASUNTTLgCAABOT05Q2AIAAFBVQlP4AgAATUlEU\/wCAABTQ0xTAAMAAEtFWFMEAwAAWExDVAwDAABDU0NUDAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0taS55dGltZy5jb23iUlTd91Wbyacedc4KWbvYAO9ezSoYOG3jhMeQafLfpHKvILz9Ye+me5P5nrw5Y\/leQsX7MclRMDQ2AeiBYJKSGuh+7YCGohWCkV5w4f4wMDAwMDAwML0xAKSRUT2iY62vYCLSlIfkuoKwQUVTR0Nocm9tZS84MC4wLjM5ODcuMTMyIFdpbmRvd3MgTlQgNi4zOyBXaW42NDsgeDY0mMqP9vF+kzJdLqfvNTDv5wAAAABYNTA5AQAAAB4AAABhJXvQ9+6Hu83ruEOa1Y6Y5fjbWd3ky8\/JdT+d+\/AZZsvZnn1BDAzSykK3Urbw\/IrLoBtlbcpqYoDEomljzhkwZAAAAAEAAABDMjU18ubMxD2HxlI1UlRPQUNLRPLmzMQ9h8ZSYDLLkqBBTd\/6RwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1584456191933380,"flow_src_last_pkt_time":1584456191933380,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1584456191933380,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","quic": {"user_agent":"Chrome\/80.0.3987.132 Windows NT 6.3; Win64; x64"}}} +01181{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1584456191933380,"flow_src_last_pkt_time":1584456191933380,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1584456191933380,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","quic": {"user_agent":"Chrome\/80.0.3987.132 Windows NT 6.3; Win64; x64","quic_version":"Q046"}}} 01230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1584456191934367,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":574,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":574,"pkt_l4_len":540,"thread_ts_usec":1584456191934367,"pkt":"ILABHGh4AJqdnpsZCABFAAIwVxBAAIAROIfAqAHs2DrOVsWbAbsCHCGo01EwNDZQtKT59fQu3TkAAAAChrDGo43cDq7OAgdbv23GehH0jM01fB5SqCBHGsm4tNDoSAuylkVeyVU1nO51BVLZDdQpzNO9j8lf2o\/kFvxF1keBb1V8bWQbm4GDCTzD9DJbwk6JCzbiEHbQt2\/y4DufAauHa+qhpg6F7I1VBRA5chHzaHSfbKq18eEDQ2D7fby9uiPXDB6cfTGjCACXfFYXGo9zhyaFNtzZv4x3bPv04LGnwloRH845hLIF6d5Y+oKP0inx4RVaOxEjSkSubSvYLun8u1+DAfAvr3DdmGZRAp60H0VhNkgFDR0TK1bvdtwD\/6cndHRtyUINoQIRApDi1wb1MmCAOOvL7steTPHXY5nIkaq4iXTy+WyGwwX1EiuR+wqkWZoB8nUqj3ZqApzNfexl+c7aCawPzdHT3P5zDq7dSyz1wAkXCTveL49FopZWy\/uuB+P5RJbaGpw3CvzBYR4o98uBght36oYbWpopqUw9u0okr+r3kEm4Q75LZzqLS97VgZsNPml00CwyHuDEnhiPWf19O4H99TJdYurnXZ+SQi1Zt2RI1GgBrEOAj7V7V\/6W2VgqcYkPqL1UO6lW\/zp\/K8LZMma1gVsHh4jJ1oXnE7Qjtqi9Um0bkNgFqZBX1s4cYf2FTDL0Lgyu2DOK3ATmX6nv91Qh9\/msYcWCN59XOhhsFRlmXSuc2N2TzOTtWg=="} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1584456191934926,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_usec":1584456191934926,"pkt":"ILABHGh4AJqdnpsZCABFAAByVxFAAIAROkTAqAHs2DrOVsWbAbsAXuOl01EwNDZQtKT59fQu3TkAAAADQ7oFqOGvWa6mhIUAfFpbpAofPEreEA\/GGklYOasxEedYwPIHZE9zXMBgbnX+9bPuSN5MQzRW31QsSe2iJHxiKYqGbP8="} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1584456191935486,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_usec":1584456191935486,"pkt":"ILABHGh4AJqdnpsZCABFAAC7VxJAAIAROfrAqAHs2DrOVsWbAbsApysy01EwNDZQtKT59fQu3TkAAAAEGoZh\/DwxLtrSzyqJ854Roncx5Gs7D0zANVDYJDSq9ZjYOSmqwn64xE\/98TQx5UDzJnhlqKbtmmx9GdNWBnvHPQrhtlm4nc0GLmpl3475rXaAwmI8156+n7Ch4C0\/lA4\/34ra3CYyszqi2R+muQnBfwOAYH3\/4zLKmFK11tcYmY3Yy+jQ\/7Jp25HEdC4A"} 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1584456191936043,"flow_dst_last_pkt_time":1584456191933380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1584456191936043,"pkt":"ILABHGh4AJqdnpsZCABFAAC5VxNAAIAROfvAqAHs2DrOVsWbAbsApRlJ01EwNDZQtKT59fQu3TkAAAAFpShUaKLmTN2T3Ey7BEBxhhlPz\/mI42X6i3+zIvnvGPOAlaAMy0sQAcxegKQRA1QQwNG9N\/8cy92QCI0CXWZ1odCXSax157XF7S\/xa+HfI8d71opbqWvA7umD5My\/CObMYgq6GFbFgtUgONNyTSlCdXpaygRYfMn++j4RkGiGTRdqEUPLH8obgjwk1Q=="} 02299{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1584456191933380,"flow_src_last_pkt_time":1584456191967570,"flow_dst_last_pkt_time":1584456191967633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4485,"flow_dst_tot_l4_payload_len":23197,"midstream":0,"thread_ts_usec":1584456191967633,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":176,"avg":2207.8,"max":29469,"stddev":6263.4,"var":39229868.0,"ent":2.6,"data": [987,559,560,557,592,573,584,606,710,21225,29469,423,216,240,242,250,248,254,253,253,237,265,240,242,256,252,6530,176,509,707,228]},"pktlen": {"min":48,"avg":893.1,"max":1378,"stddev":591.6,"var":350034.9,"ent":4.6,"data": [1378,560,114,187,185,185,186,185,191,188,1378,1378,255,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,56,48,1378,56,1378]},"bins": {"c_to_s": [2,0,1,0,5,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,0,1],"entropies": [4.104627609,7.586378098,6.310873032,6.874300003,6.880319118,6.833760738,6.876335144,6.910101891,6.969146729,6.870172024,4.098705292,7.858126640,7.073942184,7.867921352,7.889789104,7.868343830,7.839922428,7.858704567,7.859090805,7.875567436,7.864448547,7.848357201,7.879473686,7.877913952,7.860894203,7.857960701,7.861531734,5.436729908,5.095174789,7.816503525,5.401014805,7.861771584]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":63,"flow_first_seen":1584456191933380,"flow_src_last_pkt_time":1584456191984839,"flow_dst_last_pkt_time":1584456191986142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":5170,"flow_dst_tot_l4_payload_len":81927,"midstream":0,"thread_ts_usec":1584456191986142,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":87097,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1584456191986142} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic046.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":87097,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1584456191986142} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769701 bytes -~~ total memory freed........: 7769701 bytes -~~ total allocations/frees...: 146472/146472 +~~ total memory allocated....: 11478320 bytes +~~ total memory freed........: 11478320 bytes +~~ total allocations/frees...: 216726/216726 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 568 chars ~~ json string max len.......: 2324 chars diff --git a/test/results/default/quic_0RTT.pcap.out b/test/results/default/quic_0RTT.pcap.out index 65a7f5df5..640730df5 100644 --- a/test/results/default/quic_0RTT.pcap.out +++ b/test/results/default/quic_0RTT.pcap.out @@ -1,20 +1,20 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1603888789791229} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1603888789791229} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603888789791229,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789791229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603888789791229,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789791229,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603888789791229,"pkt":"AAAAAAAAAAAAAAAAht1gINJtBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB7CsRWwTYBOvD\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+zL7OkPMAtXpNlW5O0b2\/q+3KdcOtoYFqBIwOi4AbeOZTA9r8spxR89EzuGsSMH\/bUH9ekHEQ922xeaUjW2FgbWmXjMqS+663UY67NIITXpkFxwR22N+eMGvlLVxq1DPyvGiZiTcqCSaCZ0JYqKt+vdrIBp0w3K49QUaWm1DuJd+cQIJzCcz93gKXA+aQn8qJuO+lEHGyiCLVgeWI9\/dk7q4fiSnyVYB8Z\/88\/1PGsSPr7zMnahidPl8sGnTG9MT+px4myWEEHOjoSU0yW9DlNQElkOgitzZjllGvGhUhiBIICMF4QAUv3\/uP2UIoOlO5XivEkb+TEkDY+TeRlQOAIIUbsGZNooxIOe9TQJ82TvA7CrEVTKBa\/0UwEVbDA+egVUviZQiH5ib3Eft7yjRSwrLosJr+JYLE\/b1gPCQqV3\/X9AjXGrd184V\/I069AxL1W3hrfjhc9kTxr61FQb3iBePpHQNPrmWPpWzg65lBvr27yyzoj6wYSTbO781l0YatfDl\/dDvdQIfKr2P6uLMGzJJZkB+Ef6aEehROc00Tde4mLvS3KtN0T7iH4IEsYc3Db9k0scho9GMCBSBIiEPvgGR0Y67dvPV5slktWIWuArg\/VlYjYX5wnaRfV563WjXbTYNGUsYH6yJ12K39PLd+9sxGuDsDv7wuOHQ\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+0KnwyOIE1IPFP+gl6zZC2dnhr2vJbjX4p4gjfOHidbDFdeXHDeCB6AR+v8jJSYiWVKpOKT1tYDZ2eaYAb8EM4juskAwg8WJRDDALjE67avfbFy2bAKFGVwliLbq9g9yfe2DG7zudaoq7VcKjW8DJUYzFu0kG3f0I+eg9KERSSE9tNgraaUChfDY0CfeGXPHIGfNOqV2eildt3CypMlgx434dmv5i8bOFyWursPeR9FPxLAp0E17z39ZowCy9mzMTuEiKSfVFZVEb8A56B9ppGExgQC8QO0Af3vfqS2ttKNvFYUOgdWvnxDVxIQ3xlWS6ELnr9IEyJP7QN13nNZW2yyDnRClGdlAqhKZndvswyZgxdwswpMFr+Hp46L60HP3+Etr\/g+ZQ+dSKaPL8j+qjU4\/5GbDlG+Y8GGpP5yetDzWW4wN5wTi1RfvXLkUi4VB3m4LwQbvS4nockw+p2t9FIJYuLtV0dMHU6Hv7HaVbrS2rEeooj88IkO1U14qUJPxLmg2Uy36iXq2YaI6VfIvwaNOpQxMq6KJ4BIC327gV6F7pkRGqQyr\/fLXQ9\/QAgpjmMNkP95RpEi6vYM4P3hLk7YGQVBnB+IU0NE43CFBWiQCbD6GGRc88ZdV8uxhElyGuoq\/YHF3odV6QEFs9PDd2W40mlJEPTrU\/YbNrDK9EX6uJSY7GfN5JJTDeEvWfQOsQ0uy8IYjlyJ5TxtnQXnq04wVfUtffinNWMR7cNrjwWmw0LkdigoLMel\/dN7JQkDILpNPwSYQ07T0bRnC52xgOJ5umHTPriox2zwHfRI6lLvfBx7j5PR\/iXTtkoj6weekfmGYFZhQNsP1hkCk+6CJfCIo1m1SFLNWhogGJZIJgLWrvdtqIciw9ptTqsx5dUUsMd3KoDy70p2VEA=="} -01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603888789791229,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789791229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603888789791229,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"abcd","quic": {"tls": {"version":"TLSv1.3","ja3":"a7b629a5bd67bfc25e2c78b3daa4c12f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-32","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}} +01449{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603888789791229,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789791229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603888789791229,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"abcd","quic": {"quic_version":"Draft-28","tls": {"version":"TLSv1.3","ja3":"a7b629a5bd67bfc25e2c78b3daa4c12f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-32","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}} 02210{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789792113,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603888789792113,"pkt":"AAAAAAAAAAAAAAAAht1gIEmLBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvsKwTYBOuB\/wAAHAiw7LD1RGMN+wgWsFEjN2HZaQBAoeulPe6gJ\/sr\/GIbyJYc14UNgXtYbxk5qiSqETQY4WZpoAlQETVvk0wWYFOpUIdBARl1suh9iNp9EVeqqDCK8cOmjC1x9D6Kfk9hGxfOeT71tvhKd4oN+bdYPjbqVP0GFxeHN3IMs7Zr+fKeQyuFIUWnb5Z155Se3XdA\/gkvhnMx1ULX5WEKCC9gZx60DO5zH6utYTXgxvBd7Ru+OqadPKlFof8AABwIsOyw9URjDfsIFrBRIzdh2WlAxDmD+hjo+e1bU72YwbmAGOLxO5htQDsPNuVs6LSSsGz3SFw0RPm4E415JCnhx8Ge0QKEWADh5iBKGwMueF2ztpwDH7jsWxr3wB6t01oBA1kA7ZvkbHO543VSXW8URQBDqZoClPbnrQAcBZ+H69\/w3iitABvrJy3KVNkC9+NdHjbogcNpY\/5rLpRLS5HK\/H6JgUnP0BdrxIIF6HWRic\/Wf7gn1j0WoelZtuUrK3RpR66wFjn8EMNQiKG+ggDuldLKh\/U6tL0BsOyw9URjDfuFTTkGJh6F+XUUpTe3M82jojmegspYUKam1MxQec2Qkg\/alipH7KpbN4YAt16GjKA0vziYX61TA5r\/+c+B2T\/sfMV9v\/HKdLDeTVTmLVtM6L+LQWLFNxbF4yrEngXf\/VZT2XaqBGXuy2LCG0Ll9PjYDBtAtstKFFXX1\/Aq9PC+CdywR1PopMQdX5Z9pMSyZiyB5Lzg3cVGVQshXQFro5Kf54d6amO7D2XxOTcZnQiaAf\/TGRrLMf2QELrrUW5vGD6IdIKDtOHH0dTjyWhDTPJEfsacf7m9B9Xhce36eKCRqwlUUYp9cEORg9tAs+LNJkhiCPhfdI2kmtp2bekrtpez6Fafq\/eSu5bTHdTjUlYAqlsCVns0h2QvzRkddQkOUP7gAh5QNKxagIYkVNaIjoRzRpVUuqTaY5AYQbzrX47APe8VY1hIf5XFE6TPMKmMe2Q\/0CtWSycEDeCk28gGteNWfkas+cB+UI1rrRtWgkmad7zXpxmJvEVKx1EjCgwWfU89z+KDl6jD4P4IeVlDy+ynTr4HbYfYMZyTtc1RDHu8b7675WQKM\/HIrQq6E8CeXlwrV\/kN4X7y3aDTZ8UUUEk3f6P1Q8uLPJ2Yruxo4hJaXf2cw6q7EdHqcpvwl9wyP0SydRM5I5Xs9cDxcS9AAJl75598Onx7hfnsjzw2+Lk4PiuB9x8RRtBxDIfr1GIv04yL1ivxWfjBmvn9aCE1EDAtVLxBhg2AhlMxK5+fcZuD8gajCU3jBim0JQ1mEhqnrWZNbjfhTXGYll4oRXXUgYKlIV5s1CchSlcMgg5uu0+4Aj3J0p8FsizlxDbb6CHs\/xgqFSxARbNxD3LVLxEd+HIIdIWwvT1MTqPrwh0uOKGI3kFXzTPm+StyKn3RLAeyIgL4EkpQslwgXWxlUtDWXyicGhGk5giCxEYaSUkCR2ecvlHkQpbq28IGeTXJEr9czuuYuc6xx6JNXW8HuS7eYhN\/9rkNRrkW+Ih9+rtXr1O+2Dy7ZXSKTG4Wnmba1vr6ZEKbxvCvQURsWLQQxX5DHxb0xG+It92fZknkVToOutQ6p1RiqEpFpKmIm03EPunCuw=="} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1642696459202000} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1642696459202000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642696459202000,"flow_src_last_pkt_time":1642696459202000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":77,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642696459202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"142.250.181.227","src_port":51972,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1642696459202000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"thread_ts_usec":1642696459202000,"pkt":"eJS0JASgYDjgxTWgCABFAABpHCNAAH8R13bAqAJkjvq148sEAbsAVb1N3AAAAAEIZbnuI7NzRNYAQDw6ETJgJtnaW4Dzps3McwFi0x8VnVwO7RJLNCBVBqiWNmzfu9oL42X8gbNncXuRY2lvH2rb4p2qGfmxe2Y="} 01017{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1642696459202000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":409,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":409,"pkt_l4_len":375,"thread_ts_usec":1642696459202000,"pkt":"eJS0JASgYDjgxTWgCABFAAGLHCRAAH8R1lPAqAJkjvq148sEAbsBd7Ag1AAAAAEIZbnuI7NzRNYAQV5mqkZpRs8e99gEnxpMKgcyM4ebNtzOcUmv1eRpS\/4Y\/mYyP1B30U9uS4NGHjyOGaFJnHQyUbtswyTwz+8uass48b1GPbmGmqQGpgZzohRjGIpGw5eZwAz\/Hue6+YW9hwAmx9m0UhFfKsxUneEQJWrND6vl7b4\/1fQnPQDJpSQzDhzIhJtH1Pbfr\/WxE+M9SYDl1quiMttOidtA3D1KovBObJj1YlosZRsCpK8jwfULuNPkMn0+JgLUu2\/2STd82m+o+3G92qTNfTHYeBX+Sz8bpdn3vD9Uzax\/wWQI6eIrKNESFD3RLvXcx4+iyLJ6EqD8eYRGEEvi4b4XufDdC9OsxQBFVDeX\/54chXjPWbYOB67nyOuSaNm7e\/7SQG5tg2Rrb8\/P35bz7qAI+r9SDAYGGzm0kMCD\/gcU\/eB9a0NUUKHN\/qxjP0dTa9I1hufPHnolkoo70d0iz7y+nNj5LA=="} 02206{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1642696459323000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1642696459323000,"pkt":"eJS0JASgYDjgxTWgCABFAAT+HCVAAH8R0t\/AqAJkjvq148sEAbsE6tl4xAAAAAEIZbnuI7NzRNYANwDSMfgjq4OxpsfNKcHQ6KARDCyokxbtdp7Y\/Omp0cgQbiBRYO+svznVHOtWf7OlGIMtn2Cg\/L1EmSLhP0Fff3TR+PBjnn3xKD8J\/aXiVRElqimYQhalnslkwkFcz7HT5WSmmKu4VoyTjxT9a2r5CICxjv1e9gZGEz50cjhoD2ifxD11+2hodb962BAC\/69O1Xv7QK5dQ7pWtXXbReRv2043pozLoG5Sj2DRMO1jzwfGKVPeVvT6d3JlS+\/KFcQH3FOK7kbLNVQ3jTdxtjQcTDCM2ukPhL52VnU0pRYEcfjnjof+2lc5G708JE9V+N+aPQfwCKFa5jq2wn4OGgPZLtG2fCQr2cyH0ggy1NVhjg9Ppi7euoidj8RKLvTYQHeTxlktPUw62Wb4HvH8ZODv\/gnhARYvir4g3SQl0wed+fLy\/MMm2W9stuJOVK7y7NU6TiiV\/etQcKxr9mbJ6ZXswOYHzV7nrCnF01Wz8lBkk3myFnjIlcHxnhKms9mN9iiIbNFpeXJL0wUZdIEnFx+Ky6EgcDSAfEyoQnRRGM6QJDw0zN40CpMAyCRvB7Jyv+Bt3LirQNGyGd2dTTtojFQ1QV4fn6SGbPHH1GJ0j3V3A6qcv3\/D0XQUm9UlTMeIgfYR9WTA9lMzaoa8u854U\/EBloDQk2k\/cEdn3H4u5xBHgxiuL6pwtyLEHkPJy5lONubue6FY9Xu9UgQ506YI68R\/DDFzi0q2TNYnr4hnF6dG9Y5WaLfMuXizESHWoxemhD37Rfn6vCFR7J4ODkYWcp5CYaBU1VgcR6GmgIMd3qM\/Jfg2H\/q7qOyc9JW\/3r+LeNWzj2UHLsMUIYyaf5Ea6GNZqInTyU0bc8m0oo4A1iczFeKZySJkcrdZfH\/rfaR84LoUghhfE3e0AMP2sjdBbQCEqVv1BVJiI99xS8aoheyOzBIahfJyTcHIm7ktke0hlsEG9Is0vLG0l1ilTK4Rj2O\/lkGmeH2XTmlALT1pIzMj9geHB2pUsBIP5Y7SoqHlZjGQr92qQybpGhJHNLIv3JI1Z8mJUYsdrsS1xdH6JLFMgP3I824xWjGxx61Z1FZbLgGZSBMBdxlPVAKfvKpa6Vsc1eNW2RW6hOD99IyH+koOCha9y8yvDciPmiBC2Rr4g+XS2Eq8WTac+E98GisQXSiAXdS3+BAln09Oi4AVOx5zIXFd88Vlb0QZIGSelwYpnrLG8t58dTvE5lm61yDW1G793J6Ahb1Nhef18kf2zIcqjpCZFoWo+25ejWZ6N3PwmpBS32yQTUw137N3jXhogEcues\/cCZE2LhsPmlEp\/zblpfwU5rcVPvPYNjSYhEYNjzukfs5uhGYeYy4LI7jkGSEeOC3\/Gb+nU34gZq9xDhByquJ2L3F9DLphkTQeFxWzwwSmmjfJsutdeUVze0no0ko2PrUhTeLlKpYj8izHdG9s7aOmOtdfSXVqMsJ13XMA4+gCkfdXoMipLMY3myoeJcRzm20YUipIu6v2+vE5GcH3QL9tm+Eh1cMqanwMU3PBaaSfgg7GixdA871kdeO6y5bZU66uPVwCvSl\/hr0eU\/XX7I0CwmoKl0SRgDwU9cfA7UTJlJgscaWUggnIw56M08zUwx7UrXDpLSddDw64YEJX2dOGolI="} -01297{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1642696459202000,"flow_src_last_pkt_time":1642696459323000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1694,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642696459323000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"142.250.181.227","src_port":51972,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ssl.gstatic.com","quic": {"tls": {"version":"TLSv1.3","ja3":"06b6b2a2cba0b7deeaaa6a3d8374d627","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} +01318{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1642696459202000,"flow_src_last_pkt_time":1642696459323000,"flow_dst_last_pkt_time":1642696459202000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1694,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642696459323000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"142.250.181.227","src_port":51972,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ssl.gstatic.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"06b6b2a2cba0b7deeaaa6a3d8374d627","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} 02209{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1642696459323000,"flow_dst_last_pkt_time":1642696459356000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1642696459356000,"pkt":"YDjgxTWgeJS0JASgCABFAAT+AABAADsRMwWO+rXjwKgCZAG7ywQE6jvAzwAAAAEACGW57iOzc0TWAEO2m4xezp8ws0tQPnqBuBcAojttkFh04+K\/D0raNfPH21\/7ougjUz4MIS05h2RLaXvn8cGgBek+PkNR+LsuV02sOigm8m9fvkQaUDrBSUHo\/RAmYFFj9ojgCwYHWpc\/YOgCISwnl2FS8VuECkUwwn+5IyLNVhaOMyvV+PuxSyjkklPAKDD752bd\/UT4FW16DEneoJUk1z4fKzjex9yf\/x9rUYjnNt57WbB3lyAPzjq818AeJg1x5dPNghSsy4Krqtbc+17P4GLMRqEzOsFHRo3Yz0CJ8yvts2N25zGiC4yTRPD5WxpAP5LKsqoCx8Sf3NdGliML6koQhKRuGULCooL5KZx2JXRAtOn7o432gddzY22shzzzExx1lTUZ2StIlGCEGLqUSHGaPUPvUr3gSjTWZpgLZdeuP7ebatkYth\/vYLN\/RugHV1KFnGnrwNVXft7PVEE+uA8oDt4RAFdxHxU+Ps11faAi4D1a3Oxr3SlIfFkCtZkXwPCMgWBtE+NpDc2liwzPaZrau4v4cUGT3la9K6S8cvpqGdeilTVGoHP4q7i9ZK00X1xVWn24IympqeXXb819yqhclCYHLVV6vWKfQja9c6rWFyOuXQuLtg18oeoJZUj4Pd9RB3YYbPnW7m6QNQ4BTtU6vvPNQMCWZT3rhvGXgh3y2JBLFC9EkEZK9ka7snhc6D6+LtAUXKluj9BaALlR7F7POfrvAMAaG+s1RSoj3utpkKJne9N7UMaUrc7jXpVtJJ46qBKdePNkw4mVwBAjKYsOrVZphNNom0qt+zTuewQPHtmp4phKHd\/vByh6RTtPL+CCNjmoeYFYh3+jlEtFsQ9Km8DgeX8uE3A3dE8oPkHX0\/OUK8xs+s+ZWNlaMcOOF3NDr\/0G4LztG+I8s\/3Tk5Egnnh3afdTDB39iV3m+GpSg7knwQZLwFDZ1EV5qf8wM1N59zJzLfF6M+G7kdoJsqze07I21wo5MatU8zcjRUgJyNwIXWRmuCZoSqojWo0TwVkttP86dcbg9osFtW5+\/VnjOs2x0hOJK41DomDHEwrgANjXOPa0oMps+KlVDOF27IU+3cLr7d00Lv2sMYFZHcEieykaLyoX6kpCUTcNIB7LPQzwACU5EcHDXRkPjq2ZDXxet6ASFUFEgD8pnKTKF3Rnhhh7YU8BDqjNJNULlMQsUgwBEuH+l7LlGhoOn29Jxkd8fDOZIpAO1QQIVY4SsJZjX3SH96gjQXIzIuFEboZdt\/Lm8fO\/qbJ1pc\/azHu+ohbrAAAAAQAIZbnuI7NzRNZA0DS\/CR4RVBhRhc\/EuYd6u5uR\/c8IjArXjNnib23WXM2S72ngjVoOgg3\/rihSHoUobagRlzQq5LCQUodqZJgCKHilkx\/Yg8NhlmZ+v64QpqppS8KHYZNGQAeutjG3e\/3dfbeaUc+DKSAeFGgSUu\/FlpFXKMG+G2MheEhcZNTaskGAyuryPKO53HPDO7DuQIKsn7G4sNiArnVgMIbRo7K9kDZf34JMCEKJRy4iZwL96fsm70eVgcI5fzJ\/3\/Ji7BqY4sYxRchVjH6A3lnlQo6j6KFToDnRTfRd+G2rdlNIcO39yF1Ujtebhk1YcpiS7Sk0IGLF5m2opxXtDuTv\/aEXI9haigMtp3sL0O0="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1642696459323000,"flow_dst_last_pkt_time":1642696459356000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1642696459356000,"pkt":"YDjgxTWgeJS0JASgCABFAAA2AABAADsRN82O+rXjwKgCZAG7ywQAItXNXm+IJiWIMOQ7CKcNHT+QszcDtXkUT0taPAE="} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1642696459202000,"flow_src_last_pkt_time":1642696459408000,"flow_dst_last_pkt_time":1642696459432000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":1250,"flow_src_tot_l4_payload_len":1874,"flow_dst_tot_l4_payload_len":2674,"midstream":0,"thread_ts_usec":1642696459432000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"142.250.181.227","src_port":51972,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01198{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603888789791229,"flow_src_last_pkt_time":1603888789791229,"flow_dst_last_pkt_time":1603888789792113,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":1232,"midstream":0,"thread_ts_usec":1642696459432000,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":7012,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1642696459432000} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_0RTT.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":7012,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1642696459432000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7792749 bytes -~~ total memory freed........: 7792749 bytes -~~ total allocations/frees...: 146443/146443 +~~ total memory allocated....: 11501352 bytes +~~ total memory freed........: 11501352 bytes +~~ total allocations/frees...: 216697/216697 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 550 chars ~~ json string max len.......: 2215 chars diff --git a/test/results/default/quic_cc_ack.pcapng.out b/test/results/default/quic_cc_ack.pcapng.out index f10a63890..cb4999469 100644 --- a/test/results/default/quic_cc_ack.pcapng.out +++ b/test/results/default/quic_cc_ack.pcapng.out @@ -1,14 +1,14 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623513645438057} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623513645438057} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513645438057,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513645438057,"l3_proto":"ip4","src_ip":"152.14.223.145","dst_ip":"71.98.228.93","src_port":57113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02347{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1623513645438057,"pkt":"AAAAAAAAAAYAK2gQCABFAAViCAZAAD8RiyWYDt+RR2LkXd8ZAbsFTlqVyP8AAB0IP2F8CyEK1SUAAEU0pUADgai63r\/lItFGP+9hC24roELpliW3esH+N23zYsVnHaLlDALQ9HmbSfFZdOGFn1N0tiCxBoce6EnFP8qxgIGvtolBdqVO4KtI3I+xzDEP1dMbrxXh5kXHhT9281\/Su+nx2HNihx4eRSrnG7qGfBWROROddmS4TWWAqhaVPJstau6yELSzb0UA6xOcZDDOFIrtIfaHHJNL73QwlCCVC8\/X6+gOB63o+ixHncf1eOknkTc\/XYOWJLMHSLd4BZOA3LW5GmIXKYRfAuWR6FNCEsog27+JxH38wH4S8BIHq9f0AIY3YXQVkFE1PLeWua7Hc3MsiUcYvgoAhVb9+JBI5eXYfDCwdHERnY1IQQmUAu9SFx2J6nuGff5NC96rDFPIdNELe62FpMiG++tWyxBT1jrqduEE+GTJGana2VRZO0mNKPo4k96XXHnlrmLHJtxgqk0CAYVVoULGC7QmHW0IPw5+QC2mMFdQ2JXXCHchmXNwhcQoDjPepV0Tc7gNhPo5bycXS3v5HN4L35Ns7nhQwv47t4TyZK6yYxdFDGdbuycCS8L2dTXwUF7TstgFGUmpVkx39Ih0cfz4Ml21l4W5OxPMQLwymZcjFN4ZcsWF1RYDZqiwdizzKmJZ2dywSdNp0mvGKgOCMW\/zEpCDahdneaO5ePAihedJrHlLWjrIcNPtMFJvsCb8J2Zs2JveZH8M9ycGrJuRHIU6iNjJ1KE38VCB5Hf1tALUvZ0BBj\/qC+Ij8B4Ro+yZstJd7Ob6BhH2uaRdc5I68e0jjwGpe80iacH6GsFPIOjtZEEbNYvDZ7w16Rc+ITnjSC38untM8Or\/bUIMrMDMgaZ0v\/C5OEdfOGlvxCBCC4\/o\/90Kx02rZnFEL\/i8boI7ePY0ReSck8yGfszVfqzNgiwK2v5Xb9wSfJ6a8GDsAhSfZ9BXpA1BdfBS8hgew+G98kwh4cHwLJ7guN9fdx1HmkzmFzzo53D9m0lvXudsnc8ddqbXGk2HsS8RT8gqdE4Qp0HmVJpwPar68+ZRDzIVr1NO4grcPGts3UheNWWdX22kIGFFoWJQJ0Iud4hNuShy1HzqTQ1lyp0YYC2JKUrnWP1jn3LpGqTH2BpZ2wK9\/yL0GdwgOVZWGlPVBBI5DulktahfK8IcRAXIoSVEE\/2BFDm9HCokMUAXZ7NOPTsKGJDxCqTZin0sZ\/S2a+q9vrJzdzIYDluIS5EynegX+P5Joc4GPrIZc3YnPU+\/jEQ6WmwykKvJwcBvW4q9DF9\/8A9K6qBXWUAE\/f3ls7H3ipOg+w\/Kh\/WzO70xs2OJpZb6vVHkFmXehlT0Ib213P4CBiVWI3EwxwElbpSAUUK\/\/VARpnBPiA9J+ch71rajSMnje0HhIlInLryO9owSAQ7f93iROUK3RJldQmsCIOfxHUjT\/D9SQRsq4felL1nQ7DtW9jJkBIxJNEvuacIdV\/uo77CehnUSmwufgmQjj2L3ej6HOYKut+6KBPceNlpM9C1g\/\/lK0TvimOKIRh5lPHZnjbRXhK1\/2ricgkmNL6d4mPnYWLCcJhWSclF\/A8b\/ixrplLwQsuMc4NgUi8p4L1IcSZhnUxtTszMmKomu4BZaTzCIvV8croOgcxm97AvxlkZRjUy4Pb5rdJcTpPFvUeyaVjMB7toze81GUUg0VFp8lOemZ2cFjZ+uKOYqXrcEJFF9LwKAjMfV1JtVs7Svx3g0n+xvnlW+JM5HoeSe3uvLKwvv8MdjFD4tJpVfQSeZPJIaH6fKbzpbepdPhIKObLCQ"} -01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513645438057,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513645438057,"l3_proto":"ip4","src_ip":"152.14.223.145","dst_ip":"71.98.228.93","src_port":57113,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513645438057,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513645438057,"l3_proto":"ip4","src_ip":"152.14.223.145","dst_ip":"71.98.228.93","src_port":57113,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Draft-29"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513729660364,"flow_src_last_pkt_time":1623513729660364,"flow_dst_last_pkt_time":1623513729660364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513729660364,"l3_proto":"ip4","src_ip":"183.23.159.144","dst_ip":"108.140.147.22","src_port":37787,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02347{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1623513729660364,"flow_dst_last_pkt_time":1623513729660364,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1623513729660364,"pkt":"AAAAAAAAAAYAK2gQCABFAAVi6HNAAD8R98y3F5+QbIyTFpObAbsFToaYw\/8AAB0IUTBcXx\/7dUoAAEU0cRm1CkDiL5VXuHD8J2aE4zIb58\/+mEU+Rw5RrXrHDT9HS2TJ1byRuHkogMZnptt1Qr7xH9L\/VzpSNxCzTDbRWuT7mItsp7riRT2gKyTGhoOmd2mgHLkgbz5iBSoCSNUDxYOsoc54N2LqSMrfyRPrVLK4F+iz5e320T+XiIN\/J75sbfmU2amyA\/tgAfGxijMP5sSp3sZBmMMl50xIJfhb8gcjVVTvfYHJowtHPnaDzxStd5WXXY39OfRQSP1HaGCsMB+ra3SJxPeMqqPZETKnmLpUmsfvqjD7PQ+RbQxPo35MX3HK+7c2bkXbeciKwGPrnCZ+HBCTiUNMNWKq+BXuITWnU++pv37wwbCH3moLZJ+teeN29yC0mdMDvDOLD7Ox6F+EJrlYyttwLV6sasd5qohHeWqN9NvQ27K5erCE6YAvqETtyLHFVrO9Dji6YXO5YrcZpL68nxE8ad4W3qt7yUSP6SYf3As4yk0mP\/RTWu2nrTdGD5lDaxnUr+QILWyCfEtuwFOuWVRQpvuYfIeRRuTGYyy3mJXe5G+GjYoCY4wtvQoBVINu\/gdFOMRV3sajpjT\/h88EK\/\/Bn4VUNW8hmKvlEqiU9NXHMQbBya1xCaWu7fidqZ6Sk16clO2IfhBpSlizMLxsdWbXwCaeABGzpNJ+xWkDwwPqXJLjaNor96a9NqJjv1Yf1xv3Aaw9+t7GbI3UyWNvcbWpLvOoBgYJOuMg8G4PznS+d64avRAnaeD0ZKjWOYvIXhxUgeBT1dkE4yZSSvkVp+t82oe6mKiVM46LEs5mzS8s8\/8E3nAmuyG5h2dN8nCjOdNpTHBl+TDjUVJ68t4GpEFCXW\/V9VvkWso\/lwhXdQIozYYVWIHb\/la5l2+\/JuwDGcrQDwMukvLOySMX3OfaFseRIdfdKoqZOa+5WeVxmpfTghjXKy0D6IG594ZkNJXYVvt3x6XiSICkupFJTPXebjJmf8u6s1zFcbbRTIbfZcz8xAejZCej7ZsvN8sXwyVOWETwyZpQOrb8+vvxCSh0kaSpr8EkP76o9mHZ8O2ClWfcJ7PZAaDCe6RfxfonVpY+i5+0uhJZQy8tS8913w\/uovBZeRpkg0+pJCZ7+48yDMn+BXPWIqQmjnByB2p0CVpA5\/DWSPASKN\/93KsY5XILFT13pFdfTwrrml7C\/OyzqBfKyvxrHu9stC2Am1dZloT1aMDRixBJWGC2vJJV8mlL5Zm62wsOuoOMOe46w++VHNAoQNMfHSERmahOOc6ZOtu03fMiudyWb5SuNSIaNoAthTKw57cz7K2tgWx4UoMoSc2dcKLj7q7vhofEIbWzN5MdRBKS3GOl\/WOdHnPcSCy\/2mQX3UXiYZuAFI1QE5bhiNCvHmw1OFAOEX8kxBkwdJ9yW9tFjUbiUylRYxbRgdaZrrOwXGzxKEJiHRFqJMTA2cy\/gwWHYWfeGVfIk3pDvfdJaFVvLjd5wAbFjoxg38qZVoby2ec5n5XMOiQj9cQkQkawx4JlrvqkRYjm2fsfgTqpCqIcItTsMDlq1zCr07bpBYHHBKw2vM\/DGDFyDTtbrZN\/\/CwHhKJi8k5vQvK1H1Iw67DaaLgfa1GdNVnncTGGpkmk\/jGSRK9xB8iiIxVXebvYeqYZum5dA2MzlUt8HhVW+YS+7Mpf75TBtWfCy3Rik3FASQfdTZ96Mx5xStcSqXXN1h7NLgKjRPpHBwbxsedQJOogpvfHa9gl\/pnquvEAM6xHqq2oTOEo9XJHI1ujXWNWIJ7oEA327lkS1E7T"} -01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513729660364,"flow_src_last_pkt_time":1623513729660364,"flow_dst_last_pkt_time":1623513729660364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513729660364,"l3_proto":"ip4","src_ip":"183.23.159.144","dst_ip":"108.140.147.22","src_port":37787,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01096{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513729660364,"flow_src_last_pkt_time":1623513729660364,"flow_dst_last_pkt_time":1623513729660364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513729660364,"l3_proto":"ip4","src_ip":"183.23.159.144","dst_ip":"108.140.147.22","src_port":37787,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Draft-29"}}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513729660364,"flow_src_last_pkt_time":1623513729660364,"flow_dst_last_pkt_time":1623513729660364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513729660364,"l3_proto":"ip4","src_ip":"183.23.159.144","dst_ip":"108.140.147.22","src_port":37787,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623513645438057,"flow_src_last_pkt_time":1623513645438057,"flow_dst_last_pkt_time":1623513645438057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623513729660364,"l3_proto":"ip4","src_ip":"152.14.223.145","dst_ip":"71.98.228.93","src_port":57113,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1623513729660364} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_cc_ack.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1623513729660364} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7789593 bytes -~~ total memory freed........: 7789593 bytes -~~ total allocations/frees...: 146422/146422 +~~ total memory allocated....: 11498196 bytes +~~ total memory freed........: 11498196 bytes +~~ total allocations/frees...: 216676/216676 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 574 chars ~~ json string max len.......: 2352 chars diff --git a/test/results/default/quic_crypto_aes_auth_size.pcap.out b/test/results/default/quic_crypto_aes_auth_size.pcap.out index 4b2567893..2e8910788 100644 --- a/test/results/default/quic_crypto_aes_auth_size.pcap.out +++ b/test/results/default/quic_crypto_aes_auth_size.pcap.out @@ -1,14 +1,14 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639054047280433} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639054047280433} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054047280433,"flow_src_last_pkt_time":1639054047280433,"flow_dst_last_pkt_time":1639054047280433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054047280433,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02353{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639054047280433,"flow_dst_last_pkt_time":1639054047280433,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1639054047280433,"pkt":"AAAAAAAAAAMAKVHRCABFAAVifypAAD8RWHqGNSQrjmgmHohlAbsFTlBUwQAAAAEIajnnvXpZQGkAQKS1+N8fvEy\/IOkT4oydortAv2EA7pMR1b57qEUN\/CWLgwIsiaJrsQ4hFHO3l4u7VGBrkULKHI\/lxjDWdE1irA7d2B7h4jkYKWy0HD2ljAAwNUaCq2GQKYIMFYPPnjUgnc6NRkaRBhSzAe8fZndm3nU75Z7WMus4y4FiuskzWK7wPKBIM7bxQiBvpY62McQkd0tyvv46Jp9sqnschBDc67JbIa9bgESPp+gcP9R53I2XHVB+sKt85pW8jfCDOYD2MzyGLQ+T55Kb3elNggevRPNt5\/n5LSD1+BaMwPIWniyhyXqn9M7ZOvHxtplESf3\/ummwgMYCFjWE4x4CgV+8lqttLnKDT+33uPLxFmhUHvuyRgYs53v+N7Yn38UufUU6ZhOXmHE8+XWeHs3tu8WDodE6SWRhM5xseVzCZYLGTT3X6CjYNFcJl6kyqmquwogEu3CCHnXmS\/INjB4uSUiyMhRi4SumS20xZFVtqZZynkmMlWnK09e81BgkY\/iuisZWvJRuJHFdwM30B5LDjtpgqfazbpCu6Uwmv2u3GL8UYFg9JXJ6XKW7RjDXv2OXecpNpV7Ec+NZ7S+Eblk+2y7gdGGGOJ0YWQ\/UdbM9tjr75mYZlmZ2XmwaOWA7lupjotCEVtvNyVGjw1p0RQjwWwkUNuy\/TjEqMcudShKNa9WCDQ8bWEIgXHDXASO\/PVPq3gEIqJWQbO0nhO2rHJC9mtpB902MTnQB3oRhiTtUMf7fAmQ+6s5GNn6c3en3gGYGA+JPXusJvDjsRu3PwCbxmWJ5W42P6X61ctfR4ImfNUcG5Su4UNFa8ImA7GgSH608jeNlAEH+oOj8LjAiKc4rTEvo1LMxkcm0RbEgQ5zCg4gb3K695U7hnkuVkbZ2P0\/0RHqSidtcHdfWB8hEkFLyKuUlyFbgTj26IexnKPiu\/sik7Xf0GfC\/8RFWHPg46bSbOrQPg\/gjKdjoVYkal7TJgFaID+VHNzeQm+hSPwwtg2AWznQWRmFkp75yYX7gosdtClYrZYA6FFirHqDW+0GJykjlxQKOXDmUJPLnyG1hF2irp+YW2l8A4zScFSFMH7ORiz7jakW38s4r3LjbMiRb8Tx+m08\/My\/lJnC9xZh8q82LXT41dv64cfwg2eQtvH2Lqzs2I9rgcYmsyHnPyvR7699rVEk9J9YaLrjr+fk8N7MwS+A2tX9iODZWnJOUm+mTNwC\/T\/RWyAERM4hbUAEurepo8J\/aEcXnBHo7os5GSVLmj\/GiHweHArDF0myFhpn34cAp8f6Y0QM3kFU6FLExLGABdnyQk5FEBOr15qkQbVxZ3kiwHa5MCacTRiiIRbM6fJjJYMCKTLqYyerVtahDJjc9THoEHqkc263xcjlUk3B+44Z4xuqgt4XeHolWU+aZMt8oRurkAG4Tuf4UKqTmIxukJT2TMBWkasVQHP3Z8Wausgp7GWEQU567iGHAcPK670SSe9B9hqsJ8oOEYcON5apMj26RB8Zd26Q8fiq1vqWEGo1PCxuUi5unaVFgNv+c1hkvn7meyjHS\/L5Rc3CDUEpgtYy1aOHQJRbXUKAeBVqgmzVlTFgKNAdhCllApJowozwlhoVXS7RvypYWLyqEFM7Zu4iCwMajFBhTXBCFwHLDlfiSC1hs3iPlIAICRuCzOLoHacQfJq+YMBKP9Z\/B3dU8jrKoUx8rHfRizok1fJto91R9llaEwHYg05bSKiD9k+j1zXsQMK8reMddzvzIMatcM2wofN5hnpTHOrEb+bb8zNLy1vI98DbE"} -01330{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054047280433,"flow_src_last_pkt_time":1639054047280433,"flow_dst_last_pkt_time":1639054047280433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054047280433,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"app-analytics-v2.snapchat.com","quic": {"tls": {"version":"TLSv1.3","ja3":"1b4b6c50fef204e06798d3fc7cb272fe","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} +01351{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054047280433,"flow_src_last_pkt_time":1639054047280433,"flow_dst_last_pkt_time":1639054047280433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054047280433,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"app-analytics-v2.snapchat.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"1b4b6c50fef204e06798d3fc7cb272fe","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054232898553,"flow_src_last_pkt_time":1639054232898553,"flow_dst_last_pkt_time":1639054232898553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054232898553,"l3_proto":"ip4","src_ip":"245.161.134.177","dst_ip":"77.242.114.14","src_port":27636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02361{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1639054232898553,"flow_dst_last_pkt_time":1639054232898553,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1639054232898553,"pkt":"AAAAAAAAAAUAQ0IQCABFAAViVFVAAD8RpeL1oYaxTfJyDmv0AbsFTuofyQAAAAEIVDeTZ9G0fVcAQJ7tD+1f\/+cIs8rTOAJmB9XT+G6akE0bRSYPWlYxlwYQgKRHpPG8lylyHgIaQZ8sJXtKvXdfLWTgSTNd5aRIZtuvjsWGM2q1ChFxTDrq0gh9Mn3XrTBNGLcE\/KOXhBozAtSeZE6MWbRy5IOveCHAiESH1gtNyBv5LBZlj0NMnb2mwSGz3VEF\/uR9XKBDieR+s2tHY1DI52IyGT49Jsx+HESVOfkRSHj1714zjgsyidrvJr51XV\/iMlIIyh8C9eJOXAxFYq+H92kbHkpiREhgpx9V1pLYn02OQvsP5v6Ve8k91xQWteYlQ01o5rSdr40zwXusZGqachnXgXv8vszMRWLA9PLhOI7kOFFDZXcImD8JH5oSxZp5OovqcpoP\/NL0u7PTs2VBLlaF4HoB8x3834lHBmqnFiaVaDFwllLdbz80hqVNmVXpLgB6zB7H02Zk8y1YEnDUvjjsryRUoD\/2uXxaZ0y6dKxzxEDLAdYZLpyefpJQtFMTgT8ocY8Ud+uXKAj9s6m86UDfYUAWlFBJTNv5aeSrzpbaJy8BSLNbxUX14bMcUVrlZa6wvN6KSurVgSJLDi6uRcgpmjWx2Czjz4Z6ygzz6o50UnO3ZNyRnpD0q\/ArniO1mAFuRD8EPWjOQUVIMCFPEjh53eHS6\/oL4FopXCeW3nB8wsfVNzPBv38jmCItrDwi+mGkv6DSWyV+hgXozgwQQ5ejej2maJyF5p5n8LHVV1dEozQcIkFg1jdl11dhdr2YO+cuV9Mzhj9o+bt2Q9zCCfUuQW6bWzMhtGBruaW+trc9bGpZaCKLWinH1VFyH+j0IW6ex1lwpPGickf7IwOfBrCcjRNe9iom9A4AcKomuJD\/3xy56gpwP2whItWhilZu6bnjDW5kcsO\/6LYffu\/gGdurBeVYPsCismGAquBr\/\/sZeURzPCdSTbXciLqrL5bPr0q1GQJFjSFyN79i4bYN0MZZM\/l+RRVat88Aix7e0FL2q\/ldGUkTNonfTMqXRowtJHWSE2F4Hx9sR4mj79bpdjkJ7aPSyTzbpJXvk5hfZhwAxh8b1nGa6UagwcKkChgrDRs+aJj6u5uFs8PDQg\/ZKToy5AjNrFDPEtRRnxuM1zqNb38rtVLTTVgJgQaL0vmq9NaYENXz1aWL+guidN40XBTJrsgxD3EhGUJ+DSi59\/dOKWe2Rl1sISbY6h6MeGh+g\/i+zVTF6y50uxcyWWl1Dmxs2rXt9fj2zARugrEJVmUSW4JJVCY7wL2NY2QeDAAHL20F5xC\/x77hQYZQNgtcjoJAyCSBciIQVQRxhiuZ5p+aFbDuGE6wYLZxwdYvXXM+zUgQ++nEFyfsakRNAZGOL\/2DUBiORi\/tb+bUY3Uks3Z6CiZKZwhEx+G25f\/DF3zus8LeXpgfhonGIiwLpOhSXMO7Sfb2vEzRxXsws0LikyNbDs7giA235fQ4KYtxHcQJYl6jv0pP6jHZr6rzP9zAaWGaPC\/04kDGUig8XFlj43r4bRqomRURoYx\/xcc+mR8kpRFblBJYEvDW2cG25EuhyCidLR\/MEaMJV1aEkmvYk23KqqVsDEwUJTlePtENboY9yvL36SluUuKTLjCv6BAqIcvYU8JUNe5kKy6Y0VoQy45HxGro9pv\/+agix0J+X\/8ZPIoarFDvNd9r9w04Tg40psUeLWizK+dT27jGcmuDPDDVQWmp6QqrzpFKExSzHYja8c4K2jY\/JiwtluOmCp+ttKuD\/hxw1myZNXg94Jx3Iiq7JwfwMXbH2UidKQX\/tu2J"} -01324{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054232898553,"flow_src_last_pkt_time":1639054232898553,"flow_dst_last_pkt_time":1639054232898553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054232898553,"l3_proto":"ip4","src_ip":"245.161.134.177","dst_ip":"77.242.114.14","src_port":27636,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gcp.api.snapchat.com","quic": {"tls": {"version":"TLSv1.3","ja3":"c570fdf41c8bf336ac9442888680bf3a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} +01345{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054232898553,"flow_src_last_pkt_time":1639054232898553,"flow_dst_last_pkt_time":1639054232898553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054232898553,"l3_proto":"ip4","src_ip":"245.161.134.177","dst_ip":"77.242.114.14","src_port":27636,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"gcp.api.snapchat.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"c570fdf41c8bf336ac9442888680bf3a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} 01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054047280433,"flow_src_last_pkt_time":1639054047280433,"flow_dst_last_pkt_time":1639054047280433,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054232898553,"l3_proto":"ip4","src_ip":"134.53.36.43","dst_ip":"142.104.38.30","src_port":34917,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054232898553,"flow_src_last_pkt_time":1639054232898553,"flow_dst_last_pkt_time":1639054232898553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054232898553,"l3_proto":"ip4","src_ip":"245.161.134.177","dst_ip":"77.242.114.14","src_port":27636,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1639054232898553} +00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_crypto_aes_auth_size.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1639054232898553} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7793899 bytes -~~ total memory freed........: 7793899 bytes -~~ total allocations/frees...: 146428/146428 +~~ total memory allocated....: 11502502 bytes +~~ total memory freed........: 11502502 bytes +~~ total allocations/frees...: 216682/216682 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 586 chars ~~ json string max len.......: 2366 chars diff --git a/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out index ef9938186..ee2d5e56b 100644 --- a/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/test/results/default/quic_frags_ch_in_multiple_packets.pcapng.out @@ -1,14 +1,14 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1616775370814360} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1616775370814360} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1616775370814360,"flow_src_last_pkt_time":1616775370814360,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1616775370814360,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02244{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1616775370814360,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1616775370814360,"pkt":"AAAAAAAAAAAAAAAAht1gIK6gBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB5cYRWwTYBOvDAAAAAQjg6gfRBF\/f3whbtLKZy53KxABEtrnM4d\/0kI3t2T5FO3RTETvA3HGhmrbwnQma+SPYPn8iYYuHdKaQW8SovX0+V4dnPseYO+4VTSZldeifgT8VNQQB04ta3cEyZMDpKRtegW4dekko5HPUbEiidNmSQOuP3pH\/8SoL9x7tTBQzg2OL3UpCqjAnX16pFAdQ+V\/RbqJ1eyzWFdbwBQd2HuCx\/Ij151BRRI2Xn\/z+ADB4rVF4WDOutzm10O8sh2ssLFe2YyMKEeSFhkO2WxMcAatNA2lQ4qJXI32K2kygG4WC7Q8Bb0hTFMG\/mywEn7y4151OST4nZUDKvDlYcVWjuF+qTVspa\/iH7c2UuyPhpTYvIjH0QeZUxZzZhSTFej2LWwFlP2YFzpGwiJSwBaiLMY+5\/70DioAlmqyVC7SFNLAm4+7fUc\/CJsf0f8FDbPGjMEF4r4f5+0LVZH94Uy4Wd0tsSsAOmIxjxwMYhgLVVmrVt7TBRxZotLsMMAE5KgY4C37J7AKCvvh04vXJj1z3UQVYGJh48Z9j2DH62a8\/DQXS74cUeasgoXI\/\/fcqyqG\/+dEnkEyyQl9f50ViwTzUzqhBwr01HZapB8dBBIdSdOLcU\/xu7325B4gE6MbrZr6w6DY7ChrOgc2VWwoxehsZo41rWBZsOQNIyPzLv9J0BRip+w7GJmYxc+3ube6gxdaz9W+Sn43CsbRIQrhbCgHGaXLfLG33YcaU4X+6lhZpZDIRrpfHlieNk0E4HHfvmW6nTXkwcpHKUc\/LWt5+WouHWvxMn4x+ldQDvX1+1587CV3XMwwBZM2RazatEhHW1RJ3OT+xC3gie6tmmnMQduXseFmc+V2JaT5\/q6MRU\/TlwY0Rq7EtJ8+ZbzGXqIuu4jxCx9oMmi66z65uXw3qINNOeUxHXJycpAWw5De4VzaVR4lwygzKGqlnx4L3JUveIj+oObyh7F56NqTe5C4UVw0rXOK5vqDKafrSODvkieITTgx03B2pUNKW9RLu1PhtbXUZuY0giPngPfKgjMEWwbgah5IvyTnveaL6sEqf9jfr3kFrsy+GNW\/OyorkDnRpI8RofzGw1tLxiDlPgh1n9rHyR1pRdby9Bnf\/rDHEeTaxotP0WhApggHCHa\/yFJECzVqs9aS7i2yWDcJfS40AFynUP1UGKhJe\/uUxXih7qXtheQ7FXxIkAhVv3cPoCRA71Cfs2E\/Eey1fVKRW5lMJW9PriJc7GoWtyx70pOdZsK8HXiQEPiYKJaSioN0cr28BDrpMUfunJRWn8PiLmXUmTtuIMIbhFyGy+EQ6xhnD+A\/0hLJNWNHMXLu\/kfUBoupAJQTCcfsChogaeqgD6e5eSYCN5PT9+XpGN3+Gf4PxJfDsTjsRYy9pJctfaPC3hqhyOjQKfCx2rbpvgC9PMRVByJjtLJxGnkJUAuG3l6UFakUVvosZ+5M63lUcs39+r3quiDA5yu7NAJ8A\/i87lBxkG+y1mdyDXsaBDCfcK3ZxP\/soZcY4r+0QCaSKYxK3TnciTbuVT2emgJe6oE17JFaMKL\/+oNqA3ly+Sny53LHt3DnGVzfWQGnSJpT2w1xGiily9lTfAyLsd+fvmBtuH20lp8Prs7ZgVUIGMd\/pWSRV\/g=="} -01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1616775370814360,"flow_src_last_pkt_time":1616775370814360,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1616775370814360,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1616775370814360,"flow_src_last_pkt_time":1616775370814360,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1616775370814360,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"V-1"}}} 02257{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1616775370814361,"pkt":"AAAAAAAAAAAAAAAAht1gIK6gBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB5cYRWwTYBOvIAAAAAQjg6gfRBF\/f3whbtLKZy53KxABEtnQ\/+pwGuyRXXtCPS4nq7SX6grDxLfue\/EWjBDnFsaHC\/vCyPJupYn95B94uIc35RQAXJzdsabL2pMXT5Sg\/JFun6HAUw7sNlvetq5pdG5oKE3vK\/9SDzJXTzgevEg9XCLK53vmKKNkAp8pIPL5uP852yCxWDuffTSDh3jvmocyuqPyR7wKy2amWQmRTLcjhYY1mtN\/AJ7QgugkmRPkVO\/SoOHb8vfwVTlN5QBI31Pgn0V++7rQ\/hjHjrgDqH59C7UvU4Nu\/9qoDxnTOmBoHcK94LPoI1\/y4+hexZ8e1eBwahcRgYxrP7dWTWrR+JwPD9iUpUFvxo8SIgmgVWi\/abM6MNwKmYTCNLXo60x4HtaN\/BCJP7I1SX\/LShf0cye1Of1imuBKSreuS8hR5\/tpYaSzuPld82ydSmvszAQ0GryqOJ\/ZU+jrxR3Tt\/AaRw5XB7LAQ5igi24rk0VHa8niUCDbHqUASsZJvejkDDbY6MmPqlfYaICmikKWML4UMFuk7sfDyY0i\/p8vLuvuadwwdvnNfiwmeiSJzrvtn4jKJUdczJeqQoEAINkoOw1bVBZDJVR+EUBqhm7abaUZnOPU0klsCmtzptRhvGdjGICwe3xiagqEEKgFQwB\/\/vebz12DECZEBQUukhbsCExHpl8HueAXvKSAyA62DZTnPjBbFDRoGUnmsN1w6rv\/EkKmT98KOnW\/ka23T8HpQyGW03QC+qJdzK2gggcKfOwsz6hd9z3KPjD06UASEHqfcZ0u3Yb5\/MLumpY8Low4YAuz4j1rPsR+y\/EQkWeHaYLF\/80wJp9yb7\/2p+rbsZa7D\/Pz9wdYYj0cnrXYhrg9HYHuPZ9wKDfGS5vYIihZYRGMbEMbGcFgLdOANlbTrqep7qeYaIu5bs42rtv9xGYAL49yzxTkJJj7obpk0WDg3hmOo0G0GKuMN5D3DLsd6CAekttgc\/RyQGGWPf1OdBrGOZ886sVlSYfVI53O8wLp1YwCY1QmFzdPpSevtizJ2XYvFJ+Yw3zir1qwBxD4bhntoDg+aEGwqIyiNyXgHCI13JOQpJXthbpRAj68Wk4NuVBdRmms6tJsRF69JML\/Y+B\/BUH3oVmSCNLicSWHjivNwSDG\/d7QepAS1wNYGwNmTzWQ\/PCj5j9Cdw66mm6RDZWarxDm\/oSk9NEMFrY7xKK7IeubvrPWd6WDDdJ9Bovp5NzhHiKuwVSSx\/d0e1A6bU1Fi5dfUEcrY4mCVrLQtrrzL\/UquhZSdn1pyiOy0MI0Y\/bnbB4K6J04rXZ6nEtp1EU\/NkSSyz++QGuwa8v++mBZgyRRdHXky\/yOSrTGxbmNikQP\/BXOaO3nlrxeU7SquOho6ofMGkAD9m9nnD04JBpXDbsymnBuGkTUgApPRp+NHNg+aAhwX0QXv21nT1GOJGkgZ\/kOk29raa5UerzxHP43\/ZNnwqcVGS2ek0xFdawyoi7pyvj0GVa4CngTmUuJHLHSgXXYFgoXLIzPy5xMdEYkZFlxKRT4P6vvGmfHBlL7ZZl80WmHAnvVLA4inP9N6NQ6gpEuafQMHiBC8RZ7r7p\/7NgSW8\/N+dUhCD7Bp0uOQmBUbYktydmi2FFhvERfbJQ=="} -01668{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1616775370814360,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1616775370814361,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","quic": {"tls": {"version":"TLSv1.3","ja3":"0299b052ace53a14c3a04aceb5efd247","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}} +01799{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1616775370814360,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370814360,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1616775370814361,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"0299b052ace53a14c3a04aceb5efd247","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}} 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370815052,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":116,"pkt_l4_len":62,"thread_ts_usec":1616775370815052,"pkt":"AAAAAAAAAAAAAAAAht1gJDKmAD4RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvlxgA+AFHEAAAAAQhbtLKZy53KxAjsAiiM0e27twBAHLMBaZzti3E68kx9gE3ZXKGXRNRnGzCRKG8UNXw="} 02241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370828465,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1616775370828465,"pkt":"AAAAAAAAAAAAAAAAht1gJDKmBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvlxgTYBOuNAAAAAQhbtLKZy53KxAjsAiiM0e27twBAm7orpw5qxd1lVUqgjQB0t6bjTCpm0HrYctLZlOW8RxeFqYLpUL6aQgJgsqWU2IeDMkSEWQxNoAD9isTk9Yu7pj0FCV0RExtP\/DdNmswmyNYMjGETYolLSYO5r9J9yPDA0Hm5r2Be7ZsaOFJuaPcG+Z8cemvuyam4YpqgIkUw2fRqAGCqYxFG+6KmJKwipCWmTGX93+bCnHXzHjo4pAAAAAEIW7SymcudysQI7AIojNHtu7dEArButeYco\/iBezGaaRrsPrjlQJaXfjGrGOtxyW+VEUk\/MjXR3nhkzs5hCQvCoSZucW\/0W+ecnkNmCHqs4SIt8zySyF5lpDfgp9EZivvNrzkJ4n+PQNK45RWScN6\/LidvcVOvPedmQJOG9nF6nKt5GINaBYIV4DAkyRKqDgwq9zUb7Yz7KbZ4\/U\/l5J7VJ1IcyGwyyxkiATxj0nXz5iL6S0i\/Qff8OBcicPH2P4+Ard1Ld6HdHHjevwx0KBLIR\/1gx8y3jBkMb7NrDl73ag0KfXqIo6e\/H4rDtDyvQi0MpOujutDnn7iduSAyMAttxebYk\/V9FvCkMKZXO\/f2aw6MwYM5XiQfiS0EGekYNUqu4tX0eDWRfSvzPoSK3zwRx4JPCDcvlmXgRKO5rgPMPeHxw\/4R8pwK77EgYt1YvugWPg\/rFjo0LRZvcA9G8G\/1gz6DPb5lDFEY+OBRlZ30ZE6tLUP1ZFYbG5jdeb5yhjd7f9M0RbEJ7ln\/y8vbPI2C0bUmD13Rt4Y0G7RfrbpAU3FY2suAugOO+boypmtiO4rL6zAODnI6MCvVUhjFhDUP1ZMy3DEbE\/xnUPX\/Up0RcMDRMmYO6PresXQ5RkVkt0ae6aInaNXOgytqGgSHQfz6uOr\/L0OHDt+bSpAApU\/GkfBM7SXUX1s7HyotBUmo6gVS8HUZuU7YrbYGRso8SY50+dw8BAi3q47Zp9QGbX1DzI5w9oYPtTUGDdLZpClat0gKKcURLG6oNQRR5\/a\/JtzIWMdkwQUx7OfFsqZADmUiIoX56wV2pU4xEtLCFSctyPKTea0f+AM857zRIxI5doKRMWBQCReS4eJtI+yNHDXx6msEsTTh2FP1cyyPpHQPXWO68SFhWiSGQJi6ng98NXq4DS5OGBxniP3A7SYa3ygAOZyBymKqUpag9lF6VLHr6ZcfFBz68AaXUvP+0PP+sUaVWbv5GAaFkJhjceA0c5G1AXQAxAjwYBgFXSEHCZ+nyt1bRzD34wOG9Ui9\/G1LO4TKEaGQ7LK+XoEPq5xZpNj\/iZUA+jo0DVw8QZXc4bgx8e0jAquDv2o3cBMoVWhbp5uoSPs5qAuuEJPvn95LwoGyVBuftbARv+sEm5zZ+no\/WCBkS2bMuYrjzmfTiTl3Zagm49VDzuUjI8TYTYcniFkZefA2AU8ighAo1jD2vIVqP6oCcqp0gGjHWGXQJpIi\/72JF8fqcMUaIrAYkZr327d7g0oopaslOaoi7acasbJkIDuiwILeD0eSjHNpdusKEqM8ru3UWJiUf+xvi88b2UB63AqrZi9cosVzKiZJNiYgJtznIFN5GeceVOKOMBQX4zvEc8NWY\/ph7nUhzt49aTuTiYeNXwsPqA=="} -01334{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1616775370814360,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370828465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":2464,"flow_dst_tot_l4_payload_len":1286,"midstream":0,"thread_ts_usec":1616775370828465,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00660{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":3750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1616775370828465} +01444{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1616775370814360,"flow_src_last_pkt_time":1616775370814361,"flow_dst_last_pkt_time":1616775370828465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":2464,"flow_dst_tot_l4_payload_len":1286,"midstream":0,"thread_ts_usec":1616775370828465,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00660{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":3750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1616775370828465} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7791783 bytes -~~ total memory freed........: 7791783 bytes -~~ total allocations/frees...: 146417/146417 +~~ total memory allocated....: 11500402 bytes +~~ total memory freed........: 11500402 bytes +~~ total allocations/frees...: 216671/216671 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 596 chars ~~ json string max len.......: 2262 chars diff --git a/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index 7d7a32e56..7f2604c9f 100644 --- a/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -1,47 +1,47 @@ -00606{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00669{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1621417111064920} +00606{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00669{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1621417111064920} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417111064920,"flow_src_last_pkt_time":1621417111064920,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417111064920,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1621417111064920,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417111064920,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTFAAH4RUm+FzUvm0OWdUdzQAbsFTtRayv8AAB0IRl3KXBW\/LTsAAEU0Yy4h2W7s\/rlLefIGYQnrzU1ux8x1WHF9P2TRMM\/uMgrk1ok5ld99474sHzCIsmBaABMBQuwajfiOypF13LdOvUbny6sKbnPsiQnWdRy34WzYDIUSWbFA\/\/FyZAuWdhVQrY6b6y6LN19n0\/TyiwQZaRgOj9Dah0V5ZEaARpJrDY9m+9WAWL1E5fl0AZB5oVrpfRpwU+72dTHjTrdezZLrG0y4LUZJV4ZFSW\/bOTNeyiYeeLzss7MCM0o7kz\/ABmlsvSTXlJ31WdTvcFfKZa+Ers7MX6vrMreYIDLD\/ts+djqt3oepBEPH1tJwybSyF6zOUmcUZSNjRN66q7NkOjxIFsUfL6vSIfs09kF5zqgt+spL3nfMkmEEbIE7Yb6VRa8aqO8bYrkMWyfbFbPBKBEuDwvxXHrKHBxwnW70rIsunEzXSGSfZXttskCHI36aQkPEEfMaooCWLD7F3ek7vQfYF9UBeP3UInD1\/fYOKKyXlh8f1Xhf5ZtTg\/t0H\/rYsiKjt\/tbN+4cOfHmb\/PbJuLAirrGtMROug44tuDQNDgTnWYAQeXIGrimS63+Je1xn8is8IMmIBVJgnKtBWcrkpMXG4qIednOh1PU3Q9\/9otFQnmPpsVeluBrkhgnE4Pv+jN7MB9MKsGF0sSC1rOxFEUDC1ZncrKF2pLDQgCdTsCDk\/CcchJ4M3KHS9yCURHTTnwtZtZ46Ba107K6\/C+vDHLLH0Agtie1px7EDwsBP1SFcU808ARQb8bGLCOen2251sgfs22LC0YsewZOMJW3COsMT7VTAQC4PFSt3Jgg155O5SMOBejKszFjP0ssLTQ45nlMeghvKmzI+zfNFO+kmZxhFyxqPlrgdV4WKrdIRZR4IDXMiiBpWoClkuM9Kcm+TctK8hPDBFox7OqpdBdHkgRVzggkNVEFUCJAoy7stynIye5G\/c0PO6aK2KvGAn+3yIbnJQO+GFl+DzzTQ5+znvJKlrrHbZJ0Q4s6V8EP7sXEgs1jrGqyCGI9wXbSo\/8wFamlp4ouFVhBqYZQ6GonLwcM2BL2EqcW1GrumcxSrpctIQbM+MLM5TmZnDMpdMZpkkzZ2HiMH1e4fDgQ6yg7Gbq1oSAP7PmPqOdaH3pXDqIE+0KyN656ZdaYb0ZW5qVxVZ\/yglBSCDTTcv+oiZZdzI4cH8Dg9AnTIhGYs97IARnzPncHqS984seVJsVe3QFzlkq7PW\/+y877P\/bFA\/sin28uLWX7d3K3IUeguTPHXWFnBk90vEPoVwUYyj9ACpdxWLYAzshM8UJ\/W4931weL+9Y45JP53CAvIUGXcyWPEbA\/HUlyizs+gfbouzc6njtiCnSFNiKixMnDd6GnBIki\/6nDKciwxPCTmggZDjKRSkhR0fon1nZO04Oy+GPjSKqyuI6I5+\/qz+87W8lrtdNnV1MTgqqBXXhQGkloYjiOOO7Hr2euMPx\/D8ZUBmzjEl1Q0vybg5VizAcIFEitV672m9tByJnZVCmqOqHSsQyStHmvXtcHwG3FmgKLlqDELNJ8refw1BcltymiFpTUHXujIq2m\/2R5lxEp3IZpg0ykJqHmAP8x1DQP1O+gpnkeZMlBn7sZgxbS5i464ONO4aidSpGEEs44YdZy\/0PLNXvbgohSN7NSSlu\/3OBSZTCjfEOkPRu9fd3b98IylU4SIOzNDcculUBKrCHb5iJqK3HKWlgukxdQQwzwn9S7alNQY70dsl9vUF76RPML6stNu2Zb+\/ZYxqaJZFu3FOvrYcXEYKZuXML8FedF"} -01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417111064920,"flow_src_last_pkt_time":1621417111064920,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417111064920,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01449{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417111064920,"flow_src_last_pkt_time":1621417111064920,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417111064920,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1621417111365444,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417111365444,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTpAAH4RUmaFzUvm0OWdUdzQAbsFTjvyyv8AAB0IRl3KXBW\/LTsAAEU0xBtknC+XTdZGN6290CAoRKHgbmKFJg3HBwc\/jHUJwoDaxdFeYCE0Uygz+VHs0HUnI94AbjhHMzRan2kJrzGOLsIFVrtNzL4OkTEDJq3UUrfyDciR9qccsfqQIGKe4+mov72jtae6dT46hkQ+QTnI3qa9w4Yrz4KUlPgfO9zVCT6mXSXTofwnKS6Qfdj9S7TH8yQuxrRDtFQWnhTNy0t1UKhz6qr7HZc7OXUxuEatCLs0GM7RQ5XDRBXA5afG92SX13U42sqpyR2Dqucjmfwt+AZJqZxKZ88XCAoPiBg1nhBBqlcLQi5b55SXRrj8J15Ch8Ci4CxPCOPzc3h\/5D7UZhbpjLoo2\/wZisT7R7KxaJ3ST2sZ3au5Hx19NvbHrwwXFyjsVWmpBliZAZ1eg8gxdq7r40u+8bSjNep5S5X4zhf+AkNuV8jevuxbg\/UwlzjTe8n2vKNO4Sn8ezT9DiH9wVxoqUgUC56J5Bw\/YU9h0I7kitWH4Ge0BODww29+Aa48fFyudGGRJr0yq65POy0\/nSLbvLGqwZp1zhAkIqUsP2zPPDhVLcbkKuUbzbLDncwcQqWbszMpdX6XQMob8NEqfarZfUbWlLQzVqNQ8t+rVuxO6E0Y5ROaqgvU6Iaw65vnffX4bnfiGXYqsNiOtVcC0AGzgdFbgZHuv2Nb7kc0byRUKspz09Wn9zWhuGfrICjWmqrB8Q4VPqUOIqhoqXlkGkHNbJf58PajF6nNTpLrSKS\/s7\/PAyhgL493GmYSfIy9P3KtC5vS4Ku0zGWvDo8SCxhl8hUKOnlaSGpXqSRi3sgHur0sAZSPpYHgQ9ljywBydFstLrd5zZwAxQ9+vV2dyvl5E10qbt3utWTyQBXOGM8+cRbZ3IceK6X8lmEcVSe\/lGIY3L8lM0BH4NVdxflARe5x27az2293PuYiWrepjLgL\/t8GJnVIEAfdEDDv6nlOl6fweFWTAviNX0n7H23ADHXDBJoQegMO44JmGpnPyeZ7peOilpkbWx9ATq+r0mZxbasRl34cc\/qUozcfhHeRKRw+hYpaT9CQZ8AwobPmbBbge1PnLbS9EJ6KIdeNM1xvj5qNQCPpdp21psJ3+wuxB5WdrC5cRGmW+pfRGXkJSm\/Hxm9DB2tYY3zfLjAKMpqTNWMC4tSeo7z0jU4yjg\/Y6fR198VAyclvSR0O5TVO1oliLvxo8sV\/3pO0ZQdkjztGQDklMECKRLmGHWeq07ToUjA7\/uq\/1q1ZaVKO9+hzMdiy8RW\/albPHuZmkMcv\/hdmGmUKrlNaBelZYm3JHfkOkgTs5ncd6giTGx3+gp+77n0Cl2X\/UMETVoN6eJC2aNdjH04XtPXdO1zEfHQdKIZ6vLfMBFcb6lyyBQHYpxqMpjOmWiEaBu7NBDgbODnVf+Tvq7iqc5vUfezJABJgNs+wQkFHvjcnsWbt8hd4lnshRnhfEICGBWv6UJsU9Ov4RS1eWGN6u+WJZ1KqUjcUa+wjrhijbGsQMvjESucpeFe9xpKA8HAlnPSJl2ONIdzQBHu\/3yzS9u2h1V7df8T\/i8Gdlu6HB93T89Yjw6chn7zm7z2FtGgcebdYl7BpQRSNjPJz84wtrOqzP5VkldxWGcJvvM9JiOiFsmosV0YXCCuN0S1I3GD34RZxvxyg8ZUjvsqRi2E\/iDILq6\/FEFNEDKUPx45Bzam\/QoSbKhlDZxaUjzLpRLnCd58YA3T6qMB7hBeBBV7m2MJBvTY86h+TNrfUyh9Qv4iQnqyGKkFDZSiO1ApSSgUS"} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1621417111974951,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417111974951,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTtAAH4RUmWFzUvm0OWdUdzQAbsFTm5izf8AAB0IRl3KXBW\/LTsAAEU0CaUDKN+7HQerWxWNaxYxCvRcfnKOO+ybfMRaHlMyLV5\/ifvLi6NsRKmbKUNcCUu\/u\/M1kQX89iC1g71EFL9hpQHjoogBRK6XO2cU5STf5N9JHAk+8BPn45mxnB29aiUjdM+EAfIXepdjDNQjKc09rze1a+uHtprZ5+Ycrj2s1oiuYYUb9FANNRaKrpCGh8Q1rnRYx770sBfzPHCd4rH7ygHAqZA9rzQXUKNYFjXghCcBZatYZ9Q8JwAA\/fKY3\/lIAOVtIUm1GWVWJWRArYGxBCEQZpeN5QPlw8cLblO\/3AfsaykEWbI69jFCOGB2jUptGYOGveg\/lWTYc3h8ky83fW8GcKmxAdv74r3jjdjUEQwR+OklxSw8nZmJJz7vOIvvqHsGajXpc6slDSCi8t109u4JP5JW8jD8wB8Wu2rMNkpmGllvnJajJlPlmNcv1t63eJQ7tGt9eGqHfIOgL9TpzURHNTm6hgSstuIpgK9L38bDpiposW3bHdNdiSGW8YfcnS01KCB9zAXNkqgfNlW+GnajZiezd1EJNTKChMtZV3oLfDVU9cARvR9xtldNProWOwXOZYPAYtfMb\/io\/Vu5CAxNRhauAQj5iV37FvKMgojNtwe3JiavKcD\/FRmXzVU\/VpRWC0bmuCqHRqGUFP1t+DceGKbtne8WNVu\/xmWJrd890soACDHC3pcknd\/nHK1UlwSNkQ8SpuBtv6Dp3ZFRJdsGRDvauS+NTENiJpqioBeQmjGdksZRA0\/zyeeZ2tToLKwCsABDpjD3wQPTSgs\/QdPv\/A5+SuOjcGiYVuktFgslT0Wy1tyms3TA36Wcl6ZEPkQlM\/omx0Cr54NreGjEi+Vm5kYjmT2fnBvf2AQ12Dg9A+pCWtWa4LMGgtYYMDVRRT6vqKnhbVtxxQSAh\/MWBMyqiQHkkkf\/vXhJ\/dOU8N1Fd1mO1KBRln61my9oJczDOwipHZPAlr14xAsdkdGB\/+HZ8ppEuJtqtkEtcOw9xjC5dCPbakUtfuaLzDo4DHXPrpt\/f+rpZlU81EBxJG0afG0vQOyE3ZuYMlkM4IVgPqMx+uzy+sK+2o1w+yZCywDlXOysJF2R8BE\/KVLZRpL6uxsfUOFnHV4VQFOd3VwykNOtm7wpKwJ8ySG1VrRqSLuw3SlZ8dJXFZ8gIUVHRRjp13ey\/kua7zLPrAEFz2vf1ZYTZ5m6U9KeweZA3wPOuih84JbuHHl9vlsWDb7s9qrasejaGIRTS0yaEkKOXG2aXkwOTKzHvuE0KuunSsQcA3e6JAQXrlvgeRH7cNh8q5Noilga8Iz99iaZ+tph0kvufCI2CHlp41du7sNXnyC2d8RZPQAJe7D4Oh1BQLIpaX6IjRHr6Znht5L0l2uxz2PQHcoUX6n4t3dcGi25AwHjP5I3uYq5MEBsM+ufza0eSWH\/9ZccO0cIAXaM\/ZK7yJ7h18lQa\/XrC6T0H+iG6YLcBs+Nn\/WpfxO0X+Fm0xBv3kc6fJmlJHPrTgM+FCizZiybSl6ku\/j60rHDQ06vpIkk9ZS53KSJzAVvHcMEw4RS9GGhlSYAJux\/nZp6xaRxVAmLGayjkrZg4JqrAaYLUFPZxCYnoaoOUed39DfjyYIGdVO+lFtX93fPnuewUpoX+KmbQlR7Ka10pukI4fioRBdFHiEB\/Gn89KrwhW6ASA0p9Q0Oc5cBfAuigzZZU2MmQFjJi2zpQVTe\/5PEXmeSFsWQCTH3gUt8UDEky7qzZgA+xFi531EMe\/QX6lWUAbOhV9FlVkAVMO+3"} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1621417113176734,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417113176734,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTxAAH4RUmSFzUvm0OWdUdzQAbsFTp+DyP8AAB0IRl3KXBW\/LTsAAEU0o7FkSA\/0ikSyRqQvXGrrGoX5Ae3X0rpAL84q59M9qwkH9fCBJTzZxi6V4r0QKCxOQEdb\/FP0ffCcVJD3QVcDTLQKHyI4uAK86EETL2hvJCOjv4iyoBWGc5bZ+FonNl+uoMd4szLIqDd3NF8Lyul8XdWC5d1IPNGwCAYCt+Og\/iwPdOfHHEGI9gtMs7wGuSa7MKQzgxaH9KL0gJbN4N5z7kbS7wqrE5CGqR+jzwYMZISKY\/sOkuXOPNFcFX1DsUuNhKe8O5iIlFGshGWl93ko3Qd\/s8Im5+y8CKtW3GyyP\/aPkF5DjXEI155evNh9WIs6MOpalk16FUT+wSK9hU12seWzSutVyglPlt08PYq7MpuTYI0kBvQ8l42+eiwSgJZltMAkKWqSbGQB\/K\/WJrUr8daz77bvAE7Q+SFLL4PMA7RelUCpZmjdkUXePH0ru44wpgp1YmSEhCFG+hYRZHRDcDO6zD+q5H+Sqc6LDjGehdnR5m8I70PyyS2Vs5uRt6O\/UkoXQMTQ6151icubpXuDD4DvwGDE2v\/NBuxFTAVpYajm4s4E\/r8GUtWwVPPHY5JNr7XAPu+QoCpwU3g91bh4\/hWBTzenD6ShL7E5zHGy0j7CVPmbQxHJL0l35qdZWoRI847zrHHuytkJOIBR6dyp\/yN1At5ZMAu6qxrWM1DmDg13uB321ax9qJOag8gfC7HY5MXhg1DQ82Z\/\/n+AoftAxjjW2gUuN\/rkzpw7iARBNZrN+q3drE9K4m+nUJU4u0SLFWRDM9hRC6xS+3AtmH\/YN40H\/7qqsvIRj6xEUILOgdDWY7aOAypUzptiqmyZ6gd1fpjWq37xq58tUmw+Im6iVLxsgtxo3Bus+Jq9y4ZYdoSLEebp8WIbG09yXZPfHjwg3F0gkF2aSL+JOmTTYygRBB9\/uZqJme0+8ifTULhKwNp4AQYFE2KlhPFogQP1nSDiVnmjBOk0XCE4I9fzQc7rhwnGJsXOMSpgeUFHKKwbfUCqHscY8G\/TNkFgPWaSGVt+qfCyBSMtkSFDP8kFGj\/RY0YX38a2+fcG9Yv96cIbLDPWHxCPjGtEFONIACDhfytwgWHZ8REERLg+oIG3X892hTfWLIuUOSUtPxIvV\/lkUVLbbgQOEV\/OiK2YnbaZwpy2xHZBQHIBxflPDtePFQo4xBRiIfoz9W7FxVLQ7z4Ukv7fvpA+qilCAfVP\/Hit8WJsDlhMcr8s5HDdidYVz78p57n\/hZECl1HDNlMji5Beyfw9ynaHQLBb40TWsxuRE48jn6jha4820DqRPhaE2atATXnhCcJQfmk5DXkkKivQCgGB9ivDWhfJVfxxfV1zHjhZ93tt+wZniB4pEyA0TkA6zIPNYs2A+1KpBBDu58xIfcTlzsToOIcukgOdf37OdZL8yKMkQDkVinmTspwWDmhNan5AMaHf8OO59F\/Ju9u6kMc7rmDT2qXlW2VbUebeJYvuZ3Yrx0zIggOCkDt6cjAwUJvko4KPZS4DwAEiA74K+\/dQ2T2m1MdpOm3dtTyoIgm4HNY8CPNk8SupcPbDn4HN3i6NKcd6Aw1EyZzG5SKnUzyrpgAgiwy4iNXZVclN9U2hqUq\/QxoBczTMQO\/CQKyb3YJMr9dkcYUbfIHfs28\/LYkL6sYs5wskMWskQC1dXNo3b3m+JowwrRqwtlH\/NiX5twif+3YItLzXWegIzUA3Juh7oTi3Pa+DSgeBg0JCXubi47Tw7htyJ1Q7NmhTT6FdtNDLyxDRP42jWq2p\/CqVQ3C\/3byz"} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417628801012,"flow_src_last_pkt_time":1621417628801012,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417628801012,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1621417628801012,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417628801012,"pkt":"AAAAAAAAAAQApuCjCABFAAViWsBAAH4RzreTxFoqsVYuzvDPAbsFTkiRwv8AAB0I+raMAglwITcAAEU0GmovP+mvsihl\/92QhcJt6i9xOCuhIR8v+QVQPDfpj6BytKt4QkFnLk36FAbt80sJIp\/Y2c7pKVYoBF6gfeinYt9EQsJeq7ROnY3ivJapj2oaHwAzsZa4wHPnbSp5Fzk6+XETr+Q0x6NnHbM3zNCM2AaHMspi1VAViZWQsrRPrT26HUJgBdgrtSBr704DAlp8NIBOTaYQmRsLw0sO8kaVUQSTjBt91sODuXuJFBlvmd0rw7Lx9XhhtXOEq8peMATmMSiGkCnVtuHU9IHl7xPdTUKOwX+iqBEfcVUDuMTWTQ+xEjmygydvmbpLt++lwihva2qbwF6QkkfAhzI1WNSSRrlwUFqM+Zsvtnl9miygOu3MVINYanFJshDLLhtcYcppiQUtPQh8neggpYf3NcqHcOg9yFih0GlvYXJgOAi0eylABT+cl7jZZQ2\/9NICqkeHp5SgtJZ+rnT0jfRUKImzpisiXxL0gUjRhZOBaNVTw2DFuXCxQsKg\/KU7zvbCtbjOLcFIvgcvLg+YOzho2mATZS9Qfa20oAzRIDxCf0U\/g2Kp\/RjvwWjL8Qf3VcFus3W9PJibs38Cnb8fC1OmRScNRTKV7pwvzBngo0k14tTrnFD06xzFU4K0vUGZStljl\/FAwNVIMnRWjsQn89AVyrUyoiyAS9a+w+Ol\/IuzeZupo9JHvpafoLvt9p341rnuNTMpuiggzG1a\/AJiehCdHVju6FHVk25Y\/MvQwUZ0i\/jES6yQR38oUqlnXVrq+fKrSE\/9kcUPuinfPVwCAVdLSD\/ha7TenkHZGDajCF77P2QxcTnluKJdVrDlQTARcyFrPTPqYJkQ\/NBO4Q2LUqkPKdSNg8BTKf9ErnqfzfLyF5WoMGjiT+xKiXVVojRktrJCp1vh\/UQZ5GB7zhzqnM6KrzPyc3Lxp3Bb7qVApnsRGOqMr1ngaD2S5zZ2FCX87pAvyMSivW4aYtM\/FgZ5fi1KOfYRKUUTVabBR4V0TSKE6XBOLGcK6tn4xBlT4YzAm4R1HLGrMHJVUw1kbq8I1GPUl2Oe80wpsoTflQ\/7rxCHFRENvTpUYufeWaZVYdHvgsMahyyxgCBnT2nc01NamKM3ocOAfaIGcBY\/TLk5FbdJIlfNuzsvYmFgqC9vpu4ElbzDnAVfSEDcO9fSa+\/JxpgCfB9tsQNpFDTYAu1e0Ss3GB+O8aZWjtRVkhzocpK8euQFsHuPNYkc0XzFUPsLBkPlcmTbK4YVnrIapDZ744rfE93ooFZIUkO7Ch8oLzqK0OtBOsGmVGFTbaVf+NhQknLLOENbTcHT7F0rxbWFDU++4qTR\/XmfJ+wUTJsT+\/quj3VddN9kLF9L9a4EgHNqz15osfhMQWW+l0C3k2t5fh5I4ZCw28kLSE6kXpe3jSgb7PvPC1LSkSgWYuXB89Kj+qTD\/cFbalGxIJb\/WgzJZn6Gd7R+R9Uf44YjcRfaKor1OTqri0mpCgDnlcKZQFUkScXWdMFAepcOEwVDvTUtXG4T0tMPM\/db0x58pCBeZHjWa7wiz\/JWqOATbNaNGCr6YxqPK79sl3n3mgQubt+x0eKINEGpxaZgah4UluP1BWQh4YfISLcQeFbuVb8GjyINELyA1nqZY4Rm0zHf5sR3fkBxRXy8m7315bG8d2eGbZxchn62uWz60SggwIYaJ0ECuYBFMzQZtKNYAvyGaZftALbKhVzxh7mgcomFyIRc7XwzM56SXrPBzXgho48l4M8VVXrs3DqFKC1\/kSw7iV2kg2+Vlrpf6i2uga0t"} -01409{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417628801012,"flow_src_last_pkt_time":1621417628801012,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417628801012,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"sb-ssl.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621417628801012,"flow_src_last_pkt_time":1621417628801012,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417628801012,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"sb-ssl.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02374{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1621417628930767,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417628930767,"pkt":"AAAAAAAAAAQApuCjCABFAAViWsRAAH4RzrOTxFoqsVYuzvDPAbsFTm8Jwf8AAB0I+raMAglwITcAAEU0pjC69lxL17I2Vm\/2Q1yiyTryhXfWfRIufhNP5rg4c+FEuOp6GqQUQFPIcqWk6U0BDlkVmnmwl9dIFWmX\/bKzitGvZ8mfDi9hktZWexq37TSuAH96QNRoeDy4tvPiSgKIr6FZgR4Q\/HVISWRrxFL0ZKD38sgIoVYjPEx\/9Ic4WOpPiBg1t9\/qrhQHH9cTVMgWsLt0TDJTL0KZv3cMnUOIyDfZegNZ4jvz12dVBYTIdmKO7+1d6Z2\/OF7H8egyUhxpPD8g63YnzjMgsOVESGTopFXkRNnrC5YYuCPBc4+8zyPzWbaRA7ZY7Dj7GHebUIt0h3Gw1DMiRq+wjLGQycx78BHNpTa91SU5Z8OasixP0ARhcYJ7QKV8jqRLQIZ4IpBhgMNdrO8Ggn4V1al1n25AZ\/Lyk1mcCfIi5OinaMRv84l92mkzRek7AiZLH1nKN7U8\/la6FOtm5DE6vEcr9GZeZ4g8aHUkwBMbmP+13DolPMOI6DGfrXzZ7dBsZ4wbQKaGjaOhZc874uKqQ4j0o8xXhMGNRmGzqEw0XLrhUHdOwIt3sXfKa0kWZzBhThe9vA5yuf2IJle4m+JLUJDIrj8NkmAliM5a1Ztu0S1CjbeZwlZNEfqXXuBJ3XmYBU6x4TRQAywkhzhzUXIItcWXIsLEo24LH25n3fHel8z8SAJtU1rYW4MJ3cHGCieRuLa9m5WyLoD8MhHU7jK16MqrtWsEA8LCVJ4hJcCGC0d0cGJ9TmpzgM8fitFGSMldwBt1v31w+KigRFbv3PGq15QaFu3Bc5ghmXY2tvuPrAPwDQ1dcf4BaQoD2VAGVaIncU5tvynrQteTCLDkNbf+kZJa2SKp54q2Z9Fns9c9jt0T8RlL2p3YHikPu7llSazlfLXFGeGzoDJGGsNxHPldt9to6lNcm7BdP4mkNcgatPDawW4pXv1ns4BEQlIqeGnHJbtHqijRNTuEtZwIuRhW\/Knz7OtExuPugeU8Zt\/GlPfZScOWlEiLrc05jYYCgWUXmqy179xmcMucA9Wtytp06aBHf+WfQ1fURy3jSmQ3NJ3gv81uQ5roWC\/f151I1SnpAuoNl\/wshFDWrHEG7wosMoA69VM5ioRjUH6Vw6vtLsEkJmdXHbiLelXmCeiv5o5cjuB7D+CLbcHnxi6S1s4ouqpxdZyMBB3jywu2tIYU4QKiN+fjaYMDYwpAzD5Jb2Fn5An8ebr2twQ9IO7dHcApVPzom1G8qYIs37w2OByHgFyhjSn3envhKGKlaF+DnxPnqjkcDSypaV6Xw6EsGbkUEBsPWaFNAQl0rYQv4OIQSLLLDbtnqJSJtFqJvApbEkL5FOujphAtNX4TvOYetM3s\/ZH5TkEvzT+bgZWz2mB1oMOoQPy213DWxLIhN9Sus3pIVPH9KUpLVArxCusIojjl4y\/CVvWA5XX0iWrENm1HaA6F521QuNa+s5DzOv42QgWOr+s5uNKSTFxAahQlQrNplOZsHircGL1XR+n2uD2gTgWAAY3b2i21J5cYoe0Z\/jVWlplRHgm1fBm8iBceAe+i8eGjb4bPc5PfJZ8n+JrHrN8SDylfFnIiRNE8ID8KN8lkbNu3\/oS3Kih\/K85WFq55fup233gxsGiJl3pqoHcF8IRFeJ07vNzBh1QaRlhGdke5sCCm3DG3xbt+UWW7rCkqr05j2zGYZdejMwOKkfbRf6NbqQKPeIcLIlv2bkyG3CDxjjE97A5SRMMjRaI2D9gkNO0\/wn3W0x5srM6qZB5BFLM7YG15trX9AF3w"} 02378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1621417629532013,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417629532013,"pkt":"AAAAAAAAAAQApuCjCABFAAViWtRAAH4RzqOTxFoqsVYuzvDPAbsFTrDqwv8AAB0I+raMAglwITcAAEU097Xe2il2Zegu7U45BZ8gKfm75BdOnPJC97WfnE5KscE98sHvgzGhWttrfuN5Zw6V0RznV0lHr8X6WifmddIwLz9dgmQayfKTYym3Ekq7+FTfsVbmdLv7iDTySVEQT3U6aJZTVVfr48rzDdUlbuOabtPNfF9PK4wxRo28Hv8rNIeQLcDYX1ZhINEmN+sLvvHwjXJJn\/mGzxs37Wo7yOZbGkbY30QHlElqBOAjfC6VA27GzLEtJY\/bgqKUM6kS54RZZNzg5pKpLNlhxgP248e2xlGMNOmp4fMFXgmg3EfYbmnl2iWasHW8AkLql7Ucnm9wslVj\/YWb2c6IF2fyJjiByU3v\/tWqKcs4QGqfKnNSz7TAvliCZNV6Zo4gfpjCqzFPRaJI4yeyyqsAh\/yIYVP9ZV+w7uilAeMXgI+K0KIlxsOhizEgVDitG\/KAo9LOeN6fomCXq4209QrcrNd3XMwKvH9b188UgNv\/jRvXciyaJGIyMgJ7mamyBtbMq07La5hMyvo0mSqFOXeW1vGdKnMpuiGY5RTAHMnhNlkaZqmORAjp34HPN8n4vG44MH5AJ7tXiPcaAMzbgdmd6ox3fd0BfTrlccudwRllV1uZTxS3xRBBhwWhqTZE4FhxMXqd4endwazGj4NY2Vq7gD8YwyUO508LgWL2kYAd\/HfPDFLaaugd7M4tl4hSFuXNenTPDtb\/bRXBfDbvsb6xXiRig92+oFBV7pEoV5L\/yiJ4P2gax0Ac11TG31dQqdzo9z3YfYxfMa\/+8LYBIBydV8pcGIzVQDhSjN2LC5nUQOTcNfPU\/oVh0Ybk1aIMEU85MfYtwrsAgUEMpEGProetQB0mTzcYq+lEmbIIU8WPencLFFFL9uSVHveeIfGWVYNsJ7jljceMSgP5H6cv7CnQzsqS8dQ4uaXalyrjBXDSyJmCkDvaY220xAc3pj12kdE4BvFmAtStxWdtg66AiG7qv91s5V3en6J6UAronI\/KmR8EOk5BiV2TYsFERt4G27JNG5X\/AJaZ8VwtC2WsqvDKaMKYDTCCbRtilBnZ79PJ8INFhsaJtQDLjVGnL0+0lag21H2c0AgRlVIciNuUToDrQp+pYnpr3L\/mM63uQTkvv5eBIAP7i9VCEUjMABfjlzuA4QlRNUQ0vfIchW72uzMqFErT0XMVPnKFlDHN9TDNIkKHDeKZQaWZA\/OfMsV7evfLcQ+ddG\/xKNaoq8806UcjLdGTZEiKme6xLw53P6MT79sTHldTCpjPaldQ3tMH4EIg1InZbS5ktmIvlLQ2zHCeJ+cCrcDav1P0xMr+DLvH3rXDc1LTF\/hYsBxIYeS7vsQF07Zw9I0Aabf0GjuxOlwnW2Bt8iPysdcUeHkriGdeS3Czvq\/nkZEaGKcHJEnfklzqeTz2bYQ+SkshE9F12pfc0agQ0tbVdAnKaEKIsSgzPUMt7MgzYsL9AUkoIblqKn2hXfFXW3gr6XbSi5TQygflSMy28Bs+5OghyrSNcFcOe8e+DTn5mmzjD5O4rsNuXEgF7wS26+FyMgZbWHqX8HMifw3qMfcAQ1nT3l97zTbszeFs6\/goTc7uST7XEMKSKrS2lP7e\/ELG11fN8X22oM+TfVd0wylz3v0e6ThdB\/tMpVkNfw82FE39BRdoKw04E7yZ9lgCOyxJvMvSEQRhX0eoTiGgfBQDAhtTklq2Zr0UEwX8LiDkDQg8kHbX+ady095CUYxnxCvxjTB8g7HIHtQ37uzrFXIL6Nxg8bDtLpiJue2jB8lwh4plomig"} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1621417630732572,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621417630732572,"pkt":"AAAAAAAAAAQApuCjCABFAAViWtVAAH4RzqKTxFoqsVYuzvDPAbsFTn5DzP8AAB0I+raMAglwITcAAEU0w4P9mb5\/3cAJaj4ppvPVfM1e79oi6647O9UrDvxHMvw6wV760XlpSjd61VmKKMxqPGYPlva3z+F06oB5C5oudSH4\/k\/HgNY8EZ+f1zMxLEV03HYvd3eyZ2Yigb2EaaYwKjEGJTIAPhnFqoauAh2+NlX58F7j0QXxOBZNFmYxTg0U2ixrG2zc81LXcer1hlphJjt2T0DJryb7+H37VnCGZV28ta5KuFpJCEHU3Fd+Au8hzAdacFpKvFNnEUxffVdh7LgBkgWaVuMdCe6yQz92ZCsCzBLddU1kYPj6RsuYCawbvUqb562kpiZjfFkIOttpasGIi39tj\/u4v+6d8j28V1orGO9PZqXvQy\/8lCwyfjm3k0DcU2W3\/tOXF3YDgVOA+NYuef5dsvh8sL6Y2zGiut+QW3tAqTRsL41MM+QyzTgsUP92XE2REPCVdMjU+ZIArKLV+PZhQEMEltTUCaVI8sN1kF3tnGaBAFdJ4MLfX8o+rvJwd0AlR1I0UPhxZm51ZaCJ70wXahMqe33eoOnF2efrrFTGLRJVQjJzGYGviNutDC3KeXcpbH4fXqHVXwA8L1ASWNywa4RobifRQWTIDiyeTm2aFLHckbvi5IJvvPvnpIXXzVtd7lNSRojof7DLLLHH5Sh9MJDu67gcXOomZlUg7yOcpexQNUN75dczjIc2sRYYZZrxl0OgwRBDav0XDGXFuU5WHO\/vOp5NjVJ2UuXp7FsurhXvGJAbAE4FOp7kuYa\/ApYFR2pqTRIboQp9DJdarbNibXR6+hzTMq7WOo6ePO5+ZILoF0GFYVO5hMThECA3Kc6QzOpREKQgESXdX5ctFgyHOQKvBPOVvSMrVyI7tKQV+CCeeLPyYTVggovh0hGzowFxkk\/NdLeFz6rPoKgRAyda1meb\/KkXjgYf08b4foJ3h\/6I0kE8xiLDjSKXk+TeI7hUzuuZbCPA9dRpZ2MBO03rP4oKITQG6AljreAq0TtXBhTVlUpi6WqLB65hUZQZmZ1FngmVJas9iH\/peYm8YAq40PQZFcepCCybIMxESKXO4wQPKParQ72ob5VHzzpFoLivQA7oY0yXAuRPhKkZa4cB\/ZEJyab5Og2\/1JA8HV9DelwdwjObFO8YWZySPL+5lShVsPkk6NyMIkgqnrPUZ9429DxwJZF9DRWha9nyGoqw+0N4OtE48TVTIojBpDvcI\/CTXNaRCq+NNQ\/f\/RHGp7OL5KL6+TDhKzMT+zzHQrhBJpIc0hWz5QeuCYul+OTpdvjea5r9+J9nkBp3Vj9JMEQ6M\/iXF91ma8TRXEdDqbKAg449PYPC8M66hwolveyS+2EObExXYBklmq6YlojZm6PjsD8eUEaG2RTQw6TQqIOLKW+jsLOLrD0Cax9gUMArAnhTzmw\/Xkn3mdkQzSWVu4aAF\/\/d9caBq5UL1UsyZF8wXlxfJlBBp37aJpG2nKuEvm6BF2LJ8drxqSr35iQyCsS96IaxNG1QT6mySn6yUJJsBFTQe022CdM31VNWaRoaHtpRLujQgB56qEnNkgULsTC795AnjwrRgWfonX0MDkzYh1F9HazGYLRzSGrlEb6ozqXsakFtOHCe4RE1o+khHM+ddPw7xhK7MIQerOF\/fL3TRBMI\/AmEtXrZOePHMjy8JY1G1\/MYpf\/tT4ORBCPsA7vaoI1Tokn1HofUnqqv2vleftYM6lBm0h5quun1SOOjRX5uNSKqoAw75uyHCkFAUwF+izoDgpIEEsrscpvjeKdQ92HbKA4t87cdwGTHX5Qo"} 01155{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621417111064920,"flow_src_last_pkt_time":1621417113176734,"flow_dst_last_pkt_time":1621417111064920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621417630732572,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00674{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":10800,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1621421253470357} +00674{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":10800,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1621421253470357} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253470357,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253470357,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1621421253470357,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421253470357,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPLlAAH4RBzKokEAF1Bb289hQAbsFTvjXzP8AAB0IFOutyi98gDkAAEU0QEoUNnfb6spEl4sOhm7a3kYwPyh0twGQme8gnUbSWjlTM0eV\/33jZKgt8R3qtWDm2zSx\/rpQpEqQQvknW76YTyqy8lhhBH0HTupzxapnAU360wL\/+pHUQa9kkbfGs+rg0fJIwO92cTdSFU4vLU7xVz2fVMJaMQH8aHE\/1fVdWPC5x1T42ZLsnrxIMQ5wxIFrryrh15fMsCUmzvgSHxA\/i23NsVEQK0FaymSQ3vTxzLlBUWH4BZEKhwxODiawYJVn6KqbmqIqOPZjXiYZhiN\/Oc0\/LeCyQFaH1ri9xPnu4k\/db5yW\/Vm5M7J0u3m8iCZTpmZh9UW7Vz+Tt6ZtpNNUgyHlXEXFJ93VOxKXczX6MviwyGemHWSQL48Z\/padN7yuSlVEbH4WE\/x\/ebW7zTY276B4XQ+wlkch4ZzVURSVv2IJCLTAANRAmruSTCorJVR33qh+1laWpf0XjXQiid5xdrcBQeDZrONgOO69EM9SiLwEVtc0TpitDpJidyT0U1tQrFl70d\/XEPdy6sl8efWo7ZCqMlidLhPlq3NrVHxg4+Rm0hcmtJgElwEuqTGiLadNGhoT7Yo7j8pSYgNw7GRtSquhp7H3+FF2Y2bFNX19Z9+rRsJB4pUiilB5tu0adouOMnwmGTBRsatrnFOOtA0F2vX+LGN0MZFmEF5dpYuvWiLOa+K0fw5uMZaD1DwO81ez++YVlEQYMcGk8nRbrvkTr\/h1NjMg4AGD90jQKUb4FofQXWaVczScZMMs2v2AijtxxRDHmaMhESOLxFfFbAGY7GSyIn06ETBx10YXRTWxeT0eUKlaLwKeXgT1f9Nzee8owqgOKrkqV2dKYlj65fZbe64rFKZ1qmuSQpeN6luwI34bKSC\/P1YZm224OWk7dK8zYb6iVGqzON\/pvHnYbfT2ttIlhWIYxtY8Ju6yt1zHvLgcU9f83bCChlVephnGaWCxUwUlXnYZevAlJBygTGyZxTz2ZSb0ie32uT7qgPEA8\/VhOVmgfgz5uz1CkH7wK301uXB6Jd+vCV5C\/oxE\/jofm4fBRgusDmoz+6N3GpdbS6mlSoo0uqerAGszdbsmbuicOljSko4OAeqWoT+mGW7afPjx5a2FUCfO2SrBsu8hZPpnDhlhRCeKCJQcAHRB7xgiDd9eCcdbKD7Wu6I5NAMZ9c5cy\/ihBVX35Z+UgC3RyusmI0NtKYhjUDswCM0eyBoXLaZPl8INR9v1LW+yvOTZym8K9Aj0qNkha5Yzfvxik20hZiRqz1bdL8xXLCFYqYMYQEadOjp3L+P6FsQzEDaOxkrn2NuRIxBUQl17JREUFH0XnFwFnMT7z5vgxqMs+\/cTusvocWbp9TisAPxAunu5IgIhjJTjwzvXKQEqGGTx\/Uv95lseYEkyPjUxRZUqo6ayvxQzUbD7WzEPJfWp4V0dKCqk8jMcfr4gKrj2FSp8Pp2y\/+11ISOglp7xB6eIZFO0ZgRIY37WC1adnktqCSKXkgYJUGB+Oc8sMK4ta5iGShCsKCGNc84cXtiEBSa78agZzOMcgLZMHRXRJQcxDXBaC6GCHQXnLhoom2lIO8IpQOLCvA+fkPsBsI1oOJHnHV8O+hHfPFWWAiSD\/PB9nE4NwaIPKU4ZyWnacfkkFlYLZfqca8KZX4UtWN\/IEVTbG6\/oU7nJ0oyYFSxJfcA+XMb3hdr7h9ytVk4VGIeEwTkm3q4IbP0kGL00wYVhVU92VFVVNJemgeHNnaAUtTEkhmyuDDVqFnLFxbtyS6nB8YnwnujNnjXs"} -01405{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253470357,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253470357,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01431{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253470357,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253470357,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253509654,"flow_src_last_pkt_time":1621421253509654,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253509654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1621421253509654,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421253509654,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPLpAAH4RAAiokEAFhcpMaf3EAbsFTviHzf8AAB0Izn33GI1xCTwAAEU0Q2KPp18EaD7CNRYkzOIN7dKmyWbS+N+cMemkf0psuzAGPfIWZySwPChV53Otv2dvXoDe3uezGPqpumIIkBf6E4Y8ZQDOb1kq7QnyaNj76pl0Rg6iP52gI2ik9D7s1o3thkJPMbsfxV+fuIPAKjePBjQmUP19frND2eTijGA2Jo0+u9aOzf5exzhhFq\/6nELW9tIN5cnw1mNp97ad1+XFptBiaaHUht\/AwUETMgLsBZ6XrHBGlpBY2lK8op1hzm0CnYVtS3Djsl5T\/wl54X2bN40BKcjIeQUAIe+9lSfAyX9VzGt1lyeq7sDtfGOULnyc3MRIbszfJgkdcma4KWIGUispqWzhbI1x5e\/RjTMlYyCVLmuxtCNhv9eaj9oPhvwV6QA3gM9QoCLiA0CWKH+SJGX2Rw5rZxYoMKeut8jwQsj+lIDaZR9I2\/AyKbpAZBbM0cPn5VbbglsRXZxJcp2ZEFpU9VJWoFGfCqiok1ySmzzALJ2o9fBW3oS1MBkHpHdYLwXsXSSHZum4zp4LAa6hwGEqhfT3QKMIosJCyQXQx90hg4FPeCfhcCzS0yMxKuIS7muPu13HLa3vp6BZSjDm+YGM2\/EP2rfLAV\/u73iBfyrpH4MVfT6XT9GH6DxrXWXPtmgj3dd4ZDJSS2EE1yZ7NzZKZHIzRIJhx+M60uskyfvEmdMlqpu42sPL14XVPHdNYMnoUS8X6WLni0o2VZmxQk3SYBjLMZKHNJZHUGBqZyOnDiDJEDUgCVpgpbyumDZBrRfKCG8xPvowcATyQ6821WIR6CIzs8Om8jqqi0JAvkN016aaA1p5ZCJQtyIP7RVszaos5bQYBNnQzPdcPSfCMMPRbEcbBLR\/8PEjZSJVMTynsuFnVR9jIDV8r\/dX3HTmyKXTIz0yNwtPT4H5hqTdaTXb7oaS8Zarj3bCmVeadB08cU+k5BSQkWcmvSsbxQK9L6WXdRC9SodhjDB9zefiVEPcSl7soHeKsNvYTyCkd\/XAIWMwe3bRjY+Kv\/KQy8Hwi5otEn\/W6Ht26F+Edg2+van4m7BF2EhqU16TwOM2sNd+iloXCcatqE\/C3MKqQU0Mkp2P+yV7oFIESvsIr0RB7rv76hjn+agd\/IgZmvvKb7bk9hq2XrH0HI1yi6DgeQgXvNKOZmzlAcpcvnqKhOiyX1pKXCxj5WdM8xyZrw7dWBYG9J+ZB2jRzA3N6g9gR5j+cHtRybtWCobPi0uMCp5Y\/TwozHIDGhNtykeb7ruqTg++bwL4cJPnLkfBMRka0gmne2r23CHGqUhUs182QVxVo33BcapLgO3qmkaZWUAfgES6E9cYn70KRY9mjRR5JB4LkRsmI2UaT20HAZw+DxdsM5YLqgbKe6dhNV2IOrhV\/TxAVxh6mwBPFC3umIWlZnFUvPCLyY8UM10QQ71eYC1SJ9eB13EtUmpWxQLGyueBG7P4\/oLKTc8PuLFHXfG9dQSOw1wE33A+f\/cnDT1FhhN1YqVpJQdPwJ4Wf5eVBxsn9JpIRrPWbarviWoroALVlD67VbRZJNKwOmE1HEEKRQZwrLkbev1NeFysxZPm4Y3TUawK2sEWayDygW6x6RN0NNG2Fay3n6wsNuNc5zitBxQaUj7zNSVElsX4h6XDvK98\/ECQwIKitJALgcMqiEiqaEc6pa+ihQlR1KKvzUudiOciEKxejDPhTjufOq\/UxVIzxEe1epyXEZvbVAZDgleZWCCPNPFEFpRRnINh23vNKajIxj\/Lj7QDAzP1y74FtJQ6jIyHxOrz"} -01411{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253509654,"flow_src_last_pkt_time":1621421253509654,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253509654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01437{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421253509654,"flow_src_last_pkt_time":1621421253509654,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421253509654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02377{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1621421253804100,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421253804100,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPMJAAH4RBymokEAF1Bb289hQAbsFTib0yf8AAB0IFOutyi98gDkAAEU0cgaq22OVD8Dk3cOFWT0xE9g+YCtQyxjYAZuBA+biQ0qlLk4G4l4FhrZTdWwEHJxix0i32WGF+VFP6SA62mk\/ahCh08zZkteiAklY2im5lzs3+hv5CXVaBoCsdKzK43351bgh7lFz2rLxgClTUrt+ggkqZgyH3xqh52dtUrDyoAHPTLnCu42bYt031EP3XjXnQN0tMqOu6lBcFDhjD4aNjqQ4gVCp9D2V7BmRO3otj4hId4G69dqomvKCMk352TcjhRI9Y\/b1HXLPEwZJR5SMYjM0bHHNJ8TU9yEz2sN8hXpEtMivH1XdJw0Eh8yYm64H83Y0HweIMWoyJiqpIlytTnrgkym64mLXXZYZW20KwPHeajlZF05XF3+pFt+uQ4GzrV5Dcx3AxUpXpEdoKl3n0ELxD0JH5ljs0a9w9Sbz1XKL5rFy7vCM8UkbGTH6qJsw9yuooY6A9x3BRJQldn\/cjpkxSonTfoT4ntKav5Abl2PQ2R\/XKxdCsedHmqW3DEd446DYQ3V85\/1reu7YDBrYnSyXTqTmbkWgxwxd8QGgoAa5urrS4Odki8E\/vxPzpvhWle2+YavjiuVnuPplOSMtA6eRixeu+Twyp\/mNZvJOkN9V44x6h72ppz248KXCbVBzRH+1a3Iw2Xt2l83WqoJ1ekOv8wHN6\/oiQJoJREH+g4zwPsZOsNyZDHhogPOptnRw+QNIjvRsgAplHaOx6D\/aGIthoZ3wqTLG+A+DTy0A7fbLu\/5uA2OrVkih8zEFgbKa96QzE7xsqMQsB29SUtTTgtaJ+x6DDlTxsS4y5GvKhs5RqCJuqJHJsUqQ+7qZO1IlfyqPjfQ4TdX3QR4WMaYivWpDgEtSZdNrgxDq2rS0MQKGr8L9tinW33cwo4ycFk5CyESoY2JbgbQLKBayMDiWClTvZot+D9gQ1USNgzNYyMBTHtywu3XkQJpOb6Cu+Cndw7HuOQ148pj8juCxBmSiBwgMqay2jsiMwE2rp2FJfE2pZCpCtkbGUbTD71AKVtAmD4PfgtOBCxaFvaclNBN01TZzkSP3ySV9xnlyk0aicuahfnr0uqssjLhU2lGOlia1+DO56SRT\/clcAVgh6RL3+lpZujJgQPm5EcCP+wloP7VOsnzWGwL9wZ7hJ40ht20W7jRVj3M6Els4r8Cq410yu5FloDOrNepfpbxjkZc6ldqZDdLri8F2g6JJ17oGz0uM4ZxyqgwoLWq7U+nURI2WoUDTSzDrhufyUwR4DJ9ZV1quggqjhetj0pzAZYuRLflR0X47yy14dCpQ\/vVyn1z2ua4Ul1zLKn5MiWFnBJIu6nyxsGQcno71kQag30voXKBH7HnrnnqUlbqOkjLEl5S\/FyD25Vd5cXtgniVi6A\/QPlDEt7HGYkYWr7\/lkpumd4\/NE+Jp8u8oDIJ2Pl+kBJ\/VZvw2TrQDNhyPOtdvHRPiEX8B8fs+MFSjeA8jQipbDbOQYT8shK9HjK1kt12l1A1WeA2E3iBlpveLOL5cYs7Ony3vhCFnJiyDYilQrHHcfZ4DT7xi8UHB2ER5kb0BMJsGRBThDiMxgHeTo+e7mFH8tDgNfGqLuRHyVlf8NgieuPUXEgyKmqYEc4LvmX4l2717+gqPnFHj\/U1TWUHnb92m5p6KStXy9LMrfKKfgW3hZcvDQuM0RslMbJ8u36V\/B9KSp7x2ODcgpxNNuc+y4vHSpU+\/5E4AvDNNuskmG4wvM2AAovGTD43c7ggngGXtjGnBtB4EnktPIpxqtYgo+FpqvKts45sp"} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1621421253809118,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421253809118,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPMNAAH4R\/\/6okEAFhcpMaf3EAbsFToEwzP8AAB0Izn33GI1xCTwAAEU0rIRdWSpQJq8RNm\/YHCWv+5lOAS3ExdrQfSyR3179\/1dRds5Ne7rTKilnr5qOATiPuwy9kvVwvXmlvh9A4pBwrdy5rwj\/oK+soxKE65UpWeIIcbWAdsENETDsJvZbt2iOx1FT02Zh0k4wZRYa9T1mqEIw9vucjUxsVJqzuUcDQocELhq992N4Y\/d7WHUCkfrvzFkWLhfQuDRyyFD+FKVASnwCfjWwtYzJWfj8xdfdTc5foWxQy8HwatcneUH3Xe7KQloP91UPff0ZYs++gTR2OGCqiGo9QElgV7ipEPa\/a2VVjCezu0CEeDpnKAtNRmt6Q4uTlIuuLMwbpsrTE0g\/MqtsqQu5OpuusA8+8yooJk3wiUUBIcxT0LyFbbJBiUpy1jybiKvHv7sxWdofXLuT2tOVm\/gYEKYpYhJ2fQxRlq05FJNYAJ3x+IPKgL4hZDLQvZau5wz24pWxuyqaqk\/7pdJCP6tcxGJEigvqrGszDAU6Vnuxr\/raz+JVrdGz71r261HwLy7jCLV4GVAGwqXYjimp+lVj7ZrdOYwdRbkgTFkqZGqGyKwNKcvkP\/vIHt\/aqsMYIwNldiK9WOSo4NjVWqS9IQGKVhUKZzlXrupygWzjxqeGR5dlZJFEihDxxcQCXNUgswqiXbBiU7jvlnjci\/Wa5nSBAjcoxUjUtEV\/Hmpt8r23oBWTbgRE9axl1IWGAHI2tDK8zoknUr82ajxFez+Gh0wDV\/MCeDcDUfVqAg5v+qUe56To\/xvqvZFgwQiXcqe7gIfrPgAP8QI6n6FSGGFXoDNKL9zay3oJBh5pSSHq1DCM9w1SKpHiwhq80tTvMNgKeuRDzvkzeQ9vDiuRQ1F0\/isFVcoHn1e2\/Qp6mJR8Lg6OjGTB5n9wJt0GQq6bX9nGsaRw4XAmHHPfPtRRrzAXpU5KuOSCBB0+ShvIxmEYlsFhYFhXfYMIaUqR+yhlwtPSDafAHcOechwW\/ra57z3xNbXAdhHXxU99F54Cb3HNcttIif3ThTZ5o7GOV8r62PLfOpQ7VeKZhnB9VXymajUkSEgKnVtYFRaDjiFok1vqKqx3wzDiPNSqp7GpEl\/yN2vdzXQrfZOp+0yTLLStC7aJ2V0VsJ8NuI036psv9S1AnkXkUUyeZqLHQXmxWBVEUWEJ4aw\/ZZNwpJ2tHF897PYgr1CTWWw4CttMzQLaBZ51eX4RHRn9kLCgvlyq1tMUT+4YjYbnn8RYbz9eqTM4rSN8tz92KR9Fcc0\/dMjAdKRSNurGmNpDEtITPjaUb1n5VBZmMevuy+YULm\/K0LRcgr3bjEgYFGgamvIUyTxG2IxIE6DmCy+rl9rr5F+rE4LgtHzkBPE4gC8ikWb\/UxYBUsyEZNAp4YWExPD5uevZdPSpVZ7j7K7PYss5uBH8TZFtKaqXjAaBFvo8+Iamk14Oh0pgrgxGqB5+UxZOAubhS2tMB7iGe14ZAIAuXL57InGtj0kim3J\/3bjlX1lKzHdAjJDSJtTIdaauSA4wIm+5djes7nIN5l8yHcP+jbpw79vdXui0DIhf0YIIf42Ya8fgEVunYI3yggTOU1wruhfAOOAN7F7YY31Q8MJfLj0qlihs1B3a0b\/W6jVRhMJ+QZ5ut1F8vzQhkHEbOYzm8VcH35XK0f1lM+HrHe56zOhDCcJ1Uiq\/nKgQwd8FV+HuWjkyGI8NRs6aas3Ro+mmhQzK2gIzxAmNbNSP65H2kIq72CE6rc1ZiknuHgwgzCMtoH6gzt2XSxfShl6CHvNrwhQToP6hE8gE"} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421257105861,"flow_src_last_pkt_time":1621421257105861,"flow_dst_last_pkt_time":1621421257105861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421257105861,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02372{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1621421257105861,"flow_dst_last_pkt_time":1621421257105861,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421257105861,"pkt":"AAAAAAAAAAEAS1QMCABFAAViPbFAAH4R97iokEAFcAFpitokAbsFTiafzP8AAB0IMK4bzt32gQ0AAEU0P1azBnSUVl3HX4NvBpNVZqFjb\/POClmZ90yDhIH3saXV4D8hIZuhFmh5K80mFHsQUDzJ5Fet2Vi6MVVm5vzpbtDzb3iZEgIWreSd3Ir9FMXdj0HVjyEDw6EuT6gRAjE\/21rarOXtm19YMu7r45cH8xqJwZu0MlI7uXzcE9RAeMgLEW6YsSaB9O66L2651H8GQJ90pVw7t2KzRklpg4gkXdUjv94LX0mxpP01vTf1Uur6iVP0hra2u3O5GqhBWtCeqqhiUxynXsEiIqqL7erxJ4C5Ceo+YBLOH7PyZpxjMcY0M8UKVHZb40RZzejcLgSUNrM70SQtZDilREUjdX4V1RitcpSnBwGOqBO33JSlA32uZ9lAm7tfb4HtFuyOK7Y6+s36I\/tJjlWkNcLN5vycOCCgMR\/iEDhDBTaJipsDN7UZescDsrCVRT5tibuo42Z352l3NEmt8qok03JQNTlENsa+Ywn9406L57nvC0pFdYqO6XoWy3oIaLpLL2+6gTc60MDWTKJ1UrBBU+uti2j2vV131OfFLy9NEug6HDeJt07pHoN0abz03ktCcugMdfCJCqkojUbtwT7bcr1xv+H+nfxzLGaBENVle48BJL9n\/fQwRUFpWqNRw5YGEoFUAxgSYLrjI3+8yOHpS2TW54iDb5TgzKjzNgy7VC2hqyxs\/JyaWpx4tfVLM7fnb3BOMLq3RoDDAtkcsoDjHUMbZOotwqG7NOHSskx0+10KvcYYmNrJIaQaFda2wEUxuliGNz92g6FqP4oZMZQBZxkpxPDgYdYLuH0duracuo87qqjlRGPQapq15Je3yha81nzNRXHTDeNDxWfcXJluZNq0kt+qGDFlSY8n8xUueL9DqKmN1IsXo0X0yoNp38aEiv4BJxrbHkZ8MuGE\/2IEPBTeie7PMbLFS2yJwVIy5h4KShSAWHX8g3+pMhTlu25endl0GCcr5li4yhDfLpQ3S0rInsXaqmpIA6OYG89d6KlcK52aGKa5+qjgFprLpAqwYT5Z65JHNpW+TG9KZbT2vFhcZengw3A92EI\/TcEXiRfmF2ssJ5ysj+mCfUOmyip94PexKb+mHdBLChKLXIrLeY1uTln0pTICSsA32Tt+soXhVUyCfGQOxc2GxwvPc6T20BN51nQPn600Q5UViN3viKdCuJEUlNLh+yWrsxCBLb17rH5uegaqgsAUwjH1c2UBlUjKpOyFZ+vURC9HPm3ZN\/AmFoBypd++hTChaH8TxLeog0xRzbwHCm0PbKFRbASn2bhiLaCoa2lU2VL20lJE+ax9ltZKxjkLaHbInU1egJzE5Ozq274xYL+oZA2MHpO\/SvXg5YcqmFZBb7QU7uJnGtoC6VyfqEMbfITMloZv6UlVclDscyjvESn6K4S5HE2T1Di30EscldcqKgvxZsNQVrOrtKLdcYnpHdO2rWcwupv3J3uhq2VmkdCL9eV1aP+\/omm+CRR4vmacmNO+0VUXWSYWY1o0ANvSXclIcPCmXoAeFks9hejblFemNUPDYGzI5F7uu7XOa7qRlrb4VRHYDm+IGHatsOChH\/ovC2i1ER0eU\/ZmnhnIkZU97Pyha243JnjMkAwY9QrCN0+FUsuH91rZG9m+lGHaPJ\/jVLdm2lAyDFa+zibx5uvSnW8CxhmkBIgZ+LcWtx9SaKCxT1Vc9Xf2EVqaZNITbzO2oIGdrJDJ4HVczVgPNlPqogSnBzFP5Ik8qoDJ7h6Q4BUKLPyjQd\/ev7WJ1EEQcjfoVc2KFDAa9tCVQaFSH39b"} -01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421257105861,"flow_src_last_pkt_time":1621421257105861,"flow_dst_last_pkt_time":1621421257105861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421257105861,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01452{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421257105861,"flow_src_last_pkt_time":1621421257105861,"flow_dst_last_pkt_time":1621421257105861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421257105861,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421260215429,"flow_src_last_pkt_time":1621421260215429,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421260215429,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1621421260215429,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421260215429,"pkt":"AAAAAAAAAAEAgb5NCABFAAViPkBAAH4R0KWokEAFJS\/a4OmzAbsFTgQMzv8AAB0Ij53aBXaFj90AAEU0SLKO1gj8GM\/7BPKLNut3gQPWBzQn5YjeWsRqAQjUyhVmdT7iLh+mIwvgIVvzUOLJxhHjuQctv0LRX631bbBEMMF3pBOdFjFZQIZkKsJpfaTuV+rwxUnU2bHKeVloIebl9Hd03S1kOttznSJAQXPQYVQdCo2nGLaWCR4YNzOkZh4A+Iglp3ynlFiH1Kgq3ax2c8pTIXpNl9L3OjDkEQQYoqa4BnvX26mCDoVc1q85ueAmXRWZdEScZQq5AdybLm23nnSrRgIVtgrwmK88QIPr5bJG3kChUFNEb6Qj326VwodIu2nJl3TnhY2xrD54TcIiyK8M1mjcjF66nfwNKkEIT6E\/SESFufOVlvOb\/aB7WAdl9ft+Mim9U4BlJLbA1M2hEMXyNr\/s6u+cjHBsYueURjL6cyap74D70FwK4fSE9fk3xYY2MNPKF\/BAL97jnAn1k6A2tqzJHsZwSzyyXpoLuyctUW\/+nvBXA28d0MohSUQ+k04\/p827rPYEI2AWonQSMbQCAz0aXMWa9QgMEzO1kdWGqTKHT6GRgMR41luSMkba7gddevQoGSDn8n\/q9o1I96kD59QkNrWXvBgRpPjPEDuAZN3lTvhkhI1wkMsnQCh+3FDr1mc7ThSOHVDvrHj1Lm33pCihRhcviFSvDh9KDt2ldWi8CRH3IP27mXAgwEWN7MW58CZ7xIfXHX426siygUSb80QcGh0MbC2cqC6NdXb7jwDX+dBo9j\/62Zx0AC29OcRJNYu2PToqGFzb0MsLqQh6dq9QT4wGAMMKTUCoC77oTHhUvrLWjGCXOjuULsdJuEozP8mmiwHfyW6om2UpbFP3XUkziu\/vMyloESiBOvaG1xmOFxFd2n7o08eusUshscLGHeSq3kK1TNkYBgJH7lGzZYlF3A1w0YXAbAoRDewGZBRGgAycWnJxG9uq\/6QiUS5MkDVeUWNCVal9TwMX5\/i+60rZCuCCsNfpwFYF65Kddt1lyUiJ3yQQ3yrEC81\/+AlvSh0nVJu7TD4+IV4yfqhOezTjS\/jq7q0STXO9D1O5OiHCPhH1vWKx7PnZg2bufgr0umZWt9\/ulektccxj\/7G2bU+FhscpVONsqMMSe8nszXl1RfQbopA6Lr2XL+yzBEuqedNG\/oarLdzVzfbciDEAHhtO2umw8IL7MpmOpbUsppzeNfDP5NjrfxdP3ZZ6+53+pyzcLVc1IIupv0HiBGLs39L3xCnLaO9KJhlGu4\/NgXTntIMz6nwsIjU3XYs9p681vW714W+A\/9BGND8qAN+OH91XxSG84vJV\/6Q94Q6u6XMjJ1a8fRCqQvwG6Y6QlpageJG0MkaaEcPNuZR6lcsvvgXozmz12VWNDD7XlkC9RlIetaFOlO+wCjrAWaaad7F01KTsrONi0Minvqx6ZjHIYa4CdvnQmfIFPvRG2dbtVMue5p2IpRYRTQ00H124FWSAbpmFufFkxzz3roNFvZ8L48qlRvbqfoHbzlo+diCyOjTzCaiLy3wgom7EMWMSpa1wNanraUOP0Cgafhkkk58UkpZ84qvXH6P3NJfusjarmU4bkoENsKKZG84yQKYpg9lzqxivHXVnRw8D\/wblKD0B6HjUVdnwNG6dMjeNePdobGQc+ezoD\/iBkZC2nsQG9kk\/83\/KYDIo1frQ9PGAUp9fb1fO3JXbQdb7gxYJ59BL9yWuwgkXl0w63hIxIfYXlPi6Ly8hrunM3g6mrjaqyyX2Rcbv6s+jqMK\/tNm146acDlsVlCvaDwMeJ0jY3HGC1re9"} -01427{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421260215429,"flow_src_last_pkt_time":1621421260215429,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421260215429,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01453{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421260215429,"flow_src_last_pkt_time":1621421260215429,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421260215429,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1621421260513424,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421260513424,"pkt":"AAAAAAAAAAEAgb5NCABFAAViPk5AAH4R0JeokEAFJS\/a4OmzAbsFTtDzzv8AAB0Ij53aBXaFj90AAEU0pVcIObrUqLyarXAGM4rQnKh+52v7aXQUj4GvYb\/wSM3mSBNf9xPhl9FK4ipC+fhOPIGStb9x1zMsHAo+73hJqwqHkOJ6bvqIt\/sGsmK\/ofAbwetCqPp3T3jPrhZY2wETFAN+9XScTYEDqUnrkDVy0GQ9sV5jSug2PtRHEWT8gywc4K+57NH6Ash2BqW8UNx67owC0vArWq8CvngpIrDNQreXdzSYn4wwYJX2miwA\/wEl0gm+SuEtBprHj2uZlu8koRLbrv1VGIheOQE0Nsbta5SQsxKKjZN97iHSxerp4BcNtjqivy7Li78i5gH\/2pVLdrR0qv8negi\/kKSblvjfoEPy4ijg9\/u4RIwFeksyqF89on0NdQuL2+Gj5diZo+zdIi+Q5e5It+HBsRtpXguuRB6SEpGadVpkaDn0YwXpYgs1txuTawl7yQ4ZuSlTzVEDd7qtQzM6lSpvLx3uSWpFvM3GAUysnOzVg41krR4Ulkj+VTnN5KAol+nOz6IUyDJ\/IkiNKdoNBVXk9AvQ0S1r+og06pTejXAB5wfjkpZVXgsRY+N\/xjKDMGEVHELh5Epoie736CGpcBsBBIKZcR8DMnHyPpGJLzAlOtKDi7\/Gt1\/jx+MHSSEKCZ4TotHxg\/Xf1RgIKf3lQnbUe3aB\/BOL3vek35mgVs7wyrmKZQpuJFMrj\/LPS2T3Q6UihyVSZ+cz9VtJhU0kIVXZbg7MeMCnqgv\/yNMDFFdkvKL7oO\/uUcUXQlY5VoYeeWgNSKc3XjyJMIAV+31aTEM5FsgjpZRp0sNQm59Xb20piAIn8k+RicW\/PxKQpSBnnGgYgJK8jaPlnBgEXw4IIpTVsui1MIn1bGpT5SlOh5TYtcpeX7Eq2Gn++tj8GvDhyQ4KPUI1FbbJ0NbqPqngUTYVzF2pjPV2RsKl8tMqOs19XG5pvHEWTNic8cZYT8FgNSHC44qfM5PGUK0zq0\/PiawZaqUQYRh2PCe37WABPV97AV1GUOIJPd1hL9x+acIY52OdywDA\/3ZRhz5AH3VOtXi6eFcGzu2Z1on4V\/38mIWBpYZnh4O771WNLcVabHuK1h65ee736lPwAH1pmFpETlxU2aR14ZxWeG\/L1t\/uMh1SsDCguq7KQ7kO6W6v78BBvY3UFcMUOQm3Y79YpovoK3RKpLlQwqcGToRvTj9HWy45cQaegkrn6dkZvlPtVXm4u0bH0vMFgb+e9S\/Eo9e7MRlTrDXo2UnQkJhJrgWtcgvYsSe2mckaREDq5dc\/ejmdjc6w7425wByLtdYkeZKJsBJlRzzSwJcvg13az06KgVs\/MgeRqXRnkapWJu4JtcC0OoEfpVDvdMByMpq6F01Orvj99pih8TBfE5K9cwc7o7eRFGa\/vbR8mRB4vs\/zIS2xlYSXBpmrEq\/STtlWQ3MwDGTQBh6b1fNakGwhN+beHXCdenc2JEHwzcegc84ZFNYAaFHvYtEA5j\/sdHZ5R7zQpmw8s757IIPaEVgddHeol88L1qAA1ESXtRCjHYy+RZMYFJvwihgljin3jiK2udMMWEQO4P1W\/JF0TJv+oob679cUTxkmK0rhv5xSAjzbEBoPpZkQFmxUaC6gROBGQvRXx3h\/KdYcwayetIOWHEWFh0VV8+Wh3MzCdnjJMXP+plFSgGMbc+RC\/vLnsb2eKO8LMYQ0pI9YKYByfpqJs3guXOtrpg3uzEalWzsyVUl9MKGOQYcVvIVpCkpNZnvU\/i5cNJONYeYNbIy\/q5jUt2zwSPACITT+6UtXWpul6XNl"} 01146{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621417628801012,"flow_src_last_pkt_time":1621417630732572,"flow_dst_last_pkt_time":1621417628801012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421260513424,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421316093776,"flow_src_last_pkt_time":1621421316093776,"flow_dst_last_pkt_time":1621421316093776,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316093776,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"241.138.147.133","src_port":51053,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1621421316093776,"flow_dst_last_pkt_time":1621421316093776,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421316093776,"pkt":"AAAAAAAAAAEAVM4PCABFAAViQV5AAH4RSIeokEAF8YqThcdtAbsFTsw1yP8AAB0Id4dqLmNRgiwAAEU0wtYlbbuFGBXp2MCVE6We3QfitRrLbfHeFapauAVaYK5AL9PTMbG\/nZBDDFATIm20jlpnFDBXnrozoSQkKhZiwvFuA+YJAKUvqg2QPKM3oU8xpfKkT2AQR0J9DkN5tfQ0NXF6X7eJrYc4ofmRw8O4fWLwYHZ3YywSIJBBxpk3DxsC2udaDZJvqGhhrqx5lxHNdgWl7nWJub5bWqgA7RiFwSfPMI\/5kRug+dhYRp7DC3Ee8zC6gPghQE+QP0amaa1arTeTP0yuasl+WnsmI9atR02R+W1DzVE2\/wBMK8xOVHY9tqlEVzRvN\/FEe84ZW3K+FiAVxrMfFrQuHuvcnbcHTHBnMHQYqazejyT6z7dujWBncKjH6yckijpEXWZXNsAuDtLV5T3g2q3nsAzYqPmxjAwq2L9jEUkACO\/glUxPaUIbzRZMAWrn1JnfawlUtFWDoUkmp2jeSdN3M4DOV4Btcfl6JE0S5mBMR+cTfbMcWTfdpp7BQFYSHPJCCmfpgjfpU+1qBx\/swhbFbhxpxlnelvZfSKLGYtrKIMbdO3dvXbJ\/svUATGYLFdU0QPDusq4rUjjYNOu89YeAlu27MHBziCZnV7KQ\/7CZZ62vBer12fSYwgYC9kFuhA1vCwIWWEI0nqiCF8WEuILGWjP7tGrAuxfQQVo5hc9wDgMsePag6LNkwHcnSN4R4KOS1V6VWYmSISoheOtUuN0\/+N31BX\/BBdcE+K\/zMLfLAbEeSVyqVT8J149AtoSXuMJboIYDsPyuNx1sUrvqH1bQF\/7OvXtx\/cdwuq0y9FpLI4rLUI2maANSTyvT2wXdthl04Z\/YTlfhB2d0v18nfSnZ0lHIWro94Qz9tRk3pZNg\/6bOm24Nb0c7krS9oaKWYD\/nW26GWKUOS\/YmbucW\/B1591GDEr7Vz9Medns2YxuZHMa760vt8vLL\/edsarlqSTG7iC2dyVOn2D7FBqAY9O0XPf2C6QywOMobFqtrNOS8\/ww+Ef0n0CBYfsd8N\/A33enCbf65kj2J8cjGSNsKKNBj4tAphcU4pREZZB+O3\/Ly1nrLSiPKqvrwDlraB5bWLyenPZKnd0anwZjJixIGkNqzXa4ISQSJFmR1apCq9LxUfCQKJSnoHJi7zWpvIrTdh+1E4LBshyGiVHdr861ZeGlKojdwmnjQq4UIgYBm588gXH6fnrUcTY6x5R5SkG6ySP3+9FKCni2sN+s4jOB1WugJuAizD3hNzwNrPVPmY7ea2u9AgEEAbZ5tqDi\/qty5LhlhUJfgz0tpuOOG5sjNxDfBKwkmMXzbB0UWP\/ZOymvNdRvIO7mkPx8fUewze1kB2XBKTZu\/jjeqOfyykDMv2U5d4ECIcR1ME5SBUPF+cG4JDZip3X9Ncjk8ohwZ9STseLqJ9OTjbovHrwRkTp9ZFiBkXSVMJZ28qvMwt56L7k\/AJJHbrnWAxnK7I23CERceW6rAMx3gAvjR7jpii0Z6y9ut3843URcFEKSmPwW484nhFdNDcZj2opvoj2jz3w5PYglOwvrlo53izXLdla3jEPq0EWSsFCgjfCn1Hu\/0iFm0F9A\/NJaZOLHbBv95sOyVAyhhTp9ia8OHAoDyKO3fdAgduAMCr8e4e6A6OeMRMM9uZdO8nPHniB7\/fRhFarX8\/hBQLOvGYNTxmX4mUBEYAvdX9oiTEGFxFQYms4wxcWEcL4GBZVSteaongl\/UtzVPYTVaH6Ywp9r8fQxMP+pvN9mS74aDwI6voKY5QYc+FIAxKgJlDQtsiDCfBJp7"} -01307{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421316093776,"flow_src_last_pkt_time":1621421316093776,"flow_dst_last_pkt_time":1621421316093776,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316093776,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"241.138.147.133","src_port":51053,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01333{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421316093776,"flow_src_last_pkt_time":1621421316093776,"flow_dst_last_pkt_time":1621421316093776,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316093776,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"241.138.147.133","src_port":51053,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1621421316389570,"flow_dst_last_pkt_time":1621421316093776,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621421316389570,"pkt":"AAAAAAAAAAEAVM4PCABFAAViQWNAAH4RSIKokEAF8YqThcdtAbsFToluw\/8AAB0Id4dqLmNRgiwAAEU0su8kgEC6CAiECyO1DkLdw6Gs9g5xqr46q4bXQKhwHnhSO1cvEZxiK8zZ0UUvMHGZI9iz4bjhoHMMbIOMlQjzD7lXKLskiaS9BH5d+nSpKWAlTk\/VzCyrJIDUEaoJEECyuW3tKvwl9spRker8xQmMYntXENQ02IwoiaKvWtw+SOjVwVA8eWlOm9NAMebNzUMZPYZs73GU1OPqu9byjmqUVZ3gNjVQQ\/nOwz51imkNuYu+w7\/8LyJUGaPm5Fwuk3Bsj2YKxipADsvK8J6MTwckTe0mCX\/jSQ76gOCjnkz8hrVtk4EjqvRSRrrQmlglk\/VPrf\/qKvU58cAcB2xVriX4o5h7C5eOAMRU3+HqrLXNHljg7aEauwVEO8m3ekwDO3icqHHRs7WM+ylBxpldD58pCtxwZ0ij9QfdRWH5ZxqEDPqJoHBdj95wIyZ4ORnYdmNnyGHi8MllAUcQIs8tjWMWB3yoe5EdClD6nZBCG59SvjdsYcNJAVVbBE80ehJfa\/upspBC4CISksJmbwdDStCmaDAP9wtOaXIqg9O5ZkIDmdoOOPEfmjm9K4dOQ6LB36bvZXw3SHE4hzY8DBpxFYHrnweWWjg3jzTy7z1UBgCcL5L8M3V1G4k+M8cjEG+qLyzWt+I0t9W8p+QppsTxLemIrKhRlTLQxRaQrn45B1vfZAeZl22mIthc1844odpSJYhOqC6tqIizeYmhjyC8Xc50S3AW5Mvlz9zSASlezjlHYB6l0h4HiECb78KTFOP0RzpXeC761f6XbR3TSUj2Kd6CiigfBxHImCUWBJeYhQ63K13s3Mm3\/yXQW+jtNDe40QrWm9YjjkoIVMSIWB0+IuXcOTK5iuV5r2NouN\/mq7KvUEJUIOslfnalmFaf7ZfIdPjgyQVz9FrKHnQkvaAtpM4SfwUn5akQL58gGN5ju0ezdhVBAUVoBrH7IQl1dE5m2gKH\/nc0+RTVVCbReUNeb\/d89W9jKsi0qHAjg830USO454jnFfGNPY396nJq\/esXpli7iKbr\/IAN7feLYAiWUNShRLTeLj0DM+fUbWyB7fiC2WAV\/4DdYTKVEz03e+e0crF+jhU0\/1fTcsMLkra8V1CBeXadKcji8HnzmIEixBMdXwKZYUWkoYB+sbVXni\/V+D++lf65eXUFF31BC5lP3qxi9ycB00LRdjtUjOItXt+m1hKug2VkfXSqpqc3\/GtG5atDCNyPml8KVYSebQNsNdtmEfNkMvyIkKWIyHjBBCaaBUw85r3hizTmBO4zshJ54arJGmqYVjcViNP8016YDZ66VoiHKaJw\/kSImQpkWf0lmgqvatzHhJ\/LfjV6hqNjydlZCW3sLZFOzRqsHvU5fI\/FmsYH8YkApnb+m45Kx2rJzSfYc+L2hlvF4a7+7fNL+7iaVFfd\/CRuXc9u272HHy40jLVNdRPqq4VV3rne\/q0H\/V1m8ntT3AELDOezhMgwVdok3Al1xhogWoqppG21ACx3PuonkAEFwkyjAL9ONzWF8DLDGXAOEdTah38TMQ2tg2FGelPV6Zo48hsuS172HDmBfJNthoNpqM6oYASTG\/RxdJdiw6zTrPbRM1ewux4TQduH6K6D3mWsV29BQOTHS0XXpDSszpB0pT5xkizyunUsTMnSmkyD6zVNXzQ5EMXzILn\/+7F\/G\/+5jctdI6\/dPPPLJpa6WPKzVPzwwzbjqGjx703Yxr\/kJULthDE\/zZhbousd0J3udWSBLz+4ztsXYH8xhH3IUM9oirjdGfttWqzyUvhSRYzH"} 01148{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253804100,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316389570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01148{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421253509654,"flow_src_last_pkt_time":1621421253809118,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316389570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01159{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421260215429,"flow_src_last_pkt_time":1621421260513424,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316389570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01156{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421257105861,"flow_src_last_pkt_time":1621421257105861,"flow_dst_last_pkt_time":1621421257105861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621421316389570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} -00677{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":22950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":4,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":1621425498439786} +00677{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":22950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":4,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":1621425498439786} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425498439786,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621425498439786,"pkt":"AAAAAAAAAAEAYl3ZCABFAAVi7ahAAEAR4FYKdU5k++wSxqzcAbsFTidpxP8AAB0Id06oCGAS\/SQAAEU0ed34HhSjMqu3wM3rp8Z7ywfKnATeCO1KNQbG+Q1AYYt5I2GKbEI4LPmTF\/Dg8oRvZW7+Hps\/zeWj4mRYkEWQqTJ1jKptKM4UEpyPZZwThhNGXqmj6pg6xKApWE\/oyF9g97k8sBAbAFjDVYEhNEZijtx\/4YuODy3D9E7bPZxpgcPMwpkKYui5mIAEgbi8+Rn0i3hcxUwY7q57V8pjWYX7+ImwcGnArVGy1OpvIF+ketJD73EkvbYzvYqF\/dx7vL5C3WdaRiA9Mfj4FAMj0RdomtiauTwZ9tZGvrn5iZc92HxM4jvRW53IfC7AsWzDXs2r5WAp0EASs6EpiisrRUGhmoOMYgx78xwP+jWjx1XXxbRaJ2HQc1mG\/NdnL1nuvR8nTgTtoDWHE51rI8jwmgCKy\/MRsXgdRCTYt8oDCgeFipZsTgwY7S+w9r+p5dQqS7ggXdDcdXTMpzrMFGpZUtfmnyOuFY8EUJBOZtyPVfAgZ2J9lHR4O7H0HFN20uv52\/nqryE+o15lojuNbE7xE6hnJRxYacEhTZ+adxZvTe3ZbcZp+ArC5OwrDguig7jjNBMIHugEUzqkfH\/jaFQLD8JFWvrgHaj8qu5B5PjtqF5oB1qsGzCGjGh1UBZltV0pg4iY3Fee6NHV1exKrosArB\/8w\/C5lj6qgKibGsNPFBHUDqfs6Jz8s6FD8M0RwKxS0XYvh4HQDhIs8KDnCgCOc5ZqpGzAxWE2sFtQm1X9ZdTNBYdCxTR75QqGKVUyAwDY6MS5DrXKqWXB4m86kt3QfAFZUD0r04ROd5Iy0wrnwdGHMkbwXSsDDW5fdt4YYwn\/mhfO7TJ4ZKBrSJ5T+p8gpO0GzoZC+lIbATWgjqE\/P\/wDIp6NdKYeA+8geSI7YZP4nWfDgSoIHZphZHbocFnUUiNrBJ+JtQJCV1GcW2T5EMvwWWQ+zc5iC76n0qfV0F8WZ0UcVFvIhbjTEkm5tN09Sz35bubHZC7borBe9wGaBdUWuvbDKcYxKkDlCqHQh6sGHMEZvO8ITeoApd4s+sy32VthAMZfwzAkcp543Nd9arJlBQRns5ovQ74CEqV\/1SFXZ6AcxWiYbvYtKsu\/PXbKxEWRX\/bLqtCaRALrGa7LpwKvTT+nAPIfY1QuCMkJVs1njoj7EW\/n+6IFSplTtx1+YI+f46mZhIFNeEaX2QhADqN3oRrKwNDIyXpLg42uHmw6eyK87UJQsPtU8fbi0YLvgdhwLKYwc26rmYVcgZA2atbyib2Uj5alm78AkDkA5B6DNcz26jK7Xdi7HuV2TaALNudIatJBaYrNO2BlOvKywUaBJyggz39eP2g7XmeWd3aYE1aVTmJh\/X5Qlrz9C2EIg7WTIcETGQEy8F90A79pH7Soo5GcuPSyFrXtm5pfyZ8ekVtDas4uVjKMf\/55+t6uPRCl+GGDV091JgGbVqRR+qTbedv71GzRsoHrnHdTCw0\/6n5hRMqNjCHohMyyw+z8G1vmqSYMeQSMcWwzZON\/Jpnf2+CCqG3a7qlN1pPPkFyQhCllDNBRGdLWESKJhwxAioLHXjcdaXMywR8L7AS4Q2pkh1vrE4OB5IkU5Akg+78J9kzElSj\/7UWmlJ1BP49+zt9iG1OkS+1eOA9H1HXTQnB3rdU7jlLnCc+mS9YO5piXufWtmGBMHav\/cH2i1z7Nj\/YeOefBJDB6J9Vay5mTPGEHAWOZWU35b1ecCTk0q59LDDSBSuCpCzIgENLQ9BsmRpTJ1p\/5t5pYrOotQhCsIUt4ZYseRcaE"} -01280{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425498439786,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; STK-L21","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425498439786,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; STK-L21","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01146{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421253470357,"flow_src_last_pkt_time":1621421253804100,"flow_dst_last_pkt_time":1621421253470357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01146{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421253509654,"flow_src_last_pkt_time":1621421253809118,"flow_dst_last_pkt_time":1621421253509654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"133.202.76.105","src_port":64964,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01157{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621421260215429,"flow_src_last_pkt_time":1621421260513424,"flow_dst_last_pkt_time":1621421260215429,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"37.47.218.224","src_port":59827,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} @@ -49,29 +49,29 @@ 01154{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621421257105861,"flow_src_last_pkt_time":1621421257105861,"flow_dst_last_pkt_time":1621421257105861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425498439786,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"112.1.105.138","src_port":55844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425516873917,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425516873917,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621425516873917,"pkt":"AAAAAAAAAAEAaACzCABFAAVi\/6ZAAEARdvkKdU5kypibedfpAbsFTqmnyf8AAB0IsJwtqP2LOOwAAEU0PbMNV+Nmu5DIBUiD5lV4SUmkAFIOJpUhquUbkJoyjAxBM3gtgG81k6lhzA3GQE8tVB\/S296\/Vm2Zxaenrapxc2ryyJf3KX33MoNtBeSuxOyEjdN50pJD4IMrhuAo8nfxKG6fLj9F7lLvICTV\/vlkHUn8yq3RpGdoDFOYvOtuCt1zawf8weQRnfp4xT1kOhHEDxHVv3bNZbM5nRRJXxXGUaGOz22milo75Yy260QtHR4aoaeFIln1kEu0Lim1RK2gIG3MjkVIIfGYE828l6gKFLAUfvWyTEYYCubVd8+CKJEzaO\/afD6oH5Y+bKAztlPySihidV\/90CKHnjQSRTY+hapGYGfImwKn+7gwJ0y8ENI6zq2Ih7o8GVIuZBwsmgHPKVoI\/krv0+O9osznOQz68C3vRsk1lna2++Eh\/eGS6oVNvaQ9HWU8IOAO+hUpNSDAIpk8z853xu8BoWAYiv13BqICJAyIWzO+XisJ7ZDbQazmstS1X4Ro4beEy\/NpDmgrHs\/2pa7Zx6xAb0+3G7FsuNHBfazEIqD5ZaxPUSzBN2h9+9XzJ8MjsV2QQaUNPKl5I3TcN6uLucyXyzoKtyZvx5m9Myxjpit2V2hvKZoZMAufeIdZgn3bjdomXrscSN1kh89eZFiv+8sYO520yhiz9Evn\/LyuQ4s3jZpT\/D2t8PxQoF8xBbRM4zYc7mLtB7P7mWuCpbELISFHcTd1dWZWKO0foIWL29u+grT0xfq4G03G5Sdlh6g1Tl76tw8ffNRyJI3B1Zll6LpvOOT++553ZZZqQa3dmFoR3AuvZwf2iw+7omds46sgvQhiRN4h3ZF2B3hT0H553qSfJVf4VpupfglxjFiuInrFgySWKfAzXArMN+oCMOC4SKZEMeUovKPTvnb6vai123eTNft\/vwXrMQQqNDZKuK5WJP9n6bql9xt+K6gqLuWDibIsa7IxJZOdak6WDJKf6u4rc9CLeCfpZ+GDha\/Ykxp0z9I7MyUvNbVkIJM\/\/ALKQXgF9YFg335wWbGJ8oeev0cFKhtD7JCQbdZz00KdQoKXGN+waVJ8KTPJCUvnXb3d0W4Fg26R\/P47ckP8VwYPQ0fWuFNGOND8uFBwF\/d3ueP0Anz4sfSw9hA0aszUtBllmz+NjVBZMaAVseucfSE9+FWtSW\/KsQybDuj9Hdnq3g3OWz1pqPNSI+HFuqWF8kQGfGwENovGwhVwKpXQnz+0BZTlc82FjLmWo7drbFueC+RSI7H7oib+IE4+I2hWvpUn3YTZ1WyrdeA0MBi5AqQOhNsHHnx76MGBKrRzlZllpZzmHpoD\/tJSEv6IBAqZAZIHyZYvETkvTQebRoyNKdTyTMYAOlqQcbtY58suf6NwY93EpSSHoAyvs7u6S34KR7j2gnjKUKqgaZ32XDZAiXBl6uHxguSNnHz\/0gic4akOjaNW1y36lv+MwNLpamJSA75xsY0Ag\/ayv1tDPlRq0SFYoyH\/L4BlSlxyXIpBXn6HDmzCBeqGRk\/SbP7MBhn1lhwnTyawxEZ\/gU0YfWVdkDqqI72zLJMAeO\/wRg13JYd2UqEyV84a2Jfyk1r4cyt9C7F0rhWFGR205l4xStcaYSinxImLl2pCKe5S2JSrskLuMGU92EeDCBi302RtMnd+pZkhUc\/dfq97n6+ubGkMSI0oohIfiZeWDID8SxamWtQv5ESk0SKFBP\/pMhJHpgeg965DR9H2osi8d4eJR+qyOMZCz7jHyZcC9RS2+yrCjEv3U9YnBDp5bAPDFrSnEw7i"} -01406{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425516873917,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425516873917,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients4.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; STK-L21","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -00677{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":25650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":4,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1621431299729996} +01432{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425516873917,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621425516873917,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients4.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; STK-L21","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +00677{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":25650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":4,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1621431299729996} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431299729996,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431299729996,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431299729996,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+ktAAH4RGLyokEAFcfqJ89CcAbsFTkRlzP8AAB0IlfQu+B7a8qcAAEU0VAXtGbQ9llSdlBvWDRqBCRlkCr+wLAODpb6IkSqrNtQT0Fq+mFTNNcZuGPLGmtMQiTgX5ahNfvwc2wVeVnwpjQXgMuY9BTiBvljI8vW2WO7xkdJk5ldSQUgRVPQ66OOPIEevYhWr2qgdtK3s4RlbCBiOUHL2oc6mNd7wOVC5XPDLU15Pb1X9rKGpYODdHEw2PCdUqXQXbRHNCTvR++4cDKRlcnhpPvs6EU838tX9PcKuOpDKMkxV6FLY+fNJwo9tnmW2kblEbFsqwJpz\/\/Enxa34NjqtoZhoRtapSyZCnEvopODqREJ\/CbRey4CQrv2fnFjjq7IR9A9vEDzcPpksson3AN1P3XrLmYYoaUkTGHOgCdje7SEGLDVSb4npjqySIO7wN8vp5rSPM5nARZ1XOT9wXoHff7cCe+dyL08HzUnnLJyBinNLpzvNbCMm0QKhi69Iq30GgBOKJqAZysRaQ5GV4Mf0wvX77rFCRRa9yldcwD6XOuyQdNUHPUQ0mVgJn1umvmeNPG6nKZjJq\/KGBx7ctS+gpvFQ1y0aJegnLzsDI2wvLLmhR9R3DiAgytDTiAvkU65nFAyo+x3w4ph5M+o6WWzbbtjsrAAu780wrME3zeXVEG9zm\/D3uptFTZsQMrWiuAaPVLf96rTs6qYSSYT7sYTWl\/jdhLBcFgFDy19mw2Lkw0oDKrrArHJ7yFnHUJtANtQ21TmcvxB\/WIjHCz8GMrDUZLO4OL+1Z7DeRFozavYMggt1qJ8U9KCvWBAR23kR921lFVt6a6RAQr\/I7jLU7sxhNgbORnVRfOZ1MAqQI8IIaWCq4xYmb6WmBUSzoH5\/13r8jfLuzIL6b1\/1xuyK1tWaBwjxQ8cdpzOSdWlwWGTU85r1MWsmvvgBLQno8RQ+AAeZUXr\/6vclKA8Bkt5OZC6F\/+bo8hifoSORQrzeJzJJiiI5FanBwgqgIUFyRIOqxcbjrI0ERcNvwqyjkLLqGLsY7p23bRBCZkGYLR28zH0LBHV0E4a0nhRGBk0f+KMOczC6ffG4xUK4QqemNWTyR\/91lj1denqDLOozFi3s9mCEzX4+yJyt3koNWJYF5um+Cu3rUa5kiznDT4nkKCPucW47nzSCmVao4V886qRx5Fx0iQIhZYySPa1r\/WDeHAaJOfFYJVkJKXBVWbzBAEax6q6reJe4QC08bU5\/zqLbaU3p3TETZVXEWcMzHKQD+xmaiYax8+gqDaZYIyifU0NKnlhkl+knTdJdHOJGncWgecX7cZ8apFuaDFx8UDXeMSrVUMSg8izndsoloQROpF\/aZqcH\/OCBifGVJlyfDkwFvsOr8tK54nIg\/1cnqgMA7cZTlQOsYpxuCu2jMiDpXOfrkKeU1g7FA9f\/QLEQ71aZKG1rpKfo9DX1OvCkAat37rPibslfUdCAi0gtEzi+ed4jZsjTTtLfHjE42gsT3p0neSGtZDGwREWKTcya3MwMkr8y\/d3DdqmakPpf5GYFqWV3fR7TgU6cIOopkRSOcFKjDEWelXif4mHkRTG6rwTb+56lZ51kKqq1jDvERvqFEW5JginMwKZ\/lD3mwE4WQG\/o+y40DQu\/5PR3r5bhM1VHKHeN3CJnGug5p\/ZJp53IP681sF51Qt5pS8LzCO+rVnGa1rCOauVjEFEOyPp7wndr4g313ytaLKjzfjG8HveWQnAWD3q5pxGlBUxjPmLLEeKM1hHQLZMxXASZ2IisfUFkbyzFIAfCK09zSR6oQTD3gwuOcTrdJpdr\/4oePdnzAHWZa\/8h"} -01424{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431299729996,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431299729996,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01450{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431299729996,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431299729996,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431301735068,"flow_src_last_pkt_time":1621431301735068,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431301735068,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1621431301735068,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431301735068,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFJlAAH4RYWOokEAFgPgYAdC3AbsFTjagy\/8AAB0I1Sc982lv31UAAEU0GEDsnXM1346f3LKi+0ayIgknr4Rq\/qs0KnGSjmOfgKkNQLp8xEER9Qne8K9Dj4EYthFazH8nwogOlBFgQV5y3Fel1wV8LOfanwEdPEJ1ZJp+4xJmJEH3ze6GZ4lwHZsbcqCDQrzxSxyr8toIULGu2G\/50l56HzZwoikffxbY+R49tRZw4KX0e9zURynZK56t+njmlBuQWU+smCZVyJ9ypPFqKVXN7S\/8ucoFZ1YyJMN\/N8kqlm3ji7IGbOPNlw7irQvJ6BBxEwQlUJMHY0WKWUxD0Eb1MsXzLo9XO22gWFU3joZpaiSrB\/RDWZ1rp1Hfn0Ci0a8\/o47LT17Bf3EWgNA6oe86KkT1J6TFj5TGCEop\/KtIZTLdJ31PosLBOaXCkGm7G3FNW0bcjpPN+DwH3F\/o5LJ+Jg6E3+JR3af\/NqmM5lUPNhBagosvNZLci5aDdihLZLOTUxbxzA1HCgT\/ERn0TtIo+cvYtDBmA42xHr7Zw91voifBIp9+1r9Wgz2+fhJw6YMkrw\/R0ppcnpZJDX0HcDeOv1QITYaPEMCvPZWtVD56xX\/nIyNhER8spzpXJhfyZ7CLt2MQTJZYrSynYdh2Qhg0W\/Nnv+YnvHUimL5v9ucOAhisPrHZU6G8ccZVN9RPBkZp7we5VOgt\/sHvnaKFG385oGUa113YRpL+yC9+apyL7k0Lf9A9mH6jbSNwop0gbOz\/dSwao004T49FUKY+MYQSd1ZqRfOYZDWWvt4Z1+VpWWL9e3bLpDjurtDY1UVq7\/zyqXdPda+dj4dfpiumFbn95kie6gTbq0Ka77SOEVLy4F0R2VJz0mF6y8BHF7y+\/LWrLPikezYLBu3wp4yKo5ZMD+1RhjR0eYSiFStCQDoyh1ZzHLZrZgvvFV+EGsEUegku5d6U\/1xaEg70OUXkUj8MuVqNGP\/DVAWz6hGuIclLJHMXkZa1w4sqgXxuwiLhqmwpSjmxq15zo0Z6Ez9\/3O8teBesxAzKjLPt8Sjolvyd5nkwqOheF9hPlho5\/02ZAOHIA3HyHiqD0gFnqO5U5vPI269ren0HJGp9Y0aGm+Qy9oejwYJQfgaxeUOqcA7NVscX+RDbbgM1ZMcwzqUnM9YjlXsn6y6NTYw1rNff1zxlhQ08vVArWM2OumIoI++kTKQEg4JkAXQ3sxDPGAMMWQm14xHh1lESh4xPo3UHq2rynANu5+mkgpLsBsJIGzZOygMCZkmyp2fh7iY52BUb4Nx03epPzl6T\/HG2GNWULvucC8GPWEvPtkSLn35wNxlzF8NXX5lfbR6AqMs5QTbFYMg5BCH46iFuJgeJdSeBSv2NIL6sAH5f5tl5FrSe6SEykjojnE+KA8Pu32tMRLNHQvsRLkoRsuGCZmn0vJNgxR0Qj2ZnmdeI9WNinCOb\/TQqf05ttvs0B8SkG2JbukXe8IPAXK8CE2z3vwPoWYB2uzq10A+1l82xFsU23TRP69q5AjAR5gcBo2onzoy0h+\/Fh3MjRkS2rWgW2gbyo49\/6o+6I9tCoTl8e+t8H5Hr7OKKf7UKw0\/fDzsw6vvWL7Z180IeAQRORtYOnhVfjSCcEhIA8M4QlGvZG+XDbkn0clOXH6LrYUiHVBMh0b7ARqcsGvnK0HqjBlCVzGLKSDZa9icKkesJuZEIs2gxlcPU4atpOweh\/JejTvw0JRDflvusFCZ8LggbOTt4dNGmwJ7Mbm0OCxLaIc0U9h9Ubab5kq6QWk6OCd0h\/j2UBY7LZFZszsTdUnL22e1bgg4XWpAYp7qn"} -01409{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431301735068,"flow_src_last_pkt_time":1621431301735068,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431301735068,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431301735068,"flow_src_last_pkt_time":1621431301735068,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431301735068,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1621431301808564,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431301808564,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFJpAAH4RYWKokEAFgPgYAdC3AbsFTrrvzP8AAB0I1Sc982lv31UAAEU0zeT7R306i0MUyYVVPZIk\/KZWGL6jbpzbn0wPmz3fvD9vdn3cNYtKf4Qtet1U\/nGKiDokhhMmX3\/BVLzQQyqFmb\/M8TdFlsBDC0dAZ5ykvarKqbUTSTgiy95Q6LfVZMqkeHJMsDpJptTPVl7gjw06GKLx5TW5G91hLE1FqeLb\/dNBqxaEBgwW7oSUsitPRczOioi+LEcRagKP4t5qnZ8aDmpfz8FLrvCECdKPswENLWuAf9Vmj\/tnC4GhgFxsu0TzsfmUVaQeeSZw9PR7DmOen7ZDKqiRf3DrGbxH8xiO73GPBoBDQjgENrZosMzfCGZE\/MTUgNw05SO8IzaGjJfPHze+4QhEnPM020WOHSfwtq28RMPlwJJF02yo3wlT\/NJAKohp0A5KX75ENMuJSkJLQaSqe0zoJ0tVJo5191cibx8Sz62pctFEM4BebxdU+RpZo0LdowaXCq1sachUxpRRHMdssDm0qblyaHts6qPgulEBH7aEgucpskAryrCvygwocC7svHgVLBmM\/+xK0IluLWY+kqgiVSTrV8WnG+1L5QgeJxSFASdp6Ns0TgD8Il7BJ8o5ajit3BypcmDF3DPrrI+Qx7QiBRmTSSPFFvm0GF3n7i0EkY2Hm8DzbT3wnL2YHAkVv9zggjYvZo1n1LI739jXkeIRrfAzGVeEvRFZmvKb1OdgKztEkV0hoFvvBdOHeKuCUUz4hKnv2+\/lYocOo+kRXiezYBrj7PqFapYBg0p2eH\/igSHIYxfLy7ikKIGXi4rRNmWXUqjcq4WUp8XDBW4tb+Z90I\/+mhDOTUok1Nigx2G\/7KbfM22h\/apHLFvkn9EIt06RDs3B76xXAur0AM2Ip6AMuYDnxYolFxG2K3ctE2xC1DRz7n0lKt3HhiR\/P5zOKCm0DfhmASldwBhjifKegO2oN9vU7M0DdrAxP\/JNcYjpWs+ie2MFdu2lsdJOex3XTLsfX1fJC8LBGXc1sOTG8uWnisGATLFKyNfzBcvv5C\/U2hjtcTGAngc3itVAnAbl+4hQ9s3hUMWsUk8+RJ0zRwPQbX2nZmyIhql2s6FpohxHCq5UoWxXh22BLb0zwRAvo6A759ODMT15ISyiIq\/u6XtqcB6tFsY4SDCIUFZLCzn8LY8hNbxKnIvT+kZgjTz2dylh0rVAxuhuUhpxNkpru0GmszDQWJ+1v76Pi\/R7HWIGyiEs+YivcWX8jXFsjBB8QfSitgQCCwYnJt4tNaulx0t7\/KVoJPhMWx2cAxrfacv8GgasdSu65cuLmWAlMC9W3slT8e4g0\/tto\/lATo46xcKpYU+fjCGriKRqNQMloM3kkzYIDJ3SwWWEk\/P3rFXpQXMr\/b1crw62J6Glt4mO9QzYLHGzgKwu\/euJxbE+eJO1ae7IMc4NRHHR85ltAKeR8XgoQo5N68sqCn2+MBEpQtbXHWnBMQz2HW6tkMHrohxRM8\/o23cHXLk1EsRmSry6aPgKepAtHk5rhQZjUer1NzID\/c8S0mu1iEEhSc4CLtwDa95xWQxcI5HMEDAcxxwRU\/MIaLOsI\/5mt+17GR+up2thq6thFHPVXAw+joWJg2Ed0ILpT3Tut1YgVVqZwcLTcnwOfBYMiG85DaaijQFB0dttNIqmW221\/RwD0coicDTwZyNZ\/VM3mnoVjqC6Lpsnt0MQaGsPhgoIU69TDIf9rzi7vHvOjiyWK40BX3xDHBVCSUpf7QS+RYWcOrXrADOELfOVIriZ9QMjQ4fxzn65DpF0UVgcyVId7aKLIvC4Qfz3"} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431305591580,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431305591580,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431305591580,"pkt":"AAAAAAAAAAEATej1CABFAAViY2BAAH4RsyKokEAFedF+ocUyAbsFTqiTwf8AAB0IW3iwt+y2cooAAEU0BEmji8W\/r6QQo738TO7y5dSuNAh8prkXOpfADst+Jc9Q9tTb4UI0vRbpsBAc\/wRyLzFYUecQ317zmJMLzTZl8Jd3ZiRr7yYjKX37LDNWlAoicKC4oliOH\/Fml25DnlNIMC5nvpDkdC5bMRw90FXK08RrmaBrmDz8JlipdUNPgq6+Ks9KDpvkjFtGyj5dpZ3gMuMYJ\/WogIBs3JzPpqngAdy\/QWH\/r\/vNVwYPPIH7tiEsC65BQyTkA7HqsyJkff7L\/WpxQokdQkBU8i8+seczGsyXRW\/ZJe3L2iHzkGEklOIcNZo10nU0am\/+mFv9bszZ1gDimSJ88GZcWsSJNfq+Q47ZVtA8nRSUIxcfLFnXeJPf6PU\/rb3+S0qU3oZcpaHV6agh8jvjdO0w\/VOq8qxpuNAX4LkLt40P2U151YrBr5x\/OeUgR+Z6s3QT73\/HzfP90bJE2S0skEBr+RDQY13GKYZklk5d8PV2Kpo38KXeuKakskZ5wi2woJvrGxrjC6dy\/btETblhn8osDCW539k50fXlOVrNB4tYZhdBrjJHSlXfbwhprDerXi32Hb5v8GxP+TWGbi0qBKv5xhEw3E7lsExoF4hu7AxtupA6MXdD\/\/f6nsoiLIb502HAdNTho568FOnbHatxotovMfok8tB77tKCpaP0enN8SDSqa1eXr3phlwvrsB1N8IyoHeHhPDB3mlqSTzZyp2hhDwIOLk5l9eNXb4xHGzjApfQLHaY0en\/gogDLaQeVjuQnQc70f+A2ywlWAXdLkP2C9LVdtL1r7vtwucagunaQbNYFe4w7n642v6LRQNiKSvAkNFxBJOicXbTdkburmROhEgL56f1Q93ZrU9KAY9ux7cXUbSz2tjxs8Qa6wJIeIr1x2JPW2pY3ylGZZDYZAu7yqS63SBDTa0WDJ2YdAWunIZm+DAVfhjaZtAj4eI4w6uPQAjhrCoPjKrLErXzuqx7sXAJFQxO2A4zcoit4huJuMpqzdY1UgUeAgie\/SSepMph5oCom4eMvOEKwkc5QonRZdyIpiAxa3aAdkn30E8RE6dtdPGch4nRH6Z6peyUQ\/xzAePd1pt+2lyuSFBwrXLkpjjk2T63ijkoMVykG1jIHqTL6VbWyhP4hLLhnznJc2v\/BPjkdBh0PPpuMO1BZZkopd7nuoNr7BIQeDS6PbzpyxT4WKDIasLmDyHw\/yGw\/r8T2HaOKcScYHVbxhlOhwg6vkVvTNtbDIUTpL+GcmTWQxz0+awTxBntBHWW2XF+QqtpquB3MGHkRjBzMGrwtChsrY5glPcwPNrPPPLFMguiPMSM5jSzWBWTIU1NciHn8dCkbmPwG75IN6zA3mioUEB3Ek98007I\/5so2LorUnz3QUpb09VXFeljvTD2\/ONwYANmDdDPP3pM62BtSycqNiX2CbGC5Vyjl2JuRWiIOpVgN4mTK6bkJK0Yc2Tt\/hfALU39E0hCz98Xsbk9g25C347kmDI+6o5J5KOTGciKIBmxTx0XS39uDAuhpOwuMMZXpcx4Vf04JfLuiNBot7rciv\/jQgEJAvfOFnFnTy\/cjvf8Z72bMe3Clm4eVyPKPxVWWCFWN4MZIPXhStwfxp7L9YCMfW5\/oi9I+Q5eaFQyvJaVOOHoLaBbG2DcrLP0Wl9HuaY\/B4CRtnuzBzHGKGio7n5DsFpRrH7tc6ky4QWHp5YEC+gVU3FroThHyBQkDCWRmOzPOImY6RD6ATpJNX1fGD3U1V12VcoYmjJM+eh+pvzZzfI2d57bkQ+g\/9Ch7"} -01404{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431305591580,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431305591580,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01430{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431305591580,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431305591580,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431307075029,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431307075029,"pkt":"AAAAAAAAAAEA00bUCABFAAVijzpAAH4RCgqokEAFnpLXHvS8AbsFTmfYwf8AAB0IMX0JnIww67UAAEU0WXLvZGE+Afr+idrQ20zR+TEoH4qe7FkehtVpAee47RFYupCIo0eg\/DcR8TUJutvknKHjy6Va8WSvM1EWCYimGhVvNrQ+Fp0wmM+yyFY35rO08kD00xrPXP1H4Fk1Ofd1UfnQJk89eBBrRrAgNIIZzsqrTA2YPMgSp4UwmAVHJRtVJBMno66qsQpB5MQvisi+MDZENkGh9aq9g0sgJGWK095wFoEHqSie1cZEJH0NF7S9OLvFWBFqkCvegn2Nbgv1X3v0U4FwZWypfbJWLFwEnbR3285EnVWxHk\/SMMkHZmF0On1dQwUg3Qj0eZgGpqJ+FXEKe4uYJaEDgW57O4nU+0rSjJ3XzXQlfhw\/N4zTyFc0pjNRVcZvLiMXSfY4zYW3s6AIQlPy9VOM0+Sd2IN1gmmyrlJylMJVvj5QnrEWhimJh+zZEQruzz2mkSk8RFBjfgmsnANxoo9pkoo1TS97QkqmEvwlZfg6yosepp9RK65\/6peOS8TJ315KsHvbCu5MVzH5I4uEAg3ATybL0\/q2fjNpY\/e5kXcbiGD0xrzms9EN4h9y46YS0qZtRxTb54e2+c\/tkGE9oXd6ejJH7up2JrHyebJzWgY7y1\/4vmipy3uHgTNouauHpshSLQuocj\/IVA+m8M+S\/vIZxEEN5HxEShVKdzz3MydKf3IeaXIEkOogNU0EAfQF+FNMB1pAv4kA3D\/lhiw4mNTz7Pn2czcGqAoVM9Tb+FIl0v4naUGL2XsyFHEd0pdrvK0kyagKybt4WV5sy5dTFsU8oIYAkaDi0C0uvM\/hkA5rmYfgUGBRK7JNxcGRlB1h0fO7BcK++y+yfMx3k+B1cK7ObenTJrzFdENU9FiKc1npqAEG6qvPQ0489f2iKZpGKUe0BeleNnG8VKEEH4oM7w1ZPNdb6xC7Ch9EIMjjHN\/cAXUVd2BiR8doMWSeLNhCQrg5YRmEpmom8\/\/QGV8iDszvv8hWt\/MyXIyygAe9+QVeN26ZFXxatsAZKhRgqeS9+v7iRbNhTv\/yp28d0NIRzYLEysp\/VKAJSY\/PxvxR6eYrq0gk8M6gyt\/4BK1ZsK1h+llwW9nD\/t+dSlwau5F0J9hNHyoTUxT3\/2rWXx1WBqmNf7tT6HVASdYqI51YLphC\/t4BsXjG1U2fCZdns7t3a7Bu9FrBapBq8ozxlEwnaYBf9iuXer9XDB+ZQgwar2qMLM45G4ilP6GA0RkrpFDMK\/tSM78ey1CFRzLoD7+UjYyTIDcNhz56WZW\/cCCxyuopmvh2HuMiOaBDLX0ZH5LorqUuKLVpyJEcSbWHqdDvEIC2OQcfgQk4oVo+j3e1KvcgwqJTHG1uKoIKEu0XzvPdTW0gMnxGMRrPwDFCo77mU+Wk7zWBWHmjHLet1\/dYxkU8+0PHq4hWTvyi2WvPZLluvohq\/uVh5PNNj2h1VQCyJSuGN4gUneosa8Kp16gjYZ9wlLexOQBxfrtdOZHNANUy9BWZE48pGmjMCVwkfj5AoR+lwxIH1PbYVdSg1W6n2FrEJeYRs9EjR5zk5Ib8sLvbIBr0bkcLFp09zWWWvyzA5kGStYwmIoFVfVK1M8DAb6EOkQ\/RECglK66h9GO4PSBtbey5+Whbs8ZQwqwshqhdGjb\/1OCebCFnJxT4b25yYHn79Vu70lJgCSdcmKtbvBQodyXcJt1eGqpdLpKIO+Eplu9mc1YnLPgFA\/NdEhN2SwFoPGLdsaCDBDsYWHvxDTBH03HR3HVl7PSSq9lVQAnF9xjB0hUGCVyMcbzWm4Fj"} -01428{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431307075029,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01454{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431307075029,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431309055814,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431309055814,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431309055814,"pkt":"AAAAAAAAAAEAS1QMCABFAAViW5hAAH4RACCokEAFCUGp\/PagAbsFTk75zP8AAB0IoJxBQBoX7TgAAEU0UJzG+bCyeSlhjmh9OGyP80hWwr1IV5nm+47YLijEK3KQr7gE9aToyGrLFbSZbr\/ot\/\/NhrLMkx5w9hUXpB6saN0FW9GivaLO3QW6nH3CEbSTx0vN4IWlz\/JYiJgSRdKp5yiIMpfFGjzOrzdapK0tDb+uDfZlGSI6b4fOTqadVuIZa7Vvz80YKtnFc+CKsIoEHyG+RVKlu8E7nUsvdaU1zjAfOXguC2O447Mq4l4iIuNZPa3X4qwTb1oBJViD2q6N5mxCHocUwd5IC1Czt\/KzM8ZvYZiaIu37vHuF4pEg0uyFIwWyEK0I3dICXfUy0FAthUUXOSQ\/qAjh83pIDqDmLm2oIH2HOI5yuYZbg4RhR2LcjLBI6jzxoT8wFqrBDURuZdJcnHFDl0KIt+h53s1VG0ioJi9EFRahccLL15Ih+xhJfJizq7Pj4ctwKdbyHsA9jLbn7BGdV2gCwR8YorYeGvatXhw3zhkfV39Cwpeuujb2aCauSV78zlMabBFL4I8dN4braPEQxADv6t882wA3cfqZmbZ60uGkg8o\/gGbldbBIsa\/FRs5yHZAy3QpgKNCZfgBmMgS7eLFSJs6rcXTEaMTPDLwpJJgNTV5uiX2tJSaIJYr3pSISnTR89Gx0X3HmUn\/Ja6T0TIlgJKfs7TsyV3\/O+pj\/KvUyMCLdWAd6hc3OeA+YtszQ9IkT0t3IpA1OTS8L7ZNGDMrpzcZ49\/um9SKUYcvskuDPhaNggUksgvTJNkykAOEaY25imLNje+fio\/CgCrOEzLgy9G+NM0WtOHSe3sLkVdRGEAlB8ruk5vv2PFS6ZLA25T0hhIjNffnQm3+PTFk9kp5zihC0fqEooPgerPJ+8+JYctFK\/gLWRbc6OMvqllIpSOsFv+DIs2hi7N22XRUDShPiuab421vCGIiM7eiQl2FqR1tqIihAoVLym23eHpBpBbJFceMhPtBiXoKcb55LGt9SppKd+KwhSDGVu3bTJZszb6XgDMccDIvwEjkETVY7jOTOHyZT0drrSCyhKYmxWWJw9iI7nyCGfm19D9sxHMXlftbXZVq2QywR0n8Tcly1vSGHvWdt6+A1Ohb0q9GI+TDf1MnPjKVMbc2Kjk4sa1bJ8BlYl2eeag5iJ6VyYM+GwJgezWvXmBp3qA2zBEXJQaqQ9yhweRmQybXzLdvwRU9OJ\/DC+vNSBAa8gMAK9mY5Yzv1YBeC909GfAlJvGCjI8JOls25+LbiBJQ85Ab9s9IytjWrn\/cyj3XQ4p1l6hp+Q080riZKDTXmNwz+ZUmSDeZjTgPQUatAzktduFtFx07hplZWmV+lNMIP2zDrs9dhGgepus2\/ERahVwFr5jRDchF2jCx5cqTiE9CwuAwI4ztSewXM+keDsmAAoGV8qicjKAmokyTujz8Pt0ubuL7Zo3\/+EwH0Fu0yqTI0PlfkDAxftdvubX0DwkPEL1Ys1JczkA5o2okvwzloGIRmG\/5p2ZLhuCcIfTMkB5hPFgkXmWE8bNKCsiCijKcxlJE58T\/Bs7KO99VWovYSh7XujacQIsrOWD4ngpsxQOnWzWHNI6Hz9zoCr3iAZfUtemo08nKkjt3hmmff6D2iPsNJUeEJV+R5NWzGfh4YokledF0c+qgfcyMCt23zpaXdET5Xlf0TYwS3j7a7j5hWdjf+2+Cp25Y643N5nVwFZXgmHCtXCbP\/TIPT+qvhoV6jTaL+\/rIu0EzVrFyk1QmNvT1Yr01Lyy4C0Uugxd3xMMGXt8WcXVXvtz\/2H0LnL9UTOZ0L"} -01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431309055814,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431309055814,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01449{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431309055814,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431309055814,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425498439786,"flow_src_last_pkt_time":1621425498439786,"flow_dst_last_pkt_time":1621425498439786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431309055814,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621425516873917,"flow_src_last_pkt_time":1621425516873917,"flow_dst_last_pkt_time":1621425516873917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431309055814,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431355629555,"flow_src_last_pkt_time":1621431355629555,"flow_dst_last_pkt_time":1621431355629555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1621431355629555,"flow_dst_last_pkt_time":1621431355629555,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431355629555,"pkt":"AAAAAAAAAAEAaACzCABFAAVipRBAAH4RM2+okEAFZsLPs8kAAbsFTgz5x\/8AAB0Ipr6cuikmNEMAAEU0i0hH+cAdz5ZZK\/xgszII4NJ+Cs\/TRSxsD\/59bGzAHONnn6j+X3amElYhYMo+go49s13dC+nlDHUdymxgbgfhGCJjdyT9TzcGgD1HhFldjuPuqaUqb2U+e5hIm7ZwKR4IiSdw5myr6wLeQGKnRWRznbKdv0\/S8qhtnacEzUWkRbgLNZB6UrIuIb3\/XF61ze+uu1oQFMqs\/98rtD2Gush\/bOd4PCp75DHjTM7vEePRlMktunxdIh3uhOzgWNKSQKJT0NAyTU7NxzeiF3GfRej2\/kZ85CVwTrCrF16rxPwjm9ETk7onwTP2SJN9jSLLXtE8HLoGNVYKwKhEtDy7juZS+ZzakAkwGM40iWULaV8JHp3tnl4HFGHlYIam6j9\/x\/pkFvR97oZ4wzOV8R3kk4Ra7CeuS8G446n4JShwKYpq8P1sEbgLA0Q+fIXUmPEN7zq\/oW\/SjwuvXJSpkHba6nxwXOq9T2kwGi2sisBu9OUPhX+jksGDs7ufRR3uLnbqZloU9ve7ujWkOVy8l0mz6YekjKqsAnkn1AHXrNbiuNq3lfNWMOdFJMSCZVvRNOSxLp0vTEGoqQhPMALOnaZWkaB\/IYt22cFqUAekqyAVUEGfqiGt6h9rCpzV8lGyjNf1CoZnWFNQvZHRcUd0E0mwSijEO\/8qx\/3uH7V1emFiAJLB37Dab2xZnuNuUQ5y+bJoqPPXPlpeEf9N2vgb4V1z5g\/MMBLG41lXjcqJeJWiZvymJ1H3KCTyAX75xQGo9dFLeD8l8p7GaWhBKf6VVbpWbM2nvE4+lRC2IaGF4F5M+5QC4RODSGaHlCcroOJfhkPdPiQrLTk\/7S0AiJhOEEoxKs5rmjMJWHbOhMEmV2Uqjkwlipc94JjyYJ2kxfN3X0UT\/S4dmpbMytDlXm2P3piCB\/MLrm+e9saulhmLDTxI5H7sCO9NK8mugUOQqCu4A60KTwRUiaJW97RDku8KM7tNRUwdkA7m4N6y8rHQhIH4ocpzig55LxPWT5XZqJmtqcBDZzFQl61yCq0MRPJez5meDXJITVqsdC8fAKML2\/9BBA6p2fme6P1rzQPoj+L2OOAcsG1lD15uPkM7J4XMlnbWRKz5t+5U5cCLF\/FyZV6ikFZeMEUbfhZVFVez5O0b7ArQykKFskvw5ow0nPTWFs3RhbSkruVVy+CP7T20ld2Zoo3waO1CAhdyywLs+WjgaBeB6BJYKM6gxS4fW8wzOgcaq4G2GqkD3m4pZqaaELLxGOxDCmCzO0QCG9M6jpfPOKsOfPc5ynpr4aPju6JGtl\/z+IPQNUX6dMyprmtEVvzlezA5hXv1FOS9Bu3pJnoRf0c1aYbjlC2uFltDff+w4\/xv44mcnP49XC51ZyX8YG\/WwlTNT+Q+PSx8mlKvW7CnX5u232hGz8LR+K7zeWVVpOleSv30hmVlH6Y4OuVkNecB2PlodVOjeqdjRSRxqRsLbcqLCC9cOmgjc\/ohryRRJQyMJtXeWbDrdqNKdq1pDxsuJ4wwMBMesHq4H0mEc4PlhC8w6AbhwgQpeeSZn5X2ZrFQy5Ipg3+vRKwYL\/Mi3kjrs2fSPNxarNRLlKyoY7f4hw2NjTzNWp0j2aXeNoKqTjDtXyit70tR4YqLzkn9C0xp0mUo9nxF4EWJdmjCX0ANdhrJMcQX5aRmmU+t3M1w1Bgicj3DEsU\/1FRB7DjmpdgCWCW4r5M6W6LkewBSsNiNSC3DnsTbf6eTU4wOue5\/0G7VJOcj6q0duKzEYYTXcoYAbuKiXnvE4OcU"} -01432{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431355629555,"flow_src_last_pkt_time":1621431355629555,"flow_dst_last_pkt_time":1621431355629555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01458{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431355629555,"flow_src_last_pkt_time":1621431355629555,"flow_dst_last_pkt_time":1621431355629555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01146{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431305591580,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01161{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01143{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431309055814,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} @@ -79,16 +79,16 @@ 01158{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431299729996,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431355629555,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431369135186,"flow_src_last_pkt_time":1621431369135186,"flow_dst_last_pkt_time":1621431369135186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431369135186,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1621431369135186,"flow_dst_last_pkt_time":1621431369135186,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431369135186,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+m5AAH4RGJmokEAFcfqJ8\/a7AbsFTuukwf8AAB0IwkoI2nuQHYUAAEU01K7fN93B4MUASGiXGUyARwSY+4aO68HNYjEt7GWPzfJckCAv1T4i5dLLPnKrxPNl7uR\/wsXzoosnnjNfCeM6JnFogGoD8Fd67g3pBz\/4xd9MrHK8spfp0sKR5PgUqqWOgvCutevbQ8qYXNVgijT5\/8AiGcOOHWAx5JOe9WKc+HYLYWnuE5L3HEZQo4nrWEMko3D15BJbkyW22cYvauBzrX7Zq2OYwnKGwfvfdTYQGFwBMKheaRrgDFFEbI95H6nND\/F7o65wah9YFCBHrCZCULES1ZD7GJY\/Bqf\/MjcEld0g3C+HvcIVjENbzsXizvCuDmTJV9YcPMpv9s382puliOWP4gOQWgoAG3Ao6cfEvPQFaiuvHkR1sXIVJDapx4gQAa8qedAjI4Qk9A2tznfUat8eb5YjNDd00djuz1xXJ1+7\/xnEryQeYx5B9q0Yh4cp1f8Mpm8PkVLPsaI5EJD7Bo2TjORoihUYfLnocxxlk+mWTWVOcQW\/cjslUg1\/uOKIPppK9Zo0xPvYv4LI237JcA2TOoJFeS2HbNf22y6wRXsJR7Z1jYbJCoLzvh8chtuZ6AA0Jcfp8DQO6eEIRfW\/h5uscIqr7vrdGBDh5\/zvBHXMvSXwUSNMs9ju24jzW8z9yJsqxVYmitvQJ7dOrLH\/K5mn71oTWSfLy9yPsyJGefj4rQHs6usmcTj3v05Oe+rdTxkAwaXEjfHjw7A18cRPFLq1e7XPVF15OaAIZGGJW+X9C6SnLNTHrGmlAeBe5bF1NxyJ8XbUSvQBp1NyQhLMJ6GHeTnqG2+oKcMtLlDqhrjxBcqwGzBORNaeIk37oEDvRj2ULgb1Cu19EZ8tiMvhQaCqwm6eg\/krsi8k4E\/id\/90KGowDX\/Pr\/s1sAND5Dh+Md7iwKz3tFkcVqiC9XKQGYvwvrNl3M\/DVbx88F8Mq1fhBPFp75j4duggfbVz4fePFTUYQyXEdkFrbprYYprY3G2nbXPGgbmp+\/keXeMNgYEi7eCqoK5MGIiI5kYO52LEu7uBHu6gfW0a\/oN3u8Hg87YiAKF6G4HUNDN7ak+kYj0Gg+8\/osNPKdMNnn3Ttq+e4FpeaVuPQtri+1\/ozlT88MEsTrI4ZjcLkQrdsDGrSk5pFNuuaNdnBxmLTD9+Y31TuPjZdF3y8aerRjGjcKA924zFY6F3+erxKilvfVdWBBMq\/sZv6Vksw\/+Fz1wttZxo9VEZshnZyBhQtfaWNbpCUMCLWSIOTygpzB56\/djZxzMToQ0OTov79H21iuzt9kW26NuI44K+W4r3zJK44FZlurMlKsoEREV+b\/FORcM8avXBcW20SB9dZBdfAIWoFzST8hpkmnW5KzJkqUXpqJQJHsur9uW7QvcJJs3nF\/XtsYVO7wfuWlEoUZSI7JS9k\/vtrqWVy2X+CigTWqjVYJhzagu87STW7dgMdyFPWLSjmBjeACNJOqSiLuLI6nqP7AToDkXf2o2wX1ea4tL+l2elnz8UUQ0mwPbx3D2flZoxja8QhG\/H0Dkv\/zqHUfQXS1ey7dOzI0gQWGL2bong5dY9vIH\/KH\/EE5WN9+MZTB5oOqSTzGQ0G10wtkmcpl7cceFjmLyC\/CPGRf1WcWpg0St7TVzKyiD9jSy7E7M+Mef3DDpD6ufY+IM3YsYXJiOqBLz9Mad7YJnU4xywy8xIlHMAZnyk840yn2AImi8yGcKAuOx8ekNKD\/3YSrti2Nd30LJbAbXW+9aUyCWGxhaYhZKKyYrgwwNNaQQ6T+r69Xv\/AhEpDvcH"} -01424{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431369135186,"flow_src_last_pkt_time":1621431369135186,"flow_dst_last_pkt_time":1621431369135186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431369135186,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01450{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431369135186,"flow_src_last_pkt_time":1621431369135186,"flow_dst_last_pkt_time":1621431369135186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431369135186,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370645999,"flow_src_last_pkt_time":1621431370645999,"flow_dst_last_pkt_time":1621431370645999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431370645999,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1621431370645999,"flow_dst_last_pkt_time":1621431370645999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431370645999,"pkt":"AAAAAAAAAAEAU0VlCABFAAViMu9AAH4RJlaokEAFmWIcTtMAAbsFTkg1z\/8AAB0I+lN8UldDPwoANwCkKLl+3h3UHIQgS3vcwcXrZ6T5hiytz4Q4TWQ7pmsAJO5xTHpseYqRKlKHmxme9TRfa47qWTNE\/T2kS0vQRKN+NvKsLSu+R20pLtVijhGmejNVjxQkpOqlEUNcFIHcN2wzhOdXdZI9UF3VUhNkOijfbeykwXjQP1\/nKm9mO0G\/ypc7Y2OQX8KQjJvTKmxfJgoiRMmIZd66ehWzpVA7ADDpyDredKxOTaDSAYoR9nNN9ch6nx3ZMTTXTycMrWty+BPeuRbrkASH1HytOMULRsu12u6n42QgaeYSvJl7RKIje\/FCPE4VKoS2bBqDGJdyFYhy9WpCdBYHFXRsvzage9S\/AuIhACnspXakPoSAAKTsCYsy7O8Xfk5D9YcZNZIWuP2P5LmgHVsAyYCWuB0zDz\/P\/niv7vxRu76Gc2OqQjwDwC1yI28dLAM1\/qVCYRFk9YMbF\/iD7Nsy5jvI9F\/PUuc57iiKLeU\/x1YGOwxmbb1YAjhXgnTaAuvlp4rcuFTF\/jkRDZDwvS0ElQbZ1sDIOXoAhaFOvXD0EKhqtqXAu8QvhDZA4eNLtzEFYCKh+iIymyxHd3zWX+3NxjMpE9Ns6UHSd84eMRpZcGmgG02e\/nW7OJALJ0IxLfndoUAlJk4IvuZcxngA9k\/unBNCOAlRVhFhhDnD4zD9WKXcfMQ8zOFHhmGS13WBEjy7kK3uLOIS3qui39MawSxNS7Ml6mSKoaSyb4+SNDLXoJWz3B44z0+hVh4WwxeJPSZ7w0VPVgCLDMcbCK1ByAz8JXWCFN83+GTRF5hMdm4dISfNt7qLcE3DH5CsDA+yUGakDromNlDnPMXyFA3nBYHp4IXGe9Qb9ePX1Y\/SndfWnyp3BEETdFg9vGIGsMMkmqU+J5mYsWQmYX5\/h7SfM4llXroWubSp8gBiYn3ZEiVxAgaNGqIripZvwoMsqPR8pCBgu6y3F8BYlwrVh+ZxYeOX5ab1qs+HTR\/VqeeVG8Eay\/MH5IQteK\/x80AjKjDmsExVlZ9Yvq1ASQtfskSMH0GMY9POIkrjW7EvJxN5wK\/qGiieo8H6mYS7uXrxZHkGc68vVyNWX9p3QoffUgaN1rL++0wS2CIvPmNLRJCwPEEWdTb37V1X6bBSAYmxZUUOT8oUGnsozk6dfMeAsBVRYGBaFG9+Y1uHxPYwvKwCvo+pVvLyi9jA\/MUPqdH5HKAlVkIxZHfTN0TbmkKqYM1+\/dGw42Opggft9Ujn+E6Te2o7P21d6\/4ziedAj7hW\/ducyroIUruOxK6kZkZIfc1rfDtpstdc1OwhsM8efvN8mSqQCgneDcWSXy4bE3JNAWNwVmsvgrlZnik2Id38oh\/fD8oub9PI\/kmIUiP1uSKBBkJyEnZ\/+uDpCaSemLo73IkSmAKSVsNdykI61VqMLJEb+fNx3Qf\/\/ppmJTj9\/JSXpVaRHvFY4L8IDk53+jFdIKFjZmAbMyUI5v3Br8tILw49LDtUwMV8TUdpFD45PjvSQ+YyqLq+OuacdGaLpMcBrUOmuMqWWPYG89KlxtPyViKOZQDTS8sb2EBEHN8hGk3fUXt1bo+FE8NSXvIg7NRqP5Nv3yrdaqPCA7cxMCsT0Z4cAs4COX\/fJ4v3Qpyc7hbzFiy9BZYDLGPjdm9XGzS14zLvvjA8ujJQXVu8\/cqxKCkP5AWXvVW61iwAkR3yFCXIjI79f5ml9EjzFluSxM8yINcpyXkiGxaLUSehYQkeNBr1bVFEIJq2IJOjgn8tdoygPZ\/Ggtxsz4Ympsa29lLPp\/1R"} -01408{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370645999,"flow_src_last_pkt_time":1621431370645999,"flow_dst_last_pkt_time":1621431370645999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431370645999,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370645999,"flow_src_last_pkt_time":1621431370645999,"flow_dst_last_pkt_time":1621431370645999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431370645999,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370796601,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431370796601,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431370796601,"pkt":"AAAAAAAAAAEAWIVLCABFAAVimjxAAH4Ri5mokEAFYyqF9cgwAbsFTgeRwv8AAB0Iy4aUElydjLEAAEU0cgy7g6waI4s\/Db31CXMNLtpBLCBMqbNNIERpncwoj\/mzw930r9KSGtTDq0Un\/reM90\/o2LMUXhAxGEjpV8kM2isFWzwDO4KLtdnvjoVU\/jW5X1cAIJGi224o+IBoqe\/q3MhszxPlHqwkUkoHgcWP8rFY11sIccKhMsLy4OlgMZHEtOM9cK6MhXXnbI4PIfeHbKw3eQF9bmAITBhN2hEUuCQ5tkEGA44Ny7kWGmEH8N+oonqrQFSRfhvaY3aPSuVRpbZIPtuPu5FfCgb9SlrhiL+YFIGOqSPYS1Fga7DZceldELqsQnht1L6sPyvDZGhFHGevrPqJKYsG5AJ1dz0CBKyRoEBiPDMdvlFISahZktRsu1zHBcqXO6dH\/i8qaCuLB3C0cU7Mf84KfPTeo\/gsTws0xYHHMgBbeLbnL3UFA5r6TMOj9bItn6l59owKGAThBrdETsc3kNqb2EaYZyfxOIPnMT50EN3E5+o1NkgWuOzUcI4wNbi\/tPHdtNay4zsdQpx+v0mHMwKaNOaS1cXTI5EglEP9nh0+7Pd14q0LRBQ3DeciSithO1E4K1W\/Z4sWicTGPnlHMSkhRPDqwcMrqZYI65EaAXb2hwQHTLQOC3yEOm8uj32O6iPw1kmWecebjTAhzoITApAhOJNqbhOhmL3LYzlMNpCxKIbZWwXYI7KE\/nyX+9ktlfBgqL7lMUB\/nzCvI8L8RT\/TyhNdGRodyYga3YaHfnznNluGiCWRkzVsHTXG5IbNbGj69KA73CTFlz3wgsOw1uHC\/q3RChP7l2qOfWKIMtxcvHriXoLF\/vYMzoqEm8pCiWCoZMnY39DH0b5dzrRQCWGNuyliasUzdNwfCWtlCp7bb4qxiMpsXc+uNU+g2bw+VTTlx1U6pmIskkdKx+mP5J+pvDAUA8T3JVvzUY7NyB8IEQ0IbbpFr4IAdnh2CDfm\/3LkeBAfOpK4ISFWDT\/Zq8xGBrTh4yq\/7VJSuZCIU6mdUPZvVTVYBmdKXePmLICT7JVQHsyS6MxIt1eR8vw5vXsNJo11Hj6NXO8R3qnkStwD3Hp1s8H3wRtuYv0txfoYvO+JQlg0ebqSA11uOBMpoISeySuHozQ8oCCsnJndgourEdZSSgF1xkc5zlxohntckX9YYRJuzAJGjDN4T1wfrPFQyenplFLZHMDpAhiV7Te3CCs6SKS28MBI6cwMwV1jZ4JX4bfrUb5Sbdar5XQqw9SbBJFJJmemfZlNvZabnR9m9F8aNRgxnvKtrT\/oN6gP7nsRQo4l8nySxze1hd0tyD8+tMuNQJRNnwq\/z6am\/OObDrBsZm3FIBJGoG3zuBmWjHfo9F91ajEKf3cpkFlxxZkkSD9hD9i3XpaytXko+K4WOBWAhjq6wftsLdQLBpeCv6ZMwSeTt2tPaiX6D3HlJiyhzzjMup+ygJV6xano1oW2u\/3nyWiYV0GHV+b5y0lkHYM1dgiTaT2KrSOD3IRFXFcs9y8cNjsa5kJDBFFwGRXnrEEfcCFRxk12riHmlcId3GMVfy4P0YANskdNyw2M+xiEcOkt6DL850Uen9ExlETBFpaBh9C+ABSY+1ty8tYaL3zfMeNRiFgkNZZN1r942JOKKotMtpCq+6AVsdDiJcE3TtG4YJZ2yTO5bCLeezzQEhXvpEnuAz6dq59BUrxZNWOqZ8HHhEXq3N82ukDRJgBUvK0NQJTyZjgLcV\/Y6DWk0EO9WY2nkKr38\/Agezi3TaatfB4TRt19446lztdcfJd7DYB6DWTlmwbRMquv"} -01413{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370796601,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431370796601,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01439{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370796601,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431370796601,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431431363077,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431431363077,"pkt":"AAAAAAAAAAEA737VCABFAAViT5FAAH4R4cKokEAFLeSvve3gAbsFTo4zzv8AAB0IdJfsHA8rg\/UANwBZgvMHq3AV4dyxbh1M7qxYXz\/QqdNTBH1HN0CS98tw5ggQc1OjegApOEUGthGeOLQM+rNmjRhE\/clLK4HuBl1LUEre0au1gZTt1KqH6IUxZKrE2sGM+Fqy7i7mdjukue2Wu9obDV8t84mfBGQvFDIc4C1GtNO91WWUABZgT7OXtAGbDvKSc6M0BxmN8Ta9If00OJSKfKhlAsrhpMyMxJleFReMHQ4vg3EHhEg3\/NEef0p7Zb8BSIABFdcX93ZJbQwy+tHFaBeQPW5hn0M6xbNjf\/RY8iKGm7C2EQaLG\/adPJ1obLE57u5xg+UA+iXg0DYCJwxxRWfvhsQNGcUILv1KPQmWIddwcM+oBfVZ7KRAyWk+0AiZGEtw5sCcIbEGLLWCyvoCaVrzFwX4Kxz3c7epqJFIX\/G4r4+8H23LqwgKdJlZseYuGRd9WZ17cAlMwRxkcaXk6EXP9kebqJHJ3dsOkzIicKHPAuN+sTLUfuCH9AK8a\/4BqLh0qhEbE4oM2O7m0ZqtxPFpAd5AdDOcmU0hU21c5xII4eHDJKcgQfeUv8B8IfJzEDaXWMwoJj4d4vPmcte8bu\/qmXZ1s8mPqlbPtjg8e7kqLmBzoI9FINBrXqlwZ15IYu8U9PmD0+zaeALYJjz54xNHN5vMvsd1bG1xBVwnOw1yRR07LgIALUvx1jSrXJCtvK9x3n0e17\/4XbEbU23L0VEkeWuLpyKfzxELjZtRJEtpFPK65Oka98APYQk+cvApo4Lv78agQ4isgrdWL\/lPZZz4e1uzhC0FBRUgyvNQPK2FuPLSh6vnlitflvFrugGvGJPfCcZvXgSXYhz6PyAu6ucrDkSDkrlCeDqiNpAW9DPw533VK1F2HoCn3U9TSSojbSvKUhD5pkbtLeWikk9yO3bArlheE4cXpsDpxzpKyb+b625k3E3BKOMUug6yBthPhhd+KYT9k7QNv49jm145a6LOpftpBseU6YgEk3IkEn1kE0Ry+7JgvD+e7\/hPh4fTdkqT4\/TjJBDL\/5cc4C745utJS\/GXQLmxqClZo8OaKh+kXsNsf3UBWFfLD7KYYITUazzjm4HTDJx22SBXRiSymUZaCiqENZ+uQsLGTRXM6uMxohZt8R\/IQ8G0EqRIa+L34Shdk3NM4sny6iPaT2GH9XAJHyLYemSXNtIrflbXIk7DcAe9WoEKXLafhV1Jrt2VExW1lKiX3NE7AAcMr2YnXBca+0F0\/6iDygHo5jrguhUsl0G\/7cLdUv8CGCYL3MesNJjj71hJsM+4d2agB4IWoE5R19rtfLA1vtKIDOXTGa2fzqMjyQoe+YW5HTBVmgNVSkZf8TM5SDI0XzGDjmd5nIpY2o3rBWBv9s6WzH2rmNVqIh7TJUJMAcpiwJjtgJzrS5Df5gmwZJz6ADwyaSKk2RZlhl7rdxydk46DIs+UU5sl+oKmvzr\/a0f+puDT8Pqc5OFZU4lQ5MXrn49YDCk9QPkWSlDYRK1UI4nr4NWKo\/\/Pw\/UFfpF9RnncBRyUFvONCCgRjmgmTi97CEEwbbxu\/Ki8qbPdIDbhcLsKaHhiFtKjKD0dMVkAfS16egEUxcfuMtmT8\/+LcTgqwwjg\/mITmoaavzef\/yGP6uX9jutL\/g3miLPjpmyK5Acy3dJwCKXrUWYFg70tEZ670oPo3w3+vZPuxYO7UtMA2cZA7eta5PXcPaU8MOYnga\/iqCsWqSwZ05kCD8++07rRI1TOxvKxLmRo5hLgAqZ\/VaeBFZ3vrlfLivk6N9hE4WT2M2RUIs7n"} -01408{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431431363077,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431431363077,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01153{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370645999,"flow_src_last_pkt_time":1621431370645999,"flow_dst_last_pkt_time":1621431370645999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01146{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431305591580,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01161{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} @@ -100,10 +100,10 @@ 01158{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431355629555,"flow_src_last_pkt_time":1621431355629555,"flow_dst_last_pkt_time":1621431355629555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431431363077,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431465588465,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431465588465,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFOJAAH4RYRqokEAFgPgYAeyHAbsFTuuvwP8AAB0IU7\/qR9hybwkANwBhzZIZzXuLO+ITUxwPQ154KDm4YAA5umLfVFm+RmcLUYDlEBA\/pAz6nvB8AVSCdTXI5TOYsV9E\/QWBFKCDCIBHTHvFyIcz+i9HnhzJx3oomex6fz89Wv0t4v5XCsZ2gtXaLihep1Q6RHSn816q6Kh40Jb6q21pIvxBT+cRUyfL9XQqtwbCmih\/1k+KHNhNh+kRFh6XJbGZqdVuNiBplHu6zJ0pkshr1pvC1LJhyvQU0Dm4mWPTqJuQqwLB7hjY60vKpAGHvyyOczQWN09erIQDzXbzqMhL4b0M2w1\/TlT7huuQTxEID3j5k9KaYjz6kf0ER1JcH8cEnZSpU6ZDcA0aKtSUCRbfGucvzpXAlU1P0gD13ZbHqKxSYrqnpXGcTVwS3I9+c5Q\/VkUgvsZc0wf\/9MEOjlcithT92XYA7xmlU0UfwPd4Ojf1wNxPgSU\/K0DnDk1womS0G\/ZSh9D9ZlZVB5yVA13pIiaR+k8r1X82fdroTGzdHugbU8o3fbaRyQm8b4yRtnFzF0LxEo7PtOJzdm0ZBLoje+ZNNqh9NFtJ9V1qQS1X9VNOsUZvWPNgQBaeyZndWXpgl15MvPmte+qN9awZ8E\/Y3bjdMYO04PR3TnIuFN08oA49CYA1VctJp7\/dE8aTfiUzEHQg2lRh\/vprMm4FsAuocyWHNetPgpGS\/nW\/ajz3nUWrWpr4p5iU3XvWC1ReAGuIIwesUqSmu427nLGiB1ay7OxzNWba7FJKEY4XyQMczhEntYCEKh4B2jDrKe9HHMi65qX0Oh6pF0JJHBGwEfsMrAVsySYaPZfJk7O3QMH6jwaf2H8zG51QPhsVfJebD1eM82cCAiKz3k4AxeP1Mp2XyoYtWJntK6nrkhq29ZSo8N9IF25Bx4cyZQ1gWgsf6YOucgt1DYomgaAz5sN1VRPs3lKuTuJk+9CmvbZws8Lrl5pNQluKA7HS6J5r6Sdko6sMJa32MLYdskh\/eWjyAO4PIU0DLNnI9urDc90Tl7DeKVFUDKd5Ccw06SjbQZXaBeFclUY6Rq7ktvqS4xNkU42wPXNNkc+Km0VcpWL5mTb8raM3lJS9QkTtvIQ+D3CxIQKxNN71qsRBMGUoIaCSVO44MLEyhaXL++UAl6veMNbMWNzpyGl2ZAQaiMg3gh88e\/KjyFDhVelq57ttuwxfYY4HdAvf1O7Wm2niYjEYy3EGd+XJh75LEv2J7OvkX\/TDKMoDPHZBKylGhceTFClV6SwJCqHbmFRPRljZRudE8DcvLMdi2ArGtC7wV6BJuPxvznknqIpsuPaaUACqFh132DMk+VymlGGrHAEvcCDBXHcv+s986i6aYzFj3+UG25eWMpILHj80J8I1qvmexhdgAH0\/xq6OcVC+CWTvOrw2ojyebhvuLWQwJTRfXumFCZVnkVXMY\/wBcky+Zey4VYpd2tteRlcYmo0gstMZmuJQkyXGMQDd6DmMt+xSCBKdq2pU3+cJZWcSDy+PS90fcIm9NFtg1W76+\/3yU3UvgIkGb2htcHHuLcboGe6WFdcvOvn66fYN1q99qa+mvjvMLlrlsqtu4oszePWHk3JUyZ0uzuBriY6ZOViLOu9+ngcuDNQPDEI8BMfCUASLWFyzVNOtTnOzlD21\/UqlSPBUT+FMnLB8yDq8q7wJuDMTSdqKQ5\/2g+\/gT1sPzVcQn8bdHpPg21YclHOSozdRTvS2OQZHZHwOsQ3Q8D0cWDoLqYrm7VvgO2SJgZmoD+0O+6Mg5gIxvYEyW63O7uwaFAXSn6cSWSij"} -01408{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431465588465,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431465588465,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431482942620,"flow_src_last_pkt_time":1621431482942620,"flow_dst_last_pkt_time":1621431482942620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1621431482942620,"flow_dst_last_pkt_time":1621431482942620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431482942620,"pkt":"AAAAAAAAAAEATej1CABFAAVioMVAAH4RjguokEAFsVYuztyoAbsFTmeUz\/8AAB0IyBHAZ\/KzP6sANwD5gA3If0Iup4ZIgtnchwt9ocBVPoi0jazUzZX7baSHnp2+ZpfaMjYJtsimLMd7snuHAP5qKMdE\/QlWzMm9QjekYI5DKIp3Vs2bgEYSzsPRJHJKk+aezBC58a0+UE3a4VvidK0X7rVv7FFtJ\/MlZ0l7eyLpQagPrjcoOKGABkLRMC8f8c7JiV+3vMxbVMzswL0F0LHGpOF6tJmgxxG3+uIP4la3w9aqL9EIveC4NT3J3l\/d0v30cvaNQdKp9qrKAtUZ3b8p5FSbz95HiJcYx1aCRH8HEjdQWEZtyOX1SVZcoQkIfAis2hQqjHVzbGHJilsHstK+d\/yh1vND+cvzFLHGQ69Qa22CEae79RChQnTrK2ZCkxDnMfq1REzR81Vvo7\/ll3OtbcsHwGPv90oLgV5z+gQBcGSsn+txIgajW5\/OHfM0j4G0dOYCsFP1nOlqm4KZEyRojk5FD9gkh+QOWzUWMY5A1pCDVEbH98Ij7MdFXOII4eyOGrKjZzB3mOY4L3c23aLspNnA\/xDDGoLwBtxo8tuS0zMN0N7GirfEc+UfpigoL4GN63\/LWtTXGeRupY0hNf1HQSb5VrjXblNspzeSPkwLA3aJ5esrWE6xSGdL6JZ5WypP8xT64XLmr0Zb60RDfQA5rRVy5Slfvqsy9gpQwpIPi8FWy85za9+wqZmlViFlX2epvHU\/FjVYv3WNuP8SbX3Uhu84jX8xNIyRWWdBxFeFE\/86cZtOr\/Y3X4PqG7sr0JWY\/fMaNEX7\/wyGWZ4GThmJ5+cXL+EYkRu6GhEEZrNAi+9kCVttLBMUDHxs8XD83alhSam2NBHXrH3qgMFg4wem33ZjfiDKFbwU8lzTj0R5jphur9\/TMii0ZE4o\/tWuxXum9FphC9lsiHff\/LoE+tpkkEGSJvfUkY+42PUd+iyulKfdSSlb2w3ICSW982gZX8yqFnIWdMtFMt7VtGfDY6b2g\/VctCi7tH4bfPeCfOSltFtkJj87\/U\/kUi9e1b26oCdt5Xk6wLRo21LJgccFK7EgeSfdK8uEGdrc\/u9CQqoxHZNC0NFUmmKcp\/1jZCF0P3DcN0ewbtKhnRxAjSNjtkYP74ShEvo3ktBV+nVpNskRYreit0gbPCwlbV4PLZXs3NS2DwC1zjsxp6Hv+nM3Q3t+CbogIe1A48l1yD1WlnX7Siynac+mrBcCDB7xdiQozuRnqhIinTfzuyAJM7Da8bFtM4zKsUHWfXAlicU5hdqlIJ6QkyRLm3x+ut5L5m62Q2VfTWbqDNHIYAnHPUo+TuglzAH0cDKH4SYvskX8XBUvmGvLHZZLJKUBhOxd87nESRICfrgx6G3GmLH92u34bDky8P6str3vYXizffmDVn1fnpnNyetYdgDy1+qT4TCFCyOkA8eJxH04nS1cwuyXOClUl4xACm9FU4jJJg92Pyie1LF9nZIEvD+s8U296VtKerW0URPmgRjvHP723Xg+xd+1t2dLLFXB6dee9it85SO3nA37lV1L1ODC1xoDUthLzBuJjMX32C9IytuXhyyPcrHeaPjq4gDH3rx9QhfkdaaErk1SnrXw0GjVVxKPC1H0G8BIzVuCJzL6ifqHzHtQpmqGWkB1dkKDilpNyCRwBtJL1lOHBAp\/WGH4+IC4wpPGe9o5k38RrL8SgNobFDQ7d4KUVI\/R6UNBDzFLkmCpffORWC9LBKt3SKQtPDoJw4\/zzDEridhd8NKA22XDC0i6N8sevkZDtKuiWYpfGInjxye\/dACo5mlltAELaIWcGHUxsmgi"} -01404{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431482942620,"flow_src_last_pkt_time":1621431482942620,"flow_dst_last_pkt_time":1621431482942620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01430{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431482942620,"flow_src_last_pkt_time":1621431482942620,"flow_dst_last_pkt_time":1621431482942620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"177.86.46.206","src_port":56488,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01145{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621431301735068,"flow_src_last_pkt_time":1621431301808564,"flow_dst_last_pkt_time":1621431301735068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":53431,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01156{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431299729996,"flow_src_last_pkt_time":1621431299729996,"flow_dst_last_pkt_time":1621431299729996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01153{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370645999,"flow_src_last_pkt_time":1621431370645999,"flow_dst_last_pkt_time":1621431370645999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -116,14 +116,14 @@ 01158{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431355629555,"flow_src_last_pkt_time":1621431355629555,"flow_dst_last_pkt_time":1621431355629555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431482942620,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":51456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431520499355,"flow_src_last_pkt_time":1621431520499355,"flow_dst_last_pkt_time":1621431520499355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1621431520499355,"flow_dst_last_pkt_time":1621431520499355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431520499355,"pkt":"AAAAAAAAAAEAU0VlCABFAAViMyFAAH4RJiSokEAFmWIcTsABAbsFToP3zf8AAB0I8UfMm0YCumkAAEU0qB108owToXTtuCRjc+70inAihifYHiWbQuXfJea7VaHoD1Z3r4\/vBhoSdhxMdibKvoSajiWd+GKpZIpSe6Mu3b02WuJTQZ7lIlxB6R8387TPpWvfdvZCcexYSs5w06Q1KSKSldCKb13732QiDhmceyuJ+G\/vOPKCn4lhROVQeWtYaKBdyapYqZHfhjZWjljHpjVo2vNz+VkBflOX+Ozm6T\/87Vc5UeUm3B37gfSZ4LeIx7NevaSMxGXLmBBGm53OH67qMQ24dCiLmx1nIEP2GSXUuuxzvdiYJ+C33xdZKaEr6jhIjm7VN1\/Zu8CjfkKQf7D8e9dFZtoH9YVFCLq08e8yFNdGIgBhWD1FTAmwmExuDbbN8chYJX2X\/1hfjPMXADpNHptZq24MTx4Ub2WVKMWLSPtjykME1uGVH48mFoWytx02J11gW\/ap3AsmyZ9NdEW7Cunzb7OdwAsLm5eBcsvVYsBASXkXW3J41zJ4fFwc7gDX94tPUT2MihCUm3spqjn8qePvRLkJUMDo\/SAAm5dZcaQtVMRqKRQyJK3obHEqKv8SvkNiEUp6IvmaXKJzaHAMKbNjzuPBN5APMlSrVhrdjOoWnxltOAScvKXxSntCksumIK1eZRzMyHmhY2Zkz\/cbLMG+nbi739ExhDy7kfNZcN1w7DL8T3NA2lau5y0gmwx2J+etKbkof1MTLgLIWQjaMgJ3Yg5iRbSia+X7UmijUvf0oRg1VUpzVMKvybapDiUxy7TKrPFHlmnAdWt7EbvCGo4ZOvDt9jNsJ3ry3qsfnRRTY0KCXoq9KBhKDVmNwRT0CfKMZF9UZyQR8waEK3M2khCNE8K0HtopUIBaei2pkSAkP0cWMAQzYQoAL9RPKGIb2zxA2FTLXUCeYjqOz5YFjo\/YUbPspSIkamI5Uqoz3HxLcyaZT1IlDi3snj703Pl1raa5uPYB9SbeFS3jz22i+jMB1jK64ocdk\/Ap04WGAZSylA0JvWsYxDreLK4icj5p\/lle+733epQE+WSvjvH3tpEFuFmbvfaXn1HUnxAw3Znts4em7rmRTGyYtwIh8Xo3qzYWxNp\/\/277cZjRt9QzcMt6pSHqe\/yM04MKoyEXtKFSOMDWukBJqjkH4ISeeqHmQ0D2O3e10r1RYA0qfHiQCpBrjUzeDJ5xQe6BIM9EKqojRuTs\/9mFZHxEdvsWM0nr40pxU4fyO6RlV7bvX6gjlu6xDeyImfTBJ1CrhxkM0NIOLgBByqIu1vkvl+ToqkPCKb8lpAmBCSOuL8LVtqnQvcqcllj+MkGi4em4vqlh9wF35mSy9bZRKUfyGp+cvVqboEHj5rnD\/784KqHiRDHIGgaFgNoSsGakObjU1Rp9zwOiAfj+k7Rb9uzcZoWDO5B2gL8j4OXSBSVhkAirs3N86IOumv\/3IoeWBTvvkpNELfLJuEh70vkySKCdBxM0hwVEaMSCru3BXwqtfPMH1QJ4jHNqxDAuEHki1cwAcJhlCh9Wp3ET7xqPW7AeUxwE9fN3Jod8qufi8Ujiy3wnc8\/qOYbxiPpALR0F1dCk1cwWv9kpGmhEZ6eBwn6kYxBWDq0P1zZ7tjZHsfRLSAnN8M937kF16B4WONO3kFuMiJaE8dalwqulOnHsnWLkMT4dr795Qeky6SKp5+YFHGV+5ALzCSXCENO4JxTGck3fzNG3n\/Cx2j6bb0QI1wP3YfxO0Zb0Z81wO59qyyo3YabxIs6ynT60zY7ne50FIpDZulJ5HZlhqxpkr0W\/k06atJOkV0Ej"} -01408{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431520499355,"flow_src_last_pkt_time":1621431520499355,"flow_dst_last_pkt_time":1621431520499355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431520499355,"flow_src_last_pkt_time":1621431520499355,"flow_dst_last_pkt_time":1621431520499355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01144{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431305591580,"flow_src_last_pkt_time":1621431305591580,"flow_dst_last_pkt_time":1621431305591580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"121.209.126.161","src_port":50482,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01159{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431307075029,"flow_src_last_pkt_time":1621431307075029,"flow_dst_last_pkt_time":1621431307075029,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"158.146.215.30","src_port":62652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431309055814,"flow_src_last_pkt_time":1621431309055814,"flow_dst_last_pkt_time":1621431309055814,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":63136,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01147{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431520499355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431576853368,"flow_src_last_pkt_time":1621431576853368,"flow_dst_last_pkt_time":1621431576853368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1621431576853368,"flow_dst_last_pkt_time":1621431576853368,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431576853368,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFQlAAH4RYPOokEAFgPgYAchgAbsFTnq0wv8AAB0IQJ4IpSc1aNIANwCZc\/3f1l3vg6YZeTNl87IqhJ27nCcuea\/qvb41mLVKUuBIV5pQThWzegD9xWcQRyZSfI7h79NE\/YUm1oAXrFrCT3TkbHGJwP3KBfTu3orp0WCwk0l4MiqV0DClWwpW\/1NKhCfuNkry0QNEwg5pHZb\/vSK\/s\/a8cF3aIAtN637iUzqyfqlQEpk\/TZCqI5tarhaQzSJ4uSDtYWWFCyQdGrPQxx36Ty1apquBRh7LpqS3HzTGXWn1iXBjJTo2oNMvvW5LV8Ozlo+ykFGxJKjaz+YxvcqhT3PapUN200W+09yqn+UXzRAxphjhSHCFmnFGaD1Cmd2AoqB2RODbBdfTfnO0p+5IwFP+QXYCSCui22wiXW71huSyPhBNTXtdjBnB0aI7RQe9BP\/8cTXCHdvaiOWZbEqGPCEZpsonT5okRzLwKKitPO9lmE6w6XZFQF+AwHMppJIEs+V4\/+utYSZGmsenl8sXZa5i3PEJK+hPz90wGXsjo2vNoA9zBeskKRP31j+JnkVWm6+SeE\/XRpijNighimBNH4TAc1SkFEUDYnbj8\/dvi6K8\/bLnWnO5ZEd5IeQ8y49ijX2T\/6gXriwCkzq1N2nFeCTG9C25WLUIBOWbIgjk\/+rRxff3yEw3Cf0EsWpP57l3vuNRPUUM9k6QGTA+VA1VqhI5cq5zqw3USveM+coEGcG1czX5cJsPCLcDVcPmIyqMPFVLeTlqZ1e993EuXFPOAn7\/j9tmZpD0F7W3EcJhPNBgFb8I9AuIGuTFhDSHGIm1+udcX3QtCfqh23mMSbz03kWO\/8Pc52Aj8EV9FAJ++uk6cpcxlqReXfPX+orcIqI07HBHS4wZHhfWa4II0L8ZmZqChXEQh4SRM5QraEDhiDgHu2Wr\/XrZ+LTSmy6GJnpyoczRJsxWL+SqSeaD+rxyEDOOHfzLTMkqwLlJdA5\/bX9M6EkuaQ7fp6odWxiaULg9HlTuvy4eSg1Y+BunaS6DHxROL7RTUmCWNUYbZhsn7mUOPPTqltAXc+wYwHbtEmsu3lqjKjPQEUq39uJ2DkvHyNGNu15OR5jgmIUl9ra0cSZwJSuq26MGcArS+trbqUaRVMldH30c\/MqtoFc0+kTZkdf2zXVOuhlhIHDu5oivOacupqIMRXqQvnAj9e3Szh7HtmF\/ZTqRfgMooySSCala0vsE5E7aOt7QgfLg9p0zs80j5g\/fIFZXq6e3PRZGJlOduO5u\/FTED0nlkOStAfZ1cLQvrXot9UJE83tMH4DWSX6zM9DnOiDmars1HY1Qu1gozfortWRStAAQrzDmILzgi+tPIyMlRG1aiOK3rlgWXZwKS5kvAXGSQQPfQS9NlLwCrZHQT69B6mWCBPUBWh8QsOqv76k4Jv46eHsK0hoU92HUqhOqgk09EQBCnGI\/zWgYxU42nbsJkiMdKoLbVeUFxPtnCdHCWdIgtqELcoRLCnlfyj6fLmSJose7rxid75fKfwhgi9zbXUZHzUBVvrHaO1NpbexSUM4VztLAkHYegA4mZsAUTMXrwzehYvktbWieQfVgMvUC0tW6eNm9CeJQwCRuFen27D7bblWN395kZABQJz2J7igCkCcenO9hEEn4u3aBeGpUqZzmS+2bCxYqraA8Fpg0t+bmHW17tRBn26Wlj\/IBR5faBKZzUPN15J\/fmg\/PqeAeDRy7HA\/FEBoAg9iJEv3ZRqMQz+xrjOv+G3\/dDpiheVzILmxX+EOrazHQswKRcYoP3gCsVHHcszDooALZcZ+BQQzftaJeRTwIbx4z"} -01412{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431576853368,"flow_src_last_pkt_time":1621431576853368,"flow_dst_last_pkt_time":1621431576853368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01438{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431576853368,"flow_src_last_pkt_time":1621431576853368,"flow_dst_last_pkt_time":1621431576853368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370645999,"flow_src_last_pkt_time":1621431370645999,"flow_dst_last_pkt_time":1621431370645999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54016,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01156{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431369135186,"flow_src_last_pkt_time":1621431369135186,"flow_dst_last_pkt_time":1621431369135186,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":63163,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01146{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431370796601,"flow_src_last_pkt_time":1621431370796601,"flow_dst_last_pkt_time":1621431370796601,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.42.133.245","src_port":51248,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -134,7 +134,7 @@ 01147{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431576853368,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00824{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431760040593,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431760040593,"pkt":"AAAAAAAAAAEAdQOrCABFAAVizP5AAH4RzUyokEAFTFMoV+GnAbsFTrfUwP8AAB0I5zcbzyTN1LMAAEU085Brpbyr+2jh\/NyWKUdWZh90hrqs\/JUnV06AWtlVkrCYYR00Pib5lXHukuswI4apeXXYya1wVBFr8DpPUkWiGoC3sbaSvRZYYp3tBYoEJo8YIhwPSxXaYFfD6\/RsiM+Yfb2H1k8FEvnnpg0sxOjmgBY+O4W2eynZXgCIIV38HEw+wEDjZA2kk7L82T1bQYySl7HgNdHSquKu8SR8yPJcn8V2uMxsDXUCsucyI4\/wZySpci4W3UjA6hpswJQYsYncOuLPMzriT9nvkw9UXOlgzjajXpXUd\/JGwl0HyONFBLUkUDKjyeQYXeGyQW3ma\/zK00kJSnfXLEQC\/601KkV16N6qrZ0v5OR1cTLHDvXTzpfU721p0tTNZjXqZrYlC5ApJ869tkJz0gvSI815yu\/1aSemEd+xL\/8oRmyBCIllJq+YA3vMuW0w4\/T5JBaRPvDu30haGDWrTxiRXXYta2\/CdqVvbjVJtiTfDkkC1bYeze+3Ah85\/uP8diiaa9AR8AKCUBgQdJ3mENPMmAvvqo\/B+ziY39N9FFetzWHMNvAzeRNXDdkoheBvxSnvCsDetHFzuAVJDYI\/bys388LAY+YcZ2PLXZ4i6IMVrySiDR3dBi9J6Xh51PGX4vbMQUcpCXv4G342VJ1caxMpMC0WKSvRN\/bqWlMQ+RF7oj6QAUiBi3SwgLkBBChaMRaz6hO+99tY2xzKs6MRliASieiMP732ghruPSLQ+wkW3s1+76mAlzozUQwzPbS1PGTHvC010AWavdSmg87MToOsLUXgD4HnFyn2h8N\/zN0Y9kv+731G9nuRhhLm0utvCdYH7hRWyLbk56OLgd+REvXXwQQQpBwKlWgfOj3W3\/5qVvPq3e+dNdLj6fyCzr2ipjs5XbBlzIlCeM\/X82w9I6lQbG2MB8pWKZKtLdibzQ7WTlOJqcJ2CMdQhgH9A1bdiqPv\/gr5wXKSRUUJATME8kPSQNByUdL7GTcCBNzP+8ZUAcsI0bM2tgOdWh0suQyngSZKgXVLvx6wGBu+1wF\/mC2T9fk50gp1zDgTxJjhtLxXk3ylwvBp311b2znJyXpnhAKEllhdOQr6Tr8CSn8jAdZm+gC\/EWrlnqxU3bjZ8FRmLt5X6O3NKJ6DoHTIz7S4IKZcp2EE\/qrF59y9ofjxJIdx0H9xpLiBAZaTSw63h0cJs0HrTSWerWgqOhr90\/R76Qs8o\/fRdj0KfsMdcJ0uNDyxtoSBePmAxqS4gAyc7hFHKfA41dW9prrj3pJtaB8l6RP06jKTbRRFyZuDe6A9VYcgFUSM2zXSaVtYhvAVkemhrcWVfhKpPRpQAijaZZT4By9Fc75mrUC8\/jXvh0rSqRaZF4w8CZTfLoxB2+fbxhXS\/y2T4EIEyiUFCUG8C69qtn9uZOcZ3P61zXWpjuvaUy96vWpLSu3t+0FalFdLvnA8VuSf2lAEClkALW3Dl4vLfiIlNB4emRks21g88RhpsKHyXLOxAkbKh50EqqlhB1mllDYGWbm\/4xaT9s3Zafiaab8TWadT6jVEwkNzekV\/0AbiRBOXrL6jktjB5jxq4zn7l3VgtdxFNAmFQYDibYgJ3De9KSyXejEY1rNESvwittZgupicY+Dm1OETIost\/wF\/G3hHSgdvFNBHmfdSw4NKdZwUuGXdqN5OH9Rvmel41BzbqTaqBCe1ri0\/9znww4gdI1VUL9A6rt9xHmn2T0Eu019PmuUftYMzGJ+Wp8LyQupxLYsYZE2Wjo3Ainf0KmDOU7NxfIE1yCKzpfBd"} -01424{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431760040593,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r11---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01450{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431760040593,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r11---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01145{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431576853368,"flow_src_last_pkt_time":1621431576853368,"flow_dst_last_pkt_time":1621431576853368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":51296,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01147{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431431363077,"flow_src_last_pkt_time":1621431431363077,"flow_dst_last_pkt_time":1621431431363077,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"45.228.175.189","src_port":60896,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431520499355,"flow_src_last_pkt_time":1621431520499355,"flow_dst_last_pkt_time":1621431520499355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":49153,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -142,51 +142,51 @@ 01145{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431465588465,"flow_src_last_pkt_time":1621431465588465,"flow_dst_last_pkt_time":1621431465588465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431760040593,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60551,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431857841314,"flow_src_last_pkt_time":1621431857841314,"flow_dst_last_pkt_time":1621431857841314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431857841314,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1621431857841314,"flow_dst_last_pkt_time":1621431857841314,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431857841314,"pkt":"AAAAAAAAAAEA00bUCABFAAViuPFAAH4RUFCokEAF1bwv9\/j4AbsFTi6fxv8AAB0I0bxRKTuUwgQAAEU0fyjgv48\/VCRtPz6ASN0OHxQrQLq7h+XvdqYpW0IdDgkyYs+qaZ2IuwKTrk6YqitoieAEJmESJxxd68I9xE+yxkJr90SUnR1M1QTaj6cNmtlgHivCEvYeIZrstWnYNHPWHxnYIDL\/faLN3v2l\/vAW9BxUhwUIIu2faUrN8uHdB\/1Wrbe6vX+0r97gH6rBkczoTPMVg2MQIvACvg7MEMvDmXReZiu8aHhYLNrKXQoHb3wlKFlaWklVhuGIkGp4WLeoDI28YQ3SoqEC3msnpaiKbJSu3i6gx3XYZSTNOZx2wTyUn5kAQEbqb5uoOB1osvVBX+OO4htJiDv1h\/1wp1YCP4Ga4XsP5b3LRFOWiCauo\/HDX\/dO+7Ks21ut5u7nrFp3vsYoOXsfxp3FeIFKCtW5kZD4EnHVyJ9Zv5ZsjCJnr6xOm5z7e1IdJiZc2UH557C9gO4HZL07YwIYBvxA4wecK4fxBR7uVNiQ0wrRJ7w0kX8LOcTGayOjs2lnNAGuPIUjzX6GdQ+Z6ezg2kVKIBy3g6BFqh5fYkn1MSCjFfmNy8pMek9wRbT5tx57QhbVEjzXKpfYCtfwBAPjvmTcyi\/pj1MMF5TdQU6Q9QzzZlwgK7SGoS2km9o4rEOuFsTnF65lollpj4WjyeQhLnNa47OLuo7V6lbQKKTXm54krAZoSaOjejVJLSvx4iwoHF4MJo0t4oNk8LuJjCQWC817H+Z91yZxFTv9SHWBSuEab71KDyg+CD9tUOH2iasAIoErfwlhLdyeLW8yCcg52npVgZ0HFkVfZqdV2LZOvMnR1Lg\/onBxIxjcTUBxhzgd3czjkrC9JJxXxAgQrtSuhn1dUlC22+vGs9MbLXg8o8BLwo7d1x8VTGQdGCnPHJxR6cm1HaHawimYIbxfZ0eKQ6Vt5aV+WhdjRqtUk3j3G5p0NglB1UWHexuNnoOmN+lBZl\/GapDd2m5Yk7FubUhQNbPoy6E8bME5Hyr\/o7sXuXXRcHrH4\/nWsGCvY2cX9njBk7l0Q3Yczt900ouVi1hKp\/UFjI5huUtSUtRnaMFTMB366CW+VDqVruM59b2jx9lTfzd8Z+TvHn6Syvm4tnFxFqmW3I+PMOiWhZlm7TO8sSkYpmYZPGgg63y9rYr6LeryRTudm5RUAR60p430i9LDtZIPD8L\/MTcq9RO1P7jlBqNqxA9zXscaw\/B56sjo6WGP1vLVdb4FB7besaQ5UMN\/nkGoKYOK0deEGrBwjmMxyU6xHUVyr830VfWqI8HAMQd9zqBnczWNEyIFokx9IwZdRoEl1iKfrT8hCud9tIKVpmH0bVMxmQxtxxxT8zSplUV07U4v7xPcnwepR7HmBCZlhrg1BGmEp4se9b9u4xoLK08+r1ejmIpu8VrM\/VOxNFOxYErJFfxlSs9U3X2QWpe9HZGajMBAk0q9\/clUh17xxU\/E6aLjJj3k35K86utGs2O220V0V06R4gxX2gbFkwOMY9INm5D1T523esnitGk9u1AfZJokW7t1XCTb71Id31C6\/p3ioxcXBd5BAbp\/OL9sejWk9TArIOZnUUDZmTsTOfiogn73e7vN5zFf8cIof0JYkZp9otum3UR4BRg87QtqURR6ehFMZE+c0BmbqnHZ89A\/2y4Apn9NnyDFZ0B9ih4m0az7qg2w2IhGEycq5dwSXGZZcya5GcjtVBe7BZ7TXCBQ0AlSjG\/PcOYH6vAazB1DcKOcGryDTW2ld4S\/DeIQ7lnUczZptB1DL94kJw3IET\/eU6zvDBmlBeRN"} -01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431857841314,"flow_src_last_pkt_time":1621431857841314,"flow_dst_last_pkt_time":1621431857841314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431857841314,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r4---sn-vh5ouxa-hjud.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01452{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431857841314,"flow_src_last_pkt_time":1621431857841314,"flow_dst_last_pkt_time":1621431857841314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431857841314,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r4---sn-vh5ouxa-hjud.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858130379,"flow_src_last_pkt_time":1621431858130379,"flow_dst_last_pkt_time":1621431858130379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431858130379,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"244.214.160.219","src_port":52273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1621431858130379,"flow_dst_last_pkt_time":1621431858130379,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431858130379,"pkt":"AAAAAAAAAAEA4PSECABFAAViduhAAH4RAluokEAF9Nag28wxAbsFTqBqzv8AAB0IlCvC3zvNTXQAAEU0bBkQLI3bPsbsoEo+cMFgRuBfI0IwALzZrBviHAA+Z1QJp1oftAmcZe0+1BtbG4PtaoRq86omaKbtxZpajLb14FXlpTsMbQWq548iLQ39D2mbEO3zF7ysXTwD\/P9gtJYLXSC0VWqv8z6iYP7A9ndUj4J9CsimScdH7Ab2WJohqMY5cmDhFqDohhOiLpahlc\/4Ug2oP7U6uykk3o\/sBx1t9\/ooiZ2L9IlfdPdzo5JC+fFevV1mvuFRA6qYzmhcKWxznVBjFJHIj1tsalMyiYEP7klZqDWRsUJbEL6smhbtt9aDog+ge1\/kDqXPWI58aqJbP0clqgdwPz9S2Y6WlkC6+L8byOJjqS6tC8RKuT7szyzaD\/QpeLtuTIaugz0rhTbG3tHV2+eAGw0JlKNnYY4d8gLImSL3Z6Vbebp9MOrwwenGSYEjJEdyKLbl91wAN4oX8fjB0uE4+Z1nljjQ7\/Ma\/RgFHOnpp8JptJLgEJQUuj7kca\/3lobKXvXUHslLAXaGHu93+qu4aAMp7dXhfcVd5T0FWmHXp+hPsOVQgNwfcRktO7mmDqTPc4g+iqUrcYsMitif3WlIVEwBPbtDteCVHHkYIPZf0u+syu9A+I7FZ\/5duQI3QVq8hoSrN7bG5w\/zvEqP\/yYI0sjCFuVzyhXgLIEZJ1qJGRZQmSo00VbsElmeDT5TArRJNB7LuwPPihSe5f5Hs5CtfrGYHAZ3s44Ph6a\/IzKJlY9P8nsk1zJw85nZ+gBW1pbpf7Yx\/rmROIiRfURp5w+iM4nAMz0PpDktxSPJLH6r6IEms2fxM+L62MlUVBrYxZJJ4FKD6OSMvWHR+I0vhCE1kpYYhUmcB5sRAbPNVykSrT9KfoViisi1N4w19VqeUgl2Qcs9W6sML2oqVYyVtGBCD9qZnkUGpY2w200a7PtBxVt\/QBEH9v4MPebuiH5rjnSwmFgF\/YosV+2evpl6G8EYlQHIlAthqw3OzMzNUp2uIoUf6nBnYLeE0fFV+obzpD\/u3S83796oUZOibm+TF\/PrubnS+F6u3RS3ljwSqE7VUMHGjfQSaSRBeed0LreweZVA\/\/uCm2qDttjlLYqNjHyrnYThnZom5ECvmIWgSxX9O95W5BQeuuA7HMmr11Xq9vK9dt33jd5FN1yJ5eBzKVde4uSpSNgwENQ0sTbmXF8W0di2iH\/3Y3JARyiVNvb87pbQiF2C3fPJvBbyOmdUzYi4IKODjNa8529r\/2WPUbyL0gcgBBvdC+00m+RoZ8pSEkm873NVfGtcv7ZJNfBbSSmOtEGolsa1rgMIjqSl+gu3HY54LWS5r+MnsCESbFYroCnveYzrsVdGohrb\/zq3EMH7BAbPbeE2Sc7d\/Ko6vjgRH\/9L3cq8ORzLT3GdrtyRveeT83v+9cCjRxC9ljG22JeAq7TqGxX2jJfa25ONu5zfti\/Q\/UCDd+R5D9Q9slQkxPCeDJTSOXa4gnpgy0Q49vnBGzMzMNwOxtJPSIb2QOpg7IidPlZBf2aUO5XpP0KqgFdpm7BG7ULgBjR2GFmXUP1c\/zzdTDDutnR9ALbmfU8Kf5Krd1hNOuhGq5klqMBVXf6hyAA9S4QMp\/it8pHP4\/S66VpOu3bNUTeTIUh888Aqw1WB0NjCw6\/asqZTdZrh8cvMmW+2WW7xmsl6WAqYoU+tialu7WkDUU8OoT42banjTBlSGGvh8863vIZ2StyYDb8zwIU4zuhyMr7FDtlza6jHpIArriq6hYW\/CxoKThchF5eUWwDlQolmqcSSMgBX"} -01302{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858130379,"flow_src_last_pkt_time":1621431858130379,"flow_dst_last_pkt_time":1621431858130379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431858130379,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"244.214.160.219","src_port":52273,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-vh5ouxa-hju6.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01328{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858130379,"flow_src_last_pkt_time":1621431858130379,"flow_dst_last_pkt_time":1621431858130379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431858130379,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"244.214.160.219","src_port":52273,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-vh5ouxa-hju6.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858501078,"flow_src_last_pkt_time":1621431858501078,"flow_dst_last_pkt_time":1621431858501078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431858501078,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1621431858501078,"flow_dst_last_pkt_time":1621431858501078,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431858501078,"pkt":"AAAAAAAAAAEA737VCABFAAViA9lAAH4RSiuokEAFI8KdL8CsAbsFTiKUxP8AAB0Iuy4iiZ7Rc3cAAEU0Q4F3W2ov\/JA2RQPk1kCE6d2abuA1AzJ9v4cgD5r98N+jLM5q\/vKba7ePXttHZOnfzIXKHdtGp13XXGc0y1g0VbYiejL5PEPTPKK+5FUHxNJc+4iSUfYHJil1jWJsaI14aq8Z9k\/D9Frx2Pd8Ccb5b8I5wMMvAXlFIaThZX3+88jwhgIBY4WhNolXEK3QjVERqqjNlflz0Crvl9eKzWDjAvjmOz12493yS+U4C5g7xeSC6Cv481a1zOEEDBXxUJwyeekPCKvNOVETC0idyTRu4Xx7IK\/97JI5UkTjH1VgYb5EEV1DY00jaUTBEjI+fpvuHX57KvIXmj+n1PLaIlVIJy8AxZjfib+NKJ2DnJlEkZOyKzqiFASH+Rv2xHATwBmim0oQbD6SH+mogD\/Zpo5pMTXstRq0ZunclX1q7Mso4TGqtUbs2zzTYctOAA+ng0TvelIWG4Bu4bkkRiZSqlwJ1jDY17CBHzqEyVQgWgeFozJDhGJh\/dhP8nm+IU5EDOJiIPPx8pW7TyQGz8lnsN6LAsQyJgXVZTCNJPU9t6HmegbS0bQ7Kt1DxeYvK6m+GxUMA1DiRw0yw80Uxxf4xuJnn3EJVi8ekAMdVXpaGI37r+vhgsLGCAZgMrHlnTtfOSbgYZBAPdnhiG4xbmDlbIuvY\/BrdQlshSbHN\/3tWjBfc0Zz0J59ufrjAJoriiVdye+Lc3LAld\/nudhV2vnaxR1ShgYPYZhQbGRWlEkEaL1z4rltv60VXAhCWkeJdSv1\/ACb44aJ8HLAaQ7pBCmit\/NMrMwITKyJcPkFF5GRWhel5oEvZ86mY1\/+WA5KqTi9Xb0N6B9CXR4d22U1O5JA419I\/H5b7Kkx0ByhWkeFRz9cXZPMDmowmLHSflTpfTjRerEoB9b+Rp9ZUpHpgHycHnEiiqsSYZ8fJXaPa5ArE6FfrIB\/5\/ex2ULG10VUM6bdMkBHDYOPYQwR5jQfvBJclQo48pqc+jEulTW4ACP9EukaDaWRXQiI\/ao9oqdHF73hElq8zIR0CIH1bOZkU5WrVTO4kXEcriR07\/4SHXlZ0F+XTEnvRY1owmXDXHgtgn794JMTxP6ovnrC1UqLv9d8SQ3P2kaXpKnETUi1\/jmOit96zvfXkyF+GojweLkNJjL5JM3njEGp7izSmZ\/PvKHWCYsP+157DfpYPmMO9R\/yz3E1zaEv\/1lMgciv1XSwptuzqoQHSbZjgs5nX68VkOSYsQYJ60P94MXKCCvjFqKn+6X2Mcn5Zop+3W0Nj0hveNw19pzYiEtOJJVwof6DyxkFKNuQU3HtgPl+GWUUWRig\/vzAY+l22jeUNKekbZmAn14baa3EO6690bwRTg8ZvdcHFz9TEDMbzR666JgoyJFvKc3UbuWhbUstPfau4V9F9qnYD6cFiMRtdBaOgJniitEFpxszoLhTHZZT9Vh\/mXiomY\/wkAwa56XbyHUeRgPu9zAwN6kJW+N7Ye6rlwVPmyPFgUTGn9xmD2YMEr3PeigCIEsSvM0ujBoTlPiFdY26WdH4Tr\/XKmZTQnQrnQptoJDzmG+XaceU23hwOGeY5C6MIxfdvw7Blgvoz8uvCg\/rl0wKl3ubvkABoQ3NzBDUuTP++2gH8HONwB\/wWFza94nHQdoBnk4+rigd+C1oglD8lXIC31MYbN8b51797Aod+NKPnYy35esPaxwNUQDbAPX6W5J2vPC3vU+GmsC754Qjyng5h09pOy7odu+JINrtufSLUCeH14aG0hXQTPJRTPDp6g0aPtL075ZE"} -01455{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858501078,"flow_src_last_pkt_time":1621431858501078,"flow_dst_last_pkt_time":1621431858501078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431858501078,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01481{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858501078,"flow_src_last_pkt_time":1621431858501078,"flow_dst_last_pkt_time":1621431858501078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431858501078,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01142{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431760040593,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431858501078,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} -00682{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":39,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":51300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":32,"current-active-flows":4,"total-active-flows":27,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":153,"global_ts_usec":1621431907429875} +00682{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":39,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":51300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":32,"current-active-flows":4,"total-active-flows":27,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":153,"global_ts_usec":1621431907429875} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431907429875,"flow_src_last_pkt_time":1621431907429875,"flow_dst_last_pkt_time":1621431907429875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431907429875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1621431907429875,"flow_dst_last_pkt_time":1621431907429875,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621431907429875,"pkt":"AAAAAAAAAAEASYHhCABFAAViVjpAAH4R7N2okEAFiH1DYPJfAbsFTr4Zy\/8AAB0I\/FKj4Rr2N+kAAEU0sUI8yYk\/y\/bPar7IxdtLPlBpfIbJVt\/XG3zjjFAN3PLuPY9aF7M0Mm1Pwz+2ym6LReOn1tdk2pHBdYLYtkb1fXiK42fzBzEBqAcpJ3jEWiim3tGYhBW4xkjPcpkR4V9U0CEIA3BhEltloJi32PcQkjdxPGPSXrYJEyPYT2ODSFP5zFDNrUpqMfmpryMeEByqj9aqyy7TtbIyDDLLeql6c5+G+WJfvTxj\/9W8WJJXv5A2+2wt7cmjNXE5vXIKsxD6kuaexZdsNa+Jr4jhQmDPWt56pOF3oSc\/exjC9ZwNL6Byz+cqgo090k1LpSBEAmIO2JahQD43fCbyWV4juaKj0MNO1pbmnz4OwflX262ok\/jM84d9YgjHmPQxVDwGpKB+k7iS9gP0IunBzPqxZuHmkhsXO2zydYFJgSC\/\/zhZjHtGa3A5oLpp5svgFFyHIWHwV1WsgPl5G+m0zjGIw88EoCFcNVrWAkqaltwzoOYaOv8JtFjKTBrTWSS2yCenFPvS4CiVpH0qOzrWck30mR6VKv+x6O39S8f9xZtECQhmG2mYSgzqYSOTLu8TYzFGeM6fkshiZAH4Rcuh\/rlN\/Jsa5H6fbeTi4JAaGZso4qnhApLrXa2o7crXqkvVvH28YWmlFQx+j96UuaBvpXUP+eVJpGTHlKAySs7PdqSueL59G0N7i7L9plI6+dk46FvYeEp+f7wxaDe9ofiPhkKl77nzCoHlpu9QHGjUG1hD3LrTqagn5YxaAe\/vZz+ZR5XDMGkyjvtQ8CzH750O\/y3RIu\/NzoJHfz70Mwhb5mva6OuXGfu3pnDfzyYgmW2f1EdlTYToarOz0VkmFc90sq7r5B7\/PNAKsIbJnOQjS463M2IqteuzLlV\/keR25no9irWXNenFMchSjXATFHJrxa4+tuks0hrAuCQ9P74T8tIg\/9Rn7z3XecTiiaReESIeFX0atEm6CxOi26ozXUDN+aybaCuI9uH4o3kMLh8H9APymvsHTZQpUtqIhC\/oo5G5CBnxU1wWMKhoH5C8zcwERQJ1+G9XqwN3WjaalURD+EDpCo6uvKka1xUNuYrbD3WxT0n1ODENp0Qq8Ouczn6Bc74W3bNVp3L\/70lPtnGF\/vDIQ0AgcqodmWxltWd4x+oE5e9lDvVivstNGUsf3WVMBPLQOTWeJow9hxLTXFulkHKm\/9m8ONJVe8mRVVH3uwATt6K7cW+M5UHJlGbqkrrKvaq6stg6DWgtUtqTZGBCuGviWVywpkMFl8JYsKFOo2C8dYdoed+lyR29yIQyzC+5PshUVMz+15EUTfehVIrQdinMs8GC1ufyZUllTZ3PDmgBejR3TZTfNXPjDfwNc+TazIP8DqvBBPRJBB2kbLub9\/kgyw1MlzRzbAVqKbkfo6Xh7m\/la1ItF1D8yrjJBFh9Tmgu4+xXJRv7DW6+G1WkmPAAG9w\/i5FmPFMvZQ76UHxJWyfTyoxkIVglJSTw2j5Mv6nedASTTIn+oaAKlR0MpsDHaGI6cAT0G5S4F+89LSYi0DoIHcWC2W70SgDJsNbgysQVHdV4uTwXh\/LOoPR1c\/24Ev\/nFE4oTBtSXRHj\/g9aJYtNJ4Bphqchj\/ydCiV1FKZ4F0VFKXdo786gAHfX2mBeOeLn0Lhn3tTg\/G9s+9dQN5nOBgv0p5HQgLKG6NUNXB4bml7Gr4C7jyXtpqMA10w34E9oSHrOYzPVMRKouJzSoQiDSBJKXtDko+KZvedTXBDCzTxXxdQMGdU5EABWjdJgadLe3U6LR1WE"} -01411{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431907429875,"flow_src_last_pkt_time":1621431907429875,"flow_dst_last_pkt_time":1621431907429875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431907429875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons4.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01436{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431907429875,"flow_src_last_pkt_time":1621431907429875,"flow_dst_last_pkt_time":1621431907429875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431907429875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons4.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01145{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431857841314,"flow_src_last_pkt_time":1621431857841314,"flow_dst_last_pkt_time":1621431857841314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431907429875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858501078,"flow_src_last_pkt_time":1621431858501078,"flow_dst_last_pkt_time":1621431858501078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431907429875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01021{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858130379,"flow_src_last_pkt_time":1621431858130379,"flow_dst_last_pkt_time":1621431858130379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431907429875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"244.214.160.219","src_port":52273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01142{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431760040593,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621431907429875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432429509568,"flow_src_last_pkt_time":1621432429509568,"flow_dst_last_pkt_time":1621432429509568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432429509568,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1621432429509568,"flow_dst_last_pkt_time":1621432429509568,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432429509568,"pkt":"AAAAAAAAAAEAS1QMCABFAAViiC5AAH4RLC2okEAF3FB+Sf3QAbsFThnNxv8AAB0I+DF9BCeanTIAAEU00hb7OpWAmpFx8qx0bByvtqmnAysWW16ZDvTiBt7+493PQtqd2pKjXT8n6LbaHZrBOy7lzR4IRozP76TQ9DxkFAYnbYCqRHqgPXL5pU+zxh+eB1qzeaw4PD9sxeGceY7QPFO2WPj99N6anJpqI5Hcerw4FTNYR8r1d+SWlStf7eJXbom+ocP1XACdlYH06H03DxDNPtLz\/XsvkXaRPpqyh9hAe4diK1f3iIM2QaXjqckDT+tjaYEhYR+BbL7vNxBY8wfGtlxPQZ7GgVmzdWF+sXyPQuPaTJPnp6PHwhYcy3PsXRrOmC13SC3mZvcQ4+IGjqfqhG+D9wugf7LmbKqsznjJfXzBwYIpCNL+MHcorYpGmUUn6+dyppyRtIzd5m8irD6UYlkt+9VgpoYwGSX69u5si0i0viLsrK8i\/m6Mf0iQ\/Spi96VDtOTfFfSGprx6ij\/O7kc7TXG8oZ0bctqwNFJYOvlWB4CxfK1rYG0mD7xeo2AAgOTRDH8+AYCxUdEzUhiS9ozc2lRPoJkzP2AUr79N7oMid\/+ZbqVhmrpW7XdI12cPRgMmLNFI2MCGTdtlIH5yj6rZtmN67GfACUVK3eHHT3gwe9Jqb0QlZnM70xYApitcdFflHseTh619fCFNKL2L1AUL6shWE6hYP4JwBlMizT032t\/G3ASg\/GZ6BQlaObPebtYEVaZCai90TwmlfCeA\/AIXdD8iJXn7qA5z4o9cudnvk3agR7adxxofVPe6U4OcOJSG1IX2\/mU9S3WYmdFWlpmlMVHWT3QNthK23pRqiZHtH51vPjMDpY3FqBdaqTN8m\/Dc4voSrhGa0IJlpuTviRXm7EgxB8GHN9HytCvDZuPXhu91noUZcgCIcGTZdSBm7cO\/YoHlfVoH\/mVp5MrHSi9cVczjkioTHtPkpy1ub78xuF91\/7S4rXYep6NGOoGjl23AjOJfTTGhu5OWPnU9zMLFkllrVtCulEqT+b5PFzw2wjUYTJTfyrFiv4F8XdsoNLNTmtUCFVtsmWcabX5L6p42ndagG\/+lMde5hAmST6j3vklTteqoWcqrEZNH4LzFgOyupl0Nl63YsGt1OzfxU+904VhWQPq2NIdlO+VtI2U06A2jgU4WwWPcULGssz3QtHxG+LwUiedg0QSFGFQKA+HA3HUYnUTTYIQEOfSJx3BxpSEIE+zqBA8OZ8JL2GHKmdK1yQ+QhbvZXA4BPgaafeG++Hlfj9oqrT+ZkIG2l0Yfi89xALYyMS\/gQtfGRo\/IadU5q3tpHQLFWpdkHZ9FwndqSUrS1W8KKMO\/Y8VATyOpS4PEVwTvTNX4MptJ5NujWqz1tWdiz33An49EYTOXVJvPTodQHJ6ScBKXD30TZbFd4JFzqTcxJu3nOEA6eQblNYy03SZE\/gq\/uktoCqfQIdHNw9SpoHHvaxzhTg4ZR09H6m1QeCHM3dx7ZS5pYsDTexlRcFXpzoNicNl8Q\/2OtYWMZ4zF6\/CjcDuQvPr2BUhrvbmwgeP6jRdw+XwQt+56ZJnLJ7rqhWgtjWk0w4rXPG9gc7C9mf1jPCpHdhiaiIHYCW1Wd3j1GtKfhCdyiCFOIWtzH0tcNMR8zIv9wbPxww9aLwCYz5XkiX9tknrGgSCPyQiiND9wb6jafpQD1hvkRwJxkCJOZU8vAuWEsMD6iwR4yDvCNedmLBMJI9iw\/9hqHHhyJIDnBp6H8oKWPSKifJafbNfTF1Fz7AvqO\/tFzsGlI2GW4QCJCL+P0gz9lGiqCDzlVP7LUu3jgRkwKna8"} -01421{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432429509568,"flow_src_last_pkt_time":1621432429509568,"flow_dst_last_pkt_time":1621432429509568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432429509568,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-hju7enel.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01447{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432429509568,"flow_src_last_pkt_time":1621432429509568,"flow_dst_last_pkt_time":1621432429509568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432429509568,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-hju7enel.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01143{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431857841314,"flow_src_last_pkt_time":1621431857841314,"flow_dst_last_pkt_time":1621431857841314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432429509568,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"213.188.47.247","src_port":63736,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} -01147{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431907429875,"flow_src_last_pkt_time":1621431907429875,"flow_dst_last_pkt_time":1621431907429875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432429509568,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01146{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431907429875,"flow_src_last_pkt_time":1621431907429875,"flow_dst_last_pkt_time":1621431907429875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432429509568,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01179{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858501078,"flow_src_last_pkt_time":1621431858501078,"flow_dst_last_pkt_time":1621431858501078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432429509568,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431858130379,"flow_src_last_pkt_time":1621431858130379,"flow_dst_last_pkt_time":1621431858130379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432429509568,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"244.214.160.219","src_port":52273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01140{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621431760040593,"flow_src_last_pkt_time":1621431760040593,"flow_dst_last_pkt_time":1621431760040593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432429509568,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.83.40.87","src_port":57767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432440134791,"flow_src_last_pkt_time":1621432440134791,"flow_dst_last_pkt_time":1621432440134791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432440134791,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1621432440134791,"flow_dst_last_pkt_time":1621432440134791,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432440134791,"pkt":"AAAAAAAAAAEA737VCABFAAViBAZAAH4RSf6okEAFI8KdL+8ZAbsFTr\/Xzf8AAB0IcdVU301Wze0AAEU0qL3NNLtf2+b\/2Q4JDmzOHuurx9ulrjBLe9GvWGRZXR74WuLmvtIcsJsXXu\/onEdRmT3qTKLOfB7QlcM+PdfoCZmAYmwmyLMzO1HiyG7sIAFes4PP7T6NAXfX4dDWOMvuIoqSmNkVfgauiC5HOyWMHbTwhfwIk9FH1THd9hg6M7nbFuqZXTlC9q\/HwWaVt0bqSTrO3Bj08fiQQfXQGebdpALH6GbV3Jk1dtdbibh6Q37TxrzVgVH5kTFgrwemEnm6q0JQ4Dhq3cX19c8TR3nc50xv+02sA747DQ\/Og4Dz3zoy3+9lfKFqG4wBWdi7z9Rtbn6YwB0LntW5ts12RB+1xYF3UXtpz2seNJelWMZlW1Yh2Fg7mxZYCV0mhQ+xkW1jz6uQcCXMvY5VUbBhvI7zPyZXMY225B2xtuayBXFLLNWzpbQeAEm4XEG4jck8JjKcdxDGQ+tGA6NImdCpMo5KmFlcOnxo4uqBnZ9OZkKuYmAiB3GuA2sRbfaBNzP8vQwIFvmHb\/Rj2f71WSeQKgdmQsaAhoH\/i\/3l5iENNXW6JY9oLoSzWpFhhMlhMjBZ3S1j79TiuS1cWWOOgbGTSXawjyS+IJUIEba2UWRmGIBGjXz7YQQM8xrQS3DbYPJpoisNf04U9mZ54mIM7d+qCQg6VvUNSPRVsV2ux9+PC4W+DFbNy7ALH9ybKA9vKWlQUpcbaW+jQsoJM\/SQ5b4QpyLutRi\/+03sArWhuCnGvdy7QAw+lqj4m6TazHFMsw8w9T2dXVSYXvMNZZ+lLEZlQPpZjmx9uVHste\/wK0vx2c2TjY1hHMzZ4AGwz0ms2kd6XzNS\/wvUOYDcKfIokyYtfAUWmCQI168\/+BuG8b18LWykPNLhWdChPdxlY1M+5SYzdwPjjveFCHw1L31UvQ6QTs8T38YN3DeGrsHTEy1s0ONT1u8feiEDnAPamO5WxHIjVwTMaqbM76RuQbnmjfhNHd0QoBM2fFReITNAsjH5kJa7i1TauIG0LaQZDpRVw3ICDfio58fJIl35v5PBMp8xp6YEUh6d3p9ScDuUo02IpwHd1HAlLwRGLR3NEtr5XuCivraDkSulNk3LUOQdi4J3hNX6NixF3PLCKpvKYYBlI5Sbhl1LhL8Zjl9RJmBTxo3afoYRddxBMufMU3TDfOy2JAEIIvU6KLGYmcpbsBtJwsXg0+562385q64u2sTt2RWiXKEd9XAbOSkl8zz\/mhucCFcCxP\/aDXgf0nhuQpFELBEZxhmx10a3fl8WGlup7xBSgxvAoyjKgZwDinUQRGlQ4Y2+tHaNOUbjWKe1wgznCkTVbj4wkKMm7RKCqDexOds6oHYJPSEl2ioqJqXv85s9\/qmLyp\/s1AI8M7Mm8FUs7EDf5f1L5asrjpQuWtQiUN0J6w4SwozYuqkLkch\/ICUylDPff4K1jxbiN1VWrycEsZdK5WpULn5nsb9oIRivBTIrKfF2Vfspz\/ToLSA8OMT+vsu\/+HK6nVkqTjzbRqT+pMnx2Bg8V55cqGRM016Z6gjflmJ1aHj+\/7PWGoGPR1OQLMY\/Bbvy6c2Rry2q\/F6g8U6A11H66ntA51Q1W18sSC19Oo78tRgloQAn3NhfHhRfesZlY7E7I6PWaLKJ9bgiKoE4IEvCn6psctBWJXQo2AFp11lONrIQS2Q5YaGNNVXxi5Dw01RN1HiS0lRdioVe9QcDCTMQZDSAB5lZNujG+Ir7VUx07m5euHIfgcaR55adpIzCIXUpqTuVCHNV24cdDCtFs\/WXmPsU"} -01450{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432440134791,"flow_src_last_pkt_time":1621432440134791,"flow_dst_last_pkt_time":1621432440134791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432440134791,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01476{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432440134791,"flow_src_last_pkt_time":1621432440134791,"flow_dst_last_pkt_time":1621432440134791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432440134791,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432489421015,"flow_src_last_pkt_time":1621432489421015,"flow_dst_last_pkt_time":1621432489421015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432489421015,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1621432489421015,"flow_dst_last_pkt_time":1621432489421015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432489421015,"pkt":"AAAAAAAAAAEASF70CABFAAVi8YJAAH4RfUeokEAFYy08\/sVsAbsFTr7Cyf8AAB0IKamQAwU5OroANwARJweyyh8ASQgxaSFNO9MfXImTMnwyXomKh\/ZNPfedDyh5KvfO1MGG51HqkCogC6AtPwJhXTpE\/UKpou6VqZCesbSiBTNDA1JFBQs9B6lpbtkYSC+McmmSMojjEgtxhDYt8\/9dtYYlDOPFZ\/dpG+QdFbgpLb4LL6Kabs8KYDLn+VqI2E8m8ueQOkn1lBiQoAvc0rNjKOazmVq5mZXSMd1VKlKpsbLOchPYIZxqylhHTDiE7M3pNLaBVo\/olK9W8Zr8w5fFNyksOM0htXk+QusGKuzXzx2XRWu+\/Nk8r7wn26b5E2vnI6CqmRqlOx9Hbk9Oav798TUdoZ0ik2Pol9Xb+eCHQNw+XlJCy\/TQAtSNksS7kjeCCjcbIt41ZBla1c58qm1+q0++oj5c2fe6RrhPybaYLt8YUpSsMhpGJI\/Ql2\/NmxHBJxo5URbPjWXLfEGzOcpmsNmVJ2O9aDrYcnv7WnX5CqvzA823haQIF1GHG7\/MkUogQZRdTEAvJm6fBF5zdqrS2BtCxd2wUWnXyoJY3aKCgXRQrdDpBCgpGApMxKuJB5qoWXrZh8eHqiyYIyjBNfvtQacRj6kQMCYITp5tTIecrcXoKPocWiez2LDcj\/S\/19jMLvrNbAcBhQ6KfoiiIJJOb3DnfTdQP6\/4DMSpIjO+s3jvnlF0btkDi2\/ISfy4kfHVix828TssUSRGKO7KC0GwgS6FJsjlz0BU+vv1QZznASY0gmrqU3L3V5EQeJ0JuFK8HKRd4Fj+EOeYQx60REWybndyHIisn1HhzWoZcpBZwH8Nx3rK3uqBbQKlKJmY1TKEse7UpeUToZQDC4fP0SVbtXlKRmkq+uL6gS0GXdLk+VwSXcDDT+JTBTAhOp\/PT0efB56Sw+xnoUoFO+26Osuir43c64mxBrmnuAVQrEG026YUbEpAkKETMHo85xB4Z7xRvocdlOwY06zlP9\/rFbbBE+M+FpELJaF1wOHE282\/6ko8\/0bJJFV2afTCYTIRatNwPLUVY54dJGaDmplh02DhsFSye4H1RytUERPkjLbau4RtBnyf8NekTGeSkfPd29dQ+7m1VARylC5UF8rsK9PxqZ1IjkctsYgU+YvVSm5sX2FqZmQnWn7sx+TmogpnRijHnt3gAx8MpZ1\/6vPZ0mXemrF1srit9ZhT9S1OtARcQG2mrpiCj3+wcDBjy8OxZdjDuPm+7HYnGMUpqQkUp5WDI0HR2Th8J5PiquceXUIN4UYAUOeV6+xy586aR9Bisr9aBs9XUgGeWalZKu0RJLjU\/r6J6yoYwl+tg\/Zh3vVSM24611GhQaadM3op866bGdU4YLBybgRc3Gl0QGq2gCLhejcidoxs5tD3NjeK89xtwPQd7irCBamj04rGwldvYQzxbOjeA5oAoJSaadBElduSTxGYH3oVrfOgrS2xGZtBSStJG7d09ikIYBkxSUYLU27iwQJherSUvhZ85af0XhrTHEYu6GB2FjNOq+mksDa8mM8rpcJgx+hehI17xz+xkqLWilCXGjnoMZWTF4Tx8xav902wfX8qjTHhu5vIsQ\/UV+gR7AYOV0tnC8Ul0PnHl3PUWikjISrIX+vX8LECvnHa+4b7xSouGskcMlecPWND4hCVtRZvNm9FxXgWi2wjpcIcPfODR+Arhmv3RE8GE8lOzxw8rv2AGdqFNX5JwaFFXigZ3vX4WrSH2bNvsDcj\/5We1g3jrVPhkwMz5PcaJQDojUW2GfWTFK1W+lQcDVZR4jO2eOnoR1WqEqE7OlWlEJxz"} -01399{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432489421015,"flow_src_last_pkt_time":1621432489421015,"flow_dst_last_pkt_time":1621432489421015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432489421015,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01425{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432489421015,"flow_src_last_pkt_time":1621432489421015,"flow_dst_last_pkt_time":1621432489421015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432489421015,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01144{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432429509568,"flow_src_last_pkt_time":1621432429509568,"flow_dst_last_pkt_time":1621432429509568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432489421015,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432440134791,"flow_src_last_pkt_time":1621432440134791,"flow_dst_last_pkt_time":1621432440134791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432489421015,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} -00682{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":43,"packets-processed":42,"total-skipped-flows":0,"total-l4-payload-len":56700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":38,"current-active-flows":3,"total-active-flows":31,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":177,"global_ts_usec":1621432545371354} +00682{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":43,"packets-processed":42,"total-skipped-flows":0,"total-l4-payload-len":56700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":38,"current-active-flows":3,"total-active-flows":31,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":177,"global_ts_usec":1621432545371354} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432545371354,"flow_src_last_pkt_time":1621432545371354,"flow_dst_last_pkt_time":1621432545371354,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432545371354,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1621432545371354,"flow_dst_last_pkt_time":1621432545371354,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432545371354,"pkt":"AAAAAAAAAAEAS1QMCABFAAViYPlAAH4R+r6okEAFCUGp\/O2JAbsFTlWIxP8AAB0IC3jlg9iBHxIANwCHrPC\/4ONhhPa4\/bkucOa0ccMbRx\/dWQUxDvvPbBbSBV+QAXzHkO\/ek8WDdft4J2H6iGctCUVE\/Vd1az8ukuRtgZHkNe9HsjHNPcO9gC3hoF0jI1WUFpr6W\/bvPAMD0ojxS\/Jat1yERFCwK1qTZjHTu5Hq2GxnTFLRrBvKpajRH4mp0PBh9N1EEyOXmqHY8RR8CFuGBAVrGssOFJJLCgoPFYWi4kU+3Er5AjbG6hAThXTq5QSrnvRF2NsfVwKcZH64AJtDNhF1vVsm5Y8FPRr0Bw0OMhHo5TfDD9554NzZqybC30Lzg75oLfpGADza1+jH3enNvlyD\/9OdXxVtLFBPpK+tc1S0j2l24nUXrhfgzMYJSGfusfan3MputzKVw0xaEMSTFnMyVXBwvQvsJpXe\/cfXTGaPcz+n+4PtyXFFeq1VFMb38KcaBIZAXpjtbjsKy1u0drs8\/lS6zg0B+XEXyyVbBHNPSwQzvYAFgbxG5T2f7cZpDXxonb7KKJeiTREIg53VKn6taxqerf\/EROOn+QPkvNTMzD2dTm5TFHSYxLvBV5+O6FgwNIPd9zSQjxu\/PIgbyOa5d1rycolz3RRmObJ7xDqSBQEx9uBtKS475iYE3\/HVHr98HbKghpyBXtrfiFCJfUPvGhf2ZQTE\/2PgBc4nFIolPbu5IHP5jlx9YJheTrRtsN8xZyNylrQiJyWGIJ+sqW7NQD4PtZU8og15AsUXrhsGP3nifKZ2RW8ULO\/zQ4hjXLbXvVPCRMaOfTnRWz16ymzmazGc\/A9WtT81r16LRVyV3KW5BVcHMerZjTINdFBiN2Rss9YE+hg2Bdzx0FHiLD2SJTldPbPASYuxvZBuOv7vGEJxC\/B7ThuZCvaUXSTwfSYdYePG5WL2Y3bz72m1SZEmn+4Kiqq\/h2MEhMWL2wbVTZ8FAX0VWRfwhSMlOHHKMW3u3baADN0N+mh8BW\/zOcs6XrHPEAtq\/4pbenpQ2rrBUepHw7wEl2Gy7TOdtirMeicrvRMH5ROutCuksQv6EbOTonl2eA9Uzw3fk+NLZelZDt7+chmNI0wDo+\/LKiADiMtDwBrUShAJhuyJCYkzqz3+\/I22nE9z8jtSau8DwJe8rGnUypF+QexVaXFHzHrGc8pEc6Gv1V+yd7O9j1BH6SI99CGYQ4qUSe+Qvf17MPqt6Vv5BD2ZiEf2go7Ms8wrYgSzdW2J6h2lnH8T12duhSfnaN+XilOPE6QCReHpz3pNB7sD3txciXal1Cjtz+D52skW92QHoQ6HQJRVcO1F+Nt9Ms6O4a82MSiFPLyQ4+9HZ8XzRNGIA6bYEMtQ2VoveeK36tJK5jcwcf1bd2KXco4wwhd6yGi79yvfAr9Gnfa+nm9EvT23xLYwd6SLl+UW2Yy\/cUnjlQIjkF+Nl2AFUyHKqbZX2R5uA7ATglq8Z5hVDirutJRbMvjB3S6p209yWJX36GoCAlZULNNq4O\/K9HsfmRuSQzzO8vAnTtDfmAG177+f\/BH\/oOcDleRinaIgIUXyhxOMJNHNbCiUdxlGmVs0Kf\/YtICcdSgbpsnkh7sZqaLRn0qnOt+5wry5o8FjthI8Fu2te\/X8Ye4gIOivJjbZs+RLhZQxZWtt03HV6ev4z867dtIUmron46fcA2edbLbHQ119w4dS3GwaljEI9565fGeAZxLwyqZbVZ07sOBYRGxKVWe9qlVpepdG7mzZWTkGm1aG8jBuv1yWlVaWyIe\/5D3F\/Zn\/LsMgNe+1ozo\/g3Qq8MWGLKjZnwl7\/\/\/D"} -01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432545371354,"flow_src_last_pkt_time":1621432545371354,"flow_dst_last_pkt_time":1621432545371354,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432545371354,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01449{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432545371354,"flow_src_last_pkt_time":1621432545371354,"flow_dst_last_pkt_time":1621432545371354,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432545371354,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01144{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432429509568,"flow_src_last_pkt_time":1621432429509568,"flow_dst_last_pkt_time":1621432429509568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432545371354,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01181{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432440134791,"flow_src_last_pkt_time":1621432440134791,"flow_dst_last_pkt_time":1621432440134791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432545371354,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01143{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432489421015,"flow_src_last_pkt_time":1621432489421015,"flow_dst_last_pkt_time":1621432489421015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432545371354,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432561767007,"flow_src_last_pkt_time":1621432561767007,"flow_dst_last_pkt_time":1621432561767007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432561767007,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1621432561767007,"flow_dst_last_pkt_time":1621432561767007,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432561767007,"pkt":"AAAAAAAAAAEA737VCABFAAViWJxAAH4RaSaokEAFqVGj4dlVAbsFTh0rwv8AAB0IWitP07hFwPIAAEU0OQ8EdQTKeE\/y3KmcSMkX+qEOqn52RlGrldbICsY\/S34wZNRn+08waAiGjsEVTtahcIPi35YuHK8wq0g59jo9OBg4akM\/IBMGR7R84CJBN461mppY8jQVuZTPgmTRdB2IYpULPqPfoX1v+i9gHbqu5NK3OwzMLconK6EyplQxCPNt5Hf30K95kk3qNJtwkSisClc72nLsoaYauap5qms4Uf\/J91\/kVmZMeIlYa1jjcfZ3z0VI9gHepy0CkQxYfepscIvVGFIBRny+Rr6Mo5Wdi6EIb\/T5QSBed45QkLsJA9gUQEq7M7LKJgg+IKLvJoW43JTt7tWUALAA7xqNg8ZMlYbspeUjoDBFwmTYyCGMZ5bdPdJsCKJjP1zB6Ihkj9HzcCVcVpCt5y5VRUWbI3s+SuMDcnwmhOo2Cnlr0DZfIFBqUld4Y4RY5VqVdeJo7oFXW7AwYc+nzTUTjYB7sFAHoCxtg3W+GcMFoxOtPlRytxdZ5wbadwjKEwqJuIJpIaPT9Hl5ErVl3zaNl7AbKrrPwnZr1V\/c2RNnNxvqBfO2+OD+glALVErSZ8Wgf5WaLzvHB8WMIbmug\/NFM\/SLKtJ\/BaWEqzeoVef0rMzIe7N3WaGlp54AM2gUWArP3379QDPnly3sySsTiCLjmgz\/a\/YAV8iH0MWGhxoXL8uO+18tMZKic96P3qCeZ8y7LR8W+ULC4hM7PW26ZmpzKFTv+x+dXax\/FbNTBDPTQMmIlCH9iOw143\/ImSuF0s3s4JVp4Qr6CGbUM7wVRHYWtzpVhyLQMg81Qv2OEiCnOjzFFBbzp\/0bJKOqHRD4Q\/MvBarEfeFcKiSbAbTSNM8PQgQqkr0ZRwugcr2Ffp+Gn+l7xOOzT42OiObWh\/q5Vz8yxCjvr\/A3rCWwstbOOV346nm7SzYmCeDdLhhv6lnhMiAKqzz9Y+7ejwsae5M2M3swKabBXR4s56U0TQF+O7sfltB20eE597p4k5i6pwoHpILiBDttMLzjO7dc91E1IYlMz1tAgL+S9RvKr72GqDN6ZnJlEhDdKvlV5HT1Hkn9kqkuTTOQ0XHul3D3GFcWCqjADIqlVTcjrCO73smKB0a4uTZQbOIpVVIdV6+6r6fVzLgJO5GsuxJaHTgytCf3she4LLg13wNSfnN1MfvyZUdUQE3f3vPJyjzsirq8bCev5LQkUR9nijtvOuY+AYdDoq9V3BpiAPC\/5krfJFIpYwodSbeepb3MzG81QlFd2eB1ghaJpx0Lkod5SIZJSovz09xRaU2rOvyKR8WRRif52MUKIukeKGfbFHZtrKxCIiJ0BDLx\/i+Ol15n6ZZ7Ufce2YGrldvNoQcB39pF13M2xxh0ga17XgFyOLwQChgB\/CIi0XzrAp5k8ZwTJaYDryhvEy+QLvWWBRLc0grxIicpNZZajbTUE+i952VB6IrVqmtuYgLUVGpF7YVtpu59m6nPy+7bYq81ByFXlwxoThbET2t5Xwh4tKj2kEGlA4a\/A2nbUyPihPkju\/hgap4rdGkxuysnOZqlWiIRDL9NAexX29gx1xqsSqsDeI+D4cJhsXJ2P5ihR\/sHA3rpBQJRT+rRYmYWzUeoZmXY\/d+n2pZTXUwAQIcY2gZ61ZU3fymYydiwOlVXMdRNyaSlDGExGzYNiSdgFAynC4TF209BUTK\/I6hsurJHhtkEW4PNMZmrFy1b37DXFZ2+N3Li+vjPgOwB0NUwzN9CtFWQGGZdoOh+DGOlpM73XGxkM8fpT6xsMV7tcylekSF9KrwkYBnC"} -01422{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432561767007,"flow_src_last_pkt_time":1621432561767007,"flow_dst_last_pkt_time":1621432561767007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432561767007,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-hju7enel.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01448{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432561767007,"flow_src_last_pkt_time":1621432561767007,"flow_dst_last_pkt_time":1621432561767007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432561767007,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-hju7enel.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432687153037,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432687153037,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+xVAAH4RF\/KokEAFcfqJ88+HAbsFTkZ0zv8AAB0IUFF8ZbsplgcANwA8pfqGZZe+H8YbVevtEq0uW3yOyXta0h88u9QuYUdq8LE0sDqOmyGjxvU7MaDIbVqplgETW\/NE\/cvaMSDgL9CHXru0efaH26aRrBGKK\/el8kZH3UaZy\/b9fmgdZ9mmXS5myo5Uucklk32jY0nKiPx7OwGdOw\/13D\/yhjhsJPO9lxfnt\/xrx5w2VANECESU2NEWkJRxhIc\/dJshO3z01DVcn1fIfmiyloSgZUd+\/HKai9If5RANhfzeQXioPpPbOoecz6if3Z3FtQKFLotx+aOWuKKAGGc0cyrUXi77xeLDAxjE6tOM9yaGQcFFgEY\/SOBwtvWDdb9NoQWO7p11EUZ+wl\/rZ5GXlvPXsY8mh6Clgitpg7R24nHSXQN0B06887mB4HnoNDeAmXGTVqNUO5Hwpt4Nv5fOd\/uAYlaCVVGeZWnQSUt3FSt6UlJWCYhZFk40gfKSsTtWeOQIhnNtUP5+zwa3UUHni3XmISHlQzbBz\/bS0jB08K8r4MbQ1k++PfwYjBxXo33Ojv377xL3kEWdt7dqkANX+xOLqZ4hYjJtVeJE6KaWK5kxNrvgI4+Wbq72iTCPnuWu4Yc+04d7b\/zeICLVlQ4UJomN5dkhXIvTFKQ7NG0K7rxpiRWOcSPWgsWX4wFJhAUCcqoK9wfw0ZMIl8zrsdDk5l5X+x8MTT+SQICOrIXn0ZSpTbD3Xt68fdgFWkqOjWnFQHPy3Iy3RczgAeN7wIYFfuCnnC6ME+5Pu63Pk2iPfP7TzEvCq+iYnwhXaGT1sDWUzQDz9Ea\/yyYCqRPN\/gqIRL+pXgs9ex+9iKQaMTnc0vlqASRWWCZPNc2rf\/Q9eHHk4W3NPoX3ez56VofMyV9x8Kx7xSgFDFLRY80kBMgLWMJDfi6woBPhXKsM4wd2mLvh7\/wW+nGUcZMc5X3DVUUiDmGzvF7qBR8QzheMOnqAvFyKMGSpJJ5Ps0oPIRQEBEONuBTdMtasa9lBz6DGcqXqeY1rs9cdoTZaeh1CgiDqdZdsgdaBb3PTBxELCiZg3Mjn2Ot0f4S6rODt1khthCXa+j8H7di6Uu0LktCHPUKJullar39r7GXB33cmiLI1UYXrrTv25S4DhWZdTftmpBXDFOwlNLMeatZGrEKK7zLzeIx5rioedbNSfdLfUi9tYWh0gPPFQENtKlJVn1Gyol7zm\/QqNOvgomZt6RUw\/PI2OFl+9zsCQmj6uTnByKe6c\/tZrUT6N2R5lvUzAGZIClGGsFR4e4cmvkmiIdEOo+lEW9ZEBcUKvujsGgkc9cAkZMsNkFQc\/PgQpvfYqWlnRu5wnZk6Sv5jPr2LTnEt\/ndr7UGSNAG3nto3fdM2CWZImFEJlzxZcJ6Pjr\/DX1+sbuL0VJWf56xETi07cgoGnD9splJhqvifjBi5hE6IKs1smgIDugqMeU+hKZgmx0tlIBEDohI\/weDtB6ZoTNVzeCrtE9Ne5sHna3EbB6mrF1wOyF+v7JqhFt1AklERk8cvtUnrNY9KDllJiAIoy8SJ+lKPlC22sDEHqftvcIo8mS2cppG0wllO2Q1TclT9pjsn1nIhooutFD14OqIrVo62MaGWaUpxzW8sZy1SVksc06sGqCdoo8s5qQi7Gz1K7yZhZo6W82as73l\/bfhqszTmMajohCA0Y9MFT\/+c5ticaJcK8VZzHx\/4ndP6BdrrmvIMXm4MvPY0XbZvr4Jyhd\/FOn6vdTJUGitV6mUWBc8Qn4h5NGpTVY3jRUrKJ\/3UHMEn9NXaFjwDa+i\/lDWeXt3KF5YT"} -01409{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432687153037,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432687153037,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01142{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432429509568,"flow_src_last_pkt_time":1621432429509568,"flow_dst_last_pkt_time":1621432429509568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"220.80.126.73","src_port":64976,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01179{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432440134791,"flow_src_last_pkt_time":1621432440134791,"flow_dst_last_pkt_time":1621432440134791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":61209,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432489421015,"flow_src_last_pkt_time":1621432489421015,"flow_dst_last_pkt_time":1621432489421015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} @@ -194,32 +194,32 @@ 01145{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432561767007,"flow_src_last_pkt_time":1621432561767007,"flow_dst_last_pkt_time":1621432561767007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432687153037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432793457804,"flow_src_last_pkt_time":1621432793457804,"flow_dst_last_pkt_time":1621432793457804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432793457804,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1621432793457804,"flow_dst_last_pkt_time":1621432793457804,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432793457804,"pkt":"AAAAAAAAAAEAgb5NCABFAAVi1J5AAH4RSeiokEAFmIBX7sOZAbsFTp9JxP8AAB0I7Hz6xe0rqSIANwDXZeiBOis1quzsT\/obGG0x+3XLqfDbWYiwJuWBqOtEfIn\/ZPOFbr4OpvKQaBk8YcaDhmjs8G9E\/bYLKxuZyad2DEvamcZFVtntEFziXhXn3+pQrDq\/AMQ6LmeqWyyt9eA3XDKtJ4xY1Bc6e9UD8t6D7Sgm5IQhV9SFnw3BxVaQkrl6hR\/dDVS5UMps0rHJiqJfxJX9XuDk7Hfp1cVZA24xlVPWJVRY2UAeIc2Zve2M7H6lmFiRWRA5qAccgPetxVIxOWgKJZ9rY8EXMEmXdS70H4KMbgsfK9Uk6fu\/osiRJWk7Bzz5wQrxWL6dXRJrXxAa2jPXQHVxa7bP8D1pdmGboyWwgZYxklQYJNVQxDA\/GDYY6fvGJ263gPtNp9NnfpJaf3BoWuUPhFP8HvGyQZuIQF1wb9fZXWZ3QHFoIdW68Pqhjnp6kLZ063TmjYYZ4slUYelhsLCLrNb\/dwHKwXnK6PjPM5zy5oxTVIu9HQIZmJtKxSSYJD+ceykV8\/K7hgP3LMhoq\/OjNgE2xqsoCuttGgVjAKWqToZ2SAfQBRXiQmcgW52dCG7Z5HhuDaq\/hB4oOHiiK4\/S0BBNT5M+Pb8ByPul+j0MGVAtYn6fTilvMPrguU47PCHZjjk0z9Wnk26G01zXhhAY0ar4RNDDEzDjmKfqXKVxSDUlPPUIWjq1afjceK2zb3JDwK58fh96mr6zd+glDvfAbQkGN5MH6eMa\/9wzaGAa3ufoLka8Lxli3yUdMj\/VZs9FXs\/jqxxOPuE\/dCtF2asx1eqF6Dv896U\/rfqEfRamU8Y4w+RgEO1CTD7sshtD1igsz3xv7fwlgvoMBlSMrIYm2kXO5Mm4rUbFhOvxSUXvhCAz80phe1BldOJ\/juAj8qGCoV+gQOWqnuDFHTVXEB73DtcArIBGJd9D++3m82t+emgLBdig+H7CGHczwalju210OQ3B+NgGpSSFA2TExawDMw2BskyWcMWOAJB+1YPrBoF06DgneuWy+G1EzSXWEKGoBP9Hvvi3iiO3IcHdBaysDd3G163RjNVGtjxLv3H2wGiF8W8BtUy8x\/4x0t8GKV8DeHoRZAPR1VW9jsM9BHk3UFKs6e+5DG41zNnmrJMvsQCLdE7Mc8w4ELvM4HhyshxInLs7aAqATi\/cJpkJVFPEVzRSH2iJPYmG8HdHW+MR+R4aifCxPvUJqcMbXFiSZcU+MJ70p7YnFW\/gfvm4Ux4DbVMAkNpUImzqnQsubAKj0w\/8ulR5Wetc3zilx2pLq7DZxLdXVFjLXuRQmY2yCeGisGB5PUkdsGOp1IyO0idKFB6vegqD53wg8CaYEO5x0Hmz4Pk70XwPcVkukm1ulZSYY\/nmgbz541r2QMShd26Vqrvyg\/J8rOTVuiAbPswYJnJk0xDz7XloJ2aoIPRONK5nlUihp2bOw9Nuxf36SB6k0LSj\/s4mNxG1QNaEf5XxQTpLl1PynNmmtwiukSv5w+u6Dh3MmLJERlHtMy3fg6A3dZn2rVplpcATmPl3e6JcqSXfEQHaMUL9vqZgy\/h073US6J03VMt+\/bO+qzfltNYykBXZikfo2Jeay4vIVade7edcMHLP0kMMz8YzuMkFj5mSEOozDdFrwgdubKvf0WUvGC9sG0GJQuA6K0zS0AdH6\/IDWTjjKCqm0CNfUV3pEg1fuSIaLXiC27HEebsSGbBEc86cnhXJ6xcni7lN18XwT\/wRTUuZ4kfbyFf\/WQSlRJNS7ifRduPwfHvUgAkTi6eqDziLvnVkJ6BbPbv+fYGh"} -01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432793457804,"flow_src_last_pkt_time":1621432793457804,"flow_dst_last_pkt_time":1621432793457804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432793457804,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-vh5ouxa-hjud.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01452{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432793457804,"flow_src_last_pkt_time":1621432793457804,"flow_dst_last_pkt_time":1621432793457804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432793457804,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r3---sn-vh5ouxa-hjud.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432545371354,"flow_src_last_pkt_time":1621432545371354,"flow_dst_last_pkt_time":1621432545371354,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432793457804,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01143{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432561767007,"flow_src_last_pkt_time":1621432561767007,"flow_dst_last_pkt_time":1621432561767007,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432793457804,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"169.81.163.225","src_port":55637,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01153{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432687153037,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432793457804,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432876694398,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02394{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432876694398,"pkt":"AAAAAAAAAAcAraZQCABFAAViGmJAAEARTcLAqP4L++wSxuaoAbsFTqV5w\/8AAB0IbOm6o+b7s18AAEU0LLQC1yXAWiYnG0IzhK2VYtXys8mZ62JD8wkhsWvqnkzFbhvt3QJvfuPuR1sirwI+KShnUrbM1afN6aEucT9hrS0klXGQkP\/sjbWxbRSVpPd+f9X5MHJS9Hz6kemhKetvXTyJqGbN1G75GC+zwvky4Qoa+1\/EIdMd\/MIuXCU84yBXwj+twRLahCznv3yroalrF474u7NubFW0jMWcRH5J+A15Xme108pRGv37O29qvyKdzOm1\/NNznL9yP2RLUgbmtwygArdZz610E2wne9tt8WxltfSjaavCs3J3wGNB7kwvqcFpV4kuTtBj8cRhDJ8UsAFET3J5wrdiOHvAkcai8b4dgSQNPHDp3xVf8Xxr5a3lZo4oeM2pSFKI4zOy\/gL3IOWrKEH5BRE0tivVe3HggMJPpzZub39IlYLUFGhw1FqGAvGU\/L7xouN\/GGzHYbjg9KBXpegMLxXi3ppGr4R3ZbEegXJV66wPYugPfdTLxj3R2ZAxcu5MSpStr5MG9ltk8lzwLtmx5YcbJbKyEMRaCF1iW\/dcIpEdw9mhALjKcmSqJOsabUpsYKoKUTDLiRb0OEMir5UbZUiQVy4\/7Sfjg8ICBXUxYfj0TnKlaJ+wlyizyGCVB0WjDtYmQo50PxvLRALC1oTClrCfpu+K5RTPrOVf3+YHiGNjoiEYVT3Ysn6ef85QtfRP8nysquU2HQ88cdBu1x51\/5RyV\/+DRSGX7VUOAssxQ1MRma0bjRn3Dmy0rmBgLMBljm\/VFeCUpmDEQk1q52vMrgRR1lJE4AiR7egIJ\/6ghIxt2OWtcRN3jJsaTUSy\/zR3IMutW13i9Gw+AVIamx3Vj3f2LmCwuEcU4XeICojezZ7vi0NbDJmYGkjSwtTh7b4ESpxisA62XYIfsFsU6JrkPXTQT01HZP1jD5W\/7lmQ0Uzgb\/2mciiqV+PLt4y8IbSi9MMFIn7Fr1j3biSlXPu\/RKPCVeZazwP4GHO\/RBVQpMem9Q8N3P8d2DHSrWjG21BATI\/t4zX6uTupPdTce\/pRl3wh6arawXv4rYaa734DQGVOXKuJAL3VUiEX4k2WKQ6rMy\/2mgtg8f52j\/tm9h2LXlahvO4wQoJ2w0aBRN8mS\/cj\/Ra3JQN+4\/oZNfyurOlap8hdr9uhFzS6jiSKCSEudsefNrvctv9D2s60pV3\/7RkKVVy2YmGu\/fMPAer+QSxevYYR\/AKkpcNjdJbkDD7YmHSguK9rnJzqbP\/etQrDxN0GrlpCWIXAdhL7Wfi2tYHcbnj8KVMmATRN+0400Z6WxauakXJuNv0JQTaVaubj\/PKuuq5K2vb0tCYbHDPd+MadAPo+JJ8pU1ZDa4KyOjlkd5AJbK5Q0frPvukJDpBDNImKfhDpKSebp8mS0bQbYQY0FjVILDcWSeoYGnRDjH4XJcz4fxZCkv0YvY6T1xDnsZGbGC4zJU59YxE5WYODQH3mhJYDZb\/R1Z23tx++rEKCl2Q7KLWqJ5ApuDmaONgp5W6ybOYwz0urwNxYZ8lWWON9dZHSxM5jOoeTSovDCyex8ryrdpEr1yHyEEgBjx97a\/VbuMDI9wE+07AAsKn1v0pSUT2Y4vUwGIFdflJgbjasGl8KWyMuibJCGP7tF5SXVICBAc\/QHntpbpYtsuJHF0\/RWuZ5yeLaxKHv5t92AvGJsO1Kn9KikspdEaOGD07Y\/IrmImcu4IELab4LYJw6sE0eqBRwufR9cgXtZLQQbDqd2TajaJSlfs8qSumGCJZU9e7j4K131s1OqQIPtVUm"} -01283{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432876694398,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432876694398,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432687153037,"flow_src_last_pkt_time":1621432687153037,"flow_dst_last_pkt_time":1621432687153037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432876694398,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53127,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01145{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432793457804,"flow_src_last_pkt_time":1621432793457804,"flow_dst_last_pkt_time":1621432793457804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432876694398,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905483700,"flow_src_last_pkt_time":1621432905483700,"flow_dst_last_pkt_time":1621432905483700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432905483700,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1621432905483700,"flow_dst_last_pkt_time":1621432905483700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432905483700,"pkt":"AAAAAAAAAAUAtOBOCABFAAViNntAAEARSxrAqP4LXWSX3ZW7AbsFTtZExP8AAB0IShhVJvVFj04AAEU0bXBdseJ245uG4fwHC8m+6tqS\/v6gWT6TRuENAP9tPhydGDsgF7KG9PiuBNd6U4OZoDZDYxdNvgEXRnGpqok1G3cCYyBnmB+42zbaUcW6U0WH8uxsOi5\/mEnkpv0Euyn4vltnRK3e5h6tt2GHGaZNsy6oaivFwmgBfGYXqlFzvmiPzvJp0LRexpgDjU1i\/7Vx3NLfmf7PCWakVkQTn3Mv0hIdyp8NbWby75nFm5vd9qbf7rSRebZCqrG\/gNT3SMKZ9PYXe6zl6Or9B3VtV0CUQVHLUT2ZljaOp+wo2wp+zymYt6qEwhJmfIj1MPdkgXuV3gJi0KHCUAcVSQRFxSkySlYbKd6ChL8GI5FOjZ8QvdYKnwQM7\/z8AgfduUObnEfl6hZZ2npNR6FcP0WFzqQBRqRGO9wwKzFt\/XTgmkAPd3\/wF\/a5iP3PPQDPTiggyH1xpv0ciMP9WN7wbydFhtrLUcfgELiYllzto5jkyT0K6\/M5XWw3Kv1G4BMmIruFxnBZKQUoqA9d1oSjSc9wdZfqCt34KDErlg5RxTvxzlCxbSR1YL1ln0Lc5ooN49Vt0Q6U67rR+tWR3ESuIWUzLCixA\/08yk6CIflG592BY6gPW8Cbm\/dEQnktmUnnaHerrmQJ+oSjAV3xiVvlBT9XkcfS4WGAQSxeXxfXway\/cpuKTExCubwigm9g36DqjHLDwHWdQ6CDBwzPwE7JMioE0h5qzz7kgFtRTn3Dx0fN21mdCirtg9qB4hRCIkLgp9PkotTkEDbsPz4aPrVoVedFUeJh0cg3JwF0sNVAEJ\/svLXWTrK8yCxq3qPCAIv+qhZfntTMCSTOlv+m4\/SG6pP4\/xXexllpq4vN11z\/230fqh41BREXT6ToSYKiLPgIta9MKijhMUrhqLp\/H+6H5q5lyTMHqWsEsQNb9gmgb5bTrnpRQ66GI3I\/Eu6QRe6JQXxj0tdcpH1LILG1JY5awETdC9Gy\/ssWffqANToHPZNHsKgLSZ1Nr4vYsqiHrBBykgGu6do9vSxz86\/Q7Nfe09TEYnNYd\/kOxWDgAjPgINa9ldEyBy\/c1LwwfuQYBqjVd6qzuIvK08UzshDfAry1FSjTNf4Xhzv+C+kRHXoa7jBGnB6icP7W4jD\/KUJLbHASUFpcjtDotzShDZHUYL2umLhCdB5TlPKE75C7x9wNG7TVI9tJsWFBgyfIZUHuK2V6Iv1Xy+i0DPqZ33eKf2\/0cktp3L9oQQztf0yom9iQlAFOrjb0BYxuxSQsDAuCBTfuHuiEnBMg+uie7JClpFd8oxRzgLF2UmGs+bcAjRKlbO8KUqBVWyus6KeC+GY7NYnQOkEB79W\/LSs6F\/y3yumt9XaOjhKZsA1BY2GPva6DJ9bGm5lZVeWW5MqGFMwmbmEdGj7B2lfP6DGaxySHgfivVSWM5AP9dRouhItZWUMTYuA42yBFxC7yYUU5K2dZxoCQBpBD8hiq\/kMUMEM3CXwPlOYnLiDJ4+OLlI1CXf6o16idWwlO57uhDJqlkgqP5iNglZKDiDaLUKSczncTiHuKNaqGxKe+jsT2MHO9nT+g41OMRLOnPZdlHoF\/GerD0RU3bVnuaPA\/7hWpOovJjEYu0nZDxzelWy4hmTrQXIfWloeao6NvLIo0\/Yq0zpGecbJvwB4o4kud6kzKSyDmvDz4lmDhp7J+b+a+a4OXVg9LI3gcKi3B+a6ggFfUWsH3jytuH49v9jql4XnS3YfR4DGtKs1U+A54fAEg+9sHrLj7+fD3uJet9knr5KO1"} -01407{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905483700,"flow_src_last_pkt_time":1621432905483700,"flow_dst_last_pkt_time":1621432905483700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432905483700,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DataSaver","proto_id":"188.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"litepages.googlezip.net","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905483700,"flow_src_last_pkt_time":1621432905483700,"flow_dst_last_pkt_time":1621432905483700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432905483700,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DataSaver","proto_id":"188.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"litepages.googlezip.net","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905490594,"flow_src_last_pkt_time":1621432905490594,"flow_dst_last_pkt_time":1621432905490594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432905490594,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1621432905490594,"flow_dst_last_pkt_time":1621432905490594,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432905490594,"pkt":"AAAAAAAAAAUAlUIhCABFAAViNn5AAEAROxbAqP4LqsRafrJUAbsFTm9IwP8AAB0IsTWhMbhJUaMAAEU0Gz3E4x\/7PJCbI+CzxViIeUiiyxN5gIybKCWDCC8MybuqrNIvL9Pc+KUdkIcv1Parf76zB\/TXo6yFx03Ggg9vnqr6bkGGsAil7g9byvv9gAZjNQMGSu2b\/WIj+O2UGwYR9Ze56oGlPtQ3fK8ScJ+YBFKT+cpojJQmaymD6Gl7O0M2IsyhuN\/z5MNvVeoQtlTGtwJwJF4t3CB3+LaplqunC8tjUfp86B9GZjRjxLI+vZiWX5JnbOLJMNt1qMf64QnBwt3u85Pa9y3sMgX4lS49\/gtIXTs4bG2nNuP5iZc9DQwpayCdOqbJxVUpt1Fl9lqfqkGDabD\/h21kbArS1JNUPCYt82JW2kdPr89gKelvwKxs4MSTRQcLucGHeSqa+vxitAXlW11buSsT2YEY4TaaN7WLCC6Y5OgIewLiKrBgAIDD1JgOLmJe0jh8CtrwC4u83uCHm2ZVbMl2zcjPFlgSm1Ay5QghKEobHUp9BoKLbGW0OMfnx\/vMYa29tA+ukDFJJVEkBFUnmO5PVGVBLdD\/qq5Vm3qeCHn7bH0JKdEAvXgh7drH4CTmvjpTCgzXInM88QbOwK\/8hBF9B0y\/tT2huASOzdsreHMYES8k0ynoTtTU\/Go7e+As+IjpMhtw+r\/xyPdBQWw34uc2UrITsPWB94yJD0ktCz9KUH5fj5j\/MTcB3+EW1+ja2Sj2nYyRiHaQ+PsYbGaz6wXCZf\/tEQta61UXPhInHqIOpnQp\/diA\/YXmtWKl13Ka\/nxH0\/283amVXk8g\/p5xQZLdYYbM1SRNChx+BZ5020iyk2PcohpEjNvyiSDmDjrsIgS+Zr+qK1KW+WNd8m7ZfukNh06oyt6uTkWtGfWfvcwkR3CbVTV9K1zZ3JVpadtBKHoVfeSxzUNB8QO3HY1xoBwUiGOqQMyedNultJ9KH4IhP5o5Kj0DYGUHyTaflltEhcSWiITyfwyOZfUVxdCe3WBfMRyjKG3hw9Ag1m0IdO+3+4Sai4t9HAV2dkZrH0YBb8TzQtijMzuOc\/UkBsPoIHkBGzeAvR\/LY9Vvx0FYUh5X9ZD3MIwp92rfZV5hsqNc3rsZmWPZbpmeAfYzTL3829e2Wo5suo7aDIt+YYCq602XYEuGWM+tC+iqjQVOxADDkiMVvc8A2HYsO3wOW+49aVFLGStxeuhQV5lyMKSoVc3s2H3N+yL2RhtSvdV+b0mpGnnhW\/vc7mC9x1sZNQDq1FvyWi6OgOdM6ikZBFhVxT+99VaccO1YRMkituNtiRsVhm75XQZqQj3SqqL7zi4YYwKWE27YtUcI5DX96iUTbNaIXKbJoRkVWEHi7xVpW0qoKbMqyaTsMaxe9oY9tVhw325iZUqJTscJGuYlireqNEe49UiKHrFD3pBUHCyEpSwijnx0RbAj6rwweNbjXSMbaikwVIiNvMIL5VCmZOW\/ZtxLPMa2yys2nECf\/Vuy3Ou\/9DnpSXaPhTvBFgWf28msqEADWXnHOxczzQxoYSRHSEzLrR2jTHxifPCTR9hSWy+JWnFXHJLcH7QJbBCrIdXrcgRQBgdnrkM4BVlslDUk6ZPisArQe+Rj5RV5jX3HYw7JzZSegmwQhkALBsMs6Mymiz0gK4lwsh2Az\/uP7GO8UcOQkp9ZEs6GaH9yS+2hlRtG0Haykp8Fzi0\/SkuRseswdA0H14gPSc\/5WFCyoI7Y18l0y18eYy1sFdl5G9h5zsIxr1Gxqhupt8DBAd46yPzEuBUgOukFiKNOskklsdcO5v54a8qPY1mJBX8XQWL5"} -01428{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905490594,"flow_src_last_pkt_time":1621432905490594,"flow_dst_last_pkt_time":1621432905490594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432905490594,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01454{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905490594,"flow_src_last_pkt_time":1621432905490594,"flow_dst_last_pkt_time":1621432905490594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432905490594,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432907578635,"flow_src_last_pkt_time":1621432907578635,"flow_dst_last_pkt_time":1621432907578635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432907578635,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02398{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1621432907578635,"flow_dst_last_pkt_time":1621432907578635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432907578635,"pkt":"AAAAAAAAAAUAUmvlCABFAAViOItAAEARD\/\/AqP4LYvvLUamjAbsFTviww\/8AAB0IdEz2yPqFNEUAAEU01lkubHvVAeXsQ5sXGwZERrAsLetkvRSa9r94YrnlT\/RFyWgWZjc\/+m3X4BabWgtMfG2MrRlDeu83ayw7f1Rv29gQ1Fwf3qL9\/y5QL3cILj9wzX79jhfIBW7rk2S021YCCn4cPYvBdSyZo8hiLdDRqY342daZqWhur\/YwUIhfZdJAQA0xgKFAGLgZkHQQNo8iY7pDwNfTWCrPxPcVH\/XyhdL7AM63JNrgEEzMf\/9jsRjfxGAePPUm1\/8wwIq77\/+PVwZ2j3YBRiYZ0seAv7CvRMkkYVrxpAOSkaAOCWqoN0s5yzHmFyDcbv+feS4uFL5UXCfavdd82ZgTmlsjFiR+hG9t7chDZL56DXhZ5TLxZf3UYmIHnX6JZkUrLIVJZ6\/OVCfo3DHRQ4PJOh\/CzeVr8LoegDT5B8ULST3gZnAqDfI276pUF8whh8aVckRyaBeY2ZCBjMcnwLeLg7OKLQvK5wC5BJkNIi5J8oyjbOTedU60kHu3fE+53ZlWBZRS7HAIJQGXa4GEDkaQ5k4XnO\/xxxjpThDLvE8dUHcTQ9ovWlb8\/JSF0up6I6NgBtYGIn5XhNqx0EdEUtgLAzzPtcFSMuYYjicAs9S+W8GgyoFH7nZiOgJcvL3AdZ\/GXk38PSB357IxdJooYxNvjvQ+gKfGJQ5jvUMuu0oyiEO2+gYr9SeGcmLMhDdauhnvk0udsh4awocJv+zrEMXX8l2xSzHndbPtEGFu0slTz0a9mozr6y79gh8In5Bn2s23hBM4ZGcGhqvwp1y4\/CIp1v8EZ3CF\/c\/nf\/AnBeGNBGm\/vfaxi2\/dM2Rilztfd9EUjx6Uz0Q4WrIB5aEwh0AOzRhbK3NHQKo0V2nfc5lpb0UDc9+BrNHOqAdA4BUxqc32WdBMwB8nu8So3Ug4rrM\/JVLFz6\/kRNXUJZRpvlvWmmPwbhgJJtJv\/M89mXfU1kK+Y5ZzDEOWJFwuGE5EwyEXLqfAhuVfYr\/IGf\/dVORQAeJN2Jps3sJhqhEj1IkKjkFBWkkAkONz+gchb05T6MlwCM8C28gRq7Mb7CFBEn\/vYYqlEKnhwzKBeeBye41Vq0gbKM0JV9qRHQ7XKOsVwyIutepBP8jrECNHdwLaIEu+1zVrAN6yVIQ8\/oQq+VsbKPG9+CxCgvT5uKndWjk\/3klEO2lVttmkusFyP5l9gzCYwVOHLBsZ3xnkE2+m\/prV\/JheISUApwdWrKMEd\/078e9MXRkuX+dpNqT7a5dhlSXsO74abB1mrlTL2UcA2ek91eefqFvbEgNjkLzRgECot8CV3+VilYqrujsR+JjJ9wVO2ZRWW2y3ztaE6g21zSYVB6vxMaqYRnz72pD5b35k\/u8uTGE1pcJQr7C2oDFyU6xrQ8fc2olGaloqsNSa9zjm3tw\/aIkxpxphv2ISYW1zYIojgj\/1VCqJN2qkuGsMNJgJdPcqF3OzluCuyf9tY53umRYC\/2FFOugDxVHFd6F4iSNEQ3C3zvrpOLrWtwhbX3hkwUWpwIKllXL2Nq\/iK0AdLu5a1u7VIasXJSlmcKgX7VPPNflgTztWI0n6bh20EyUV6JmwylfymR7pRszlj27nJphDjd5FGRwMS2WMwNFJTxb+RT\/9S6rDmaFhFtes\/+ACWdpqhAKM5grfBOdhgmSQbu4voAVj9LPSU108aYASzXKDjwCDNx50fbMcWjuukzLgNuVnkky2tdFq8pWWnhoc+x1nhhOmxTLo9PFGk31LiQUA895pzmo+l2fTL008oeWJdzMT6HnN4Sq93hT2"} -01431{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432907578635,"flow_src_last_pkt_time":1621432907578635,"flow_dst_last_pkt_time":1621432907578635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432907578635,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"optimizationguide-pa.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01457{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432907578635,"flow_src_last_pkt_time":1621432907578635,"flow_dst_last_pkt_time":1621432907578635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432907578635,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"optimizationguide-pa.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432925103422,"flow_src_last_pkt_time":1621432925103422,"flow_dst_last_pkt_time":1621432925103422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432925103422,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1621432925103422,"flow_dst_last_pkt_time":1621432925103422,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621432925103422,"pkt":"AAAAAAAAAAcAGj1jCABFAAViSZ9AAEAR2GnAqP4Lq7apF9WkAbsFTr9ryP8AAB0ImNfkZtNfpzsAAEU0Oj9RSuVXGBshDZ9GPJVbTKah5lq0FbzrD\/4QiXWxZYgS+EbUjCGL\/0WPsAmbxAc5pHPcwM09LAtmsRF0tGX2IcJO0mU4AICaJurVtqH6l7QnkS2mp\/1x4GkbuWDqNzt1vSNWb0duDucAhmzcDliKJUl+FhynNOZYpa37\/x3qQ2gUckEGtff22WZgICjdslGI9otsFCSq641M3T\/cnDTUDnywq\/5JBllUmTz3xSy7uOqdk\/GvmAxiKHI2qstlN50jgygWTjcEwibzi9GX45hbp55CvW6Vq07\/s78mWZPUaJolO7wmVEZvMjkKJwShrqatA1+fXdYi3Cg6UroeArW9\/giXBCgKk96t0LWj0Ye3aYHEguEIQQk+U1hIhhohBG7CyRY7KinfzxhHKYp4nxR0AoE08flCIJk27BdQVKCtwgdl1KEE6InkS58vcYsqRwl5mGQOqcdrW5vFut3SDANgBea80xgfodgrDqKTbcyZffoEiF+kb9ynHc1ezv0bIAV1PkzOj2qgqWsC5p\/fh\/Zzo8P2XZ8aLnTStcZ6bcklAv5uVNf+UFbiWmjv2tlpO14A6WkHj4ErxqRWGBEYotaldzMPFZWFiW2ioPVB0TG8QGhc95U+YN9bqrlIpzSi25dwaSTySv9VHstq4bM\/QvcvcMc0fH6fkzreAswa30NHgKmTHo6vyNHpVpxUy9B4ic+Or+cxEht9\/+WUAlkGWn97Q8YWdYVqIOE5mCXUm8qnxVNMIjkIhZGSoo3YxRavD7wdS8Fw1e+q3qydgTwhWjN0NEBx48heIuNQeY\/cE2hG6X8ielA1D3F3K53XZj+sSIoJGcY1F7o1jjWVmH8mOKr2btDy1dXnct+R\/pl4MyRkLClPx\/3ATniC4oYp8uNJ3B+NZdFcYjik5Sgeyx0mQaYCG27z65uob1zsx3rLGilfcXu8rawpdMaheJzkzO8EfJ0bPQG7F16gqR72nPqhJazpLH1wJnmzKMRebRRXMjGts\/Ri1mopASMG\/jbemX2+HOVqkYrPOJB4f5ST2JWfYMS9SdThVwfLGD1AwfsTLiumDKXR4Tg9xxWgAm+qvsbkRhOZ+FGfeL1PYau3Gyz7MiuqmvjBLY1U2K2xhSPscA4eL02HE+xDEr9eGwsucUqbbX+fy7xw+w59I9WXHzL9SjWsk7akH4tDqV3vDDFTrKT11Jy1Do1G\/mkcndHjXnmmMLfPsi8aPVfXNZIsbgrEqHINxT2H5oY4DI9on9u1XyO+WEYlRBbCj0\/iK09jSPGirK8Q36Lbin8pAshKEXfyzFJHclT4mOY4c7REOe77o1hD3cLQLCZ3KJ7lzwhO1fZz\/+5qiqK9KNuq+3D1\/Fbs5GLW+FqzDspdA+DHD3HVyqhGJSXI53Ms9iSliE6F6FFbgCwH3eJT9Ox0wN1zEmBqIR7303kSG5qzr5TLI3S+HsomuNljUiJcLhPennjdx7lzykZLApkNqdXohn6cMLNWawEq2vbg6QuuGD5qyFkpNZTZlU8uAHtpVJ6PR8rOhIURj1C7nmD2CZtZldkk7jy284c\/v0cTFyeXTlazrNC5FguNM8mQtfcjJeoRBgpM91eZLLODlcjL1P9tpCLmn9Socs7Q01T2rkvjPV0716n64nRa49vunAqoY5G0f+iJstXQKjrKL1O19hveBusaLAMf3k7esjVnHjtEFlZNWENT0AHE9vZ45PqMxHl97AMxGE1Ey++DiK2nswhT1oOP5K+MSP8LTUT8gmGcQuDngWuHVMtTenYrRPM5"} -01401{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432925103422,"flow_src_last_pkt_time":1621432925103422,"flow_dst_last_pkt_time":1621432925103422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432925103422,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.freearabianporn.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01427{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432925103422,"flow_src_last_pkt_time":1621432925103422,"flow_dst_last_pkt_time":1621432925103422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432925103422,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.freearabianporn.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01026{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432925103422,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01145{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432793457804,"flow_src_last_pkt_time":1621432793457804,"flow_dst_last_pkt_time":1621432793457804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621432925103422,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433005013575,"flow_src_last_pkt_time":1621433005013575,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005013575,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1621433005013575,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433005013575,"pkt":"AAAAAAAAAAcAsxf\/CABFAAVil6tAAEARnbXAqP4LqE6ZJ4k0AbsFThpVwP8AAB0IZRm3OuXdodgAAEU0ssTnI2C5JTpJ7y484Fn11oOKDy1JlfEyAX6Ahkv2Zo4OuAkEIohPGoaBHToYLM+P+WJUX+\/Cx7tkDHSXu6uphHZEOGBHmbdUhEa31U3TrNufu9mq6Qj3es8x44mT60\/f25coknN4f1asGblw6iEV1UtSpKMZaOs\/Xn05i9jEBkmhLNqDiktkJ4wwKu6eDxhG6VfLGYQN0Nd18mF97QnMWVWto+p42IfXZbxYSsRmanu+ilVlO+oFCT5a\/R9Dt+6n3rqrFuIxLqTN6rjt10GoO\/\/lvMLrXeyHTYVfDmtLHFSomxcrpQ3r6eIc\/i4bL2wJjBHSTqeCFHn34cWF\/KUdra327rirXnBA\/7qtlzjYwUqqXpMeU06gm6+dAJeS+a55i\/iSqTqtrz20+u7ZIKLbJOhNJP6eJyDr4dCdENdXp1Fo+RvNoazaCsibyYSNV21GcFTzdJdaAp+DcgmVuOqynNS+9YRbKxw\/5tALw7bDdUy189V3QJUm\/7eodDeLzAxTU0ecTeCtBoRV6Wg00hEmo77VajiQh+S9i4nbzRbAGk3ddKNqZC3nSakSP6Mm39WZ9XZ2DSCUBtbOz1EnZK6eDSyw3kFY8N3QSNiaiSeJfa33Sokfyq3JCk8UnjuMqQyCqe2oeMj9pjHd8z5tFKOU+7OZzkA\/yQ7JVv9cFs9+5eYZ4cKFz9UVTSQT0XDPHR4RXhdh+bwJsc9s3QG7laDs6sjDff1OOdIw+HQvW4J9j4BHeEjv5EX8iWWHhElmMuawXMu41RoYajwI8TvfiJwokixmW4yjJof50jF95ax2qGzCJFu+R9a+5BttXBh\/HgnlXdP0TqNiuxyOJzh2lYvo4XC+o1iVVoZbKKo29cl1g0ROFSenQ6plougEal5XbLsvgz1yDGwthS+cZxXIzwxF8Eg5YJQAhTRX61XoObnpc3wjyuzhjohKkihqglhF+YzQsZk375xH7l8SvAlGAlhbaqyzvg5BgzZRh6okkrQOneu5ObvEyajk7xJ1B4hskZiOxnZ0noPwZBTF2QPMuYYm+MCxH46tot+xZ66piECmxmki024ptldWuOatYmRe+vTjmyyX1YPL4JCVDC40p742+pLSe\/iwjJkZAnjQmTnvKGie\/1BU5Wr+49RbkkhlQj87GarVPAL2uWWkqFe2Xngd1FbJvcDFFkuK1dxqsHpPZkmRC96zjmBFDteeGuqwR2lMo3UjjF2OCNSmVipO+iUOCkltuf8TJWxs7tEHUrqAVXcOfh5I8BPOIikZ3dfkJLmZ2FbI0TTtjsGhNskYmpIQ0PlvPIV7kAS3z0gwBKaF1FnV\/xQ0OCEM7TJqhVOfiW\/+wkoA3mujBfVH\/wOmSvWqW48vFIffH3djYRV7X32psbHY61g0HRIXjeXvXr8Qqc6kOM7tKBgVpXPFeJ07yr5RtFibyMmbpJubKIOxOd2PNf\/UyTLqOCr\/EZQqRA34kT\/VbsSrwcgR6YhLifHRelRWGH\/E0Pa9ov+0yS6KH5C1eU4IuTLa8OWBrTOYGLQu8Tu0ZuJyhcfyGs1ESpNH7K8z9wJSLmfAfovUdPKdJaXA4eVpJ3b6rEyriccdcLge1eKHdQyp3T\/AsTnrrAUQoHmrYyzAM8GsuQbvKlbfByymbHOPuwfI9YUmrFGuBKrB3X9vWARNEbMs2uicMz1oh0SQfb2Ug93LkY\/XDhxl6y6ruCuCMjHk9YF6+XgKvBLgShKGnzgcDJqqw32S355No+iSbZZxAos\/DatV1Zsga3TJckyQKORE"} -01398{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433005013575,"flow_src_last_pkt_time":1621433005013575,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005013575,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"s-img.adskeeper.co.uk","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01424{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433005013575,"flow_src_last_pkt_time":1621433005013575,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005013575,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"s-img.adskeeper.co.uk","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1621433005304458,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433005304458,"pkt":"AAAAAAAAAAcAsxf\/CABFAAVil6xAAEARnbTAqP4LqE6ZJ4k0AbsFTtY8xP8AAB0IZRm3OuXdodgAAEU0cISfGNFL6Nfe8IXrcMcB0WwE+45y84o5jFkQ+EdHDqq0hRKmpjiqPPzi8JXkbGCFDae5uvRs2ByaSWejf137f0JY1fl3AeVjkq6PaQWDhduni\/8xLvtEbqFj4AqrhXB9TLrxV5LvP+0mGlJValwLeXYCkQ1e94uqm\/qbFL9zYlqDWYM9BIIViTH9xhJud\/SLw5JuUvIFaOQAu8OmZpUxq1bUd8xSmpOSKiHypmGgb39a7H+T1KVpPR+aUixKS4GeMMK2PAyd+OEGJMuz6qZJGatj+7v0DncaR5EgoSYycOF\/vja\/rdaJ\/YdRvp+BmrQNiM9k5UwjpTPFz+b8892Qzvimnfslx7R8GKQ9PAsv\/Tg24GHiB5jPl\/cYxqB7qj\/Z4RDwUJUIkT1A6um69Kq3NVgu5rAWDw3wRgcQ30gaG3co1yGCHL7BlNpgYFxtc2sG95hPofeQcZ7RmqBI8vbZsdcgEG9pwZXnghf+i9JkdOOyHhmNzU7FhBVpm886Oc7ESE5xd3wpyFyKJ5wKdEwsRtMCPYdLRf0ABAJjDpcG31xcGIVXa+iXmHdKqZaaFXdkzl+G5GyXaENB\/bBYFVR+uzivE3jfVyYnP5o6mkMgHmF4stkzuFXNhTUCQtT+vOWJOY0OKBIRfSRrLMayp1BWBk48bLyItA0l5w22EpO2xW\/My4wjTeC8gEVd09+5dNMt6iJUTON1ZAqvZHzSmdehef4+4mQl\/8x7+EsRKAIMAJ0j+\/iccKVsAFRvylLUI9xTbdrbwMgSdNlLvjtGyuPM+WW8Sz0Fphz5qliTbHpDUhw2MYDjzqo8p1eq2A8b9Wtx0Fg9PeEdOHEHN6JR93qNQ8Qm\/Zs+yaxclMgzfrz0njPpBZWm5TuoqFpmRrNgNmlZsI4vJE5izzoxbqOc+XwyaqSy74943ljvUMQ\/ZeoktJ4guJVMIv881KZyYNXdWP8XlvelQTRxmIHmrk8WULu5C89ykKYnsXobDBaYsX50pAVggD11aUXtJrh1N\/dVOKdnYucGb7Q5ArZbw6g65fAovdJY61FZZYMTsGeir2LCxh1AxApj3NMBJNeCfN35DoXwcNt+D8w2\/aSTQe6Lgqdlrl17h5TVhrBdY2EwKzbkiScpw58VyUeZdOFiVtIYClAYFglMWlD3NA05mjWkzv1JdL5VrS3h3MfI2xs4zN3+TLmvqItkAlOxTuNKnFQ6PMzhbtiE9pIRBeo7GRWe\/s3sXYSAgTQMeTwcALlYXW1XrTrXea37yWgn6qd6pcye8lKgZfbrjRMCVrOgARQ5+uLTdXLZffiqEHvPYwWFKcJtCjG2DNK7rUYqQnnhv4Wl7a9aDSnxFpvuZBqMtbV6dwRwh3nVBQCEW8tbmselh+vdecmFi+9yIQLpr\/ttp2HjIMzaof+HymOhd7VNiP61ZWKFd35OLow7F6RAlIa\/iMODRCCPy5rCPJ8Och0DWA\/AImeyu3i34G1KgGADjIpQoQOwOKh1KxRKIqPxHA83lNc0T2MvGmebHLNWLrdwsMvVJ+OOdOddVjrpUtFqYOdTOSyKkfGy+z3ggq11AbCjGSCRIXFWOTVgFonh1\/ejWrgnzhzvTVkzsdfazaZm1Nq7y3TI1Ff7GWqkisOa2duQbw0SwQHSDsh9Bynr6GVmyLYxcmpSTtCvxHuQF4wCoYZxuD709QVdI5mDD3SUUMavLX5H44VXuJkLmJC1t\/WhlhpH2ChjFQT1wbqIPa1XxtXfyl+1hhcd+xzhaw9Y6FS3fdwXN19AFoGQ"} 01143{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432793457804,"flow_src_last_pkt_time":1621432793457804,"flow_dst_last_pkt_time":1621432793457804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005304458,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"152.128.87.238","src_port":50073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01159{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905490594,"flow_src_last_pkt_time":1621432905490594,"flow_dst_last_pkt_time":1621432905490594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005304458,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -229,10 +229,10 @@ 01158{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432907578635,"flow_src_last_pkt_time":1621432907578635,"flow_dst_last_pkt_time":1621432907578635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433005304458,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067725492,"flow_src_last_pkt_time":1621433067725492,"flow_dst_last_pkt_time":1621433067725492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067725492,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1621433067725492,"flow_dst_last_pkt_time":1621433067725492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433067725492,"pkt":"AAAAAAAAAAcA4umACABFAAVi1OtAAEARtzjAqP4LdZR1HseDAbsFTtZ3zP8AAB0IpPhj4m4ZUDEAAEU0Bbm2MdfcBkbBAPPSjVV7TSr2o29Fu0JZdgmdGfjVEVdDmbG+dqC+JAbzKNxQpRoBCsz4rRvvwiop1np5APZ9Ov1gMJcSIiHQncQkBtDWz+J2o6GAqwAVkZk1FxBkffl8czPnYy8dHsU5KXYYOyBtpfhC+IT7ePszMtE7GlrZvCnH23HBzZ7GxSIxR9YFrG6h4PldhiWirrW6fHFgo\/piSndGDtWSJ+EYJdFyOMLk8LdIhNJ\/bJX3nYw329gRY5r\/poWNl5g71rBp4iz\/aiTDNDMAfcg1ExHdPviw2IK9f4W8pMDMvDI9FexzuJfBX9eRklkzssGGPyOnF+xE6997bLBbI4Vi9+gpQBFCCwYHdZ8Yt0Gussz\/f9ErkfzoPii85d0vfFh+DB5q2D4txvr1h4E4SDVIPFbk3TFJy\/7UXDNbvXXIm5xIqlq3grZZAsNicHGKes2+rw5ypULifO33QhqTPaSFb\/jQn6NyP3WJTRP9i0U0VPYsdYu3f0K5pfJOPF\/8gAxIuhKlFGtGv9GRMlzIpV1F1p2d9+\/vUuadZOiX\/Db7H96lha\/Okr2QtWcz\/SSoJEkbKYVqBS3RDAbbB4X6mN4n9Ft6hAcQJheC2GFXuEAFotpEq4XY1B+2WcU1cIEKgkoBaRv5g1\/LOKnYzLT8SzL1UVFovVGYHn+X0THvNtuJ957AYrKYcqgN\/SUJSPHzmoZoWGO\/q5y19X4WfC481zRO79sZO31h6Dk1na9B\/hYqG\/CxAXd1s5xBzDA8OS5TnaqusIzCxer4zV82fnF7VoQtDopVZNTsoDAIpt6cW+fAinlqYRRovLmToeikcLMo8c8\/6+0XN4C\/sNxwObVZ\/O5C\/emTkAyuRrduScc9vJaxAO9Dl74qqMHIMLFex8KQIDCh6G1NTs3194S8k5vVSQvmLDPRNPbXzBD1\/e\/+7+rmJqGUOcdbTOlX0fkuR4DB14HEvju2C2b9RxC4VpxeWcvtcIqUvnsdf+10RtMvVEY1H8oIRhd\/40\/JOM1RwnJAya+YM9Lojxag2aYSWUlQyopt5V+r8YPszgD2PyRsBJhXDMRUFIuIv2\/u0jmGfN1IMWtAf4wKiwoSQdAMV17hTocy61LlAkDEtIzfOpKoBNjr1FJvgoLlUR3p6HPRjORhAJzdHC7IByfP3Hxhs3ctG3V\/7BQQoSKFTrGH3kjhrfgHIt0HEkl96gVcUPsmn4EtE2VI+GcXfV\/ANkKoUFr3NCaUGtMncqVP\/YjZZJ+QcMW41L0RZUgzIT928lTjcFEypXkCRrlGtP+rWWXE7mFYXiNfnrIK3QAi4gD88L8LjTWDuvcPu8biICw9pEbLTHY1O7PpcQj\/JJ82HVYLYO58O++NchQ\/rgmiClydF0i\/JID1L1diJjMl1iYMV77lfb9Nvv2HfL8j7cDz55Alfw6pwUDnb8QeDwc\/a6xAfyz4uojy4vrCkJfYZreW9P4NFSgKnEX7HwNb6i1ZjiVei7dVFeH9afC69DsshYJ7L0fYFE5rREPVfqmcWx57T\/mQmdAf1+07k2CuNu6sNtY+XS6xOdLTWbSkcX50J5GTkvJhnKHxtmGLG8CoEfmdvM4NCU9jEGSExH87\/iWlXlfjYuUfmvFjsKZOzqUkQ2sUkhZw7BFVNd3HF7fUsilfRlk2t8MaAx\/EEndDgdYNK0EgdXbFzOIIeK6IAbpmYeX7gNdesbdzVQ6uz6TCcVrRcKuxoreJi193vTD2D8+SLe1fOItmTtr9WoqXkb1GjhybS\/sPn+TL"} -01430{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067725492,"flow_src_last_pkt_time":1621433067725492,"flow_dst_last_pkt_time":1621433067725492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067725492,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01456{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067725492,"flow_src_last_pkt_time":1621433067725492,"flow_dst_last_pkt_time":1621433067725492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067725492,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067996393,"flow_src_last_pkt_time":1621433067996393,"flow_dst_last_pkt_time":1621433067996393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02380{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1621433067996393,"flow_dst_last_pkt_time":1621433067996393,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433067996393,"pkt":"AAAAAAAAAAcAWlu1CABFAAVi1TJAAEARrlvAqP4LV7OblcIZAbsFTjBdyP8AAB0IGttMWxhOAgQAAEU0E0iR2uQV7+gKMUMCJ94a1mUs9WxU6Tkmya1QT1ijZpDLW3h0qsyJnE7yi5XMKbMLZQG0VI0E4CnL4699UzuXHbmZG4j1bpQxuVn5yALot0dTMdquwfkg43GEM1wkpQgrsMTP0qTEcaLbJ4i4VFKwOqxnROj3ts8Q5YEHHDel6ycIKIRhevOZCj2WbWLu59h+nwbW8hRv73Od8cN4+kjzfuGe+B1zZiO+ZdX3XLy2RMy5S4kzUgTJnM6eihuCfOyH9C1kMvBrE6eF+uvUY6g2SL73pAnMQ8F3ZxMjAvnHhyJJDNucS6II1cpdPCb4Nk6lW166dZJrTlpxEptf9MOeoGPoI7T8kuqmrwllZaRI4XQ\/kKSxUPBWGaQQMJydqLl6\/T1lDk6eOI6jqnm\/GdP90hCcoCmDPrWgZe22++LHPGXmbsr3YOCDa1nIhq8ftKY33OkoptIbA8RVngOr1lQUcMQQ\/VYFKWd7j8gKOuzuJU4SGqvnkK6Wj6e+C85olkBIqr+FP9UVpBEPptprLjMH\/pqncDJZ5yEh7Grdurgenn8Oa1UCeREsY9XCcMK5LJG0GEGg5FgT1KKRue2Z3g1vuP3LjKlHlZ6ysoHZipHIwWeDZcFGaN8c7Ipp75Aj4UWNvtREE2z3pxKUeu\/3ZyZ1sgWETUpVlXcSVvotMQ5TZwvAGbXANNu\/rhz1tvjUpV2Gbr3iMVknJ312hfpRnkJ0phBBW7yPgZMi2pP2LGIwP70mvVJhdiKKMoWgQ2K6uSPzHShiYyWZ9wfqSuCt4GrPH2Dz+sYRk9GjWlWo38XlQSZByhfvHyMDGY\/VwkRy7DGiQWpLBPaI32qcs+0Wi5UhL0chKc9MuYtE2kBrFhu\/MmzxgILiKu9g1WiLecrRs+SiPafnawwXaxRH3UnKyKEbs9tf7cxaGwTFwQbItBr0May5hHbw7VijZr\/F9HknAkXN+WQzfw2IZkbx63CHzTxn0Lf0\/gAteNoZtUoQnGHEWYD7yIoAOl+XtxktZ2WH8ilBnJI532y+PhOHWg7vFNIZYy2XNI7Ro8rUoGLA7ZyBrhYAPGV\/NOjp8U6D1metWriDzDxh0ozJasZzk0JYSqpovUTh5xgdlDtecRDUNdlTAfjBnyMbf+cFYTPnowHg7\/FY4RR3Q6\/UygV+NcMVkjaTNaDNXvagiuVZXLNIb4Tk3A2V3EqgUkxJl3ru+va\/80OsxasM4dazYUBuVN1MBNdZhpkRBKIit9QjLPAJB6wcXxf+0p+d0gN55St3hQi8gb\/iL9k\/onbQhxFP89onbtuDFXRyUSTM8tQq5CBj7L4VyNmcLHxtw5p3RXU70Uk+0psZnI2HJXq3ccqQUlNOGe4V57sFTrkyJUpugmAdJl2lStMmlzn5NM6S8FjEz0Mv23EdQvL2Xv8xQtAJ82kaQeAQu+skCfiHwl2eE0HR0kpuVdYzC4577xLkjxLKoUO64A52BANzmrvYZyO1d0UbSchYHinUiE32BfXi+lFE2EkQL8c4oFSQkavwjhteXk5z9herUfnERT404lCm6CiO4Z5gG+k6w2kpWoipnHtRYOjO897tsBk6rLYOHvEuLqjnZuhXbn3m7joNX5Nd\/3Q65iq8R5w3zlVfzVIw6SZdhLY9l5ctDa9JFYiC9MK\/ietRcrprlPxUIwhQEDdSRUda3EJD\/9M9hmP+CaD+tbS38jpu\/LbnTrforILNg1cv1A+sXeT03E966mAsy1Ec1mrv8LqFR9Ep7nyOUg5\/wWMujj7+qgzOoMXZ"} -01403{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067996393,"flow_src_last_pkt_time":1621433067996393,"flow_dst_last_pkt_time":1621433067996393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01429{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067996393,"flow_src_last_pkt_time":1621433067996393,"flow_dst_last_pkt_time":1621433067996393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"87.179.155.149","src_port":49689,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.0 Android 10; SM-A125F","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01024{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432876694398,"flow_src_last_pkt_time":1621432876694398,"flow_dst_last_pkt_time":1621432876694398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"251.236.18.198","src_port":59048,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01159{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905490594,"flow_src_last_pkt_time":1621432905490594,"flow_dst_last_pkt_time":1621432905490594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01139{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621433005013575,"flow_src_last_pkt_time":1621433005304458,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -241,18 +241,18 @@ 01158{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432907578635,"flow_src_last_pkt_time":1621432907578635,"flow_dst_last_pkt_time":1621432907578635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433067996393,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433096272294,"flow_src_last_pkt_time":1621433096272294,"flow_dst_last_pkt_time":1621433096272294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433096272294,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":62818,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1621433096272294,"flow_dst_last_pkt_time":1621433096272294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433096272294,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+xxAAH4RF+uokEAFcfqJ8\/ViAbsFTmV5zf8AAB0InVNfXfhBloQANwAYYxPxefYKsSfYBnNv1ogsVtvxp+5D0ZV\/hOY9nIpSROAI1ZGm2\/N1AX52ghSODygwpwixzphE\/Zx4PU\/J05Jihihf0HSLIm8bvq1I4lsCPEN84oOzz93N2RNW4AsTQ126TJRbLg+\/OXaDSNcEv\/431bFF8tgqRZ\/fSgX8JysNc3KPA0qWL2Lk3BVQJPsXIJEu279PpzYHBZ9j8jr+MI6zCBxYsOIqbCcGrJg7V4pGpqZanmc\/ej\/n3DeFkX7FR0rIL4URy2ACi55eZKyE\/cY\/+hGES0KNpvEuqZP0W6JB1GsnUf4nno1645JeNNQ40sWdwbJM93i20DxzCA2IHAqqDjKl7kwPdqZgyd9wwmr9W5oFXYYoiVP9fx50w\/y3HwF4y+xHmrmGKykORvvBujXyroRnjwvJp9k2q78bX9Nyvlbb\/fcJY8pdAcKGU9z25xdLJSOP1tG+gXR\/jGu2H6rUhavGMF5LYRTLRLHp4SbpUUx8jxdCEFUjmqtpUIEIrwm4Z0Hm+uQms\/iJ5w+1UJ2sdLBPKH3CMuMfmQi9NKErYIIwBEWNGQPZhSqFzVRVxsUINfKxs3IjvTnnhraOla+6OE4l1QrgjctRAPGA7S62BByhCMQNGtxvd0byLHL3+HLvfrJ4IQWU+re9yL28JxErUWHasznlYJkI6xctz4\/QfwLD\/upI1HHH3su\/JN\/59+8xaxpgdcd1l2nQp0pyvwyv5U6Wf7RnFfTWkvsE+beNCGvmyezggTvYYVlP3svh2dMR5YCsXGGBkHXD5Al\/bACbEjho74CZPIoyoqlumxFrHIJzc\/NBVqNAjx6GAMbtTyTT9DzAEk0LjnqNCPGHCefcqhja9+\/J1dYX96nmT25GaBsEaG\/rC+3NobsSNBEJakiA8NJIkUAtNh+7e+Q1zXrNjmd8NmSHehchWFhaFYfxnUhrfl0EpT63dRGyufStUHX8IH1M1xkDQCR7MdusL0d8DxstPAiU60cVG6Pwo2zDUTo5ubMxGhOpDHV7R7afYETZMCRo7m4ZNNCrUpt7zoBwup1J4svPg6nbVaI\/m0yq18JHw6AXXYyRID8HHMYm7BT25H0nPZW9IjpdJr3qmbDzc+C1RUeG2FZX3vtkbX1cww+TdfceaPdnmlb8oqte+bT7ih1pGpJbAr5QrtlJ0fJxJALGxPwvaxQt9OZJtzlgIiab41SJVcAVCq2GsiZ42wdCT81IxlQVTSKbH4rfxWIpBOQ2K2fcx5t+Zp\/ZWzBzNSCJHZYT0Yrw\/F\/i5MpM8YmdTShwy7McxVy34xfaZsuGyshTN0NhE1oUwb89fh0YTKyYiGlurNDOZOnGgfEY3re1o6jZ1GhwQ9qS8pljPV8ic6OmyGN3uNl6cnbAJr6m2SeP9AyqqSk1xq6k+NfhHQoeQ0khsYt2zSVuVeE30pVDMVLVpm1OQ7GuqKpKfrgPTEqSQp7+KiYJBgE45ORKunQOL\/cPFO2l8yzljsHT\/3TEL5kTELmyqZtHoUk5kaVnTC2KnmjMSJdqOCe0YoI+ZYBNkv2Qc1l\/Ve5vnSTtpVXPgZSSESjNxCDjPN5u2\/Z4VbQPVJvn\/cvLnv37v4aofPgYXBuu4ppOjhOv+b1CVIy9SClF\/HoAy6eQYGuQjl4dTmHCm2hwqRIzd1UwyH0AmPA5vcXUv8JLzDIYLi6t8TV9fYAP5GDkBiAsP8JBZRXqxfCVEsg4I5l0rc9K50VAdnoSCYqi+WwH8w7xNF4Bf7\/E3sWph1xGreEe2sTWhSoHxGuzKZgP"} -01432{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433096272294,"flow_src_last_pkt_time":1621433096272294,"flow_dst_last_pkt_time":1621433096272294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433096272294,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":62818,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01458{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433096272294,"flow_src_last_pkt_time":1621433096272294,"flow_dst_last_pkt_time":1621433096272294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433096272294,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":62818,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01157{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905490594,"flow_src_last_pkt_time":1621432905490594,"flow_dst_last_pkt_time":1621432905490594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433096272294,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"170.196.90.126","src_port":45652,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01144{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432905483700,"flow_src_last_pkt_time":1621432905483700,"flow_dst_last_pkt_time":1621432905483700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433096272294,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"93.100.151.221","src_port":38331,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DataSaver","proto_id":"188.46","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web"}} 01156{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432907578635,"flow_src_last_pkt_time":1621432907578635,"flow_dst_last_pkt_time":1621432907578635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433096272294,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"98.251.203.81","src_port":43427,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433110371220,"flow_src_last_pkt_time":1621433110371220,"flow_dst_last_pkt_time":1621433110371220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433110371220,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1621433110371220,"flow_dst_last_pkt_time":1621433110371220,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433110371220,"pkt":"AAAAAAAAAAEAdQOrCABFAAViTQVAAH4ReGOokEAFfYjMBNxpAbsFTiPgxP8AAB0I64b6Iq3qYnUAAEU0uyXOGSdM2M9jQQTW8DsUXfqiyZuXJRO+q4Qmsi3Ls5Qr7HY2TrDXBUTOIVmmAHBRjS4fP4\/iytOosBigAE3GS1YbHzV4KTpsNSP39e4Ai\/gNwa+JW6iG+pMEbrvqFzobrQPLaW\/LHhGgdXr9HPIyoZkTeqm4dAslx2tKgtIx+D3ADPfxa1GtgUwgxIFKeLXE5L28gvidFJ5kvOUtEWVi7p1Ct04FJCqOfcTDqWyHNK+CqUqUXBJaar8gIYJl7Adtmv4APrH1W4DdFGHseDk\/eiFm5dmfQmCqHSHBPKfjlASsF\/vx\/dDIlMGRNJVvEUORDhpGyc6KzrwpCkBycpnvcDHT9PXlK1Pxbvka1u8Bb\/RRdl4GhJjum02FvwJAQzMMcjvQQIBXXUnCtqFNSpD+x2LT6UXB+SZ7qVGMl\/t0sECBNEK08pUkCk0VFUho606M2fHuj9LbnZQ2bGNrvbAjmEkMviJQv1BoTAZGNESQTqDEbwUZYlY30qwlBFXqT9WdH2E9DjbH42c0gLLqSkQErQpcDnv3SSVrUT94EWqqkCfDVWO57NKjDmHa\/9gsGDeQQUO53mruFkMe6rXxUCFdLDVpieBe\/WbmjFIiYjT+b4FzvV0xGUDAY6PtgiB6HvKPqKp6fxy1kpVrc+ZsH0+HKMh3jfC1EeH9CHXsXnCW1rsQpJK4+n8CsldKtQaVDkSAqWG\/OgV+UysKdCujrfyCGHfNMSPWkslqqg7s2vLXqrQBO58gohSxIbtaCIYfWJrle40Mot6V+cL54Ya7PHlWtQH\/Ful4v4rOlvCR9PDd2nGpQ3FkgkGPeywwCdeY5sCTYbMMlVuLQJ1oFmyS3u\/zhwjeifqZs579qwIfpeaP1FtY5r+JU0rDJQFD7jOZdftjZf2LgOsGj\/TW2xmygvRQ30KJn7bLRU1w2J0q7tz5rXSOHzMeKm57vqp3aJSFv9vTNxJ+BD5u\/xLLqLMMeKd3yPZj737pE79\/LtTTjm5eJ8jsSmmJueqzLtGilfbTFryRQF8325++2yfVJKrzj0c61X3njJbMRbXWJEiQmoEZWV9TWfn7wTSpOjjQRnHFofPS0wy5fqr\/79EqOgnhI9PoQuUw+VgWrmM8UnMpt6HX7llwMkswjZvYYBxWiZK7SxCUZWVinS8leBxtyiCVvDCRWP+lpTzYWOppDeOpuuR6nJmZFaaTGLcFFPeAKuAVu+nTC0hkldleZKShVNc+\/+rolf\/Gxsw5EKidbPL8HFlBJjaenmfkmZBH3LxN7+OOgk0dXGhmlJ4wgJ21FhusAxJjb4rdo8Ob65\/i1ZqK2DnqWoWzDwD5m4Uu8\/nBbSMW0kQrvJmBY4XN+lhGiBPJsJk96AxOW048eDZfKJYg8Q4WotwapShO9Tb4n7Q5LhKow3wsQkO4tfue14G\/HUzOIzbT2Vd6GbyzGYbP6zeXYMvI\/MobQkwBtMUX8uK0OxAv1Dxr6E1ez++cFwnP4qZm\/N5d3Snzx7Qd6PHVVvdaIKFS5ChMsrskm71TFLKy4FJm65hgjBVyTzsB5o+U2Jtrwl04IuRnmQXivp3vavvqqU\/4e3mekp37TSUP7JrzfA2\/tdw5ycfdyqXP74qiJ7FqCBDCIFZz07WOMSykwdBK8sEwapJgncvO5v8s3K9sHSmwHnUhAmcTcEJWDFYrq8fgJAuluMgxicHkbBHDHTdVhPiEDPwopOcYRyFx6QlMlyoiPrV8enJOOqMFw9m6sR5PA1xxKZEflyuJ3mRTH80kEIdfZNby15\/d"} -01425{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433110371220,"flow_src_last_pkt_time":1621433110371220,"flow_dst_last_pkt_time":1621433110371220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433110371220,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01451{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433110371220,"flow_src_last_pkt_time":1621433110371220,"flow_dst_last_pkt_time":1621433110371220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433110371220,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01138{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621432925103422,"flow_src_last_pkt_time":1621432925103422,"flow_dst_last_pkt_time":1621432925103422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433110371220,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00682{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":76950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":0,"total-updates":57,"current-active-flows":5,"total-active-flows":45,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":252,"global_ts_usec":1621433283660100} +00682{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":76950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":0,"total-updates":57,"current-active-flows":5,"total-active-flows":45,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":252,"global_ts_usec":1621433283660100} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433283660100,"pkt":"AAAAAAAAAAEAU0VlCABFAAViM6RAAH4RJaGokEAFmWIcTujmAbsFTq3rwf8AAB0Iz5STt1Y1cC0ANwDFPRNS\/+a+ehucrc3Cy3E4zimx6Se5x9S2Dy\/Gdsrzx5YFrAfk\/P5DuuwrPRCPOU3BXGhgTB5E\/e3sUYmzAEVTAuBYpB\/Z\/1ehiztmkudlkpmIe8TV88KuQZdgMCFwpkxLuaxS1ziTCHLi1IPv4lk79c5Z0ULFtJLLvCInJMRjcd6mMGJScqPLX\/oX54gz8qU\/6Qz4haz6hp+OoT4jjUoHwXKwZdcJIPU1d0Fgj9BSxoZMC3uUZUh6\/nSO1JIplWk20Jn+EdrtXf9IF3Neg2QP7WN48TjKFEWh8rRXUGGVZwXfgyZ4u67st5aDs9WYZrXzKxk1nJVUFJMK02b+yKanwM95M5gyBaP7fEbsz3G93Jc14HIS+TZPmXtQf0GDj7Mvht+3zbNTk\/o4VaawVm8AXrpyWNWavSleSlFtm32amXDcWcXBAXyviKq\/ZxOJHsOe0hRNn8R9DKEAdOiVzWHc7gKLyh2t\/TJ5RZvARNmvpppZ6wGihiLhcw7ZfxEeTZuIMl2vCqdlmdPL9rAcodDnH3cPQgNcH7hxThB++pzk4xpGMH6II4XWKGZRVIss+xX363+BpzZ84mO8AvFYpM2G1yOSewM2tyHJJjvt5tVaanjhIHX91fgLX\/FiKYxmMGxgXGOHydnptpnm23dOt0b9WZvjKRdNovSQvIwMupd1UWFxikqzvsb7A4rsAUyXLWIzvzBBk7394MKzqD+owlnrzPcWgMnz22akkOeqa\/r7Uc1zdnb\/xMYpRLj6j\/VJPcZxgWSF\/P4Qtjjh5xSMS7E0SpcbJG3qGTIvbs9UGrdVGQOvITRNq5BHB25231B8uXSwZZ2OfP4kX6XjlMWXbP+uJQMmZTGglRloO+dA6aqTrTy9krXaEQKMk1DpabL8dpFus+hC79SbtQRB2+q+kl1BPR+TLeqOsYPTKcukPf2WREttP39G\/t9VQQCU\/rrFLKNTWUuaicuTglon\/iwyuggUyLgAJ5TOQSh3AwDysJj81Jj8yy\/XVRc+Ow92NtvThIEXi2BqpMI0pLfvsZgTdjiOUTaj4nR5+SLJt0aFTQqUXp4O4\/J8uybiTqPwgzFfEz23lP4SecnmMrwFjOkjPHhXc3\/7rEUmZh2scM1CaQnd8xqX1Byg\/aXBz51V4uicTZLxtfg75bBVl3kelSzZJu+XqjxdL+n9CzfZbtFpXbsW2S+Q4+jDNeJp4HBqG06R4FxxFevo8pd0keFBmX69U1z3Wq3sokxVvxe8+dpn6prJlOSracYX8yZoELER11iW2n6aiIPlofm1lWs6hUzVqnPotYA\/DykZqsMhurgWD4MoqHtW4DHKc5Bn5KWc\/OJK60z5e9EaP9fvLRfYouPq78UI388ELbk719D+pp1WijPL3R0TEvj7ae26qCBSAEds62fCV+P4XZ5x0eUy1+pBImuibzJy0Qqd7jHkHbgRa8FGmj\/X2+xPfVMG8h0AOMqH9w0rUvMze6gprpf\/7tktIfCTqw2Qj6+Gkt7WnBilpUaFfwjZrooYmfJ0DMITDqenN\/N95DqoILT6NKoG8ZEuXufJTYTBtIQQURklCzYwU+bVBfdZZKhXs38KMloqNck1yXZTWMqx0XcaKtPF38dzgU97G+ewHG\/d4QBFblkENQ59GekuwL0tajlQ1a5yv41R4OjF\/og3TAJBWTrUQFopI3FvTMPDLJkxnep4Xrtt3D9pwmCEDc5Asj6CgulJotykyE2uPE6yOnzV6YWwiNzS7S0bLajRUqyRCV2dgZXZaKJvRpr1CHOH"} -01408{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01156{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433096272294,"flow_src_last_pkt_time":1621433096272294,"flow_dst_last_pkt_time":1621433096272294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":62818,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01137{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621433005013575,"flow_src_last_pkt_time":1621433005304458,"flow_dst_last_pkt_time":1621433005013575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"168.78.153.39","src_port":35124,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01161{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433067725492,"flow_src_last_pkt_time":1621433067725492,"flow_dst_last_pkt_time":1621433067725492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"117.148.117.30","src_port":51075,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} @@ -260,30 +260,30 @@ 01144{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433110371220,"flow_src_last_pkt_time":1621433110371220,"flow_dst_last_pkt_time":1621433110371220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433283660100,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433300632344,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433300632344,"pkt":"AAAAAAAAAAEASYHhCABFAAViwQFAAH4RVpKokEAFbKuKtsV4AbsFTpawy\/8AAB0IVc00l\/iOZRgANwACoQTdl\/GOABSj5yQ9HIigBgYJdQCUTNlANM6rqxfD5723bzbrUxaSqL+QgfFYDvSs2HF+3FZE\/TQjSbe4Km8KzftRRJ7WGWJLHVZGU6Pr8JJ9uxzBXyE3XW+2zfcSO0pInvNKKnyglyrBYAu3eLKCvMOF\/lcR22wWFyI78zQm\/U4997pUpU3IeDVTo+1apB0IH0pVnXk0s\/DcR6kAfTOaqckpKyJM+iypk884UqXCF7zKL7SZD4uGN8XS+r+vfGpyWarYF8YuRePoaTXkOZ60muMhm0jUocNqY\/U5XaGTP2BXnULnONu5tCViE2swJ5RpifKQhW0ajmcYyvMPByIkayNlHx+wVxBbD59Qy32KgOOXFf4bk8hLtiTkWyRCqp\/0xL9c3Vfn26VBZY5CoyUtdJBdTk8G94oF5RXnKlsW9RPQGN8PNrTlnxYqCMvKdLymzbrkSaVHd1s6hCDMlvKgPIqlyVPjyv7VwNwgypSmNGQjl2iP6PboGwtXnIpa5ka4IFOHhKblDAPYAGuoR3WhJLHbWPOhkpp2xAZBtIdfGz88WUhh\/fa+5OHfzxRvv\/+98pKocB5KIs+9XaMOM2b4ye775waBhKUHBxzU5chSbpQbjGNQ7UgHntGkQrLxRrgYK30BHeCwGqbB3O3zTGi28fjy0q+DQxv58s+isMuLf4rVml1bN6YCm+6tCQu1csCemJ3W1KsCnXf1iNt4C16k4KuAk4uDPh5S1ikxcI8fbKjrNcKeqP+jUu0A0AQxq4tHOgVeVJ99xXNa0rfYRr+KcbfwK2f3GdLGTda3yUnSVSryfyKJvL2Q+8aLblgUuM6hiD+LekvE\/LlAnbBjLmD8wu4FP2UzL6qUbY58f\/mCvQGgHeRTMEUd4CowlgXPUdhQWeaDlfMLg9lfb0LA68XuyJmqrdq5bG2Bep8ngxyxEBYvezuPAC2Iz5rBy\/4kms+yRvo6kVIbiyCCpXtTDJRUyNmBT3rPW48C4LpJYm\/ICdZMpWdD0UGNtBqPhJE7WKkKOsCkPGnUmiGgDd0pjw+lR7ks28tZEyD2kzjPP7ttelpXI8vPVVoY4UZaApsgyum\/R33EOq89AHxrj6xsKtkVzUTlVCJby5kmDowFpY3WvjB3YKxK7u66vXI2uvpgNuceSN\/6K8VLUZARSSeqan2EPUjPwc8NG39Volpuo\/q6ci4X3xaY\/VIhhzOX0GkrQnDUt567z9VlzQJpCGMRaukTO8AYWCEgkfoe6nxM2l6atxd1xrKaWQ5J1s4Fb+l3ui1owS2vTplZ4RPYsayHMQAz9JTj3HW7PvghKUdzoLY3MmV80zisuPXVZXwU2r9a1f+c1uKlxlSpPR66onFKZZdWkDXHMs5slBPZ3cct6OQSpk1E+HaV0eC8NipyKySEkKnwHTUZdNtCvNWU+DfIdSY+5S7vDR\/kAFS+UkA+axllbFzhbZjbE98MSmiyGeojTXpwHvAETcKEIKQ42DITA7olKjQ58qBoakQBY2QIe2\/X\/a+1Rz3Qpmpf5f\/LIHyY8CJTH6Pguykmu8PZ2YjeCHh9nc4aZI\/D5huo5lq5GzxgnUbuvAghp+1jKsnjdIBsSbRH5Ax5Q1NaysWgoo4eoeRiE97DOBD3dFTT0U9rGH\/b9BWCRjOHVrT0xAYjOVJ9vKjsh\/uQE3RymgcpL9m+XSdoP7juYR415Wg2Oqxg61mfx+maFmAF5FUVl8xb42RdcnTELYsROvNQ5WWEs8jmQMghLxKlLWKQvG8aWjfEzyaOE4xFNVsM"} -01411{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433300632344,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01437{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433300632344,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01142{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433110371220,"flow_src_last_pkt_time":1621433110371220,"flow_dst_last_pkt_time":1621433110371220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433300632344,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433323690840,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433323690840,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+3xAAH4RF4uokEAFcfqJ894MAbsFTp8Fzf8AAB0IvzqNQD0lRtMANwAyYa5fSLdWImB4ZVjTL2NEPya1cUtwCyStcfOGkb+i0HvP10Xnx2V6173CCBLyTlS2lW3ItThE\/V6vYeQp5d8+\/LNRUHhhok6SCvxveMOhomdOJpo8G34ZKxbpZZeGXMm+kxymEvh9PGGn4vHBB6v4SwzcoQL4QdYO+oYbe4NJGodI+SmHvMckm12krbWK18PtHzoYrJftqnunvJo9ULpSRaYu2+s6djIY3q7wuNnjJvZDUe5LF2t9pFC+gvIh2yTEiqiPxPThsUMHIGShrjOrLAxZrFkrJHPByKb8fTvaZlj+Dkpvl20jckd+I0vvUZV\/2XJXbyUBPGy2tkcDameP4Y5wVjdpq6TVih2KnVLphaiRQHJibXu58TyDz0Vd9X6glZg4tYEC2iKCYEy5kUqjvrjHuGphHab1PzL06uyyN+x\/732GK6ik4JUpWyZBztoY9G7fyAAxwg6UPj487al0tVnMwp1c37Z3vKYougGLf+uVEsTYDF7Cpqu+Ea7zDIydQx7IO8f0CUfPQi\/u8\/gD4HXXAdB2qA1yUY\/VlHUe3+mmQbrEIgq8uIdDQWKYbjVC5pvQNUhxoD\/aL0ONFl\/jOVpgaM\/zL2\/ko1dyUaMhLjojLbYyekvliZ3qkxk605uj5nYxD\/OY0t4miGDxZQMnUULowLp7cbjsKiCD\/BjS+2cK+geBlIFH1XYvpAgJYFqu5\/05GxQPEqo2AZuX650wvMXpjzo7oLSb3VQ3LP6jN+3GtZQkbqO0Ml2eFlFThBeHZyyNfdgISKQXW66VXUuuUPhduLb3p5Yeuex9h\/2xxRpZf+QwTlcaySd6XeQxuyDRaiHCM6HiKDMj8VSuGyQ6y6G\/CQ2lQpqTq0JCG\/TihEgoblpCMhxGu52dI8\/M4cE6+j2XEdE4krEK2jiEaIZKGdebeUzB9JAU0IEQ368+526\/BhOh0rEXo9RUgNgTnXonlH1MQUqO1fcoXxn08UG5E6ZYKgu\/OZN1pWGWjVSWyMfCT4BqFy0DQnEk0oVfz682lYFVubZ2QMzip7UVNkMKKCepikphE4c7ppd3hkLM9bsNAktobkOkAgW2i++QQX\/bTNfJxawx6s88fmfdgIdLdYyVTIeI78VHXkUVfbHcjoQFDDnKH\/5gdBE+P5BLF4EpLHfAF4Wx974YrGRnZHnoMF43ssv3SEdPlN2iriNrn4spM4xowNSQZcUmJHTcSpU+Uat4MDUM6V4RHks5OewDlWO4kOK+6LIYgpiR+yBKe\/LrPhXG4P4O0gNUot5Mb1kSEjLXUEj\/1PtJIrIb4oS70D8+c1NIiu\/OQVFn5lEPax5\/uGndd3bG0u6aRIwsYEkaTKTgdt2ZQun3oPeubolQM1fI1tzSovLzWnNl+koBh7dhxXhgQ\/X9UAn1n9hyc5f5taxal62r3tci4Mbbx8KPZBkYFj8Mmrqc8KDSHzLCloQSWCQSCkBQZ9FMuVsXUYmlB3jRDOW7KZN2uY8kbzPbIbjPWcCvUdxdHVNDIlPdgQ\/XLcgXkYVqmy7m9JKpfEvarWH5dSTcvvBS\/j7hMNXbKyu2ZBJX6gfqjxLKsxKQggL6gi+eWunxMe\/1Z3CwjGLDysODiQjylrqRc\/i89KaJ4RMPmIB9Ni0qJzV1nr4XAGc8l7QrTQ6KvRGv+KgMs0SAAvvCG8jxH07B459x95jC8vicEuCu4Qa8+k5\/C+g6l70JY75v1dmSj7TKtkEeixX9hXhrRxZTs9Uf4IcI+X23icYMl1eKUVDfGr5SG09huGxWXyIx"} -01409{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433323690840,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433323690840,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433390651222,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433390651222,"pkt":"AAAAAAAAAAEAU0VlCABFAAViM7pAAH4RJYuokEAFmWIcTuQuAbsFTrRvzv8AAB0INosFT237+MMANwBb9TwbasdQ32A5cX94fXk3R40z4mY0PhE1HEAJQYO4V6\/3tF0P2M88fsUndGz9Fr7kJKq5dvhE\/XERoYXV5NHZLSYf4DTWVhp7q1z6KYJRQxo75jUpfdEwUa6ZG+5bNu\/A5u9XKnFMFC0KCN5TT4NsPs0VPSqpEv80Khbgf8\/cxxTXZWjqluHOImCUv2NFZIJpo9CgaD0e+8GRtcXDohjn+znKXGpEH1V8b\/3kSK48z6I+6n3KVBV2xHgdOGQwwEd1q1J+ECF5KYSp9RUL0zzTscSavIziA0pSN7JIWZUep\/Ok1sLxp9ATB3LHSyV9ajz0afQRqz8lPxBfGq9y5R3BFba3C9vH70pf4yBTyQd6jqWvZyTR21R\/xl6xRf4gAhvJcYjJkxW+3lmGOhS68JXB7SBW\/j\/51vJYllmwAccGUXQGTXS5\/VWIw5VScjbKe0pa3A8a9e8Av\/ljOB\/HEfVTnsj+Y+qchpc8HO4XTQoFrPwaU8vXQ1JM66P7sQb1sco0zqaDzmitGZlUT1QWpnQr7eKksiSn9NnvNYTUvdDSSPn3PKsb2RhC9OqgtoYPKkGHpW8FvVwHYqbSyvaU3MJxUBlxuA0FvYBKTVbWO0AgmyZocUfOLKTsk\/TZfqoCD3QW7FO7lNRUo+P1rP9gFOB463DdLyAUsjehCczhWZWdGU\/gT04HidAXsnw6jARYjLJBcLpd08Td0XXQY6albr3J8ZZ9LOvShd71AaKUK4b3zzE1WCv8qtmiARodSJhVf6dZMl+yNOLSPKMomawxSMzPdml\/FM\/zeE6Dlz+9BPCv+f08v5Fn9tMUAsDXRUKY+8WZNa7DgQzfNejuemuadnwoPLOzzh2w6xM0Rzp6OEuIpQFyQW5xNjLrzOOpMaJIzF2sqpzwfuKJCm3s1snEjO84ddDhgxqjSj4lavW+riy8zgmEWo47r2DqOd3WghFxjV8xyvlVX1uHWa05pzMGWfGeumcPVMyT0adU5+wJkEcRvHBRw+oHJsqaukZHSI5JJYAbZf1ESnjxhCqHtgklzs9ImmCW7GeF21uZglW+vjLUsQcwNpF8zy37gmZdX4j9TzC1fY1ZjbAZMCcZltyE4Ua\/HE9Gr4qIttYQRoSXvemLO35Ifzyp3YBJuix7D\/0G7UY96\/ygRaDjJYKdA8flhrjpLc01yADTlcnXVTVLb1A6zKUqy1IoG\/Tlk\/z3cQ9+IaG0ETvoH+URSO+Wy5\/31GgH86Fb91IlFWvBBgEg9o5mtJE4ZjuQeHoeCfnmV53e5D0s6e1mLoSTRslkgBkyPIHBkD+AfULG9yRcBDRHLVOUtHMauEJx5SFk6LDE48gvZ\/W14DPXuSshpkqThd+a9l965NCkiqLzobezcZyu8ONMCL4aWAP4JD6b0Xp08jXqOcZYqiJ7NZSbad15kseZHdYQvvA+PJhUbcE5YZWcn\/xOb806apm1GAxXDo9cx3POklhJ0tzP\/LMU\/8cl+t2ZxNjURhO8nGFdQRgkvW6BDfHMzQeR6PbeH3pEswauHhyM5fr7Wk49wwwktzukldwFbMPCg9p87hqBsGVxIND1WlwqOlV\/lxMTiW\/q4zZTP6jyb8htKoyq380p91mZyV0+Qdr+Qa7+\/NlUYv8PEee2yAJ5phlblYmFxIh\/JvKbTy5doeGxfVsMIJdICKa5u7\/SlsDHJCHaQdFlIVGoLAQ1H8FpK6Y\/P56TfHflnO\/ivZWYw6MQJh9riQHgPJbhr65Ah4Btxq8WeMahT6b7GzECoVCR8QqXUp3Q"} -01408{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433390651222,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433390651222,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01153{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01150{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01153{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433390651222,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433411827256,"flow_src_last_pkt_time":1621433411827256,"flow_dst_last_pkt_time":1621433411827256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433411827256,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1621433411827256,"flow_dst_last_pkt_time":1621433411827256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433411827256,"pkt":"AAAAAAAAAAEASYHhCABFAAVixWVAAH4RXjKokEAFEOjade+dAbsFTkGKyP8AAB0ID6UbviYe1OcAAEU0lEpFVo61ttZD0\/Guo\/jnAnR9jv+k5pAvfeBeOWD6Cm8zeiN4ecxHXQbeJAslmDKkgnaApPPGNJshgoi7VzHr\/rv4f991MIah9Z0x3iwrLSqHm+jIfLQxfiAPFuB9rLMf4f5yjsUpTl7yYpryWfDoVmV2zU2awpg5MyVbMiWeuULv\/hrjEOVgd6zoPwwK5dF1RV\/wrIcyIIMUpE+r5n8s58GUzUdN3AhPEbNnKhRwC6RWrqA+i0cqa8ctZWlgocKvytYgiqCsqMVO3NdyZSTFiTuNzFYJLpfFCUzIPf63hLzpNqbjK63qqYHIxdtHDARFoPxNzOgrVier\/q2WjzxC+M6mQi+H2pqwgvmMAlvMEtDd1ZlAWkzOl4G\/oReq\/ToNk7RekeRqvxLV\/VeSMXbYuQGNbpu2wr1Wxl6BibYf\/79Z3rObQtiyM19RxMxp7mdvUcLeIhqREsWiAfd+i1zPeTFCw+TQxI+c7b8r8\/XfC6A0KPfbtIIopv4Md8ZWbT8evvkG1J7aQcX8LESarYbxGnYGbIKbRvieAyXupa9DNkt5ydiaOWNMWmnYatZS7q+vJrXn89FucDVT03eSB8\/l5O5rpocuX6dFZiCeqampgTCdr3kOlnlcPHHqJr+VaFY4vr5Xyh5EHsikjEWIGozPdc7jEZtWf3uYTyNQsjZBZgpnS7YJW7nOT2DjNWT0GWwr0Ic1PXuo8I2w5qSUux7ny0enp7B\/26GObK7DIsMjzFG8UHaQBBmT\/Gf6mdO5kccDPkmAWHe0oXsNPt7\/TmoB8HTzqmFM3q5jiptukUvnl6h3hrA4tDcWF6r6\/VaXFDgQChkQm\/m5WrQEKH+KSIIwCREIKBUb3xaKQEJM4DmC+PDjOpNX2TtmlEUfuimAq0RFbxofd+ZiNjHaNh9WW79+yMMNubGxcKaeiIUpxvvl+n8zGFM11cyoFugluYbAi8iHUHh3Cjjf9i8p\/JBp8Lwsqt8GOKWBoZr8Pv9Qwx\/yhIn9+hyt75NZceSkQPB2HilwbRmKH9ZWN1RLraLSCDjLFZUoXLSdJR3\/RNAs+0evfZVDyjhtDb9Eybgu7J\/eCdLlS3X6ZW+L84u+0SQDGVf6Ood3an8Co1tUKtWj0PhIkidMAwm1PT4EdcGZ0Og4+2sY64xmsHSK3dYm3M1QvEAwoRAl7F2yqmYCv7brxvtZjAJQRQ+SvKtUx9c5gyIckMAAQPNHHrAiKGz7YZtDQNhcaxQR3kHPlUSzEMcAKMY1RR7CN\/pSeooHbHeCdnLpRnly2OT\/HcsGFzOvorJJhV2IGzqc5eU85yleqWqGU4sEQpVrPVOXIbwh\/xWWQ3840ZM2zRH5KGNip5J0esfDT3r1uD4+AX0TrvlQvBmkVKYVu8\/Dc9JFMO8ks11koiARJyBa1p\/sYHKBx1429RrmPqPI1XGKrymUtfQLC1CjqDyMOcxMqXqHjOsV2W9Oe3aLqW0jqS4duUkIT45+NWUAEWQ5dcCvojudybcgB4i60UXLIJevToJ3JBxhaiZ0CBRlMiKqo7D27zgr1XJAjPS+feRSz+BJmxsqmY7bE7m7oRlxsN1qe0wj+Y+9szslqshgyS2A5FJDMEnvbShUgke31IlErYOEjA3M5ysDeUu5PO3ZaH7U9PkLACney3E6ldmC+Nm2iaW6IcjlkqsHCdTehMCOgQeKjiT8gNfoQUi0sDE1nb57Dfx6ucdbSEHW6ULrwjrSydeaPhk7\/b\/ZyzdR5QbL\/8bpPlib01D2Ts9qawYdi2FBumvw"} -01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433411827256,"flow_src_last_pkt_time":1621433411827256,"flow_dst_last_pkt_time":1621433411827256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433411827256,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01452{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433411827256,"flow_src_last_pkt_time":1621433411827256,"flow_dst_last_pkt_time":1621433411827256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433411827256,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433443702807,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+6RAAH4RF2OokEAFcfqJ891rAbsFTomjw\/8AAB0IUmuY6nOze38ANwCN5aNI0Jhzv9NOMh\/1sz8Pq4SZBhXzrMMmdjZzrQgjx1zkkutKHQB1oDFT8L80Z4Aw8jSNx3hE\/Zw\/laqqIbhk2h4AYI8E2Ksg3Sfl+5RD5Qe9ekCyVbSOIn\/RQGKQ+Ysrz4swQWQlQaC+KtSVXMe3vllDuG\/jjZv8zSYZWp4V2dx8qPMZPOw3vPgkM\/WcagE5PucdMP+3itniSXOFzVDdgXKq5nmt+7yYD1XqERMNH7mUp+JRrWe4XHV7cKX02FgoGRmWOpxUJWFf7LJEmXiGcbi7Y0jE\/h\/OYXsowiB1squTTDTuQqDqWuYNEAOZV9SOZp2L7pqHnGTE9iJVdZW+JFE20DbZCic3DVlzGwLNvFMykQy2R19YE9TfCuZrbfxU0FPlLGpo5fIWWWvDAVoqbqVmZqEGwcTHzgV8Yz9EUd9TKsk+pq6On9FaEMp9uqGWWwnxo3eZj0TPa3FIym2Jcz1rAVeaoddUuSsIGRkpmLUnVQPtQlzkUneg+9hSBIQzKf0B4JD4gK60cQ+wEib\/Mlb2svj8AwuMbD42dbbUAldY8vdc2R6SBT7hjpHRBMRK\/23CtpazJepPZW9TaqY1KH0Tz\/rdqetAkIpplEYk8d\/g9AITDWSrF8e6zya2TMq79ase5qJDl1I7B2BaCwE6uBrcM3YNywAaodudS6yBo7OBmzBJLhjcpawpG1VBepprPrMyQKdKRaLIppfRPMpB1zNwIz1B\/b0n29UJhF6mBe0rd\/G89yqhkXZrgizvDrWltB8tOP9SBV2j6Lu0+wAsCdQXImvD3VUPci4NZs5GU7Vvk\/ru8p8qVRhy1G9PMoV9S29kH3cyerovTX6XCRqhXT7LjRT227GeRmtu3e6LKmxiCSV16aoE86qsn7s15ede43yipjlcC2hBClsbMTb2sd2VPU5sjNA7FNWxGPJemWAv1BZza5EgN49CYT43mq\/jV+DKvYykpvXjR7AtKXJDZ6Sjxau21\/2SoAW9fknYkCMN\/b6sBb\/fb2UpjRQ7vtJeLKXxg6xRmaSy02gAXGTje9zcd4wsNhHKa5efII9Ck1SaDqkDwzSlV1MgZYsboWuDhaRPboyD3HUhtACz7J+Y3TYKG8hOhjZ4ZCZgGjHzNSe75OGW465v+X67ja\/0mNh37VVVzJ8W2qxkDcAd6QHJT+qyXR64+O7B10B7DO9voZAqB4B7NmlTjFKRebbQu57q54zPuFHoi5ShAmQQ9UaPbGtA3CwzY355cHS0TvLRROOxD2CS17paHw+jZFFnHn5LXH6snBlWaDVhRzqR\/YYGoi4d\/7LIG+yhTFvXfp4vXRdxfwTSW\/47XWHABPYfJ6vXmF0ZlSVMGkkiLOES0NuVRKMFyi4Xev+x7I5SlwVCu+Rvq8DSRF1MfjOJeMPXW0T\/Ekz0FDO4mP35HA\/3PeK18zuOlO37CdOsUXKnqLocCevQv9jz5q7vVxas6jE8BkD4uQY8aeyRiiKzeZh2\/lVon6R7IS4sMXdz1t4wPZr1ILCy8wM7LjPHggzpJxmfuu9E7qlOH406tiQeyFo7FY1H2GOapGdOKVftFin6pO7IjV88AyDx+yPUwuSKzmoqNi6P6VAErvOi4bRjw\/kYQg9LGmC02XKMWGdyW3mVcI\/8x\/3TkI4csH2+tr+BfT74D5aoqvH+ZJSLn0rurteuEBkZW2fndLeNUkyWzU015vCQoZJqvTClWmVcG9CLZn2rbyhXrUHNKkVJ+wn4ARFcIHQUVc7egurai3mUfPedLQU\/iDA4\/fPb"} -01409{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01153{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433390651222,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01153{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01150{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01153{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433443702807,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433521961363,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433521961363,"pkt":"AAAAAAAAAAEASYHhCABFAAViy8RAAH4RV9OokEAFEOjadfy8AbsFThT+z\/8AAB0IhJNYKtANuoMANwBQeqOywn67qncKSnTvuagILGVnNcalwuzGeiHpkW\/r3QudQ1Xg+atf32S0lvogd+2\/QThXrAhE\/UcbE6\/9d3ne8M3mBUbLc5y01PqU2r3V84i6i2XGKABZLB+Bshg3DGbuuyaaRbJCJtO6TLBrd9b6D0pWzrZ8i\/Gz8PAIyMOtI5BQl03yZpQuNeBtefp5qB7VZ9vAjNbT9Fi4jMJzpK4LOjIjHvho5UD9A1tQPssWUuiaB6ShmA41Ky2YyAUYb6Vh9rcHTQmUf36RXRjnMENcqSJ0txZ5HLa+JL\/wc7MLe4cFuMGhbo5QOrIDZl0OqxsRLbUuyHXXUj9iT0oZwwV9OPcMhzRgBCvFYPYmfISQRYW788jLzx1jI6Om66CAeI+GlZoG8XjCWvwTBZh4\/jd+ih5NAhEs\/yPoFHJAITJIoFzfVRs\/ZlaeaD21dhSdkLyQXvL6YrShajAQAL8QQuvvPxp1O9trw\/J1Y0yCHlbqft4HIR8bieoeKqFBtn8Vf4OzAvdIKL73M4BelKj2NgPZYdKz8+ZqUObz8td1TnEc2GZAidUp2ZVWI5XtiTBVv6\/1haOTwC\/f72jS66IjYphHkAjFY9qrDEJPRir2QNSQmatmWbaYhNe+qzzpKOsUSXAhbo1oQcAl+l2H9vJ\/DIQa\/AxSESBrwxGM4fWVLKqEAfMznZCtqu5fIZYleZVlEdE5C6lkvCY2W3xT+YJ1bOncdsHPT\/WGTsfc2kcqrsadebK7YP96vtKb5\/Kwjr0TCYEIvC8vfon2QAbzWY\/JCGhSEYUqb+8HgxwXZ9GWYITX\/BiqiLCdU8Aq6m\/J2oBNQp41WFXol9NeIYQ\/ENO\/iD4I\/DEE\/++\/78B3gyY1sn1rZXJOK0OaZecB3oIp5CHb8DPBBomL5i+kCg55mQYZXdBZu+\/tPycOr6KZl91KRXD7Z7TalELPSIUYpOBkmxHSZ2pvbUBnFHUY\/pw8Iwss0KbgupzZx7PD0GBpeEIyl45N0\/CmlN9QuyhgtpFSdG76LgGZLszlzyntz5P0kwUusECVbIv+39Djz82FK54YD4N+JgQBI2jcM5Zrwk2YhbYd9NpBrDQWUXA9bJsyou+uE1gnkTh+CuICnZY1UDepbEYOVkXeD6R6MgAu0d03kX9pBp4HBB2snNUvQ2Oyw65UsJhUcink0Bfa6N1+jzB8j4NevywJoM\/frbsYzOsqLw3giaa6WuLFmKpE+IZ10TEjlyFlcukcQlZ+NNObDfykNCzzBy0AcMVQaUSbjFM9ZqN+w532wfhRNhL\/F83rzAuxIgJ0n7kuWgx1Jmzauv+GuAQAe\/Uw+HEgG6V+kg9JoZLVZYLKoIXp7Z\/RGXpWG6+88\/QUBnYEjIVJi3NA4jv6spgUguU8hnlk0dwaGaTgDd+E3pAJh1qiy6G4I6\/yNiu8puzdQ2UZXW5DSLwiSIdluiR43lhltbHf\/kT4ogbkuhAZhjh\/hPFlOMFqyWyJNLdSoLKPFvtXO5THZjGcQf64KDQ+Abf7vsxCS6V\/yIHUSA+iidaY5kvUUh1iHjGk0QAUUnvwTyQXCrz5Lw8M0X\/+XryPxtPTET5dAXJHe7twTSv+4wTKnufI1RxQCzNHd\/d8PrkscC7FBMhp5+jPQuyuCQJrAnnf4c5Q9OIbgJM125\/9n8YnDbNwguEGB0mPAkvI3jKFLHb1CFQcgY8kEl\/0mjy6bPZdm5nVzmX0ouDvUmiEZcGPawl5Bk3IHTCTM4+6WoZMUTAFfn6ItnEi7vfqWVc34jJvA3AQ"} -01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433521961363,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01452{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433521961363,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r9---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433323690840,"flow_src_last_pkt_time":1621433323690840,"flow_dst_last_pkt_time":1621433323690840,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56844,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433300632344,"flow_src_last_pkt_time":1621433300632344,"flow_dst_last_pkt_time":1621433300632344,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"108.171.138.182","src_port":50552,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433283660100,"flow_src_last_pkt_time":1621433283660100,"flow_dst_last_pkt_time":1621433283660100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -292,18 +292,18 @@ 01153{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433521961363,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433567521558,"flow_src_last_pkt_time":1621433567521558,"flow_dst_last_pkt_time":1621433567521558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1621433567521558,"flow_dst_last_pkt_time":1621433567521558,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433567521558,"pkt":"AAAAAAAAAAEAS1QMCABFAAViYR1AAH4R+pqokEAFCUGp\/O4IAbsFTmqmwP8AAB0IrIdSuCmx8q8ANwCDdz03IhzUFn1L2Cnpzs\/TwSm2cofJpAX1JkTV3tCerbt47eBb\/tUYyv\/WG3oeaZXUGjSRmm5E\/S\/GHWDf3uofFcje7iOy\/NYB5qLognHXVD5g33k5Wi4OmgM+Ahmi4KhHeG3d2\/spKvCfjAjis75+5oGyetUb7SiO95JzfsedF3RaUE6Kj3rwNnMmnCLJJ1LfhDj1pFKjuI2YJh+71nHR\/BoSscicrqHnjNU+Kt5JysJR0+jE4LPT9l2mVbtuLkLis0xTseEMrQ66AbQ4UFQMzyqQWI6Ys9FFItz+0act2NE2Wbofw\/Lrumq\/k5f6prAdUO5v4cjZt\/R7aWcFen8a7KkWTJ\/7yg4CnjBGZeWmAF\/5X52U3x\/RCCkPoodlYLAoeE7zSZyzafp9Vs3xFNlJ9K08Ckfsw+JGyo11cIH+HtRX65c3vvT6RM+bJMwm4UScJkC6c7MPFESBou22UrxOHjl8NrD0kEu\/qLl4tdQbrTpkmURNF2JKrG1jx1\/Vfcu5uH+lsNbc4u2wpjBtpNr8b07\/1E6ftbBeGWLBOlfhvQxQUPiyD5FRgm3uDcodf1gX7fecwIzaijpGJiX6c2KBmWcNDAQ\/RbOf9+2e76hRJtul2\/BURpdz9zqqRcD4sx424KomOinx8opVJjXft4bXUEWmwuefm1\/MbxOXPv2RyHg9XMH3qoObK7PP8PiRDpbbi6LB0oS1AIUBop\/TsnEOwwab4fl60FNiCev7ICz8OTrnAs6or6No9QC4mHJiNDT\/A5vVLmzT+Z9Dqu6BSr\/JaA6a6DJxfKrQLEYyFN+mAQST11uNp+VnLp1My1clYT++rNpJ2L59DkZaHZMZObQn4ik6O5C5VTnjBEObmR92eddNMuyKx5Kcg3EUAmOCeW6r2JGIl\/IhqsZitb1a2D0s80k4oX7Mvtlc4SQUaT7Qoy9cxZgVr3MS2h5r3nBhDjmOzclfK29evsEafcbJ8vHLvuDQLmwUbuWeYZPoiyIhQ9vr3rKz\/vd4UPl9YGc+ZFcosYc4+tF2ZvXLoV44zl5Hn+JUXSAMG8rfoE5RFiZCNdNSnotUGTuB8Lo8zqSeIICZx9qwBhwg0RBlSWK21bfhv0V6bO9uXd+SDA46Wuo9rvFwnraBKcacSoVBqqZ6NGGOXQX3CZ0UnZskQ2Xh9lq7c+9mbhD+uHkgeQ59u9+pCOoymabTpJz40KiLhh8cpE9UupFG3Btt\/mF\/tKjiDmpak0XaH5p715g4CskmYYeD92tSYiV2pxtPeSRFzREp31JbFciPWTWGHAynBoYesEZ31n6hzAN8xZIjFGAvCt9mogpjeOLZJ7T6QB+DXmTonvgfoavnlxnuqRqgiv2cdSaHzS1VthMln+XrEc6vIeLHjdmGTvxC4AfsHPWXQIScQ1dgnB39QlH9QGb+UXoJzINdUC7cxDDD1xWXlxqErv9pLj\/8syL\/kpqf0cAEb9f64EjRsyus6nZBGadcNgi1Md7ZoW1HGHML8j\/VyYIyJ1h7a+uvD3tW2ObzdNNh76C4O7RQWUO8ZVim2RcdZDeVvKTfU9dvyIagWxbYngJIGWUFxc+bA6nkUtX80ozt8+iMKvMyzsIr5C1WAgFhm\/JX2pUDX72XRGljQ99hW8WgvHx1zqZrH1LJ+aVfz7ij\/XG14HFhuepiATRHhb90pWV4gDy4BiWtZbCYyogbxOy35IER+o2RQvYWxiFGjGpj26HCJi40rj7HUSLn3oSMIhCgp0XQZUgssWXFY06WovWc+\/OK\/KLsjtKK"} -01423{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433567521558,"flow_src_last_pkt_time":1621433567521558,"flow_dst_last_pkt_time":1621433567521558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01449{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433567521558,"flow_src_last_pkt_time":1621433567521558,"flow_dst_last_pkt_time":1621433567521558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01153{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433390651222,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01145{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433411827256,"flow_src_last_pkt_time":1621433411827256,"flow_dst_last_pkt_time":1621433411827256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01153{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01145{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433521961363,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433567521558,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433588411274,"flow_src_last_pkt_time":1621433588411274,"flow_dst_last_pkt_time":1621433588411274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433588411274,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02372{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1621433588411274,"flow_dst_last_pkt_time":1621433588411274,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433588411274,"pkt":"AAAAAAAAAAEAz315CABFAAVi2sJAAH4Rh2SokEAFFgyWwuo9AbsFTrBryP8AAB0INSLhPL22UxQAAEU0dnb6uZhq1t6Zw3kr2pvHyfNWBxJD9W9s2zTRbPt+j3sYHVqGaibagTvObqxr8L7RMTtZH2xjRCWpCspX2XXuq+FXnTIfCwzq0R8bYQN7af9gvVLHPCvoe4LlWn1tEH6m0BTvrXq32km0YOpGp8mBDhiXp58UFczWic\/LDA0x6fF2n4YNtLE4Z2lMWFYhTTmuDLcKfFKATGaEQDjMewCgDLW4FqXB4m54SdcTcA\/dFOpbB1LCJ0YhH7hBJsrsRX7AF75ed76PrLag927ZRPEw3QiemYlDHW\/GgtF2bnMq6BMjp43+PZDDTs8Lw6sSJLk5j+j7binjYxfhzKvS9t5LIcp5cq8WQfdQfqbOCH+EpKFBTJXUATHM0GqFbPOFEWoTNdoLFZJCt0RlhQ2aFEhPRfofdgGmwmNcj6SQWX34PWjMe+xGvvQbWJbXfEiSpzsQw4qDOngUbAppNhq8yhTP7TLB+dKj0\/0j7CCnhGjf5VTlM4l8pSQLDnxJSczvPia0OmU+mYdzwvo0EOBr8AklCW7iLYW8dS2cmM0rlDa0ecqvTJ1VYOrB1S75Bz\/6V6+Hd7atab6h1vwSF2pFzXYcnqRiAinW\/VuSyg8KFFRr4Ybp5EzzwavSR2SInrndIzHlQgZhYkQhMHquBj5pApzCV3CuafdgWqruaCZexHIxHUdqmNN3yoqhpORch4AucgZXsQNNzu61Oune7H9O4MZHSTbLB19LCWWax1HzoFFeIyd+5XmDm8mqPBGBox1uxXAnJKM6+GXHpB2V+FVVww180yqLX4GanOJnfIFeIsn4XBJnYIAP18i9WhsbmRQWzl2XXYGFoRgkXkK1O+vGgPHV0EwDCUVaRhM2Rp+mvnnekeQws42lHMDRRxro+Eu9Ix0dsSJSRu5aFrroBpy3BPqsFCWb6M1EO0ZkiSuyMzMhMajOdUGCUna3gRiqvWtnMAbujUIPEq4PxN703lFKCAwIzIQNpwUh8mhLfFhAoyZhTjLup4KwhbKLFvYtKH0KHuLzpWQoBg9RYsqdtULI2+oQT2xHT99uhQc+dCK2nB0\/AJUbz91vXqq4Z+yTLK3qj+zNjQD0SHuOj18j+U37Pv7n6hwnuYzJKut5HNbT2mS5c\/00J82pn1UFjkHTJlZViBRbamRBCYCrX8FlJMJSeYHxtaGSD2LMbKIo8ecS2LrRVpGzwk0uo07Mlv9SeXRRtFhMhL8QJj7Ppv4crbwmWUJlFStoLO6iJRltLQK2Pl5JTkCISdw7ai8hmpPrQNR1gTuhnQ5\/GrIbz\/Hn59i+FyKiHMbjD3uzIGGIjeAdtBo03OGEL7XqBQA6NjJbG6W4THKFVaoUguo11P+g8z1hQF6OsY4EIS1M4hIImra0sUYy8Djc\/GGHsR0aEhjb1R4SiR+O9eiEtlxe1RT0g5rqIVSMhzdOU4wPWZDmrYaLl5hJ7phEqFGfgb6lrciOSZltZTNxTFq1zP4\/a6FEXS7CWMcJ7gX6XCBKUdUEBZvF6VAhczRd86bNCG2G0yjbnySI5sJBiFiizMdJaTuboXWehh73WfYET2wCS2TQ5Sg3Fpi\/2mK9dgxsZor0IxYLcaR+pvqa9krSP1h\/W+5Yc0W0Il09dN1RybZXko2cOc4Lfkq3Q0OvSfG5Ch6ZniiOz6DPWiFOkZUz2wi4NdBirItgeWcbhu2bR2McE74iWO9Bzd+fUd3fpaJcOg9NgCJg79T+rFXw2qinlYZGKvc14iIcpyM1OlOVLiWgsVNddHQTUfoocRRE+Quu"} -01425{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433588411274,"flow_src_last_pkt_time":1621433588411274,"flow_dst_last_pkt_time":1621433588411274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433588411274,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-vh5ouxa-hju6.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01451{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433588411274,"flow_src_last_pkt_time":1621433588411274,"flow_dst_last_pkt_time":1621433588411274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433588411274,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r1---sn-vh5ouxa-hju6.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433390651222,"flow_src_last_pkt_time":1621433390651222,"flow_dst_last_pkt_time":1621433390651222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433588411274,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":58414,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433648984652,"flow_src_last_pkt_time":1621433648984652,"flow_dst_last_pkt_time":1621433648984652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1621433648984652,"flow_dst_last_pkt_time":1621433648984652,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433648984652,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+9FAAH4RFzaokEAFcfqJ8\/y1AbsFTvvUzP8AAB0IOGOQBfKCbj0ANwA\/voO+XXx9UNRzF\/PVLqUQmnVcfbJaFy+44m9Th\/J0D8vGDxgnE0b3my68fY4VhoH7ylldwCdE\/cIKBj8Q8msGVTF\/lZRPFcYyu4rQA4dMkmJLGh8h4hcVJXYlyXw0HxsVsRXBSCaH9pcz5MYJT0N8d\/QHoWIhJXtTq2A4a7329H7ZCy\/2hiheF\/XWiSc4pxmO9Ynh+JN2vvZnWdzm0q82\/5WdIhtH6DKNLW7\/XztT2A8BgoGu1165fwnnJttnCnp7MC7ceEZdqQcpJJ9S5BIzGJvI47OWUy\/O+A7cuxtRd80Baj5eUgykqLnUlMco5qWUXbGJ3qeG56zhiw2ILgjT7Bcuxpku4m9iswOoWD9e++B9OG3l4Nl0B6il9OgM9B6djMPEZaQ\/7P0eLCfrf8N1EK8IU+jTARRnjz11uoVbKvy1X354Ysm\/cfeR1fvYJ8g2GiyorZy5vRdiDqVcxw9hR+rNVIThkd9jHbU6NaUET2Zmcrhn0oU\/AQNeqrzoZrD0wkusdBqHE7Oy7ZP3iS2driLZ2Ic4Alz7LOyyp85qJ87V9cHDrhWW0V\/LheIEH23t7AEDMI2gPEDikZlOkiojcHtGj6V3+8VwA1VBAVbh6C2nQb7oWJn4psrNAUumMXN\/5bdg6Au5NE9nJBs2GYp2MzdKptvsKDmxm6J8MjGuWMQCrFOGnhGPYmsufDERoYla\/wIXOqNo8R\/FJFxzNp3PwXo7ZdrQ73XzNwHSr9ffXKXimX21O1SWpQHDR\/RbdX1vZUr3Lh7pfNbx6rH7OmcLXV99oY2AQ6e8oc11SSL+ZdlBq0HLriiqfnA7CcVCdmD6jwEIQhCXdiNp2REzSEls5BEEPv8qRmwUQhOspQKayIHnIFw4XLXOua7WKV89\/vWuyJiksgmRtispubeUmTZoRJOF5\/jnh38nkBft2hu59mNNnWRGPvIy19bc0cxeWlZ4oo6nA9PJSZrQOdeW\/rD5ea8+DflUeQgYwFBI1S1PmVVqn6wiLMuaN3KohpzaQ3XgqrMrhPL05TT+tnokrX8jZ67X0mBu4DfS\/lggH6sBExWEAFyohWoqxhN0lUtYWZxgsnjiG+zXzgkP9ZtYeUvbNuzU6A5q3kVffXh28T+8yra1UAY4vmoeH\/QjLFtQVcEqveGRLBBG1l5o0fUNpUtnBrmmkZGfWY8JzXpI0KnKiHip4fBG0IQd+Q2bQOSO\/Udo4tFpVnmlDgeOeYmyrnrCqgC0cHv\/XR5E73gV1kjRoXxPvXxp\/pzGER9dhbxukOJbOd+VrD3OKeWSvoGbaNv3kYyanEP88AWW\/Bf2lDp7\/uZ7ngQLGve59K09TJ\/VxfxlMpRy29Y9kICc+sz8POsOp1zPo8X3lv4KDjtiGPrF4cogmdW+gz\/1Rx8RTv8nIGkGcj+GVFdIFzhqjZlaM+tlw+V5CFsnIZ58RzZR6PY1G0cLuEeCNRKseDLy2xunVcw0reIDCM\/BTmBGYOUScCRjBtpioVUlizTJN63ofb24jOlXZTsMyrT5MJJU6Slp9jrbFIgBY+6oR5a2h\/33BA9ep\/j6lsrwpd8UjkvRh76vxWRquNFGDZEA\/nnCBtRlZ9XDeCRoVW5+pY+5AmH2BOq5S+1kF52Jn+8edM7qfDOmmPZCwuDrVPEFHpbn96ryrPI4Qt9pbBcq2Z69uLwP\/ZTNn2joerZUg8Hl4cFuZ6ooBq6byB92bCiYOv3FnN\/Mx0lMa5Ean6QjpWh6xfjOoz2RFyP71l9S1BlUPEZhl3HfYvAeLR1G"} -01409{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433648984652,"flow_src_last_pkt_time":1621433648984652,"flow_dst_last_pkt_time":1621433648984652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433648984652,"flow_src_last_pkt_time":1621433648984652,"flow_dst_last_pkt_time":1621433648984652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01143{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433411827256,"flow_src_last_pkt_time":1621433411827256,"flow_dst_last_pkt_time":1621433411827256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":61341,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433443702807,"flow_src_last_pkt_time":1621433443702807,"flow_dst_last_pkt_time":1621433443702807,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":56683,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01144{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433588411274,"flow_src_last_pkt_time":1621433588411274,"flow_dst_last_pkt_time":1621433588411274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} @@ -311,138 +311,138 @@ 01145{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433521961363,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433648984652,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02398{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433848159035,"pkt":"AAAAAAAAAAEAguyCCABFAAViV7ZAAH4RzIyokEAFdZR1HukgAbsFTrrGzv8AAB0IZrtHVazP7GUANwCdzwl\/Ag4dMP\/532YmgteM9y4rfgnxKHdwAMQTxGHIHdDGRBEdHlnPsFRQLnkLCUyj+ZiMcQtE\/ZbnAwVVwgmAbJeZzFu0xe9BjJU+0q0ZPjc4pl\/q1xAOsn94uZ6J3jN9QX92abvAtxhYz8VeBqrOA607zbwY9GWSP6ok9Pja\/Fq8w8NDCZGf3qIL3rk\/wAzA3jEYpRRQWDHceKbIR88KOcO1FL8LDN9LJGuLhgF5FQs6DJLnrpIczBSYq4OBwz\/\/sKd1SAUQJMcAmfR\/jZPeYBnpsWTjRALFzwpImgbStENOm\/0p3NLhVUB6WCiKCvKKk9gT6\/d\/x10ux08ULPTBXIv\/k4Ll8l6sgA2ueorwPBTauFi21MhZZCtPcV3eJ6EUWMMMFrZfATCNoB+EVA44T4fDxdcOZEzFwjnKteEZmVkDbqqZ9qjV5YV3p\/6BGB2jz47XkvU4EacBYHhxZ2ZBLwV2tLuqe7+aE8IdEygSC4TSRNL49Ttq\/RQwV8aObYvXamg93UAuYbgkXDq6Cz0FVo2RyS4gV5roXuZXS44vxfS1oZOfTTNFzIHJUGwN9JEwtlJyaLE+zlmDRVeeKLag0ryJrnplqRANQHZqgBEbDtwGPSRu34eTOgLm4WHJcagJTF4Fz7xu6\/\/DDYatKPQYRG7oY7IYZQm7mhylJ7uBUzlcqBwaflcUNmXybTxJ+2WD0zZz6gCJLVhgwyhutJAlQanGkuwf3EdmqBx8ceqxoNJ7tZKAGK6ZLIa3G6I1xZC\/TaQ+1KZfZAfI4pB3hAXWDjm2gcWEJXPdl2HpQhbj4SN3C\/MogkQ6jmjo2la2vWjIQ2+qzYSkHj832CLT58yzA0tGXZvR5lpaU6hPOvYp9D+DMoC0H2it5Bi\/rirv+bbZpE7LzsCnG1SyGV0J0MpJPpexlnfbb0tXuruzppFFVv8XX\/\/AGNTxslc2JJDce0W3BO9U2F7QbGNMDxkz\/wBWOEZH8+aF8yWPCo26iB0IWKm64gR8orVp9wCN\/S\/ux5zHmhkRNoUehIoFt23QRRYl4mEM8Kb+yNY6ExrRhuVVLVK07imb+PWqHfegN+A6yiJIol96tI\/qRwPHidTWuw+BPOds5nSGwNNMYCpCNYS7znyftMnQYiHdYUMEr1nkXG0p+BTVDr6yzplTCLHGEroPKNnH8e3DVvViJ3UCgrkqYMJFZa415l4iDMaX1IPVcIVbn0GJt+fxcZSe\/4EBL\/Lglqu4lLqW8vfP3Ryp18CcBI5AUvjnbHT3H9GKw1At8VX0EmM6FNbrzmSDDHpjxJAjZFsnjcKA4s8cGEzjtd04U5Ov1l\/uV+TrsjbEVaYIN3cAlR8CmLid56lf832bUt\/rJVHoQNMALy35MqNi3UTMRHx2sOalpm1X2yqB6Qcr8RiPpnVvJ0XaoyVa69ClIE\/D0J\/eeWPqDxqyOq2dFObeT\/Q3Ey6oum6f7LqZWXPfk\/Of0coJY79h0DaTGeZt8KNREQgsRBcylskDOu5tf2QjszGuOPnHGGIjoEkML3giU2HtWNdhUpR6kCeVzhBvo+CYlsFw0XUh5F8NiKLotZ\/peNJe9m5PV26VmA1CuJnJUZ+iTsXmSUkD0eRX0gnwfjJ6dq\/oMKsvWsVcGcwOkeW0MrEVdWGsBJjfzNjkVIa433oGL9UgwBMpD4PWzwUd+SNd+1vgvOeW4tFbxfn\/XBNWVoFAyPSzEwkXy++b+c1GHJidlATTQULFM1qwYz4DqrTvS\/tKosbIdtvCa5V\/Wk2K\/pjchLwN"} -01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01459{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01142{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433588411274,"flow_src_last_pkt_time":1621433588411274,"flow_dst_last_pkt_time":1621433588411274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"22.12.150.194","src_port":59965,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01141{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433567521558,"flow_src_last_pkt_time":1621433567521558,"flow_dst_last_pkt_time":1621433567521558,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60936,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433648984652,"flow_src_last_pkt_time":1621433648984652,"flow_dst_last_pkt_time":1621433648984652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":64693,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01143{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433521961363,"flow_src_last_pkt_time":1621433521961363,"flow_dst_last_pkt_time":1621433521961363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433848159035,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"16.232.218.117","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861442402,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861442402,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433861442402,"pkt":"AAAAAAAAAAEAO9I5CABFAAViZLJAAH4RY5aokEAF2f5sruDdAbsFTnSvyv8AAB0IrXE1PswUxeQAAEU0moW2I5LE8O2RChniUsRu3mGuowplCLtASVZHqsnxug4PsDrEW3Sj\/leTPqj5zsaBrtRlsbN9lOBqairoOcWnpMpgmaHQCpPptKrsTiKLv9DzkKDiiyP+Mqe+\/mlEdOWIT57m\/bm9VRc8tH+phNv28+B7nLrNXNbf+JIcCMe3B97c2i01lE5nP9lOGBndD+gNN+RzjizdPjT7CsIXwfii\/vPw0hQi3TTTCgYsoE3qaYNZIQa7y+ZulLHbauYPh7IRvVbsW6oMX5mqUpOCkwTG7qK3J0PWf+WY+NS17Sud\/qUl+vWLY3nRgL5hCL2d62+ht1MFTAd\/54SptMH7UTOp0SLwM2rzQ7K1vfHvBg0P1XtZu5\/ZPCWf9HzATlzy7lSiJk6IgXbAhRFG1G8fUp4\/ofu+HGCEF\/7UDhsGZrHHdSkUntprrQdJrtC9uwLQHDmvwvf+IflTbSL1rDFYxHI8L4wWpQGIUOrApnE\/9cNQvTN\/qDlFELbRPZMI+sgmXFe1wpxWQvJnUzbEgibgAlOEoK0YMMr00gbYRHnt\/XmwqnfPUMgFPhthy2NaZGYNKqtyo2LV+qQNOXTYs+yqM7Oe60KVRE8NtfRjTThOKaPHFROsWvuzwA+ukNXH9pokuvNAsPejuPAD\/pIIAFoeLo9EdQWTjq8bmJHRJLeQdgOixkkn6ZENEVhcApyT3Cjpyjy6XOyeAvH1rOAqQH1f5XGmtLPBx0PHlTgWwMQNd1EMcY81AvslHkFJ28FdohsGkQMrtF6QnW4yyffpqKjZGXR4Aft\/6zwVouPtFf+c842WgjqV9zAXzrH+Q4FG8Bkm133cuN6x\/UQjBUG9ulPeffB4LFwzJ6cgdlk8sALE9OsSEEFoZ7Kgq2RJG2B4QiAcvJ\/G23JlL4GPLCphHQL+uuXuBJ53c0dwm5IgyJmL+Fkv\/oWmjZHaja9h6d+MuXfjhw22jLCFl4NqE+v2ig\/Upn3KknaXhJpMXjSzUNFPLHancjwMFUrmgiHOiCGbChAN7KNYiHqvDaXEYjnuJfY1oM5mhTGv+oeOS3sb+HmH2iJecdF8bXE2rbafbwa6Uiv9ikM1BTBN7UiXD5IlCeKhBSPAXD2EauGLnJC8pFr5zgHjAQh4mgtnSEZQ0zN3cIdAyuQFOV8jS+\/nBwLOE8x1n4uqLxML18glCa2oWZgACniabrs7r2NaqfObdjspQwzjkU1TDyb5gdlLj\/eHIpfAuefXCBvRbCcBcf3j6IilvS6+AsNo2EQaT9604HtRnmqrZY9SdTX65A28Jmq3pM9OvQ\/TUFf5yYcqxQ9haiwBaX+NvsVDdtRqsd5\/7eI5m8Kz23+blc4m9ONL7svDOPbX8ss3fOhktK2bl8ThuCTTF503OHo06Lwdf8CjZvVZNlx9x5F\/PfM3mGcuSEt3i52BYpDCMhsRFqfjcUkuPmzCH58lXX47a19QYjODRwQE3Q0zKcLxx79OB9EdMQ85AedN\/Yq1ncVuwuxGbXOoZGRxYBpfpp+NMq0YojthjxX0BlTnVyrSw5lnJpqEdmlVw2bcD9yZZWHwXJvKr5qpx\/cr9xPEvlHadBYAjoEENWkL3gQJjVHBrOhAB1uTYhdNnltIi8vWgTzELMZlpUHeqiLODHWpAl4WXW8xnY8PcTaYP+SnKQgJmd43Zakfel6+p23x5PQixUcbkwGMl2kk7UtX\/gGRLqBBO2NRLJN5MePtLUrUVSVwbZY282tQGPil07XxyVmzfQkhzkp4eJ5a\/N1QTFtfiCHdNogD"} -01427{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861442402,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861442402,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r2---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01453{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861442402,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861442402,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r2---sn-vh5ouxa-hjuk.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861875678,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433861875678,"pkt":"AAAAAAAAAAEAAWXVCABFAAViHWZAAH4R2UiokEAFjzSJEsyjAbsFTgvjw\/8AAB0I4XSW+s91uvMANwAS6GfjW0GMdTsqKMpwqTx337NvtDulmldgfnpNodm4QCw5Bjnjn9W+uBm+YhsF1Trj\/EVP9+xE\/ehiNLKErhY79Fc\/HJEeNp62+UYmQIxnF4BXHeby7saDvvQlaWtUhK2nNgwODZK+JDEtxkUQ\/VybQVP83ATzWc0qLvD8yBtR7czNUAqQeB0mf7V5GtJz0rLXU9erE4DOq5Qs\/9FCIz7bDlqW8m3GqwlAlM\/ShYpSh+i1tk19DnlT9d71cXWxAaBMh3SgHyMdgTEnDOAcddGzDaeO7lK6Q+fWEYvrhEHvLyLGKNSZUeJYxc\/icjZAwxx1JsyytVVfcjM\/mcdecpSw9Bmojler9Rg2Ujayse\/kuXuiAg+1NTMXX33ZL2rhDQtAjmZrBrfEVHGmJy+0cMtd+79bvpVApkexLNObFkVRwaBswWlkZfKVtffBr4kfbBTWyXOmnhO01cFVCjdQL\/BWZouvBCtlDnK59GQE47E\/QE9JjfWDLKIpllBc19+E+UnP0GbmHg\/0unruvB08k6BhVSiKRaeDIjirm9O9wbEuKHWikZtOKgn0vdcW3o49vZELiyS8Oh0eH9i10QOv1F\/ixGOhJ7Q9oRu9TNyMYSO08q0kVm7c2CA73Gt23SuU\/bhClfdnHjyNCfLe1tTbcknZFj\/ikotBSaPjBSmkP\/K1gB+2W38hHc\/pDDGJn\/1HKhUE2jJHeTGdUUEt\/nIx7qb\/Qem+IcovQc0vl5iKASp+ml4MLegR\/yOFMMAwayIHpj4zjxWU8b5eorYjA3a11PNOPq+Diwo4jSkCwWP\/NQrR6of3bBVoaXisVa9wpr4IMIfCHiFcIgOR96+r4oTypl7Gu8zq2gdbwI6YjUXUc52tqJWY3kkxwvYV3OqU8QnVDcS8NgM3sBNbtUWYevWYZ5kG\/xc6I9RBB93tEOa2yK\/MLrNRzd2ly4YTi8cHvLzZ4JO8StA2rNVX7gEP+80+zHm0dnXITPxyYwSedSInn\/pNvSAPgpaQZutI98VHsSgXt2AGJ1MMrh4KLNemtCZ0sd2YqrNsd0v\/Q\/CUZ1ILOe3p+l5wVi9Zn43HdgMKjjQliDoQWt6oPzDKQdarw2zvf2CSBY+WIBwbxkvSJ254+5B740QdtviqaFSVrXzi7RfFwi+ivbVv+NHhY1sdpuJtIIOCprt6WYhs+StriI4nyZAJwcdp32W8aqvb\/1985ZY6u+nxx4f2trOGoh+bHJBuPbElLY3maoHSuOXZ785q+vKdky1ER+vTTeciB3UUV2EsQxGisoRd3HsY14dMPd\/KtnJkfnSo9huSkgv6uqscOmR3O15K2wVr1cJTHHoYe8xmAfEt31ohtVVGBkqoyfKwhTy83VRvvkyyeMMzfXCvOEXQzPUnps\/izhGZQO1uJuDErdBO8cpI3nRLPMCD\/UdOq6K0a\/lUA2\/RmUzFI+l6dkQCJFczxVxFEsgIriEhhycx8gi4LqlH4ujmWOaJbxFhSFcxnusPel+AYrO\/saFdGOX6zbAvXOzVPrMBiZjZC6L4YNHykbx\/ACsbmx2tWJ0UBsImPtqc3VN8uY2G\/l672JNHVL4kWCmPOASo\/9VfXHfz9oDR2A9rIFyPu2yDMiXJyLW7o6SypanBfAjWm99ANW\/QN19miCc22rNTHysZikzeNz6bIeFmyLS3Ngnlk7euJrOCdUrQrLMzQVLmQ\/RtVvjMOEklG0mmb1U0vbtTHQFDaG3odQNuXNPFHDfi8wFpWHR9i\/WEKv+nJwW23RrP6NiuaqLXBX+0"} -01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861875678,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} -00682{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":94500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":75,"current-active-flows":3,"total-active-flows":58,"total-idle-flows":55,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":325,"global_ts_usec":1621433949433327} +01460{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433861875678,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +00682{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":94500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":75,"current-active-flows":3,"total-active-flows":58,"total-idle-flows":55,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":325,"global_ts_usec":1621433949433327} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621433949433327,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi\/AZAAH4RFwGokEAFcfqJ88LEAbsFTrCcz\/8AAB0IOpZExBi7cWoANwDL9uHaA0kckkofYv0DErOJu7gbuZ9O0WlrHu9XY7EghfeNZiWwbeaMEG1HVz2HXjvb7FiIQLhE\/XrtpQvuu\/3Omn1Xc2On2DZgH7f6oOHpbPUOYpms0\/qyqv6hTxaVN8Qyf9zFprmCdbR0TKFMTov\/mcwAhmtaqiJQOX1idcPmDuEg7iPhXhQ9Rg3RwrAk9BrfJvQxFfeEOMteWZD4MyDZ+yV9SiAuwwh+aqsiPNuxGOL+UtAzKQsqxym7hzR1q28tmGh+i2Zfk\/fZfni9+9jCbMGXciLv74dlIT7PTJbDgcbiIKwlBsLy\/knykvOWyjY094BIkBXk3yU5NleET3fprZZxZhV8ZWXPFIPEaF+RU6Htv70MXhBjSUlUKboeasdJJiERx9PP\/FOQwZ9brIMVelncnCNFZ46nArIPtPpuAd\/21AcBQuAfrDAMwGty4EHlw\/4EpTckdi6e8Q1HZa8uOZS8L8Br1Me9zLoyL4ZjxYSKprCH0SP1KvhqYL3GHK4Qay7ZVNjLEb+G56Co2cVZ6Z8h9R\/Vb5Kkek+Pkji+2fhLMmeX7GKMME7SjXSMGgLh6kG9e35UGvMzTHWm2oiUJJo5etspIs8CqI2hin1wFD6+4iM6vgMpZ1\/0hibOtrqATrfcRXn\/g3FcL\/RO\/V+7mXSO42YkAYxLa84v0N\/qNcWbspbFv6UUuZtGqJZj6gNVEV6zKBOfhdaZA6YCWC4HGrFtWO5PpwwVCgG3aalQZk8NUuhTNMXowyvh9L18LCMzCzLXkkowVa1Yrk+ACBdqcZ0NdAszss2Z\/EjjNmNifpEEEqUfgXYXLLAXFUhdn9KTgkgQJb6GidRjtio+hiOES7K\/Zd7kR9Rp9Q8wDhX+D6mhrqnUubbVrqMcM5J\/ZatN2j1E7+O4tATjd9IDFwcw4kKULkoQtjBOYHy1h\/oATwVF+VEEk5TAZlZMx5wT0IH9U8MEWVD8KooUS4KhPU7qWcQbSeYILfK051yDU8v1p35RNAMARwMz+aDEiPOl1NvT3vNB0NKpyA8dp2SOTKCt+U38vG+GnQA9V62d7ZUKYJ3KlxmDU6XA53hOV25AFsiPuoW6Iyhmf6HsaasYpE\/s6FIsRYPDWGHRq1MdouHttvkvAO+x3GFakZh3SiKhTE80kxe41OgEyoVuUyhRjr87DNUuENvzYlvEniWFEMpKV3srA\/SEnULC+0Ec4J3ujljBaufKdfF8SZpoN9j7BrC+MAqJq3d3VhpBG26mGJXkkc4FOZBB0fM\/Lhy0kTI83pcFnGWjj7XjivhZl42l7vBIKLjvLvvCQDgRAJQidieJyJhRuZYNfeY8eJjBRqpIKNqtcSkkmENkCxAYMCiOc0b0eIGuyHwfWl9DZKgiIkTs1P8VjoiaVtyxt\/mMFzkrdTau0IQVNDUvaqFADarA4i6F5X\/ztcJlv95UshqbL5rcKZuqHaDiKMW08lYpiumS+l0yCHCZdSG\/JKiFlfvCQuuO7wI8YM6N7g2OYZA0jS7vIYCufcCVOzadPPeliEKT+SdqnyQb1rT\/MrPC4qmZRKIvY7jNy8gfCXgs7p4XgbHvnaS7Dr9uRFum4Sn9Lk+LXgtcZE6ZRI7CQvZwF9N6AC\/1sN8XoPIf\/S8UYH\/UrL8QIB2dvW8d4m9grwcwhaVNrzDuYlH1t5w04qvmeO0jLTMXCRV\/LhJb7I6BPjU9fi6dVMzhz3YRA0knZgi9sfYpy0b4laLv5IQhdo7jIDxnDb0cqwQffN65VEIrS8UKXodV6nKpQ21X"} -01409{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"b1.nel.goog","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01161{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01146{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861442402,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01160{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621433949433327,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434024831376,"flow_src_last_pkt_time":1621434024831376,"flow_dst_last_pkt_time":1621434024831376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1621434024831376,"flow_dst_last_pkt_time":1621434024831376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621434024831376,"pkt":"AAAAAAAAAAEAO9I5CABFAAVijfVAAH4RD4yokEAFubq3ue4VAbsFTpL9z\/8AAB0IwEpXITGNfFsANwCxWhQSYIUF\/WvpOS2d24m86qS7bcPY9ZqXL9ETLTiw416RPBiWWmatxUNDS4V+myDEXn29IuVE\/cSbBImAl6aiOQIEBTB\/SXbMixQXFNoJB8yYQYz6wms++ZMMx\/E4BhzwHBpTBXPh7b4mD3YSWE+XxUv9H9L2UZXkzlxf97xn0ny\/fPI\/0BBls5vpYFjJSYZYoIlr6vhdm\/ebeHlyzz6B8ygezIiK3UwVDadwbjMZG9Omuh7X1DhVgs3vz1W21fFGWXozYn3VF4XUTA2SbApAP2UYTQPidrIUUsyN9OEN+6zFcRKwBgiXUg0JDK+e1z3gz3W745d\/sI1uFMBbzhwnhKRBQCTyj6OoDAeCCoqL11AGEcZlyCkzwplqlHqv3BulzvKXdH9fy+hypwspz5JB3rBva7abdmpAfrNWtysCkoMbDEsi+BH9Sw\/WfI\/JW43OziRxWE0b\/6GaLLm0LPRqG0ta2a+8bSNrTX8mMiYpr81yyeAJGf+3SLq39ywLsaDDH+SnGlydZPTKaT5dEVTmOUfwB8TyliRH7r2g\/e8Jo89ZNHbaMlGDbYtZHnJ\/oXmkMMX0TtfMqSbUAI13SGw0x0yqJUBVeqWXi6nCYIEoougf\/rRSL7RNh\/DgbwKlBhtRbBjEQ\/fei4q7M4c5UJkO+skPmmiMvYCQhOGRb6M75LAcuzVGQ8XTpzS4Q49h3haLUT7LCYbVjfGyqoeek1PufbtNM7RA9oB6986rRvq1HME2Qh77x8xxPIkwZHbkxc\/bKYMzPnJ2UeHA+V+TItjasVAOkyFvBZpJobZJOx5lM+v4cwtiH2ykJPHJYMbL8uQhYq741WaUualB49TABJ2lncw6tGeQpg0Oc\/Ffn7jPYQNW8CiZh2MKru7wG5Af2I7ggRC0CDFHJi4CcaHMbjEL8xmaCoe7kEiBjZVMpQq8yq8HDVmX6xuiwGFbSpnmw7737hgdBgSQgsmzZ+eyRAnkDX7sSqv9hCS0Zcb3DoP4XMm+5jI\/u\/CnNPitv0yoNrGp5yiS0Bb3cyT9aVQMRpm5+oM6J8FgVTuiAzbLFQfG28vM2HH6RzkRHWgAdyYhr1dpw2Zy7iTAPNVWd1SULG1vIgBDQMenfFa7JoTVJsPivxw59Fc6nxyGVmp7UaHrhQVYqlLcKnPC62iMBiWrPAYZFn5ijxczxoNDc6ynoTmgTnNCK4rH5wD4cRLasJRPJwZqqD20+m0sIXMeyDt2b+cU4j\/UFP20j2zVAVzNgz5C8yIdFJDfygcCX1uMo4LGqi5N+2qh3+XEDAJQkfWgO2sWhpJa\/W6mNUejnWaDgkXgNbiL8BtuKDTdIalY78bJmkO8h2Cl7UuEPHZbPJY1CNBXdiCdtfcR\/\/69FKUtxyHLd44Txaub7ezT8XT\/2j1TO5ZpJK2c9CQslposHRZIXcQpmszsY7beFygv4KRpcCyDhjXHdoMk4Cx6Zf322ZH0visL\/1\/gL4MdUJwQBy3KCD2JhsiDqFkE3JPopsXvIIsTgN2itT8qn30ZnTFxpcPjawKM8R8YmcFcSfJXzy9S4n3fG5zVGgQhv+APAzodhVQyyG6paPspPsNKi3e6pZse6mfJbU+RHKTdtZrGwzhUbQsLxNpwTzdCArEwHBFERYdg28g2amHvk3VyhEJlMpWUR4CasyIc0tQUYMkJaCUUlS0aWSy5Tnhj9mf3ScVUNZtHYvoFQgMdxMVZR0ICCfvHTrO6AtY5\/AI2NI8kYvvIj5Qw+wIOEUvx1PjAGLWbH4JzLOrTxTHK"} -01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434024831376,"flow_src_last_pkt_time":1621434024831376,"flow_dst_last_pkt_time":1621434024831376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01460{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434024831376,"flow_src_last_pkt_time":1621434024831376,"flow_dst_last_pkt_time":1621434024831376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01161{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01146{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861442402,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01160{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01153{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434024831376,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434304066021,"flow_src_last_pkt_time":1621434304066021,"flow_dst_last_pkt_time":1621434304066021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1621434304066021,"flow_dst_last_pkt_time":1621434304066021,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621434304066021,"pkt":"AAAAAAAAAAEA4PSECABFAAViGypAAH4RcNqokEAFie75AuGHAbsFTmxnxP8AAB0I6APGIi8XMbMANwAf+\/1CDYfNSqZV6JuY2eU0m84t1CHbeC6cE\/+erbLQOHtC\/LsGzIyDeeVGEgpwCWPVi+MQCnZE\/Ygc2mi4SLeix+8TnlYUcEJa7kzg6S+7lKmfSMXvMlPqpt8Jqhul99eiai\/CwIIhzgiuj7qKQafo1JRj2kBZbTRDU1+SZHOQN7e5Nj19ARXzRQ1f1x+ihAp61tvIBTDRPDLXc1ubHgvyinj5MfnF\/12s5SMxBHDDCXN3NmqXQxAS4MECv72MUs94PMpz9zGUL5LHUzGHAIbclxnzN7sHd1go4+lLCWey570KhMF8PzFiMw5ory1Vew4LX22LtMy2jvvM1vnDE1crnUnJCzQDcgJHDiRsasjBdtp7HdISribAOc8CB2obB0oyyA5X8m4qhy5s84s74KgzXgyxL59PIeQSEcVb59yBdZjMcyXXJ80CrHVTLXNi4PQyHnn48osYeAyUn8yU3VqEWwgftLAi39oJlXsQyCTXsKmuL7OB7gY7Vuai77q03lFhqfHaX9cLtEypQIWNB2r\/l2ALpr13EuKe2oyXGUuf78i9rQmSYgbO4A4y3MRD\/QqZXl\/77HpSb03kGClkTea21fqnpJT\/zJSYfPYFvCXBYWmiAW9wMzLsKUQeqeHCc1gL7imhRXQ4PrR2LeuOgoR5+fRtqAenht6XH9lUHNUo32hs\/wjLrrHX9gnX1hALWGhcNyMLvpFTjI5tPVKkRbNv5c3mJilmNWHxhjVHpnhQDdE3xh\/NfcCROvsyq5m28OWLWcPE2FvU5KBMY6t0tV0A4eoef29jjCAjLO\/M8mpZb7ujaK\/6H5Re8VFYbLmxdrQraYtMIxWND\/984VqRyFoxBrQh6ygpK33dCrOTNkgS2NHt4BbEN3kBlcM\/dJxkQlX\/WhjdaU\/jKdtFt12Kk5gsUCyahX7xPzli0x1FX\/Q6DmOvGVlWQmKwwBBrReFKQe+WYt51ygXzik317+tRLkmZwIN6Nf5C1O+PyUMA7NiOjHZECt9SxgRFTLngwK\/BOvB+tJVNrOjrc5ouhUeeMBFLaijzDUDK1PsEMcF3KYI4t\/ROzLfqLIxLRK+vFjZLKp8b\/lca3pPTeuTvHMH9GjJ0X9j4ISArXi3WDjwMH\/Ow1fIn6CTlfV8aDmzMvW0v9ZGuQXxYq3FVxoJ6jyGNfEJzY+Tal8doePa4R1YqwbnqHBlxYcCHiNxYcJir\/3tIthYf6C7p1vYTQ0q9zzsSi9ab+onOdI4XXVybeJLwUU0vgi23+ITCo5zV6ESOFAjb+YSOsYgwePhG2z0W6PMf7nvnuMEzAy1AOgdBeakrjggSIvTuM3izkIHo3vfWd9R+DyKdj7JlM\/HRJmVAHwQIB+FHDGPxLbMFK9o+C4TYA4LeNTQ2YMqk6y7D+GRumXbZ\/9OD7PDPvEuiASsqlgc7rtO5TmRCZno3ukk8JNtthovwosB91+YQlqUUew2kq+cJr8mtfNeNdB4fYgAJJqJbMWJd6QOv52uYyuvINUeitOOi64uHklHkyRistUgemwXXe7otvzQLzpEQlEHAtTBMiKoZve\/eJFLoSA8M6gHeOxwAnJqUrU74jdXSt1xL+HU2Hynt8\/YtqB6Ky+qMw0VdxI8dMW6f6iKuz3JMrpbMCfeILC76cPYJAI0R1JC+ZQwx6QeScq+kiLVZZk4THRZ2H5yZznb9iTrWTpZBeU0\/nsuUhcsqOtw38xuyp6cqnniKTRwy7qgYC9\/RKw732DLUQ1HhQkZ5LproX0hXWsSSQ8AXfC29DpYL"} -01430{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434304066021,"flow_src_last_pkt_time":1621434304066021,"flow_dst_last_pkt_time":1621434304066021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ade.googlesyndication.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01456{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434304066021,"flow_src_last_pkt_time":1621434304066021,"flow_dst_last_pkt_time":1621434304066021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ade.googlesyndication.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01159{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433848159035,"flow_src_last_pkt_time":1621433848159035,"flow_dst_last_pkt_time":1621433848159035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":59680,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01144{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861442402,"flow_src_last_pkt_time":1621433861442402,"flow_dst_last_pkt_time":1621433861442402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"217.254.108.174","src_port":57565,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01156{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434024831376,"flow_src_last_pkt_time":1621434024831376,"flow_dst_last_pkt_time":1621434024831376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01158{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433861875678,"flow_src_last_pkt_time":1621433861875678,"flow_dst_last_pkt_time":1621433861875678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621433949433327,"flow_src_last_pkt_time":1621433949433327,"flow_dst_last_pkt_time":1621433949433327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621434304066021,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00682{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":98550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":347,"global_ts_usec":1621486316206218} +00682{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":98550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":347,"global_ts_usec":1621486316206218} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486316206218,"flow_src_last_pkt_time":1621486316206218,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486316206218,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1621486316206218,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486316206218,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZWtAAH4R2n40uxSv0OWdUcWcAbsFTrOSyf8AAB0I+xTa7lKQafkAAEU0jTWyhjWmo3c2c8tkYAeIRC00J2hfh\/j02rOWVtYboU9UivrOMDnb4DlblCS28uJrMkjjwdTtO22vVFwPaYxj2IIflFADqJCdVuHcXcnvIynZuH\/49aoZoAl2YJS8pUl6yCn3zcPhaVYM3BWJHJ12bT\/rBl+QUhFz+eNv1NjusSyo7XRmUXDT9LZCM\/KsdcUeJxbJMKMhLKDH81GMtpYCHwWUPWqqO9e9hvA+yFxWoDib4NbLv3\/NPWniDKh36sKuVx\/WIkOp5AaTQLzBliiDDxtF80Iy3ba1w3uKH81kscAY6jISZDkCGIpkH83a9jbwNNTu4dDGSDZa7\/6HH5W20Tq4MhhXWYZTT\/8h1Oy0puUFllXhqXmIg8+2Grn5B+DCtffivNTxawD23zhZYDMa5O4Knv1pxKsoCPI9uGjVARZ4WxoinnBJ4Lx\/eivjiy\/9wUiLC2t3yBsy7scxzTv7a9B56haRYFOHLBvLzNjV2ReQFucDRZ194sZlbUdGn8MFTzauGKyE8FjTABrbToSZZkd+s9mIdwH35yLr658ZiMm1iQSdaUX3AcvdyYuEGp8MnQAMvaoRfRnnmkSaFBBjiB2OIsBm5yjfjQzpYtX97hEeUwSv5yqk9ySGiUJXi\/5hLfad84l42JzVEw9YlxyakiWEDTCs6mdaMom7vY\/Iha1i3AZ8pf3WkhBJ3b2\/2DKVs0REkOZgjTqzdd\/K4AfSFcDL8A1CiF09bQ+eTVXaS+xpmL5GSTVDyTRM40KZfUhO\/T9EQZtNPiniyNqbtSZp2BYc+\/2l9wdhMEjiEKO6wYoSeRFPJBNsw+m7Su\/ssmDRlXGBnVI6tlHZWM7CBp7yEtJ+9b5lh\/h2b6o8NLXzXZmB94SFM5zpx3nqn4s+YimdYWtGhQxRDQoKolK3iglu1GOcgjHmAJkQjEjCoXuY5Z3wxhAtlHkChB4D4Sj+Mo0Pe8PuHQ3hvPSuLwFw0FqDm7Rspzd6alV6wevE9brqF0ttPmCgs8akAeLH3Hg2jOzJR7Zq8KSRDJyhC5wYRQJomZdHmhVl6k0hQlrOPsbeG33RJrOXASmtURkVNrkqMFtEbzD+nJJcxlWpn49Ehl9m2kKOIs1drmrTjCgOrpMNceU36z6U7NKS4u4a1hVFTMi1YV9BCf0SrTjGuouERb51jAiRXHvLt9eC3HlqplhkgSDMr8ATClK+9EeI5ZYJ+qwQ1oNpZdKQHsnK3rftNgPnZFIeVe2LSvMENi8FH6YjUWMcIEMIxUvHXWmhFLzwRkjM\/dETZG8LtSp9lIP+R6o2M+Z0pn4VC09fNocjGnGygpS8xtImvQ9Xi52Wji0Mxqp\/ox1cXlDhElkji1gScwsWqwExhfJEHyZrsxDoSgYL92Z1Pn4HBsnIkQM7VPxnWWnZFJ2LkCfQ6AL5v6LxfRd1eQDzaT8j2cXS+hAnjFgH8roiknWfHzSVGVNaIySwi6GzicPRwiTXqCSzzyJiRjY7LO2cY4SJmX6FqWWTL2hOvjoCvsVA2cZN1um+uHaF8+jCaYrlDihaV62byo0sQX49iEOMQc4cm5w+ac672idPEvZbXjaLZaKlnjbEhQJQMWC\/nDrqdHevi8VXVL66zosdlIzNI74mdhJfTd8oc2ovgBinEH9PA2Lqf8or\/1dRozLWj6+nG686ciLUDqT0aDB8JAQ3nq+eUFn83ml\/py\/lqV4T0XXeWonhVytFKd1udnPL0depml6Dv31txugFaXuB9swFjUHsdQbAqQI4U08c1YRaBctk"} -01424{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486316206218,"flow_src_last_pkt_time":1621486316206218,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486316206218,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01450{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486316206218,"flow_src_last_pkt_time":1621486316206218,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486316206218,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1621486316485195,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486316485195,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZXhAAH4R2nE0uxSv0OWdUcWcAbsFTqeoxf8AAB0I+xTa7lKQafkAAEU02NqFlwI2X\/88ClDrDdUJKCRw\/slmHtAOwvb06+QlMjRjV0hs2aYrH3dl2vG36AHZbKvCCu+8tbZyidkId\/SwRLk\/aGUb9L+x4bKEhyji10luTyL48ncebSgio1Ylf2sP5y7qYToItoOHdM+sF4EspTkGPS58+WD5u+L5sXHLzRq6EFovw7tEFm4rXT1ncWUZsfHN3bUzi7UC\/xILKAQ258ulh3E12ZSv8bupoSOwAKHtGPJmU5UDctMjcbxM4bIIF8Y3B8utqsAN8n4iNen\/hK6bsT+7MeKDyJk8GvgeIX4qPhGkfCyzy2ZSx5In0Gj9mMFlrQlbRzQtMTQJLS9XHGrBJjKt7Kwt4iHS3C2\/ll+JnHv3jFSbkwPkaj4L9zsoUsRbA4HR60OvfubceMHwPcwpOKS\/YhEEpiSIRwK1XH4b0OZUCFWXt2vsvHXiJx7CWD5E6BOBg+ZYetFelTfuQxNgfXROtoGuJ+3wQxi2DRGnFXCHGYLoAO8i4AAIvpgGgoqzjNM1BmQvfSO\/X4dZ8fc7Fo7vdxAVJZrJXT4m2TBKFrsawVChuoJH67VOmFJS1xgFWukI7zRJtsXhN7Czc+i9T8YtKZjInSr9AVxgs0c5d\/WCQetSMLQd\/JT5oa0sx8n2J7Z2NcU99xovxV2uKz4qjrx\/Y2k6ZoB9x3f0Yg6sfXGEGo2MQD\/7z+LWRPw2gSm3FEw8jwVDd9S8o7TTxjGKX94D5vYTcchFQTfbn2HfhKqR8F1OQIlO\/wsmxlHMHBvFUjUhJiIPWRLZt9vP+JJ4qKw7nADsc3kkxPCiHPpOD07HQF+XsbdLrhdRPVrhK5WXHFkyBU\/dGYYuv1WiPzMaGJvkyCOgbXcAH3Gb5PcTDyew+MRzHK03TijcWQ+ZOoouVFzsL9ai7HJq8AhiXpNhyx1MICcuUOAIBkQWFqamjY7zI2GJ\/c8jdNXGDAcYVSSmicj+n+x1og23m\/OzzTHzOLv1hr3DJu3hQFGpKefyvQXTCQ\/t38x1oKMoJcBam+ydIiQL\/qBv8Cn9WIgDhZCWjY0H1Zu8jJgS\/pZVcJ7m1gqv0WsKI2s926YbdUCbQTSDQMHYPrbnBQU2zGsddtUkHA8smR00xItuhuXFpHntBzWrCuuKLbpV6LTA5KLTpwJmEru6UaR8hWJdlNusN0FzSumL2gnW0wHATZvtmTr71efZIP5glV9Q2+vjbPwcPmHOjEAqqO8a9LEnQ9t0G7b4NxL6vNhgV9vEOYuD\/QGqwrXjwJs\/ispzj8Z6ANFL8uKgoOlsRFn5hpE\/fEX3ckmgeLqbknqG+NWj2t9zKylkyKmSKmy\/cxU0t1SSA8TuG2Qovkwr8Q5atDfcwDzjbYNh4vnD4EwH9iR13QsPu2AvJQjfH4r8xwFeP4P+BosOwdv7qI095S245vAYmXdL+TcX5rXjtvIGCma5M3p3OuUhnY0Sw5uOMqNm7nKPE8gz+Qsbb3VghujUa0NFn\/z6mc8MCrFJWDwY0gtXgCMv3nHx0GNtveZAICqjHZI7xwD\/RqR1lUZAfrPmAYo2kQrmshXTSHK1+8ZYJQvHmShCz6JQySscdlE647wVjnlBAZLUNr\/JBi7VMTdmpytCi6WzCx9AClMAzaYwBrTYGAmEVrVYJn1CaBDE26M0v0gm+S3JJIUIKMgBJtWD32fztac9Z5cAdjD4Hplc8RLAKlcnsRn\/BbxbFD\/d6tMg\/0CsxSInqyE8gbUz3lWbKWZ4OyOgUZwqm1QvYwlCMJMB6wEc+xPqoVbA"} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_src_last_pkt_time":1621486317090720,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486317090720,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZXtAAH4R2m40uxSv0OWdUcWcAbsFTgb1xv8AAB0I+xTa7lKQafkAAEU0t4azdHP6WARXvgfhEqAKpp3NRuHRg86uDYx6EraWfkB\/keNDFP3812WLSUJscegRJDC6DlMfTKSYGWjNCpVN8MkKLUxcf64j8OSn7gJZrI\/Q\/gKqY6Z8WIW7yXuifcAcxkC+cmw4eAjlyzZBZvU8ggZVByRRED2WeesmX9AerV06QYER0EbcO9+qzWXQ6Y1556b95esXVXYKwgaT\/JKPANtVx8JfgN8Vh1WXykc2J\/44ZDFpxZFRkUgHxJ3usOwxmesQs2TSh30GqcsvOPy1uBZE3aVlHsrZmfwcenRdsFblzJPQcAyj4L\/6\/V7LtEzbpK98ZznFjKlQ\/CAc0XOreT7lRX11x9l8Nwo5wz1cQeBW03aSFui9mnb+3x1mHZOfYliDqBYAh9AjahgYUEMLGQiqpnnOD59nJV21MaJqJDM\/LJMSKyy9TxlVb0G\/G5WjXSDrmaBMSxIJiiiNThOK4NxEJznmEgpU9sC2Kzrji4qQ4sLSQ6G6Z0s\/K5gmRdAHVqFaA+OXNLXjAWZslcHRAYBCopAeso5rNrNCUMASsOo0cU4hy3GR22hGlLj3LBUy\/ywcQOfX7XYMmNZHdOfJKOwbfgqm7seEpATTHBOfsy1pkFj95HcOrlD13hBtaabu3RXQXmH3nvQQ0rAeKIQPng6Rz1ptjgs6q\/CsEIrQ831zGr9a68MXwQ51qstfBpiZJmHO5lQoTCcztT\/VSQm16LxdoNEA+tXVtDTHWzSIJ\/LsE7pROWa4ORaidOXgt5TuUpfp4UISCbasJi8sLhnJLPMM\/EMJ23P7ba+yNMO1yGyYgCP8y3iA4+Y0RCdbxKqNpblS1T9\/mwKgrVDaW0XfBdJ9ftVX8k4Asxj7aK\/grpVoo1x51mqqsIA\/eHwsOupYQnvyOKi6jHUZB2gug+9nv8P0lYzQYOI55nVygLmUPrt2mSQ2sxQZ3kNmobaJriv6tzeq4TnHl6oNqBTaUDSvgLoQFd9\/B93pzBto\/PWA85xxN7VZQOfd+DbFZ\/VBe73Qs+O+\/dsWYu8iQAMXiU4ipp9EIx\/uZoMUoWZj8rpSXDjEmLBbfMhJKI7th4AA0\/5pKTfK1Apef9X0Y5Kb2sWh24U\/M0c4i1SQdud1ypuHQGiudDhFPShSAhcPisWpjplWcdsEwxnBas4ojrBnnQjyHC2CNab1rcfTuqYLiJtZH+uFMNQqqo6\/rNfItXVpIQOkY7oH9NiquEBxGd5JMZV8xVdnW72qeBwOu707A4H9dx8aMxpNDFlsPT1CFtBo0+lBzmwd+U1J8RntLvUR++yoLGBfFoOFlBTxWd3EivQ+g4+hpsw6rhJx+o9KX12Wn+aCMzsyz2T+R275SnsosAVi6kZMH82nXvr3evy7oteFCprRiLgZZtTXZYQJnyvePz3+OCE1jJkDgtZz9lh5TRWEayVbmQ09oh0A2tO7l+b1MhJ9OOwh0tP+9C20L\/Rggyul58op2cZC7t0viwUloxNKFKHp6rLutsIgcRmAblAvmfE5evu8AKGMZAnbi\/qa50JLxEWg2ch014JrpjvQIgocJjdI4tVkdA1vAfzuTPMq6ZgpnlfebCtsmAjEOJvaC2jz2PpD3Da36F+9zqnKoYC4kArpMRPt1KxhhpnZuf4gUuyQNfw3N1IHRfKWJXJxGnUUH22LX3lkdvtG8ab43cqVRaBCEPVJUDvP1bY6E3TNNUkpsE2FLpbFaVjW8UTq4sTUXREoubs1+bmZBpV1b11ZgF\/sh+IuI5ZSadOQo47ZmlSoh\/ht"} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1621486318293980,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486318293980,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZXxAAH4R2m00uxSv0OWdUcWcAbsFTrzuwv8AAB0I+xTa7lKQafkAAEU0b0etw9xtIwxmRUrUT+lJG\/HIA2h5o72YJGl+k1RRVouisA0tr\/Wftcb5AL\/kh3g1Y59GB0fzsG4hReQZN\/QERslfyf75Cu9XhfsmmJULaJXIrmgWYbEUP+kbnzpk9E1h6gl1aLlTQeU7IOi+jXi7JKbBf3E+ozV7d2ufqZF\/BHKoRIBoPguIrKry9CGUQocc1K57qR5dWgy9lkUOZz8gVIFyuTG6yc7uejOQPwWePvcig0r0Q1bshnNPaC1DwQUB+sIPmuerdt9pi\/7ju3bUm4GXfPxsPhGKRx+XUPsNnz+2jH+gIHeNQ8mFTTztrs8nSY7EQLCqzKxVtQ+9s9p7fTmG7oVh90YWrSJ5TNAUzNSotDIVA59y+eFNET8jRySHDwoicYROdm8pQd03zPRPp7mfSvDuS6oscfBdDKlei2BdjOBg2Yx7kt5e647x6pvdJ9CkBitraMHMVRsBwD\/mOfeSZv5sq3kLqQNiWGt6+hp2J6FmEtaz2gAIQjwoxnUOfe7LW53eswXrLkfHeoLvZQHwqeYJL5Vzm+I8lvHlNSqlU96WnF630F\/tY6wJIUYacQOgouRmvPq5k3w0s+tBOXe2AOev8h0DVNYTXcQA+ravs6pq8F+AbFbqyXzlH8vfnWlucj4PN8hI+6LtJAK1MEXbBg3jHAZx\/FRpvjz0rM5+LGQcT\/FjIkBhn4Ge5v5yx86G3TgRa\/RgfaAM\/ZtBSgBO+Jyl3wiJcxhSrma6iROZ5rPWarOafy1b6kIliMASN3Ti8sqAmAjcnDUx0YFQL1DTL8WzF8bEhLpNMW99cWIMD3fozY1xmKdleKBLKqnc4kzRgYM0yPltBptwwo9kIkFNEr08L326zsUmsNQ9psDCy7AsbWUu8JMMlVWErt5DMlj6H\/RCKqH7EGfpRImIRITwL4F28XYdOB\/Ju9gHCUUN1myZc4lKITaYVxZUfqvPkGi0D643ncymEyf7mpcRV8\/kihNJDMnBYkBSvGv6rQCOcngBNFuOnojRM5hCagf5jzcI5cFkpwoU94OdqwWpq3+AU9fS4Irh9uNRUNwplErI69e7ZvlZBs7vnQkNb51XV+DeaK8pS8aYQu7yaI2Nbsp6YHp2FBK8e\/RRL81r4JNA0J0WaRTpFBhpCQxm7qpThrp5qicqKApkn4S849EZlYa9JvP34SK3IUVnUu7+5aT5las6SlCVrccRzAUWNSS5cJ+7RNrGGjnsxWr+4HCwblbLW5+E3YBirqVmN1ZvEQ5Bs+WZQgjfNTK10S8cvvuKiIa7hk\/\/svOkRSgKrr69AJCquyYvBNwkq2f8wUIESzpeWSfulqHV+di+MTYBfPXjf3wnyO2peKbDI25j+eJXv1N4UlVBMVfAABfD2bMmTsOXdsSrAcnpUJOl\/3Eo+\/p3qd\/6GMxRFl16i\/+171svBEX9MOSRN92Brcl59BnjOtc4M9N+oo1fPmQoc4PAiUJNs6f\/QYHkzPh\/zirmfwh3Gy4xzT1glA1dYb+ckkWEFHrXKajMFkq5NGvFq2E9fDfI11YxP4TSZxWH5bXQbDS6lVdKpUVa4a2EnHv790H2zGdYc7siVASpFrosVFKJIlAgcEU4FFjFZ1OB28A3+1Y5IElEguS6SUapEc21YhXmESQfXZdpmjw8SAt8uSNPs1uAvdoveofXf6OH1nl5ApnmEDPTf05rElynWIlEjNbv40NknillHA2rOZquAn5X6jxx3vH99CalLzHHxGTxijfsBNuS\/rWZtrSEfq4LatK2Q4ySoyP2"} 01158{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621434304066021,"flow_src_last_pkt_time":1621434304066021,"flow_dst_last_pkt_time":1621434304066021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486318293980,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57735,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486369476762,"flow_src_last_pkt_time":1621486369476762,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486369476762,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02380{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1621486369476762,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486369476762,"pkt":"AAAAAAAAAAQAxdZsCABFAAViaPxAAH4RXAU0uxSvYyqF9e6hAbsFTrhSxP8AAB0I+0NvIwjQu6UAAEU0azRBvw0HhuIl9\/xBjvifKak7sXpTLlmi+dbAR0gnHQ8yLpljofwXe+5I8+bjI6htbC0wktYLe9u1IbRrfn281Ygo9P+77SbfKFoWgOiNBP7DCcTYRMpm60boF\/tXFlu4RcDwIKHkE98LfcboNnZO6vgCOMNp2Oc0FW71MgnEMdGflqZG7oF457RNBS84xcpV6nGLNOdNKSMQqzQlO4jgRLIFlWEVMuZfPjKeCbFvi+9u443qZzhpp1RjViXLJQLM4O3xNtmwsrIybLL167f7g6DkkCHpv7D4g7Aegn0CUSGnhsDPpzH6vl+y+ZphsvLUKg8Up8DKE6OcuDZ2hrkBODY3w78BA6TwCijjXzbEkjwfOo6WXZ7anzvjy2rKeTxPqEDLbbU2mUP9vwNYzNXJKG2DUAsDLDw6z7pW\/sws6BGrQtkI4MswvtPP3tTOUG\/fE\/ztGz6sn0isa49Skrr5sdjTBckHoBSXiarAL+UhWVH3IgXrw7LDIqxiqdq7nRgSKmIzhN9fAbY6UXqQ932CN1pNDdZ9w\/GGn2o7t3bhxb5QVcZtml2RlYzXpD38XPIVBBQ47INhpeNulXlv8GPqMtdWTZebqe4kY7kqcVj0cQPvIwucmOBjpmJQg7KJ7oAQf9\/GJCRUlYyPpb8UxzZhEIeu3XefRjDZNtuoutnX0dz+oXCLYmdZjfP36HFbNYRByGa5fmywec37zgU\/qlyWBC2YCwex2EfvKOy9LWsTwa0ZT8kdxRFmJEv3ynISWQk6m6ALqZbKftEzLU53Sbc5IUV0op9T4rpP0U+RHeEC5OrRZtLDz7Eoi9XXjobuI3Vg8eC4MHSuUO6V5Xv0Nf3+ekeBTC4ZPF9uBseY\/M\/dl0+yfCT+XFaXx3GicyqgVnrvdtodSYLOXs8ya9nmPO\/qYXeXC3eiFr+iktgKCZgHHx3a+niakZlOQIdnQs8m+3FjMcPGf5iRRc1au20WBWADTpVoSMiHx7In8vZZ951ksDsiVML5vgKF3uCPIZiGrbd7epc75W0H66E6MYCh6UtGfeXcH48l\/e5dYlz+GnvNtX24qdsZ8ZjyXvychZ2KIR22+ZYaEiM\/DEMB6luZTBsCO\/v2zsreln6ASIp00NFiopmG5ECaS\/wzhc7cyOYeoLY+l9laxEBYEqW7mGrKnqBUW8CdAonXxsjkGQxEgjetP14OMrGziNFo3Hmm4YUyWifAkDAA0y29APcv6DiME4DgmAODMt0L6F2HG8ByP+NbokUTWDBX+4z7Vu5mleZba895fNmU9ORQiZpsGKf5KdpS60rinWsd7H7F5AaKkK9V8ehTTA2KJN4FeRKEoVzjZNBXQIIp68V\/vTf6MjitUwkEVupaAbIqjiysCSlLtNhGoB5fG+h4bOdXHXY5aevu6eMcfIv\/VbjnB55QeiEX\/EGcg3yTCoROSaMNCGVQt7zybtKYLEAyJsZQdEzgoFSBm\/aVwsdOJLWiaQNxXr18wB2gwcynUtmY2OVRwX9j017xp7wGxmkp6fMo89Q5EZUZHfrQPUTsdLVxwrCtX8+BW19j1yLDE1jHz\/+hGjjVhkwiSSrUAMm3RWzCmyQbEXOdJpYEBon5bDAOn9LIToMnCQE86GVIS0UXQomCSYbZ4epFa1Ztm0zGdSLCKIfptcYOK6+a0cWvPAl+LZLk6bVf4IQ3VrJ2Pyo8DyjbC59d75TDSUXKmy1\/\/IRu4PkQCaoDSf88oNbPYxcEpRCESbf7WtoG6B+DEymuEdUAjcUwmOAZpwYnrVev"} -01431{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486369476762,"flow_src_last_pkt_time":1621486369476762,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486369476762,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01457{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486369476762,"flow_src_last_pkt_time":1621486369476762,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486369476762,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1621486369781501,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486369781501,"pkt":"AAAAAAAAAAQAxdZsCABFAAViaQVAAH4RW\/w0uxSvYyqF9e6hAbsFTrnVzP8AAB0I+0NvIwjQu6UAAEU03RUajo54f3xaeQcz5ShQCKZJx+hnzaoOL+d9TDb2UYj2DFEQFg8O+PU04LqxBWrWZC6Jw7FAOK24WCy0+Qq+3W2m1Yj3lW4LJIV888sWjcqqlWbULhyMA\/KD5b8qufe+TPSdlntyuZPV2pTPKi5B+SQiTyl5FD9POY3+v3rSnfowAVM2nytoVtVAXU7ajofA6WeK40X1jrJmHBb8E8rErNsDpXfZzug5wr1qdAlbwVJRdAAFYIZgoB2\/qSq5jmhYNWc\/gyOteYYnvauiknHb14gnDW9kJk2AXthTxKyTuNGMMxIe8\/+57XTEdXgzJjfVFWlgu2dHS8t\/0D3vzl8kg3nUD3Et77FL6IMLHaLSMukGOY1oBOkzjqX9K7VF4oQZRG9WjeL8sHkc22npUwO8iu8Bg0QKzz6y1u\/WTGBcWCD6mmt7brbnyRuuQgJ5OSl+aUzFnuzYJwIcGCDmEAvg+d8QzbJwb0\/ydw6dj0OMY83exGXykPAMPH7d7uEh5qtWi73l2znhazBL+P6xXiAwMP5388MuTY+jv7myTvH2QegjTUhQrSoffjxgsBE+ew2qlWyIZdlD9xSPSQjzdG892xvO+Daqm0xCPE1\/DcTBrgTsBx5zRHmldCADLkPEXpDHIwwb64NYIN\/OgJT2Txk9iwrogjaIoAbzHDjBsRD+zjRv6ke5JHSd+l5VjHM2dZF9PUtL0DvVyYUjBO9tnDbTkEoPXCgLrgUFMpYiHso39U9eNfLO5kGqcHN+eOpKAvyRZVxKbK9+4n4VOyQK+R8se+nV68oYONIx4HlUc503SyGOap\/\/LCYROiGY4eaPDh7vr94Iu30hTjCiyIlio3ENmo2Xtpgx0y4zki182URjhdi2lMGGt75JESZeZfkA34f7hLFevCumcj6ijOjzZ0u42eGs\/RX\/7\/yBrnMjY+2gfiJ4TxqZChQis\/GYKAbD2JIuzCsi6V2Ubm8Nw35KDS+sB53W6Do27E2GSA2DWv+MzAm6zveezQDVV+o4OsT5neD4AAwgLFy\/Qy2xi+GZjSkZy8RSo3iRdAs62eGy1gVfhyPrNudRwVNEuWk\/dY2itlVJ+HJ28fJnpvvX3tj8I7p1+1yZJSjalMpM5yQmgJkG9WVckV8DGAWXv3xO8cB5OugwG77mQoMStI3vQGUXlb1t4\/i+fDw\/GuS4IZc1qT+z2tWNFMto35TYb7NCelxMcXuuM+fYamAktrAw1KxhGvSXuYqr\/srgGiZhDyKLEbwtAm\/PUk8PsLr9uf3dxP9zKVSrZ3enmKDlUmAbwVi3hp78d\/5QtHvS4TMGUKLEXPCDhUSuwE7OOnJPgm+9br0i+fWDTX4tU91C\/jkplORo4Cj82ZnXtiWWPH0axQZfuh8nQGk2O3ZzNJTPqAtZI1gmIa6n7kNGEdgtaMX7Pg3vjDy68p5aVHfYpO\/dRKKWrMVDPCoBiAvp7eoWe9rRs4zHZdWniTJ3TJ\/1zSX8g\/p4+Y0B5FqL1OIXFwBjWTct4roreoqwYWuYvynwyepiVqQwZWkuHxiCkCJi1WnbBJ5iZfX\/8wWqdcHJRUcAJUNgCfoV7Ve\/zYSplpt9zSooIJyCI6uI9H8NvW80zzMgfGToxt4BHzDG95IPe8ajcFZ5KX0BoZRF14qIUNMRcwxWisnEuOIE\/Q+ayMiFBDXLhxu7NRovYXsWUIFNs5o2BFE\/MKTaf\/oZ0iEYees5KfoTm65JfoEaFJ9jS3QBRmZFIyZUE+OXP+Hcko2Pe\/+D7s3GVBk0cIMYErQi"} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1621486370391009,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486370391009,"pkt":"AAAAAAAAAAQAxdZsCABFAAViaQZAAH4RW\/s0uxSvYyqF9e6hAbsFTimxxf8AAB0I+0NvIwjQu6UAAEU03bTMBGYCrS8cnv5vhFjbtc1bGvAvFQnZB6yJG8NkcrmiIIJPIXl2q4dOP10rWX5YFWQXsyHMoGvgrIcWDVzIX3NZ7o8SxUndmlIUJBVqXEfKC6th0dxYBXCRfJJYWNyYrXmuN+Y0PL58UHK7tpZpgBK7mIQyQqSMZcKAs7IPHVXv2Sv3DGgEdMifspeJLZrqAdK5aSG9OqL\/1HP9dlfRJZOn5z1AX6j5z63ULJV5lG7V5bETO20pw88dGKcT+ZGMwvA69Sd5k0J76yF4otVf+nWsZJtlYGjXtglJhDbIRllnDv+E+a46adZELPbL8K3oBj6\/CCVCE2naOyEf6mPlfsVkBDeGjKbsRBu21pYLux7J6CXacUP3TFJ44akagTX\/8xKYW3ZaCu4Q0+BcjGnTHcCQO7kjxo2v3xqEKiOBagnZztVu8xYJUV1uSp0p84BGJGssQKgY2BPdhtNjFgTRBcdgKWi1F7+kUVb\/YTbwJyuRTa+PDvQQMNFOZgaYCsfjqFJWHKG2zIwkFspCoaCF8XtQGkCq9jE6y4qf4zjPbZ7N1UwwnwdZxfWb1Fw4aktZsDsenXL8B8X0NngfTME6MDZxvWCxHmQc5ppnjDsJXBvxCfHQyc9M7d8D8CeVC+HWbU67PYxUuKsITW5a7mAaKH0WaTJ26olLUeQA3GDIUFw9xUdggvpZTPLePjQefZEEfRjRjT8iEYeb9CzGQi6t+9fTQ6pc+9Rp6a50KYQ1uCZSpODozp\/OQcBEbdR9GtmHpCDR0JSPJbtOYkVGGl9N0B1JEmNoUvWkQjGNjAZe3zsIkxaJ57mePus0qsRip0mYliPwjYjUPzsCHzNeDVwVXuWpUcUzM2mUJOgikCw6XKjTRqaWuAqeW1c9z4mZTbOSK\/TxHcCg\/WiNrzmz+WTnbB9BVLyyGE4vg7qJFN4PX2g3DqbfkifJRA9XPVuXHaYWBlDVz8FX3HNEQ6rLUkFa6eqyarqoeBLNt0e0nZn9mcxG4Qo9mD2OYNdYfux80GSAZIDpyIm8TDnnEmhS5z2HYyomgtO2Y4t\/N5FkVRx6yIfdqPtr7Ui3r9fpMCfazjmjrQ+LfRUxo6Q2p6YAAv1C6FuIqrLJVqHI\/kpJu7ZWHTe2PKlaiOnlj1A5JSK4vO\/0WUDs4dtC6LTCRT2cHR8t0Gej0FDzJ++VJbM\/YfPg8brEWZFYdpsvpeNzCryX37u4tW9MApgeHZ1fZQT7f+f0wNL3xb9nkBGv430\/o6aRXdV4rdsVK1Icwt6zKjtP4+M0EEPcPCQVgeyQEGAAiT3Uzle36U56GZffLsCMgG23H\/3Z1NKDWwffbKh1gfnfiwFVKdwun1Qt78gbk1vSqnomb\/J79AsHqjs4dj92ExlMBaeEeYS838CC1\/+GvM2TQqnNQGc0TBtsKDsLKmNN\/8BHFpN4K9oCP36JNjPgUtLnOiEpwlupSGWcDbtdi6ZFxy+Q7dsd+3esOK\/k1qXwrnT1z9erk299qqN\/tK39BUGopYzBcI7ZqtvWVyUcAQv4rkOvMHmT93EH9eAV\/HM1whxSr7kyLBcJNnJ8VG6vC+5b8Eiwd4KEvhX4SUFtdpJK\/juljSeDOnjRTvrONC\/wed2ymfPWrpUK94fPBsgVhs3zwEWHcezodeiB7xOvk8HZvWHvIdUWX23Dy5xvn5LYUigujlWn4Of6EawcMVeXgViQ66NNCX\/RKsSqrI\/0g0LQPkUhNuc1Z6LvT+izQ7m4p2uahClxy2m7stvMB02QAeTxR40TF5yA"} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":4,"flow_src_last_pkt_time":1621486371605818,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486371605818,"pkt":"AAAAAAAAAAQAxdZsCABFAAViaQdAAH4RW\/o0uxSvYyqF9e6hAbsFTpway\/8AAB0I+0NvIwjQu6UAAEU0VIfjXpTQhL1NMida8WQFmgohKhkeACQv1G0lgn7XSGb82pEDjyQSns+ce5wfBARD57POCOFsCOT6gWzp+brfODTHCoiG0wmrxM1adCtyLnSGQ3hU2m4KYrTNyuBWOTT1MGAbai1bV2+cJ8TJpnw+LWhRN+J0f2T9\/5XrLf7L0eMFLdmEghIxKx35yP3gzkD5aO+qCHqf1rb8y3CjRFFvzhAWWb8SbVOclOotIYjMppDo6I89vBtyi8x7wTB\/TXxdaI5xv+fcDmVrHG+loFcq6Npe\/VftmaYxpKh4lwZ67ygnswuKfLqyjQlFBBYU2qY4T0qVC07Vpzw7fiXY9eEHzl0urNoFUK8VnRQRxqs14r4oHwW2Z0pNj4PK1bJ4LVD+d98Dh6e9n2QoNiTmZIytYmSVZY8fcr+dz1Jz28vKj2pvDiohof043KLkJNODPWzP0C5epdxeLalUUjCP1i4vsXTjOP272SS\/ISmc1Ps4b3xstVlDwB0i\/o5k9mvon+MSLzqiNFnHDQvl4qMFjVF34bsB\/EfmCeJj8NRyrVrhtoxRCus0\/UbRWGwy\/pNTmtdIj+NQI4w5REL+pAj3VLF6RlS9zuPni0mP7F+ZpByd0q3u9nDSnIHmfGdos5zeW2+zyh3A3pU\/FXnEuNCEzG40NsbuHBtp6EesjzIs4TJWjOtY+QqxPHbeiZQSIWbD\/KPxVEi\/KfWy3KJSHc4VNfZ20FOGeqsLRXY21HgvK8lNgSvaf+UuqqRSYyVlslcB0igGPrL1jvcGNYPoCGsaRMxEdPEjDDpq38bOYAqHQoIuH9R326ysvd9fDL0QWqFJU+hyWZRDVTvAJ010YMQhOgb4iPgW0LdVwgKhcgVN8Nte3ettIP8\/nPPdMlnYlYGBCWuqy+4l3PVPQZE5yz7Vv7n3BTS8tycmYNaSru4WpUQZCcm4uIhZ8yBuVZuYzo14eEUILoObgm1vURIHZY5gKcVXdReFL4J8QqVPe6GKRuNhuSLSGlcNL6z3KquKs+kJLhBsUUjyTOab6JtQYqIXwf3KhVwQWr4o9yDIX36xJmsEoCvjbyo\/FUtR5f4kh7UrfVOwtOZxwOLcl7Wgz0wL4sJ8ZHC8j63+tgPOBcahSRC\/vTkeus+TIJ8xBj62Arm6G8Z1g9WS7\/iY1gFzBL\/XBgsKG9IlAQ+pklOg1ZF4MS+90gVdT6jJT2nQR2ix5AnBq8tmG+zTcvdiKKD66ixBAzqjL8tDxFfosHgRzmyaegMCjvVug7QCSTyPVXzPGmK1q475A4p+moIan9eR3fs9SYV8MV9zo\/Q6bMCW\/i9ZCg8jCxU3v9VHFGL1oj+gkB4EkxR0Xm+ZaNjZu2VeEBZVlzKot67uA4tPAsZi58vQWvdo2VFfEPk5BjlfJ4wvLcEbtkA4we3WWXHwYPRk7oX673XeVEFv\/9Sz07iUKdiMXO1iu6yUCT1KmDgxpAizd9dGIJgd9I15i4byev8M9Aj9VmGfI1QSsSOs1dsosZQMCL5C2xy+GB6s9s3WKAy2Oz\/XTtsVGBo7LPZXfcFcTkGv8ilsJSH74Bq1qU\/\/pbeefJ5HnNMcvV5uiHwRh+xtb+lSLg7A+TYkdQpGaI9iskwXy4cDxjdwiAEsOx9dwHED2FJ5TAYSWegDfFJy+u4jDZzWz8gLyS6SFSRo6PR1N1pIfkcnBct3yHUqEYTXeR2D3IsPqtk4slz5MCEkORnzRPLgFOH0FRE6PFEkXTmDc0LEFdoqobjKz4GlTxo1s8h5CX0XEZA0PeyG"} 01158{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621486316206218,"flow_src_last_pkt_time":1621486318293980,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486371605818,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486385474238,"flow_src_last_pkt_time":1621486385474238,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486385474238,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1621486385474238,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486385474238,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZFAAH4R2lg0uxSv0OWdUcLYAbsFTiq5xP8AAB0I+aKrjQG3wPMAAEU0wuD+7fY6Iyc8tUyNR8o8NpWyUYFI2ltF3LBlXWefiS8pWcL74QB2DRW9zaYKiQLkhdAYa9TytEiykfGGocLbybyMzfU84hTMBvmtN9X8ZFMfEisph4kQ3rvmzIKxImtWYbPuenHPvncTyghAlfBjyTAs4SBTn7zgSiTlWDdrfi34xfTstE2uvPZkKaWey9pXrjtdmfzoUf\/pnc+joM+ZvbIOQcTsRmXe5mjiVNaJ6HbPiHfKS10CyjUY01LajnspTwPslYnWYHNLgwAGsyRZ3BxR6GzhK0yi77NGNugWOahmIQ6nR7Ydevwzssc8uD6\/61qD61eTpCJutHPvmpIMYyBaYt3YTvj7rWTy4+Jwluo7NCbmBS6erQnQ0BioBgOLfZKwMDge8tR1RT7fB2y73uabWZmh+z9EXiZif9vDBEIzL8O7i8XDK+n4f62Ye3t+bnf3T\/kEu06cpWij61xvDaapGt5KkkpyGLnr1+FLnojx+RRHnFHIYRBgk0R2kEDER0hHA1VeiOanzTBCFFmvwFA4TMEyQweEYvKw3Kr5NUAc2xOwhVaAL3S6xL\/Wk\/SHYOYp5f0PvIEoO7\/8io\/mEJnGHY\/3kgfXj71k\/T3+r2XctxV8PD3XFXtFnV1FZeROEc3BUlMypjGko0Tbxn8TLjIbiqBt40oHwVFVvr3zGWD1h4RU4S4gf9uyP8Ze+YtGqGo434thBMwnGvfjKdLhQJtIVyNEqyYwuvEvQSBGG+kgp7fWxhCxs3+fbhPQTRYk\/v3WUK2SO9YuJEstt\/h2vF9QgTemr9AIjZTwspLB5lVyViciTmGq8Sv0ccZicPe8AazPdv40uBUNsLwlJBWnFFcDvymaaOS6K09cWBdy0mbrwp8\/Qf2j\/wwjY+o0OYJsGRCGGQ6ET57ektTFjrSGOVwqV9ScfzX5znZD+H6kwkBf1O5IzmA+\/GA1wqzC5J9sUPvKCTirqPecQIYYVquKinZKzhsDVhUADXpFT0udOlKR0uhkOCRqJsNTXL\/mafXS3+PSGh99iH51SwtUUJntU0BR8enFfk1SrdSRAr8wyz4qsVel4jzWEdUfHV\/P86FFH+QEw1abjB2h3SRqAAOHmAfcG\/uY9ox6u2GzMWSaZnsaTqOVBeLeWcQzhkrU9Z0XOCXuT8oREqaNA5FtJW8KWw4W7AgsJOgQ6KKmOhxh\/Sa9xvwEc+UXuYo4+9\/295WwLPUiqlmI80sZ5MoN\/M3QtOiUpRW6uU50HQdEXpljpfNX1Ul8JoBTMhvcJ5NW+FyRXYKNMfEEmEJ\/bvF3\/j1YI05JniGjM6mnl++dN8BP+GVMRR9DzF5J5ULbCVwM0AAMJLiLlwhwq9U40MTPoWJnoX9YFggLWwj9lQC065dWBen4MPGk26TfmuuXGV+X8k4iX8RotxUbiRr+NVmhdaVnI0o8YdFg4IeDNDlpwLL0St6sT5ZrmettHNngu+I1PPObx1u4\/0P0MqDPvazomUz93QZhJKVKT9C6LEyLYcSjxTGXp1+z4ZDBBfwlu0ys9uEElkGFm3wDpJMIW9I5cCW\/YYdHy79zUfD6w9hQ\/hirJGoMOzA0yz\/\/oESSV5DpdQtEEpQVf+pa4YsPzNg2XIlz8e+OjE7mj5zn0kQEz19jUtEba97CNXLU5+IwcQj89kSD6mwJqhhNAA9qbQHiUlU2rWwCsntFwUpKLMMcVCHYrVsOlaOMOyK7dkwME8jMVzZFIiv19xEqG38D3uh5T3lqXB4+cO87sUlV0VfbSVX2jiLZmUKp"} -01424{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486385474238,"flow_src_last_pkt_time":1621486385474238,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486385474238,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01450{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621486385474238,"flow_src_last_pkt_time":1621486385474238,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621486385474238,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"update.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1621486385780013,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486385780013,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZlAAH4R2lA0uxSv0OWdUcLYAbsFTtWuzv8AAB0I+aKrjQG3wPMAAEU0pYnq3I+Pk4UybR9VBssX3rW2MX9MykXuwtEl37HZjZdvUwqOPILmOs1ug3ZVyVxysW\/GbunfQvoEKJNeJUHr7ARioYosUv\/iMtw3zJNnqitKNycrvEvR+KPtynwqcEskqC+a0DoLcVg8G+1ytgtC5bHkcrgb6c+yvfYPM6bQHRedo3fqBnUH\/vo++7E8FATzPknFujoxXAfIqx5\/yGoMqH+HqtaMj\/gBvnONUQgLifilr2pN2X5UZtCvWUHfwSy\/ewC4h8t+MC5HX5kjR\/I\/PEFr21ZhBOTbRAIvsPlTMMkPaVFoJeMhvSPXH3RCxFq+4eYuMrUD0OhNOcPxOIZDZCyl0o\/ggv2DFXNJg+gVLPXoZbPB4iu5Uhmke6bpE2jqTUZPjwXEkBe6xV6sp6bLYYcswATmdDqFUEdmWGMKBAsMqXikUGSk8uiqTt95fjHy8nJN41GX4xtHHAni0YyIelafqSbckoVL1qDANQr0CxF7G13sR9plFiWW7O5A7e7cS9pe6mRYIxMGaciOe9ievt36yTBJgl\/fiQ\/Mz7Rf\/0\/xEHpiGjimSZGMLJKt8tbPUkf1Doy0L2PCwY6LPbySmFk83DrXfORYqZzQC5aRkTc2HeUqrMm4bElbKJ5gKch3VNRryw25TpUnRtQFu9IMWDE5dX\/3mWizx7+qMJm47Fyoex2QVEdKtHErz\/i5jbltyKP+JlYh\/5iVhFxWpfjDpTOkH+CE\/A7gJzr87sNP+7VuTghxvarGALGRQvWB3CXNIrBOCA9jEhQerKbB8C97DJMm5tcWUZ65E7AYZouY8+zkDggzBLI+0JJ05RIaaHlApiwpsWJ2zl6F1m9w14xWaghs7jZgtgfJEpGiT74jl4pf2klaE21HmQ3jnkf6AGhbgdZBQmCO4EIpeWJZsQhwGl5VQuea9a84+ee5DEZk764Ux2ytifgViB44NxlhtfksBdQI6G+PUXELugH4wQ6SukmCIBACuFIfzQbiKGjpnRUkS7AmxTtYPrsIuSjFIrLSGd\/5Xekm02vVOPCc7EG+Woa7OletCxnuTQjLX8oheX0o2Op+1dBXeNai8Q63RlSaVEOBjEiXQnmJ5lR4kLHJAKgnnUly9\/g84JyqUljiN\/e8uABODq7kynlT0o2IN5CHpN2XfhoXZlxt2HiDrqvNzSKO3CpTZnnkJeJtK9cjSU1XxfkGr1TK+WrsxaOx2y4S6PIiErYJnObHfsCoROfZB5v6WjVW4TwLRypWRXulBOZly5TnbMAqCFsdN0gy6amJt3ngyiI1muUKlcYOXXmBVBPpum\/+c5TkiBPy0hZUTn3PK8vRrELBxFuvPrWR1GEbulof1jbR58Ncmb0rjGewwYSLgqvfw8fWuUbbODAYVLX15bmDoErj\/57wyWqkBS8kUoD3JZecSRs8Aps02NKyynCKHOlNpc8OBgCA4Ad6xJZK3IyyURTyz5JvyG0vAoHB8Htl9cCeXJkHl+hbzHpVtzHZa9PuVxTwrw5ZpWXJ3D7gYDf3YjByo50t9uNuwO1TdW6VEIoQ2YFWco6RoRPd9mEfRhGyA\/HMeXm4nHmXXkUxD0lWGhQ1X301intynkww+5gju+t6izkuTyIR+es3wNgXF3uDXXchyNcpEgdq6KXfVdg\/FtdXzMb3o20tlnu0aGTS9Ke8r2K9x5Uy5E4IMaNx46xDz\/FHeQCHMCFloD7HC0iGeHQTjamzHYw9Q9cx0UPZlEZjKGZ\/W9mm9Rh0pSLgVkS1htsYD6Bvo2h8czyqOaZf"} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_src_last_pkt_time":1621486386389522,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486386389522,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZpAAH4R2k80uxSv0OWdUcLYAbsFTowYzv8AAB0I+aKrjQG3wPMAAEU063sPCo4ozMPxlUj\/bSPtY3+CzlLdcC7kUprewEjKm2OTMB65C2RpyTFK0qHd1UzUnN6U5dQGGKmwgsbIXIKSBC7aC9lk9\/7KSXCk70eFVpjOtIDpiKUi8vVDCcfV6kRbykQ1UG60rnGaessWOlmJYYUYrFTLfQgo1LVYDsFKsPtJ1s1kupvZUz7DtsLylFS2l34GkqtIScglkyae0GI8mViRVebeilzlJSvddjOZxdAXXrNZAwRXdoffLloV5HtcoTQxqkR0GAPQdvrWXk+SMlGx\/W7Ne49MxOoYqcb+ZEW\/cA0RMhYOyvvzwyDA6S9WR2IZmDOEetLTQcoqKQrcTga50K8d4JAO4kVEikYFtr5Bm1z+MiARlDwUJIa24qTqLJVIo5iKqG52c5DO3tsvK0vzd8pSllrOHA6f\/I4wQDPyPJtMgg5O1ZoG8De8l3r2ufSRHsnJkEpyqWGF1+ijD\/7lBI\/5nWTPn9fBbdQQQkTlCH2+hn3jyqGiasIwS76cDfQW7wvTATHGizCtUCL9RDngXJ4m60+cjB0gourDm90bfqwSQs1xt55IkE5JsBrjydZPyipe0uhIjm4KZxuvhAjYi7daB1ce\/\/+407cCf+sxxL7CWqTVDAtgj6KFZbP4hnyT9ga4vkmC3\/t2CtLgFM4\/LEuF4nmXrGayZvHNNVuso5WMvbM4gno9LWsv2kJV4dX1TThhLd\/wIxSNzjl0dXSOBZ7wgJEHEnznJuFVstXb3tQcV7X3RP\/hcXpU9XjjFPCV5oo1sQe64QtneNkxV2yjvvs4fEGTk+zfZAnlMw\/iFw5VrPsMS\/wDar7RyJvWTPrIcoFDMu0pl6zkP5Al5BXrxcNMZVEAv6FlHk7RldT5vteKHFUD2EG202+PzEtOTPlmqNG6eE17A10kl4\/4bK9PAjRlBlsdbWm59jtIwieLuyVkY3xNNoXmkXmw+HTfj8L6cgMab+8MVWKD6X2FNJX1Hh4plar7gQs1wBHs\/50jh9TX5uIoGdQRaAkCjse9rKdwxS\/mQ3AZwSCeTLDSDZ7HNKOkFvE4XF72wS8k1jEs8CQLMd5eF7YKEIwhKqSRCTAxxeIp83q7tXfO3G8oxX8DNBZyGPdzHTcD2B2+WzAACX+B3mJrQJ47ogTtd7hRxPzmVNoKxW1cJA2W8sth9y2x0M4tQfFNCg+y7Hjysh4guq6xCuiVT5xotwMwPSDBGNIuXj+rftzi7znrhrNAbCSXiAYGtGnmHBOghmDMitk72DkuK88UEA04IW2\/8fbI46r27QDrpS7pjckWTOaGJMfuh8JgHCaU9F5gWqtRhso3KChbMMFYhYXX8heyFp2QTjtSXCvmSvOb\/P4Saj9keRyVu6EwxUD\/Wvi1CQPZNexfLJTr4d0fY2EFznG9mLwUFqLk8x93VjpNxh9mUDOT+9FkN2OUAwfOdunZk+S7EQYfuz58Zq50dfTTQ4ytc1corJ8ZnuRFp7bcXIyr+r\/g0rxcm55mxTcduuOI43k6A\/u4kxcszhmg9OmUhSIdiyIqrI4cTDkvXweJOztAO+v1eNUC8H68zvSWSCyYfBS09v+biPzskrJYVcIdvRbgzNi1MALIo64umFnfoGW7g7tdRnTTtUaVJ7SjjCNftNOmI+oKGp0G6qA+uKDhFNzBEwpKt7nPh7uh8czyGQ5haYxO+MQIP6acb8ITWfq7ZBDLBK87VY24JBoDq6EX9\/nCN65uCe1Ka7quGr3dV6rIOhhe19uIvRjiUm2GbcXkIV4PPI8eo8VJ"} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":4,"flow_src_last_pkt_time":1621486387592524,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621486387592524,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZtAAH4R2k40uxSv0OWdUcLYAbsFTgQXw\/8AAB0I+aKrjQG3wPMAAEU0xCd9oY\/N5GDZbDE4\/dOAMM8w9gJlBMdgsJyYzUVv\/0YsXpimfRnBwl29RRLJpKiN2vb9qt4MuD8jjaA8\/Ma4PVpfwUFq6LbJeRQBUGSZvMkZyGwkFinTbjgUyAkhfj1a3T+A\/pYdS+eiFki068+ZjjYzXXbovNfHhBW\/avWnLZp+g63\/0bEApzU3SRBSWovLccBt37mDz+\/X7ljq3jZ56mszVdUjpMySh8HlAUXPd44quqaILcmJ3XzO6+AP3v6NtRf+Ez4FakJ6ZHTyZ9cxn\/M2cpxjR+88FCSnW4BO6n04wyVghjBoPZKUE0x\/efmEPxlFiHyK+V\/S05omMsEg4KyTXtoH84NLY9j6s\/sYLuTGf+1niq35+5vNk7z8FQTqkx0uUQiJxEBBandMjRYJziJI0IUvx74FTlpyyrzRdLO7m85Wg3l6V6PR2J\/blE\/cCYxryipemZLCaQtm4Wt1XvwSrBDG9or2S\/o9aTdo5cLlztIANl8QlKqMe6BMy5b8l1JPu7CoRhJLfvOYoN8EPhRAEFr7S9cgoTIWicvaNVMYpqyDloZuk4HrvgDNT7BcW0+GudrrH\/SRagWbVb6HF\/t\/HVBpJ8wtp6qBqTQubvJiwnMW2kyOr9zCX4HIZlDeMk7wncNRysDJVtF98R2OBfM2hFkrBJOSqWlBpnPOAq8ld9BhIIF\/KOOrIQa5umfeiYL4pA9ewygJg8JTfKlN8AVbT1Fj0NqzKXvt2naKmjJNcvMDcv\/sA9XSuRhyBH+Ya6lzfH+ATMfha7m457kJ7SDdJC9RdTvl3MaNXuwBcPVxgMkDUAwanLgj4Ha5wyi90iwhgi1Fv7yhKuHS9dm0DR6v9w6reCyaarbb\/MuTQamIHgAU1JnxgXNVRb1+8JE\/p8JNxCNRubXAe\/LfeqOucvaqBptZocLopG3UGhD6FDdFEMPBSubwiPFIl8iSb7adiJkvTOl9R44Au33DEkQDKqma1vEZdngOkX2y3a6i2QlLYezmNetOVaSvgh6hWKH3wPjmZv+KbKBxgQHwgeE8LBFdhp8R9uXkyumqod8N\/2ZZoNsIzdT9hG9MMIRbROhqoU6YXimXMLMobsrBl20jmZZj81VfqHvhl8TR+vZyq78Bqp4u1jryKf2imnuEPBKdCC5fvNlBb7xs\/sRBPvf8csWmkLHH+Y+i2jvExRNzaNjpNbVcSgcynEzupt0GCBmnvQNrIguvrmnsw65Ynm83oGpWNnPwZnMaOrwRxwiAoIKWlQmm4KMGWUp+70IslYOfcgLdLJTLHeMC9ZrqLEXBcB9v5JEr6k48H4VT\/4nsaMcRUoMlCbvZVgXQrDWhAVWD064fuJmpaQD6sC33JaBDQC7SNYZA9v8xG04uqWAaBYhq0f4GXZgWCf\/pL0xDIQPr5LYmXNQ8oR7baWpT8SnrzmKtfZm+3Eq3mkta\/zSAinzJxR\/hv\/chAQRtJPuytYaLuIFjJqWGPK43+vg4u28ITj3Lo6sid5rW0ETnWXiD1HWPxLeqo9IaxINyUG3VTbEXGQAy9RaFypmaGa9wl16uKZH1LXbQGs9n+Mszgvdzu9j4OQ2ZoJWk3bI+FSt2JRKGdGIT2nmFeFyt4OvnEmemYlsSr34VtmNZxUKNLrI8H3TIjqGgBGqAPbNjgCzNSjbgcuAZzfm14qerHKESSs\/NgV8nbw4APrHMEEPlmmODnlRp9aAe3QL7ti+0V2LpiS20xNUK4EL2ygfdueMEB35Nif2zIIDr5vCmLLJvSvw4V0PxhUdk"} -00683{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":86,"packets-processed":85,"total-skipped-flows":0,"total-l4-payload-len":114750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":83,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":368,"global_ts_usec":1621488172593774} +00683{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":86,"packets-processed":85,"total-skipped-flows":0,"total-l4-payload-len":114750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":83,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":368,"global_ts_usec":1621488172593774} 00830{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621488172593774,"flow_src_last_pkt_time":1621488172593774,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488172593774,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1621488172593774,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621488172593774,"pkt":"AAAAAAAAAAQA2lQ0CABFAAViZb1AAH4R06SfdbB80OWdUePhAbsFTly0xv8AAB0IIYJbjKvcKZMAAEU0Tezktqb5jgj7Ctco9B1gEgebhfTklfJiWUvzvzXVx1e1KCfmB0CYkpgvAEMWkCN96k4yxgEJhItMoJtLxBJKjThyVwVNoJs4osfVKgvW27jc\/\/cMoYfkmt0BcMTE+S832TZqo7DcoxbJ4SED5T\/fELYc1YonSB\/W876e8faG5n9Z889N6aEcUSpAR1NRv\/LUdTkKc80E8eLY0MsHFlrDxy6CZovHJ1EZPsnxPU3xmuA6PKcoVZk5E7PnwPJWVDykRwGVsj3\/uqwsCOxMLScufsvGchEffztJ8Mjpf1xy0Hks4XzejPQm1+YDaRsdxSWXt45SRLIvo\/c6h5H5fCX4yZ2dh6e24j40pDTautPP1E4KkxfA2AopSrSKSf1UiAUXmQWbN\/kgMU18r7h5LyzlAMKuX8\/Ay6yq9jK87jtj+MIImpIKoL9MeHVOS5lygsoTWIqqynPssiNY6xC8pyJX6Ub4BO4F+0CReGOoAESo+zj9+lbUqbeb7h2ZFGxadMW1CyyleoZNnWar6Hz0+sxBH9qRVZU5Heht2DjEc+6NEcDLxV5EaOX94GYWpZ5FR0EacC16CngtIJvVS2Vy4VHEXkHxRQ\/E8+BlBf48jcRRSu6r+V6GHpQVxkfvTm75zRbp227tVm1MAOmDC4ptEOe+sdRM+KrFAvaHe3o8pZCxK\/7aYLbotm\/RZjsivWCu89Cmlg0uVcL6Bo5BPfMomqOupt99ASfgdLdPTXGKZLuwp3GgyZeH9wnyPMM2+7Ggpa0RPG\/l2tSy9nrzzP\/MgL6CqbtRTpr2wbBNd\/SlbwIb1c6hehW1bLPfXoYMcr0kEetxg6OaHbyEdd\/4Ggz4SeyO3GItOwerR7WYWNxOmqs9taE9J\/PhK6NBDsXc5h1tgICSKag9AJoKaM9ovRC5UgfrYrqgqF4SuseIOZvAOlPyRcpmSKooL1mlS9PJzoeolBQ4Q6A6x\/nvmxc72I7syFXnB044YwfE2N774LUPLvvOLCg6Im9ZhCD7p4F+CscFU38oxt25Ays+maqiXnRw3mGV9KfMCfeBg8fWwb36KsISX3CI+1rfMDf89m\/pkzSajfjHt8k3vTCGPK5nVGcTDfOSB9CGZ6SX8cHmOTNUvoBI7fCfE9\/8Ngy8sawBjS5kemk2pVar\/Qjc6ZWFlikqXDEg6gI3HlFx4rzttRuJpbdSVX3pGOgGMXPyrCnFjqgDg3Cu2Y3VVoKD9yvfxYbTeV+segTGzJ9TpKpIQ7l2mOQyzexa60jhCdWRVqP2SmFZC650dD3TPV5qrCw8uvxv\/Hwr9JxUCKr4vZ4MNIS1Qme31hh9cKk\/smw6+dP8LKPbRFjyi5hKalZAn2oi12OsRGCRrT+CZhgIm3EsqKl4eDAmzdpgh\/Xxnln2oigZwNL9aNU0vU6Ri2z6ptRUiK3E+ULse6j5hYRaWYH1k1ExTT3ucG4D4c7xsf3YTntqY+KTDBBG1sDbHwo3em6WCb7WG7xc0voquwvCfNxaCk3bAzckSDEa86uyeuxhABsH12KWz4kITx5OwWU+lhxFgwus9PGlUh3+t363ytP+xsR98JT4AH\/MTUvv9IyRtjule4mQon8WEXtnJYqcNEh5E2UIF8gnaLnV+hrmX90Z\/weVChYKzF3NgPl9LTYOKXHKx6sgO+65G03KKrg6J\/G\/Y28JZ444EBiIz1Vv3DiM9J4DLhOb6iB9GptUjPIDobrRPDlIYVvrbFerCtsjpuaVI\/H1eUosHYVIRS78lDJZULDLtLIu6mDP+sVB"} -01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621488172593774,"flow_src_last_pkt_time":1621488172593774,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488172593774,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01460{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621488172593774,"flow_src_last_pkt_time":1621488172593774,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488172593774,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_src_last_pkt_time":1621488172891768,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621488172891768,"pkt":"AAAAAAAAAAQA2lQ0CABFAAViZb5AAH4R06OfdbB80OWdUePhAbsFTm8Pzf8AAB0IIYJbjKvcKZMAAEU0+s8UmerPzJNPf2vFFmMIxXzWOI8+nlMJBqPIX91\/fJ41T6FVJdyz55\/AUFcKq9ZZyk2YP1zAlqFolkkHkO3Xi8aifTMn51fKa2wn5Crg\/NezDOPCbLX1Xw15fkvxcQMtx4EhBp9vvHyapMkXhNDJRu9RXfR+jrCal+s6uozM4Bh\/jgsteWhVYvFutpLBcFpAsACOZOXcc76QRT29xwiI2HkTMraeke6E6Elw3fZ8\/x0cjiKmAdvj\/rbQ44niXNogWCExDiid2qXxV\/VGMqrcCQpdoi78teOlLV1cLZCyKK9Gz1YT8+74zc3fizqw3J2xo1b0u2CHknZb06C+uIl7e5NEZUm2WVVu0v4iXHKkXSNY51UoQsVSs9xffcs1c0GmB\/wh2f7GXXXrVNip8rLBByPg2DJfrk+PoxGJ3J1kwQ1qDmOjB+UdN6fAUDfkxumO+fJw5izefocSJigy5LmmrjyewC9W+CDD3xJ\/cFzJCoFgSyf95fZ38+c\/H2rJBuKCVW1pdiho\/NBYDfaWuy5vckCjxN4xZv2JHxLWOVrRbclHG\/W4SWRZQP56mfXat0F0uG7PtJ8CgwXQ7NSbWtihIdZ43Ml3L0hioaK94VzmiCutO2T6s1ZqHQABM0\/PLZwtIpO3lBVHxkmK8czxVU2bfhh8Bd2aiAShWCZbWF5jU8EnQsfhGgHyekqxaLTahPiDCOg0SBmkozlENpi+0yMs2D5IkWhpyqBstkxFFNgybyAV5r6Lhm7JHwq3ZfXZFrRSuhRUAeCOh+NaYs7welFWYGPQBos2AQTRUC3NlRnOAtgvnKyVKOW2QjRgtqEzb4WdTL0bbNQ2FQpc9GYYE\/flJ2uoIFGQuv3JETxQMq9QMyae75gPV\/Bj+xdFH57XdiAsHKWYX7zqDRuKxKMuekYDDstuaLV4VDQc6MVZaJFii0GEv\/SupV\/58ZZpNHFEEyZHJzfkH2tbuh5MUuS5PofLOSzfTRmu+vMjtYQ209SICOmLVwPZ8u2AGrlFW2EqkZfbKI9erViZ2Unn0RZM2Pn+Wgst22Sb5g8wjh4wiA9weFHLORi1vWiHZkYe2\/BL8j1rJOY+xONNiXjbzvs+yXxIs+kJcjMnf6gyaovRvL\/c6j4rDv+KS6KHyF5Hju3yVQObDWEk+4j7PY+PaxYyvjYZHI36l3YksknZbaOMlMvl6nVwtU\/k8ACWq1HuEpfSG1UyrshCoDlTkhmlMZlMD7qdLPEuFj6m4MSRbjzW3hQa\/qxU3T2Qgki9LeSxXGYHJB9FXzq8yIQ0vOgWUQBxW\/4B0BqwQlgEeI27byi7vI9kmpC7Qou2YWyfsYTI9GGARRW7m5xU+maz8hHKd9KDfpthCymON5jJnYSptI3eug5aoGebEfP5bAslTyRCDFlm2Q8uSYfqFoNXujhc5z8WRPjLGKq59LGiZiW\/yB6lByCmmdTIYea2rAoFVqdYtPOdeFLrrKWhD5CpJEWImL1e1iTCT+E807\/aKY4QGP2WsFpn7d+gLCr5xQK6CXuhhNH9slGRzedlepwRyZh\/3i53f2a3Gl9RXi3N64p6CoFGMqiF8smMYblBOriOhOrEkIll8SQrZsnx81mclM\/4eF2UVnsQIp5n07HaGrEdZCT8fSndvbKLHO\/t6xkch5Ixv6BouSjYWklnDUEpJZz+jrQFC2wuRvZqOy6nf4lhu\/4E2kmpv\/MgYvFMVgKwJlJICexzBQbnudDHL7qYGQXGmi1uMwd9ljoVOFUJTpmzZx2wQtELSWXl0AWl"} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":3,"flow_src_last_pkt_time":1621488173506021,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621488173506021,"pkt":"AAAAAAAAAAQA2lQ0CABFAAViZb9AAH4R06KfdbB80OWdUePhAbsFToJhz\/8AAB0IIYJbjKvcKZMAAEU0qqZ2\/TuAubKLOjJ81oMaQxBMQ+\/6Vw7RaaKNzHvrM1NT+orB\/NmJSKxGxbSKEavrqUsSfkdDyIeYu3DeilK2GpCIubh8xfR7tcGDs399cvt3jBHRuuErN+rqniq2AF218asFOb+4ZGYSRPk5EdOKXsHpM4jOO5Xn\/0nKFyhG9EYHqVO8+pB7f6yczQlCMtDLF7lTT1tq0Xx5\/GJD9G0tCnOfX23fuY+en2OxpF0Q0PgXWtcsqYDtzTUWjmLH9BCjSI2kYYeo50ocz2WBWTGUXpoqJ9iYBz24Ky503DT5070a\/wp9cUFkXCNTV2eHv4keTxj9VvDD+Oi66PuHhOmSDrAohpZ0xItBmFaH47riNVmR0f7T0zfIhWCnOcjR4SomjPDBWcliBXMeSR14Qltlyc2kedQT7ZLDVfShl8+u3uS+zP8eyCq9nqBKQBMDF3cRxR6L9pGoibjSnh\/b6YBpwD7F5mcjWWjHHKVaxCEGQReuxjIGxxYeVTuCdqjXIwa0Izsll9LqeaEweLCNX8z\/\/CZA3pA9mivC5xkaqkyX9Ux4LPkC+WULQxMZBpEoE79XgttU5rCxCA8WEYInE4gplnnN12fNrAq7oK+ddinTvJs0+jBDZTCzpU5n0HC2WICnWxzQMAjhLIg\/BIVwHRaFAYw4Do1nKdRZ3+Sk32nhis1tvF4rOVrl8+QuSs+KqMidgjtjP4SWdcX\/X8u2OzpzpdBsJdPiiV1fZ6dss\/sv6xMaQ9B5Gojobr89aeGChzGbohXQd5y+iFUBt1VsbEb5dhDDvDWxob504mm+e8jfdDuh3GB0n6pHxwhoVSFVO0mUera+adQA3\/opY719kwV\/jWZYsfN5slbWhOML1HIQ5QADeewjbYw54FRDTOuqIEIQbZ9eM\/tKlt3HYJQncTGCiHf2mm1doGvuzgFM0BmQfN90m\/alC4XLQIUhU8uiZL5CekhxJSUTgbyaSPP5TKOnCqgDTVfMKVsJwC7ux18\/QNJq+Ao9ADSnhw1UkHTxFxUqNTpfucOEexD48oLEIifV\/GQ5Y7cYnaT6cfEnC0SeITsljquMY3Vr79yR+QT5dEIT2QkhSvvCGGW\/JaK9qcRkCLlnq0aJaQUiowTpWicqExI5X+zS+4f9cimXTb1tdSX+O2UlnWTkunOyyMLCdR06IG83Z2X7B68oZ5TXGb1vA2xmZqHXtvssbw5o3OZ\/M9ztrfZLxtw7s8Pk6oU7LSRvamoE2v0G9pXaI5VrazOyfxbUNSpQmwOmJe459lT4Qg\/CnThmMtCEXTzATibzMPGsrla5NWj1q5gr9q3cviQjSSPHCEIDuTp5wrZMCiLpv2tpEgI1rY246nmnSiDYby74PkSaGM0LCk4dDOKWAhuy+SIWuf9+uyIIqBmolfwWUmGX4ONSUzWAjAWNs2YzUhcxe+89BPXzlrVFcxvo28wdQF4wSVKN2VK78RJt0mrleR\/3P9HW80AETxSMIAaEoEcHDp\/lwJVPxAJL45U914u61nAp6JUN9jjimYNkNOeCLWI6j0GQS0Xi6UYYe2RkTF7sTCWShKI7ICgWwC12IaNxcPgDzh7ZJ5NhRgId1zLe42\/4\/EcfTgM0eAjGVTGUnREGIUVXj90QTn7l3oLmTduz\/OspCcyyktZYIOsHK+50LEMXLZUzKDQljXLHjWdmlr2k+azMseDn\/5zu4+kAWTW9dTENdlnZVBC1XVkmAgizBXmK\/6e5hjHzv+Y\/zyTl7BZXDbv8FjjkJrCJK9tXBh9Xzwcqbagr"} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":4,"flow_src_last_pkt_time":1621488174706312,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621488174706312,"pkt":"AAAAAAAAAAQA2lQ0CABFAAViZcBAAH4R06GfdbB80OWdUePhAbsFTte6x\/8AAB0IIYJbjKvcKZMAAEU0BUZYpO1a7sPJWtCXPVSdEyjfDITmaGj2IR3fvWZY6TBrYEdqa\/gLCaLicEvABAQTyXSMse0bLo2dhDj7vlwszaXrjwBN29oHVcMZdhPkmVz1vB+HTqkxNNgtE+FLAlWpuAPrNuAIwSlG5Oh8L+o+i3gzNWPlTp0+FDUv5Mln+esIvgv9\/eGPBIl\/fI76jnOgBccAGEP4Lqv40XKr9Y3ssxLL1xRzFyBJjuvgnx3zQJNS\/iVsWwjy88XYWCledhSkw5B+uZehVQRVp1mfGk9pVxYZLmKIOtPRgXsgboimgjxNCrXvepzB9fw24O7nda4gAzckAoXxCGqSSu9JSePDOaiTA72c1Adpmb8h2LGuePSAuQb5kD8eeTWxpw6322t9sLB8DWzx7NWIMv6K9G6khKJoEXfZGZoH+H7Qi+L3rYG+OfleJc5Y1J2fJ6ZrHsk2GfuxSwmBDR2QPWX69OjgxVOQAd2x0pcT7shEIsjMFxScqPPCQC04G+NqmRG9y\/p8k9r5hEkBjTqK0boMRN0NeLtyOWa6DV76t8thdg\/o8TrtJG+Hu2ZvsrRjJruij3pe09Ob31WTE+2zz\/s8aK9QvRhwhDiEC\/5i92NjkVXMXBUjPxXxBk0aA5gCemfIeYvsEyZh8tVTKTrasZRey5QpL47Zxet3JuR3YelXuRzho81EFmqNk\/Uq8elAIRGMo5soHZMNFeryQloHisskWKFmMjW5ZfCZQ4\/WrexhhT4orrUL1jmMsp85gJT4qMGGrGnV7tXL4p14QTtUCZVl1l3ju+YsNowac0vdJibIaSHITTricVLpgOB8Avd00p227qrZkuoL7yuSdSs4L5jIXUXEi0rwmylldmUwEb7IkdM\/8VkPj5LGA+md\/yi3e3vg7wGD\/uLpDb2buCNWGuUckQZUGNgZ225hhie9uIheVzT+wZQ+LZ140aiXLm1T3uLKR3KpqQPjrtWoZaSizUOn6jOZQmyvJn7VCq6IEW+4R\/IBrxAaqfXgwXYWxVxlA3h90XwFdzvxetlDhY\/RDlcUhn7JMgrGU5\/QTz4Qg0\/PUi30AxBWaxh\/E\/AvghqdUmsXwynkpEDxXRENaJbZs3rA9nOioiG5iJMheVgfyllMwIW6Y9Mwo\/NBJ8QEP65HDbEtBqQ5QsCvfxdiTayepUNkW+n8Mp0R8JoHTVNKuvn0vGtPBOEZ8maLKNeZ79CpPOZnresmWWnWUT2hKvSIeDpdDGnGHuz0xdrUTBqsLElUKvux+YeM9zGc19PaBaVh+1IgzMyAwgk2Wpy+bN4OmGC\/WtIgZ9cpBFMSSKa5kdxJ2d0XXG2XB\/0bIySkYDrNzTEeYEXZfP5u1h1xfVEo\/1xaeFI0EOcv5dIun5xopbzzYhg496CS0+lx\/\/iXBJkJM5D2s3hWBOC3aLjenYQlZHCg94b79mUaNVRdXB9fL9qbzTcvIHtrqLrckEXn+zTv6Hf6mreAX73CZf5QJ8kN0jPhqjyGByxk4r47xObDrOZ\/almSLhlQZwwlFJCXMJsPN8Cx6Tw55gMYm+VSOOJKl\/kj9Ft74Gwv6bTb0uww8+iQTXuq7ATPzzd+c9F53jpXtiuE30vtoQv+qYXDfFcydOeizVN6m70uSz\/tcTowKbAI3FE188L9TT4+Dxf+WiwM9d7fcgwfrWpf31QSbDJIDMExQd8QRbpd1ZzQ2LuKQdyGnPHfCefo2tSsyEp42B\/JWkfTFxK25JlpicBOM0I6U1ubKI37BIpCNvSwawK2sckvWkEcwt8rP1ol"} 01156{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621486316206218,"flow_src_last_pkt_time":1621486318293980,"flow_dst_last_pkt_time":1621486316206218,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488174706312,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01156{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621486385474238,"flow_src_last_pkt_time":1621486387592524,"flow_dst_last_pkt_time":1621486385474238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488174706312,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01155{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621486369476762,"flow_src_last_pkt_time":1621486371605818,"flow_dst_last_pkt_time":1621486369476762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621488174706312,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00683{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":120150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":83,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":378,"global_ts_usec":1621489064431574} +00683{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":120150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":83,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":378,"global_ts_usec":1621489064431574} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621489064431574,"flow_src_last_pkt_time":1621489064431574,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621489064431574,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1621489064431574,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621489064431574,"pkt":"AAAAAAAAAAQA8lpWCABFAAViaqxAAH4RWVOfdbB8xkodT8LLAbsFTrHDzf8AAB0IkZSau0whIqIAAEU0rkimartPZo3XhAXpouf99lPyA4vPJfhF3sf1D80fQsd6hKzlDSeSsZ1KyRiDq23Zc4xu7yZSamgh8nd6IyVTF7B8MySKONiiaOY7dBSEC0bp4AebJ3k9Uh+OOZq1GyBDHDSVQ3BCXr14N2BMEqsgITpqPo+Z792Msbma9ODtfxa1MtHVKjQ15xkDF4+So8i\/fjbAfOViRfLKHxw\/jO95gtHmKOmNKHB+nvq+muN+iHIbHDxcpnXnO6PuxaBm23tYOT0PH9TUnUOZWqCNY2p9QM7ZIgufCDLh8c4C\/NFv9tZwBa9qhWLW6ebYQbaildftHqg7LB2KmNDXg69lhWaxLtl4+vEH9U9m2NQrOHQ8oFyTBFFkoewhMmDe5wHcaBJAO22wMqllFBpPnpzOCMy\/DJyHizv1if27VSaBPv3oEozht0\/dit4QAWrhZlnDelbE2T\/59x3uh6ABXgAV0b\/BloP7H5Pv9njEs3lHJOz7dFzr8iIjfB3B+OpQ5iUcuq9FxMhcezvIQOTkxNLORi6FlvB2GNGwRg+rukfVzwMeVbcyJ4bxFt9mc1MOr\/FkhpLL7F3QAjXoJvtrBiJncMoLXPRxAcMFUlowojaTi47EoeY8wguEuf7S86c2o+PQ1edefZeGvN87Fj\/fTTENh3Fn3S0OsYOmjnoXwQbxlBLOKTRd2KGqC3a92N1etrZBlnzvhACTKJeh8oRfYYE4DO+7CgxV4zH9ZFi7iaFktcfGl8Qu0FK6cb5HhSbMXyyvDCuCWYLd0ovyzFo0PNVt6yeC7MWIrgENNxCpTwOvjKs0+xlEsZf\/950lvdpBdkdhcTjSV34d2kg0KiEp6WKDoRhKAAnK2OjPGibxjk5vdFxY91t13JpZ9htdqGGMPDekPyxWc83i1LGMSQbz7QKh0X0aMz5ybK9\/HbZcAK3XSa0dobDV5b7WeSDsU\/3gkn5RaztmQfVs3owjzIYFbp5Buyz0Gxwz5Bi8HAJbB5BGGh\/yrQBy9y6a7q+P1hltskurz6iUjM71in38UzRyZojCOuaO6Q7QJeQvBcY+2qihs0FbDRsgigWTGzfjnSYa0tOUmlOdzI8uCwh7va3320+93h3I3V0faV6zxO50Au9kcqGGOEH12ZgVIt1bQdug2VBjCCj4ZbXJqLVuzhI96SplBcyo6UlwCnd09h5dMNn35qTkIiXou3NlcZ\/tYICl0xnfzAm0RxKz7INWJ+Pl4zSOjW44oFQwywPEE4MnpAbtWWGFRsesYIQtXXRapdS6Ha5rSylQcznied94Fdc28K\/TNM2dGosTNyEVqfCkfy1UU4pXqhmQ0m+rjS5SPefaGM\/ZPD3NALEgC7CILnzOB2B0di286grgHexJhCWlTHpcLt7yvnPnpvNTnwlX\/9e5CoKQXAkJPiDVcfLUGhluxsjbiqi4SZfvmdSRbJceWdtp0X6oS+wZzMuskEDHTOdTm8\/2jfc3WP6WQlIPINuCYViTLdF00mSEreSp+37OaIb2Rx6SPPD3UtpXaQ+xXSYus1Cf40a6k\/5iqSZBv7Fz9wAvqxvY\/FEStzmAQOKL6neOcR\/iuiKWOf9tLN1utG9qzj06bkXuF4PkrZOphQj91RQVjRHJE\/j47Lin6DaH6C5JcxMyymH9ObgTVyLE1e0B+wF06i5Hpk0EmLRJrJjURxyuhfANLHsp16+JhydB5\/grGxYRU3dFEB9114XRsU\/tiaZ2R5k2S89FboGA44VEliJWQ+CTSwLe5S+N2Dr44vXPvjO\/3OWWI7JX"} -01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621489064431574,"flow_src_last_pkt_time":1621489064431574,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621489064431574,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01460{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621489064431574,"flow_src_last_pkt_time":1621489064431574,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621489064431574,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"content-autofill.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1621489064732072,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621489064732072,"pkt":"AAAAAAAAAAQA8lpWCABFAAViarFAAH4RWU6fdbB8xkodT8LLAbsFTjgfxP8AAB0IkZSau0whIqIAAEU0J8TFf9\/VN5o0lGBaCguQoO02OQJilvANZtDrj\/OMFT5vVNrKFd7OCVag8EJVYHP5drDglbbDTRTqEryYKQXDwAjbQHCb4hSrdiCPrBiKGUysqjHibjMf\/\/cJtlkKUYMzu1OQDuQUj+9BuGidWSQXbdrGH\/cTlKPd+fyN5rndTfsi2anhztAx+d2YTQRUUekRhlHuVJJ4p2Z3IZFTAhuPV73fTbf4SPuN0fx\/zwW0yXmcrqFwPIt2QCjrijow3wd+KpIs8aCUsVA3tkWMowGKkarLcQuMXYVO22n13\/qzcKOa3k5hzYmf35naphUVFnOiktJs5QiID0Mr11P7nKWISepE\/LKfN5G+AyBbHafEcuSLG+dEVP8yUlkvIWHaglmQ7qizy0zJczKmfUmQ4tB8PkdGBsyVJGxcLh46gJws33Dq2OBt0nxBR63wvgp7Iary4iOfw\/IHL3ToumCAV\/dXmL2kmNgOH8id2nU8Nu+pL\/mFyecOQcSlSIelxqEkydSXxEN6pMAyMNNzbwL5ZSVp2Z7kNaBMx8OxLxM3MyXiXBmtzik8FiHJRBWbOiVcg6x+N7mPue3jU\/huf1f0BbINQqN\/HNFCVwUhYAaElxDE6W\/blagPEW7I+SBFkQnuMpiIU5olOZc0CA8vEyBMs1tdVjOahUyHy8OFPfa4AFVAWJFtweZG3vHwtK+CpbCbe4cAXN1BRfmIH18rN1CiM\/ld5AcYMoezZxV7vyfKJwA1l7ujoHiWN9N\/jrpLAvyVeal7LCBIIi0GZ9vgIHand1Crz4BVQdwhxX\/b1KPjn6A0R2aF+8O+Jk4noYbodAKmJ20EQ4Io4xNA8Y2lH3XGlWsRmrg8HB\/uQwODFlv4Oe\/aBKhU93ernwhJ5dNzrCWsNwJ3ixca321IQXfRagDxTu5nq\/rHSlaGZ8XpC4aiF+vcEUNT+D7buWqgbnGXDaQOWeV3rk3WWi5Xd4DtoiE+O8dxPSi9YsxFNyD+D1Fehvnge1XsEICUGBX1oA1lskHJpGPRUbaLRmjcWs1Ytuy8V8zbWNuhpR2uEU5FpDzQ9GGTEimYVW60syM+GZGoskPJK6zwMlYqVKL\/UK2+O6rkjDClgzO14h8Z6S6YGxcY4LhXA72k3F5H8sKLJMFB83CXn2nMGIYAKuT65vFY41aaqklz9NsRxW1YBg0jNa3ymere9qj2lEhOIgrb7GB+XkUkMf0QieDkM8pJSkzEXOFBLZfPAV3fLw3lZfe4s\/jN60uQMrcR88C9EnpOiOrBFZez0skinInExnzYEDkAtavtIsdoE71PRyR\/dHDCqzg7kZ18pLX6NjwVvyB1mlpdkMAVY1EdaRaeNmWPl40RA41HKTHrY+z6mtyrQLn5TgQXvZRMN76xUYz7ayMs5reGKxJhMrZqb6\/bIMRHi82Y4BJdVJJZgwj+sPhMg05o\/ukkRyzckGw\/OsW0tpPkLGLflVUuMWwcW3Yl7XXY9H4D+Gmk\/VQnSB5ldiKMcQlD5Nr524IdDK7HSP8PT17bN\/G71L8W4XQgg51GSgKjOUAB9S83oxZySOQTS0wV5NhNyS88WD5F0B8ngP\/B8chV5QevsF0LoPzzLZXg0AbR9bUfORgjfQ6jPb0UprPbX1e+36tDhCQ10Uh7j1e0kar55VVOgvNSJPW81uGBYWlpARxFyZgAbqvJ88OllqvEawT8k4\/1yAtxNXmYu6a0+vmPKpdv2NvRgtdznnjM6OaQG9AT9KHeWFinQcr3EhoXjjHZtcq2EfJF249Ule5A"} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1621489065332574,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621489065332574,"pkt":"AAAAAAAAAAQA8lpWCABFAAViarJAAH4RWU2fdbB8xkodT8LLAbsFTtRNzv8AAB0IkZSau0whIqIAAEU0tHfQYGgiJ0EH+RA73c0S6Zaq1R3\/CGoDzOwk4Q2KioTg4BPcXvMoegRpbrqCRaxPmqcY6POupt419T5yZmEB9o7YSIZtOKX53fGHCoc+ZsrZdAJTsVl0w90+Thu9tqk+WfepCoo+8ilF8eq+j6cYmQaoShwWbEH8aZWTDkaSoT09anmUbwmDVwEeDWMR2gVSbwwmv8rsQebDMqWs7OSh8srBRRpctj4tlSjdyXtQ\/UgrcQwLwZyJ9bsybxKQkPWcl8u0HzyojquwKL+JbZxKDXk1Pg7nHqmE0nKgm9VkdPudXzUwchL1ul3yO2j+uSSY2ucW6GJUzkbRuqcP05vN5\/18Mzh2lL9RaX2a5vbWSDbJPjG6on5UXS4AETy2nWNq1houkm3\/LsJAcFW+eybNMQ\/Nfc0orOQRsfJQyw7lxDL1ruzcECMi7m7+OPIDmAbmjAnyDrsC8setxlXVl5I8lkK9C2ve4qxQY7LHppOIbgqzCnXt9B18rSw2ymRIIb8dQ+M\/fx31qrhwE34LRBtwaOzL55FerimrdvtRhPE\/mv7IoDWsrrCajTyJVFlMWr2531Fxhp0DlBKapCIN6irm6NF41QYx7pEPTpaVM2SwERSQzVfsZROIRwvaACW8\/+fvwocDLWcyiM5VOq9hyWHb9QLQTSulOzEVAVmrwaA2Wc5frvDv0rMsW9gHUGuvWJwN9Krts73QCPZYA\/f1SV1AyEmPiYreXLu3MGFoUmEo\/LyVkXE4N1kExgUBnVeYUIGJRQKjBWutqE8sov37uQgss39hXvDSnclvpRoBNdSz2aaNs3R6Aic7VKt8gbyykfOIBA3Buq8zDmawY8YFdP1SsTa6np4zbntI9f+oNNrBriSQ14fbXVlNMQrhk1OYGIYbeXglU4ZIOKm77PLC2GR7SRTn1H4t2671bYr4eyrorlhGkzYuX1PeGMw\/j85u5uLrj61e2hEZJZD7r5x8MTQ1gOe4+Ph+Kz9X1vjFbsw9OmMDWkO65Ha+Cpf1ZHHApZ7QAuo5u2mG4Sp7g6rR1s5uclM6hCCnn2k2s8EDrb6RtHFjg3BneIS6SwSXyliDMHw0gO1PbIdSx1UUpSePV\/pCILKC\/M0H5LpPf\/59YwKN2B63+JAG1sL\/t2nutXsHIQzTGfUGp8q\/gu8\/oH2Pcsu\/oR96zl2VAWRwNCHmnnaZF9GJ22T7FDvnout2BFKs7xALVK\/GSWUrWW0DnJStDl6qSbXs+mlUPlFGuHBk4Eke31rEr4AxfQ2a\/9mZZog+0PD59WqfTjJ9R8bXy1KhNrHv56NiIqBiUw0rbG\/82hMaedg4sCu\/NdJjPtKJFvSXUMukKueAgyWcPj4sSLpvlA7iCI4ka\/RTTiki4Ye4QcJaaU15gJVIwcMMNnbkXWv\/HhOCwgK6cReevf96zzpUj1c84N8PWt9IEX6REFpHkIe9y3OvWTzdASwXJ9ovv1G9SjXfvrI7XedRdAxpB2vsQYi5gwEy3zTb3EFTDheiNc9y\/MCzHpVCklw85aHzUyvlzbZikqniVBAqAJensYNeu3p1TfbVsgAsy2eW\/hv+DDPc5Am8kV01z+FVZJbVWMPq0+tF6tPJo+fDG6\/w2\/eu949hx2pjfKmhp3d5IX0vfNEJhDKZIgmFV4d0I2S35UzYShoVcEpOEWvsBojm\/XwBtXsjwpE570c8CRHk7pLygTlIjRIrEQN0O6eP3A7nIZP\/sV9waxu2fmgOUmfKn8+KMxaVZv4SRaTB7ghieqbWD5Y61rshpqaP"} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_src_last_pkt_time":1621489066532587,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621489066532587,"pkt":"AAAAAAAAAAQA8lpWCABFAAViarNAAH4RWUyfdbB8xkodT8LLAbsFTp+7yP8AAB0IkZSau0whIqIAAEU0BwsuzplommaW4cOaNFNfBbVlWj574kTJFs1IYQY7jVQ0fwx\/bk9uBa6dyqdV5eYUbwLM5ll3+0fTzjfJ5LiGnGqI5Dlx0wLhOhBEm8o23yMxuEE8j5CHpPQ+VGJUpeZ+mQmUJbCKaNGvU1hK220dqig2H0Q\/gbIDGyIA7e7tBju11nrn2OaVpWiUpR4kalTiyZLq83YWTQgWGefSb\/cUS7NgzFQJ2nQzhWnex03MLry4hcuLChwZCa8vjowX\/2FQvNLcvL3FdW5gWHFb77eW4U\/0LuZGiwPo\/IS0dGqQV+TXqFUfACRHequlz\/IKllpcJbNsgFQl3D9KYJvTmLTRoPImJKZVZLY3YHgMKuxjB1IlTbeN8kL5LtY8MHgga3G5yCRBGDhM96Gzl2CtyQKhLkdi3zZfBry9PliaOCJJaC2DNZSO4nz593tLRNIUgTrQg+iZm9ArqUx4MLMnQx+7HD31eaEVoger6BVTifDQfkSGk9WUl0iP2s3iYn55jW2oFPXFsYzByQl8Mc+UeDW6UIqF0upRcHTA\/b4bvHXC4\/8eNk5gdzrIwHcgb414kTxZls4asGzJ0W5bv0Duf7URx+ds3cxXnqyhFqMAJkzfu5PRPV8afX92PdSxbaaQY2c+HY6oi1t16lX25DMWCzR\/2i45LnRmmy\/cWGdhu4nTtIwudeGdTxOTSYYzbNNZ5UeQoH80GmJhXbtrKMR14NmQHGikeMaOKxh5khhzNxdFk8Yc5nc91u5\/Vn0EaUuRHH6V5v3jXwrmscId\/p\/+IcsxDgUkRGCvT2BnSNjz0LhtOXU22NQOaepyaOlxUeVhcEsgY3RMmFKEJeT0BeLoNyc1uWgPmVKLC0jsikqbO0jS4TCvNYEII1FUmgBKlYCbERGfw\/4AIs0eCSwNzBVTgxzxhM36lLetBO7hfljteKmINhilo8KEryoyuijyIwKrnRih8j655UyZ9wcDspBaTzhqw5pvDXws7coJTgt\/yfA4Qu5\/6c0RUk5E5MDuC8IKLTBoqYhExNGMuj+7\/yKKf4y9rr1s9fbSiCNeOKRHplYnbUT323nfZlCYXkp5VDnX\/YoU40LCTsj718e6+EG8ySkGbakcxA+ponr8Q+gjyl7ZvitJ8UGeSQQjl5bDlVs4eBxZnDhW3v8oumsrtBE5jyhdAaWjCeWgLmtqIP1pW+qbgKtmS+2uZmLdDd2h\/Lm8q8XsWb9ylDAL\/+Ay88YtGX42sfaeLNDbax9DlFOP9zW8h7xjs2PFM1\/Dpr5RhDGyVLS5o5SgWiA7LRO2oX2PiSV4tfxAJpOp58y+7FaPMKxiX5ycCt8WNxagUgUcvT+wAFrI+\/tdZ7PH0UjLnAfb9\/w\/CAkoNHRgRsrT9AdvAgvVTWLlxz7F6vl9xpY8k\/UjXnBEZZ\/k1WgFgWnJC7X0Hmxg4RC\/6WGy3HiFE3+9FEtKhPeDeZFXsxObk5bbl0j6vu3elRRXFJOmOGFLgLZiRONrt0igKi5FLGOTbJT7r39w2tcI6Mkf1jc0m8H8TZUL2nftaPg38iJFf7zLFUO4hmLd61GsBtg1NEWRRlp4QCU3ZGhPORMimertfRfyKcxuLWWMMuMnXXmT3oBV+TahXrCFmXld3Lvj6ObUUMGVVd33nkh\/+oRGZ+wkXFar6RgzzYjK2\/1qR6u0v2GHpYubicuiAcbx7ADlkkHgoIYyE86p+XR+iPd6dfk2GmLhHZOuetz02fYoDH7XGZ+HdJ9svlmmPULKbBTu9ITB0i9CLhX4LzBJn4Q6"} 01158{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621488172593774,"flow_src_last_pkt_time":1621488174706312,"flow_dst_last_pkt_time":1621488172593774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621489066532587,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00683{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":94,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":125550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":83,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":386,"global_ts_usec":1621490937698475} +00683{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":94,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":125550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":83,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":386,"global_ts_usec":1621490937698475} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490937698475,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490937698475,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1621490937698475,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490937698475,"pkt":"AAAAAAAAAAQAxdZsCABFAAViDl1AAH4RTzw0uxSvdlnaLuMLAbsFThsNyv8AAB0Is32f4l9Pl3YAAEU0hQvFkzqCFRJrzdm+P7CepRPizYj8V5fWvrVXzVuBf2NRkl3eGWbs2YtmOjlr1x\/pBPc\/7TLqG34Khp0PMlFKcz3fdNeoXKYeyR\/Hs72zcRs4hnEn+4P6mPqm5uCsv8fDjYHuJRIAjvSHTbEdxqgFHEd93118utoyjtMgpgcEbs4fXoPb8uDAHM5T4MCKj6qQNjX6I7nNo6EuPNWQg9gu3uCawN9k7BQzQN6E5YfL1AdHh4udF7sZw+dow9sF\/laxj49FS3UXGVaahEsCE3aD2597p7TwOCMsaP9cpJ6+mt4daKLcDJnJAMt+icMAtT9fzWBRO4vYi5NQjh2DPs+GRWiTKh8dxvVzhRom8\/iF8KHgTJy3pWtXKlPeLfZAL3oZX5hiz2PB+HTVur2l5vjVWa6EpaFOaRykdvEuLIieDh5u0ZCT5hWtho28j2TyUwsZurEURzu6rl34H7da+I6rfvvL\/zNBXRl0T5rIEnMLL\/j4r9tphU2zm73BBkXS2V8NqavgjXhm8kqC3c5AZmhcVx3aPVo+42Q3ezUT39SUVKQVNHXmiaFVKiSaFUFlpUHrBUR8nGg2CAYm5iRBq\/qCatZ+wKK6Jor9Aelj+kTAnp5y3Y17HPQCp3A9e7GN\/AQvzanaLBchENACUbp6PsLPG0WwONlg5LquPMp39gYOflC9I0cMA9lanerY2UKd2DIvHrNxINIhafo64dTHQ2kruV+pvFVizjiYGEPTHm5vnjJ+vNgtO8FZ6Eymo8qJM5A2+vwe1kvg4nJxdm2E2Wn9X7T70nm++uQBCATbDwLy4YWKSHsoUqqJOZluOGYa1wXb4e+XDlmQzD44JyGBZoUrd+\/dh+KC7bZ6++qLMza7R\/lgjP\/l01SyMjsktR9TKWRx8l\/pSrp2aBkNYKphapPAf6rVSB6qqzYptEM4+9RgL5fiahM9zZLohrgrmNstzopEBbSjJHKT2BtkCePCTq9BXTY9wpytpKjLROzmBJcxKjOlKnF1g\/rktfgoVBF1SKnq6hR2PLzX3pKRc\/RptOGJ8gayhpr53uiIJElSTx+gWcAQGtbS9w40dA7UdV0kQrKTsOlEZPv4Wf1DZo6smp3gIVuDDknJHBV+79Kgv5HRfK28giV9WHGfmEktaajImtic0wa4l7nZNKYEOG\/CyBNl4UHMG4iNm+Y40wSoxegD3OA3LFE2Tr3WxLZaukNoA74zUcX2aqS0oIhr43+nrWk7rEOCNY9O2hGcdnBoVGgvgYX\/gYhzcOFnVXvBYg+04X1\/Lu6Je6ysBSIVyex9isvdPzkU7pOxMaiH3uzhIu6T+pp2pHExh+9q+rK10SAGliPxRu5zXtXE3Oy94SyfUjETd0qOQfmkHBz\/e9FYgFyyAkQn3MHd3fMmxpKxNsGPMBp\/cSG\/LANkIApGSvPXTwNw1vUedAoCnyCDwQXlWFtAwyohCNg2btp5ZVrwJqBGM7vTCz+QiD2xs1qEthiBEr8j6ftBwGUP9P0OZX\/LFSLwiLgDLEHK\/768YbCSvzW3RfUSDD4sBnSpdyK4zahGcrI93nPJV2g2l0hHyyPgJ7X+z4BRD+aEuHW6lUHeG3Oj5Qh+Vsi8uKdlG0jwjTzMAg3f97PU4FGrQ+RjmPIPZIj9zzw+nTMrJSpqyIKsK7h2bGHuUUNWEUnH05Zth20+XAUcAWRC4suUp9EI8SZymgXxcd3IQ5KrKIi3GAnhHbFpy9beC1dCN5olmWNLOL3oSxQHzr7fvKwFtpOssY7Sag281T8O6Eak"} -01415{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490937698475,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490937698475,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01441{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490937698475,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490937698475,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"accounts.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1621490938810514,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490938810514,"pkt":"AAAAAAAAAAQAxdZsCABFAAViDnRAAH4RTyU0uxSvdlnaLuMLAbsFThUFyP8AAB0Is32f4l9Pl3YAAEU0YOqdYTCCZZmk+g3+J22oWfx0doVS585v5dZuMcju6ceFUGjlxObU5iFwgva6ib0ak1Tmez5R8snBJP694+WPYbwvpl7HFaYBb32L02hySVgOT1FTMmvBo2Fo\/d5ANfZGxJNDQBrucO2wU26mhDDIiJWiWYLyLw+2wH9XtUY9hKwoMo3iFTjxOO1dnynX63OlfxLKWOPNDL\/CJlgdgaNXHQV7leuc3Xd6jzLAetIP1cBEVuqCfGK1Z\/PwWhV\/ilCFb3DMmIz+HaenysHXzEImv5aEb6mec8YzM\/GvxDGp1tCbktIjpAUlEhPRXGKZ8L0YQpyXKVC37At+Ncsh7AGMJvk0puDbiFW8meTwbKSAn\/sAaruKCEiN7ZpDtZ6AQjgTjJIChfbGSU8bd6+hfwBxOU5JZ5xFfQWmRvrx7dy8X8kvYMhYuvkFi3w9Ni2RFiXvTVu8VuiANv809cCo09xvlNkdw1DO\/WJmXRsdf1Y0IqaxV5KrebivhDDNQHtyrnyfrxQ5Y4ift5qmodWeoxdiidD7RJxvcyaRuheSGzXqxC4lIAiMQlrcqXvPnq3wegxcfrIRDEWEavybtNijaDhbp2eu65kvOP5wXZMNleDGBSxQdgktQpxL6TcHQlqLOjfCNHdixljqRof7DPO+5RBSaRguaP\/xe1GoZxspva5ZE9Xk+Xf3SmMHKKlPy59QkuWoIaGOiB7N7I1DAInixS\/jVOIySTOq4xF2KnvU1cEtEoyV42Mhr2KORjN9TpQKBy7JF6wcPKs2Pl3baeiEyYmSdleQIgMxFgrcHJCi21HOjSroXF4HIUsE2apsLaSuZKIs6JTyYJ6qUdjIGm424\/UHHh7fS4g4qA\/yUxx\/xBalncHIA4CjURBqXagq47c2XNGvnlFEquS6V7HZy9x27CFukTSbeIjgcRxXOAJzUlJ1yQ5t5JkOgB8oPDo7vO1NPT7iXgezGOshBG3qxRqw4FUz7pY+auLAGyFbA\/lsmtbgOLGTcFptcsDFuxveiIqXNb3fggSAG9Jq3G4TYmnIqNqka7HhL+stsx9khyR4A9gCtftmEfOrTTxMftEStlT5QLserQlCNp0N1XklnoOsNOcDxQty6hF3nIOhScEBVKysqeVEbi4UdZcUA64KdSVhoAaFJgUYzqosBYVtSdq6oVjC3rbAJ92pfW7W5fHOO\/Gzz4rjoa6QO0jRV4cCPZLQqvL7Whl8UxlUFbNLzMyEaywNzMDAb8u4rh5j\/o9WJorChNDzH+7aC1pGc2DBqQhx+NA2UfbkgudimG0uOmYNVjS1IS1bDSwBdSH7GNbNFSEkwovorAkgGXCiJsNN1cNIzzCohUj5lfbIM4g5Mr+pCB40oATdPIus6Jzb2ASLd\/9Q3sKnYlXjoEthW4ZxmNASLbj3i11YfRdbW\/XSJmbOzbWEbGkTfP\/k6k8tNozfErQYaqQcQWy1XNJfDiRBXvvfoE3+y9U2kVEyp3L6AC1g\/JNMxiXgENUxOjpl9VPREmrP\/Rjthtz9gSXutw7+EZR3faEchxgczJKIbKwYHcJXGoSYCA8W3Hk3Zf+L+BJmdrRVHbtPRFqDPup8RvGlcW5Xzoa4vRRZbXHIKNQitatbh6+9\/gMI9RgLPzmaVU\/Vp8RntOXhKOwTec+\/5p5Qci1058hGbPEcEz9RH7ho4Uxp4mI0kI9Cy+wNwmwipQYYPfi742YDYxomWF7pzIij4vCMpGVsjxYg5gSAF5wb8qbS5fVF7UlGZOWJLoEHBgMVPUjuR95n2f0L"} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490940042014,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490940042014,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1621490940042014,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490940042014,"pkt":"AAAAAAAAAAQA\/nCGCABFAAViEwhAAH4RoqY0uxSvedF+ofgTAbsFTmycyf8AAB0IX1A3NmSMbKUAAEU0Pg8s+OhkXllUqtMD1WTcO9yjUOzCG24snxvIngH7iX6ehFgoF1UYrfDy88XdHomQKlyLms0u9jlYkrqEodLauJRGapy4Hle2I8WKWHQL1rTKZH+tzK8ow8MeqFRrpbk8\/iokxoMoLXgVKCOwqLL7oRfGteGHJcbAGqvj5rPWn8lTHy\/nr7UNzD5DIeg4hTPlFVFboFc96\/ePrxRP6\/CWV2PQluHrHP+UDiuvF+\/WgxAU4Zaq\/s2euO20g4VMq4g6z0hkNtHxIuQ6G6ZlVXeT6uBX6ZPVEg0pfUhEvbGjqyM68S7s\/LuqkjtoK8zch\/4QBOjnMBjjSQwLMYWrIngHxIgbqBSyCkOJ+S+nMOeH0cA+0cnqBY4O49ufQhXDRjEGH5t5soDhhzS8sBGOiS03hbrWi+tm95qnkQ4EY7uhdczTXrlpbhNUdpcyH4wC71tfxfvQVS5y8IC1e8zT5BsHNYmBSU3cCiepaiVmZYJcGPmbBd0EWBl43HnBPIQ8CwCcoTjwgg26Yu4ozcj0BKQFUR0GMUF83l1lF8ot6wXFAA+oVj8seMzHzv2II23OXhbg44qPmITHSEYOmk8bA8y9XUBg7ALjZ36C005quDVZGN0J+Q44oR4tlRYPB94GZr5laHx3xI4zV2UfRy01CNaSkDMoeOEOMaeAi4kFgFipvCE1jwRUNvw9Vqe2+hR\/wsE+qJ\/zc31inDfEFutt+QNKxDy+c5v2szwudCf+3lADM5GAPJCWo+Nv3ArVcoU95DnZ8Qni4gFNPIas7CUUE3oqubppTtj9Kw2C\/6AvXyw4q7FUZBaXB5X4zjUqQWxcc20sJRmNfK46tma+3YZBWJZSVhtM4pRqEfs362IPwcZpvzz9KMT1frJPvZSyqCg5WxsuShHYKbtQca6juA82VMIw7n0mkTmMIQQq9Mj1AYJMVxWSFfEi9dTleToj9MJ1kk9djU0M9qoCSBeOLKZOaO7ZMQoI+LQb5AKLobDEPmCM\/+7vqosV0xxNb5\/8d22vjMPjhhUJQCLCU0zSX2v8r8IeoTWvGuTd36jZKvjkA9tWHYu73L8Z1+CH8Cei7yWoKXUBW3fDckkX+B50D9QGMtC\/RL4c6YIkI006jUdtSCby+AjkkzqsejzwjNaUTji4RgY8P93\/urJ7QidOPx7hxI6\/TCZFHC3NSWXM8bWJhPqBFEUJXD3S1Xr4e\/XJX4lmJ\/Ol5PgUeFwl29wp8pAoUmC4cRILuSnQY4l9xAdZlPqyDmbVu\/SSWy2Akqi5xJqxDVEON1HIuVfAYg1i119Yr7dWU5QplKsuqzsu4hfLJ6M8Yw5ZRJVC7RSE3r\/N0XrnFY73pQjDIXk9UmcxBojTmmq+gMcamIBeoL0S0ukwFhIcT6HHQfqlw0OzdXB1KL44BXZ9G2XIbRiRgnhcLeXH05qnfpT5pUwkVHt9m7ibHbmqRFCjXSOFgriLQZGqyYKgC+7F70lj6Mklvy+ynXaGzESE6icJU\/STfU04WOE\/XjvOrRE8MvWUxGzhOBNeg4DukKHrJE7SlhswBlqxEdAUp1sFZsl\/6UVWCheylk3qxVcmo08I0V6U82TPQllNBHQQvLwa1Hz1qkNj0H98MIqjYsZiUPrT9PHl\/EubC5Mxf+rACdfBZZVOf7ZrGTAkVMqdQkNJ4KAoV4KyVWs727STfm\/XXQbuh+KdV53N3ZDf84eN9hHsz6Xg77mwy7PCShrWSrFEAyXWlin+he1NMoCnvMEs3ErNthA178U9LrQNGhrOQxjMONlj"} -01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490940042014,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490940042014,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.googleusercontent.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01452{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490940042014,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490940042014,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.googleusercontent.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1621490940362534,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490940362534,"pkt":"AAAAAAAAAAQA\/nCGCABFAAViEyFAAH4Roo00uxSvedF+ofgTAbsFTnxFzf8AAB0IX1A3NmSMbKUAAEU0xxudDjtwfHlFBOkIITOn8rvZxFm\/C93HCINJPVtiKR6bg4Mw7wQEXtiGHvHKsHQBCttPbgS\/hcDSxPOzux0V4CNQepSq2ytOhstQPNFgKqDi1D66h\/pG7BpGzCKPVnSY0j4mZfGHvp\/\/90uSi9bw7p+VzILVU3jM1Bfy+bJs20rNuK7sUwNxouBiolA43ulRiKtOrcMFSJUwryaJPuIF2AKADyLpYU6k7IhYp5pMSN\/FZrzaNP++MuPxUL0Gl5Navc20GBsGENjWTKPgIBn9sYhebGFEzStHKW0oRdWu4ecBWDSRteLnjvyRNfq+mu5PY+bv2BFXCrGw35UfLh\/YXxBUAy4mIdjLfzCt9VY3jAczlR6NzkXFtYCr4R8X++5lLCWyho9eGTf\/ZCpvdhXIm3YwXRQvz+kfxqnQsXH0ATnpdvEsAGru0CyioUbYBPhrlPL198KH2whWhbXpqJHFAyYFbpGDtS75d+ky3I7XtWANXuJ7DarmS3NZjP4Jf66vvGqKiJgy0KfGW+e7woGpFYzAoh4imK1VH8lIlaAurjJK0bKeBg9p5lFL0\/l+10ncgvPXDUuHlo46gy\/05jQ7pY9sWVusH8IwAbUs7+8XHTFa2n0Sk2BBs7cZpvTnwshZ+DP3ur5kokHk4A+vp7WHa4BbCLu22NtXJTp\/gQCajhA7U5McVzIVwwCkYzni+CTklGJudESK0dNwGzMjjvyh74BS8FP9wJoxjQxNp+QpBlr56o5vBkDintusd350CRIWzdRHfSgPIvr94nWDpXZFHV\/kTCtKuqDDbRIFJXgtJbMsMFk99XMXvWAVlDdMLwUFBCiheR0jEKmnOUGFAhtpeRaDYUitm6kQwBSlx494dMG4z7plhkyjgTRLdgMjGfgIdWdBxvKHIIvG3w\/V0evuN7rNPmv9HuOEitJrzJxpVhNZOoxAwLj9Luz46NCnQhKxi8RkJzyxHrjJop3lPAM0Y0bEhkOzTIRWf+t2hC8aA4KzaeLaWoCMRho1h3u3XPu3\/l6coc7iHJv\/2jzHV2f+8iGD+OQNMR9Kk99olUGh3yP6NJUA\/\/JOUUSZU3oe\/+nZqHPjXlf6UZ981hgrw2hFoCczDQltVQw8FOKd26NbN1UtWgiNS2G8T40NYIim1zBCFfKP9QB7fmPzHJDrqF9B2z8JCy2E76upD5NGPW077sVIvba7Ipr6QIRTGvvbV1\/tkhYCjTPxCUUENkB4qeC3g47G4DoEvoxNPUmX4lTntBxzxCUTgRTwb\/lKdC+a0EYxdtM5lRPHqXOg2W4+zkbzAvD981aa8cd3CUfbaiE3dmvVl8kAJBTvA7OBTRbFUiyh4hawpJaNoqqurTOZisggyEq8HET4+QxdAtFezeONkxyuzFSApfMDq9flcgmEnkCr0TO0tqKJC1OKWpkWpLnBiM8yAGqKTKylOg54gnFHgxTuPO66xLEKA8U9uUArvEv53MiMkmwlGJ\/R8DVYSi9lDGyVmqVbcb97csNgpSyaEAeipp\/xWQ9HZtumpN8oEgvCYnLsS2EfcfhO913KD0CEGNt5Eo4gSfP81+PQSvJvVrMAn8EG7DLqd7Bmv5BkyGG2JK8jhFljvgxwM6xjiPRsTShXGKbUG8XLhVXExbTQLftOfAo1ewb7oxiEPU8I+f46C5Ac4FzkNqV4H\/gd0P38BHG7LPoUUiE\/Ipgayi0qMMiXrV6TBl+UJmFlsYoY5\/mLRewMoSEzw4RRXooYehfNFw04DLhOfVWgmuS8w2oNaA6WV0z9"} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_src_last_pkt_time":1621490941568324,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490941568324,"pkt":"AAAAAAAAAAQA\/nCGCABFAAViEyJAAH4Roow0uxSvedF+ofgTAbsFTkMYwP8AAB0IX1A3NmSMbKUAAEU0X3GLCKhQ\/kdXKlH1Uuvr7DsXc9kc2k0vey+LpKewCV3nDMgYTsbLcy\/hcOGbXOScP++l31aUJmaaSW7D3\/b1UKqaibOt1++jBKUGgHxvkHK7\/eIbPnk5lrlJGltbH1lVtjul90tjvoP2C0HGMu\/Q554\/zF5y3+m7JmZAmSjKD68m0IKoWfIlmy5OvxUjvqVj7fVNTGy8V9A8hysK+PthsdG2XbAGQ5r7jFZtgM2W0MUKS7M8fkDlpw6kLICW6or165\/Pu6sFJ\/29IWOcJLgCsF33hp\/eqp6x6\/ECLl+bLOD\/2ybV1zgfWcQJdeCTDlaBbs00YQsEWV3eNTSP1cAPrcHphduw9dFEMzdLujKMYP6qp9q4Kf9aga2dK4puh5Ip7GziQj98etOy\/ltXPqQDK0X0xvEFsMV40JSwj+BzoIGv4jugTdJl63HCP9wqVdO7OrAmKEFYkbeXK5P6pG8yzHXXppocSBsWVO97R55m5tJhwqTeKsPTGfmgkv+0mr+yMvQABbK3kL73O0HwPVgRMzkj11Hwldi1m3kxEtoBJnbHsAJyW4T4WEMuyY9xWOFILOzlsEWcW1DlkhujMuBrKf4HHbPFIfZA+vCGqVGuA9J49rsNTvkxJ3jjtUuvX02pDhaSBY2OTXYv5Dc54DTTkDjg2S7sEfptoW0pUxSNkWGCbPIP4xa+v0s6S\/mMMDwXP8kgPvEmHUDknP7JkED8bkUIL1Ho0AWHqdjSnc7aUc0tHV706qMXs0VyhEhojglXbeJLnekqAVF1dAyJGsOPr5QTKqiKuC+Sgj3UNOQ2AORLL3k0ntqV2x\/rHRdWLiJtPYEUBcvzUxECD7Dtnifc2AbiFM\/4baOlJluyckkIkfljDBVEu84m1Q2kmQPBLAgkcl7yWChrQ5E\/F60If6SMyqrUlc2HMVvUBPZOd0Nsx8em3OcZz\/rd4dy5sR9B9SAkyfXIjPZat\/3SaduQsvQmjAvUkWJFmJcvwpcq2CHg3vveXbVE0PWJwxm31KUkGpdZBf0LnhThU3dnOeKxoMeUP496G60PKVdq7+Ev8OZxM4csxN6N9XOao2AmHwp\/0PfV0b+M6mCVlON4ySjH0zfT5CuS19JLsB0PAKCSWv6u5RSSSFK4\/9Pykim8KK8CSmoO+ZYYUWS5WpEmMsvK64DpcO9Wo88i\/G337OpXfoBIGbBcKqVJnkKYXTEBvx\/pOckc6mKqj1Xx2NLH9flt3AVKGz33q9V7vvj+2mpU\/AF2AYOC5QHoVhyHo4\/LUMEXlMibQL7QWDMM7oSFG9qo4z3Ogx0Id6yuIs2TTa0ezZqML11NC1X5955fIUW\/FDJcjZV8HB175+M7QL6IEWOOx6PZp1K\/RJlnO3heZacJYqauQwksZQsk4arIv6tCsj5ldWRpoqj3CLHPSNLlUOifs4ET+tW4OnRsMipebDJLpPBCJQJ+ecUpHtHbH+75\/d\/mWMiDQ\/hwUplHzhAjVMYLJSbAhbvEaR1IT2meCVIPAWn6ZyjG6gExtCbx+iUePUXL2hlrgzvBZ3GRHAOacsg6dN+CWQxwhWJB23q+MgzegfFEv2iEzXU8DkMvw\/RCwWjBr20X1FCOk795+lTgR3zGd9CF5postNEBPhGGGNxdqFYsot1FrVpwc5OqokbxkxTF7Onnq2kbbsl8Ba3XWkoGN76uWqzAZmzJNMK92Tdqpu1zazult+08ooXIuTRa2BfjyhJzhXLCrMQgn4QLV75o\/ppwW4gZ0PFwpLXpwmShzQ7nN6WnZ1Py"} 01156{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621489064431574,"flow_src_last_pkt_time":1621489066532587,"flow_dst_last_pkt_time":1621489064431574,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490941568324,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490996100884,"flow_src_last_pkt_time":1621490996100884,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490996100884,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1621490996100884,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490996100884,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEIJAAH4Rpj00uxSvbKuKtt7qAbsFTlULzP8AAB0I1Car3PgqXoAAAEU0JJ9ZSJFnukw1kpIlerEIR7j54itrs6xKCGRE3XXR1FUvYtWiluVKkauej0mCgbfT49PWNVhv+d4PorlbwaCUuVogcoTaWUYfSMeQ7fvaCU5aGPhJnEWG\/0UBi1+8bCzq+SnypfTFmorq2dCk0qu92Ra50orfefmV0vtWsPEJimLpBfooWqbaEDaehfit7mw9dCNYCi1aruacDnpniKy5C0xID610oz+9TzXqtP6hBX3weUiK8Pyj6SMCZYEMLlvyFqwJB6JhFabZjNVmEjxtmGfFjrlmd8rGHWmhPpNKZDxUqmt5inD\/KBSwcSZjjZ2qVnYKFg9ZmE7YiJQNgNHdWnN0hvXaAF9t6UZJG6j5RLXjrewkAvkQDQHDpjvn0e4OB74XmU0f2pIRunZhG7nOdLrUIM3KYu4dp2SuvtBfXKF0JXJe4B3ipp\/HIXGxiIvxOuBhCV+try+l4\/ghPvYz4guxmwVL2sb1KOMYvw3AS2A9R7ISPdwCMEfNl0w7rnx7vKocBLncvhtDj6UswuytUe86VosZs6KpSu0MAgLJQtzS5mHMtRoQC8nFUX3y9GJ3tQdZReoRs5tT1J5QMG4ZaagK3Fd\/7M9x+E3FYrzzeGcDRtrRq5MMA4gADKTgaYZ+dKZMGdYo\/zPs253wfmTLUONNUPE7nq2Vqk53VySGDE\/2DUFu7Ouj4RcxQsyWQ5nTu01SZpQVMCdEN9s3guPRJHE1wvBDlg3bcsULX6ndUJQtoKpB8S6SxF27c5F4vK6k7cDGBUHNhgFGBvHbDK3DfXDpjwj7gg2cqNGRjyAQuR9PRICL7cb0AtSLaZUVEEj9LOfinX22qJNw3UF45DmfYo0\/JhJsSVJETL+9+\/IioFEWfh7SIpMVOu2RmSgEttov5swxPhIzuPvG+jIN04ml6r6sKlbwvgpbTGRWXVEqHBIQKz6hKZClZuSzSFKbsX49qdGXDM4XoODhPHLuRT3yh5r1JVnj7WHxhj3H5nD905qtU6bFJNe7n8l+D+uTJC\/IJu+kVyPQUWTIszeHcVgbabOXCOhKEJ2WtzLg7w+iaHi5LKjOT0MhRn4SMjHqY8gT6IdQh2dB8UwKaPz4N4HHltvk\/z2Y4L7mxeZ\/JjfG7JTmXTK6vTdjv9\/CAxmGhA\/wluaZ8tsrr5D+RdZPcXbEgBxH\/1tm6Bm6MpwP4YTSV9nxhIj0pGZHkpR+b2F4vl+nfENUZ5pReO94D4F\/RK66IESDjrP6tunmsMOMwn4+7B6QDDyOPDemTPrdF7zgJ+tY8975Y574Jc\/8yLBjbsC2ChrCxey35qrU\/vbhI34DkY7t8RrGmb3mWvKTS3qkB7Crk6DhnsUeTkGhVfg7A64U7ZiG4gBUQe7bIdSST2ngB6BSxxi3zRFk57obYhZOPoc3fWCo75KIToMVPMEYkIJx9+0YQlJeC5tnUyTEdxLueb2t5tk60+o+zEAOczUzzmu+JgJmBDQC3kS7OhExq2w8nBzzBuSHPPKcrZD8XdVFyl6v9hzq+F47wNZ22K27SHatestnBzU2FJkFSWgVWESWEb2tfRRceR37vbK\/bpqkp0cvwGojwVUlRemGqfylFPMQ1s+cnHj5sWbpZptO22YP\/G+CKfzf8pXSX7kzLdflxLF9DxVV+b83+nl+nTbj31vNDvGjXGswE6k3b\/905Liv2TlF0IzK2ZLVImonTHT6GswLKKIQ31p0M617FD3z1I3\/Kv2TR3RJaw4Ynkj4A5OuDN07n7PbCwGTm8j44Q\/2rqIeqilV"} -01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490996100884,"flow_src_last_pkt_time":1621490996100884,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490996100884,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01459{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621490996100884,"flow_src_last_pkt_time":1621490996100884,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490996100884,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1621490996403153,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490996403153,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEJlAAH4RpiY0uxSvbKuKtt7qAbsFTmC3xf8AAB0I1Car3PgqXoAAAEU0S6ZfGd14S8A0NR1EXdOvvljTofNOsuBTESXKp4Oj7auLmC8B\/qxGB6ytk1wgcKgb4d567f76YrqqUml1MYVDe1C\/JvoI59\/gIk5MbkrAeINiJJmd4QeAnkVSzV5lCfOcg4X92GhM4oNiOV2dGGG19wmPo1+VUjHzShTUdyDHnnuZMliAzOjvbmXBN2aOzeCn+8K5drqRExq0cBsCHzvVRFUNzNlUUX5Vo+D387IvPpUHb7zmraw5XeiFvxl2Ta\/q5W5pNrCUAugz0iVIVuWVUNPV2x3FJywavW9Mc5JIWO8xXdlge6Szt9ygE3gMdi8fwLQb8lGW8vEcTE+N\/RkpReCzQ5xMfv355m1dCwCDmEbVqFEy+tHwxDIPuNe27WWgF9XSiasGS+4dfQwcg4ORYoMDpbfXKW92OUlTCH6yDwc7C78NrMUmisC5VK1mGGLaQ9Qu2wMRUqjdmNuepip5K0XNHR5BBbH81tXrZgvI7+1m6Yw0b4kZRl80WJwqq1KSBW4yOioR69+m2UjFAyV\/DXvz\/cExixYmUmVoRdQkJvqPEwdqKmYp83pX9N6Hd9bp8FjZiscO\/ylBmHeN2rawxJLrCx1pzuNkPlwJSuJasPINYSbw1F6JY3wUwxIeNBUcmrCmJuSJtdG7ayJElCjqeWPX8iOrtpJRyvIeNvVeP4zvOG+0xtaofbgfCwz76b84GmN17Mieoa5Bg0V+IoGD7eigcx4YglpTvHcQafiVJ+PIKzt1Fb+zraYPSsDdrlZP1w+1Hf31E\/7kXH56u8ayLXgMPnrISXGFMyS\/xokT7eAZHt\/LAzOJxdLaTDPem\/QunlwKxGvr7bmetIM3A6DNVEQjlmxo+VRIkbPBHlH8femG9JcYcQo9D76bkS1ct6T\/NMC38EOKjtDrrbwB6KP891J44T0TieukIbMdjtFWBM7IOVr8jksgPE25Qg1RWYJaofEPkp4D3UDLFQ3i3dbANJ4XVY\/+L6s+MFkMJ5vBF3bZcm\/tDpVfLrqBJT4nJ7a1C2yAYs59uuvaHev2cKOStPDQDjZlKsuGChOYfuICTD4igM9\/JcrG2yRYeOUCgKTyd394CO7u7YTQ5SxBzyztPmR1KbXNMGGetSQjaw1hK5VOfjJgPn+mSvHfGKivShlE7PanYf+wRwpAG4+iHQtJsjM6WclCAcVrZNfSob\/SYkmMNb3abOPObEQM2ceixo+VTcnp7HeKPVYD1ybdnOMOXFC1AEz9wSofo6gTNdJjdRzlc\/9v7H9A4GsQFk2F7K54C2kPehQpa66BiqetQtr+UE\/dVFH6uNeScw+ulCv\/wbm+OBfrLZ2GXKql6eSDpcCVpn3MV2YEi5CgRFRyayz\/\/2woQgL8t+RxToNJ\/qQWCsxJMrThy97Ju4LAwWk5KeZaLwnxjsnunA1T99DyV8+UKz7+g5JIOC8ruYl8Cwc3nxBc+tvBSpA4ZcE9I+tZo34gvOtIq2Vp5LtGbyHij4LH40qk6nQ\/1gDcnTZVMAXlo9nJiRobqRR+5H3Sg6cc623xK2b9CkBfTTs2kJf1fvbYMbdZ+wEDmMqWAzs4QGCGgJ6e4avqUcQ0kS0cOgHx6IAe77IaK1bK2SrJc66FdwbVpj+\/3eUCOHhaAIGMeISGD7TNa3JfY6n0SkFubtUhSB0GUsv2j85xhlI1qeV+8UDynYcpwz8FIiKVdUIjfXcOGHLc9FJMKZ3XshDKwmNniXL0xT6RHfFQH3w8eQ\/YxCjcIE1MW2OGZs+3vB9wyULm8eiLTszw"} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_src_last_pkt_time":1621490997006915,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490997006915,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEJ5AAH4RpiE0uxSvbKuKtt7qAbsFTpBcyf8AAB0I1Car3PgqXoAAAEU0uA5YSqiRZv5\/DZhOTssoA0DPn9Zo4RXJotK44fYCvFiyrLXWkACavb445uJAej9D6NW8Y41y6KLu3pIKWD5qGNryyrX7YHITgUXix8iJo5DiSxsH3mGC2JahEYGf\/vTyPVMCyJZWsgerAn4HVFWRUh1qe82mrvrOfq6CMJqoDiP8vlj8+LrUV\/YTZtmYn9QGfS5vgZWX2txmg7RWFMQ+Rz2t3\/jIoTk1tBYJ8e4ItX4pZIW\/53Hyo2dcr4a7USRmF1tn8rKRC5HhXyRfxIBsmcteyC06JLk45KaIFQsqsO01ArTRBrqtXELj7tUE98y6lWlRh8r4yikeZefWhfGlnFB8GF6ugo6zdES7YXjYS9WA652moLPIYC0HZ4SbnVpSbRSuHeIGE5Lu9G6Sue9cSsIYF+Q+QkYSmgthm63nN\/pLWKoU\/RnLDJHaaN+LMsKEUL21PxpA47xYiNZr99R5HeRxIrMGueLrYGdwS\/9Macb\/Jur9jEdINRcxOqvE\/Oky1YBxT9EEdmvl8xfSzGRV6EJ2dO8C3TxvmALVJdJg7\/+XmVlc7vdVkE++7sw3O91FGcYlrdAT8TCgEm4OjsLPi5Cp+NhDUd9lNsblGNPne2oWas4b8C2P\/tYyZf+gOvHLJV3qKtY1q\/qcAcDlCTflHkKqb\/f8vTpeSKwdug8\/WMPk7J7GuRqkfSiRUAHrQP9z8Ev0mxBjmR0hdyQhsJrq6NDbkZA40SjV4PLS6wDFjRKFILwhocOA59yklQQ9oYMwuJzmXLKwLrh5mOeO7SiIFPGV64mweKEGNBwsPL73yemcdr\/l7ci\/aRkjgroHfTOlRVNlwd2SMp6acpgJ3DUTPihyMBDSlBSCN3TpbTHi0mhLZV3VnRkGCjGLPs2dQwR+\/NHoWbG\/mkxOp1+Yw2+oGEApO7eTCrPIrMzOJPwIOKL240s+7ngQuSxGGK0TJiP\/b3U0+u65ktYKEIhmHd4NjqdknH73Qe9XAd2ZIJ7fI1HZmpgWCSTOYqlCtKfFnEWXjld7ZMR2bys1tpSPgypDIWux8kmWABvn28paMZ5649uFQ9tMCjlecEV\/1g+ERbp+wKDLmdogOcIzxg0M+JAJaffVX3DrOnA+A+uSiEkyKncq2c\/YTqK9cI\/JDh0JxfqNhsxmMlnwuAaJuPcBh1lD\/B3Q54dORDqCAw\/xIL5UovaES4PJSfmtHs56ItrSO911ZuIm9uOZr63ZoEcTfsynRQRr4UugAwprRYIoFK07lwdRcDiV67g2XdWXRwtNjWXsWfQGHKiNcbvetslRKrXfxyaa5qn6SEG2C2SnYaRGY3a99\/8awO5F2Qpe+vbycKzEN3ueNUgtD8y92W1XtG2C78GhMCEI1RPYj1pzZhzbrlJRrm5YT3D\/l8R+fQYCAtmrdD+CkceZwNpPKhEhVavI5Gp5XwNdJ56+RbVOrxDRVmjqTRPLg4zuWj2jEJ79chsV5GX2UrMGDWSjjSZAsWp9Mx4ndt6VUOFZip\/9r4MKmJiO7yGxG8d3B8CM0gf2O3UIBZEchmXjqS2T2\/ewwSSDqYn23knX\/nt\/rnNzky3YHLXA2PXQsFtsr2gSewQ8lu4K9Abfu98oJmGOqB6Zepl6y2WwgW1oaL73FaoUE77CPUfZc3ThUmYcus+PH3momVuo6wjeidlhQHQcAxWy2EczheDpK4PInZZTQH8B9cl87zWeaY26xiBO6\/KO4jcBhP55bEZTsGd\/GDBTnrzlfHI8ia0xyN1XOyklzBDoPTS\/1FjAcpdn"} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":4,"flow_src_last_pkt_time":1621490998210174,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621490998210174,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEJ9AAH4RpiA0uxSvbKuKtt7qAbsFTpUkwP8AAB0I1Car3PgqXoAAAEU0MsalNWrpYLQ18ZAibnOvvkWZkLaIOwbFtZhqtVtu5TLZm0soV7JG76EmzAqx1qs\/svpEcqeI4pSwDtsl+NK2QalMMu5vgg1D2hPQHGIt1aS4eoayRIJ3VPcaOSNDV83C3AR0mv2KtvC6teWdJygUetGxKQ\/UYJ6QLBDaKvUCmZZj2vZVqrvBuwDyBKND1rK2QqZl6RiUTDCl4nSVZcyRuOfLolF7OYJOPKZBD4t6WG+TGHM79LiymXprKcILUBJ2K1YaiLCn1zs2+vDUCMAWHQZyIbgwM\/VjHVtWoKynWtpCDzCERMjIJ1zxQJ6tDBzSIdjb\/kb+1tQF8ay5gJWSCph5fhN3WlUXZQDaBOKBUJ2I9dopD5QsCZmrDh487J1TehodFvqwYeDWoFQ8srWDefQk8SoiM1XPeVmNODrg9QeE7FRqxEMYSAJTscHu2ysTRpS6u0nW7YzbouCZVKIBWVyFIouUM63vfE1LhTevhKNyImiHdcWgdhveodOPIQdru+yJ\/CMsThCPBXufZLrNRtOOOXBr1ZzyP+aBX0McbDQcpj+ciAJGTJjSHxWUmDDQspqx9narwsCPEI+v4ArKERTnUdu7\/6nOi7J5uar38mApB2HiANKRB\/OASqUgAc8ACIO6FDIFjW11hEEAai48sDt6vBB9ZO8VrPaXnCSEefYtr1CkWMMDU+8J6J1a3OUjle5I93NjA5n54f4ZpYHMAyPBvVedwbcLoV3w6OTQ4NB4vwrAnUm5p70JkUO+3taDma+0+invcrNJGM1FG7anF4zEieOhJtQ4mllfkwjpM2\/x5WCHhL3y7rITx2sMJSwM7QBFBt8JhAn\/+JK\/J1kmvUgqqAXL\/MeNdQiGOMogmyEMpcwawAYBv8KuiGxOfzlaQ9nyyxUodzR+YZRwElQHmn4\/cv17nYnXqt\/soP5mHB3jK7WInbJxbQtyjf\/2E2taACT6y4sbecs1ieQ7lPKAP8SRjyzKNzmrrWdXqI2Da+1Doo\/BmCV8A7sm2\/elK+9FIm4M\/IlEy+KLnlG86XzY2C42ChunILwweHBE9RNiC5L3JUHBdmZB8qhCJS3Gyv2i3tAgkYBYisv0ySZ8o\/0SvcyE2DQpP4forHbdy6TdkccNmXvbo6MS5QfnS4suI5biaLo7Bc\/MXSst\/E93BkvPQfEuie00Py4FeFONibIef+lonUgkkBPYpiKLNmUivROF\/dSQinZWmWEdroeZho3HiywTGBppaxcVTuH9qcsHGSx6LJBydHlbY04gLSBtjiXE9\/E0JsQcpK8dBe48AMIRl\/T0NiDAJ3DFspe45EgGog8S6cx3njyKHMlH0bDH8ynfVV0XI77o\/FZdB8rdeO654rA5kyXlMYZ\/2swLInXPTRDn2WT\/FyseIu5So131zAfhyOaP8+FA3IhKXJkyNVNc16adllGwYmnKZap8VsalJ+Z25vFfbFqb9gqxHIFSDP9ywoC9aWwCfT2DI\/I2yQM1zWc851SNzpkt05NV9qoXzAV8UPMCE786OxcMbPijrx6UR\/Ej2qgdhZo\/W1ueBLopVSUvaLmnCe6U2PPHmg06ma634pfxGhtn1YwmbXZ7aZ5N9IM7S7Rl2UQkH6MpHEKmSxufz1uLW5e+mbeiCjtHWlwuJPebWcZipkjfontJFtxY8JqWR28min3U923U6vzulHQmxO+b1E6vPO6sxgCl8kQJJugJj2mdMYA7iqdA5aBhULx5lZ8+Uw728RNXoKYWbNt6Dmw3bihemdgHf0rN7ObJT6Q0"} 01152{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490938810514,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490998210174,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01152{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490941568324,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4050,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621490998210174,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00686{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":103,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":137700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":0,"total-updates":85,"current-active-flows":3,"total-active-flows":69,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":405,"global_ts_usec":1621492846202030} +00686{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":103,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":137700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":0,"total-updates":85,"current-active-flows":3,"total-active-flows":69,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":405,"global_ts_usec":1621492846202030} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621492846202030,"flow_src_last_pkt_time":1621492846202030,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492846202030,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1621492846202030,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621492846202030,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYMxAAH4RSx80uxSvxPU9QM0gAbsFTsrvwv8AAB0IkN0D0fi2gP0AAEU0WPLbpHtkRhjnBwYFLsQ0oBVcuOZxPwKAEGEgwAlTMTXTGM71v6BXkNyXBiiValVwFjUYX7UUrk+V5Jrupcy7Obpi2i00t8odJApt+XitfLuiix1t0F7z5Z+feBpcusmj2sOZ6QR6h9W++LWKulARwr2neypk4oGapBa+NsiNweTRdbMX3O4d\/mwfllanHZjdO6qyaQ7CnGSuCulGekhpihqBGXPcLW0di3I9pvTqznFG9kWmS8ORGWf1J8GUtGc5VJSaNCJ+Fec43BTOm1+MS\/j4zGK08zpEpGVcAuP60NQcXU9UkzZKsPw3ZWurcWQhQRUUG2hZnMieZ2iH9C8vVNFBjN\/04FbVKM4mZrWJT1lug\/jBAePvCTNRYXmLxN9Ou++HC02AMJ57sWcEhMIYguKuFYuR7dxPfL+cTW1koRSS6BsFC4n5ZRuwmsUcF9vfJPEIqvBwmCjtVhhf7VD5goH9tVyYF8KO3kIv28uMuxWcK+q6wT8hSJ\/zEHzootumo7aXQqZvFeJhyCX0EfLhJ23vbRO9FmugxWN7m4sTU7Fhf9kalJr+3D134oZ9EEYm2k3laLxJs0+YOmna+6\/rVscNjjUad0DFGPUlfBEWehyhkygQSnAC64dHYrDv0iBrOmlJ6MRSwFxUrKXnUfq3k6Sjz27UeFDKAbXjm9pfn3JaqYN+iEPqCI6LxBiewwQo6PhkrbmioOgwvX\/DmpJRnPyUe5tKPfpj591HlcbD1wj8IAwgpQiAbJmWGX26TQVGc\/oGu0wUuxxgG3S0COr+VKnO615jbylfYmabj0+tV2Uo1TdMmuzr4pfQWFOvIgEzWzlgauVuFGrxVJNotNQk7htoqJBX\/hMnFoa6P3D+kOnEu3G17VXOpjoxBo+e82xbyKTxE+HiEnZeWZL7luz5bZBmWGZc506mXLnCeZZQqiG\/9I\/FNIpPvoo3H6warZwrzbb8Um6Nvs0Ics90RO0bApWCzRG1ZbX3AHjvDgTh2p8CR9Oooi6r0cJxgwFZZY8SZy3zNyWg\/wHtBtGqhZKlBnnzNUo9ZvpjYGNFYCmpHvrwviyxBvhHkg983940o+FsWBHY4PXxHhH1BeANrMFfkbINkn+CbC2\/r3ppTRHHY4fjTIWqDjaau3fmNxn2oa4KoWNkTjA1BSXwvqc8trFGDFMCJhUs3hSHPiEoAQ531rkzeUr7wtvjAhy3yMpxtEUaaAGyPySo1NYyTXEWK8w0\/YLlmeDmev2JWcCnl7HS0O13jStUjDzYdEKkWbQEZyNXBVEhaIvowRgcn7\/v2zT1Ji\/TX8DeP9rZyEyPensHrqvCjEiXBVlBQXgUJKTAdm6SwnhUmgDIWfMcW2vD88XETNohXNP\/OdolyEZ2F5Okt1oR5HKmRMri3BoToqsELE6FkQG6EG4JyB3bG1wn7w7zqvTRpR1UjWxoXiXjFxffg92VsUmcwuEyMksgqkhRx9h0TWNRACL51r145yHnspstaxqMITdw034yIHhAL3G5uPbMdUZQJozU\/XLnjQ9V7x\/mbfIElAUaPrac3k2nvzbr5ENvEse2uDH9Q5NSX4CsOm399roi9AvuA4V7OYxCn6T1MdQz\/4\/J5eI8ez9zieLgXCZomN4Y+BUIAuOY5\/dWqfjZcWMx1s9NOKQTb1Ka9pe9XEJIuxx2s04cvGxtWZpPXA8fQ9IoJlumB17J64o1iwcDB9g1LshjWGo9lOe9FjTnwf2Uc7YISmWj+vyoFvYEhvt82NsOS0g1fbgE3nFxg5ojGIF4"} -01430{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621492846202030,"flow_src_last_pkt_time":1621492846202030,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492846202030,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01456{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621492846202030,"flow_src_last_pkt_time":1621492846202030,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492846202030,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_src_last_pkt_time":1621492846499549,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621492846499549,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYNhAAH4RSxM0uxSvxPU9QM0gAbsFTsB+yP8AAB0IkN0D0fi2gP0AAEU0eNeT2iVrLMv4jKHl8TcBYgCovcfBUbyiMals1lo6OENtv3m3tzUH\/6BCYnVpY+CFN6iuhjAxK4TQo8fdrcWsTOaPpoFoY2L1biWlEbkp\/x6C0kavU\/xvEB03HgfSHvx9g2E9+0QVaZrnTGMDhzE\/LCMOi99ZyzUFTLa2whyStOHkacXjeP\/fXvaRIU8Xw0e1DmF+BBORNoKDNAzHaWe3Xdqk4sXMuKcYmcsPCiNzUfbIR5I4+VLDDbiRMHE4TjaiWP1s5tp2uFI3oH8oNBxSqcPF8N1QFN8Owg0bhCA\/IS6AAO+WjLvCXNFTIFRkUX2YOFCXkduhSQk\/oHwzaVML52Ssm10WvS1irnJ1a2h+SxJBrkoqZbSa3c8eawvV0lJSss8ZpdSbSRzoN2qRfRqNsLkutWp\/l\/cD\/9NStpmQaF3kKcyrILDL5C+ND+LRujNpqDaC7rufyYb4OxX88B0MzY74bKzBpjdNd\/NyrBm8\/onpNwjnCW96RXgIjm5ELYRH09jAdke\/LMSfgsn6fc0lbvgEQ3PiOAd21XyPj2OSsqeutdhHzHRboDg8Pn60e3mxTSQEysOZhCJu1aVdB2yGnhlHsTGM58d5JBHDE+jZDUbC06OdcJVkIv6bjuXRCqEL93W8VuYBHzKsU8Ii7A0JxSjAutjZgwMCd45KPWDsNutDQ87CFhmk5RA+fKc3pBM8cKLyE1\/D7NJxJr4GJrA53oLs7VGf6MKmlV4AsJZP6rx2xmCFhjFqHYFLBgJdnESGthy0GqSMdwYEYdqxlsQZidXrJUgJhUv\/viqRmaGGOIoeCbGdNL22EJ90SNuuCvVNhxjf+OCfozoA65mZFx5Us+WOLW813xAA7oS3jfz2r9ButsPWkueyotS4sGWbX+O7pcBxmbUlkuDeWzly\/JrdnbLf8o5IpZlL\/szeGX\/xaukbonKpw0kk35eQAFT22V0SvOQXn506i1bIeQVC6wqNBPKsgTo\/VPQcaj1aZ1Q17VqXoKPIuPlZ7SMkngAYC6FlUWvgpdcoeIcZ\/t2glrET\/TpZTHAx1vcYpwXGccxvCqJvFzp\/iEy\/P0\/s2VTVERM98qgpyC8vVMDiAXeT0c+8myMBJWMmEBB7+3YFzgV0RnhI5XMWiTiedHwgemVCeDU1kg8u8hqfknKqaVcO5tLH9t2FGmiCSrVi\/CAOeu\/vnWqt9L\/E7AUvgJ3nf\/XofTNim4vFwMW9qWfnflBAI4etDSLXlfhCF6hj05LkXpBYnhDX04dMfzMd0wbqUALjlqng3G22KPNXzcoLHgLHkSRTNkeGoexq9oBLHV6OhHb4pIzLS3SlHBQgMv0ujiz0C3WRmVVFITqTC4Ym0lFLd1XdXKIywfzJUvwG8AxVCpiWvvbn0MsvomTXCjNPteZVCsije7Ys2XOj4jFIoymLHdB7GeVOyHHeUAXfmy7fXXhR9EIO7It7pUitHoj7\/O+uPlKz4WGY1XtA5gadBlJ9hcfv1AISORgb2SzImOEaEIs1Oyben4xhUAxtnihkj2tOYt66nHUJoi6WDXV0pSiA1adbER0DGTh61m1GbsvAF6iehNm5R\/auq3cSwz\/oNuoEeWcajKe6C+bJZ0Pp4ODEB6xylysFi5Nsg\/X3yxwOUBMebO7HFdoJOx6\/anLHqvZoeJiNuEm3J93g5x\/1Nsu9QNYOSXc3CITQMMVtVZsPeOQpBypby+hqNIrDBvXDcv86XBheVQLni22zPRHvnPPVc9m1STaKuBI1rOewM0zxJ7Y1kebQ5fFy"} 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_src_last_pkt_time":1621492847100544,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621492847100544,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYNlAAH4RSxI0uxSvxPU9QM0gAbsFTuvFzP8AAB0IkN0D0fi2gP0AAEU06G6NT+VSCrmEO3BKTHqGvRDj7zHVCi94TyNRWxU1mXbjbTRFZ+CaZvg4gqUf9xMHAUYdMHn0JKiRgnSgkHznaTtiRgEk22fQwgIxVH+hvtVpbaIsb3bOri0\/NzM4wzGQk0hhFXdooXMc+tmV57mVI8vF9JmkYZ3AY2F8JLlv1BxIxapiJTD7gwuZ9nIypLmrrtiyGXxIl88PM6uDd1lRl3qoQ0oiA9c6pPTCRB8dAQJ4YYuVmuW5TbhruKDZ8PB0MJQOb013X2nAghH9Hwha3CvwiU2omtgMvjkZesxfUObKfDTbFEMzL\/jrRFh\/+J0F\/EGuyjhTpDu6+xG8itbCbnAQOy7WuW5TYEsc0xXOAoc6KlEwmQiQKfPKtF\/2CZ9SjafQf4Oy5m1SaS8su+ueaSjJsX7m0K38THdf5jQ\/Fl4bTD67mwBO+f0scmP6GL\/mbPaoaMUGAzlNUBiMCCExtPs8A0mmZK+0smBu+L2yDxhIAkqjH2OcdLR11dCH0QdOU\/qRLGN41DI\/\/cqIkx2ijbR9g+OiikFtGSy6n2LA3mBBdnd2T0hBdnX9fIo78omWMaICsidEwWQIYfSO+LyI2h4JvJoNJSJxTMpQux0CHDeflYgxqteaTQCHdOZSOAFozGJdqpUc4ukomNxsQCMV4GAyI75uC+kKJhbeM\/HEqnNyY0rfHOQrHusbMJJ7FCv6nM11\/2Oo1Hh2eJK88As7gRhqPVzeuz\/U\/xXz2EOtHRBBzR+oprpB0Uws8\/b54W5T+yFgV3JV567bJDHBaKHV4CypvviObj3VPZSDfbx8ZDE8cPozymxrQGwJnz\/SSVKg7yHHCcAhBIh9T7YzMsItriGNvgnX0urwJbHBIwvT0elkkqojq4KIx\/7Yh8uMFRpT07cYIl6MdN\/iCqwh1vqZbBwbGpfQR\/HAz4IypJz+zywRzPQmL4Zjd28OKKYaEI1VO6TnaZathnaIz0cGz41\/3ec6ubKFkmDYBvMaCkYbP938UlSyqwlkgR59+GTpwl2zVUb\/faKExO\/4NpJhLquIMi1hgHnj1b89iIzZEVRRmuruxSFJoxbfnenirV2KkIVM3rdYaAMxCt99+sRexO3VcGSAJA03hK\/5kyXvD1AEq19Fa4iw1nUrJXngE0gL+UwmRFL0ICfLh\/hdSEO2viit7tS9gNA4BJCujAoVC7fRr\/9\/osYAvWoTHo08WZH2WCiQAis7vlYiYCukAhDVyYp0qF36aPAJIVN4AZeZh\/UwxvSF7ScBTb4zd2qrmWQ\/QZp4LrWYepsYYrlR5PrdyOcgmPlz88MR+J+nuXlWXgCXcgNN1OrnHnxsLeZAZ66ipsvP1GZZJYJb3sLc9AcafS9torkCmsXvmQslIdm+okpX\/V\/b43ll6bHHGrpUQUv\/PNxOHHQOhXVrn7vat1ejZj90Ni6sGu+5HaMpi1OLD1mKP68o8RFXXDItYMsdIXHnUpqZjqKI3C+edj9oApTrZsLkp61Xxv6XiA96YE2VPsxN+ezAXexypGEJk04q7+rYgpGY24NJp4tAUHgsYUOjphIugzRYKjYfTmKFGPs84dxLcAVTKE13VQOFcTXkt62OXTrEtGBfQUWVDuQm\/p598jzYh96BGCH7WptCesorqdhDG\/2HxAPEOEo7SWItolevicv20QLakpWkPPm17h6hzM\/rWFNZM9vbByjMoWPhIUCyRXi\/CbuDLLXeA9rb9\/9+r7QoHKocX6ChoPNabp8O8SrguQ6Jwt8O7ZEnphGvVCAS+swijeKY"} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":4,"flow_src_last_pkt_time":1621492848301815,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621492848301815,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYNpAAH4RSxE0uxSvxPU9QM0gAbsFTvUqyf8AAB0IkN0D0fi2gP0AAEU0qqh+Fby3a1Z7p4sCANnB6COSx4SfBj4fWyF81t2sAxdk0a7MCvBODpWTurm4KJJe+3fjm5FY5ziq5GLl33Nve0OqvaLB+z3Jd1yr8m6tmz40B6WuTJ36U+FBGHL4iuYsvMC8lYR2Yk1V6jHmOJphwzJcfdduOddwCotEuKkog\/DUq2HjQyGgpSOyqGm7roFmypyS4JvspVFE58nFPRZumlvwX0okQGDF3ibTSx1B4bEHhYFOmnQ1\/aufX3MfWNBwkOe23bCHBYhFZqDZFsx79Aa4S+rcXnVBu1CcRSLi0zOIssWigjeZYQ\/JNILPVf0ZW3Ic1FgYooFhl7c+MoFGU82qeQ\/VWIPgAkgSUuLocqRX9ojF0IRfgMEniHQvHPRN3fsDkmO\/2EiDUMmNBDuwceskvrPItjIJRikId3nTS1TplmKWbUo2Qasiy041acwKCtAiWDOAIaKXZOFae+GFXg\/\/rCvuBdBHWHE\/1P3hYxC5kHPkXNlUAfD+0p8osiuZz\/Anv1QT5WITDX7wMlkbDWQpQidJMo1+s2bJuOJ+sjOky8icfdnI\/rP67rPyhFHEBPQJkEpfpFz8AsKJoA8CwlVxEzZf5evdnk7aJQ6V3YlQPXfKs1MUkCOuZv1OC\/nlckkkXupIUors4uIDWKVlaFRMYQVU2\/wMgB12MK4DVmaVjJhhTEj8Sb6JDsm6nYuI3U7pgWqFg5QHSCgNUN4OuvXJ+wb9k+5O1ZL7tcYhSyN1OdT60MZWcPZUlYWwN\/K+k9ORY+neeFZ5Wk\/xQGNIR9KIGvbHnMrNYvQVyxe0nbZ9VK7T4JBEbq3mYd4TbOTJSjig81MEU37SaNqg1rdXKSObLPZn\/Id0aq2agilEmpsLi+LPvF4Uh1KCs1tqlYIhnLtp6h9bQFHEsq55yNBprbQ3CHYRtquUeSIujphuSKfQgBvOFXLNxWCftyjyL+ta5aFfqrBTeZJoQGRJWH0Dp9JoAEU53CtSsMpJGe0DsLIZQwm2CS\/80PnkutVp+XqiaGCdeppVjKAXVZHik0vArRg\/f\/Ymrb2WM3aop9TB+msvKbXh7AYjKWAwdKeSplEjnSwhR8kEkKt\/j9QpzlRj9O5bJfRngQfTd0VqJa87+SN+rAaF5WC8N1Cpp3v1oa+JlJzZYGA48nOy0sgdM1aXDsuu2dfdR5TjAp4zNWmBJE\/XcCmGgh3c3ALPRLcokcR4Ow5Dpf8+pLu+DM1GAF9uR8XC+Zxh1jv2EauHHVZ0jU1pntqprblCs\/oaPd0BSRbEHMJ\/CIDqRwzjEi9vf9lcLL0k3sLhtS40o54aoTavgqEQQ6qkTw2hRkWi+hC6jKKHWy6\/jEx6siMAPYUI1ecuRR8BBjRC\/XatQhQi8AEi\/fDdOnX3VvDH9LuLWULmnNfuVc1Wlyd+LAQ+VF7FU+LET\/KrV0naNTMwOAkAlnfqpShJ3UIhxaee7+R00Iu\/NLdTX2h0I4hFbil9D+LOcAGiXTyBjIIQq8dOyEfDu006oWmBN0234TuhRxJaljNOjqK9FNX\/hgd3y52cOszoIK1oTWfaP5fCa7A5bDPovU5GDIY1GsMnnqf4DNDbmyfvpuVHg69M5bzOKfsJNhyTC3qYQki1VfC2mlgyrOTK8x8s6YT\/zunPDkT0dGEp99HHXLOgfxdPrNONBg3Wl5Bb\/Fj72\/qPD5E9jtqn6jnvIY1nMeGyIeObtZCj5oNT7Lps3D2YWxdJgwksIbEHNj3CB7W4IFvA7l9PZBp5zQaLB5uScVAYKPsH"} 01150{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621490937698475,"flow_src_last_pkt_time":1621490938810514,"flow_dst_last_pkt_time":1621490937698475,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492848301815,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01150{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1621490940042014,"flow_src_last_pkt_time":1621490941568324,"flow_dst_last_pkt_time":1621490940042014,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4050,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492848301815,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01158{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621490996100884,"flow_src_last_pkt_time":1621490998210174,"flow_dst_last_pkt_time":1621490996100884,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621492848301815,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00686{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-payload-len":143100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":415,"global_ts_usec":1621494599158885} +00686{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-payload-len":143100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":415,"global_ts_usec":1621494599158885} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621494599158885,"flow_src_last_pkt_time":1621494599158885,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621494599158885,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1621494599158885,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621494599158885,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVlNAAH4R6ZY0uxSv0OWdUcmjAbsFTknBxv8AAB0IjEZZ7Twbo9wAAEU0kJjhzp3PFc23t3I6EGlw9Nw6Qc1SUTVOLXwfMjNoeRLiLBXl1p7gZhSviv9JQfR9Wlb4B\/LvGDs5HubqNvjy9gSGhUAoZKHgVyQNQ8sPeb+zAK4\/+3Qxk6DgExGf6DSCsV9UWtXpGmfgDVaGUIKvjlEvPlaJQ79FJEUNmnxqw+Su2z56GwGnZs3etUJY7Thex2ui8FvucKYZYvgu6wRjounSXDUxthqRvvbGPyVi+\/zvUh6JQJ+TX8SC4eFZqQp+jb7GmBSIOMm\/Ec1jvbOi\/aliVkt3gPEwixlo\/RAm9MQzPwfq70hgSkoJx46ldrVQcWlKc\/yvw3p2stokg4mvv0O\/AA2g32B4XP1S2bCDnPSyjwe\/FFG3OX0VFLRXvjekO4to1p9XPgmuVtwpQLf4lyNVfpdhvYlgoEwUjM9uaq3UiXNUhHqjQ0L4DXtkhhjRWeULrLkU0f0REry3Q\/LckyGikkZkv+F+HV9G2NIDV+IxZQ6OWB7DM0Z83epJzGFj5\/uYXKmk+BbONhvtUkbwsIoFVtH1Q4vZLc4nHVR23cDEhozshXDSC7PWSfxClKjneDPQdrDLr0vgsH8xBaaaTioZjwEVMdhbN8FsX\/rL6bMhM+b9iF41rToFIYIcSRksL0LulUfkhaEGqLUnpKwuyqlF5UpMMngzqdoYUpd0fzQgxA99TnPf\/ZibGXba4goUBq5aTeKljwjQvpfeDm0N71QVgSNFdU8sTF5RiM0jkfLo8VOjKRpirBNuYJ7DIAlvof3NA0Grn8dQ7f8YWlV1lHjXfjMeogHBB\/P2mTQzXX3ArnxmdG\/i2\/iEZexnqGBauYfcvUbCb4yWGyQ+uf4buf9Z9AyMQMsYl+B8ptpOp5x0NGkqHT26QYAV+A6a2HfCBCEg66zE4TRZrMqr6q6\/a\/IE2n6Yv2maemjmwg4iHbv195EUc9666Xw\/knVVZHK8GuAAgFkIfnCTuFvSaCEwbnOXJ3s++e1rXdNr+Hg0b2Zbi4Ef9DQNeQpBIh3Ur7TEj8IDc\/NOM35lp7oYr7QO2zj6YAWebmCqb56wXDDn5mBBgu37fQhnakjMV7jHPkryVTXnFiOaL\/CVFGTvS46bBvmJkLPq4HRzoYbmboqQx4mXB1LvgMfXrHU3l7iZLz\/2XPIqh+KYqtzkanEAs3nElKsp2sB5mExQqIIubK+l5dcRdQNfCBmPrColZiPglV6Hv5liYk8JJ8Kbi6iN9RFbJHoGR+dLu3tvqT\/dah4soYZhtI9JnUfTXwZhINQmrqt11PjUN5xy2FY4x7Hur7+46IjhG3mRUQfKZk31z3sThwR5xjbX16LSIZERlLjpMdpm+lcm2fcsmWRXoQTgM8\/ugnLqEQDMuUDGvRukyIwk88fRryMIRKV8KDVhw4+vJ2EZLvYDeRSBFQdsKzSa\/hTqJc1bTtpaEUuGT2u\/or12NqrqQU7wVWi3YOk1X+OSoNbRXciEI2LGKLRqsnbsAqS+IJRbeA+3y8sXStW3YAt1gPKq7Pgq5cW4+8O1NmIlJ6gz1+lq\/WisqZhapMN5rUgoylNO5YJPHuzHdkOWHinWJ52NWCXnOYekNmJLkh41YrSQvM7Zm1APRBCuH+h9RHttH1u+s9o2TQ4uAPAAFWi6bluDPG8hlbO7uz7OAKhhEJ239ij+NXPbweBE66DiURdi7Gj3kcjPg3OPsIP1L\/pUMzoKutj3ZBRiMec+XXaGz3s5ppe5ssD\/WW3cQpGois32lgVeJrDmpDxCsEoxF\/1Tdai7z0bd"} -01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621494599158885,"flow_src_last_pkt_time":1621494599158885,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621494599158885,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01459{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621494599158885,"flow_src_last_pkt_time":1621494599158885,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621494599158885,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1621494599466741,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621494599466741,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVm9AAH4R6Xo0uxSv0OWdUcmjAbsFTojgyf8AAB0IjEZZ7Twbo9wAAEU001Nedh8jl0mRxcN7+5ymyAhdk9NMUwxYze3lIyYWk2jP0t92iE+L\/yAM4MnpE0YCo8Yj\/sG9IYL5\/Jqz+v0\/7PZJlA72+xIp\/Zz2FHFmfCsrXJBq8qMZr4yMJUaTQ79L\/KyQSvCHFBgMRJUhRKX69bPpnAnksqJirAlkiGBvT0YEt9mMoiR55EP1zkREk8I1QRdfacOBiC1xn5oSmyEOrHRGNMlEIFFRJLgWr0XXotnRIEGBlAPOKZPZzQapDug6\/9gRem0rTXsSVsMhbztxGw\/vtcuhxHhCL\/sRMBYP\/by5OhP3fCsCPd3sspB94dh0sVKqpEvWHKRXI5qkQ8i0KiE6NKXE1Nhqr1NvADQnhHZesnr3pbbwRzdVtIdnVbg+KpCF5NoQHX8ZH8QDyNjWRE1jnBpB6l3OJ1sSKdAgaiw8Ptd9k6AGoDKbmF4ICOpOWeyjIS5UuYgKNS4W1hKboP4A0l98z1AMF1cWHOyoMcwHulLBVCbBON1h3OyJxCb+qSsMMjsumD6d4H94KHLyQlTJDPLNq5+27EH4JgoPrQnrhU70QkhyDGeMEA08Y3NMvkMXs9ScL+i2jzv5BFhQo\/tMXR8AuhJIM9staI9B52\/FDML\/NHMdUhCiYzlzdj1bMiHMjmHtScQaruiH9wV2aP0flj8aUj5pRTOyuCcs7Yj8tosR5Q7Bc4J09A\/d7uBuSzN6SiWaOfxKRsQjRiB+PoBFp3RyZI15eo0FBDGFV9z7YaWXpK\/QUxQVAHHMQr6q2XYdo34fAYM5WCCSw55MSvIPkgf5o0DYE25dUpBH2wSkVcAbptZSsQKNwzN7dqVdVmsRhsSqNIVkr94Mgea0XDKOPfcuA0DHWVB2NpAqq\/2KIzHInDQ6qFc5M4nF4o54hvOuiL+GByVbEQt\/\/entGulu7X2JEiyqmYk92gVvJPNI8Bwemp05+Q+twxKscsRsU5w0Xn4LJ0aYLhTJviBC5fXR8Pc1viFBHXYXbarbLaQ3PMRows7y8XdeOl\/bsuCdG0ch6eIFsRvMMwjmhUgHj6ZC2WxikfNArVb9\/GqEMsVsVGaSerfdOb8LTsT5SWnrIpnMmWN2uIjFPgyu8\/qOno2piahKRLskEqrRUpNfLzBpNxlY9abVFtVrTQFSn+Bv0pyQSJS4S8yhl2CkBgItTkREH46KOs97E\/bHK\/yGj3NexQldO92K00H85joQ7nGUScRMKfqIpqXecJxSM6OAroxCymb3vSJmrnHwKgY0lo+ETPgqaXNxSMmLS\/2JsUVg9IcXwjmP\/hdzYDT4SjdN\/NCNzQLqEDcD8ycSm8xG+d2Pvjum+8NDSNcasGk4ZrSjQeckzYfCVt3NCKRhy2IHBlWjMTzzyU6DPzhIcLNpxSDWwl1i2IaHmb1isu27465MaWunzERUUlOR+kzIqaRHPTGq7D8F9Wz\/Lo9VOIM5KywiZogg8pDlQ7rw5vQ2wQF5TAz7WtDmtXKPT6M2TZLh0RCInRTlcWnKpFX\/38oEnnKrzaye2ifSAUvdyfSNZNXjY2UYGYg6Xrow72NLPTC9O\/+G9i89rbi0HpJcLFfEQxFMQ1sztsPWaTAohU5yyk90ga7gEn9IGLftr8nTGe13R6POb\/td5pOruFoWbUnJjSDEOgXIJWatBnyyLDn9kNeLMGnrjo17scXrhmlTzgSFpT8tsc+6WK+4OwCSK7uN2VYU5zw7G2oqvb\/XH2izKQLOvApMhxYFBkNigiUw+ruYaH6KQmSISbShAPpmf6e3Ok4EN\/1H"} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_src_last_pkt_time":1621494600068782,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621494600068782,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVq1AAH4R6Tw0uxSv0OWdUcmjAbsFTrvcyP8AAB0IjEZZ7Twbo9wAAEU0356vdnE85kFrnK9PnoN7N\/6cuhgJZOurPVLrUkSIEhjazS+SHD5nphYh\/Ei9oaiDY8Opbyw\/qBtRNMamhXjzOXvgznSeUsgwy1Y\/wE6Z8L\/PLMFoRidzgyIEn6rjIJKHwzzF2KGrVstlhyz2RTwgIvHMy9MIjilbgudOkuRl5cUCx4DqELWc9uRZ3o5vsRYtLfQcGLcZxuZNq+qR4l\/haEcF\/bo9RHUYHevsrmU3WGlZq2VVs06I2zfKkHonNVQotk1bro8ws9jUj7jyxUbwzWCdp3Y0J2vApeu9ELE8rutr0ZnW7RegpTFdI+\/pjDsy7w+XtT1RZkjL7KyYUDlQxQdEaIMNGHrAqXcCdWe\/PGc8CDZEYRQG4imIq3PmqUKfLT1H1z5PjAZqsks7C4eHUMCY+G0m1pwUNctiLiFN\/1UbsvMid1sQh6WBXSJiOYMPhFaj32vm6bQzmsW166O9cP+ju7nY2kDwHjX1VRLKHDBPT+BqIPgfQsjJdmUiCoPO1j6aSYQVgo0uGE74BSKhT3W7x1ONh6fXLzmN7+wWyuCCjfUqF68k4DNAO5ugG5nw7CpIh4otPJ3HMgytjz\/1hKjAQhcC4anVdWe0zLhoQLK+s1Pp+iUPac8alWHNwAjuYOUrtvLlDW5GtHXWtZeiHtJznZvOZ++hzVm33rcGcrUAJZx8UDtbZOWODHW2DvBPFPoCX6ZQVBXs9voksBXC+G9JF7eqoFmqO\/EH6soGSg6sF0snwdl4Tmbozt2\/yp4ye5MHCKh12GvgAGa\/SRfEXeWrk94V+VCNFH+5X7\/8EcicVy7uChM5zWex3QUxbJVdLP\/j5AI3XbgkHGGZyofmIhkZxWEV98Sv0kfttNMcxA841+aSpRVJN0a2XfeGieapwvw\/R6yETR9CN8TcQTFe6UQYPq7543m22E4Sg8mtjsfi7GhTVtBFlPk02hhEbcLmI3PLT100l2b\/h+mQABi\/RqHWxECe91tiAPUoarX+VKj0c3DqByummicCRPZ6kkW6whbXho2HsoAk+D7QoyjIYr\/kbmXT3ddi5XSAc3T\/AXjnmkbnhNKsXrqcM9kMdl18Kd80bmVHFpHplnIJlyzn8ksEEhjYfE\/gaufdnXnq1D3ABRKg2gQzIvoSpfYLvtOATq8ZeC375hfqRNXtw\/n1kUK3bICXzA6mFxkmQD7AGOSqcR3jSdloiLRo+G\/p15yY7zRCuvYbEtKyY7omcrKB9AP+U0Y\/znYg58r4wOaZBC4V+dmRK\/kkpba47uaqRhUyF\/yTdt5a8rnd6rmCkS\/vkMPoDjgVn9aKrD3m9zX1zDlvbDZWh6g6iUswysusJDPEcMqVt9oBikmJmTA4XJHL7KebwbAwBNS3e6+CgYETncO9oV627jebHXfk1gOzNt336lADXC3SIjRhE0xUCj9b7vGl2zV\/XiVaHp4BdieNUYdFnptfsJwounQcX5RSNrDM7WkoXytf9j\/GcyxSIH55p+0ANjoTPQ14vhNgMa5CNLbJsAFOaOAZLOmrRttaEW+CIy\/6QEDgSPdDqCmjHaTsDMAS0PJ+CViTPaRKX9Mb\/HoG1+hLb7WLn885xXvuCUz6bu45JBXtjOSd2sFZtZL5SSAAkPqTlNn4yof7j6smtUT03YKs+rhKLROxwhgN\/v7YhG5RqBATOJnmQaGvuGYn8hIWfZ0uuo2mUCeo5E23kwQk4p+DKVCBDeHuSFjGPVCnKBGHNbnoLJC5+6z0UTOz+H8VNr5FqbVxdiFV1rCMp6QITKc\/"} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1621494601272036,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621494601272036,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVq5AAH4R6Ts0uxSv0OWdUcmjAbsFTlPfxf8AAB0IjEZZ7Twbo9wAAEU0prv+U7F0wdX+izhf538Ajti0HKLGYuh9e5U6Y083jD\/QIudUgm1tYlkI2kM8cWbsQ+zC8GmWvIe9R2LBEf03sk43RvCMkoIhJHFcYa\/R7mV9IOlJWhxtrx+4DL\/Ff\/sTibLd\/qSnC24us3y1TFX8\/ZStD1RSAktAosgZ4wiTdFHkgawgHp8fWdI2t2s\/f38VKNnu9Pc9dIzDRZAEuKYsDhH436g0EMRXk002f1wAuTiTiXes1K42qwRvaem1MPpvNUcaqjarzwaBJMbmEZ3MZt+3q2iR6fg2WHuhVAnDc0y9+VtRAAhpESOqXSJpZsh2Mf8gCOlmP\/xMjfZg9cH88RFprtur9A\/DkRQnUe12QifWj4ykhp3naaUCqMqCGZRKXI79KqstmUWWEgsOd+ckZ83E2BHO8ghy8VDlrP3n5Z0cwuHqlqX+4A46VKC4s3MeThym\/zeNClA3QJGTQm99L9bYjtZe\/hfoCsIGS+0FyHBR+z4CuR6CIghEZzrqdZCehaPFn4uBPlvGIvKSr3TJa9FZHd0+TR5haVnADGPEze1B8Sd42XPi71apcKerlcTUenvLHJsLB3ugmAjsTMt1y8xKJvVEC6U3+MABAT8o8cyzzhcJL+QRVFNOwdFqpz10Gb0bNCM5tYLS\/+WuwnSBlxFppLfz9FUqxkHdM5y9iLf6QLIZWjiEJiQ+KV15o3keVzVoq9YS4jcfqwVvJMRWbqRuTNKWQ5apS4g+Q+a5K6q2uFoa7rUKblp7u8edlevenqLtIJ7idXc\/Ehqu5e9o+MJpdtgY1ODSnxbIq6tP7t7ZtSEsZAoa4PXSgZKmcc0GkDVq8kM9HhlPycMl\/GyGGBE\/Y8sAVcih7lnhYPhG6I+eBJZuY6wv5NAMIgo7fEzKAeWbh24aVTdrljsfq0+dlQ6dXSb1flS6eCU3h3h9wPMjNT2NWNxkKl\/NqEOG9GnxDV09u3yw8AA3OKWMHhnsfoAhJ917Vt3wyuwEH53E9vodhpmpLN4VGqXr9Y5istpTcHr9AXs75pucnLXRkHLhg3UmAgoKQ4pxH9AQcMlJKUUNzPA9qgvb3nU3j7MRRl46acIbwP4KTUWP7yYFdWqPnhJ3fvwOvH7ugqM9\/RGl9lJDXk\/nj8AqJSNeILT8U5vIgKhmf5nf3sxT9i8Ks7KXm0Yx1Nk+4sc1TFT8PdLe7lL4bzFLnxRapDpK2af7jy4lv6Pa\/BZDHzmVUGKCpKoAZPE+zlrO6pJXTTJlWqgcrKj2Tqm\/suo6dJqGGNe7s3eahMi9jpxuJ3YX4KAZoObAPyhuQ4H0a9MJQqNDc\/ZzuRszbZPKzxd4hivLrcn2tMi+wxGPij1ZcPLnzwwMvEr2BkH41pHllJK+uB3pS5STPRWdRbdIriBqiR2vLu0kzg8p9D\/rypfR6\/5sLwgYcovdb1RQ9aHb8y15hD9fpivmLWCmYaWLlP9\/nyztdJtf9F7UcZk67Z3WV95ccKRpIZqV7eDN9xlWf1lu6NwRTvPxPX+Rq7B9tpA0dJ1VsCvWBmwKcUKBnMJyvWt0BsYqviTt7c5\/dfn4FvkbhfBgQ8P6cuZwMFtSzRQamMxlZu4cb54asL8l03klv9yXFKpeYFgactkCG0i8jq4UIg6g5gpYTUpuMs8x0eO\/HFi4Hv9wkBepGucKMzD6F5qMf5hviTeSYggr\/tBofODo3FKxI0UzrQ7JDvfWKNRM9+0\/lD9RfQ4DCr9AUTzo\/4\/1pmzKIyChjDf3IPCKdJdReH3k0FK5ov9cVz\/P"} 01156{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621492846202030,"flow_src_last_pkt_time":1621492848301815,"flow_dst_last_pkt_time":1621492846202030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621494601272036,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00686{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":111,"packets-processed":110,"total-skipped-flows":0,"total-l4-payload-len":148500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":423,"global_ts_usec":1621495208068843} +00686{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":111,"packets-processed":110,"total-skipped-flows":0,"total-l4-payload-len":148500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":423,"global_ts_usec":1621495208068843} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495208068843,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495208068843,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495208068843,"pkt":"AAAAAAAAAAEA4PSECABFAAViwetAAH4RV8iokEAFXWSX3eVPAbsFTgNDy\/8AAB0IwxBIsrHTx3QAAEU0bjduGiBH9YcAvIt1wprzZRiYJMPzF1MMPECwlUSWc\/RBbV+iPDb\/v0+UPTqOqIz1XEDYAo7pbau308le6Th0FZqRlv4SU+qXh+iRpNvtIutuNBwNhb6WnLZjvRY70vVsUgD0scdNaDgMj3pPrZ0V8bA\/xmESw7VNToLPcOadkH9MHbF41jMAPEaD3xqUkat1\/m5M4Pv0eZtU0YzflDUjEcIUViabEpyfwesJgnqwj9BXqmfBSQXLW6uS7UCVUFH+dCmqa\/iJJ4SrwnAYJlCIN9NwJ+1Ze32XUdoN4V9vQ5GScujeLsdwY+HlSYWOZd9d2+\/d597gVGXqOsrTKKKVZCRdEs9QySjbJmNdJ4wcHvezwRkLYorieHie4sHilr6O5PVEqCfP8aHxH6msP3pHsklsYop606JbaZfCUfDG3w9nrXiNdmjL4dJ0aBKky9\/MhuPCuq4g15oIigu1FWbGfnmKl3BVJ5ryEDgMgOYehMyIJ+weIqtrAsvJaI2654d2yQ2OH9clUvxOeU\/jKLdsEL55j4Tpx9kOP9X\/3VWUCYt8YZ5rPGJN919ko9rZSBS1iM\/mjZCh7R6C1BomS2uqQqN\/2PwrKORuR7kRPmRkEsFpLoC4sATPr\/GTOP4nq63u7VF4sRJLtFi0qkGLBgbQiSIJZtFdtEjfxSrL6lqAnUrfYHAOISDQ1zIN1STDOnYrZ+Szd6N0NTZjKTFuAILRTK6wWG7zCeHuTNeZX8\/oHFYs7C7zyiGROiQkB8jkJD03SKBESsIOyuKO34yRQ7G+tB9M+WUrPUQDrOaQYjktHLjExIf+tn3Q0v0e\/rX\/xZZ3jNOD8Qo4cgJe9IBtNjEwXGPmZe0mVY\/ufgxNE1QutAq0xthgcM+KYUEAzsSQrzZK7ZOiLzHOqVPgXabqgy2oQWta7AlIrCSdCUHqqZ2Br7i1\/EFecVKIWlJ6vPFrZrOW1amQ6rV5WG6x9ovznlQWmBXygRZ6Zl6H11NDYyBm3Xb8pfynprut37QWSPCciwK7rtbnKe+EUnnE3Lnwb5XQzYSEfhojjMsjXsuZk2\/ovtBV2Jkl90MUUjDk4XeHIhe5n2t7qmj8rxsQKuxj9rBjDRjH+OIEZKEgLrFx5GoAGcYxzb3iHJF3TqdzTXu+qBokr4C959Ki309NAHaXzDaotCBtbPJMmwo9pqOst5Z\/tUfAwxDkswPSvCJzhA9mKCrSpl9Hf7PMyNrHdZTvaZMSASEy5\/sXqR7D3JPQ0B6dM9WwJIOoJ9KhPZ04lCOFJrW856gP8dZwzXWKZ5I\/qcrmankwbLnu1BKyarOpUL01fzxuRuamfUYfUru2TsLlGCUKIoWaMMrIKq4yKC6\/6T\/HJSYLPqY6fqVNsFh7bYwtGviFJVCGEYBPrNIOz4yL3nUg1+uS6Kxs3zX4N67DQOOGoQbq6bHyTlfJI4n01aPlGre0bfmC6Tp3JWM98e2jHYR5XNuWQjoxn\/Z1NA+ZLc3yPpyEnSO4zqV8lVzpFrDpqkbQ9ycyuV\/D1kx\/32e3Zc0t0r1GFlvu5HnAklFEwANPKBU7ocnXr4EBpq1xKM1aTAWc1RcVfilSm1xz82LQyCCJOc5iO\/zmin3ZpftGXkTCNVvQW1LtwAAhh0Zlx03rw7AC\/J1p0cID8UBIj7r9QeymlFafS9\/16+RcZYgdL3KUrKdHSbSrCPKTng4X0j\/abdtQxrxTSZYjKGQPl+WBVoLmCgqLLkuJIJhEXfQiPfgtO1fDtgu+l2TZCwO8OKgySKJH5cW\/"} -01430{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495208068843,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495208068843,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01456{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495208068843,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495208068843,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495210744101,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495210744101,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFXpAAH4RYIKokEAFgPgYAdcaAbsFTt\/iyv8AAB0I2zeQoOz5WyUAAEU0jhtk7ZYO\/t++QG80XD8xnpwXGKbf+FVJ+ISOgwLVL45kqQP6tSuWth5HXdoJc8ZyI19g5++SRrnWaPSJCxPjE9g315E4TbKU9m\/we74ovYlIndf6LYLJ0WqrP6o8IkyXDszg8SzZSMt4M30t4SgDRR6Q5o2IbPGolAh7UamAr90QEylR\/uIS0sasMvvkSpysRp9ckggnCAbstJcHBvinhjkG2VSPzmjNJoDsOtvPqHPtJvNpojktPxYWHTjpWdYUAod79DMkXY1vRqntsgNNDYXeZhdoXwH2HWV\/exDKz+F9bcgQNX6hnXanzIbxcQxbT7yuzcXLZMUP0rJvP9NrvYnLotM2YIP1NkqQ4MUgi\/LE+5\/YOOGegvWSeBErSprROif2Slau6EpF9Rq4x9QyI9geY7GPFow13L3eizcByac8aehgQKHihAWI+Aqo4T9GXf2lmgEXe5yhso68TiNdxt41vH2DonLNC7Tc9M7Yorh3IwY5xUSGl\/cKy8\/pNoo+tpLVj71oehQFnGVEF+ybMdivZd+7KU8tyx6ITEtXyiw3M6HXXtpk3dR6MsHhhasZ7jAjpsXi+vLpD6vyr7XXniVlK3Lr9tM5wlg\/jvTaI4NkA218LBhKKGxwAGv8oCPrc25uEEjEejA5BPJgFu\/CiYBkhUaI\/kKl+nzfCcirOfwodGDc0COV09EassJlEJui5t3XnNV6EBm1lbnXwDWWeI0ApwOcHPJltBOadayMvcNnaSTKZUXlUZMHRVbucS36AeTVGz2gPUzmorPO2uaLQlFHbWbB1zjXeyc\/sJ9mtAMr9ZhShgV0cowmNG2pc9FJh6Zn2x0Xdbc0IwQyY\/6a4THfFzmMy8Jtca5vfwAC0913Z93ITxHg81JUp2VflW10aNBAK\/3ZclhXoSqIkiv185lAI98fihhaKIrmzK7Fy6nPKOaw7vIegqSSG6ZapEOg4SzV+xRYAgVte+oL1b6sJHDlbzRsP5zepWbsm85VJ63ZrUR3u8MAlt62wM0wL9097D97l3SQ+cYuK9W7nyjYx\/9BD+SJW0v+X4XA4vtGpyhFY1DOIH63kMLcMhe5aDv7B4XYQtlwZaWWnHrImv3mrYyGAL+lEluvRLRX9rEY5R\/mNiI2y6wWHzjt9pDJSkSYvJlR0qHzUue0vQ47hV0cK3JJqNngTXscTgX9aYnkYr8r4MNj9MakUpjEbwITu2IBh382EjALjSzLNo2XcWehzOYL27v3D7d7PDtp0rnG4OUFoW+IyHj1keIWK86WJtFdeBDMshTrkFdQohEGsthgjzPLWNJmhJL8ga45Ja1nwcOo2JogHVMcm8q8wtFTZXshq8+LkDrjmtHkC+WoUNWaOeSKZ7j\/oemgVwqEl2l7mvAzOxEJr1J3TfhfKU1NpXw7rDWKDBvJTfPruGKdPzB3Gxe\/my6eLPCswoooJpfxjAeoA1wH29XDgAt3X+b1xk+iODC\/DDY95uzF1zP+yDMe\/+Jl96QUOQQu+OtftKDxI85nxzLNHxoZjwWaFyJc1wCIfTz7dFAlvTf4s7vP5d2w81Q2oT0WBCvyq7u\/FZL7sO3QU\/WJNEl\/cHjLi9alY6m3pmUEjfwLy\/F1tNlRzfnY4\/lLHjdHuE173k72dusgFghWwAhzZ6MyVF4vHBG7y6pAA0Aeb2SJB\/LM7yndloeF5OJdKc8z0xx74TFrQsJXZitMjB7tfvygzYT0lT0+ydw\/XW3s+g3kR+JzDjS\/1mehf\/csJdmyGhkB5thAT1Mu4dteApqj"} -01410{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495210744101,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01436{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495210744101,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495211515133,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495211515133,"pkt":"AAAAAAAAAAEAS1QMCABFAAViGaxAAH4RgN6okEAFQSEzSvG+AbsFTsazy\/8AAB0Igb5NFJ6PF1oAAEU0xCAwnLtbjGUk+fejVmQozQOg0\/ESmN2FG+LOLPBns4theX05eIqUs4AHp7MrmdBMpaQWbc++dLtAQvCTs26HRJJN3DNALzirEZEWeKXTpfa8Ts+3tIY1yxvgw0lrCnC6WI4RVm+nJiWVtstu+BEaotx33QRtR1Kn9gDj9C+jgzsJvfbt+\/T4njpF9igVWsDeg57RA8NGboKJBBGDNLF0BQAAStKBXmKkpSZb\/Ai8RWN1Wct3KRq4r+qQ3P3+\/sCREOyEForD1qoAlfL9ibjQ5mOCpDDMysyN6vJIZBLAIDyvg4ilAKvWZ4QDSMJ9OgKY0ajtVjTL3fziHI53PUsTfoKz2LhwyKEfX8BmjBWA0jXT+sxB1lLAO4+3hy6jMxtGkeNNuhNuHvXbZMw7KZQweD2KxBTPSRJj9h4XOpS9jecr39\/eI6Ufn0VUWTti96mlVggW1ELQ9Gzv0mt6Sj\/iXWWlhaBrl\/5KcWrRXkoydLMLw9Vzz87jbLyNeVZLuWpfVSUh7CI0Rg1OwuBa6nYtOTUcERnuMjACBglx\/HzzMAhlNNo1t5mNQXmjiSnKPJhZCnk3p2LZGXu87vxRMlxSffV4SqrXO7wDQkUSYxXb7oZWdtThtgLUTVT2enl18CO7EnZE\/hMsDrKUng1wrmlJiEAKhVx84skul7zziN\/swLfTsLc4L\/Rh56+ksEb5ZOBD9pay5QOHbuHrJRo8m4CZVNnj3Dgx3xr+3JuKUvg+kOM3m7RI3Po4kt\/n8LAUml+mMQfl4NvAr6ubkDP1xqfcw0TJPkD7yMj6pyeGUDLzkvCt1A0lzBCbBAB7LgMBDnqF3+TKn8wjqWaCXD9\/MfwpZrUigX6+BgfBJhekq66OqMCnJ+VHQc6YXwl4WRujuUw5VdXOpzTw0OxPy9jF30qmvc6CFrRXOsheI7s1ZpaGAgRg4XoM2GPa0j8SFSUdAeiDxEG8GLGwk9cj7WlLuHBSvlmgsNsYJ\/GryTsJnP+UFmNZdhzB35TcvHB92LSpb98htP1t+0qfXuWWt\/XxIGWQ05O2i+qMOSQAGice3HQtfoGUecR1tnZtD3M+AG82g+yrfUCtloJRNeKF4i+NLICfC15RBLdQmyBHI4Jp0PrgoY29jnIk\/NXK\/K69zMHG9dwfAuGYGjV5+7S3O8LN0VKHpZX2MPzHvBSVAEeLIIrFvxPd5WAk\/NlP+VCgZeDw2WLWwSoBMKn3Hb45mqCzrz\/ewbbbIqKa5xT0fE07dK1+T6w4nEhZjWHuJ+RgLpytAUeLaUhAF16fa9AfEFIgjKGqBWJ9N5FXIQ5vG3\/jF6jSbeNlArJDPsDpC\/S4qXX3v6NM9AxXeUI+b6sLh2qGEkgH5rpD+sQDjPQTrbQ9qeHP9ScuuqxyVEFwBWkAsuBI47Z78qebLTD5Go0mPgMzirhwrkhtfLutVWtNkaHwAf+JYotY4qEhDzPGiadbe1HrDoGvbocggh3pxX51uqeJMe9WOH1FUYy5Gu\/xsfRfOCfcg2F\/V51slWJp5X\/9o4XM6Bw0YcrHBxfj9HNFN648ftB8pJP71vfUXO0grtae2iZgpV2t8zUeIX9GgkZlNUlWEMf9\/3BjG091t76vGyBugi9d89TV0NhohcgwJ+qcoqlNXcuHjhk\/fOqUS3wjE+1eYp5M6IexXwbRv3Nz+DIlCZvJzr4JVfLqNZ7hMWmHMe1dmGGZmJYxst5jAT7KaRnygYqCur4qVoS5QZ1HM+7v4L06XXJCVSvXpuEzfgoozex+hKNh2ucO"} -01412{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495211515133,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01438{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211515133,"flow_src_last_pkt_time":1621495211515133,"flow_dst_last_pkt_time":1621495211515133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495211515133,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":61886,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495211714873,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495211714873,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFYZAAH4RYHaokEAFgPgYAf9vAbsFTmBDy\/8AAB0IOJJ3hsacNv4AAEU0baY3xqzzCvPxyArXzKLDKouHC7RJHh3pTwE\/T+gSQ10GMfO+dVkOJKeQmaLmpDDYpWDl93SoFgzgGj9JyJNxMfBbB3KINp6o8wpksTBkLOXzlV1A9kaeJmvRuK9RfLEFAe9vWScl9hjEsPcf\/QHzr36kD0umOekJmoKT6EqNBn5HwV2qpv87uu9skIz297knDD7vXWjxtwVhWb2tUz96K+btC4+kYJ\/VTNFpLAAIcX3fAe2CLqMf5rdoAycaNQOrLtyNhjw8JnO7NaOOS2\/V7TAr3iqoiWd7r9g+yYn6wAauOjYdWUM3sLAzE8JEijyJO4SAWMXK5LL45C8m56doUnVsNdTCfisF3ey+SwnsCSNggQyi7Ouznig0OBO44rroi3XNqvU4LOwiK\/7gydyfJ7z8wQ\/CI7gjztoz6kc8GMvLgxoJrOq5QzKGL6SbpCNfU6v5q5B8KSG99Sw7MC0kFWTOVIriQx89bvz3x8+ENfpFjHGCeDGEJs26uPwMaNh7ZXQJu1bIpbynvx5JRciSvltkVonCWFzNIp85z5bLW0qXOR0D8EYnkuSjvrZjqrNGNBMZrsHxs1dhO9sGDPIJZPKKGbiC1LxvCMo8xLyF2KZ4PDuHQao+nhqvmJJ0FnbteaTR2scFeXrZiaEGdUThIbCZ7xFmpi7zJM6Ez+sDozO+l3U\/nDTzpPqb+YFL\/0gJU\/AUM69B7j2ezG\/ZIzXQnvmArJVY6m58fYrvGMWNWx5RPDKMXRovwphMGFpUrttX+ttkG+hnB\/imTmkNkUHlqG7g4Q9yRPtSmiXNoEcRe2m8G82yLhBdi9vCclLuBd3LIW1+jXuzc68F1rWZrdVl66iE3UrQLgYnE9WlbCx8vO9E1HF4UpTzPBsFkz\/gOnRuc5WFYHt8O1tUyjv+r05xeK\/ucSaip+2KvZ2Wn1vtwi1odfHkn928POP\/fatifY3iR8WW85F8j4l7UkwInAOtPIz4a6KaKlhTK7GHeMTHER7C1+udBnuKafcdz2PCgJtfWbNxuRucdkkL4mtNfG+hQ\/oCMcBz2poMGIWruxUUwjSwDC3\/Z\/7ipxJOYFn0N8zoMZoCBCBecBVZsLuTJPhNhGB8mSVMMgG2PIsT5NsIOJgovfJrMge08M6CwHrIrU9N5WoiLUvWzJR6vtyL7kEOB70wX6qeabNuf460VB6kIYBN0ZylEP6ZPp4E1RdeoL\/+gOoUe\/V+fKX2QyW1NVSMf+bPC79LkMK0mq2Yhwu5OOnXK1F5\/htvUXqZoAIfhzWAb6naxPrZnP3UqpUf+sMeFX1+B6L98E8Ga9Q1eAsSEPQKRPMDqtSqUKcxSBTRIdpIsSVldrFya70Ko0OKwa4MImURluJnCIMGigCLraP1uJSre+IlkkCQHx+ALZFgGUF0m6nJCLlzQIPva5PhNjC1BFxFj1qqzQq2jmua3tWhbeE7be6k6KK7E9msFfmbvGWCvXmtAa38RMRgtaAp43rM2bZelQ\/hndrt4tse1PjmE31ey8yFJauzvzqjCU95vawcS9zc0SFlOFUMyEq1YWPNDLhqRw2bLrw77gsmS60Do+kYYnbefAdllcPRD5EtBLZ\/rvvE255KhAfhLTFjkdJhuYORsFfaeyqgTFqFjOPcC5F7SZ6rgIV3ZOpPO1FLTknWKAEeYHjfgojr6Fd+FA3kLkSHqNanwaRwB5wf+KtFKdlHSWZ248KX1x+WbTZxOW144N1+mnwBxnyKg8oVlnpGY0NEGjU76RZdNILMXhsMVMGO5Nf2"} -01410{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495211714873,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01436{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495211714873,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495213177650,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495213177650,"pkt":"AAAAAAAAAAEAguyCCABFAAViV9lAAH4RzGmokEAFdZR1HuXQAbsFTiWSzf8AAB0IA03G00cjw3oAAEU0zpEREYtHc7fujisRl6Znia+7gzai8j7ZczB+a4Fyh+TnPaUk2oSi6h8oKvmj8nm70si+eFwEDb3FGL0hKLe6Q+jl35hlotxy8iz2MJJ+5JCecVMwWZMxK7aUkr6CaJRjwV5CAn1HRTHFLENZoJSkm3TO9IVstjeamQNND1C4DAYpZCGs04m3llenDZ\/2nNSsBRAqLZzlWTAHq1v+l8D6eE3YZLIpE9IrHycGHzViWxzXMi5yEaLjXG7\/gQk6gthaWh+hPIwJXrVk91+SXWpGfGKCCJtYXQe\/YYWnkpx+6u0xCJrCQ8l49V7DgS4W5guuiYck\/qFFKjVY3epgO0wSz+88pQcwVBobJMMXob69lIlXUiGJFQRdauvWOZcO\/L\/bUlflHcZ78ul\/rMPxQOiK365X16shY0I9m9aYK0vHWaLkQuxh6V0ZNOx509fgaFleyoO82d6dXpdyjt1rJM5gsDy8odRbJsobykqUplaDy3hP2x38Y9FzMJXsgHrai1zY6jqfTltw56ae\/7dvGxvxIVqCGlfOb2WjNFBF9\/LB8quZqSRVstaohJPnGpH7kVyAxNV1GTpVzDBbsxBWsfLG+Y7\/HImytHwpfxKeW3R2CAwJZXalypABlNkFfbhaeKzeql7ba3QOrsZyGQN7oaq3Rq3MAidC50gUVpQUByaEzPovR+3MmbtY6D5hLfj4TN1QByItBrTV\/XlHoWnrq\/DHJ4ZfBK4zLh4CNky8ZPsi936i8oU3g2YuXcCw0bkg8r1WCGjKJv+rdzI5ilHttek2MA7UUHCX5ICi6MB8S0s0wZiaZIPzdp7MYwsb4SgwIeWyJ2Ljz5IdSO5DxWBGvbcD9yl+3B5kIRZEtQmYdVCNieJFQkO6Us4QcNQDENcnaYpjFm\/ja8QmX5kP93aPcbMzm7nfVngHcDxxMgMXHIvkRkcvMcFjZJTHJgMU5LFMiXkxk9yZXV+hQMvPDgQgvkvRiW99Zwppx6x\/J1jFTyAohgUibbubWRLh2AAzOHgCz2ig8L5dy9K7xCzr2Xth\/JmLkyadTNCAUj3zbID3KEBBrhe454xxmAcXntpqr8uF6By1xuvy3exW+x5KB9i1AkZNkw8L1Op43WXQvcjQxCD2resMdq+jtdzg47L\/nQ0rZyzurYJ5tT1FAT7vCsWTCaOAsiVbUmvYE1uDvAMF9dJOXuF07HLb5+xhG1XKtBDaOfchBz4SNo7+00DbN4f8EY+FxpAZKzDK9+wj+5BzVIV5iHrtH90bEmt7eAhSPZN2MjbGFeQuyxUnOzpi\/795U5CmJvNPvJeaGfSzxnjjNqBTlb+T9XJYP1XT7ItPX5ZrMBWdJ6WInKgcMnSb2gw\/ieLuFgYlaEbn3nw2Vps5tGD919b7P4tV2g20hLlqcbNlmZvviPXipf7UweSGsqmu4S0nRNTJ61wiXAEF9d+3Zvcx2Lmv6aESs4Y631voX+3P0avN1hltZJfMZHdpe6CRgj1Svw2JJxscjkxqwmbkwKldXEka+ot\/nIwrZRrkvverD8GcfNN7+gJOU8G7udQ0SKUSqI3DPyaSEb3IvIFaVDZ9Yz+HehsjvORG3zJlR2sfIgeQFPc8JjjX7ExTKf4uZOMgdLlrhCbrevhMCmiyKdBoPDkbnbi+c7aKMwm4qE+d0MtqO+rSQNHrDkMuYBESTLtHgl3RIqbnlrw9jNZIDyZG7lobW7PunDtEOt++PlNOlUQLnkW8gWBV5Vw3kQ50hMAtvSrX7RiOHr+5QxC\/dT+DEQPpku4M"} -01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495213177650,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01460{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495213177650,"flow_src_last_pkt_time":1621495213177650,"flow_dst_last_pkt_time":1621495213177650,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495213177650,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":58832,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00825{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495215529415,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495215529415,"pkt":"AAAAAAAAAAEAz315CABFAAViMsdAAH4RrXyokEAFJjkIeeQ9AbsFTmZNxf8AAB0IjZ\/i0MvbChYAAEU0Kuw5tIMbBep8zuXyFh\/CQw4vOa+ci4Wju1UfAkTGptA3xc23uwjbUED35IsAoT1c1vWSSpo1qoNbbUHZHartpYEZfoDzKqE0vmMKIRKBVz8p9UZnDMRqEXsN0o34IBa1u+5euUoZbZycVQbYG92X8tEJZUuLJQNPn7c9r8wIv6AfrnNfGtmki3v2aiKtRgXC1xcP0t\/BRF8i60R1e0\/SZfsdw6zmYKvXlb6meRkpRjolbih4G9oDqWoYvNI3EweYqf18S8s\/Xw6XLAvhzqAm+tqeiz6MfzwYKpLZdbP+6NSV4r3QlXmUMLI\/jOvlrh2GzjooQOG5gNIFQswRTZAMHIhQW9aX0Uhtiro\/cjYViGWEjpDbnwQi\/f7j2jafAUU5cUdCbYu6b8KUGI8MRCPg03ccQcmTOrbzbnsYFqQdZj3Oaj8oPF89fzvyu7ZZXic6q3INwPefXtAfiCceDxI7\/qwuFETUy4AU9YE7NPDCQfhrqLkBFnC7toLh5HLAWW1g0atzU1bIesqMtiWQNHpw6ilYy0P0Mml\/aLO3UASH2I3JzMRigR+aiKHJTQR\/7qGDxupagWFJiIqCs23iBup7jh85U3Fb7lC6WFTUyRRb69IuyN+9pN0xgb27sCXsGTU5vt5Xt2fpbYpKxX\/1dPfIOhbYqrmreZW09kjCedA6npXTYF2Ddu\/RWOqA5Xghl9jTCdqu6G0lVaF+jiT3YIuLbZJBefXJGeKLb1x3aZIAvordZ1rRKFBzQeFxpLpCEcohnAooS5OSu2JU2sjJcG1hFM+uZdDDe2S8bf3T5QmynqA8xZRBQc6ToAej8kU8ilRATsLphK1qTG\/Xz7HAZyaItvAVUzN6AWfe\/ptcf2FpFG2vlv3Nc0Z1o2VG2XhPHikHnP5H9GmBG4UvIGGheJm3UYfUhbFAGglGvMuSmmtTawrqACMC8ZL7+eywRfyAHmj2YOXc7igcQwM2+guxC97qeBDa6jfdMcnO1bIdOInih7VYVwp0RjaCC+xN+4sckLy91v+s6XAPniEeoaqNyxLx+zsyaYE3UO5mABu4ikw2PcrohSn8TsfYSVSIfgAf3oLeJLdeG1bAZzEHT\/leWIkPiXuKIU0JDfdwOyXbw0eJ5gIW1YwjA2PUC5WJteN3WrLf8QiM9XX\/Vnzx4CmxYhWKkYf1Lms81UyEAeHrhnSqRF4\/AUoTnEquDJImovna0QvL+UOKkZSGEQcIAHeGIN6oPpH2oVBuiKI+RIvF5od7\/HWj+KFD8j2HzDyGRrNak8i094ic3pv2Aa6Cy\/pDa+ri9GH9xvhxAT3g2LM5lW2jscCz4hr8ebvRoA6CFelcv8lyZNiluZSp4IXd3iBFb1h8XxnRIE94i5gNvCAP8AmDTshrDks9RUCJHBBxk2BRF01pWvmRN8ElDWQ00dKuNP43VwqvSZ80un7FDHwLTAiTkBxVuJmvxpNZO3IULz3xvMrJ4LFPOw4b5QWDjTvT9WZlVzi9JB\/dTancAXzz2jBSEE6cYk2wWN6hnWoimeysgkr9X+fnYznZZgkwvcmh6\/9WvRiIEio6b47a+d\/jSjLA0myTcbP51ndIrUeSm6xKHw48elW5Y4cR28w74dfEdPAhCtbHXOrPtvEYai9yvuuXjnL730N97zJThOnxmNOFbUdMaXOxLxlVUjy3ij38AxXx3a1TBJPSG++6lWuMKq5\/ce+1tui+NbZpHfRwO9L08Y5JbOLjByhgfrTXucF8VzVamDTbs+YZB0jFlVnPIVEyy9+ALSpx"} -01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495215529415,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01452{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495215529415,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01157{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621494599158885,"flow_src_last_pkt_time":1621494601272036,"flow_dst_last_pkt_time":1621494599158885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495215529415,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495262761779,"flow_src_last_pkt_time":1621495262761779,"flow_dst_last_pkt_time":1621495262761779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1621495262761779,"flow_dst_last_pkt_time":1621495262761779,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495262761779,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi\/CxAAH4RFtuokEAFcfqJ89i3AbsFTtpyxv8AAB0IHXYeW7GbkDwAAEU0cyqOvF0+zYFsDnDfj4qOegRwsK7IcQ46MH6ESOEovF69nrZGDb8lKJa9phduFdjj1k7I3mcSp4Fdox5WcOh+Uk0cZGV9fR8f0Ov6zlNHFynF0QcbyVzvpNKgfvb8FqOCsESZfnFqWIzSpjIdVFlIM3yGTD4xRjUDj1lkW0ZKllGp0aQyqCDwNkB2CqU7d1CD72aJJk6ATZ5lUmDmABhPxDZwNUEhhB0chtpF8CIMAjmAGtezZ9ouDWqW0JaiqP5zXHWUGVi+z7DqfOejMwTbhzyaKq6ngzgT0dc4966YOPgwrtJBmxim1uPIY6NQh1pHbxeKNPmo8hj2epIuOqIMeDvvwdBWt6aow69y0olkvm78WUKYVJpmQdNWK+CVp+C+UL6rmP4PjV2PigOvgJF4H38tUPzh65GKLY0ga\/03NYN\/hX0Wcjs3++ENhz4iZc9+ddaf4+4pRDlD6mkW65ATNBDIl52suxSlHN6HoynqSQY6oZvh++nCIkcG2JxZLMQ+T5nEGqj1gwsdkjle94+N9qANI7eVxlFdlntuY1+N6nk5tmMWoS\/R0WbGishHO3u6EhfykqYhHXVE59N0j+8mB5Q9+jh8ZGBt\/NKUSJCoOfZ7q1P7RZUejh0sTC65YebfomkMvboGteuZqOvQk5NXlMjaVzstVKAdT6JvVJwPuXaX88hdT72igJ3B2AlgfOI1RsIfOC7FpyGwZsX0av\/4fXJ6M0fmGATLs+LOo4iBiEQLKy0SWsPZJRQK5lZfzyxcJnxK7ZE2ACTGiwRfjEenycHidxzoFBMaR3paq4nM1XEwRUFSnVOIS589othRj472lPeD94UycNLpQ2JPV22UDBzaHVYUBpfKZcwtDascUlLDRFdo3SHiMcj7LOsEcBA5rulkUjsct5xpoNXx5B\/B2+m3KXZ00FyHamtLDjb7Po\/NZFWUfzZKuP1J\/hJm8Y99WXOElkvVgKn8xnPv5xhHavshHOttAR1+3H5+GmaPeuozfGPx1lOvgf97f4mVbgfunDuvEFxroS6I721gl6SvWtXHjyFJgJ0rIse8i6rRMQEoqSyvpxXclyfXHJ\/psvDdCdjhdvfvawUeb8D4u\/YZgul2vd1LWGMVgejI3sOxrePT+0ro1TsD+i0FH5MXZ8HvKJqB\/TAP3NBVUsk4YNndeX3dsYusAsf3qVTja16TeR5sSx\/+z+wRVz0lq7+OCWGxB8fNRGzmbAenuE9pS\/k2Ghc4RQd15aI2tGcDl7Yc7AtkS9GD1efiAgnbw\/ROL6uZMSwnSghBH++dvDhhHzVcSwVinWhVZeyH9xqIAn\/kFmpDD9BO5Dxi3TuuZgOY\/344mR5RfwsNXXiMndFoP9P9LnMgWMYN5fr9gxkoFqo96s9ZpovfzjCbESzAw1U1OTZa7Lw4eJBkreLeO8mAYYE+LTsjfFVvC6rsliMl92joXcb85RkQrnTc4eatNXHuuYwvm\/Dr6O+7Ki2lIM4KcPnOCaF82c+PeLXbukzNmSEE3xvbz8wD0oxVX6eIeHO46TvhNZLEqAkuH1Fk8o2uNjEO5NN\/4T6X9Vx\/U7um8EnKZhp\/2mSs8gyRdalK6y\/u3KgU\/B7rnXkAB8DpUU3+R\/57bheJygo7zgvAvl0Dq3GraOVbrzJOvE85qkvo2AcnP0BV6NyqQmSYY0qcb0HX5twA+m3yMctUDJ6LSc5yUQvOXJncRh308497vAxONTdvp9+L4KLUhVLOh0L+x+RbMxsPkaaIn6POFyWoSrw0UDO8jroi049O"} -01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495262761779,"flow_src_last_pkt_time":1621495262761779,"flow_dst_last_pkt_time":1621495262761779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01459{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495262761779,"flow_src_last_pkt_time":1621495262761779,"flow_dst_last_pkt_time":1621495262761779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01148{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01148{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01159{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495208068843,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} @@ -451,16 +451,16 @@ 01159{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495262761779,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495274945905,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495274945905,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFcFAAH4RYDuokEAFgPgYAe4GAbsFToSxy\/8AAB0Ifg25e8dGmIEAAEU0NqVCEso1JyDnNa3XDGKdMJ5pTtV4nHofZAOnT1W+icJE5UY0TxDpCncREJLRH\/MPp7gaAubIBfy0WALhYVrmN\/h663kyTLy3uhofsu0TFEUnEWA+7HI+9JmK++aEmLEdeW6aDw9AD7oHPVlHJCcNoL6DRjUXNW6UwhifFO\/SGjrLRnHDVvcCbj383i203PYQCpsw1TTQLBNjWKjDQrTtIXrNx4V3oD1ei\/pnb3fnosV0RqaaT5EdA\/kbj3Qunb\/sj0TkZt219kbzZOuQOBwN97ZcgkkMco25yPaA5EE6pEJVtcYRhFHMV56RBuHnwBmJlpzat7EiWvBo17\/ZB4IV0XDC1EnRW7hVi1JGuDqv9wZh2naSmQwKBXisH1o8XxVgnKQThxyfXjf51QhQEpwyOBsPYA3sE80VUeUeF8YLmKJTmzCfKKen33pI74rSdatEVK\/riZ+k6Nx5Kv9ipxPveh\/OIKxrzg8fgwo6AtFiL7zpCKxJqETtW0Xa1iFaOYl7Z94ySPI0GrURbdOh17EWunCEGOaxFh5r1hyG20LK9uvCozSsHKRFAEEt8MTzWmZpHhUXoL4EBByiqvMPoD\/japbNeuqz+NZjcIAzLd5J7FIuRz17WAcrSLxduUWgAyBLIUVUSdw8wWeTbHOqa\/\/igt66GxhOxwnJA5q2ICcxEMzAYQknRdL5EwIR5G9hyMyaMEPKFuOhlR5K87PPV1OV5HTKBWuuQYcTSS2eMTcfL+LwS5zCy0DYr9XLJSQUeYXIgqrKv\/AHsPiF9PATspeWFZmZlm5GhZRglJ\/XKQG9XUxzfhDhP7y6m5R5\/xhVN6r91dLobOj3Hr6xnIg91wuWL0hkq29euOXZEAmYABS2BlN1JqxVxLeS1gYwKu8ZXJt94wPKz57Z6Ujs9YFRokZxZZDrRK8PX7BCPLDmcPiN5sNo15756ioaNcl4AX4v0EDRvDj3vYMKyFtQk58BOP\/uvTqrr6VjolIemKnqeJ\/sLePz3jY4p3NKgfKlmuliP81+pLj33EztpDUD3jYbL+MxSlNzeEnBCL7fOUVNAt\/9QxLRubiaTnxA0KR3eUjeh2rkb9KibkuXgAjUnvVEkK8aTr4Rjx98mH3whwCOTSwaDUKhnghn7bTjoDbh7vaeGMq9kSnvTDYXLIXgXgxvzNNlytJRA+bygeEgrquKFCSVVMG8J90v4BnHeAlvc4DYHIx2qJUsM8Lon6vK0e+65TgpTZKgASs0YbzDsVlALTwsNmrzZ9Z58wPBg9nT0ApUWY+Bvw20yzKGeOF5612Kox\/Kgw9M\/S4tLsnL4GEyFvrXltx2UtehZ+rnmLj2SsFbXxyq4ELJqWAjXNYab2bIqTsuwJ23bC\/hV\/lb65I48n7iyde1m67ozjQ5jCDaDVbnKLpriZVB6HPOjVFDe\/50gs0o2kVKPKEL+M24zTzWjn+gbaBdA9Y368TDtVgDjhk+0PWGeyRoCBcFbrGp3fBEtCJrqca3oiS4PMmd2dDVIxkr1nY+QSvCz7lxP9o7YB9OLPDxQmFWKlzHaowYyGDhQ4sUFdFiViXFRffQBO4GUEIqLifq0nd\/NakpsrzU0RqS5YG6uNuPjih1z5buPD7ehrJADajo5Dk+\/f+3lQNTFDfdZ3dd2xeZDkmq80JGAEpHPxGqurIijXd+lbTozqxxqwjhTNnVo2dxefRWbTd03ai6b\/hGokXWjfwn5SLA1W2FheoTwlBMf8\/nG5VrvvfTQYrAQiW0QQNyW1fjr5XCEJZ80G9Ts2SO"} -01413{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495274945905,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01439{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495274945905,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335381922,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335381922,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495335381922,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFetAAH4RYBGokEAFgPgYAemJAbsFTnpTy\/8AAB0IqORxJIJl5AcANwCt8wk1cWTApsLKg0qFIIeFQdL8SjnJ21Nj9C4ozIKEt\/+wUZf6f1dPuOm0h1m6yoEiECIbZZdE\/WQnpsKHgdsGaR5qXSnOzRKlmZEms2BJMUJ1gJU+1vqiiTqSMdYTSeQg70VBUuM+3x9Wsw2E03o+Z1GMG+25\/n6NwMjxWm+gXFY1NRlTMkV3W5wOYWyWtaUEJ1GuxnVEaMGpdzPW1AV77AHNHDn1TnbAucEKPzy2Z7cXCuzDt\/9H7U8VZWCbuaotZkdM07nzYkghQ2qDyvNpXGhSNUL7bHDAX3gyAQajMLIOzoUKNAKYaqvN115jAWJ17Leuno6gulXzhvDTc6h49GuoiUQ8KI+Xu59zdoInlbDcFVAjf1jbarKGcwBIepEYbQYRji12orl2Cd2J\/1+Bw0w1aY5+A4\/nXR8NpyrOqilQzMZ\/djaKFpDp2wQtkiivyepGkDCNsqJWpv3Mpp16MQWh3knQKrxErpfqX6AvVazEihxnMQ4\/lZQJF85G6i5\/hhqxRgpLlfxqf8yDAXnP41Vs+9APNn2BuhKubR4aoRulNYKJMq1HmrxFJkWYPmROIqVMuTJ5gGI14OGVc0hdb1JAS5T9H6PUnfDQ4xy0WRLpNbJg4pHooWK\/poGpYPpx9oWdXpFju2U2aLPXQHaalwlFujvwO+z5Kp3CS87EGXs0ZDZDKSALKh0LVBiIak00fb11rcVbdm+DMJDj4QQFBjyVXvYpD\/s3UWsVChEZkFE3nedCDj7vh+5c4gCp05wL1CyNlvX0yC9nZNrd9PEWwozxtSS7auEid+pYxl09QHK5t1svYOMpxEDTebjdq4hAcn\/6xmLg313Z5mnqQGjc1IbzLZAaSMXJYCkfIC83JKqjSEnj4IL1MdqJxOx6HDNp9YD7d6\/\/f8\/wL9ELZHhINgHddlPCKvb86VVYNVvmKys1qBiqdarfutbDcX5q7MbS59s0zBaWxPuzIpu\/\/y4WbjIRgu2TWCnWJSdPC7Qjc2fNbgvcjVvEkTgtAb+pWGsml8538kvECQrljr246X7pAeQ6Rl328xa0txA2awkdTR2Wk\/07SZvUhvNVrpZHNN\/uBdVi\/gqFbPaQtmNYr7ccvsLKKUtd3trzmLlGJjqZrAGduvrEEW9NJT5bIWNvWFv4br5yveMnNX4bpaDG1haMmzx7U6OlmM3KOomrvbRevEeZKz4OYXdrS0x7AiJn3cxU8ZV6t2UtyD2rRiXkxP0GH0SMLlUVrIeDAeXS61FKsQViw4KbhZuYC7JG35I7aDnBvJpT2cojLKnh8D22UVQUC7YIz+L+JkQfLKHmScUY4befIcVYhsE4zFKdj4FbcDDZssysQxUIzWPXjqO85RbZkVhwJZ6QcDMA\/InscSDocIji+mME\/SdF8AIFHFhYqcxF3XJEkr1XiAnrNSjsZrdhd8QomNgx9\/Jva6PaDsTSQtI7y2LQGeZPv7cqaxwKiK0J7JoDrx9arAHuWtQe5bt86Bh81MG6c3EsNnsRmoWdIC6JrwhXNPDY0QTlJMC8ody4xB5guQa259jQwXtYVl6cLF2RxeWEY2NqprP1yX7UldI23tFbTyJMb\/AcwD1vmzT28UF\/oSbC\/3S38SJgbg9+aEbmVFuD944Pv50FJTPzleYonVC5A2YOH0x1NO5XI3iKQM6C\/1v4Lh1wCMNgPJK1VF9Fhh0Ta+l9iAqD9rEm\/DoiFxRwcYyligkxTdm1h3T4\/oYT\/Z8Mgvo1yu23DDNKFJAsZXZlSE0AuNsh5V+\/sk2BjDwu"} -01413{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335381922,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335381922,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01439{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335381922,"flow_src_last_pkt_time":1621495335381922,"flow_dst_last_pkt_time":1621495335381922,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335381922,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":59785,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335383189,"flow_src_last_pkt_time":1621495335383189,"flow_dst_last_pkt_time":1621495335383189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335383189,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1621495335383189,"flow_dst_last_pkt_time":1621495335383189,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495335383189,"pkt":"AAAAAAAAAAEAU0VlCABFAAViNPhAAH4RJE2okEAFmWIcTue\/AbsFTvGexv8AAB0IOo3jhsRNjQEANwBHxNQXfZgQnNGpal0okl9ccuiV6Xx1VVVSOoSDjFN\/WqaQd3bf4jLTMfe18yDQYl1ksGsIMjJE\/X+k1eq0cqPlOyX+nVZA3CKUBe+I06Q01b7sXmYYhr0WJT3kaR9mro469WK6gpT7T4TFYwMpIrtaDA6muvL250OHHrKx2t\/b3j+rVBhRdyz83flQDLS5iJyeiPX3ozrRQ8ufwzIu7VjaOgPDLFPf9CLW6Ex0JWr6LOuOaf71I4Deuwp47CbRSo1v1DJgKlHv23GjLnkhuFaey4\/n8OHVzpyX5hGwEHk01EXAy2I\/0t6k5RU07Rm\/9iC1+Anc0an6X\/5En\/QcUFXIDKQQ0Thy7dKi6TNSrUp6a1tBrt6NwQ27tW\/1KPud11aAq4HGehTpL4HrcEZJ6WRfhBzyOJR5FMA0B\/aet9V93fh5IdqLX+OC3ZB1nATGbkICNniKaUV89lf8n83peKZ0ObXe1ZxWdkVdcZU3LEFcVpo1RTuE1L7x8jQcdWDYcvdEn1Te8UHdP7yraROFUsioeAfpcF778rK+5okAR+2XHHnSdnOHlohFWI1nH1SREZrVHh7JRhDyl8Ucr\/BgNlTDtZwOhLvHQrKAKbHZNh+Yop6avCoxdZcyMauux9VIsx1V6ZcFLgXOdrsIQBCslYzV1nQT77qZUFP5pFFJi6yKZK6JqNzTNo4XAtE\/EmrXjIctL0spz7CUAko8ZCx\/QlZojgyY6l8\/mF\/t0GdVlTfXrBS8k9H2GgvfGIItBGDd7oEIXE8\/x7XEay01BVjgSd+i\/fFLDpHQ80ZkWzpHV3HT72SAoHktM64YPvjZEUI1hUeWmJuYJPomtO+bUx7kO\/d90sGY0xqsv2HBsIxKXVokT0NpQb4HQ\/\/6\/ISGzQgrUOpdVkOQ4Ov2jxibQpg6Vu4ywzr3gBFjvKwX+cgOdNrtcrtCO\/z+jSIIOWVj3BibuGPE9poYNEM8A3bcrqLJXyc3G89K4CYVPfqcyne8lrvC0IGJ1zrYdFUx3gECn4opv\/gdQJXtuOTrUVmH71S5XqG9H0DBG\/sLfb5rsQm+LQOFMiN+jrhKPRrA402Fu4L9OwLTll3iaAH2TP4qDHpL4lAHSm08OEvyaElT80VWlv2GLl35bqH2Y39bpMCq7CkCZv3UgOh3l\/9+mPbAjeGFb00aqhN2vkH0TkgWXcwcZksbOsM+yV8OhtptiXBR4EU\/g0BqPYUf\/i17kayR5JWkci2qp+nf5YWFnxyDprRblGELorjZFQUlksU2RdG4SN1MF4A1eeKjPZlM0HL1zDrMIwtALb02IzmQZ\/Bm\/WUiUYaKyLJwcs2ZwEM2kLSrZp8uJyNf5M3uLoVEDHlKNLba7DN1ef+MMOa7CGGrjpqpw0sZPT5ONzbaAHLUCfOebBzKE9NIEP7C8UHDBrcv6G5CW3oNLes3+0POLAa4kPIRIBua7JjztiSUYQh2RHd4OJOvzA71BVztSPvZl673nw7XzMsbdr5yRgpPAO5OfmfVTBLj873AmjrBo38xLoYPXshplGzi0ikFEynS07HFKA5UOZGq85zAFFcWI5HWixUpkCsAvcwId0fp1BUC9FDRIAhfc\/\/KaShDxhdYfYHSMEK9PXtdq234Pe7ioWnm11vuwdmo3GVpj2tG8uaQQ7pQ4Hvyo2VkgXgRXCH7WUw5XTIbb2ts1zddx2Lh9L2HgixwQtoUEyPMYDhKUevyM22X+x0NPUTz8twzls5Hg0qwDa4hANEFshc4a+3VtH8uy6bSdnlQBUo4quCx"} -01409{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335383189,"flow_src_last_pkt_time":1621495335383189,"flow_dst_last_pkt_time":1621495335383189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335383189,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335383189,"flow_src_last_pkt_time":1621495335383189,"flow_dst_last_pkt_time":1621495335383189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335383189,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335836969,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495335836969,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+mNAAH4RpI6okEAFJ+NIIPm1AbsFTnliw\/8AAB0I4pZJfic2KdUAAEU0G2\/JHhTaDCySWTsRyHcMkznWFPDz+s6YIbogX+v8zxx769L1qgtkV6CvE8r8hbHRMlJ4aqDQ8cnTd+qnT2W9TfmVMr\/V0QP+6QvVQ48j6rtyLfieLy9\/2EkamXQtFIYCWvvW56wuHj2xCT+50ITw+NRr+y9x0NbAGQWozGRk2nR4BKbEsfWPX5\/wqL6hTsunv94vRDKt7EutCZye28TD9oEZAHOg1MaC1b7h0oQC5kjkApzmv08jnPKI9H9f4j\/JQA77vXtBo3U2wrGwehzISa+gzg27eFe0Lz6CL6yGLEsunuBNCJshBMKrp+ijV2rgvg5UQp7dgHCW\/1wu0moHCOx1d9YiEenWAscqFZzCaENXUAI0EuPYxVrNWL604hKBfbSm6P27VV+gA1ELL9R5AQqvLOn6Gmh7AwXHx1PjRRS9ZZeTZzDOrOpcAi0CggBnKIRIsKE94hUybka\/wHV\/UX8z+55FNlySolQCpZKIkqpC+g\/oYQng3hV51VM7kvO5KqfG5HLUVXPscZuabo1fXFu0wfR+YOWFQmXwAeKLw4wbgsr8gSevv1IhYdTeWBQ3qCSH2Tppj2OqfrOoirytq5pj3XRErAqPiCY9F2o1yNDW1fTSxLigm4qy3VUHhT8BbSneM9jhuRSjXUwtUVQiTkh9fIe5kcjtRbujl3+qnTQpnqGD\/TlHOvndYb4rgexjVKSDC4knc0rUty5gi9WhVovaDbmyNsugebY2WME6BJA8Lu8NcnSunCdew311rjHn1f8ncvLm+i\/OY1PB6SImyOzhch6rbP\/IjlcVBQcR+URjxzQhNnom+dzvRHE5cIEiL+1dwZRuOOr7bNmFIX1287mpzg7yqBscxlRDWH0ocb2H4WsfiWBFpKFARkSseaSsa2eVQAIL2m1eD6Q5t6gvJ\/yS9s8El8JwzhGisbnzry5Xy1K6Eg04XDT1lI9sdOVzonqquNY+LbcWO481trrWSpCApp5pm2FmvuVNAEDcE\/leVs7Upo9W3dNaKtj2RQTYCO\/pqhTPVqYf0nCLrPcAqiD+9T41XijcawBR\/vbqo1tZ4KEM0cmR5k1AUaoIZ3+Bzv6PH6Hce0+kR7CW4Ep2f9lzdo1J22p1axhl4ULPWrGGIQfQXq+n5fOWuwREvJQKtwN0C6+WJUfpd91g1CybKUv8MFVhdUf8Z9tfVjfisE3C9rOjB0k0MjLYkNVv+k18kjbqvZJa1J5DuEtyRwEzwZz267jAgfJf\/XgiOr9BkO\/0aR6plCQdvxTD0K6L19vGxNUgCvzjD4L4h8+noYGT953s8stid+4KJgAdsiOqOYzNzPEmgyvvlweAy2zeSHFiyyWUyyy76HG\/MQrVwaXXVfHNGbKhxR9W0ukaLCsoX3onBUGpohxenfTJlZzKL8f6xYrqmYbQV\/2yxhBOtahomZm56JtJZH9kbZ6pFHt4JM3e21Q9rm\/tDp6i9hxJHFb0VyAuvq537RsbPY1kLQWWEsQCs2Tt3Wk40kzGVdrjq3\/r0EUSSt9U+OnMb23TZeuTw1MquX\/yStzFhFP9JcbwXaoADfNoJC+bQLJ8c6WKIjeXyYcAg7kfdAZVh\/F91xeHHcxgWSpMK9hXHHSBSPCeVl1GoIV7g3PihVhaG2LZCuQE7\/iMdk6e2iUIg8fQ54B2ysh5qBAxEKabZxJZaJfM0WbgXRn3GIisLwUCj8Xw6xgKVQ2XrDNV1619IuEcLLz0LdB+5Ys9lRCOKjjsDK7YhqYsH3VOXEGIEM1hAddYg5zeKKiO"} -01410{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335836969,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons2.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01436{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335836969,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons2.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01148{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01148{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01148{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -471,13 +471,13 @@ 01159{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495335836969,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495372662391,"flow_src_last_pkt_time":1621495372662391,"flow_dst_last_pkt_time":1621495372662391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495372662391,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02379{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1621495372662391,"flow_dst_last_pkt_time":1621495372662391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495372662391,"pkt":"AAAAAAAAAAEASYHhCABFAAViK7hAAH4RUtKokEAFZ7MouMMGAbsFTkcuwP8AAB0IxZqmm6+AGC8AAEU0bV1phXsNBAyduWQMMwC6OLQYyTAN1FxuQVMaii5rW8BXPGS0FRwk8HrnF9xMFnBPXfvvEo3QBMM3FudHvdk8cEb+Bo8BomOBxFWNxcTXQHnGOYwDJRX3D+VGcXzFwUoYmTqIRQkkUg\/RXDgv4zX29xNTFSJZ2g4nrk8eulw5HhkFc7yauYf\/ApGm95lgsQ1j+7m8PBWklTsQX6hwGdXDIAv02+sMBfhTQchd1a3DETCVvIEvB3zgW19rHL3EGi1JVlsZU4n\/sCu9BlSoqz1gNiX5dZptoecFN1AbSN0j+aDykV86bt8EAW+l7neIOdiEUtSDvZYs0HOSy8d81eka84F4E25AyCh5Jh4qKAUrTwyky1QcKLkyUsb52v0nNZPnkgfOerwlcB6TuTptQskR2whmUpX7JY7NpYzoP+bSiNZixNyHKsy66zeLu36e+mO9OULTXh1nTVJ5nWB3uSmA7NhWQQFE4WUtBQikelX5MZz8WH2ysNSrIGAoo\/2bMBVU0RtpogNGg7hQ5yCYCS9ewZ13uOeB7XptgaMPF1gNLsQtCfhFk6ef\/IGD3LoSbvbOc0HYo+mifMuhyLvoKbzbavtQTxjr\/BN8j3ypDUZBjhEh438y6mmn1f7adohk5c+uxUd8mwi+IBpv8HBmXQY5puUsZypJHNztPV6aJIh6Up0rlLSwWVKrIC8xNAsiNPMAwoGGx\/XVMBulOOZ6hs\/RBHhwegaA+qv64ubbFEADxru3Zq7D\/YYhDD4KHX9f7DbtYtgURUiA6xsJhOOXb3ciQi\/vZzxt6Mh24fTbT1zp6Pmg1q7vP4jIWXIVFXNJCE7CuU9s2seo56SppSuh\/r28+L9mCauWVe2519clc0WesPZGyQOFWVJGUBtGpU8MBYk2YAmeOz2CyqlNn3SdiKTur+zOdGO8ie8klvK7F8QEXDrzQjkWCs8ClQh4UCknNZJa8gpVH4lz8rVeTWyHJza3U1f938XY4whWDpXVkRb2tmvmX1IQF+lQXiMyPE4Unt5vxehyMhS6SLraGYucF6p4h8DCTwkmMnGAS9zwcIT6fW4iTimSLnell1BouaNm3iu0jMNHt2e7LduTiCHwMdWuN6hrjN3aybR6Fj8+ydHkiW93NhFq4rHV3Lc1p0x3e5C1G7Q1KN7isNa\/PRXQczMknABRwlF6fpe6AEEGLlIHjMRGWiSRuK055l\/W1Z5Stz3MgFh+r2imHY4KtoaqO3nmH\/uARGwbFDlT2KtdiBjpaphwsWP6UUNd7tej\/yMGpMNK9JtLMNN7QuwlAvbHLOiDSWu26o0hPm2y6s1kOsNgLW+xn4Vjz7Mz9pfDGHMKpfWIdOZkZ+CUIuGSOeGdxsohrmhXBJ3bEy8ojcL77VhzUqJFSXK3Sf3c1W\/sHBP6HAEV0vYyCWRBfB7RxHZMrq\/EctwoWwOWHOSW+AMSYdLUpbxBV6SLqMAz1UrzSOJ6gRrQidZGXlFTz1kRh+RMKPYHu3oX663ubZ0C3ijx6BnA7L4hpNSWGrcxv53ZUCUkQA7FCWH\/TtcdnTCACzr0u9NEpwAgUC2LlBqHsWix60mIR+jumXfV+1Q+xHwPIy7vySfL2wpvF5qrjTomfEAnUqayNm+QdT1vJhoJyiVlkGVLNP1q5tkX2MdpGs8WF5iStIN2keOB+bcodYn5zmDhSw278mjC+eLZaIRMC0i0\/X+TsinvcSe7w39bNxE5H8w556PjcUlXwNHYH8Zthv+GodkuVXIFYZUQVL\/D1GXp+I7OLMvHEr6e"} -01427{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495372662391,"flow_src_last_pkt_time":1621495372662391,"flow_dst_last_pkt_time":1621495372662391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495372662391,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r5---sn-vh5ouxa-hju6.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01453{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495372662391,"flow_src_last_pkt_time":1621495372662391,"flow_dst_last_pkt_time":1621495372662391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495372662391,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"r5---sn-vh5ouxa-hju6.googlevideo.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495373983147,"flow_src_last_pkt_time":1621495373983147,"flow_dst_last_pkt_time":1621495373983147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495373983147,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":1621495373983147,"flow_dst_last_pkt_time":1621495373983147,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495373983147,"pkt":"AAAAAAAAAAEAguyCCABFAAViV+9AAH4RzFOokEAFdZR1HtxAAbsFTibcwv8AAB0I75EoiW8nS2MAAEU0WdJTtqNtt8MG+zLwh\/UU3FC0zniGr+PwIYUTXnhvS3bBdoRiWOeQ6UKjsBPDLjzDF8dFmOoLoxM9+m6lJwiTWxBqM9JUROj0mguvgkrLqNleDSC7iL4hCrMFjunTfX143sRFPit0bAYIzwvgUuwziEoLnaNvtvkGhiSGOZBzuMVKjTdQ3xkwHQprnY0xWrgmo5nbvHjVfWNFH\/cNC6CCbHqicnUmFRKcm3GMda\/4MP3KAIT+eLw69zCa9uvIEzvXVRl3WvkyZ33qNGuVD+ZvXm9w23J53\/4rlJ3V4StfZ\/Gc4auuB1eSwLog30QSMnyjUcNeP2ibhvLh5O9C35kjOeF\/aDhH1pEcJyXVmWp2G68qb90M\/uLiMTEotX538dX2dgaJ8rTyVlafTtMntoi6sOfMJJIEXEELAkMd2DlCsTy2VQD3iHqC0iVc1r1aw72L8yAQx1n5XURSMoIPLN2keObRP7lr6WcPJ6IMB39kTrMiBZ08mgOSU4GO1bvLA97jrgIr2nR\/Gj8wpcCcF3CPGlyDolBI9IH5a9k9R8RAIrgIzGkXnS9L6V8Nx0Bh6hPBxQnczqK5QuOqW\/vH9tfepppWUj5CKgAm1D02Fq0vKwjtMqpw6ZpAMihlJy9GCI2fNnxnQBbKEz6V\/so8\/ex8K+F2VV8Xlyk+BTFA4OPjxuQ6LZAw3MP6P3hxfm\/8ljkop5\/SI5xDRLcIAhlRNjSOdekQz1mIEo2EnDfSaSb7Gh75g3Y7WAgPEF6enaKqdFVGutsJVL+sNhw8qX0fBTToiOiB9CtWfJJRB1ff5ir4HCC5YgaG7Iny5R+T9zRuNyBNfZ4NPpiM+4EzimASiGJobUimGvk4GeUDE7fXrp72sRKhQCaH5\/nbha+9DmZgdr9mXrl2kbe9PV+IIrHpoitDn2tgzsP8r7ZFigp5npQffggv7haoAs8RFxW9SWR7ZNwh359zkE34\/kZ+CsTC3o+SFo1ZpZSYB7k5YMEXpbC5soIvzfLzo7VRt8wN+9a6G3Vxv65dYuC7WRoZGIss7sDsEtxaXd7D7HVuHBRBXtjzJYxAPsSQ91kS08TNtb53+I8qD12sc9NYwBxuGsxMraUNa\/Z\/\/E6cT8Coz5pCr9T27zIJBVcwrMWBRLfD+FD7WGlOX4REoNLW9dEFCROTtm6uBjditXnfFQ3MtyI4J3eKSt1aSAY6Hz5X1+DPOtei\/MOVBQGkMiqOrqu16dWphn6\/fshP4r6aWOrs7o67fomPJMNklnJkNanI86YjHvOE\/IjKudTLTEMkvMLUoZDWAtPQI+\/WYe66yUXkF7V0ZUo3ZIpLMlb5eVtuVMMe41GbHTf7qBkz676upo7ZFzgy0W42sY9gv7IriIXjYeDyZZDWo3TXCZ38h2Odbwls27Y01zUpB1YjLJf8LFOrRGSs7foRQrQDCkRPXFEc+6E+4fyYet1KpR47gVT419Ib+RJ9wJcl8ubiwrwMsSCENWlSShhkjiU9pREjVRHxJEn4uNAQz5HqwovfWEJcoieIC9oBUbwvwJMD31UWIE3vVHNJaV39UM1zitDAcHoAAw\/EaepuByZJ8czcyTY5trioI79lkjIUaQJwmyfwrWakn1mQxUudBvtAjxi8fCoWLp4XRoQiq88+b3SOVBDyWq6VLJeRBFDKqM\/C9BcOXa854dRZRXM61wBpYF32zaqLJBZ2zo0wYIk8viyYL\/mHrapgu+COKp2gV7Zvqdk13fOuL7gcwxx10cPHj+3nKWmr2kTbsXN3ZtBTVrm3"} -01436{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495373983147,"flow_src_last_pkt_time":1621495373983147,"flow_dst_last_pkt_time":1621495373983147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495373983147,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01462{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495373983147,"flow_src_last_pkt_time":1621495373983147,"flow_dst_last_pkt_time":1621495373983147,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495373983147,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":56384,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495383906591,"flow_src_last_pkt_time":1621495383906591,"flow_dst_last_pkt_time":1621495383906591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":1621495383906591,"flow_dst_last_pkt_time":1621495383906591,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495383906591,"pkt":"AAAAAAAAAAEA4PSECABFAAViG3tAAH4RcImokEAFie75AuA2AbsFTlZLwf8AAB0IkppBKZS2LWkAAEU0nZo4YZNOB4fchGmOnQKbaxZNu5+Rr9SHX\/+7nFbe3XcSn7NN4aZ8B34cI7rnBTgQPp7tDwb8aXE40NyFem3MElRtWbSgMUM8aL9mxQMt+BCtQtjknkoexLmgGym9SA4WETS+zt+sAqDuGybHtZbawAHOviOxar3NbIVfoyoECjzoxetvFQVMgJnBjFTieWPpv9GYlKtfw8vM+ABHtzCBdkVQrEtjZ2Kym5ZKNXBHERbHk7EYzIr+2EtCXPa8Zb8ZMSGVK5HAEFoUzTKCNaNkRU63dDqeoGw0HO03e3yfnEfPvmCKjFUtfo9FOxIdx7SRmN9cfYd\/5oUQ5rYUoic5STd5ys9Wj6gQeoYou3SNjAUyctcoqcQEZnGD0JnDrFdxtPksDZ5mOj9TjcCRvxSpY2BRzN1XD7P28JBy8RqTnX8VU3MUTvfBajgOzODfKpBvMnq1DnDxAJmoeuFL5GlkBD4PjdD9dOXUm8xpPRrQyN93MDy9Lh0jdKnypCUIRX+bQzDgeadkOYIZQaX60ccQFMHav4EcM87LkFI2Kkt53wfsAbzwSkC\/sh5h+SKq5tWBr0A1+3COF2lmckeKRU37IJzgJRoclYfhyc5rysBbxh\/R8QZagVscGvoIOTayHYdJgNSs+ZQPUrY4MPNmoN6JKTjH9znGk8iQeNCxiuG4V\/iY6kK6x7AHF+\/rOforM7vc9c9xJuHH84tB0GmhBnyEob1rqD1zr4gpm2RteHorokh0IIRvCPptRZoPaSZ9NqseHmcV5YB9nzZXE4EDYo5f21RhnJLRnSslkj\/H219xwcR0XpMABos3On6qE9aY\/3dpratV\/uRejtrJjhSs43oZgIHypnRSOndd2zbpHR6gwc1xqIlwmu2mdOfB5bN2SKDS9FrSjqrzVx\/YW7gsqVvZYwKID5GJDPL1+LDs4fSPxdv6XMlw2dUT14Sq6cmPktyOFMZDEpK3HY4woBwm6vbhQpvAMOjG\/cyfvzapnRKKIOQSKnlGKbaihsN4mN1DABU\/AfcDRRjAdMEtVd098nAmg10LnfyE7f03sy2ezkhaOC8JAbJCJ+a9vBBI+EmcRWBsTfEX0tClNpXHrzX9DBQjMlBsSvVL3XnUgxicHNjPexCgWSnjBlIvFbkywpKcuzQkbhTg9p+EBuDI3LT2jEBiFGiWVAx1y3mNzzHbk9D3mTlp7QoNQHrpJbKVUKG3U0qdfkUT9BiOKjC4IBDsIt8+AuPFyVhrJ41NR8s0HejzpT6naGZbPieiVEnxW02zCwTQqyslurLWiPYuYizgWR26delkajTuI6BXQG5p3YGrqA+A+Zr7i661IjrsehT8FKL\/V2MDzuE\/fP6ylibvsyekoNKqSvsdEHi89orwhxyl8c5nq\/r8IFg7NvNFyGe\/nKumTxsqUu84Wo6HMgJtg262riyvhJrlldWx+jqgnOBAU4fls6MeuW9Cq4qfm6zU4VLXh5IjH1Py8vkruKnwZ8+Xm7\/tlv\/NhWcWkrOwYFZ6bck7+PZYh+NCodWvjJkVSe5MVzgI8PZy8sRLAK9bvUjxnANGxlVZm4cGfAi5tPOM9l2JM\/1yBZrGjk15cVdpdJnrXVfidMwtlWkoPIudRiKM1qGHsus7EcmploXydZ5\/mH\/0EBq9GCTOEjPkEjEYTQWlyjMdSzxKkqwTQu+I56FkdCZnSSthnsnb7XfGlpRYLkV5VeNoKc5d4pjMVNe\/52pvZLqjGj1nZ61WYiUzCCKq0\/Mnr55qnV\/nzBawGQP496cN5M\/m"} -01430{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495383906591,"flow_src_last_pkt_time":1621495383906591,"flow_dst_last_pkt_time":1621495383906591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01456{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495383906591,"flow_src_last_pkt_time":1621495383906591,"flow_dst_last_pkt_time":1621495383906591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.googleadservices.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01148{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01148{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01148{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -491,7 +491,7 @@ 01159{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495383906591,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495395690912,"flow_src_last_pkt_time":1621495395690912,"flow_dst_last_pkt_time":1621495395690912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1621495395690912,"flow_dst_last_pkt_time":1621495395690912,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495395690912,"pkt":"AAAAAAAAAAEAaACzCABFAAVipg1AAH4RMnKokEAFZsLPs\/vxAbsFTg6Cyf8AAB0IgUbFpekOVCYAAEU06GZplAywEKbDCry5EETbpzZHS\/+ctZDEn8Qt8L+3XSgP\/QRbpKkvR3yjoYtHtOItTMP\/J9UsAdqCBdh2rnjFpD\/S9p5j0gqi6\/Z5LmmjTugi+3+2A56Su6KOgULzmrxxoMX8gDCxL9pwT\/\/glMxGOhJ4KTE7\/blbunZ4lQxY\/EmNDFVvwHdoRWRACFfA2iR5CCdBd+3oRtGglHNhFr484NI+Z0RCCnj6E8AMli0JlpZ0hOoK0ivmNTzcFwyySmvpxcFwAg61RSntAgfdC0AGtzo4y3UyaZFQPiRvQeQ5nDJnAqsRbTErzj9AMcpCH6TNnGDJD0Ipet45Eucx3uf3XRPDZLSwoVaO2XwE2UBC8Ypp8ROduqM0LgVHk447061aycTCZaXsHqFtEtV17WT4QoFolsGo\/UuLmbdX4fBh9oVrJJ6pOpcDVi8TH4RI3BivD2J\/kdhdSoFhpuq9YHZnkvDprncZdKcWDI0Lxyf7dDBIXI6bz3C\/x45+PMZ5I1dYqWfeP+n9Y3LOO7s6QV1unXf+WTWJninotKr714Vq9AIzRTrefbOMjhaLqyDLlF5BdYSUM5gTgoPx49oQDRPdJ7a1MBm3APpLT35YHdyilv3tfmjks4fEBltqUPxcJZgUmaDN8Rf0f9lFyt1ioE71sp+8mTyxpZ5VwhjoUvmI6EVuUtNMadIk6x7X+Na\/ZARvdabmPF6toMqDEGLm725EBI3YzGTOL\/mUoC2LE6FomE3JALJPAVmbpR4S5wvkGnqIDrYguIT1mH03jUtbD1hZrfYwo021rdvbZLGkDSbpKanoX6hwE3Xrh1lMhepvhHUBD1PwvjeXOI7ihVhjK62JiMIu8Xu\/CJCx8fRyNbu2z3w2vupOcdoe8Me++EE6n4DCv72t6GfNDeRXyJbfYF6HEwhjRaciKZIHOh3RmNhiDn948Y74LD0+AM5oAbTJWX9LP04itY9ClWH5flhojTFFOwFZGPSRv1WJb9w1NiX\/N6BELu1vs9NZqPkryvurnhZqOqcfs0xRh5Yws7xmPi75Cfr0EjgDLZmPnSK9Y2aijxhpaUW3oVEcSvgOQCztfKmRdvEfJGGR1+Ab4qZqwOtaHuFs1m3m5ld2K1YbnXeki071UWEWPHiSDavs3THubRh\/o9H82GNqi43q6kiCPUzuXIYnPl+Cn6Bp0DOI3AsGU2\/KAkOoIEJE2LFhqvu46T1GcVIcHlsWEVdPTRo4jfFS7lOaoMoNQ7tWcO86aXKUliVbxXv5NVI829JeM\/\/o0yJSZEVnCcvF7FQUmQL68fe3HTGGXZLOWm6c8wVFxl\/6Picm\/V2seHAOz1GMyw3T+bveM5m3rTBwie2mjtgPR7Yxl\/toB3aVEEDYkXEjyef9LN5zZnFChQQhZbecsd8YeFC+QCwamJ2Z23sTUHkrJ+MQqoJhxOAy\/\/Mwszyy7rcrV8gwkK31aMi30M1V3LKqHqJwnB7ugO6A1F6C9gihRhNkgUIVGt68JTdFCaAxsePYd75UEwv5xBcMHiXC3mGwQ+y4AOXGpwXeDQ5\/80Oa9w9+Ml9Rg+Isc3Ld1fmePt84drp\/daoWi9ZMQIajY2lyuqw61Alyxt59OKE3k0CpOAZduHghg0VQSWOAoUcp6o4NHFl4k3rCWuqNQa\/VkHvrA5AVBpsEMxOi5Ga9XYSlw2wK3vwxguwIpXfyLWhpqq0F0AkEDoBDw95NZlTkcuA91L8OJ790NaIAtZ2\/VKU0Ox\/ZEHiQDtz8sykDoB5BoN8A0Dq4L8aU"} -01412{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495395690912,"flow_src_last_pkt_time":1621495395690912,"flow_dst_last_pkt_time":1621495395690912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01438{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495395690912,"flow_src_last_pkt_time":1621495395690912,"flow_dst_last_pkt_time":1621495395690912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01146{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495210744101,"flow_src_last_pkt_time":1621495210744101,"flow_dst_last_pkt_time":1621495210744101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":55066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01146{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495211714873,"flow_src_last_pkt_time":1621495211714873,"flow_dst_last_pkt_time":1621495211714873,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":65391,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01157{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495208068843,"flow_src_last_pkt_time":1621495208068843,"flow_dst_last_pkt_time":1621495208068843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} @@ -500,13 +500,13 @@ 01157{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495215529415,"flow_src_last_pkt_time":1621495215529415,"flow_dst_last_pkt_time":1621495215529415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495395690912,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"38.57.8.121","src_port":58429,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495406541553,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495406541553,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495406541553,"pkt":"AAAAAAAAAAEAguyCCABFAAViWAZAAH4RzDyokEAFdZR1HtkUAbsFTjoPw\/8AAB0IpS3BjFDLjIQANwBT7u2pdIqujeX7dANOUZTfnxYRmwoEAlv2cGTwvVRQ05f2ZqQkJC4DQmQ8UNekM\/B\/b5bCsc1E\/TyztkqJFBdbO9qB5JeKWS4bDeTB1XZ2V0ErVv64RKGTuBvdjjgCfX06su07x0Z3asXbqdCmQWMHOI1qTINqU\/oJKTNqX7IQ8f85\/qgrCdnviYFuqVMz9SBqVmpNYNfu5FP0maF7snVSzjZqhhCpRZsxX21PAu9uVnhiEb\/LUX9+7+xtXcTtey2D4GkwD4RpLMRUga1FJ4rjTGwvE0+AsvJJDdiioVoqv7\/LjuVI5T7U\/lJ3SCSYuTsqGMVwkymjUknc45YgYS64+q3tWvD9MnWpueOOG1aytIWYz\/ZQgMDZNokTq3aqJGp\/FoTSi+dPRPc1z4wXa0iO2cF402cWDgjuPmatByfDq7YBu2C9+eZYtfPRDsT4VCBhIJO5WiI7+kwTM88vMDXogMlbA3\/6bmTdrTzLvTcHCw3Xr0WehWXYo+xQSWRhu\/uuhl128v5pUOiXsl0bDy5EmHbr20S6kbHO+0LqHDJVbRf8mZ3awQ4pwAWwQWnVx37XBa\/2EtrHyyojkS2zQTcHh1fe+CoFmAvaJovW\/StICtvQrvayaHiBV733DAwKy\/Y3526K9OrAU4jsURbnovvToOxvx8drWx9RSU6gdEHnV8zWJwVS1TDnXtsWGtomfdqnhZkNK5u7kj47rGJaFqQU1bObGeviiSoviHnYR18MNvE78MR8EUodW3McLRHAztvvQBcBcNtZ9NnBwkRaprMMq72CixCPd107Y7JgoGmIJbNdeGCCwkpwtckTVEVe619QplF0gBYNsFWF5Ai1oxBkmUGx9kWUDs80leQJlP0r7jJUvcdLFEZrISVVdyQaoJZQMMFPymMKeYyC4YzW1ORpCrB6TKj0+6uYFK1klVAzDEVUYF1Hhucybp0Qq\/MxedWLGVKQWT9257chXwP2PvqI7qxShbETVSxB44evGFNEZRr76ml\/LnDy58xg1d5gvwegl\/7+gkPhbIJMtvVZ+JkXETJtQnFRG1xeTTfchP0QvUjmmxpySWiNd6gaGLNTi33HeRHy8SHIM278nUZ9GMr0cdwZ08VWlOCTuhU3E2u1I\/6ZvxNK5D41TNPq02++dEJhlyjbw3keY6r\/soji\/n+9pmP7QmojV\/lfE3GxJ+ePOip0nlns4O8V5YSSKtilDr8GhCJyf\/pzZk3drO1EwJLp4rnbhLue2grZuQbO3+kxcT96eAE85Hb0noB3Ea+uU3gj5MXJ0wkPH06qnXVxrDVuFF03yGp55TKUZyKSkRVZizQRkR0CmmMb9p+7ighEtptb4miGyv2eDl9F+SDCwhUssSw7vl8IKL3NVUcKAYGcE7Ie2BdrDpWQqSHhL0i5ZWiHn2aNx9IPMwmexAO\/AP+DEpPg\/OqQFS9+cLRPrMs6a5TPZqg++wfD+EHXSSwEIbMZk7820Ent7o0O6fPU9oivUvzxIErtdOu9fjOuTeCbtNL0UGBzvnoRPMUaIQjfu\/iJG8Z9aOtg+9TrcjVPX5a6Z5OwLXmzLGRT86sNwHqCjRgn2p2rVLx+fb+Z3Te8nZPOzZZjVZ6Ycx5SyZ9mziyd8btUND9hahYJM6KENGcOZwT1hkXcbxXROTQMsrykz+appT+Yt7eTfiM5Bijfzp++ctCCHMYRqgsN0FBlmqroqwE0JLDBDcemxPFQhEjVYok4hZ20aOLFNcrukblRhA1kFXY6Llbu6x+OdQ5ITJjtfy6N7s1G"} -01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495406541553,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495406541553,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01460{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495406541553,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495406541553,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495410048086,"flow_src_last_pkt_time":1621495410048086,"flow_dst_last_pkt_time":1621495410048086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495410048086,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02398{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1621495410048086,"flow_dst_last_pkt_time":1621495410048086,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495410048086,"pkt":"AAAAAAAAAAEAIHu5CABFAAViFgVAAH4RX\/eokEAFgPgYAeZMAbsFTtl+yf8AAB0I\/leLTB44CRYANwAjTks9G8lrwt7+vZI0DaJowcQhxAH\/31dnEp\/wJDdcMs+96OC39JlFREj+x7uN8Y8I9xFEQ29E\/a6s8tYEG9mj1POKhRa4vw3FhUteagxK+Q3DYpMRbbQyi17yakV5fz21hd995vaP89QVSqNLp+aAiSc+XqrCI77QXUHLmsP3G+aV40nY4QYlAWTLcidClJxeZyPxcfdcTtSNYicTl2FhoQfgv\/izTkA8Ux332SxyJP9+2z+XN09eJbN3mFulwha40\/Pg2JJnk0Mm\/3T\/Ss1Ch6I\/57GVqncRgavCBlhRoSVFKd86cw4yV+Ach6\/lwZDc5hjr3\/nqPDyHyOk\/ic1VUkphYEW41unlD7wuiEsRixbz8q3byugh+YjmzBN4Tq47QChINSRWxj4L+BjNAoQ7Dai2X97Gz1ilrfn9+zsFqOwEj79WLqBpmtfOV849tRu3LnfZ5cuX\/MO2LG86yC\/6+pLC3ANUDv1RY2PC7sUP7d+2w6wZL9lz84eJ4EUxCxoGhaeWNioxpuXz6QtLrdpqY2rZZMA1WHZDaqTSa2btkRbvpzj3eovzOuknue\/RfsdTXXW3UMOpsc9ufpxUOiIdmQDlR9ngWJJOEe\/+zAdRs4VCI3jg3b+MFDhTwkUDRbn5RdNBFGIFGiXMmlzBNp8WabWafrmaKncF2rHZrecxeLVQ\/VSRUDmEKuHw40u+BNDILthR2FlUDDPJIVa+8K5xsZq0GxABXMcW8oZDwrq5xqDJZgYviq8SMcVntUHd4lVflGxbnfbnq3u\/Fk2Q\/Bs6qxzEdrCtn5KxNf5RTEOp58JUv2EOmrI1dyD87\/vOZYoRo4zjmc5dfyfUed+U6qOKm9QNfz5t+khBm6EE0js0KEb\/+Q6\/FDW5NzexjAFt74fp26YEUcjbbOPT98MLJKLLZsudFAxnHc8sILQ7K7ykQTsjx+T\/KOD3Enwwk1Vj7wEx2TRnVYzj9HBoyE1hYdqsP+4XG4c9\/T3CYr8iPwgA\/aTTnUnOQGVq12dFIPyHfSU0aW1473o2COwUVCD0ADVE218fKQZESyx3lIauVAb53dvU3\/wIawiFCz3acy7VEwSNGNM4p1UV+gN+HBUKUPzY8exwOAX4I27APon\/2ahebhkhpVTALzP5\/h7a9YZDH7+4j+sDYvJYLFK1kStX9AMMkrOXJtGqYpqgjUKCp2ykQVjHn\/RRRes+WwM6iqH92nVkHIv21SOZ8nVM86HIxmxEKln1LCCgKmw2iOSzvtfGSozM0d\/so3uqMQgMEaBugSKzaJiIYwVfVibAbpN0adGCr0odL4i5Z+yx0AuzsZ+EDcPN67poLOsf7GSYwLDiQkVusGkT9qI\/+26abOUxBiwO5qIu4c3OtO9Pl6FwYcO91fZh650fsDdAhxQSRml+yPU29m5YVwysjHTEwUlh7bDdMFpdQdpdmP+YBhsc0SG8HbyUGUWAXz9Q0pI6aQER6n+2b\/BjsFSwDoAdec89vuok0yzzVxihCQNqfDhwRMqvQlmf41fMjfoyQkvsYJMCbKU1y0ftuN2J8N7YcBgXEpkyZ73F9eUWeEUHAENs4C+x+znjGw\/xdKih19FGDi\/nhZNMlLhDpFyi82JaXj\/bLXeevjzdhjNvFrlWRduPD3Az3+Jt8O1Sm71ZcoDZgGY54gQ3OrsHryVHzWg9achFHZLn\/ZWA4PSjBQQH5WG6PFgfZhD+kj1oost9E1Z2g02u+oPqUAeEiw\/SGcRViFDskV2Cj6eFv\/nHh2vnTL8ODpgiQIs3IP3M"} -01413{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495410048086,"flow_src_last_pkt_time":1621495410048086,"flow_dst_last_pkt_time":1621495410048086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495410048086,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01439{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495410048086,"flow_src_last_pkt_time":1621495410048086,"flow_dst_last_pkt_time":1621495410048086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495410048086,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":58956,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons.gcp.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495455961662,"flow_src_last_pkt_time":1621495455961662,"flow_dst_last_pkt_time":1621495455961662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1621495455961662,"flow_dst_last_pkt_time":1621495455961662,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495455961662,"pkt":"AAAAAAAAAAEAaACzCABFAAVipjNAAH4RMkyokEAFZsLPs9SxAbsFTkz3yf8AAB0IW6VqPL9nKU0ANwBravUmWKq3yO8VZlOBqHgbki\/goI5n14Od4wyAZtlECAHCn0lzdaz8q7RFJaLaxg8bqaof4Y9E\/aCKkqi83SiSxj0wA9VaVnLuhoAUcP5pSIwdVZ226lDU\/fKJXCOWhj5U0vGsWctMBnACRJooqY\/EIe7zeS4gW9kRSye11BfEHBZvQCQ2Hw5tRRQO1ihfr3AH4BV+w18QXsSRjA3AgSLlWmVvNoGhvok75aqRHYiBSwdwNT9ZQk4cM6MThQObIM9OwmrZGYzdgcwWP\/FJvqDB39XhD+omQ8uC8mZ537oEh5AGXvor2yfynGKqmgp\/yT\/dH3topVKC+Ri4UD6+q6yMBizxV\/DHc+zcKb7bKMFFO1eiqXSiGPoIgEutHke5OqadU\/tLTj0WuUrML78PqgBRydLfJJ0hSojdqY\/HjdwJpZeFJwp7wKn8VRGG\/yvY2x6pil8wpOS6XvWHGvzNPxD6C+g5axKm9LfXWJkNn4V0vMRIJyOAoJsSgFe32K\/w60iIObURGr7LOTvgxY8kLZgGkxD8VmUWaxSsIipdY1zQzkND1VZO6t2zr\/a+Q8DohD1YPV6tlk6rn2prShAt77QE+pLlEwym1HnxiPCdcDtyW285Nk7kKruQ1mmAdcp7hpBdeQ73zBfPFm4kViXEkOmKqu2y8u2C\/dbP6WGDVgmEt50G\/TZ0SMJ\/1lXGfmrpbdAKoOxB7xEdy35+vcwsE1YFswDl5TGR+NBvTqNrjHDXACh8Cx53IWP59Ji2saD1Ye50T1Sx5LgA6SrpWbOlU9Rsgq\/TBSC1tQOH\/VmrKAut\/8nukuPoNtb1a5uUZ1c6bwAcpjf5TXN41pCYm69SI3nssNWo2dyLqOGKECefwPxQf15zCZ8qa6BPFMjjc5uFw2+UZJ6H9uVGcT6YOn9ATJjXV1rWnhxewQVVeqNiTOey+tQF+cjBBZLReI34HshIV8r1nlrST\/qXbWAKh7GeUQmJneZZhYb81MJMByTb73VBZXoZ6xGgTNyP\/dHOTR22ecj1LOs0qstF2wN9snIQZrrfX2JlF7dq2fFSKEshmXaVGCEL09hXFhHbq0QayKuLAWWI4aRof11r+CNpR\/NJ0Aqs+i4pRrJnNm6t4IC1bx4FGU7Nyx6ngu+TrgAfLdooE51VAlTUl0v7zV2KYm5RDSEpj7PgcRIvT7QAwBPfzFQ4j+lIz1HgE2KmRziUtymSXUNSNgt2udtGTPaV2DAgGZS6qazUIKNzkZIQp8q6s4lL6Pqeb5LG4kvEOeCmxo5wEofaOGvytEr8++Td9tOdy3u+6tQw8ZChKbNfJKWxhoOFUIA\/5YBmZFZSccanTHvVJto7VxFojeJZukeioQQjJDwBPHsywE3BtR7h6oz5boguk9Kou14u\/5g66uwMCuxQDPrXZcoTZsZa2HLwy2qe0ExuzZPw2HHvmOyZSAGQ+m\/BLcAwWVL927E2hs76eRGuJwqsY4GpvrOX1CbGRhwTxeliklR36iagwOV6ZLPHJGQ8sRMQ6E+CPifdBY0km0DQvehrT8ZiGdH6wl7zf3ONaN9EN6wUYANIeHCXhN9ihBg9GaQHoAfGloAC1v5PK1ylIeuftjWmCPhso3b9DRFisYli57JTJDMeFP014yikgmjmgpEmF7DxSG5Mv\/1+EFTtCib5OrXYmTEQm\/5mM09hj8zz\/HhlKsiMfbdKKTGX6XSTEBKV9L0IiOMNuHkh9x0VXilYm+QFUtpSkJC0TjJiw\/HyVRyGEOuTm4Ep5gOdRAcfPf\/R3xVB"} -01413{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495455961662,"flow_src_last_pkt_time":1621495455961662,"flow_dst_last_pkt_time":1621495455961662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons3.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01439{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495455961662,"flow_src_last_pkt_time":1621495455961662,"flow_dst_last_pkt_time":1621495455961662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":54449,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"beacons3.gvt2.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01146{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495274945905,"flow_src_last_pkt_time":1621495274945905,"flow_dst_last_pkt_time":1621495274945905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"128.248.24.1","src_port":60934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01157{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495262761779,"flow_src_last_pkt_time":1621495262761779,"flow_dst_last_pkt_time":1621495262761779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":55479,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01151{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495395690912,"flow_src_last_pkt_time":1621495395690912,"flow_dst_last_pkt_time":1621495395690912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -520,7 +520,7 @@ 01162{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495406541553,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495455961662,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495692143849,"flow_src_last_pkt_time":1621495692143849,"flow_dst_last_pkt_time":1621495692143849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_src_last_pkt_time":1621495692143849,"flow_dst_last_pkt_time":1621495692143849,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495692143849,"pkt":"AAAAAAAAAAEA4PSECABFAAViwhdAAH4RV5yokEAFXWSX3eu2AbsFTqlwy\/8AAB0IytRHE\/BcidkAAEU0GAJLgq5zWCEW\/\/vpneUqridEkoosXOYvPFM+EGFgFEn1\/pdK2U+fbOyyD9aMCeGUBOZnfvyIfNO5K6N10kJD2wSuJMaHeVG8mTehPz6Z7xoPc5LRNHFpJc9TdwBWwPbj8ekTbabDuVDHMstO8xpXRQySbhJHU6wlq+klfEbii+8EVostEJjHVEa1OZRyeAxcg1YEz+0PhQrslK4lhYtYjv4daqrQ9huOezEOwJKVIALQJLGoJ4f2F0eqzdy6jHFW4Shtit+AoF5iUPYyY6JmIGKfalz9t2vSbZumTgJ9SLPadk+rld6hE4IFunALh2k0HHlflWmsTcHH4jZndWLbu2r2iLUOBVoiQ18gEn8zCFncnoY4ExTQLd0WhsHz1w74Rs230gs\/qIzBbpiNnor68kH6+ahcqnABZBlXRVXYrQtqzWMVecwWgFBr8kmDHNSbEsffCTExI7CQu3mzEUOiFNDs51itYsXzdmE7wEGo\/bGYgZblzPEz8chYGofZflNVoia8KxZj\/VLWXLY06JYSw0TbdHU6OZKpIlgWKPSUU9yWUDPgULA8g0V45R6QNOWEv\/+Xd5aZdfeHnkBDVK8YnbuFxEkxeTLfnF0HSQd2toTv8gz1i8eq0knZewiX9Qyn6hzHgP2\/U+hh2ui9eIuBGqxzkvyg3DOjUT9WKjYnMvT3pNBH\/YoJtrPxSn7XrrXNYYWmNcxW4oxEIL7wiLLLL7liAYBvwS7FLIJepFUJ89bcXkCLsjkN63okoguLX+ND2ec7J9VukjZ+dXxDIqV16passDORQcQv+hP9S1RE1mHSFBJt3dWs3kSbeTxL0\/jUX9wUMKCAKJsmn1JHBtj3SRd+Cq7RST4KNBpNpp+OrN5GS8zmmRP02n0QZdRAA\/cP8cayAz44AqG8Nmgu6qpMXQlCEJbdSMX8zW66ZG3A\/wWBiO6fXKXtPqq0B+fcrDGzggFgJ7\/X1FeMde1oO1KvB7K5FnKUeH6z5iHps9E6+eItgN1w2M0OXrE++u9FVrWPH31W5YKQVZMpI0U7re5kVQMzV9bJRcBuHYng7XfhD8k8uOEA1mD8rAI2acFs1IU7+t6xL5xpLL17JhawgaF8\/SfwzgEFHaQcPkz8ipFK3FbfGt15dt4gZ2CzlxYp7RaoRsZiNmF1SVZhPHx7EKffzikgMDfyCfUTej4mHFjDSBXvSBw\/tLvSe9zKIGZzW4YW5Zx2kF14W03Knayi7As27e\/ETroLvHWX+zYXh8lsCjXblUbFLn4OvB4Vvl6g7osC7YpQr9UoDjSRAa6delKk\/ZUwvlsmVlVdxie6KoM9xa4Kzoe6ANfADEjk2L3bHvC3ibZLII1p03Itmuh1fVJvnQ4PqLPmYJ6J8fjwoTytcU64MeofEY0xuIazjFponK+zHprMee9E4a13UVbglxsx2ynEryvHU7P2C9n3y1sUu0MlUWwRaMb2msNlm84Pn7t+d7khBduwQHoE47sarcouiL95rGRzCh6s8NudLolgOYJuEw4uamdMOpSbqhTz6in40vyUrVIdNnXic83DBKdCA+7fAJyj\/qP2NwPP5wjaudyfPKQUIUm\/ZWQd3dL20quz7Lifs+ZxH7e5Z79ubipc8483Vd9Aq+ZDmCrdC8DTUvYkNu8HRlFIJ\/87x6kDCqBpz\/Y6oKJ9fnDWzu3vGVK4nDx4jhx0IvaEpB8u7iVohyPAjcPcqis5bb\/b2l141\/Mkd7YUfg1edYX7s7jeiJZNXtRq20b9JPjsbcD\/aEE7zAWRgf9W"} -01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495692143849,"flow_src_last_pkt_time":1621495692143849,"flow_dst_last_pkt_time":1621495692143849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01452{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495692143849,"flow_src_last_pkt_time":1621495692143849,"flow_dst_last_pkt_time":1621495692143849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"suggestqueries-clients6.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01149{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495395690912,"flow_src_last_pkt_time":1621495395690912,"flow_dst_last_pkt_time":1621495395690912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"102.194.207.179","src_port":64497,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01144{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495372662391,"flow_src_last_pkt_time":1621495372662391,"flow_dst_last_pkt_time":1621495372662391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"103.179.40.184","src_port":49926,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01159{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495383906591,"flow_src_last_pkt_time":1621495383906591,"flow_dst_last_pkt_time":1621495383906591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"137.238.249.2","src_port":57398,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} @@ -531,59 +531,59 @@ 01152{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335383189,"flow_src_last_pkt_time":1621495335383189,"flow_dst_last_pkt_time":1621495335383189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 01146{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495335836969,"flow_src_last_pkt_time":1621495335836969,"flow_dst_last_pkt_time":1621495335836969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01160{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495406541553,"flow_src_last_pkt_time":1621495406541553,"flow_dst_last_pkt_time":1621495406541553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495692143849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} -00687{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":130,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":174150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":90,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":90,"total-idle-flows":89,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":534,"global_ts_usec":1621495911385504} +00687{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":130,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":174150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":90,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":90,"total-idle-flows":89,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":534,"global_ts_usec":1621495911385504} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495911385504,"flow_src_last_pkt_time":1621495911385504,"flow_dst_last_pkt_time":1621495911385504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495911385504,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_src_last_pkt_time":1621495911385504,"flow_dst_last_pkt_time":1621495911385504,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621495911385504,"pkt":"AAAAAAAAAAEAS1QMCABFAAViZVRAAH4R9mOokEAFCUGp\/P6iAbsFTuJkwv8AAB0ISXF10ZCPcZ8ANwCrCJzLpozLw4lUkkdlAQ6gxDr15gnzrPDGY+5Es7Rj4OEug7GPyeqPD2P7ep04DtKE\/arcjWhE\/TeK9i4OFMtcnTbxJLT+Ie\/sDxN+8rr9EpWTbrHR6DrOgebE9CnNf9TmE3FgFzE1oavAS0XPwmTIIdH8DlasdxYKazZ2\/Vbz3SE0UaIlbXgmou7suHpa04zHS3u5e9ZyWoFTxGTtw4WSnPz3ZKKkluQDu\/BtGXK0Nw2vkZHZvHI5lbvjogi7BhIgmeQsuujAYnjK\/8JvDzTmbaLJnfI0BPAzgpLAyl5Uc2gG\/KhKxSiYKBAPLQlIw6PFn0Lw49hevbrWvRHOrE9CLjmKoraWxDJ\/mALo4XhOb\/38Fr\/hKdvS3J0EgxlCXTb2thu6vO6TuyRCkuufEdAjYJ1vuqyiJCtFCAuUx7f18Eb4YEnOwiDxAbC3vGkfxkILkOjo6zw0CLRXf8nS\/NGBDwLWigrT+llhvmIHUFzlv9UH+xnKwzw\/egOFElPuDQWAHnu+onEYr+xarKfPXzcUZ2mJ8x2qVU8DnquJVsvWPKVTkAEBNrppoG89a28TVbihC9GQZrxGFJfKiDfU\/pEjYGoEkpc0EmKP6WcJTrq8AjU9GqT8Otws\/2IJyr6eRQmrOEnR61BpA68BS2gZETtHAFeV+7SvjjISU7v1iOrwnLh5PVhV2I3Yg++07Mh3uzcKBBpCykABy4RIzFtFfD0mgpctccbji0EH0ftvDOPuyet7rGzNJxhlJE5822+Xl3TP9GlIFWuu44I+7Awm4hQYyx6SZMm5VkB1u+AQoAVC5yMuqM\/oqccmH3ov\/Y0J8XBnYLvKXGFZN6w2Ie6AwP0RMVPR4KQrpr7QbTjZ1gqRIH\/gSQZm2lG3NnFEcauzrfT+UAJCMrcsBthQQ4GFi4GLid84Wo3e01Yrsz68cR\/Dgyy9EjPbiFW4MTikaH6+JGXf6NLD1CBuUsZVLsd0wLuOp+mdcUObLIIhYByY+ZgC+pokGwX4+0M17gKxSBYArJDBxXe5y9O3GJkG2iDua1ffTw4GMCTWjg\/R2g3bNlRt2Kdpw0gNsexLTtD4vFIhhqYc5yzqubTAWDS97RiK0ff82cdVn+d1axfVYDUVVOuPm8ks3AoXLvMXz0uwOT1I7eZMtFaHeThWMFitpjMx4373HtevJV+R5JNzCQnbUkKMTjHvihPPw5JObhnamIan7J5a0S1j0TBlprZNVWcpdmTBKK9FiCYUebSphRa9ldAHRwzqCWNqZR\/NnSxOGm\/diizPFOGmgelkIA+7xLYtK7TLNkZ6WWwfmMdAfmJXz152dGSsptNpHU7WmssMjos9x0nJPItQNMAxpvgaTkatuyFUAnSEa\/kG2dwBsqrcrwjs\/mFLXB5BDHAaGdSx+C7zjjhFvObf79qhHZ7JrOH0IFeQgRTI\/I\/N1E\/wA3O\/VVPfi5T2WZv1WQoakLeMywD1DSZddBLRgEj9HiaWe\/6WOpSn\/V\/zM+Gime9loFOdLfGpXUiurZsHPqUL1b6MPeMrtR937yF4HPz5BY+\/tSnZ01u2ik8yu9Q5AJ4CmdPfTqD4sA\/UJgRLpffrp7JIFjyUbElKxtMBDr0WSdiYnf1+TQzqqaiOCpGsNMZoe9ogrQfFW7\/gdsykD2QZJgD7hTY\/mVqzcE88T3Zcf5TxTTDINI4atIY1lYydToKknzxOdKjXEcoGNF2fxUyQPRMk\/YqD0njsh1Dp+iMP\/G3eoOFqy1\/r1bbUJxo+NSb1V8JoUh0VwlVF0mFL"} -01404{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495911385504,"flow_src_last_pkt_time":1621495911385504,"flow_dst_last_pkt_time":1621495911385504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495911385504,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01430{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495911385504,"flow_src_last_pkt_time":1621495911385504,"flow_dst_last_pkt_time":1621495911385504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495911385504,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01144{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495692143849,"flow_src_last_pkt_time":1621495692143849,"flow_dst_last_pkt_time":1621495692143849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621495911385504,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":60342,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496172813570,"flow_src_last_pkt_time":1621496172813570,"flow_dst_last_pkt_time":1621496172813570,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496172813570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_src_last_pkt_time":1621496172813570,"flow_dst_last_pkt_time":1621496172813570,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621496172813570,"pkt":"AAAAAAAAAAEA4PSECABFAAViwpdAAH4RVxyokEAFXWSX3c7OAbsFTudOyP8AAB0IJfFU5PX57qcAAEU0c0zbXMVn6Pcd4e7ZmfGe\/qxoruMGwPYAlsdY4bBFIJBxlfIjvR+3r8n\/O3U+qJTKKUq8qa0QleuYrfTMsn8O\/y7hixYXl+TzY\/2tPZFmjgWjPy8Q3ousCTGpMjiPdDu1aKCA8puIhbArl8N6Da6NPpGg72zv38j3AEI+JJUvltWracNeEqzqLjSdIseAljbdck9dGPDQn0DHp\/nLF0OQLhgPW7is5GRoEeUyeCGTQitO7sJ+0GFP4Tawvy3HpIB8sQ\/mvWQBI36+Vr0IvUC92N81WsKioT12i3z0lrAFRKc2nrIsK9qzHEDcHRWO8IWXX8n7Ylt6igAVfNRjEBAM2NXSGElvaDPhl5W14nFw2qReuostjw9VWKaXa0YpEemQwzzCdWf\/l2eJ\/wYr+I8wfqvsxZTTgvvVqGvZbvCnJarMpvykClV78Fjr7zdoJH0h6e4wj\/zK66Jl9dPkQ7jrAIn8Djc77n3JalsxT45E5h\/vwJ6Hy1Yu62tVg0onyAEaJRgShAbt65WHHuuOjUbOO7SgM\/l1B3NkYxFQRjbPkOp7\/+btlneTdmAOHcL660GLIGJvYuSg3GxeNY\/RvOuUCpKgbpyQvoy56KwcUUR0q+ZfCEfPOk+4i3eO9doEvGZqOHv6OheClMqNVyw4H6sb5ovkDq\/C4Luz4OZtiQxZAB9o8Z+XJbrSEebIisx\/MMDHqbWhehe1Eg0mRwnSpSkDsUCYcCDmBZZpNGxtE8k+8ji5vCVnS5atqC1q22zlTPttfegwTwCR34A50P0f\/cSq+ZjRg8lUGBiJMY633IK0UkUJK3qD2M+BLuyIwMRCQaYB5FWwQptU0wzlZlcAZTHpnhVpthl5\/8JNWtmRYqhefl5vburajPxYg4gOqVoHDVonhwMZ\/I71i2OZh\/xUUB+2rkwL41c5gUjryBwPqx6xlbPDXfHRijhx6FEeECng0ZOpqAj4GzPzd+hfEZoL+A\/zpIFLSkxIkmdjto2cmeEjcK2ZmzuUECn2TbWRXdwA0raRmtbKwoHqebinUG4Zd73sgqZPzhb6S6fRcJFXth6D1WkWMX\/pmvTBFmwsZtj4vIKhZgtGCFvnCsFQjZwKMGDdk8IcMtc7fRP\/WFw138PAOKXN4\/cwBXBJiHWUsfHmH4IEa3yYTAmTO5bAv3vbyW7AGUPPSZsFuGjThPYUOEo4obqTwpRd+7G7Fj8PTDc9\/SuvOHeEFG8SNmZczyUVz7P\/pwxY9P0pFzlzfGNZ1Yf7NIqIcuZwIAu1QHM8TKxiNpKLXkwY5gWi5EHkWT7ieNOA\/PME3V7yn6j9jdSLAgF1RLKr0bwOhlmrTCeyjtBkecLPxW\/ZpUJSAVdMBzXR4O9Zh2\/3JmabiOVhFtw1hF3o2eH8fM2+XAKwoI8UVoKaXC5im6tL\/RAIV7zKy5boKMeRbQM9fQyx\/xdvgnYYAepCXa5LMPTBjm8XbDITPP1e5aEovXRZlii1OC0w0plqCde8kUQfkZW0LCgurP5FzP2Aui0bpTHOGUVN1ugsbXrtv40HL7weMrKI+pmagU+tsECSDoFrx7+qtDT0YFo235yejWP4S7BEg\/McKYbD5TUBYFtwlDeTjyPkNpblYnvhSMMuhXgVIEl+Jn3adbs96ij4KSAIxF\/p\/twgKC3\/qYYlDHvYQriXuCWK9963IJqD8REoU72BQdfNgjTgbXB0ZOu7ItHmtPuAN9cWJ\/uL2kM5RxQU\/UDcei+A\/uNYyRIl3aPttcTgFoW4dVR1MlFwi\/UvUZjaUxjT"} -01414{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496172813570,"flow_src_last_pkt_time":1621496172813570,"flow_dst_last_pkt_time":1621496172813570,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496172813570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01440{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496172813570,"flow_src_last_pkt_time":1621496172813570,"flow_dst_last_pkt_time":1621496172813570,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496172813570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clients2.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01142{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621495911385504,"flow_src_last_pkt_time":1621495911385504,"flow_dst_last_pkt_time":1621495911385504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496172813570,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496437543298,"flow_src_last_pkt_time":1621496437543298,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496437543298,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":62114,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":1,"flow_src_last_pkt_time":1621496437543298,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621496437543298,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYKNAAH4RaeQ0uxSvxkodT\/KiAbsFTtIIyv8AAB0IvPCERtRr\/7QAAEU0VDep\/CZnpIQa8eVhNyJ3U1QCAukLnPnKtOrC\/7zKB1G+98eg7ftwXdiCu4mjtl1Q8mNJOaDHQdHo\/ZnotZk2q+6WYBr5DXX5QHa13JOYGLxoc9qyOjz+jbwetc54i8U7+0kSHAbALiGoIDK5WQRRZWetkNux+DZoWjHY5WfosmGRQsxtOixsR3jt9j7FOo4uqSxQGhtqIeA0i25755C0K1hzCtZHRQuy55gnoUo6zZiPhelVtIcqgCilkIu+IaiAgPdY8qusu3Q9ASMkRkk0UX5H8nUY5fVDgGL4DjsJROTA71uUmNZenr0sr5JOl\/aDX74AH3H77h7yG8JDcWCMqta2iHG5v7LfQn6HD8EvX8A9+X1BPgSNN1do76JMe5qE+cL6FAAbPHwnyEKr00VkR3NF0Wj71jZ14VH7imUBnL66mFh+udQFwSu20vdM9c8XD4z8cDkFHoqTsPkKjRGkjCQi8gB1gYo0m\/YFj+JeaePbkDvq0OSLPaTj\/\/uR93wYJiwS6oC\/aiMrt4Ai7n7\/FG5FTHmyLQWtwhpvmSeJKiasDEobo8lDxko0INCDfgQfJ3SBS6Viiln\/ASliXjKWu4SrneUfwv6qaK5CsTzFRpoqdrt\/s\/4hApSQqHe2ymAF3JbfHyoRulU2oXzj3PnMlAj4Z4Vj4oik802VNCwqS9rwhkgwLpg2ForHv0BBRPYvL6MVNDpoeE6Q+fkjAsxQcCry3Tg\/0ntsyB77pU9N+6ViiIk\/seArDaEwUpWw96CaP6HGoEH+ITzRBw4NaVx1WIIOT111vCFZOdJbhxCcjcGlkWUXH2Mfa710gWwLlFOy8LDSs50FqSN\/OPohmIvSl5JLifaSN0t8gyVjvGme43FCNf1IRmz\/msB0elm4bS6ud+82racQS6O6aZIJmDUDJkR4HH9e\/YL1z+2ASyQ94Fzatzpb4GFKnXYPSRR9ZXr+nLzhoRIUWJY27XaWKYbXR\/JgJvZqSpd9j1Y9iIYmFAj\/kzwA1TDOawG0jmZJvOHRbLPdttFMT9Z8ICzQz7sbYr50LzOCpscApRYi0yCxCW+7FvKkaUxLEeqVZNTb5bfzGXSqygFSO8Onu18Vfr2pGmZ97fTY05vmeNRaTdGB9GDxEB+of1UDIaNk5S6UGJN8C0OX2skQW9hdlLAoFJbl3R\/kaaNQomNrWf12eVjbEPUwYduxDkiFO\/Cu3xI8s\/1bhAxAoo1eoosHRSb+RfuzYRRHXHaCwK0syV2XsapF5fct1hE0QKESIuGMqkYTacUhiZ+am2170YsnbIH6mCpW2GWX2kdp\/NRfot7wqoww4YL4kQ0dV2zP8iVLBMwBcBBj7jRlAJPmU94cd1+2yA9MIjBhwW2o6kySfxuLx1CH1XTXYxyDRbLVbIkYJ9KjklyMjtPqIcfNaglBMiG4bD+cmIuV+JVF2yBdmwLpupy8GkZrPVtTuFpepOJxWGxrxdE4LNF44zdCZCWF5fsbh0tA\/4QNVZd3EvAFmb9igKxLlVrUdRexT5v0zY8qkBoP74MZTTSWxXbGUHSlroYRRVjE1ko2j801gomU8QxZIsnLdQPtAkZ1hEimDc88Y35XyX679476yZ\/aqcOmLMYDbu0Vw3kbH\/S1Pi\/Q6fIKsIvYN8tlqc6ZQKWv4iCbutDJNK0I1762s\/zDONmC7qcwhUo\/1eKb+bifa8jDvxqbQH5WTi1a8brNLoMOVpui\/c73ZoNVIkMLLnI\/xxYiZknhsfNiaQgxORr7sklMg7Kd\/f31pN0pVpaR"} -01429{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496437543298,"flow_src_last_pkt_time":1621496437543298,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496437543298,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":62114,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01455{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496437543298,"flow_src_last_pkt_time":1621496437543298,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496437543298,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":62114,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_src_last_pkt_time":1621496437852831,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621496437852831,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYK5AAH4Radk0uxSvxkodT\/KiAbsFTi+oyv8AAB0IvPCERtRr\/7QAAEU0JaLtoHyofbRbg8jGkawveiyJ2UaoheXbSYuPTeMKCeIU77lABrfhjW\/KFsoqVpaP9JKJMlnvWCAfrhYhpHkJG+xvxdGDmZWYW6e1KGN5t8DibwD+sY7U6We2yL0NMOrSYyY67PZ33CEYMgrO+bU1ma8i3+NoKnZhxsjAkaglJ6uAUozF4XuimP6iU+KzggGtZ5AHeHRJJSrIijvm2uURkPI\/Zf52SGLY+vL4vQPTe7wS1EKJeXUmQgYmh2aup9vLeWlDTkRpMf1EwpwHNlukj5oBWVeoeBmaQD4sx+NuopJ+2QprYWTuKVJ508tJ6HgsW5Ot7jO5bBygYTExm8AhqCnq4UjBmnft2hLhbA7\/d3ydVpIp7qFrWPv9n07PW58yXrAf70XLdskX2QCxfb2EahbYmb3Vx+DoN9ZQfyauIGIQJ4G4xs7NSUBH1KpzLXiWyZKGC2bhtRyON+3HzPjWFxkL0Tfa80\/+SxEpgasrCwJQb+1o6V\/lNwqybT5vHn79PHBIvEpedoaDM+BEu+O79uo27iS8RNPO794dIBqh+wJSlgKlH5zeUshHAvvFJn1TFlqv8TRVbuRhgffiNiYg0o1CeqH6Zf28VhJJpbsJJD4AZ\/jSirQZxHEWJI7alxgK\/LiDdkgpKDEWpc3pue7siiUI86wkuQp3ziUbYYUwf+3S2XmN4C+TOxmkT5fxEIOXMUz4o9qBlMvVx+HeJXeP4+1XADUariBmhpvXNO6nl8VgSR05a2jc1zcSQm6hoH7Sjq19QDV7jFEfc7eLbvAvOLM23DWJ+wh4NpHj9pZdPlAmebA1IRONzVUDs+FLPzEH62RBEORoAtOT4e39cJai5gPk0i6dU0vofBLpifIxzMyKYaGd4qxHI1hU\/vumyHtthijttX3+DFdn3RYaqCp1LpOaUmoX\/6sMVu8m0LGWnwhQqFoSAeJsuv14Al7ULvCdbJM06GXHtuP8hOpztz8GERiD3IE4+pHtQzzeOFwW3gBxM8vb\/kgHuBEO3Ngo3tjKIHZU34x718MZS7qAptuEPHVkm+ESamOD7xBmeB3Lqe2ntH0yaZ0R1ojSk6QGp9l\/DQGTgYlqqmVVplJJS9Mq23y4sYJANTI+VTWYMkD6NqRCbwxSayYlRmpI0bsWTBa3Egd5P7LRpi+3cNo9ZuEhXIAF3ycXIYlhzeSYSYvtqmdmjkTzNQLLrulkQ5zCYRtkU4zvk\/g9mgS2CcfxLTkjgtei6kwqIx3Nk4h0E0OZscgKCSJf4cRmCCOmfcnN0SQlWhChNjlpr8NXwxRXP\/99Mm1hVM9\/1cJQ8UoVQJDRNojN3SkiUl26oijeQfH807azHA\/97ACgXT19Mdl1O3NlO9Iz\/csL8LLesYa1qB5z+IjimX42W8TXFqTRlbQ7oeAmIc8H5U32U0xeqTwvh76ZUT0WO\/Hpn0xBlv6aqBcKb1Cxl7JTIzz67aCTV66YXN8NeR593i1+u0PvZCPySYf5PqAIuY3yAjXufep0Fzzko0vw1dgNNd1cSLqgPBALOXp4QpvYDsh5OdOzrPtb9Bwn8\/YjM65iU1fQJwe0pFgWPBk3OLAC1ivEA1X2opEADJmIj\/+8LvIdF6nYgzKjVtmvtV9atGouRJomruCL8JxrFfNeHoRpx0yRl9yU\/q2BGWdEuqEHO6y7Tbfu0SWUkh49LajcNcpvqE+bJljstNdRH3yFDQnBncwCCqj4zSbXWQeeQR2mI+3rqRgA1HwOB+cQZChDPCGByW10tu7BtVyE7\/y\/Y+sF"} 02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_src_last_pkt_time":1621496438462569,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621496438462569,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYK9AAH4Radg0uxSvxkodT\/KiAbsFTjIVyf8AAB0IvPCERtRr\/7QAAEU0a1V3BXBwEIhDElH\/1qUxqcqfVK\/U+I3pv8jXB6GKoLcClwfi5i+JVRi\/+qOD0jSHpVm+CcmsqV2quEgqGH5Gn0rihcbJDGj870ULZI4KmDKfC69q5r6675Wy4U0x28m2t5DK6rGqmJIfuY4CLJ5+JpnAGepaot5zw988NS9MjaUUAwJq0KRJTk9TQLF3FkyUeCnv+L2\/mCZ4pQPvTUHoai0BPsJAkEBQbCDT0ne2qov3gwfXPyGYjT+qpU1DonWmFNb695dnTcteFv3XvXkEd58E8n7ydtguTKEpl548CM+1ZWTRyyMlXz4XZF8nSLIMx0GUIZgZvabVLDS2+F0B521wAlGhNrm8PRINe9rBVvQYcP4xgohRdv3nDuVcLpMwOSEXj4YWgyE3ZUgeAzYB\/H75MXEyWx2rB05U\/7TWZ7NlkA33O50sz9d4a2o1c3cNntoxGwlEfyLKcihZ\/Suz\/KxirS++R\/qp01ueSmHonRfmrrM1LSGcMyKd+Oc4e5KssoiJAFl2Nso9pSh\/Hc4LC0BNO2pv99cb2fqWMrvtg4RKbfx1R5ZiccoCxgCpi46Y\/bGbfrDImS2xG9ERCTD6jtG0jRR1KV9w3yPJD6dZUx9vPrSlfE7TRtUvV2tg2P8RQt\/NsSQk3\/7JpfMhAIPApofSUgXm0f7r+8Zw1J12aP1zZsU9ZyRmQPc6usI4DXJN8WSrOMAw2YJx5dHRsAS5bRsxti2UCq\/PcqbnjXZexpjegsnkWKYnN\/pwtZdssK+ny+99042hifAuhg\/BXmwZfuFZ7LWOinb0yOszMgV4GVujdcSyRmmJB+im4Mj4o509W5k04dZ0bDE52gnvESt2EXA8x4iUBeMzV1EC9VoL2Zd72WZ2Le8+\/S0MFe3Se8D\/liSQe5dY3M\/L+3ZXq\/9nfvzioEORhqMqj8nSgClQeG9dmdKGgxM5mcQ9CeGNozwRdxhJvWFmctGZQ2NjWDhhDHDaqU259Q3FvsbElzHVdrJ5mJ0Cxf9ajFKPgkVOGdrDG9ApKtfsvTm8mcEa8n0Q62eOymCVJqvif5jaYy+ecjinMVsEogfItZgW86yqnm54hcKotzJtaFtp3CA5T0NjiL0VfXkiOTKfOXVWtwS2R+LPX1ibd8kfkwAh\/XXkesEqkGqJKfxtLjiY18HS1YhU3t6JkzeJqPLrJB\/PbFwyElYds\/6m0\/g+LOXOZ67UcdCScV0su9cTzTbpFuilpU31PFlGsAgDKmvkZLzN7jt\/kqOCXoWwgg9bPQkbwwNwl54A9eMPW3BHZk0poDKL2DWdoWQmTEsHc0pqdf\/k0atEtrhXPDE6dm9ctnyGia88NrHpejAS5iOiAf1eL4iWXQNTQkLKwlOqi0oh5WENqyW2gdD3O5vPNDr95MLc6Nk9E3B2M+6BndVVw6tTuGClOXozYuEVgbdPUEQGHunkA\/dCQkelRbanSo5cdvMQPWbxeU5G497tiSuxNDfmsujYTz\/BK6JWmejCS\/KhAJaMKx7PrcrPsaNqhZU4Mn4\/jSs11bYdbYsLm+pMXqsl9X68WqxfFniiajHo\/Fd3P7UYw9qKzJA5hFllxa12+AedgC513u0kPjxtExQUdI3b78Ms+FaM6UYc1IOQ6tYJC\/kR00xvH3J0uZZ0HafuTIIxCiV49M2ik73I2gkK\/TLa9hQf1LFJjsPj9VPpRxrc2Ly1SzJ7P1j6ovi9NMEeR\/e7+QcpnMJTH1C\/dGDgaTfjeelKzH0zIUwM4v73ZogzQ+Q6mOQCAb1RAyJQ"} 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":4,"flow_src_last_pkt_time":1621496439665849,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621496439665849,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYLBAAH4Radc0uxSvxkodT\/KiAbsFTlw1wP8AAB0IvPCERtRr\/7QAAEU0RMZR\/c4tn3st8xG1jK6DhAREMBO4FycwIijipDGX33cbN0C3+bsgjYYoGHalVFDkYs2ftMTHhs11vLK1rQnsFtTiQEYhzkshZi\/uLzctRyolFhFHSDjCjKDJMcXIs9obpByeSIH8jZJZIPmWGPlHTZXamH8s4vrfSGPbq02Xdwwn8n0UxFCshOFU6UauULWw7dyYPe4SjTsZrJnc1QfbwWNXS7gqUJeBunmttTv22EfV5GoMfGTcChj7EHFGIA2VrznNmm\/lNfLcLPh5KbhgIfobxo\/NSOBjMfCwFJ0Xb\/2TlPSjM9auOpr8hl23J+M+H7oTDFmZdSrcloHyQQBAYKeZTkpVJYM3gmQjQ8vDmhCy1x+mafPHnT\/kNaeeAZ4M+0Nv9U+fu7oBt3x0CP4kElUhHi8jS4I98DK2HvIxnP7SfcqByAOV\/\/dkJ+A2ztPjwMInWIn3pYqTmXZFVgxMsomM88R\/D5EgZWj\/+homNPtc+Rvh19icRn+VwvNgqYfLaJtwKRnU0sTP4YJS1rsNoRXJAEHVr8+LUuKhYmlrB2e0Ks0Hx6kvvvcmfKs2YqvYxWSjijdvjkHgCIe4iGFGm373d706t3kTDyq2vnLcDALlHhUSspxS50sBp\/X4J\/Obmz4u2VcSFRbgIlrPD6tQCJXCbtvmr7B0G2HzkdAz+y+79j2ymK7kXEtdy5JlOEzaCJWHB61Pq1zrRTSwvPxBgMFBlf3V1aZJuMeQxbw9pWF8QfPyQOy9MIfoE87XI\/pUJ2aijtoFDa2IG5U0RKi+TQ6Yr7sUnomvmBLdRhiIEkDheKEiZP+gPuweIwNQ3SLKZY0BkDAovO99qNEwJseIWua7WgMj8w6rQI8udQA9XDchM7g4qyJT23H3WrLekWZVPWSnKMJz42FXxqLdOToodhQ\/R34KTgIV6SlQlBbzbZ2BlORkWUYrIJ1NonEAr9MOlDbKNr6Xt05SZJHOnpiWP1mRTm3SDjTOC7TSEWcT+nEdf1GEJYFDGeqTX2nnOK8CRVWSu\/V1zPKbWrFU4H8QVs9sOIbDwmkddGcgULHaUIxa9IykvIwcTJzYJhg5f8B5tlRNZ4RXFR0sW+LJD88lFs\/WaRnbfh9almJ6oF32c3OI62nc8ScewCpufhoxg\/n6WrY7XA6Q\/4+akxpmQ9Wc4ZSWGmFibHYuYkc3bktMuQR2KLovT+u7dojOv7zWuxm6EAZnxQ0QxXu4DVqn5UZThYJdmPj2kPgxEoLI7kDvftmTRWKbxxxJURuLYY53ey8LigeCIzMYssMyJ0lSy5VLajuN7pEbHnFeLat8RdeT2a8iEi5NpW0jrJCa64YkFRGNG\/1RLw53JyFAltEGL8I\/AZQNy+LaDxc5GwvozkDqNstNabKIuPZdAHaK9uAbww5+qb6qWkmwYyvMesNGpozi\/ecN7nsBrBBgGhw2l48N\/Q0mB+MC\/D\/SktFImY9lJZse\/D319zIlaeUtyW1Y2CM82sNULg5DKAcuvJSLDlrQiIksi89VDc8UQIRkt2bAmBr7xFXX\/6GnPlePZLhM2vB+b8\/Zd\/lPJCs8gMoXW2fwieUibwBhARfI90eepr+yjUom+bVIlsNLyM+cdw1lMDw149\/6W1iOlYUIPc312vlJ662rsUHM8lEXa\/CJP+MLob7exHeHrjTRJoPgE7vtKIdiZXgafWX0YCPitn2LTO9ApzYxMOdRF63lU1N7r2X77i\/36gRXKSjFwKiLjoYZox3We6H9HyMDKh58MhJtykTNxI0YA5lf"} 01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621496172813570,"flow_src_last_pkt_time":1621496172813570,"flow_dst_last_pkt_time":1621496172813570,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621496439665849,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00687{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":136,"packets-processed":135,"total-skipped-flows":0,"total-l4-payload-len":182250,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":93,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":93,"total-idle-flows":92,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":550,"global_ts_usec":1621497523457937} +00687{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":136,"packets-processed":135,"total-skipped-flows":0,"total-l4-payload-len":182250,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":93,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":93,"total-idle-flows":92,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":550,"global_ts_usec":1621497523457937} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621497523457937,"flow_src_last_pkt_time":1621497523457937,"flow_dst_last_pkt_time":1621497523457937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621497523457937,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_src_last_pkt_time":1621497523457937,"flow_dst_last_pkt_time":1621497523457937,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621497523457937,"pkt":"AAAAAAAAAAEA737VCABFAAViBEZAAH4RSb6okEAFI8KdL9kJAbsFTlfcy\/8AAB0IhCcF96VVR0wANwBlELxIAYrJ18RJAopwESH080EDiTGBxAUIotc1YUcdQDx6Fm+qNXboDChqvIPFhdQk4GOqHNpE\/bcP8275wY0w3P5\/OBD00jBZFIIxdkIc1CxBuDirFHD1tP5B64vwQ5D8UGBMCwXBE5r8cQBEBueMDl1wCzedkaTPJndcvmabltC3xUmd0wwNZF33vrM44e1g6fvolfFIRSR585LU+EPiXYcJSO8XezQCKfsKP9OZPhOtv83h2Ovh66Ofu5lyKK97w1ZRH4fHbdZfIN43raCsZSEISB1XWpjeStwCQgX4pxEVT3bu7OPulibsntpcBDvvUq8hjhYS\/PbA9GsLf8ab2oDiv9nzg4n5gSjTjYJYqGNdpo8pvu3k0XjbFxeoYR+3bONBa+e0\/V5cimHNpgKrVTimMaMMdAFaY6tT7OKkXataUcGKIOpI4ClrI1RfjXBlfZBLOZbQ1ruqGWnukjIXOQ89MmoF02WXH\/OXh+KKRAFzwlapiv\/cQ9QlO9JZ0BB+POvvg0IQYksHMghnQAgMTrJM4innxppRZzBoWz9zsOmK6XhRhELNfRCbi4bc5YsBdjiD3ijjj0vhvLYkE8cmxkLuJ0qhNxl3p6hz2KHodGMRRnCY7+yW4\/w95\/W2ZXETMOaiPG4P8rFj6ml8\/VAIeNI42nP1oow2vPc0sprOkAOau2yfl6UbQppTRhQbTZO9wnp0+pb\/YLR560RKcRxZ6gUiuP4fRQpX1VnT9F+IXXx+\/hKRHGdtC446mKetR0R2fffEU3RdpszGGUSJYY9vViq2Eomp2NB2XsGSDZ7grvOQePwuxkF\/VdXMAKr33SX3CCDNZsxfwsHeafmqicnZBNljaecFtLy\/+9HYZeH3f2cDOX3K2VDbGR9cx+8R4uBk0EX\/px+zKszwuAcjJAvJeXJiBBoZwb1OylfJtFW0xyteXH7T57KNedRu+91GNpzswbrgQyjlkhovo1OK0t72ahVmG3ci4ldbaNoM9Er9o1PA3dEHVxpZIkVGwMvOCLlkTsNn7BvKy8UOqhGyMtxMVZXmLf+vQAImY7kO\/JmvUFXGBjLGGoDqDl13TqPutG44hrxR02KIBhULXqIMEKZ0qrvWpm\/\/odFSsCLPU5KX8gvQDTeNqgXvhS5yCTtJ\/E1FTIQ62Whbkz803oSWqHMyB9PTWsfyUOvQ\/rOPfM2Hp8037xRyvZ557yfBRFUiv70NQLV2Zzve\/8q4\/+h+Fri1+bTl59+RUidiY1TO3qvxPwSqJrc\/iUXUAxTJ\/iVUXyZcuGGc8bsiOTTBgqyOg9Hj4pZ\/3cKkgSVM8pOpKr\/hPcaL1tH1m5MiC8PYtFySKzAit5RXN62RM\/yP3bFdJNWXn3q6vSa6Nwy+6UJmoWNwQrB89OTwcDbVLvIvUrUOYSdw5tw4rl8hCKo38y10qvUFE7S\/vxva\/p2Znrp2ZVkSxayvzUJu3VFimVxiL3A7sYZs6c\/thutzyxZvCEQ2Ehf93l2gbRl7+GjjrhvbWDav5GzhJ32x7RnRqMQA6g7ihAB1sROsstlfmwTAaFrKCBAN7dq4qC4xFv28ox5F9z+6hjCXyOJStyP4WcjK+tovRhkLpdG2Wvd9PUpQyVc7n2VNtkJqiMlfYa2ialoeXEG2XlWpLp8Nvi5ARgJCTGZFWy91dkcCOz8sVye7XwnEDxu0kn98A2gCBLP47MxjqlsbBe\/36a444Y35PEcLtU3xUP\/8uuTpLZz8LGaII+NM3hazyvTcHrfjqZ0yk555T\/\/FaKekILXf"} -01454{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621497523457937,"flow_src_last_pkt_time":1621497523457937,"flow_dst_last_pkt_time":1621497523457937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621497523457937,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01480{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621497523457937,"flow_src_last_pkt_time":1621497523457937,"flow_dst_last_pkt_time":1621497523457937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621497523457937,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01155{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621496437543298,"flow_src_last_pkt_time":1621496439665849,"flow_dst_last_pkt_time":1621496437543298,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621497523457937,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":62114,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621498081522654,"flow_src_last_pkt_time":1621498081522654,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498081522654,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02398{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_src_last_pkt_time":1621498081522654,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498081522654,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYQ5AAH4RYvGfdbB8xkodT+8SAbsFTkZmwf8AAB0ItDBJ3NIuqUkAAEU0zVGaIK6UyDHeyNAcp56wwNTOdBKN2bGwgH3tSTiVxSqi5R4I7f3uL1yCaFlIdaYH9ahQKvndRKo\/ujk3\/jxfEcgto9i3futX9okj4XQ27PcefMGWgXqyEVg4FX77CSecDnTaNTLYfhgkDYQuCO970H4hixxovH+9p7Rv9dvjx2i\/DEJUGfnU896aVLuBnPuODO552k7IJaY3oWgEK0rlPQEiGu8iNHDYQvoHxEBatHMnsyOw8Zigvseo1jujk6RJI1A1aOg7YO9cAhzx\/u6chL22xzxaN0rZh\/N0XhIF0NwNbCTSv0YxaADYXS+ZMZCfG7i\/c1SF\/TLgIw2\/Cpu3F3+\/J3snQsx2Ypa323eXtmuMVPdZd7ZS0JAerklF6xQ2sS1MAkHYoaZwJeMEuKsLN21trT43ZhRptSf2u\/vwUGzprigY38cgmz2P0F11GVoj57z4wh7UcQjKtTWJ2849\/MydU8igJwJBLHMPRTXx3H\/BMY\/XLs5QxfEEe2tglHiHmbbq4PzWF3eT6ivMr1fu4KfSTFrTevi80ysJLj74VjHcpduKqVQEAr3Nrxo29\/LtT2\/2SjRuE1\/QZ3jNaoc+VKacJ1OxFmMjy6MGm5g4zuGOU4PfB50I\/VqTXCdTlUAmTY7aw9cTfWQym2+3JjrSCgWg2UbNSgsB3L2is4KZ\/0e1da4EhbjUCPTE2G4aoj83FMSovFWop7f5UAVm40K7Ty5x83R2EbPCd85UuGSIQ2TY5rEz31oaGw7pNUiRlzOkMPY\/3kFEfS4kT75iAaOiXzSFUXwVh+46V1ZvA3YWe8YCrMaHZgPxkOMYQixK5m4kE4DpD+kTtbvG+rGsitiIx92TiXWXi\/RueKekCBAIO6DDqnNSDioHQ1qgtwcpgfVl0ej2qxMeg3DrsiZDxeOV77mCA0L84J68iQzb1jxQzp5GdP+Apo6zOF9Td3oDYFxp1\/2YnjbYkDZQumseur2wImpbnrAdoRFORnbxALxWRA1dZjITPJHmekQRA4kxEp7\/Z97odl+ObDogC\/\/cAhnq4DfOJz00T4RdEcO081yUNcS\/FEvbg7B9sbjDCedDS\/stwrNGitySwmE3scR+aZKyKBtqHCMiWVQOhXlWVUJyKHlfU1lb6W5mDBMyxAaJZZTfI8GB+zZV2rexPCKIqBy5N0iq6rwIiMUn5CKijk2bKXIzCqSDbqrJxJnrHf0vns3v74qpefAZDni0SOFc+2DykFX6NEtdNgoW92KE\/mvxeaIXMyLuEr1rBY8P21x+u9Hj4lI28mV2TP+OvII1F78tH5muJnBp38Ls4t00WNUM5qvDRCPn\/qCJOJupXtqxmax1I5E+sxFqbI2+QyiNd1xNWeS7bPXPPjVGS6cu9MwsecO+R9Qv\/1VhgxscP2kZ797YzaYhjw8bmnZS2O1uUm9CvlrYQdUxSRwLgY\/jIY2w8pvuF\/hO7kVAMYVHGPH+IQO1SY77GbyF4u4k4xFwBDkhIKR\/nOX3lmm4FtHy0hlq\/6nXLfGvIypcoaMaaBFB9hx0m5XnnTxSnIC1vhW1FDclKSyzUy\/ddRX22aL8vOR30NpJH4RlJ6ueGVM641FEst\/rh1nK6cglWyn3\/dXRMIw7QDsXh1ijz9s95X0SsUD8hNmRuTzlhnVPs0rxOtkDr0ojHFIvCB+gp4SNVj0YldDojIlR0\/3Dn7VAGDCem9vEBUBT2YeMkbsNoFcGF9yx+tHZxAZUN6i3I67NHiOw\/T+jxUqj\/K95lSH+zdgQfLf1aBtau7gu"} -01431{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621498081522654,"flow_src_last_pkt_time":1621498081522654,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498081522654,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01457{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621498081522654,"flow_src_last_pkt_time":1621498081522654,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498081522654,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_src_last_pkt_time":1621498081821896,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498081821896,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYRtAAH4RYuSfdbB8xkodT+8SAbsFTm91w\/8AAB0ItDBJ3NIuqUkAAEU0OvufirbIDgp026bZbyRK+lP\/li5aeFJuMGsrKstuy5GNC2z4iOO\/abPbTq2u7PrmN1s1F6w0IR63u9BJRRqZsjR9rWd14KbZN92cuC6PwQZASSZ0PWLjMgW8lo8bo\/p4Ie0KGPVmarivxVc7f2b8bWK4ukJRx+v403t\/9CEnqZ+h1nQX3cV0q0wYsDcL4t89rZdkOD\/2h3Tynd0mKl+EfWaCiGCWZTFea00jKZkzOYtci+ntlHZ3vN\/5QVk+nvgSVijNAivrMJEWbvt\/Hgl\/NDn711tOaolOUN7VDWPKhmxO5E+Vj5qkX1JuMR3poM+ZzVmshiDYUYmCOo1\/EPh7BUBA8amQA2Pt5V1UAhZ6l6otPDcgPLAghQgMXkuAiTtWFzpRy1PsfSTGti0hwoBRmXcX4Osy85gPdkMPPjDRL9sxMWZ443WQaNmLu2NCZG76oV8Q9r6elrs8nfp6cokfwyjQiaj5lXdtmWez6Ub9zZ3hVLN4ZSFJ12MzBDXFLF17wXLFQVEwN3J0hUvUhKsfZyTSVGXukr50e1LIUe5Vk3iGcV5os3CuVaG91MxXzApOzbVLLESlpzPGauzkLFu+7wEmphQ8EOGPzSKcgPkIYTuk7\/p1\/qR+e\/LIKLwmFLece51gXCJDFQ9PjUsal8fhmjAQtOvr6WTWXLColGnpvdaMDuQKB8HjmmpR9dJ4DqjExdn9ISewALk8HydNfk8Uvr3B+OVq71nszG8nTFPdSYSBzEWhRglIanWym5rO+STC\/8vTv\/W6q2hhkLWj1q0jtPjwAN\/v2Y+D0A4JyNLo2FkyIJcbWfplQ39A3\/xuxD3YAD12Vn57SeHhSWxO1uApQ+t+zJkEVcrhY9SKtmNwQm+6eVRxYFVqew4rn9K7lyAryiVHDQMrxz5ZBAq541Ty6HHtPWBecGy6gvo\/iT+yBnUFd6REWeOOlZ0VTsR\/AFub95hlY44g8UyeLChHkWygL0G4vYgPCQgWNuZWs1f3PFB3C1r\/neQaHWsEqXfzcFPI1Ve77J+5BsBQx73by2L8lYfyixggOPo7sTcoKYKSodtv9pgExVr24O4\/8tkR+15ZqhYeGxR91PaYugbzj67u+4OLdjdufEwK1FjqMmXfKMkZZSRgMY25aCKP6w9RpGPzU6xtd6n8eBrjegOuQMY2i7GThrYUeYiCj24dBR+A\/nS9Z4ny1MZWcp0jfK4ALWIdHAvCMvFkaEoCrswCG3q2FGMP67Qn27U7Cgdy6Ae8bOKa0gpwD67XIbZ3VnJtIZI7zP+FEhfUi0Yu6AMqmlLsv6OXFjKd16nwj\/J9CUoCsvFZj7Ux\/GRuDCul1XmrxN7CCNOU9OX+ADt2L\/fQyWzOZSvKiBhqpBtkk2TfqvuCvxVhzPhUfxCU++aidWCrZQZzSrwuajKW3QvMvG5Ss7lOXFiKY6un0x+VvjFLGtGPVVsETZAhpkxfy9vVl7cTojfKYb9BYI3it8kRtXGrW\/xIOQ9niF4V1PDpiubAYqMeNRlI3NLhOOvjMSc4gQyVKtScIYXdhvVAZtuM9Yabsw9P+8B5XyWEuXXKfq2yxLzBNvM0uXuRSEoFhzdgUADAIq7QcGiDu8G3IbB0DnhTLfiqNJcrjj5j8Y4Xh8KAEXft93SE+XzT7U\/L3dHtIrBdUdCUjN1yTskCC97fkKUSEv2nRSFu33ULAhr8XAIBTeRzax6cVNbIQtbTQqO2neCBmpL85f0DISj7eIkl89oCYMp+ZXfxIpCUVAU0uyKjoKpFGrNC11tb"} 02397{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":3,"flow_src_last_pkt_time":1621498082422634,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498082422634,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYRxAAH4RYuOfdbB8xkodT+8SAbsFTriWyf8AAB0ItDBJ3NIuqUkAAEU0gEWSz79hSjx066IgEUilTttXNnBdxCIzGwyKgx22yggjYxUTOdMajr1\/eFj84LW0tWwiYEddNG1hbcYuTsjgufILsroj24Q3t\/uzrvR4hxlGIipIFKFQSdDIGcYBqlNqAaUOXFFDKWM\/NJ506Je2fGuUskxDQKAKr93NLTfrtVPjcaeEjkYt31c\/SZTL75GuaPT2mMN7etsFLArPTUK71+1V1afZAZptJCfmKCNVqwgGuD2i6NTmwkVh1735B38SS9NeTwvibpCCgqWLwGQceudYrYixpQsp4ysYS8hpI\/FAn\/wMbNYfLg0ULXfgBbdtqpqAz8gzjz6eyl\/Rpj5MNvbZVqNxScGru+OBXQwtVEZhxEtA00gRt2yig8vtLXbxeTHNHLvc1tr8ADnBwAus7BUb8Elx\/8QbOQJikFJzSqgm1q4x4Io\/yzHxvAmLnPsiEQqTqREOrKHfmlEHcPkGVkGtxFBNN+2k9aZL5JbmPRlBlC0G63qLufVXOEoqfGJNMZ\/r7nslJeVC3RVHNHRsnQaaVqTKCmjWU\/y1v6+B27XHPLKXFcBZGuXpvfdMRAsvAkwRzf8W8dO1sAukMkeYXN0V0P\/cdEmXv\/Mltpa5lcfPfiRw+bcfRkuNSD7Jc2b+iebax5ug8xwzr02wcXcQF4cGzsQyRZl7DyqI4QU91QrAsEcoHNeRg5JB1T9kQFDdcX\/REgLdvgMgBzxehG7z9OVH69vE5OHzw7pvnkoKe6J1pspEyN\/MZnsAVzaytYx30UuiyRgMISQWN1xfqum7\/YAiZINczHJ8y57E0O2FZW\/YNr4IpADWEzCYwTIu0x3DfRnVNbEZaadYGhViYNEY1zM28\/67i0wKSSLdh+0hygO1BEurBhEzdIroBw1lBfGNyfblV6uG\/7uEn55zpbG\/7qCk0ktkqTFveb6WXCOISST2J32xBVGziVeJsWONMPJ8Jm9PT1AEZcJwaHejFt9DpalZhmwFO8Enc\/ogZQaBxWPbFFyyuh9rvm6tNvA3jaeVh40hlLlIMUxPLddroFwYb\/9EO2mIWdQrHAdGk1Lh6AyJa6YfJKwGpm9NYCxghscJLthycNymVYnlH9ylQDmgmJl7hvnLAvwa32EnPRpWHAkiUhu0kcIqcpT2SkZyiu4cMABsnU3jPWri5+i7YqqcU8clEZP79ilHPctQYpBtvEKAmSD7Gg6PfMEKZqwwpeUK8+dTYIp\/o\/SmoPxYAZFC32OjsVAjSgBTgUFjJQtKJNO\/Q0n0\/Bx7FI53Bh8tOLKaMneKlT+LrkWYQa2IgT0Ubj9l8leMgakA+hFRx5nhKVT+gHy8BijJa8hM45tbFLGLuaHb+CeAqgmE\/m8Ud4ovePpufZDd3bW0o1jrz4rn0BX8tIkQy+IUYoxrBjuExnNvs4TRwyfTblAI\/I31W8aDB662jJlcg\/QE3btTahMgEReMXljoY\/ZRh3u7JIQ6wjk22ntsR1sJRh2WFJh9oJxWsj2DyGf96xBV4z\/aPhEV\/yote5aKxrDNBeQknvp7Yhfy4En1FEvSZe8rUAbBQgDc1BHXrROj+FBZqKGH6sdegaKRirXJnQLUtUJ\/Q5NaDydpZmdgBmsplWOT\/sTyUwVugBQNQqk6\/7I37T4YBTN8nQWspDxdmEOSVvcWwSS7UJNsfcrNGCZpeXaEIJv\/\/lt\/H8+PibZ7H26DpmjUL7J1pXuNg9btTIv8GIPiixqfenNc2qdVBe95VLeHtbRIWFOipebc7xvKSmtYEtFRjvJuANVxLMqf"} 02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":4,"flow_src_last_pkt_time":1621498083623668,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498083623668,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYR5AAH4RYuGfdbB8xkodT+8SAbsFTmzBxv8AAB0ItDBJ3NIuqUkAAEU0nS+0w4blUhqvknb548XC\/yn1Gor3DKwxlbB7\/uu39QS2DSpEDxyStWc8WcyIZ8c5PgyX14TZwIUytEJlBS\/8n1TweCLcrbeP7MgpZ46rFSzOa8D467ZWE41EpukRayYejde\/G8ICnBqzjWfBvyq0jhK4mOUBCxRCcqSyUkDoreKeEnJLy8KsVPiDiYAH6DNe\/Q+lDFvSPyNZGxmCZOw8PnKQy4k\/Xv80GgnSkni9aNAYcvDCEoum391\/coWdVWE4L\/zhQJ7j9tpmJISaUR41VIJ1dglx\/39xJ9\/01vrSa3OkFc5Fy8BBj95oba7xwYHIRxreBnRxTlNd4vpEEdFCKprC2EHtxSZ4P7Fol\/19yabIzVGfrXk7pjZZBFfVDXyUCMzmvdsLWDs9LsNlyoQzMKBuF8VoRMmcfljrP3a0FiPAlZerqbbAf8Hu9eIZYsm\/yugGEdXwEKyhjhu1+YvDZmSjAXdaXqtRafwUvoKJvKOD58O\/gEeME2uLit3LhKB8oolU4Y2CeanLvQ0Bd9uGIdnp9FPSHwJRfgPRnBkYxuSiBlo9b2+yU1kPEnXno4jwWowGMmlPGobjvEwtGiJFuc3qBeTVGeRb+oZK3yznz4ooQSL7mIPohmeRd+Rx1zcoqIwZW1r3WTSFSh6GeCeImPe6iGHbBd0AtAFB9ICL8ih0D3yroNz2Lofe+8Yxr\/6Xw3g\/0nD2+ze94vt9qGWiHYwCJRDWe5C4FXOCx6xvwiSyBPHn+UWiFgdNlhpTeCRcxWm3OvZX\/3KpH7Z7if04QkBeuZ0Ux2FSXC48W6s91+35hS+WqQ8flQwk91inucMSRf8DrQXU6HLzij8d\/ufZ6cqIXgAbCC3+D\/5UKeQzzuTTA+cxHiC6MH8M+mCmeIocfg4VLht4EHV9xXYOfIHuXNskqxmXPAFbOph\/wnHE2YELf9Ug6M40kxzp5GfscSsJ4\/+F9+X88vGFNZAYZIQ0fXbJB9drC3AzgiOz\/dQoJBhH+NVAbbzi4o\/epLdDnU+pCCT3pvyBUiQfrYugPKfQ3C2nMgHk8YjjSoRW5j8rXdLqLftjCDZ\/JbG8rfCMd6cuFbBeb99wdGuxJIcMbwc9cvILpE19XIAUn4bvD2rqIm+SuWfcZWN\/9CNoNkQ2jrjPWR9LCDSA2u7MXFGhJoFiJrKEKwS8t\/w54Lyj1xy9zd3bgRKOto7BBzM4vobLG8+A75iWZIThG7vD8dUjCxUGvUG94fK1WBcP15ArBQ91O4Unb2X9Ov1f+Wycl1LV\/vwSLkZ7cTAKcJ7vKj2\/FUCYwORzVtE1I6aPqQWMr3eyzVJd8NVYj\/oBBdZHgOCokcrcnonn3Ps5fOiei8JlcX5P2LPy0fe1eyBW58+eq8FRuXxFch6vlwcR3K7lSz6kwNsDvqSz8BLQpPByYiuT5CXy8ELiCcWnqEWfDGSOlabrYQf+epIp9hTKNLbSF0V1NCtwIuAIDHhYy0je8v6cD8ExDV\/42DBww6ZJIEudDTA4IlMUEsUfuKZLsiCkicFbZ0\/4oUGu2YL5L8vXNUCUXk\/xLVLI+bjNLfRZlL0AbjxkdJM7VUIxCP+J0XO0kohpW3\/Ez4AzicqXaasofkO+aX2iLfksl8z1jppxUjL3We5lUmH7R6ILJpZ4yqty4WLx6UcN2I3UX8FIHoMXOeCijmRnkv+JLDGY\/cKbpQdcVjWO0QYhxTXVm\/89SuOJEwvL2\/qpMBK6MhPg2sAuL0mqP0\/yv8rnHP\/KAsfjDVUqlpfhSIqeHhMh"} 01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621497523457937,"flow_src_last_pkt_time":1621497523457937,"flow_dst_last_pkt_time":1621497523457937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498083623668,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"3":"DPI (partial)"},"proto":"QUIC.GoogleCloud","proto_id":"188.284","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} -00687{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":141,"packets-processed":140,"total-skipped-flows":0,"total-l4-payload-len":189000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":95,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":95,"total-idle-flows":94,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":562,"global_ts_usec":1621498212950392} +00687{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":141,"packets-processed":140,"total-skipped-flows":0,"total-l4-payload-len":189000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":95,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":95,"total-idle-flows":94,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":562,"global_ts_usec":1621498212950392} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621498212950392,"flow_src_last_pkt_time":1621498212950392,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498212950392,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_src_last_pkt_time":1621498212950392,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498212950392,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDdxAAH4RAMSfdbB8gPgYAcFxAbsFTooVwf8AAB0I+oTf3zKXQjsAAEU0K2X81CUUYVNTb7c\/gt6K92g3k2uie+OA53gIgfaMNjNuH4MUMelKU6Fsw6sNfg5GG5qJ4eud2MFOn8X2tXhI8359esLfPp9WmlTfT\/oOrLme3MuOolugSEKcrrCVkd0LZuV6Av8DKVlHVrlpv0240Nf37vxag6C53FBDIOQ6LCd22JO5xn\/NaFOQBTN5MwhdXKe8H6r+EKu0MMl3i18CTaxer4Ec7N0oGrRomY7+OmgBg9TauzdMWJj0eYJFpdct9mnNghVe3E+WWeOHpf3NCjtkwso9os\/I1QOoZPXB9jwIdZ4Ne8+CuKTG+9tcqCFaaYPOS5DhXjQFlTS5J\/C8wry9mRLfPxmO1BQiHAFr6GP9Y5vWBsO1V2479WWJiBEJug410DZ3eaQ6ykeEHvnIbiMvMtSdXEZttkVySMQ31Fw9rOzeUgG+BPr2jhdWKXNu3NdlWiImj8cTTjQOxOtPhe\/+6Fx3ryMD+9KP13OjJpbH1TmVC3+wAJCtRp7htijDfs+djtrDtQtmYoljdKd6zc7r4DUgUx5a+lfJ+CQXmVSyc22sQwHuhLv4tZCwLDzjsfyd0tH+hoD7Qa72Swsvd9iN8a6VR5VOVL4dEXew+OVA9WCef4VgLk3PIXZKixpDLfYCSJ\/KS3IM1J4\/k8MH5DuYEu14a4bhYLVMzA+\/6Hh+TKT4leprgFJ91woRA3ZcHSFAFDQ6JNfWusZkMrX0kYWHzOn9N74ryBahTJAqZOQDKe7hgPc1zvzFZdQI\/CliH1lyvZkKhGurs+S8SAvkW327v1xIJ3a4v+knVz1HDiu9E8EjgQkT7KRHRIBqqKZ4ondbPabBq7uV6zq471LYqxhGKFGyoGxBVzr2DttB3Z3\/pwDEIs07QNSxcUKBzdZnJ6x2Fq+YkehrvOFCXOy3YCMutFzVwvOnQCidL8ohHIIWEgjIbGLfpHm\/0aWrklIqjrJSJ+rTPRW83W61p44YDEYx\/ac\/msD0XGRhWnBmicJsTwRBBV5svGieLeU0wwoRv\/LHI4mThjAG6AiLpvJ81A8npvcEWQ+MjQOgMjWQq72fQ6mncpsEh8naywuNoXmsIk4BB4ZGwmYN2ud9\/oZeqWqvV2B0k5gYpBOaiO5AHqvzEZdSTEayKAQ1YqXbuCf5QNmeckJiVyF6qNBoatmRZcQSwcZ\/T2ApNAyCKTurIastl6KeRV4+KqYzamhQB2W0\/ku7l9R8YLUGXIpbFAVZ0uF0OZyLqs\/v177JsDndRPefW+Nou62dLsU9VVlluBk+YGFmAONdyhN8iZeA5WCOwz3iTTD5N2bN8mMzQIgg7Bqo\/E8GIRug9o17TbkJUN0YnjfCIbHJtKaMHxL00NJbr3VzPT+M6M9yFXdxFqcigT0A\/lSoDVW1cjJ+LLyxe7NFjRQd0WXacjomlU\/vSqOt4d7QZrZUGLTeRU+r2gGG87IsvBtKso3QQR3flphwZgK4qieVr6KE53k\/ITHpCwbcQAfeWsRIfVZj5YsjA9TaaJLxpay1HiqTxUqZg3plTLPwXIAI2UEnJyFqlp3LNmknoPjV\/RJb\/wzVE1l\/2TAXdCsnVW4\/RvYAIgz1kbEyY+mdBPPmN7r0m+q1IFeOg5RTG+Hz1u5FTDjQLy9DaHat63UbFT45W72CQGLR1YbL59Rzmw7wT02BDrbjYMG5D9ap\/FxMB4LpXzY4OpaSIPgoD0IgD6kheO9CqpcZaNN6hMfIgQu+UTF39\/ec6XrRl9w5Mu88X6Qox2mOpT9nNb4CbMfitF4Z"} -01433{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621498212950392,"flow_src_last_pkt_time":1621498212950392,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498212950392,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01459{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621498212950392,"flow_src_last_pkt_time":1621498212950392,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498212950392,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_src_last_pkt_time":1621498213250242,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498213250242,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDd1AAH4RAMOfdbB8gPgYAcFxAbsFTulVxv8AAB0I+oTf3zKXQjsAAEU0+eG2aeYr2ZwxMQeoNxrRVbNbZLWTAPBIHGmzPrHj\/mbYKL9ixyzcBxmQnCXQO1lDY0ds2+Uxd8ptUf0B8IEyK6HWt7XDMsSm0czLAJJ5gHVvFp4WvT2QOxWF9qk9uhVnOEbnpLXsHxpRz\/dz0mNah\/t9a+nz9avu0o52y0QKIy8LvNVm5rColse28vLMEqwFt8Yhb0a+e8F1WQ2Jog1lBFaxZ9C2nVaxdCT6fJgVQ6neO3NzPAYvQeMe31c7fRAOphOfBUEujT4YzhvNiFl\/wwufDbC02lbS32wQDoSwANLD4ijQelHtGYhgR48L98xirGA5IPv0nFtZ1GWdgn333AjOEIFGx3pnnuYgw2iuWo3m3sof14XdX\/TJRFaZuHV1ez9+gI2LSQdjuDaB+lcNc3pexpckY\/HKHazTzKBQe+fUELgAOI36zu7bwfiGs1DcCvWMT+vwQrQ74Yw8jk4Z4SiCS7DRZyln0DpQKDMsVHuAt0JxYrc8EmeYHpAa\/WU7imzzrVyCMqw87RX13BgCI3YyigtKRpDM25QuBSbMZz5ZYeiWXPyE1k+Y7t4UwBli+J1tJgOZYuGdHdpf4dfCgKgBpCB\/sV\/ZjdtG221HiWUjAFU\/RX+F4Sk2nlwgBk3Gu4HyZl\/faOlZ4A1OSdQ+fFuezBbnSGeaqbNo8VqozC+DV5QFVDR+iO+QWF73iaPEDFOX3fumQIGEeMxUCKQDbM3wtercBjGaPrgwSioQrTtGhXuk2URGocylTgSwqUuBqVOiZ6JtnYXVCLz0j3YmG54CGZRJwD6Hdzt9JYrpmq6dmeqLlnGt1boRR50qkJxmjqBOKv7Cl58UXZpi3hAhdW0L1aeY6VfIJ1ywx4a+S3Xag\/orC91PHKrMCiRMP7BHfcAHP3cmMHXdjD7rw9txJdTGOjn8lX\/mclH9lQGLRl1v1dxB91OITgYtiPUptU\/FstAfqQUeN7VbNzZ1K7myM4eKtKPa3VKJ41NTGXaN0jRG3AsJ1FJ1VXwFsxEXvqnYXdbQvqIAtWI7ORnGc4RUiKLZMaiOQ9ZpeJBxqsAYf5Ipe46sFpXilr18+FHg4XkhotA7suHK7WRKyC96nxR2DpEVf2iW1ectFaPFEKsQ\/H1YQbyGSNOyfsPh1j7faS+9snjbmdWCAfHpAxSqQjfbmAdHw\/pXpU8QfMr7cJSolfwHDFsekvEeA7haX+xyxiOvwU0xIpKlGttzlKe9Zs+aw2lgL1+sWhZVxiXxt\/gUA3TRh0SsDzH5g+XZJd\/neVfv5Focg0swaZtgQXQlDD7IMT0JIkbpudBNxUJaoKkGBhyJSXW3YfdpVjMxqZHSyytUW2OsHTqTDxRLDFBCvuJkYPJ\/TXIpK0\/4wD4L9l0omgm3px2fr7Tg0bZjKBZqYFsrt3HkLtSGTbe9Cy8+JivD7AEnEUiKufzcgmavYoKzlmopX0FuwXrvI3Tehohc9Un3CymwmJwzoJogxWbDMhpF+zwoGBGss9an05aUuur3iz7Wxk0lUMrHG4RhjccCzdOjsiU0cpH7WOa3JeWnb8oZZ7E1yUHJnEa8TUN7DI2nHm7hd5xvO0jYRqfo5cwZY5XIuQteKO6d5vyOsi3XP6L\/1\/B2Ut2V2caOd42VO5fK9qvI\/d65vyKDadxtG52mLCNi3gzdraK+EO18KknpwVwSg5Jv0pduYOIgWdKxcr+HnXkkz+KrYNl2w\/cO6BHjE8z+P6ziiwIfrr6GWrGLS2PfoqxdL2ey08WkeqrNpvHrYQU2a4rs"} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":3,"flow_src_last_pkt_time":1621498213850512,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498213850512,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDd5AAH4RAMKfdbB8gPgYAcFxAbsFTsNmzf8AAB0I+oTf3zKXQjsAAEU0TYW2wa0gBSRDkkdmZJDu\/pNSjmjccl+kQig5mlxVsILRFwOMT57XuOv8+xCb+87uWA9dkR3MCory+CSA9k9IwRunZJ+BETH5SfmpqFSP\/EAiXYBfiyWfexJyvvzdDNIlmXLEiyQv4ixIWJIO3WnbJCrbDZ9yN4PPh3+ZJeKdbL3pTJsxyDYJ\/K0AwIB3uSpy2ZQ7iPtPDkHhwAm0FbglERefDANRRCDt9UuWOODuqe\/eXcYzExeuApS5d3YIK4jhh64DClYEzzb+MKIc\/xPP+Kn3lPcPwqqIF0tNqN4kidjRAQThHdN0m2oore8VMpITgbE0pV1MgkL7lfnb1BmHdqPktFFVvg4M9R9oBo\/vgEDDJRAWAmGcmVRa5lB7oAaJdxN824d+GfIw\/1qMVVQy9mbPreGNJI5FA87uOjFOg\/W5J3F1z3HhaIyqbtwEoUGiMpxMkBVwhQJI\/NqiQ7cCTPyStz3iGYjK3gR\/9Bbw8+tTw5id8ub9L1LWEZk7DqKPgXVBJu8OGwqpaRMSGddcTDBphFbTHUszReIPXXK4fIJ8vnhXIbSCNh5usnBJYxXalGGyP1OwD2a79wMSUAPRbTRq3rslV5\/OoRSqu\/Zs+8jHkIPMW4LtxNfcjjkPK2kD4PebKMCHpmd0zooX6LnokRS4M4p0k3XmNrQeH1SNO7ooZjgdGcmI2qpnjZ50wZY0FVF84zFcfhdXiDRTgFPFrSaaxPf0z8xF0n\/P2TpBv6uEkyXD2A5+IeZFJHXEf9qwaBDrm596gwBmYOilpzlnw+vM13lluTV8LOtESGS\/vKE4CpcHhAcjdbP+1ymk+om1iitfEwkvvDF1j1qafTczkx30v4HqUJUwF\/9b61fj4o\/7elbSAAzfCZ7ESTNk2A2MHuqy\/5+jrriuO72nwy6VjhJ+GulTPzobteW+l\/zBEckGEa8FJfTQdOStHqid4SXNF5RJb\/1ytpyxjnE0mVjMP42pjeQQpTUsUPMa9heF32n+XhzIkoHVuTsSW8KUDb8XsSKBKbYY1eJqV22PrlbamGDRPIeYyZxQrvseBe9ZGoW+ojFuhr345lGnNBRTbyV\/ifd+H3psrwilnpBQYZmIt3+yx5+Ox2Fl2MHXrWRMFlVHgyr3YspcY0pZlBmQSZOmPefZHN3UeMEoicflo7w5P9I2OILP+nrgTefS2ax7woPr2siuAHSliWnIFGW80aK6MX04MDmNfZ9qEi9D2uzji0WYs1aM\/FrXpTtqj1SPUWWhLEfXiBcjKNmhsqIUIEkrKDmesaaohHC3lT35CgqVB7Sitf+f3SeyMb+bWGart+IRgLgJBcEhEKoIoYkh0VLJVV9+doaDLpZ3HUz68vvJqjR7RJ0Gd5ED6cjJQuN+n45FpN9LmtbOssh2iF6qqJGi+PGx9q0M1M\/HUKAy5AN1S8YkWFsARDs59lonK62ZegV4vU1TBWQC7PGQRI84JNqfby2iYcagYspBzxJ+WakTI0qksHmy126F0+iqfIjkScGi9KPimhJZju3YFlyo6jNdjnvMmOvUUuhPQiXrORQ0r8qWWWh6tJ9HkW9sI2\/Ef1akHLftAxsOV4Tw7CFHLJLIsPfECdd0l00i7lyYzOrNaZMF3Kzp8XNi91vmLaBsXnvB9zagu0mQRRAnE0+1FdGlzcqDM+y0Fv02XWeM5LLndn5G6Ul+OdbTDl2ol0tkAwTNskAn08T2HhWOi5x48zrrAMi7Lm6AQyQ1v45a0okIW2FPRz\/fVqdN69MfaqHeQccEm1Iu"} 02375{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":4,"flow_src_last_pkt_time":1621498215051045,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621498215051045,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDd9AAH4RAMGfdbB8gPgYAcFxAbsFTmjlzP8AAB0I+oTf3zKXQjsAAEU0LsN5lwBuBohPIk8WcNk8VFDhA7Vgriyi+GRtPBL9m72qnSXpKDRNyBr1vJSoNoPBA7JyhuAi7fT1PX1I2vjlaUVWsgc8kYgBIMx8qP2kNZwqjvx2TBVJwAj3N+yw8LwNKtzFKB6+TMsZLYLIMH9IrqYxqELZBIDxLZ\/QF1DfFyVw6THtglw50C\/0NZTEx8NCLc1o5VghXN9CxPQdDw+1ARCQcUgGUtcrl6apsDZmCIY4dlws7dq0+YRFNo4nwVv1\/NhuhhymGXU1KbTNUd3wu7IacRh5ZozQGCC4lpAyCYdi0M0tb1cwxp4eVAaxEwbV61pLGvzhHonyk27mhmmRKXHZp407b+3bdtylhWuru4BdzonBsrsOm5yoIB9EcZSCDuZWdNfxOPA49dQ8yeouXSBTteMFZKZgN3gy+CscZNgJ9VJ3XzPbaT3Sjwfp+Imm0XMiNLMPk7vk24DJeDvfTOWrGVyb+Owny8XN+kQs\/4jkzKd16hVcK3EuxZUJ3YL7kvuAMcyXATuy2aPzq\/qUCR+46oadiBFjQ+AqJGDa4DDn5pIlThfKhuL8W2WSBWM9NHdsijsX4AWK52hukic+q66F+b8J8SP6Iv68MuXawvVhzPS2VvFOVeSwGqbo5gNZY9kTkE7ENXEwKBBGjbiwiavOCMALOQbsE0Yk8jb3I1d2lf0ZMf7DUTOkyO\/ETHwkbJj6iFt1bYdjiO9VGkaT2DXBf7gPHAW9I7xVrnqcXaMDPwZcM9to2oq6Cvxi6ZFATdSTaILAoAlr+WJp4\/x4M5wyF\/vAP\/yTQzIb2bGKZ7pnfl5cywlo0fgpjvW5QOc\/RgHf18lMdRrf62sRFnaPGhpKXITH65wo+vXJhObyIozCXX3rt1PRJH+wShh+XckrU4wJJoKVBUHS0heJb0mgTITG0CMa6vcPljLF3dpoi+PDPoTKL4V+lpEkt+V7VHXk70t1Fy5Sfv58RmyfC5FEvWxQlVK6c5Oev2wm2PVpGtPYGHcT1Iaz18hBeOf47ddsPXqsB90cLN8jZHFvyg91ck4Sa+OiVIavMiGozag7DsBiYZ8cGD54lHrs8bPj\/V8liri7qpsDuJ1FEnHrY4lxVPCks3i8hNv9ZRv3X6jXf+I3VEaeHGDtUw9oLKnCBpvU6tAubBi41m759hiTFL4ykhxb8tn5m5aeqxR3f0Q728RgZWXTlctXVYSpB5l3jpLSWwBfpB5vATfB5gT7GU8Bfiwc8Z2Vr3zB26ThoifPDKQ7CgBF7D1qETS\/A7QkJLZ7MKggZ08HQ66IgwIzaMcpZFaNRoYH6V6hXlhmGbG+dUcLjbMwKPo0h2GVYGOukOa+q+uiIK4ndjQ+zbiA+B8c0Jn0cMGLFWosA6pKHn5QCpAq5EbGETn\/U08uM35Rr0A3wjYh7mFCvIdwkIPPE9qgAa7saF0ZL20lJZhQYvUfGCPd2lQAsjRu6la+JaXaBTMz6cwgxShegqVQwQvNyeg9pY8ZQuPw6hNhqs9vTZZXrpxrybFqtjAGrnLjnih7sBWF4yhTe87scov4hgwKG2eZyL3exAqujf8Reu9i6mCyS+S2bvDYnaOYKeHR2QKLBAPcuhLrodBina385kY6tjQo6GHkGYmif9zt\/zLi7pZ4bmsZ+2NjxgNI9SH\/j+LReSGJv6SOdxEDpBda8SSsYwXwzAG3vi3mJsrs0\/wxjaF3kkbWOJvHnm9goo8ySx8hG3LpiGXG9HMu1imyQOH2gj9nhFLFvWx77NWlPWL60HtwRZUPdmPs"} 01159{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621498081522654,"flow_src_last_pkt_time":1621498083623668,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621498215051045,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00687{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":145,"packets-processed":144,"total-skipped-flows":0,"total-l4-payload-len":194400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":96,"total-detection-updates":0,"total-updates":120,"current-active-flows":2,"total-active-flows":96,"total-idle-flows":94,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":570,"global_ts_usec":1621499083794242} +00687{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":145,"packets-processed":144,"total-skipped-flows":0,"total-l4-payload-len":194400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":96,"total-detection-updates":0,"total-updates":120,"current-active-flows":2,"total-active-flows":96,"total-idle-flows":94,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":570,"global_ts_usec":1621499083794242} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499083794242,"flow_src_last_pkt_time":1621499083794242,"flow_dst_last_pkt_time":1621499083794242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499083794242,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_src_last_pkt_time":1621499083794242,"flow_dst_last_pkt_time":1621499083794242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621499083794242,"pkt":"AAAAAAAAAAEAO9I5CABFAAVijipAAH4RD1eokEAFubq3ucBBAbsFTq7MzP8AAB0IRh+k7PM1K8oANwAxa5vCXNWzfj2PGJr2ZJppn9nfh6Ikx8R\/J2n3pB6hj93tRIJPjf+f1DrhXIYFADw2Oc+Fr21E\/SBJZyXpa0us70tz46tHGmOeBrCokS3GTXPLNs2f7i6PVg5iYBx2tk44g5C8Qs71ezbhVdCLpeHqgEt\/KgFUjX37SuS08dzh1hVBp8Jk3e+0\/4OclX8JP31qwN8hw4wkaeOcFhqGvTvb7GXAVee+0nZmchwlYaeZu2t0+br+FVqhd9lHLvrcyz7DhDlFCTLeKywE2b3EdmYTKWQbL+AaOaELDauoXSTh5q70gLIFBtuSXXAm1sLAL+gBd6WGAsCkwCZK7IBbXbpfWhwnxlVgDIPibi\/nJn1TA586o7oqTn7ceMNjjzs6CB4Mgf4cOzn1YbtrCp\/6c+BO8SdxtB5t2vkCmwP5K7T6LfjBIuFXQ2o66LBu8vSKvZAtVO2yj+LkUyzGXrYGwfv92RyYG7LfM\/qS18M93d\/jLQZxmPy5yiGfWVxPGI0CPYVZsfmSBJekaJCKENQtKqBFs6AVPQwEuwFcacGyY3xE6s1Lu4QTKe\/QxafP6viMrvTQxzW0bcasUyFE1R7C9iQNIeJ9yKNA39s4GHvCsBht5FKpCx9AeuLYalRseEn8YWrDkPowTqNRxe0MscA8q6SQSy6jR0pOiyDsuL3gqILv\/SY8Rac1R05nZiLplGpiGDhE9pweKrCSsLdVSYAwcW3WvtmtNMX4EmbGMMrtnYEWdvuR4n2IdSRyv9gEYX6Q8hzoHG8BLHi+9db7fSutvIgwHCOUrjIPrH1I3iuMdZlcts6TP7n\/rLuIJQ90AfdfuDPtfyv1mHgxzTtaN2PTxwVb6duplHtdyIHwQW4JxQZkf9eUmK3IFE1g8uPWvlB3korqRC3X0AcAV+sx3QBx\/qT\/7gF6DFP2pyevadhyCvcOrG457OyVD1AcTPiu4iyRPIPs0ZJvBKST0kuFIAK1RoJYGXKAWb6J9ZLx+s6hzq\/1f\/0fVYymn2hbZDLHShxwbQkfEQlrOwalUO2ySwNcLdHaWrgafMwU1Jqwy3c2Wh9mqTVQACa1BySgEpwrkwNkoUZ7lai8AVhdHtwXYpL1gB\/TH91SWvUyF9Dvtha9t5tE0iXlmpfJuZOaqCkHSIu0XSKSxIBe2ySee8BdNbxqds4tKl3kUNeesA0aLrk5BIYrRjA9iqsg5i85TcPN7ilOO\/einXalctu3yF2I12P95cnmn8dVV+5aGLhS7eTX+TflkPHiEhNljw7cP3w4P+5GLFwM5tudCaDLA6afeuHwRmNyu4EHuYIuyQ95\/VnxA50tA8cTxnIXtWDvz\/V\/1jC10E8ZRQOx5RAzeQuGCKL+yBkb5e6xUFflBWfYCece3PTocANgv7MamRt+5dIoEcXIWJrMMSlrfY87Sjfbdyjyitgx\/3GErSHkqQjzECLn35cePuOYXjGdauoaI0FdXFxX0N4pWRgIFSMOMgv7WGHyUa7JL2uW1l6IWs4\/VyxVO7nYI1RKa0HSXbv+H2wrJyMWxXEF+FapMN8qENUanZn0DBN3nS29l14g27PiX1KosPCMvNsAEyL+FHupF8wbuG7hhioKZRauujDguEg9ExQ0m3tL2dBvtN5ROVDD26LyzDaWTk5zwZ2+bt9\/cncF+BxskyVsaDrMG5BAD+R2MBcjstM8WCqDrGmpTzd\/RDmbyfQ94p8EE9NW4bT2joZcpOovGfpfSmOfPG01l3k3sCykGLsIrKUzsxdgNn2SuQjCvYA92JZ4glYI"} -01431{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499083794242,"flow_src_last_pkt_time":1621499083794242,"flow_dst_last_pkt_time":1621499083794242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499083794242,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01457{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499083794242,"flow_src_last_pkt_time":1621499083794242,"flow_dst_last_pkt_time":1621499083794242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499083794242,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01157{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621498081522654,"flow_src_last_pkt_time":1621498083623668,"flow_dst_last_pkt_time":1621498081522654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499083794242,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":61202,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01157{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621498212950392,"flow_src_last_pkt_time":1621498215051045,"flow_dst_last_pkt_time":1621498212950392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499083794242,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499130835100,"flow_src_last_pkt_time":1621499130835100,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499130835100,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":61286,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_src_last_pkt_time":1621499130835100,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621499130835100,"pkt":"AAAAAAAAAAQA+mr7CABFAAViautAAH4RX5w0uxSvxkodT+9mAbsFTpEZw\/8AAB0IgC3o3GMiP\/8AAEU0PdKy7uKG3ARNfT09pZj4weIAx8vl1AZI+zMCTSNcyqisuLogUxNuVvaYt3\/glQ+D6lndRNMSuyW6j5yustnSGakysxsalXmdT1UcNTCHKHLeg8MGYbFf1nX95GwKiEKdI50HtYAVtBQjTNOTIu4nPcMX+lDl5V6\/ytmtC7XiQnbKGjmWQm\/5MDqEu40hggsQtcdk2jnQjgDTlviz5K19+Tr1C9ZtBh0pIi4\/9HJR25mhrL6n0N1dPzZ\/Sqk4b9t3u89S9E30HZYdBGpKBZsCH9hWFAhEmi7j9zZtGj\/cxAMeBcWRYInSCSDQRHhlkWsdmuRhy3Q07JJw\/pEuGWxhUDuVEci8KtERueLkLLLpEexZVihN4fEprEovribmXQoru+8BTBV+JKFqpyK44xLUOIK69w2LDvW\/c9dPKklcJAIVdwv\/H0kgY4YqDOIxKOP84t7SjU2P\/ow0Hgn\/JAdJ6i\/lHci\/A9+cu9\/Xk16H553fgdhUwRGo3ALZoNMzPzZ1o3fb5FWDfOha3mWIsBgUxeNt4buHg+jzgWf7W+8y6hmDLWrPKxyW2XOx6tYTJz3Xjs+\/mCn0wh\/mAZ+1hWOefp3U2Y80XBDgcJQRXavyO05wNoq15SpWKscYO5J7keXA83swiPGep5RyjOBdKfiII0v1ao+0rcEj0azRi8HmEhA\/AjmGfVSAAHVwBUamRC5+huXrgR7MEVx67+etgSdyuW\/yAF8xKZdh7YH+6wKsN72y7zdLpHJKk0SbAUI46TifMcEIMeIjlEPcVZXIE5rZ5rAAIrKbutpPELqhKDRo+C3oR4n9djDZXmF+B4O61eZoj26V8iiMi3Ap\/CD+ILTxN1vpLCz34kzpWw+Nvi\/ei8CsOgprWtklqFizkd0rAcDGEQGgQUmScGmGMEFTP7Tg2c0rd2YIJhDkQOLfYLZbFQ53RWO0Pggj\/QDl2rb91M5mdkJT0X64J45SyH9PR\/Q3NGgNCplgG+Zi1JMbY22khGyCv03BTfHcT6hnjWVcK0KimWhXdtO40IIpbzn37UO9Luj5lbbwTxA+F15tWNy3XlcT29pBTkrxIoD1a7jgZwe2L1\/Ov4CPoXZLMCQMQHvebHhxwgktEDCOQHeufOAARA9+ttGIYLmddJgygIHV+Z0m9eIUy9kSZvBlaoiT+1q5FRgi4aM7OXeRlcCnvKKLkhgPWsdD0iPMWVSO46LUV89lhtNMGfdtBxkfsOg+W5oXMWMpj9KmR6kowFzf9zj2QyWQFYmhpTbluKm3xfoGLLarkejEApaHi42nZxpainN+yR4Xj1CvqK7729lw20TkDJxJys8CkR6zRpnmDL275nTf\/h6umI\/BjPRIRIgbx3bSDq20ohdXKRrSZXC\/Arr5YfL+XhMgAUJbz3r4XwrrmclpOMMJn2kr\/gs3To4em\/HdWYqxdT6aST7ERX9KK04xNC6\/hrkuQzcRruUkuY3mUT8iKJjTr46ie2j\/A1tng3m3VKM0t\/2rfAm08hZWqsveRgilR3Zm78b9fgxj9VY8tmIh3i6sK\/djJUOnInRG631tWG0Qe1eRXSJgMeHizDi47oScl6deUbLalH1IvbrClHklGE\/ZcbaAKgwr43r+5MEM4cfDxEWqZaPxzsAHgwOhwkmTZ30Jhi+c4as8kD0LDD4tAMnjZY1FLuGbtQbU3BlRBN9KIN1hHKMv01OPEqvqTE8yp4iGqB9BypJrEEtRX\/ZZWohZEKxDzLUAu7MMY9Va00pq66LfRVHtgBgFkrrN5Dlw320q"} -01429{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499130835100,"flow_src_last_pkt_time":1621499130835100,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499130835100,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":61286,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01455{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499130835100,"flow_src_last_pkt_time":1621499130835100,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499130835100,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":61286,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_src_last_pkt_time":1621499131134117,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621499131134117,"pkt":"AAAAAAAAAAQA+mr7CABFAAViavhAAH4RX480uxSvxkodT+9mAbsFTiPZy\/8AAB0IgC3o3GMiP\/8AAEU0xNPHNjkzcBN6tG3CMXMgN1VQUQ5zORwwdJvxC+4U4Wo768p0CS6oitGkvJZyjwyc3OomATdmVH8dl4u8+5ZoRqU5nHzh8arBwEn1ailAEl2\/FeLrAKukjlpYd2Uk6yjAdkKgzRJUrt7\/axFA3LL6O7tdgC5hzo0E0\/vl4YnagMJM3wjFjjHYO2MS55fyThkTKtMGKHzAVPiKv2kKUgzu3g8FlFf4vERg7PBca9iFQwa1e6czfFLHU3jmlRamr1hxIWC8ey9XXVda7oP9kCT82UgKpNgsvn9ag0yB6QxqI6o91lGsTfzgwNOJcVvwV3aY2qjfabeDbzPU82GWmC8dcxg60wWM23VAAZlVYaqE14ppMMyorKrKFMn+86H5\/aNgSXh0MxcYpilmN6MgsD5Jpkp6OIphsmHoNdSCO0UVCwGJhSGovYG83XAmetDlCEUuBf6MaZFXBjrfL+9+VHX4irSmtkovc6L5vSe3Nf\/Ub6qgARu+YW6Wwl4tUjGEcM7JKUQxN2Ukg1PimEsh9oAZ12nyYh9FV1JccWxNJ2iNa0HzjjZKFHsI+Wpn2wjQu6fGLrQdYisl3dxVlFj4jvRBju6QBGPqW8L8vdchXv3SI7zqO+NhEBqeCwisAVMGs3\/e0eLRoiqrlCvpzdd6wmWwzublWtkESFBS+GKBzAzbuO4L4Jk3UFfDunCYtqzhO+2c92mAtqsWUkc7CKf7i5TjKJZM8unl261yU\/jXeb6zhnBK28FD6Pf7vze97LmpT5VanmKiGpb8ZFvlX5LvJwFqOst\/Op1D8Xr+i6cOe2zujddvgkGRpWHduSyvlJRv5eRBop0FHOugDZjHwRl1P5GOEDM7AA1rf2k\/IZ6eHOqZsGK6AJyenzNCgwn2VrrkC9JsT5B02qcBGp2ieI1StsetnNDeBxqD01kqrPTmpVvwJxCy2yxgJrEXUggkwFbWIS7thWSjjhXDU0J1GP9L68+5UUKxu0743nekpL+HTPJD4N3h3CVTgzlGthPYulkO8tpw\/xmwb4Z53Jqw0aGKoz+dhDGMih5n97yaHi969BtPXsVrXOzMwgYDcGdHV6VGFDrRp8MvBHKVCcSB29+r+o\/y7gXXTkYGvFUdNPQnjtOPuTA3g6ED4ZH8pHwnFuthO9KrwMMPO0Bmio3US2E5BtPsHcZEVYe8RumZt3y1QcMWOvon\/UMvBjIjvrv0jsdmxjixC9tBFNbGe7r97P3sSHcFQ62T6BzS\/+NgBh1Yy4NhP5OC50DrYOUUKT2FWmyPF3rEeN7cKlVvDoToDTZvmnHz0lXki3TSjmEpfEl8VTrO2dVRjEyX6UGi07VXGODj7O0oDpUYCDjmG1IY0i\/swPCy3NuNEJt8yL0p3nKFjn1FYCc72eaCLxOWLqdkUlTWvm8YpTERh\/\/2jrhdGM0qtsJ7FcXHR51v4J\/QVf7rdJwPLrxNThdnZTGK4C1SIOXmUd+I7RAsVphCtMqkYz2xSC9bj0qFHuk+dNgchK\/qNK7D\/3TQluL6drX87zcJEWbeEAz++Bs4gMrOfH1c41XMna9bpL8uXPg\/gpvGR2NJd9tPrZADqH\/l\/5rjIhOiUnkWVyo0TCuowGc1U+R+LzRsroJKH\/6INUIkFvJyqDDWDuiqbuF4a8ofyZWpGKXbY6tbrxR5vwaHY6nEBEtgpQDNpXreT8uG1VJNuS0qFW1sMAQeSlsJF2xsZqjv925b07nSHBK8aJ++l8pku10eV9oj5mc55it2ZlpB3G4BEsXbBXW0kaMazv8X"} 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":3,"flow_src_last_pkt_time":1621499131747389,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621499131747389,"pkt":"AAAAAAAAAAQA+mr7CABFAAViavlAAH4RX440uxSvxkodT+9mAbsFTucGw\/8AAB0IgC3o3GMiP\/8AAEU0O8kVjzdhFbU85yBt1iwqehVgv2Jezj6mn9SdO\/xAMoQ6Qj2CZu4L+khp0ED4qwgVsRimpW9+019RfzBmCFh99aBBiZCv05rUnXo\/AfLOGNQtnfLnIt22QaI4txCY1wQh4\/Yqe+fANHZK\/ZmF\/8jsdmd71qfw03URemmchuDEmTC2QyCtQDR6IgH1doVCRoOWgfqOlswkaRTmqWfAdyO82HcYIhAl\/HvuxVmWaTRo+N+1Uvg3vOoeFbmkRfA3yUNsNKKXj3CuZnmwqgawAkhvUNunDuSNb6sXcWQSLMYzSYokvzGSrnCUFzWEzLjsIIkXyik5WMtbabj\/rXxW\/BmKnGxQAsyLYjlGWLl8IsRIUrFFSYYnArQnHAypfPl5sP2d4bIyERB5Xk+W0ngzdIfL9its1S\/1UVAsH\/LCTr4l85qg6B3o5lI7DKEPxygD1vV7v2kHUJUOsz6IQEA5cB8per0TSrcw70EjOs2PB2X\/KlkRtnF3cJ9mBrlLk7KkAdUnU+mv18q7Ur\/HRCeSKZ1IDGV+ySb3Pkkbb41pvETv2t9LoyQAD6Lzg0sSPQ7JLV2KhP1jHyct5463eYlSDK4lKsa29bix2j9nRvZdlPAs7HziAX+7Yre3QLRHAPqf\/Fg1bbLM5UQ4fWOBRZxhjJcdvgOJYkAXggHGTSKUtw58FK258BEuvGOXPaZLUbUPnco5cBPBIPnVm18eagNa8I5hoD3V4qJwr9MuaRW9lHG4afIywkdpNhJvwCaU0fJZ7zWnop85QgRGJTV5214WTZL+EUJZ8twDwaNzSY1ggAfatI1G32TefYqPxD0muHegRu5a+vh6GU9Nr4OZ\/spphiT2QHSVclDaYx2okizMN5ZYBs0bQln9i6XBm2Xldh+51uDHmQ4Zzp5v5YqyrRXhV0FfzvxrdzKY7KJJQgW29XcUFfrN5qG1mzTku37OdUh4OsIIhl78ZXl7b4B4gtfU2MlbyD0x5w27\/HBKRN75vA6sVD4434hZz0CVYEpHiS\/\/F+U03dYEtR9fBHiid5ECmvh8ygYyirip51ZPSMQ+xf+D7QciO3qwP0jr6a1lkCiOGvIgtxOPSkwBE14jvn4b4AgoxAwzxMoNWG+KiIzQcc5d77j3SVtd+zufZsoTaSVxvbWmtRH0a31c5XS8D\/F0m+6IrOG+sVg+DE76dDddFTb+w9dffyNc0Dy2WGhcNHMlytYl3hpyDxLT5XyRXvjxA0\/VLZiYU4eZ4ElyHnvoUsVc1zIaglmrF+UZkxVlMip6nMHZ9lAEsM5\/RJYf6oyNArAqc\/usJ\/9w+reh+ZP71fVKQMu8hkbAHifaXr7zINN8beOioIt1MpZKpcyaXZRCKvAOiunMN2HFg7gb4p\/O\/EYfkBy\/QNmvkqv63ADfvqVNbE3rlc1Spji+jLBIq3nPFuy\/5gX\/hKpM6V+1cWwiQk9pBOX4ZM5SBBKjwpGA59adqr0mV2fpXKtxohrt1P7YEzdHgk6wi5UR4cnhpR6ATzawptEewUpLpO9E5\/GgMkhT3mM2LdLlAJbflcld+TxymmmNvb3UpmjyGh3\/j4AG85zZBWQGL4jZJFWwd8JkedM8UyyY3+J7Hf7Llgt2XBjEica1HmobGyVnvxPpQPkJ3hFFYALzmeLaq88STNOaZPk6gzd8otilv70M1Uie7Wd78Y3H+OJSDOFEeZSWpO7cC\/0ENxs6hxSkpuU\/vHtior07jJ7OPSapjbYusV4q2O8nnSUJJ+wHjLAkldls5Mo1vwKpLEojKmMh"} 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":4,"flow_src_last_pkt_time":1621499132950390,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621499132950390,"pkt":"AAAAAAAAAAQA+mr7CABFAAViavpAAH4RX400uxSvxkodT+9mAbsFTu3Vyf8AAB0IgC3o3GMiP\/8AAEU0CCLAunxqEvsNA66X1EEh+HbB3diR8XOH+Nd+j1EA4i11RuMwRg4MxupRcBE59Wr30pnjCvG7WwSJ+Kp3Pp36kOB7bwBm\/CUaK3NvIUefVeiKu8aB3CitnkZlHoeoNve423fK1rGAI76S5HRFw2q07mGxbnOjhM9z6xCXAfDBGYiZmMsHObjQtqpKD+hKkc9zgcNA5nnAz2gfra7JyAqYMe1ZUl7EL5EA36o3hG0JBLWzLWX8nuGkbVaoYaBg7t74Nq4rXY8dDvLpV8nmxcysLq4Jh5RmjmrbXKF2Gqj\/q0AATOUlwI7mcPikDdLVyWc1g0Xd7laqkEwx5KG+HewMfBJ\/fs238LI4MOjBH3XFRiuNJ\/1PLDSVDk3Xl0PC62nbYbDA0ukzghD9h7qydxVHb7ofbKx\/ss3NAcRz9V2REHASvioY+v23gDsi9mnd9vmwpZlpX0aQuW5jWCJz+S+SLjnOUxq0ePjaF+BsCsRhhGX8i6WG2b5bLSOXs23ZSR4DE9X65QwocgVyH9CZF7V0g9mD8Lei9Spa8\/tGhEc762\/3x\/1MkuQ08WXE1eb5W8FD7NrgYf6o0QymOpwaXeXqUpZu8j5oEpy7iwjhLsjquFYTlkgkrV5P7EeuLtxd9bB8K86LFk4PPHiiVjBA1ZXeZeddZ9IO5+XDyrp\/kWDHTHn125\/pCeok\/mbP1lysqSICU+SavcLclf9iczGDubjMy+HxKcYBHZUI180+Z5bQIezFSl936qYJamaCa8ycGTpRPgFEueKYfkAyAnZkTtq5DWZDfFdJrM3n+ClXxB3nxKxe46aHAdmhexAVCdEsAFZhkjBnpwyd3xB8wOgcTOS3YOczXzarKmRIaYTKhReCbGXIL1oX+CKifyp9K2P7wqZHv4GRunQQ3oRCPCRByLb\/J\/aYJExxgDqkp5u1fIotrX93+PYJgtNU+cj\/AbP5q4Ce+\/JsCepvzTCvwU4r7bNXCDbRqDxZklxSS7YxZ+4UU5WsxKBN2\/p190KJ1g2AWmz3B7MqmtEst0ASYrC\/yrtrXPNYy5yH9ArSVpHDkqpJUlmi4BU91eIZ0kox+SXJ6VvBkjf8ZEp+qR6pgJh\/uVekk\/u9xUsAwsqz57sKMqWdJ5\/nGXjyRlDq\/TRoxGCKPO\/873K6h+0HEh3g9j1rU3lTRcVdWrmf9kTdGWMxa3xA0DnwHoABYC1ea5FDCBgn7\/w7shEnRbLHvASNCKpNPisAiPQp3BojbJ\/pK\/MnTCmT3WADNrOZytcxn+S2gLTymok6rg6ZpsloRw2wTfQI\/OCoJoCeThhTtmIQ75lcKluNMBWyZH1zbt1HY9uB9nKZamEKE3DVrB13yt0D8U6wSKhAaZDUsXRfd9Gt7evuxhL4Hb8Z9WDG5xo5\/tD8LyG1bDFKIiO7hDbTQHIh3UEPxXajlTHhjXQu7xnGAM1vFyccMX6YrS9i6UCZLkMiJYmNzx\/ZltM6JUnD5gl\/TEnjyNIBP\/D22Fhijc8guhKm+73yXto0qQMlGkuxvrqhc+0bFYe2RRrd4hWPK06ywX38tLlMZiJdebI6FcNXes2NEGMU6jzVKztzylCcoSrevOVNOm2rtGAym89hwLgT9RMA4C8ctQlYlekEg8f08n6dv25\/MRBrtpe7HHK6r3bceeC6Mysecla\/Y4nnPZko5jKfeqRqbP+pdjqFGZXZTISD4Sao6OEfl9vauwPSKfsFkLUqIkOJ9X9gdm49hSkDfJ0GfseC3GLK7JAAq5DumcX0d2IHEvGxiYDd"} 01159{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621499083794242,"flow_src_last_pkt_time":1621499083794242,"flow_dst_last_pkt_time":1621499083794242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621499132950390,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00687{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":150,"packets-processed":149,"total-skipped-flows":0,"total-l4-payload-len":201150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":0,"total-updates":121,"current-active-flows":2,"total-active-flows":98,"total-idle-flows":96,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":583,"global_ts_usec":1621500710201121} +00687{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":150,"packets-processed":149,"total-skipped-flows":0,"total-l4-payload-len":201150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":0,"total-updates":121,"current-active-flows":2,"total-active-flows":98,"total-idle-flows":96,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":583,"global_ts_usec":1621500710201121} 00830{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500710201121,"flow_src_last_pkt_time":1621500710201121,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500710201121,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02380{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_src_last_pkt_time":1621500710201121,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621500710201121,"pkt":"AAAAAAAAAAQAXWCjCABFAAVidHpAAH4RAzE0uxSvZsLPs9AMAbsFTi9Ky\/8AAB0ItCn86+Se4YgAAEU0MHhrfbtIJTtH3QVY6F3aeUtwMPN+HFDoLuLJNWWF83Oo91F\/IrU\/4VzzpTeT2Fs3WeheARS7a3eJ6+jBx50KgL2Mtap+DJiMUnv5+MiK\/lUO39U0cv8d7GpIK\/I60LKV\/5UKO3hYdAl9H3sKf\/17sYn0RqCxn3h27SFb14UfQMrK5fzHbBIcyCTwAI8EH1FUNiii2EHC6MKWOlasY1W7tTdhYLqIJe3Pnw\/eMMH4EH67C816p5GMiQfDThgfQ2wgQHnziUTQvAMRReqOG70usUWRBc0H+BQ8YvPfZECfgPywP5jcJ6yFiW20NNxDHB6aoJ4Cj+YV3HYe3hWH6RtYkzgshfY2d5Z5SXiixf9F396ika8t5YhgzUJqm3qaduYkkuoKsKEzuoXUVwFjy4mdMVXENEyNoKQ+m7hVG2MtxWAe5F0iilBt4B+B47gPKblladD3cYJ89FSWeT4JmrpSKq+sitEawWg8mHrgGTQq7NYbu7N+XGgNwfYKSGmo+wJ4PZoiqprX5abZOW0AcEO4GmP23kcsiaw6jBKGRiI62wQkX3CdcrDC94UAE4ETeCTM7KGTkc2NjqYwxvCRWtYhRE2jKZjoxjsBPN71ErHefn1F+hbfKNlDzSGX\/XS29PsKXDs3Zy7d5AvyJhbeMO5c9ZW9Z367PIIkmQCfsx7uUon\/NyNKlzzrFPmj4\/Q5MNYmYJUzIjfkdbkREP\/oi3qdVUZRk6Qq3mEyntdw2m0x+Fl9NnJmI7wPyTSTYM1zGxtoprNKLZoKHPJUdriJdNO1mtZLgz\/iMksWRPpo1KJv17xWq6zVr1T5Rb\/56VZDZZTzvvnDR3LfObrvTjxHZjpDe470INkM91Ng4x1MGEIzMvtmxatbi7QsiBiDO\/OqdD1JZRhadEr1SeF+j+x3pCgDJPrTxUQNeLKGpDOINsHcCNzi9E6t6xSea+mxi6UCuZeVqiu7Mq6oTDEdYhM0f2zJdDmUwxt9ntbOaqb\/70GFQw3Pu6A6FPriLWgxfjbt820gGfdllAq3bd17xNlN89\/sslY71CRXr\/AXS9zW9TVm9cE3ieGVRvpPlBXLxR3CcDRad5beYHB2p+59RVP4JEz3gq5xGAJk56U10gDcUMuTu9lOP0LVK6rTCu109YNLsvJwHDQHJg6cMb9ghMycYjRH9R8GiFVxeXk8FZUVTPEwK19hu5R3J4CDXQi+bSlYR8ZWUeNFXdURMnp1LQodsU7HXmk0DNjXTkB48gPiecCbmUF+uqaDsBFruhCgfz1ajvkEGLeVbKosgz80uhsQmk3MpvR16f+ZOAa9cii2ACYegZ1+a4KEx2NvHlXUrXa2GOsjIAygu7UkwCjyJDh\/KLNwjSadZAQTyM7O4lGORdsjV5FzQj3iyRFzjEjdAaMYFQh7u74sj71sIjcdgnajLAngwvieEOhjfkDL0tvg0+xr2ScehwvmJTYQZ0A4LvQTGmQ0QSop8E3Bdjoib9O4UduuWyY49M20Z07qfK9fbUe3P7MyS0IssG5j+o2HGVtB2rGDGegUxPzqBriraNuRetc+27PYobO7JO3W\/n8cUzNrheWIWi9IB4U+pmyDcJIP58jjktd5G89dt6sAMJR3A5kbmIbJ9iNmSo5NdNog3tnD5t5HDujKlpjs5YYJJjfEpJdk07sWx3cs35o4J40ZUcj6dz2f5kyw3ZDKB\/hzEHArYpTkaJY4Gfn8PS30KdL4TNAJjWtoOfQevIKVcxh5IQLx0UwAHLDP4qnlqslqSloufJGz2Uh8"} -01434{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500710201121,"flow_src_last_pkt_time":1621500710201121,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500710201121,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01460{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500710201121,"flow_src_last_pkt_time":1621500710201121,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500710201121,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"clientservices.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":2,"flow_src_last_pkt_time":1621500710508892,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621500710508892,"pkt":"AAAAAAAAAAQAXWCjCABFAAVidIBAAH4RAys0uxSvZsLPs9AMAbsFThGvwP8AAB0ItCn86+Se4YgAAEU01ef7l0UP4woUE5dsuDr8jBLUL6glp4Hay+1PVqJ1qjZhTrhZ\/HlCWneFdokdJJCHL9aLl4EI+zRfD\/McWX32i\/GREyeHr4lMy4TiI6zbvduEowF9eNA5Tp3OZ9GCbt+VMsYazwXNCMv7NFAV34d4tKKg3LHgAaEVn2Y+UbC2G+bYh+I3BU7O10HCLFpy7dljaBLe9qgbXIUuhMGDWNAnyQ+uYXiH2Jephgdag65enzMRnzpWg6tOxGmRHM\/sp7fpGYwk8PUnJ\/bg3wGtSnXhZccRwt0adDkhfdJ32tQWidjaGerN9H2lZ7O397QtbCs9\/8om91WjQ21YVaDo4Ipv8H0+f1V\/Cc42HBGsarDGnoyUmUg1jicgM5DPMJpvLG2UQQK5tiuC\/cbEV8WUL7QwOcxB3jbJTnxR1MHJT3pp81ODQhzEb3PhIJ\/5Cs0fOuGXlljtXRHGXKKK9NsXQ0izy4kIRIbdXUZKKUe4T4svk7KGeA3O23ttudesKDm99vJFGPLYZ34JAet2qmXSBcBuHQHN4aXeGdVG7MFzyQ92k+oQwlhlcIAhjHVS07UHZXN\/vQViV2LX6DSII6bHO8BhhtxKEj+5T+AEO+gFSPXVLnsAtt9jbTLOZtW1OuAXvN2H99cPQ6kiz\/OG9Z9DeWz\/n4jYXXfnHNa1A5r8RPBukPjk+DreRRGc9TBqR\/n8DDhNakfL0Fck3RKiTr8g2Av+YbMsrLWtvcnoT0rNWL7JWLcj4+4\/jtD3F4oDSeZdh9waOz7hGXnbyoVXNWXrcFpfx77eeqj51aL+3KRVwUbkgRwo5pHgL7hEnxN9VPb3Nbay587MleldGfNDOngB7dKByzM6zduwHhffnRWrDEBE3EQQI5wNwKLOIv9dQzppwC58eZxY0Cxh0nyCfck9L+upLS\/SSPRp0lZCWPVizK57z1DXIwneHbP\/8Hgysu7PPLkyCRSECVbbbitAvbtwLTHK33sAbO3oKAAAXnwbYjqk9lZmdLeO84o92phBblzzTWEVyzJf6XwtEie79iUzv0gOZKqtupDWJnjOgWOhhSra3KOxaFoHE05l7vFbVZMWFjqvSUOIj7aT8pRtZ3A8XiI4yAenMZbx8Noig2Tv\/4iZBtEhsXIEPJ\/GdI+cZsswHBmC4MoRRX8sfAcQcLKC0NsE8iTGSOI5BQZLzHhGSKkGn8XVlyAlmI52p44RHuokDQeePWi0IqXdipLo52vUi32A9W5ZySu8wjwH0+TmQOsjtyEt1WRsQ9wLF3apv\/TUW4+usvpV159wu9QNjO39MwP7rVLYpRTpK2fHgNOq47+RoVsFZDNOEQMG6JcZfYhdRpJCFZTxbCJLGBrNE8SO9hLhrTXR0B0IZGDIZ35DJlgU3Za+yK3uSCBc3IN0p97ksRGA5FKvCPtJcsM2\/csH6\/HU1qf1f0iRNI\/TtUb6I73fJb1bLdQeKNHntzmogBwn9oPuqo+gtLSwtXae5sl70N5g4LrZ8PFnTx2lQMUWHnNA7\/NfKlV24zKPWKBQFEp1Ll+GkIQ4+2VSqwKteIza9AEA0HQRFuVoFbCOySV1C2F5DI6b3bUAcZPOS4EK5sgcvgQXK\/kw5Lml\/5HXzi6wNd7ujorlYuy1rrbgADxiFT3G3+7eEQmrzleWwgR84fGJrsGXGWRRksb0D4sgTRBJoHHnzf+UHtoZlhKZ7MrrWCe+rgmAPKYrQl5HS2h0M4Sd0TsvG35w8Nfd7uE0Cm1gQkCkKH2QZcTaB17nO+93nufc4orBsf0H"} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_src_last_pkt_time":1621500711118106,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621500711118106,"pkt":"AAAAAAAAAAQAXWCjCABFAAVidIFAAH4RAyo0uxSvZsLPs9AMAbsFTmIiwf8AAB0ItCn86+Se4YgAAEU0FvsScjgiXb43Z5OHmvEYwaOoC42xDpqJfRfqlKRpZwF5AnAxrqFV79ZpFnEvEhLmveXc5xDzsSroW6m86jG45I0fFyX3DYlFTlRWn6Sytea5JPO12EfJbfqSFvNzEqmQ4gFas2HXJ2FX2ZoFtOrT1Qp43etaUsidgduMrH94THaDB9pQcwHKupL0h5YJ21d4uDpduyjYmRI\/jSmxZ2o5487BjNxGIiLtUrbwVkNIPSfjyMP5aDNyEKH0uc0UKMUvLMNr7XpQ1A1u47hFs287N4mHIG56vvgNzeLUDt0k1MPT\/kGpWCx8pGpFNrvk1nrkx7VkZAvjp\/9BdDBzSjx\/eUYtrNhzQ0IQe0hI2dyVNc8oZJZ9LtwNkx13TL3XaejmmuaYZ5B1EgN210MMBgN2q4MKppTuAvCQdN0rYg1Eetfey1Czpq8DvYrtRob0CYoPxRNQb4hQY+mAtVm5In1K8uiwgIb9fwBZ4878UCDelVNFoIUw+l3DO2r3eQiyJ1qJ2FQD5njNdWfokooKrW7pkJaWp1Su7UEKIwCrHqPQdqZjdBG1V1fXoUW3f50uoUtNBqxzmzG\/nc6r9vmn7Hupo64j5xAOGxtoJ7+CXMmYHHWY26B1SVO8GEqfiJKdUBeSOJP+\/MJ8MxDfNBGk\/ZN++nWubo5tvAD59mguiYbs2TJn97d75ZXwCSvntISAbbWVTp8AcyBv7hFM4CenTfEcDoR0h+9UMmt410Igj8DfCq0uBJ9bfdd9vaavpedqeSBrcaCWj6Vm8lPgRR9m+idu+v42W\/Y7dhhPvUrZYy43dKrTyr1UA6FrlC0+cMVKwBuas+sYqkr29klDCbiXmBJwbwFjeK4tVoMcVU5tgERpJO29uTaQwM9TtLKYYpaiU3bEFvVtP\/Qtn3qhFg87\/I\/RWjoT+rBbR4QDQUW9VPOaC\/zE01OtUPc5D50Oe30bx8WsZ3NjQ\/Rz1culaGAqFUjPGD3UTvfe+YzvsST9oPhqowv7hv2g7D78AygZJDWj3Xy+kWEnj\/pB3Jx0\/OvXiqzf2tizghsbgz\/7TQfvenyU\/YjzQzisVkudIMBHZfHpFf1xszofNNVEViopslpwwFJvvLgUhw0aVf5anl4AFVfHf7Fbiq+ByHxdPrQzfWnqt4ebVjeIYwLQRD+Sc5q5KKw9n351IQvh3iLjQfOMlC29Lv8K\/f64xF454eAM+T3ej9aTbN2lpyk4d44ROP1Oa47QDp0riFycvY47pAgeZtogdK11E5+iMGpqTnOxn9+LXFyNRlhHrvu67ztK3yT1Q38o1K6t76Qdc2LLNxNb42ZTHdtkEvDq4+GjOdvvGXlynEQvbTtvdG6fACdyaH0xeuILHqQCt+BvoL\/9SLWq+5Q6qid0Ax80+f42fP1VeV80Df+srNlHtlx1gxx0eFSN\/ZxupB3yFoybkQHafOdB3DjIHqI2gODRQBgLO27D\/lTmmK6tKkQ951QvnyKrHxord7vZSW3Oq7RRLWR+SVjkGHmv3l\/Ze5hnE5cZJuxcuPAk2mAKwF+6k5B3F+cbJWDnxNeoh4C1jTw62drlxgT1oJkzh1x0IBq5I1mmRgifHxa24oQE8RAkrXlt\/l6PygI3tBmwEN7W9ztIBr0mGHgoMXHSI2+\/eoOzMY2+qscRsVIWNEx6WLxrztwLs9nHe+LJi\/8hqm0+hjADeZHms9rDOsWgE7WwhNZcW0TgSYYOby+hR7hjZUUjIMuY3PvHUBu9nOxFOj6gdeVPSzcIl5MJbJVDUDw2yOc8"} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":4,"flow_src_last_pkt_time":1621500712321144,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621500712321144,"pkt":"AAAAAAAAAAQAXWCjCABFAAVidIJAAH4RAyk0uxSvZsLPs9AMAbsFTtBjy\/8AAB0ItCn86+Se4YgAAEU0fCD16vIaAkl9+JpXI6MmKI\/iQBqAFS6On6Gr2A7936qjJ\/8YBN8eClWO+8XEhNDawnKlL8j\/F4sisIBQbav2ZbH2pZO+DW+urOA7wGrdRgUj6aXJhpDtpYWrLw4eXsZ3Ox12MVazg+r9HsDPjbotGjYF6ebKF0MweUf6eelQtQZA4Sr5dB6RSKKQtXJfnt\/cRp5dPmvL0YB\/UB6mazCZreM\/mxZv80fSdTUc\/jXKSjiXHRzVVO8mfcctzu11prBHPXwjGjM2GHfFQ0mQ9IZiJNrD8Dfims0xHP\/JdX0knU0iC+hSJ65+0TAlEKvD3b0Shfp\/l0aBlowbjPpwJMohhJTdBRgNB5pYBObq8LPWOXnW3OjNunhElfYXgD7hPfLqYyu+qaM9KQp2fgNCfrUlIPlEjMvJIai2hUAj3KDffi1wVp5cVR0ZSmFibesGR6T52NkSbKlWPVu8IMp2fp0MMafsL2whYwen\/pghq6Ot9jJ6Dh1QuHO+JhAZ3rx\/lVcjFic\/Kmbq4EdojwM8pjaBMZuV4Jc2RZal8PSKdsdSiVpBMm5WZwULkMA2qUASfIZ0hq5vBaEx6HKXoPbsZ8ZD8ROsDB4vWz2KOsLNHlvQ11KsZvIv9gYceNtVHwq8ZBHhw4dT1M2d8dzqgo461NLrHdS6KiFGV3wFNN+f3Oe+2OcUBgI0wDXBi2k\/AeaAaUrQTipNe74Tl98S+ibE5fk9U8PEuTneugtu7ELI8z1rgKPJ4r5HtKBf6nsH6ovMGv5H7zNudPvHzYopMV4FH4SYY0MS9gejKJw\/lmV2YWgf7Zuc8jspuqRSsCnzGS8Kw00i1Tueo2IT7lGCLnMPgdOBgleUyylbkL4RcbHtu3ElLVoifFlauKMNnav8anFi2LTTfvw7rFj24RwowkIS4s5LYvXQChMdHHRswv6k9a0NSOaI45tVuAMIFxztKNU9H5qpKA9HVnBLiwb0IQ1FL\/3kjC9r7gZdhRoL1gOBxfQHWbozcGw6laa2kpH71+KGNA\/Gj2XmUIoCbOhBEEgno2iziaJIY8hiJ9zpQNjHr+SS6fWMVUbZIc+rkM3pY+PN7XTLZ\/2fdgfD47rGS5mFhWHD3kBM9sPn8jnWd3AHZZLgYBlhRdGGZoPBeeHyfxtfVXTUW55Q\/e3eNutTM+Ady\/cRkRS83njsJ2+nDqO3tlkzSF+kRsxT35hBUvjfTUFNhjvkeuEkFq5ZhdQZCcKAPPtu8iEbXJiWFq2yxsBqy3EAGv9jyrfJCBkm0W+Mte3h\/A1OV7DtxkQ43bTCH1OdvddQy8yyULq0BWl2dkmdDjwcYEe7IoKfgyfTsDyjp+zcuLVZDNMS6oBt5GgwvGF5k6ow0F44e71\/wxSu4Wxw+hSODbh1LPpKChqdBXSnLEeCsRyRZxdP5wjTGOo7vLKOfBzyyprN\/TehyOKmz9qyvgJaoNTdbRti2N2cDac48hw6JcaoVu4OIxUTvm9x\/drt8LHRL20qe3fm0K6na+uwHudgjhPhB0PQrH8077WSGudNaBe1t8bshuQ41eDuSfd37wn+lK1En2EIdr\/RrSA8yROmwAss+SNWM2IiXQWq0YtJmCLZ\/cYNjcSkE0ctVMQG9wEJ7I4roUjYHxPw+S2d71eGVbaDKDjRBb+j8ATEsvZNilt37WPj+MjZAA1XFtaDdFLxgfN7NIvIWdxM6ZuDqBDgEeblZUVsF4JCy7KbRO3C91TVX6qX7WlCdeGIKDWS9KJaBaRIlF5Dn5VEkaAhT1TpmD4Ujjn2"} @@ -591,20 +591,20 @@ 01155{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621499130835100,"flow_src_last_pkt_time":1621499132950390,"flow_dst_last_pkt_time":1621499130835100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500712321144,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":61286,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500832402417,"flow_src_last_pkt_time":1621500832402417,"flow_dst_last_pkt_time":1621500832402417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500832402417,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":50023,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02396{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_src_last_pkt_time":1621500832402417,"flow_dst_last_pkt_time":1621500832402417,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621500832402417,"pkt":"AAAAAAAAAAEAS1QMCABFAAVihQ5AAH4R1KOokEAFTOdoXMNnAbsFTmnVw\/8AAB0I\/OwNUvQ+5iAANwD\/vPgHoWBY9NVx91aESVG1GnIYeTvUSJob\/THkhDsxHgK0tQMlP\/y+OlG6T8LyKR+iBLXMyoZE\/aVKFhxdLISFi4uHtAlWOTu3Tp\/rNeF0Ycpw9lNtrGZKHgK52aGmw1F+Vm7gts63ZzZWpjO2b2dfnUcihRfdcWSl8WQQqp9Bex37Efxn8GSZ9yV9+YweKHZuoktgPz6lo1Hx0py7NH2sEOpCsHuOmQV3pkdWkgyH5Yy8e+mDo3M8Lf4uvHc+eXJBa3EaCkPMxen5GcdhzCr3mrXeME5XHL2nTes6kErkbatKTZJBia8PejzLFSjdIh878tNRvmWaKnFQUTDgcDftx6OhWfT9aTAtihrhh80i+NJdXObI+LP5jfp6VUNFk\/iSFBb\/TLXGEWIDnGVL6jXCYr\/jF550paaG2\/05LqVb0lAO2DQezwhWmWBhSJGamJQyHgYTP2G2z579ukMU+m1MIBlp6G0fCF77SkWYSpcZa37JwyO+oGTmTTrQw4DDsfnNJ6qtURb6c1EZgljs+2MQvOyBlUgLiqJfL9Sy7+bVNh6BSZmu2SnB0XsrJz8ExvgL2JeLgA1jPTRz3PGX2IfOOJmvZ\/Iw5bWBcHVXAq+IcoiBl9hHt2AkJHGz\/byaPbJJ66HJfgB14EIB\/lUwQo1A1SSUXMKv\/TK9koxXTwle8Lkn54qEQdqJWRvVbwg0JseXWs8OMsGkFLele\/q07epiVACDd\/g1Jm+ZePpL983W2YeTK+eU7VLHC3JA09oJxkbg1B+bTVBsiq0+mlaeyZ4QsRiZnP+9H4807KaDybRKTE8tQUtEr37hHuYCyw5PxJ8FFjKWt2QiUzVAiu0MjkYwdO09pwoMaH1i59EPGPGNhR57sTKB2wVEV6JE6NQ8yLMvSBUd9dyDB21nWx2ARNrcsc1WlrbGEhGKx8y96up+FRZHCjeNJbO6GPNGdyZS+RcIKDc\/sxkx7RupbqAi+d8Bt+oXDSg0tZAmjCf8VvVg\/k80bbgPZjm5To457D0tTkTf8V6Zx8om4HCzWH0sHPFBmf27ADSR6DlozQlivcbzfZaKUML+CfQN\/AOYuLtlr\/H4lqxR8dtAwKahvwW7\/NRmgYEFXDJN3bJS9GjmGOOgKZxwI0uH7FodIm88enl9xRV0Jvgh8Kgk1aL11oukFFBgq9kowqa4t5sHXxG027eiPUY3I+LvD3YOs01STBZNgyX4zoY1udrG790mdQfHt0JsUey8gKDDV6Mrii7E31WSascM\/TXrq7IBo+QDu6smYU6IFRAByq+cHfvGh9cGLPvAzc\/PaSrCQ8lQZlhadWowHm9HfqjTWwtDDxzY1ZzEFn\/ykUcQ5T517Ga\/PzlrVjwpdzkZabhpXnKYalHNVtkvXskX+fuRlw1O9pywR139ESVKUEegskOPrIBR11Ur8xk0\/nC3Mw1zJ98R1AFW1bQwe+QwJvSpwFpYhm\/2wNkJHrE5fUKBl09Wmtfin\/0fDKjZAnq1XzsVpqje2zDaCTh7VEpkWk5S3q86sRcojMPfzDFUdFBNEIT3dLWmuLxfFG2Ho6lWkZAgHIKSSvHA84mOYVnYLexouIlL+EhwoOmEipiiUiVJXGZkSCwjtyupj0BjO2QULdNBtK\/XGoJduknKIbcYWebyEnEpxO1Cicl7fEXS9+YbM\/rMPWEr+mcAUdeFx32z2bF0zY4DxjEv26u3i5TRnvLzaQCmin\/duWBzxsVC3pO\/wjp9iIlGSS+Qcatkp0jS9\/HNB9\/ya8my0blefl49VH7\/"} -01406{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500832402417,"flow_src_last_pkt_time":1621500832402417,"flow_dst_last_pkt_time":1621500832402417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500832402417,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":50023,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01432{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500832402417,"flow_src_last_pkt_time":1621500832402417,"flow_dst_last_pkt_time":1621500832402417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500832402417,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":50023,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01160{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621500710201121,"flow_src_last_pkt_time":1621500712321144,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621500832402417,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501125036291,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501125036291,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501125036291,"pkt":"AAAAAAAAAAEAS1QMCABFAAViGchAAH4RgMKokEAFQSEzSv9QAbsFTrOQxv8AAB0IBDctHg05eGMANwA63caAA9thM8CnmtvPCsUhrbHTSUm+PmUcMNSKbWxGe5n0KlMPA\/Ab1TeVXrcKT\/s6bNMGiVVE\/Y\/69wmX+dmpzOGyJXfQtZPXNvgdAety5H0aaOEE7kffH7GYopi+TnU7X81j2zr5T1AcyXW4xwfPQqNjCkl7q4Y3aeDwCNcBIXJjS0cRABpWd4CFVxJeR67TsCsSv5FbpkqXMrDYhjzjrve\/sy87Yz7Z9ci1SSWv37yRACmKZulUZgb2lUkKSfenjONGW3S2wzKcrlj+TJQRg8\/bM9SNvt\/mCcgtVbTKLWbc+6PK5acKkQo3AdoGk5LEPb3l\/lQbLDG7JPRHJbZN8WUgPhRMqvGmH9CVBsbUQhTCVDm79glJnIm864PHxQ+t0sJHyebmg6XpGa2XYkUH2udqnf5+TTklcbBY\/R+qQP9YENJHrWSqS3ukUykQ0LjwlbuFhVHFAQ\/dxjDnWRSWKbRXG1NBvSlBffj33m41y\/BGqblG4oqUMrPzg1AdNzGWkFx3dfG4qE6jX4vypIKbmC7ww11\/bnqazyGvXVb\/qGv65\/bNEhR2F5JiCl4VlKXNgd2pkEqH425n6llnIOarnIlAFSHuFowuohSpsD5QcFX5UcWdhvyCoeuvwf5QxCPPKwuVKkeBE9JZdqIAdgwk6k2JahHoe9xE0fV1WdUs9GEH0pmQ8XxwJfQNNe9pfm7SAvyvW6AGvman3pEUJ3JJN3sVwyOiSI46dmLN\/gLYOaXzUMscfs3uNK42vabWH2f0fHSfBVduUsdDgwj2A9X9vZeZHeEU0AOwu1JroY\/X9M5vYPFxgUn4ui0etmumSVF1NfkFMIHTL2APYRacjCGMcVMTtDDglynqnLKHYUUQtNWqewrNtG9PHzcXuPhHzdOY0tg9FgaoraKpz6q5UqcKBzr2JjkXTep9JNqk5XEbwydGTgI5uoUzDCEAd9SVY58G6YNgOXJM72nV8QMCKvZ3XaSIH5w8qvkn4y+DE1msPs+0jjDIyDXNocrSDJ1AHCTzzWkP+w6H60iAOu9cn+Mnv8SiYPPciI\/PJWXhwM3wLkeNtUoiSczzgq7\/Z0NlAzOcUuSPUr404jqpSbsJLrUCNh2Hh0dkAD64yuGEGkYaLp8R5cHVIH1ItyvLeUglmfKQ9Uy1in+NSc9s9rgslR0ZYvwGV43IdrN1a8sbpRZRn\/6y6xJSP6VRA3qbgEM1014Xzxzg1C1k2pXKaZ3dRIS7DAmfP9AU\/jP7\/XH1KfbRfliwERe1f0hLOCnRYQayZGEdVA7U4EwP4GWIPM1mQJfc4x1wWHWPhcFpf7\/3kzOtmlx8FRonLLppe8qkuqfrTbLOUjx4ZI4BETBbxLbvlIKHEhoiCBd+yDUZCFKScdNpwrxVWVSz0cwfPkFvXivV0Btog7bQP8r0ps03inXLu3iY42JhuwOQtgnq9gOUYo5mWHDsf\/dFNji6zcIuareN16h5QMAId9cs9d8XeEtgmsP3EkHv62qC0lObg7DYq50UhiG+dr7cGC8xrqlQYyQ2eUFldqUAvW5Yq3oPDufxJfRMe4FoawMPGgol1Fx4lcF3O9ljlCrqKWUD5XziIcnMUjDT5ommu1A4ChUADEhFdaXkO3z0ajdsvt+2FU+8jk8sCeHs0aoS8LD9tqGOK\/tBhpgsLDtXqVg4vWFfDpOmZ6anyereIg5y9YTigYUAnRYoUArd1znOjveswaiQB3BfOR1AQE\/Wu+8zomZDAHW7r3Or47VOVnEd3KueolaHuDAxCBxZQsZy"} -01432{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501125036291,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501125036291,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01458{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501125036291,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501125036291,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01144{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621500832402417,"flow_src_last_pkt_time":1621500832402417,"flow_dst_last_pkt_time":1621500832402417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501125036291,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":50023,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01158{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621500710201121,"flow_src_last_pkt_time":1621500712321144,"flow_dst_last_pkt_time":1621500710201121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501125036291,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00831{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501260783099,"flow_src_last_pkt_time":1621501260783099,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501260783099,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02382{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_src_last_pkt_time":1621501260783099,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501260783099,"pkt":"AAAAAAAAAAQAcbmbCABFAAViVLhAAH4RRAufdbB8z3k\/XPqGAbsFTtJqyv8AAB0IqwzBH+7SJ6oAAEU0OmGuRD6o6zt6nf9tmhZ4egDU3ziCGGMLigzQd\/qcgJuXuFXJaHBdLU0MBpsdPKMeIvS9Od3J6aS7A4aqWHEzIUcAYpLZNGiwuH3wRo\/ZCRSY8hB6LE3YzLe42CdSzc5lCzItOsVUkYEC0ElANHXZEVA1CYAydF9uHTTyCq2uXRt3pMNkc6SD2TRzdAjxNMy4aC+pKc8u60PxO0LJCtV5c4GHi\/apOFYyznJrd5zwDibl6ADYf0eOlYG7Dmb+62KXGzs+UZINoqFEItj8sokCUApXkVgH3JMM1tQ7\/i+CPMar5u5VhzM0xoMe4DQC0z+Yuf3p0TEn1Yqj0xXSzHscv\/FAGmONfCIQGf4DqCpAxJhcdINRN9hpMwFEfhYgZXMbdUkpqQbEUlH6Jh8L0xXSG8BNDbJ+HqsCUU8yfHEs9031W1jXujoXsokpBHj6NRhfYT40cfJ0owXrRfPAsakJrEfIbY678aDECo1jdyeAUnmWY+XbG8o1nY\/4ODgRYgmuoc3IOboNUvx8dTlRVrTI1abSpt63k1mZBwz2PcIo80+jYFQUD8COKs9GGRBzV5HYfMiKnpB8E0fvddrtWuczrHTEHaj+A8EU23AUAoyRQeuZRJ2ND3muZ5PofS2Dkb\/RLqYEnLx53b3gsbjBEhQD9jTXMS\/CkNOxA2dXLmL1VCbZDM001ClSjf0VqrWyNkHZ020vH5Z87sRnfqRjhEFyC6btyFOJe50iTVCZPNiJgpQQjGKjO4rNKkdOhqVKJYV3tZ30pOlvkz82jkWMMrXlfnLtb9s5pzTLv9t0tUOoQ4QgbRKhgDzve\/xApJG8bUCntJD7lpCAx9F9HoZMq40CxcFnF2sEh63lTmmld2YtjKFNOpA3UantQuZCNL\/CmftmHYYLrD7QkKm4TvXgbIR8RxVZ+EtiDOPLtHOx6d9B7dMcTY3Mfmi0JILNHIfrPCWog+RxVMh6d8lhNxI62zpKHPU0Tg6vqeO8SzyLB\/n8diVDpb66xI152GpmYVi2GA2rWPfxVjszVl5jtF3gWEj8sOvNX3xomkTvDqEIOlWFIFjdzSMYAaE\/94dpPwrnlUXOlwVZbLyG8zBkrVJIJEL0VFlCRP3cPWR9GCwyqZp3TvaFXw65QoKcuAiLNfsKEEBT7thsxAP5ShRNnKnAVngImJT7\/QyRjMLgNdZQiVPKJgKxlHmR4CKW3EdPdCekSxLH3DqHQePQJoWyWmK2uMuElqVzImkMVeqUtVe1Z7XAmQ74ZmJX77RfTpYOUgTJWLw8yAw1CjfU5hA0NqXKDuF\/siEDZ0glp7FNdcWvBjbo\/ABe7QhVen4FOuDzJ7O3om6ZklR7mLYelWmYJHFfypdJF0Xj+hmRP2HWSSx4\/j6XqYC2eVviMKbyBDVQQPI0EM6QnNDTPPWP8a+XfmtmdlLc9QgUY0RmRpsrtKa+1IyPqG93eGTD+ZSsMgyIEQWA5Fm5wsK4NEmZ+pC9UWL57aEkWkIPEN4XlJ\/9JPPb3uZ2vDE\/Va0Bb1Y7vNFgBYQGZaZLzo9Gdz7yiHwLVKre1BC0kz+KfDM03+0yKx5CFVmJ\/kBO0+wIW17IRrXQXE0U0ProK9hPHRKvARb03bAuREr6TJR10+JsF1ImGW+lnDDK1\/FtTCgnzrxyWlFZM3Cg6kZN\/6ZrM2A49rBarb0aVirmITUvU59YafXCiT9ymjQXREvUsDHNYJ68Utiz2AdjCI7phJ86HXYCIFDLKUZ7rKmhC6fjynuAGp9kfCbPkPfnqyMDrXIJ"} -01412{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501260783099,"flow_src_last_pkt_time":1621501260783099,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501260783099,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01438{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501260783099,"flow_src_last_pkt_time":1621501260783099,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501260783099,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":2,"flow_src_last_pkt_time":1621501261082896,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501261082896,"pkt":"AAAAAAAAAAQAcbmbCABFAAViVMVAAH4RQ\/6fdbB8z3k\/XPqGAbsFTnp7xf8AAB0IqwzBH+7SJ6oAAEU0QCGjYmqsUMXHqnSGAa+SGBqQKewpsFPBcHbIO1VQVQmdi3mM6XPwhlgoWrccirvAt2h4VgoFMSMBKUnjc\/s7c31zMKNVAjGwqSS9UcMQe+beIWng48oRC5FQxFxp76d9NvJFZQrnobOu9\/OI9vLd\/kjxzUXkKaoMqPw3HA3NrHDmVaI1U1G916dAe3tpfhldRg8TG66kkZbvUPojfmBk6b2Z19o0wD3eL3ArF1ggKa7dtmOX3vPsGSHppdsAwy05mrGdBMogG2GNPoz1f6Mrx1CryOOeu7sX8P0doH1Sq0iFILD1hylRmMMZ5Opz0H2bi9KA7w\/Ag2fPK0T9oDIw0fFaoOFIf0DJ+lEFoJl+bUaUeYjpiNWRiJKG6uA\/8tslFXAk5id\/lQWKSBH2JicuyYgt3WXJe70ZAzp2iJ\/c\/DtJGyES\/AMV8JsInY9TNZ4RXPUu+I\/eX7SJpitBsTdhCEwJGiE0dT1TYgPIAD7IuBR125WX32fSO6pJg\/SC52+hata3geWR8gYaq0AXNqoDGePDOkIXu0L29JvXGLb3VjgkzsU7GDWMMiBS57s7K1nDWVaICtgb8tHvX+qm2yAEqxNTZylYIiRmNXEmMd4aEPfVCDRnoLnzwSUCqP2hNYKZWNP\/L4ttvwS03mes81iB3GFItzHUXUjDko+av7CA0J3KO8YO\/MegXhauhWaOMhTq9siY897rXz2nMEjgxielkq2WyMK6PT7GQGMUlCvVs2Lh0wr5fTdVSGH3n8y5kmB+Cpz3AWzqb0PCrL7nfp1ZQdKXBaV+\/8ls7T8As7zUGDLh1cEJLF5+OvQcPuWBETyYL6v6P0nP5uBkBK24BlVWM\/6sea6ivZVTU1ytJuTc4EW8eV7cOfQv3Z0ZvtO\/E+dtnWbRbm1+xnHQSTJejv0j+x\/5AGS7d9EBuJMkNcE8AQ4pldxgHz7Ptlg1BHWeyw3V53MEbQaaKLxV0WAfr2iBsH3t5M6hAvRICNnnoroLK7ICwfeGHvOCdHXa+iqtGu6TGnIJmUNgGQqP1S8MgI4WSJKg4gkxYOG8Yq8I6m3HzLsup78oZ6bqytrclhVLejrz8Tk1wQFWeJGz1cSVmJ7dlJY4MD8VT3IFiybLNnMNNe7YmlJus\/1uc9POON3uOlN0OXN57myRfkJk6aARYP\/VFYz2zQVzhOYWEpCg54BznwVNZxFF0LMNmGI2PVN06DbNXX9IxLaS+ptZnDWUEZKgww7Rh55OBQLkyONb3AXu68OQa9KfW6wKnH\/vmE8HYT6n+SXcK7GycIHau5AFjik2iCmv0VvdznzcaYCCq0Mfet4dNtH\/YoT\/I\/YrfjkCWn9TD2GpQpUNvMSERx6JmQCcnn6FUkuIqIOwQZ7TJ4fAgdop2a8RuxfgczRZ1qfymdRGBK2o+W0zafNFhHNk2SYmyvsZ1V8VBf\/oEixGqVnlZ\/Jq+d3sW39fHCM7TJKwcTtcBclxaa8fGLAAlW9lwT0AQAwjaArlz\/6Lw8tnHTm015jYFYAA5vZt1SyvuCzOL1voALV\/+nsbl3\/ONSPNJsDGJadYCDcjqbyAwc3rD2eTlnRMOCdPOfDkt6aPuNtwIQdnKz2fd4z8axtKYuzjc5dW0Vg4zcREoGQwXF3Mlfi7nUkcrBa7blnobGRnU3R82Mb1vEB9HojGcsN+QDpwTPjHZhspz1V5NyHgQ7hab2FBtan1NhmTF8w7rDqqAwRtjT1cqxDw9C9TkgJvOeDw\/J5ejOyPpxUe1E98wc8RMhxL8HbUxhU6"} 00831{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501261282132,"flow_src_last_pkt_time":1621501261282132,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501261282132,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_src_last_pkt_time":1621501261282132,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501261282132,"pkt":"AAAAAAAAAAQA2OESCABFAAVibSVAAH4R2uk0uxSvypibefAsAbsFTt60w\/8AAB0IZEtuMTNmxFAAAEU0LH9lIIuMdZ7Kq5MCzCZAEE+168Yufakbt9pK0ksbFQo5gOkiaZtZmGL7ajorb6dlvPftlMSSvVuPm3GtlmjJiRJfcfSv6WCOpmfO2v6Vi8Gqe2z+CCwK+2m\/JLswIRcEtxYUQTR+mGEhGLqGsRBSch\/o0S7SruCC1QzCSC8G53\/qUYvkz+bnlIyDwadCcS+Bc5KcjL4tNroERGF7KikT1T9sF4XsS6GZZ5vImGfO3EkmUp8XE7jlVo8hS1am9\/dWmCCc\/5UVFDsBeuTG7wkgrb8swjB0805Wj9GAKKohjHey69GAIKPU3++2Imdagnr4acCwOFCrohzIIheL6xgOuccLlkxDVLjv32FfUde9yJXpLDBHMt76\/rduX6hlX68l11YNKGEr\/zkJxTj9ypa0blphHmap9\/VBxt4j+qGvE8cstJqh+0IpvOAVwU9lYmLuMLrq1nyWotlAq9mRnhXu+BQIbhgiYOfa+NaU9CqMuW+zTjv\/orQq5ERGPyXLWWaqpnLvACGfb9O5GE65tq9zbrPCgxRqZkEBql7CjsnZhZlmCr3gHvgCBq68gfxQu+39WkMzkvkbP8IALmggIQ7VQf8BFdayRba+Un3cP7f07rfoszy+m8D\/z0DW0SQgPeYsF\/KmQko4DJ59g8KzGl0re9gjZRv5RqIECyhlYHWJ7GyL1p6bli3WeNOhxQJ2LLSs7R5C1m3Adc0j0XFC1pB+sAW\/WEd5oLl9Hwjd6M0MklHMK0LYJJtSeHujnXWGQ8zBsv7diOFCmysv3C+aiX6B0P9ogHiAroIepHRii2maNhtRux1yyqTbuXMBGnRPqFAWbVaJQnNR1GwNd+qPfEmyFuIfG3xnj0aeWVINv8LvYzmYdOSTc7SL9gqYuvzHxRf1+Upzh4eF5QSLoWFnXPXL3449L3q0i+u80g9dZ3zpdrqQOpENcencZZGYbAgeK541RYNNro8eF8HwnYPBOIy\/Zl55vIK\/DEhSHnDpLGsakuI5sKTjtOeDx8DcJWgQ1BpawPb8oHOX7RqPhuxoKHRxFskxCDjHJh3ZT2U7YKpwgythqKBDauWw6V0hLNf6LNYtE9ypEHgKJ6trOXxgEDjS1iVFjdsX8YQ6+uIw\/VczFtSfg\/SPICVvTLXIAkfbMpSXSpbuwtaktICU2t9lJxcQPW3\/l2RVQlQ6A9orYmKqPcVckVDM+iHEIyMf9H4+vCZVgRIIICMwjlkLV5tcwaX0n7fRUHrmKaF8bEP9rGW60wBvfzerDhS2zUGBYaNPcvoOZQT2ZC\/EK4cXTZIBKvBIyWC72OiMtkS12h5aaPAtwZ6n2dXPCOk3d5CPWaaLjKOIMoQxRhJPD+tcF5lq+ivLDIhTHUNk3nCiT2ptn8sF5bPoqGsz0vo61bRIdmWMMojjGxrRSN7\/n7VJ7xjrskWBNwwKUBcjdFlM0H0heCJNg1grIB9Hn\/3GIWzCFZQ4MK0h3E8LnbseAq9C+ciIX45aTl8kFGqoSHjTiIRX1LhP\/Ej8fNDVJL8xCvYIK5uvMb5wfu4aPiMKEV+qyT2Ru5KgH3hlAbiLVCIDHX3NwF+qehB6sfUut4lougpqanWJ25xwUyKgjA21oplysL84+Pde6u0fQ1tsE4nXneYYoZdfcbHNS2+TcLpNnevmrlv8oGUF+IHSvQ2pys4po2Ft+zwvHiZVRUCkyaXat54kiLBaAYSl8PWx5iWyAEXxmiBRpM1GFaKzxBpGVsS6lfPmZGj\/E0GSH9ahQaWLKvJL1xv+z\/y5zk8w"} -01412{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501261282132,"flow_src_last_pkt_time":1621501261282132,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501261282132,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01438{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501261282132,"flow_src_last_pkt_time":1621501261282132,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501261282132,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":2,"flow_src_last_pkt_time":1621501261581889,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501261581889,"pkt":"AAAAAAAAAAQA2OESCABFAAVibS5AAH4R2uA0uxSvypibefAsAbsFTsIcwP8AAB0IZEtuMTNmxFAAAEU0JZ1KfLVI+JBmlx1gc1nZ06mlDQJxsWyoA2bzQbVVMhPumzwO3ZAR98o8ZPo9xLCUDTzGpsR1VmkqScVjzEZA\/RjIqIioWENrjUeZOvFpfzQMTLEtfK1H5gSkSzr1d9deTBzCPCECHyoWo01URci3jW51V0HbjDnEJD1I8iSzapavqXvkm7q\/CkPAOKz+EFk9ddN9tvBAUK+D6ra\/NoAZo9xXayAuRyx3iyJFB5EvlFUz1Sj7dTVlS5+TdfHDF6BCtxu\/3b6UGPME6BE0mv1zrD1kdQyNtPuDIptySY43Kas3SgvX\/I4v3DNRjU9o8CMW8YMBriuPdWaursmVudUTJYnB0q37mK+lxWkIltSWsQNuLr5cp6c4Vru0wwO0Ame+VygNGHbkKKCLw\/51hBpKkkTptkPAlMSaQQtKQI0OPuk7ItN4VrB+m9Vkwuz17+rymkBrFyMhsKcJIjj3luZReWaMMeNdN7r\/9xHAgrWKyyA3NzqfpYemGPDltByS1phr383eIdP8f5Ze0Ac0+tdcIJ2dWvbXqHhn3dZjhSk0HZZGEHnio7bqsyCfy\/wl3pykgp8G87hcfpY4upvLLmQRm6zklE2ZcD8mFhu4pD4VtgI4q1NkSPN4ENjVSltM1\/G\/SJCaisjk7\/TaytPYDocBazw8BpeLBGuMrWBrDpERso7obnHeO8wf+Lzqup7YnGDMt9vWazQbf5KRZY344vRrcxm8Cgm6xrf7EN0vEZrGdmbVtBvFwjU01hxeAVD8m7tC88nDxYD\/Vcms+kgEHQFUG5VPiMI1EaEjp4uM84vZhZhC6CDRHypPGw9HGqiPK3b\/Pd6yKRggtZr\/oWcBajQm0w+tBJKdOv7x6ZSHD5PhdRlgANNg\/jeNfdV0X5QnhkLi02ZeZq8yEDPFn9a3Lnz57TXoXYYfH6skWRGwGSQ2xHufw0DtBDB91pQTHPRFqigTQMOkcbUHvQ9FLSynEnElkdYIwyDeYl1wlkOI3z6haMDXB1V3RpZHuXa5GdOGVPCXKGY8TvCCd23w7RNdvgI0SAkP50qXRP4Kk2X1AVVlqpYf8FwiZi9W0HEiDmKaHfCa6sFt1\/rgrqUUw5ELhzKrL6pJ+lTg3H5NM0cd0C4hTHBtzSm3C5D7f92zskegG0WyFRw1Ba8N8vzkk3+Qhp\/je68IXQzCUe2u\/EtUX6CQYfCYIoWtYM8z5STiqZadSz8Hcj8gkMjUYbOqoFONvZacfYEHB0SARvuLReB4iTtWuIXgjYJcb5Qkm+SBb46jf\/04rZRrUrWfuW4MRTyzVXxCithuxVhs4F8PHfdPTq\/LCBBTHWDTyCQfTKVPq8P8t30ZnQWxsuPjLcSqLk2yTFwMtN32Tpl6KkT++kfElEUN8g20QBH4D3nsWOQyXh1qp6BLTCOt0IKBckhyNskXvMkS9f6xJSD6uYDR8gpfSiiduxVMENXsD+aZg0sKhc1tnhY564nzvmzaK5pK\/mG4HpcEZaoQlPnN9CVVFsxc\/AdJrQTcfRaJiP8\/\/Yg3DwS0RE3P4jvs8+29fssz2Vycvc4CcLnL6CYBjQV+ee549uL3GVp1M5HV3WkcafyAbynhL22G3n+0pOA92LLDWaPxdPw5GuPkVaJx0v0qoyE9b4AZ\/f7JyiBWPsZeIMB4ss18qfbar1+hhPvrhcG72WrRn1MOHBG\/UEQi0IsO4yKvwqiblXD9HjT\/0dhqt\/RFTAwug67Fa0M1R4Gf6vwbZT92OzvcYVJR3zAK+LRbdOlVy90zr3DQGbvb"} 02388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_packet_id":3,"flow_src_last_pkt_time":1621501261682885,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501261682885,"pkt":"AAAAAAAAAAQAcbmbCABFAAViVOJAAH4RQ+GfdbB8z3k\/XPqGAbsFTv9fx\/8AAB0IqwzBH+7SJ6oAAEU0U9sthnA8M57fkNsMeJ2EE1SHED6gJhbQN4BfQJOO1PjffFq3gtFk4IyP8Wth3mraFF35AS\/mCSP5GPdO\/bY3uB7Y7VeiLUEY9IS2dFIrYZfbf9ZQsemW2z0+VCxvN2Db9C7578kBNAZHcZiUcQFU7QlwuGC4nwNjsiuK0SteLVHFM0d8O27xz2JpZUPDhtvrtHPERZTudFi1Sej11OjXXeMujoumIvT2OYdCj+X0NfUPlwu9sFCLpzinhlfbOthWMWB8q\/9N\/OyqjEr4qbDQGFnM\/Hr8eJUBkqVZluSAYj1Ywh29XdTMOcq5AUfmyV1X0sTrgeDtnbqi3godsTwx1QbwhKBj2dWTyYyHTDajH+2UBid1GebdhLGSjjnKxxAaaw6EFgQmpu7koEqoPObHp5kFU7wjAY8mggUyFBVjUIfNBYhWssGwyT5Z\/r5OGZuX1rx6tRJJm6gIeL60FE9LVHmgWUsYaHuVYpkqJgZrs8PzckQh0niaraVIhLPsP0c2zyZ8p6k39xAgrRwfx\/Zh9nPNn3qSfxXEzLRxlRYWUsplPXqYbIcReCdkDC\/N5gL1eP\/jiLz6QU52SRtg8taUEPRtc88DYo2jurpisQQ15KiRpuliwmtrhW0HqBvzdAZZarXSjJIjkWxLUUFMahlxZEceLNdSqe7MdK1UkaKw83287xEiaSEO7eTUM+\/wBRhGZf\/1DB70GE\/ULxXMbdJn9jltiavDAQNSyczf2+nbYlnG1N6O1TcuG42rxaHRd6KknCvWSCrAhQM\/VqLCDk0bY2mxWybhrjoGc0JuiCMFsYr+5pV5QRoX4Lq+e9gqBFnp3Uaem1xfnlWZMvZVrfurPDH1T3I4Dx8IroHaQ2Bo5DvKOdsiFkfzx2DBIq6SjpXaCsVzWBgmVAE9DRo2pY+eROHEOdfo8\/FBuCZXhbIlRq1heZJwhsmlY+7e2qNgtpC5DaW7zKw1HKVB0RPYT7VRcRTNl2g+fmbYvt3YQzNlorcN9OrbGF4EZ32C93f4\/HUQOVFV2yInR8hfRvuHsywq5N9zdnMDFx4UtoGC5\/JPOmqIglqIM9o0AUrBq4GdLXhfYvcFRKKHwZ7TRsYLwmoMgHWy8jwfHZhK1htPPyCu\/l8XN40QZGFptNt7D40U7OSwWUN1+psHOjRZWv6ST7CMmleHqyEPl1KLs2mifOpHcy+gSFbFBD6LLuLlmcGxRtETjrnZ7+bSuE+Zt8ruZaaGcSfNYzrqd1zOq56HYPd6nlE\/mmgkW8AFD4HgObgvdcHAI+BQl2HO3lTApnJPdlU4\/6LGlTjc\/Xy6ZatrCgtI9vY0+cPbiLZUSCI0nkM8mmbA2A5MknAZe\/w1hAi0GLW9UoOUSrCzacIaeo9N2SakmRlQF7OxrccNFQQ\/UxrBENXiSn8dd3pbynfOPUKA8bLUE0Fha7t882zmf3D2IV8UDrWHqT2rFiv6k3POzwJo9CVhSImVzpyIro243Q09zk2kOJxu0gB1BHDvYJrVOYEpZLmGM4H5HwzOJAsaUidoe7\/oRQyD8W5INMmeQBEWvyryJW11xgcq+r4ORSm2VIuTghtDpCYCC2hC9f+Dlxwu8h6CMW3kWH65itA1vwPXB6v+afYS01KWtxgI6eW\/NRjdMoX0SXGogIM7OSPQVVfkk4D2+dJAm44\/U0Vl4ZMoY08TeAfdXHgiERB0dXg4yr7L237fx9MyFJtNMScYo+op6Jjwo90fx4MlC9rlwatwxaF9nbgK0o\/x2ee6fFva6TLmGaGSkDA5"} 02391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_packet_id":3,"flow_src_last_pkt_time":1621501262182401,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501262182401,"pkt":"AAAAAAAAAAQA2OESCABFAAVibTZAAH4R2tg0uxSvypibefAsAbsFThjAy\/8AAB0IZEtuMTNmxFAAAEU0P4kZL2JzcQJCkWJO7BYAvn7jOS\/oPDLLELaAGZjPfdWe+CTrIzdiC9WRX3rH+cQNjCKbZa53WspbrWQ3y9Iddgk3mFf\/\/P8OYcu5S5eZdMR9fbh3X6m7e1P0w349oYB4hiM9IJyVYjIofcoBFkKxh\/5ebxmzh+XjVHAni37hnczZyCzMbpvTaS5Mo2\/ZngECyPdTH4R55wpjirrbqawWK5BXgasVyeycq3PgcjRIEDZMmdGuCfn6Or6mlQ5Oi0gPVZivFAfQTbBQpALI5TF4c0OEuWkV5PvIlcn\/R7+MoVcxfy0r0Gxfy5DTUZSVKcVUqd7yhkU9aooVQ64ePPS85n0Ao6nJaHk4CEcKYTxXKFGTV\/JRmN1fStNbk6PuLzUzSKy7W3AsorHxQi\/LmRhIln15AQZY9aFzjxmdp89pwdjIhQaDCc86JMYVdSIXjTQq8957N1jOVphrIDogsXbfM+ETcmeLbNKqN4fwVd+mT\/89Wjg3KjoISCw7cizx3pwneM1IZWZxw32ejl27XFc+DeXbCTyms0wwx5d4mug4d1+BMTCaWAoTeBSMDXB0j0tkDNHX2xtWAXf8\/UuzEfOvYCbb04iQFTA+2Hyu4GRbvJwOTWHAb6Y\/V0BD9+rx2H6RD7LGvrHh+f8uY0EPosNsFiCs+3i7J7uh6lA7HBXpprFebhJ4nBFU5ogCjUR6v4cQw9N50B8pFKaCLLkzxxoYWvp6aFiNZxcUELv9ZUwZSWCw5u9TxfZdk+lnaGdGEYWUKBNrO4TMaapbDNq4j7Vu95JXokG49C08JF5JMM4\/z45it8ndhYZEyZbzHD2yExEQ\/VN\/mKUwF8ibUn2C67S\/5tn76v1S1e7HnOhXa9tt7ko7BC5wl0mN\/vl7Boa7BeFOH9ChJqMRyakFr8qtdw7Yu8g3vIiwJEWJpLTwekZqiekCkjohBvin+U4rI8Z4iedGc5HpW5HGFoexz0CrVl5wTxzNhI8j0IRw+jVswS8qYTpoGTz3OrlpPStmJil9HnykMux+BL5xXOZ617kkr3QdqqRshG\/RQrR8s6QAYGI71oEFLMM4TOShFAvx7OQRDnnJcVkbGzqXs2GA+ynEHK77vOrqNEjJpn4aKnbZnLLPOZDQS24eO\/QA+vv4uiLfH2hoxa65Oz8gK+JnY4IVu3sZb9w57SJTYpFHSRkiWRXzCJ\/sWWaohJYMR8PWJxuCKDHkDpOYFa4Gqs5Z2wJN\/RR3okXqWJS7yxFbWwGA\/Ux6HYdQ3Ct6YGwLA0DbmZnkDdT8uknz2+RUM8H5unZqgX4DQ6X6XF3z+e9cZs+qvkrBFmI7iTg\/AWeOO4DzvapIASiBIUwtJXKqd88VrnmgGNuzFGO317nsPM\/31UoR27Yt3dsU0KGRIpm65J\/+Rpqv+FCFt3c\/28P38sc1iZpuj4G1ByY3uO9KITABAM93OOoXZVsw4nYNriGxowgXJm4ZpYPg6mQ2LTkJ1L1uH0ng6enuR+XlH1t3Mdwkm8\/\/s+srKemwScHPxez2jonymTIlyHWEj43rE3SOOstfJJIdIbioCt5eaO4rJ\/ZtzFVP3GREeo2yr+vwPjDBvXv+9IKyIRXu1pKvuEupgzLBzLb+08gepp2KupXz5AcDO7p5JSUs7lVhZLWrwC\/4LgHlJK00\/IeVej+hl6DABvNdRucAzmPdswdQTBDGuRv2XQeZ5xK3vAhBPzvMWU8ulKLrK4WenJ6YSemx045mCE+N3D0BzGu5PxpiypXC1Fu+3yqrqa1cp13uQg0a"} @@ -613,58 +613,58 @@ 01160{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501125036291,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501263382659,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 00832{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501305362623,"flow_src_last_pkt_time":1621501305362623,"flow_dst_last_pkt_time":1621501305362623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501305362623,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02387{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_src_last_pkt_time":1621501305362623,"flow_dst_last_pkt_time":1621501305362623,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621501305362623,"pkt":"AAAAAAAAAAQAtexhCABFAAViLHdAAH4R7mqfdbB8EM176sqQAbsFTpTBx\/8AAB0Ivw8tm2Ku7RQAAEU0Z52IbyPObDKu7BbGHFwXmr\/rz3QfyBRTJB3p2RnE9UysoDSL0A3iYi2pNKedwkl5mpvF\/Vk60tFlBZiFzkrxIN49ZjHA7MZQYh4BUIyAfPPuF03+ZMM0Su3qn9AiiUpsB+dNsu+962VPg19tLI\/VV6H3PHsG4PuMw4cn9i3LGYoZQn6aHv1YbAMYupJTDvNFcb2s6pFl8eB\/z0QA6+\/NcaLseMUOgNf8TfMmV5DJVFMWinQmIIE8GPttZVUixDh1PXr9\/XOfl5MsudOHGbS\/BoKDVUuxmXWMLXGEKU9H0vMlsYLhLUm0c3MDnKGeVSrkeYvPjroMfaat1Tiu2LmC1yjTT8Uvh3DZ3BJLLDzubsslmJNrUgLURH5a1TFkvH9Q96Xa\/CgdBXGH7ShdRTQlh7Spx9l0kHtYDDWtdmymj3cp0EdEjn\/au5ybI8UfXEQ40NFe\/bpqHpIm9OIaPawLRKnKVCmPwkTkJQmFtLRT8FIc+hxG8+42VlkD9SVwOketnoEDo67L6UjWGJq8Y0bKa6DKJrJHKlb1cBaN\/n0tnPhMblSJyBYOeYoXsn+gmj9b+VHHpisogUCwUgPQms6WZ1Tn+icYaQ+CSAy4kHR6jZ30M6ApyQmmHvzN14vvzh+CT59we\/MSd6bYyHCxqlNxNi9gnxXYBhI44N0AGk0Qqhje+CC0oYc8WWkUM1686AJps19dxQQb1m18EQJq7trGNUuhfyUdSuAwL\/l0h22i0uupo2DPl3o0+7Bt3qwlrzpKyCufm4ZmMAPpvK65nzp6cFH+pmlOQ7s2YRoxtUhnAtjgxag2R4\/nlewGsR9ygeGjxTA5LiirItmkj97AzgWwoIUP9ldEWuIUcvVhLe\/QB8zLa7AJgeB1R4vJAZowIkhS0+EMWrzuyLxX+IfaYE0iHLqkcbQA3BNqXFj4h621k+KIOiP4lvVResrE\/c+w\/Oj5tA1lx4837jiHi0YZT52YvwcFEmqMCZU8XqMRUIGXvjZqo9v4Gwo714AlFrATSjPNB0rwwMyUukaq\/3e3DvrcgQ9NGlBVWFxhz1tqnsLP7Kr\/srqsLf5Bw4wZJQF6sEZW4nlUnupPVa0tpr\/+wGxQCug6xHyGNDxwnWnyjCwM4oE2hnNUNVujvf72\/dvTfU08lPagglVjnYIuPVm74QZYTZRFryAhxJK17r+BPfOlYKd+vVYMtivnHXjiFQVByr8k1Rcm2cpPeLXL3f+bAsmGkc4EG6HjppgudyHK+UV5oHN+m4I6LZs94OtdQcI6RUnBhsNPqFTdenognWR3FDybsz6sXPvUHez6OFefzWFvFSrz6XT7otFR8cdYGpKRwwSfHP\/PrekwOkrlmZijlypd6KXVAl4pAFkRLTGqSWHEA1LRLEvTNukH3xy5z66DEUDlFW01SciuFipPqn91VwpPL0iC6UpfNOoxnK1nHPehbzvx3A9Po2F3NnKEzfedfgajLA5\/LmaIHRmUo6B\/KmNXMWBfwWwfMwOtQ+o42gw8mnZvG2Qqex771hctyXZMqH2SJLXmmk6AtETcwF8B6jbJ768elE90Bhjm6anLtIwTYQnbLc4EH5TtLu5+uZ3DUfoYbPMOgeH4lIEDjI0kYQ+7lnl1zdIWgKe+MmglR86en4u4M1jb\/5BPspqYSJQDFVzNKI+9EnvCEh1nm4ZLP5q4L5n4Y\/OfoQNHRw1mNsvzMmZ1LR0N0nXyXURG6oysqTj3iTmd8NZXAVgqVBMCFaGWht6XT+2k4r7buSS+jBPmF7S9tGqU"} -01441{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501305362623,"flow_src_last_pkt_time":1621501305362623,"flow_dst_last_pkt_time":1621501305362623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501305362623,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.WhatsAppFiles","proto_id":"188.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media.fmct2-1.fna.whatsapp.net","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01467{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501305362623,"flow_src_last_pkt_time":1621501305362623,"flow_dst_last_pkt_time":1621501305362623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501305362623,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.WhatsAppFiles","proto_id":"188.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"media.fmct2-1.fna.whatsapp.net","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"8b979b020e67a82c4f1f7f3932805dbb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01158{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501125036291,"flow_src_last_pkt_time":1621501125036291,"flow_dst_last_pkt_time":1621501125036291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621501305362623,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} -00690{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":165,"packets-processed":164,"total-skipped-flows":0,"total-l4-payload-len":221400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":104,"total-detection-updates":0,"total-updates":123,"current-active-flows":3,"total-active-flows":104,"total-idle-flows":101,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":618,"global_ts_usec":1621503088279869} +00690{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":165,"packets-processed":164,"total-skipped-flows":0,"total-l4-payload-len":221400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":104,"total-detection-updates":0,"total-updates":123,"current-active-flows":3,"total-active-flows":104,"total-idle-flows":101,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":618,"global_ts_usec":1621503088279869} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621503088279869,"flow_src_last_pkt_time":1621503088279869,"flow_dst_last_pkt_time":1621503088279869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_src_last_pkt_time":1621503088279869,"flow_dst_last_pkt_time":1621503088279869,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621503088279869,"pkt":"AAAAAAAAAAEAU0VlCABFAAViNs5AAH4RIneokEAFmWIcTtNoAbsFTmuQxP8AAB0IeGU\/mdbeLGAANwAZh+l9xBKAiSKB2OhrwN\/hzDl51JMe7JNbapPLHMOjmgDUc0Kyw120FAqWdbLajL0G7x+rThpE\/ezHsYo1+wzly8xUgAolT2BsTpI2RHGJFl7PB6kKEbj1oJ2aRfN0feK0OGTrmVtkNP9R+\/rEuFjr\/5ftbiLlMiGuS3H3QpNIn1LP4hRzRdMhEMaL4tpWijpslIEyIWPJUu7rklLDODiHtimhfIO2wkBoYI2kQY+hFw906HJDazA9cw+osFQ\/bzvopugZzilDKv1JaRYx1e4+hqHH6L6B1UH9\/T9\/HnMV2EpDa0Av+iDS3F9RRywHXZAIhY03mMeM7GrJP2Zpz4QhJct7zfEW3x535nQ0edWGlDKJvLXrTJAeOpJnOxJ1r4baAFi3DRD+vKNPYnsuGfuIY65dgPclLbLGQ0fUutzS5iBfTHGDPLr8VDoE6brnwH\/5y9mzczXm\/kEf07xeWOu\/1opIMye\/Yn9rwK9T2MMElD6rrbD6Gahnp2r9RHhIeVU09JhM9hecDnkQZ6178V6oPYtSdjz2mTGsw+LPdfT9S16RCinAfrzSX3fRQtDiS\/0lA192fRii3J2KEljzmCRknudcAIFxTdxxb9A\/G2TbmLeHepNu2Vz0i6tcgUnXVFPrdPymqw79zhx7DrjVNwDXeclunhYwL1E7tG0V3PTUnBzD7E5OrcUKHgdfHTYLI3pYV9K56ZSwrEMPYw6PdTGd6BMaZRgmv1zwBM8F3abkA+q3Zf8DmaTM4yYqUGdqKt\/rsJPP5R8bBJC\/k1fqIhjEgyfV75RWWjvPOT8vpG\/Zf\/Lwho7iMvjqjS6+1DpZLIajkAZ0nPm\/rm87HLI0cdJpxuRH1pwBLDdf8pMJ1mfSHXv93VQKMlba5U2bhfGH1Mqk7jCyOgbhoG\/iErOEjUrAiw7X6OQncJiN9Mkd\/SEm\/\/RWlqvwMLkvGjPHLC5e7V2TGXlnOhRlZBU7qILrPVNtxU7dCPtBdbxIDti1\/YRndJCIPzLPa9h2mTEfoIgDEaAE\/7UawhYqjGFuPu7cykm8DYwvbzLfyH7bht4ex13mlrd\/FiPYOE28osrwhi1PWiAzhV1qXqi4+RWmb\/5CisAguq7jYLc0h5FGHrR92KCTjSdBEZ\/DAyNwtWa8nS6w7j5Hbinu4C0ABTwJE2l7GH4ZQ9omOr49dyeQCQatUwx0VqYJSDhoVCe0TCuJntWa02NbIeePgGo8pWxM6tgM2H8YNfSNUF9avzsSRS2VyMPLnBXpk9KiQb0mc7BEeTRigvV1S+9XKWzbnd+uq94u6ElOSGdKojQAok0wFU1sgFBAgT2mV3C3\/ZQ6n6G68vFnfmO5+ZuiNec\/P1VvDC8vVIjLmaMCjrgt9+jDuswwkMDFQIciL3t4FUlUJM2MVHvkdLHSo3q+qgTRtHtpBlxLgaLGkfaorEJRtfDW1GQLecYh1sTrhehn3QcG0nR2Ih8nO3MktWlFwRqGrK\/t0Qsdsusr3bQ36R8F1tTznS8ZWGUFNDf+Lfwf1VRU+IBvCx3kULbMabelEKmImDqvXmP2zB2BjWHst539anbYbajQw\/ZgddvVcRhVSUqIpiPQ7wJ7kw9\/TtjeFcmJbCOn4TBNtXEAFcmESf+wEZSMAzbOoMV2uJojX02TEHH7lGyR4dilgOga\/fEzmhXhoDwn+0SuTYueRdcC6yi0FFtVe7SxyfJXa\/en0rOfO5K8UmxsGwQRxH4PjiJBdspE+yoKaJq6B76ZXjWQshEvVjgOi6H1dYlUSyL2zSCF"} -01410{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621503088279869,"flow_src_last_pkt_time":1621503088279869,"flow_dst_last_pkt_time":1621503088279869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01436{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621503088279869,"flow_src_last_pkt_time":1621503088279869,"flow_dst_last_pkt_time":1621503088279869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621501260783099,"flow_src_last_pkt_time":1621501262883655,"flow_dst_last_pkt_time":1621501260783099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01151{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621501261282132,"flow_src_last_pkt_time":1621501263382659,"flow_dst_last_pkt_time":1621501261282132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01164{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621501305362623,"flow_src_last_pkt_time":1621501305362623,"flow_dst_last_pkt_time":1621501305362623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621503088279869,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.WhatsAppFiles","proto_id":"188.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} -00690{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":166,"packets-processed":165,"total-skipped-flows":0,"total-l4-payload-len":222750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":625,"global_ts_usec":1621507440293528} +00690{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":166,"packets-processed":165,"total-skipped-flows":0,"total-l4-payload-len":222750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":625,"global_ts_usec":1621507440293528} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621507440293528,"flow_src_last_pkt_time":1621507440293528,"flow_dst_last_pkt_time":1621507440293528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621507440293528,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_src_last_pkt_time":1621507440293528,"flow_dst_last_pkt_time":1621507440293528,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621507440293528,"pkt":"AAAAAAAAAAEAU0VlCABFAAViN3ZAAH4RIc+okEAFmWIcTsysAbsFTp5qwP8AAB0IikGMkqg\/9wYANwBCbbDOkKE3I8tUrhP0019VoFQ42OGxkeSDSRfCVHVFzGS6OlWzWiT3fji2Q9e2uBbhaayYtc5E\/X007tKAEm9FuNGSPz7TI818Sttxs3ujdp1DhJh+NpZfeeSISitSIGvg2MzufhYYrAjbhnoT1XHoGCBc1rAFUoO7UMuAGYC8SYPLocVC73lmAf9DYHNSe5fUCJSAAH+oZTPgR2yZUUzLo6fywQUMulJGI+tO3nXiCpCmWVZ53dVEiIJeeIojZJHsLSZxfmkzXZWYlR6uPBugjMWutrpp3d5v3AuvY2G7Qyk4Lv7MAfdysMbwBNbNtmNdfZPJ3\/pEPVHOv\/559Dp4RvW50HvpUKtGVrDOqJeFYelmkJNmPICcqoerayf1TiCARBZAnCn0MwD3qiNb6ZcgubQ3lYbFhXEcXw4p1oo9c4om8zLGYKCC6gMxWMZoaZf19pIOW1N7yHt\/SSfp8qPr7X11LuJnuqgknnxWBGr+1wZiL2PTq482lAJ6gF5Z2f2tN3XLZipWQds6Bo6uWSETMHj4LlIoOeoO8q99yIrIxEzO\/f4j83sVtl5ErO58R6yY0ijEedgoeOZWD8SVQDMvzkmLAx1dLgYjNi3zBdewahsS63kzpEcxno1c5HXpfC65SPUfK1u9t7lKXuScst61LMT7gD4xRvgi6ny4pOwNfDlEoBJxFCoaEzFQba0SYnQmz1wlKHdeciad8aWCTIM+4CgIGyXfMd+X+XFoeu3ajcjzAF7n6JeYn14EGnQY8unzlXF4p3i93fMCw\/xlMi\/OJq\/ruw6eUXgNqb3nrxm0BR4ksvgfkB5sFTJQPZzM8zEmRDSqngasEorcI7WMz8C2mGoX59tOv7H86rOq9kc0rL9XtCb+NWplconR2ejygYELbikOOOslKugW2zA2OmoHHi2Na4MTk66Md2Uuf6WcAKyFaaQpjc\/tMudn3z3HXrJde9BcZI846R4IemkxY1\/Z3QY1XcsM91Esz8+Pxd74AMqufrPf4mE2zfMQfa4C4336cepitLI4wuJ1hBcTktGeDMWo3AxuFTPzMyx19tB4Pb+QiQvYM29oIx\/p58YHbJiRBR\/2VW0LXa2VmGF1yjBfbyTyaiW\/0aG3AMd+pDl8N8KLpVPA44wpekrJkebyMJOc8G8y2nyC0MA6L1m0olcRvwsPyg32HFyPdlugxC3gCUDIy+\/UdsTVejDWt8G3KF2zBl5z4vUQG7szc5MTIFEplmTziOxG9vpu8uPAGk3JSUOmEY\/36oGBDkAhxzxaUR5tfsiouiWurq0NGGO0Zerjexoy1X+rM8JONjVsJbya5hJGT1\/EyIrr8IuI\/DXHAAsxAOhU117x75sR1FYPo+cPS2OX2Aq2eYhfspxYNG0jwN\/TrKrZDda9AWe9Yds2HmJkKmWUnQVV7eJUFPO+7T5F\/7VpvLpDyDx3HI9ZxDJv4+lVDYmr4M7ancc8vSp1QLKUuXa\/RRdLhFE4WpkMwIllcvDn6w2IGiZvdFwwcz0o7+lWiab+FQFJvQj5W6kBnsxHpASo8358\/GjTTHB+z0Y8rY144soNEgilV0+eFQDnbygqPbwyW1XcdsOUsoU+5ncfr9q8EY2mvfVYGA2HoIRLv74rd9Hgq035d00HMutEK92GJr8ZYm+qplcEu7zCn9\/SDJP9SVZthGjepNQwhkU8gZjaxDt0kSAy5LpSeuV57eDXzlO\/myoK40cRqGjj6TY\/1mZZ4XZJntQPKWyMGIHJzxZKIYXKlVPoQnqi25JmgSDVSszE"} -01410{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621507440293528,"flow_src_last_pkt_time":1621507440293528,"flow_dst_last_pkt_time":1621507440293528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621507440293528,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01436{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621507440293528,"flow_src_last_pkt_time":1621507440293528,"flow_dst_last_pkt_time":1621507440293528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621507440293528,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 10.0; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"78ba053b9aa352e84a4eea899207839a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01153{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621503088279869,"flow_src_last_pkt_time":1621503088279869,"flow_dst_last_pkt_time":1621503088279869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621507440293528,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00690{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":167,"packets-processed":166,"total-skipped-flows":0,"total-l4-payload-len":224100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":106,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":106,"total-idle-flows":105,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":630,"global_ts_usec":1621516392616564} +00690{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":167,"packets-processed":166,"total-skipped-flows":0,"total-l4-payload-len":224100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":106,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":106,"total-idle-flows":105,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":630,"global_ts_usec":1621516392616564} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516392616564,"flow_src_last_pkt_time":1621516392616564,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516392616564,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_src_last_pkt_time":1621516392616564,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516392616564,"pkt":"AAAAAAAAAAEAS1QMCABFAAViOJBAAH4R+wiokEAFfgNdWcQwAbsFTuapxv8AAB0IERdUk7u04\/YAAEU0aOs+L2NbS8h3vY4IEyDvx9d+UduEUSP3UFQHQG3NjO459splk2VvFwj2AOb7c4buoNQkQrDX9vOCnfv2vAKh3jO4JsUMREjT5vNEDbeeIao\/p5PHGkGHQhyZBJDceMVmmdTd\/uhtDdk+j6PWnF9UbEFtNHo58b9XyfB2nWQ06pT3ZlYQ9WK7gVb0I12TtO\/1JgOp7SeP5Djnc84cBKVneYBg230rYLPChbpIzOYDBN2v71vSy3clCOV3NHQe9++jSFmz01AIsjPo0b7oAK8pqXiYvEW7DTC9VlrG7gxRC86BUuyPkAEhQ20RdVW5Yf10xFe6ayadGDnT237OAKo\/\/+O\/LFyNHbgVfKniSrMFRiGghfY1wLG1Jv\/b0caXf12hI0LoNCqVSPEG+EnSUUM92WSb0C9QePh4RT9rbvZi\/xbgMAiaBMtltwa7agMAD0SUEyPtFV3C+8gLuPxCYmnjIpV33zbnthqAcxQlIZ2vrKiyi+KhmHrNr9GObbxxrlP9ljjIiTHt\/t7pUOT1Y8FS6S3BV52+5yFbyKd0LCCvLS6o06nay2+nbWpq3MMEnIy2ErrDasXDV\/yTFWEtS+9f7sWO92IAVmXzrxbK093nsF5MajPhwq3Yj7enMlLFnsX3TwRJhVqvSkB7sppzgxggdf79L1raj9XW8XM8V4sShlzqKJNXWgV0Ic3AYwyNJp1wBL5vRbaDded8wpXErdg1Guex9BOOifEyh8ItX4yvCdMmUa\/SxdZy7sKrylT5MXV9b5DrpfLxY20Ij14Lk6JWUcZoiy3j7yw\/ubYUYzuIFwHCLS1lok6SgHEGlrR8xjkxHY6vGzVbWVDiYYq6XgJZVyWx9Zr21JeGPGR+US5r1E4SSQfwwOWaQavhUq2zrf51HYEGZm8p9Jic3+SIN7YCHgoI4i\/tTXM\/YmMyB3h7wKOaf5t8OBGmgTLUm+k7i6hbT9r3Y7OmK2kRsbBa0dHYNr5d8T\/VGuiypPl4TtR89RXwIfmo1y65zMEsqRFLzkK6P2g287jebk7ShyfkPP1oD8ZNBDlbBORa2duW2pLxkyuhyWajEEIi5IZPiaUkWm07VY\/3CTB8jOxZ5+izKU77hZEJk0XVWc4uEb\/QQAq9sUOziToveEoxQ8lVzljsMp2uan81z84MDcopGEBneePiZuuVSoKKmRlgQlyZ2l\/7Ctf2AtaE8R8Msu4a8A0Bz498uXG67md1GQF+0zH2XGFwQZi645tPEtwFrQVnFbTEKZ8BXx7Nap4taxxtpDt5spf5pj+Cxj9r7SClNizeuJvypZINANHTovJYhzPRhqHIpBWwpQfA3PntHJITXnxC4WmNYJAZCKBpSBcum+oGhD\/2Un0c0TlEt\/thcPjAZzpaUDcVhWpBWCVkKgQSFLnQ\/+DBcsrUFMD+140pVgLHMyZ9SjqlyJryDXQYG97OhxHyQHBDtRUXSWiUupn5VQi6HXycsWOMWUIstNHGKJXGdHz1DTnhQOAh42MqA2+rEX\/B24vMgaRhWIP3wZKncvN8OnaQB1uLmAogRZC7n6Oq2DPqNrKGHl266GYXia9wtsSy3dBXWQj5ABuS+XuL0dLpYt1yK3fxHMTM\/IAuOD+tETJOkfaID9ExjejoJQhKxG9A+2SEOwuBb0RuAAN64trhUk+RRj7+3dvdvvBaNmCF4ehH9m8kVXSuv99l731dIsTYFWF+01uzy3N0iDA4kBqgoPzkJX11gEEbpzeVX+FAdEn0TRFND5ubmH+ZdrnKSeLG87FfotS2"} -01418{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516392616564,"flow_src_last_pkt_time":1621516392616564,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516392616564,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01444{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516392616564,"flow_src_last_pkt_time":1621516392616564,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516392616564,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googleapis.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02385{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":2,"flow_src_last_pkt_time":1621516392665290,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516392665290,"pkt":"AAAAAAAAAAEAS1QMCABFAAViOJJAAH4R+waokEAFfgNdWcQwAbsFTnBMwP8AAB0IERdUk7u04\/YAAEU0zZjp5d5N6z\/WFA1lBa7twBKX0QRDGLtlGmrXu8OpTBord0+OkbPX1c+PKlW1HAveX2hl7a2SKNkWfqYq58RzhqPWQX8bJuDEK8QKFY4N+fXvuJQuur2+wvIp6htGMnZMaAbzhBA68UXq8yqU4hc2a+yvi8q4Gw7qqb2E+jQUTHk\/UukIin5b3rNaLV29NbBtWWNxlePTd93OZVj7QCJVLus2fJCorUUrEQ+2qk5TnhfU9vsdmwx6IB0A2V9iCFudvKs3BZw6vMH3IleWL4m28gaDZFP\/Ll1+v0Cc0\/AhFgLuXnl4qKwc\/obxKbmZlIGLki5S8VSZsLsbZ0SY1dkVvRGgIQxLaExGsBGDsaP+GndXysNiZEoeGRVchLs2DAR9qG5bMjgc7F5c5b\/ooLBc6LekgqqXf0tYcNX1Ifb+9wWk9X7iYP2Nohxdjnln1PhhyFwwH33ccWEqs7INdIHG0pL4nnPScbjfx7yu4Bl0u5Gtz4zNTt9QkKj5iXyOT5Src6TBHalY8bYLvFDVN278pDT5QBdyLWL7oEpNfadXlpZ10SwBin7ywrf65HMlq5bMAPMBrYBhN2FpXmFM7cNtjWb2z2poAa89ojyAupp57XE\/vGPoBwccHb\/t4KO0u9+7ez5lsvxmpIWlCrsPHpI1g4mfO0K2EWFNk3Anr5nH0wYDaUe5wOdCxEbFvRUdCRA01RtABZ5xVMjlvM8apoN8Kn4WqEVHqc5yj0PWs63tUuuePQgwXAECstJsxODvlCazmTdvKFbpo4qJajXrsQCBK6CwTnJEHkWh2mXvAGZwTHKUoMREShbDu\/ALsa3MRdWCNgGf\/BKvqu3kEuPwv1flG9yIxqvtgt\/nUgVhX3\/Ca1qAiaNjv7PRG81n2utVIxCfJg2zDgTLIG+9kYRojM88Z50VdViswbxeaODbKLE4IZe70itf5BYmC5dKaOzsc1ubxfFZvyC5VvBiBKSYWr5eTrbV\/NAAOEFnJYlB25Y\/wg5kPi5dO6dlYjozGtNWPP69zhjoPqpEPKFrsuOmeoUe4bZiVs6v7uB2yz2vl80ozUBKDNkWC2YHCMAf9HVBqE\/Mrt2IBeml6QzS3foYzW8wnBHIkRYVazQQAL0CkiDaOIBs23kvmXeGNY5QiT\/Km9NqiagmZpg1i\/Uv\/usaNSyltg40pMPgJzU+fBzo6AsEexyAOsD0pOIzojnBHkDyfX8A0JBzcIDRpV9jCxmP7HsW1JHDjEKth33XOpXP4gDE6MpCcWx3aAQ25e\/Bbpo8NtEeXF+yfPpvkKflVU+1JItk4qF2JL18pe6Z67OwXqMeVLCHeCYdcqAj4sDp\/bAaRMI1tux95ugztq9AD9OCfXb7G9t26ZLM8YTPeASjTdA5CYfpVHz2sX+woEDbxgjEJDs3sZI2EbLnMd+FueWt5JCuzhqp3U5HyfeCPvU2mr2VjkVlXSb3047h4hytv8T4GBpas5I7NhJQapwTo5LfsKX7Mofqiz53K16cNDqT3ZnIMna\/K4y7sDYs2X9mNTMDSYNIa\/4FeLiBH8A9L+U+oFbNXmIyIVYmhmeDNmPteEfmJfyF4FJIw6CUlzL16NlD5ssHr4ol3Z79gMSJGLQS1wH+8WFBeMD0+KjhLFq\/QPvILGL9RPCnU5yLgqiEMFdnCJHT+ZurivJX+hoHYujvsctlp\/8PU5VIpt04NJgCfEENhOzbQEZU18nrANoFpuXZVXdkrNZsLZUOPV8zsYwed0ZzXePATCJOX6zTH2LfV9PIzmKH7BHP"} 02376{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":3,"flow_src_last_pkt_time":1621516392762017,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516392762017,"pkt":"AAAAAAAAAAEAS1QMCABFAAViOJRAAH4R+wSokEAFfgNdWcQwAbsFTl1Yzf8AAB0IERdUk7u04\/YAAEU0eDSMkBqrJmW6EJydxfwYF72L5nA6GrUPS3rH7Z4vAyXuRcxweddOKkASX50YBAhvaLVxmGJ6U6qmlUaUw7wG8uSjq3TUIdXhWTeA+Z8ZzjqDFIfVneiA0t5M3mNujQZuBubvDwsegbm5eznV7L66suC6BXbOSCIHvH7evlKO6ATwg5tFxeLwg2dQBmNXzcLpzP1hzfGeMKtiH0JWitHqVA2mzm27Mqt1iHbI076Nsu\/4wMO\/W3XkBTDzfNpPgFnftIbYHoXizWVyohtZerA2ZvknSHAJeoqUBq7N0ufeG0vQIdU8hj48c7MRPCJCF9m695quzN39M4n681LXz0x+pX82b6l6TYZlG14513IC7J2U8oNEfwDSayIe8G0CHV1B3ACOgwK9t5t4KOGH7tv4L\/cA\/218vC9QHWHbroomZJmAC62kahwkvbYEjTzFd9QROuCb6woHQy+U88o9PpFuhfBgntQxEdQlqOWULrlZ6tbg2bSyiDxgnq2RrpAHjTxjl94pfsNUVIs9mK0OO8D5idshzlgmF6d17h7PFU6G9dorGkzm4NR6WUaKBOX+5gSFRrfk9rmnT3D53pwkp+KwVxARzjieguJXcogE0fhlCx+gKMRLvNXNYJlLzUoWsx6Y99ImuInElR30vXJvdA2zs2nyF4Izn+Sk2DvY+QdXvwE9gHT6M7D4sY5EHqjt6KAbClo9EWMzbzYhRdVBmotRbwUHzdWJoeafqSv6L3CKvUgJLKdu0YTajaVfkj41xch2Lohpe1p0RenuUsL7ERmQDgXPtrDNmvKz4XuAVEatNNYtceCXUr5rdb5Lay71T9qiuyJKgim3ApBGMzP2iOye5lAvL866w2TLUpfUcidNdjXakFFn9n65PMZ6mDXwIyth\/ETgBN7SyydimVKIk\/PkZC9Fg87f0vvO3grQHqUwDXSy5C0ztCgLy4Kaj+w39\/+zMgQLtjVs+9MRI+QyX4wHcxEAAKsDRVUal8I1t8UL25IJOIq86\/r0xJiOkSj0kF7WH9JqnNGH8+vmx6wgfCGnSI8zF1hr5NX3GOJjLqQ1U62XnJ90MIMkAhzBGer\/LGGVrS6W8xwobLnDBjP+gY09SHeFhdhAl\/eHpQg0s5R6ajAOqzjxGrHwtQziogeGwNpLFYXeX26h2mya6EHocWd4AXToiALDaPovQ7BUR40eP1NntQAWvSeuXAg4pR4Cun5d7LBjxkusmb3mE9H1Q+SLPzSC3KFAluSJZPze6abbazoXFzylXQTpl4YShg+w\/ZLee65FD7UbMvlCi2YOhpxl2oSVCkcd6UcWVItAiI91tALf89089cLcaf13TmGVO37bo8M60FjQZbY7IUQWTfBByLdIUrlG2l85aPi6R0Gv7Zgs9S7k6DvvsM2+Y8RZPzNE2yDKa3XOIxMuhHqpwcS1UiV9F8HZiDY7KAlK19HCyzGhwULC70LPMz+Lwyapr7kCcK6\/8uWl5EcgoBoQiGvXwUqKPqHplF5+pV\/+G96yrYK2729Ao1kcgwcblSXl7srLyRzMa1+N8EdtZ9w4xIIwWcmnoBW6k1pdwgIl3c9AZMQGynRVyFRdZE1ZgfE8pfV4nasitaR0M3gCMYKiLDWmRQiwD21k3IMkRH9lJ2iOuPUh9+SgcoHk8JKhhw+kVCfqGf7CsS8YItVTzzB+AlHzKfn5wPUKuhNr\/8ITyM1jWriraMh4v+v0GwqJXfRoEInWjIVWUPSsW3pM3ZIVbZ1\/BRcboa3+lLOz2oGo30HhPaksnLSu"} 02399{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":4,"flow_src_last_pkt_time":1621516392956083,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516392956083,"pkt":"AAAAAAAAAAEAS1QMCABFAAViOJZAAH4R+wKokEAFfgNdWcQwAbsFTjV0x\/8AAB0IERdUk7u04\/YAAEU0QsRAIhste6Qmerv6\/2gDbfRDwAaPuph8PFBnVMVSxqTHXblLi7PVgSezrcak45QcT7cr7f2Kk41jfB4rdxTekfgsJdW9cSEOP26vRrPQ+xtYvK8IevBKin9k+CbE9ICrG5XZ\/\/XXaKo6ZDcc4DobFg7Eg5oalPAKpnOl0ppoBCKEGya8BRo1hqVkxDCAsTREMfD8RYDFxBT+6RFQBpExZJ3IGUFzgiPDx5sem8NmhrbO788vko7VGTccBVNLrkcQP2jsrXZ70pfnG1Lk0tvSt4m3\/Jg+Ih9JIw\/X9v4BKd7c4jmaNos7\/5ok\/DTbD5jEn\/wBj64A027lyR7B+AMUGSTCopjOiLs+4+pkBmv4tJrlhu4mptWO9ZntEZXD5oefDNzis5o9MDy08FK9gicv\/\/3ZyJDnzN6bzDKA8SCvZc\/QFtjLrh04c30cSTIUA9BcG5pqmWUjZTYQSoF\/agxqIaQnyq49XumRZT24ofqD44VCkpjoDB4mdv0JGgSKvyY0mh2k5n\/tA1LiK5+T+vBrXtb7\/e3g4M9MtoPlRFCwop0DamO9yahfgwpfaiGumxO9PZSXin\/pxFgYz0L\/KDMgZarPAL\/snmKD2zc1FwY2ohJOmydOye0Xt0RgCJniVlZd4LJU155N36AMgdA0aU7GsBzzyGl1iMxjEAFfHFvAUSo08eo6iCcQgb96IEtARP2Jk8nw2WTHAqJJpyUKHbfbbWyMoyvjW11IFL0drrKF3ue667vcANFMSplf9EUQ9JUNGCKxmmML8j5x08tNU6H9e7xelOp\/8XtgGJrgTsDXKoi5qGkqLcgovvaVcGP\/ZoYAiDj9+94YEzAjNGahH+Lc9pJSbMDiyUqp14\/PpxapFE49fJ949kx4L3malt\/I8bndYAjZxO2KXxhEnyQboYrtu7bYGSVa+OhFP9KFPlTMP0ho+xAzjhYhUtJv3HnvzXg4NDphQWz8VBWeBR4KmmicGIpa9lM1MUJeLpS92Xg\/84i4LX6p0T3wD8XUw64tA17pvkXCROzL0nq5OImQUKEt4g8dBj\/KDurXwHYPvg0HaCk8i0hfYTj9SMBccNBOYYKfGaa70RcexX5XTCdb8+irxeobF\/dAy9fX\/HcUHFCa8z6gZ5Lvoq\/kEIv7eeaD3\/2aPWl7ZV3EJRARCTdy7zud\/K1eR0wYZn2E7cjNSVOWv\/AyAAf1yEuKuSrBsH+33nn8pv+pfJ+xYplcfytBaI1IKBHNknJVn7ZZI7II6fYfylqlr8gaRMyXA52Tmvzv8MYhfYz3Edm25O+wtP9JGRkrgfIK4NkW\/lOJJ1zRdUyav+aSZXzJfVjhtqnWyG9EgoUSiQP406fdqZoqfObsGdWMdrLLnq12PG+nmYKynpB\/Sa5uEjBx1WIx1bNm7FdC4ucJmaj52sna9hGgyBc42eB7XhAZuSZ0ii6oA2IOwDDHTXkcR2if8HMGvz6CiudXcQQBl4LmFri47lQ5oZ188bPdSG41I45lnDqhlcZm5XX3I5\/Vuxs\/GGXMDbKG8gf+0JhZiDDmeBLFuMCFRFpjfVRZsREfskjBcOQv4m8lgJrjs826lH6hMeEquQ5k8jdqr1xQ+\/OSffp5tTikY8XObu8AI\/Pm0jgroxkQ0zKhLfvU+4naM38qCrwkzZ75j4EXbZretHLo04zzIeOtawPS5YYntrGGOuoJbLQmu8AOnMVhFhKQ2tn83eO\/TQ1F0HDl5Z2kl0LdOSIj+jEPk1phzCYTYHo6DzAQfndQ9XDsMS9tQ+y\/UOq9"} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516401935898,"flow_src_last_pkt_time":1621516401935898,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516401935898,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":1,"flow_src_last_pkt_time":1621516401935898,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516401935898,"pkt":"AAAAAAAAAAEAsa95CABFAAViOQpAAH4R46+okEAFH9vSYPT\/AbsFTrroxP8AAB0IsiNjxAytUVgAAEU0Rqh1oTS7oO8cafTa28fAea2TrPFqW\/nlAJ184K2vdoORXSVeVMo9P99lJizlhuQtwjqOuZDX79HEkhTLfn6mYDJm73BPHv24qL5kCOPeP9TVOodlyLNO8CXYBxsAfImX9sw\/xiXEYv4nPCZx7phxoORVmsG2TXdTVZpBuZ8d7NkT8sYUuZrYsCN0\/vodaBZ64dqsKu\/0ntZ5Z7umvCbm7mnmp1P5JPIv8e5JTwTetx99GUoYM3Lss9UBBF+N+ZQAlvbgchHFwLlztR3qBr4DSeiBRa\/QCa9pwK0wrcW1wd7wQAaeeQE+HUQqzk21mGA3Ni9eqhg0A8mBSXeo4q6Zbc1Qge7LZjkMnbzwWQRN86QRzXhr6ZqznhJsrs2gf+6K0tcETEYFPcH1LtJTTUs0yfQDuzNUGO8Ljn5FQDD1zpRSvh8s7V0XLbAMDnVaIpCgJ\/Wzfpib6V2K6uy3y\/tnIOG\/KewueYVtxjddYzCJF8gOJKnl9hkHLvDnXYvahVHmmsSXkZEDuqEbBU3dhSvWdcTWMI6EGZ1la\/dvApDNmcb5oVn\/GyXnv8p4\/EaQDcSPgEq7tqrMT4zz16ib8ts2HPUFH18kMT2Lkh0kzLngKGYmQr4ud1DxA0Xh2OTA094JKybionwnwYmG0hB+bs0+W3t+x24Ktmr3UI23QaXnYhGjWDsFVhEwqC9edY1GzRBOF4JKsc9W3v+2U\/SN1VrKcc+Bevpa1\/hwmOmIR9UqFFRGYZ8XqCMSHhBSXZ98GHc6Tp8dIXH3GFzyONX70YreOQv70uYLLo5G7B3vB2RKjJ7e8jXDVU+JXnIlEp+p7OvLVmWZJ6HiKz1yl5dXohIS933mpnocVqWJKEIp+M6mIafetUbr7l3ub98qfRhhtDelAeHRUPJsEnbTDiebfukKletmLj2M9uqS88Nv+AYjq94MlKBVGJG0hWh9iwuuwJZCZQrbtQK7QrfvlcDDCr5e3q0MYyc3hLW0S3LNDLCzhZJHuh94K3qh3XmLNI48az6btORNC5VVHVviSCJzpyJi4AAhwk+vZEFTRHuM1FcBw3q6LFjAesbh3fvCHe8qk7EVnRd8k1OJ5pwTXlX6oar7LdQggPhSRol48jQ1hU6ZrFWWYfQPGtgNuW+QSDJwzQMXWphfVZa\/bjTSTMzzJaPxFEO8blcgWgJvyIWIDvvNVBD98ZAL8CsMvDFroJxvSZYdKcm6nvRcebluRLF9YOtvGfZtjUr\/cgCzoc03HDo0sme\/lIVgz3C75OcoWQzVAwwXgD9xeikHRVTVmRinnMrGdKATgKfjaUaxEe\/4wD1DfVumT5F9SapTR39kz6hwpsA7x0UFBknturrO+L+akqX6pIKp3yDxwqp2YSrQtxrQM2HIA0adAIfRYKkhcslIAE1vsvC5gIwRdKcF99Ry4D6WcmQtmyNTEyfKPVZfHdkM52cWvBas+\/FFczuVKVquG0n\/ExS78d7fjZpi2el681jYg7VOPeTHklXJ3AcX9vJRJlgZZPB6ZD\/pRbnoYkfAMjAtcvtRNTJbEv29pz2OQpvG9FDqKNggB4bJ4OOi9Yw0GTejnWMyT8AcCgKIWe5b\/j4tdp6cu+NFWIXuGtcykvaSvXLjzYQp51JSgMBZ\/5jwYYoRMQZPWnJD0NMzZbO\/PZqzoW54JcJfedD6PsbQwfEVZ9qO0uZe4XJyGo7xXMW9qheN5A485AGg930nGI0W4y9g06HYqEC6FZbTUGCQFaccVVPlPrwvI0zP0AD0MaiXvO5tGDdy"} -01419{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516401935898,"flow_src_last_pkt_time":1621516401935898,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516401935898,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"lh4.googleusercontent.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01445{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516401935898,"flow_src_last_pkt_time":1621516401935898,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516401935898,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"lh4.googleusercontent.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02395{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_packet_id":2,"flow_src_last_pkt_time":1621516402235332,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516402235332,"pkt":"AAAAAAAAAAEAsa95CABFAAViORdAAH8R4qKokEAFH9vSYPT\/AbsFThF\/xP8AAB0IsiNjxAytUVgAAEU0VlWdZoCCvojlDyfa5Yeon08C9NEt7N1hxHGcl7FpDE5Z3Q9X5dOjGppxQuVZ+atKIAVvgbCcQVIhusNpashx33gtd6EhS7ZbKLvO4fc3PTuNql6Czjwc6b46RvYtjQHiYIFYBl31X9KsUf7sMEKMhQUWKvfytWSeM45U5GBkmLvf17D8qsLlZCvoAeY6VEYDPspoPXzAUYzFOsd5enOX3RMYkXxLlblB5gix22C\/+sUNmj+ugdjQw4gu\/fkb\/+jonN8oHz6zQAE\/PJV90A06PszzVUFctBVjZ+j5Pwz9BjozUZUg\/GO5kFR0Af1qvNMmXh\/0QoCYJzAEaSM5LZn5V9IadKyhWiAGb8bAhV2XnJfQfmszIOGoMMvaWthG2XAg6x\/4\/kCr95Ae0+tDiO2FzVaWI0nLPloEgW0+kB\/0TGNzL\/+Vy4YFY4PXcSh85eAiYwO2DkbrwC03nysw9v0D2V7rEHgNEO6ioGGuKv6mypXkj4bSQLPMzAkTM2MsPkC+fXW3f0l+0+za4NKOaY89pjaqW7bgVrOTpwQh35a6XwDDTLsphXxpOh7dlW0BzLzs03vnjLkokDqzkTmNyVYHQO8+a6C3JeLEnZTxFmQiaQ\/1gRzZm7cpY8RY0zhtz+q3FIkzaFIF\/AjKzGOOu8+5nsDUVUSfBS+fHZOKMM2eOjApm\/tZzcNNW1fwyIXL8V76UchSVNHrOV\/Piqka9R1tk0T+z1Vj7bcbIKNxTymIgfuZHLa2ehhiJRTVxdu4QeBCbNLbQ4jG7byE2A+bFbGS9ipIAYjoC9DnqCMgvL8Cm1jbkt2kO1+bEwS4X5aZJPdFzz2GBsHA6OGk5nmPDDOrC2sdqH58ShIcD+ZsAFb5MukWegKexiZGTPy5BYnViMh9Y9GI1jxJu5njnFXaIQ8qVdUruJxMtud99K9OjWpL94NFcooWggckaFlC21iuud67L15UsBMt83hjPDeakhUa4qZ0kj0gWALzdK205K5Wfz4DWhthyqf9fEU0GZOnTCjN7AnpkGQn2Hlp4OnoxtlX5VmufNf\/lVgf2ZeVPKUxlrBcNx2HEOHT4sZ7wIF\/3lwFsTvQKcix65Wug2ejeP3G\/83G9Qzq7h9g+PnVu8KncBYgcDGbeJP1jGd5F\/P6eUEylVpUxF4tuws0zlFKw2bJb8x6Y+cBLwGKHVC0PIzIUIpEH69fnkOGqSdaY0lRMXb\/EEra3O5ioR+LwgLTB92diG8Q5e0s\/v92K3HdzYSQ8TlwUeQ+x9woWExu3b9kGovPv3+jFRaFsbNxKvTVSEfjQDcafUTKOb\/3tA7k+tucr5my+7aGjn+bHbFFsjfBLkQLeS3GRbQpzQHhNjNEkEbiyp731MXybRhTCm+Y1qLET9TlYhBtjM8a05Qog2XwlqEM8wi+y\/CzGxubwbN4IWOhgTc1yngE04OAmEFZfH\/4awrr4YU9tLSzhbY9S3EHvvjjZpSTP0GsdZ92WziUPVAuGPfXB9clRlvNZdmbyGKYmxwvtpU\/5Dl\/GHlToInQQEgn2cmkuIp5zl\/9SUAMeYZhTS4JmDwPt30EK+TXkoGbxB4QQxockp24t2DasNgEbms8\/JVTW0JUJN2vNzbFOqVhPBBqAfcGjPeup16sTpvDGGHGSO4mJvUva77\/RTW+jGu67NC3sq2HErt3plviATd1Ww\/aNLcM+QsfCyX3a3A\/690D7ucSmy3lf\/i05xvjR7bo\/jVQ7KGbD6vK9Qm2U\/cQbTyFQzcqzPZgkKzr+l1adiNiIM8S"} 01153{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621507440293528,"flow_src_last_pkt_time":1621507440293528,"flow_dst_last_pkt_time":1621507440293528,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516402235332,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516405234690,"flow_src_last_pkt_time":1621516405234690,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516405234690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":1,"flow_src_last_pkt_time":1621516405234690,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516405234690,"pkt":"AAAAAAAAAAEATej1CABFAAViOZ5AAH4Raq6okEAFwUSpZOPvAbsFTiT5x\/8AAB0IzUnHeeUSQdQAAEU03jPmRxAy9OYylQgB73DOlVrCptv7ErpnY22OTRmr4wpzgeK3KwkGuqc0xjcaspxGnr6AdaN2xcChMtA2Y7IUI6FXy98k3lvliYUdwlbegMDaM0s2kOCEH3Q5e1wd\/wXjWcr6N0oOzawFyp9hVXwI7Q0kOSYeJlKwoxbwIoGt7YBZmAiPcan7Bi5oQyWPAWydB90gyIdx0d8HsFpltVW32pTZeG6z2CP9KXzoqL1WsfRBKPQpLg6kv3oYavjTBDOfvbG3i544r1+YdmIOCTSwSyCmI9DGVk8MczSIbJC0RPe4X9d\/gCsVsymdal9TdwxBqTtK7tvHTjEjpE2Tf9zS8Q8Gc5XsubCb6PKWxtWdDuV+ITz8lHNBp53kMGc9znlCSGBJ+oNWkpzQI4G8VgjVItmF+Zywys9D14q0rl8JP2cQboFSCzBrnPL2a2zEjzaiN8\/C2LlW8weYHLtePs7UcOLWgLnvnVwptNummGBctwDMgBNNvBf2oQ2BT3akVv85DLHFo7Mik5zFKo8Hm+zpDV42cxV43jlo01t6MR7pOAu2JhmZ1+Gmh9i4DhIdmnuAVFChlq0EBq1oKQrR4fmUxA2rjS0OXNZUgpLHLlJHctUJX60aeAJebb5ddjnK1JqXBjlvfbOAxFBhwR585AVOc\/N64kRyneM8sM9R6sU9iPp3yIrQOhQ0fDG2w0PRRpVMOhUEH7zw11a2+aNeZLGXC\/6Y0wE1yXsUVHJVJWZCYd86aXC4954s3IHZMqezQRrL1APK0Uj3+9FDgBevGUuM+k\/7d0zQnJ4rTTwqaISHNag4vkTDqKoEyOQwoaqyXKoPHPHUetc\/U1Vqj5HbYafoEp++uRVCALzeb9EokrzQzuCDkwwF8fL5EJSue04WpPsmcpNQzG8CgHMNpnU5AEbkeVy\/Tm60yzyRqb5aB2QQGaHn7nU734znkp6LBO+x8dI+\/uS4XkpdHKVM+kYZtiYdPByeui07cdpE8sH7XxtZdaodU1va3LT6DdZOGuWd3tIpMbwiom5ZO+c\/sxrsYNosVZXax\/HOCVpOj9VoxFKdAe7TnQA3BtohBLmAQi8Ky9PiOLlrtiEWSg9vuNLm8rQjNzi0+N0HK+xINajobf3jP8DLsPNa3nLBja1BI0rYBIU3yqIKQ8Dl32xsc063rGPnZ+4xKu9Myfb2s3u3GI3oGkrhwU\/1sQwXPwuGtN7SwiZALjqLgHgfC\/8El\/VnwzeViayYEnclukedsZZq1ZR3YWbmiKeCCwlk9jmv2WHZEh8jZQ02nH\/6uAirsc4PzXtVqbEdP3Uf\/51U+sQ2p6kyPgxPJ0dJiulfpzegAk1g9URlFtj1Prm9nXN52Avs85Ku6PnWn2K5Oit6t5szIh7CpXNXZ\/r7lQTCzx1x4hjw2bMC4\/V4zZV4WAYezFgThubuHBYUA88rT2uj7dCArSt2N45qbwc4Mgwud71EluROJDlek42tV+tCsyiaMJdhkWkSEEHDQPlPnH1ij3N1iW3QwoTcs+h7cVopFBb+GUTNIJl1Qk9qCEm5UYTfWF6aVd987Lzl3tTyv5D0h+cV+Wv94Y6Bu\/GmojJU611wdu67nR\/gcxGb0oSe62fODz9zWZV7kmDKM8ibcM\/HbDPHzMlg3XQsDk+2kA7o3GGvnoL0ABy\/WVJWStRZAa5xIrmxaZRdp8pG0k8n7D0+KdVj++U2WeulgSlFklaHDSc62eMMQsSdHdlV62KC3i0iGJUMvejrPxkl+j6oLKhMF1+skGbQ5aFITVGA"} -01410{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516405234690,"flow_src_last_pkt_time":1621516405234690,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516405234690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01436{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516405234690,"flow_src_last_pkt_time":1621516405234690,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516405234690,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.gstatic.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 02378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":2,"flow_src_last_pkt_time":1621516405310392,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516405310392,"pkt":"AAAAAAAAAAEATej1CABFAAViOaNAAH4RaqmokEAFwUSpZOPvAbsFTs7oyv8AAB0IzUnHeeUSQdQAAEU0YnBQC8L89wEgTmmr7BjHFODkqhpFJVx7yJAYrFg6afkiF3jCqd3RVPDW00NRXnMgjonKH81Ileorn5KxvS5+yQJRAfjCUHJ24j9a3WWl0AFqEbkF0TWWqMTP\/2idN+3yLS6puV95VhaYgqHrCvwkD4lAh7BWrsu31e\/HDOBztqIAj1XIxQN5nk4xsMisv2NZkICaS+1Cze8naUXXyoJiwMgIqBi5y8cABXF6JlVU6OWprkzVRIYKgbzPUVlJaith2PL9DAVy2TL8feQIj3EkaywH0gUPZYTZigDwJE1mDupdge9S6g+LSrQwDNdm8DmnC39N8zuv8VkX39gnJjPPIqLqt8YcZBaksYIxo+UVtdEoMWKD2dTTAbqL3muQp2Ja7H8Ae7XPH8EhKuwd7Kj3JTpB13ljCjHYeyiv5t8QcUXs+\/fTX+iNUrbYp27UUsB5CR6dNjgUgwn+qI9Kd2TVTpJFA+nvmNxH9t5xpLsEajZKGz0zBOH+ePQwjH4k6LiuIOgTcn56cc2K1OQr8g6DG6GL3qoUWI2dlMl0vWT7aDPYShopw41gzuRGjFELxdiX0M0b7As\/7rFy3G1wt+nR8GFD6BSLRMcYNH8HNXRu0MQO53XF18R+1YeIMH6X3b3CZuFq3Xfa2QILxODzwdrxgCNv+FS4NubkKVmTPXQe+uIgvq1qlryrWj\/xlUbBxH9IDjnd7Q4EC0wXt9aAeFTNi4El0ZGUFtEehFfXIXvGMKzGNTezfNJc+vD4F1uOWnnlAxd\/WNW79xPmd8oVDAkAoVRbYCE9wA05lkg9NHNsSNZQ4ZrHcfUP3vf64MKK+pkwlt\/1KIFbaqjllgaHwuNOpxQyFKZGOQ4mRm7MxKALa4\/fjze0Xdw0la4zY+K2Z6UBx0Bbe33vd2rVATAwh3fRljk25dM6tgVCsvKusLkEvU9VmPywN52CzB84wZBRt5xcE29SdbS99xZjGg98qXqdNlTjjAt8yu4XiAjezSVKKaQD3XaLeqSlZUs2O+44zB3zNNhhO5e5eFJ7vU6rWJlnEoMb5o7Dpqgg5GZm09GTgXY6uCnh4ZTxl96ofiZvX7ChhymeUh74eA1f1x3k5LEP7B+VvfkqNzqwQdVy+JB7y82M7PRA6h\/ZiXREpEY5E7rUhHhHzsCHTcFbeJCcw1KDmA\/8lN\/ad5x9wDVKuns1EoyFDZ39IMuXsGoV5K49EtAXhlRXfF2+Q4uYSZtKRw+dUt75YzrYSQ29ZHDGQClAhl8wOBfpzHpggjQ+gFIEYw0xq4417mXTvRAsHPlxM8bRQ8PcXIpBD1+\/T32bKmOrmzAVOK\/uM2XxkngmepayHjfPWCQlEhv1MTTUXO5FOHEIKK7YeWXB+45P5Jdn5DUTLIpWlu36Orwifl8JevozrwmxoIG1Zmf2m08oeXHqRUDXmNzjkDF8iRRGAJYOtcDtsPuCEzBA8dRTgS0HKprk4UBlCXOdnUl0o\/GH1EJbFeV6skk5xrmue7uPiLAyEVcPX3pmiAAOX53KWWhMQls04leVWEcDeyAFwvaITqnSDWVveqnmXMRxLOFZt1iaMGSJOlk+UqoJqz6OkW7fNx\/lAaehebe7Eqav3QkkugEaA1AnUOpe9DMxV3jHzO0ZsRV9G3EYn8EZ\/3pjUJ7Wdzgs2pUQKiy\/\/eGQsIQ+E9g46xeFn8UPrN8eiX3DgHzFdvQqN7n6GdAWkhJ2Tw7Bq6m8tC3wcytkE68x8FsP0lQnhvRc9Pi1wMCcL9Y5E9amIXbruhOYiuKw"} 02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_packet_id":3,"flow_src_last_pkt_time":1621516405464431,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516405464431,"pkt":"AAAAAAAAAAEATej1CABFAAViOaxAAH4RaqCokEAFwUSpZOPvAbsFThhFwP8AAB0IzUnHeeUSQdQAAEU0f14nS2wsq94otcbsx9Ja6N4Gglxg3u9DN5aawqtRKVNC4Pc2eIsI1t2bGSVlKf0XWigbLFgVoquYysOzgfEuJL\/MeSu45JN0vCO\/piH8bKThjLOmClUk1DH3WZNkFkEuaa0+lysZpqiBVvoWBmVXL7ELlhz6YnN18zze0\/2yDF90B6el4fx\/mt0wpW0qVA1R3rpNHACrqE8RyK6pVoPq3imcpEoLb3yO7yzrRrQA3ViWb4CcRSIQKKKvWiiBsQX5n0+0thXLMnu8ftL8SuxBDfepRmuDXajiiY60A0Ci0Vc1tK667yMn9eaC6rHTNh8nYovYhgNBYmIAwvsQCVPuw3uv7zcZj7QuzsQ+GoW7Ofo+0HVPqQPw3Fcv1w6\/sFDHM8ZQdgy\/TI9Xw4zrv10NHy01l+JQvzxLdL\/Mei6EzaqwXfOyDTaHClmTcUbiuXBRX2Vf7Bmroal1PmgVVCAi8AUTkagzmJDy6vDj2SKbbL\/ReTgBtoJf9YG9\/p5Hob\/OMMIyWWppTPBk2+0f1VYPZWnbqV9qBkb6EhNQ+49gd87e+9YYhhx1IWTlW9NLOLBaYwQFgXd9bbWWfmi29OGPyG3EG8nQHPU1eOA30M0hAL1iFzuLQ3C1KXPfegclGVZOp1CvUfjShhvg8c1OTN5s7Ps6ZLZZlgyBt9X6JmRDmehOI4NTymHV5ZtQR2lVl2TcptleL6k53AnKbBYD6fZ1m7Qm7wPSMZDBJsGDW2W75tps0sDwHgF2FlcJxcVSumnK5OY0dgyq\/v+QuVFHSKHpcM0iQXjJ9BYDELQJZka6TvX0wkBv\/HQW+INffppmt4qy4pX8Jnbh3Ni1t3tDnQ\/7fweO\/+RdKUkMiQ2HCjJPyE0ETTcZK654vByA7SxI0bxGOyrV39JtcFOkThujeZSYhhZM23Dz4XEH9y6JuKs63RrvY0IkUQVSK6GA0tRTMG3mwmAob\/hfPnlVRnA2pVbvTMeZUlWCHFzts0AL9+PXmCSER\/XfzrXwjfrJuvzm+7T\/lFRR+d\/i0xl2X0IkHFkuV9wydT+v0RqXfar5ItGT\/sh5mrWNveBVdVlQJkyY8DBePhN4ArItPiFG+htl6KN6q7WQdvLajCgHRaRtH4GQxWZtZmB1Fg3DZcxEek8e2BMmaOPY8gBgng9q608TDXo9Pt5mxnWStws0YA06UTqWaNh1x2Une7VSFk8tH41qCiAI\/n2bLjiAoqnpJB\/cQvnfvFuY74Da9t\/5SFaJC4LXt0ZQIRJhn8fMIsa+pDVIU+8qnOzaJqQU5AktC9HbX1ISQRPrusR+iRsZxLKNNS5lj2e3YvJYsOdA4xy3eH3PevVRBgLucZfc8W1Sg+7crP5FPF+V1oksLUAomnQAM+uLnpl7jWA5eWJfsqJT8r5wB\/HXm64IPwfS6kzQmr04rkzCSj4t9jKRGjOo1Cs0M2KVTyz5diNk8DfzKuTIVdn5aJBg\/JHs6Tfr60kgcyC4b4P7qkvjih7e9lIaD1s7QzKhQlA9RuZPuSNUkJNf9zFhAHrlKpelaHjuvOMD7bCvtJ13MWT53xGxxb3Tn2yae9wN5yrxBUdBvqKCc9sg8zRym9VCJUCAOFTs3LmsHQjtM74VOXrdEbkzWhp3f7mXZ2mms9zJ9eH6fhPzVnmEuOhWdc4vKs4t+Uni9Rz2QUxiNfcPb0AlKfZGRFS5DchrAfVT1vo9USbhMF3YNpBh\/huOyVHNzkm1++SOaPkTBO1wZlmVb\/GUDFQCUtbTRtKz5EY5n6osCa5b"} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418037037,"flow_src_last_pkt_time":1621516418037037,"flow_dst_last_pkt_time":1621516418037037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516418037037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_packet_id":1,"flow_src_last_pkt_time":1621516418037037,"flow_dst_last_pkt_time":1621516418037037,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516418037037,"pkt":"AAAAAAAAAAEAYl3ZCABFAAViOjNAAH4RV2CokEAFB0d2G9\/nAbsFTh7BwP8AAB0IqOC6BJZvV6IAAEU0Dvi2qrd23QDxGu2B7vaN4MOlDBtGvpoN5pHp26m14lzRY20peRtUuQ9ptItsXATUG7EiTr9GCdRPLOQETwFtC6RhGNIdLTwnsdX1wtpxLn88sqordHPzeZRfgg7Si\/hIcgk2r6jQqYTKPyb2EXPMZun\/DZnzAKBT4U0s6IkU9DCx\/nVZgKb8ZQ0clSgRRcfwhUHErM8eTU8YJIOg18cKJLd06pcQOIJG7NWuFWxlP8hu\/nN0AYaI66fR8yko7HlWLvum1JaYm6FYnzxA32PBj5oh\/7LgHk9DvkAOButBFcUmyPrB4mG5I1fazNr3nwyskcAAwio84ahFtiK2AWGqstVtlbFkBz5vU1GgAY\/jFxeFFhQU9bkVT2J83JetFccigg0SDPuD5n+d+pF1ktpVFhfg9Pf7M1yVpEd2pTwggR6\/RMwbUXsIy6V\/3Zdy235MvBR99y9lqd30EtEWQFDwQx1rFv7OgXmz1sC52olWXTPJJtqeru5YJ4y1QXdwzngLTKdWwkivONoSni7YFaQywfkoSfUUq9yPIHkBPfRgLZjtRnJvNRzSUdIVLK+82oMRpqWSDyuehe79xRqTV3emacrIoUpKNe4ES0rwwIIxuczcriuAc\/oh36BCnJTnMLsUHOv35tL0tIW69QW2mqLxjVxs\/sB2ZTY81BvXCGKlb2GWWEZboz4kvNje42VnawDq2ARmXLjmZvqx5KpuiDDLCrFuudk1KPohXg8MYwloe1Z5ljen+Kflp\/0GhTarwpApPLhqD4dC0YGPGUPWy0M3SdsjYAYnO0ufi0JY1lS9wKfFr3M11xtfXz4eInUnYb5wKqBRyjzjYcDgMIhrig+xpGm3NO62u1F2ixUHh\/2sre7Dp47yLp70MwKIP+adl\/aS+nE3ZwouBFKcqjSAsPBSGZchE52M44ofrHvjCdZygdjpUAxYA3pbEVs8jkZwgMgJXo11MS4xaeJGvyTRcdWxgO7Z6GiCANH9t3fYZEhYzw2EjE5ykKJRHZRafzyzvQldpdzPPsPIEmtpkI3mtt2v+1cYj4DnaZTXJEzplScTixfIquKqwVCom+EBWD3psfkqjfjfGGAzGt5GoJ\/n556S51FLopQS5Sp3W5C+2M5ojItue3RQCrCTIS76Pfo66q4GsAOSUZ7\/hMt\/XWeMLHxlw2ixjPGWceCE+ADtTZrMdCOe\/3\/KfNqayz9c7lfFveFHD4SoBgMlybRWMCo89EVr9\/e9bgIvQH\/2HIKL\/1AnrBTYWGwjYvXcCZMo2XZ48Bf4TAHJOLQ27twcS66XbobssW7dEGTHzsxM2cbXA7Mt66nR8kV7FnqvM3Uw37ERNKYGRDJpbb0E5DL0AIoUX6jOOuHNgnhFdj03d8npRdhJrYtWfh1KUyehyWQPyGItDjRZyrH\/YzmHmQlGRGfRB2IOJPpW0Awf8t3u7i7GhjjxzZWH9y\/5\/UIGZyFN5xYeSW1RjHpBsgozg4u5tX+KFm7iqwM265C9T5IiUFRDJ7Y7z+ArBTMIKqef2Q0Utflwho4O5OPtNfbJpYHIlEDdM\/bpqXNeLkZvsI55ncrNB0jXRjS9R\/pqCZ1F8bfNDlgCa23mWVU\/e5BsYcM6YG+DEAJXDSOtIC6Sp\/ZcQNS4oqLP9h8MI0zXLT58ZIPXRXVMDFrxMhBGx\/6yOIu\/74H\/Y3fHvm7xBKcdhdXm+aB2FiySmLOWsjvBXvSzYQ3UF0qKHH+MtZqFhGOCJk+EykBVABGv1Auw7saDcOGWE1z6rr+udwYUhMrL"} -01427{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418037037,"flow_src_last_pkt_time":1621516418037037,"flow_dst_last_pkt_time":1621516418037037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516418037037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01453{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418037037,"flow_src_last_pkt_time":1621516418037037,"flow_dst_last_pkt_time":1621516418037037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516418037037,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate","hostname":"android.clients.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418245609,"flow_src_last_pkt_time":1621516418245609,"flow_dst_last_pkt_time":1621516418245609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516418245609,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_src_last_pkt_time":1621516418245609,"flow_dst_last_pkt_time":1621516418245609,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516418245609,"pkt":"AAAAAAAAAAEAVM4PCABFAAViOjhAAH4Ruo+okEAFNWXkyO33AbsFTsjCy\/8AAB0ICh\/nnOWyISUAAEU0\/XSWRRoxvD58Z\/\/ltqn4D7VEFtfFH+jUGx0Einkv99\/DSfc2oPJY4DDN6JlHAc\/qXovlR01o81cgEAuTHi81V\/Ai4h2uKfJC8zpGb4iU8J9MQX3bFzSnnvrH0McYkR8dXhY+LkUeHEK56Er3NWFCyGj5bFUc6ULxpQIONyO3XCblXJAYYR1+HHMJV5rzq2a0tPhEQxMvfL9U2zDwAk9Znp3W+SBmkWdokjyAXwhbri5sLFI+o1IwVydXvtiLNEKZ6k23ZHvOevpJuly8FUhJlRZFzpQcsb8oqZg2pRE9C8POq2T6l9g2U9I6GvHiVjRZ98FT9qIvvDP6AD69Cajx3mGJWavv6aTsctL4VNEVQVix5W4yMVeC9v64prq2LuRUPHyNnEo9AoCfcOTMnnedkniclIIocpUSham+VwWsPb7ZVt6yBxcH8dnhbZwZX\/awC1yWaJ9PMxllHy6dWdwFXphZE0mlFrVD+Y2ViRFeWYhgXMd36a67EAh4KMOW1UUy9WRijdPxYzI\/3NPUKYw67EbvuD9TnJBZV9swUxHRb5oKjIJs\/zVJKEr4HgEriVT\/uHrCBUdG8YtziQ0VN1Hy\/c\/HszvPKD1I+6T3S74uGqEDJvz22fQycnxExC\/v2s2Io82JRN0DQ9+5+lgxD6yIJqUZ6xtHI\/7Qf+h1fMLSx4y8AKIJtJIOrgnAYrglEsKTnvJuZ\/7orf+yJX+h9BvEb+CqTGkkDjnK33BqpeiRlD+D5DuP3K4T+NB+diP9DR5dBkwLMLSdQF7qGWEWn7GBAMAcRho5edT66etmLlAdwVt2TRqnGXiBMNQSBXoW+toMKpTp1vnHlBgZmKFlg\/JJPZqOdbJdAyv3zJJRFPTBKEQoIS3zCUzYSTKEr7ud8E+tffKkIrAJ7EUAESGEhVWCM1DXL8i9M+Q9XJE3DJQpsWg6gUa9Fw98FeLlP+7TL0IhvOxx5LUeAalBQ0TKxj\/VCVN3UvSZDTeC9WpGfDhna9DGtD1xTnAi7jRi4CrseNR2IgaLm5JlbfkFLKccFrhInfwGJgkHj29LRsGRm1Es1jqRY3Ouk6bpGmMNWzcEEimo3csuOG58WiAdQz6WHsuiuYVG0DLgVi9H6doI1wsGghSdqDtHqoEwoIgb3tx5I7T\/h1Xq5LT9kt\/Uk5CeAEtSXIu4d9PJQM7OynI4I4wJApaL+JsbkbYJmUckRDj5+DcoOsYJRi+S3AzB\/jReXlCiXkDNx221LihD5QvdlILM9b41NYS1jREAGiqCaAAzmvoR5TwO\/4AEr0UdVZbLG6KYh5QUiJ4oy\/WVulKKHF6+TFf4tv4Um+NQ3oK95TXCRvmKZ3qS4aLtCdIbdrNCgVhBzlGHMjvmy6t7Qw421ogxqBJtm793TVCYZwBcnNLdGCCZCEtVQnfQzr8G1JOR1oO2iM8csHv28RhmsRXcaa4e0qdrR5f3akye3zgahdcjiXHhM7C+O7G\/1kLFug8TwlbhRgFQM9CkofyNV0s9NwP\/y3Hufd\/UIKneZE+EIy8AHj+5ijv0WoRhBnRJXYX5ycxl46tMEue8ARKo9MQUXx8V0we4qyXSx8gTP4pifQiQH82C4d\/Ia+gl\/7V0nVldVjo2XHTYnNKRl\/2r20w59XqRfVr2MyuvliKCJuXMORzGbGFmNF4tyPP98C4DrzmbvG593DjxQEJxLOd9WIDUQLYmSmdG68jG3Dj38xlZdbebj80NJ8y84A3+pm6EmRMXvK3LUyTKkRh1+p8LOow4Hx0dv+gfwFZd"} -01415{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418245609,"flow_src_last_pkt_time":1621516418245609,"flow_dst_last_pkt_time":1621516418245609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516418245609,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01441{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418245609,"flow_src_last_pkt_time":1621516418245609,"flow_dst_last_pkt_time":1621516418245609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516418245609,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 00829{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516733869355,"flow_src_last_pkt_time":1621516733869355,"flow_dst_last_pkt_time":1621516733869355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_src_last_pkt_time":1621516733869355,"flow_dst_last_pkt_time":1621516733869355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621516733869355,"pkt":"AAAAAAAAAAEAU0VlCABFAAViPaJAAH4RzyuokEAFkO1xOsT3AbsFTgHhyP8AAB0IbGyalH0+wYYANwDvfHyuzX0WyfJVw0PoKIyEKIwqfBNF14sFAvA9Fx6LB3xU9vL3ynu5LnbexvzNtyumb4fpTS5E\/XHfpwPYpXecyozflPK20TknHSDUVHAJTY9iUBdGsc+gRxEKw\/EnD4N0ApvBGoTWqmVkqyn2sk121zbYGDW6ErU1q+8hsbyKMoI4NfxjBnTspog\/m+eaL88Tqahvr6VuGmJOgsgyl\/gwce2fwd+d9PpunMJSkAS7yf2o1eZhJh9pY3klOtwZCFNQuDUJCJjazTJU7eVP\/0CtOYR0UdFKjm+WWzcoEB4VQS03kspRhaM2QP\/ptwjbxo6FO3oCmYBuOzT9NnCTurb66djTzhBQ7nPe1yBZiq6US4GpZG6aMK89NuAY5\/nz1pP2DYT5YcgrfYdhQ4YARsc04zYfLezdFb87pJyoch2m94u7HYMn24Xcbst7wof0dZvjDWkyw5cSFT4dsIwT2M8hyrtH3HjdLtgpphSCdYSyGuy9OvG7sn+MF0Jh5\/oJdnlWn\/USneemL\/aWfg+AXzhA\/IStwKORkQ6adbv0MxxQxhdhVlhABYhBf0naSCmQM2+cEelsB22JQdGyxVRZOb7H2e61nRmdya7eNqT+fobtyVJrZCrcoLN2LiU5dsnsqDNucCyYvDEkyd7kQp9qzPoYerFAw+PP\/vmmBvfd8Jm5zV8ExYYVZcEdRnY4EYoOzAPXdClrK9VuYF8c\/Y6ePAmXEmR1uClCx1ITHFshaCJhAhfyTByXjbfw\/nXGIZwveSnxeIYy1iabwqW2LFKaTx+JSk2nPQUZJdp\/gZHAXMi8UAeayRLCWh88FjEs+voztNRueCatb6uKPMygUEMEU+6M57k2I2+uTJVrFNtw0naiFrNM5aQWh\/8BtW73kEKOXlb2OOpWG33SsbDbt8f07KgzTSjaTcH+ym5fia5Rw7fV\/ORX4hRDVw6rpMBK8vHEzILGzqKPp\/Fzgy8Yu3yhNuwLA8BgUfSc1ByPGepdUQ33vZYRwkYXJIqjHVWQAfskEje0Wqn+YSnYlWZx7JpLG6MxX086GP6N+oCsmXNLxDtBJtSXiGmOVBp+cXeY5yNiplAtTeIdcdjOB66FqojPXZ4qFgzu67AqMMGZObJDMv\/Z4GW5X4Cgb4uXU+hjHX87oTa1YVxX0+H5LL9RQod7rJgo0j7m61cBp5xGUl\/xYmnsu3DdfPulCdT\/Xqvq9mDtvBpKPSZ89x120bFELyq+h\/m4PzITFcG5b0xOCTSTGB34QH9z4hfUNaP+WHZEXy5YNzh9YM1YXqvIrO+\/iwEMLfq33bR4jnXtPX1cFX+a4qrWOvuTa+bfX7Di\/IJNdHWVlIftUcO6+NFoLKQszqgdSRApeMWkwSgeT6R7yYowqnttX1EOkto0U21n9qsOOcZHS58\/p7UHB8lQVB8xDJnHjAwe2Yv8frMkPRsbdRaenhBn\/LLWS\/wyADvhqIIoQldbThikVaSXVwKU6ENOBP1gszcRFozOxr8R01PtBlDQ5QyH2EVc978OM4JjBCTbqtEjexBUwzGSaTGclsLHYMS3BuvKzOU5hVb9zTw+6jJKF0aIvgkbJVna7j07Xp335dcN+9bFri7aa2E4BpLCzZy+JNpokrgVDpYRk1pV3jGV9trdQsOs8CADI3foMn58d7Q949RGX2Zl7pv\/I5Gf1FwKxygyeU0D5cHoY5DXRYbGRoDOtCFxU18L0wLOrSKS8JC+eITcsIp6lD+\/42Vg3uHHr1yzTR3Tr7duzZ5RxafR49orBGtHZqde"} -01409{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516733869355,"flow_src_last_pkt_time":1621516733869355,"flow_dst_last_pkt_time":1621516733869355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","tls": {"version":"TLSv1.3","ja3":"37b57e2a60f871d6f459268f91669a78","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01435{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516733869355,"flow_src_last_pkt_time":1621516733869355,"flow_dst_last_pkt_time":1621516733869355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.3 Windows NT 6.1; Win64; x64","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"37b57e2a60f871d6f459268f91669a78","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01155{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418037037,"flow_src_last_pkt_time":1621516418037037,"flow_dst_last_pkt_time":1621516418037037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"7.71.118.27","src_port":57319,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.PlayStore","proto_id":"188.228","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} 01154{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1621516392616564,"flow_src_last_pkt_time":1621516392956083,"flow_dst_last_pkt_time":1621516392616564,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5400,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1621516401935898,"flow_src_last_pkt_time":1621516402235332,"flow_dst_last_pkt_time":1621516401935898,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01149{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1621516405234690,"flow_src_last_pkt_time":1621516405464431,"flow_dst_last_pkt_time":1621516405234690,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4050,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01149{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516418245609,"flow_src_last_pkt_time":1621516418245609,"flow_dst_last_pkt_time":1621516418245609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621516733869355,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00690{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":179,"packets-processed":178,"total-skipped-flows":0,"total-l4-payload-len":240300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":112,"total-idle-flows":111,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":661,"global_ts_usec":1621521142479654} +00690{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":179,"packets-processed":178,"total-skipped-flows":0,"total-l4-payload-len":240300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":112,"total-idle-flows":111,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":661,"global_ts_usec":1621521142479654} 00828{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621521142479654,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02384{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1621521142479654,"pkt":"AAAAAAAAAAEAS1QMCABFAAViSrhAAH4RDvqokEAFTOdoXOdGAbsFTt8wzP8AAB0IF8C5lRFZ4pEAAEU0ArfW5P1VplOmF6lJC6sD9FD5t7ksW3G6pIV+pxy8yJt6ChAKFxnQmbZIV9dRmn9\/GhICwwKjJ2FzV0KvCGLgZ6X+Mdfa6UbhiD5fnkjyzmiIAB9HARV9mwW0qWFR+1JZ0wBSXcVhsdD76Sf9pAJ1VTq0AAsSZXJGpY6+ga64ul50F4bjriucLzjYYNDw+HNSeQ06KntY3GZGimI9HLzbEr2ITrSYMZjOiiz48+8lDJD2UCwemzRbkRRjVcXHUb3Tc7AmoQBva7BoUSsAyx1+D5PZLPsFdXibn+bgqwT1LLMkHG9RRpo1Tt0gtl2pZ3bJxzRqJmP\/hGWMpoj6aUkAKucuXZomz1Q3f30mL0XyV\/0uY4\/XJg7V1OPue2C09RRuIDP1ooFtROu\/pDDI8HImrmKLKKL9dpKh9adfi5YYuPF4Is4HNqqqizalARCmdFSjpPpy98YfUSi2cVRDkchscThNdK38ko4V8Xy7wPkbIt0O9VavKfmHr39w5Ez1eaWFGZRrA0sn6GcPn8Dm2mBcIqBG5MQXN4W5fy1Y\/pT1svPFcC4q5\/EbD0QNn3Z9BNP8nBLiOsibf3MO3CFnOCJM1lkXUrVAGUZnjxGG+8QqLn4EDZelxu\/GTjx1L24MAsKjWwR\/o8CwEfewYTHjpSyuURWOKkKoimK1sbXS\/GUISZay6CW3ipWXDAWnzLjYcodUIMxsb6EXUcIWUdqRY3ypfHKYpkR2gJ8xECJ7AqLMiY6ZE2uxoDH2mplysDswerJmf0vlCYZjDi32D9NrSZoCZTUeWm4xfiTRs2WDrsd1DqSJwRmQac3\/k55LOe6c64B2i8EEyZy11iQXRTuxGAnfwPi7J2P7G5iOmklAoJzzL\/0e8gKlYQz1\/eyL8HHdtP9qbl5P1U5o8IfoTp\/dirgLtL\/sstyNOECz3S+ayZnviqEPhmw1cijJYWOrYO+8pc6zVY+d8ULBF\/1MP6ychzNJOS7uwIVz2UYuxjSek3ViUJolFI52vwDbTLtTK7tzBEeEdAEchicq0jw14m4HZ+e4tF+ukL7pInPzJ8wSVQteMvhcM05Lb5IMk0dp0n21Lhhxk4rfjW5o1Rx9yGagxsLW0M2mEMuP4yB02zIA7SbqYa7jGL8IZqDCmafSvYT3KeNsojBFm3l7E4ABP4OKSMnTDQnziym3spGoBu55cpHlCNnGIXsDXfxDbCuGO6UHeS1fMSqOZnhD\/oZDnP5dYfsIXucQnrcx7lxhddVt4WAUUkUstn0y6l\/ZI+n+V\/0pwNIHkKelqc8pvPNG+JI1PSwYT7AfrchIoFXExUQsiqKPMuonW36NpxM3LkCC\/aUwvKOHDe1CykT5CBTVTcvM6LiDoQeKOvHkAxU7lNkROINSK7LsZzcm53MqryrrO1UQHIMBmC2YTcM98zz7PGYSirT2iXt7W+8GhlTLOcB3tKQE+B8YL\/1\/AkWmWJZpkom5dDgbzqOZa+I8DdrHM7ji5OZONbEY9iRhxqtTq74iTkjQ5ERERvH0t6mntYj+OqsnNsbFzFwalVuNQrhXP+gbh5zien4KTygiyFYCjV+NChiZy8pxs1wT4ESZqkuqAehNcFqGsDoVgPoQOLhzIn\/DzItGeAiDrfHRixyOVU1EWsb7b30saK+ncY8sFqQNqA5lAl9gdLvQcfuDvdrDHmseBNqFM+55fa677QDOLLZ\/8MAydrSpxVKh5KZf++uVTUj630nVHiL+6S9majjl00xS38l2C9stuZ3K6Kgv+3rXBnYm4l74dpkK"} -01396{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621521142479654,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 6.1","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} +01422{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621521142479654,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ogs.google.com","quic": {"user_agent":"dev Chrome\/92.0.4503.5 Windows NT 6.1","quic_version":"Draft-29","tls": {"version":"TLSv1.3","ja3":"169051af8572ac08ea1ddeee0db208bc","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-29","tls_supported_versions":"TLSv1.3"}}}} 01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621521142479654,"flow_src_last_pkt_time":1621521142479654,"flow_dst_last_pkt_time":1621521142479654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01149{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1621516733869355,"flow_src_last_pkt_time":1621516733869355,"flow_dst_last_pkt_time":1621516733869355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1621521142479654,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00692{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":179,"packets-processed":179,"total-skipped-flows":0,"total-l4-payload-len":241650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":113,"total-detection-updates":0,"total-updates":123,"current-active-flows":0,"total-active-flows":113,"total-idle-flows":113,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":667,"global_ts_usec":1621521142479654} +00692{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":179,"packets-processed":179,"total-skipped-flows":0,"total-l4-payload-len":241650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":113,"total-detection-updates":0,"total-updates":123,"current-active-flows":0,"total-active-flows":113,"total-idle-flows":113,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":667,"global_ts_usec":1621521142479654} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 179/179 ~~ skipped flows.............: 0 @@ -673,9 +673,9 @@ ~~ total active/idle flows...: 113/113 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9704202 bytes -~~ total memory freed........: 9704202 bytes -~~ total allocations/frees...: 150490/150490 +~~ total memory allocated....: 13411029 bytes +~~ total memory freed........: 13411029 bytes +~~ total allocations/frees...: 220744/220744 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 611 chars ~~ json string max len.......: 2404 chars diff --git a/test/results/default/quic_interop_V.pcapng.out b/test/results/default/quic_interop_V.pcapng.out index a1a575cee..dc9d391f3 100644 --- a/test/results/default/quic_interop_V.pcapng.out +++ b/test/results/default/quic_interop_V.pcapng.out @@ -1,164 +1,164 @@ -00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1603816434507204} +00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1603816434507204} 00832{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507204,"flow_src_last_pkt_time":1603816434507204,"flow_dst_last_pkt_time":1603816434507204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507204,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434507204,"flow_dst_last_pkt_time":1603816434507204,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434507204,"pkt":"pJGxgjQ5PKn0qB\/sht1gCq04BNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUlL0BuwTYjlPGCgoKCgjBjvWe+MPFRAAARL4AnyCwAgoQjL1g+KDURvDYeEyLw\/xCRk6Dll3vQteHoVQFBQKAtW3\/PUJKxA75UMcNXhZUvkOXlYopsWey\/u66wX35Pj6pU3CXAqQ3fDp5zyCvr8Pm5AyoNAx0veCSUQeDBYfIgnerrrO2MEGoBqYPiiUt8xe5+r79P3P4ZzDRVupqGycbUWtQ6Wo6aZSD05slEqoyPBAaLp3YhydnPgb7vRWFjq0SdM0H\/zxBdY7aJ5VQRGeFUx984uZ\/K6yeMGPT3JYsoR6JIONmbNNldMQuEP+a7GBJ3iEWFJ1Nkel3g0iBwZRA7TTHinpesR5BAPJGKsJg\/VS2BeEVhnsQklM+ccg8cEJ\/WZ8KGZKu2b5eb3vaAvV55IOI0J2iO5UmLyQCl7SbwQC4xeRqoU1X\/r4ksMW+JxOVqFoTOp0p9K8G2C+kXU7PkGNUF6LWJgz0gBnPUfLEiLYep+IB3ydQMSXFv2q4ljMWpImZsfM1M1hyBHVdutiac3ctGpn70sK96\/GuFpnGs5SaPUZPVAd6cowQNyios9VD7LJHBycvPPV\/FVVqGKmtlmE1jhqYU8WM3TP2hIDFKj\/VkbTWINB6wKhdoTjaE++G5UWOW3DyJNvkrdNQDmb57TWpCvvDwZ0zyc9+kjM1P8gJU7fxklAOWt77tLOKjqKz2yyGTywbYI8fpyDxuwcOqHHM1p9Qo2bUMzUDDc5AgR5XXK8f98\/2k\/szEHoOj+xZ0LAk\/ktl3\/tNcCYf5NwDCkoJ2SA+A3liVp\/z86DQ\/o9ZPBbnT\/MRpriiusVj\/+7dyNzTUlosBxg\/ZTGIAFG9kkbqpmlXa9h8whQ+M5AjGTQXahgxhUg+T+XkcD3\/AwAskzg7QFF8QOQvTkgKR27pnPB9TcW0ov3zRKBSq2IRQasfzD4018QjLIoL6M1i7zKWOriPXhrbpQCBMed+qy0CCutCqcHfM5C6tdP5yjdd03xLltagPaoEJdMAzkTI4GTxawZxV\/nJEB2CpfHpXBAiLmSF3pSqQkOlK3gecF6Z5kJRZxdfHFiYQc+ZeBxM3ZsG9j3S6poeVhWhKtKijv579ezhO7g3QE97akiUNAtC\/9u96VNcgwwZo3pYzoh+bmR12ZZk\/flZDnZgzTtqeO5zikP6EaDg3xt4ZqzYpvmcwxx5bFkZ6tYCa\/WSn2OsS\/V89R9JkA+p04smS\/E7zSLxIHIjg7ziPRYLmF24dGHz34FZmheQHZ\/4gm1aFmIaG6\/7f5wmQDqHrB8QpqkJoLkDgUUHwTgyqeLrCOeAdu2eQCQJ4129kNDhXnJ7gWkCKO71EQxgH1wOzb5+V8dr\/jGNAAVFaptYOiLQes+Et0OXv\/4vGauirP+hYZEEAR3InBIIg\/L5KPxSdMCpSCm\/3UnE1zUNlTk7El74hPsNYUcmUS+usyw22jx+xLs4q3Kod9YDt4DrToci+qgaxSPs+xB3bX18DBMDyb8wNM5xFrlJXeWv7YCCDubwS+dnWseGEwnfJTp8dJgKhqy8jDuI7wNl1iTi5TWAuubz7G08V4L8udRmpqYJpILlauSw+hHEcI8MkM2s5oZz8Vly\/UrbvRIh+SQjHV9IgfXMkwlUO3sEi\/jyMwMDaEUvpg=="} -01113{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507204,"flow_src_last_pkt_time":1603816434507204,"flow_dst_last_pkt_time":1603816434507204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507204,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01145{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507204,"flow_src_last_pkt_time":1603816434507204,"flow_dst_last_pkt_time":1603816434507204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507204,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507215,"flow_src_last_pkt_time":1603816434507215,"flow_dst_last_pkt_time":1603816434507215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507215,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434507215,"flow_dst_last_pkt_time":1603816434507215,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434507215,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA0WRAAEARMO3AqAGAR8opqZMLAbsE7E3SzgoKCgoINqH1Vk80LhQAAETSZtRDhHpK7xsUlJpSgtMoVla6Pas+BpVtN5Gjcd3BxSuPRtpK\/YBMJ9l2k8o2HThiUM\/fvgYuD2Kcrxorh\/jnb6Z8yLwnCqMFI6f5++2wq3UD\/j8Rm4jH0vTA53TCV8faPBmIbc\/\/f3Tz+R2DOXZgP62iVOiBptLL3IqVZOU4IOLE0\/JVkynYUJQnG0YsW4UK0qnbcWTyRdgTGBkMmMCcy0t6nX6Tgq0WiglTiACb2fNGAUM5xWmIp7l56ox3rxd5eSC\/ouvINjM5kG8P8v2tSujZgl86FeLWEME+DY5WH6KcXkEbr69+FbbuNXvDK2f590+AqasG+fI7zBfNWo1Ipsj7l1HkYvsUvIcw26BBQurqx8+tF7QthbMubN0aD8OhoOBolJfSbDzAs85Id6ivSBG9R0jYEyc3k1vljfz+fMsTaJHmT507adZ2GD7mZXjlqTo2tY0lxTmDq8TYIRmW5S0g5AxeLYESawu5tcDeQ1F0ZZz\/81pFA\/O6Xsz+LW+nkuPcxb3FhZQ8rGk11Nxnt5bl3qx9dkKg50nnHBStrKL99IkvRWEio2XD6zIDHeUPmuj6vbPMoqWbJ1BWc1QOP8zvT\/5Lum0urlm+3xs84QGqHVu2D75cOuwNNgNZCk5Ju4VXwD1CjjYHIrh0EPYz\/YpjMoCs1JdYRQApUEYvXPrOftFHyRWo2ChQb33MFXFQcv8wO2\/5aJKqYdcVeht\/\/qNdSsRFnrxK6h2aWdAQ4Z7JbsFvA\/hTb+VL5L9GCSqVojyjcvz6pXj+7VmERo1L+Pa9BRifjy0iLNfjP5wofltooS4BlzdCB4aUHHGlTH+J7RtfENSes5C1MkGk3bXd4a77aCZrF2RKt65BuGoTHxCIa46j\/b1GLm8VZzlNV59q4blAc5XL98HTRWrj7Lyc79Dh8jXnEXwPmDWmW9CsA4Ch4D72guVA+3h1lyEU8sU8aFmgHNkr\/q70G96HCmPexSIjjNAelbGlp4sZrLx47ftxlllSk4gO\/H46nyfjKhEcW56k2uyhm8V4HNNWN4MpbIc\/Yfvdrngx7qWGlmiM3iNJAh16I3SuDM9QVUwv5ATd2ADCULw+erv80Ft9CMpIikvknhfJ1tVT8peEKIqu9ABaR5GMoofySzXczjefzyNV1DG6SeWJ52+UthtjpveV9nHmvLuYXnvGea6FWcjL6o6DFccw\/MPYc1ZnxJKIVJl7s7PzYYTQJo6uzu7RffuRaN3XTJ5SsTndQcokexpIO49TaPuPvP71185NglDXOKS+OmNgUpybmlmuhSa5FYUv3bbW69PHc\/kF0xzXBLf5+J+46p3Nttr2OqPoeJohEZHRVI\/6AiZJhhgwvTHdeaUhk2xf9gKSkmNoHccjkKGyBBA6zyzqAsmTBzP1bnAJvuFd4p4mvR9AAMpTZsVCt4+YpaevXhHBN80S0SJnJ8GYSPTlTDk5S5LCl8ACcrSmYkJfN2QxrZnjAo\/7X0BI4v65EBgE0aBU2rS5E3V+L7+ROQByi56sXJjXQwyagtcG5I2ud7++g9fSmh383\/sJtnw8\/3hGH5RGGOTtYIFZs7aGYDtNUkdsTHzAAG0WjFBvyjkoOpP88ObPBQn3FH06fbbow+5Nw0s\/GK8dgRoDVdGM2xounw=="} -01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507215,"flow_src_last_pkt_time":1603816434507215,"flow_dst_last_pkt_time":1603816434507215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507215,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507215,"flow_src_last_pkt_time":1603816434507215,"flow_dst_last_pkt_time":1603816434507215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507215,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00840{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507837,"flow_src_last_pkt_time":1603816434507837,"flow_dst_last_pkt_time":1603816434507837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507837,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434507837,"flow_dst_last_pkt_time":1603816434507837,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434507837,"pkt":"pJGxgjQ5PKn0qB\/sht1gChbjBNgRQCABCwcKydWupNP+R2kegH0qBdAYDOmBAM0q4v2zvsWrk\/QBuwTYWzDMCgoKCgiUaZcozIAAbQAARL5emZhgck3iuC3JUSB8iNm2XjGzLpnCsBWAY4Ojdy\/\/5MzHp06LTPIVKnl9FZGbcpBpkxyhd1DLZI+eYqtiEG5aKS74esaWBq8RL8\/CjhVxYArCrDSr+0hp9B1y+nWDHqDWr7MDZcNsju+tb0UHpoKlBgrUvyDGQhAsZRf7r39yd2xxEzbvuwQuuQ3ed9XQC5ng8bRhq403ZCE\/MYrs6MMmD1D8+1P9lcgzES1uneCIpx1HJrBTKP7nMlE81Z1P78Gu9qUmPawKzam5r0zOt6L0vp6aYOWsVv\/E0pz5vx1omUeD8AvBUEEvL\/DEN6PQFWuaU56poUyWE4zmT1fCmpfkQl2t9VM5S0DSjV9+bnc9oeMC84JGWazOmN+3mpmXoZcYRh07YBY2MZ4VnmznfQ80K1ED3kKFM39nycCSACELzlTXDOkJ\/ktY0JyGo358ZvTutgq61KEs8NzcRLv8hDrgsQWV4XjOrAL105eXrA5f784uvCuN2fslFwCeDS0drYeuYLl2X3IPLV7kaNRc+OWAxuENUrLcJjOCAml9vIubSnbhMgY8q\/R\/4iocbJeAZaxcxLWoaBL5Dy6c5RqwmcmQUw2FcUSfarB7m6DGemQRBI6m8IfxS6ULrn9t0ZaJXLuVmX9Bm2oeGECfAf31JRuwVJ9fv26n\/XDb55k0fcO\/t2QAqH5VfQ\/XE6N19TPKrMa5fdi51foR6Wyl8S6hOCeKDO2C9D5n0K\/H4Ph5+pkEEtQs72MottYSPihw0iY\/Fu1RfLXjTA4gqlduvFyO1c3LDQtaJKHg0vklnpsW\/ahvB9sqw1bthHTeyy2PAYGFyd5\/vPsWwu1prQnziZfvuZBv4r85RGoHlFs8OJLDxJP5Unl+UHM1ip66ezVc52fyagwU2p\/dNxSLNLq9ZZZxOqPXoRe4DIj2O5EE+tg2DBKVlqsKlvnpY2O8nYNOUYb06eUwLY7eUmyF5kAFPXCNi2RVkA+F1RffYC4TGxAF6olxMiRrcrs3c\/DtIuA3v9xxQcuNbfPZJrt6p2lhDsnJl0cXW7yahBQ3t8Vob3Fxn8maWSGCm5H4l+b5QiCXjD6aPLMIVSGOxlZuOuMShDlqCqLDm2rrFG\/Ex+58dfI4GZg27KkFrt8yKQU5xP3cDpmgWO8cz42odj5\/XN7ZJEwitO8kjLFt+mYDrVsscfg2UJe74+Xm4LAVvyTj\/b5G5HD1FrTlV0Rk9tUeirRMew509ZVXjW6YJYWL6zO9lgxLgoaV8Gd+v8yh8ZKPFv9a4RV\/5RBt4U2FAY94eskZ2SwKXWETml5yVCj4zuhjsEmm1HcHzPbvj3x0zXEiI2GG4l\/vpR4uTmkPxSOziP4F5ZFOBoaoWk92Q4T6koGjbXJnLz8U3PiyS0Qz4nAzJ2kSKRwz7zoxMiMJyM86M7+1Qefwixc4jngX8nk9EZniCllUXuWjwKpDQHahASkxBg+qPeRKYIoZbqfouV14QIMHyAa5JM7alvljGBrRgRAZXmcDpn2gAJImko\/gdF0i\/5wYy3K4UZeND0xxE7m532JLVgzS2+HslCBkUca8fdagWqHn+Gho8KaUeJhRfYw0ZgBrosRDMSIh0QMCIiGRjGE5z\/aohA=="} -01121{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507837,"flow_src_last_pkt_time":1603816434507837,"flow_dst_last_pkt_time":1603816434507837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507837,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01157{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507837,"flow_src_last_pkt_time":1603816434507837,"flow_dst_last_pkt_time":1603816434507837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434507837,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":37876,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00840{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434509409,"flow_src_last_pkt_time":1603816434509409,"flow_dst_last_pkt_time":1603816434509409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434509409,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02212{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434509409,"flow_dst_last_pkt_time":1603816434509409,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434509409,"pkt":"pJGxgjQ5PKn0qB\/sht1gAK6QBNgRQCABCwcKydWupNP+R2kegH0gAUgAeBcBAb52Tv\/+BGMdhooBuwTYZF3MCgoKCgiLyuadTBhpMAAARL5Jn8vg\/A\/iHcc5HGyjUHtzYCYh3M+1HzdHtSjFxotnADrnTs2cVW9HALnbbxq+j13Bpa3hTOGyFKAuVKKOVbHcGaJLdNA06DSFzV66GiVnWQJ+1MFEeQ+EHU1tYSy5DynacUlvf1G20dd2kmKE70+xxOTQI+IxdCf39TGHKu+pGUdVYYzStvwWo5npAklpjTRW1hPHPgr+vxfK0tzntAB4tgdSsfnM003avASiWDb+GIQGRqQqd12Z3S73M6xSxbEpPhQs03GVV7j7jPCY+xuSqdE0+RC2M2xTxkDxrKzwifOo5JzioGQ8n1leAaytkPPh7\/6kP3tXKc3zSh+6mDapIcrXvGRPBtxzjcwZlnfC61xJLZ4o\/bDf7VXUn2iqev2r7RfntxDJ4F+CHoqdQU19Agb1DRLZ+44sSsLJRZPe0rMYqmphZb9TR\/CXfZoxmWSMgVmNHVqPhkUDRkBFiFUg2qWtzD6IUIlCi4UB90+3QDAMKbHPStmRV90FoZ4qgb1QWQshIsAOJrfADpMoeQeOvpHnWSBMA4n5tbORKddl3SJHwqDMa\/kYlEza3HmYzKyIekgCLUxBLZMgtxwl0pUeJvIYxMdZF6Znn7pRsQ+GhZyet6ZCOM2ft7uJCMRH5bphpdavcWHTrSt8uZ2iyfo3VofxaZqdzUsHHTpc9bD205szhfCxENgNATF1PGuWlfKJUrPPjUWPpw65iGFR3+hPQ1+ZRRE7orDx2vkC5kOJiEvbv0d6sp6yfMo3tuOn4kXULD2rf5TSc8aqDVZCklaUIbEuKaQv0jni\/XkpmdOw2UlUp3oYLZ9on+kdq43Nf9WrEJ+gfSZPMUZsyhXXyPRNGMrTBo0SUX31QcOdzW7AQaAXnJRZob+0gus27voTqIEPJh01fxeGPbXNNQ7VzwarPIKHRq1lGIs\/wJwJCsm2hQjq0+K3VFq4cXacrOp5mbdbbDJRXEnCejUnTswq7Ga3dz818NNmVp7FoznVEcHX3RQBfk8eLveHtTEpxIgmvWuj5aaZt+HyxH\/0YALf+wz6lv1s1l\/hg9o2e11OlebH1k7T7awcxgi41AZepwsE50V3GVh5GwIfK89lz9Ro6tly3hUhrsJ2ja1C+A6RBrWVVdcIlZY4BlIcSzf0BUccadkfpP\/Enz0yFkuHTLXTyrmsvl44wgxOvsJrZMwFacqnccJZHwZHWEMkNcxcPbL0Z2U7a3Xa12dEVYYVu1U+X65oQyb2yPkBqMJ+DTB9RU+DnZIynnRzCZZkuvH7Uzn\/zVoVu3fNULVHSP4L+ehdOiOmS0l9r6IzvZQbe+xLjtz2iXbuU36zKNhA17n0gtw0JDOpoFDbD0FwhdY1JUMZx18mcrbFQX02CO02e+BE1Anxc\/TfBIKj2hI2ObT4d57WIvq7cpwJxNdZMuBfjVhAX64+5X4J\/pGNdD3WMTo1fYU74kzII9sWnijVE1WzVIBymOIxdGDOuxbCm5vJaE\/oIJEfaWcfmDwa+jhxCRN2aqJvKC+Iwq2cNN7z7vgOXAZ9SIrdZFgVX8+v9NO3ca9aZtmZoK1IAWW54LXRx4BZnrJKuFoltIkcOXZOYajcaVAMSefQYGNrVyxL8AzXWJ9vEQ=="} -01121{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434509409,"flow_src_last_pkt_time":1603816434509409,"flow_dst_last_pkt_time":1603816434509409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434509409,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434509409,"flow_src_last_pkt_time":1603816434509409,"flow_dst_last_pkt_time":1603816434509409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434509409,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434512961,"flow_src_last_pkt_time":1603816434512961,"flow_dst_last_pkt_time":1603816434512961,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434512961,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02218{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434512961,"flow_dst_last_pkt_time":1603816434512961,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434512961,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAtF1AAEARybfAqAGAA3nyNreiAbsE7OwqxgoKCgoIdQnXg0rBLY8AAETSdSNeqCjc+r6H8HOL2nfX9Nl4bt2\/tch\/k3WGu45v6swQRKEZjB5cL5PwQRNSezjETWlwl9x31DElYvPiaTjwEzV3uzPoPSD3RDsDoNIOdJfzM8eeT+YF8HtZxPxl8JfMcAWEYacVzCIRBiKkRKZDpR5dR0ouRtlV3GGe7kt0DtTyh+sL3vELhV2kHz6ly30R\/jiT47NHUtkHKuInrvyxjGqVvAYH34n7tXCBQ6D+AfZH11fptBBQ7utMKjJQetgZnmiyn4jfUks45DQLptmzmM7vacgVM1UXfvDRMiXWFLlgc2aMseReas3HNr0PU1Ye1gi1puLSN2a9gpcRb+O0YMFs0jlKm38N1LBqGTBpyiDu8QECyVyUyl5oER0iWXuG3TbvkN2QQTnAKlJqm0eLVl\/NYu3z\/fNWg32CWUDT2152nd1+esKzcxvEOyGhXuUWhYZ2f900yvrQLHcBQy2bY\/c28n\/CX4U8pxI6NyIasmjHd4xMKoES4DMmjTKarxqquM7dXQbXZLB8En20kKfdQRYHHg+reqWqS2rb8XL4IMSIg8+UsaueMDmzrfUZd\/56R7cXjRlq+VUmt81q5nNnKCMBQ\/7rvr4qOGOZ2CHm9V+uADTNbhvve0l68irgd7nnxQpElTgIyjHyFhvd8KPoLd2HsWPDEewjah\/d5eFL2o2JGexda6drG5JkIeHDe6OWKoobO2FfYrFha9u0nzvL0Czf21A7G+Hktz+GtzDop6GmMw9wX0x7PAWZ9MWVDxJhZqMOzlDofB1A88ZWDukm1Hm6PVA8JMNdUp3UJt5LtDBJLLAEOUN0BNEg9pXHjjKOVZeJN8ZQvkURagzOCo3aTho10tRkW\/\/buLsCCgS9oRh18BVjsveR+UkY4XmNAimeDQhBeVIZNQAbv63kh8fikt2GCen13aqn\/akV6vyA3xP9zH8BrXE0pnxbTdVJRyKZmPMfH+2L5gdn4Inm\/u2BD5yUOdsZkjyDYog2dorLJX+t+PSQ9uXuCwdbDKjjZw9L8++g9YMCmG+DuNoxchSfm4TcUkVs0SgbA\/r\/65YZBCmO6TdtJWtU8H5XFhYFiz1Q78xobCBsvaSvzLLye5aeCDzi6qFTLk0yIv3EAu91rP\/6ul6HmTBVTtG3x8oOLW5WVDEqHHQcQF2G5KsSqr4MhwRqiW0iF9\/6ruIt5OM0L8g5QVUhLrV+wAUx9TrMv+LPDrsvG+Dx5k4p3UodhKDHRb\/7ijQM2ozG8RHNrTry6RrGZAsgdT3BTj1sf\/spjmdgzIF2pwahJa8xi9tbBXrUI1dyXG3+uu21VtbunHyZrZPu9Lqmex5yNEoIMYh8ALvFMBlRu18WIDIANDkgo6akaO98LoftutjwPgqclkRUkaNJO1Z4mpP+D3JcJ7AwJfHttUsGFLMXeHC0rS3Jx8xlGehlDG8Gjx6MbqsW4FVSy5EnAw4UdsWYMoAQZhCtB79ozmulqNFitQkW9QOF9WX6McnEdk8YyUFeo+qc1Fhx\/ki2cnpObQM3wblVzck3qttvXup8w\/1\/pw0ra8kGRFKBe8QDkHMzVAmkeyW7Mq2NBPRoMSnnA3XB4x1u8DQAzActQ0v3Mr5WeVLSgCf9kg2BakZtD12MZbxnzu5AN97akX7cpg=="} -01075{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434512961,"flow_src_last_pkt_time":1603816434512961,"flow_dst_last_pkt_time":1603816434512961,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434512961,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434512961,"flow_src_last_pkt_time":1603816434512961,"flow_dst_last_pkt_time":1603816434512961,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434512961,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":47010,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00839{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434518986,"flow_src_last_pkt_time":1603816434518986,"flow_dst_last_pkt_time":1603816434518986,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434518986,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434518986,"flow_dst_last_pkt_time":1603816434518986,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434518986,"pkt":"pJGxgjQ5PKn0qB\/sht1gAXvJBNgRQCABCwcKydWupNP+R2kegH0qAKwAQAAEAALgTP\/+aBmdvkMBuwTYCBnBCgoKCgiEPL7zH8M0IgAARL6eKfaWNoqFUZMIorsrR+PI0mjVI6LMaQTDmquE5419Uqg0GPvALnuSvRL73ivCKJwok1RPqjtpoqHTz45vYlbMW0kHssfjLAjOAUVEArsuhMOirtE412w2RU3RQOLAwrvAO4t8cjd0tkO3FdpXC1+6xCs\/9xwo3urZvY7tv+pPD0m9iy\/nLknxJjrg3PYY9NvAu4T1Yktb5QjJpDpv3IzaFim4vDdRfhCCfZLoy9vkSpiUxLSsp\/4K4guLZKTInOo7dc7L0u0RBuQrBPDDqK4FVSYOh3qSMuIrLfcW45Du9zFvbaiFI1Z3W2Zo1htxNdAgXrRsYiaF2UOsu3EWo22nmt3QVCTvxN40wXQBY474YpdLOSzJ8YT2z1lcFu0wBMnv5wKXxH924c65Vd8jn5+Ysdu9cokS2TeRsJwGH6f8UJWWqASwvtTblbNaAA1rpPkaZ6SKb5\/2SCA8NKsLTMfd9lXR\/TPIRkDa\/UKbcYJHJmruB8l71Ug149yMVHLyQ8PV4VkmIVimW0BwUZuqJHajnymZIECYtitexCiylm89U6E7Qol819M+CywoEZr0V1MUihq4vQCqT5IBPFtDKGbeUpuwEn9i1Sgfq7jW1ZF1lUJIXXxoY0W43gHceg0ibsXFS2Cu4BfCo2ARjzNDy5YP1fNhA\/sgI1UdsrpLLPnxOQD5MfwhgvGMBjmhjcscvgGoJNS3Mx4JzKbLqHshaWSTm\/LyTt9E6jEOyn\/elJ+Uz6TroidfobWRhT8DXti09Tw4xFpYjmFZS+sjqusErMX8BBmq9NavLEXrEkHMrSv7giTu2WivWYnhggGPBzPi9d7guvk48fb3nlBrDj9TyQ7mUjwRAlCv17XyLwk7KOYmtZZXJ3321lkp3bmJyRSPXB\/cv7ueIG6B+ug3kzrxt89xujNCeWtGdEmI4jIC4JS9GS8VFpY7y1HNYDb2ndNpNf5J7iwIXFXOR2gvyMqscy9rfPY85w\/ZzY6vHurlVpM9w3a5PREuXPDz6VgOdr20pgeNU8H73abMQojEillRJA93bqllSySvQYTvxdmLNI3kPK75CNOjeEksYsdF7tGWuteetV2CpVGc4fAfn7pKXvGC3QvR5rVa7kBRQpXGu246udb5IgCJQW4SWv9D41hRqVUqIhpV+jfVmbkfVSLTLo2RzlmBj7+a2aFtIWbpD7ANiOaRAl7rP5vSHQitoEDWhRQ+6AbGkwcuA7VjuhPuIHlBFBS73grpagTsbteLREgIXGdJVrSiF6wKPaotOPfLYFzLFzvsgAarE+d+Elzh343xLNOiKrK7GDHu3e49eOp9NamSo58Re3QCUDS3FIkTeME1ExL615hIro9N+tcv+\/TrXYarHmxDV0fGJC7I0oBmuLRb11ikCjaYc6FY98talPqVaf+74l6lZuX0twbSRQ9goQdc51kkKoNwIaEylg7FfWyw5YsxdYuXULPPqj5K3zNn8+VwtSMMfxRV+4q2DeFNLKi7SNoJlVxKbF9\/5E6m0hlFWybv1hE9ouYojrE6vOOYfXs3ptJPhGZaJArOV3rdeUnWT8I\/a\/Z7lnYxa5s8i\/zgpZP8zMFkDMjgYLge9GAnCTc\/tmQghNwZWih\/TQ=="} -01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434518986,"flow_src_last_pkt_time":1603816434518986,"flow_dst_last_pkt_time":1603816434518986,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434518986,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01152{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434518986,"flow_src_last_pkt_time":1603816434518986,"flow_dst_last_pkt_time":1603816434518986,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434518986,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00823{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434519345,"flow_src_last_pkt_time":1603816434519345,"flow_dst_last_pkt_time":1603816434519345,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434519345,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434519345,"flow_dst_last_pkt_time":1603816434519345,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434519345,"pkt":"pJGxgjQ5PKn0qB\/sht1gBLPeBNgRQCABCwcKydWupNP+R2kegH0gAQvIR6QcJQAAAAAAAAAB67oBuwTYAdrFCgoKCgjhAy9VFSPmbQAARL7A303oZAFgGrTdGfei\/mHvqz29qgHXvt1vCJg2pc8FQKC36WDnBuPNUSWLIPLEGFVHDdTlHgEU8JaXOv5IcEJ6NZixRK+p1qGiKw+JPZoJHLOP3KMbB5ngi1RcHFIqjWkGqrO6Il1aIL5lyoE01q8y31quARUppPZlbh9u8WyKOZncFcG5VSpCu3UE+cTCqpGjHOnXC\/1HVlcF0rPYeaHUMOcvFeS7y7V49OnzF7ttNLuTcyzNKgrnqbXVeEFjqLCnQqFji\/PE8S791D2YivE\/b7eIwJzHPMOZxla3AUW1ggsh\/8zQVMk7TQ77ZAmxg7c56Ykrcym6mqal+6TN6kIdyk1r8ujmnBp2XTNKpRpO15gBPf\/xmmYsn0LfjAGybSTVfzGe+r9+hhk9FRKWlvSa0mUhD5xcSPxL855ekaVs8es5YbbQJzvgyO0E6jlhqBvBuXAFk7V5bJfYUhuvK7+FV\/vqBa5Dyr1Y4aVAg8uqmcbLqzdH2nG4UUlIo5QS\/5YbcbMVH8iRLcVUqSgPI65pQT1eOh5NtpZaGNEaXfSjJtIcZtks1c9UmuF5RZk5R8RQDxMBmTUIHRWRrWAtXGorI1rYK3OSEHdlNwZLgl\/WhBsg8pHYuSYaJpYetojCp9wSrshudt2xxyszjnmuhkGDIm7Y\/wjwl1afYHDK3hktBEZRnZVWPJaRHBs4awP9h7+ogQbF1JHMgqJ8UHjilyfki+6fs4+HR4\/6MD0nR2lO00THBaPUZEBIBanL39bTcfHJv9V2bghWT79XrP3UcYoKelpB\/ItWidO0yq9fm+CHlz9Et4Ou\/1QyXDWEp+CTMyrOG3vgDdsY85\/lqem3Pk\/TK14Hvru6JNyjBX1qQfwbZ88ltbaToG0yqFOgs2W5Arx9\/dI4Ztfqsjc+585hIsoYnSoLWOXcSri0SP6dHTiXrSLkzfw516ezxXVHyVqjVj05mTnGg6pkVppsXFLKXFlWA1e1ekM\/7pIK3mEFd1m5zAsBvdRI8t0eAjdE\/YqRjTOBuVa2i4QrjzAhkilSHIU4wsKR0bJYrKvlvC6aSvyiIhDJ8TTHnME5NeWT+7GBlVwsE5DxirVv\/piW3kABvaCjRWG\/FT17E9VSZ46Bt\/YDK2K++WfWexMUmiclj\/iNE0u\/2Uu2FqhLdisuC4yPh1npFfTyVb5gd0sFzCfXeCse35OuC0BYyIPm6NlvuaZqtz3phwQTaixo2zFFiJEmFvvuAA7ELwFzzKc41TRB1+kry45l3KOpElwYbMgfd36GZXpWYtuP6E52jGg5RtuhyBlrf788aBNf8sLkyM9xE9KcxBb5QVeJTjT+LcWZdWa+v3KGsrLCPyrX+kiGauCjQ+hs82UiUqVf9Rz3JFbGEwZgYlj7I14qfs\/YcVCcwnxGzpddMNKdr0ra2x1StoIrJ0raVEvvwlSDr+tCYZpUpOYxl90g6gsdiN7MJw2E9wvBWEpyPijuZ0KwxzCd0EAOuXWQRRPgW+xa5IDUzZpOTbVEZnGiINxr7hy0M4cxGp7iAIcmRBu08GCRc89HtXVlh4Lj0ClSbZKBKbo7me+xDowYARa7U5sl5\/iHaXVCKJtSB5\/MjfywY1OM6Rrb\/rUovA=="} -01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434519345,"flow_src_last_pkt_time":1603816434519345,"flow_dst_last_pkt_time":1603816434519345,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434519345,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01136{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434519345,"flow_src_last_pkt_time":1603816434519345,"flow_dst_last_pkt_time":1603816434519345,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434519345,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":60346,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434523543,"flow_src_last_pkt_time":1603816434523543,"flow_dst_last_pkt_time":1603816434523543,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434523543,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02225{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434523543,"flow_dst_last_pkt_time":1603816434523543,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434523543,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUASTxAAEARQtzAqAGAKHC\/PLXwEVEE7Eu5ywoKCgoIUh1YuhDqcyAAAETShcZ7U61m3r3pKDSZMAlRkEkMX8IBatc2KSsG3VEj0lAsPYd+5xEo7F0R6rRII91EQq3kY6fRBVYjgUzkelUep6PIw4v1uOUHWVWj9\/CBoCuFmh0QBFTlwFV3ajZYJtEVj\/UMbkT8ggH6NbKSJV7\/7XCOY6sOXc7KO1y3bpcq5D78RQTF3QAnMEYSTjEkBHANDD5W9AIyB1dmHqwExvOJV7YrCF0Wz7pCUTi8XP9KFNvgkhOSPVQjF1KeCLRKAL3ZHtPolipZhKCqRtuCyeyoz\/WKMUWuH2pOJ\/WCN+fIaYqYSu2\/Uw9h6SGQoS6DN0anGtpDnUD0GFob1uYgJfvGsEIlEF4ovhbxwTVp7mrf8Jn1RwQU6cEaGVAGxcwFRF59HEd7DfQ2HqiN6ygOPpQYa4cx7qpW5pucG8spbD1\/cWsvhbhGqD8WXrUrT5FX8eR51cu5\/rSEZZ0hJlrQrcyu1Jo+wtEU248WCYzmcFDU3KkwLTXrWInL3I4\/3lLpKWAzyz04l7KeGoqcwCeKKQ6p1uyWxpMWebh\/pAeZzwZIk8uY57nKlrPOmivZENHW9oA7\/VrJHghXWWSPNWv94zdJtPbS4kaRkkyKA6YWscg88+FeMvb1pCnByg\/FBd8Mkh8FAhvUPdRBKBqvfa6hdS6kOEBzLUDEht1P\/hkx2oxe0tO1cCFKrfKPAgjP7fDs+HjYwYUjQcQs0Lrfeiezhk68WlVN7f3ydw4AyGklyENZMzjbp2KCDTQJw+bwFV8oeqGfVQRe12vWjCN19ZIAet6\/7N00iAsSHL0OYmwIy5kEm9ia7W54BjwDLqYTIVS2lLjOBW8eRTghxgSgQxvjGDeszyBcMdQvXcIFvNEPXDZvspUbePIw91S9T7A3jCp65i7X4r+fn3M7N5F7j58fappJzU95USbFKUMdxds5siewsczbT\/MrC2OkG0+JuLsutjVwruC3oxgf0F68j+vl1Wm0rJIMkpipHqVvhcHhV+OWaqezJa4AMHRf7fdSrYwPxKtdQTJG3\/g7anjqxa6WSX99h5LjVhbxHDD361DVddXanfGMVBhF7hsyy9ONqBFaE0X3vq+HEhBWkG9LtGG68wwwE5NwZds\/5HESH+ia5Ow\/sbVAD5094mw+zs9a70KyvM0z2kZ8P5B1wNaZ7JZ67KSZOdP\/DCz7bP9r0i+DKzjU4mo1fhcDYTbnyYL09iH+yrFC4uLIRq1vlDgFJ2X2xDITqMN6kx\/ZziHpUw0+tusqXNSXNMQMFKUZKnReB3GpZaA4xILTO73fVG7kLqQ2j9Pfhgr0XjkpujIdWgbDJPwVi0egmLmvkiBx2oWjN0pYUqFfvKMLMSROetLN33mIJ7WaM6DIBHm0ZoNLBntXqK2QERM+5VXgRG\/zKfBTkTfngbP7Dw38e4JcE1olS6CghzCOQzrj\/EPi9cO\/THKUsaoFe7VwubEl6zVajKWO\/ftqXQDEtcPyWqS1x9VkXgf+5HCH6y4ZfXz8j0oj\/gEliPbSFZd61V\/W+k+69wJ4Ve8CztvjyEeitwZuhoIUutC7Co\/agYewJuOHM9M9SEui8BMgVWEjqOMxUGgxy\/aNH+S0wwqZxbtmcgxtt\/+dU8H1VYtjo5PU7ihOGqkqbFa6tDbR7MCwkw=="} -01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434523543,"flow_src_last_pkt_time":1603816434523543,"flow_dst_last_pkt_time":1603816434523543,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434523543,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01222{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434523543,"flow_src_last_pkt_time":1603816434523543,"flow_dst_last_pkt_time":1603816434523543,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434523543,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46576,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434524039,"flow_src_last_pkt_time":1603816434524039,"flow_dst_last_pkt_time":1603816434524039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434524039,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02219{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434524039,"flow_dst_last_pkt_time":1603816434524039,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434524039,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAgmJAAEARCbbAqAGAKHC\/PLT+AbsE7KwIwQoKCgoIe34skUb\/aLsAAETSb8uSUd6EB7gNq4gf6KDxkhY+y87q3CLci6x1EsNvv80WGJPIpKwhzC8+vg4NXuO4unafv2NMJkJjRI6OL98YRtdvYGXB+F3JwCowCuwGqw6jTxikMXRPpRCAgRKO5X\/KxcEwJRdTBT2rlOzU+hO0yWkEtT4rCwTG1V9X6PEAkb8zWYSIsTTFWdbuo8+Hsr3EHPqfyeXbsSzOoMiqiG28CC1UB7fjZJ0W3T0asAlOYWGl8MIKuqHYSMDCaz5\/KR7GxLTjjCeuvA71YVTfkU0Gf1f4xW0HKl3ycj89fZPIImHw1dOmlLMZdNJPHN3oMEV1WzgH15lz2HPaXv7a5Th+I9CCo7LropS0BbFADYctmnMsqGggv3K7uKbyNnulVBXm7b\/tIGeDPKbxhMVyVFX\/OFstaFoYOfWt41Qv0Uz+5xguURoeuY7TUkuJQ2TlXG1IxX6EbnM98toW72ernv2vm8GcA06P94MCodt6GnFnJdalXwd3Z0Zgu8r3434Yhg444uk2HEryaQG3hHsq9RRP13JfK3yZ+q3HWXP97pXxl06amatIARReotx2af2MAxWD4J\/9LErkYyTqlEr6EnBC+7r1cV9IP3w6nfwYEb0VMSsQMzOKiqBofCNQtvNgMmkH5GMWZlDP0T3k9d+0l3FMevNqVwb+iznRosmDKbOnAOsNl2nNjXZYQXWhQqAThjmx79k1nVXVH\/HuAezLxegqma45cG67rPyGRqN3q1h5El6PYgtdZyE5yz+oVR6XOIkyz168X\/Rv7t73N+i0n+IFHPvHuQ+EK3e1BGUIifpyEElK5RsbL4HGjtaWcevK45MDQ3axvbDUEW\/w2lJrfPlXa\/XZ94sTcZvgd9dy1K9MAJdUT1E0ufvAhjda4LLkNYkdVZjhePaG\/OIP0+\/2yjL6i\/866d9NM8o49WaX\/O9Pd296qB4TZaRNaKuBx+CTsP+biUuW\/9YibPEOQBdFkjBprbbH1nXMOpEF6QqyTSSWy1mOqWI7NTc8ioxMC\/07KPAh6S5NvmgDw9rb7lm4u9afeFEO\/2Y2F04NKOOTYQjedcDqmY1izosf6wgBTRlHezP6uNhrQcmJzYaSn3Fg99mguDGzeymhTX46iCjpPSI\/wUScS13iOhxccWK+52NCIsSS1ArhMq7x5GIHJngmyLap8JYRZLzZek50uDc+cvlWv5aWpLq4oeFbzb2UpThvb0S8TbvXwHNE0GcN9NQ47Cz0xMuSlHF7VEKoW\/ldk\/T1mzEivHu6X4HhGg8NuDcJj6aZIVaJae1NxSt5gLl8MTFDp8u0m2DXTpjwFCV3AX\/hN8OLAAu3WZ+A6sHLc1Laby2OYoClrb6PAbfK8O93b7DnY1GdxskJ1zN2DGmXMfzpZYEvO6KwGvo9tWt5MopqXQ2LZWUoyLrLoGDkaMoRzTKI\/QFULy6GKZQuGdZK8BHoqiDwJoTG\/iTyF1KYSQbibwt0sOyty8uw9tMbzTSnr+UrS3c6KjbJG3GNT+Hel2hrgKBCTL1FLUatdsWvxb3xr1uQGvayWgC4e8BQxZ9J4DVcI4Jl9RFSGru0ncBQHVlkznYPLGR5hwEuTrIrbhESI0fIBtr8gRxzc5NuTahe+uchbMgzGi7qkmDsOQtGYpMw30QbIQ=="} -01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434524039,"flow_src_last_pkt_time":1603816434524039,"flow_dst_last_pkt_time":1603816434524039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434524039,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434524039,"flow_src_last_pkt_time":1603816434524039,"flow_dst_last_pkt_time":1603816434524039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434524039,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434528228,"flow_src_last_pkt_time":1603816434528228,"flow_dst_last_pkt_time":1603816434528228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434528228,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02211{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434528228,"flow_dst_last_pkt_time":1603816434528228,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434528228,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA5QJAAEAR53bAqAGAyu7cXJXeEVEE7LxswgoKCgoIN5KvB9nft6kAAETSHGVijjeaIj19wFPg1eU29TK6pHOMAuBm7PlkQXCoUAkcIsjKIox6Tem8bVN8W3P7l09wyVGafUKmNhonG2+PLUPwJedoIYbfaArvK\/RuwZUPJBHiPqclPj8GB4blfNLZCSxE7O80ZWg6IzmaH0ZyK96aL8u3DeLpkwvE+ZiYmPNHLkxCubDvJZKErdDSCNct\/8C0DNjLgLDA2edu7gd5la5GmHjIWyqKCsVDNCJZblHcVBL1VdA06pyamhaIutlHrJtt4MwRHnHaWsi4xtJmIF21kHBkIHdSNDwPpZdZQOo6t6Itpq1ZTpS7VN39q1L5s9axaQwh1msQpQnvxEMKRTjphoLon2C14B0FHuQO+nIydxdhsWr7CdUuXtsSSSuwWO4Ld68XCiQx9y1eBiBAB+GD2Wu\/lb9XwLxv5IssYnU4s6tBvuesFaIcboSu0qDauY6CaPlOVzIvtAJYMstwHjBjgOUg1VLVbW4e8RABqYyrAFgk1Y\/+PtHf\/PYsvCZhOCB5kqbImiRw3h1pD67YavEoB32fyii0nqrXhuOx80OsYd19rZfvwepXx7rsTO7Azrv1gfJUNVyN3GZFPVbu+9bah0bZVb2faEbPsXvHVJ7ADhVuYKBowG3\/vToH88gOsc5MmMiA7BPkeocUuJbep7qVkWVyD6A4XDSMgQOf4snKf3NMnwoOZ5+\/oEP35GdTw+gaNQtPml2DoGyADmvPE2GySCNdXh6kRDEzP1eIDWJ6cblFsWZLk3HJxSVWVK4L5nGv7G236HRvH7cao3OofLUezX5EJcTnlNBjPkG2QPEEcNrUyzgTzeskCKdHWBppAIz5V7d5Rm9KbgwRKyHgP52XfTCa9HE6G\/aWYw8rvnpb3BVO7AuVUTIl+JadVGBMO6HP9MQda7QUWFv6MTUs4VpAGaDAJWfobOxRrmQWeu9NDR0bYEXNNAf7RSIcYCgEjVOU9A87EHcp5jWmc9mASoXlXUjhMutb4712Z6btK9v5ePztTnZNKvllfQgWfQ0YcDu+IovA\/LzcmwpJeiamvlR4aeRi4IENGOnyfwZ+m2LklN5Vs3C\/uAPp9drDmngkL4hb+R4z1IEA0ohBJXoQ+GkgXZ77qbe6ISLXHCPXiKNO4b82HpsRurSda+ao+RM0sD0EiMBh\/TCkxcIcAIltsz8QoSaYF1MGi8GOXIhmTX1jWZrLAHyJmPKC9EuNW9neoG9EJZ+dIX5mFx0oGGaw2sdFPwhkPFTtqOk5AWokoPIwvT5vd4Sa519tHm6athzsvpY\/qhpMhYMBhIn+Ia+ZLRy9h52056DhP7uVx2GyT9ovjnsPolXuMkxrgw2OIdEvaKHwHSLmDh1euVdBDmyBUwspPiAOjuWMEDE13npg368409PBTQTw048QeZ\/V36AB8RGBYvtIGfzBKjh7cAm8l7WE9s5UvaZQy873oVec7lmimiZyEb5LyxRSzZWjXpzMqWJZuYCs9SpKSXnfZSSdiAHAKhypk11NUGFwk3vS\/I5fWfsFxUM+Rlf7z6obYtc9UnzwhZEp+DuRwFp0SSRdY9xJC2al7618o0Fetdd+n5VB8cJhD79oCRxpjuJClhZScv8yRHXQ2tWyL8V5prewYS8GgYGe0z2ZOFSP2ZvQeX70ng=="} -01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434528228,"flow_src_last_pkt_time":1603816434528228,"flow_dst_last_pkt_time":1603816434528228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434528228,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434528228,"flow_src_last_pkt_time":1603816434528228,"flow_dst_last_pkt_time":1603816434528228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434528228,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434530418,"flow_src_last_pkt_time":1603816434530418,"flow_dst_last_pkt_time":1603816434530418,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434530418,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434530418,"flow_dst_last_pkt_time":1603816434530418,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_usec":1603816434530418,"pkt":"PKn0qB\/spJGxgjQ5CABFwAJA69kAACYB7ksDefI2wKgBgAMDt3gAAAAARQAFALRdQAAhEei3wKgBgAN58ja3ogG7BOzsKsYKCgoKCHUJ14NKwS2PAABE0nUjXqgo3Pq+h\/Bzi9p31\/TZeG7dv7XIf5N1hruOb+rMEEShGYweXC+T8EETUns4xE1pcJfcd9QxJWLz4mk48BM1d7sz6D0g90Q7A6DSDnSX8zPHnk\/mBfB7WcT8ZfCXzHAFhGGnFcwiEQYipESmQ6UeXUdKLkbZVdxhnu5LdA7U8ofrC97xC4VdpB8+pct9Ef44k+OzR1LZByriJ678sYxqlbwGB9+J+7VwgUOg\/gH2R9dX6bQQUO7rTCoyUHrYGZ5osp+I31JLOOQ0C6bZs5jO72nIFTNVF37w0TIl1hS5YHNmjLHkXmrNxza9D1NWHtYItabi0jdmvYKXEW\/jtGDBbNI5Spt\/DdSwahkwacog7vEBAslclMpeaBEdIll7ht0275DdkEE5wCpSaptHi1ZfzWLt8\/3zVoN9gllA09tedp3dfnrCs3MbxDshoV7lFoWGdn\/dNMr60Cx3AUMtm2P3NvJ\/wl+FPKcSOjciGrJox3eMTCqBEuAzJo0ymq8aqrjO3V0G12SwfBJ9tJCn3UEWBx4Pq3qlqktq2\/Fy+CDEiIPPlLGrnjA5s631GXf+eke3F40ZavlVJrfNauZzZygjAUP+676+Kjhjmdgh5vVfrgA0zW4b73tJevIq4He558UKRJU4CMox8hYb3fCj6C3dh7FjwxE="} 01158{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434530418,"flow_src_last_pkt_time":1603816434530418,"flow_dst_last_pkt_time":1603816434530418,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434530418,"l3_proto":"ip4","src_ip":"3.121.242.54","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":7.594034}} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434535255,"flow_src_last_pkt_time":1603816434535255,"flow_dst_last_pkt_time":1603816434535255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434535255,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434535255,"flow_dst_last_pkt_time":1603816434535255,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434535255,"pkt":"pJGxgjQ5PKn0qB\/sht1gAJBbBNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmgL0RUQTYhUTOCgoKCggKh53oSKcUIwAARL7ptyuGj3sWoCfzmGYT9c5knffzFTiJ5lVJXbpctUGbKL5ySK19+FWpax4\/nAYQUfvCM\/bhsgFtS9G+ZFtPXpli7k9OwELHwQ20mBGQWbjmI7hP6morZpTeRWxaKack+BC0iQiX9\/LIrfrGdoT1oDoUDperL3\/EWfbsAzs51Fr37OKsXNxMOnNCWganJYQDoS1NHvgUii8j2RT7vFE3V9d23tm2baG7XTpJE\/KumpBsVLcT3VzQxufgdMiVwmhOfmQTPXaJDGA\/jRTiFeXg7nXwXEtAxzBQgrLuBhQxPykcUp0c2\/phwIU04regmPrsDteoZwKZzuohFTkgaiJgBEO37GhILvwwBeV77OMpz83mtpaFJrhJUhOB5vM0\/RgcMPtcx4bSZUJUYD6nBLhQJ\/GvQEu7UlOsfkiIrZE+ZKc7Xlk9faNEXsEX+cAq53XDHpAkkbtjxhoLLEgwqg9w2+pJHK905szCqPYz1ey662LeHpygS8mmmH\/gOERXnPY24ktfjRbIPk+3jjlRJg9AEQHddCfLs\/0YynFjxEK6SkUDk3GOa0sGfGsU7zt7rbEh4JS4h\/\/R08A7nHPChHXr\/7ZgHR966vNTPtSXBteBzHwou8p5yVwauN1gN5GaWb31oFnrNAxiwuz4e2fwfa69YtXI4XWHFBvj4iNrdRBF9sHDZoob5bniwmHivCxgMW4+Jtbnaqfrv4Sp3dq00y6\/ur4ZEHV5m4FIMmbgmAyq9vvgmIFyJKBMGegGOoZYhISRV4ufDNEsgtjnm1Ha96l8R2gH9UD5FvAjfB\/ZwRBGmgFyc1RY+15Vl0HTZ4Rr+yCWwF2I4UFS+jzuwD+H6WEkNUgBjeLztMlKSo7QMs7PpOgFdZAlYejckZA1WodUw\/1bgj\/U6KGLbos4yPh+0rFNO0QtSRdW2TgBAAQucKeIvxgOUjTBEAP34nCw3lpKpedULlo5yFoLMltnNpkze\/b+9gBG8\/1mSO3ivzeDC3y6mANlLBm2iJns641SQdnTkf3L8X6YeBJsMYcaaiKYOyuuOiyeZy0YQZa4g5mFBz1gCqnQwBTBq6z8JWs1a\/iBlFkdzl55MjJD1jFCxVWdLyjInYMNmKxijI+ky9lNUsSaDzc5mgZpk3C0ZBbV058wqQx49fSF44m14OWseuaF+VY+qapJWKKL5t18OkWciu9MrAdQ4l66KAXEOIsGmkn8zlOyO4gaBESlpwfIO6YAp9wh9uTR9L+wkJgDcSe\/JWX30SUzbiRxqTmU9\/OJu2YJTPKi8wBs0qops1o6F9bQ4myo5lBZyqDquGfUWvrEXAbX82yldqPSTFnXWZt1UdImRyp1aGJVLjK7WjTb+ZSUcMVvxEHERZUt6VlUBe9SscDBCFdepioRLv56MnqrV+s4p\/g3CZ2sX0A9nX\/xgQxdccpjrif7tgBq+g7rjwIDWgS4NTZeETjOCtp53wYAhZZ32G\/hgRuBjIwqGUhTXHOoeOasvV+WD6Qh9WG\/ZAOn3eXObqDuYhD21bQbu7H9CTSFHgZo5\/P4wYz2WlEjbWMiQ9K7B5MQdxXUQYTDHm1OtDv1m9inaq9E9Mp1YP37ABzmfZ+XPVEzLA7x\/VqZvQgYfBYQAA=="} -01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434535255,"flow_src_last_pkt_time":1603816434535255,"flow_dst_last_pkt_time":1603816434535255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434535255,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434535255,"flow_src_last_pkt_time":1603816434535255,"flow_dst_last_pkt_time":1603816434535255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434535255,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434542463,"flow_src_last_pkt_time":1603816434542463,"flow_dst_last_pkt_time":1603816434542463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434542463,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434542463,"flow_dst_last_pkt_time":1603816434542463,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434542463,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAsZBAAEARzITAqAGAA3nyNu1wEVEE7LiZwwoKCgoI7mu7hqnhXwQAAETSneZc0FuQOOHT\/teiEyKQKqzHkPCOdcJLNU5VOm5QOz0aoCJBEfqd1iT7e6uyMoRT8wMX7assdH+rfwhkbtE0fDQ53avKQe54W1J5UEYikBP8CP81hlJVbphH435fnVTq7nYhJQx3T1Y6AQ2\/Im2so+HMSUWdbbnrP5LSk6E7PUTbsjJ7Z4IK2AyVHeK5bSLg80JZ1Sph0HZzQaEbqIMyi\/M6v3qgHFPF1JKKXsbwx36aShFPp5YRv\/soCC3iJDKx\/TOoopux88iYZkKX6xmVToWLTybIql7tHDaiQwlFHhBfrjhT6cVIuDMNZVXE8b8dgJrnGR4ypA9uhBp9z\/Snjb7kplkcAw9Yd0vXwuJxwvJbKYWpGBSBjpqgJK2NnsY91gg5TfSt3JN+70Jk3br16yCjz7tX60zGh5oP2DwLrrYetR3R0GFUOxDMh6G7aF3I80uIHLzKM5L7Cyq+eH+E4Oik6IopSkw7bwloBrghPMa9hxFBVEXX58oWV2xJT38EqSdgZFBF5dbInQYsnbTRjhDYyaiyt8vlg88mj5YsiwANcazCph4gIDWa4gyKspP8BKvUtXz02RGy3HX6Vo5Vamtwn+2PjOM+Q+DQVEQnn5msYlkn7ZY5ovQgEgbBX+huA6I5hUWWsPR3M2Kzn\/TPASjM5rwK0KxSpO5g\/gQQfc1S7J7YuDP8zIp427rx9HJYduWfVC4rgRUnB6I166YLVcOlExTMzRX5aOez8BEzIES9YduVGcZhm9AP3doiK0e16CBoljKKN4NSkTnRww5pIG7SP9IPdlyMMhv\/F65HJ9\/Qdzi\/8AR0RRXgbK4KSLJ1ZazP98Eo4okuRh2hJvsVfDsF82aUOJ+5IPV21tikqeD52JJgCcbnY1xvwCMuI9Ev5Q1BzfBglIWFmd3vD8LInWrtA2LQjCeOq98mFJn6QDvRQu5wKPIA\/ZgOKwVAUTiw4oj9THEfNPce2Rwgs9BQNDAwTNfNzVG4Uo8HZPdnnHL7R4K8hI28\/uWO7cqQHN0rdSoqUztCrLRvMc8S2B6IG\/FwTC+hPTm4cIQtFOJMoo2kOuyujyZ1LEIJszajyM3US0Z7vDZ\/NVv7NhCjNliBh1qCCQmrc2ZARdMzfQTwRZSk4Qp8dafvvYQ1LF9kATiR56vOstwif8mcEeSGpGjxHRxxaPCnx1FqTSBlji1+\/mVUMSnwTjTbZ8+IlF5bvzWmxCP6SmcY3uiWmUe8ABNCdQ6oFUGX7MujoMfHqznJ22xd4jRp9Th8CAdO6AtXd2qNEMNXvt+leql1vYAShneyVo44syrCJhZftvKw0lIESx6N8bEm9qmNGkSLU3jwsr4qMQ4GeNejADIeIEW8ilf6RTOWWH8Ge9WQmD0aziJpeLMRGeBecvHxLqJRfNb4UoC\/aiW\/ii+JMaepnbYUiRD4TObTS04rz7zN9ijDMemj465LaVNq0Le86L1W7PC8e6cQH0cTJum0Jqv\/LLqUQa9dj8VqTQbmKBPwwLy4YSngRqKOkKFIREtmChIase\/5QfE6hq1lhcHS9+TUiZhdPLF2dtk3KG4eRvLu8IjED0rc3A3SIXUgqoM1eHsOUNqbWaqmodcwXD4BHHuC3EdxDzolau+txc2+xwm+NH4ee2DBykjljA=="} -01195{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434542463,"flow_src_last_pkt_time":1603816434542463,"flow_dst_last_pkt_time":1603816434542463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434542463,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434542463,"flow_src_last_pkt_time":1603816434542463,"flow_dst_last_pkt_time":1603816434542463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434542463,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":60784,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434507837,"flow_dst_last_pkt_time":1603816434548684,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_usec":1603816434548684,"pkt":"PKn0qB\/spJGxgjQ5ht1gAW9\/ACMR7CoF0BgM6YEAzSri\/bO+xasgAQsHCsnVrqTT\/kdpHoB9AbuT9AAjezDGAAAAAAAIlGmXKMyAAG3\/AAAd\/wAAHP8AABs="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434519345,"flow_dst_last_pkt_time":1603816434551349,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_usec":1603816434551349,"pkt":"PKn0qB\/spJGxgjQ5ht1gCVbMAB8RNSABC8hHpBwlAAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9AbvrugAfxC\/CAAAAAAAI4QMvVRUj5m0KGio6\/wAAHQ=="} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434518986,"flow_dst_last_pkt_time":1603816434566800,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"thread_ts_usec":1603816434566800,"pkt":"PKn0qB\/spJGxgjQ5ht1gC985ACsRNCoArABAAAQAAuBM\/\/5oGZ0gAQsHCsnVrqTT\/kdpHoB9Abu+QwArPVvlAAAAAAAIhDy+8x\/DNCJFR0cg\/wAAIP8AAB\/\/AAAe\/wAAHQ=="} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434569071,"flow_src_last_pkt_time":1603816434569071,"flow_dst_last_pkt_time":1603816434569071,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434569071,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02218{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434569071,"flow_dst_last_pkt_time":1603816434569071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434569071,"pkt":"pJGxgjQ5PKn0qB\/sht1gCjENBNgRQCABCwcKydWupNP+R2kegH0gAQvIR6QcJQAAAAAAAAABx\/ERUQTYsYfACgoKCggwbWAZ48sZPQAARL5w5HpjTfB6HE2JQjNEB1YmIe76YRB4wkvrzI8Py+EIKqBcyOOLSUBuzT912JXZ\/2dY3gtcHrCUweZkn\/T5Hj7RPGvPZqKFDdtBnWxfnsXvr8VhF5wnML7O4OsWP5nPvl6UO93+O4xio85bG8BLk14nxVMaEegFPQw41vQotLY1zGwG27cqyluUTVS52eHYVV4j83Dk9aui6JZsd4LVyJRUX2\/aUckCDuajGznu7FC2CzoKmlR9VSfkua99+L62GemAPTQ91VNnpbP5stk\/eROyYCQjK0Rz1x4lCPUHi2bIL+APn\/wkXXipr29g8XanJpO+FGEylpXWsJrrg0SI3jR39YuKgH\/KrVFhaTiB2Suy3PaKmi\/RzU8ypvxDJGoEdKNt7WXrvIvEzAROWanRVHPIqtyzoyATCv6emaC6YOFoMEpZbjomg2doT6BJk+EvC+YAEUaf8b3SEIGnXU8yeMJTcxsinB0KKzvXhxRAp7xoQkgseCm99W1kW+XHhN1QN\/TaCtfCfSVrUo2xGKhv3ymR2Vaw4omOsXp6J7Sjc0mbrS90K7ilwCM+Wfg0YoSkSDUSXY1AQnPTNjr2FMqanb49do1WhubRfE\/Ck0eHMZWPpGaO\/mph4jfOtDGM6OgXvUUlp5ROucFlBzCmVKkIyc2H8apiOM+07MDibQplJ4Az2+90761IvBgwfhlEPgdX1KDSHaJG4rPehCnx1Pp+yquyrKEzA5js4oFilyAy0vgDYNnz8kRaeeuCwuFEJgvXo8qRWj3noFvI+zM05NzQAJ+bmWMPgrG27iBYNGIvoGvmATqr8JgYwP4vU+hSyzxuJhQCf9Z1Yvi3GDN3YdoljnhaMO1Savux67rztE8c\/C8yDYwfMl4Hk9h2CnmhjXRv\/3esiIjaH9dPCD88ewNCiifrhvE9uNwL83wO4sr5zyTtZLeOfofME+dgPVQ7bgkbsRZetMQrrAt+izEoATXGeuXSCXJvZamlYZRQA9Y1hkw06gQpABA8+7BxNLKVRwU4R\/6Vyg6EQNzzD\/YA5VOGJvjRexKDRdxqrmlRTQq5hfIyAJHy\/HvrSIrmlbTwI7l2tlyS+TSdUxPcmU7n6Qs72zr3JKtijpeZTjiOvn5gH3Wz3LwmTGnGrpdVcS5m3nAy4dlf71QOIEEceuZ1zTiItSS1w+qpRUZsN7KqSmVbH5OnT58ueYRcxpx7o59KZHrxOOtppX89XTCUe1\/U6RKWIbGwK5B8t\/KtZN8LmG0kgcpcavl50oHuWDKuSGhWn78YjrWPPggvwb2mtAvV2xgf+KzFIUqCZ4tP72EyCyT8fsNUCySwHshLWySXBxdWfBkmiQPmX6KQcUxW7vUusJWyjH+HlW1ebLdsvC6JTIU9jvt6ymyaMyI\/rm50GWHDSBGar9xKv8vS9NCFORMVJp5Z83e9YH5EXVTDOpimXhA8N2hI9UWL\/X+c8xQkqXD5T0yYXpVHt7NhIvTwpfhjbEcUyf+BaoxMbBWX09ubEe4WSF3SBA7Dg+tiSOpxP11Hn04MactOeduGtV3YGVM9qWIdA3KpmTnOn7t96V09pndKxqCgN1gD4va9ZR8fB8j+u3uruPi0w2uDTcAmxYeEKNSLqA=="} -01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434569071,"flow_src_last_pkt_time":1603816434569071,"flow_dst_last_pkt_time":1603816434569071,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434569071,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434569071,"flow_src_last_pkt_time":1603816434569071,"flow_dst_last_pkt_time":1603816434569071,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434569071,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":51185,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434569249,"flow_src_last_pkt_time":1603816434569249,"flow_dst_last_pkt_time":1603816434569249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434569249,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02224{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434569249,"flow_dst_last_pkt_time":1603816434569249,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434569249,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAabBAAEARba\/AqAGAg58YxobPAbsE7IX8wwoKCgoIJv2XczUh4RIAAETSRoJYBYOeas73v5N6JeGR+D4vrTXWLHahs6zbYN2PSmfpsY6grm3D0Rg\/JjEbEbWdaTF+lx2JzZ6OUYarkFy+115N6m1b7gQSj030Q3\/SM1TNZj\/nSEEyPzf0GDxqQj4+nZP7WMShjiYRdKzXBQdLzKvZT8hwnZ4oB99gppgeNELMhqdd1SySqMlsoa6maZtwfk3WBUm6ygdONT8WTBN7k1sBIrC8taS2In6WoqpYjWgCgSqLDUPElTi6Wlu3qxPK0L89RJAyo7d95jjEyHvPN8tIah5cWcQDYEYe4huV1Wk4ReHtQlciAzAXks6By4Kk0EH6V\/vjIC8b6b+cCLYGgbSpy+UnT\/8ZA\/UQuk7xfmOopsc1Y98fvndGTrq5RKwehvcBoo5Mn7MwglvspnL5JNC3Wm1g6bxDaeVst7hRZBFiDlhiYaQ0Ab6hTr1EJaOuADWqvlem+VI3ScFJxVtLzW45MMzPqLsgDN0nwzvC5MgRoNBFenkwFuOGJL3cuoRXUyC3LM81pQYUYluofbI7QpbP2iRSlWRlGLd+f8zLs+KcyeL5yNSmFslj7bzWf\/JF6mVv58XYK55HQs40V9rrlz7Nj\/WpjPtqqYZhJzg0gyU\/lbPd8kQLgVED59ItVwC3fIrmrMfcRnaanuGrvWgwIdywVEgwonSypaCKhJxenk3liQiSK4PIyLjElDxx0+CyQwtFMw0J6Rd2Mh0rRN9Qg6bbB+l+1HBn2AZjjpQRkF3k+wmrwQ3tlFWbURiRza9xq8onWimWZ4E80sO2DhLrdh5rcVJQeQt4rdLXRJq+nwgrsVxBbz2\/q8\/SLYx1O2bZBHh\/9BOOD1ryspmCVDPmvYwFGBraeD2+NW89wNvReyoP3HK0rCJ\/kri1cIGHbCcj++dh0yrqPt7Tf\/h83mJX2ClPu+4JxyyaiUh6X8GxTD5uMA+60fYmu+ll1hlhETX4lTtQ\/kXioQnJXjK9uS5\/mUX\/uGF7bLIle1fQUQwXMiKDhED8bldaUYDhxS5xaoXVFHYCkZD1G0bx4wNv8Yb\/Z6CBWe+ohQSURy647CyvtGSWeEchDWk746VaGkX3lxlsbKJKHBhqx7ONQcIFzj1Uy1jMc0AJU7zrl2kD8zQXmaNY4cUoA+GXy043sC2xwegQudxFTao\/gdfkQ\/q1NCe\/ml37Rl6EO3X3l9xGK4gSgGFs8v4x6Cb5DrR4JVJ5cHHSfWZa9UBPO1JdiEg8\/VX\/TMt1fQN+ReU4W02BaESJr6JTbZ2z47SHhCBYG6zwySaG7Lw65ubXXruEdd1pYjzU7fMm7oTz8Lh\/jPP1IP0yMSfVCRBlQiy9xU4NDYENzi1wl4tIvdERDQbkkbp0nWFv+lt+bkws2Q1vZy+gP3OrU8l5zDk0wZvYK1K+G1iWmyU8uDxuww\/HPy3G9m9DbYJTtzjTkrnXSnww3izdOvRZeolPfe0Z6lcnGUQ1\/j4+H4gBCwQLWrpcyqpCaXzS0ah6Mc6s8FdIMqnxX4rU8rBpXWoJ14XtBm3Uyy1wVEeRuIc4t8D3Za5OjHN5cGk13mZGhzHFhggCcpbM8VxO4s5FnO5gkpIVe3rp914hsLEJPh7ThKO5jLy2z2hTqHf5sMr6xpDc+5DzcXLzyMz+du5WiB2vEQ=="} -01075{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434569249,"flow_src_last_pkt_time":1603816434569249,"flow_dst_last_pkt_time":1603816434569249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434569249,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434569249,"flow_src_last_pkt_time":1603816434569249,"flow_dst_last_pkt_time":1603816434569249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434569249,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":34511,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434582773,"flow_src_last_pkt_time":1603816434582773,"flow_dst_last_pkt_time":1603816434582773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434582773,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434582773,"flow_dst_last_pkt_time":1603816434582773,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434582773,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAoSJAAEARNaLAqAGAM55pYsqvAbsE7MzswgoKCgoIEaz1Ap+9VxAAAETSW+W4muYv+Ex5TDdhGEEgn\/uAu0qlojP\/J9hIDPqzwz+JlTXFPtSI+aiI+wxPcULAye6UrinGUUzBJN9cIkelzrXiONFE9BjSvgDnaRECpumembikZ2HAk2TZWGNiHThAH4BNmcORyySVZrHBrWfpgdT2X+HBd1V9EwlFlpGOWc1WMXNhMkNYXVupHdH7xVbTBo5OLCElubCjSPLQcYjGtGeLSII96GmgvBOPIrvVPJlrK82HF20a9nNNukdp4BPXnL8I2t+rb0dK\/ghu8TRSa3A+cCR\/8rWbZqaii1OpbuZnQ1EcUrceIDrLKjGsVgpT38KpctLTQ\/LEEVi9cgfwkd28yGJ\/sRbZDa9nN\/DCQk\/CQdVd36eB9jrAYsgu00NdXaK8a13Lde68fZxyZAQpIVnvcfH2Id0GXqqN8JhGEanp74gRCpI27i8iPAmsd3UMjsAW4\/kdVXe3S7CJE2WY0tiD\/+JDxJcFk5llcTgkntKqmYbhPxvEadncEKOIQWKyGQzjDvwSwmig63\/L5G76ukNd5cXQMQN9y+ZTvw7kwrdSXrlmPNlCnkDTwHvC5AJ3k2x4xqqQ\/iNrJ0ZPKJa+ZbSaagf+oOqskwf4MMNjZMwfufWkri43N+eDbtXKbCXPhtUVj407PdHTmzDQCEhc\/2YUIpKa27K6uS7hywCslRzTmpBr7JTDvB08\/wQc36h91hA\/Pk+QFTxQ3jSb17rPzZignHJ8+ktxWDlqgmNhirOBTFHrKKKxFfj7Zd\/VdS2hwqNZRHNiT\/rt9McdxnGuTtU3Je9EyeeJmZRmMe\/caGlDh5g04pl8F7+Oo1btWtTbgaTib8s1bb7OqyePGSaVywbgEE2DT8hSkw\/0V9rX3HxqWWKlm3Q6KLMIO4x9UT+hK9EjaTbVO3sb7ntSBtUvWM69geB7FjBtVEq\/e9xSbiiqRGEZN8fX\/2BZdK\/e7OiNqVv+75BROBKhr8CroCTuIcvBAJsteqOP53Z29BgiPdg5qdLysu2zuT3+eDoL1SSxZ3XRR5bynYqVXOHT9L+i9E\/4kNKasvWdlomwsUZBUHLlgPk6bGw4Ne65krgmZRjBxl36YGLw6+sfkjJoh7npwlPGVTMi0to4OLfQHhGF0beq1Uwve8Fq1vubD4YPVoyRUfwB7pZiGZlefHURnSMLZuwlS26beylIwMqP26dsDx7\/clmOwL44sg6\/0wzyXIpZINxypwBzbjs9d0tlnjJXwUYRy9QmD0slTxEyxrjpBtheiCMc4Cn\/6vmy83GYsYqAPaHjYm5Lm9bkw2mDchmuHIE33cyYUc9fwTe495DLrhWVEzAWbCKPviregmjAsH4m0iA+u4W5k31m1AmJpuBDrgjPUcXL4i82zhjeL+h12K6gteHYqwX7EOPhQ+bRm3SKhW2iyandNBDGKMy2kYZB+kl96lTKXHy42WcNsjGKMfUP9vZVhz0rZo8wSdI7knLcO6jiMKqrsnoCOre5s3EnkzOjTGJOpVTbDAlyOIrVY0\/12bwxq500zdJS7Tqi8Od4Mv0jxABBtbfjE3S4PoXY6OYUNPBVH\/C3Jt3XbMm8PyemuOM8gg2u\/LJT60w1swKGZ4faRilJPXx5ej4jCKtVtArI1E1I5haUgoGSnYETrYiEWQ=="} -01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434582773,"flow_src_last_pkt_time":1603816434582773,"flow_dst_last_pkt_time":1603816434582773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434582773,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434582773,"flow_src_last_pkt_time":1603816434582773,"flow_dst_last_pkt_time":1603816434582773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434582773,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":51887,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434584609,"flow_src_last_pkt_time":1603816434584609,"flow_dst_last_pkt_time":1603816434584609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434584609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434584609,"flow_dst_last_pkt_time":1603816434584609,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434584609,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAXS5AAEARruTAqAGAEr1U9anTEVEE7CkgygoKCgoI3rE9GgKLpyEAAETS2D6FRkK87MNUIcKb45nDQXK7RIhN5jovTQDmFSK2M6QiVZpJOUYoJlkltsOnfd\/1F6U4IQkpFe+m1uV4F6oBz4RBkNPAAuUUBMdDtca4r1A9a73h9DF0dBCYcXkZBvDtL9wCuog66vADNiZMmDEEKyoT8ED6s88IFRXJtbENfR6cs0sHtB4WxRNwLE2yoS5jEYyQtDPhxoDW6y1RUStChGv8HnP3XMM2t\/jLHE+oLZ20Uei8+UFfPk0e8A5VrXwIo9k4jCJsPG1mMTDbv0YDgoPfvTmJTVTIw4QonxYS\/rk7SadZEeONmPaR6TtoWts1FnzUvtWOpV+5Dad83KsfG90X\/CIt\/vwYmyVKvj4VgDM6Pr4H+Uc\/bvz0KjdGW3xm9YMUTlsbI5ol2Pfvu52tXEEWdRjKK8g6DND8ZlC7aMVgSCICn0NKoRloC6NcE8Rw5LJBhOhPXDDbCt20z0FHuqxH9Vx85YXc89Y9JZS\/xEo6rLepUNAZyK4VZC62QFOzsGL6Lx8wSrVduZKsiJBZ4c3ThpGGJ+vaMWABr4\/cWq95Q7ZzLSuvRsXOk+j1He6DsUvm3J+RmjmrwYFgt\/M4CICjBS0Fm10ECgKhrWwd3J2E54DK4DKQ3EUyd3bjdTDHFVk2++CCDGOxGq+7NMa3RFtYVeMobAS4ZjFwkv3BS0m0bobUjHhoVD1GCqa6cx2A4+lBUsOhUXvuodo95jKqOaTXUqsvEaXzN3L7b43PXMpLAq+LaQ7Vzd1FgcpeaZ20BnyGL81mPGhvhcnQeusPeZeeqS6zV1B7OHOYc65wKxzUbYn1EC28EGygmnjZWc0jy2pYGDmTX7nQGQSjnYxGUcUGQPhaCfOeI1ggQvzjjmgpCyBH7XX3wXAV\/IVyilSo0omRqkl\/bMhBxO5UlcQB3HAXvh7\/CW9oHeT1wKQ3fB\/HEa9yU72ZB7d6KVeVKjZq17j4ybQ\/1ggtHYGp2pcGrXZzRwYjOkAZ0Opiy89watoyLGRmGLgTFsDl3McdaMNDx+9v81zsdMOm7BtAMYT6tRwsjrRofdkZ0fVa+YwJIBwtAhT8ajDn7UeBBPGRi94tJDcKF6j4s8my9KviboSu2mxdTOGQO7LtRIaKMRxlUFMtCi42onUa0qPaP+\/X0ttI9DVmM3lXTbZz7zAPwnKTDbrTvlsXFf+fb69MdPyK+0ZKLVzYuN6Rage1Taxjdnuj4OAM\/zUBa3m3soYXUIDBjkGYI3RorjKOgin\/VL4DsoJChrJPR888h8Xk\/IbBDawgJWzXLfoKqwSjYoA5BJLar1\/dem1\/5+HxdBDknyqV+PU2P2vYp8hNcb6mnUzN837UGUuA4NsueZUnc6zYaSL6DRRgrjjKhF6Tz\/MDuOVmRVnM76clbdBfnFUZ6P1n46WbYwkc\/I8+JIV6\/IqS+DjXGRm3N0QevTA6r\/68gEOcX6irDxw4FjiTMIU+OFUnGh6WsbCgi8K5SeV1kRKBmc\/TSum+LmX9s3PKC6cu25aK8beNwOxmv\/gY54CIgRosYlyDeYbWJdPZtKjt0TZLq4wV7HN+8OtqvsSQLBG9tsFDIGXLerkJmoKCBPMmTv62Jjm9BtEc0eZuVqDPUnoU+YqxHdkhj9bAhq0W1dwrlRBuS8N9Rw=="} -01196{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434584609,"flow_src_last_pkt_time":1603816434584609,"flow_dst_last_pkt_time":1603816434584609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434584609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434584609,"flow_src_last_pkt_time":1603816434584609,"flow_dst_last_pkt_time":1603816434584609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434584609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":43475,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434585935,"flow_src_last_pkt_time":1603816434585935,"flow_dst_last_pkt_time":1603816434585935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434585935,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434585935,"flow_dst_last_pkt_time":1603816434585935,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434585935,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAgstAAEARnBLAqAGAhfLO9L\/\/EVEE7M7UxwoKCgoIFbSGVwPjC1AAAETSjkROzIIp8CK\/caOuFZYAfK1aOEqO4JwTw9D7z+uUbIBTx\/XH4yTcUJ1GJ5nL+Agpz8kkGqy7oh35jkjpRQSyzT2NyzB2NTBiZzOgYyNio+jROASCrTsvFc3Z7POk+A3z6nh\/zFa0LHBvwlp+McgWNFYpnLkD+S13ugMu2uizXqCPOTgA3G6sIsESNefWZzgDU6TE0Fie6rZUHLpsGk6\/rXINEPxgL\/9wq34N4qUhpvbCKjEq66pMlprpty+OzFobGyzV+ZfKcjfk9heS8\/Ktv46aaw96hlXnUfPZHMbA+CWsmthusRBP+K8uIWlnTbdNz9Rfn\/rIR1WmSXPxGkt7FVroGfbPWNtXVz4++NucTI\/gHddPWrZHVTxmD4eDZ+gEpCk9qXs4vIQRkuhhDT7KtsO5OQlx0LGSyxQmka20y1oOk5gC3euqSWQvmM8esR3UL4VI1v9ztMr8LjMn0OiMu95CEowBICOANwFprI0fObMHGsulwe5nvslar15BxrnmzEPNZiHa\/I2lrJGnez3fp4uBPMNgkQPccWwS7tSftVUqukoIkaMMDDugrSYQ99AP2nblRffqf3JA4AsmJuPW0X7qs\/Byp3V6ceyok7YXbgcjlYcvQaIYY\/lxFpek3Nn6KNssLG1fs0ok3z4gezAdPzCDxhvWVe5HYAr1IFeRj3nq\/RPsEA6C4W+4l7Yb2Q+t\/rGxDvAreWu6lw7r0fJV+s3RVQJy+tEW28PRfLsTsQmCiDcS3zHb84scMnkwv5bvftQiTHPxbXfuzIT64fpwltpQEBi3fJ3wBTXCGnFFnw7Nsf4\/JCCbl8lJDqInzgCs+\/Y\/bv7BFYE5WwvyQhhVAkY54ihB2e1U2DYdn7Zqiluxkz6gTqo9t0goC9XZwhqTLhcNfKD0XB23eFaY3KoEPWuPes1Ne6OhOBQfjbGBHAapLo8KpRyV6yba5+B3oKegQAyfeyrNROon4pshqrtlR67NkthaTNhbaMWzCPQYQ69NKAHv4GZAavtCgzoyw0xfFk74LvRxAfWd5OtjPWFSoU9lQ+1mdU\/bOKC6O4VAOilWKe6QbrEStrVui1p\/aQNyqAYvjHwGeocuQw5Apru2zL4CCg9jzkD4KS\/jN+UCk46yLdkn5Ubz2Y\/4Tqj5walihAnanr74XvviJcs00s6SbGZQRIQnGnA5QboJY2HvdZJa5px5WoWlaAtRNSjKOb8VqvcsOTB2gm51ybY2P8hwH3e8MTnT6NSTQUYxd9MKuGbtBlaY4If+PpqrBCmLTLCDHV17kk1VWuNwxmBudJ5goE4YQONWMQUK3S3Ul6LG6ZXlHy88HhO5x8L0R8jS+WOFGP6zSoYvhB8OXq99sB9qjRABZmtgMm6tlllhZ6+KyV6yl0udz2oNhS2Hk09RxStU8\/YuG1qMWFdf1q4PbwgPZ\/SEU8YEQ\/gK\/b3lzjqtkntdDToIJ29938u4+Oea0Z6Ovn9IPTGyjlhkBTrCdjCsinWeEj2Cr6kqLjEOPd09mljIQf3aovLDbm2AUoZWafgLqoeW0JnEY2b\/2gwE5NpGc2iu38L1nWR8EcAN\/w88hux95l3UfaGjHKlj3FFO34BXqnrmch2I8X4qZ\/Xqx0WznIwTUj71m8E95Pb58bFksDsyDw=="} -01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434585935,"flow_src_last_pkt_time":1603816434585935,"flow_dst_last_pkt_time":1603816434585935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434585935,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434585935,"flow_src_last_pkt_time":1603816434585935,"flow_dst_last_pkt_time":1603816434585935,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434585935,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":49151,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00843{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434586380,"flow_src_last_pkt_time":1603816434586380,"flow_dst_last_pkt_time":1603816434586380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434586380,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434586380,"flow_dst_last_pkt_time":1603816434586380,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434586380,"pkt":"pJGxgjQ5PKn0qB\/sht1gDM4pBNgRQCABCwcKydWupNP+R2kegH0qBdAYDOmBAM0q4v2zvsWrnAkRUQTYkaDFCgoKCghrDAA38OgwkgAARL4V7fWqJD97ugGiMo3hEbsI2+6\/SpwaiwHfJYhBwe8nlBeC2wTuSe5rZV7amDM9N\/ui5SRbMnMa4jgRbgv6T7FxocLh78\/\/47xNpYbQ5OnVlvNw6YvcG6V3D9lglGS7SGlN5I9EKjcJ6eJNC\/yHA+fna1KNRS6W4dCmPZfMeeRKhPbnKLP\/zD\/hQ9u8WpY9sQzK7DxdC06QgW5OFPLciatcrURwr8u743b7gflxyjWj2XMTb8+OZThPj0RJwH3mLn1aP+ys3uq61x1VUHQw18JbP+jOhfjr5+O\/DOmynEaj9yDtlT8pCQmkvZjKW+qGdVHgPAjMhELPJZM+CKVtQWm40oviKQmQrLioe2xR08VjBsCQ33vDOtlEGlAArjadOrMBFc2+XUcBiGRd32aXmUR89tCzI1B+GouNtIblHFiotduRGiNABGg+3Qc29eltQIl3PdSG\/mv6xeCbqRlmFNb1hZDT0EPrntyPIWcXzd7I6R9yH\/OcuERuArM+R4UUu7HVGq3VOIpyJl\/8vVA0PxAitJPE3y7Z8KBR5Uk9ypmv2LBTFbQqleqxK9NsAkl7SzAMl4vTV6UfLWkE4v+lvbSNEQ+7\/h05HZdmM+ow0IuI\/BgPpOsDVtV1aa5VzDkkk9VWQdMUFySvpiE3OHVn9TUuuM9z5aYjx1qv5iZjNaxwGxQ2y+LC+sSOXYRfbtK34ZuCzCSfwzTrrGUTngeMOBfoZ0Xj\/ocEK17WUvslg9MAtjR1Gt3CBgVFOL0OMDBH4AMY+AhGxe0SgGsm9XvIgfhBa9vjDgpW2bJ0dEWPHP5qrAgfuKrrDizOESiLnlVMmMFXOgizTrGewuj0m\/x9ORClQAI0lFK+zVYRJsDUDjl8s8kMpL4rhzj3idhtdVWCdH8wFTr8WuyJ56hOdItfnc01ZNE8WReW4m6xZikAeggNMeWiKtQq+jfhT6qhFmDdif53uwIz3lMDO2crL14B2fVYDgPMUN05glordSj1PZRZS0OPJgjhG1Hs262PpADEzmqa1d8PWOn7489KV\/wKRhTXTO8HK3lkd68JU4rMEIXRiF4qH\/eZSGMgWSgdLEk9Ag7IV4F4aQpdDeOkRKGB\/bEnoIBfiBauwiLbdlgdD\/c47VmgQoRcvQk5GsUx0U0+wFCL\/ZkzcmI3DYCHTfNkG2aEAA+xvCWzWICgkMC5+W19MUzCoMuKizeg1ma9CdQgrL4sjg3iELKoYVCphaaL\/n3OYJYWvTTKTbT6OOq7SWtEDlUmidq13+s7Sl3Yj+afjtbetPkC\/8CAhhTxZQSPMQ1Ni1uSCgMYa8Y4VkddiZbjqAaSZzKfWrctUQrKqIadtSGNHtMQqjpEIWiMo8o\/UgBofbs5Kg3B8jC+JxO7Ld\/FGGhuabdGKUSF\/ZtUgLnPcGEW5kKFktT1D6fxQMfKzarearkPRdC9eF2UogCyGsrOxI\/GFB3vpOggGgWFiIo78PmOU0twqHHZC0t0srjfWKBrf\/fzPkN55ufN73EVurA0pU1TeEWhtid5II3hk9ekWAYMe+fHTtyW461m2tjhK9mczMG6wWszN2qKL3rLagh+IX9s8CJGYkrmfOhgpW1AdBPHq6OvvD7s1\/95DBb3hQ=="} -01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434586380,"flow_src_last_pkt_time":1603816434586380,"flow_dst_last_pkt_time":1603816434586380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434586380,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434586380,"flow_src_last_pkt_time":1603816434586380,"flow_dst_last_pkt_time":1603816434586380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434586380,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":39945,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00838{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434586718,"flow_src_last_pkt_time":1603816434586718,"flow_dst_last_pkt_time":1603816434586718,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434586718,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434586718,"flow_dst_last_pkt_time":1603816434586718,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434586718,"pkt":"pJGxgjQ5PKn0qB\/sht1gAlC2BNgRQCABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWmsgBuwTYjDrICgoKCgjzgkejWnQFTwAARL7AEcGzrGiFbLDVVitPMjpX6T6us8klH0LZdsk33gK4kca790hWc9lEqiHw2zuG3cvmTx4edwCefhx9uVFQHbwCX7OdVaAKALQsTDf2esUnZnHqAVwqfHs0alGH87lg8LOQYMLCyJ5o4796Hi54oLNHvp1iBOlawAP1QQwkOrhTac81Z\/3lqw5txy4fqI2ulRUcc8HMVbAvriqgCRBafLPQysmCOVqjinACocPdi0ZP1pUx0qn0+kKcTF+7gFuANdSw5ZrXDF5v6YKUxiJ6vSw8Hy7vrpHpUiN+5fprlESKduOvuve2w8S0Rn1T\/QCLnqgsvW4zVX2obPqKMBoLM0FaRFm0tupv3jD2Bo6wMhEP7UVS6LQVCbX\/F5hZ42FQPL174ha0Yjp7fot\/ow92n0s8sDYpXdyVzzUtmI9H59mtClZBkXIm4hCy5YwKUBE5Htf0HL6v7tX\/C56I4bHgjD1kXDqKwEusnGxfxLkbm5cB84\/UPVfX54l5AlcUWrKt\/sWPHXza3lrXmjl3iKLayJGvSvxgwAyLdj+1dAf2mHjT3T9ZeLg4TPyNz17SLyKDROZpbuZtC2zCbnl+NoReuXxIIu553FeA7K1Fq06E+HYHhMw9+fWseAQfiQhoIBqlHGL+6zzFwJx8LqsX2kF9IlqJJkfGxh2dCK8J4o5uVhtnU3J2xj0GDXLtBrNSCk7DDd67hChkNkJ\/zra77RGExcKdo9KUDUUYykOLFAbdNAsP9djZJfE2+FIW26Q0ve6PvxjGma3cI1DAbfodw3x7gmpMenGXbAesto3GigfY8Dqk5DyVN2us4Q8jxijjrwa1uGb6WCWFIbPGsRxa2EtoUIAHsP\/pagnvZR1tK2myhxOFZczPeNlpxk1o3SOIXdZrMfCNqe8UgV89dZHklMi3hgQCyoO5n2p9n2UNtckDsulzdkWAkN7ELjfKSw3xLKX8QYYwRNZkrnslYV\/gNUyPn\/DAHxcrYsCggnVPpcMfjQHnjiySyU7agWUfxfnrK5KR0Hz1uxcerQD9r2dHrU5GwRgAJqiERgTrm61j0\/9g6EnJzaJxnY2YL\/8StPHOT4TbswEzgPxmOMhq3B3NyVJmRRvGKyoWosF33+eeRJZtqDmGzt7Y\/QslvmPGsoNyGhIfWD4qHCWm8JN2zWi8NKuiyFpgsC\/gseqp2COjYeHLzTsHE8Lb24ziOBbxiS8nhlUeyvkTXTnPgtpZev\/ducm+wW0A+YY2gp+9vovT+lMYKPoIIeW89qmvsTK34QrhAHBV8Gdi7IG6oE67NdkIrFleG4EtBQyuNTVG\/Hni6IlsFEhmcMOi9gtqRQF0bots7U2r2su6TX5cs\/tWsUtfcKDq01p1Oi+UeZRz\/V+lKX5GfCRE\/JIN8wqGMoYFzwTiwgXQFJuV\/tc8U4uoRYgnau5MAB9+BYOU44CnqwsIla5AaVfMisOMnVZhANbfOkDwWOMuBcFcvM4iPJEdLrpJXtiL7lozz\/DNjHrb6qIdiWBMUyCod\/1w5XY81jvBVw6EPdS52X\/61VYwnM6etnlrj2efLI9zOedaqcKmUUuU5hMhqfCCW6Ds62KH8dV8j+mD8L1skbcaPGiQBq8L77krzCDv+w=="} -01119{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434586718,"flow_src_last_pkt_time":1603816434586718,"flow_dst_last_pkt_time":1603816434586718,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434586718,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01151{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434586718,"flow_src_last_pkt_time":1603816434586718,"flow_dst_last_pkt_time":1603816434586718,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434586718,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":39624,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434587784,"flow_src_last_pkt_time":1603816434587784,"flow_dst_last_pkt_time":1603816434587784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434587784,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434587784,"flow_dst_last_pkt_time":1603816434587784,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434587784,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA73RAAEARuC\/AqAGAwb4KYucjEVEE7DgFzwoKCgoIOPxKwZ+D2JAAAETS91nHeEtqNVprqBpjlBuMS4qDhd3kUN8qDrM+F\/ekloYAYgcZUMLt8kdbAj4yNgXM150XEsSqUaY2u+NNo8mFZEwXy2OnYTv\/L1pA2ooV9c\/qfb6IQtVvpkYCa79kPBP0tyFMp4w86ypVGLJRFE2wcR8W+ufL4zQbFmHQUN4s8EKBgftF0IZ9d+hGzrCohfVKAmj2TbAATwLc5qROqnCXSPAAIwsgXC6FvxeRe5C81GzRnEFcVKohNWvuH+YgU\/EQzJ8x0h2o1KXN+x2kz8nNm4RV\/bBgatrr3rE9I9H9H7X4vNkwSkPN1LE\/7YLaXxFkeX+BvfHM9pLsCwVYI43jNMZK\/82M5vqAJwLAoGNaMNRy1bvSqZ2Qnqs8doUi12HdtkWRB7hy4DLBCO6i\/WKQJjLKdpFeD7phx\/6P3mBKcjDeMOT9LGfsfpWDEggtVg0K+PNic2DC+MGaabHUIfDeFXxZwVJQjnBWnr7uiJ1+uGYObevmoi83q\/oHGzH2zJ45l2SHUS8N5EDtYU7jRJ0C0k352go\/BLzWhvpxttBJ0HkbJN+Lf8iGQ7\/HNrO0sSvxhBlXfXloOUmwXwy4ZOiFy754b5M3BhRivvL68fxBqtVY1N2wA1osEboLNfPnmjiBhXxUugq2mfHLbsnTaxih+guwrlRqVVQng52RQJYpjyC\/IQpqxIgm\/p+tg8gZMclfhCysFzs0Sx7c51U8U\/eV6RVzg4J9aZi1F6t1E9qqrDD9rTgXDBFK+53U4dmwwrA3ilycimT\/hbzORA3BufMgHAOtz3cpn\/t7KLfrocmCHydxweYPjYv8od0eN7GuRZC\/Dkkx5pLEApXJKbDycSs4W77Wi8NgAqHOpGnI10QBHXyfFP+YPX\/MbUtvkqyBKvQeesidGlYsUe0gYlnKX1yYRVG\/iKS0PMJZC3FHvFiL6obiVGRuwwpTV3d7lkotBNp2jqZCw1NLWglC1fuu1coZsHS72tmzKvcBFgtdmqwenN1JrK8F5rdOVfBQ8yE66XD3W8yAjlz\/Qvq\/DIB7QOU2zYdRo\/xweEsuV1v5VGk+8J0AJw0wbBWw2a7KJD1o3bx\/fl3Fi0jbHAOf1Fon8qpBSfuKwo0q4+YMAnbX13uRf4o0syD1YOszGCYMMZmBO0q\/PYK7xkQl3CoFVjP6bHq4sVQrk6j7MBPS838Z1ManSJBz3k+oiO\/sknlDJhNUIHfSq8TgRjn5JEi1pn2KhrqsPoB73ZpXqkfBB7bu8rzkBoJrWwjjZeFkHJOfD8ToexbXz43k\/IjggUNPy2WSLw1q33LeO+gOH5GXB9\/QgYQ697NrQKVyKlRVZXeNUwnQS4zycuS8PuKHeqfdW9Z+9PEo4DpPFRu+B7BfvVgxbF3wCCeyZwvtKZFkAMhl54zHOUC4V5hgvug19KxTuTtQDyeR7SJbTf3aDyi+uN2eX72\/wUD5r\/K2ChPZ9Gse97JUpH8JYVHPwSDEUEO85gNWGwO2wDrwXcE1X7p+U2f6nsA1R+bUBz04uvKlIU4Sa3pHvuKQRjh6XPQ2ThEX3UW558Xx7NikbDf\/f1LNSL9NCOFEeMnTLHFDcVVOXK5I01l4ewmR2fHvlVQvWH\/bOr5xDcwdY+kNlEO6n\/7tlWOai8jsYPqutA=="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434587784,"flow_src_last_pkt_time":1603816434587784,"flow_dst_last_pkt_time":1603816434587784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434587784,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434587784,"flow_src_last_pkt_time":1603816434587784,"flow_dst_last_pkt_time":1603816434587784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434587784,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59171,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434590003,"flow_src_last_pkt_time":1603816434590003,"flow_dst_last_pkt_time":1603816434590003,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434590003,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434590003,"flow_dst_last_pkt_time":1603816434590003,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434590003,"pkt":"pJGxgjQ5PKn0qB\/sht1gCk\/uBNgRQCABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABizsRUQTY3hvBCgoKCgg1RfSbShWYtQAARL7tTf7Q3DPhiEmC4nM7FyCePUSXuhX\/xJUKDzdA3Dndh7i7AZ7IYGRP1Yj0EuU9mm9YXASeUAKarL7NfQFkziaDEWFlefwq8ZzHKOgKpSqZeoocfYxvZJ8CSRvYoWz\/L6jmv6jaQeOLENERntb1qDtsRo5+v992QGLT9TUEMVkwT2FvUb5KMSqTvrwWgkM2hgSTV4EyBe1D3gc0yLlWmSFz3jz3ijFR560nQwOMUo4q8F8wUAgTdOAVJvBGKThzf\/CoAwD57myBv4uKJMnypuTatEvPlB46uv\/yty2eheod7+0rebXxYj4Uc+UqPb9wT8PhoyG868QW5UmJx34aYK7eN3JuR15+ImKbVmoE6EL83PSKYkHyQopRIotBEKQDm+GsSi14PMbpT\/MRFwhAVJ+sQdlkceub2KUXDJHao+eBA5w8vGU2OKSHGw6MFHU+N+USgIVLGu8C0b2WNKFbDS9r1lqcSYhWRSXCnwTaP8cP1GWArgqHq4NJrJMJXD+xs1H+vApBkOM\/ZeUAGUAtTfkrI5gOusV9oUnq2ItgMvR76a8xKxY\/SiVzw7ucrWK5N2tQ5JkPI\/NGcIpsYWE01h06TOMdCUToNwiJfkP0MPn3vMz2JyLbhE71KWygYVxZlHissMIrLNj2hzs1t4mgi8Dfs0l9RtozbB15+zjCqfBYkvDNCXVfu0MO1trH5LQH40Myn9bZeAAzq9F2i07k2zD6tl2iozB832XjSA\/tFg7fJub\/mksvHDenolmTIZGI4wO5Z3NTh426m1Xr55i+p\/4y\/Q9IBI2x3X4SBvQZun3kWH6dWj67baJqzcocTD7LnXnDRN2eJnB0+m+Xkg+SR2CQD8FNHBCSnN7Yu9TN7g85clS9FrvmkHqNboNkc2KyQf9kCWlFhRrzo5YX6fx357\/JlHGWmF2cH2EDuHHJfgxwA9G7HuV2intBnLuQm+sJuJfIh6mRTKTYdC1aBxO+FJkXatzCzuj936XOJG7cJwInBtGXzIe7oIez0hn4nIWhuMBVQhhszVOH9hqsvsKAdbnYUdNA1USW6D7R\/xmghiopDfGtjIWLxZREthLkrTZvJPOso30GmJwYCSy+9OZoV2Nj47lGe912feEm235ruyUlWsQTuKpfyC8J7r+SbB5tplBhKbatYRidI3hpJ2q8lvOUBcxy5jvAvjqVG768S0brsL7G6C2TqvMZt\/zTMuDkIHPjWiNDebCJ\/p2a5kYJOC4jhcbwjh\/tz0WznkGbQNVpLag1ovorvXAKpAYOP3LJnhQhOOuZLuZrJxyhVrae9z9d1NLFL8OUzD\/ZclBspPNm3p1e1A75CP6tZBmrEoDhbY1SV4p4vv10\/MMVCqO2nZs0ov\/lFT0sC7weM0SiUoUILcoLsraaHxz2srKVBtLbHRHf5VErVRNyjOmGUC3wJs6R34sc\/8zeM+d6HZcDlUk9ii7+g55y3G7oiGyj1ls\/gUdh7+ZhHGeX9MFF\/5EajWroXTez4lAWvOzswVIh9B6VOueE+IAtyKSx63VOgxYY7yYRidJ+wxQsHNXarhpUCSPeTmkyBv4qdWIHzyXgiUcAahzyxWMUHmvyy0MueTnQQdoRS92QfxncoT12pzPDDw=="} -01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434590003,"flow_src_last_pkt_time":1603816434590003,"flow_dst_last_pkt_time":1603816434590003,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434590003,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434590003,"flow_src_last_pkt_time":1603816434590003,"flow_dst_last_pkt_time":1603816434590003,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434590003,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":35643,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00835{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434595118,"flow_src_last_pkt_time":1603816434595118,"flow_dst_last_pkt_time":1603816434595118,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434595118,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434595118,"flow_dst_last_pkt_time":1603816434595118,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434595118,"pkt":"pJGxgjQ5PKn0qB\/sht1gBnpkBNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRU25URUQTYvvrACgoKCgj9UoceU8iiQAAARL7az3aryiG\/WW4QSFw5q8b+\/qI9una68JfIBN5RDAlSWxI5aN9NrGnm63U\/Z5hZqT855BEAbzFsnSq9T5UoQJSQWJO+OxKLmuziQZO7srez1fkkDupTN1wkkdnmywDXZcMkFQ4tXNVtGsfMIyPoMOjkuNgYuL+TrFwg96COI8IOfhzUGRFJf8K8t+t3YLfMWc5IM3WJ\/phaCjLWvabCUhYVrFgZVTenSIvn8FoTPxqo1m1xa4G3n8d3o2zFUc4XDalUQSYfIsGCZ\/3VGNAlkjuVi1uuzvCOp0qJEHMlsJ6OjaNJzjSj1b5X311lbaXLxEgAACVJ7mOpBMH2eUKlimPQIRjgO8DFiVT1VtetHEHo7XxD9z9DaojFHhQILu9Ndy7QJYx+8OxPwi0k7EQtFKIeO3QhbI3teT8NwQXlJnQv\/J7yzTNnMCu3L9LWIn6C92d5qUB+1utWZXR28cNynLbRjuRNINQIzfTFmS9iOpbZglrT\/GnsqhcaOJm2t9XrSu4yCE5z0c4wHo6GnMAN05DOXBY0yYPljkh7vr4aKEDxXsaCMcwmcWxYnUlFep8Gex3JVoSlUGz95+zuvHb46+MC+XDiipznc431Qn7rrxOB6lgYcTG7kLf\/ZmPHxmDGAINfIYtZO7xiSc5JWwhUA4ikdzTJaE0uo\/HCIsdSFQFJJlEXfiQ6f+9Lg4o4oHt\/v4TQTOThiS8hA3g+cEIozsYToLOF02tEqrwi5BbfszIjeKKW+XlfuQgTXnd+fgE5dAu5Oc7BakCjmnGBb3Uz3ugNj5DTo6+ojP6UY2IU771P\/fqTADAKhT3onheWYJvxAkrQZHLnIxcgu5DA\/5Es1ztGUo\/es0BosHYusWos2FbBdJpxb+gu5rvMEmPCkuCIpZpBZLLug0rWMitGXgJfX9MWvPAjBWdKWTbvcBzKFwh5+\/1ocEXw0VaT+NsU2weQMCO1YYpPIlc+42jUQfCx0zKYejhkxNEoAo38Q29iwZcFALT5rf0jYyMQpMUMcNFQQqqzbrcaHvvgWQzH+lUkFSqbhBqtX5WCPuLWxkDb\/9GhQLNx0Q1IujSYwA1SIvLeb9bsrMAWKENc82M+Wwn3RcXpJ4cDa0hrN+3NcY\/5t1ve6RDek\/0oY6QGGW1JE\/CmiO8t+4Q02FuHroDarDyPM4tHJeLOT2NE6bUo4WRjaSNVu5ng0Eq9X3XBmx0Ikdv91XlzFM87UC5R3r52ZTZNTnO+xLkNyA4Cub32cJnhUFmGLoaAmiMCxezGxr9YUy9YTVqutoTlfA5jfzAmMWcvfXhM8IAoJ7O2szD5hCSuJ8MX3ML7TFR9jrMTogwqPbeDECUgOiFmruVR0+GuDJb2riqtAhc7PvwbnCVPAYbBoyaoy31mi2TG71Wi\/w4IaZaos63DgLgXPzRaSbjG1c2zVPlGYLiTfXzEyhvOk3Mv8aR0DqJ\/gqVm0SvfiOZnBGk5gzICSopKt52HHnW1EwSPCiNSbMh18YFppr0G1bbAe15xP1\/\/Pk0jzR\/wXBG5JS37im5z+jqUQpnV5dcnvgYoRjpgGuTxRGXLjRfoOGzSlFstUpRTF+iEOL+rt3XO56SlECJkrsnzQoo2ccoM5Hgg7A=="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434595118,"flow_src_last_pkt_time":1603816434595118,"flow_dst_last_pkt_time":1603816434595118,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434595118,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434595118,"flow_src_last_pkt_time":1603816434595118,"flow_dst_last_pkt_time":1603816434595118,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434595118,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00844{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434599720,"flow_src_last_pkt_time":1603816434599720,"flow_dst_last_pkt_time":1603816434599720,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434599720,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434599720,"flow_dst_last_pkt_time":1603816434599720,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434599720,"pkt":"pJGxgjQ5PKn0qB\/sht1gBgPLBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPy3ARUgTYU5HKCgoKCgjzn\/uzo5TjaQAARL4oIwXE1bV3X2RQF+ON3RTsnJX4an3jVlQ7KRPGPw\/cd1gZtN4yjes7ivlyOcq2vm957CNTb4Z32AWph+bIp0qE95znKWOclgtBgRpaMvlLDlaUbTJ1Kjqhg7PudTMGHo8kc8ERMms7zx2J4fSxALfbKS3w04Pkl3fNYWkwJZG9jA2z+7UujsQZ2YxzLHhbiMSZctmG+MqTnAcyQxUOVqOLFrLaBhAxisgQ5MezG68hwcDBiS0ypz8ByM9sY1JtZ4VMrD6ux21WiJ\/gTvOv91V5Grp5XnTWdbnNLG7GrfS3jGjTn2Un\/r3WCKJ0WajhNLHmPUR9BFLSVFG5JiyNgIWA0\/HgJTXD99jRhJkBHyvLeL3j9ePlCvGQ9KCY7A+MdgP5+hrP1QLH82VspHtB2VvSSvMREFxd8jKlKrGybrolBflILJX4GGJlg2hWcC+HeiZGufy5yPCOCbIVpSVQOMyBBe\/Ph0aL\/4q+E+2qJVdBHso12q7ZRf3KyV6KD\/C8p1m5HJ5lk4kmjjCsWakG5crp0wLCKMw1zK5GEWknO8UExqKvojXXFzU2Be74eZgjrj394KHSeeH524syPc8swoO75W7hTdsrJB\/rbuBB+sKBiDCauvTcD0r\/ZL2kwgN2l\/QahiKQcXG7cPXaL3PMAV+\/0HhLKSqjypOevG9iWlPhJOE9CkOrIJqW9G8TK1GKGdKLlPqAZLZ9m71TcFKjQ2zo2h9JsVhhsxqsVTUojf9bVe63KowZvJiNw7kbG5Dx9zv3qk76Scw0pW+2ZZHPjdRZTjmKSA5Y+PYOoxxOicDP9ZVOp+8YwJbnh4YepP36tZkoI4e5hYmgEwZOjt6Yo4GxIrGzuNcUfaa96FJIqS3n0i7MAiXzBsvTUSDnlPJz08s7uoWN3Db9JOSBxZX5qHn+WlZCt6oEKkU8FdQI+7reYK7AI5cK+7Fg6zvWA0dR4F7VGaHhGDIqy3gLf7KmEEyWYRoePUORLvgVC8XTilGAf6Bjlqx9PRGxm0Ja\/4HplWikLpRAYamguRrJONKI6nEhSn9lO27tMAcOTn8Tf6RTu95+ny6hbgPd\/mMKokSGNF7UUtZjCk6cbVH3J7cHgGQXOTjQysmlrFxV2bF8LUmKKxWDOYfmVKmHvf7ramU2h+1zK66w6qsQI2OFBYV6F\/QBKPRxAQlchq5r5kgySGLxmw3m6+Sf6hz7sbVIbyNA36ENRVuZXdVSayaI5VXU677nJtG12s5uEZtWJqnu3YVN\/KK+kE1AeI06S1byEfRfdS5qQoFDC+c6GGJFo5dVEZxLnoVZC3EhBh7dWvLthE6jKMd3CbXVgnSRl9JPjiWwsbn7FBHeycKSDuew5OQ1HtZpeRUJUk5nMgSUOUI0YZ50IJIEFtw5YNao7Ddw10e\/\/nmynctyewik6Tvc8zLrSWaSqgViA6i2PaP6Pv2MZCMyK\/X3XqMdRGKXZs\/jr8\/dMBZX3F\/DYmeMdlamiU1RcDJHP8r+9yBXO9yUXOhN7Pnl31zJ6vG4vR0yXekz\/kuQnX3VMYt3WopVdGtyLE43Smp\/Tz11cx6MymTg0YsqpJ+vSsiBwEm1Kebt\/+JMBAhlGhj5jM9y3tuD9xf5ApCnIw=="} -01242{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434599720,"flow_src_last_pkt_time":1603816434599720,"flow_dst_last_pkt_time":1603816434599720,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434599720,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434599720,"flow_src_last_pkt_time":1603816434599720,"flow_dst_last_pkt_time":1603816434599720,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434599720,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434599728,"flow_src_last_pkt_time":1603816434599728,"flow_dst_last_pkt_time":1603816434599728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434599728,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434599728,"flow_dst_last_pkt_time":1603816434599728,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434599728,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8YxAAEAREMXAqAGAR8opqZMdEVEE7ChGywoKCgoIqaWx\/UJ+JLQAAETSRegWnRcPLKk7uYLS8VZ6A+zIwJb1mPqvy2MKL3Tt2jbz4sn5hDNSysWyy0Q1vrUZJyUEmOGV1jj\/0B2GZUMMnU+bx4P64TDztfWRCEsX9xqURkrteqGz6ltOPoTMK6uGDuQl8788DuRU6AkQ1v9y\/IX5DuObM3NrRxVsTfrPVsxKWrlvhhc8+bzP4RcGvyJ\/YYHHHWv8RiMZV8ZiNqzD\/Tz+RFWP04TpQ4H0wJGgAkCU7iYd4ab1bDvSCbzjD468MBlMvdV6E9+6rcgmFKBMzQQdE+3VD+cPof5Frq5N6HQby2yYtJudG6NrUX73fAa2KQZnzYR4AbsJmaaX8pjzhRDzDU9lkoPYf4Oc4\/nC0DEA60ezuIdY6ti8wvtU78brnoSIwXQNufJ3MzKMZWZJpg9zM9qPOZYsquFKurbo78k5\/rJeEvIak8OZ1yOE2HfW77PYo2g+KEWaP\/fvQAQmwoeHxVcoRheC4X\/2hnLsZC4VDGWTctTohPZkhIIguZevQcdGStgdNPOoe23oCG+cigtTE2XZqR98GoabuEhLVpX8IFbc399f2Ed3R9zv0BqRW7l9W+VGBCK8l7hYQJcjAGrqb6UxP9n5twWwwy63e4tac05Mv3YxsBf\/gpWY1CeGoH4A3AOIfnYfHjCBkCKDei184tAdAwJXAV8xwNIvdB1dw3Mc68J\/Pfqo1EfLZjZfaNqOe3f8viMQO4rriT8gdNtZ0CgbJJiTTs0v3CCooFyBSmtQOJYSnaqzYT+uTl0hY8Pv7OC+YTEfEJsGmbz3bNDq8LTl15HzHDF6\/S0tKU8O8InGVtk\/4xlinam6Cr3IODbyJ4bhBkIKy8MFcG+qdHGW4VYXvs5ZK3HFwh9xB\/co3gy3WkEyPgUxAVTluIvDqC8K6I1mGrN5z9mmI7+cQWr+bnYAVDEJN4rmkUxjOxyuiiOc+eUaT617fUn1I8bpVOZvNmAr\/m0w4TmV040UAJX8kNuv73I76cuzAXTqPGp1OIlB8p\/rUaLeRtwOv26NjRPMlDjdM\/2\/Ilg8tpUGW7j\/eqU5QmqHo\/Tiz3kNBpIfGMBMuOWA\/+PbBvi4AgIZ5msvRnQ6tvRm+GWBEDzs\/IRYnKTailefoHxjXB0DNFDc4zDa+tiGPQt7PmYE5fk8D2cP4OlLJtPGya0qenuuBZpE+9egccg6vsbROrFnslZRL6+0pFRqbKJZSvkqUbHUrlE\/JfB\/RdVa6sOFQkyGbFLPZtdG76DZnk7EFNB+78rrmYjzs6QdbL0HyurZ1UeWbBWI2fQCt4n30u475\/uIDFvQNfHznThYw1T3lHUvAqHOyJ\/ccQ7CPkJlpFBs41COx+7rd4GKmxiD62jg+b4QoriC8bYd6M7zXH9NxgT2wgi7+ApxeYKupXdFHK42Vnp2KF58erKh\/QyLOmaga5TR43mFPJ1U4Glvlilv1YLFtMnz+s5m3xpG9nXQX\/uLnoR+QzZ7ZpahZpcCH3jpOUBrBQLDS3SRPYGHiIfQ3MTxt\/K2HL9xf8n7chjG+XDpVfD+Ow4ZDOisoboLR0pMTJoCSzc7NiqX5QJC8lHEJcQJ84dLF0V8eZdiDwD0a\/E3DacaQJIW+8v0unPtOxdaQoXsSVsGNysZHm0clQcBwxWaX8rC0w=="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434599728,"flow_src_last_pkt_time":1603816434599728,"flow_dst_last_pkt_time":1603816434599728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434599728,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434599728,"flow_src_last_pkt_time":1603816434599728,"flow_dst_last_pkt_time":1603816434599728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434599728,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37661,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434569071,"flow_dst_last_pkt_time":1603816434601225,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_usec":1603816434601225,"pkt":"PKn0qB\/spJGxgjQ5ht1gCaFmAB8RNSABC8hHpBwlAAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9EVHH8QAfHOHYAAAAAAAIMG1gGePLGT0KGio6\/wAAHQ=="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434601769,"flow_src_last_pkt_time":1603816434601769,"flow_dst_last_pkt_time":1603816434601769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434601769,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434601769,"flow_dst_last_pkt_time":1603816434601769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434601769,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAQM5AAEARcbfAqAGAjOM0XJOYAbsE7P6myAoKCgoI8EYvtCcjifcAAETSFB6sl\/lkLZ53JqQdlE2I446feeWqsyvCToqdH\/63WgFZXzAd5XJaz2hSlpGEY3otY+eR2fXJeeeLgKjgc1xdXndquYfP60ARoUpa1CNURQDv3dVUcZH4ZRr7gXB5ZoVF7\/jeJ12Vn6muRxM8UUAONwgdRKDgiL0UJP4xo5\/U0EJMBAoIApMkTic7rgG2Bh+mE0INS4tt2YDtZQWRkNwxdusXBvMW5Xh6sJWHpZCpVde45Vj8XrkpX2zzc2M+YhMwcBgNKHixMOLCc1OsZDjp+pVjqtaNwuJrMIuOI6usSTI66JX+7JfjdPq7itf0ZF7lYG6PNEEU+xPizRn2KxsuDnIqtilwE+LUxpsYFKfGcG5ezqqO6yKGneF+EwF1DUUwFWNzaP0yDVP0V7O256HNYYY9PS+2D1mPJ5Qh2m7ZEHCUVkRSNQ2ShIsxlvawRDyCp6kGwT\/WLvCLzHx+eyBaO007Tt\/wxiyopmu\/PGttRCmy1mbey1xkep6SVHg2hljMI2kKhPkHRByGHf4LjQ5nMnAXf0Tq9kl8M9jkU3GAPVgFzvq3cQiBPTdYAx\/xzWiHb6MZotlQJrKtj8r5btIK5VkYbo4NO\/HZLmSzj+v2qCIKxc1Kk9zuPTC3cbP50XiuLwGkNCPCfW+6OO5M9kmhEpBXsPSz70fHx0\/0D2eDDtF18PM3Frvb1Fy16GhVoNeVMEwWNkS3FwumWjt1NyRbw4LvKt\/Rmj6KQiUZvu7MbT1ndIcWoPm+a9vrINvQyHbJftHfdf2llfXEA9XL2i2KvpzX8iugx8h\/EwmNNUg0F+x1PWifXySR9l8Caxeyeh8E9jH293IxSPPA935LAymnnfgPtyfd1UPNS9YuR73IJfEhrnUAjx6P8XPDbcP+xgeY76YS+U3MH7XP1Q4EtbU2P0qKkUuklKbSr5dA\/KAEw+eLuqUjqAIZj+rndafIhO\/LsQfPYOW7bdEx4iMsGisRcOkkgcehuB399WIzJNDaiUudf5GjJuMlrlW6TLhJ\/g11dD2dIjh8WIkp4Qn0ZkpnSlcQsZ6BaomyP1UZMobw7Gb2Mj8fiVHGtut5pXwWsRBQRFeBEEDjwKjkFEFJa+NTqaiorO29xYtpR57ookqNhP\/dfrYv88CXL7XheZvTVIEYcH\/93v+Cx7XpZlqq9qM40K8mUb2GtWK8vMCP6sNaXS5hLGz84Ddirh9wD6+wfnjrttIpQkYIn\/n0QN2b1TKqZ4lV4cVP\/FewN5U4p+laZISTDvXTwJ40b2O71mGyXFIkSolo8eu55u2aHixwNCDhO56mWWHK4Sjf79khIgUIR39vcpUSQ6FVfGU5puW13EEw+81VUTMmbCdmBMwZ08nDTbGTXvAz8fOGdlwm11FF6ZM3uLiRXp1gGZjK30iogDlgUho8fiLM4+4Funma+wzaEJShb\/ISV4iTPJc+5A6A\/ef2opV+jxdSnTVcIVgMqB\/J2pk14MFTuYdq1mbrGXTX4\/KzcWcwz8+SNndOIz9Wc7K5XCuPKwn0ey2jndDMY01z6moJcN3uM0nJF8eHMcSe6+CbejSVpzM5ThvLdtFQ+ViAhGrDwX9+mUtbkulWDQiHIxtnNa+G+LGQ1ouuwgszH64VBoxich6WLV\/F59MlHS\/lRQ=="} -01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434601769,"flow_src_last_pkt_time":1603816434601769,"flow_dst_last_pkt_time":1603816434601769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434601769,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434601769,"flow_src_last_pkt_time":1603816434601769,"flow_dst_last_pkt_time":1603816434601769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434601769,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":37784,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00842{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434602877,"flow_src_last_pkt_time":1603816434602877,"flow_dst_last_pkt_time":1603816434602877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434602877,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02235{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434602877,"flow_dst_last_pkt_time":1603816434602877,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434602877,"pkt":"pJGxgjQ5PKn0qB\/sht1gCm9\/BNgRQCABCwcKydWupNP+R2kegH0qAKwAQAAEAALgTP\/+aBmd7jcRUQTYoyXJCgoKCggXpMPD7IbgFwAARL6WX\/ntaXcB2j6uyN\/eyiy9Z65LFFuHMHqjLQFwZXwPmrbwF1D9AvrfhiGZgRDKOtshDVcv\/5o63Mt5lp96z15M3u52GksY8IeFOYZFLzRLSypCHdSUAudS4QYS9yvJF11P6aEq9v5\/cYDKzMAnbW\/\/2YzVVKyxaNwCoqy+9J2FpElrzMoylxHY8jGmzsLZt+Cq4S6W5A\/yie2rgPdsV\/\/kadibCJuYe2QgLqw+NgOvs3ZCW318tssCX9NeufGXtdg+E7g9jwjM+K4Ord93OwDnRF2aTJmHo2tCEGjCWFEkbK0aHLxzz+KabEo0\/LETVbiLPpKC44rKQXGCZ7Lmqskpi4aWMEcEh2AyNzzT6UX+VTMz2bzdgqFYxEdMOkTF8mZvPnsAyl5GsftpRvrRDq4JM2HS2xjqKNf8\/rk9IDD2z1lCuhYklz6u8Xh8AV2CVmPjku7CduxRqf8iWhU3IZh\/tB0Zovqp1ibQbIYt4zrU3MxUs0Ann688P+rb7y+ZsnFu\/fk+h6xbT\/viYivE\/uJYhISmd0y\/Ibw7oVkhUvcwYGe6BlxHbu9DCl0q2k0qM2EbRuJ7WjnFFIsOxPhC8cKRdPoM0zznMb98kz5ysAdYKg+SkdeKd+4pa4gn+PgKnZ1v9QHbHVyu18amv\/ydgTDP9BOE5otsm9Ste64D+uoB3LV0jr7gSVBlTP43OHoBDZrEnIZWNb0IXAfnfRqK5U1mX9jYgyrjMmaabtaW5SNCjpVcHvLrXXfdvgnhoksaNA8gqrNxl8kTwyqsCW0T9SKJrw9GgmLUZOOEXkBCdtDC8Rwy2m5YGCQMlqBCp9fcD7R7OWZl9re2KtmbZcx5XuRoJK+Ee\/RcP8U39Qot\/kENeJ0xwBwp0WES98qMbpvwX+NXwrulmff5OZz7s0aOup6\/XRoJevNt6uaC\/AmTv08qFISr1ifH4eiMCq2kmxW2ahH9hEVWZR3Jxv9iJSCKrtvEkXwyQlIE2Ox6SYeipj2kQe7zZek+5dXGQsbScMIja5ekSaVy1D8rj1LjvpGiPeJY1UasRXnpVF59+PQLwsfANope5yQlCx+YVECOLk0\/GMBEoIlKIoZLqVJG\/C0u7wyX+2E6ZdHmRDFkH6mFBgjUTGXKtzBCjRac0BnMVz9YKLNQsd+\/rrsH5pxJ9YO0MuiSwIPs+xpIdo\/IEERboBN3aoJgydQ37ceY80ila+nQ3U9dSxR06jfC77UBEfVmdzlkuL\/DhQFWPNRfInKTTvG3yav2KKHl1x8TO6Ii\/6UZ\/zxT\/dSPlF2U3u1lI3XWOna6XPE0cHG4jVhbs8Y9WhQwEhQEXLQePEz9F2uVXMGjij63Ico7971IAKm6HyBzRv2Z2ImKjQZ0Rn1bzFvrV1KmJeslV3i9\/gn2wrszpq9ZZiQligWna9g2XDzA9fJDQnnBdg+QtaCieo2h4UjfZlagVCzJE5jJiKvMJjSG+vhOBRM\/pLtSq8qtMvvY3qHtTPn5\/9+fdA0SINWbW8xs11auU+NEYm5CyZ4WhnBvSSN8gec+a6gg9j80lhWWSEnL5q+wUaDeIovDUJ\/pMAff2X2gN+lfmO\/YkWJGLKHp\/WpzMbzWOkNBwTL8XEECXXPg9Q=="} -01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434602877,"flow_src_last_pkt_time":1603816434602877,"flow_dst_last_pkt_time":1603816434602877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434602877,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434602877,"flow_src_last_pkt_time":1603816434602877,"flow_dst_last_pkt_time":1603816434602877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434602877,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":60983,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434606208,"flow_src_last_pkt_time":1603816434606208,"flow_dst_last_pkt_time":1603816434606208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434606208,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434606208,"flow_dst_last_pkt_time":1603816434606208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434606208,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAwbNAAEAR5fDAqAGAwb4KYsH6AbsE7KsqzQoKCgoIc5O0PcfI+J8AAETS5F5\/qillFB34ZBYonPftxqjX8kBkyIk23lkZ2qSswRv0KEUWFyy4088Os3ZnRrOQrOwaYeXZhHaUBeXrptUSJZkTrnEJcyoWV9p6dEfGmv7bCjVxnlCwVoAAaJG8GHsjcbwBPQJPZ6oZM5lf6cBUHAqYHNw6rDSUKD3xvkDAy0tLs96F9A7S0NsDa6ZvGzs91gfUUlnKUaJulVEVfMWbhAjpxgUG+FXt9Oo9sL+OPkMVV\/7Vt0yoW1XaITbIq8KI8LwQAzQXNX+v7kBeFwKwuJRDs2d2j85QUWSVVg6OehxN0oTkJ\/iEWaH7HwRGKNP3wBEMihP+3wB41yI1iprDNfCK26psAUg8WkevVXjHCw\/1R8rXTAqTx4QwA+k906j11b35dxI9YbrIjP9IU\/OcLYQFjdfqfddeEH8L8+SaTdDj+FCEgqbdUYwvn3ShJJ8oqSXEByw1fDw6a6R8YQY\/NcWHQmWlwZV\/s8V6pCK5XJBFoyooYlTtK5HT3AzggQdsGSXTc5vPgI9QOgVcbjbdWp2Amvc9V\/q1oTUYUqgUbgO29365V32Dune0xvsiGBLhkxW\/xB2VR3VD8bIGBOkyav0B7u323dLTivvutQgLSxIpoC002ajbvnwVNbm1ZcAbWyBNcs3+OXM\/vE9S84TFCziB6d7oYbaE4yI6WoMFbiyLE0HiXUYenUnbBg82zVNaZ30wtH7\/mEwwYXBlHw79PgUwLtAbNWwFraM3BZwEm3JyH67VIsyLo7T55Cx3r9oakgfDnsS6P4bT5c4dkQ6l8BLSFIYKSUtqpqBbExMHSrqaMXKXu8BL\/5ieVLJhNsi\/slQ9w5NDtQoTTbDkDU1uXliwiII\/d1kCgsYupKOqyL1yOQzPZKCInlHZsUbMdJ7y8bMnF2vGBX4GG5L01jtQDpBD38uCXLmnzO+9c3yuX3Qh5zcfT34vJRSeWP4va7S\/nOP4nZYATnqlIGSv\/xJzfLmDB79k6IefwfU2xRise5mIw2N37hs+9xRHmkwSbEY658tuxL8Xb1MtKxUQDPq8BcSvLe9eQOWinR94+9pJhj3IXfg8WmTW3\/5K+B\/rN2gnFxD27OZ+9NCOJP8NZ6N\/BTFtZSfdJJpZYHIN8TnZLxRlID54H\/GDdCUsJNUfhoKrsuqdCGDfNktOUx0MVrR62a0uRztIF8liJfUeO\/\/KAKR5QW14obLuVSayoUimbOEHLMJCVQc8\/yVQYizs3KLKMpIRLych5r0TNMP6kwhIq3oRLx1tuGXR5Ce8Ty5Ru0TOGnc5fQ50Lqs6GkZSf0wsPD2nX6txa8FkQa+B66L7AJOYLxiX+7eCvInUvChFc+0Sb+WrPE+4s+jAEcZnUDM2coA7EAkqHnQ9J+lIjWQPxMKhSjx58dKOyLuMftDrpApD9cIaKdSgopyq44a5UIqEi1D2XHwo6tGidN7YNyIAutBBxF5IsroY6pOfcfi2fwuYnSzbutfHvCf8YirR\/BAaLMu3aNHHB\/ZKPVZpI\/gucAgFFvFH\/M+\/qty4rxYviGGCAa3\/53kY+NHOxljIVMDVyWE9T\/sqE0XTooS\/SgQ38mqYWA+WDPfMqjhyITNqp6FmsU\/gt0JrpoezFzEe61zJNnCelVJXtRUHkhDcxRW2fFs7Rw=="} -01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434606208,"flow_src_last_pkt_time":1603816434606208,"flow_dst_last_pkt_time":1603816434606208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434606208,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434606208,"flow_src_last_pkt_time":1603816434606208,"flow_dst_last_pkt_time":1603816434606208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434606208,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":49658,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434606554,"flow_src_last_pkt_time":1603816434606554,"flow_dst_last_pkt_time":1603816434606554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434606554,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434606554,"flow_dst_last_pkt_time":1603816434606554,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434606554,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUATrtAAEARiKTAqAGAg58YxqJzEVEE7I\/AwQoKCgoICpCmEqV\/5+UAAETSrUzMAXsH+lNXSQbnFrAyl7ceSEtrPkuYxRTLDdaFiiLmduk9Xs2lXgYzbsBek6Ac79LMu0h2S0VMLhMIoynub2oycJvB5K8wYKEeSkLlTvDrT+4\/PAaXju5wh72tiJmArJiM37yh+0ZsoHgCUSqF0WzYygVii9e2gqRAE3tVIHQjG+5jZMLcaJ2yFfHfBMxd\/O6jX\/qLUotOaY1vFKrUIY90\/U9Dbi4MsFuL6Z4A02fTqtuX4r21R2SazEf5RJES7hcKSmvCokMZmOKlyLilXCKYcenmZhN8UNa3xfFEIcmY5JwTnC3sMsOo\/rBS\/9H1GO4ZE3+cPgE5zkXgqeuWBcFKNYDy7D\/WFSz1wdWlgFLSW2hrnDFcjH74QFpHFNYSLfoZVnrmXaJWdYqR3\/GrunzyfQ5NLPD0xfrMvW+mfxDdvmFWlM5+TRdKLnFtqU5+MG9orjbkU4chKQtFPiEcFOtk8NTHDHAGDTwbYffqe87exnYOpkIf3ZSAN+Xc6uclNDmRl6vRFeIZ7wnFa\/vovEOpHWQnRJdHbza2NFUFRaTbJ66fHDPe80KPiiYdWaTjiZGLbnVxj5cnNPjgcS9riI0x\/vjDtGbui32zd2k19XAk8XSvXovnq\/N1aEblwY4nUP5VKVuQkxHivQFDAXb94K1J5M36udsQd6LdTQRFPp1uq8xtKCFuK6p8iHZhrHLCcSPXYOeddA4eGHDK9as2MSP81cihu\/T7DLy1YjlKcHYzDa3yx1xCoO5FKkG6fm9bswGYlU\/+baDbYfTkQsLCEaPlRnxA9WTERJJ+MSFDRHu\/PlPFJ7insUQmyVmaD3hw4umIBuOag4GPXKlW2orVcqPhx98PvrVSXrWoJ9fVfyaRdjVGS9oRlA6aO0YTRViOTKSEUuyp112T1TQFZCnuDnAkxVoRPmo9aTNWuTZ9TG1q3dK8ixFuLxOAzdvDCKb+Mw\/ATbe3lk+yLwq8IFMq6jKdrgufqcgEK\/DE45uK6DkeDtg2Nfk41dXE6E2W06tsmVdvKzE9ZnBhUhe2ejOTPCQOMOhKKxW1gu5IyfCpHbjJN2vfvhyPN0OnZybFzDxqcGmwjQ+YG+BTWqim17tKyUSWvtfljnxHMSsPqRy6Y6NfBCNp1aUpwRPLdmmujG8IVPEXIU\/kof9d0KApSsa1g5\/lxQVV6EBiKhgM1boWQ5RBl6ra1rwDg1yBBAJS3flCp5HcSZz1flGcqFaVEsVrUVz+AEXY9ruE1orPMbY+wl+lHasmZLW74cTNm+UINmjH3A+DsXhcmXvfEm5hNNThZ\/NnJpbpD4NH5H02TzCShSKgJ69RlVFghhhWba9V1v0pJT8dy2Wkw9Ko6Pt9n7LOTgLjbmfTwItWhZTZuppOfwln5Ay+ujYsECxELS1meSTPXMgPFm5ZqFNUQ4ewBWDBiyF0UuaCFEJLCwQMzr3L1MCmNTV6WeniY70fageRh2KTa3ox9TKmffiA5zTBLt8Z7BCR5or8UDQn5nVW9FpnezChyvtJGlUcukrf1\/2Yv6T6Ix+RUzOFNkHL\/DYqhcyt5IZvOgg9EpYeiSpp\/jf5smjFh0ytesmJY86N5x+rphh2jl\/Hh13FoM1EltzV1MqIusbwoLTLdDb5Z6FDqYBCG0rctA=="} -01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434606554,"flow_src_last_pkt_time":1603816434606554,"flow_dst_last_pkt_time":1603816434606554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434606554,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434606554,"flow_src_last_pkt_time":1603816434606554,"flow_dst_last_pkt_time":1603816434606554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434606554,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":41587,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434609154,"flow_src_last_pkt_time":1603816434609154,"flow_dst_last_pkt_time":1603816434609154,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434609154,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434609154,"flow_dst_last_pkt_time":1603816434609154,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_usec":1603816434609154,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJA990AAC0BNLcznmliwKgBgAMKP5oAAAAARQAFAKEiQAAwEUWiwKgBgDOeaWLKrwG7BOynncIKCgoKCBGs9QKfvVcQAABE0lvluJrmL\/hMeUw3YRhBIJ\/7gLtKpaIz\/yfYSAz6s8M\/iZU1xT7UiPmoiPsMT3FCwMnulK4pxlFMwSTfXCJHpc614jjRRPQY0r4A52kRAqbpnpm4pGdhwJNk2VhjYh04QB+ATZnDkcsklWaxwa1n6YHU9l\/hwXdVfRMJRZaRjlnNVjFzYTJDWF1bqR3R+8VW0waOTiwhJbmwo0jy0HGIxrRni0iCPehpoLwTjyK71TyZayvNhxdtGvZzTbpHaeAT15y\/CNrfq29HSv4IbvE0UmtwPnAkf\/K1m2amootTqW7mZ0NRHFK3HiA6yyoxrFYKU9\/CqXLS00PyxBFYvXIH8JHdvMhif7EW2Q2vZzfwwkJPwkHVXd+ngfY6wGLILtNDXV2ivGtdy3XuvH2ccmQEKSFZ73Hx9iHdBl6qjfCYRhGp6e+IEQqSNu4vIjwJrHd1DI7AFuP5HVV3t0uwiRNlmNLYg\/\/iQ8SXBZOZZXE4JJ7SqpmG4T8bxGnZ3BCjiEFishkM4w78EsJooOt\/y+Ru+rpDXeXF0DEDfcvmU78O5MK3Ul65ZjzZQp5A08B7wuQCd5NseMaqkP4jaydGTyiWvmW0mmoH\/qDqrJMH+DDDY2TMH7n1pK4uNzfng27Vymwlz4bVFY+NOz3R05sw0AhIXP9mFCKSmts="} 01155{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434609154,"flow_src_last_pkt_time":1603816434609154,"flow_dst_last_pkt_time":1603816434609154,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434609154,"l3_proto":"ip4","src_ip":"51.158.105.98","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":7.654703}} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434586380,"flow_dst_last_pkt_time":1603816434622862,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_usec":1603816434622862,"pkt":"PKn0qB\/spJGxgjQ5ht1gDsWjACMR8CoF0BgM6YEAzSri\/bO+xasgAQsHCsnVrqTT\/kdpHoB9EVGcCQAjCvHgAAAAAAAIawwAN\/DoMJL\/AAAd\/wAAHP8AABs="} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434628754,"flow_src_last_pkt_time":1603816434628754,"flow_dst_last_pkt_time":1603816434628754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434628754,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434628754,"flow_dst_last_pkt_time":1603816434628754,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434628754,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAStBAAEARganAqAGAyu7cXJgVAbsE7FzZxgoKCgoISaS\/HP4FIE0AAETS8b\/jD+OLMZ5ZfmIPp7wLwtSW\/3e3V56tG1ccXR3vL4iMRvcTifVjxLwR1VEj5kxXicua4ELuOiBh14YJiINigpT2w+4dKhfV++T2HAdDXb9HRo8Wp5\/Q2I0xH7P0GEZjVSlxh\/KVM7Q8JSVkblMvtsmlTbMHoKyKgv5ZVuhR9rKzyWjc0bDTpihNkKGhI2W23K8YpCOo163pvnpUs8vCjpMKx6Y+XLOjz86VHxZ\/dSIUgwZkfU3hXvxraGDqsOM6nk2BsxRj6ED+eksutrG0VvP5Wbl\/nwohJ3snk4n+kCBY8+CDoT5Q6xIqcKNeqA91veY6WDNW65NdLK9tq0Kt6NyRCQ0iHC1fm8oqxzK49Xy9Yr2klZXjGA6Wb9UmYx6KSJdvg6i+UYQf+hP3vTAcVrvclwQjn1Ttts6+sIXx63DdYoKsDizIkqnYCVuj0roAtIdLG95OmHxjKHrmpsQyLltGhTZMsYJQRCx5M8PpL+vjXo6pu+GHq\/GNM20vpbcH4SfliMSbdeHv4qviRxdJ9R8w9OkBT6XZozO3wWdBmA6PqET53j\/ug0iSc1MIiO+\/q4LSySrTDiP2OBzfwZT7hTAaYz1DN1CxY6wbbPEjnyqCdpqZ1PaOkaWb8OYt7bm6J9VMzWbMZaVbajU0njanBfI51vKbom0V4qvMvcrqXEEunVPVtjgIskNplvDAftVJ2vZJjRMGUEv2c4SLniMT\/gRm2OeeaPXHe1brAnbRvP5KwVwSyHq8W08M66VBt+caimizIdJuqJqF1FGzRpHgQJNETaOqosq4CaLQrU1BEEg3UbRSYSWKj7OLTgEqG1JOZb\/nz1GI+TfOOMiy+107aqM+S\/i3Tju69xYk1X3WP1Ozrd6Wj6AC50FxHQQFSXlNPa5e\/vjVo4rFyU+uJE9u8JoYphh7MyJDB1VngH+kgiqxcBa2QBM5E51d4uR1hQLe+c6gd3MDh43gdsQryQiQifYdGhNRWZZaw2p8fRtUP4Uwyq\/B0bHFpZ4t6PuvIBU1+212nGGZUAL7j3HFR48RnO1qbO+GAhey5N9lWYMlU5tavGiXfOhlX6cAsUEQ2Q6TLV\/ZCB5CQG5QDTtdPH0QZSPPPDEVyy6HE2QB0rH4vjru2j5voDUPBjLlpBQ\/NL5R+mTgOnDFh7tGqQnBHhyDGFO\/50NeIGNTAc07+9N1IfFyQChGLc3grwS1SkOgfURlQLF+0ioikEL5irbMrmWTd851GONI9exui+8KOT8c959NcGrcyY1CIpxJc6JPQNgq4cGI4ljycOhrXFfcY+tJlEO3E0yGYN4gMAGSars7BkXFZLPWbZY+Sb4jXpDImxv+f95nzmTySeAQGcAaOitCLcJ318ljtkj4SzzBlngK7\/jHpA1EPvZ2SJKmWjryUfQf4JJVEzK0DHUTA6qLYV+785FtwR53Rvcfx8ZKasxHIdWmDmMQfSDcjCfFkiPKXadftOSR0e\/XsF34XRoyBUx5eKGVWThXeNxNkMdpKbVofP1BRG3kl02O63aebe4V6uZI5YzyQUh4Dl097fgC5KIZDSXh1zEWqkg2eojIxOsLE8glsZ++gAFLU+Q749QmZTjBy2vyjMlxdSRKWMC6H66lOKBGFFFOZV6nr8Cmiz6E4iT7yg=="} -01075{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434628754,"flow_src_last_pkt_time":1603816434628754,"flow_dst_last_pkt_time":1603816434628754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434628754,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434628754,"flow_src_last_pkt_time":1603816434628754,"flow_dst_last_pkt_time":1603816434628754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434628754,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38933,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00842{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434628763,"flow_src_last_pkt_time":1603816434628763,"flow_dst_last_pkt_time":1603816434628763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434628763,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02218{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434628763,"flow_dst_last_pkt_time":1603816434628763,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434628763,"pkt":"pJGxgjQ5PKn0qB\/sht1gCIsNBNgRQCABCwcKydWupNP+R2kegH0qAKwAQAAEAALgTP\/+aBmdzC8RUgTYW27FCgoKCgiOjC+QJeVzXQAARL7JSt9fXYbHm89vAcaC3zVPl3CRJrP6TUqyl19zIq90T7T2NXCDcXHJobasDcuXuTxPvCCLEvFASvzCuAXXUk3HWjKo77c+LloXAI84Zwqo8KPwvyzsluIwpPaCQQSGiuEyjDniWlSc55j3zHtvxBYI+7qs\/+m2E9Qo9cHvaYLyJZyEsYiKOdymD9qvtzbmDAszHuIEjcfE2JjV4l3DJqKhapzLQbS9PctxujyF1VUI2ACV8ytLLBKZMFRXoJlO+bWzOXqbJSZ6o5mClNhR1vsaR6skwjkGqVgCBLklKilA+9\/6l4ZG3WIaUFiUoM7SgIxwWF8oyiKV7zmkaclu4f5\/3yzgGms+jvNfvtwGzb3Fgy2XF4aZ5O5HDcLbhvsSrvGKNU1KYKAXZ4nH8RB1\/jFqFn4mCqeFIiG1sLtiDLSix9f1+6LcFT10dfWo8qUHWrWQKOTbIY9nDBXTCntoa14qK3CE8mecM2VJ7ggYOHeAYHiK\/KSjuFeEFZdZUdhlNNgz9SYFL52F6XzgaZRwl5PM1sfRI+PVfN3H8HWyDW3URl12iKPr73MNCK5qktammCheXnaJBQPkIp2os8caGwd0tnC6YXcJ6lRUUduYnFyZK+vu28T7Dz\/LrOOfuQtWldYrGOIU6j6+ccDKu9WWuVGuX87kKb6hFa\/0Hcn3qf5Lj8lhGc0veQe668VrdjsW9Dbg+kfK24zU3dHzbLq\/XM+CIHEV0Yi\/cWiNNyuRa7ulzdTCAyRs9gYlEY9PmbmMmVnZTQWIYxLrJJXunKhqYDK1mFGTl5IvfBZY7XkX4mf2dHPjv4NDEk1QrCa1hHmGBMvl396\/dwaT6SqqWUBPCDC6vSElGrAMRRGJq9LvfuTt+lbz304CY2d8TLKimJoo6M2hj9FCUJij7LzuvBHoekrCNTyCpGkXK+6f28WuMzCkJmtH+2+vwCZ0cKmQ7CrGhhaebnvQZwlEFUK4HQuJy5pSXRkTWfe3guDQnvG2+9SrouXEZwHBxw4mhOlu4pZjXEqExMqWvswlRLClP4rnliDXpHH40rXKEVBoT8v\/j3qP19acEvtZNPaR+ixqYrvXUyjrT2RlXNw57\/diViUriBwdc6BZan7TmLF2I9JRDJyDmqg737XOiOdNXmktfhguZlHvtu8BzXOxe9QBMRua9UDc+uCEMwFmlIsRXS+UZdgutMlJZ1Lbmq8+H9dnSORxZcpeFndW83URbDqnqh3rTxU46PizBvjU3UUHxGcviHiAab4O\/xs7Wgwm5afjOM4HWTr2GZZohe06rmbLxZYWQRT95qnnPQz6O3YXVkngtM49zsYfYtwWc\/15r8OVdncTVWq9tmcsY+IComKrHlZhTs92vAihW5Z6kvjaWc9ntG7+kh9ebleS75pVIAPP3qfgdh\/HVMZQrPcJuQH8Y\/E2UgruG3vXoC9MYlyYHSvs\/p0NoudzrUECbg4P227GFsxLEbPUVjR8LlC7rVNTvhNIZWwC\/QrTxuvgRdHhiNNC8M2PCOHRg+GtiTF2\/CGbeBUpGmKvLPodeqZZylHTZhjgU1MkqVoyyY00fBkWduQkCMwlkuamhmTtYdY4kHKiR0ij2DmQLnLbFkclRCdK5g1smA=="} -01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434628763,"flow_src_last_pkt_time":1603816434628763,"flow_dst_last_pkt_time":1603816434628763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434628763,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434628763,"flow_src_last_pkt_time":1603816434628763,"flow_dst_last_pkt_time":1603816434628763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434628763,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":52271,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00832{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434628781,"flow_src_last_pkt_time":1603816434628781,"flow_dst_last_pkt_time":1603816434628781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434628781,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434628781,"flow_dst_last_pkt_time":1603816434628781,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434628781,"pkt":"pJGxgjQ5PKn0qB\/sht1gBiRvBNgRQCABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTABx2ARUQTYzffDCgoKCggnNhDgZJaMQwAARL5IzeYAwPvJhqXqSzYyuvoAe\/H9DvMh4rH9IopmFLLCj+PhBdGZ40ll7ADayrGRVomiqXfQeeqE4lI0JVucWTRV10wN\/2X8338TTB6+1v0VW\/8KTorpg06AYkrrASXu2b1BsrKpwLL271kd\/dx+mnQSA2BQKuHrVBCwcaBHI0r8YyjQ1srYGqRDA+zKcgWvk4OEb2anzxkS+TxZp3BCgoJSxTVTaR5r447ESHGMmgukiZT5KEHWyWxF9d02oG1WB5o1fyWZF5XPYIfDooBiT1AvbGvAvfKT01RDHMenDf9O5UT9ob9+XRCiw125P6PnFWGEuoX7atzAW9zVIg++DcOuD6bQBa6hwrgrZiQuNBd8kuQqMdvHefesXx4K8g4hi0yN8Q2JiBx10ybm+sDchOmA+ZGI3KJA9MxZ0Sp73D0+bCJe480Wpk3E7r2Z4INozKeBGUIjWkyo7qFkmuan\/71DIvrB9t\/xagwgNTTJ3tPFFcZxULz8+MN\/EAmmnIbFUMJkGpaxaZkxUwzdBzzVfWgWxOxaXp6E\/Sp0HvH7wVBpKbhjbMf7v+XMfDLFzWRXSgKS3UI3Pb2wyqIDyMku47b+QW5Q8ogC6pRm7vw2ChoPyXCwYbBnsPUrSwZulaXZ21SytHaEU9+EZo8BWLIhbxHDWCqgcwiQOrN2ld6qsp3S\/Vk9wosbHKzGjZ8Fq0IulMECZI2u3F39UfOXkQRBydLXb8SJP0YbtSDYwJVwphKDdTuYShkSh02mqvLr++kOOrUBElEDb2FTjuj4gpf7X+VxQEKj1eV44pEqEnAkpTwMxZvrlvupezB2DaPuSdgJ2oTp\/O7zZVUZF0m\/4ldGEeQhWTjIV6CkEIKpRvwcA+UXJ\/KFZ8RG5C3FjLxgW6qDeZaa51INZ1jnCY0wbHYbjsu1o4BqZImbBcIYiSFGPgjyz05R3AU2gPyjMwQtepARpLhB2m2nPYRAMfmllWHd3xwrKK3Glp060Yi1hFmvIsxBYN\/HFmXph\/R7xAQ\/NCCsyb233XTR61h+5mjyr3kBdhvRp4FWAfrGEcdmYH09lxw8fsoI2fyGmlrIiLbF3Ib+dz+bKp06GWcTagDImEuKvHXDoqew6XT8CRp81NMwgYp2C0sRRT0X375VlYNNoST080OfYYTMWSZLZIXQh8aObm1WMLPdvWnM+yeTd\/mCvRRGkSoRfYLC7RPv4Px+NqngI+PBo1onxLjP+L4PKyIXY5M1Wb\/ntYVcCVD6Mu2L9o7pVgw2OSUjjv0o88lqeZ+5ZeeRR6GyrHda3BrAmnkZ+qpQgDgKYZH0YS\/dr3\/dP2b05Ar17LfJufSjGiJu4ojISm\/iPkcpJzhCB0Ulyrv0Qi0cZ\/5EJ37Gp3EGx9wtbixPCiSDCeFvjur1Q9TswIkIMcYKjzlTF8c4ari4VRXM+F7\/DFMpQowUPXMsTOknhf+QiC8PtIgajvJPz0z4ts8GtDrZNFWP1dmxLaXIf8adUNIotOd08gg+Fo+EaXwzTPqlyv8pnBs9YKcfmrjrW8mdx7psWvRm4G1XHb9iD7+F8FJK6uKYd40yFQLCG28wXMkr8rTqhU71QNHZ421qXPLwoECcRhsDGlUiQgzViqn2CQ=="} -01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434628781,"flow_src_last_pkt_time":1603816434628781,"flow_dst_last_pkt_time":1603816434628781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434628781,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434628781,"flow_src_last_pkt_time":1603816434628781,"flow_dst_last_pkt_time":1603816434628781,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434628781,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":51040,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434629806,"flow_src_last_pkt_time":1603816434629806,"flow_dst_last_pkt_time":1603816434629806,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434629806,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 01263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434629806,"flow_dst_last_pkt_time":1603816434629806,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_usec":1603816434629806,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJAgVoAADQBpNWDnxjGwKgBgAMDhTkAAAAARQAFAE67QAA0EZSkwKgBgIOfGMaicxFRBOyPwMEKCgoKCAqQphKlf+flAABE0q1MzAF7B\/pTV0kG5xawMpe3HkhLaz5LmMUUyw3WhYoi5nbpPV7NpV4GM27AXpOgHO\/SzLtIdktFTC4TCKMp7m9qMnCbweSvMGChHkpC5U7w60\/uPzwGl47ucIe9rYiZgKyYjN+8oftGbKB4AlEqhdFs2MoFYovXtoKkQBN7VSB0IxvuY2TC3GidshXx3wTMXfzuo1\/6i1KLTmmNbxSq1CGPdP1PQ24uDLBbi+meANNn06rbl+K9tUdkmsxH+USREu4XCkprwqJDGZjipci4pVwimHHp5mYTfFDWt8XxRCHJmOScE5wt7DLDqP6wUv\/R9RjuGRN\/nD4BOc5F4KnrlgXBSjWA8uw\/1hUs9cHVpYBS0ltoa5wxXIx++EBaRxTWEi36GVZ65l2iVnWKkd\/xq7p88n0OTSzw9MX6zL1vpn8Q3b5hVpTOfk0XSi5xbalOfjBvaK425FOHISkLRT4hHBTrZPDUxwxwBg08G2H36nvO3sZ2DqZCH92UgDfl3OrnJTQ5kZer0RXiGe8JxWv76LxDqR1kJ0SXR282tjRVBUWk2yeunxwz3vNCj4omHVmk44mRi251cY+XJzT44HEva4iNMf74w7Rm7ot9s3dpNfVwJPF0r16L56vzdWhG5cGOJ1D+VSlbkJMR4r0BQwF2\/eCtSeTN+rk="} 01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434629806,"flow_src_last_pkt_time":1603816434629806,"flow_dst_last_pkt_time":1603816434629806,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434629806,"l3_proto":"ip4","src_ip":"131.159.24.198","dst_ip":"192.168.1.128","l4_proto":"icmp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":7.619289}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434640692,"flow_src_last_pkt_time":1603816434640692,"flow_dst_last_pkt_time":1603816434640692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434640692,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434640692,"flow_dst_last_pkt_time":1603816434640692,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434640692,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAXZdAAEAReS3AqAGAM55pYrDCEVEE7CF4zAoKCgoI\/WffY03wSeUAAETSMHofJsIVRtpuQGVddBW97CfvMNh6FstJkOMpUt\/yyfMol2NH\/cmw9076\/GVp8Jiw6RRO55nAlaDXRKDx+fRRFB3MWLmB\/9BdlA7rKSF+bxrlmvb7IG3rx2evLnOEA295WB7h7yye\/Yb8SM1ckobonKrZZ3VSIcOyeDvx1To8yKU8S+qgO5UB6V6j3ZR4z8tia9hoRBaJuuWjnRXPIzRC\/Y4Ty4G0TTfbVLamm4ej+5tVGNr3TS7pN2Xzt9lr5OogvAmipVfcrFQmzNA\/+bixOvtJICDh3fR9sII+Aa6F3m95yiDF8HdhXx8TxWV640MZkTOca5MbcwS+YPz+INAIjF0s2owurg4clHkrQ\/h1vY9wfL8cau+doFTFKxQWkVu3t2i\/+mAsWEv1COMBJgtwWY\/1oMYnha9PWceb7bjtXvQ0AFrjBC2iUpE8uKG2lpMj3vw++EDHs4D8UOswAsYKSR3QKTNy5\/n9F2K6wbOe4lbPp1tEUC9i4BjrP65N5Jjd4whCLlWExxdcuUiqmeRWX1rLfPxynJrkw7vqaREC00sCdzi7Lh2rgh1ZgrEUMSznXgMtkuiWXjnmdl6yNUvpIov2oxF5IIqE7+inmRUO\/4bFKluz0rJxSvweOGUOG06qc89\/fVfEYvQVfSGie\/2jaZPAoa73lw60ChYZL5W8YQTUE+iYwCEs\/LrU43Io05inp4fW99XL+dqJLeBaKkadyRCr+ZlWnxdK3SIVAKssrqk8c+dwBP8Ga9TvI0fwtqyE9zLeGdLLth+UrgzbKZkjPtZvumQptE3y8vzXm3rNGckk+s+tH5kfuTErhMMgcEqqghapUSbghSKFnvd8KXrp5I5dImNV23VsAFnZphiNdSMrAO\/5tN9cHTB5kZFEzKzu5mIwtp39YSpIVho1618W4woojYayBTAYGdCFJnsdHAOWZ0YNc9fXqn3t7pH0RfvXqhkQ14VLJ65JuJqy\/Qz9StzBGBZch\/xsRQnL8tGwRc9QlrXGc3QWq7muqAOCyzpHoMChq2oTRE\/8HPgudmPNkrAf\/ScwBASioyMRhmPXbQOnz8kpZqhiLFLzbv+SqaBxgR+bgVYn1+3zxEWz0OQ7t81FdQLiQ\/r7o1w\/5GTxaT2UQy4+HSu3XgrEmc70xQDowI3TS6l1xbMtq6G0wpiqDxghwCsLBT2Jp0llaTYvV20z5T8ax80YSjv99Judp7QAD+5ZWDqxTHKL7rG3JmR6R8uIhzq4m21IYTygNOeNDTZrVPa3NY1BluNOiJM0ojQMwAtKPXhJSECktSWYBn4OIxP0YP6tXleYVmyb\/7bsrgrloCmarQYyCzGzZUopQB5p32ofLV7NTKVj48TfiOfWu7G7+u2kMk6czrGQwjYr399xRe06yg2sy+HVyEgd6XGMtNrXxL3I24LS63NRpc2fVvxrjZFP5bKendh2XIq59I5JF37M+rn6izwnuj0OrSHOnrx4VNLacB+DNwcXJTwF6fVCp5WfoIclvXXgD5bQwPAiNcduRQACIAJ6RQmeAmxrOjgDcNXfvMKHilUpISNlFeHOjhQMA+MiaVzNspXJLCod8B953YO\/H92LBu4hBpcVIl5YP489aYAYtVAU\/QpiEmGNr0vZKsef4Zb9RxDNgQgxIA=="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434640692,"flow_src_last_pkt_time":1603816434640692,"flow_dst_last_pkt_time":1603816434640692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434640692,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434640692,"flow_src_last_pkt_time":1603816434640692,"flow_dst_last_pkt_time":1603816434640692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434640692,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":45250,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434641678,"flow_src_last_pkt_time":1603816434641678,"flow_dst_last_pkt_time":1603816434641678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434641678,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434641678,"flow_dst_last_pkt_time":1603816434641678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434641678,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAJ7VAAEAR9yjAqAGAhfLO9KXYAbsE7ImgzgoKCgoI+QsGqtFYjA8AAETSVUSb8KmUst+PHHzqT2SeL\/P07nKCp3USUYX2DxY7ve1fmgM+d6G2XMZ3HCv4lyQmqoBHOLElyJxOdKbHXGRlPb8Uw+yalWHgIS2xYoZgj5sMn8MqFHMsZqNCggoXKshRMixX78IzGLR2\/lKiD1A4mWU8YHeWKPR7TnPFWL0DkYoQdkBU3xXWNJeqWETA9YozB6efhg2cH2ogJnonWpHROpBEB6lu\/jcG\/MvvNGSQjaR7z3v7jq8Mw3XxsqjwZfgpi304y1BIMudGRSpwPxm1jggsFOOXDIKWUaaGiA8X1EtpSPbruNIaK\/L8nYCzR9\/1l92Fw0JngzKyN6xNFLLYtOKoV1Pwa0efysfY2dAAzQNo7LPVtGghy0jghB\/MURPiryuRJr7wLMN4\/xkziyibDmu9JuazbAVT5UQo01\/BC8SQIa5x6yjASIJd2bcftTT20FM1jxDiA3ArSF1FxI0DGP+Jup6uykp66yBe41NxzaF3JQhi3TYG05c9pWzR4rpiqKPbw8ISxSbEYLfqoBX7ZUxcl+Qs7EKjfeI5rSefpJ79UTAq2IOiRgmJMMPilU+j\/185uZ3gWFqXxY4lgvGRDb5sAaglqlZSnbVW0el8W0GPbw+\/aZQWJkNyosBG0ozqSDnxIVCgg0DqM7BVwbstGqm3b9mynQaPfUAvtCmsTRJuCzcgqkIiUtIZwgZHsP4Be4bN3A3Q2DeS1HWXmwRv5KaOe44h9q+4TtSXNmmmmTGGXWu2YAX7Lgvd0URyUOZt4f1KhTFK\/k8sK43+MB6mD4td8sjJsQiy0V30FZY3CtSNXK7u4R6vEWsgJPI55D4UDnEYK2uN8lk+fDHWtQbSlQqu0U4znKSeK2EAX9xBVuEJeh5HeX4+cNWyIRDmAoYsQmQgmHBoD6pedxp9SXnK9s\/7uoVpaKxNV9ZM\/iWMB\/uKFhDd1+o1EWWjwuWds0vy+ZbywiOwrY6ffiSgerdtWkuaQf7H9QdZ0UjwbnJvPjya7DyyPtvP8PWp\/N1D867R\/QvkR8ZIaOdSzOuUYBF\/bpCqsIrnKeR9VUtP9FyxkgG\/D6+0uEUl1c779cxCQck2S\/t2diwFSth\/DmYwuknya3f6okawJcF12dISBsiADyiScw4IixWhDn\/\/uIv78yc9e+mYJhjZyPxGXEyGiSruZ8bPrtfTna0\/r1NWY3ZypYWBjkDiSvD3Zfa1+eJsREXjUDRwmFnIeE1AgD9eHr4oXUc9yJ0M0cy1rxfrdBrPiv\/e9MTJXnRIvBev2VujEE1pdbaj\/uNoH8Iud1E4wh4YfsafTjdd+pK20QBXt1fVDPye\/nA\/auW82P\/6KerEyR8YFb1Q5decEBub3RIeRj1Zngb5dOSVgZS4YCk2C7bsuJFE8JSiO5eFBdWQrY9tTmedksZFAA6HhJPngNaUeVLzpnQktjQ5caPa6W7\/wHdT3eGdJpDXMcegGharvIfBkRc9tQPIVXwcqIbyrB3nyDdj71w60xBtjcgnuLW+j+IpTtj+MDyKaFGpdmJ95nu62ZA4gWFibO+sNt5rW4Ayr9RTU1vnb545kUJfXX39XayUfvMOvDTraKzQ3G7U4a0GC+KFmI9u9t3VltkEq5ickl9h+mNSdzqETNFgrEr943KdW+amAA=="} -01076{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434641678,"flow_src_last_pkt_time":1603816434641678,"flow_dst_last_pkt_time":1603816434641678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434641678,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01108{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434641678,"flow_src_last_pkt_time":1603816434641678,"flow_dst_last_pkt_time":1603816434641678,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434641678,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":42456,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00812{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434642398,"flow_src_last_pkt_time":1603816434642398,"flow_dst_last_pkt_time":1603816434642398,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434642398,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} 02217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434642398,"flow_dst_last_pkt_time":1603816434642398,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434642398,"pkt":"PKn0qB\/spJGxgjQ5ht1gBmesBNg6MCABSAB4FwEBvnZO\/\/4EYx0gAQsHCsnVrqTT\/kdpHoB9AQRbQQAAAABgAK6QBNgRMCABCwcKydWupNP+R2kegH0gAUgAeBcBAb52Tv\/+BGMdhooBuwTYZF3MCgoKCgiLyuadTBhpMAAARL5Jn8vg\/A\/iHcc5HGyjUHtzYCYh3M+1HzdHtSjFxotnADrnTs2cVW9HALnbbxq+j13Bpa3hTOGyFKAuVKKOVbHcGaJLdNA06DSFzV66GiVnWQJ+1MFEeQ+EHU1tYSy5DynacUlvf1G20dd2kmKE70+xxOTQI+IxdCf39TGHKu+pGUdVYYzStvwWo5npAklpjTRW1hPHPgr+vxfK0tzntAB4tgdSsfnM003avASiWDb+GIQGRqQqd12Z3S73M6xSxbEpPhQs03GVV7j7jPCY+xuSqdE0+RC2M2xTxkDxrKzwifOo5JzioGQ8n1leAaytkPPh7\/6kP3tXKc3zSh+6mDapIcrXvGRPBtxzjcwZlnfC61xJLZ4o\/bDf7VXUn2iqev2r7RfntxDJ4F+CHoqdQU19Agb1DRLZ+44sSsLJRZPe0rMYqmphZb9TR\/CXfZoxmWSMgVmNHVqPhkUDRkBFiFUg2qWtzD6IUIlCi4UB90+3QDAMKbHPStmRV90FoZ4qgb1QWQshIsAOJrfADpMoeQeOvpHnWSBMA4n5tbORKddl3SJHwqDMa\/kYlEza3HmYzKyIekgCLUxBLZMgtxwl0pUeJvIYxMdZF6Znn7pRsQ+GhZyet6ZCOM2ft7uJCMRH5bphpdavcWHTrSt8uZ2iyfo3VofxaZqdzUsHHTpc9bD205szhfCxENgNATF1PGuWlfKJUrPPjUWPpw65iGFR3+hPQ1+ZRRE7orDx2vkC5kOJiEvbv0d6sp6yfMo3tuOn4kXULD2rf5TSc8aqDVZCklaUIbEuKaQv0jni\/XkpmdOw2UlUp3oYLZ9on+kdq43Nf9WrEJ+gfSZPMUZsyhXXyPRNGMrTBo0SUX31QcOdzW7AQaAXnJRZob+0gus27voTqIEPJh01fxeGPbXNNQ7VzwarPIKHRq1lGIs\/wJwJCsm2hQjq0+K3VFq4cXacrOp5mbdbbDJRXEnCejUnTswq7Ga3dz818NNmVp7FoznVEcHX3RQBfk8eLveHtTEpxIgmvWuj5aaZt+HyxH\/0YALf+wz6lv1s1l\/hg9o2e11OlebH1k7T7awcxgi41AZepwsE50V3GVh5GwIfK89lz9Ro6tly3hUhrsJ2ja1C+A6RBrWVVdcIlZY4BlIcSzf0BUccadkfpP\/Enz0yFkuHTLXTyrmsvl44wgxOvsJrZMwFacqnccJZHwZHWEMkNcxcPbL0Z2U7a3Xa12dEVYYVu1U+X65oQyb2yPkBqMJ+DTB9RU+DnZIynnRzCZZkuvH7Uzn\/zVoVu3fNULVHSP4L+ehdOiOmS0l9r6IzvZQbe+xLjtz2iXbuU36zKNhA17n0gtw0JDOpoFDbD0FwhdY1JUMZx18mcrbFQX02CO02e+BE1Anxc\/TfBIKj2hI2ObT4d57WIvq7cpwJxNdZMuBfjVhAX64+5X4J\/pGNdD3WMTo1fYU74kzII9sWnijVE1WzVIBymOIxdGDOuxbCm5vJaE\/oIJEfaWcfmDwa+jhxCRN2aqJvKC+Iwq2cNN7z7vgOXAZ9SIrdZFgVX8+v9NO3ca9aZg=="} 01089{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434642398,"flow_src_last_pkt_time":1603816434642398,"flow_dst_last_pkt_time":1603816434642398,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434642398,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434643533,"flow_src_last_pkt_time":1603816434643533,"flow_dst_last_pkt_time":1603816434643533,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434643533,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434643533,"flow_dst_last_pkt_time":1603816434643533,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434643533,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAVf9AAEARrFLAqAGAR8opqcRxEVIE7K+PxgoKCgoIvbmHXcmpQ\/MAAETS3vbU8Sj6l2wQUfqZRc1xY7UZLfv8ZezreoQxaXMMFQplcHI2WGivL79HCn+gIsF8oZtTfotO31JT7vkJlhmOnm3lffZWDOZVO38TNr5VVART1r1V9c6QtCPl2rOLEXod3QmseC2zkUY1D5vxPNLpAyblFgLtoVLKMFRlexYKVyLMEaY69TsXwdxzuRMmPQ8UL6uRNnJiBB3upwv58iisAqq\/mRUYsFRLcP1OPYHQb5CZdE1Q\/A+91wfQFJGWqFUY9F+EFUVCV4bxdetx31E8OGGq+18vcHmg7G0LGgeINT+xkb92oyBcQkbST\/RWAy9hTbi4JTuezLjGIBdZzSMVzF4I6bcizx7siMmVUTnl3UmC\/rxQUcKk8XFu2YJs9y2Os4+WhVjMwJbIx\/bkcUSXo\/NnUnrT4jCwxD6nX7oTObYUuq8Cnz5uWFN6MRwb1OvukfRscRjrcumAQBklq8PagQJe6Oyy9xDjeo0pQi33fo\/c8Y2ccYq0oba\/ZjGmaTjWjw4fyRgR2xdNJWEfSX9rXqOdXmuGVEnT1hq2hHX+bWhy2QkCI7BHn0dcsep8lx89ym717WWE\/Xbpk0tFl\/pCnOGrBuniD5HFSZDdjSGLJoEXvoHbpOgi\/IJCVo50+AcmmA1BKQpFl8EapwyTEeKmc\/teOj7E7tI\/aOzLNeX8EUS3z24mYkZTFOR32Oujeu3clt1f1qtieJ4Tya9ptPHxYnje1QnGDP7dwz5gh676z5hDQGO4+4bo6ul6N0iIcXDo+Yt7zeunYaItRqPosZXZf2RDRVFhaPMyZpD37kbwM3I2xJNOsJXPxB4VObi0enWqgsSeRLY928BMaf67KliYniVAoxk2r104WSZUE7jxtTguYe4EME09Q5d6rrjnTfQPYIelchCLjz7IISF0G4QSth+iInqIg43sXwXNGEiA5n2ll+d4YEisZf5kJw7z7z4H8LHdJs0yPLtOkDemSyBDayKCguo3SC6thZsf4fL8MHcNaDnsBOQ3qsjckq3DPrhBaaQQ\/PnOQb0Pep8XXsjDPf1z6oYyQ5OmCTSiiICzO3jhCvp6VkuawZ63dTmMdwG07DNkuUzrCU1s3uXcU3hD432hU+A1bUo4tC\/eVs7\/Cg1UBIH4KQAD55x1zc1rsEiqb1C7faMv3OYy2TY2rHCzIrLKBxU59Q7kRtUbmutTo74p7kwrrlSTJCO1YNPtU6XBWtj7wzz81NndAWB6N0QAk8std4i2V6WuY2cGSRu66EYGTh\/8K91k4tTDBWpfGf4TNDSp5t5T0dGpvXA5zPG8DWjbXuVi7ELoqM51NEc8d7+IK2OCAdmYpX1PsoZL0Lbaw475Ho+KFWuruhhhwa7wzva4K3thZxpZy0eBP044yQ0lANRgJ3bThJg8RPAeJgPvuqFcX20la91uDGheq8GjpqmA35Zc3CODLtZQpRoUd6coXnW9stWjWC7LAp2e921jv6NfJLWpnOIL3\/YvqFROrdJzbLYKnKNfCTryzQPuJNK60hRlQe0ccZ844JLUpRAYdtGzZkFKHhFRXy6oBkYx1M3HW\/UE2PcwS\/IjPcNZbTy+fdv2atp2T3sGZ4LPZca6tbu49as0q5fcEgS\/u25\/J8syzbevr8VL71PTWp8v54ud1Q=="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434643533,"flow_src_last_pkt_time":1603816434643533,"flow_dst_last_pkt_time":1603816434643533,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434643533,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434643533,"flow_src_last_pkt_time":1603816434643533,"flow_dst_last_pkt_time":1603816434643533,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434643533,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":50289,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434643783,"flow_src_last_pkt_time":1603816434643783,"flow_dst_last_pkt_time":1603816434643783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434643783,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434643783,"flow_dst_last_pkt_time":1603816434643783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434643783,"pkt":"pJGxgjQ5PKn0qB\/sht1gDhbcBNgRQCABCwcKydWupNP+R2kegH0gAQvIR6QcJQAAAAAAAAABwHYRUgTYy97JCgoKCgizoUNUPmNvHgAARL7kE1\/vTL\/NMlU9dFfohroNb3lFa0sajkl+NYJsmpdZxseLTol2hdZqlkF1hqB0ifjTUijhcAiX+sblrKEYN3cCa28xTnru44DNDzMC4mlv4HrZOqLLNO\/UlY1sQ8NKCbNtoSq21p7clWer16m4TAw7H\/F9E3AX\/MdNlxeqaKJvymPkTEmiXkH2WePQ14zEX\/OsIv\/9nKZprtTphxJOpWh9iC60eXUS92cRfpPE4t2QsqYFBWlVb+13SoAgtAjkrTvvSLYg\/D9UbwBgPzj7R4p4Cd+bbadGFWvc8wcjuV9E+a+X5gFeHhOOh92iUHSpTT\/SzNsRBUS9i7htX+D9DZZfG6yrrqJwDVKCG3skrDDAnAOEIj5wc9E6ktIWj727nJPaG4F\/yFeB9mvF4BGMSF2t1HX1v3Uf8fd+2\/CrVkIpM1QnAbm2kykvcJlPK0VaRsZgQsar09\/xE1coUXATF0tDX6QEFU7xe84fN1PUk1FXFUXQjOBwq0tYTTcPCN4qGKSXtiP22FkC3\/OV2TW+6RsyY4afHoIc55iP9uTyiDz8GgsOMMcDAt86zjUpsGFleM3dlpIjA5SRInS88gDuKFXQazWcKMDZGgZ5OzzGPWiaCCElrFoU6Z0C9Z3M3gT5NV2VJc1gEss3QWIiObA5nJk+9Egjbcm3dvzdusN6QEHoBwehHTuwg2LVAOrhrdwgJHwD24nAbkGvZS6207+R+dDWgjErFMPgJjQk90HJrSxW3PVzyhqFF8r1HhvahtRcrGLHjwGBKNWw\/mrkVazrYWToNHELFQGA97zWhxG8ZSHR+27fKaBvWg5SNzSWU2wqAon3FV4zTetTXEb9zkLHsi2S8+hrVzPvDpUzxu5LCvszrotwPRcXWgIMpfFuHdDkZxnUc45aPM4oNaKzuB\/0K41UWRnLrJN6\/+98eIMaltlc4V06CpAS5gYRWr9oVtc+QkkWRldnz37SdoLKl8j4QpdxDKnGiBhtH2t7EGBZvilk2\/E0n1dYaPhlbDUz8OHPLZKVRSX+2OC6kXAYMmbeaPeYmlTGxdw7MpypCb0e78htplM7XmCygTm7xO55EtSdHoQEqVVTNOIIkzaRk0or7ix1b+Ac9bulavsll9eLerk9aXIedIpmtLAhpid4yPMzOfK14JMJmXBfXb5Bmo\/4e2X5MhFs1h6MDiN0sF8lsZJljJ9S5QgvPFUHTbEgZwtOqgzvOm6MsHiV4dCQU3zeds93rktywyH+Qpw1nOVbV0RHa72zd0Io5tIKuEbGJ4DvYBtvaNEL2GzNcfpg1SNHmTLW9FsceE8YJg9q1N4VFcd0DPFy5W443yNter3ub6Z+8DDshzGfLalC9+Gxtga2a8QCpuk8EpMk+hYjiHRQMcz0FVALld4YdzH4Q7aHFNufiFtsQORs2elcXiDr+suYZd\/KbghskPHXcWBEvZ87I+FVy0zTnkd6sN9nVlJxmggfsaoPYeNUdCjf4aj8XSdzugsx\/gjaDcmur3C2vSPf7TTH0vuXm+WJUiYbW8mepVZGo\/Ab4kEw9z6H9LiIvVjV2bJog+FgNpi+bCuPZrXaL1QVg16ASOkMyJEOBJ\/ApwZq1c+0SVVETGYjpibsmHYU2g=="} -01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434643783,"flow_src_last_pkt_time":1603816434643783,"flow_dst_last_pkt_time":1603816434643783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434643783,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01256{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434643783,"flow_src_last_pkt_time":1603816434643783,"flow_dst_last_pkt_time":1603816434643783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434643783,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434648476,"flow_src_last_pkt_time":1603816434648476,"flow_dst_last_pkt_time":1603816434648476,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434648476,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434648476,"flow_dst_last_pkt_time":1603816434648476,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434648476,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAVWdAAEARtqvAqAGAEr1U9YhXAbsE7B\/jxQoKCgoI8ujrluq3MPgAAETSSw3nndZy2B\/JR\/aFheBm1Am1dhHdGKFX4rQi398jOJ+Jn+ueiHb2+ayhrixzGiiTN9ufhk4Lx76CWjuYMe1esceEF2U0qEsZzm5HKOUSMwSJ5RaG7eBb\/NGtId7Q6oJPV32C4GXJOjD2zUmbaepzk+oaGFaN7rBeaveWtYLwkm3MCtZ9ixGvt1GVcZjsd3UxnGM0OVZjCX0r80DcWyuTZ+venG\/PF8dpMDihqsZpbR3kCGTkK2uMnVKt5rsbq8Q3DZ4G5gYRlETl0tKNNk\/HmutyUjflzkkuvzr4zZfbMn0fPfDD0j7mcNxEYvvd0jng9gG7f2g5c2cWdEOeL32TJuGaUD4LxEgTmtQ74vLlqJ2jtPbB5cHftJfgjUFjPeNm\/TPJhWl+3\/2FaFh7UtvKIQZYWOKggBRpbC9DfYZGBlcBdT4cVCcoYVYvdnofibyJj7qvtk9aBhQ8X8haBJHnwUiu9Fh6LP38l6DOudy0wo3ZglGsYmVQyJ13TOTkHezaV+ftjH2Ic2\/kdq8i3gBc5XmSKkmTiDbR3CJC6bVKLX4YKbycr7PwvmeAgaIww6YUv5UVh+vhnxqslyCYJ54KMPJqDqUt8WhJ8Cyji43HCRRNG5kipptq8jUrAU8gnwzNfotH5yFDF+SAJ3QrzY\/5UXiv\/luWN+jwEASOuxa49aAiqVUa6A2J9z+IULgzW9aUufnh8e6ojNPCROl0NOCqRnl5cZCiCryKj\/+UTBEx39zm8tG1rMtKw8QCLVg0thBdHS0CguNqIcZrFjoob99Ht9nweYVHyIifEGHrneZFx6IaFg2N2+vqZttN1BPnlJwB5SkjsSGnctAq0WWDJg53X0egLh7DxbpeFvo\/PmlH\/qw8mjFt+NYPN0Ckt589t68fWjAbTRqz6xR6iPzgtt26G5g9GSc+owtcPOoKDSY+FtfvQEy2FDAKor8oRuyToRIFoS3GHrsVAzOLHHMrzcmpnrq0hajchpZRX9\/japhKPdmJTqsBb+ql5oZkXtBdENW3VUtixBzrUWiVbOkyqYBTjYwbASaX1s4B0v9Dw3fdaQktg0huYIDe3RIztuWGLVXFqL3kiPstObyRA8wmGdfn5WqodpZ8U9Vfz6QFfvCBcYE1\/TFuOxsVuCGHj1fKdzqDxFgpT\/6zI3IgHHNl0RstA3RkolWL6H0I5f1KqOUjo7bKGh\/fgABUsvMtkL2jljWloerb\/OyZ8cMJbX4NbVoNGdWP6RjJXhmtbLlmGjr\/nG9lw0JPerfXWXztQQ84uR0ZUAsCJbt6PCEcektnL94QlE49op9jLT5v5WzhOshdDsHI9kPLgiBlXhxtuB\/4fh64dFKwIV\/bkeadS+6vx09Jc7DjJDplds16bxuhHniXD1+VLQYqMNvLfkmfXTcvt+DCDI5+MtT64WEYlvBN\/oRfvKNXOlpG0nbSIxax56Y8i7ywQwgVXRD\/tgIY5hSIvokl8C2Vtnw0ocpu1kRHmBam5VO2gvUlslhf1v2Z1lhZ3ZHKYC+go+hJTIN8eMiQlcB94ueuvx1ZXgPZAWpEgcGBa59R7aGipRkAIOU7VFYiFm+JgHn0wlJi1ePUMn2SyyfRo+5s5CeNkA7rfixGxD37LoDcJtDM1uCusOgWzzaoPX\/WMg=="} -01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434648476,"flow_src_last_pkt_time":1603816434648476,"flow_dst_last_pkt_time":1603816434648476,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434648476,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01110{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434648476,"flow_src_last_pkt_time":1603816434648476,"flow_dst_last_pkt_time":1603816434648476,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434648476,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434602877,"flow_dst_last_pkt_time":1603816434650048,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"thread_ts_usec":1603816434650048,"pkt":"PKn0qB\/spJGxgjQ5ht1gDoRdACsRNCoArABAAAQAAuBM\/\/5oGZ0gAQsHCsnVrqTT\/kdpHoB9EVHuNwArYcCQAAAAAAAIF6TDw+yG4BdFR0cg\/wAAIP8AAB\/\/AAAe\/wAAHQ=="} 00839{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434652977,"flow_src_last_pkt_time":1603816434652977,"flow_dst_last_pkt_time":1603816434652977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434652977,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02221{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434652977,"flow_dst_last_pkt_time":1603816434652977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434652977,"pkt":"pJGxgjQ5PKn0qB\/sht1gAVD8BNgRQCABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWsxwRUQTYTRjACgoKCgjaL32MZj\/FsgAARL5kzfCcIzgmsxjP0G4DqL4uwGMN6uFXlzXIqULUmbWkTZimqkIWYk5J+U1Tm2aqd1MjW9rzMqELFmlAhlXckjXGsH+Agbi5yNw7OuSd0A2jkDOUIsWCSOJHKlMr0ObsMh5yal2tl2VuEVfSE0qsFV7WLAeEJZABZmjJDxwfk918siEfP+aSaQvEgBBkJ84hGcxa0pyg3zr9AdvoDzmITNfcVD\/SbxorVKGQTTyoV2KjJ4ODNMmCAzaGCyDD6BHN+TqaVnIG75iUky\/i00OWO2itqTOK5MK0gg\/F4dmZXxYm544SXt3mEIMn\/KiT58TB8AnvvoMM+zDcLjD2voYO7w6nQ7vjIZtfT9m3XWOP8J9F0bvPBS9+vGZTprqiR2e6PBnSg0KmchSjlKU1RP+jKuqXA5YZOjOGqV6O\/fewKbV40io0i1J+NIHqJBZhd5bjjAjtEL0\/jGHCJT8+kHWQVRnVxvJTULFHfSoFaOv0\/FAPPgQmAsV\/e7ePRse7PiP7AO9qzUpNTBIaRi7R7yEx60bIoFeYOSNhxPoca1fCTIiqpbf\/Lysq6HvKKUzNT0W7O4lfkb\/ZC1VhUlt7Od+qJCiRwXxU9D\/42IwUin8sjlUvg+KRX5ulSQOPGOYufZ92sil2AWQyHIIFULLz407V9+RW+9E6Q7FjwFkZOFtY3aV1T\/8FTKaaOHGLazcJjKUaGZC8AA2F6I9PGcFFC9RAXizVtqzUQ+iviDhJ+goUzdUB1agAa\/MIn7DGkbkQVOtD+1M6CKkE7hHdmiQ9n16NW3fCjz4YqlEqNM80RgogewW7AOxtVLzwj56n0cG2wRWB+HawQfkQIDtIJqSHPWB9OkV6tfXkJfbT2wlbh\/rfKSskLrk1sbYzY1PIDNmPjLRCZBVWmCYLPffYkG+b4MwNHB\/vAIrvElJ1puJF7jpzzegk3uRCXIKeAvnSIueoT+dVtLnf0DjT1SjmwFUtovRpxxTHtgK78PEBaNK+CFnXBiyxXF88QJhaPeav6oIj92LBjRUaBtpFYrGT7ukwX0CZJH6ss8DKRBYG8o1LXxAiSMdCM85xU\/D1l5JAQtiGzlNDH3qXy62dPdPRzmBTdsEvCTu1SJ4aTQ5HqZkZ8mdXkv1vSCrhXtjNjyM9ISkMXQl7Fv4snypY5dWEXtwWFf\/DXWrXLzy8bkZnUz7iRb5Ma6ol5Xky3YnWYit6Oy8bYeuXHVcQl7yxHmQFX9vlhcsmh3du6Au3WEc7fVr5+pChwI9eXXokYUBC373Pa\/y2+Tfslyg9\/dYBdfu3HiD4BKHBgCptEzxjJJoRocgeQEgIyTxnLazyy7tsTNsUIYjWNFhWoL2xJFntqowob7P44+WFAm6ZkZovEYYNmSKqBxSG9wAPXekCbXtH\/b+TOIK9+1XfTT1IrbkxQYHWASoekr6WZeU4jYlWrrn8X8ujjTBW3jswDbT7J2Z+rUudTp2RtVzFLtpsMRieCSQBEact92jCCupbg43ThfRz5r1sA\/97BYUtprJqYvONm9iufuMRRuGLpd5h9EBpE9lEEKcLT0QIsIjALGWNfhWnZdIJLXqAQgypProR3AsmTwuLfn7lEfngyfzJ6wUdezbTEtlDAdR3wg=="} -01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434652977,"flow_src_last_pkt_time":1603816434652977,"flow_dst_last_pkt_time":1603816434652977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434652977,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434652977,"flow_src_last_pkt_time":1603816434652977,"flow_dst_last_pkt_time":1603816434652977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434652977,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":45852,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434656025,"flow_src_last_pkt_time":1603816434656025,"flow_dst_last_pkt_time":1603816434656025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434656025,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434656025,"flow_dst_last_pkt_time":1603816434656025,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434656025,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAlgNAAEARiNrAqAGAhfLO9LMfEVIE7Eh3wgoKCgoIJ05Q063kdsUAAETSbLaK1YIdjfFKFulEh8Y2sf\/rINJYpnSz+n\/2QdD9ZhLptcSvy2R2VY8k3My6fIvL6mAk+uMpn4smDS1KptYa2flod7AFdpBN3VvGtMn8LYTKEkOwUsRO7TdqEPawLRWOABxPUqjQjdCeFgLJNdZk5RA07LTgVWI2Yu12LDx4casOusyaOV0FFb2psXZWvD\/rRGJTjSUwimMA87gUlPjAdz\/gfYKA8J81JCdeNyPB5kQpQZK9Ag3U\/SNi8mmglOJkOcsW2kP9tVz80xUx+vHEMYcRJEAektIaWVqW\/qsi2o67TUfHR2EXa8XSNf6EPfTjaOmRYh3mFcNDcJgd2kz2KAnh3V0gkKSqu2uEJA5\/mg\/TnJn0\/l1UAulF72+p5R9Pa32JoZ5rRGN1BakDzPrffOR0TvFE3y\/+FghM6Dz\/8uzCybhNc7sfFp+p4ZUoUBdN3i5d0NPyFY2gHyQomOn9rjU73nYYIseeZ+nhRO7YbCjkbUB\/yYwkJmFOh0TvqwzYznQgk7lfr\/md+bsxGFCUVM4aVxtYqCyilzNHjx2\/0uQ9PwLviLCGbf\/DMQiUcVNp3cYBqz7DJUy+OlRTk8hlbBxWecwj0pbXbnMQduOagYXqgiomaGUVKDGlda0JCfvvNO757eKuRy0mLdjIpqHD1NEufFqbaSMZUn9grkimQ69ppIErnAUuDQMJRIyzqNcJHugVGEq5oP7QdlfZ7lr3jOBT7HkZcNEd8AV47qJgoKU5q4NGc0J71Pw2YVYd1scb3A1vWRIVsIkczT7yuDAKiAClVSuNQLnIvJw4l6s7CUlk6S8uK69+4Ltr75BolBxMCVoHkM5b\/orqVfR0OqNi+hCYxsYJghq7xN9bXvYCpq2kqvymjFiL1hosZ8LqBqlbZ+KRpjwV61KCcoVqNasJru7kBOCt\/mWTssvQAORaUq8Mlwn9y2PykyJGeVKaSASOiRacPdV4HuhCOQcDfRB9yNMfMAnpvVeDH6VS7MdAdMQe93Qrtp1QeP8VO2rTCCN91AOit2V+QXCvc+BbYXTvvH3JkKThYqcH8rRbxqdDTPq\/wWim7\/0lqkWBCggizFSqTrUIDXVpjQPuUhy\/WRzxkYSIc7u5fZ6sIq5eN5m9fXx2vD43Yq+l1Ghb4xvwIneJ5NUn2eFk1R6ttVwWQjusN7oyMgG5gj6hjohBbMiM6VLvBdJqqabe+fqfPuIkbGqi\/pSgVmd7J7gTSQs7\/paaiImg8sm4Mq97uvoFIBYp8yYjmKJB82W7bOZiqV49vTn0RrZTlVVPlHFQX2WpjZTpwwz0jIKKplJsVkyi1FG+BOFx+GyxlIihWz4PLKtSgOENeMXtz0\/b7SoSYOWhsCG2\/\/f948c1r4PeUvRu7XqduuojNmHxpahHKwAwVmNhkRHsAbP5zW9qP6XfWnsVWmx0bN7aP5npP3hrOKyfrsV\/5FkNliWd9jR5UNuOo4OtgXCghNfW4LyOPBq4jsogY2TorxYEYK\/ICauhkE1t2zAYwcvA9jNm0x1R4D\/Sm+97z\/rPAGHRZcrG9A3EB6U09uwydYieU6kZpUiZJOYWACk9HUxtfhKSNARDjWcNCzM7bpArmDYB3hnejZrmrPbFxj58+oKmg6IVgKVFjNIQGjV1OHopPg=="} -01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434656025,"flow_src_last_pkt_time":1603816434656025,"flow_dst_last_pkt_time":1603816434656025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434656025,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434656025,"flow_src_last_pkt_time":1603816434656025,"flow_dst_last_pkt_time":1603816434656025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434656025,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 02231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434657595,"flow_dst_last_pkt_time":1603816434507204,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434657595,"pkt":"pJGxgjQ5PKn0qB\/sht1gCNHwBNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUlL0BuwTYQzDKCgoKCgjBjvWe+MPFRAAARL4g348kA8mQBcAOi\/Ea5lVgGbx\/7eo9z03nW8pQoHBEiVFxap\/J7yF0T4ETOiXRrEVFzfKu4cp9\/aIHD8VuqdmnRI7ZUzH6nHP6t6XgWjPLu9gwncGiNpy\/62Nk4XPzeji4OQEhiV2wvPwilhPjz1Iw8tA6gxIE\/FJ4VwrM+jhjDDGeJX9BSVBF51kNOZwIfVwErkoa\/qCvtHlDAlGsd67naWgwRHPQ1nkSJwo+9sQMQloIehnYy66qr7McaNefwAbFS5vujjFD0bYEmGDHKA\/F\/y+3qGlJupB5YPSp8wB7Am1v5JD+D\/bG5B5luaL\/5MF\/tQnBG2dxtea8LZG5G\/eV6LyP9L4ooo4IJyvTlEaQ\/ZOeKwlHxchtWnc9B1fL75AWTflk927t027mF4gEUpMwkx4RQMESzJeKbiKyR6Kju8+GylIujiTUOWwe8Pt6FKBiAZLgvlK4YR6upjyxAj1yifEMXI9ck\/VO\/Ck0PU3TrRtvDl\/wfNsVtESwzsMNhYfkwDEb9HKwo5a2\/kMDB2oZkX2VNVeOAH0n3s8tB9WLVe8oKkFTUmog+0QRsMIpnLCWQ75LQKoJv6O1XJQVMkvkriwokuRy8CCP4EpIlVSvXuFArfX\/fbTPCluQ1NH50zOP6ysMQboAYq5P1UCN4zcLGWZaVbF9oa1jAJ6PadCu1EtWpxyNeTUpAe5jtCvh1Ek99dEg6bQ+j6gvn\/Yz8AhHWVisS\/4VPgx2sHYS2FDc4ug9W6gsAFExY3uSitd7XjxK\/bL1oNU+b0jZOhnX4xE5mnhbxzHNAKXSXB2aWDY3+BQWmASrCC3UyA8\/hE91TFVnfAmnegiopiURKjvi8DWlsXJi98UivPepk1KIUkyuwYljhDbFg+Ju8PdCQIp1RdqDT1rPQsla4QcsyF\/NLkn03\/oiCiTPViBgeLpx5IDNsz\/E5PKe7HtjsCqTGdF3JcVQGRMcs6XuK6eeXR39paD1+Ap5R7y4jtTYGF3ERVJnfLPi0OImMpLV78BBWUIiuk57yx\/ByVw1Vi231q0R5hJu+2UkRPleoRsn22QwOy5Wyt6YCa9Njzu+jmkM5SaTLiDskQIXBb6CNyIxDTqisRatDtzI4tGgpDJJrJLyZRRjwm4IUGl4MEcnCWz9P+nJkKiW91BFFECvItcE6tRgENAP6B07ROBWB4xJBDVhnX0WgQS8bETOrbEby5WFiD92Zha2iJfBanxLrhkMlyxfJQvY++OklEMvIXt3v8l2q3dZWFOn4kyWKCN09iij0w0AEDsYLWJZuX4Wd4BeQXUc0TQSuDLkBeoncn1cOIA9nbBX5JYvyr8xLwXYv1YbXFHRI\/Z6kEVdG+BSe850euHBVqJOat4IdCKJnu6NuFXRzdJnMp9gCv2PvmYfbsW9v5iJpCEm0G5joiY+1mWnVbfZAO5JyrBGv3ibTwQYFw\/SIY85UIif3wl0VVblUQH81ysGAOBc9Qkl\/ZLs9Nmdqg326DSTscTecRmY2x8\/F6T2e\/IU6BMaPO19yi\/FICyG9IeO7SjydAWQ627DK5c9b4kcDrf56O+pK9aBvIiTOBgdfw7wCNgDwIOMnK6gKccj4qLA25Wlz7z4n6yBivDMYJeK5g=="} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434659010,"flow_src_last_pkt_time":1603816434659010,"flow_dst_last_pkt_time":1603816434659010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434659010,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434659010,"flow_dst_last_pkt_time":1603816434659010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434659010,"pkt":"pJGxgjQ5PKn0qB\/sht1gA8OgBNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmtREBuwTYsN\/CCgoKCgj6DPHJWWs8sAAARL55hiYulShwyIvWIzeLs9lbgr6rmw2K6C37PVfcJZDvZCsi+yJ6TesBrbkUmHPBfXK2VSsq+4q1cI5h2aHxdCKt9ff4StlBulmgH+Bx3V5qJpzO+chyDdznTZrYqtjC6v8ZBmqg6a0NWZctg5sOGc0dmWqWQt\/s1k80Opf4xkQymFAPA9Pl4JS9+iEpGVBaepowwgfscg0eVp\/g4KhRhi2KxzLJD4JVToYgB90k\/XMf5w3IY1+ur6LCGNOvp5CgM1wSVcjlTXRfF2sQ8Nt5yAOXsMdlE2VREtX+yKxHSfWv2qqrbcbq6RVZYdc+ds1nkWyZ\/6jdHbCssoBrfhArvTqJ3nXGeMUG+bKJ8FrC+4G2Lxo3r7Ru71nKnVeUZu9UYw31AJEBbUWJ15R3KR8bSsgXVEA1WA99CJtgXyQXqZETvNqqmNWotKljKjV7OgVyrLmK286tZpqcji\/W3bv\/Ubygl\/yKnAKUAdc0UtIijMu1BloVA+m4PWftVJgbHf3aNTI+rX\/vVy3nXb0QxfA9y88X4009Gs60l0v0MkyueqKT84n5UNIPGZG6kKOK4w37tFYHam4lcYFhUTipTGlChqgi7Rf4rTS7tAG+8PbEvTqHal3HPtJlWvTM+HbREgYOOX+JhiQqeFaskCeQtAFZK2PQl21O\/xEnuuZnwPjd1JkjtwZsem8bzkoeN4610EXK0Ys8ust+NXwAs0bP\/var5LJYH9Np4yVLvPxPvG8XuijcEgZh9Ws\/PfZ9C625UJ6lCdqn5BKdsrwhiY3rVJi0Gb3BXOKIhsyD2r8TfRwv9Zq4BaDAYzj42tlUE3f\/S15wR2pPt+JBRpoPkMMI+gDAQhJn8p8DcnyFkIppSWC9eOywndfHU5\/yUdNXRQwe9qMMJPyoMAFljWxrTTkdBf9XHdyCG0LJ82SE2TMNyUEKoTvtO+s6V45sw4+vLlhHFWzUFy2TDAYLwJNFtU2MgtRT5uCj687n1bMGAYODqCavE72METWdUVuP7KQCk+xmcSAjbR9cQdf0Ld5yf6144baG7pSmrNRAZds9af9ka\/SYB65ZE7zkDGunpr82jyDWS2FNTrKtaVTKmR3FhTiIDLlKPp8T3xukB7\/896wGVPowkyKdVGwn1U7d4smdlgzTqpu88QlyVTsqovLhf+Cl3l01W8nhlUKi7h\/7LgxdSIr\/1gHh5vnSqEyBwm2o1SGij1+TJ05CbhlsZnpgh9DpccxP1I\/Cy1W\/csGNz5P7WukiqEENPTqn7PXD\/3lj2VFKnZ10TEaU4eoOK5Egn7iJWSlbXxC1+uwb2ktJYlIcBWdWgcsSv\/EVRcpOxuacQcBKDfkoJTamdzkoxAEalFWSJMb9d\/CRNa9R8Rgar09wnJqe04d9jL9dUW6cDWYyJSw+MWOP260ZOljLVpA2a1QumvmmIyr8a7jSho4tML+Kc5q0tio8WmChgQRA3uSkUpNwnyEx9DCg96kTZlDeJwu7RwrkaoKlX0GjuohysCaFrtrDI24bZNO8w24oU9Fm+r6MEXXwEQxB0LwQxQFPxdBr0HMioBlCcF10uOji69LTOSZkYvb9+AYrA2jB9gSAJO3UPpzSFaCEJqf9FZw\/TgbQTNNBsw=="} -01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434659010,"flow_src_last_pkt_time":1603816434659010,"flow_dst_last_pkt_time":1603816434659010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434659010,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434659010,"flow_src_last_pkt_time":1603816434659010,"flow_dst_last_pkt_time":1603816434659010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434659010,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":46353,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434661281,"flow_src_last_pkt_time":1603816434661281,"flow_dst_last_pkt_time":1603816434661281,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434661281,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434661281,"flow_dst_last_pkt_time":1603816434661281,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434661281,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAqp9AAEAR4XjAqAGAKHC\/PNIfEVIE7KqIyQoKCgoIcBuNCNTaAX0AAETSsdkQHvJcN7bcF1ORvnbsKUKjlPXY0qQr5k5uOcDOcZrEKpvgL9RbsKleW8ZMaZNBIcnwq2KO7Ra5INHkVKJRC0TkUHMwFXdKdeaESLl2Sccd706kHiSPpX2Lbm+12fv10onPbU6DngslVSwo5iC2jlneokoStHZ4sxg1C5Je9i6sU3G77ZkPXvlXk0NdQQdexNFkb5jV\/JGW0vFPxDe\/qF9kedjCbIxx+p372PhnBv7iEwZ5Yhty+\/qNKY4yyyzUUwAkAmsK2pn5dzcchowy2PxUUm7hjeS7h+ta9tYiPjGP4k1V5zZKY7Q1iEzKbQmeKLLMluT7Ze6EQ\/94FkLhmXXWckZ88YK2QIDTY12s2\/+YoUrmy0fuxliVJc4e7t5KZxll\/xsK3NXnecJzT\/C9JRu8GZI0MGntc6sD+SVMUDoRX5MmL6JI3Lgrth1lbQy1hnltXa2ICmJpXg4UGGlDL1Pjydtfs82r+A5HZhHO8I+yeL60lJGO\/pmXurcvVllxGtQGjKy0Qx8L\/+0\/h97ODK4A9BOM8c5uVRJZi+ae5YWCQBxdqswC\/na2\/hdsvvl7+jK\/hb5lcLu18N2HToRBmI2OttnAnni74F8psk6eNPlA1WXh4QFnhdp7k1TRWG82dah5Np6uhn0FWu8spp+GpOz1PstbpUlg7HUDKDRocRvdo+XzWoapXRLt2rZBMpFM5+qBvFVKX6Ap5vpKqXx1vyTZc7a1PZSOkBPGsuBfMn\/e6CFzZ\/7SKPFuN1FEHhp6qVSfqkNu+E65oEYHbyp1GfsjmuOEnOWm9QuYUWXPMO\/ZpslsQLq28PkTI45zSR3jBaqY+U4cAU8hHI7Y40pZi0OVHAUG3Cp6mgeeNysES80m0WoJn1e6vRigeA1nc\/I4X7I+sPdNk2rBF6nEfBWEHw7MllB3iWKvvfivqsRWGfnLPVIWWdgqIoeFXHZ0RtFAK+dhBCktFzDp\/q6hAfIktX3z+sj5E4pGLpkcvClK3JUCXIBwpBXNz\/Kc9u134cEFWcWfbtjt65orTzu8PxGQYP+2jYE6lnk\/tcEolSkAelGkBK\/fE95QONEIEfiGb2tudRlXWTXRf\/FFFuldF0FdSJr50n\/Ih08O2ebAjk8ljjBC4Vr56KppkjdyyoUri8YzcV36sbFJqSwNQqsETWwcWH3GRqKMaQ+n+GVJUfR2mVE\/e4E852F32tsINiUu9KMW+toNgqOQfW3axNf6JaPFYtyy7MrNLsqhd2DTcip3+w6pKInaMiPiiKc8Fs2riJwto+W7a3bpQaoELeNUhEukCZCq\/FzN9PqVxk6EFWsqUSSSGklINGSbIS8sc+UAhevcQz0048wkjFBmEZFqu5A\/ObrRfWUEjpP8hKYzq9fOtRsoabYuH0GT29NVVZ6mp6+ZCCS2cAvfDT18d5ydh7ws+klcqRStiKM5PnIuDiY9ahp4jcvj\/XCvOWH28khmORKIgTIM5tVtnApY5TcVPqz7Uqmg2PcjSYyRBrJch\/eSfjOrA\/cCMqhxLApIy5m9eIL4iY+YzrKwVPTBJ1t2v4mujsR71BWWVXgie2CQjixGfOz6PTiXloHY0ohyCpxw0Cg0ysy1PcwnMPh+3oGN+0IKbU7LLyLHzUsIyN44wigmXzAl6Q=="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434661281,"flow_src_last_pkt_time":1603816434661281,"flow_dst_last_pkt_time":1603816434661281,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434661281,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434661281,"flow_src_last_pkt_time":1603816434661281,"flow_dst_last_pkt_time":1603816434661281,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434661281,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":53791,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434664905,"flow_src_last_pkt_time":1603816434664905,"flow_dst_last_pkt_time":1603816434664905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434664905,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434664905,"flow_dst_last_pkt_time":1603816434664905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434664905,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA4mFAAEARxULAqAGAwb4KYuh7EVIE7MZSwQoKCgoIhDOd38iF14kAAETS+DrcKxcR6weCAMpXP0WCjIu9ZBcpWi0OIwLjGToed\/giv9qrtDo9ivnhToDBOwIFut7lx8oGofCTHgF7Bu0VwbCafc3NxbT0fVzbuULC9eYaVRWQHPCUD3HNkinLSEKLzkqEotl3g646wEpRi\/ugoezcuEqO2y6FIB5R6lgny7Nkkc+zMDGl\/vVsq9D4yR\/HW1d+8htwfQLJRpA9hzqrxRXBKybzFVVjhg+KSz67S75CNguDyG4FD4d5JXshyl\/M4INjh32wAMrYFGa8t+2d68fOM2TsdLASGnjmnLNA7\/Pf8UMA6n7BdmW2IJneYpplOs2JDLXzJklKXNuJdllZWQX88VAVkIZdlhRUIxXv\/f7UmxqAgBcsb65UxpALzeD9UOYFX7eXnFX3CBNctLx4OV4vy5qTojgYXWndnvZWDyo9r1nMBp8D6VlFL3WOfCfGoqwqeHusn5C43hBSHrku\/bXz9iJXIhkW2exazvoHN691IPr0B73C3NnmhicLFxNH7FU7WO\/4IL+6sD9DZXTIjSg6oTpPZcbUD6nL7y5Da7hPow3PhI\/sdvRXmbzab8jO1EGiZZHwGfa4q6m9yRM\/TXA5uhhLvU2EfXT91420relOj408ZVI6EUSGceNLMighOPfPAfp0WOhbMCbd98H61M55hJNktUMuazO1d0gcsWhNN7ihq3R6vEE9ycG3wWK4AZXs7o9pNpiOjFyi\/1mC6Ku8u1sBA1oNJJOJnGURm0YtMoufHAuKV2LJVu2OeQAP\/A2\/w5vSvzrQLOGEBdMHP3rIjZlGA4ez8O3T8wl88X4DTz9tphYgqFCKVqs8At9jd7jId653CvC+xEYdEiNG9bQtgVNzXeRz5DgAY\/Rramv\/s0Mz9eqNUZ5kDg4J0SUVs70edYwUxeTQM\/DGMsrfTyMpxJinyaJ+lIbkswjz4fLDe6hTAtCperVOSIVU7PFEEJNopz\/TdPDhB\/\/OU+mjuGnm9dVJqiOBsKq6hwakuMJMeEbqZ4oR6\/2tTEOQMV7c3m8hAgBlfCT+et0oHj0In1XsO41lgeBhcmsxfgpL0+MgrRWpX3hNlmOw2YFL7IPahaVoqqwt+hlD2GAaUYWeZHKQIID8JZod24qH7\/lYJ76jofC+JdWXEJ7R4KLVHjma\/RdasqECMSrg4m7keaHTZDKrBR35ahliIHV+sND3+6E5IN\/2QdoUlOi4\/UYlyycPYl2QrEjCc4E8TPnrA7HhR8cbOqvr2NJUiO3vmvNIk9u905r1d+yKr0KSvjEMW4aoGs1cnkqp7BFwfwUFTFXE57dIo29rq+a60tDyag9gqUpuo7QsXjOi2fVAkTyRGrjCd9eSs5MDoGygOvvn\/yw4ZAA3XpTxroAMLQ9Sj\/92T0qxoDCFA5OG7E8A7GbyiO5B2nEiMAOZpw+5PZXL4BrU03Z37oc83D+zHRg9XCBGkB3eyfyP2\/ya8kSOgnWI5DRzDtrL+axTWaV4naIX3w78wYegwyfuMaorTISN4Ye+UzmrsF4ld5d7Pp68ZmvyPCebtO\/KSElf\/sucwWTuBzbcyui8aFCG0Vq9OlG0\/qaPlP1qL9A8E8F37BOHLRzvh\/sbn8ks0BPPWFNRGNxMVhkFaWjx9NYOtOhnexATQq7v4e\/jeA=="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434664905,"flow_src_last_pkt_time":1603816434664905,"flow_dst_last_pkt_time":1603816434664905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434664905,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434664905,"flow_src_last_pkt_time":1603816434664905,"flow_dst_last_pkt_time":1603816434664905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434664905,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"193.190.10.98","src_port":59515,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00843{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670390,"flow_src_last_pkt_time":1603816434670390,"flow_dst_last_pkt_time":1603816434670390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434670390,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434670390,"flow_dst_last_pkt_time":1603816434670390,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434670390,"pkt":"pJGxgjQ5PKn0qB\/sht1gANDQBNgRQCABCwcKydWupNP+R2kegH0gAUgAeBcBAb52Tv\/+BGMdwnwRUgTYPWHACgoKCggiwZ0u09kvJQAARL77XjijFoQtvpL+zAbPeN0VMZAH77o2Zf3Z\/VxyA9MhcBb1aoo2HyDxw4AGg1rpwYEvZC1KOFbHEvRCy\/7Qr78EUwCK7jfp3PwwAQqSqWeygMwdmPiD9xsvVeM\/Lg3sKV5Yt9sS6nVuVMVaAANebK6ODqzmbz6o3JQ8SCforD0NMCEzwS4zB3SuPu96Zlh707dBA4O8O9hnahrfzpYrma3GTkWvQNZm+MZwybX+ZiPVsaHNWO4eC2QTnSZ5AQr9jvuvVHtv4xtMgtNapGHmqllBavgaXk+UI6hfTQM2FE1B5tGaz6wpXpW9q4R\/XybVurW6TyGaQAE6Rv1VcNFUQkd3osuzBpTRgRd9uQPLk9nYNE1PNSuiR91fTDaJoLkRppS+gpYwkOZenhVm6gOiHF4bfs5ERt4YlwEn2Dp0u5C5nrVVxtfjnYJ5IwT7hUHyh6h9suifUimgbbxzIaysmGlD4k2fx9pmDLHsUHTce4UJVqFY73JtMr6k+yW4T+WXDKoYMXAeEnYYUrI05RCVc4XXpAwD9xw2VGUTFNaUBIeHo7WcMaqEEgdPOnluAhzJsgCW+N8o0F4I+kCQseYCSboaFjLBLNq0zPRus1FaJ\/zpb0BAxHAiXlVn\/igRt26xRMAbTnTk5GPW7C6QEex76kpaaQ7HDdZHqKpOAkSMflF7jIP40HYHAQatrIYPmDQgSWfN880GBmzH9sYEwnjgxWDiL0+toa5E6wd7EQeR8y5+\/Dc5Uzh6tsLpKuR7N9HU++dqYI\/gOtoO809QFWpju+r6P3XwUeBL1ZT0bLR4yPGw3dekRK+qnie3Kqo5b7bYJauiDOWg\/Y4N7gkZK+lB7oklk5ykDxrBCjJgZkBXy3ps5MBGX6YeIhFLnieceXGOD5JF1MA85KdmciDwctd24umJ8IcaHVflsn7+7ZNAlehJDPmcAPO2TlEPY4\/yHOBUFJG7kAZebLJ+uJFdZdWkSaRi1YFo0sxbTkoNNpO6Hu+zAAN0IAy5sYg\/mLzAclK2KdqEZerl\/B5NatrR\/cF5OTxG9p02zemz7BknqKEgbaBN+IFnswhrUXlOTz5kf7R\/m8wKuhLc\/igh6Ij3ng6sR8vbemM2AfCHREP8MbsPro6xc5aF3dAmmWkn13MUXrpl0LTzZdwzZdq7FodGh9dDjxRcZYM1N8++Se9XsHKEp6uPV\/JaA3s2p5q4ZevQE2LX20v4OvqdVF0MMSV+4OZz6eMTL82DKbZc3CST1ORXADs6BAjz6it9rKE2XOBrS5gDnpCiRLCFudHLSBlymJbI0g2CwumFP5vBO4Zn9qFD7JxrpYjBkMOpt21xD\/BtOBNga1EAbpK91wtD+ubtYSnpbhN0OrJGtHIFjpiwh6Xlp1yrbCWvXV5CMDi7VuMCY6X2f\/duWafjiHD8aUvnVKBJpAoeqDFPimiegbb28SnwJ5uYauvYPhvY3ErcbIeR0f\/m1a1DdBjB1WQmp0Fu4clnTkNaqlT5MCeG\/48z1ijZB7ZQmAcaHRGOM2gO6JTlbbBnQAYR\/DVuXyM\/B5q+uHxWP5bTLYV9915QZrJqVKV0Gf0oQ8wUAFGHwVAmWeVHB64hlXfKeooZTyi+7AZWKi3\/lA=="} -01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670390,"flow_src_last_pkt_time":1603816434670390,"flow_dst_last_pkt_time":1603816434670390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434670390,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670390,"flow_src_last_pkt_time":1603816434670390,"flow_dst_last_pkt_time":1603816434670390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434670390,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":49788,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00843{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670583,"flow_src_last_pkt_time":1603816434670583,"flow_dst_last_pkt_time":1603816434670583,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434670583,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02219{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434670583,"flow_dst_last_pkt_time":1603816434670583,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434670583,"pkt":"pJGxgjQ5PKn0qB\/sht1gBxOBBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPtKIBuwTYLLrDCgoKCgiO5tu+VRPaUgAARL67x5+yoY3pY0MJItv\/fgrN1Aqjc+LGtbVLhqvz564YTYsK8b+1F2va9jRV8nEV+5OOHqmqaHlOCYYabeXxngu7jBV+i2zDD5mXOeNwP0vYEvtnoouvzEl7eLb5EE0+MuDiJt84m7jpfeD9j3nru+ZcUw2gN2lqFsUahOHFHxiiMRzquZrGDqevIu7WfSfXXUaDgMbSDA6CvWRjCP72DFgLsQ\/11QQP633nQ0SLKipyJqDr4JvqJmirsRRFK4Y2O1d4rwaWvjBQJbZEvrKGBhUisRe4vJCgt83q62hhhVwI+BmOHGZwcH1NeIw9OfXzIkzF9MfEbO7hX8+HXuUKtpvyJorRIV9+dNth0bRPExaC9oZ6eQgb4KnoyGQunWwMuV7XDIWVGPpUovXJ6L3rc7vDqV0O33okP\/XwzTuMfNCRModoaAMilI37jOSGD70L7Ukxtnkod00xzN\/rRqaOySSScNetQaqN\/b8SumEm0AclR2UEqVCZ\/oFDQW3dlFzOPiolM3TYJHmvPtQ07FoMBnxweA07DzM\/nlIehmUnkDIdfazZlo2WaXyT4kUCXiWSLkyBIKG6OPjGqxQRCjx7pyzScO\/zoIapRT5uA7FxkYfHjnUDRA4N+uhKsfgAHpDGOcVNfY46rti9HRBS+MLjtON8leaOxJHim+wQ0EeQlwbDu7H0Zej1LnLoFqMDWvyz+oUpsvxNgc\/S6MeDK9+JJrebwrhDc+tkmOK548PY4XvYXrqaTGIAivVpHbXZ3zU4Se3IsLa2rpf9EZv0u9D4VcFJRqv2B5CpAl42JhgNb9SlY4QjX\/zYb6IVVivP8oR+boam1SbalhEukEzoSf5vlgVVBVsupKLEgg8QJ4aPvxMTspsMlgkwzLYOK4L5ecOdzbax+0i5aGOmAs30VE0cR4zt2Dxp0GDF2dDg\/9qdw\/BFFFjufPPrjL58CEC5anG+0PnjLNiz99f9A5oIivUVqwWvAEBh3kOUatfc99UXPxAS5VMTgfEOgcxECNa+3dG45igyiOYw0SklHmGfzdommYyu2F0JXKQZKPR4P7uTdH4l9rTKALyu5hrveJCLxlBPzHhp5XxWlFHpXE7yqKl6JoqWNO9m4KnOkD1SiE0BK4iBcHTagyf\/j7KuNtCJQUEjQ59\/x7ZF1iPKFPPyQ+DFZfS4ZMMJAdRuce7PfZ2jZfkuletLSo94qexc6EAps2f0\/fcQwBTkA1Pa7cpknrlPE6nDQwDmYjfxjl2FPTHYb04B\/4LG+OuYH1R8tH+E5cKey0fYaMhnlyRtm7l4zhxXh88eVjpaZDsIoW7JAZhBUfEztlZ0AOc8r\/vP+qFhB8f0D7eEfpR8bO8\/EgtwQtTbuBaw0z2uWUEDIaafMNhsQ1f4mmfFO2liKZH6G6GRfv99KKrH35jUxqsjJeBwQM\/EJ113jCKlIApAONDGVtmrUbUM7eAMD4vuRho9kE\/w49GkWM1RjqkESV8QnS5lO0lusZRdgG0jcilTPBNKWvJtuU+BOtxOeZOoU0KAQk0iRVOjpxTJNLkEFDMqLOTl4GP6l1DPyRiUIbC9dxVJliklcqIHHcx9Son3\/0eV4Dlc9XMJzUFYLYDpip1il7dd3MOMzw=="} -01124{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670583,"flow_src_last_pkt_time":1603816434670583,"flow_dst_last_pkt_time":1603816434670583,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434670583,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01160{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670583,"flow_src_last_pkt_time":1603816434670583,"flow_dst_last_pkt_time":1603816434670583,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434670583,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670588,"flow_src_last_pkt_time":1603816434670588,"flow_dst_last_pkt_time":1603816434670588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434670588,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434670588,"flow_dst_last_pkt_time":1603816434670588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434670588,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApCJAAEARDmPAqAGAjOM0XK5LEVEE7HYoyAoKCgoIlk3\/sw8\/b8wAAETStyAajltT68+ELYCklsRAAPKAhQKMXFJKXjIBWFRGvhiDbyM2RmA52mTO4kP\/LrjWRFOsZXPJwPYxhAgmyxVp2EaKhvInx5Lw6HoctLCI997uZ1ErbFrvVx2kMNsPbvf0c3KMKg04dEw3CGmIj1nwwAV3TplnDlLA8nGhigvTtzDcOYuThyFe7PNCKGoMhnIJglojVVIsBdMJYdSb90I\/+fQVaZ\/MIgmBIoSGWUE5ZAGntmDgtp0dgmx\/\/p7O+2ApCOoZi2+ZG1i32q4n752EIFh9R1W9\/09HXsuHjyhRiyoUZgqfvLkrSOvdv2ZApV3VMcrOD182D\/IFqwmSJhEKqa3Gz0XQ7x1AhDvKB\/98pdfLJuGPyAwXeMf3RbsjoJ7UbwIjIEtg2aJPV4zFaASkuBedOA0xRnIgegCv4bmWgElYnQC3X2r85hddZMtDhxN4hidUWYN\/uvDzyKGj38LAsQE2LOY\/U4yjUes\/A4X3Db4RMeoGGuaTPx8vHEhWcAZIkak3bdmdfUCKhTRw1Sobn\/0WZO3JeU\/O3LN6aaFNpd44oi+fv1YoqhJLtxNGYHj6lTz\/xWvwh\/5OpWupvnaRJw140wePCUI03nAaDAbvdgZhJxJUM9Ez2imcu\/DPUQxAcI87gwO9rHzyEFTZvBE2fYXUdWQ\/lBLvDIIIlbqrIBwZN4Rm1K7rJEsqaSGAetVKqYqrotg3G0Xv61dakHj\/9j5SGgi\/fc4wYQ4pRjWW7gItXzVqCglacLb3JoibdGgtA9WYGsZizewIUhH3c6imISZ6jCjLrzmXYytkHa2NT60DFmqp\/vbUzMpbFIHZoMMMlZrZErLgQqwcQrIy3BrvnbjZx8ZBklzbGPAwWqCy+HTuUfRLftp\/kFiVk1D\/72KMbyr6s7Bkxhgo4bI7zvMOHUidZ2hdC7UGsUUF\/x5smJeYW4wNdHD5iv58qpr6HaH2Rdza4ULK\/pyl75oX9CDKuX6jrGDlbgHOykS1bvJCTRfYwBjtGXraF58jEQVZJJ6HImPxPLTVvhi1weX0G57pwdQK\/6eBVH95xHZHTJaU4Kw3RS3xIWdjP6LitM0DZwW6TtS3P2G33o2Wkp7Fc9Y1dXTKUMs0nCmH9d7CCnjVWLYi1dhtz+Tta6lf48tU\/Qqf+zHItaHY7LtapxEIIsNEmVNQuXDZMbBZtU9UWcCYPTIXOZsOuWi+KlnlEVjhzxN\/kL7Rx56YZNVto9cOmH\/bByewHjhP8N44u7cip7U0HR+jmMmuxSSFw8RHPveSA9s0JovEVcJmQ19M5ynV7yxMWdfjeOMYtsTVM0tONAfzs92B1HE+34bwQSIOaG8X7No01hV+V\/yj+dryeODPmr1LKIAJ\/MbgypzFmTw29gDvyUBXq+ZwqdS3iCKSfowPes0BSJPSzSUi4Z4dIaBSLQpt9PNBOgH0m+JbP5PlkMRT2nmJjGR3PzvdWiWmCFTAb5JDoyjuyFHdi3lWKONx+lFmzZJwxs+UMErRJBVTz8V6tf9wiTJCTFmYGF4UgB\/CTJx3DI6wbo9X53d0S0QTy3dGXJZO\/H8qOsGI8aNw1qzLXLU6KpohKtMy7TWM8yk8onvWWarA524pLpTHLJknBb\/q73gznwGfXGsA9dvY+vw8XuLELA=="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670588,"flow_src_last_pkt_time":1603816434670588,"flow_dst_last_pkt_time":1603816434670588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434670588,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670588,"flow_src_last_pkt_time":1603816434670588,"flow_dst_last_pkt_time":1603816434670588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434670588,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":44619,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434674356,"flow_dst_last_pkt_time":1603816434523543,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434674356,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAc6RAAEARGHTAqAGAKHC\/PLXwEVEE7EM\/ywoKCgoIUh1YuhDqcyAAAETSyJu8rPDcY2Zmg9uhZvVGBSUtVHXbCogcrtjHkIZvyHG+oeQ7FMn5l9+yu4riTWt9G4+IRLvodWF\/OJuoo6CqqAN5qJoCM2wclVmCRhZ0yQpnR39UyeNNZNj55s0biH2qmAqdK7slUkz7cGbucaEPgYcjaZ1qoQwZ3r+tJVP2\/OosjKKgI3ssy6b8rBby+2gKA6tqrWlo4j913jt0V5Myxk6\/qG4m7XLGNhI+nqBnhUE9EJwSRwQbLcrG1YPxrCPYFKhaONrMEZrfUQUokRl+FtZYxnK7kRHiDzvfmlVCIPnCHsK+5SDQIbVAkCmMUWxjZ3bcH0rMAJZjsUd13Mp827NwaPY1eDE4xURESo0uH3LaTB+cGxcmZiI1vjnmW5fkVYKNgRSg0LQtDAGzCxaf9M30heOBY4ij6gT6HUWwVg+\/JFFdRax7wIj+qnGHaTs+tirGGEnbomoy1juUgYZn3ol7W9gFpvOFFGfsT9glqttgJXgMLwaC66I5aigEznfj7F8whFTNHLDojz+A60t6JiMTNVJkEgkdgm3rvpiMCW15t6bApORRa5kVOHruRwVYI10UY7IsHOtU6782GbDZSpGr8ntN8sySw6dOku3uT76aTNaaNtW\/2\/SmZ6WiPXDUGFDezYRwnESar9Jps0+5gYGAogq9ycMTf2y0dC4uoffSPWz1EdfmGrYbBIJCM9xuPdTrwpA6ThIjDDFV\/a6MJaOn5xQl6aMEUqPMHj458lJHEgyVojPxewoZCn1jkXsVl3BshvNc40UloZP\/zq2QIIDXt8Fodu3I71j4TQet+ImZTuvbDliPLbMm\/UuGwX7wyxtGWarNp2rii5+q0UaxBVtO8\/oJYF0+p44Z\/6vIrPBqNKbPEzkHUHiQQ9awnKGtngmRd0EnWA1J1Y87Abt4Qy51cs2KvlQ8aNSkmdJNosK8Lplp4c9AiloRm+Wlx6dF2sPcBXzpXCJ1Zlb\/eS7cm+1Of3sizAGLukg4XoSb8ue\/DVtfTnqnMgdaKnjOTE4lwUDNk1dzsHxmIBEdGAbUpr+sz2h7ZiHbtdfQRMC8R65ogyaeDK4C1lsoJ7uCJnAWZYyCp2BgnCpvONxxWtaYB6uz0UzVRleBEeiLenAlMfVHpx4w4aBWlyfvuTuObpJLNHDWzAbZSgjHkN3ZYnwTzsuPAriOrYPf6ATtgw+ny2XHg\/qI3joZ2eO+lgJd87BsLnTQUd07WAQILuYO6jQ9vvkRRzosU72uqVr9x1lpfayG4CEyt0LUHBSmhuPmLena56\/to8FPfnyS9lNyeUIAaI4Fe4R3\/cEHg8NHDOKfjqOhNoajIZ8hm564A0lQ7hQTdBfGSgEwYSiDVP6eZcG+q0lw0017Nrj5WZoVrDtJB2VmZc8vjaptwWTVWvSIds8zNI205cr+tldoXLWshLEkoE0W0QepIpcvJTYL76KEZPhOvEWN08HQuMtxYugoC0qCkSsgCEXMCRpKiTlmRwjkQSmHvPZvjNte3BsWsO0fzr7S19GB7OyjGnnDBaF02DOLob0KkURE8IUAwhzi50lzUy41R1QjTFR94lQA9n5SPLtvlqTYWDXlIlyHzlvKnztl7SJtU\/J2mGtnwVygn3oE2zBGLJfYgi3ZH3hoCHuyTU70yw=="} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434628763,"flow_dst_last_pkt_time":1603816434677060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":97,"pkt_l4_len":43,"thread_ts_usec":1603816434677060,"pkt":"PKn0qB\/spJGxgjQ5ht1gBwV2ACsRNCoArABAAAQAAuBM\/\/5oGZ0gAQsHCsnVrqTT\/kdpHoB9EVLMLwArOxiAAAAAAAAIjowvkCXlc11FR0cg\/wAAIP8AAB\/\/AAAe\/wAAHQ=="} 00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434677860,"flow_src_last_pkt_time":1603816434677860,"flow_dst_last_pkt_time":1603816434677860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434677860,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434677860,"flow_dst_last_pkt_time":1603816434677860,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434677860,"pkt":"pJGxgjQ5PKn0qB\/sht1gDEm8BNgRQCABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABrNMRUgTYSrXMCgoKCgj2S26kHUj2aQAARL4Oqb7kxp8VwqfBhPdfdtQhtwUXSB8\/M16zqaKTaiM4uFSCgiApTua+W3aFO11E8\/vpjw5fdiBSABUTDotMg5RkiQr0MSpUaARnrP0PNMBaoZi0T3torsgUpfH8Z7GKLvwTGd3hbCPXQz5HEzUHjJnObkXYOU8pDBMRAGZYnp5rkZbRT2vPBVCj8Cvx8bBBKneUgl1FG4uQ4EwyOma55O1RYgmn2Ynf1Ko5xhvyQTnOGQ+R1VyW0n7heo02IMCfY4VWPj\/QJHyKTPMBIDBtSvz3J6mf3nv69QC6K+3y7kTFVD4RNSmXPDKfJ4r8a\/jVYQ3tiwvsysKnCLgA5zby1+dfPHEiaiwawfH+cKDMssE48zXk1+MDRnahgP5\/5W7h5R0W7WQX3skNYTREacQ3LvDACn58ERfFzl2AshIb29QMiGQj+aXYqT7ftIu1mYCEtR10HqM0E0tdjMJlVoxU1sQCMNHCcSjur932nDLMq95bmJ\/epzRqKtYXqFfJm4ZnhGTZV2QZB+hX7pNkAbrVOicdWh6ASPsIKRVzbgM4azW3TFLOWbFSWksd82BdcgW3kBeZ+Zy87igudzpPx0kdISA+wUJUrSUaJmejNXcUK68sicz01uq+5FBxl7uzJB5i2OXGU+jvmL+lkKweCPtvayVLhcuvz7KLW1nrXu3HU\/E\/bgsaTJyGVokl31OFOSR9LQtdKuoewFPyn5r490C8zNMeXqpImt2kn4Tr\/jlH\/fxzyim4MX4msP404e3jLfo+J9lzJhkenDu9xAnUgd\/iKSb6RgtGPU4Y6NI2QNpIfd6MzugcP8a0lodftPQcResoW35Hgg5t6I+PqN5frd2jtB5RiFyFN6yYVSH5fwqpb5sgLyM2ZMvumoV6ZVCMO3EMaRJu6f+U3CDduLYbXqPjXTUFXnzx9Vt03+YreNFX6wa5PrrBlSKMZP\/2WAmhb8cWINvyoZmFlnI2qd6sXg1dpFNY99Vqu1GrXPgV8Qi9MxV9uHzluuqG5swDMVT91S3LeU6XPmicYuwxrVZ0fDoeWpn4Kta0sEVDVUOf9hI8REFrn\/lLtMViNZ5rtWhIMKLyMIne37ob1RynB8J3PHqTTUqyQWLUmsA7XpXuycyFg0eDsVEBgiX65miUosWBtlhptbWoDODs0zqjlEGqOg5rKyio59+SI+p7jTV93mdfy9Wt2QGrnsPSiOSsj\/pqM\/pZ2PPrcgdTK9VPceK3CdsRz\/jNTpieviefPJXgnQD9JDKvgbRzI7jy8hldn4q+BSAvi3W0FwGFIYHJsgwTS2D+M4jyoohPca8fHwPwrKPUAytl3yLskOFTcOEOwWAP0YkHc8DSZIYnWDfZRitncpUl9qEcnjpTihvHHfw2HQxFR5lkMlUwBOL06kpNLUObIMz0gJ8az8O5U2MJseOwsScI7UtAgMA1Wat1Jr7S5b3fSl1DVUzvG0hnyrSZS2C54u89rSG8QQybBKCeSDnq1GpKeq\/O7HdjP04WmFuLDA\/vf\/9lSaOXhNpEErLndSFsHzNaPYP8EGwGI4iaWZOfcrm8FyutSUmLAlYtemRojNwXfa2nJlp8muaoRnKD2oN1ySI11a6rSv0gyOvlVRJ5egXWtg=="} -01220{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434677860,"flow_src_last_pkt_time":1603816434677860,"flow_dst_last_pkt_time":1603816434677860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434677860,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434677860,"flow_src_last_pkt_time":1603816434677860,"flow_dst_last_pkt_time":1603816434677860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434677860,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":44243,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00844{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434678156,"flow_src_last_pkt_time":1603816434678156,"flow_dst_last_pkt_time":1603816434678156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434678156,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02215{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434678156,"flow_dst_last_pkt_time":1603816434678156,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434678156,"pkt":"pJGxgjQ5PKn0qB\/sht1gAjrXBNgRQCABCwcKydWupNP+R2kegH0mAB8YIxDSMFEDfZ59dTdPlfoRUQTYrGTHCgoKCghDKzGtBgOvzAAARL61MEV7YMQkWdmZghiuiQz1o5QNdpzYuutf\/wdJhEZL1cudV76JEdjtP0Y3OyHIvIbsmMmNX4mYnmIsf1njial3e905frw0uHyw4\/f+5H0ef2WAdacdKOP40DoDeuCFxQz4bIKDgm8hBJ7vkD1IMm7AaEpvUQhSLgN8f+x+sA9RH+TmObL9fghOs+eNxWf96HoP4pMWR3XqHFfSqIk5FX3TNVvr+riiEz6IuctzVwm\/zqWSmC9dmXci8Fui7Q8OxkH6gLCU+aYM9wrrVZJ9j5ya5VCMnDAttNuuPdq5z4cDdXloIyyGypYPGlULxwG65oqg8RxhEo29up9ffJVpEaQX8UGyxOt3ZFGPweILYH6rNyUpje\/uB9d\/2Tqi9fZfaLpagN9mrVHJYMlLvkjpSaeasCrG6FDs+Nh7j2i5xAxuAkQ0xK7QS1Hlggg20h5t9cMg6O780ayQOD4SQCU+0AR1BtVV6iTy8Q0dm9tIpKWeNO7CSURoIrvTXKHBx5OXHuDteNJNabHxEW6\/e\/OGRw8IMWO65lgJPUK\/p\/99LM38gOa9gV2dzOdfDcRMvpSWbp3E44GpcUzlsSO+wF7JBY6P9esQ3iafS\/xZ5rdGYm06lyYTCDffm6X4KxkSuGJfTJKvPfMGPtO7M1PMG\/4y9kmbFwotO70O3qzn76AeIsqparz4gqE2VEl8QpfdxQliRyqZUZsoWB5UziEcGYDOQAbZw0c82QzSgLib58kPXBug4vmPNM71D9PmG+ZxduAFDFdu7EkUfNSxMfR6hOQumdYRVQ+J+QuJvYZ4r8AlRlJcX6HQpLdQXTOStQMDY7ErsX3+lkhbFCkOUvVD1zPSZ3X9i\/Jl3XL5dbrTO0oYnJiNAJHokvd9x91UJlo5E9+m85+BWm+iMzm3+6bNRAaSQKQrjdjennHLWo7GXNi4AtuurC53Pep+V5GsYHEa33KdpNHgca7X0HexhNHc2ElVJlmKiO9osCGww9ceX9y1pVU1v4UF5cspUvQ5RkcxirKgmOqDN1dbnXmgpQwLWcEgtJk0m+iyn9xNTJhEsJCf4M2GThouE0XLF3rBbGR8AaMV8IgL1g4CrqnSeTXeC0TiPef5r0N5Ew0ni6DodVZqUqNOv+QdCVcZaIWofYvBzMdvqE6zhO4AzOTz4GAPej5UV34aUDRCl13vR0NWFf5GvaZquOIg2EYE\/YyJl2nILl86w\/YT7aCfJJltdrHwSxGGAm2JodfqLx42fCKG98UlucLIjp39SZj8UGSr\/xymfE+UQrmVP\/eIDKUfQ\/F9RzSEtE4Gywjiw+VYseozSQwwkW8vYlep8AwdQshSEv4BOVgTV1jTbJ7jHDu3x3W7Ka2SYTSb3Yt+KkdDWxpTmyTJioeUboa1C8BSpZMyhJwlf1bmECMTVdLKtJOVuXslMtlUCVIAqqT9OTre4ouFYJNjliLNU9F808vVjFTZqlwwQjwIeKMK9tlRJNZxnWX+u5Tmaz0QgLbCP6pKnk6GGff9hBXEoVtopyfSJnogk4UBU3qLzTqqNWTse2gikbJRX2feLSYh9ICdhs0jcaXO512YMcM3tN6524plEU+japLcwChj4baYrOQTz7NVY1HU6hrUlA=="} -01242{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434678156,"flow_src_last_pkt_time":1603816434678156,"flow_dst_last_pkt_time":1603816434678156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434678156,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434678156,"flow_src_last_pkt_time":1603816434678156,"flow_dst_last_pkt_time":1603816434678156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434678156,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":38394,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 02227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434679393,"flow_dst_last_pkt_time":1603816434528228,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434679393,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUArn9AAEARHfrAqAGAyu7cXJXeEVEE7GpTygoKCgoIN5KvB9nft6kAAETSd859O5gTcUYdl0d8aIlRj3zx4AjuKGa4ASMymO7vXZjT6sVM6pCw7HvmCO7cFlITvmBGM4kZgYz2DWfjjS2UhT8z6S+u4ZuqQnP6sPmHL0WtgrbFimoDsZXEWh5x4WsY15wAJFswtYDmxQkwEBAjgyKuyRv6VywYakyk9BNgIHVKy7BfjK1rPoWZ5w5I2hl2yWFdZ1\/dE9wNP5q3XxjhqAOQa4bzoBKefCRP60vRescDr5A1q9Gh9rEI1UxmIZexsLIorUS6jw27c7X3IRHEFYnp7damMbgudCUNTZ0D5\/x2EYQKzoV23CePPHf7CWo9eYf6XRWEJIBGs5xS8ziNV5+H6hYANEPNNnvMqWmg1CtTp6rU+5R3i7\/FA2u3qMYhl9YXtwck1Tx2THWWJnPTlV31JToDh9hcEx6ePHf\/HDVkBKTcysw+7WUh4g1S4U\/E6GwOzJUSl1j4FyQSA72MFR1nukBmK5l3E7lnPPMHE0UwlBbgRRjJIWWWMjukOyYVX7HOM8mWhaZJs8eEj1aINh\/eg4bAf1JY\/ufLTloR31S7y6OReDYCA\/J8a\/ZHMCpyo\/cgCYZnXroSqO5eUMiOd6mWZMV3WlojmNGGqUwidDXDOOAZnauH05acuiWNjN1drZ9uLl7kCD3klbBaB69xmhwOXqhlY+ov6Mo3v8dkwR3EXQE3Cj\/lQ4KJ2OrXiOlAmz\/GweVF9wuMVbg+hyvL7DdfTfw2qYLKgSNqwlGvO5T2f1lglyHLXCucOL7n\/zNjX0\/xlVOCxhUkQhgX\/XGJbbA7qxh9UXxvdZ3egx7Bshhqr1n6BUMoFOpjvUuGdgO0OjUEdRk5Gyk2HkFljHDaGm4ht4bH9hDtZ6HYm7nqyUay+Gd+WMBexYGDLQ2kaYG8GnHD4PrlcFbEvk3ju9rGX1R2QtLYbACEJdNJ\/zEc2GzZDjRz1o1gvI2iG\/x96iCGyzUz1N\/+nAKV+q5s2K22NkRxb1jIgd\/41FenkfbgFmpz0CA\/DQCyiLHlX2lw10drz3XG0f8LJfTp2vzPq\/+gH2c2gRSj2YcaBCyDTY5AKtyDkOEZKSL3C2C8JmYr4iJS8RMpB0jL35JgLPvSFgcoNymNWAjCjfeRN9n7RfdzVEX72bqAPdPKtdKHRkZOWGqcrp9n5GGjnQWG\/Jwx6RR+qXT6KecYDU2tCsKg\/XBFBnLfBCe2RP1K2zPx4D0wUdqR6tPZpisKmvW9Y3UI2tmUo9tLMaYgnRgRJ8M4\/14reEvtbK2a7xa1D+9b4yQoAoVStwjeuCruASzB76vQ7Oikq\/y28NWNAE6l7JAxtLpbUGRtWL7EwfR3329LDfnglJf6znmUiNxo5AmhhQH2+XGsnwv7e2QwJKwUtxfbSP6qjjAq\/IHu8Ph2sxgzDmxzqJS6NBD5\/rREJkwIRDPsPQN1aQTeYN2N94Pv5crstjdG+7f9DC85NWJZAJRxBLehoQTlbi\/SnUmr9i8puHfTCKc8NDOGVlMiWSfVcSKswlSyz9AjvXr\/Y+TehMUjsxQeL0lUqcIXfqPcJlum33ICV492562h19036aZai6yQ0yHgw3hE7aGMjyObE+Uh9o51GqJfXzYJ\/J3E7ReivOwkmjMio6pMVZIlFMAmLX7M2ggGLe5cHg=="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434643783,"flow_dst_last_pkt_time":1603816434680178,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_usec":1603816434680178,"pkt":"PKn0qB\/spJGxgjQ5ht1gAQBvAB8RNSABC8hHpBwlAAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9EVLAdgAfFkT+AAAAAAAIs6FDVD5jbx4KGio6\/wAAHQ=="} 00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434680209,"flow_src_last_pkt_time":1603816434680209,"flow_dst_last_pkt_time":1603816434680209,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434680209,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} @@ -167,65 +167,65 @@ 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434659010,"flow_dst_last_pkt_time":1603816434682914,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_usec":1603816434682914,"pkt":"PKn0qB\/spJGxgjQ5ht1gCzKCACMROyYGRwAAEAAAAAAAAGgWCCYgAQsHCsnVrqTT\/kdpHoB9Abu1EQAj2NGpAAAAAAAI+gzxyVlrPLD\/AAAd\/wAAHP8AABs="} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434684954,"flow_src_last_pkt_time":1603816434684954,"flow_dst_last_pkt_time":1603816434684954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434684954,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434684954,"flow_dst_last_pkt_time":1603816434684954,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434684954,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAiNhAAEARQ6HAqAGAyu7cXIm\/EVIE7DIpzgoKCgoIV4qr8UTBK3QAAETSh\/17BQebdhKt5N8exOyNj+uiOYMPWvj6jDz\/XRUXpazLTuGIaL+gAsTmd0\/ny+0FgJZmR3W9tTl2uiHStd0rHjDhZZpjA+Vv70KyXaIxYALOy77NR4C4EhjQ7Woy4Z1XktOMuzY1G1wK+\/m8WHSuXiS0ZJH0FyTMGjp1ybnyu6MTC\/32FsQ4+KBXvfT1hZaE3FEFqOfGH728c4f7jwV39sXMvsF\/koxt7XF+OaEoT44gruD3j1M3Pn+2KBK+MAfr0VIJTB\/qx0CUwI+AOjfOrOEwPlBTKV\/RpKd6AM0mgPkKYfiJQlRit614p6k0X9lbx\/f6ahWLCq72n2YzUVWYWdT5J7gjttfn3tAoB7zUzS53IQUv1B2zhYj8uYWCPv5E8X1+\/TvDaDXt2s1yt3mYps645wMsjGX9jfYnekRT\/suzL4Jvq5T+oMyQFpalloUrRQHYgV03PgJRooTK2iTJSDezMo3Sabn4X3VQSLr6CnIqGTTH4TZdTS1EPTMj1g2xj\/dIUvvG\/pFUdjLNu0inX1PgBZ1cWwdYMDOvaetqYINrUUAYfMt0S6ZnZpx8OdfUPc+mujDPZthVujZlugXTs5\/Mi1arhb7RDdu56QF0HkACvwfN4y6hPV9GkFI7UUzwkjbNgS+SVTyZpwJf1vfOY3NxgRH+ySFpHqqy7QQrR1g1b3fzph2N6Zo2yzEoxr3cQcaq6oirf5SKGC3qVOfI2XVtorskDTjDPZugOVkY\/anHMfrVansEFGxUEN\/DC\/sCrdnQCX2T0SNbs6Z3vWghQ\/Ttglq6nwriBypoi1GkgpMWRpNQC1+tftj6Y6qDc8PUt47spNcYJ0VauEV18MYpeZpOQrwmNsvWkYDeiXS3LX6E8xtGwpF4W5EfDLclRZBbPNPUZexMZprIpblVxLNvXkp38hv3mKP9juEW+w1x9u0\/FE+PXNXqQt+cpccucng\/siXW8dIomIy+1Vr2PrUvdyaaKk0C6UQxd5P55nB9LiOhbpyhKVQTsv\/+44XghuC1pJ3FXt2NjQe+CUcHyg\/CStdVZ77sBr3jEHJD5WyRhPOE0PHrKjEkwO61egIk2dYxhBIp8OCkst22lv5y0ZwcT34lkkTv5u3Z+PpFSID1U+kLTu+5h8UIdmdChB8Ic1cG4AQYLHLWNXQ2dMqc9hc5mVaWGdqVsXAgEZ8PmUGN1\/+K9d7hwED1E+zAtc4tOBuE\/zS269MNpdYACOTcy9RHUvjlSspQylJjubyYwnj40H3orsiMgpv6tA2AxST8dUKpvzYljGrSAdakZ46qVrbuEBiCGMTCs+\/UNgvM2e6Fe+6gqDCfOY\/zXSUtlduoc3jid15XCt88k2M9Kq40sh6m+8eKjtvlwD7XYwfSnLxwxhEyeUkGT+13FX++6oG59AfysFjC5iJYSscA+YXyA0hYuJ9OTtOQZg32pXfl5BmrmRqnRAIwBXmzbGgXzEsXtx+lmlWCK421d8ePwyDwI8wnHfI\/90mFIe34gGT+WMlq4ZgFubtwTSjzidVFs7GoczF7Lrr2uW4jA9qjpqY0sj9p\/VVph1PRzTPVNMdHm+sMkD3+hhI82joYjOeoRxcWEO0C7MjWGcq92hfnKcQSy875okSAGULGntKS3GeTR0gVMj+6KA=="} -01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434684954,"flow_src_last_pkt_time":1603816434684954,"flow_dst_last_pkt_time":1603816434684954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434684954,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434684954,"flow_src_last_pkt_time":1603816434684954,"flow_dst_last_pkt_time":1603816434684954,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434684954,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":35263,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434685476,"flow_dst_last_pkt_time":1603816434535255,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434685476,"pkt":"pJGxgjQ5PKn0qB\/sht1gD105BNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmgL0RUQTYZ0HNCgoKCggKh53oSKcUIwAARL7gnbCt\/i9esljBwsmPvsojrH1nHZVBY0xSwfKH3XUIijCNgd7Dz8vI4xY\/GVgHV60CIRICp6Kjnr0zMRCxb3nrCucJOyP18UJ2XfpoAWpzvs2pUT\/u95vGBd8XvGhGtYoLqIrMkwYTUuZWsLPdt9\/gzvA15FlJOa7ugVzGXmi7RWK2tRS2hGORcD238yWdl10gYN8ZAvJb8s0UeahNz4nqOB1o1ewm+JfW47bFEqheid7sAMQL3N59\/ISUhkQ8vC1I4dVehQTYmG2zs3sj46oOz5lAFlK26vOv5VRV5IPztRMlciR7V6Adse5xtWtlpuIXzn5\/UDxzj9dah7+yAdZOHeT0zLvwsIoGcoPRxB0MH96VRzKARwz+S7KKOKG8cm2If62RiaOWfmxkaI06NFuh2TWyOGI\/smeYiBlrsSEsSPLBOsy9YKqIRy2SnU5fpV0QIrpOULNF15tvg64kCSUJEHN7hq8wuLHUYVeVMfUb150XuMPRFaeDc+hRLxIgkKsegq\/1GMLnU3cw+YqqtGx9Y3AG3jCsYvczhQt97g+bEAD3lWpSQqlnbIPVaRxSBb\/m++vYk0m7W88TjbXZd39\/H0cIlTvJ\/Z0SYJpuIBWlYvloAhW8wQNQxVyWnDT8EGTCZMIdSLrubgSgxklIcQghvYxGjlenv1U\/xWA4GVcvaRa3KIrmqe9Suq7Jbom9YtFec\/KcUQuypqb9vLHQd\/Slh\/IgOY2LIPbfGrFqtZ5IZSSAFLezKKTHeEUDMMIvjY6nNjfQvhye7w\/iK57ylN1XmmiCsHB2UUISWzLgrbBn+zFoD8q39CqH1PUlQIwDNgZ6s2PfqPEu+x2StileWyY9B4yefqdiNXFJ7u0v6qBj8LUR9\/ZHKs9wt4Es5WiMRZRGcohtyH5Q2qGSEuh57YGdY2plV0kqxOJJg8WuHGwG80hM4Tuuqa2qTyvzRzxBzkkv7jnWbsOt8w6eogTolB5Yq2lNlcox1ozX09J\/4y2Mgjm9fxydUta2PLhNKNF24FGjs9TlXrGvWStOf+FVD0GqXkj4kfvlc5hUlqiu\/hxYQyz7qNm\/6LH0VCx9ePdDf6W4APXGgkkBgu34ndfqUtg0Sa2fWK+OElqxxZw1+Hjyk43LjolIsRbpcWkcSLKwQP4O5jLw4EENRtGoAdziVGhmLWY7AyDGDqDXD+zk0FkOZMfIjeyouDPo8iAsGYm9Ha0mLEq8OysomYrCzakDZNst43uj50cSwd\/VS+ATJsBvZ7N7sRLvBamrC1umCD7i4s16sQmoEu\/PSvNXlSeypCfAg2hJAeLhcz4\/B0WcrTcIC8sTScPAH3uwzv2dtb+6AkA7ey192Tem0ngjhVi9gaWtU5sFQIbMZEgPIufNBRz0zG92jR202hKnv2tVs8fpah1QPJuf+kSUD28xqWVBySjEINK1zyjumcct4vfD2Rv2hsFuDdEnRtRcJ\/VHoB5zsNZ72V1mw1n3OOM3pVkY4\/rmTj\/xZxixYjGJ4hQmi3ZfkZHdBqMDfT25BKOJoR4wohoVf2vU49x7VJnCxuwjZ+PxxTyZPpwTwZZg9+9l1NkFrr1xb3oTJlb1ej2KIFSLLbYLLG40yc\/N4lOiLv0z\/w=="} 00832{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434685491,"flow_src_last_pkt_time":1603816434685491,"flow_dst_last_pkt_time":1603816434685491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434685491,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434685491,"flow_dst_last_pkt_time":1603816434685491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434685491,"pkt":"pJGxgjQ5PKn0qB\/sht1gCmkdBNgRQCABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTAB0gARUgTYZd\/PCgoKCgjoF2NeZfCaVwAARL7J5XVlyOrShWgSY1170HREhMEudzqX7b4Uhkojh\/MAMJlRFRdXrnf0lcWEClMJfDhoWlt0RFozrof+Pnw6B4\/ZyoD0RVgGp53poT7G9iC\/absqyVIsEHLsIVC5iZKsIfFtdWkKkdpnRNCGnT3VGY+lFXxBZPJt0vOu0Y2zKMRZ1lC610Klnd+ZJcx\/qSoPqRUIsoETASUmzbWQ7TdG1oxWQGH3wcVc\/v0ICxVUtoMYgJeXx8betPxfyREuBm4E4FoTyJhXcui3XIN3o0Due9ptbZ7SBfuGpb8TN46lwteVUqUUJ5Xe9lf39a3FP9dO2Xqnjw\/WZZomS7Iw1nD9mfjLCEsYGSPz8KBf1FK8U9BWWKadaREsfFGSsUnk3AD67edvUllQXvSDtlbzAUvFF3HIenC2Cy9ysj2h2ptZLfbFln02ZGCulECgFzFtpNDys561LCsH00nvAhS+\/pbJhKpkIQwt944Www\/ODMtfhA6WoAEpgpG06f42PQF9unibmel+Q1UkCV\/Sju8NlC7DCa5v5QN61TvjaWLK+67RDNsHdrusmUnxS0Qw6MgCr1XJXgSd8aQkDA+Nthb+EBlxmaEXwuybb2XuVgqC4V6G6xFD3Gim1RJcrCQKLBGVfueSLYvhKVwT8SeP4SR+OZfWoWq9fjTaViFhYYCsic+3myY3YSADfawnGFA+SyhJdTjrJj9L1vETLMfU6LQ4fjJs\/8YN6WcxBXdSBCin3bSBe2urzqaduq+kb17UjxDbg4QJxXnAa7r5qUQIYXTqC81D8LDrVnVZEVBGUFKebfrcgAxOMID2c3r9c9lUOsj+C6sMlckNXJelOsGIB83E1w9dml1EmevOJyz+MzHSmFAJVMeyfthe7Acpa\/6iTFxUC2VqHJlZjwCn4\/6wRzHC9TG9Zo5VPWRd+g6TJGNweOX8P\/9ZlB9RFiPwzvHlNFT6b3Mb3QxWLg6Ttmg0E+ML1rtxKM7\/yRgs5vxr\/diUa1PzRXjEZ+f5zpp2kE91jKJH4+73tgEQMYk7Eyd89yRmygltVrH\/fU3Ue7GrFhffvVmLvE35MSx0aH6IGdc\/U1oMjWOy0EoTkWjTh0p859\/pRscc2n0uSgJ0X+9D\/EbzkVIZ39Oi5k4wHfsZGD8WTv3IQhB4KGqrNsOYfHpEFOYsQdn9gLcQXwn4iTTbKaZ9rDik21mQSKdUJWkKqJOll6AYoarRO+2QwNgtxGGc9KoDCliYHauCpZ+lGYjtpy5eB2tibMJTLE0Gnrzi6TXFgGqp4wUvIqEqIQ7kO3WFekwujCNCYafCZWYtZ66P1CWPtvc+cRSrUO6Bx299H6EewArx3M8oD1TU7RZVYNta1PmN9bWQg7109Ib8Pk3crjfxcU0dAj+led14LXpRrlgp\/QeJZZuc3wsMwiTDPy3TJcx5+ZXKykG0+Rze8up6KNJ0TOkliR5SFYCrvJk8ixSq\/yqeCqIEYozf9Q0bKCLl8\/Buyu+IUOQ+uNeuzWzi4apJbhNBlCaMuCrdvdjkQpiOWPf9EVqBWcYwBbWS1gM7Y0WFCSCyXc2PxB78fF4bL4IfjxhdAkZdz0MrFIiD9A7sCWzJyDkoQoFSPdTAM2SY\/PtnrUK9nA=="} -01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434685491,"flow_src_last_pkt_time":1603816434685491,"flow_dst_last_pkt_time":1603816434685491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434685491,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434685491,"flow_src_last_pkt_time":1603816434685491,"flow_dst_last_pkt_time":1603816434685491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434685491,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":53760,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434686051,"flow_dst_last_pkt_time":1603816434609154,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":590,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":590,"pkt_l4_len":556,"thread_ts_usec":1603816434686051,"pkt":"PKn0qB\/spJGxgjQ5CABFAAJA9+cAAC0BNK0znmliwKgBgAMKTnsAAAAARQAFAF2XQAAwEYktwKgBgDOeaWKwwhFRBOz8KMwKCgoKCP1n32NN8EnlAABE0jB6HybCFUbabkBlXXQVvewn7zDYehbLSZDjKVLf8snzKJdjR\/3JsPdO+vxlafCYsOkUTueZwJWg10Sg8fn0URQdzFi5gf\/QXZQO6ykhfm8a5Zr2+yBt68dnry5zhANveVge4e8snv2G\/EjNXJKG6Jyq2Wd1UiHDsng78dU6PMilPEvqoDuVAeleo92UeM\/LYmvYaEQWibrlo50VzyM0Qv2OE8uBtE0321S2ppuHo\/ubVRja900u6Tdl87fZa+TqILwJoqVX3KxUJszQP\/m4sTr7SSAg4d30fbCCPgGuhd5vecogxfB3YV8fE8VleuNDGZEznGuTG3MEvmD8\/iDQCIxdLNqMLq4OHJR5K0P4db2PcHy\/HGrvnaBUxSsUFpFbt7dov\/pgLFhL9QjjASYLcFmP9aDGJ4WvT1nHm+247V70NABa4wQtolKRPLihtpaTI978PvhAx7OA\/FDrMALGCkkd0Ckzcuf5\/RdiusGznuJWz6dbRFAvYuAY6z+uTeSY3eMIQi5VhMcXXLlIqpnkVl9ay3z8cpya5MO76mkRAtNLAnc4uy4dq4IdWYKxFDEs514DLZLoll455nZesjVL6SKL9qMReSCKhO\/op5kVDv+GxSpbs9KycUr8HjhlDhtOqnPPf31XxGL0FX0honv9o2mTwKGu95c="} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434590003,"flow_dst_last_pkt_time":1603816434688708,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_usec":1603816434688708,"pkt":"PKn0qB\/spJGxgjQ5ht1gAY5iACMRNCABGfAABAA0AAAAAAAAAAEgAQsHCsnVrqTT\/kdpHoB9EVGLOwAj7QnAAAAAAAAINUX0m0oVmLXKOtq6\/wAAHf8AABs="} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434693386,"flow_dst_last_pkt_time":1603816434542463,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434693386,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApABAAEAR2hTAqAGAA3nyNu1wEVEE7JhqzAoKCgoI7mu7hqnhXwQAAETShPHzPPAkQK2NEhJGnleHaiN0ie5qTdnm464jrXCgs4dpEiXNx\/PGBx7TOLjXnxLSumidbRKwVj0cRR128B6iHNMflXwQht2t8Y44LmwMqcGdFgLa+9ZMaGseDnBaSdSq\/BTPBASRNPP5ViOFASdiCzWBBZ9WWzIm4Zq1cmr1m+3KYiXPZ4DYcjOiBC+RnrFuinz0kYMk86K9x6ewtyvVVkz06rH\/0pP52NDoXW\/b\/MQkNjC8KUi9qGQJPKOuv\/DmccHaQsbHCmJiyo\/0QNZTrabAtHI7akrTZimPvxnGDDh3iKeWTI0Rt9dVSQExok8KND6xq3GcpnEKSLoNMV4xJO\/u8Hd3ib0ZTAW90kp9rc7u7p5ChlZkz1hOn6CQxtLF+4Q0C+LoqzxjzQ7yi2OlbBMZIKyzLtWw7xW299MwVnAiFEtj5S1RjtdQdmj6SAPB0h4vvOCMTAjBLrzNUIzUQQ4418YwmRANW+EzePT6mR1Ale6pegThd1LeXLddvoztOKGJo5TEa5MgYMehxhTg2TXP6YXaavnooLGg557tbafcTn3wzp5jbVUwxY9sKGj16QzN8+Fynpug9j5\/9WGOFqWFzcYqmUsX0\/xG2xH8WvkKARD0l\/sk42N9NbTB7Ss95x\/zpvrC7DRs8wzKYSZy+NZzyMWwe4xcTPC8pdC3jzhcEXdF2RnCaPHIghUD9RT4W1CfQ1kNWOulxGvcIr6FHiUeq9MpQR4aV5XkRR5Ltsm0vYQyB2x6O6vPlGQo9UKOc2XAIsuJ\/UbYOmk2NYvlK5HnPtbkhJY\/IiZ7z23icAn3thnf9kKY5ERwFbNb\/un4e9T0EmsPw2t0OaIH16APDL4fOPl6+1VOOMCOqaajX6JJ\/\/VzPWdr3Gs+W1hKm0IJjwEBhbsb4P0Y6VCEvVHsNI7mTVZMkEAua9fwXy2V4utejHZLSRSgMPQJSvLG25D\/bKthcwd1lVPwIPmwpCJB1fyQWm6AhqFghO9Zupebv0zgTmzy1tLUnzVFLEzE4ypNxUpFeb7gzSfiS6a7+MCybpQYls379X4F53iU+GTINzG20LYm+XcA+4YEJemBM6vBH5vOwhicXfh\/S4xBSLLLmN+mSkM6sSSr11u3IsDj4PDyBLrk0cKt+Xez\/nYA53eqNQH8wobiK\/1UcQl+9e0C3Q5AQcsBs2MRhY6nnaLEFqMO55ANIVeq58cAWZ8Kve4BjvDSY3uaBdKWaqONn49IjBfiSMz4x\/Xbh8S6vECtoIhrWF90MTfHWh3iWZB5qXTSIFhe9owOmMU\/Usk6Uy8KzZy7KTlRZYfDqKbq7rcX5VnkanJDx7H6mBhnkfHnaTIQA9b0kFHyqiee8gwXA7SB4zEGStKbfX+Xbd7g69KwswEs89ObtiGhZFpjbWTpwnRcI37GAOjv5pgd2XQz9GL44DG\/Ek00OMz6SwbWFlAmxoWux+qNRG3HPl83lY7zEH0gjFnGpuAsctOGn\/CIgy+CcWiM9zeH26eSXIULjy6o2ia6cosWL5oxm4nSmaOz1jSNsNYx\/IuznZBNLujicdVabLMIwM5jHV5RNtJl7ORe2vMsPayIVVzDvXWDnuN4jRMZKSKWRDE7oTL2N532z74L8ugCqSdHwRCSsBvtnIezk0Djtg=="} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434699019,"flow_src_last_pkt_time":1603816434699019,"flow_dst_last_pkt_time":1603816434699019,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434699019,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434699019,"flow_dst_last_pkt_time":1603816434699019,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434699019,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAFhRAAEAR9f7AqAGAEr1U9dUqEVIE7BnSwAoKCgoIQzGFVS1wWEYAAETSpZ4u7UFA8Ku9qqY5kvFyNpSxiT1VV17cPvqBwMv7ghXKw28SABJKpVUQZhos8gZxtncfEnCPtRM8w32S0cMZDs5YJHMDp+qFqUFXljAhASDeFUYMjqqmqK2xXAN3z8w3vQiOdFiUtKcYWIVDP\/7fu1wx3cHjtnddQmoALaCYC2KIbsUH1tUKq7vT\/+BVt77LwCKryVjemBqkvXXluDjghTk40ivSQ8jJyGleEHicaKXla1GVH498NloK14kN7wg0ok7tb2sKhAfFsmt0dyCnuo0IC82\/BgTcTshonNbNn8yhRQBgaJANTlBk2qWY0ux\/DsdHPsovpEqFcqjpqtsKjJ\/5p6SGXORi9dQLphct9xf1v+6F1wTFVWPe3eHdsSOyp\/BwELawr\/f5+1egKWq7+4mbOVH+FCDZRkNVIFyH23guM2L5ae29avq\/lWL8pVDtTjf8abgfWtxqcSisE4YkAeGaq1eE5OG55ZyClHKNDn4L9XZjjbN9CQ1GCe\/OFVXpMI2PfEiWcGmIKeNgYRq4gzlAZODLuPV4QBEq7ZKp+5NVSaLqgSfrcH6xV4wE+0j7r5VEhvr2u6n\/\/bPNSsyoQaXU5+q7Q0w0lQEj77lMwQmrPw8Gljv7480G9NdUwkd\/\/p5S1RtQdUh\/qH46a+7aNhOrRHoFY0Uu4OeMbqyUyS5uevO+F6ddSemZlHL7dBD608g5QoisaEMsylH8q+6GxQ3RHsnKKd6RLtVMJcIb3s7eslhdiZbkyC8WugF1Uqbss8ag8jYafm2G3uWVNTOT2Al+MzrSr8taRs+g5iy1aJrDEMOzdQltsGCgG+PytPM2beF4Lq0IbrxQNCgE5IJ8\/Y9zeDmnJ4YuPZxOPAfYb360+E01gUjgcPnkzGMH3BDGaQWI5R9EypmAunCrFBomcVpqmknXQt3kkvX2OcNmQNIJtzXRbps8SEeNZRyPGf\/u+Vt+vdAKZlK9BUH2ROm9VEktt\/tTi8rHZSmWXH5uaAhoAcd2e3heLdg8ch4sYkqsJ1RM4Bd84Sjoz2WT\/JoF5Jn56aKdYJgDXqR10AhI9yS7PKXqAOUJVXWVnPWUzccZcD251mjyMn\/3GgjEsaksW4aLFNi7f\/QSOqeUIKFWMvnizPSh25WGY5rgFsH51tkf6hz04KlSxRXrJr0LIOYpZWWk4Z9QNd1K7akZKN59RDZMEAAGot\/SFcMVuXXKWbOlkRF3PR6IvnUq9PUtkadRAtAQNhw2A0EhGpp4ig24HdCqTnTlX+RSyn91Y962otVZtd4BhAeT6BQzG7\/NfJ9QU0qM31UlaB1H0R3mj33T6fLRu\/gftOixAPS4oO8hH1yfhcS8101GVhNDngCpOFPDr4rVR5IXS0BzEmSymuwkNKBp\/eXteAUsH19jQgtpJlB\/27Cf644Gbzfhi6gaDA1HPNpmXHxNHTWNp3TatC1i7mgiF\/z3wnwpcgZfu7NgfWsvkOlTH1JrhvlpguHwOE8X6csJxnEP2vFDhgFZ6S\/l6TWUOJpertvpldvGLMawH9EAcvDIDM+HIUbHJDdTMzgDd9oEnVJHFpIlh0JUOzKA7NaFr5ofLRvRbxomK6JpYR2wIpU\/OYM3aMfHBOnsu4q\/k76iU5zYtsHGX5zTrd9syVHbfA=="} -01196{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434699019,"flow_src_last_pkt_time":1603816434699019,"flow_dst_last_pkt_time":1603816434699019,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434699019,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434699019,"flow_src_last_pkt_time":1603816434699019,"flow_dst_last_pkt_time":1603816434699019,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434699019,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":54570,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1603816434674356,"flow_dst_last_pkt_time":1603816434705146,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1603816434705146,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA3PkpAAOIRsJYocL88wKgBgBFRtfAAI3\/u0QAAAAAACFIdWLoQ6nMg\/wAAIP8AAB06SjrK"} 00835{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434707537,"flow_src_last_pkt_time":1603816434707537,"flow_dst_last_pkt_time":1603816434707537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434707537,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434707537,"flow_dst_last_pkt_time":1603816434707537,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434707537,"pkt":"pJGxgjQ5PKn0qB\/sht1gB7v\/BNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUr3wRUgTYXLjHCgoKCgi+3m+0woW7wAAARL68vqjG4rI\/AvdsCirEkqkyqlwlEk0N+rawpRZGeCeIU2ZO32fsIEz3GXMviYe+v0IBqeytpgNCeytK9t+KOjotJ7QVqpveJICd7IlMjO1HSAYVU5lRgXMoT+y5Fi2RUxr4qo\/CS3kZAFjeRFuCIjbZwm3OtOHC+vVlVA\/Vw\/zluUbCb4Z9OC05o\/XWJAPFWPOrEt8\/bTpMWLzNYr6bh2AAai1D3O2xoHVdm8ri3GSO8bUq2pxMjIn3ptNmbrkSU87wQZXGqhVeWh1ZsC0DBFqUluwXb0pMgCqpEO80Nhq5+u4y4i3hGodT0H1FKzVcs3ew3eq9vaguwDBdaKE4exJJv6RCncKSyg4heYydolHckhPW\/oY2HqheA4pFoO8ZtX95wKBFjVm9bJpYTJJY\/z31z+aUhWVmurEfLmnYxlCSy12hLAruC+gNCD8kQ\/MW4jyBAG6d7BTS1znq6T231\/W7l3AXMCvXfMcFqFuj+gmi\/S9kywNWZ1fPa34hHlg7mTIWR7jlUo6tzEfq2oqDEs+5yTslMb5FZJK8ldyYKgyBcGRm4I\/ToW88j5u17EMJLsfUqwGMs8bmd2UsI3BzwJywAmNYdLVpOCfPHEMiC8WRAAlJ3Q+5SLhd9OVFXGtu7O6XRhOsbmI08WdrJBm5J9ucdgzWkbl3i\/2eDZiYxTYiiBKrxh1bpbDEXg0VTkBcE5jASPmJB6nxZm61WNxz7BBfHP5VadrI26UgUPsDMVwEUXD\/xbFcS2J1PJleFnNI2j+1DmMCTg5N9ExM1u3\/T+Y0uyk6l54KxtzqSgjBsg\/XhFcM\/ODubgSuXCIsXFgZYQWzYGSVjfGtlg9HMWTHqZ2juNRwZqE5L2Y1hMws3fsY1ili8zQQG6pzQd9m5PP\/4DGWVRfKxQ1ZOXjzlNFvAo1T8tuTM\/f+7uMOnSwbTJyF4JRbDwJLDbu2BiW4DyD++iUHI1TX2h0xwwlOfDtDU\/XKqzZV94CRnghKvgLSuVmReTC4nhbhAh1QzzHb4eVcBbud+vGs+t+FDW0s9Oe\/hnHEEnZnUGinZBTzGSWQRNGZp3cg0jUT4QPjdPy8XyC\/POLdeCDrPUB9mDaW3W7rOPVTXvP4IQV+x5zM0ESasNezQs+QGprgL1EDIBS8hvpGgXPlFZ33Fo7w2YppnMED08hMlvAS6uJ4t8YNFbTXcL5HnggJFHBH27Bm3yvE8hbfH6SwVufZ8xM+Tw3qfg4V3lxg8P8AwO4P99Fk6O5149Oq6tAEtMX+WnBYLaxWrBiKCCuc5plEPAU9\/ZoPaf8l47lpmb56KdTriyN73TanAKwfbP6jIuj4uNIxQka2RGbqyo\/uLCe+FVRjf9R6E7hPl6i9FsmDl51lDdfvDGWrftns8EcWHuJT1pCO7UIHJob2JLCsxavgPAwXAF3a5o1+uVFCKwWrw3snRqgYx5CEEXaScXy50PTK\/knIkowD2tWEjgiJ8xxxjFamG8tuawm7Urqq2+BqDf1V3I5W+o4QxOSaFEJ\/SP7Wg3EEs5WP\/+ds9hapCjPQlUIlkyNKi8R+ri6pcpgmc2WXtbdLyKWIrR+mhOTL4VpBkPN\/EhoXvYOWO65B7Ac2ZRH43fZmgo68Sg=="} -01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434707537,"flow_src_last_pkt_time":1603816434707537,"flow_dst_last_pkt_time":1603816434707537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434707537,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434707537,"flow_src_last_pkt_time":1603816434707537,"flow_dst_last_pkt_time":1603816434707537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434707537,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":44924,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434584609,"flow_dst_last_pkt_time":1603816434709551,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1603816434709551,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA7AABAABwRNNgSvVT1wKgBgBFRqdMAJz2HgAAAAAAACN6xPRoCi6ch+s6wAvrOsAH\/AAAd\/wAAGw=="} 02228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434719606,"flow_dst_last_pkt_time":1603816434569249,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434719606,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAschAAEARJZfAqAGAg58YxobPAbsE7L65wQoKCgoIJv2XczUh4RIAAETSm4e+jGeUlE\/B12fljD+RqcpH47cYVTGlgRrNPB1pt4i\/tbOCC9Ip3Az5ZlXd\/FK3y+qA0RLTj+Hs3M0j8vRCArTbVM4C5NgRxsbhmviOgStjfj9\/bYsZv\/EjOBw1tJ7JBggMh5UbD2IApoVeQbXiGPK49HtmmZ2e8vNh\/DENBlDkfNiA\/Ze5qo3h724av1SIVZrOuvswt3oWie0bK5Roue+xJHmSYlIdNZfnzXpwBh7c35jaMUWDvYBeZmckm7kJc\/YlpNj25UQZsKAQzZSxGyFkwPWE1VZIIf2sR\/CiM5RFNmS8PgkHq67u5CQ3Sonb6Zl53+rO66OPeJhUkGQNaSql8mMy7iu+inJtNa+Jv8r+Mk+hsReHOd3O8emp6fJ1y9UM73fh5DirDtvnZZ3V6jRJ2r4Rygc+0kMBn4CyZ+getScc\/+R2siF\/4EkcSN\/DfCIEwaf5cBdqU7sUr9jhm8ebduyUf8MMp0mo8YLH5Ld6gayewdIiX7e5MgOtKMtgw+6gQh+Bv2MsHuSZkTMTDQf6U2V6WVpP0Y9J+TKxzWfaCPfnLyfJhAvO09EXRL4v5CauDRrgK66O64n5FFSoPkt\/cTCu2ZrnJUnl73ZUh5IMHcF5qrpyNgwYRdzmLOBKKUcbZsDmgTWWmVQic025bFbbeJANUemP9rPrhK8vpdcFoj5tc09KJOg24DVw0N\/8s0k41J4q5XkRqvAq3Jh031h89LKhx6BQhfHBc1CWUzEmpurvpV2Ys4EtVyEOa76yxKI9JcwQIwxvIQGEJ9wsNhbJGOcCGN65fV293I4+Q6O6oqi3DRDkz7R3WSxRmE3ALQUURzNbLPzkf5OpbRxMjRgBCXiLLxDLAMGYwM3F2kI+ZHH4x55d95IB1d\/psHRZShyVEYlzUKCnwu29d26MEawfpZVAaMzVRo7xXV35ZRY1D8\/9qSuz0fyLsjjlwkVcHKzvWu8cUA31sZxhNy8BdqKz2pVYPgrewKlXoKgRl99L31koA071JJjVhvzH\/gU32UecgmYeQp250l9S+wco1ff4R4UyUmOfphDkNe9Tg\/fRpjxgKleIR8kU42W8ME9YzuK+U6l+SwzLtodLt+wCvEs\/5vVCJoajkAEX1WivqyUrV84SFPKxXwpiL7TWr5xgs9A6ntAG+LEQ4Fzm\/5n84NssQOABVYGxSC+XA8kEi5T+j7oP5Z\/shgDlJzIXGmWwZLuGT\/FxXFjW5dDx3DqqqjLeUaGgzxk\/EyBCH1h+zMLqNGXZu5UCHMlMD0h27AhID+7gDIkyKn3TFzqvA52QgVRJ5KzL9Mb0vBqkit66U3SK0k0xi\/SfXE85fTw0NQH2x4wd\/v387iGFuVPBH6D0J7PwX5flRLQgBtOy5jnJbhc6rzs0BouQP8a1FymWYQx9YUWzK8DXbNzSVWzXnmMxjgztNz1o7b+kh5m6wUcvmLd6ZGQW6FIkZrd0dtEs\/RrJ1+OEeg0MfVSwR9Ik1PmVJoBjjnSVS\/EB5t+GQt0btx30I4eSEVuRu2nS\/9zrg3dvua9zEzH6y3wCr08vFuCZT1u8r3v5iOQmHyKv5pfKvsINf\/+Z3UqZAAlmAb7gj\/svvnlt+IBIlM\/2nf4NpSTCux5l816mDS9Bl2mt29n21gH0vw=="} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434721106,"flow_src_last_pkt_time":1603816434721106,"flow_dst_last_pkt_time":1603816434721106,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434721106,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434721106,"flow_dst_last_pkt_time":1603816434721106,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434721106,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAzsFAAEARXhTAqAGAilu8k5wnAbsE7JrHxQoKCgoIhyfaf9ET5OIAAETSThHzecvOQHDw4M1KEvEdEUCr7CAD3OCoyACaSfQrzochTChRx6wrvVz+n+iOMS1T7uOrLABH\/lkEcgzaWAuVRzM5GGhP0QAKdeAxNm0AsijqoG67hGFscKpx5Av3K9sq9rDX7Y\/VGCtKE++QbiaTUGCfsHrykmsrI7QPeSxlf3ybNOigAkts1eOpMwz25k+b9PnMwdGgxKqc+p7n+EcjPFQejHtIcCrVrKASMN5dFF0N\/aceKWgkpv55cG51Qbpmor1iK5rkX+Jp2MWmVKxJJKA6VEfDmOs8+rh9\/bYDHg0cT0TQf4Zr2hLCg6RgKQkQcpxpjnqjjVnWbgl6v1vpjXEkfqOp6LQ7SyRj3OKJU+CC+q8T3ZrAxjtbgQTH6BSqNj5efXKABdLu2ZE9S1a376exw1gxC4aD7EfQxqzjGirRnUARwvI2VMbxxc2dHnrZzXTVUrVa81Vp5nVMETLO1bny7V5SddubE07uIzwFndMmsYTjkTJwD5XPAMks1RFaNVtVW04V3zer0QaCSFmPpOrKA2ENZYUXRl+1Ms5r0ujaH\/BvGzVlt7DDNrWHHosR4VC\/ma1LSnbA+WH2DeEaYdOBu9k38i9r4ijFtLZ3F8QT0b+bWuRxlbf8JzOO6XJygAjh4eIcY9Ifn6Ag7e30VziB3U79j2fB4F\/Mt+Uv+l2lFBFVyIRYWLQl09QlzkOdaohOuoVGT+vunC1+0eAqFF3oxCobr0gBT9\/9LcLUFdypCpP4\/SwPWvfF+zqYocBjePElav4+tGCKrt\/mkRyKvh\/nYulR4dFSm9pIzgjYoT78ZAE2lNPXyk6\/wkm6W4x\/Hk6rPPDi5szKTPrrB0V1qBTNahyFnb9FvHoXB4fK89PmOZMp\/yecWo4kP\/4lCl\/0sXffd\/0V5mQwriutI7UUKJmZLeDjdWC8J0aU6CLm\/SAEqxf88fV5pVMs0AYkAPp\/9j6IANm3UDJnqgRh8cV1\/31bcLPsjWchpJZggmMYkHI2wDN3Sl9zv+cjKCe7+jCl4jW8L\/ekF6HvMfC0eZ4nbal4FyAx8lo4Ue7X8ccf91\/AaqxYlfnlLzjGSpAQtt5baUgZHgnmszaHCnFbo2HHjdmmeu9Y473RvYemO3l50MKmLZG8lmdXQYv688u9bT4irxXqmbHi\/KHwUDOgFg0j8s0Y\/EmH\/pUgZCvgDFCtWtE6OW\/Hyq+5Cq\/HLgwB+IqdME7iVh3EnO3YfKXA50YgeqN5yY5ZNK6jO6v4bbk7\/wLtWdLdrB98VjrtJxA3EfSPn3vx7DFBmIWTYqLE+TpavUx0HxH19PjHereWaV9o6Cgs6+3PWf4tHc03d1rwK6f0xuBoogN97dsTvTJpqwpURumirQKVo3x+5CvP7oOU957Rt\/07vk0ZfIXTZECv+R5Y+R5gZfgoFzxzcENMe3qIbQZk8PFnchoS4GL\/8Y3H5Zb9Ei56qun9YxSW1Biasm72GWT1NwX2gR1bQjPxGosYAY\/6xPeLmkDAtOOTQ4g1vxcLLP8ZY+VaGsUNC8YbA40ig6LjBd1CD5E8RiAqEa9E2sD4lNd4+rToxZT0gmByW82p\/TzmPxSzryYrUGNjoU4d233l88kz7+WQyjC7tX8oBOiRLI2cu8Cgzkq+Qerk7O1ahg=="} -01075{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434721106,"flow_src_last_pkt_time":1603816434721106,"flow_dst_last_pkt_time":1603816434721106,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434721106,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01107{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434721106,"flow_src_last_pkt_time":1603816434721106,"flow_dst_last_pkt_time":1603816434721106,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434721106,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":39975,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434721167,"flow_src_last_pkt_time":1603816434721167,"flow_dst_last_pkt_time":1603816434721167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434721167,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02221{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434721167,"flow_dst_last_pkt_time":1603816434721167,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434721167,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApPtAAEARh9rAqAGAilu8k8YREVIE7C6GxwoKCgoI6izyia7+eS8AAETSt+QbRbxl9Fm+cZhPehbbyuY4X98qiUiG97DtvQxOnW4mI8Cl3JV0HG80thoAdqQu1a\/K85y1Ygj5RP4637KMtJIeTQw7yPPnXHP0zU4RjZ62TRhNYZ6eNVI8rDTqX1U17UTGdzCJDQ6P3bwSFn\/hecgMOHAgJBSmXtzvmrL3MX129OuthefAiwdrij8dlZ+1POyInLQ1s4zElf1Qtel5JDZstCNGEQMu3Yksb7Fp8N8QxRhMiYahy\/rNZuX1sDo+S8Kt0f4nxECcA68o5O3j7RZ0UkQbCk7TY7P0k6hNhGbG8k6dzns2FDeBH2AWR18Xa6EbgQ+OE51BsT69F5Mw6Qv4zVxrj3nvm+j8ViswJ2lGHUVv\/wERdeEUkom6scesBC8GBF5oO+ERsonLbBlk0k64qeF0Mq16CQ2Tk4A1XJsEkeKkk13FfpgZ4xmju7ZvBKg6vyEj2GwP\/prZKaMYyek4cy3+1jkURWmaCVIJ30zt\/SxehiygkHDUiHnhD4bbKnxoZnxLWYNZlzO2olSPOXGBVUKEmol6Z1tK9f9JtrTB1m6tWsGbvwGSZA1y816T1+9q3kC45+v+o6ZmsHQTQIKTABYPnt8Wtf0hV33bQFBnhVsk2Gxdzjdom1ZLnDG+UAt4D1lf5cwBPUEisJIkPJBWS+rRvxC4DSNxciNVRjBHHot+7iiljC6QJOc8tv9ovBuMSSgCyDMe9n6HZtnwKuFrJijK9sqICpmLcJkRKxtUrOmfIadJlbAhdaPlAaOtL\/gMLjBp5boNC8pc8oLdF5gMKu0u6JrSWcFM7DMe\/SsSxMHlXi6oim5b0Bp8EthbxMMoLevrzbay70814zyI4WTOGY9vs32q1YnE4xZtSITnSbueYtYs5y6gAD+78I0tPBp\/bsV8QK5jclDqhGJvB+AVr\/WiMRT4OB9wSBwZXgYvAqWVfPSOkoHm3S6eJCcDs9F2x+hzEigXYsc84EvM4A1FCIAV7dO57go8nEQBW53ScAoMrWnMLYP0jkSI6suyGhiNp+h\/hClT+r\/Op92bWLS0pmZuvcNoTh4NLNKHapDtFwkQScIFRJ5B3b8fbGgludLcc2EtUA94Vc8QXVeNTIe0oP4s79m2XlQxy5y6O6OOkdY\/eUiYY9ApibduptWlMeUaNEA943We+rSbYXAEwOAraCMgbo\/PxzNUEPSqGnFDmTG9n+KnmYQi\/Alvs3QfYLLJt92WPsYBjHomiJjYWrbbdpMsFSvM2JeGnLfPMCegUq7+rsZIXjLTFB9Be+d9JUJ623MReNEYoMx8+sr6dCv2Gspxsl42k\/5L+7+ZDtFPo3XT6sEDxDYJvaEBjW39mG5b7C2beKtDSKu9M+wzWHdHw90KV7KS6\/DYWbLEkLOhVtsHdqM\/8MkUyr0noHt59IlTRvNBTWfpVdPC4nFiuDekpKBrvN+3EkNvSU3PCcM3kbQrdBSuFh0g28\/mzkqSAv0ZX5bxXIyBY6lC2UEqGMZo8UOe\/BO8r+hCIJMGZ7nG2fzy\/+YOPtJrO9Mb4J6yQmY0rqVI+EvjNDPprLHMCYe5Q5VOAznPM\/b5ELOgKrzgym72uZNPWn3W6OK4K\/yCjCGoXsltbqumaaP0\/hRyLF6fCMMUuvnes1g8uU+5d9gQLw=="} -01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434721167,"flow_src_last_pkt_time":1603816434721167,"flow_dst_last_pkt_time":1603816434721167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434721167,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434721167,"flow_src_last_pkt_time":1603816434721167,"flow_dst_last_pkt_time":1603816434721167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434721167,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":50705,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434628781,"flow_dst_last_pkt_time":1603816434722567,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":109,"pkt_l4_len":55,"thread_ts_usec":1603816434722567,"pkt":"PKn0qB\/spJGxgjQ5ht1gDhB1ADcRMiYEqIAIAAChAAAAABJ5MAEgAQsHCsnVrqTT\/kdpHoB9EVHHYAA38EDMAAAAAAAIJzYQ4GSWjENRMDQzUTA0NlEwNTD\/AAAb\/wAAHP8AAB3\/AAAe\/wAAHw=="} 00625{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434599720,"flow_dst_last_pkt_time":1603816434725950,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":113,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":113,"pkt_l4_len":59,"thread_ts_usec":1603816434725950,"pkt":"PKn0qB\/spJGxgjQ5ht1gBLlEADsRMSYAHxgjENIwUQN9nn11N08gAQsHCsnVrqTT\/kdpHoB9EVLLcAA7grWbAAAAAAAI85\/7s6OU42n\/AAAg\/wAAH\/8AAB3\/AAAe\/wAAHP8AABtQQ1ExUENRMMoKiqo="} 00827{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434729337,"flow_src_last_pkt_time":1603816434729337,"flow_dst_last_pkt_time":1603816434729337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434729337,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02218{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434729337,"flow_dst_last_pkt_time":1603816434729337,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434729337,"pkt":"pJGxgjQ5PKn0qB\/sht1gD9VeBNgRQCABCwcKydWupNP+R2kegH0mBkcAABAAAAAAAABoFggmo4ERUgTYcSTECgoKCghziEmCXfFrHwAARL4b9YC0jUsti7Mc5rxL4bMvXbxsMAL4olVYvjN5PRilW7n4ljBBgiUUpEp6wkwiK5RNAL1DfWrRUra5EMQLYa7yT41ymm1v6KJQRwEqyPeHRFsdBUytKI1rPpS2iH3d+FCzh5\/N6Z35TAJ9TEkCWIk+Ml+SIXBhvhzUmKrkh5gS1558X7aUVr0+OVPR\/OBAJI6M04pwjG\/TaX02ASBnVhuctq1ZReIF0Qlkld94+mqjWxQYB1h\/dpYajowgC\/v5jRQEyHEsjdqTOCfqW28oG8epcCImwCaKkDGkjO6jIwTlSxF6latNrZSmdZRrSDZoCq8uakGSkhQeQD2tbSdbJP3NIbv48WygGXsPWffl9u2ujdRJm\/mhRyLkJCjx5sa5rgRArGikWOTIFjBiZskkStgxHsaKre0OnrY1wLFpG4jthscTHZBq1DL09xjZXEQJ2ar4Dtzgafat7TI9Hfak0NczSvcPxpb3sdfCJrdFt1LLq8mrHti29tt00qMRqTnKUeIkHYHh7EQQ9oqrrtJifM5cuHsdjGPMVxm9ZUD0068DuR7m1j4gZFuCYXIep1D1iLrNXyk77C1SoyXKdL1MFZ598bVXG059RuwlXJhTx+IppuQLvyCWcvMiIipe3POlLLXybFowBGtm+37kvSW6bP+6Bxu21k5BVUZfDmEKQyiqLWLjwhxn3jDb4fTI\/tsSGhcc\/41ZbDNffoTAgxCap8FDnwN9k1QY743o2ZLez7kXEqmuCSqROQE0HUjKczuKGz33rl5rbKMOlfIb\/lA8U1oeAS0Sj3wgBhRgs1SQYzWkBHGDyVcO7BJnrphu3U5D+htX5HpNK\/0e0TAN25zjT+K8nEX\/3DxvwlbRk5wJn+AyZ6JzbbsH\/1G362DzBVBwHYtagkCvON+t57Hc8iE0aTENenXMtwoN6f1B1wYZduiqdYZPniBsQbp7yIJXGHSGCsbl9vCCVYSK6B4mOBmSs59Zd9Zrb7yQCHCnL46xUUYWuW9XHIcs0q\/XTN95d+nDWCaFZa+65E1OkZ2fioJ1I0J\/kglR5x\/pGBhYlVfLXHAZVrrS3NBUMxiwiuXE9YBgC9AX1K\/KCo5PwZac3eUtWl9Wvsqatscy6Zn2neT5yibaTDkcAz+i\/SD6bPG3oO+HswnP0fQu\/hQQV52AAn588lzkI6wOW1Nf2SkEsrPhNqIqbOT+45N1cYw4dXaKydqgziAJcH6frtCv\/BERLWdW5ewDhAVbqZlXbOJGS3oeEiYxUgAGq5frf4Jy9sSj6pAt8NpKzgi1DQyQw+BwQnHXZRD\/HBVXw3jtQ1qbfGSm14e62NKcGoZWqPZ0CTo3qMtWuIR5HUMC7Ai6bto6NZQHe4oCIJdkAxQy1eEp0C4LTqq2dwEQGt8jSA+u5zN3lFYX3qO0vvZJcB6Zk0gu35QWPxA2cbDcDeaDguvChaUcmmEJupLYmfRogah2a2iBSw05H7VN+qBky0gky1JC8ev3mlnS6NoFiCW1OUv+s0O3xZXA3kkBnLnMiQ5jYF91oGnVVU63IlOma6Ux58+jDHxiAI7Pk+X2pAFVXwS81L08kdqsBZcYLq9UHGw9rxSOOIc+iP4xlUuEXJrJ2xk2YuBRoQ=="} -01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434729337,"flow_src_last_pkt_time":1603816434729337,"flow_dst_last_pkt_time":1603816434729337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434729337,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01262{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434729337,"flow_src_last_pkt_time":1603816434729337,"flow_dst_last_pkt_time":1603816434729337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434729337,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00831{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434729343,"flow_src_last_pkt_time":1603816434729343,"flow_dst_last_pkt_time":1603816434729343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434729343,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02224{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434729343,"flow_dst_last_pkt_time":1603816434729343,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434729343,"pkt":"pJGxgjQ5PKn0qB\/sht1gCGnqBNgRQCABCwcKydWupNP+R2kegH0mBKiACAAAoQAAAAASeTAB2wkBuwTYmHTJCgoKCggVxSlYpn4UkgAARL5ZLsODdf27vLuu6GHs9eSXiVxIAlfs7TcHZcazXn4JE3\/P5JDqe+tOVWQWmWJiN1Zi+QMXxBMeLDuq2FFgXlL2mFN2Y0Hpqzt32q0IcYNEtodCx0cCDcymndGz22NucmhqDhsBTfQYSZ0TGfZ0Y1dj7OIdkztU4UKtQk0Knbx0pPfOb04IoU66JRugmLaY3NcS6\/YWs3i+G\/Z1NaiZhF7wHXHAr7RtRzKLb2gPHbqV9JkwnbYNdieDzqo6OGYxfFJAF9UdpTyC5RofrFHDOiAzzOkMjstRpfIx0da81MZNBFjRQx8VBZVl5cb5VmHHCRKqUJJ\/pimnlqr6\/rH78B0tJyJdMLcbA0k\/GEaMgb2r9k+khrfN+IYPTP9LEK9IyC61PSNuLM7lCBCfjRBxaONHiGk0HUucFiwpQMj72lTAGTUsQa8qFngN+9r0I8HgvmsmOXC4IyatQFicI6JIBY\/\/xLWv+tugw\/qAeO1niZ+nJFTAbwyvKydJ4CrRCQplld36lx1IDKeajrlxvSY4TO7ZlmYtBTR\/QIZQ1n0y7WxFPForSvTZ5LmkvmQy\/XOIdCHzDT+yu3OG+dlOa05oJSJ5squ1DJvlYS4iSqaRgDu8O1f9s7zQOTQDTlP6inO815rKmw1YpQze+QAPS9Ar8Eh6loMYvm597mpGIaaCjBGmRjM30Y3EWQUMoVmSMYlr+ndlJs0\/parg\/PrflXFNfkn\/Wllw4cvS+JLWNhoBBJwDWpM9YkqIgN6sP6Sf1ACXsEwIhZbB5T3Y+mzlz1fEroyxtSisqFOFlOCB2g0djczdb72gMhUvdB4kROfNLNOm8f4hG1ZnJraoSrQJwgrY+zsLAidSwY62GHtAM9fUNITWGPk7OLfW3OjEbL6sh7ywY+xM+yu0nYlxg0Z8ST6zlbK88Dw9rVrViSQ3Oke1RR\/RShjWSOBcuUxTcA\/eXi5dEcOdrVm6ZsDQ0chPleXisZB4yI9mZgj+jwkM4eFcO6OX8YpKRHpSZrb0SkaAHjgOICK+1d\/ehnzz7M0KNYGDy8XZ08SS3gXJzSNXZLonqI\/bweWJiS+9rlVrB5J5IwRHJDEVN2aAZJbdqAdmcFPCL7XDwYisg0GfcM\/dL5C5xxZS6hZbPHwzwJ6y7r6\/T+A0XWV92UuetwR0QSUywswmbazFGMC\/MBz94jyq\/TrHbvq8OgHad29+CNuQfDZZomN6lJoFhgu1iOIbRwea4vmYiVysTLFxxLhym6vQpFJXvihZGX2xoV1bucff9DyhT5\/Wm8sYVpYS8i2GcM3jWfruzg6rk0SVDY6hf8HFcXkvUJGnDN4KwlwULBiTr9COS06u3di2jUKJqL6FFXM1FtZVzdRf3O\/3GNXJ2HDuA4IlWQXWMcKwj7HbOKOWlf39BkQPYBB\/3CwqDH5TkC7Ny98BmDT6ZzxJIZcSDCUoAZ3M1Es1K7QjuPUiIJlOZZ8vmraAuL1z0zGli+qvbM5O\/6zJbeqSM2M0z0mrGA7v66IfdcHwb0k8mj2tM2aIyHApEXwJPFbWKxWcFb4yW1jdVDOO0dDpGwpl3Ci5EerREPl9RIKJcKdoNqRq0LiqreYf6EOoxrVqsnRGXi8dK3qw4eUScQ=="} -01112{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434729343,"flow_src_last_pkt_time":1603816434729343,"flow_dst_last_pkt_time":1603816434729343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434729343,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01144{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434729343,"flow_src_last_pkt_time":1603816434729343,"flow_dst_last_pkt_time":1603816434729343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434729343,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00821{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434736042,"flow_src_last_pkt_time":1603816434736042,"flow_dst_last_pkt_time":1603816434736042,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434736042,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434736042,"flow_dst_last_pkt_time":1603816434736042,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434736042,"pkt":"pJGxgjQ5PKn0qB\/sht1gDJNoBNgRQCABCwcKydWupNP+R2kegH0gARnwAAQANAAAAAAAAAABqn0BuwTYttHMCgoKCgiHmjxz9S5+NQAARL60MndZKQNzXHuWbuWII8yYjx1QNcGEa3n\/tA\/kZwZdo0+NMbEhrCvw4fqUesktNwPhDHylUS4gcbEvHHb8Knr61qY95Pm5VKwq10YKtyHKrPUvOt6FFf4EaXlhbjCjP5PNGMuBPWvET6CR\/DNJ3amwoZ8AEiUkCCce2IA0+qLjflDvOu19oZVQSJhyk0ID2QUVFxDX+RIo\/BCEiyqGwrxxtUHNgSlpQhvXLPkd7gs0O8q\/1O3MXjjXw3VV1HTEIvgh9CIZHImqbItBAkHFYhj85297ojhzntlLLEMQUeWyYcLZaQRQLAnNxNHIfLFBwCs6Cttccxk8XUgObPlTQVTnnGvEYXJadvbFnkb5nj0E7bmqr23E\/kns4IXbYRFlEjJZfAc6UWDdSOXBoZHXMIAY\/dztkylxbqayCWGkn8v3wQJvR2xFoTyKE+Pp5saXn2uSt4EYi00Uf6fCGbypDRgDr6HED25efO5iFC99NJvuET7V90ObiIxoji+jOYwIL0BCHSm+uFeO8i7r3GmYR0Qg2iAiX6ZmlOl5gmCd40kAXe9Lo\/pKr3+r853YnPdtRNoIckFL+PsGubjlWj714eDNDRnoSoHs8UNwnNN8sF12pzQsAVr7qLBt4e8KWXFMXfkfIKWSnJhvivGIVrhMeN4RiaQ\/jippacCl0CUjlR9AUDC7DyDOswJ0+eP9X+z1Kkt7EaP13RXwGDeKbPLk\/tVc3ZXQShkobo74qelkPT7nbFmTZB78n2grmfmy0C6HMQ+qUHKH\/MfqCCK2ZnmHVM8veaHwzWHFJ4gVd2h5wLXlBRQqCB2AZzoyKpcMZFNpfGh+rTCIwQTyVZzycWPvtrbHzPNg+tUe1i\/foBt0+XApuoCCwHOsgf9nS7IFS3h97hfCh2TYTKBM6t9C3VPFYDuKYfUjriuP3G2Eq7sMAiqBDef1fYGxLN\/Dys1ZS2B2n+Zqt6K1diQtrzsIwKlRRg+XjfSSzPOVrKeXYenyNePWIMOs4YVAyvkFPV4RM\/osDQvZvShUA0iRuuMPCsj024c7WYx9lDihj4EJBymWsIkTQg0x6rfvVrFojeVlS8zgiytvfAIJsOr+k34t3NbLaK0YyfFcVKBnFDiEC5OcAMd0yi6ouvtE9rJyb\/CiH+Vtx9OSGkbowLLyCHtZ1EUgA0\/vr\/mU+ea4hE\/dLdDDjWwxrJg1oKjnYeHQvIDUT0MVaXTlMXS7\/F6HA7\/5QTayU5MU3hKtpwhACAx5gHHhue3iTscqXigKQ7oiaLOdxRIJ2wKmzNzvQPCG5UmOLnsbM\/3lI+SzzLjMM5HxKsnb7yJmS6z2+tdEoxPOa5ZNm7Wc1LoGgLZd+x+V88MeQDFaBDMQHNWCS8z7Ruv7Q8Jc\/JKShee1avRiWD+QjKfpjPULJzGhq8IhO+3xUZoq\/xSnX5PQ7xqYQY3oim9xsL+ADJPPe0oE2O\/lbNfbGhouInwUUVqUmdk\/fion2o\/ylxCHaGoB6j8tJgJq8ystdV8ErJCcEhkKohD7qeUu1YL\/exHAdFqCo5yGAJyVZFmJD6CkMOCvG195MdsDa2WfPCN+fs1Twy5bRnpAdq\/aOqOWkb9sVtpRcByoK+nPaUgcYcmBQw=="} -01102{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434736042,"flow_src_last_pkt_time":1603816434736042,"flow_dst_last_pkt_time":1603816434736042,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434736042,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01134{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434736042,"flow_src_last_pkt_time":1603816434736042,"flow_dst_last_pkt_time":1603816434736042,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434736042,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:4:34::1","src_port":43645,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 02217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434738509,"flow_dst_last_pkt_time":1603816434587784,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434738509,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8ydAAEARtHzAqAGAwb4KYucjEVEE7P8dwwoKCgoIOPxKwZ+D2JAAAETSb9UlQE89ABeQeI\/QpsT81kvbf+yGJkDFJiGPzWvy81KCH2cJiDSPisJ1QnX5xtmzBkvUHRp2FuQGYa\/pilZqNP70VReX07WlD\/pZQJVCbigdcxMaEYZASHVRfutuRBKJAqHBAwLkNLD3Z3I0ZaHCqcS9KYzw98tkCokzq6mDpHzHtf6ExbYo4N0cIacCNvdP+KsCtrUQL5WlJ9CyKBD242cIc5CKdLYQTld3qevU3UaqfhVdl5eNkntpOfIkomDk06sEpzJqxU7qHCvJeRN5m5L79zL+gTeIyE9Asm2jjoxtsNgfImDjEtUQxGhWbcpzrh3DpfCal+\/Lh3\/9pzSQhk5oc7WisaXX4PMLYNl+D\/m52ZU0UFUhE0+l9n3VSr0dkOaUEe35MHeuokXZgwXZNMBFC5igXXlE8UTLsi0ue8JTTCNLCTt+A2z1dpM8DEqH3biH+qPKj7JaqT0dHO+FKOdg2AM+f4RwN8QCF26RT62FuMBNmyc7aD4PDQPxUCYmRi0UGMYomOoMy8hZ\/jdhA0wX+8Om3VVga0TGy7NSDrerhKL7+YEsof035rdtPH0Y3j599QoVaO64ZA3v+T3u\/PfqnGSNilFgI9flDp09Oakd9oM2lrpaAWLKUI\/yiWEn06khwuxYpdaA+jHlJRUxbcAtBcEA7Cj1DsLuovsIWklWe2vDb5Co0vAUw5gsM+5gFIyui6IYAnMYEgYAo0c5k8aJzc1BMlQVQ3DaV0O66JJgt45uH5jizP8oxu2Wh52E9LT2KVQJhcHClILWv+P8RGxhrIU6t17U1LVUVBWrmKV60at1NW+rS5XSlF37anegq12p4\/NuoM\/YA2qu2AGPkJxiKmaQkbUvxD27zSetz4qW8RHM7iubRGqfzIBqjSpWnrxid4CaaVVEodx37MBRM60oKdEd8diMaexoLpCHpXy9\/9K2ILLllW9BNa9VJqdBFl\/PG2+3KXrSPTzMih\/0LgFxzrGSKn0cLTERd6NQOkq4kYFwu05o3XKSFMJCrrKttzDQOD0Xxkg+EwHHOHzZmUPRCHUL9xhPxEJdnU1P\/3DLDZMnviROzqkxPMEGYvrPbBWkCovwDH0\/6kXKJUwTNn4cbIQkW\/t2p9CS7lBLRdj+DcuKY4rzac0WcEfT58KRBSZN+EEOJ8ox4ywybHsEVQIhRgiC6M8tZ0Xtu+jwmRkD7RXtD4ivQRzZZrdRaM7+tfWpzYQViq1cUl0HobKvf8BQLMQNaUHuCe2x0spprn6wrhwmhtFLZM\/3JUQaheNThydzrhRsBxsueLLPS2wSHRf5YbXUOfqKT8x1ZUxl1Cu9Q2MBtIfuiHdJowbL58DK14UHd5YMvnZi5fDRxVUztKDIVYQMqMKH8yV9xD3VGPyIiH8IGHHs5mHayhzBKpOTDNSJvoWCwUSiT09RuRXMK392nYlXWcB1GHTIFJkC8XToE5ImQ07hzYbIBq2ramFYEZ541ak4WuKuC31\/KEs2j8jC9NQ9YUqFgEBERIZrXwnuyNqHXFfcqkiJHQ96OMVEUoO+dD1RwDoPZlAiSL6Y0xKWblqIJeilsDd4MRdVKt2kHPj3frisO3sEnc1o4dW8rgPCUUWuyR+3XiwvLjWNq9104NxX8nzAm\/FnVOMJuAoC5Q=="} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434743648,"flow_src_last_pkt_time":1603816434743648,"flow_dst_last_pkt_time":1603816434743648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434743648,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434743648,"flow_dst_last_pkt_time":1603816434743648,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434743648,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAbxtAAEARaETAqAGAg58Yxr4EEVIE7BzKwgoKCgoIBzLrVZ9ibJ4AAETSpSIYhDhoiEFvP1qBCfMoU\/4qjpQbb9U7jdmFrc8viSpjQA7eDSIQICGT\/pnAELg3vnpeBC5hTrSAg5y0v3Nvj85YCDRYDUNtZg\/gqc9lMinrr2qy\/+tACJsh9TULiMkhVXBS\/DnqCBfVla2xKSlWGVYDfxfjWPLOnhjK4tuRvdsBg38QhZovgQwbE74gpeM+C0l1yFZQr\/3HZtCstNCtOu3UtW84W17PI7FfcdTn2s7KMsKWIseHKaKkB14DaKKUlr8b+M0Keb3aJipD33LW0ttcYvVI7edW5O9HmyMTEHHmLBoOENtgq1qxmaA8dcVwULmdz7v7A89bnJ9YPWVoQT\/AY3vPa9CPc7aXzzjpQHzXvLmR1Cp8lyfevJQBBugOzD1EFG+6ORqgxwy\/t3AMVq6UiTAqOHk10YiYfoOWp0mc0l792MEYihPH4U0Q4J\/xWCQfYBLc2RwO5JS8\/rBGN\/OkQMwq3X5t9nFOjPPZBRc\/+vV3l78KFWTME722BMgiyt1PB0IMcr\/wY9oB71n3944uqDUTQxh283ZrXbfA6w8v7iNeB1nvtIkfZTo5\/9dY9NpiV9qF4AHCmIy\/ojTRgA9UIdX8hEx5O0FmtvynQ+mLeozICBFeXAnpoY8U5dl0a8wlaBpakWQutMPrk\/nAriiy1jFsR5LnosEI4Yz6\/MFOg7bYZIyHPK\/xf+9zlkY7T4qEj6ycOajZ1TYCeHMIlwhBWcOIPbgRWdOWETBlCd6sWgfOMwJCAXcjFu88KLuQ+pCjd31kktdw1RVYXCTbQod3cSDHFSoD6z7zQZ32UQ\/kR6M7QstvWKuGXKrevWSqUPnQ7HrYNQDFIBkklqFkxbVZcSnT4UUB7KQmwYtQUc3FO7o6Sx9BRuD68Yg\/gcvk3BApsJtzmbS7xsNHmaRwAqrqaj4+m2ULPGLQS80yS6mffzxUsj35+UHRRyp7PYmh1cC9qTzCEsRA7CjRwHLjqXJ\/bFB2ydqN23sLpT9nS4qU4QS\/HV6Wwrx0WtQFBbsfAW3fUZkAAZCl13hpQUwFlYp1jVMEWAMYBq5YiQtqre2ANV2GA425sm0cmnAEoAPOvqCelpE6WxYBAjJ6Ob9xQn5fw5KtiH1vTt2jIzGqg7h7x+eEG7EtskR3WXy2ULpj8avtEHxoIAYNFuma3Kw1Q5I+yp3gZXvCg80hvQ5yvTMTRFEFLv7e3AI9MWK1ez\/Gs92MjqKDjcFapzN8J0ncdbpf7VMM\/SAAAyn39VVA2B0eImPwbFAkVPm6q7XMvwTw43gkYyH+tIZCaiByTp2fz7f13zt5uWkHJ\/xdDxZ0QWMsgr23LTh8uX0dAi+gTSxGMdGZ+JMlIsaX0oCPfGb0HHLtAsXQYqZ0ZWPw28mWBYTpruOoNFb3DlX+6qExjK8WSy1ooe5+wJKkueb4Xmv\/UjHpZRrauceITr70pDmM\/h\/qmPnCS6hmsP17czX\/4rm35DUjFnD5mDlo+Qvw14FGc0FaI4S4lHwDgjoDtx1uxn3T6ZBIvh7IG+k1Jkwrdejn5+rYQQ7D+n0F6ra8Kary+Yp6IxTLgWMA39l4flYecvLvLbyaihe+bxuZ\/sXW44m\/I+rkIqDYksSpmtNCQoAiuTEaO8+G9TYcOPSiueZiWcspgw=="} -01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434743648,"flow_src_last_pkt_time":1603816434743648,"flow_dst_last_pkt_time":1603816434743648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434743648,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434743648,"flow_src_last_pkt_time":1603816434743648,"flow_dst_last_pkt_time":1603816434743648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434743648,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"131.159.24.198","src_port":48644,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434743654,"flow_src_last_pkt_time":1603816434743654,"flow_dst_last_pkt_time":1603816434743654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434743654,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434743654,"flow_dst_last_pkt_time":1603816434743654,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434743654,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAP7ZAAEAR7R\/AqAGAilu8k6XkEVEE7HdHzAoKCgoIR0aH1pvahxkAAETSPnSjK947ByD+BwPD1aG8hiXIT+yh1\/\/dJPToYueaTYmcm5W39inFapwMfwXtPNuHyuKzvQi4tEhoFP7o5cr7L\/YLfOvRTXCcf\/nBs2i0GOysW2g+q+ySQiTJnXYhgdgzrVd+5t3w\/PQw6fy9t\/m\/yds5zVgFZvkcK9+PBnMGkX69jNHZy\/lqJ01nDFjal9f8GD69jzEKMTGYvMSJQA7RNeC\/KD8eOpHjj9WBygsq6CUYIr8fo6US3BfgPq9gd0A0tmwg39CMW8XvWjfxQE42A0qdKexPHBHbO44RrgN1lYWHsF9KHFf0oG1zpJP\/biAOd06E+L4G8kH7VJLNs7ScFYpQk1sjfWbopJV2NDDRk5n\/u159T7mAS9TPir6Mkav0xo3zJWRpgX5F8BCPA+wy2ILkS4PSS1v0MrOJCoimlv1DqJ5OlW084DnCjwz8IJMv\/SKXa7+4NnVr\/\/ESvUHOac9wGGR1zXP9FI\/x3cL3p4u9H6RWhCPW4QyjHaemmC\/gfB\/0E+a4D2sYjszc275uEiiMk9YkT5MYHrBeYLCaU7Q8DxDwccUne3cpoJ4lHHcYLSLAlSL\/\/KY7h+VxvR+zoxuGflSDjAs1poqdo\/IUube0PEi4UTgbHuGAtXxbtiHSdrpAoua4+6szPVBhRGKex4yMRpVhbH8S+dN3Pyg3B24A0\/OVSzrM5pnJd27z5j0Gd+CA6I3BX8Yp+2hPRnK41jUW3bVktO7edHptm5sFjlFYICv0SOarAbQ6n2DmwLm92sqQh3QS9Lmm4WOx2XCagFIPZIDiZeLTTkq+aszsag6ixBzFj1pcSsByUB\/GhjosZxT0Gj4yUoAQIHzUTJg7J3nKc68zoJAksRF0IX4lzCTP2m7zWWuJzrV47gUbv+qb40KFRAbhbw5Dyw8fAJ3D9TlnxYIcqnqk4LMimkerR+VyVCXS\/6WHTRMPm4MtIHNddK1\/U\/48s6JsJR68VJBGumfircAqWj50LwIeATognNP1DIA70mG9JvdMDmO2oTwy6ySJN4Y3y06X7q3Z8NCtiC\/iI2uhGloDLFxuymBLemWj0VpyeCZG0yIpqIc1HEmv6XKNmjw7z8uZ8Y5Cfh3l0rF5wkKZKiS1xmPWaos69hnGAavOUwNzlyVD3k8VynbijwHzavIsoRY3BLDI4EUCUOPCvrOJTxW67HBmCCikO43iO+akkrn7xaV4Xo\/zs2kx7KWcSSCAiFYi2fQxAO4dtBo2lzxCU5sDKZWyE2j\/3FtfwJAdNdp2IztD++HqzRoQ387gULsMy0sNutEk1+pbY\/0fe+lCMT8UDYTOJkXwNxjYJql09DmDSST+acm9N1pvUw5rNb4b3q6LcSzpLxBR68KiN6n1WdGdEBNNLh4GVDxkIJvPtKALCuwiML8mF7tHe9HaxwxTrg\/pGssCVS5xDRj73Jovu\/IOG05VG5UNPKU18Acro3NlKckFYERDjRmsoE81UwYtkwm7N7d2F1WbVoupTw027C7AT7qM8FKZYTL16DfcvuloswPjS71+3GJDR59F44OqreAhoGhdcp+Xh8QSIYeTsyxnGWk0kqW4A4ueD9T9D7LMkceoPCCE+H9fBRiJlRLBVUKyk4ZJsKg4xzaX\/xksDV8yz35z5z93CJ\/IWw=="} -01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434743654,"flow_src_last_pkt_time":1603816434743654,"flow_dst_last_pkt_time":1603816434743654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434743654,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434743654,"flow_src_last_pkt_time":1603816434743654,"flow_dst_last_pkt_time":1603816434743654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434743654,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"138.91.188.147","src_port":42468,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434745946,"flow_dst_last_pkt_time":1603816434595118,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434745946,"pkt":"pJGxgjQ5PKn0qB\/sht1gBnpkBNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRU25URUQTY3a\/ICgoKCgj9UoceU8iiQAAARL6ASJxduLYM4xsAvBTFbnnnMgyZmTRslgR5MTLzlGRvRpNyp8S8YSqhWi2EmIsbwpUo7wbHPWhyFPr99JEnZIlhcjYPyxEGseCwFKnV2A0\/LB+svcKwvaZro6Z2b6a5Qb2NXM0oceBQSsPvPMg08kktxPj6SOee45akgVhY4DzKTwOEuk83sHBjlwEQifFccsbM9rqqjEuAyt6JNZnZPoxNz1G+S71LAyfhU0K8u707IjCNbt043hVKiDAAP5Ls\/kOK5\/P5wqDCSLczv4J+lN2F6A33FYO\/MH2HOQiHb42Npm0EKTL+3SUNLPF87XHIdatFGKqcZkjBNCnSSbcZX2rEd6EUtj2nyhPr+r+nFeDhikrv+PxIFsc4VtD7WW0xDr26dPr5aSb061H45m8ZE0qNRBQR5tFZnbTGbyvde2q0Qpki81IBl6UJt1pUmavS5bxq5HrjSyr+NuMKr1axIeHUWwVKneV0bHR+2mJcQo9V+yDL+oVm6ynfkdvz+nfkBGIwjGTvIVMQdFq8yx2LVqO\/qhKk6WPhCoWu9SDfjAy3GRJgBH2n4\/AbuSFWy2FX3xB+FF8PVmqqU3lrXAwclcYyJxho6IWefEErywTT+xmJJToC+y\/V9RX\/POWQWAr70juowrxsRoO0Y3cHtF1mRnK77ko\/Z2bo+32+o7WcpTcj05oFRjeFzF\/bQhzfov7nC9AvF49NZTgKdU080+rsO\/a47JDDU9xRZIAdg7wur3suP\/23X5uAgAdvy9UfsMqaYaHuALSqzHmgmG+LU\/6oOzEiGUuM8xxO480fAsxJEYsa6aGv2IZSIrscvxw7PTjaAwUenIyoO3VqZ+CINAlZcJTfYDfC9Hoc9OdcdGsqCYKUW2wEzwexc9d2EUKPuBdQN2dXat5aWucUNWLDcCZgqT4lbJEnTA2hr0ad5eSaqS6BfcqZWuOLYKUHB67L8Lmnq2zuNtqKmvXXpYPuIvpGFWs7G7GD6CQFOGRklyTm3tEhq+17muIZPvSti1DEepk\/jf609KGeKiujNRiayZCXOCYOzkT28aBRRNckMsvT0LKNcigIKfjCDjIrh9aBkhLcgwpdGyl0y0h5hzDf\/4VXIhtMY0ORmfK1bAFgAlZBgLLfAp9\/vELXdZmlDRSB768DANFA4iwCGp8+E5loZtSnwVUJwBA4KRJzszszKovh\/eLZuleX\/lWlVGnatUN4nwRXaA1HElTOEdLlw6fZcHl\/Bdp4mHTJ8y+9+pA69KKpbmTruDVoXYkxoxHu9SNP1A3\/1SU74fa+4vsnpiYx3onvBAsr5gEzR0pL43F78fgO+m6gor7Et7VdeE4b0ZBmKRybKRoGjfTeCumdBa1nXpC30UmUVAo+zHRyQ1fZ2xkGMwXeR8l2HdsJlr15wXYvnfd6lL7qDoJjy440fHRTo9Bsr\/clAcx+A\/nz+C5jTYcda4m99NqYRLQUmM0ojNMm3OJF4cbzbp6ia5SamPyogQ1msqIhDfkv9Q2tHko55jTHfOK86Fc81Rz9PlrSPeKqSQiDiYO0Ad6xLICN\/o4TcHWtv1wNgnzDEw5LNMuaUGnl4D4FXXeGTZ793MSG1gIEgmaX3GvG52P40BhE04PqAmddEQ=="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434652977,"flow_dst_last_pkt_time":1603816434749121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_usec":1603816434749121,"pkt":"PKn0qB\/spJGxgjQ5ht1gCsonACMRMSABGfAABQwhVAAB\/\/4zO5YgAQsHCsnVrqTT\/kdpHoB9EVGzHAAjCaG2AAAAAAAI2i99jGY\/xbL\/AAAd\/wAAHP8AABs="} 02228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434750560,"flow_dst_last_pkt_time":1603816434599728,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434750560,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA8Y1AAEAREMTAqAGAR8opqZMdEVEE7OQ\/wwoKCgoIqaWx\/UJ+JLQAAETSC8vS9NYx\/piHxwl8s8tPMp6kRvO2UBaRMuZHcUr7jludPMV53ZjKHSEyJP+9E8\/YwfQgCjydB0456RwGo1\/cbqx+RH1Q8+a1Bo1DdJBYSWHzgdWM0CbI8YB14t04OHAilhwb5MlDY0NSInVq7T8MAzGcexUB7xgxT3QdMV0ajcdAA4QbbUxGpL\/JsbBCdpMKcKPK2DVQFnN0kkOHn9OlQg4o9cA4XLljFnTIscrDUPaU8cEzYClT6gYQP2jfUUOYkMZZULYk5bpXO7ax5xa50czA2ls0cdXBQf7YUbq+XEnU8cGtnVcx69nAz\/CACNjhFN4oROsXXKDcRVVrHQlIHQT9PZ1APNWYKwMR9C2+9u8dIrhct2cOe+7nRU5qzDx+30cas94Oc2UBgVvL4WrIGpSaoUpJWOS0GeDoGOZ\/NWWg33pgJHnq+fY7ZzZHaHkXZjK77y1bAHB5Tr17hCnN5b0yRFsFoYe9i3Wjp9k8hE3VZmn0SbrwA2HbX31Rwes9jjmIw\/os2DIcecacn2FrvDVlDqA+PQeIAXs\/2y71axQ4RLDic1gPyOF1NF3TOt80pLqz6lBzfCDO3rQH87n\/FiG2UQCjXUWyj00vQBE0K4S49nrAnDyF86E+RmqfHyjAEU7mfiLFjvU+SSLwbi\/fJZjzvnUDZSqjvi6f0IiNao51VPDI0VABW13IqPcImOawEl8JX5u0SQuxZjMaB+gkN47AMk5gGVpUcxeJ7Z9XwIs0K0lZDbqGWCXMCdIud52cUv5Q7a4BkzKCwhQfbEBvI2t+x0ewDQFUYQ17Lne1\/93MxOPU47Wf8TBSnv+VQbWOxLdCg2nECwvv8CsEtJFeZWh\/ha1cf4fZct1vISvq8GJAxKd76jGaP\/45zQLjR4HASo2rVXFn0L\/ETUkSvIfvqvSOkP0YtSO\/ZLn52LtlBuvcA71G0tQ37DmpzKxqMVV6sHgX3+zStA9c6eE7Wp\/gkgIS2yyC89rXKte79UGlVKqDYHmP54LWQ33xn\/ghDB5Udev516Q4LJ\/LYK1naDjh4zdtyWDOyHtV6dDjzohTwANBgk7tTb8qpeFDkvo\/5XKUnTRyFT6z1vDtwXisGZ3PyPwdthxyiwl227D+CWkoTh6C7df5\/ykCgFfvvCvgoQH8u8rshHs55PKOGBg5Hqs5deERSp3QXO5XGtS3KFrfrVEg6HdcbkCxSBW6ksxlYLzTFTTuuN3qPrqUBpBL+bmMKRSiOP1Qzjapvnxaf9gMa1yPSmZaOdEDbYJpPK7oha37il+Yc\/Ki35zS\/SKKrO9P2OR76tBQ1tVYddL33Ezyaaiyq3JlG\/nwWmfV5D2y+Js0\/lW0oPF+SLaGcNUfweLLinRJd+WusXgPVh9RJ+wX\/ykCIdqWlM284dJEMxAAj6BoI4wNZMRXYMh7U0nrCrpYSTFx7EaqFBm7HBPZbeFEUO8nxhWclcKvpJfe5Sf5yDohJz\/1ozHUKuzC9D3+QBJjDqURTWaAew7pm4H1KncN+qU8PnTQKXvs8sV4kCe3iQ+i0\/nVCMUjviEYY1\/hUg1AA4cxVLMRpwljkJ+SrVfWXClIk9dlebLFDCqTEzVG8u0wwo9BmMF63RqgLA7RedBbfzfYGr0pGXf\/l2NvPGQXqdbLDg=="} 00839{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434750923,"flow_src_last_pkt_time":1603816434750923,"flow_dst_last_pkt_time":1603816434750923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434750923,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02223{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434750923,"flow_dst_last_pkt_time":1603816434750923,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434750923,"pkt":"pJGxgjQ5PKn0qB\/sht1gAfkDBNgRQCABCwcKydWupNP+R2kegH0gARnwAAUMIVQAAf\/+MzuWlyERUgTYFmvNCgoKCgjw7KzpNo8oeAAARL4tqmRQ5KPAPbdPUnedDn077kKWSLkPygVEwdGpIVFWcp2en9F3ERED+OnUg3d8i8AAkr44lz5aAq3LC+Q212cavhgupcuDcqNoIGhnCIfm+QSZcdNZ4zXfagNI0pLJoRsvOsL\/uXGYxbmgqR94yTDxQ0eUCVIZASIUeRZjEvJCthWVFT2rgBlBR7LYtLcvCmtn0DIMTAiPE\/xh01OGF5bAJQ2pznCPuONfdxbRDf26\/K7Vorl6tUQm\/NY5ROm8iHLzI4aMVUF0HjSu3+YUC1uhFUVddfTvpusRwaZ7kJNAa7P\/Vy96rw+N1QmHoKrViF3SiU98y7yZQbZlWxDFuBm3kfHuLnWeUnH4lwkgdmjgDw\/tGYT9JNO+a4WXT0WG+E149U5CDNgHVyClW14kVzq2L5mwgYWZMAo+lEamoeJB5h9+NMm0nQlLQivIZYDxop0vohOxK5n93lmaDplwC7Jat5ImroXJjGBA1i\/wWMXgstJIth+GejqRDCbbbeG7NxvZ9rVNx+l6f970K8CtZlugC3GRbFE9tMsDJl5zdBgPz83kXeLW4WfxGljbZ2I1\/Fsv5Dj9XTubdhAYt4ThM0knFSb5aX6Ff26rVq4Lfqy9HtKxEerRRn\/GPQ4yjlBfNoPdWIbjRC7TEbcUSnLf\/aCaXXZvuxf7r562GmcMeGxyHBQBVeTMDY1abEs7sWm\/+SOMgorJmIj9ISqcpplInrkBzayKhF83lHHurhCA1lrKNlSdpeepOLCf\/jMxhKTDSGOt6PuvUNMjvuJNj7JdWjB1qgt+7yg6GfadVoLlc7oKEmP2EZkbg1reAwAQOQU0SIVyNqN7R8++hQVFb9WO4t2FPgkjCkOeg8PKyC0+NKn6ths3s033xQ7XDByeP8Nn2kj5mf2ZY2gISmQLZEcrz0CUqG\/ia+5tqLKj4+\/Cndt6cFxpPnK+zzcl+5uVQbgnRXQJmrxZO\/AIu15jMIC2BXo7iG1s9T31lFVuK8ZWVw0cL8LlBKwlz8kc+VhdGPCJrGwt3wYzDhn2EetnDAIMnbnceC6ASm4ceWPn7zfseGSdZHnqg2ItW2chn2XlcQp4yI6MIqqKBep7wjkYIzq1Xg27JeDrqOB5eSz5nPdiU3VaODgQWCUUbg9ghrJZfwLkGvswGRALf+EzPBVkuJnFi0tcoasUB17bL2uvxmMJsQHWFO1QguLm7aeVi4DCA7LeprVfnREJzlwtTcq1k5DYJjUcopXIzceZ1RbGyvZp4+Cg3kMpFGVYKly62GUic6\/xL1lutLalr\/JjiJp45zRjU0jch7XG6sx+An4xZJK0US\/g0Kv\/HVtYynUrwZXu\/woHqvI9+NK8siaNZbHMUKRkIGOXCg9aT\/yvWLUSR9BuvtiEH\/8yVs7NtMMrdgpTQTivJT44BZN6SO0WXldGZUkYPP9OVZchj36EQYpACosyteNK+R\/3v7MWWO4pEsgkp64XBxw2OWJLRgsbR2Yz5fH7LkIbs0gEHDj7\/gcfuV5kb5ePRim1rmsSUQI+hvJlOF3Hyyb3A9HUl2d7fhX4v+4KZIvtThVaEaIsqv89pcU+EoZuJG6wojlAyR0dhaUyj7ezXTuA25fYN0yKiGFN29BfWA=="} -01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434750923,"flow_src_last_pkt_time":1603816434750923,"flow_dst_last_pkt_time":1603816434750923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434750923,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434750923,"flow_src_last_pkt_time":1603816434750923,"flow_dst_last_pkt_time":1603816434750923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434750923,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 02224{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434750941,"flow_dst_last_pkt_time":1603816434507215,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434750941,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUANsZAAEARy4vAqAGAR8opqZMLAbsE7Ok\/zAoKCgoINqH1Vk80LhQAAETSoI4wdjcpvn01GyYGcs8WSPSlKPT4hY9r7ZqPT9FILv6mf0g+Sw+ruXz256wKfDlVUbQnhrO+J2WPPYXirISnHdW5UejVo+0GNbGGC7pxqEcspy5a\/AJGn9AlGBaUXuFdjU97Kn6GHsNBd6bdZ3+SRnRxnNzx3oqxje3M74CutehdUh9SD+lH8Ub\/n5kiikOxdihmi26CPsVygaeEpmQ\/ctjlgUeWzXeW6BI5VBRC\/SBTjQ1Jm5WM7UYSJc7206JIZFbkts5ijN4IYXYCa6dQPxtIUWKXQ3dvfDY7hKCYqYb0oQk8vNpd+VxLZ+X2tKF+cUI8Vxl+uQ1cyS7KRBFhSWWakuw6JqnPtneYuh2X0FsZcDWbR4iGUWVWgDg9Qw5cfvrP12Y\/yiLSLAGuKBuRr+bvLEH8tSrJRasEnvugWyA7qLDfZYZJnvH+JBBq7\/aECFTncu7StDcd8mUbn9I9AidCbV\/bMYXQlnSnKDQulxvXQ4dbJwT\/tlwiGidqTTeBgir9P1P3PCQxKDec98Req33hD33Pl1kOhW47JhAzt2PSVpD5yGFmdTiUtav0ZVZ4bVttJ50pPh0rwKfk06rey\/iamM+sc2+SMdjSdewqGqL+SInrOte3Zwu6gGMBTDH1Dyn1E0nmn0Tb\/Q1gEjU93vGLNsvKan5nMFqYWW2NNsruGSJ+9aJA9OOwdQMWK3sGUohqhR5oMULjwJwWB4Co1NNGczoGoTZkPBosjx1u8umd4oTn1Z2YEOsfq\/MS16\/Yc6JAedu\/au3dMTV8zUcm9uBg2LvP4HCYefsbA+hZ3OpRlBsm8QE5VwJdjLl9s5rMN33d4LYFMCKrf6QdIGj5c4fUlmgpdRq+dBGaSuAfzg0ku6d1UCGoNDQKc7loJPuEMWGVQQa3mEV9T3wFWWD6qST\/etOV4D\/sj1plYn1+smnFQBuQZSbZweVdNYukikzA14A8nweXxSHltQyCOoXoXsTnOodIRecC5axLme+KFXLONSqcF7oL989dNvADyfgfXeWjM56pSGw8v1frDP2WvRz\/9O2VASdSPymmk7eOvVaojgAkCWc585MWwdlDf2Bq\/0Eu3MuR5eBJAaTZqNMwminLUZSdyoyjLlJm2rZrJBLuK2gyXgKALsphtbmnZoJqw6TqoTKjr8UYtnFpWqENJDhQ5+ORa2Hcbq\/Dt4PwTSt+rPvIoSh7Jaterb+RkztGN0uVdPoKTy77oy3I5gH\/ftpi+zlnKzZWJcJk7cxUnYiLi2m\/syIsVA+rAGJ4eeYI0XnnqQO4AvGYQTCUgtaiahKO7UOHl88kFcJG4D8pQg2wwb5607JGDUPMhSYXsNIwTaOjnaJDy919gMoDn26JaGel3R8iazejn1O\/DzxXDINb0MonstAugqKgKVKjzgLZ\/csTsyHaMRIb0aSATuia50Le8I3Ve5TbTrO\/bIUVjBtgTrRKF9beL0OL2aHMhnVOyvZCYm2Rfh+hzhENK+ndpIFgdC09Qc1PCFaAc\/iWtEnOkRAICRVP\/n2wewDV4ofdczPB2YLwTo\/A4bp3k9J39KVcL+jkeKQH9hK9CryMQU2J\/VOD96l9ePlxO+jxkFCQ59EYKnbqkDYSz689nm86kaU5Ehu7UNB2XjaenWSjg+6wrw=="} 02227{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434752617,"flow_dst_last_pkt_time":1603816434601769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434752617,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAU1dAAEARXy7AqAGAjOM0XJOYAbsE7NI+zwoKCgoI8EYvtCcjifcAAETSbBDdIICaEFzEG1iH2xrezIkmzc81Se7Om4pMqi+fkG1ee5cmCW03EDIZCCsKAvFcaFK0xOPuVpbYZPxd25c0VKDC2\/IuslwjOlp8bug5TVX8ayHsiTo+lsvxl1UQybYSPktQa6tD8aJ1SYoje\/TUY\/5v\/R2x3Qgs8EMkrwm3yX346YWdgmSm1p7ceKPEy+zG5LRvC9shuVP1fHGwJ+1fA5BlvICvwLYIOkfS5qSoKKUy0u4Zz9f3Dl8wvOnZhXCK6i8j4NlIpdZHu5RJiAsAZ4LK1nC+Hkny64Ae6XYMfX+bXXmhr20i5ZKonuPmoXhEkpwdnfR7Q+F6EhXJUuuaYdMH\/IWPcTw7L1PQOQRTBPiChmKnH9chbLTQGT2spRUw6ZUEwVFq4In3Weuzal0iqS\/0+Qhc+H5LZTfRP3k77cm2bTwA3v9yZps\/N8GHeBgerU\/GibGyvQfEIGnBs4SP6XvADxPaOf9Do6K3NWxPainQ6ROxxs18RzpwAqfNwr4czNzHmge9hVsXC2jkjt+a3iuT2VTvtgYP\/gg3wHLLEejB8ULg0YDhFTSwR5yZE+PblWTw\/h1zub\/pMrOiBxxazdMQ6Cnlz1xT+HwIG9hofXF2+e7REuF5bc+tHJIAxGxRRDEZiMKISCqpeRlWCWzB2x1mmKE\/KOsosvWRujnwCM1KnVuycB6dQCV8X5XgqFkoCYNSzpxTxn5s75i07w6T3iQzjZ7RhS6EVLmvqncx43bMihbC16QzKChHTteVef548eeTYH\/HqbZPAD8YiWnymAmXsIshT9ZrxL58BUWA8AOTB75ExBEpSWvCr6cdH9tmHTnFX+iAHfgQ+SXuDcA8Yh6Ch37H7iJkjIlyFlV0xYK80\/8rLLX9Fi16hMEw4MsMSJoCvgH1JkfA2nunYMhjsU2UTxS5kbVKkx14WrqJvIAkV1s24F3JhhnfrjqaA\/+WQCy6FO4gWrpnAldrYzL2M62GkNRWliggV7ygB87oMNLaAmKZ5PPWr4N7Ua\/KkdB4nYZv97Cgzy\/7FwISfaGW02358adB++VWymI6DWtw2+GpWB3k0kCTmUYA6ScuXne\/RAGeAonjWWbVkNYIk9hKz39J2Uz8YIvzxBUfOGU8GZZmVIYhs+LqHfeGeKbbCDVrdghS8AtfkpMJaXaNuqlKxMd0+QmH708rOIK59+ExcbrFRuuFCV+Y2kBwCFjNISkM\/hxKEL3li6mt6HDE6ObfY03fEoJ8sHxvuyXUyqUrbYA+\/+769MwVZnJvR3BgYsDQ7yyssPJx61jOW9\/\/ZJaUpoeTMs+LvTpOaO3aOGoys7HzhFtjxPpaMeuy6J8rvRGlDmpFIbJDQSikU42BVwHFgIiJEdtXmpWvL6UjR9gEnH7F4leVc6kZRbkH8JQU7saam7b+aLACqy8QGiFKLZZ79Su9BVo3hXx4V\/a9UOG0fwWICYP2rWjoSlMM1D8LD3JyXD\/xHI05oU4AlfqIPRE\/pZQIZghaIHZV\/ga\/hvwGvtrr60MW42GcZ7safTYI3OMKFIcoVKABl6HRXDdV5P2Rt+B44fCqh8Rx5j1GHzSW\/rGFP+xPOA0hzb72SyDr1nPrWA2ufiZWLD7rTJqxk+zP0NWdN1W8Ig7keNnXWv4QL9x\/\/g=="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434756670,"flow_src_last_pkt_time":1603816434756670,"flow_dst_last_pkt_time":1603816434756670,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434756670,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02231{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434756670,"flow_dst_last_pkt_time":1603816434756670,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434756670,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAOvlAAEARQxzAqAGAA3nyNtCaEVIE7JFKxgoKCgoILW5Ke\/Z2fngAAETSF+9lWl21JTgtfVHZ5XMFAV5iwNh8QJikNlPYLLcL257g14TEszj6j7gT+sZNJ3RW6GlkGKI0cLTiGhA4DZXSY2CRRkQV8aus3zX9x+wV2RPvN+4eYITQBIblhzLx6SrfCRaIuMd\/dIvuprgHzspSsGPsDVaFWE5RHWm8PvIf\/7WDS2AteLmXnCclnhwiNiESFMU\/JfLfx1BGNZvT2HLZlWqxE\/QH\/8leGOFh4OQdOMgDcrWH2aq0ZIEKOcT+22+SBNS+RXSivQkzWAWGACCn3yDlD4LrYX0EufA2pWqvz0bhI1bD1bMjQNQXTpb0IRYB\/IP9pUSfcl09eg\/8nkbY+WxJsi7\/OumDvzxFqxy1vKTBHoCkKcZU6KzCeDnpcN4UpeF\/P9Su7Hbnq6Oiu4kYT7w5TEYJlfr6hPZSINzK1N08yrm8sF5N1X+BgIp1nZKHO3z9qBo5uTSd7eUgib\/5hEBZVUjZfzcENhMxZ3iQWwxtVBdr1MPVUb\/fAHf\/LyB43r9qDPa9CjQlM9LQ10V7PuMS1mZ\/FoYoEt5+Lt+cJHI5bVFxc5jzohk+GAitdRUtpfiTuEwM1BTukQDiBma4oP3e14IOsjoG1G6JReouNpkBgpuToJ+jAbUrib7kmXzQdUA7kbNqdY9YbE3amA8AbTm+9U8XVMYkeWFdsFBWMWYdsARDe\/wNxFennwMBsN1VI\/Sf2kdpBwmikma9+VOfFyk1+k2sHTPIlSkVm3zjzWfLNM1PgYnwDxsauAlC6hmm0JtKmTtkv+Pn\/\/bRNz47TPwG\/lMWs1GWc\/Duiv2CyU27DrRqkZl9eIkxpCPq+lhf64B8FwAcAY126ezwgYeSIj\/2BPVLzj6uWaHdPFiHkcYmsVRVcNxcn7SbmC6vMu39440UH8ewpx4045LjoYhYGYD9wbNo\/kPCLdYB5lMNkMJTlPPmNe98ODz2WRVDN9gK0zjD8fscveFE1Bpk8Tltq8z87BasUF4e83PNj3KD2dMD7X3GtxvbnR3cIGT3a57NON24InRM\/nwZHwL2bk877r1hTuhvugTQiJQZIW+R7Cd76AgAWAnog5NJv6qFjoKKfxT4AV2tDLzRyjkMMrHebIWYVqs1aklZ5d7wxUYLamAar0CN+WpRkYSzgamBAcwe7BSMa1vimlqjo\/6IlbVmFAty4ZoLhk1JPUo0OTDJGfg7G5ACascLpelBjrrhC8q2UQKF8audmNUZRXmNP+namQx8VwfIgH5YHylOs57ZtHfGy6hvAJo\/Tqvp\/umN87FBHWfLNRT8fGjmReoFRPTt1LBgsiQauA98uLlL\/MhK3zSkvFJb8TpBWg0yrTs+EkEfcIYy\/54O1JGnSBS8+4f\/1DKIa1jmhY4F7hcK\/Y\/Zi33FgbmmvzZ+cspy2SIEhxePsUH3DOdZcJPxMiL9n2teu3XWpEwymkPM3I7Kauv6WrFEPbeyTEqbxV\/7RpTQ21VJA+vSCdBrxnvlGaubOeoQaS4+J\/ugEvRReICuHUPNCmQAnXPbJmcvvOj5p4u5B1t7PBGR3R1kOZNNBIvoThwX9CAlMfPhMMsjct7r8pVUeMkYfmNf8DVqscAvJ5\/vInV2if80iUDSzxy3mS373dztl6IVts0qx7XYaK5V4uL6xfDViQ=="} -01195{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434756670,"flow_src_last_pkt_time":1603816434756670,"flow_dst_last_pkt_time":1603816434756670,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434756670,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434756670,"flow_src_last_pkt_time":1603816434756670,"flow_dst_last_pkt_time":1603816434756670,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434756670,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"3.121.242.54","src_port":53402,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 02228{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434756710,"flow_dst_last_pkt_time":1603816434606208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434756710,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAwbRAAEAR5e\/AqAGAwb4KYsH6AbsE7NgwygoKCgoIc5O0PcfI+J8AAETSgTdR0pp7ROFzny7v80GZO+tdgWE1YYvBBVpTfYCLLZ9LR2R\/NMsrhl9CtsbdCKSqQlM9jeDSd7avtFbwkZgUMsGjQSFGIrauocKoeR\/IYUv\/3yqId1gln9QOjFOA7Vx3pZz\/40HjTDz++wnocf0Q7LKFbnIVVlAkyHprEOHxkx31yKlE1OrKPFXX64LJtMBzJGNe1ikJ4DBZc3CxM4VAmWh6jZ6Xziu1T48Y9Jp1rXJLZkDZluz9DNypT19E9aFE2QAE2YffnA08t2CC0Dav\/nelE7OXLvT3\/abxcTvv6lkWQ7Ws\/OGhflJV6pbd8DOAJlm41dw48U7866L\/ZVnZQGhC+qy29Rf0f9z7LTwYqeUnFBlTnrWIJUDejmyBK0xmX71p+M4ZDQYk6ksEN7ys9IhEK+0Ik4NF3m6iw+Y3srEwTIzK7SMuEUaqxHAnsnY0cY7xUBPiPgfPBbiLOeDS23803rHtAW6t+pcVbYzcUhLC5i4Fhsy5HB7swuOTaDalPrb1ks0Osqlmdnwi+VtFXIfWY5hiA\/takn+M6zgv2Z5TIeGz5PwD\/mNhYevqBSzxfqtF6pqWG4u\/KRjbRiKsndJKZWqgEurVo18heo2c6BuDo0f63l9uVIrESW645Q3fwcjj5n0WWKE8\/gOmB1q+Qfeb5YwzG2mkb0uuRf1dVhHaEpflcJ4\/TP64ezBPm2PEqdUJ98ani+HAdCRefhilKHlZCp8FaM0g6fLSIWNKgyXd08cPKg3kQr1QKPyCDeevRCjLROEYKMQBfMcVsYelRUae3sfcDjOm3duGl9ZwBYRTuhqBGmO8BgPbJTCOUP3SnFPjNHZReb65nPAq5CmaErExRB3aqj2X70FK4POxZDcdB2SCLeNQjD0gAdoPMDjy6TU8QbOW6emahG\/pm2XLGB82paRNLQ1UrajFFljlEad6px4jnFkmQswkS1ZCAcPuyjYtBQOoVyU6Jn8IET5bSZAQYtSzhJcRSsotN89chVt8BOmx9WoAiAY6LsHVmGCH8fyiVJ8R96liGv\/mCcZB6Oi41IwhqNraSx\/YHNb8PDeqgVZnzU7HOxgMto9BkhGXVAa\/MDhpy7ONbZFtXLugZH\/GeA4uKx4T\/QjSGOy8\/I8tKHhy1ciKQVx\/4efbfMnze1\/7wiD29p7nKFEe8jhCs0tUTtvbs5svZDkGpMLh\/X4M8hVxSKoXJ4GInFSKgl6TdVamGbNzyLxWmQUTAYnTn24BPh82ABwBHi8IX8bKxOnTE9ArtO1ncpBuGK6utDYd+flGgrwW8Kx3EAqCtI+xt3hxI1lVVBS5mqinEpT4rI7UFt6bivyn3w8QLN2BAypCK2nDcT4jrgs2l16Qbqcq5B1aHCyILvPoswAdCLirW7pESSTDoJJLaY3+F0tLUXrHW1QCvM\/i6MkbViFrAX1Wv2DuS4QGedw\/jPkFjn0PVCpFH1LNlSl\/mq7ojJPIzqm4YoISxxdl92D1MuRAOkcGfHDjHzu2gXU4R2SOjkBJKT78Z0m14Jd3agw7f8zNErlWf3mQN\/cPgefBr3GQB\/5hkj9h7mtqO0XsqbQtHpUzt2Y\/IzySgy2h3inpKHrAmHMy7nBwaqDcL8noSXoChoeTFZAF+yuWHR0EPcyX\/dJQEW5Avw=="} 00843{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434764038,"flow_src_last_pkt_time":1603816434764038,"flow_dst_last_pkt_time":1603816434764038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434764038,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434764038,"flow_dst_last_pkt_time":1603816434764038,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434764038,"pkt":"pJGxgjQ5PKn0qB\/sht1gAVbOBNgRQCABCwcKydWupNP+R2kegH0gAUgAeBcBAb52Tv\/+BGMdz5QRUQTYJfbICgoKCghA0fDpGJ\/Z4QAARL42MmGE7LT7K7Ql+V7EQ3yWatv5MRpdEw0GoTR5NQSX65ds5UbmlVEnPiT6ugJBO3avrGIdm9NfC0YolC+M7h3Dd+R8rmFmbMufRy7tEXwOSANvtASfChD2QtW7IUdoUpURW\/ybH6H3HL74XAiUZ9DaKTFRCIGfbZdMWt8ZGjlM+G0uKJJyI4UiXMqUmldhkusW7Dkb3B5PhdsU4l\/\/nXb1ocHMF5ZO15qTuXpuDw3KLbi7Dk3CU80ZSrgIQRr4QnZY7DqaQqaTgqwsAdQp1wPEsQudwtV3+rldfGptoheCDmbpY8ruZrzgIcViEvjU5I9Ku4MmOSDc008VMVo6UbKXAY8wBkNppH+gKT0zKsJbuYos09RElJKJM+JRSvAd13BS3pf5yKPRjvg+VG7dJIXDCpCzd5HB88akDiSNSvnw\/1jpXEBSCG8CQobh6IKIU7erWpgWufuC2MUeTsj93wERw28DYyL4pZ0SgYLM8R+IuAUGggiToLnDY0lhnQxvWPEyOUmn4NJbPGX\/ycsndCFcb9Jll9Txp36+98fi41gKI+rpvius3\/7rHwBBIC53Dc9XI1Li53E\/tYF3PSb\/g4tqh7YqeuJqy592nH72H7zhGojy0gwXJQ\/hWtpj34Umy89wdwne1tmBbDTsm\/OVEe2Hv8wX1eUxdtqxfSQcfE5EjCaX8x5TsLMsFiA+gnimL9YXpXbCar82EARe4s\/1NGbcVosoctM9nH774rkUWziya9xnPI59V8iborTptEZmzs9opsMwWCSG3SUoMF+XgWmJrobGMEBNgQ6NuDdRKVGnCOz5ViUV8HOdhxWdLar9arspdIIQioDF1eMysE8I5ZwvEkpGFpxtL8pSwMYHtvi38MARaK84JW5F4Q+Z9NKUbjEnyJk4DLBXQDZCAccejGxLIlAEw9mV\/SQqwWMDKPfcgeBYaGkjuKCt9IwYkKfJdCAHGlWbthDy9UAYdzWaLgrHKDwv7KjG08gxv3P2Ay64L+MkxpWRZB3zlpP7475UXQoo5J2b\/TCDguBRfBA\/zwH0ywx+bAC1xX58ocUBgtutOfF0Vqf9ZXqQdWJ\/tYbtk2qPb\/vUKDkYspG2+VZV3S4mHyGQEdK+3+Br++sSHMrwkXpKY231omxX2tF0BL0Bxb\/XFoQnF0zVMDi6yl7EdOkVYJKzpCkpByrrFblgbC6aH5tGZmLBBsnQ9oNmcYgP6L4\/rCjc9wp9OI6Dpp\/kCf0+0QdRr65NauWVYS3fzTceAW7h1rV7piIkaCm\/ktLnQ0CjV4yXbM4EAQ\/1J3s6F5an9AUjsSqU7bHdat7EQLbygAV3b2dabdxj5om9WQRt0joYLuxTvD8zwyOedLxW1wTxiQF1SimJGbjZ\/VbtHbirvwE3YrWoKzszq610qQdSeVcciVMkJn8\/frGZPOF+kV+ihka4sCmdlV4EIQk1LeOGrlYlQ6fpIafv8Fxge7YrHQDBRMDZfuEMvNEoQTdfeyjVZwZQIQqYpN1426QLcvTfeGNyVfnI\/BbfhWbK8vegWPhhtQELUYrkCHe43wuMJDkpCyHET\/GRFZPr3UO+sKZLIuMEzbgtFP8BywWzvtpZIPTbuoW\/fNEsBA9hvwy1MQ=="} -01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434764038,"flow_src_last_pkt_time":1603816434764038,"flow_dst_last_pkt_time":1603816434764038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434764038,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434764038,"flow_src_last_pkt_time":1603816434764038,"flow_dst_last_pkt_time":1603816434764038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434764038,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434765563,"flow_src_last_pkt_time":1603816434765563,"flow_dst_last_pkt_time":1603816434765563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434765563,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02233{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434765563,"flow_dst_last_pkt_time":1603816434765563,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434765563,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAU3xAAEARXwnAqAGAjOM0XOJGEVIE7OZyxwoKCgoIVNEfWrpr6t8AAETShzjiz2D78m1qpQ+wdRdnpG0LI97NN9w\/zKLTNwbycXDRt9x16mx5gVIiYU9my7Ewd3ZQMG74RKzp5yqjf1swV34ZhT\/6a6RECEeuXIhfq5HIaUvnylxvuq5Ar2tLEHKFSp+lL3+2mCGKG\/aNYIIMA9OUhG2opUeuB2l5mNW6BfknYi6bDFHQDD1kdTaXvzq60RpfCfERji\/a12lQL6ybflc1AUHJdy355ohjy1PIdK24siM83Pzy3WhuqqXhu48NlkiWBwzRIc3QwNG05XWtibPZpt+rnEgQ+dX5n3b+VdVkbT1SCRuZXy4KNB1O35Lr9kd9\/8w+iJRgvFGDJ1gPEsh0qR0CocMn8hmur7qxG29GbjVMp7R1NSj2eAOtmvYpLRwpEXgHuZyaQ1wjCTKff2\/madFWTA4XUYv4fZGglZSmwIF\/drNbz5S3P\/iWcoMFEHkI4sVFj9ZYFd4B3L8Ih2KOMfq0bJT\/WfJrXj4M4zI4ZrVBE7HjqFO+Xl4tQchegf9m36aJmP9rCIyTgms9JLdAWw4p9HwzAtYzEsN7etsiFMbBGYxWytAD85x3V9BiLZ0tRaEDbZVSI3dKqLBjOACNgGbIysz\/M5PX6bbnVEJL+rpXP4dfmzf\/vyIoXSLGK\/35Ot0RpvgHsUdk1M1JiJ\/w0LW\/ca8oRdqHyGl\/0OHcNoRXWU9uCpfJhoCR17fY7d\/8uGaioJukkywUyDy4lEoJon8wuutdoFaZ2G1NQYMqLk2L9BSwK6uXlh\/KFqoktCfkCzS\/xf+XdyqvzCmUAccDyVcTW2Lvm6Iydjjcz17WgP2sboaA9M+jrUXfYeNBGU+gooCH\/ra1qqj6hZV+ycQaUnNe1GLXG68adoCLMAH3j+oxneUkPOBiO5E\/EF5WMPYRqDPOKxnvKYyV0lEoyBg27SjzbmIsvSP3tH7+YEc5r+OkK5iuBgQnkGchz2TXPmjupTCg7Xojg+c2Vl21XIeYUg5zp5dqk+Dg1R9d\/NVFrsh0doLMsqN8QHWUOatOJlm\/\/hWn7+iCSCBW1hRFoljw2OaG0E\/WHGtKJCH2ZhTW\/OlsWDZ1I6a9AalNu2a3QLqufVsas9PvBAL98YjcgSJ2vBIk\/BVRBpG1Q\/rHLLGdBQB\/\/fZj9y5wySLqEy0sx93+y3Y1YIBdxSNqeVQx\/fJpwJre6YpAYG9B9bZ\/BhXdwe1PHHhhhh+Tc0H6ljXzAZf5EDPA4QtQAjr8TpYSQuwb\/souaXFbGTPfik1Mu8mHXJ7chWN7BzwY6WVcDvctTf5wcun\/ot9mUzugsNNaZfRJbJao7Y6eGCUXHAEDWUWwm6eFYQim4\/i3o6CdH9tbSa5KMv36T6nVCkpY+qDyBJdXUmrtiozwIoULbVWC7vKc4k21qmL36sDhhn10y6PN4bIg1\/diWwWYCyWvERVVVw+kY2BYCLC6p8eQ4ktUYbvTDjH7p17NqO7ef3HSSFWp67hCGKfd+ge3gy9+0Ke6znAKoZn3gft7e4Qngv6MCc\/8gqKo6NfPX0NUiWvPO5U1BDl2yWaNt0QFBBfKLxj+uxMZfebHky9N1aDOeVaIQ9eYOanbE2+OeMk1d8+h4d5hGTbyyYZ3xpCnfIP7rR2Q8OBY5Js9LjU+ch2BSmUmNfrrjQ=="} -01192{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434765563,"flow_src_last_pkt_time":1603816434765563,"flow_dst_last_pkt_time":1603816434765563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434765563,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434765563,"flow_src_last_pkt_time":1603816434765563,"flow_dst_last_pkt_time":1603816434765563,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434765563,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 02230{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434765578,"flow_dst_last_pkt_time":1603816434524039,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434765578,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUALHVAAEARX6PAqAGAKHC\/PLT+AbsE7IqdzwoKCgoIe34skUb\/aLsAAETSJwiqldCG5d2DtH8UDlA+BP\/n+Hka9N9gLDvV00Jk\/OgePJAsiH3HrqXWf6W0XTXk7Pu2p+CFv9C0iF2fTa1ifkWOzj7YZz+hGLr31Ia3KbnzB86fFFCNPLMCgtr6arstfjJ4xI\/CQupOIVcMsg4IO6vzq1hO5uX8ALX13N2Nd4Yxx9Z3IbnXFpgI6JLk1uKVCyweJMlz+LOrhN3PHNyVHIt6alONhgWpEqUlKgTnNS9lCZd9JNENA+veQK+6gvIe2KJWpJlHdMZNI+3fjJnabXQaUxPQIMc0ZI8dZFlz3L059EqhvD2lc8\/naUxdGHznqVZzO\/gUeKnLROfZL6yJDTZiKzf+md1VYLBmBSCdsuQZ7oHBg0w7SSzXTvhRTic8g6kHUcynm9My8rvP3N1cyhHeHYoVTI3hh1p6dM2epSa1QGAI6JHSwnUF1\/QgJ\/yLYnzwcGUMmDxb6+\/Vcoz11hXvHqUfteaUIZrZlPS0IAcPwJ9uUM82Vts2gh0ZtKy1HVF7COtP\/YC8n3yaj2Z4XCxABH1JI1+Gr7s05Sbt7Ydmm0MEi7M4Z7H69xe5sGopICwlQr6BDij0IG\/Q72anBTWx1VNl8l1hae+l8TMmxGeMu9i4blZH4yTZVGbr4Ufrnumx\/iFAYgWQeu6awy9bpeZT5O+xG+rCa2YUWvEwAHwQqGOTLiHRhLqf8bOiysObXTA3QmobJfgdxg\/kMNWj8xUdfAzQUKJYelBbMXT4qn\/A\/bgLMic4ksrxyPSpiS1e9XYY4TcxnGgHk5yxCxuwpm4+S16PEBC8SsJHkLxhM+Pyqg8ZbbK5FBImfMzUEZil15pbURRUjvlZtdskfSyAHSxSF8X4o0JXfUlol+bcOL6ItmB+wzIiN2Q+yijFIXK6d9190X\/aYna6Y1mhBOG0n2BfyedI+P25jlTZHPzLP\/m0eGz0ffpvLil2huLTMVVoPDTaIcLulULXUi1mSE5WxlWTpZdPkeFyxhOecT8BN8ugPHSRdq1YlgSaIwZavu\/XO8PCMiEMZUs7LNob+kHoiN1Yitx+SOUzM3Rfm4SCIMQokalKEYORgNek9yKJq9ysRafffBGVrxSm9fUQ2\/hXog43g3kKJn1+L45W1cDgEOnlzcbSC7mXNgzNI\/9oSvf+verPiM6qHPGSAL45mMH3aGyYMFRQjcVYI49Hhcw\/awYPgb\/M54nczqpco1saP+lU6ffHEwQVDtkjV\/GpfILnkEXC+cQL7juo\/ky491nkMGs1EkNmbbJTwPGVUqPiFcdi\/GoRziaE35KsbCh2pXltXGH77CIkJ8z4h3pP\/kBhLJUXL8fmE9AqMsqW5zCCDLfMDqTPSGLNgu12FdfjnQIvupRRH4Ge0\/B5Zgz1NMHbBts+RgS0Xaxftf2jPR3SxbRu77DVdYw9vVWXM\/R9b26Kxk+mp4fmYKTS6dblfvsoHkgHRfoRp\/1E4eszlorBw59xoTpzT7xgKofVDBGY48JKd52rimDD8\/5N908wmgggGjc\/EEPQbILqIqgEVu+rqihenG\/3x1vbCDXllpynW3aJnILkUHNWbpfDPatq0AQGgN8Op2ovkZNf\/lP0t4iCiUxmNrrEYAIJpsoCwFTBFOv6YhOZgAb9RxW9d3SCROp5nmqJ9Q=="} 02225{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434765599,"flow_dst_last_pkt_time":1603816434585935,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434765599,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUApalAAEAReTTAqAGAhfLO9L\/\/EVEE7ON5xgoKCgoIFbSGVwPjC1AAAETSB6nk7BQZ0n6OtRMgfqRMKv0mmF2ZCcJpOh5y0A\/toFlOz1fz5pBGD1YqR4r423K3bLjZPtU8zEdGrInkcNVS7Z9ZXa9KjSFkO6ZkCM+bgjrlPSYegWgr+lf8Seik\/OAa+9m4F+SKC3n3FYnChgcugjttcabtxcQG9UUmURCrO7eKZHimNrioYr36+LduCnNt9LNd\/zB6gPQej59n1H2PIibmagW\/fM66aVsVaR7zVHUCiH\/Qk70XwReQUNqQdtSK1o3x5foHfXLA3D5kXGSVsWki0olqZxxN4FQAu5\/vbJypl6cmZI9OG9mEaVsP3cQN5V6DcyMwwFq92zydNBh3eUgEPN9OuCoA1RCaRF2MY0ZRrUi4a0NGDiLUCV+G4SlLziz9xOJyHgGzjLPAE4BCeRh\/v6+wEZ8mgKyLD1EAVDV3zN30JJ6M0Me3hNHEEbe3VogRVZ0JV6CPYSKozfqmRIa1OO7TLbpqRx6m0yU\/HDbQvXQVvGPqTESIeDN9OWt+hRw0H3fhD\/0jWSUXeT5zzK0QccSYs9OMt6xct2EsrhYBO1aPATDoyaZAvzwTNWt8Eo\/XQktNf5jtBBlktbQBo67n4yyIo5rxgyPWJpQuRO297O7Mat4F1YWbTtTthkWIST5XlLQDR9sjWJQZoLrrVPuOGNaGgLiWbJpKZkPAmpkeoL2fbBEubmo\/7AK73pscjnUsQfmTU2Lhlzk7lE5KZzfdO6Ojycq4INOAlTRsxjE9Zej3obzZ+qt62gpD1eMqQQ4pmr3v0LhMGBrSM5EJ3Lmee9+dMb\/4XFUcIqSZvmCu1M+oA1IifmzxY0YneJ0hq33tjmK17Y6LsqmZvgvIsEtHUfp0429tqiTnJ7jEj9nv1Qws03vEaDx+VL91DFUBUZJsS2cGo6zH4U5+3ALd1d9yNs8qALm9NC2sFDyPeFu+wcrail+CekPau3rfVm\/\/BKg6uu98kDdJCbd1K4G6Sqm\/PNtzcVB3Yj4nmpQutpeBoYu\/N\/9zeylcHDDY+njAE8iIJji89hsMpr06VVSWYUsxYktuKVqxiBHUsyn1Qm+B+LGljetv1Jxr8cQu2ysaGbDgZRBSueKSbvXGNWhWLq7YBfLNgLfLQd6u0Si9aGjm8Is9C7byUaZ2JPKY6uJyDHXlNjc8po\/+0JxVFx+TI9y4r8FR94PIlv+t0snjZMMmWVUUkN9jPEM8reQ6rFbrOw2FyLxYpr7e6DBlYpr1rXi3y2AXbHOBjn\/yzFASJZWgEwjT9kc8\/kszRPabFnemr71tJxRnqsT7Z8rLpEDPHd34XFyRMJy5FhlpGRF5xBBWEPcYiNM4ACXS2zaqVvc4Ob6UONNiC5nq2MkrUel7u0fH3y+QFu5zcqtdETTA0rau+rX839r2M0xAous9B\/DzSAmhABN55MwenMuZXqKqO87\/SWuW3bCHCwmA4YTm0Y3MW31xmUfWCARViMQoMKL4e47lsZJmCw0S76EdXYT\/tkaU\/XJ34K+CTAC9yoTmJCAO9jIFpf2oBzdts69jtTj6Cw9qgKbQnkEP\/wuWHtVAcedrnVjSQu7O6Hr86jboN5XBirNkD\/k3Zb0R5f1hF1X5cR6OxDuouIjIFrBbnyzMLcWJq+pJzxbnTW8A+JnK8lKA7Q=="} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434766398,"flow_src_last_pkt_time":1603816434766398,"flow_dst_last_pkt_time":1603816434766398,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434766398,"l3_proto":"ip6","src_ip":"2400:8902::f03c:91ff:fe69:a454","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} @@ -237,13 +237,13 @@ 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434772881,"flow_src_last_pkt_time":1603816434772881,"flow_dst_last_pkt_time":1603816434772881,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434772881,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434776956,"flow_src_last_pkt_time":1603816434776956,"flow_dst_last_pkt_time":1603816434776956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434776956,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02222{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434776956,"flow_dst_last_pkt_time":1603816434776956,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434776956,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAYA1AAEARdrfAqAGAM55pYqrXEVIE7DzAzAoKCgoI2nqja59HDyMAAETSIwUh\/jjSyce1pBuktMAn\/9fQVpvzsj8X4f6zzIa5zUMyPshEJVxx\/HgJpy2DounAtWqOn7MykfNk1iAT6IFLl5JJDlHVUgHekilaBHXQFm7iNuBD05oF1B0F7q8Qrx84dCVbjPq2TzzI4E8Jn0w6eGKEzj3zAOYyN\/jtcSwUMH\/tdAvJ2KZeRWAZwgBZ+NHFpdpJskxMoq8BiazR6NmdCcDVWJJafWv\/J6n2MwHgdrbXoHD7z9vBv7OTw1ZsmRTWOginovLBtLwEow12QHwK+3EKlGb67Dikjj6Hsiva+EHGjyXXT3NafDD2Mdy+tEkICJVPMdfQgSiLKciRXmF+eiaKhn6t+ZZDXwMIx1tObSDzE+o6+VwUniuIqDp4P1P\/ToVtD+B8x7Pd8fdBpJ4GLav9M4cI3Wrt3ZFYV3\/N8JUWUnnIryRD+gsn8U6xZxSihwbPDnANbZkkqUwtRBWNdvrID63JeJlKECXOhipg3RPgW+AtU7DD8FGCQwK077KHK\/4iE0FRnsfBWs4NiPYWSuDiKbOCzUPifBciRr8tMI1kDMDYdqhOf\/t2cQwVRdaNiCXpVyvtWa68KE7YuTZbjpI5Zm9LOCld3hJ01MiZ7LFRGruZgu66Qt6cNK570mj580eh0jpjgWEGkDr8jkE8qlxmZ\/+JhXsVQeSLOCJpxCPnoKcC\/AgENxJJFj5QqhvZ4\/+S85TLqOVPU75k58aRkk+ToNWPiawuoh+7ZmQNuVNQVgcCtQEXQJu346G7rcjTAKMH3PDGS8OBxREkqOUKIE\/fJzE5mkwFxduFK\/B7NuaeUP\/viNgVQPK+xx+1Ngb7A4VcDPdAPTWKWgbWpoEudTGTXV58El7GU8KydW+XNFItpFzmhNuEFbckU8GM1h8hyV6YxNQ+Ywvmqeqx+Qpa2gsPfebPvZhoavla3sgCdU8L3Fi\/gojIsV72icFiRHpi7wgSeg+dYFEA+ApHg9oKhJJhp8\/wWsOTm76uoFhEbKbRL2YPAgB\/Ql+puWC+1\/d1JEz2eZaAp5Zo4yW5zTvhxVsa5hrrLnPK2t90EkaeWT3kM4NBLrAUyq7fPgZ5preHWxkcCRzxymqgt+6Xj2oWVLVyaqWrzsHWrurGOxbP60QM5pMHY613Q+LrLNvTCsh4ZQzv0k2FKQRVr9u07bMlGLVO5kHK8AlGOnI97GL1hRF\/kBPlbHravjlbftLM0ZE+ofUKm3FCAyqpSNR5f+azjzb6QBklYN+zHv4anLf2bRojetf7WIpCzUtOun8gE3beg5nRdzOcNC5G1ZAhS4QZYrCUyLzy6dQnaI5ti\/HjmSldcvKZM0X8HEANm0ee5l4G\/rQp3samcnQbFsOFm5GfplnfCVyDu6SZLaWZt28o+RfSwBU5HTnFtZyilWnthqnChfP+hUfiDQ1asKcjklc33MY5RFlJ6ek8gI0+BRbnKE7zMoxaJ8oo9BJU12dwyF3tndCM1wJjl2MBm5rkAUb1j4xIIVUrcA0Os8Qp7MwNsapkh+lLuE3uc7vgFLS327NgSo9rR6EA2jIx++BL4omb8CcMSEd5E0h8ER2PPQ2Ijvdcaa4AGZMCHiMkSxGpTa9jY4devoI6nqBsHtnxRjt+CQUUD3xf\/+arnnuqKk3gOjeyEQ=="} -01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434776956,"flow_src_last_pkt_time":1603816434776956,"flow_dst_last_pkt_time":1603816434776956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434776956,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434776956,"flow_src_last_pkt_time":1603816434776956,"flow_dst_last_pkt_time":1603816434776956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434776956,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"51.158.105.98","src_port":43735,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434685491,"flow_dst_last_pkt_time":1603816434779296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":109,"pkt_l4_len":55,"thread_ts_usec":1603816434779296,"pkt":"PKn0qB\/spJGxgjQ5ht1gC0dvADcRMSYEqIAIAAChAAAAABJ5MAEgAQsHCsnVrqTT\/kdpHoB9EVLSAAA3EH3TAAAAAAAI6BdjXmXwmldRMDQzUTA0NlEwNTD\/AAAb\/wAAHP8AAB3\/AAAe\/wAAHw=="} 02229{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434779850,"flow_dst_last_pkt_time":1603816434628754,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434779850,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUA7X9AAEAR3vnAqAGAyu7cXJgVAbsE7F0\/xwoKCgoISaS\/HP4FIE0AAETSs+MVmuG4wpmNcPXwiwbgkyhiThvn0LHBRqHfn+gXOdfthzxlp0ltI03pZKw9vyqEYoBiUoMOALn8iwjEM1bBG0sKOHNmuafb9yKJq5CpXdfVW9fnnip2p1tWnGQZccSpOc1uq0bHiGjb10mg3cqpILSGktAMKwPjSF47KMJxZp\/l9ao1+O97nqhSrQZgHoEMImlI7ZCND\/wyqspL+eu6NAWz3rU9vba3BnFw354DNfuXu8HOGbC3Guvt9ytqxi0Yz5DSI1kvCcdc1n7wT0BoaLVFB\/yV1s2y5v5nH3DzJd2ACj9o\/zmaZyMpvWCTRg29elBjIR6fiI98dZm7sRE0VcNIEEqTNqSeoXcWt5unTNHBRYj7lwzoPoXK2TUjG515g9q9fHLJbLWr6\/hB+vEJG6S7dsFN6dIXdTpgqWHu81xJ1m9hfY7AkYBIllm4leEOWu1SRr5c\/AEsknAD+6XbQas8XXqJRRnDaBD1csMJtZvxoVWNSuOHBfOUyiZ4hDYxHjMLTLGygYFsDHCP93SCma0J1PrsKV4mBTWbhdzxAD3aoMxgjoxla8DQxuClSD4NOC96GJ+rdubJmMLxnEpF5JDa1IKuYrUXV3w\/4wQZqtP7g6zDf2GhddDBCDNr7yc+hg+5ilxcgcb2MVoLkgX1OkizCx2RSfRb0eK8thsruCLFSby4jO8bsuNj\/DwRHrD9ALa9P\/tMKNqD\/QB3PCX6uMJrfyT324LeetrVxPvOBvrQpiJegaN9JcarJLQiUBPGBrK+q6yGhmqia+H4CTzm98FspAgFJ3pIDJit2uCN0awhg2fUthbI0kXrjD+YpQbOi0QPuM2dRjqPXjXqrT+X2FbVUvVA37Xe2HlgHJQb01jyc3xry22J8\/uMKksqV4OfH9xACygHSWKGL7403rhhUIh\/1OKDuete+v6YGMI6HZHwxepcu1MBc8\/3NDyIJT7pGaR74MXwks5nUPSMbWXdz5gpe86RgRisPos\/HQNeweIwtPmU7vDULxHYQYbZJm932INOf+U0JuYM9\/0yyF82eovZ0gS\/AOY09vwKYKSps2BcZpcxKZJ6olMmG8Bd8RL\/TLXZh8OzsalyvubiZwDWuVVt1AZfvz8bSBiibxOi0oZJkb4Skel7UVJq4ZUt\/AwshUTtNvBmdhQCuqFbi+vqgJQibSCoN9R4ZSyuDwh4LgKfjp+jo8uQyFbtI8t7MPDA2gEjE9qSW351YU9i5A\/s6I\/H0QY4qaYHU6kmhNbmIKATtEXjZl9SsVnMQ++X3XZU09ZdvRROedhNjBpUePUF2+I+GgpQe9uXNKuTX5eintxBFe\/K9\/CrJuH447MCSJbL3kP6Bf4Qg2eo6fEs5dY6Gxdja3GF51OjnRG43ifui\/tVzaMUi324TS\/XRgkk6p17f60JC6V4Gg40mbPu0O21JxeTFWtWMYV6jinEN5pHS5s61dr9fU3vtxIOEN\/xMZjMROyRyCA55e\/0gx+GVjszIFs+UXq\/SyGgMEveU6gGW5EAZ3dCbJv6R+xa9kprk+rkDzgIuFc+I5Eg81JJd+kRHZiTfuhJaM8VwpyTDR71\/6\/lU7nCHcQiW3bXtU47eJyWza+vS4JMmYpHRxlNVbyyHp66eitmqcsnzcAlPI7xtrqCvg=="} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434648476,"flow_dst_last_pkt_time":1603816434782784,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1603816434782784,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA\/AABAABwRNNQSvVT1wKgBgAG7iFcAK9mxgAAAAAAACPLo65bqtzD4+s6wDvrOsAH6zrAC\/wAAHf8AABs="} 00844{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434784280,"flow_src_last_pkt_time":1603816434784280,"flow_dst_last_pkt_time":1603816434784280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434784280,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02224{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1603816434784280,"flow_dst_last_pkt_time":1603816434784280,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_usec":1603816434784280,"pkt":"pJGxgjQ5PKn0qB\/sht1gCAvlBNgRQCABCwcKydWupNP+R2kegH0qBdAYDOmBAM0q4v2zvsWrrj0RUgTYFNnOCgoKCgghNSPe1nPIHwAARL5EcEFiriZrD+ET8JYIbR9oI0xm+rhrvJqfLILgs8D3Ue0qQNbVhIpNUU0tlgUCj3R+EB0BmYAvw6bLa5fuluEc0rN9r82heJLvapv7VUF9l51pFcem49jTWjYnj2oS6+waPQZXW+lgdvo6kQGqK89XfdzR1PgUM0aNtvz7T3DIGxshf8Bt0Mg12xV8BKvDf+WpUoRZwtsOWK2raSvEzJiBDtp9+7hN2cxP9JSjYr8Ymo+djN+4mxQxt78BMIwseR0wrK25i\/FCRyQZdy2RkGo1CRXgmyDAvyZwFE4TbrzLF307bQj1syPR3dOu7kPw5RNRQT+t3L+8NYL3mVwzg8kMaSuoFMxCZQvln3VAPeh3OJLvvw5+EMXFzx9zqWLfnKXdAHEumvxqEmlR\/1Fx5dKWAiLy4VEiB68pm8cbRcxMeWpZLJsU99vTYR1NQ7ym2LdsdYmsLFkMBHZj6r8XWpZpYhelGHgVf6dBgfvJoDoveKLzHHW7IQW0Q3CRZrurV397BZfMCs6JGA+7vvWU+gtIQ6+afCAD2BGOodmj\/NZoYjSTSz7UleFuiy\/Vh89Rle0L+paWGt8DSK3GtOoMd1TE8\/cyKXC0DuFP7OI\/tvNCsVqyrqekypnTROZiw\/hHDf4fjDoJUlr9W1Nwoksz+NUOe+agaP03VJPXO6c8eR1g16+4NUIoRiQvQ0PsA7\/u1\/P3EtbO6kdIsAPEzJh9T\/vDsjetpZCO9B\/5U78SmuNIpzUeyMa0pZ3WKYxs\/S8iP30dyOyRmNpGcQ2OhBlF2DpsSjXyEdMu816faZPTNRUFFFKzjtvsO4TkLkupS4QKX8ZqjlbPKIDbq7pJvPq1yQvdi8dyUb+GRdEu83F1kTyqMVj3VhOrCFJc0NwPk0QIQVaRiHCaQM\/M\/CAEON1vbjPSs5TR\/CU4ctB4lWQERooxF86Jf+vt4BRo+E+RBZpGyY9TSyW8BYhtJJUh4WEUdOJYaaV9TsJb\/JsQlajq3H+ad6FKE+sN0lRn0vyD+XLhK8WIG31ajHwqBioHhepDDhLwoYsiq3DO2TeKvxXp\/qbpXpHbmWZzrHqrW57rxAic64eJNK8nbylzcqNgf8E5i4dPbpF2trFKH9Xo28gQRRftLrNFAzIkDO4sN7G\/s0Kd5rqq+U4C+5hUgd+K5TPBViJ0+ZA5X+DO59wdV3YWk6fe3rpcJwZqkWMTHB+M4lLppO\/yNE76E8Kr\/Uqw7z2y9O2Hv+NvCttG9qY2iyEqocZxBUTD+UcJwLZ5GMkOh04nY5cKAEPxYCG+ZT+E6zrOvBnQQZqy8s3d7C7XsImaGAvBZu0AsMYvrJw6+l+x2h42qzLWSCCzqB8YHNMAoyjY5EEPiHDB4aqsw+AvUgp3kmejvZBqsLkmz4XspOgx4+v9KHKqq4bc+dtdIyTgZmNbhwtVFRrJwGMGlIJO3dYTW+eFWTrmyY\/kU+ejjmIORkV0nipRgOem0UmubxMEgQZJeGXrQKTimh1Z9tS70mAbbB\/uGZjC6Urq2uLNfRgZdNhSsyCMoYQw8molzzh2Na0ZIW7YN2Gu\/\/Rf\/n13siixEZmXrzTIF7wcraimRKQ6DvgjgbL2hCWeF8mCngEFXTnoVA=="} -01242{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434784280,"flow_src_last_pkt_time":1603816434784280,"flow_dst_last_pkt_time":1603816434784280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434784280,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01278{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434784280,"flow_src_last_pkt_time":1603816434784280,"flow_dst_last_pkt_time":1603816434784280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816434784280,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab","src_port":44605,"dst_port":4434,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Ver-Negotiation"}}} 02232{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434792692,"flow_dst_last_pkt_time":1603816434641678,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434792692,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAJ7ZAAEAR9yfAqAGAhfLO9KXYAbsE7LC9xgoKCgoI+QsGqtFYjA8AAETSGVf3NpHzKNMNdfh\/V\/noLzrrCJTWCW2izc6gcn2txyrZ3vTYFw9oti5N5Zd0a4DdA1cWLhNby0WoxjcoN3uUL31I6AuWTRtQmld72DVp1nFbW14vxWrhBIu4agIQU6NycrkwLEV1tOoKdYlrthTNMwD3M+k5+y\/jdMVtkD0R0YQR7BZOnM3kTX1bH0f\/eldh4oH8S4GerrQ\/hVn\/PHliyMbE95mBKeNH\/XBKjPaVH4SE5iyuZ4o0cAJX6zKU4lajsV6QVuEgsemLtfWCChsdFvaI+RSAzByJ2Y7eGCh7v+Gh4DXflSFSrZUSBAmTZoA0Zou6ukZtsJNjsWY68k6WygqpiwhMQJreLyjeXVzk7oyGDwHO\/hAvmg6xY5GXfBPf0ls2P2OW7n3w7L66S3D+as25Ka5fB\/1n04+oJmaw3ADdYqeBwRa3iSrQ7F7kK3NaNAJNRq2zS4fr\/b+ubURvNfR5staBQwIu\/o7Zb5+LwmaF9rZXHBu2Tz+8wv0lj8mhBUzLNtcfw27CNl1txh1+lvdEzBQ0+1QdwfOwk\/hlq7\/lf8GrfqmLhlEPTaPG7AFa3IPuxLh84mmZwaTAXQbxug33HwUz22AWbGI9PCbve31PjWm1LgNNd+7+kMpoKF52auR5lPAUr8zA5LwEBGR1mQkQ7NprWlORnGh5UWqvkJJHwL2k2IRTag51mGTH5MB1+cfSjVWNAtd\/8JuYCSBC+KNhtmuCXomT7rLvgXGj6o1sphXx4atNA9Dn9q1FcbinWgv+WKWZhnHGGP6dn+mrWu\/7bvpjXjrtDgIw7CyPxH34BjhKbxZ7QcB83XEhpxelpCRa6WUEloOBWGYIeMG0gZJIKjNZe0ll5C9J5n2Eq3sqg9KP3L2k8K+5dmEqspUGb1NUPPi+n6\/iFHU1fhMvh64hs66vVu1aXgLA9dFfJPSu+8U4SVAQ9LQIkLt1yLRcKmzv7K8F\/1wJz\/\/VA0FnXA\/S3tZfKvHD4A\/\/6XZ0e0JKAMn5kSF7uTeS5e5gdjg52fvbQjQd6m1d25cld76mtRwuKWprxy2fwcaEL3Y3Vh5fKfWjC4aclIK\/BmtRNjMNgHLI8jT0sKKwQDoyu6Dl2oMw70Jg67MXwUeukQTS75rXVHrbzUA2pmGH7aReYW35h4TyF+C9spNA\/zEJJt\/SQ8ZE+FX35GC6kc6V2qla+i+Pq5C7DccKCdXqXuLKAqiNDsgQzxhbb58C67FdYeSem4xijEQ544+5VsmSgDw5Bm+f8kn5ITiUXjSnERiDrW8LMlRKSAtIBNf8TTQIdO73pxNtEY6ZK+aCZSZfuGLY5fcX7OoNql4qaH5tgUcAKTmfbm2Rny2woTB6j6YC1lH0CTq+8yvsMUtLcbQZpIVgD2w91k\/DHu\/rqh55qa43XObRLAN1Cas7QHa1faPFa7Kyh\/Dx\/uu2xJFLfWHVfeKsvw4nX\/4k2v0Isffs\/nVZE\/mcAdyEmoN0MJ38PQMKNvx6iNUa45euWiJAQh0n\/9FPVkaW3p\/pu55m0RYAv15pyglEYDeOzb9cgqoBOBFbL5F17NfFlR1TUtETcnCdxPpozDGGzr8327bzSnjwgFfcwdPtJKYxjWOqhjxgehtiPwt9WJP1lnTBRJMRI29aK4qFwi9tCw=="} 02220{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434794660,"flow_dst_last_pkt_time":1603816434643533,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1603816434794660,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAVgBAAEARrFHAqAGAR8opqcRxEVIE7DJpzAoKCgoIvbmHXcmpQ\/MAAETSE2e30YHkAX2XVfEpCGfOjyF840fDKozk89FYV10qOipSbcKfBwadYKaP2PDi2A7GqANLJXLXd1Ra2Q\/d2lyOKDnoc8x8gM9WzcPPQTUPx43cTsdSrSCDxUnpnuaj6yGd2N3XRIkY0gYWRPuFX7h\/fh1NFO2iAOlIL6UUnbjkaQBPj5+DK9Tkt1jAUKuz5C\/VX5NyeiPZztoZxmFEUkRFMohO0yR1d9jvsEZjpJxu1T2xxVadymVUvn+nPUj7gyxMFoi5gdzyUkI6qww5VGYT9o89cKQc7vz3RQ1j5HNSltr8teBgazRyqIezFwRxXQZzC0mfyCRRks8zmpYilpgAUrd6iKSrwI8xpH1mLLYEiIEokh7Nku+MJsQdaeXhqFHBdzmvpP2d5lWx83GgFuE+Dkn\/A4rNg8OLbx8Hd749+SlXxx2p\/3FSVDsm0u8FwDQ0TGJxo01kEWYz07BfKbG+vmnmpdKMZ0c+mcf5\/mMTkSlmCtsSWEbhtyGBpHj6Gp3P\/PHHW6qpxotr0bYpBtsptMaDfY0LOv36qEIsdtyoyFrcuYBfxE2rbRJIu0Oe5vS9+mDEauvlYu+hTOBWRYf3GYbB3IuMocvdH3ge3fFDDBDMar6Z4AzQD3wB4++BlRSMJ4Op1PtaLNuhvgHr+zWIE03DBlRJ+VplDnanX09JNXhTwH3H+AjPz1EvGjgEK6+YfNJQaFV7U9mDD9Ruthi3HVvk8\/fOat3XDJUwyHcciWPLz4ceNf3L7rSem0SlSz\/9sPlFDV+6MnWDTjz2MgYr10nBv91OfLa6dUBNOUc77cMVlTY946uEOebqDqBU6HTwpDrQQPOhfekx\/cwyHgX1SPiQ2jm0cco9gMyY\/biNH5Ae0kYwjthPOjVJSM3sD8k6twZNkrRaDgELJdCga8uI83ZLsJc3njlrx+9GoCKhJeSUcJrXmCVv5wqbYrzBtzlNPONszxo+vENua67+NrZXgrgkQf3D5vueityfehPXawW3uctYARfHo8es3+9km4o77SaJb+CNNegl3uhaafpl6DgQ+IXvsGebd9bGzfvvtGEjqvC8yYEyCoMopVY8b6KF028XUOHjcIIrxB9oRWGWX1t6qcAtpr5\/re1at\/9am5lVA7Gd9Xl3d+sVGUgFor51U\/E91\/+E5M5Qa008RYdjk8bxHdEi5qflOIKkQWLgH2ptDuy4K34mY60YaJX9MzZJHqAGBiOJyz2vC72RgiQqDDvCwlaJzHF+wCxLSno3fJNj+SzLPPJvdkMYQcGDVNBzW9gLntYHCPYZmwYktaxLJE5kbFfSUHtFwGEgRhMzIViDRf0rfOdiTfn8q1XUwHnBs2i86bgzg+ASxD5k9QGSx0i6DQMqkcfTxkRGAof6BOxVRYc9567BYEdhO\/\/6PdEmvCY3IgYkogHWhz0bGjMlwbJhFZn0\/rOkfEZRLdzHN3yIdh4NhKhCdUPWLn5T0v7ILIVw+5EDKoGAZZ6+44v3WJA9M5YTPJa8YeOn2nx3N3YEQRsjiBBWJmbxBrqvM2C\/FaZgvmTqe758ClWLW0UAseHM27RoZnUVhDYxYjRpjAi\/X3AjK7Y7RKIDkLHbl2y5Bqku+ZBD8\/fxJnSy0Fo82DtOYzY3K0yqjhL16Ji16juysw=="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1603816434670390,"flow_dst_last_pkt_time":1603816434802819,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":89,"pkt_l4_len":35,"thread_ts_usec":1603816434802819,"pkt":"PKn0qB\/spJGxgjQ5ht1gDen3ACMRMCABSAB4FwEBvnZO\/\/4EYx0gAQsHCsnVrqTT\/kdpHoB9EVLCfAAjD9qPAAAAAAAIIsGdLtPZLyX\/AAAd\/wAAGxoqOko="} @@ -414,14 +414,14 @@ 01129{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434642398,"flow_src_last_pkt_time":1603816434642398,"flow_dst_last_pkt_time":1603816434642398,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00843{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434509409,"flow_src_last_pkt_time":1603816434509409,"flow_dst_last_pkt_time":1603816434509409,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":34442,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00844{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434518986,"flow_src_last_pkt_time":1603816434518986,"flow_dst_last_pkt_time":1603816434566800,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":35,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2a00:ac00:4000:400:2e0:4cff:fe68:199d","src_port":48707,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01254{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434535255,"flow_src_last_pkt_time":1603816444528429,"flow_dst_last_pkt_time":1603816434535255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9856,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01259{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434535255,"flow_src_last_pkt_time":1603816444528429,"flow_dst_last_pkt_time":1603816434535255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9856,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":32957,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00848{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434599720,"flow_src_last_pkt_time":1603816434599720,"flow_dst_last_pkt_time":1603816434725950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":51,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":51,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":52080,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00847{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434764038,"flow_src_last_pkt_time":1603816434764038,"flow_dst_last_pkt_time":1603816434897001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":27,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":27,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:4800:7817:101:be76:4eff:fe04:631d","src_port":53140,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00833{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434729343,"flow_src_last_pkt_time":1603816434729343,"flow_dst_last_pkt_time":1603816434729343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2604:a880:800:a1::1279:3001","src_port":56073,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01180{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434818859,"flow_src_last_pkt_time":1603816434818859,"flow_dst_last_pkt_time":1603816434818859,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":556,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":556,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":556,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"18.189.84.245","dst_ip":"192.168.1.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434772881,"flow_src_last_pkt_time":1603816434831237,"flow_dst_last_pkt_time":1603816434772881,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2480,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:19f0:4:34::1","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434680209,"flow_src_last_pkt_time":1603816434845425,"flow_dst_last_pkt_time":1603816434680209,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":1240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2480,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","dst_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01153{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670583,"flow_src_last_pkt_time":1603816444524248,"flow_dst_last_pkt_time":1603816434670583,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9856,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01157{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434670583,"flow_src_last_pkt_time":1603816444524248,"flow_dst_last_pkt_time":1603816434670583,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9856,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2600:1f18:2310:d230:5103:7d9e:7d75:374f","src_port":46242,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1603816434750923,"flow_src_last_pkt_time":1603816434750923,"flow_dst_last_pkt_time":1603816434750923,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:19f0:5:c21:5400:1ff:fe33:3b96","src_port":38689,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01222{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1603816434528228,"flow_src_last_pkt_time":1603816434679393,"flow_dst_last_pkt_time":1603816434528228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"202.238.220.92","src_port":38366,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01264{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434595118,"flow_src_last_pkt_time":1603816434745946,"flow_dst_last_pkt_time":1603816435011222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":2464,"flow_dst_tot_l4_payload_len":70,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":56213,"dst_port":4433,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -434,11 +434,11 @@ 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434524039,"flow_src_last_pkt_time":1603816444507501,"flow_dst_last_pkt_time":1603816434524039,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10016,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.112.191.60","src_port":46334,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434643783,"flow_src_last_pkt_time":1603816434643783,"flow_dst_last_pkt_time":1603816434680178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":23,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":23,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2001:bc8:47a4:1c25::1","src_port":49270,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434656025,"flow_src_last_pkt_time":1603816434806673,"flow_dst_last_pkt_time":1603816435111830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":19,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"133.242.206.244","src_port":45855,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01254{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434729337,"flow_src_last_pkt_time":1603816444586281,"flow_dst_last_pkt_time":1603816434729337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9856,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01259{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434729337,"flow_src_last_pkt_time":1603816444586281,"flow_dst_last_pkt_time":1603816434729337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9856,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2606:4700:10::6816:826","src_port":41857,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1603816434507215,"flow_src_last_pkt_time":1603816444490896,"flow_dst_last_pkt_time":1603816434507215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10016,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1603816434765563,"flow_src_last_pkt_time":1603816434915890,"flow_dst_last_pkt_time":1603816435194117,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":19,"flow_src_tot_l4_payload_len":2504,"flow_dst_tot_l4_payload_len":38,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1603816434648476,"flow_src_last_pkt_time":1603816434648476,"flow_dst_last_pkt_time":1603816434782784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":35,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":35,"midstream":0,"thread_ts_usec":1603816444721572,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":246,"packets-processed":246,"total-skipped-flows":0,"total-l4-payload-len":231120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":77,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":77,"total-idle-flows":77,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":441,"global_ts_usec":1603816444721572} +00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/quic_interop_V.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":246,"packets-processed":246,"total-skipped-flows":0,"total-l4-payload-len":231120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":77,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":77,"total-idle-flows":77,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":441,"global_ts_usec":1603816444721572} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 246/246 ~~ skipped flows.............: 0 @@ -447,9 +447,9 @@ ~~ total active/idle flows...: 77/77 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7937213 bytes -~~ total memory freed........: 7937213 bytes -~~ total allocations/frees...: 147459/147459 +~~ total memory allocated....: 11644616 bytes +~~ total memory freed........: 11644616 bytes +~~ total allocations/frees...: 217713/217713 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 554 chars ~~ json string max len.......: 2241 chars diff --git a/test/results/default/quic_q39.pcap.out b/test/results/default/quic_q39.pcap.out index d36b2df5e..3334af345 100644 --- a/test/results/default/quic_q39.pcap.out +++ b/test/results/default/quic_q39.pcap.out @@ -1,15 +1,15 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1509098995610775} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1509098995610775} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1509098995610775,"flow_src_last_pkt_time":1509098995610775,"flow_dst_last_pkt_time":1509098995610775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1509098995610775,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02318{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1509098995610775,"flow_dst_last_pkt_time":1509098995610775,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1509098995610775,"pkt":"AAAAPJ7rSEb7OSWDCABFAAVipylAAD8RBjiq2BDRFZ2345bcAbsFTtxhDeca1dd1bE1NUTAzOQFpm58AnJnQaHUqfgGgAQQAQ0hMTxsAAABQQUQA1AEAAFNOSQDhAQAAU1RLABcCAABWRVIAGwIAAENDUwArAgAATk9OQ0sCAABNU1BDTwIAAEFFQURTAgAAVUFJRIACAABTQ0lEkAIAAFRDSUSUAgAAUERNRJgCAABTTUhMnAIAAElDU0ygAgAAQ1RJTagCAABOT05QyAIAAFBVQlPoAgAATUlEU+wCAABTQ0xT8AIAAEtFWFP0AgAAWExDVPwCAABDU0NU\/AIAAENPUFT8AgAAQ0NSVBQDAABJUlRUGAMAAENGQ1ccAwAAU0ZDVyADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zLnlvdXR1YmUuY29tHmY9ku1OY40wxAcfyyHFWACuKRu9GR6V2xdJs\/1DZWDRgILbvi6YPymdOys8LmRShvdEmFTSUTAzOQHogWCSkhrofu2AhqIVgpFZ8wXyMDAwMDAwMDBOGwyq+nKlq\/7gyjM9fK1HfmcRm2QAAABBRVNHY29tLmdvb2dsZS5hbmRyb2lkLnlvdXR1YmUgQ3JvbmV0LzYzLjAuMzIyMy43EbUkNcc61MtqjsJrlOUgFgAAAABYNTA5AQAAAB4AAADyBfNZAAAAAJSFXrmNCzW2XCwCM6DbC32c2YfxELPjjStDUbaq7wmHTyY4LQBCW\/iNJqUlz2Wd46tERlhzvdEC41udof7lNxBkAAAAAQAAAEMyNTVDwyMTjfiB70PDIxON+IHvmpHtbxwAgQ5AC3uQqa5564NqFQAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1509098995610775,"flow_src_last_pkt_time":1509098995610775,"flow_dst_last_pkt_time":1509098995610775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1509098995610775,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"s.youtube.com","quic": {"user_agent":"com.google.android.youtube Cronet\/63.0.3223.7"}}} +01183{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1509098995610775,"flow_src_last_pkt_time":1509098995610775,"flow_dst_last_pkt_time":1509098995610775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1509098995610775,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"s.youtube.com","quic": {"user_agent":"com.google.android.youtube Cronet\/63.0.3223.7","quic_version":"Q039"}}} 02055{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1509098995619706,"flow_dst_last_pkt_time":1509098995610775,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1174,"pkt_l4_len":1140,"thread_ts_usec":1509098995619706,"pkt":"AAAAPJ7rSEb7OSWDCABFAASIpypAAD8RBxGq2BDRFZ2345bcAbsEdFQcDeca1dd1bE1NUTAzOQJfXHZ4r4NHY5hNEdjLP+5ayCAfN4aRrJwcGbvr9Ig30\/shURCI87o6EE5x2r0qaxNPy9ijcArYvwm83T\/uUNOwvPrQL1kQ63P7NcdMjvNaDrlFf0DGfuOc7NBPTTXBkaePu98lEtAf3wsOApXg5IhtfmWdfKrgEpCXWFWsxttw6C4\/lCwJqkUGaOjHW5OhnY9r8qCDBdkX4XN\/4WmFW6nWq\/XYAKSy+w3zKPd0+LJKlxsYwrzgGV2rjQwmb93iv1FFvCzNy4lqNoUoMblenytDJV5TJvGYH4s+\/7AX7HDhbJj+lIeaRA3g7dV3H3kgoU\/SpbsdOzy0YVY6Bp9yZermraiyHURn7bAotygD2Vp7YwNcdNEG9BU3funEay5GDjyBK1j66ZDJgNXirLZjzse1+VcJnT0WzMubicwvU30jDw+McSt9Bti6\/gP9FAz9\/lD31IeL8vackSc4lx75mviO5HS6BA\/NqsjQ9B8m4Ji2diYR80xUpIbgdFQiU+oifhm6+LGlaffXf5zfdWBFidIfld\/b7JT3SCK0xn1oi2TKxI8Oroqc4ijms7JGelhl0fef2CpmP0WCIT2YgyU6YwvWa1W7lII+N1ZbTeUAByGqF1QhTf5cSKd79GJRi+dbNY7B3Wj4KJv9v8GAF7TKwPiEZdDEpbOPHL\/FjvVpM04y5hU8HR+06oyFgTK1\/6hdbKNXNH9cJjr2nmUmezntPWc2AFfXM+e\/7E1fv7zcT4Kq1YOLXr9\/RjJvDNQoj81czTWLgfREm6KUrj\/r6fSbFJFnhuScfBlR9k2Pc7b3lIEZb0KXGhxHCyB1J7D8gUoqDhJYFGV+VkGVNhJpozvYPJ8ykH\/Y41HD8nsSDL9iDj9URAxCKHefDlX7Pwz6OhBfkcIZAyY3zG\/w9rr4x0Pl7U6qcsdZ1MBpDJ9qjugA+Tt8C4JpvLxNAR0kx92LyFnt3BYr58WDPwTbktI01oxzKDO5QfY46azjmnqJ+Or2LI93bDxwCMYKsLGAmehhGKZad4Iy8CQig4MBQDG0NMhHKAI6+BaplljmUnDnEalyg57\/03tWWLR4CQIYoKQ9N\/\/fDmFtkFJjraB0A767qxG7Cy8Linc3qzCa86538v6kM371bSCg\/XlL+EWzVEgq8MNOp+Kf2xPBIqWXFiVMGJ1GcpQwm6iQItRpY+85J5+RUK5X+3OW5ex3EYIjJUr+g2x3sFkDiuAsaRHgrjj6WnNpOZnghw1uaYp+E3H8VPrRSwSKqch7lieJx+ojtBtD\/W9etVSxGJeGD7lz+4wIhuht4d\/jcmgefkRDKcrraaR9azCKs\/kbJ\/PpVxbRsVvTZyAXgG+ABf\/0Dt+UshFkLro\/tuKww4FrErwElInQ+88Azyk3w8tcu1AYrDqSPj2BvjSRVwl0PO7TtbVWqgcuYET3exljbs22Rr5eyEoiPXhNZMDC79zLn441b43FrUKvwSHTJR\/j33VYKbaP4oVCvb26Vw=="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1509098995619706,"flow_dst_last_pkt_time":1509098995647453,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1509098995647453,"pkt":"AAAAPJ7rSEb7OSWDCABFAAA\/AABAADgRuYQVnbfjqtgQ0QG7ltwAKyQ\/COca1dd1bE1NATKbKH1UbNEn\/TIU5EABJEsBAQAAAAANBgA="} 02342{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1509098995619706,"flow_dst_last_pkt_time":1509098995737234,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1509098995737234,"pkt":"AAAAPJ7rSEb7OSWDCABFAAViAABAADgRtGEVnbfjqtgQ0QG7ltwFTuA6BB7VA3w2dE7ZqQu\/HA9+aSHkQAacyJMtou\/Ld+GIcjTwAhOnbZl1DccdsXKM9X+aGBaaEp2k+gMriAxw7XUSiNYtQZBUSBNLFOTdb1hYpN8c7IZOsaDblarfxUPQxJ0gnkUeqkr4fuRbUc3rNSCo1QMBgMypO2NvSL5l22mGXYSmNX3toGT7ULzZsB61Qo3VdWUFY0IjS2GhkCgN+m+wvx9GGU9V5L0IHzmROUCwSwmxHH1ErMsKb5C0SPh8Moiuuma+1VPhe\/4G2icjKqB05ASgsiwkrwe4SR8d3GFtuFbHeuQE6CX\/fbhRn85iCZ81UU0O0DtLEzTpnpEMp\/HcwAW3wA0AsKtudDGHnSOUULPkFVRBhVhpeLqS2Li0YMUrWjkhCHDN9UoHpPxrqdDBOs6cnSVYtFl87oKhCwSDMwSNx1tbGBLcoib6tTeCM4ikOzQpKXL\/lxnGVpm2twrSoh9tDYCOMzC8iEwjRh8w8znhREm8bviBNUYoIfHaNCNbITO03cVWyavFVXmYqlGo+ZASq8dcX96Cx1fYD2dNrv4jvEfzhZHi9j3aqseDNoE+cm3+PWctSwnMNfg\/cAZ6+izl22P83dYaovKhaYXtYVtRaEh1uryXKQuvrbxgzqoMuHHkrg7QEJUZ5gmgRTEecPSWIb8SUwZxdqcpLdU2L\/gN+0XORpCHTJoVoXg6Lvf7E\/f\/bT1pGfsk0tHNVABNBD6SIl1dnyG5O14yJfWoVmTI2+G7UprA72A7KqcWm\/Y9PRilKUqk0W23OKWXwmQihG5TnwqOI1ASAfZdL\/efwkHmsUuwXwuaJv3FGekCSnevBUaUlKAb3RLPfFDu91ImNXm9aoyBuraDr8zBZ9bqaHnt+JcnWMwjFSOpYRdAjWYbEr13AgYr52pgu\/XfErhcDNHbPXjSUwKIzgcTnM8QTMujWWFjUns5aLY\/Mv0qOvbYcFGwXDlw8OQM5Q9vAraMzp0pOrSxRQJyeSoZ66v\/2PjjGS0ghqZ5wQB3xtFoLAlr2HDEgPgkAvO2RItTesAv\/vsh7iK4WvlZWfptfy9Gni9zKT+BCJpVckSsMJNJa9QOIqDZGcD7WdvqPZ\/+gs8I2oZlbXo5frTZi1mSER\/Qjm4utM3efHWXJNIk2goUh46mzxek43peBjGUnwswHlZbLnqUTKXJel3ddyov8qXphMbEnQYip6mhFYg367RZ8YRU4EKrwLm6Xcw9FNoa6Z5lJKJijsH5vSnEkZ0v8YX0MjTBReOeuoFmSr+AJVjpSlg\/7643dClWP4cXx3jdn+gn82y3LOeYLD2p8lV3aWTEv0GVmHGW+Hm9xJDl2bHgxIBcRhyDRGQFOC\/Z7+ehu0MP0\/0K5CKWxMw6rUTxM3JDgsEv2bV8wJzw544w3P4lqj\/UGLv3pSXxIfWP\/1WvqksJ+oY1kY5SVPXHla+pr7Q4eBAjdUPT41ziSFsQn5NBuGGWEuFCF\/QbEKcOu1F8TZ\/1M4MdpRIdqR8tFYEo+Vg9m6TwjRMK66fE6Mb60JRytY107EKpRJxBagZcwKIXCY2mZAsGOuehm5fQ1M5eVsO+apeXG3c9KMIURyf9ctvuQNWeWR2FIFfoH98C+ht+\/SSxjmFeV\/+d0QtrQ1HpAJKWfFcOZ2e+SesZS6k9AGyJLmN0367Nn6pJG6hN5CQDPLk+C3kOYs46LBkhHg0plOlFrwwdKcByjY68Z2VuRM7vrTmQWs6\/Tsdq8ti5cqSfOmHnALup6x5Ipr3zDykeMyuckk03bWXQ7Vwm7LKwDjsFd1vGiyvmKkwy"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1509098995619706,"flow_dst_last_pkt_time":1509098995737241,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1509098995737241,"pkt":"AAAAPJ7rSEb7OSWDCABFAAA7AABAADgRuYgVnbfjqtgQ0QG7ltwAJ9O+AAM4OmALOTw1M50FdwtLmPXhOu9ZZKxYgqiuY5AjrA=="} 02347{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1509098995610775,"flow_src_last_pkt_time":1509099004752497,"flow_dst_last_pkt_time":1509099004382425,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":41,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":14377,"flow_dst_tot_l4_payload_len":2074,"midstream":0,"thread_ts_usec":1509099004752497,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":577850.7,"max":6514643,"stddev":1531988.4,"var":2346988339200.0,"ent":2.7,"data": [8931,36678,89781,7,404130,1367,298294,119221,31,434781,6185342,12819,6514643,11351,11378,22730,702601,702694,435266,435159,11351,11442,16019,15861,397203,9235,397732,33897,93428,52,499948]},"pktlen": {"min":46,"avg":542.2,"max":1378,"stddev":603.7,"var":364512.4,"ent":4.1,"data": [1378,1160,63,1378,59,69,69,58,291,46,69,256,1378,64,1378,1378,61,1378,60,1378,62,1378,62,1378,62,1378,716,62,62,90,46,84]},"bins": {"c_to_s": [0,4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,9,0,0,0,0,0],"s_to_c": [4,10,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0]},"directions": [0,0,1,1,1,0,0,1,1,1,0,0,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,1,1,1,0],"entropies": [4.179285526,7.832315445,4.966748714,7.846248627,5.380072594,5.640916824,5.720768929,5.299251080,7.336034775,4.816403389,5.818665504,7.074090958,7.867320538,5.431150436,7.827050686,7.874505997,5.477433681,7.859999657,5.412702084,7.863677979,5.373553276,7.855113029,5.379174232,7.856376648,5.502585888,7.846080780,7.718618870,5.508206844,5.470327377,6.029057026,4.816403389,5.969577789]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":33,"flow_first_seen":1509098995610775,"flow_src_last_pkt_time":1509099044522763,"flow_dst_last_pkt_time":1509099044559423,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":18965,"flow_dst_tot_l4_payload_len":2686,"midstream":0,"thread_ts_usec":1509099044559423,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":21651,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1509099044559423} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/quic_q39.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":21651,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1509099044559423} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7768539 bytes -~~ total memory freed........: 7768539 bytes -~~ total allocations/frees...: 146432/146432 +~~ total memory allocated....: 11477158 bytes +~~ total memory freed........: 11477158 bytes +~~ total allocations/frees...: 216686/216686 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 557 chars ~~ json string max len.......: 2352 chars diff --git a/test/results/default/quic_q43.pcap.out b/test/results/default/quic_q43.pcap.out index 0034301a9..ade525498 100644 --- a/test/results/default/quic_q43.pcap.out +++ b/test/results/default/quic_q43.pcap.out @@ -1,11 +1,11 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388060203207} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388060203207} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388060203207,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060203207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388060203207,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02318{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060203207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1592388060203207,"pkt":"AAAAAAAAAA0A1ZJ\/CABFAAVitYFAAD8RFzMzeBTKSHfZHcBZAbsFTg3gDeg8d72PiRX5UTA0MwHUpsx5z1djkhIB1MqgAQQAQ0hMTxgAAABQQUQAKAIAAFNOSQA2AgAAU1RLAGwCAABWRVIAcAIAAENDUwCAAgAATk9OQ6ACAABBRUFEpAIAAFNDSUS0AgAAVENJRLgCAABQRE1EvAIAAFNNSEzAAgAASUNTTMQCAABOT05Q5AIAAFBVQlMEAwAATUlEUwgDAABTQ0xTDAMAAEtFWFMQAwAAWExDVBgDAABDU0NUGAMAAENPUFQcAwAAQ0NSVCwDAABJUlRUMAMAAENGQ1c0AwAAU0ZDVzgDAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1kbnMuZ29vZ2xlLmNvbR8ykEILcj\/tFGrck4XfPyIJIy1Wp2EOyj96Sbv5OxbQ7GtzdqXVHstRevTu5j9sOKKoV3MEbVEwNDMB6IFgkpIa6H7tgIaiFYKRXuiYTDAwMDAwMDAwL8w4xnPBiaheNE18yX+i9poR99hBRVNHfnKffIxl9aDtAhVkrBteYAAAAABYNTA5AQAAAB4AAADs\/0Yi1mMvJ+MeFLVM06sFxTPtG7icgHbJd6FPguzZ5DspSAr1qmJOAogGqdfyO9QJ05Fvsk1n4Zg7QCWE0DkiZAAAAAEAAABDMjU1W+x30vZEmVNOU1RQW+x30vZEmVNgMsuSoEFN3\/mAAgAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01109{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388060203207,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060203207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388060203207,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google.com","quic": {}}} +01130{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388060203207,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060203207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388060203207,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"dns.google.com","quic": {"quic_version":"Q043"}}} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060251652,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1592388060251652,"pkt":"AAAAAAAAAAoAtmi7CABFAAA6AABAADsR1dxId9kdM3gUygG7wFkAJsU\/COg8d72PiRX5AdVtByTcf3A7ZqGOSkABJDYBAAYA"} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1592388060203207,"flow_src_last_pkt_time":1592388060203207,"flow_dst_last_pkt_time":1592388060251652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":30,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":30,"midstream":0,"thread_ts_usec":1592388060251652,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":1380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1592388060251652} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q43.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":1380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1592388060251652} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766811 bytes -~~ total memory freed........: 7766811 bytes -~~ total allocations/frees...: 146373/146373 +~~ total memory allocated....: 11475430 bytes +~~ total memory freed........: 11475430 bytes +~~ total allocations/frees...: 216627/216627 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 554 chars ~~ json string max len.......: 2323 chars diff --git a/test/results/default/quic_q46.pcap.out b/test/results/default/quic_q46.pcap.out index e6ebca9d8..a15975c4d 100644 --- a/test/results/default/quic_q46.pcap.out +++ b/test/results/default/quic_q46.pcap.out @@ -1,14 +1,14 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1559632338055044} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1559632338055044} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559632338055044,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338055044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559632338055044,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338055044,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1559632338055044,"pkt":"AAAAAAAAAAAA4JDHCABFAAVic3hAAD8RmymsHSrsmRS3y5WUAbsFTk\/Qw1EwNDZQ6s\/m5wbfJy0AAAAEYNpYkp9oOdCGDvxYpAEEAAQAQ0hMTxoAAABQQUQAtgEAAFNOSQDFAQAAU1RLAP0BAABTTk8AMQIAAFZFUgA1AgAAQ0NTAEUCAABOT05DZQIAAEFFQURpAgAAVUFJRJQCAABTQ0lEpAIAAFRDSUSoAgAAUERNRKwCAABTTUhMsAIAAElDU0y0AgAATk9OUNQCAABQVUJT9AIAAE1JRFP4AgAAU0NMU\/wCAABLRVhTAAMAAFhMQ1QIAwAAQ1NDVAgDAABDT1BUDAMAAENDUlQcAwAASVJUVCADAABDRkNXJAMAAFNGQ1coAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tcGxheS5nb29nbGUuY29tTF5QaJRKaTNoSpJ2byVw\/n2jR\/SXiDAUaxRXCyDlaH13oYGRvmmLh5UfnwV+qkP8rBLql6P0cVhpCGDXJyou7qdg+dnByWJAkTSY+CUh8yfYOYMRdIFYIeO6ZKEQGzvhOWxsGdkkbQk0joNdUTA0NgHogWCSkhrofu2AhqIVgpFc9hnRMDAwMDAwMDAg1WpdFEihkws6cxoJh1cnEudv5EFFU0dDaHJvbWUvNzQuMC4zNzI5LjE1NyBBbmRyb2lkIDguMC4wOyBCTkQtTDIxqZ2LiTEPPlI5bOtRl2sWwwAAAABYNTA5AQAAAB4AAAA+5+ExAY9KZ43WAi5gboQGad\/XZY9NgsCyvAvlen24imYZuixux5QJ4+eD6hkpSGJfDn9+XBFyJ61rFG0t2MkrZAAAAAEAAABDMjU1M\/in8FpHdkpOU1RQM\/in8FpHdkpn+K3FgBXj\/3u4AAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559632338055044,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338055044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559632338055044,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","quic": {"user_agent":"Chrome\/74.0.3729.157 Android 8.0.0; BND-L21"}}} +01186{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559632338055044,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338055044,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559632338055044,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"play.google.com","quic": {"user_agent":"Chrome\/74.0.3729.157 Android 8.0.0; BND-L21","quic_version":"Q046"}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338083803,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1559632338083803,"pkt":"AAAAAAAAAAAA4JDHCABFAABAAABAADQRHsSZFLfLrB0q7AG7lZQALNrDw1EwNDYF6s\/m5wbfJy0AAAAFbGsm7eq1vsQbMX0cQAQkIAMA"} 02333{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338308554,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1559632338308554,"pkt":"AAAAAAAAAAAA4JDHCABFgAViAABAADURGCKZFLfLrB0q7AG7lZQFTiJnQAtQvT4L41LYkTDHbWnvY3Q7xNlk7lPAOJoU7qSEDNxr\/eXA5HdvGouKSa5JA+EfJXVcrF5I8JeTQOik+2bWgM1nMhrT0SQGJgoDC3vmiFQsGJJjkMZScnfQIf1wQxM8bMy1rX9IG5gNouAF2UDgTxNWxp8Z+kpanynzPm9Aewt1Q8YQSGSHVmFR2wS\/qJorTHWD8seoBDxiXr\/Jrzhp+T4G7aWy+PK4peW1lunM5ZwayH+2G6AF72mr+9NShIq31T+R\/i7G00e0d8lC08arFgrP7xbHltzNsevJw7TO7heoxYjLOdwd79cQPJBHGN6cAkZED6B76kDGTUdX1AYSpun6LhwRHlxgVuFQtfE7y\/DnLBUYzAcWntPYNYvGghUNITCLh8lnobrCJOOpgpG31oH5+kuwGIUSXbKA+01pRlfgd5gXolZKhK3pWOerj\/frjDS+2g8vClgYRT1+lV7rb2y\/Iik5yjyOhRlKWs5VLZ7VCWYVKqICcZsTvon\/NMVVMYb6HJJ32Yz2ORvo8ebpxTje4yqrxC+qapfY5RwYmEaDmI1L2w04UoqZ0dJ1NSSxDm6HXMu+ZshF6SujBNEG42mGdRf6IaSoNlxzMkSyrtk+YmufaVAWXNamgtbe+ZtSIpyI7W+63DDWITJezj4w9w00cUFEntoLNlOB+zElDxYScTOE3CpSs44g2fcVw+4rvMHfwuxPeTdHzp4MAsePKq+zngj\/90JBFE\/tDfTVYbaRpu5lmM3pDSvtX0fT5TvOH843VTAPlB2fm8MHtEMU7PIrg8lvLI5kYBqaI59yOALOtxEFcXeKMhTylktz05RjIrZg6ifgDckMo48nJYsJtSpscdyoK9zfGzj4NaovMFvwwWNIopaYds\/P+xBZkC90KYsz06jFDLqNdcZXDkHaPFJXZAxXx9set1Fg3lj6r\/AobA8N7sLKydAgxC\/rtEWCBX5wbSuX8kpFOJgGKfLdk0JYmC7zbnJyfyy+C6ukhZHN0cU81AFqszDmIIshOZAY4iWz5aWIzL1ctZtibQ5iLAcoUfb250TuivT+FGWq8x3DLfXpYTdXUgbMkK8lTQJuOYtFhD4fHRbg8qZIkwDODXwLSUcnqUn+Q2uzh8PtHzNYdam5Obh2M8GgLW8ukG2P6sOp8CokFzXYzFsiExtyxRsQxvskOlQmLevtIDnsShgWKCRO7UN+uhRGaYGLmSq2\/5t1JyMiF0cem8I\/nOK0mRwXY7N+ECcoaRDXyTKJR\/4pe4u8s4tPdTtCzoa7o8ItJAgr6FkTuYLEo2hwMyPm4hV38utdskBYyUhI6Vz27vbgYAi5nzlUMaKyr3bk72PVb2h6cE+5pbWp8t27oXh4ceZgCJ1CqxGsEI5zHMEsBX6U\/74OCgAAVZMzKh0lFrwDdkIuV+i7biu6I3DoZxr1X50m6VKkaA+qvAjpG+BPOMuRH3\/5\/vE6iwiiUVaV8HIEZpVud+gx9Rzu573VwQ87CJfVs7RmgLI88d6qzIEQAYp5JQrr2lJf1+r4xl60u3ZAa+E+ox2R3gSbE67e9uWolVz8QS9Ep2IK7cfXKJOfNxu70MQcIVFRson71WUtcVpILsaqgb9rATvfzoNmtskVITRoIpqD+mi2ZJvPx6FmM5uP7YQiAppyWykt6puGjRFKGSfbt2gGFGLSdxE20Jo0zgDKZvUFlb4u07xu5j8JVjk7HreBYMQixh6ugURELWsT7GFnQi1VQvh64jRAmDcuARkYMw2228CWbF39WsM9a4SaEoLaEPaqo3lcdKo0+Sgn7WsqvH1w"} 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338308554,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1559632338308554,"pkt":"AAAAAAAAAAAA4JDHCABFgAViAABAADURGCKZFLfLrB0q7AG7lZQFTrzqQArMTUQF+qfZl\/j6GDEC\/I+tHha\/dgY9YrBnIQRh7ycTzuKlQRveBbgIPaLRsi0ExNkrNV7kEMqhWFB8DVw3+iXp7Q0SPR4wk2prQv0Z9EAI0pujRDgT83qm1mSoLM4iQy0bz0Gm96wSsATMKmUKyFyFBnpTsLUf9Xvid5CkSvVYq5IyCOuKfH87rCz5QTkBH6YTC+QDCSrAGsbffYz9bMQO0R4i01YSA9\/I4aHEs98s23RNpdZor+Q4Oguj04Ui1Bg8f3CMHs0B1wKZWu7IF605ju+my8Ex28FSM3yemKCvdolaLftpnKyeHoId\/QpIb8iwutFlbt0BwhTCDewVFpV7BQBJRHSzzcqF3KHmxfGeJEz8HgPupbuU58vn9Kst3qPAnRfWPM9Y\/xuqQrVroUhIzD2KcGL44idNWqzV9MuP5s0aD\/0n00A8OknoaT1Z0nD6uS7MwoMEp3hjaZrYh1FVS6ZqzuhHdMfQUCymEejFbSmXbd58wxV444MjFUEdTCH9C5nplkg2PrEbadm\/t1\/rEMeg\/JOLjOqZeL3RVNZnVu+64GiTXTooYqjnh40z9xHOOmQOZyfle2iCVO8R\/ivXtUThQIVkJxvD+lByIAMuKs19fjh7OTQuW6brcmUpLLxNTED3sSOJ1MHHkPoWBfdRuMlOs0Ryz0ZCwxjKB2QykP3nGHn+U9cQJjEEK5qvkEMPYypV1+HtjqlPnl6iu5Sd3xNKaZ9FcaL83oG6RIF4zjJ6ihumZijejW+\/cRyoX2\/M6YpKMTtn1WRn9rhtQry3eVZPeQNVSd7XZL0VdvQ5vu1ggAQn5TQ5togK+G+4pXqF5jfiQ6DBFgLpBhWv\/UFK7aVWxuJrDA5S4u1lGTu45kd+19qZi53LcaXhMl0qJBJJF3oCyKeyoTTUDuHU27jmLWrpsAktKlqGf+4TuB3lSO\/EPFyrp8KLENcsfa5\/l+B8TZFRRUwAQv7YeB+SquPT+XySpsyvSWPmJ1OkgDGN40H8aBclc9K0qdDBg5M2dE8QYwGrrNKoCeKgtW9TnOyhkw6iCeSMxUnEz7I72YmaU3B4Qdh4i1suSJJS\/Is5YBD0LYW9RGca2psLfKVVQ3pVzCNm+8iuLUD\/+N5dsKBm97UDJJu9QZbvh\/17ADMdqmqjGV7a\/KL1diOzof+kNEM6D63PNaEqTcdTJU679aUQuDA36PwnjOfPQ326RaECpj7agr5AR7cT1hl7xR6U2rhzkl0Kz5J\/fIaAVikO2T1YDzpEa6ViQoL96Re5TbD3QjIjfR4Gp0AjyScTnvjlkaS0KPbZ3dZO0yuuI8K2w5rv+O9wTz\/j3JIVxILrgv+nrmo9uCpzcwBNXvDg5SBwN8NZxMqNH+W5G7d95IPrVS2zW\/4pG\/B+zxKwHjBFjH1xLbTp7hfN1GljHGDpVEQpGi4OAY8li971mNtDTBydQJmQ7gQlhjFgMlfgoeRtSHU+o01scTey2+WUdu3zYtDsTDdxFIAdmHZbOrHyzRES5q\/KmutL7eczEoW1LzE4ioLwIH\/g4j5+nlj4cThgEcmecZB7Bt1chmjIYfJVOi0zwKH0\/NJvwsPzAtyn1PIZKiwEc\/CbD40rT48BToIWSWBLXxWuohMPnE3FrkoivOd4Gpa\/0yzU1wMDSMH+mbgsZhX5zYEoGglp3CbY5FVv9cUPm5sCy1UpjiUb\/pbUisccf6scx\/oiXxAimL5KCP061NTFY85qjPvir2+lXCW2MH9mnIP3P3l0xfA0+tgQ+tN730D7+w1UgNyI6x8+Gr2OtccMTyA1EwS8"} 02343{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1559632338055044,"flow_dst_last_pkt_time":1559632338309852,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1559632338309852,"pkt":"AAAAAAAAAAAA4JDHCABFgAViAABAADURGCKZFLfLrB0q7AG7lZQFTqtnQA9VWeqlnKi1He4wQWN\/f+ykkZ7EUoh++i5eD6CZN\/2OK1LLvIohuBQ6+oAOvGiKMTrPyoMy+bwMieLisXdiafKDJvZCKRyShiIE\/VsZZA592sxRa9Vg2pXH9j8435JRlNe5zXJlpHaHeTbO9GlYTmUN5Wk8dNnRtW2hdo25fc+9lOQWYGT0CaE9IiOnSr9tN9PQJxGm59j3+FpjB7JoRFF6QQtD4qRdkxQH1ljvfZOy\/NU3nHfLfeZPZJ75hGZb662tqPtx7u6RVD6+HRQ9t50R+x\/XDILWM07srC2XJdOD+9vMXyQZnHhaNfwt9CRyUEeHYvvI4s5LjOc7Mbgwm5E+3uTUaD0FMzn7S4eDN2dyeOzJGAHwGJcE6SUAzonQ4OeQrZPgaBZWVNmyKGxjKy3RWR618ul+UgR1pwa4+LeuwPByRnCcul0lBFI2RjWbPy7B4tvwCuJTWDNvttFv+HTU8o\/OMC0jVE6E40A6vQJGKHkOZ\/eHxWUXlsEKRm\/GXeQyO2JrKq91+JEuAU0WTmWUvpcxBbRgUThFcVxvkjStKjqJe0MlTP\/cYQFieJP8LkoVTkSd03u3SwfS+3XPGs5NZVFfRewRdYH0d\/EQA+OQ4qOBcwSzVxJTvoR9+aJTgns05wAao6IGVc00ppeEKy8o9B2PPCf2Yn13wVW2uR78+\/Sd8uRXih\/0hbDCAxr1YMdwv+eWb6z6r2HUEfmZfbZ2vZFFXy1XdNELipxBnZhyKw5gtJlK\/prcdMl689I0X4UmwUKvuaZSDK2qVQjQZ+WfWe7Y3+IIr6FePlmnyWxuwGx2NAcUjClYlSywa3SNafQ\/QnCxF9jWX851VWrmEKNrzufxVm9BLlnyE7TOg37UYKSnU7MFav\/5Y7S9+nCiGS0pI2h6bn9B89LgkNcy2P7evWjIvP\/b3J9WMvri5HVWcmKN3UKigYQLEtEZLWZFHS8dH+em70WrNuoTlSgtkGX3l78KdOLj\/JZ3BCtl8IlL8uhYijP1M\/3r1gWclDoY\/N++VS2piiStR0CBqTIjR1lVS9uLqnX7ydFKTP\/QLVmlxN2DahOn1ecixBGSgvwTN0wTqnzQ99268818kw4dNrfToAOz5UDyCmvlGbewpbh\/O7rwGiMjYWFa1wJFnhRK+U3vWbsPAKjCIVK5nitFyipl+JsLSS8NuBlvP1GXpicNGf68c\/aKS\/iTLOLXEYWxAXBoVkP8VTohEv+v+JkOUIqzU9aUAeXRmxabFQdwgmz6HZ5Sh6Wz588d0Il5MNXCmccVrr9R16l+BtvO\/6JwNOBkS2faZ+uXBgIOKPPEK\/VmJ2tHOGRGhP66mnMcsK6ppNBWsqw\/4teJOjdZ6zNkHNjYpMl1HHg9179N7hNpmxK3JQeEhM3Nd\/bwFjudZZ3xeZKb+RO5+HTvf6lOws9qjq9GRVdht6E7qZyfdu66KCGUZ236sgXx8\/tXdOG1GjNaZBSWQdyO3j8e3Szniom7EbDIbswnp+K0bpq6I03LBzwL5bcxiJ9cX6D22d2UJSBciDgro3a5rhSqnCgE5jx3RU7FGktThztnkynC0jB81m1fhkQfPfxfNUt1a9Okezhxk0bMu0BS4AVkvJ3ROO7KASlsLkd0UTIs2KqAJtOyK9weTtncnzcRNQfszERX2cx3V06dKgFWnFbRhfkN0NHXkYDEtKOXl1Mg2fVxyB0vQzYU6LSlvw6Dagv6NwzYn1c6Ac7E1lV9ZzFBiTOFF0umqRJzygwakMmhdAHqB0FbthGufvfPpr\/4MvkTCdu10K0kPvF7x6j+"} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":15,"flow_first_seen":1559632338055044,"flow_src_last_pkt_time":1559632338367037,"flow_dst_last_pkt_time":1559632338349062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":1465,"flow_dst_tot_l4_payload_len":18936,"midstream":0,"thread_ts_usec":1559632338367037,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":20401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1559632338367037} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":20401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1559632338367037} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767377 bytes -~~ total memory freed........: 7767377 bytes -~~ total allocations/frees...: 146392/146392 +~~ total memory allocated....: 11475996 bytes +~~ total memory freed........: 11475996 bytes +~~ total allocations/frees...: 216646/216646 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 562 chars ~~ json string max len.......: 2350 chars diff --git a/test/results/default/quic_q46_b.pcap.out b/test/results/default/quic_q46_b.pcap.out index 616aecb2c..2801ba902 100644 --- a/test/results/default/quic_q46_b.pcap.out +++ b/test/results/default/quic_q46_b.pcap.out @@ -1,14 +1,14 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1561708873328442} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1561708873328442} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561708873328442,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873328442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561708873328442,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873328442,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1440,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1440,"pkt_l4_len":1358,"thread_ts_usec":1561708873328442,"pkt":"AAAAAAAAAAIAGNwmCABFAAViWnxAAD0R9xCsG0XYbueGI7HaAbsFTnXjw1EwNDZQ0aOrrPYcbNEAAAABZ49NM0tlJ\/QWOEX0oAEEAENITE8ZAAAAUEFEAOsBAABTTkkA\/QEAAFNUSwAzAgAAVkVSADcCAABDQ1MARwIAAE5PTkNnAgAAQUVBRGsCAABVQUlEmAIAAFNDSUSoAgAAVENJRKwCAABQRE1EsAIAAFNNSEy0AgAASUNTTLgCAABOT05Q2AIAAFBVQlP4AgAATUlEU\/wCAABTQ0xTAAMAAEtFWFMEAwAAWExDVAwDAABDU0NUDAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXVwbG9hZC55b3V0dWJlLmNvbXgDMRgyNKjZnbeNIexiej4o7qx+V929kxA9dDLsNr49+J4e7Bxt\/tr6btXxr2ajG15fa3Ruq1EwNDYB6IFgkpIa6H7tgIaiFYKRXRXJTjAwMDAwMDAw6FYYVlvjBaujP6e+o70a5ZenNg5BRVNHY29tLmdvb2dsZS5hbmRyb2lkLnlvdXR1YmUgQ3JvbmV0Lzc2LjAuMzgwOS4w1Y68K3sgywV7JQccxBohdQAAAABYNTA5AQAAAB4AAACrpFnJA5r+YO5RcQGpd1l4yFvK+8akrX8Ivr05rqkgauMBpMQ6cwQFDJS6sLs7Du5\/2eIOY7vG9b+CMCy0OZxEZAAAAAEAAABDMjU1jtxYjsj\/DkhJRldhQUtEM47cWI7I\/w5IZ\/itxYAV4\/+8OAwAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01173{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561708873328442,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873328442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561708873328442,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","quic": {"user_agent":"com.google.android.youtube Cronet\/76.0.3809.0"}}} +01195{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561708873328442,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873328442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561708873328442,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","quic": {"user_agent":"com.google.android.youtube Cronet\/76.0.3809.0","quic_version":"Q046"}}} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873357490,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":44,"thread_ts_usec":1561708873357490,"pkt":"AAAAAAAAAAIAGNwmCABFAABAAABAADgRW69u54YjrBtF2AG7sdoALCZ3w1EwNDYF0aOrrPYcbNEAAAABKUO4TMFStZdbdRt4QAEkVwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02414{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873447906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1440,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1440,"pkt_l4_len":1358,"thread_ts_usec":1561708873447906,"pkt":"AAAAAAAAAAIAGNwmCABFAAViAABAADgRVo1u54YjrBtF2AG7sdoFTr6M01EwNDYF0aOrrPYcbNEAAAAC\/8YjGS48qVhChWSun\/F\/0tw83QKJDLWjBYJA09IzRzwLQnCpg9NyEHpzaflUNehkOBavOBhu3YQm9xnHynBS8TFlxf6b7SbJ212GvxrQorob1FGVAX8oQ4qlKdNcH9KmGH8FQqiWXAUdP4wIv8bxJlPu0eWjvrQVEV4+WIaZItIH+aOUaSN9\/ilrA9RvBf\/Eg0uWYctKOmpFEGA9LEKr3HlpKp21MHHYkSpIqfP4A7ajmPfUk0qEmleXgrgJc3ZuVwkOUh+lp\/0eDnUOVGnw0Bef\/nRJzAy9BZYUOHKfKJigrc1SrncXcXGesF5G8MJfo5lQQeKDSwoFevbeXZPRaK1FV8AI13mn1U7+k+RqYwMfqTzjcryU\/s5BA04mts+Ch050+b0vPi6EOfeOA1CLxv\/tk6KsNDiigEk01rPLNm\/hEnaVJMANIzUHvUP4jg3PU04wvG3u8GEaxXwy79Kn6368OsQ8hdAqoLyQpQyhi1ABBqvxZWZGsUTcum\/BfVuIRpmo5YvcWIiYFY\/Q6OXLR9R2vVMjhnQvgbZY+rzI0fcZRdscepkhRGzz77vGIKYhgUxMxPqTprvkoXFsDJnTqnp4n2GwWBLIb0OyfRf\/7VRBKuLzhYfdO+kGKah6INzDv1vEkf39Q6kBHznQt9lH735l+OscDivp0nZu4MdQyN7vfOJNp9+jgtg8n2ANvCzvvW+7oAPTELH+3+cxxBeh66ejadW2+\/yfNqGNsYWunD\/XCKd4D2V+lhoYnV56+qwSLgUXXWB2mY\/jm0ycFhQ\/Q6nqSn\/I2aBJISRolyEFPYh65rNrttlVuSy4cI8laG8Su6VBG5Uuo4K9zFSe74fhMvn\/3xxSa9X04Mry4juPeEmANXZBAppqqM0xlJabIn2HLD847OZiYuNRgulowJTRYa0BeXeFFYwg5asYjFOcmIPelC6rywwM4C200+37pJCuqYhl7VRwKcsiCZz5pFD6vxpCnxBkjn70ZSRCzczW97N+mAXR4TjhOAdfEQuhrY7Y+WOOlG0I5lw5fpu2\/+2zMe3NZEICyLuE+yMXBwxKksv83s\/2DTmSfmADa1Lt+OXCdJZp8e\/fI5MOWyzXREHAWA0p1Xxf0JQBAFaDVmD71NXRa\/e3YP6nmQf+KzlbGl8euL1ZMv9cv4hs6puTZquoiq4UkwuYeq+A+wUrbkmifgCFGTsiIuVdxZoBfG7mmTcuzlAoj7eSy93FWGxAPnzH+xvdqwSDn+7M9vnHHpWIC+VzveE\/CCes4f3ceohr7y5Dn4lOtoe0vJsPwQpFPf9WtVwM8s2MSRZtgUxdYy5XHczX5uN1c9SlpRqooXhpp0yi4N2DxMNkDHytOhz\/qgou3wcDLhbNb1ToJSHgg+yYI1HFM5GCUBgIcEFdWUnHIoDy\/X\/\/efj02fBjznW3x\/I9rMer6Tvkfo0yrJwxvKS3Vqlk4oY2riLgvgmR0l5D63Voz6cwqCDFk4DSzDUTn584mcKd5zBHU9ozz0R3Cik1cL2iA9pnd7oEAwphcmb3YbMTagxytlPSkDBIcz0Kd4BlZBLPTo1k6ef5SlDhP6oHZInjU+ubb+1fUF0evxg8wgtXW0cZjOTqIqNyOZPsUhY\/78wYZIpgpZZEa60kxvwRBUQ6WZuEEAWO4u8bU4NqJQII0XYAAfp5H0\/BDB\/p+vVgnc1k2DvUWm66+G5dwcauNbi4ru1irvoLehKJx5aMF+fJOZNqPIwy+\/4iFLOkcGGA36sQMRqTOLRYNzYbHYC8YZ\/SOqMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1561708873328442,"flow_dst_last_pkt_time":1561708873447906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":121,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":121,"pkt_l4_len":39,"thread_ts_usec":1561708873447906,"pkt":"AAAAAAAAAAIAGNwmCABFAAA7AABAADgRW7Ru54YjrBtF2AG7sdoAJ2svQANZ0BQdTteTPGKYB0T\/Suu7ddNWywm\/bYiMAK8NlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1561708873542922,"flow_dst_last_pkt_time":1561708873447906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":137,"pkt_l4_len":55,"thread_ts_usec":1561708873542922,"pkt":"AAAAAAAAAAIAGNwmCABFAABLWn1AAD0R\/CasG0XYbueGI7HaAbsAN3hoQNGjq6z2HGzRAkZgauR6jC2QY2hinAIQJlFz8Em5XwagPo8YW85xltrq2ilzWOQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":14,"flow_first_seen":1561708873328442,"flow_src_last_pkt_time":1561708874187856,"flow_dst_last_pkt_time":1561708876422246,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2376,"flow_dst_tot_l4_payload_len":2844,"midstream":0,"thread_ts_usec":1561708876422246,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":5220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1561708876422246} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q46_b.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":5220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1561708876422246} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767379 bytes -~~ total memory freed........: 7767379 bytes -~~ total allocations/frees...: 146392/146392 +~~ total memory allocated....: 11475998 bytes +~~ total memory freed........: 11475998 bytes +~~ total allocations/frees...: 216646/216646 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 571 chars ~~ json string max len.......: 2419 chars diff --git a/test/results/default/quic_q50.pcap.out b/test/results/default/quic_q50.pcap.out index 21bedf148..82563aab7 100644 --- a/test/results/default/quic_q50.pcap.out +++ b/test/results/default/quic_q50.pcap.out @@ -1,14 +1,14 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388088469619} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1592388088469619} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388088469619,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088469619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388088469619,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02337{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088469619,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1592388088469619,"pkt":"AAAAAAAAAAUAeJuECABFAAVi6fZAAD8RV+v4kIGTuJfB7ZkjAbsFTkJ3y1EwNTAI30oInk7\/XnoAAEU0Sh+G6jJaQ+WVeKqfVhwekyVcdAg3VVt4yXAoIvukSElad3ZdF7cP3aK8QwnOEdppZZL4NlS1J14QMkJkSKLH7KTs\/J1g5Qy7Td2oJivMgU4heBjsrEKX+Kl+zumCGj7r3rx\/PiGGoerDCuUYVs8\/3DPxrp05vPpL4oM6Ym20RL14LkdkclpZEotPzAVfKrp+bORIrEsOakCOFcnmRLxpaPe+skuFxQ7e+No86i++ZXUpHINRIOrrAKO6MnqhHg136TH30JRy5V1vvrx9mRvozkvzR4RrmmOWFYy9MHcYvR9ozsenVMRZ7mYRkPWmCIPXpnhEE4otBm+PYFJSnVZnoQYn2HvDgKZX+IG0tDtVasnvuIWtUyehZMOA3Auz2JN+nSjxfDEV9Q5eGeh8ZL7tXInICXQpmTBohUGs0nyUi\/EfxDhlCRPETyBYxPytgznwCOTRnGV6yUDNYNW6V2twpvbbFw15F57Y24i98N43glYYJUVqHmVwrosseQvdWLtOLEXpAKvwYCJ3nJpSVOyBYXd8okAO08VeVbydpen0iUOESN83ACwm402annjMIqbJEkKbZr1E\/bWLUE9ayryc3t4SI0rfAV3P7Bzoh+ePS0lFG2mEbR3Stl4jejVA5bbBNdQAl2XVCvlfkMcgN6wNzkaUtoY\/V5wJqcqWfzxU\/7CxIyuqjs2t5GkAirbR6GD1vSMG8A49cBdJIe0YUwOEL94vJZZ6kgFxLSzbkqIb\/JGeunCp3ImPtw51lpSKmOzgu+aiRAw0072bcZedmowvyNmMZ6ZwF9G2\/T1BzTiaxUQiuwph0MpDNq0KE8ZLx7252+rHJYkpatjHePpFvOb3XaUfP7KqMGQXysXzDurgMN+iUJmRB27gfV7BceLcaKv4JsOEla7D\/ujhuQ0U6YFyo2O4mZUs06yMlW36Jh9WkejggHA6SE58C6aM0tZVAq4PzUVmlUFs52p22qgRq5vex74TEu58hdkCQjr1pQ94XFmXqgk+AVK0nXtqdM4JYhPeaV0edHucrnphtrDalQIUwHX7zoFqP\/AzYEoeCztqDi\/kawodxc4PmEb6NM25k\/CXUeCX4uUwv5+p46bN3O1M+xvlb2rRRFG9UZ157Oh+jebOu+0rTdiK67yyDJDMe2VTvGsXi+\/G2gN2zIWwGydc\/InHPRNNQKfHhC2jggd6wv4d71pPOaI+XNe1l7JNMzHwfbkZBDlCbcSj+rryXRGPQIhCscDZiFFGrGBnyyH57ea6sGM\/d37gVVa+ukJTnovNq\/9LafSrWBaF2RrNYGE+TcplNYI0Sq5eb9DrfHpoz4HPjO4w6uwZIeHQjlw00+daMYbUpNYvzBru4JYoG4+FnfLnaJ2RX6rVgfBQIqnPe+8ho+oVfDUJnsA6e5JTlC5uDUaaRcrC0+Ji\/wYvhpr9KixWcINr\/Q6IJf8RuaNMWGUoYQRmSfJSGr9d2O1TlO6mLpi0PyY9rao+oramJEZVMS9CvaFzYMM4ekODEtI9lvm8GVMwUuwhbqucZBCNIlAueuvDA9mFax9H3Da0FnXF80HbkF0G0pCqtWSLbDFAFtV9SICp3zwHTJ2IckUyzfK6paD68rLKFhUUBI7WeX4+s0d4Jr10hLHheThooXnr5xOHtBeSEaQFC9zlGwwIuoXzDqApq3BbVKodu6HoOITstmadm3\/MIc7\/KuaqI9NjMgaFSVmEVWOH4WbQci9HsoHbnpJWe8KeP3p1LSqGOSM6yXozbpkk0hMRvAJ\/Gnzq8KxN6H6U"} -01184{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388088469619,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088469619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388088469619,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","quic": {"user_agent":"Chrome\/83.0.4103.101 Android 8.0.0; LDN-L21"}}} +01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1592388088469619,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088469619,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1592388088469619,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","quic": {"user_agent":"Chrome\/83.0.4103.101 Android 8.0.0; LDN-L21","quic_version":"Q050"}}} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088511729,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1592388088511729,"pkt":"AAAAAAAAABAAH2tiCABFAABGAABAADgRTf64l8Ht+JCBkwG7mSMAMgZJwVEwNTAACN9KCJ5O\/156AEAYUqG2lTe2LeIe+Cm8S2sDMjR\/1C7uy5\/p"} 02341{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088591640,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1592388088591640,"pkt":"AAAAAAAAABAAH2tiCABFAAViAABAADgRSOK4l8Ht+JCBkwG7mSMFTuaIwlEwNTAACN9KCJ5O\/156AEU0EsFIWbfyiDTriLZoVpXe8mBihbaaK+GuQgLUM2k18a9drw\/KbHYn2D+KnhueaQuI4b5RnobWiDslIfKd8Mirh6o2aIs9a9qw7cUa8PBv7bzqEIAEQzk13O3\/Bmcqazsp\/+kXQrRut7wvxnShl1xW4sNpOBXqxvlB\/nqN8wg\/PWpL9O\/FPVIgCehFv30qEPc3PeeKKCKLfVTqnxPixlqgAYeET9TKamxZDJ72\/UQ6NmlBJ28\/YXsjTDsXud+7gYqA\/RkmlBMjxYZbTaJJhQMqHb0o8hdYWan65TAd6PfEjGBDGWn2GDNSSzDYoVEizxOqWERff9oCjTo1xFO9yhHRjaWZgSFmltr5w5\/Hr6eKjmrddpc4Z+wxKpPufinLcs1Intywm6Clf6ukiL4ZIaBU1Zh4teRYOLqycNHKR892rQ3DuuxVXnpFwyl0zeIkME4yZSYiRCwgQLAMZ5FSfPbweT6hIb84RvwHrX1jO2SDi8RMi1Aevd6oV+JrNOluFTTAKRyLOen4BBBYTSn14h5EAGO0Yjv6iLbKRjvUAlFcrcWVM6\/JgP5X8XCg0n0XzSdc4uh5LhvkR\/h7IvFVZq89RpXeIhO2gstbOOib2aW\/JqKDzWo1j1Ph5gagHkB6L9a5Hjd8OSrqenRM\/Y9mJweUVKkHNmEigtNsMArIaCyxyspF5no9KUYo2Kbty26OhRt50wzulToOyP4NcHmZfEkQflkdukX3pqNAt7MXd3wyob825\/JiVxf+3hjyosU4MNO3H0eUpL9ozj7HdUKWylpVr+NEYpL6oqxrmoewXJqd9\/7HqfpRoNonB9ea0mdvP5YegQRlI+fyAKUMnIwTWXpzfIN2RNvsJqvBECokakuvOOGofWVmnplR5MVVywVaMLE82YUsCGwIntd0a+EJxQgL7mKQ6dtgeQsn1wbHWS02ZvPuWP8OYrCE67jL2v1bL6\/2h+1XCxsQAztrS+QayoAW0KvlpCNW9ac0DTJNHWRO2pghx+tJZNveH28v6DEDiBrmIsxaWJtQIYwcHaS\/T1k9TL2LCukku0Taxl6+Feh7bikCsuVDfdGwZ2pRT01H4nEVENqSGeosdtxGfJ5JRhSV8U5ag1spdFlq0h3UcT8UYP6G3yr+GnTpv73QkQAN+x4OlLFujbI1BhryJRxg9c7xx4qXcEgWlOzLD1VUeIdTUw\/9wkqyS1DOLPWvJnyAWGAWLaLCSlJLekJUN7pBX8rjCfjU7xo6oWXvXMJVSzQZFernDGNc1++8ggV6oievhZKX7xQRNWnCNZClyhkVOAkRHz4B3Pu3La7QFMMFFm3BSS2brzbRyt2jJlkAxNS9aG4l00\/e6zrsSU1aVXhBuBimpONptOjBqK0HbHQLakoucHQiK+bYxbUBefBnGFTfqhmwHZxdyKtPzhH3xEm3CA5vgkPLpEOwlHEjoUbCvszlSBn0Wji8fHC4RVgQwIFqC5GXdKL2QfiRV\/OvVRBkGEKL67PAQH2qyWcGdC4moBOq1ncmuB4DIPvYwpdxlKDGChU2pNuD6lgg74F4ueOWbMcxGtj9TFP7rZPwDq2LKcVUPI30oOBmdOZPG\/tCzNe3afxNrp9eBk\/djyjs8g0B3CLoc0Rdn7ZnCf84F4GyVSI33v4zkOEKnbfwYmbCwm+M0HtlcdG9KI8P8CfdRpGL7i2rguXb1EIkg\/EYpYXxNoWqt46R76SStqYAB32M+Hm2ZBhlK23TOEoqV6bZc6sFLkDbytR7T7rgeeKXoBeF+Tvf8o\/ifp\/T"} 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1592388088469619,"flow_dst_last_pkt_time":1592388088591706,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1592388088591706,"pkt":"AAAAAAAAABAAH2tiCABFAAViAABAADgRSOK4l8Ht+JCBkwG7mSMFTuYYx1EwNTAACN9KCJ5O\/156AEU0Os6NcND6sMIhR6wlQxJqDPKTFInXtiCVq7Oak\/Y82V0XywIxz2Whx8Wb2xUiZNk47rWK6oUgAo94MwN6KceEvFuaQASNHR6dakuMekdgMvKyWSoy7n6Kx6gcRhAvSIyiyivq7Xt5HstbWGNobzw5kW16it7xCvkjNeguznt0iKfYhVjHujng\/mIn7KT3rF0NdWtPKuRStas2FlOjD1KkMS9uq7qrUmpT72kEMNvQdgQQWc1+qu\/V9YVOZimYCxvO7Wt6gPNNMXe28X0qUb\/R88QoC9tLiwD8VmQcCZWnnwHftQT6t9mj6SOPLTxi3J6Qy\/azKCA+3g0XWUroXTAyqyxvYOnCkadn3eydA79hvFfw7hRWoftcfjYhFjSSDB+LG0NyE\/I5iYus6u9DedOhynlL8vB6tzr\/+1AR1X132TBRWmEZsyQ8fcEc631CffhAaA5uGUHlkoJHYaU3kWEHVpwR760NENnHg1MfTZ7ZUhVfph1lE1r5XNITcJrjlJRyZJBxNU\/IEEI8MujV265G21AcaVMc6szhK1Wx874zM+OeIwciAaHgXMYrNj7WthHd5PBtM8MF8SaNdoGYpcgsddH0GoZ\/3tq+2Q8GGxuJpOzfa7XVC9vJio2Lw3JZIvYv\/iXFhHxbjvAG6XePfv91jtV\/kZc0hXFCusoaLXfFJihI7q2H2FISpAQQjo5VEWT5vu3FajoiER6SQe23SIsEmgwipJFln\/ukd3HPHxZ1ul5RU9Is\/C1aceCEldcNKaN4VeYKoTWyjCpZFVZ64+HAtBk3D0GgUGD7T+h8BXpTq2yhqs7mM8jmOatp0xZo74R30wT0FPlVt2\/yhC68rDIjWIKyB36XIie2e3N1Xg+Rh14NvxElS3hevnImODZ6pAtqV3lpijp9PYtcTNZZa3GHwCxtjyxLKyjBt2PmeukOn3Z+1TzG6lAu72OuSA8F7Ipdp5l6SSFMGx5IdZ\/MoWGwImeADjm\/clLuj9hTf5G\/5R\/ywjTXtJUbbj9aynNQOMVZaJZ910woNruWRoBiqi0nI12HJIY2+WrYcjbAxySUwBouZ1gItm05egY4c98BytQ8TgT4l751mRafsIpIXzjdSoVg+yujlBxrLT0Pf3rdxZkIsfCnfW9j5TP3lqyw5u++O+cs7pDfPEEZ+ic1O+bSI\/Hy9wEZWf8jFhxDN7sOlIyYbXUleuvu8g4bpmRks4Jeg6SP67NjLTg\/Y8HwIsuf7EmrJVcQwMp6TCzthaROgfcAF5zF0F82CE71TICU5u9o1CBjiGKKuZtbbkV9Yue1RZbgp6ebsRkTBGsOnDf4SAZ3Ky6SdFm2TnUzcSdQ27ckpzIRvE6KaAPHZ\/Yf7varSH7\/v0fO8TvowM7\/1UwrIVHhejk0hlCXN1oRocyWJ1els7XFynG53RKgHQgTt0jEpWtqMOF1vfKXQy9Ta+FJvvGTrPQNW+\/28FJOSPCxZCqAvZM+8lJkqCZdh6lCet5KlK5IGz\/iR9WRBe\/96dCxsyck4A4u7INRs4Pr19tq0wHFmvgwhgJwYWr+DSNR573UiQZLAabtKJydHVcpmdxUE4aA4j2mtuMf3nWgmVwYD8Rc1oJthfCKlIBu0GXZYIyFxH63RL2xGpT1ye8Y32QC\/SymMtquCU6WSC58R+5BrLSghz9Iilf0uRYrSAy4nfJy8rwI10f9qZGmFH89aOtamU8Q+MnheA2OG\/dOcdAp9q81plhWrkT1601cQ7LPkz37vAFF6jkUbyboxo\/Fktak\/07yc8Vi"} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1592388088618604,"flow_dst_last_pkt_time":1592388088591706,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_usec":1592388088618604,"pkt":"AAAAAAAAAAUAeJuECABFAABG6fdAAD8RXQb4kIGTuJfB7ZkjAbsAMoiixFEwNTAI30oInk7\/XnoAAEAYRBPMrp71zr2EFj5wmqAqmjc3agH4W02K"} 01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":14,"flow_first_seen":1592388088469619,"flow_src_last_pkt_time":1592388088898970,"flow_dst_last_pkt_time":1592388088935970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3327,"flow_dst_tot_l4_payload_len":16267,"midstream":0,"thread_ts_usec":1592388088935970,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":19594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1592388088935970} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/quic_q50.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":19594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1592388088935970} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777694 bytes -~~ total memory freed........: 7777694 bytes -~~ total allocations/frees...: 146411/146411 +~~ total memory allocated....: 11486313 bytes +~~ total memory freed........: 11486313 bytes +~~ total allocations/frees...: 216665/216665 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 569 chars ~~ json string max len.......: 2350 chars diff --git a/test/results/default/quic_t50.pcap.out b/test/results/default/quic_t50.pcap.out index ebf1da932..0b8a070e6 100644 --- a/test/results/default/quic_t50.pcap.out +++ b/test/results/default/quic_t50.pcap.out @@ -1,14 +1,14 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1598618820564956} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1598618820564956} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598618820564956,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820564956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598618820564956,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02342{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820564956,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598618820564956,"pkt":"AAAAAAAAAAQAMt+PCABFAAViUWNAAH8RmQMomn\/IpvC80cKsAbsFTtXAxVQwNTAIVV8y018p2GMAAEU0sFS4EDNRQxtqte6TPI+YvWd+9vuUhbcTQ2HBn9gQQ44SheCG4iJpKGLD8uMQU9W2hflEcgLE5fOUXsKA3b4MY34rhhWyrjNYzozZ6RzNmC3+PSlNh1B9BkCmgwrPckh0gBVa\/FiA4QpDKG9FfMxAAMJa6frV7fG1bb\/7HJhI3yISKMBJBm82DF0OyCTOye8nQRPUiVu4WsjVf6TJP0\/YCQn\/ynhi7Ht\/RBa3IPlCUHvLu303v9QUCibeTQUAguISRnIMNJe1C11ibh+BPlrVWXB5I4w7PGgaDw6mvx7JTybAMrs\/zdPmdFbLzWLaLw6FF+1T6Nf5pXJ9+kE9uEXZ6FzdZDD3MbdQ7S7fF3Xsf3z9uQukVNaW\/VEZbNqdIcOzSZA1HMEos1dDC\/4ViVIfMlO84vWzhZLxq5UvTT6qapu5oFarxgYku3nnVTzVM6SRRUR15vAoGmL3hQ542vEoyxzgRnslUtNtYNF9zlTPnOomXF1\/xSoJJI3VGlXy1gOwEOp28n6wdjsWOzKyE8z1XmBGehbXOUESC8A5oRtpkqOzQJ3g5+dnZdSYCvXi2BLHGA+OVhHokC0D92CqxGKl340PEFDaTPqzeKg+DdhCKEuu94iUqJwa\/EQr0++J\/bZoJuya3A6PiiCAsAWEfWiGB4RZfM+JuqUNIdd0StL9dWeEo7kVq9MAq9yKOBhBD0Nw0u3O6ttMqxfEm25kPEexKv+eLXlFhK9pi814az\/wL0\/CoLWlaMBTnRRk8oxhNZZKjX5cREBszdn5VN++4tz2T7E2jOZOFaOODo\/Wvb7BjuenE7CpgjdjsnLE4Tn\/b4Q53nG\/TvK7\/82EKBXRq\/c5PKnM+b1ENV06F0Dt6cGZ80l0g1EXbz82dUS02CP8vLgamNhFvRmwk0Fytrw6YCdOz2pD+8LecT3ig9EfNeixeZRd4tX0VxcyI5WVzzONGrmWIw1RUeauVQKVXpwzPZA8CukmFuSLsJh+\/5N5AhFjT6YZ08Cfg8mb95WTaUR4Gcz21+e\/jxcv3N2Ucmp36VwT1\/tIEgMyHmC7IWqDmGHm0zoua0BH1NJEIxpCFxOkgrdVfA\/bFJKqQIiWn39D6QQCV9IfFHR0w3Ji8IRmUv2cmzofCCCDXIb7a1RfNYDUaRs4NsKQeKcoYbyoDk1GAb6it6FoAhucYrDmI18nx\/aim5gBIWa2dZw8lcSNFxgWB30MqUt4DZOv8SxNPiLUt+4S7VsKdmL3e9VzPcuMiIPdcykCdDjJcCNMkqrWApVw+k3MVLOUeIU51nBJ5vetMjeccL3kies1jAjqR3odF77JuN1k7xA13AyJHglJBfA9SrQAab1XP78SnPFaTVPIBb4lI+7BBbWiXiUIWbr7QDQ2M+jaZ9aeFPMMv4QQg7YuadL5n0vNmHJxgYLgQVYZUg3g+jMQJiu4KLUJuhihq+lqjYmXeKGtNpGoS9t+klWnsjGnRn75HVlDegNERH7rMuzV5M2eSrUWRcByRHbj5kRkoY6s9x4THwi9YKFtPRSzpfXx6U8\/obpT4A56m9Dtlf0uhD38f9WkHLmiBpPtKg3V58sjjLsP3l91gyKwHDq9OPXkHBllrkj\/HjirESjdb1Tretiw6j18gO7a6gj9juTcUBG0eptAXXuJv2ZyrvtGzBo7DRc8B9KbYOIeUQf7UeOsamqbXhc1aNUt5qklsGe6OvEqu\/YEHpLYtQZ9LUddfbvcwZ\/RUIOT2ImtvT6yXQ32en9NmMy+OFHh52IUE4c2meqx38en"} -01379{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598618820564956,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820564956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598618820564956,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com","quic": {"user_agent":"Chrome\/85.0.4183.83 Windows NT 6.1; Win64; x64","tls": {"version":"TLSv1.3","ja3":"a2fc589336b7c13b674c1bab24655ce7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-T050","tls_supported_versions":"TLSv1.3"}}}} +01401{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598618820564956,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820564956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598618820564956,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com","quic": {"user_agent":"Chrome\/85.0.4183.83 Windows NT 6.1; Win64; x64","quic_version":"T050","tls": {"version":"TLSv1.3","ja3":"a2fc589336b7c13b674c1bab24655ce7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-T050","tls_supported_versions":"TLSv1.3"}}}} 02350{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820569890,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598618820569890,"pkt":"AAAAAAAAAAEA4e3RCABFAAViAABAADURNGem8LzRKJp\/yAG7wqwFTn46zVQwNTAACFVfMtNfKdhjAEU02pBfi6Ak9u575XrmlbdyG1ag5OIwl7285v3Nxnsw8Lwoy4F9DNlx3pltRvpYv7yRLUAj2EQdI1b8uEmcdP9Lk6QJsvFQO42M\/PbvgSv5aSBR7ADIvkagSIwjp53htGhz\/zYlUUs1e4BKFzWrzHxpBrn3tRk9tC4MHf9tUO5P3B2MeVI3O66nSXCHk1RyPj9cinn3ZjxKtRBXyqmW3s3M2KBsk8zV1XjY13hb0PYC7j36RkDDGj0hoPOlaMR3xRkchF5ijLsbftoS8ZgSl8iT+6IMAemfyOo2vM1AInYx5h0uJCKtYT1HD9yjV1obFkm9JNNq\/Q3d32M9ltbArc4UQulBjQL30PaOFeS6\/NH6OpYAFWIaQylZhMpolrLLQtDKkYaJQK7fW\/adRXsSKcvSfS7LMOOa1iFP74PK9pOe2d+Kge3D10pHw5xvRBL5wIChQyBfmTPUKrK4rHXy82eTRRhTBKuJrbMv9T7XFHN5+H3chAvLWlrpV658DsehpWG\/heFld+bt39EMFPxrvugSLVNfbLvCnkIUyoImjdqvVj6Rx4k6hbJcFfYuU3ax\/j1wXJ1Aar7aVQydz+BiB9Fxk+eH\/qMFSF3ir3mKdIaHP3IUZOdgUkuG2UC5wWlc3438o4bvtGZ3nwifkZhkqJ0KdMIpJExGa\/AQl+d8cNAdSXLXM+DYjJis3nf2FGSiavtkGQ5gse3JeXrzKJFFtk6jcssK9h2Puqhq4IBMocJAfXnRMW\/OZ1jK+viEJjEu86fhopk0fDPB9DnWqNLuhKZbRPvi0CVdVKcq0vHFC\/pj2+NAI0Ops+2nN5yMrR4A6l\/8BcNYUJAtdstA\/Mmp+wdC\/G0p788zz8X\/NLPDa5WBeMhDBZktdXbl9oAq8mg52ggTdaTmm2jXqGKfzHqW5MClayMT0zXTwUHpjyayemAociOoR3pCM\/XoR3ULfnBs5UXukbBcD\/hcJKZpQZl3FeAMsaWvdZIbB62LlhdQiQ9E00tTktJnwHVhmpIGEmHx79qHujB4QnvSRf7rGMoi+J2+2yEf+pyZjFhJ7Vn0wek\/6YlXTjpXTJrPxdQiAfgtbMdrh0tGyM1aWelixaAL3fMRVQAbarGMmZNeVHObrG\/XRHUKe9QBmB0f2ucnxL\/Q5nZRz7iz\/WLt+LDVk7cJtCKxbiwTn6eNjrz\/eeO\/RDUWtAmn\/N2MrSP3BX63IBecgggeajGeDQeu0h0gzpQwmmr1W\/rYunSoqFFX5ouz8a\/O56eupxDBH4dlgKCLpB\/uNcGBsZbZn7D0MSdEq9sU+3rGh6ZCpDREqoFoM\/ePe6ZBwYyN5DfQ5S5xtM5Kx9nzgR0ma7na5nF+l+ByRUVDDcg+R6gDDtX7u7VAfvqTRqMCFrcyF0SqjD73Dx+5jJbDcuF3krsh5cUsmC3ty8BDoVGSf11axnldbf8\/lHSYOw4ulZJKq\/sTz5UxTVW5laCNJjqlY7Z8a7ZX\/gPYZni6DK3sKH\/pwfLD+eJvhi5gUZcI6y+TKOWHX3m7F7jI+o6kmuivTUhAHO0tp8eeKahEg274V6OXbr5gKp+A0ojgsX7ZyT\/qEOZyQW+ZVLpcoLdNi4viDD0P3Ti\/0+eMAJFCD83SXHZE7s3ktIEr1gJA+f8pz2foQ3UUo5VMFxosbOpW130fJlD\/iAqO7lnIbBAljSuAijWA4Tsc5zdOymoeY9QwWVkg13iiuc7J90lC+Sy8otpTVHsB262zMGncSESaXB5zznflxo7CBcJpN5BfwnB6hHSOc+uG"} 02346{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820678251,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598618820678251,"pkt":"AAAAAAAAAAEA4e3RCABFAAViAABAADURNGem8LzRKJp\/yAG7wqwFTgvc71QwNTAACFVfMtNfKdhjRTVAGOq\/R1tSJ490cCgCIJtMuLgnF7hKWcwUWGCG1yeUQra8M2IbabEbv3t9rDs1mKoSxG0o1SwNZg+TYNjx60XPnxlQjdaPemBfWHhyIShS\/FwerrScOvQMg46Oklvwr2FyLIMnAlNL\/mWc7+8747IMQbAPr5vlwnAdmo2qfZtYMtdIW1xhXCBxR7JJFwiBMgxW++zHicn7moaT8\/+bDZ+HzEepJeBYrSVteiS0BK0n6cCyVowGk\/PbfkfkASgXD5BG61Cd+nr8Af7qfQdcKurj0yyrH5h1viElvy4SUonTnuNRTXgRmkWFI5Dx655anVNEDyyIA+LInCwiGE39JR+co6yzHCype7nL72Nq+jikfQUPfI883b5MrQ9rngGiZ8\/Xj8lYP\/QZ3\/ogby7k8+EqRcwwLdrKtF5JCPQHA47uMBlHe04rS8i00HZ6nSli4gEiz6jamp06cf0n39bZgvUQjAKf0ERdv971hRGdG0miD7H3QBKDkYd3jMMaCW0xLn2JbaBK1oc8XsPcVUeGlwQmCRwBHHJ8Zi5U2cVPlHrY4uUezGQwo3VZ3r5q95rt435Cj51jZ28FqxsNIE11PMXbcj4IXggGlyQVSDdlQV8ySpernoTOLJ7ESEF3t54ex\/kmX4c4cMPX9ddsiAY5den0AJP0\/NiKWL3LrUSrEOm8wr\/TSwK8v7YyoUXFr0q9WzgNo3XQrwUtAlQBmFb24DGYwbS+3XNGulanTnYpBrsb5c1rh0p91mAhQ\/rpURoxrNHqQru2XnDOVB85T41pLYZBM1fI2jpefgEQe9S28IEB\/1eLwrRuiU\/FIh6zJnowpUGRMkPEcli\/a9qk4i1KUhncByKhdd\/9ipm3FA0L0wwJh9k7FyhUMixNB17ijKhZ9gdil7oXiNMdx124Nmzbbk5lrjKivTcJ9RPINOAPRUQFR1RdL0N6Kq0CLXSzCDdZdLrY9En+mVKeYQj0xo\/jR18exhwt\/eRGfcgKxU3vj0n7pPV2efcnGnYI\/qnwevG1XcNdzUDvV4mVcXNvYEPxKSNdhD7Gpk6sGnaPSQTI2HNf0HmdlyCkLZSrpVeHOY4fveiP4Adr8M05Zxd0p3+8DcvQwP4QYKb2558+ox1mWrMBcDoH8rfM8Obyh3XuvPIl+jImNEF6BP6N3059LnOdatU9xWrsdLNJEgvG9u60Lk7nUNGZtXy46J65s6wF0c50NT+RmqoC2LZher4uoex39pj1K8V7kaJv3pcV1GjZn7eaJfrytSHHD08EAQGGAMIFMRg6nHfi8XeYIO3oF5hSYGXvUcdNd7WIgnidI\/Dzin6YMvkS0sgovzeBscolAktAP7weC3mq1LIaKYgNt2UsL8d9KL8\/n8B6R\/Yt81QFXYZf8g3+P4tPy\/kkSsNIfvswl3y0LDlhheLGqrpmqC8lIBGwv8YQXlaspfmVjHdirPP2SwJhDXPOI7i0j92jF26bcCvOi\/MymU9+Eb7WBD7jBktqD9MQhYDPOR1XZV0o4Os8ysZy\/WuU9JD6fru3jsr\/kKCqPguqlfF+W\/br9kviTd3\/eB4VY8p+7Zw2IhUhbAAnr8CvfrB2S\/TOapOVIXCtl3VT4kPt7qxNllSaLAB7HZ0kifbilO2MEKf7JHrUnpsA6AJyeHwuLS7wsXBPwyB\/OuLAVAq7ZLX3Aej45laD+jKQmWnX35iCvC2Lk0iNpz0KaPylARDD4R6xtjFuUiuuiD+\/VDor8Z42laVln8rezBVKWbgIJ0+RzyJkUTKFz9D8WmujYRQ1"} 02339{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820678307,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598618820678307,"pkt":"AAAAAAAAAAEA4e3RCABFAAViAABAADURNGem8LzRKJp\/yAG7wqwFTsI14VQwNTAACFVfMtNfKdhjRTV+TZdrbCv33x6iH690PyehJilsagoNTR5bonnLL0dBgoMc3YX6O7TqPoYEmBQhBo9qpBXyGoeAWGhcJFKsYDc7\/u4ZX2hLTAloQ+a\/pdH22A8suHezIhbLeb5134q2RA5HFoZzTMTZSBCIhgTstv9PXQCwumfychHJYHs0Ft6yq7RAocqUEq1\/LWFpsGhK1ImBcJ8BnDM5dxDKgRMGlmxspqHoB9\/LPeslqcwLzWl9OQB\/VcpU8C8sGBntQaRgPwf94pa0UqHMz\/2obpKwKjbwwgbEskSQbqBuFooA5L9rz6S2jrVdw6PE85FWIxp4KWk1jQusgYQi5jN8GLyCPIvXHA53qb7OcsTkg4Ww7b64NWwW9ifQuXd+Gqe+UisPjifLIntlpGXlYNIY7BnAWTPSpwUdXy6Qtqrk8X\/ruvgOsv6aDjOLl4Ge8zEim8Amf5sqpEA8LJyB8Sv5O66dtJK+I50u7YFLUA7h\/tgVP1iPhpJTEnCH16DKyMXZFkbh9DilxI7c0pOAZLYJr48QuJox4RoLFZ9lMTvsKjVku\/fWAMDXEQvaFNwvlBvlnQb9JbaVASSjOzlsBofk50BdO9mypm2dSeER4kNd6Y3YDYqrbu2dewaFT5S3EXYNt0lT5NZS8OaF9O08WAiSZmR5vmuAfuLO1zLgGQ1Euwq86NKKfd7X3h+4ViguppZQrMcNF2YojGrt5MMBgpSYR9Hb3pj7xTb0uSkVCu72ZrfL98amuFAUy7Fx+treVOyYo3k4jCPb2dH2G7olLbbzBoDbI3iNF6Ekqomn+sjkEDznbOBqf5f+SFEITZLVshGDkaECMNIlb08WSbhHUCFxGcOQ3UPyKpjOEVlwdNr04Te9hF0D8k4p+KIgi1A+waaYVHLFETZeT8YPT8ZDHf6kMrYR4r7+vw1sGIhuXD7dlP3xV7QBWhPLWn09Zzf+Fjtn\/rGO7M7jIytdlLNCA7WWcqkE38zytO4rGXwn4Db\/WD3qNvU2vCguVZQJh7TYQjHrvQ1m\/kei6U2kUJxRU9pZY4RgTao34mbxevGfXtL4ZcIwdhIqpGsExlSBqASylYBW8VtVsRikCdpzuCR29+fKrJ5GQKsbKq67MSom7g1SPuKRUVpcCxxtEonsShqkNxNzZ\/KxLmT8v5MWSqqjE373M3Qtz+UlarcxgwlqXMcKkepFzis88I4xRmO9NUhDQaOshdj35UPLk\/InvvlEsTluejP7p5FAbc8LG6s0arB0tweHuxaedQ3ZSCoivRmpoiifHNeSVAt5G5yOhX3uHflkqbYAvXXJvJz\/9ghC6SZTst4VCRHHiBQrVKQogZkzh\/ykPsgutAYqQ0MMye7j5zhBayUaElfmpZhnfHZOgPfYCxTTc\/RtMexJr3LPcYh5ge32zWBwHlWorfSgmJcAhbebG7\/n9y6h\/ty\/9E6FoWOluyMMDQ7gv2jL3WXLU+cqEBJmMDsz\/0XHB8yjYAMFXAREmTS0tJ32G3QTeLJYyzJ7BvLKslWQtK1WmiJD+z\/wfOk5auh4iSdzg1KQ669g2tPVS4uwbx16g0jlqJL3MH78oeMHfTePuvb550Dwg8s3yCO8hnNoYt3ZDALl0JQkpBdmXoMEdlyv12lpf7U0iRGf\/4pr0CE0SG8rDso+ecL+ggGjpdwPWgfQ8nk+lOeLsTXddVYv03OgnFqwhUvd21zzUyTUY4mKGWFoQ1WIUFHdZw7rjCzG6mB\/mAXdXyriXrRQk3wIAGulMvV8xiE03NCdGQQ5kPv7nYJRK7sO"} 00959{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1598618820564956,"flow_dst_last_pkt_time":1598618820678362,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":372,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":372,"pkt_l4_len":338,"thread_ts_usec":1598618820678362,"pkt":"AAAAAAAAAAEA4e3RCABFAAFmAABAADUROGOm8LzRKJp\/yAG7wqwBUiB24FQwNTAACFVfMtNfKdhjQTkel0q94ZItOeKbj6OxbcFJoQQVaZZak0Bh1BLF\/\/NZ4vK9O0\/Iy6KVVmpDncSZrSRwHvcZHSWbwZiCstsEDdWrPtcbInQbWLg22euJTVfuU5XsciFULUWeQPLAOQqZdm4TGL1RYGogRCrzgy1YIhzTA\/sljiH\/YgFkGkv55prkYaQZ0L3X+SHIw3ScFYOOfEaTKZ9UZsO3Pvc\/FFafyEjWlGZWGLfwpFNh2DMcKPiZNzTcUxqJpYEehuKjdd3uPDmJPzfrMlq9RlSvd1c7GpiMmPJM7M1+8CxZcfUFGSEw4zxFM4YKu39AIJ8LU\/VWvgMbS5kedIXCxCBRacLcGxpZA9djAjOLWYiPP6gwUSpIvz7Pr2cVDzE29sJajeCR2+5l7nzkQtdzjYwH+dxZXr47q1lihmuSWcEW"} 01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1598618820564956,"flow_src_last_pkt_time":1598618820984161,"flow_dst_last_pkt_time":1598618820815062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2894,"flow_dst_tot_l4_payload_len":5022,"midstream":0,"thread_ts_usec":1598618820984161,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleServices","proto_id":"188.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":7916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1598618820984161} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t50.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":7916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1598618820984161} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777481 bytes -~~ total memory freed........: 7777481 bytes -~~ total allocations/frees...: 146405/146405 +~~ total memory allocated....: 11486100 bytes +~~ total memory freed........: 11486100 bytes +~~ total allocations/frees...: 216659/216659 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 569 chars ~~ json string max len.......: 2355 chars diff --git a/test/results/default/quic_t51.pcap.out b/test/results/default/quic_t51.pcap.out index fa112a88e..2e4421bca 100644 --- a/test/results/default/quic_t51.pcap.out +++ b/test/results/default/quic_t51.pcap.out @@ -1,14 +1,14 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1598620434413428} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1598620434413428} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620434413428,"flow_dst_last_pkt_time":1598620434413428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598620434413428,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02336{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1598620434413428,"flow_dst_last_pkt_time":1598620434413428,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434413428,"pkt":"AAAAAAAAAAgAH83gCABFAAViXjpAAH8R7IK744iY0\/eTWtg8AbsFTvswwVQwNTEI\/5QVtbAFhg0AAEU0lc1seKsogM0xJ2my4Aiqph+R\/2N2Tlopv6L1CTJ74mgIopdeTMsbdYmmZHP80OXizzota6YFHVZ9VeAcEZo8pgEgiYZUg70bNed022uBY2n4AIBJaoTaZc4dlK\/B4TiUFC+WiYMdxcvH3S2VlmhK+Rc2gUQHqAYLkzqvz5M6NYLldilKxcCw\/ToJ+zu5fHTAbQipFFqbD95GLa7oBCU7jPE\/wj2QE1M9Wk52+SrgbNiKCHm0Oi8\/\/aC+8QR8oPQVWsQzjkcyagMWDaycHo+Z2gh2YqGCJoepFNsqgtO8uWWNDiaisHNHQDCPrCt5EDVvLMLkZZQTcE9bxIhJucB4CNr926kRAjaB4Y5CqDAEear5TtCJ3Iu0C2bzBjoi5J9LPiwVBQYhfxtqGdX9O3nANKjdbMVqvYl742MGo2YFm2J507oPMBXLqPJW2a2j\/XlrdIcqLJLXy1ruiet2Yfof5cTaMXQp6wyOq8s2kLEeb0RqG380zHAhUvwTfCiEYvwSN8+LPb7d1HKu3JRvbfM4A2u6D3\/ccc40B8jpt6t8mVTCa92M7s8hgVfDHCvoiaTxRF07ULZWTbuRFjLXA3G\/QLzl0b2QQA3PRqMO1r4YLM9IhL+9TjIm9kskk81nFsbcqeUPPCIl5SvakooZ1Ne4vlHJM7vcPwHkRJHa+PMjtknf1D9FmcaRoK2gywFTRk2j2RKXeNNGP3fOGBMRmVstntMO9HlCQR0pqWkIJ+jw+vDqFHMVZBwco3px5tJKsYik1W4I7vDVokn8tYkCXuWkDqmw9KvnktOeNU+eoLbnbQi\/AJnaCX22\/pOnvMBDUqcAEyxhhPUDxacTTuyCy01g9D7qNJmAhz3k5MC2zTm67IILY1heZ2AuYvQwYQOss3bJtjPNa+uV1pVbQiVw6S2nvxKgtq5Z9DSuXhvsbTOp5GSq1YV0eewMUT6nB6ejScFWGv+XM50Rf10iuSgO6pXznyY29qMMOcdfxFMWk8ZhEALkKLXeqjM+FjHgPqVYhtjd0Mxa3xCi4pEnff1YF4nj78KYHZrV2zxl6ihclVVh4iHXNFGI+s63vsFXEOTBejfPsr6+VmTDJ1+o1kNk93XUE\/bQ82a18NJPdXQ6kf26Qjcc4RqnTvAmrWh\/6fmG4zIriY7A9z8t4eO9Qfr9TLO3k0B5JOVnWVTqlbOvrJgEzV95Hv0ioO0xIj5BnxrbLnlwbNfPjVGTcRNAh71gU32J8rr6rCxxCaTv4RU7KdiQ+zigC0LKK7x4OPs9n2Ka2KUPy25mrLQ\/hk5IjtzsrqqQ2MzNcZhxb0kkNCxELzOQUMbpkFnw3XGvEDCJVplyR1UqjiDFOL8\/JfuephE1oyHWeOYVwVd2Cwv2PGGx05T5JJWiwFxWUNPRdBpTvDS0w\/p4Nd\/c2GPaorYCv1rEFAbYJpF4F6I30H8WeSXKzzhCDJKK0+cDwsUjqsSRJxU4ftS+uYB0XeJmKhKFuSfMEVI0q1YpMQZE\/G2MC4zAighNsEoUwNwWYS2545Iu3+Eegoe47B\/k8tCSheavZoHCQ6GLnzYKEdctMGvZqMVOXsPQnYlobmVfhCoHYAqTL++rI+V2XgKmzpdEDycwwsSLkVWoYU4lGAoPMP3kxasfCnUHU\/V6gkc7C3bskka9cplZd3pC0DtI8Ams8W1VIknYpHJDhbirGSRTc6oJbJQK8NbF0mBg+7QAzF7Cg20VSPH1oCq1EEodwhHlQBTHEkDIUOOWm8A2kePv2bx2BTxVuCDz2D78zh51"} -01368{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620434413428,"flow_dst_last_pkt_time":1598620434413428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598620434413428,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"dev Chrome\/86.0.4240.9 Windows NT 6.1; Win64; x64","tls": {"version":"TLSv1.3","ja3":"92e76078d514999cd950474995dab2b5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-T051","tls_supported_versions":"TLSv1.3"}}}} +01390{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620434413428,"flow_dst_last_pkt_time":1598620434413428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1598620434413428,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"dev Chrome\/86.0.4240.9 Windows NT 6.1; Win64; x64","quic_version":"T051","tls": {"version":"TLSv1.3","ja3":"92e76078d514999cd950474995dab2b5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-T051","tls_supported_versions":"TLSv1.3"}}}} 02342{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1598620434413428,"flow_dst_last_pkt_time":1598620434419300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434419300,"pkt":"AAAAAAAAAAIA\/tPQCABFAAViAABAADcRkr3T95Nau+OImAG72DwFTvx1wFQwNTEACP+UFbWwBYYNAEU0cA7ob5DRu6SNsqDMEz7qri8UnfijZV8Hhw\/oxky0x+Zt0s6erWm7kWn2+1owrYTdI9p89OpW\/6ptpwv9v0J5BjJyyLuuQ7qMgzGXDs2ur++juUsUpOdkAs5K5BYVfQAmPmXEGyVgmyCeUg1T7Vj6FslmnDV909IngQqr2X3bAL3as4fB8O0bAq64I2nnjXRSsXtOF+WecFDOIkhsUozc+8M2nJh6kczAN6BO7Q6B24T4pTF7f\/SWotAh0wmioZGWvmsK3tbjrCGONmSc7G6EA+eCMtEUY\/yq8VyKOSmIHald\/L7JGCPyNYCQuoSWiWNaW\/I+iZ2Tm83YJ0ULZZc8urwFDYH3aj1AkglwflqENARW1+\/0Wgf8CdNT18FiabAis+X7vPL\/K0rfVmIy72rlRNRfOG7y7nzx1KwQOQc8aCVF3CWYU+Lmd10cKRMsTRDen+t7CfJT6D6czKmRS9zHy8defw2VL+sr4ea6knMol1lydS5om9MxXCYpqegXuWZiFTSbzJvhE4RaqOqWqlC3CyDO4ySp0wcYRr6Xiz\/ypHsBLBgujZNocUdxB92srmLhWvU+EKXNqnvn4sN9tP\/B4VI81UNJfpKqafd5TbC3xVerPG2FpOE4rg1k2rQi9r6v1+PQ\/d3R0LlFcbJ1hI9fgnNKZUfeIejFNzw84ZCPAGKEZF9DRij\/q7+ynKTHsKprl5SyrzqmDatgR6jPni4YdUIipVxz2xAMDSfgGHJudxWet0g70XvUgRUnZwnINCVHKug\/Cwaar4s1XCM8uhzoEef40bHIf\/1cPPikcn5BGvUj0yq5vKOgKlUAn1Pgd3RmxD4udRVK4hr3Qq2qz0yzGHjPkF5V31PdO+LbljCDil0atM9nNzYRQDTxXIy4ROBhbRF0GC5xxy\/5G1Z3EVEXnUgV7cKAoSoRYsJk+ehBddHi\/2\/aZLTP9GUgaj03e1ZAUqg\/pLbgzkOggtkBYwlEystem00J3RiW59azSXPWDzpQD37GvUqWpvchJjuAPROhp0eQOeyP6Sm5m8Ha1f9MDT\/mDWqN\/iBuFORPOJebKiYDmtBTotFqfXW1txgynw6EHUJzSE+pl4MdTTWGiKeLLjK6VcgkjK3QCvZi2YAV34jHwjHZGw2P\/U6KrMCfYoKLgcta7eGwEJgt1TEOATVA86YdSNrUK8Cm6qplxo7u2vCTdHfHERZHXlWiV5V+M6yg8jJ+w71hYe+9QRnWDWxxhFwqS3Rom5NgfL3qyZPAg7B0TvVcGC3k1t2hVxdIBJT1YLB9P8xcq205KojLAkrnJ6A03YtC2cE+\/GfTI6rrSdcn22uQHH1uwQgPFlvo5F8SRGnmtqbBCoQkhDA10opFpEUHAKVRysF1xT\/NgfiMQHD+An4IrPRfuv9gDg0rUkwJww22wh5gLlRkZ\/Syy5BClTzH9Eje2q1QlkG4NyNIdxlgTeTWfrV+owYm4Q+FXDFSqiziTTjYt929oBaNekN7DaLZNKBHzE9aRpnZjKaGJOIkilbSRnfMsOP+KhOdyxkYqJB7lgyVuE7zA+Cs6QfiNfeFBdysqGJcMLaCJe1XQZYseYZCHv9I1fYRd7rHJDJ5TLxG9ZoKBvyy9qAFruCnQdJM3kRJUF0ZdxtTsL1YtSrJYqn3hcGRfsN64Wu2ioNCdgwzJ\/IOr225URP0O\/yfvAjNTo393KgekGIplrSAr2vqB7j6oyQmlBJgPRuYDzTKmIMBKNHRY+Gk4U31TV\/ldcN5g5htDYX20DA3i7tEfKzfbUYY"} 02343{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1598620434482713,"flow_dst_last_pkt_time":1598620434419300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434482713,"pkt":"AAAAAAAAAAgAH83gCABFAAViXl9AAH8R7F2744iY0\/eTWtg8AbsFTtamzVQwNTEI\/5QVtbAFhg0AAEU0KsIg8w2st8fMy25uq6gsPA7KRO4wWARaQxn0e+nvMAG\/ncVOK2\/1iV8zM1GT+gj2yfRnYitTLViCwPF0TV0R7p64xnLqwrHTiNaW89JgMAHQze00LP7FiTbOvqpo5S+7AzCO4J36LH8gasnIPNye5ytyGP9hxarM0Gwv6wB1BKIgh6Hfi9vN\/Jaq\/hKaWtnsFyqFx21T1U0YmQzCOhcYGHZNHNGEmxqlfOiET0cy7A2zooythTNQBScefWz4fyugA0KO5z5EPbOCuLPnOhJ8u0jAA5snZ9Av4lfTCNurCTo\/b96gqEMXFCAN6kklskS6mSW1P2yxo93FRN9w3VFPyMe8m7WnAxPUMrijM3bZFrpYXz6N3LoSvj\/7t1mbaz3Ew6W7CCET2\/vUPuty0yYuKN9hlZRGZDAOI7p7UV84zBa3MKUoIB90BBwtqXlv\/AcyfRFhSrAf1TPDIen8IRojBr5qTqwwDIcvMREVIsmeXYDDAIh87njz+3l6UiC0r72z0Vz8KlwPmvyd1tNbK4UoVu5yliqV7BzHAT0P+flRjAVL+Vtw\/1eTO0KLmizThDqycqyAF1MjS6cC4BRlgBDuBvC7oqizuHTk4JOICP+TLa71t9U0MO4SvptmKRFy9UA159ziHHDRbAhIzzVEm+HGxTjT93PUzlkT4beWAgYYW5swcH8m2E+qX\/jfh4l+RAJ7s1FC99eqQD\/G2qHKz49sTvtw3eknSSHiADw1dFNDiGytHeAJqgKsYZ6xbxYgMT8vQQJWpcCaoPnc1R\/36QBSKDfO0Ei6I0Nk2Twp2jW7ybYg3WV9zcO8mcO+t2rUANioNNaghKiQ6\/\/kCvnfaOZl9\/nMaaP8oRI80YNnM3bBLePCUoIodPlfRsS+qRORwVaYVbmTkVd+7OOE68KIf+CtQJzWPG1I9szX6EUokwcVW4JeKB3DLXSgUJqbrCp8nB5Gt1Xl+DVmAWNn0zlmAkUkIYwVaRlUBt12nmZM5GfCFjeNYwyxKhMtco0zqNoFh6GPimEo\/HJoIaculB01PGh4MlKE33m6lcbQnV2mcjQy9+X6G7gJAvssvNVim+h2CyUIa0AFnvBEp0BZ0LQBw4xxW1+LO+851oEKlpBHf2CaPTJQbQ3lYLcFUbbZ7WxtncvtHzy\/SI9UgKeWcagnCcsYLbPsnPnloEl6cnUj6vnGVoFZ0zI4TVPk88\/biBoFXX37AYSAsISWoXJh5fdyK7Ub3uTshAtqeqBBTUeUFjb5Aj4cdCLyefeqdX7eVX7iolZTDjMHw6WHcQg9j8QT5ZehE6eQ3EWBv\/dyJkxi+P\/\/5RRqzAOol5xZb6h4LuhsvzWHQihAaP9MzFNZJKsrSoe\/spLPEQi09YKZ53xMfFjPTNozP7awNtIb6QltDJNIByFfslEQklWBp3nSDDraHwFBspLwhrXO\/4KJq80I0e6UvL2AGkUJ3WcnYVtrSbxxk4APJ7JesOtrVvfG0zUeYMWMSCdfwkF4KodqZGtJ3QATjzBea+nTD5uHk34dDyJnSJKk0ILq0jIFLho8LlWIyJH4QOXOz4qaWrv1Yq7zohspvZk7qqBfzWtq9nyRWQ1TZln6OTuRj1nSwDkH3Qwyv3P3ftVCIjgLduzJ1KxoPir\/gAp5xz8YWBMXoD3IJzkv\/PGQNpizq54tSdx\/+EwNQ0FXkMrTDVKVITAuSnBIkg9sH6JW+WpNYsbAPv3JnEFyzt8fIeM\/r0Qmf+N6zxgE9jaSg9C2Ue6YSiQO2VAdyYTxTvnFaxwR"} 02349{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1598620434482713,"flow_dst_last_pkt_time":1598620434530068,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434530068,"pkt":"AAAAAAAAAAIA\/tPQCABFAAViAABAADcRkr3T95Nau+OImAG72DwFTube4VQwNTEACP+UFbWwBYYNRTU7ePJ1K+FSjOzh8I+88Xo3glhGN\/ISVgfZLjon36o\/Ic8wElvtdYWOln5kitImSZYvUwk1fG0vvw0gN4Ua6Bk3jF4z2+DlEmg31OHq+boraULEIZuAwjhjODmyz5ftYwgYtTSwoERmJiUKmhlyGLqx3S+tX8EjcRIqYjSOyHMu2jndr\/C7BAPP7JVT9ieYljjMWtEQ72Flay2RpFT4RImtEH0\/RK6iWf3t7LgbxjhC97n0j1DDD4P\/sZZ0bVIicKPYmXAEngVSoh3oIH6poziu1qlEA556yxALTbdx8jtmJX0Z9ooraLIBrb+pueGEs6xQAtF7up+LVAjymIfJeMB5q1EfGiD2ya\/Jh+zUG10j5iOvBK28sWnXxVEamKBupu9qXaXG0OjhurIE3b2Aod2vtsJ1NalOos0dYc\/g5+XXDK8tcQHad8aZpGNSUiRyAtmWcaYe8vO\/\/qYA5pPey63z\/sGlL7Ey0S9M9ZT2ZRHnqlxrqhQIy7XXexnza+a3DNLwUI04v3Ks1B1peq0gsFraKmD\/6yO0vbt0fXLwVt2hr3SDHm0oGrN74iZrIwUWQiIQl22WxQHTTjtYOTcvqWfO7uam1Ph5DVbFaDddigRvWdhF73OvmxThMwCc9l6X3P\/tUIdb8CggvQWiMRN5Vhy4Rljya+ZIOcdjbzMw68oRgdgPhct14QVofXpMjJfC3oqi\/nNbGLQ5rYKneQ7CWh9RSv34L3R5RDGC\/pHwyv6PGgI8KRf9+QUC+7gYPb+kZQquYvru8Z0knElk\/9u3Xyd8knK1jpgFTg1HNdqhCD3oyFIuAFRWqcgNxU6wz1LaRi24VFE+eJ0o+rsi\/pnfI0su+wrGhXYRbyyiy4ZzbqahkZoPZ2zQGAKW1nnvD6p\/zaLVXZsU4jxLWam2WqckX1QTbgPxB0wawYNhyf2CAAhEQ29\/cwWUpxFyoXDPB+hK4kW7liS10zysc5bs+sslvGCpqRb0Lis637gfgiMEACVosS5TN56wDxHV6753I9W1zSBCNXxUKOAdDNb1MGhBZT\/uUW49hJ6JXcGEhfw+P+5AzMdiqKpUSFKgaiqJSf3iiv2\/RtnFbJ1FaRBOTOgw3ARkcPvJN0sfzLk7RKlSqTCXk8peiPFwt5uzAbWqrhfe\/Yen8D2DWvWSruKHIC7o+GazJ+\/eyppnocCPGQQZ2lonOQT2qyNSZ9COW8HeAaqf7QCJhvb8S9SVVml5KBhnwRNbnuZICaxg9vyFjeBwKI7SstbJ3b7slReERnG3DvEqM+ouROXRlpGgUREXlGwb7N2UJ1jjo460vUe38pW2vZ1XnXYGDBL3642Nhsv8\/xSPSuRmLvvooBVMWLWW5v+LMlMcoNIIM6xibupcxuyIqKDqNmsScanfhq83xCw4xKptGbS9bu\/A0yrmv3Atgn3WXnx2khAoVngZCR0MbqmA7T5k\/rUKhB49pS3ip3KT03PKvjuwDr50ynUXfZOYJ3+OmI37LBmqEhKgv5YHHEjRB8VHHXAh8Aok+ht+KljGfYLx0rx0y2IXVcxRnvPFVtHn6kBareUX1Lz56co6YIb9788QnPlkfq1D0P\/\/4uwz67uvdUChfS0JSNQ18zYOyJ360r3AVfKXmyQ19aUMj\/EcNueVwU0nbl2KSsYn1Gfl7zj0ewbm+BiPQNHMgAkoRMw02Osi\/TmhB+pfcq61IRV5796uYYuP\/e1+49LMsN6JtJapar+\/bfHd+ip7c\/\/L52jGcE3Fey3bVNYI8YmxgiEd0S1usipgR\/OJ"} 02336{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1598620434482713,"flow_dst_last_pkt_time":1598620434530087,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1598620434530087,"pkt":"AAAAAAAAAAIA\/tPQCABFAAViAABAADcRkr3T95Nau+OImAG72DwFTvWw7lQwNTEACP+UFbWwBYYNRTWFFap3NZueejSHTEbypHeKREWRxqFhCyZ5IFZ0eMPI1H48IlicfZNkXoAWlnYiFV7bh\/SgyFOQ1pzqpY4Gn+dZg1igPWwPXjEkbDJ6Uie4ErETtBEXPCHdh0EPbcG66CEGsqP3FcGhBvmBZ6nLZXtHGFm8TZPZLCjcEWUg3j+yh1uJpfKvfgdjQXh\/BKjL946XeM8A3dQwTCj7w0RU4XQ+LgKO5R5jUOWwNACvmRA4ChETSCDHR4\/BAzDovDeZBIcfCGhDNPuYCn0YgSbiKK\/zKtEbn2g8SAWOGtzORXbtbz7cr3FZq9+52D1ciyRqZMVAhZJn6boHkLy8FiSsJcgUNmFlpFnM5CbmVt+Z3TalUOLmIad0ZBJ\/frS25nxzdMvyMkHuNowggmF5lhEeoHaWyFEIcqz0HqYgX9hRGG6fJHHJDeuqY2DZzkMFK5lXdq830OGjj5x2saXsr3OlkQRqhBSGhxG8UUKpcbzUIRCc14PBKwtK58SIzfKg9C2dH1Ndip\/iMgaZp1dLSjMgGMxpFjTnm18D2DnhMbRC3SF0n9NQv1yxds\/5\/VLS7vlRw085hWdBDcF5JsrSqCb7FrIGqCAJ6aEeEk2C5NCIEHLGpE\/8Mrk0r3V+oyUCi5EUJoj7yFrgbAI\/RLP2DX5PzYPxVTVcCPNWxwAsonFHo2UzqB9GByR9XsVOyiNMiXSmCP1h7RNHRBTW+W+GEKnZsHlit\/daPgCMDsn+uRJkfq08o0Wc8dtlQdBvGaiOyAz5kxn9XlLa2XMJVdY5fa0fvmKEA8kLRIsUWffWkNMWjlbFbe4\/4K6v5\/2vl6j4PIKwrTE3NX480XOutB0tHFeaBywMhTUrJM8\/2LEUuohxcw8ZJUMhyz8KLelYrkfR4ZEmPHlrlks1U+ptnZRctCqp6xS15oIDC2K9IvH6W4XVPXW5E6wTMgi2mDpZEkWMsRcntggQXrcuBYU6Zv2UWEKNUfFTBgz1KVhJpmpS4Xtc7F4NEQ2NoEIYQl+RaDfoFKprDp3shiANgPwfFEVHOLO72rKzBM1JtbcQAk2OwIiNamkunnJ\/nJitxlIW52Xeo0s2OwSYNPFF5zyhBUq5ylZcmxfa6MxT8JqgkvJT6UrrMDYFURtuX0ryQCk\/XPnIFL82IABneSi4Hs5V82gBRFJuY536RKXy0Y+Fmmlg3ORBkeur7nF4WNLwf4uKdeZDa4zi4F5ERbAlPepeCgnqktYXzIIcX+zttEmBzBP8oQgxfobusz6BiWXRPhFCorFz9af2XffpBUFzon7jFEaUHMZEWx2T\/G0b6rOVrMUsciysio8OUm3qepoHWfs017iLVwdUjBzLV8bfsI876uYCB7FOOWmpFjtlfEcfFvovuxYQo3c2P2+FTRFibJG3fxpLnuZL+xZ9WuB0sUCqoGe0Nj8mWgJjvIMlZr4UBHPVa9FuCSvw43Jx3Z4zkFEFLwlnXF7XomFdjjzfNyGEva90KOeWy3V0Xm36xhL9ZfJd7024bmBrSU07\/OIwQL4RM2pylqUn8vtXHdDenj0RW6L9cUJF5+gefDnLwPN\/LkqvDQ9XoQLkYPyIOrW3yOipSRZ6qssVteVhp7yz6wIlf+om4vamOC+pjDHdk54a1\/tUFkk6iLfsqzmXEDMc9twzy8aI6ruHx9Y75G06eKdfUoetoe+oo6I+bKN+bF3ODBFJJL3VoG2yoSGLlcmnzauulsMAmGP4trS\/oNUS7VcK8uv8Q4iCrkL2Z7LQ3A3kywkt3RVfSW0P5p96Zzps"} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1598620434413428,"flow_src_last_pkt_time":1598620434650828,"flow_dst_last_pkt_time":1598620434610128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2888,"flow_dst_tot_l4_payload_len":5904,"midstream":0,"thread_ts_usec":1598620434650828,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":8792,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1598620434650828} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/quic_t51.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":8792,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1598620434650828} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777484 bytes -~~ total memory freed........: 7777484 bytes -~~ total allocations/frees...: 146405/146405 +~~ total memory allocated....: 11486103 bytes +~~ total memory freed........: 11486103 bytes +~~ total allocations/frees...: 216659/216659 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 569 chars ~~ json string max len.......: 2354 chars diff --git a/test/results/default/quickplay.pcap.out b/test/results/default/quickplay.pcap.out index 281429e3e..77e432df2 100644 --- a/test/results/default/quickplay.pcap.out +++ b/test/results/default/quickplay.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1429000030398627} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1429000030398627} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000030398627,"flow_src_last_pkt_time":1429000030398627,"flow_dst_last_pkt_time":1429000030398627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000030398627,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00951{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1429000030398627,"flow_dst_last_pkt_time":1429000030398627,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":368,"pkt_l4_len":332,"thread_ts_usec":1429000030398627,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWBDAUAAPwaoIQo2qfp4HCMpxewAUEHDiNf6xwiBUBgAc22rAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9jYXRlZ29yaWVzL0hVRD9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} 01393{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1429000030398627,"flow_src_last_pkt_time":1429000030398627,"flow_dst_last_pkt_time":1429000030398627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":312,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":312,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1429000030398627,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":17,"category":"Streaming","hostname":"api-singtelhawk.quickplay.com","http": {"url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}}} @@ -136,7 +136,7 @@ 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000037314978,"flow_src_last_pkt_time":1429000037314978,"flow_dst_last_pkt_time":1429000037771704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":187,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":283,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":283,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Facebook","proto_id":"7.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 01229{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1429000110390234,"flow_src_last_pkt_time":1429000110390234,"flow_dst_last_pkt_time":1429000110528479,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":625,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":625,"flow_dst_max_l4_payload_len":206,"flow_src_tot_l4_payload_len":625,"flow_dst_tot_l4_payload_len":206,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"HTTP_Proxy.QQ","proto_id":"131.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":0,"breed":"Fun","category_id":7,"category":"Download"}} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1429000048159796,"flow_src_last_pkt_time":1429000048647467,"flow_dst_last_pkt_time":1429000048795905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":487,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":487,"flow_dst_max_l4_payload_len":1169,"flow_src_tot_l4_payload_len":974,"flow_dst_tot_l4_payload_len":1169,"midstream":1,"thread_ts_usec":1429000385363074,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} -00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":155,"packets-processed":155,"total-skipped-flows":0,"total-l4-payload-len":95867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":139,"global_ts_usec":1429000385363074} +00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/quickplay.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":155,"packets-processed":155,"total-skipped-flows":0,"total-l4-payload-len":95867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":139,"global_ts_usec":1429000385363074} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 155/155 ~~ skipped flows.............: 0 @@ -145,9 +145,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7830361 bytes -~~ total memory freed........: 7830361 bytes -~~ total allocations/frees...: 146941/146941 +~~ total memory allocated....: 11538660 bytes +~~ total memory freed........: 11538660 bytes +~~ total allocations/frees...: 217195/217195 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 570 chars ~~ json string max len.......: 2445 chars diff --git a/test/results/default/radius_false_positive.pcapng.out b/test/results/default/radius_false_positive.pcapng.out index a04524772..5ebfff2e0 100644 --- a/test/results/default/radius_false_positive.pcapng.out +++ b/test/results/default/radius_false_positive.pcapng.out @@ -1,14 +1,14 @@ -00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1638897892722857} +00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1638897892722857} 00834{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1638897892722857,"flow_src_last_pkt_time":1638897892722857,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1230,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1230,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638897892722857,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02214{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1638897892722857,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1292,"pkt_l4_len":1238,"thread_ts_usec":1638897892722857,"pkt":"AAAAAAAAAAUAHNVSht1ohf3HBNYRNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQTW\/+II9QTO5\/6moMoBfKc4frxprVfBsxdaQAED2QEABgCgAQJbUkVKAAcAAABTVEsAOAAAAFNOTwBsAAAAUFJPRmwBAABTQ0ZH8wEAAFJSRUr3AQAAU1RUTP8BAABDUlT\/GwIAADVoRFFcZEfiQgn1oXI2ORzyXhwGYKf\/Flu1\/kK\/l4UH4q9DCId2Xb2zn9efGujSc\/F0aNOeHZb6KAjEeRC9dXjLQIA3XVxkxqhCJrs95QV3gGPSLgjsQQ873Rxpmhq\/VDe1SdA9fAVAXfMUX1s0Z5mAWpV6sSbDkPHYULs7X0KVe+fR2Ai5noT8neP+HJa14zskJKzRF7WTWAfIPB94k7XcyneleZDZy\/LsPNPpKzumkgJT693IGvFFGpwQ7o47hVb2V37u8BaJMyzZuDr4CIc8F1YA1joFN7OPyOLc3a+gm+fEb18FG1gS\/ZrcntqavJ3HLz5Vi8zFgzSja7rxlz5ZT0Fgr\/\/hUJDycGNBHRHMai1MLz1CKo55ez2Vq+oMFJFtHL8m7Yk0AZ6oTphvz\/47C32mJ\/BonrdxqQzXuP2SrkxlJp8ughvQJBkM+kPiZ+nnveyN+ypLny4LxyWPno4oScYJJSbW2FdJTZlTQ0ZHBgAAAEFFQUQIAAAAU0NJRBgAAABQVUJTOwAAAEtFWFM\/AAAAT0JJVEcAAABFWFBZTwAAAEFFU0dDQzIwYXTY6XlRVYYUrxtElpX4jCAAAK5TCWYobSWz756zKFc0+OhHde7JrmIR8db7Z6FsadZoQzI1NVZwm2DcDowaV9aKYgAAAAANAAAAcj3bAAAAAAAC1l9bpELMSn4CHk1io2ZOe6cCwpjjNUiKNMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 02226{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1638897892751447,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1292,"pkt_l4_len":1238,"thread_ts_usec":1638897892751447,"pkt":"AAAAAAAAAAUAHNVSht1ohf3HBNYRNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQTWXcUENlLj0f+6+Jgr1PUqO1anUCJ2f97tXf2Z8dBl2WTNukYCx1qDOvW8l6pBbA\/QzGs9GCu+xmb0GpSAkHyfZJ2yzr+NsYf988AiiEM8Mw9vmVCFpA4j3zmgSbUMUqgIFl\/ckMyhcXVUAjUruKWcZMMMomSxBL0vpnp1XovZUE8pJR53GIvlrl+aH1JwTdTEvoURGDfXj7HymZzIuiSpGYcRD4vDvqxyXwPsD4kklWrCDS5cMNSnSoB8eE1CrkyDZbEac8d6Z9X9O9hVutHpXHdc8gBWr725a+RbAoF\/nPg5l47cpx3KLC5AygsRsFUsycadOOJsrJqf+9lTAUvzlDtUj+J25fiK8TqR0Htv0gjY+Jf2ES1obpMcjsWCiXC6C0982Lwh98CIWpY1gYbDsiQa6EEuHVALLYQUT42cGlDbewsfp4Tjx+NbNHC0NZc0UCj102HBZbyY5AOE9r7wfqiQaj2v1GD0l19oUj5P0xtAFB0SNmmD5d08q+OoF+ZBA0E6SCA8jehYueJJlNRt2O31FJ1PeCVRpXT8NS7VE4tXMJ8ZArjTuP5NIrSPPhiEXOHrCn7C8kPSZZB1pxxVhkM4fCfMQWma2EIEU+REEtViwMip2cC0g0V4nnW\/YfK+57akB9Uu+0UaHviwxWuzhAxGMdVzbjXnwSWJNac8i6mybugAVsdsQkGBl70YyNWbeahKe2D3y1P1bYLnJrYbOkYRBF+Acbl4FGuz\/nCgMU7SEMmI0+\/U7iLhf8TNIcHbgmGN3xWUp8MMU9z3FDMAHi7oQ7vcqn2oU94rkkS4y8axIrx2QwCkDJN+5S2PReVaFfu1ihdUnHLmPXcZnAO8wWRnGVr5ewQO2snzrfhV6kqHoNqKp3sFYCKZ0h+VYPxDLQBix8ZW6P\/vNI9cAHY6sTfoSrJh69tT4CbgMvKAE\/sDmImL3P9qv\/1IhHstTBm1LX4GOfYYS3rPAwVQ4pUO6qOTB\/jrOTmqyO8ggnJnicgTHfMyrt\/YUwgZmzOkC+28uYLM3BRiFyBEWOfbvNmWpIppEHAM4TQ0LASWi29RTMAA6yhmP48DyvIzh6MvPkc0C7ttlJFR5dXsueCqSPXJSa6RHS4Ghz3UQkk\/bW1yQQQsHLm1zJ0CZlvZsfILcijdRrY9oJzL3OU10dq2OTOj0EwYIjYZjoMNzWrVQoyWC\/hUYzb6TZHFiQ0v1S83RquW6dw1uqUaQxnSA6gjTt36ObS8o0yGINds3ce3lWwTO8wJp\/1VtDvWP4mJz0R1RdgPl7H3Qc\/OIu\/Uiz172qtXeu\/a6zn7juIxWvjrSwDhsEYK4AndiRVwqXJA+\/U7JrGg\/1Z+sEaWCLNPlGxx1qPQc\/lXR7j8\/6rGoy9j+Sp2Y0lmI790AsfFUJVXzf8\/sNql\/iXQyYk27jdTY1xFLuqEW+0sJDJplhnhSo2HCLraX8NwZK089VGLFoARqXLlZelV4DNWO6zmal7a5naaLGht\/dyC7GGpM9macDSuMEKqgE9PYIHiWZZiwe0n1VqYdrMTEbEA3PMydAo+v0ArxApe\/wf93uRzNVvGy\/z5z3Li6zsJTZIl4sCmgnO9Hg9luCpGiq\/3VXjdOqOdtq2C1KUdQUsQ0qfvDVjcB41LwFOcvnc="} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1638897892751700,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_usec":1638897892751700,"pkt":"AAAAAAAAAAUAHNVSht1gBf3HAB8RNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQAfGG4AA72ZrkYpyvqLS4TIp3bivr3zq\/PFuA=="} 00855{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1638897892752869,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":283,"pkt_l4_len":229,"thread_ts_usec":1638897892752869,"pkt":"AAAAAAAAAAUAHNVSht1gBf3HAOURNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQDlccwABGVF2QcnpzsvNwXHhnVYuvotOEZAFZyRstLhm5Vh8Y\/qjK+eAOivL9FfakfqselPfzU8unBIuLM1Gkl3hUCkDyi+vg32wZhmWtIpghdDZrkT8mPeJhzpBInbvmZgkVuAprrK41CoxKKjDlIkF+W84hfikpn3qkgLCEYuKToKkyTwbJLdd0NDQonRVcTPtbDVskjblaU5087vFl1B3+DiXjvx4mrrxoJ1o2m4QK+5Itx4XXf\/cDDYpVAKVU4JUhg7EBvC5CSSa69pj7lgUC+G\/vuoC9GDJzbBnxQBog=="} 00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1638897892775793,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":283,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":283,"pkt_l4_len":229,"thread_ts_usec":1638897892775793,"pkt":"AAAAAAAAAAUAHNVSht1gBf3HAOURNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQDluwgABfL8+5jX9fJKzrGkYq50E3Kkrx2byhv\/1lxrsSEANv3rwV8oSZP1Kf9LnwvyulYNqHc0eA8kixsVINh0AEVVU7DdtZDWH0NB+uRHdIIMWflJVbH+jmh9USiXpEGMxWJMIsMKuWOo1oHx\/4WcMYLRLNqhlbRCt1SlzydohkUP0dPUhy0JEmQ2dcM9ySIjkPYCfM2x3oISOX1bfEnNb7p3pKZ5PyZPkuqec+dbYP0kRWjDfMgN9cmqV8B57rWtYeFeQ7inL7drCI8NtuFQhaY3EFIVsYr2d9Va2PyzOQ=="} -01124{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1638897892722857,"flow_src_last_pkt_time":1638897893066501,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6859,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638897893066501,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01155{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1638897892722857,"flow_src_last_pkt_time":1638897893066501,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6859,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638897893066501,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} 00835{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1638897892722857,"flow_src_last_pkt_time":1638897893066501,"flow_dst_last_pkt_time":1638897892722857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1230,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6859,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638897893066501,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":6859,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1638897893066501} +00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/radius_false_positive.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":6859,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1638897893066501} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767043 bytes -~~ total memory freed........: 7767043 bytes -~~ total allocations/frees...: 146381/146381 +~~ total memory allocated....: 11475662 bytes +~~ total memory freed........: 11475662 bytes +~~ total allocations/frees...: 216635/216635 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 584 chars ~~ json string max len.......: 2231 chars diff --git a/test/results/default/raknet.pcap.out b/test/results/default/raknet.pcap.out index bee3e5278..5fae844fa 100644 --- a/test/results/default/raknet.pcap.out +++ b/test/results/default/raknet.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946711624286000} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946711624286000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946711624286000,"flow_src_last_pkt_time":946711624286000,"flow_dst_last_pkt_time":946711624286000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1464,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946711624286000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":60030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946711624286000,"flow_dst_last_pkt_time":946711624286000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946711624286000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUl7RAAD8RIvLAqAJklJkjza3V6n4FwDU+BQD\/\/wD+\/v7+\/f39\/RI0VngGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946711624286000,"flow_dst_last_pkt_time":946711624328000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":946711624328000,"pkt":"YDjgxTWgeJS0JASgCABFAAA4I79AADcRpIOUmSPNwKgCZOp+rdUAJGm+BgD\/\/wD+\/v7+\/f39\/RI0VngABZGlNgUiIAAF1A=="} @@ -15,7 +15,7 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":946711673464000,"flow_dst_last_pkt_time":946711673481000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":946711673481000,"pkt":"YDjgxTWgeJS0JASgCABFAAA\/cD5AADcRV\/2UmSPNwKgCZOp87REAK0g4CAD\/\/wD+\/v7+\/f39\/RI0VngABZGlNgUd9gSlRXt67RECQAA="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":946711673484000,"flow_dst_last_pkt_time":946711673481000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":946711673484000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4sVJAAD8RDvDAqAJklJkjze0R6nwAJOBohAAAAEAAkAAAAAkAAAAASQ8CfAAAAAAAAO7jAA=="} 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":946711624286000,"flow_src_last_pkt_time":946711624422000,"flow_dst_last_pkt_time":946711624425000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1464,"flow_dst_max_l4_payload_len":110,"flow_src_tot_l4_payload_len":1703,"flow_dst_tot_l4_payload_len":250,"midstream":0,"thread_ts_usec":946711673573000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":60030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":3906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":946713048252000} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":3906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":946713048252000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946713048252000,"flow_src_last_pkt_time":946713048252000,"flow_dst_last_pkt_time":946713048252000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1464,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946713048252000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":32951,"dst_port":60021,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":946713048252000,"flow_dst_last_pkt_time":946713048252000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946713048252000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUUWdAAD8RaT\/AqAJklJkjzYC36nUFwGJlBQD\/\/wD+\/v7+\/f39\/RI0VngGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":946713048252000,"flow_dst_last_pkt_time":946713048272000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":946713048272000,"pkt":"YDjgxTWgeJS0JASgCABFAAA45d9AADgR4WKUmSPNwKgCZOp1gLcAJA72BgD\/\/wD+\/v7+\/f39\/RI0VngABZGlNgURqAAF1A=="} @@ -92,7 +92,7 @@ 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946713304628000,"flow_src_last_pkt_time":946713304628000,"flow_dst_last_pkt_time":946713304628000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":110,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":110,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":110,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946713304628000,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":43582,"dst_port":44501,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":946713124625000,"flow_src_last_pkt_time":946713244627000,"flow_dst_last_pkt_time":946713124625000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946713304628000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"148.153.35.205","src_port":44501,"dst_port":59935,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946713304628000,"flow_src_last_pkt_time":946713304628000,"flow_dst_last_pkt_time":946713304628000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":110,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":110,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":110,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946713304628000,"l3_proto":"ip4","src_ip":"148.153.35.205","dst_ip":"192.168.2.100","src_port":43582,"dst_port":44501,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":66,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":6616,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":19,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":95,"global_ts_usec":946713304628000} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/raknet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":66,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":6616,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":19,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":95,"global_ts_usec":946713304628000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 66/66 ~~ skipped flows.............: 0 @@ -101,9 +101,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7792295 bytes -~~ total memory freed........: 7792295 bytes -~~ total allocations/frees...: 146558/146558 +~~ total memory allocated....: 11500738 bytes +~~ total memory freed........: 11500738 bytes +~~ total allocations/frees...: 216812/216812 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 533 chars ~~ json string max len.......: 2473 chars diff --git a/test/results/default/rdp.pcap.out b/test/results/default/rdp.pcap.out index e434ca4e3..7a84f8ff8 100644 --- a/test/results/default/rdp.pcap.out +++ b/test/results/default/rdp.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1559207465138576} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1559207465138576} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1559207465138576,"flow_src_last_pkt_time":1559207465138576,"flow_dst_last_pkt_time":1559207465138576,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559207465138576,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1559207465138576,"flow_dst_last_pkt_time":1559207465138576,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1559207465138576,"pkt":"AgAAAEUAAEAAAEAAQAbIuKwQArnAqAKOzQ4NPfm84lgAAAAAsML\/\/7iqAAACBAT5AQMDBQEBCAoLUEqcAAAAAAQCAAA="} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1559207465138576,"flow_dst_last_pkt_time":1559207465180991,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_usec":1559207465180991,"pkt":"AgAAAEUAADRflEAAfwYqMMCoAo6sEAK5DT3NDkeav7z5vOJZgBL6AEVOAAACBAW0AQMDAAEBBAI="} @@ -8,7 +8,7 @@ 01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1559207465138576,"flow_src_last_pkt_time":1559207465181421,"flow_dst_last_pkt_time":1559207465180991,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1559207465181421,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1559207465181421,"flow_dst_last_pkt_time":1559207465227138,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":63,"pkt_l4_len":39,"thread_ts_usec":1559207465227138,"pkt":"AgAAAEUAADtflUAAfwYqKMCoAo6sEAK5DT3NDkeav735vOJsUBj57ULVAAADAAATDtAAABI0AAIfCAAIAAAA"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":7,"flow_first_seen":1559207465138576,"flow_src_last_pkt_time":1559207465466244,"flow_dst_last_pkt_time":1559207465509666,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":572,"flow_dst_max_l4_payload_len":1179,"flow_src_tot_l4_payload_len":1081,"flow_dst_tot_l4_payload_len":1661,"midstream":0,"thread_ts_usec":1559207465509666,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":2742,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1559207465509666} +00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/rdp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":2742,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1559207465509666} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767343 bytes -~~ total memory freed........: 7767343 bytes -~~ total allocations/frees...: 146392/146392 +~~ total memory allocated....: 11475962 bytes +~~ total memory freed........: 11475962 bytes +~~ total allocations/frees...: 216646/216646 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 512 chars ~~ json string max len.......: 1105 chars diff --git a/test/results/default/rdp2.pcap.out b/test/results/default/rdp2.pcap.out index e7ce9025a..714e4e553 100644 --- a/test/results/default/rdp2.pcap.out +++ b/test/results/default/rdp2.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1622724948504706} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1622724948504706} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1622724948504706,"flow_src_last_pkt_time":1622724948504706,"flow_dst_last_pkt_time":1622724948504706,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622724948504706,"l3_proto":"ip4","src_ip":"192.168.122.181","dst_ip":"192.168.122.2","src_port":54759,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02160{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1622724948504706,"flow_dst_last_pkt_time":1622724948504706,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1622724948504706,"pkt":"UlQATzIvUlQAsDb7CABFAATsljsAAIARKb3AqHq1wKh6AtXnDT0E2Hry\/\/\/\/\/wBAGAG7\/1aHBNAE0KaQQMHfeUi3j6CMTWNjAAAAAAAAAAAAAAAAAAAAAAAAAAEBAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 02155{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1622724948504706,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1622724948618376,"pkt":"UlQAsDb7UlQATzIvCABFAATsY5IAAIARXGbAqHoCwKh6tQ091ecE2Hryu\/9WhwBAEAVNZ3lmBNAE0AABAQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} @@ -7,7 +7,7 @@ 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1622724949145111,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":187,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":187,"pkt_l4_len":153,"thread_ts_usec":1622724949145111,"pkt":"UlQATzIvUlQAsDb7CABFAACtljwAAIARLfvAqHq1wKh6AtXnDT0AmXazABTBAfQBZOBkAAEAFgMCAIABAAB8AwJguNFUNPYALrQay30kCVW9o2xX1uvvm8Mwc0UHAddumwAADsAKwAnAFMATADUALwAKAQAARQAAACIAIAAAHVdJTi04UVNPMEQzT0tCSS5IQVJERU5JTkcuQ09NAAoACAAGAB0AFwAYAAsAAgEAACMAAAAXAAD\/AQABAA=="} 01854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1622724949145292,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1049,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1049,"pkt_l4_len":1015,"thread_ts_usec":1622724949145292,"pkt":"UlQATzIvUlQAsDb7CABFAAQLlj0AAIARKpzAqHq1wKh6AtXnDT0D93oRABTAZABlAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1622724950156874,"flow_dst_last_pkt_time":1622724948618376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":184,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":184,"pkt_l4_len":150,"thread_ts_usec":1622724950156874,"pkt":"UlQATzIvUlQAsDb7CABFAACqlj4AAIARLfzAqHq1wKh6AtXnDT0AlnawARTAZgBmAOAAFgMCAIABAAB8AwJguNFUNPYALrQay30kCVW9o2xX1uvvm8Mwc0UHAddumwAADsAKwAnAFMATADUALwAKAQAARQAAACIAIAAAHVdJTi04UVNPMEQzT0tCSS5IQVJERU5JTkcuQ09NAAoACAAGAB0AFwAYAAsAAgEAACMAAAAXAAD\/AQABAA=="} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":4776,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1643703419087056} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":4776,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1643703419087056} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419087056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":338,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":338,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703419087056,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00966{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419087056,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":384,"pkt_l4_len":346,"thread_ts_usec":1643703419087056,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQABbs46AAB9ETIeCgglZApkAlfJxA09AVquCxCXYDMEAAAMAAEAAOZfhG3mX4RtFgMDAQYQAAECAQCjjsoVyw+wo5FaSAnrLg7K010lQhKSScz0HLEo3RbZDQpHIM8DOug1fzIMKYQ2jr1qowGGVp24rW1cdiGjDHjQOV6PWcwrK5xD0WVcizKFPsYpQTtmVwnbnunVKrb34miQP6S1q3usJoH3aAZyOYvZbk4IHBINWfdUFriPIrr\/SRiWhs0LUsB7qGIfahccFklYvuNjsKIrrqlpK9h8xbck3KFIyOS\/BaBtH43KUJPeIPtNHkAhuKAAgbpPg2MKYItrXno+cMr2LGEd0ULgohWYbDXUDjsQaQwA4c0J9bC\/KQhXBR8FkPLIAN0p1hYzlzPs9uypXcQ2aPmSQzdk3iOuFAMDAAEBFgMDACgAAAAAAAAAAJIpZ7YKWBdulQDNq0fLThVvneR0HNcHCdIdQMDnwqsj"} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1643703419087056,"flow_dst_last_pkt_time":1643703419092080,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":117,"pkt_l4_len":79,"thread_ts_usec":1643703419092080,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAYzWuAAB\/Ecm1CmQCVwoIJWQNPcnEAE8+OeZfhG0AyAAMAAEBABCXYDQQl2A0FAMDAAEBFgMDACgAAAAAAAAAAPQpDcwTGHQPEV9SAgzXooQGKEmtXTjZ+jovK+hcCckC"} @@ -16,7 +16,7 @@ 01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419098831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":77,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1643703419098831,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1643703419093178,"flow_dst_last_pkt_time":1643703419308184,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":117,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":117,"pkt_l4_len":79,"thread_ts_usec":1643703419308184,"pkt":"AAAAAAAAAAUAAAAIgQAFHAgARQAAYzXBAAB\/EcmiCmQCVwoIJWQNPcnEAE+UuOZfhG4AyAAMAAECABCXYDYQl2A2FwMDAC4AAAAAAAAAAtZqt5fQ0\/FIQe3F9rNB1YJWn0rvMRZkJ5CRsPpUxN\/e+geUeRF5"} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1622724948504706,"flow_src_last_pkt_time":1622724950156874,"flow_dst_last_pkt_time":1622724950268127,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":142,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":2526,"flow_dst_tot_l4_payload_len":2250,"midstream":0,"thread_ts_usec":1643703419813768,"l3_proto":"ip4","src_ip":"192.168.122.181","dst_ip":"192.168.122.2","src_port":54759,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":33,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":6526,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1645516407326363} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":33,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":6526,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1645516407326363} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645516407326363,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407326363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645516407326363,"l3_proto":"ip4","src_ip":"10.50.181.210","dst_ip":"10.50.73.36","src_port":60355,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407326363,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1278,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1278,"pkt_l4_len":1240,"thread_ts_usec":1645516407326363,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAE7GmRAAB+EbsVCjK10goySSTrww09BNi18v\/\/\/\/8AQBoBn9Z1KwTQBNBytTuEe0pHXbarayMEAgAAAAAAAAAAAAAAAAAAAAAAAAABAAJxu76IlD5YIdOR5pAOInyh18cxrcRBftGPwdGegtbSDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02161{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1645516407326363,"flow_dst_last_pkt_time":1645516407357265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1278,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1278,"pkt_l4_len":1240,"thread_ts_usec":1645516407357265,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAE7Gh0AAB\/EbsyCjJJJAoytdINPevDBNiXc5\/WdSsAQBAFx21cFwTQBNAAAQACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} @@ -26,7 +26,7 @@ 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1645516407369717,"flow_dst_last_pkt_time":1645516407447477,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"thread_ts_usec":1645516407447477,"pkt":"AAAAAAAAAAMAAAAIgQAEVAgARQAAbGh2AAB\/Eb+wCjJJJAoytdINPevDAFgPqJ\/WdSwAyAAMAAEATMdtXBjHbVwYFv7\/AAAAAAAAAAAALwMAACMAAAAAAAAAI\/7\/ICkHUCOZ3SBJZt72VIcV8EqRaEuGxgoLTFfRn5x3ANZP"} 01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1643703419087056,"flow_src_last_pkt_time":1643703419813768,"flow_dst_last_pkt_time":1643703419812713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":338,"flow_dst_max_l4_payload_len":102,"flow_src_tot_l4_payload_len":848,"flow_dst_tot_l4_payload_len":902,"midstream":0,"thread_ts_usec":1645516407454743,"l3_proto":"ip4","src_ip":"10.8.37.100","dst_ip":"10.100.2.87","src_port":51652,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1645516407326363,"flow_src_last_pkt_time":1645516407450379,"flow_dst_last_pkt_time":1645516407454743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":153,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1232,"flow_src_tot_l4_payload_len":1723,"flow_dst_tot_l4_payload_len":1328,"midstream":0,"thread_ts_usec":1645516407454743,"l3_proto":"ip4","src_ip":"10.50.181.210","dst_ip":"10.50.73.36","src_port":60355,"dst_port":3389,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"RDP","proto_id":"88","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":9577,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1645516407454743} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/rdp2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":39,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":9577,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1645516407454743} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 39/39 ~~ skipped flows.............: 0 @@ -35,9 +35,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7772210 bytes -~~ total memory freed........: 7772210 bytes -~~ total allocations/frees...: 146435/146435 +~~ total memory allocated....: 11480797 bytes +~~ total memory freed........: 11480797 bytes +~~ total allocations/frees...: 216689/216689 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 565 chars ~~ json string max len.......: 2168 chars diff --git a/test/results/default/reasm_crash_anon.pcapng.out b/test/results/default/reasm_crash_anon.pcapng.out index c5b7ef86d..a8d632c26 100644 --- a/test/results/default/reasm_crash_anon.pcapng.out +++ b/test/results/default/reasm_crash_anon.pcapng.out @@ -1,5 +1,5 @@ -00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1410865705717955} +00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1410865705717955} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1410865705717955,"flow_src_last_pkt_time":1410865705717955,"flow_dst_last_pkt_time":1410865705717955,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1410865705717955,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1410865705717955,"flow_dst_last_pkt_time":1410865705717955,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_usec":1410865705717955,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1410865705717964,"flow_dst_last_pkt_time":1410865705717955,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_usec":1410865705717964,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} @@ -7,11 +7,11 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1410865705719491,"flow_dst_last_pkt_time":1410865705719465,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1410865705719491,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBjkAAQAbTlcCokZMK0QiUyBJV7zv7ZAzdkduQgBAhO1EJAAABAQgKPplWLTphWIQ="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1410865705719495,"flow_dst_last_pkt_time":1410865705719465,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_usec":1410865705719495,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBjkAAQAbTlcCokZMK0QiUyBJV7zv7ZAzdkduQgBAhO1EYAAABAQgKPplWLTphWHY="} 02013{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1410865705717955,"flow_src_last_pkt_time":1410865856222147,"flow_dst_last_pkt_time":1410865856222116,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":725,"flow_src_tot_l4_payload_len":129,"flow_dst_tot_l4_payload_len":3158,"midstream":1,"thread_ts_usec":1410865856222147,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":9709947.0,"max":30165638,"stddev":14064983.0,"var":197823744180224.0,"ent":3.3,"data": [9,1510,1527,4,1248,1237,4,30097711,30099473,1765,3,1246,1236,30097518,8,30099327,1814,1237,30097422,1775,4,30101686,1241,30097498,30165638,1254,69395,30031106,8,30032779,1670]},"pktlen": {"min":52,"avg":155.0,"max":777,"stddev":234.8,"var":55144.5,"ent":4.0,"data": [65,65,126,52,52,777,52,52,65,106,52,52,765,52,65,65,106,52,52,65,52,52,777,52,65,106,777,52,65,65,106,52]},"bins": {"c_to_s": [23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,1,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,1,0,0,0,1,0],"entropies": [5.512839317,5.512839317,3.005599976,5.193430901,5.193430901,5.327538013,5.193430901,5.156889915,5.391298771,5.590394974,5.079966545,5.101990700,0.545940340,5.140451908,5.395370483,5.389761925,5.628829002,5.193430901,5.193430901,5.482069969,5.118428230,5.193430901,5.310135365,5.116507530,5.433681488,5.596330643,5.286610126,5.010550022,5.397304058,5.397304058,5.612702370,5.193430901]}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":94,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":5079,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1410866307727956} -00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":6225,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1410866909737971} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":94,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":5079,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1410866307727956} +00647{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":6225,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1410866909737971} 00889{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":195,"flow_dst_packets_processed":14,"flow_first_seen":1410865705717955,"flow_src_last_pkt_time":1410867180785359,"flow_dst_last_pkt_time":1410866307731044,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":725,"flow_src_tot_l4_payload_len":979,"flow_dst_tot_l4_payload_len":5441,"midstream":1,"thread_ts_usec":1410867180785359,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":195,"flow_dst_packets_processed":14,"flow_first_seen":1410865705717955,"flow_src_last_pkt_time":1410867180785359,"flow_dst_last_pkt_time":1410866307731044,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":725,"flow_src_tot_l4_payload_len":979,"flow_dst_tot_l4_payload_len":5441,"midstream":1,"thread_ts_usec":1410867180785359,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} -00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":209,"packets-processed":209,"total-skipped-flows":0,"total-l4-payload-len":6420,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1410867180785359} +00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/reasm_crash_anon.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":209,"packets-processed":209,"total-skipped-flows":0,"total-l4-payload-len":6420,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1410867180785359} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 209/209 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7774862 bytes -~~ total memory freed........: 7774862 bytes -~~ total allocations/frees...: 146581/146581 +~~ total memory allocated....: 11483481 bytes +~~ total memory freed........: 11483481 bytes +~~ total allocations/frees...: 216835/216835 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 562 chars ~~ json string max len.......: 2018 chars diff --git a/test/results/default/reasm_segv_anon.pcapng.out b/test/results/default/reasm_segv_anon.pcapng.out index b7aa8df51..2495a8c63 100644 --- a/test/results/default/reasm_segv_anon.pcapng.out +++ b/test/results/default/reasm_segv_anon.pcapng.out @@ -1,5 +1,5 @@ -00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1550422828553466} +00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1550422828553466} 00351{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422828553466,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422828553466} 00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1550422828553466,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422828553466,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1550422828553466,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -41,7 +41,7 @@ 00353{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422837968976,"packet_id":51,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422837968976} 00454{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1550422836808446,"pkt":"AAAAcxs8EFFy5LtdCABFeABkCt4AAEAR60WRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMOdAAARQAAPFlfQAB\/BgFNrBEkFT++kSvhEwBQ8LOPBjqqb3mgEAEBaxMAAAEBBRI6qqCxOqqwsTqqdPE6qpBJ"} 01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":54,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422844222036,"flow_dst_last_pkt_time":1550422844224430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2008,"flow_dst_tot_l4_payload_len":72488,"midstream":0,"thread_ts_usec":1550422844224430,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":82,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1550422844224430} +00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":82,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1550422844224430} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 82/82 ~~ skipped flows.............: 0 @@ -50,9 +50,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769131 bytes -~~ total memory freed........: 7769131 bytes -~~ total allocations/frees...: 146453/146453 +~~ total memory allocated....: 11477750 bytes +~~ total memory freed........: 11477750 bytes +~~ total allocations/frees...: 216707/216707 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 356 chars ~~ json string max len.......: 2505 chars diff --git a/test/results/default/reddit.pcap.out b/test/results/default/reddit.pcap.out index 375254435..1348fe492 100644 --- a/test/results/default/reddit.pcap.out +++ b/test/results/default/reddit.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1605291684451133} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1605291684451133} 00810{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291684451133,"flow_dst_last_pkt_time":1605291684451133,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684451133,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1605291684451133,"flow_dst_last_pkt_time":1605291684451133,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291684451133,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8UAAAAAoAL9IJAlAAACBAWgBAIICtTdYAcAAAAAAQMDBw=="} 00810{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291684451247,"flow_src_last_pkt_time":1605291684451247,"flow_dst_last_pkt_time":1605291684451247,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684451247,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -9,7 +9,7 @@ 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1605291684451133,"flow_dst_last_pkt_time":1605291684476073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291684476073,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXOWkwh+EoHfGoBJXgJjYAAACBAV4AQMDAwQCCArC1zJs1N1gBw=="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1605291684476117,"flow_dst_last_pkt_time":1605291684476073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291684476117,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8blpMIggBAB+xzRAAABAQgK1N1gIMLXMmw="} 01261{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1605291684476610,"flow_dst_last_pkt_time":1605291684476073,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291684476610,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8blpMIggBgB+\/TpAAABAQgK1N1gIMLXMmwWAwECAAEAAfwDA4uuqSGlaYkrooqTrn+tpuwEFqHXve+KWS5sY0YZYzAtIB8Dy2r0TMEQAKyWvv37U3EEFg7M1cxOcqNinyfcEA7jACDa2hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAIAAeAAAbc2FmZWJyb3dzaW5nLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACgAIKioAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACkqKgABAAAdACDpJ8gfLr7uFkPlmEjT3rwuxn7WZmrRa2l21mCLRvatFwAtAAIBAQArAAsKqqoDBAMDAwIDAQAbAAMCAAJqagABAAAVAMEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291684476610,"flow_dst_last_pkt_time":1605291684476073,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684476610,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291684476610,"flow_dst_last_pkt_time":1605291684476073,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684476610,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291684481568,"flow_src_last_pkt_time":1605291684481568,"flow_dst_last_pkt_time":1605291684481568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684481568,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1605291684481568,"flow_dst_last_pkt_time":1605291684481568,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291684481568,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7CxQAAAAAoAL9IHB8AAACBAWgBAIICql039UAAAAAAQMDBw=="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1605291684451247,"flow_dst_last_pkt_time":1605291684485305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291684485305,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXoJUF9DimtmGoBJXgOayAAACBAV4AQMDAwQCCArC1zJ11N1gBw=="} @@ -17,24 +17,24 @@ 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1605291684485349,"flow_dst_last_pkt_time":1605291684485305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291684485349,"pkt":"qtsDr8lk5EKm5WPyht1gDERGACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnF4Bu+Ka2YaCVBfRgBAB+2qiAAABAQgK1N1gKcLXMnU="} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1605291684485374,"flow_dst_last_pkt_time":1605291684485306,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291684485374,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iiLjb7y9ZjgBAB+yiDAAABAQgKqXTf2cLXMnU="} 01263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1605291684485819,"flow_dst_last_pkt_time":1605291684485305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291684485819,"pkt":"qtsDr8lk5EKm5WPyht1gDERGAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnF4Bu+Ka2YaCVBfRgBgB+3VxAAABAQgK1N1gKcLXMnUWAwECAAEAAfwDA+FyaTy3gljlCrKoC8pkvabZPAdbXS\/HjqlTeopJ7igJIFs4TU2zCegfACNAAt1BZk2uYfR4cn7k081CAzn0Xsa\/ACDq6hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOamgAAAAAAIAAeAAAbc2FmZWJyb3dzaW5nLmdvb2dsZWFwaXMuY29tABcAAP8BAAEAAAoACgAIenoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACl6egABAAAdACABIk96yyznUcaf6vVUimDnbh1HbGdPIENeRJowyIpZTAAtAAIBAQArAAsKuroDBAMDAwIDAQAbAAMCAAK6ugABAAAVAMEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291684451247,"flow_src_last_pkt_time":1605291684485819,"flow_dst_last_pkt_time":1605291684485305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684485819,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01250{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291684451247,"flow_src_last_pkt_time":1605291684485819,"flow_dst_last_pkt_time":1605291684485305,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684485819,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1605291684486237,"flow_dst_last_pkt_time":1605291684485306,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291684486237,"pkt":"qtsDr8lk5EKm5WPyht1gCYCjAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3O4Bu5iiLjb7y9ZjgBgB+0SGAAABAQgKqXTf2sLXMnUWAwECAAEAAfwDA8+KHdxMQ3baGhOy0m36F3JqRDzX4jcR6LxsIf9LR8+BIMkeD4Y9wR0SFsOkbLBc6vr02gpR5VUEznO\/yKsj0dCaACCamhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAEwARAAAOd3d3LnJlZGRpdC5jb20AFwAA\/wEAAQAACgAKAAjKygAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKcrKAAEAAB0AIBic8D9Jh7IHJYeU9O\/BIKhKDWJdCz1fe1mvtpZ3RbQCAC0AAgEBACsACwpqagMEAwMDAgMBABsAAwIAAqqqAAEAABUAzgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291684452132,"flow_src_last_pkt_time":1605291684486237,"flow_dst_last_pkt_time":1605291684485306,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684486237,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.reddit.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1605291684481568,"flow_dst_last_pkt_time":1605291684551717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291684551717,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8HTo0uYRewsVoBJXgNkGAAACBAV4AQMDAwQCCArC1zKKqXTf1Q=="} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1605291684476610,"flow_dst_last_pkt_time":1605291684551719,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291684551719,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXOWkwiCEoHnLgBALMBF6AAABAQgKwtcyidTdYCA="} -01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291684476610,"flow_dst_last_pkt_time":1605291684551719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291684551719,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291684476610,"flow_dst_last_pkt_time":1605291684551719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291684551719,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1605291684485819,"flow_dst_last_pkt_time":1605291684551721,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291684551721,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbucXoJUF9HimtuLgBALMF88AAABAQgKwtcyodTdYCk="} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1605291684551793,"flow_dst_last_pkt_time":1605291684551717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291684551793,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7CxV06NLngBAB+1zSAAABAQgKqXTgG8LXMoo="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1605291684486237,"flow_dst_last_pkt_time":1605291684551898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291684551898,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc7vvL1mOYojA7gBALMB0aAAABAQgKwtcyo6l039o="} 01308{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291684452132,"flow_src_last_pkt_time":1605291684486237,"flow_dst_last_pkt_time":1605291684551899,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291684551899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.reddit.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01577{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1605291684452132,"flow_src_last_pkt_time":1605291684486237,"flow_dst_last_pkt_time":1605291684551901,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291684551901,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.reddit.com","tls": {"version":"TLSv1.2","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}}} -01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291684451247,"flow_src_last_pkt_time":1605291684485819,"flow_dst_last_pkt_time":1605291684551902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291684551902,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291684451247,"flow_src_last_pkt_time":1605291684485819,"flow_dst_last_pkt_time":1605291684551902,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291684551902,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"safebrowsing.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1605291684552325,"flow_dst_last_pkt_time":1605291684551717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291684552325,"pkt":"qtsDr8lk5EKm5WPyht1gB3LfAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PABuxF7CxV06NLngBgB+0E5AAABAQgKqXTgHMLXMooWAwECAAEAAfwDAw2h35lTVBAJkyl1sZ6N6s5zh+HfO9Ai8hcQ4PFn0odDIC9Ixzbj0OvUbX513zU9YxMQBwvxWo3A0lte+Tbf\/2RZACDKyhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMKCgAAAAAAEwARAAAOd3d3LnJlZGRpdC5jb20AFwAA\/wEAAQAACgAKAAiKigAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKYqKAAEAAB0AIGqjGCo4hhSEqfk8mIsYygfLmwI2pMth38dwgmqFwWMRAC0AAgEBACsACwqamgMEAwMDAgMBABsAAwIAAqqqAAEAABUAzgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291684481568,"flow_src_last_pkt_time":1605291684552325,"flow_dst_last_pkt_time":1605291684551717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291684552325,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.reddit.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1605291684552325,"flow_dst_last_pkt_time":1605291684589289,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291684589289,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvc8HTo0ucRew0agBALMFFEAAABAQgKwtcy3al04Bw="} 01308{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291684481568,"flow_src_last_pkt_time":1605291684552325,"flow_dst_last_pkt_time":1605291684592780,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1048,"midstream":0,"thread_ts_usec":1605291684592780,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.reddit.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01577{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605291684481568,"flow_src_last_pkt_time":1605291684592921,"flow_dst_last_pkt_time":1605291684593083,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3144,"midstream":0,"thread_ts_usec":1605291684593083,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.reddit.com","tls": {"version":"TLSv1.2","server_names":"reddit.com,*.reddit.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Reddit Inc., CN=*.reddit.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:E9:D5:FE:EB:EF:68:34:55:FD:62:BA:C9:BB:04:D4:E3:22:18:81"}}} -02183{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291684654464,"flow_dst_last_pkt_time":1605291684654375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":824,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":2166,"flow_dst_tot_l4_payload_len":4508,"midstream":0,"thread_ts_usec":1605291684654464,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":13115.3,"max":75646,"stddev":23104.5,"var":533820192.0,"ent":3.2,"data": [24940,24984,493,75646,0,1,1,75219,11,11,8777,4975,582,741,37567,3490,25948,1187,485,1611,1121,59921,1,0,1,1,0,1,58810,38,10]},"pktlen": {"min":72,"avg":281.1,"max":1280,"stddev":342.1,"var":117045.1,"ent":4.2,"data": [80,80,72,589,72,1280,1280,572,72,72,72,136,164,896,710,72,652,72,72,103,72,103,72,72,384,422,285,111,139,72,72,72]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,0,0,1,0,0,1,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0],"entropies": [4.711516857,5.217300892,5.071401596,4.609335899,4.946592331,7.806063652,7.848966122,7.544353485,5.166606426,5.045011044,5.138829231,6.070029259,6.486535549,7.761092186,7.700193405,5.014019012,7.592603683,5.138829231,5.097352028,5.692110538,5.138829231,5.768221378,5.097352028,5.041796684,7.336868286,7.405985832,7.111319542,5.950567245,6.190017700,5.111051083,5.111051559,5.081305504]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02184{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291684654464,"flow_dst_last_pkt_time":1605291684654375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":824,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":2166,"flow_dst_tot_l4_payload_len":4508,"midstream":0,"thread_ts_usec":1605291684654464,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":13115.3,"max":75646,"stddev":23104.5,"var":533820192.0,"ent":3.2,"data": [24940,24984,493,75646,0,1,1,75219,11,11,8777,4975,582,741,37567,3490,25948,1187,485,1611,1121,59921,1,0,1,1,0,1,58810,38,10]},"pktlen": {"min":72,"avg":281.1,"max":1280,"stddev":342.1,"var":117045.1,"ent":4.2,"data": [80,80,72,589,72,1280,1280,572,72,72,72,136,164,896,710,72,652,72,72,103,72,103,72,72,384,422,285,111,139,72,72,72]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,1,0,0,0,1,0,0,1,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0],"entropies": [4.711516857,5.217300892,5.071401596,4.609335899,4.946592331,7.806063652,7.848966122,7.544353485,5.166606426,5.045011044,5.138829231,6.070029259,6.486535549,7.761092186,7.700193405,5.014019012,7.592603683,5.138829231,5.097352028,5.692110538,5.138829231,5.768221378,5.097352028,5.041796684,7.336868286,7.405985832,7.111319542,5.950567245,6.190017700,5.111051083,5.111051559,5.081305504]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291686035717,"flow_src_last_pkt_time":1605291686035717,"flow_dst_last_pkt_time":1605291686035717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686035717,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1605291686035717,"flow_dst_last_pkt_time":1605291686035717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291686035717,"pkt":"qtsDr8lk5EKm5WPyht1gDzZzACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3PIBu+DxzH8AAAAAoAL9INmFAAACBAWgBAIICql05ecAAAAAAQMDBw=="} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291686035769,"flow_src_last_pkt_time":1605291686035769,"flow_dst_last_pkt_time":1605291686035769,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291686035769,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56564,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -201,7 +201,7 @@ 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":464,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686985114,"flow_dst_last_pkt_time":1605291687016591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687016591,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPm6q63bg\/QoBJXgIMUAAACBAV4AQMDAwQCCArC1zxZVF\/gDA=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687016621,"flow_dst_last_pkt_time":1605291687016591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687016621,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD9DT5uqvgBAB+wcHAAABAQgKVF\/gK8LXPFk="} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687016591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687016854,"pkt":"qtsDr8lk5EKm5WPyht1gAMi0AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxxABu7duD9DT5uqvgBgB+0cnAAABAQgKVF\/gK8LXPFkWAwECAAEAAfwDA2TZVj7uQEkCD0qaduyi4bmVPP7zAKvO9+7Wlc8AMGeTIIS\/CXAHw3XUf20VSt6oh4Hf\/WTHeXksbYFJmbfF89a\/ACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAHgAcAAAZd3d3Lmdvb2dsZXRhZ3NlcnZpY2VzLmNvbQAXAAD\/AQABAAAKAAoACDo6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApOjoAAQAAHQAgYKiZy5yb0i6Knp9i3yjCivd+Ief6i7v0\/AghN6n2uzkALQACAQEAKwALCoqKAwQDAwMCAwEAGwADAgAC2toAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687016591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687016854,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01250{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687016591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687016854,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686996891,"flow_dst_last_pkt_time":1605291687024247,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687024247,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGhTs7YqAcsBIEmLB5kd7IUo3\/YpAbuVsAnf\/VJtBZoyoBJXgFGuAAACBAV4AQMDAwQCCArC1zxhc6MlRg=="} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1605291686985710,"flow_dst_last_pkt_time":1605291687024248,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687024248,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbup5BqPq4R5AeISoBJXgAGtAAACBAV4AQMDAwQCCArC1zxhS\/piSQ=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687024307,"flow_dst_last_pkt_time":1605291687024247,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687024307,"pkt":"qtsDr8lk5EKm5WPyht1gCh2fACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7O2lbABu20FmjIJ3\/1TgBAB+9WjAAABAQgKc6MlYsLXPGE="} @@ -211,12 +211,12 @@ 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687024727,"flow_dst_last_pkt_time":1605291687024248,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687024727,"pkt":"qtsDr8lk5EKm5WPyht1gDjDtAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAAN+SHGqeQBu3kB4hIaj6uFgBgB+4vHAAABAQgKS\/picMLXPGEWAwECAAEAAfwDA5a9I0DX\/RoLLAwCTlolT1w7O+Tvbm6bAwmHB\/Gzvv4KIKCfkVZBs7YxSZgdkLoG0zKZeHzoKc6I+SIaE11zlfvtACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZM6OgAAAAAAGgAYAAAVYy5hbWF6b24tYWRzeXN0ZW0uY29tABcAAP8BAAEAAAoACgAI+voAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACn6+gABAAAdACC3JhULSj7xGhtoU9gOb9OIs2MhB9H2Fq8bhGiDmIiZGgAtAAIBAQArAAsKmpoDBAMDAwIDAQAbAAMCAAIqKgABAAAVAMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01230{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":472,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291687024727,"flow_dst_last_pkt_time":1605291687024248,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687024727,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"c.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687053426,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687053426,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHENPm6q+3bhHVgBALMPumAAABAQgKwtc8f1Rf4Cs="} -01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687060476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291687060476,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291687016854,"flow_dst_last_pkt_time":1605291687060476,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291687060476,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagservices.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687024606,"flow_dst_last_pkt_time":1605291687061560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687061560,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAGhTs7YqAcsBIEmLB5kd7IUo3\/YpAbuVsAnf\/VNtBZw3gBALMMpCAAABAQgKwtc8iHOjJWI="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687024727,"flow_dst_last_pkt_time":1605291687061560,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687061560,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAA35IcYqAcsBIEmLB5kd7IUo3\/YpAbup5BqPq4V5AeQXgBALMHo2AAABAQgKwtc8iEv6YnA="} 01275{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291687024727,"flow_dst_last_pkt_time":1605291687075726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687075726,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"c.amazon-adsystem.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01250{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291686996891,"flow_src_last_pkt_time":1605291687024606,"flow_dst_last_pkt_time":1605291687096859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687096859,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"c.aaxads.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -02192{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291687110047,"flow_dst_last_pkt_time":1605291687110135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":965,"flow_dst_tot_l4_payload_len":10234,"midstream":0,"thread_ts_usec":1605291687110135,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8063.0,"max":43636,"stddev":14163.2,"var":200595904.0,"ent":3.1,"data": [31477,31507,233,36835,7050,0,43636,16,599,576,2431,165,135,37718,689,1069,36764,111,89,22,531,8580,9121,90,75,174,0,158,5,98,0]},"pktlen": {"min":72,"avg":422.5,"max":1280,"stddev":490.0,"var":240053.7,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,533,72,136,164,333,72,72,652,72,103,72,103,72,778,72,1280,72,1280,1280,72,72,1280,1280]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,0,1,0,0,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.794175148,5.301737785,5.137723446,4.609352589,5.163392067,7.822265148,7.828993320,5.193279266,5.193279266,7.574356556,5.165501595,6.187675953,6.451539040,7.193062782,5.135614395,5.135614395,7.646523952,5.182794571,5.842692375,5.165501595,5.903290272,5.163392067,7.712309837,5.193279266,7.843823910,5.165501595,7.846527100,7.838549614,5.193279266,5.165501118,7.822370052,7.826137066]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02193{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291687110047,"flow_dst_last_pkt_time":1605291687110135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":965,"flow_dst_tot_l4_payload_len":10234,"midstream":0,"thread_ts_usec":1605291687110135,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8063.0,"max":43636,"stddev":14163.2,"var":200595904.0,"ent":3.1,"data": [31477,31507,233,36835,7050,0,43636,16,599,576,2431,165,135,37718,689,1069,36764,111,89,22,531,8580,9121,90,75,174,0,158,5,98,0]},"pktlen": {"min":72,"avg":422.5,"max":1280,"stddev":490.0,"var":240053.7,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,533,72,136,164,333,72,72,652,72,103,72,103,72,778,72,1280,72,1280,1280,72,72,1280,1280]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,0,1,0,0,1,1,0,1,0,1,1,0,0,1,1],"entropies": [4.794175148,5.301737785,5.137723446,4.609352589,5.163392067,7.822265148,7.828993320,5.193279266,5.193279266,7.574356556,5.165501595,6.187675953,6.451539040,7.193062782,5.135614395,5.135614395,7.646523952,5.182794571,5.842692375,5.165501595,5.903290272,5.163392067,7.712309837,5.193279266,7.843823910,5.165501595,7.846527100,7.838549614,5.193279266,5.165501118,7.822370052,7.826137066]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01969{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291687112023,"flow_dst_last_pkt_time":1605291687112006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":962,"flow_dst_tot_l4_payload_len":11490,"midstream":0,"thread_ts_usec":1605291687112023,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8148.7,"max":51019,"stddev":15066.4,"var":226995168.0,"ent":3.0,"data": [38538,38619,398,37312,14166,1,0,0,1,51019,20,3,2,2,2408,107,140,31274,2,1645,1,30239,111,3355,1,0,0,3233,8,2,2]},"pktlen": {"min":72,"avg":461.6,"max":1460,"stddev":586.5,"var":343946.1,"ent":4.0,"data": [80,80,72,589,72,1460,1460,1460,1460,387,72,72,72,72,72,136,164,330,72,72,72,143,72,103,1460,1460,1460,1460,72,72,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,1,1,0,0,0,0],"entropies": [4.836891651,5.211080551,5.205674171,4.514605999,5.057240963,7.814661026,7.847680092,7.865528107,7.842185020,7.380033970,5.243936539,5.243936539,5.155763149,5.188381195,5.132825851,6.139283180,6.518441677,7.254546165,5.029463291,5.029463291,5.057240963,6.252353668,5.243936539,5.873327255,7.877524853,7.827719688,7.871821880,7.839930534,5.243936539,5.243936539,5.271714211,5.271714211]}} 01278{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291687112023,"flow_dst_last_pkt_time":1605291687112006,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":962,"flow_dst_tot_l4_payload_len":11490,"midstream":0,"thread_ts_usec":1605291687112023,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"c.amazon-adsystem.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687485783,"flow_src_last_pkt_time":1605291687485783,"flow_dst_last_pkt_time":1605291687485783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687485783,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -241,12 +241,12 @@ 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687642048,"flow_dst_last_pkt_time":1605291687676357,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687676357,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgWAAAAAAAAIAgqAcsBIEmLB5kd7IUo3\/YpAbuaYOcfuuGDx7sZoBJXgGbFAAACBAV4AQMDAwQCCArC1z7qwvhcvA=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":658,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687676396,"flow_dst_last_pkt_time":1605291687676357,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687676396,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxnnH7rigBAB++qzAAABAQgKwvhc38LXPuo="} 01263{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687676357,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687678071,"pkt":"qtsDr8lk5EKm5WPyht1gDI7+AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFgAAAAAAACAImmABu4PHuxnnH7rigBgB+7zOAAABAQgKwvhc4MLXPuoWAwECAAEAAfwDA2DQ5OxREVO95xl1cBrII9zoe+SeXEyLTL2RY3d38wEfIDXqjNmx1LhM5R6ahoCjZqYoEOLjS9cTu1r8mF5O4+z+ACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMaGgAAAAAAHQAbAAAYd3d3Lmdvb2dsZXRhZ21hbmFnZXIuY29tABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACC7Hzx8NSeckRnAno888LeBaZNAd1ZxsSahddbprKYQMwAtAAIBAQArAAsK6uoDBAMDAwIDAQAbAAMCAAIKCgABAAAVAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687676357,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687678071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01249{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":659,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687676357,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687678071,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687714410,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687714410,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgWAAAAAAAAIAgqAcsBIEmLB5kd7IUo3\/YpAbuaYOcfuuKDx70egBALMN9QAAABAQgKwtc\/EsL4XOA="} -01293{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687721930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291687721930,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01294{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":661,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687678071,"flow_dst_last_pkt_time":1605291687721930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291687721930,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":677,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291687761761,"flow_src_last_pkt_time":1605291687761761,"flow_dst_last_pkt_time":1605291687761761,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687761761,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1605291687761761,"flow_dst_last_pkt_time":1605291687761761,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687761761,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bcAAAAAoAL9IFSZAAACBAWgBAIIClvEqOkAAAAAAQMDBw=="} -02189{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687769797,"flow_dst_last_pkt_time":1605291687770512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":967,"flow_dst_tot_l4_payload_len":10018,"midstream":0,"thread_ts_usec":1605291687770512,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8264.9,"max":43870,"stddev":14337.0,"var":205550432.0,"ent":3.2,"data": [34309,34348,1675,38053,7520,1,0,43870,15,3,2990,179,332,37258,1,401,1,34144,24,176,2332,6921,9068,836,1,863,34,109,28,721,0]},"pktlen": {"min":72,"avg":415.8,"max":1280,"stddev":486.5,"var":236643.5,"ent":4.1,"data": [80,80,72,589,72,1280,1280,550,72,72,72,136,164,335,72,72,652,103,72,72,103,72,545,72,1280,1280,72,72,1280,72,1280,1280]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,1,1,0,0,1,0,1,1],"entropies": [4.845952988,5.276736736,5.138828754,4.602811337,5.041796684,7.803936958,7.832890034,7.552286625,5.166606426,5.194384098,5.194384098,6.037216187,6.610102654,7.276579857,5.041796684,5.041796684,7.656215668,5.660604000,5.183899403,5.183899403,5.788832664,5.069574356,7.590582848,5.222161770,7.845970631,7.817458153,5.222161770,5.222161770,7.842357159,5.222161770,7.846263409,7.836318970]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02190{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":688,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687769797,"flow_dst_last_pkt_time":1605291687770512,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":967,"flow_dst_tot_l4_payload_len":10018,"midstream":0,"thread_ts_usec":1605291687770512,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":8264.9,"max":43870,"stddev":14337.0,"var":205550432.0,"ent":3.2,"data": [34309,34348,1675,38053,7520,1,0,43870,15,3,2990,179,332,37258,1,401,1,34144,24,176,2332,6921,9068,836,1,863,34,109,28,721,0]},"pktlen": {"min":72,"avg":415.8,"max":1280,"stddev":486.5,"var":236643.5,"ent":4.1,"data": [80,80,72,589,72,1280,1280,550,72,72,72,136,164,335,72,72,652,103,72,72,103,72,545,72,1280,1280,72,72,1280,72,1280,1280]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,1,1,0,0,1,0,1,1],"entropies": [4.845952988,5.276736736,5.138828754,4.602811337,5.041796684,7.803936958,7.832890034,7.552286625,5.166606426,5.194384098,5.194384098,6.037216187,6.610102654,7.276579857,5.041796684,5.041796684,7.656215668,5.660604000,5.183899403,5.183899403,5.788832664,5.069574356,7.590582848,5.222161770,7.845970631,7.817458153,5.222161770,5.222161770,7.842357159,5.222161770,7.846263409,7.836318970]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687761761,"flow_dst_last_pkt_time":1605291687790624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687790624,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAGhTs9EqAcsBIEmLB5kd7IUo3\/YpAbuAylJzVUg0Stm4oBJXgFBhAAACBAV4AQMDAwQCCArC1z9gW8So6Q=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687790646,"flow_dst_last_pkt_time":1605291687790624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687790646,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bhSc1VJgBAB+9RVAAABAQgKW8SpBsLXP2A="} 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":709,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687790793,"flow_dst_last_pkt_time":1605291687790624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687790793,"pkt":"qtsDr8lk5EKm5WPyht1gCTrZAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABoU7PRgMoBuzRK2bhSc1VJgBgB+28mAAABAQgKW8SpBsLXP2AWAwECAAEAAfwDA36LmdTGhSoOn80oilyfPNGRp5C4BlBBz5Xd3jcwfMKTIAaF+rCsUiCOU8bqK7O8i4N8LINKpStTbOqmpKKpf9E2ACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAFgAUAAARd3d3LmFheGRldGVjdC5jb20AFwAA\/wEAAQAACgAKAAgKCgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKQoKAAEAAB0AIH6hi26DByeZiCnUzyO1ln0CmgKVhjsp0romzaxtOzIVAC0AAgEBACsACwqKigMEAwMDAgMBABsAAwIAApqaAAEAABUAywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} @@ -275,7 +275,7 @@ 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":766,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687931808,"flow_dst_last_pkt_time":1605291687966627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687966627,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvWTrVWRoTRRdL3oBJXgGFBAAACBAV4AQMDAwQCCArC10AQcJK4Zg=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":767,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687966647,"flow_dst_last_pkt_time":1605291687966627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687966647,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0ve1VkaFgBAB++UvAAABAQgKcJK4icLXQBA="} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":768,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":4,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291687966627,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291687966872,"pkt":"qtsDr8lk5EKm5WPyht1gCkMmAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBgAAAAAAACAO1k4Bu9FF0ve1VkaFgBgB+zFNAAABAQgKcJK4icLXQBAWAwECAAEAAfwDA3WeIBLYdziEEn7QNz0OGHsUEusI6KY9\/RKF89EV1ileIBMHWJUBm+OFCD0sy0ylrulb4WElhpq\/dz7TuTzNb3wqACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFAASAAAPd3d3LnlvdXR1YmUuY29tABcAAP8BAAEAAAoACgAIenoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACl6egABAAAdACBnIwLwO9uU6L4jUM5auBmPbrs7aOwSFobkFewcQ7OAAwAtAAIBAQArAAsKCgoDBAMDAwIDAQAbAAMCAAIqKgABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":768,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291687966627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687966872,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":768,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291687966627,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291687966872,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":769,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1605291687933355,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291687974700,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYgARaADQAh+RZQSfh\/EI4qAcsBIEmLB5kd7IUo3\/YpAbu+CLYiE5XSRuhLoBJXgDDhAAACBAV4AQMDAwQCCArC10AQ14piew=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":770,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687933001,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687974700,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAACJ4z5QqAcsBIEmLB5kd7IUo3\/YpAbuayhO+xPR32HzbgBALMG3oAAABAQgKwtdAFVOdBiI="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":771,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1605291687974730,"flow_dst_last_pkt_time":1605291687974700,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291687974730,"pkt":"qtsDr8lk5EKm5WPyht1gBZTsACAGQCoBywEgSYsHmR3shSjf9ikmIAEWgA0AIfkWUEn4fxCOvggBu9JG6Eu2IhOWgBAB+7TJAAABAQgK14pipMLXQBA="} @@ -288,7 +288,7 @@ 01250{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":776,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687896532,"flow_src_last_pkt_time":1605291687933001,"flow_dst_last_pkt_time":1605291687976086,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291687976086,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"id.rlcdn.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291688019659,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688019659,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgGAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvWTrVWRoXRRdT8gBALMNnKAAABAQgKwtdAO3CSuIk="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291688020339,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688020339,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYgARaADQAh+RZQSfh\/EI4qAcsBIEmLB5kd7IUo3\/YpAbu+CLYiE5bSRupQgBALMKljAAABAQgKwtdAPNeKYqQ="} -01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":789,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291688024605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688024605,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":789,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291687966872,"flow_dst_last_pkt_time":1605291688024605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688024605,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"www.youtube.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":794,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1605291687975399,"flow_dst_last_pkt_time":1605291688025071,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688025071,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAABc2hvEqAcsBIEmLB5kd7IUo3\/YpAbus6CNL5dhGO8qWgBALMDrJAAABAQgKwtdAQVHJMCE="} 01305{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":795,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687934638,"flow_src_last_pkt_time":1605291687975399,"flow_dst_last_pkt_time":1605291688025072,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688025072,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement","hostname":"sb.scorecardresearch.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01315{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":809,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291687974969,"flow_dst_last_pkt_time":1605291688036417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688036417,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"secure.quantserve.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} @@ -314,13 +314,13 @@ 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":906,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688344280,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688371819,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYAkAAhnO4AAAZE4\/jAk6EqAcsBIEmLB5kd7IUo3\/YpAbvbeuzTe9OJtD5hoBJXgGMHAAACBAV4AQMDAwQCCArC10GlCLeWmA=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":907,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688371834,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688371834,"pkt":"qtsDr8lk5EKm5WPyht1gATUNACAGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmHs03vUgBAB++b9AAABAQgKCLeWs8LXQaU="} 01270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":908,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688372055,"pkt":"qtsDr8lk5EKm5WPyht1gATUNAiUGQCoBywEgSYsHmR3shSjf9ikmAJAAIZzuAAAGROP4wJOh23oBu4m0PmHs03vUgBgB+yzJAAABAQgKCLeWs8LXQaUWAwECAAEAAfwDA9hatQx\/QktbULCFc2FQNgXPGrp+qPvBQrE5NDlBZlE\/IMd+e8Lduh2\/OW58Rm5lIQBoGyh8j\/3MT9YMf0bL3Me3ACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAGQAXAAAUcnVsZXMucXVhbnRjb3VudC5jb20AFwAA\/wEAAQAACgAKAAhKSgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKUpKAAEAAB0AIOhk20ZK7Hqhb4\/e3Kx4aK6U4Kcjb5InvqFomt\/cTww3AC0AAgEBACsACwr6+gMEAwMDAgMBABsAAwIAAtraAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":908,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688372055,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"rules.quantcount.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":908,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688371819,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688372055,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"rules.quantcount.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688365341,"flow_dst_last_pkt_time":1605291688397011,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688397011,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnC63k29KV6g6gBALMC9uAAABAQgKwtdBun8mSzU="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":910,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688371089,"flow_dst_last_pkt_time":1605291688408044,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688408044,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAANg60eYqAcsBIEmLB5kd7IUo3\/YpAbvHnlMkjxE2CKk+gBALMCKeAAABAQgKwtdBvn8mSzs="} 01285{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":911,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688365341,"flow_dst_last_pkt_time":1605291688408044,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688408044,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01285{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":915,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688336354,"flow_src_last_pkt_time":1605291688371089,"flow_dst_last_pkt_time":1605291688408514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291688408514,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"ad.doubleclick.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":918,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688408515,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688408515,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYAkAAhnO4AAAZE4\/jAk6EqAcsBIEmLB5kd7IUo3\/YpAbvbeuzTe9SJtEBmgBALMNufAAABAQgKwtdByQi3lrM="} -01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":925,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688411963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688411963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"rules.quantcount.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":925,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688372055,"flow_dst_last_pkt_time":1605291688411963,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688411963,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"rules.quantcount.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 02197{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":975,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688488430,"flow_dst_last_pkt_time":1605291688495517,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1402,"flow_dst_tot_l4_payload_len":4278,"midstream":0,"thread_ts_usec":1605291688495517,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":10832.1,"max":42730,"stddev":14959.8,"var":223794400.0,"ent":3.6,"data": [41079,41100,165,31856,11033,42730,469,1,470,25,2812,1299,93,34223,10205,1,40205,536,1458,1,938,16571,1,3,16547,20,17,4417,310,12670,24540]},"pktlen": {"min":72,"avg":250.0,"max":1460,"stddev":362.6,"var":131502.0,"ent":4.0,"data": [80,80,72,589,72,1460,72,1460,172,72,72,136,164,486,72,652,72,72,103,72,103,72,793,103,111,72,72,72,111,107,282,72]},"bins": {"c_to_s": [11,2,2,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1],"entropies": [4.857011318,5.329952717,5.273682594,4.540163040,5.139187336,7.843326092,5.273682594,7.862450600,6.539532185,5.273682594,5.273682594,6.134756088,6.541216850,7.446951866,5.166965008,7.636521339,5.100924969,5.273682594,5.932955742,5.111409664,5.777672768,5.263197899,7.737014294,5.703792095,5.962306976,5.301460266,5.329237938,5.329237938,6.057867527,5.878192425,7.107053280,5.166965008]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 02012{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":987,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291688483940,"flow_dst_last_pkt_time":1605291688560007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":4488,"midstream":0,"thread_ts_usec":1605291688560007,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":46567.4,"max":216552,"stddev":67587.7,"var":4568099328.0,"ent":3.6,"data": [29231,29299,228,29539,187299,216552,332,0,326,7,1815,188,30,70254,211900,6516,1,182884,58339,20162,41757,64,46,873,11694,10868,9898,6233,112514,128634,76106]},"pktlen": {"min":72,"avg":258.4,"max":1460,"stddev":353.4,"var":124913.6,"ent":4.1,"data": [80,80,72,589,72,1460,72,1460,735,72,72,198,171,362,362,72,72,72,172,72,314,72,116,72,110,110,72,72,72,531,72,338]},"bins": {"c_to_s": [9,1,0,3,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,2,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1],"entropies": [4.822575092,5.245516300,5.245904922,4.574756145,5.111409664,6.787540913,5.218127251,7.353115559,7.586227894,5.162571907,5.190349579,6.362659931,6.273279667,7.149994850,7.138213634,5.083631992,5.055854321,5.055854321,6.419822216,5.083631992,6.981730461,5.245904922,5.900056362,5.218127251,5.636374950,5.857635021,5.190349579,5.083631992,5.083631992,7.496485710,5.175263882,7.287763596]}} 01769{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":987,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291688483940,"flow_dst_last_pkt_time":1605291688560007,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":4488,"midstream":0,"thread_ts_usec":1605291688560007,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"syndication.twitter.com","tls": {"version":"TLSv1.2","server_names":"syndication.twitter.com,syndication.twimg.com,syndication-o.twitter.com,syndication-o.twimg.com,cdn.syndication.twitter.com,cdn.syndication.twimg.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=Twitter, Inc., OU=lon3, CN=syndication.twitter.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"09:D3:FE:9A:3E:39:A7:E2:90:5B:C9:1F:3B:7D:CE:7C:7E:08:1C:6F"}}} @@ -329,9 +329,9 @@ 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":994,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688611238,"flow_dst_last_pkt_time":1605291688654248,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688654248,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNBoNFCkHQgeCALYqAcsBIEmLB5kd7IUo3\/YpAbubOJS20cTxd2ePoBJXgMFkAAACBAV4AQMDAwQCCArC10K+9jYFHg=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":995,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688654303,"flow_dst_last_pkt_time":1605291688654248,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688654303,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z4+UttHFgBAB+0VLAAABAQgK9jYFScLXQr4="} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":996,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688654248,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688654612,"pkt":"qtsDr8lk5EKm5WPyht1gDEO\/AiUGQCoBywEgSYsHmR3shSjf9ikmBigAATQaDRQpB0IHggC2mzgBu\/F3Z4+UttHFgBgB+9l4AAABAQgK9jYFScLXQr4WAwECAAEAAfwDA46RLPCXby2v1fhhEaIIot6g8XiGmSWLgLgejrMgyw66ICkvsU+x9q1tILELIWe9u4V18z4rsB3VSuGPlE2gOpFxACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMKCgAAAAAAHgAcAAAZY2RuLnN5bmRpY2F0aW9uLnR3aW1nLmNvbQAXAAD\/AQABAAAKAAoACNraAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp2toAAQAAHQAgkrvLnn5W3A5xznxU8nIj0ij8otKT8iVeuL\/XwL97plwALQACAQEAKwALClpaAwQDAwMCAwEAGwADAgAC2toAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":996,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688654248,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688654612,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"cdn.syndication.twimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":996,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688654248,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688654612,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"cdn.syndication.twimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688695528,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688695528,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYGKAABNBoNFCkHQgeCALYqAcsBIEmLB5kd7IUo3\/YpAbubOJS20cXxd2mUgBALMDnoAAABAQgKwtdC5\/Y2BUk="} -01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":998,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688705717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605291688705717,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"cdn.syndication.twimg.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":998,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688654612,"flow_dst_last_pkt_time":1605291688705717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605291688705717,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"cdn.syndication.twimg.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1002,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688712501,"flow_dst_last_pkt_time":1605291688712501,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688712501,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688712501,"flow_dst_last_pkt_time":1605291688712501,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688712501,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQQAAAAAoAL9IGnKAAACBAWgBAIICoWLJ5EAAAAAAQMDBw=="} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1012,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688749044,"flow_dst_last_pkt_time":1605291688749044,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688749044,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -339,14 +339,14 @@ 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1016,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688712501,"flow_dst_last_pkt_time":1605291688754068,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688754068,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAYqAcsBIEmLB5kd7IUo3\/YpAbvVxjGyAqhUIR0FoBJXgNU8AAACBAV4AQMDAwQCCArC10MXhYsnkQ=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1017,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688754101,"flow_dst_last_pkt_time":1605291688754068,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688754101,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQUxsgKpgBAB+1kkAAABAQgKhYsnu8LXQxc="} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1018,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688754068,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688754330,"pkt":"qtsDr8lk5EKm5WPyht1gBqw+AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACAG1cYBu1QhHQUxsgKpgBgB+7qNAAABAQgKhYsnu8LXQxcWAwECAAEAAfwDAyXaTUGeswmyVM8\/Dl2Qf5fitrGFmVKyru8OELloUAwbIMUqQj\/L7tNTcV3UD9UpA2mjeLajzAaCv8lzw2\/F86fvACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGwAZAAAWc3RhdGljLmRvdWJsZWNsaWNrLm5ldAAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgkJbXOIyvxcmniIJLU3Qom4gz6w8\/FjW9fJVELvdvcGIALQACAQEAKwALCvr6AwQDAwMCAwEAGwADAgACWloAAQAAFQDGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01251{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1018,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688754068,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688754330,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1018,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688754068,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688754330,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1025,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688749044,"flow_dst_last_pkt_time":1605291688786435,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688786435,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAQqAcsBIEmLB5kd7IUo3\/YpAbvfwoEYYXPjQDuzoBJXgOVIAAACBAV4AQMDAwQCCArC10M\/bf\/I8g=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1026,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688786460,"flow_dst_last_pkt_time":1605291688786435,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688786460,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7OBGGF0gBAB+2k0AAABAQgKbf\/JGMLXQz8="} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1027,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688786633,"flow_dst_last_pkt_time":1605291688786435,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688786633,"pkt":"qtsDr8lk5EKm5WPyht1gCJDMAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAE38IBu+NAO7OBGGF0gBgB+9LpAAABAQgKbf\/JGMLXQz8WAwECAAEAAfwDAxslW\/nV6n4TSU+WU427vUmpkTBTAfJMCiXCjsW6jsM1IDI9pBtUEgNPXXn3m6DfkXTykQkxvHtW6AlECtSxtZwqACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAEwARAAAOd3d3Lmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAh6egAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKXp6AAEAAB0AIOcwVI1IhWdfqyJF52U0JaQN9BKpJPL3krZ3EsrflGwKAC0AAgEBACsACwq6ugMEAwMDAgMBABsAAwIAAvr6AAEAABUAzgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688786633,"flow_dst_last_pkt_time":1605291688786435,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688786633,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1027,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688786633,"flow_dst_last_pkt_time":1605291688786435,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688786633,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1038,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688794873,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688794873,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAYqAcsBIEmLB5kd7IUo3\/YpAbvVxjGyAqlUIR8KgBALME23AAABAQgKwtdDSoWLJ7s="} -02201{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1040,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688786771,"flow_dst_last_pkt_time":1605291688811895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1624,"flow_dst_tot_l4_payload_len":5905,"midstream":0,"thread_ts_usec":1605291688811895,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":12135.2,"max":51136,"stddev":17866.3,"var":319203328.0,"ent":3.5,"data": [43010,43065,309,41280,10189,51136,400,38397,3509,41489,471,1,468,4,62,52,2291,169,102,38533,0,1,0,35978,9,3,58,5162,2233,17560,249]},"pktlen": {"min":72,"avg":307.8,"max":1280,"stddev":396.4,"var":157103.1,"ent":4.1,"data": [80,80,72,589,72,171,72,595,72,1280,72,1280,1280,72,72,409,72,146,164,459,72,327,327,168,72,72,72,103,72,72,103,1280]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,2,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1],"entropies": [5.156615734,5.498501778,5.447478771,4.680018902,5.305136681,6.159050465,5.343176365,5.095525742,5.322429657,7.814732552,5.475256443,7.833696365,7.860356808,5.419701099,5.436994553,7.369849682,5.475256443,6.433616161,6.626874924,7.528322220,5.360692024,7.254635811,7.262678146,6.541914940,5.447478771,5.475256443,5.447478771,6.000376225,5.388469696,5.360692024,5.934231758,7.832221508]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -01296{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1043,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688813598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688813598,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +02204{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1040,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688786771,"flow_dst_last_pkt_time":1605291688811895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1624,"flow_dst_tot_l4_payload_len":5905,"midstream":0,"thread_ts_usec":1605291688811895,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":12135.2,"max":51136,"stddev":17866.3,"var":319203328.0,"ent":3.5,"data": [43010,43065,309,41280,10189,51136,400,38397,3509,41489,471,1,468,4,62,52,2291,169,102,38533,0,1,0,35978,9,3,58,5162,2233,17560,249]},"pktlen": {"min":72,"avg":307.8,"max":1280,"stddev":396.4,"var":157103.1,"ent":4.1,"data": [80,80,72,589,72,171,72,595,72,1280,72,1280,1280,72,72,409,72,146,164,459,72,327,327,168,72,72,72,103,72,72,103,1280]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,2,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1],"entropies": [5.156615734,5.498501778,5.447478771,4.680018902,5.305136681,6.159050465,5.343176365,5.095525742,5.322429657,7.814732552,5.475256443,7.833696365,7.860356808,5.419701099,5.436994553,7.369849682,5.475256443,6.433616161,6.626874924,7.528322220,5.360692024,7.254635811,7.262678146,6.541914940,5.447478771,5.475256443,5.447478771,6.000376225,5.388469696,5.360692024,5.934231758,7.832221508]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +01297{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1043,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688754330,"flow_dst_last_pkt_time":1605291688813598,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688813598,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"static.doubleclick.net","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1054,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291688830061,"flow_dst_last_pkt_time":1605291688830061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688830061,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1054,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688830061,"flow_dst_last_pkt_time":1605291688830061,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688830061,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5AAAAAAoAL9IFwjAAACBAWgBAIICu7gTZEAAAAAAQMDBw=="} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1055,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688831210,"flow_dst_last_pkt_time":1605291688831210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688831210,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -356,33 +356,33 @@ 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1060,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688843899,"flow_dst_last_pkt_time":1605291688843899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688843899,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/oAAAAAoAL9IC3PAAACBAWgBAIICjfz93gAAAAAAQMDBw=="} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1061,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291688843948,"flow_src_last_pkt_time":1605291688843948,"flow_dst_last_pkt_time":1605291688843948,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688843948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1061,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1605291688843948,"flow_dst_last_pkt_time":1605291688843948,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688843948,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdYAAAAAoAL9IPghAAACBAWgBAIICjfz93gAAAAAAQMDBw=="} -01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1062,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688786633,"flow_dst_last_pkt_time":1605291688848925,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688848925,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1062,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688786633,"flow_dst_last_pkt_time":1605291688848925,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688848925,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1097,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688843899,"flow_dst_last_pkt_time":1605291688889230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688889230,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4xvp17E2f1af7oBJXgOZHAAACBAV4AQMDAwQCCArC10OnN\/P3eA=="} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1098,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688843948,"flow_dst_last_pkt_time":1605291688889231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688889231,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4yD8lZERbpSHXoBJXgPP1AAACBAV4AQMDAwQCCArC10OmN\/P3eA=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1100,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688889272,"flow_dst_last_pkt_time":1605291688889230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688889272,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/v6dexOgBAB+2orAAABAQgKN\/P3psLXQ6c="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1101,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688889299,"flow_dst_last_pkt_time":1605291688889231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688889299,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdc\/JWRFgBAB+3fZAAABAQgKN\/P3psLXQ6Y="} 01272{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1104,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688889230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688889651,"pkt":"qtsDr8lk5EKm5WPyht1gAjZHAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMYBu5\/Vp\/v6dexOgBgB+wBCAAABAQgKN\/P3psLXQ6cWAwECAAEAAfwDAznRqrI3BjpH0fMAjhWc3pmJOvHC\/\/j965\/A5lDlxh6gIDLxR7\/ypcsELHSllGpRYQ5lC32jGxm0ISoXtgzdDW32ACB6ehMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPKygAAAAAAFgAUAAARZm9udHMuZ3N0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAh6egAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKXp6AAEAAB0AILgo0nok9EKnwiVyB76v1YPllAYprQfO501YUPqbQH86AC0AAgEBACsACwrKygMEAwMDAgMBABsAAwIAAtraAAEAABUAywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1104,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688843899,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688889230,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688889651,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1104,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688843899,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688889230,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688889651,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1105,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688889231,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688889830,"pkt":"qtsDr8lk5EKm5WPyht1gC3ZcAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDAAAAAAAACADuMgBu1ulIdc\/JWRFgBgB+\/TaAAABAQgKN\/P3psLXQ6YWAwECAAEAAfwDAy7heESofJEzNLpKC6m4EcWF3nwglvjLt2LPUv7yUvYtICOazh2ftjIMIz\/UcLVP0+BLLLQerkGXc0LbFnQmwjmQACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFgAUAAARZm9udHMuZ3N0YXRpYy5jb20AFwAA\/wEAAQAACgAKAAgaGgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKRoaAAEAAB0AINLvbr+LEAbtuJUEM5hwiBTekJnwVlsSGnoYC4BLgTo4AC0AAgEBACsACwoaGgMEAwMDAgMBABsAAwIAAhoaAAEAABUAywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01234{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1105,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688843948,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688889231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688889830,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1105,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688843948,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688889231,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688889830,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1109,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688830061,"flow_dst_last_pkt_time":1605291688893806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688893806,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQfikiqr+RoBJXgDd0AAACBAV4AQMDAwQCCArC10OZ7uBNkQ=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688893841,"flow_dst_last_pkt_time":1605291688893806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688893841,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5FF0H4qgBAB+7tFAAABAQgK7uBN0cLXQ5k="} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1111,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688893806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688894065,"pkt":"qtsDr8lk5EKm5WPyht1gBrB0AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACAB4woBuyKqv5FF0H4qgBgB+5EWAAABAQgK7uBN0cLXQ5kWAwECAAEAAfwDAw\/cwYtpk8EY2nFSet6HfhMTIva07YBjsHCyF\/EXCY4lIET\/tOg8vSE9lW4MNj+8zcNcKH9YOh6jVhMXDVw4Nj\/KACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAEgAQAAANeXQzLmdncGh0LmNvbQAXAAD\/AQABAAAKAAoACEpKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApSkoAAQAAHQAgNH1NsmWXDLZE3tZCuT77ObLFazHLQDqNeh9VcGafUUsALQACAQEAKwALCrq6AwQDAwMCAwEAGwADAgACWloAAQAAFQDPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1111,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688893806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688894065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01227{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1111,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688893806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688894065,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1113,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_src_last_pkt_time":1605291688831210,"flow_dst_last_pkt_time":1605291688894545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291688894545,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgVAAAAAAAAIBYqAcsBIEmLB5kd7IUo3\/YpAbvMSCvRvaZMy7vtoBJXgIUlAAACBAV4AQMDAwQCCArC10OaRJp0xw=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1115,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_src_last_pkt_time":1605291688894570,"flow_dst_last_pkt_time":1605291688894545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688894570,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+0r0b2ngBAB+wj4AAABAQgKRJp1BsLXQ5o="} -02185{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1125,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688895635,"flow_dst_last_pkt_time":1605291688895679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":990,"flow_dst_tot_l4_payload_len":9898,"midstream":0,"thread_ts_usec":1605291688895679,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9458.9,"max":62320,"stddev":17558.3,"var":308293920.0,"ent":3.0,"data": [37391,37416,173,47446,15044,0,62320,24,361,320,2535,232,269,39947,114,0,2294,39328,242,2903,2650,782,796,254,1,2,253,13,20,95,1]},"pktlen": {"min":72,"avg":412.8,"max":1280,"stddev":483.3,"var":233579.9,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,289,72,136,164,358,72,72,72,652,72,103,497,72,1280,72,1280,1280,1280,72,72,72,1280,292]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,0,1,1],"entropies": [4.742643356,5.251736641,5.156122208,4.431118965,5.052281380,7.795456409,7.833138943,5.183899879,5.183899879,7.222666740,5.183899879,6.136840343,6.526112080,7.291018963,5.080059052,5.080059052,5.107836723,7.666177273,5.098598480,5.762085438,7.464744568,5.183899879,7.830111027,5.156122208,7.819734097,7.865944386,7.829904556,5.128344536,5.156122208,5.100566864,7.822502613,7.162058353]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1125,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688895635,"flow_dst_last_pkt_time":1605291688895679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":990,"flow_dst_tot_l4_payload_len":9898,"midstream":0,"thread_ts_usec":1605291688895679,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9458.9,"max":62320,"stddev":17558.3,"var":308293920.0,"ent":3.0,"data": [37391,37416,173,47446,15044,0,62320,24,361,320,2535,232,269,39947,114,0,2294,39328,242,2903,2650,782,796,254,1,2,253,13,20,95,1]},"pktlen": {"min":72,"avg":412.8,"max":1280,"stddev":483.3,"var":233579.9,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,289,72,136,164,358,72,72,72,652,72,103,497,72,1280,72,1280,1280,1280,72,72,72,1280,292]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,0,1,1],"entropies": [4.742643356,5.251736641,5.156122208,4.431118965,5.052281380,7.795456409,7.833138943,5.183899879,5.183899879,7.222666740,5.183899879,6.136840343,6.526112080,7.291018963,5.080059052,5.080059052,5.107836723,7.666177273,5.098598480,5.762085438,7.464744568,5.183899879,7.830111027,5.156122208,7.819734097,7.865944386,7.829904556,5.128344536,5.156122208,5.100566864,7.822502613,7.162058353]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1128,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":4,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688894545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291688895701,"pkt":"qtsDr8lk5EKm5WPyht1gDPOvAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFQAAAAAAACAWzEgBu0zLu+0r0b2ngBgB+10nAAABAQgKRJp1B8LXQ5oWAwECAAEAAfwDA7oV79R4wHgRAL7AbVXE9v058PsBigjvSIOLh78hsprPIH89NlzV0TnECw3jtHrFgKXeJLtftYSCOzC0pH+h068qACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAEAAOAAALaS55dGltZy5jb20AFwAA\/wEAAQAACgAKAAhqagAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKWpqAAEAAB0AIDrwMaG6jpMb0YufYlUyECjXCvQ2CIEExX7BF92xG1MCAC0AAgEBACsACwoqKgMEAwMDAgMBABsAAwIAAvr6AAEAABUA0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1128,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688894545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688895701,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1128,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688894545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291688895701,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1142,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688954910,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688954910,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4xvp17E6f1aoAgBALMF7QAAABAQgKwtdDyDfz96Y="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1143,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688962330,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688962330,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgFAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvjCkXQfioiqsGWgBALMK\/YAAABAQgKwtdDzO7gTdE="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1144,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688962332,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688962332,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgVAAAAAAAAIBYqAcsBIEmLB5kd7IUo3\/YpAbvMSCvRvadMy73ygBALMP2JAAABAQgKwtdDzUSadQc="} -01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1145,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688963049,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963049,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -01269{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1154,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688963101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963101,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01272{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1145,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291688894065,"flow_dst_last_pkt_time":1605291688963049,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963049,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01270{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1154,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688895701,"flow_dst_last_pkt_time":1605291688963101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963101,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"i.ytimg.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1155,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688963102,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291688963102,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgMAAAAAAAAIAMqAcsBIEmLB5kd7IUo3\/YpAbu4yD8lZEVbpSPcgBALMGx9AAABAQgKwtdDyDfz96Y="} -01279{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1159,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688843899,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688963103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963103,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -01279{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1168,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688843948,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688963145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963145,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -02171{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1210,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291689005944,"flow_dst_last_pkt_time":1605291689006046,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1039,"flow_dst_tot_l4_payload_len":8982,"midstream":0,"thread_ts_usec":1605291689006046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11350.6,"max":68993,"stddev":22767.9,"var":518376128.0,"ent":2.8,"data": [63745,63780,224,68524,719,1,1,1,68993,14,7,6,49,23,8336,2581,2495,40185,1017,0,0,27807,170,1594,1,1430,17,147,0,1,0]},"pktlen": {"min":72,"avg":385.7,"max":1280,"stddev":459.2,"var":210886.5,"ent":4.1,"data": [80,80,72,589,72,1280,1280,1280,1280,72,72,72,72,469,72,136,164,407,72,652,72,72,72,103,103,503,72,72,1280,1280,328,111]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,1,1],"entropies": [4.810268402,5.216053009,5.081305027,4.495285511,5.070961475,7.775168419,7.813756466,7.830919743,7.820947170,5.175122738,5.202900410,5.175122738,5.164638042,7.419659138,5.202900410,6.144525528,6.597908497,7.465239525,5.081446171,7.628419399,5.025890350,5.081446171,5.136860371,5.834997177,5.649486065,7.575581074,5.202900410,5.202900410,7.817056179,7.851086140,7.198029995,5.871317387]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} +01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1159,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688843899,"flow_src_last_pkt_time":1605291688889651,"flow_dst_last_pkt_time":1605291688963103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963103,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47302,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1168,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291688843948,"flow_src_last_pkt_time":1605291688889830,"flow_dst_last_pkt_time":1605291688963145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291688963145,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::2003","src_port":47304,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.gstatic.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +02172{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1210,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291689005944,"flow_dst_last_pkt_time":1605291689006046,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1039,"flow_dst_tot_l4_payload_len":8982,"midstream":0,"thread_ts_usec":1605291689006046,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11350.6,"max":68993,"stddev":22767.9,"var":518376128.0,"ent":2.8,"data": [63745,63780,224,68524,719,1,1,1,68993,14,7,6,49,23,8336,2581,2495,40185,1017,0,0,27807,170,1594,1,1430,17,147,0,1,0]},"pktlen": {"min":72,"avg":385.7,"max":1280,"stddev":459.2,"var":210886.5,"ent":4.1,"data": [80,80,72,589,72,1280,1280,1280,1280,72,72,72,72,469,72,136,164,407,72,652,72,72,72,103,103,503,72,72,1280,1280,328,111]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,1,1],"entropies": [4.810268402,5.216053009,5.081305027,4.495285511,5.070961475,7.775168419,7.813756466,7.830919743,7.820947170,5.175122738,5.202900410,5.175122738,5.164638042,7.419659138,5.202900410,6.144525528,6.597908497,7.465239525,5.081446171,7.628419399,5.025890350,5.081446171,5.136860371,5.834997177,5.649486065,7.575581074,5.202900410,5.202900410,7.817056179,7.851086140,7.198029995,5.871317387]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1220,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689408040,"flow_dst_last_pkt_time":1605291689408040,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291689408040,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1220,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1605291689408040,"flow_dst_last_pkt_time":1605291689408040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291689408040,"pkt":"qtsDr8lk5EKm5WPyht1gCYSFACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3UABuxOPoYYAAAAAoAL9IMRnAAACBAWgBAIICql08xMAAAAAAQMDBw=="} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1221,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1605291689408040,"flow_dst_last_pkt_time":1605291689433785,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291689433785,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAAJdleYwqAcsBIEmLB5kd7IUo3\/YpAbvdQHZ86cETj6GHoBJXgAFCAAACBAV4AQMDAwQCCArC10XLqXTzEw=="} @@ -401,11 +401,11 @@ 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690373466,"flow_dst_last_pkt_time":1605291690396189,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690396189,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgFAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvHPls7Xl4+krtmoBJXgDq4AAACBAV4AQMDAwQCCArC10mNVF\/tSA=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1274,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690396234,"flow_dst_last_pkt_time":1605291690396189,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690396234,"pkt":"qtsDr8lk5EKm5WPyht1gB68TACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2ZbO15fgBAB+76yAAABAQgKVF\/tX8LXSY0="} 01270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690396643,"flow_dst_last_pkt_time":1605291690396189,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690396643,"pkt":"qtsDr8lk5EKm5WPyht1gB68TAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIBQAAAAAAACACxz4Buz6Su2ZbO15fgBgB+zbbAAABAQgKVF\/tX8LXSY0WAwECAAEAAfwDA64SJmrzxm107yvjOKaI1Pu1cjYSBc\/95exz0rjqcLhjILOfYHr0cqvSKZIJSl3WjM8QRUOiyuVNGA\/I6TMdHCRqACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAGAAWAAATYWRzZXJ2aWNlLmdvb2dsZS5mcgAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAg3\/\/2kWIRuw+qhxFZZt2KiDOELUjK40mC0jcHETc2SkcALQACAQEAKwALCrq6AwQDAwMCAwEAGwADAgAC2toAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1275,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690396643,"flow_dst_last_pkt_time":1605291690396189,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690396643,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.fr","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1275,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690396643,"flow_dst_last_pkt_time":1605291690396189,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690396643,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.fr","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690384370,"flow_dst_last_pkt_time":1605291690402898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690402898,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAIqAcsBIEmLB5kd7IUo3\/YpAbvnyP\/5OOmbspwyoBJXgGsCAAACBAV4AQMDAwQCCArC10mUDGYnKw=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690402927,"flow_dst_last_pkt_time":1605291690402898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690402927,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDL\/+TjqgBAB++8BAAABAQgKDGYnPcLXSZQ="} 01268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1278,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690402898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690403285,"pkt":"qtsDr8lk5EKm5WPyht1gCvtsAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAC58gBu5uynDL\/+TjqgBgB+\/ThAAABAQgKDGYnPsLXSZQWAwECAAEAAfwDA4n27fFOQ6rPQPzYRqsTa+ksdP+rX8jQfVLwbnF3RpAXIBwq2w1JrwHlb\/2ndJG1eusXeLh3OPImRURXIKxQ06mYACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZOqqgAAAAAAGQAXAAAUYWRzZXJ2aWNlLmdvb2dsZS5jb20AFwAA\/wEAAQAACgAKAAhqagAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKWpqAAEAAB0AIA4zyVNHsOh16GCQNKxzMVItdEoHGWpyv6xL6OCprXNaAC0AAgEBACsACwrKygMEAwMDAgMBABsAAwIAAkpKAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1278,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690402898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690403285,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1278,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690402898,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690403285,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1279,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690405354,"flow_dst_last_pkt_time":1605291690405354,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690405354,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1279,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690405354,"flow_dst_last_pkt_time":1605291690405354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690405354,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15YAAAAAoAL9IOjCAAACBAWgBAIICgKUPwEAAAAAAQMDBw=="} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1280,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690421002,"flow_dst_last_pkt_time":1605291690421002,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690421002,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -416,19 +416,19 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1284,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690440123,"flow_dst_last_pkt_time":1605291690440084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690440123,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15f\/88fwgBAB+z36AAABAQgKApQ\/JMLXSbc="} 01268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1285,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690440084,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690440589,"pkt":"qtsDr8lk5EKm5WPyht1gBYjGAiUGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA0X3yltjYBu5sO15f\/88fwgBgB+yZ+AAABAQgKApQ\/JMLXSbcWAwECAAEAAfwDAzHDxH8OuokaXnmRWM2CrbjAfCHYM2BC4ANSO6awxT1HIBoNB1TgmMo5CTve1OPkdOp8A4hHU4yRFabWOk7A1qHlACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAHwAdAAAaYWF4LWV1LmFtYXpvbi1hZHN5c3RlbS5jb20AFwAA\/wEAAQAACgAKAAjKygAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKcrKAAEAAB0AIEwwmHcuEXQApsPC5EO8tn5U4uHYbi4IBrp\/HgLH72EYAC0AAgEBACsACwrq6gMEAwMDAgMBABsAAwIAAgoKAAEAABUAwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1285,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690440084,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690440589,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"aax-eu.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1286,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690396643,"flow_dst_last_pkt_time":1605291690448852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690448852,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.fr","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1286,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690396643,"flow_dst_last_pkt_time":1605291690448852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690448852,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.fr","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1288,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690421002,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690449108,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvo6PvOtUOc0w2EoBJXgGkiAAACBAV4AQMDAwQCCArC10m3XwTqiA=="} -01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1289,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690449109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690449109,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01283{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1289,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690403285,"flow_dst_last_pkt_time":1605291690449109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690449109,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"adservice.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1295,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690449141,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690449141,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYT7zrVEgBAB++0WAAABAQgKXwTqpcLXSbc="} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1302,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690449801,"pkt":"qtsDr8lk5EKm5WPyht1gBJW4AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAB6OgBu5zTDYT7zrVEgBgB+08XAAABAQgKXwTqpcLXSbcWAwECAAEAAfwDAxCE81jPge8Q+eqa2\/VX8jLyZJaHeUn1XbD4+8ZfZCrNIP1iGayHUC21LtXXhZv4JDAqZ2p5lGfiZ6mCAOAtx5YLACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAARQBDAABAOGE3NTVhM2ZlZjBiMTg5ZDhhYjViMGQxMDc1OGY2OGEuc2FmZWZyYW1lLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACOrqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp6uoAAQAAHQAg8Yk1cLvPAYaln8LnFtEe1h9mnh8DzZmOv04zXf8MiXgALQACAQEAKwALCmpqAwQDAwMCAwEAGwADAgACGhoAAQAAFQCcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01293{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1302,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690449801,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01294{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1302,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690449108,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690449801,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1310,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690482348,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690482348,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAADRffKUqAcsBIEmLB5kd7IUo3\/YpAbu2Nv\/zx\/CbDtmcgBALMDKbAAABAQgKwtdJ3AKUPyQ="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1311,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690482349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690482349,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbvo6PvOtUSc0w+JgBALMOG0AAABAQgKwtdJ318E6qU="} -01338{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1324,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690483975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690483975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01339{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1324,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690449801,"flow_dst_last_pkt_time":1605291690483975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690483975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01327{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1350,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690440589,"flow_dst_last_pkt_time":1605291690501383,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1605291690501383,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"aax-eu.amazon-adsystem.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01631{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1356,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690502241,"flow_dst_last_pkt_time":1605291690502750,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5440,"midstream":0,"thread_ts_usec":1605291690502750,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"aax-eu.amazon-adsystem.com","tls": {"version":"TLSv1.2","server_names":"aax-eu.amazon-adsystem.com,aax.amazon-adsystem.com,aax-cpm.amazon-adsystem.com,aax-dtb-web.amazon-adsystem.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"49b45fc1ab090aa3a159778313fc9b9e","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=aax-eu.amazon-adsystem.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5D:18:8E:CB:B7:91:5C:79:26:B5:08:49:FF:2C:24:D8:06:54:91:8B"}}} -02175{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1364,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690495032,"flow_dst_last_pkt_time":1605291690511816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":5622,"midstream":0,"thread_ts_usec":1605291690511816,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":7680.9,"max":45875,"stddev":12464.9,"var":155373568.0,"ent":3.4,"data": [18528,18557,358,37185,9026,1,2,1,45875,10,14,14,8672,419,266,33620,1,89,1151,1,25433,25,482,7313,1,1,6808,24,7,3698,20526]},"pktlen": {"min":72,"avg":280.1,"max":1280,"stddev":371.7,"var":138197.8,"ent":4.1,"data": [80,80,72,589,72,1280,1280,1280,273,72,72,72,72,136,164,349,72,72,72,652,103,72,72,103,775,516,111,72,72,72,111,72]},"bins": {"c_to_s": [12,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,1],"entropies": [4.830388546,5.286173820,5.175123215,4.582562923,5.135614395,7.820514202,7.848834991,7.840905190,7.029392242,5.204868793,5.232646465,5.232646465,5.232646465,6.256432056,6.550828457,7.277585983,5.097352028,5.107836723,5.107836723,7.629249096,5.686814308,5.260424137,5.260424137,5.854413509,7.698106289,7.556940079,5.871694088,5.222162247,5.166606903,5.166606903,5.962721825,5.004921436]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -02197{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1383,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690527565,"flow_dst_last_pkt_time":1605291690527527,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1054,"flow_dst_tot_l4_payload_len":6986,"midstream":0,"thread_ts_usec":1605291690527565,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":6873.8,"max":34221,"stddev":11275.4,"var":127133528.0,"ent":3.4,"data": [28106,28139,660,33241,1626,34221,71,30,636,643,4625,213,224,27018,3512,25468,241,4283,1409,5453,77,6348,1,0,6424,34,8,196,1,158,22]},"pktlen": {"min":72,"avg":323.8,"max":1280,"stddev":408.2,"var":166632.7,"ent":4.1,"data": [80,80,72,589,72,1280,72,1280,72,534,72,136,164,422,72,652,72,103,72,103,72,72,482,1280,1280,72,72,72,704,111,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,0,1,1,1,1,0,0,0,1,1,0,0],"entropies": [4.750831604,5.256616592,5.147345066,5.037306786,5.025890827,7.794999599,5.175122738,7.849133015,5.175122738,7.594861984,5.147345066,6.103534698,6.601645947,7.415776730,5.023922443,7.687021732,5.175123215,5.854413509,4.959850788,5.758662224,5.147345066,5.053668499,7.493776798,7.824415684,7.830970287,5.175122738,5.175122738,5.147345066,7.700448990,5.878117561,5.175122738,5.175122738]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} +02176{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1364,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690495032,"flow_dst_last_pkt_time":1605291690511816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":5622,"midstream":0,"thread_ts_usec":1605291690511816,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":7680.9,"max":45875,"stddev":12464.9,"var":155373568.0,"ent":3.4,"data": [18528,18557,358,37185,9026,1,2,1,45875,10,14,14,8672,419,266,33620,1,89,1151,1,25433,25,482,7313,1,1,6808,24,7,3698,20526]},"pktlen": {"min":72,"avg":280.1,"max":1280,"stddev":371.7,"var":138197.8,"ent":4.1,"data": [80,80,72,589,72,1280,1280,1280,273,72,72,72,72,136,164,349,72,72,72,652,103,72,72,103,775,516,111,72,72,72,111,72]},"bins": {"c_to_s": [12,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,1],"entropies": [4.830388546,5.286173820,5.175123215,4.582562923,5.135614395,7.820514202,7.848834991,7.840905190,7.029392242,5.204868793,5.232646465,5.232646465,5.232646465,6.256432056,6.550828457,7.277585983,5.097352028,5.107836723,5.107836723,7.629249096,5.686814308,5.260424137,5.260424137,5.854413509,7.698106289,7.556940079,5.871694088,5.222162247,5.166606903,5.166606903,5.962721825,5.004921436]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02198{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1383,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690527565,"flow_dst_last_pkt_time":1605291690527527,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1054,"flow_dst_tot_l4_payload_len":6986,"midstream":0,"thread_ts_usec":1605291690527565,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":6873.8,"max":34221,"stddev":11275.4,"var":127133528.0,"ent":3.4,"data": [28106,28139,660,33241,1626,34221,71,30,636,643,4625,213,224,27018,3512,25468,241,4283,1409,5453,77,6348,1,0,6424,34,8,196,1,158,22]},"pktlen": {"min":72,"avg":323.8,"max":1280,"stddev":408.2,"var":166632.7,"ent":4.1,"data": [80,80,72,589,72,1280,72,1280,72,534,72,136,164,422,72,652,72,103,72,103,72,72,482,1280,1280,72,72,72,704,111,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,0,1,1,1,1,0,0,0,1,1,0,0],"entropies": [4.750831604,5.256616592,5.147345066,5.037306786,5.025890827,7.794999599,5.175122738,7.849133015,5.175122738,7.594861984,5.147345066,6.103534698,6.601645947,7.415776730,5.023922443,7.687021732,5.175123215,5.854413509,4.959850788,5.758662224,5.147345066,5.053668499,7.493776798,7.824415684,7.830970287,5.175122738,5.175122738,5.147345066,7.700448990,5.878117561,5.175122738,5.175122738]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1397,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291690926655,"flow_dst_last_pkt_time":1605291690926655,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926655,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1397,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690926655,"flow_dst_last_pkt_time":1605291690926655,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690926655,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dQAAAAAoAL9IKwyAAACBAWgBAIIChrDFp8AAAAAAQMDBw=="} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1398,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291690926734,"flow_dst_last_pkt_time":1605291690926734,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690926734,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -452,7 +452,7 @@ 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1408,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926655,"flow_dst_last_pkt_time":1605291690952219,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690952219,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu21pGefV\/3l9HVoBJXgDRiAAACBAV4AQMDAwQCCArC10u2GsMWnw=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690952238,"flow_dst_last_pkt_time":1605291690952219,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690952238,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dWRnn1ggBAB+7hZAAABAQgKGsMWucLXS7Y="} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690952219,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690953297,"pkt":"qtsDr8lk5EKm5WPyht1gDDgdAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttYBu\/eX0dWRnn1ggBgB+1vDAAABAQgKGsMWusLXS7YWAwECAAEAAfwDA96WEVYjbITPXvxDhOji6nCQdC0KhgTdN6+o+9OqeXt9IDI6n9jVTXE+7b4jG8xDV1LuLRTUARgCyh8fXh42V1VjACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAISkoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClKSgABAAAdACC0+5SyJ2jt8tT3w+Is8x7czlNEdFH4IL1ppCYO49RWZwAtAAIBAQArAAsKamoDBAMDAwIDAQAbAAMCAAKKigABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1410,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690952219,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690953297,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1410,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690952219,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690953297,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926734,"flow_dst_last_pkt_time":1605291690954541,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690954541,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22KVwltPCUkXloBJXgMhIAAACBAV4AQMDAwQCCArC10u9GsMWnw=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1412,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690954562,"flow_dst_last_pkt_time":1605291690954541,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690954562,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReWlcJbUgBAB+0w+AAABAQgKGsMWu8LXS70="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1413,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926769,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690954643,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22it1t9ZMt7NvoBJXgClQAAACBAV4AQMDAwQCCArC10u9GsMWnw=="} @@ -460,61 +460,61 @@ 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1415,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690954649,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690954649,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s28rdbfXgBAB+61FAAABAQgKGsMWu8LXS70="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1416,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690954655,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690954655,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOq05qOsgBAB+5pyAAABAQgKGsMWu8LXS70="} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1417,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690954541,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690954747,"pkt":"qtsDr8lk5EKm5WPyht1gDtx5AiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttgBu8JSReWlcJbUgBgB+8dGAAABAQgKGsMWu8LXS70WAwECAAEAAfwDA3+7YXN8uULghjn9Yx4k2QYB36376hmbrRggZ0eXr\/9+IP2iD+DA1k36xX9GOoNszd6eNYaj3dekN9x\/XE8bE1dIACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNKSgAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIOjoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACk6OgABAAAdACBER8lo38zcpkmaCPLiXoa6+JDbprOR\/VESBxZzwiOrBgAtAAIBAQArAAsKamoDBAMDAwIDAQAbAAMCAAJaWgABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690954541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690954747,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1417,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690954541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690954747,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1418,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690954937,"pkt":"qtsDr8lk5EKm5WPyht1gDhnPAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttoBu0y3s28rdbfXgBgB+yg+AAABAQgKGsMWu8LXS70WAwECAAEAAfwDAwV9PSLZiieFTsrwb5ePEiAq+zIrQhR0EBkPYuTZcw2xIK9+Ya8AvxlseoGAhp8z2wcy4GRd\/2tgmLnTQoGAr7lmACD6+hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACCDMYORaya1YaUyb39J38cNu+oTtZdlNYXEhdiyzjyDBAAtAAIBAQArAAsKysoDBAMDAwIDAQAbAAMCAALKygABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1418,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926769,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690954937,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1418,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926769,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690954937,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690955129,"pkt":"qtsDr8lk5EKm5WPyht1gAc2lAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABttwBu9DGzOq05qOsgBgB+8QTAAABAQgKGsMWvMLXS70WAwECAAEAAfwDA9NQXnr9EPQV5HU7sHg21zD\/k9mVMQCLGTscCRIJvvLdIGZv95UrdgGMWa\/TkNOulH2VrZ4BEKc4CasnxiGwlqMaACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZO6ugAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIamoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArAClqagABAAAdACBaC+dtrwuc9yhJo5wqXEwHFEsHVbwYnP6Z3gN8xzV+DwAtAAIBAQArAAsKKioDBAMDAwIDAQAbAAMCAAJqagABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1419,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926802,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690955129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1419,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926802,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690954643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690955129,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1420,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926830,"flow_dst_last_pkt_time":1605291690955375,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690955375,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23lfa6eczuyRVoBJXgHLsAAACBAV4AQMDAwQCCArC10u9GsMWnw=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690955404,"flow_dst_last_pkt_time":1605291690955375,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690955404,"pkt":"qtsDr8lk5EKm5WPyht1gClWEACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFVX2unogBAB+\/bgAAABAQgKGsMWvMLXS70="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926867,"flow_dst_last_pkt_time":1605291690955522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690955522,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgRAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuVFgHH2llkCsoHoBJXgJ6iAAACBAV4AQMDAwQCCArC10u9qlQMrQ=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690955530,"flow_dst_last_pkt_time":1605291690955522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690955530,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygcBx9pagBAB+yKXAAABAQgKqlQMysLXS70="} 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690955375,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690955637,"pkt":"qtsDr8lk5EKm5WPyht1gClWEAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICAAAAAAAACABtt4BuzO7JFVX2unogBgB+4TBAAABAQgKGsMWvMLXS70WAwECAAEAAfwDAyJmBycAvyCH8SnNB2CBC3yfxoIM+Ymce0POg8ZwpXtBIH9PfR9yCxA5tGPPT4cExrc3Qkmd4YTExNykGp6bEZH3ACAKChMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAFwAVAAASY2RuLmFtcHByb2plY3Qub3JnABcAAP8BAAEAAAoACgAIqqoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACmqqgABAAAdACA6eb9HkRnUV512a5EvGRTLrw7IdAlKbphWjXQpKHePSAAtAAIBAQArAAsK2toDBAMDAwIDAQAbAAMCAAKqqgABAAAVAMoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1424,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926830,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690955375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690955637,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01236{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1424,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926830,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690955375,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690955637,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01269{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690955522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690955751,"pkt":"qtsDr8lk5EKm5WPyht1gBhSQAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIEQAAAAAAACAKlRYBu2QKygcBx9pagBgB+7ghAAABAQgKqlQMysLXS70WAwECAAEAAfwDA0MhDCfgcZQW\/qt2QzKimm0T\/Isca8JmVqeJQDbrvBrqINQ4uQD4cMulecpeDh4RGq5zfSr3G28+STtUMIilUyfGACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNaWgAAAAAAGQAXAAAUZm9udHMuZ29vZ2xlYXBpcy5jb20AFwAA\/wEAAQAACgAKAAiqqgAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKaqqAAEAAB0AIKLIRrB\/9d\/081INPFyx1jcz47jhpMuBOz2amAM9LokCAC0AAgEBACsACwqKigMEAwMDAgMBABsAAwIAAsrKAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1425,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690955522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690955751,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01246{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1425,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690955522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690955751,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1426,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926912,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690956447,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZEy\/C8or4r7coBJXgC2BAAACBAV4AQMDAwQCCArC10u+uJU7NA=="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1427,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926944,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690956447,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZgWfUkJjbNefoBJXgN3ZAAACBAV4AQMDAwQCCArC10u+uJU7NA=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1428,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690956458,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690956458,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtxMvwvLgBAB+7F0AAABAQgKuJU7UsLXS74="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1429,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690956464,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690956464,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns158Fn1JDgBAB+2HNAAABAQgKuJU7UsLXS74="} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1430,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690956563,"pkt":"qtsDr8lk5EKm5WPyht1gBnVWAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGQBuyvivtxMvwvLgBgB+weLAAABAQgKuJU7UsLXS74WAwECAAEAAfwDA\/KqVcb+jqsuy+pc9KilYVgZAEzQ86cjwq67GKq7nQtaIOrgXduV1ht3HJ4NSaQ01nhk1SGFsiLuJ4S0a7eBU0YJACCKihMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMqKgAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACAoKAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApCgoAAQAAHQAgQy2WiyCHDU6V4a0QbWLV7\/15JREGysw3jo2qrGJjK34ALQACAQEAKwALCqqqAwQDAwMCAwEAGwADAgACCgoAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01254{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1430,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690956563,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1430,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690956563,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1431,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690956668,"pkt":"qtsDr8lk5EKm5WPyht1gDhWZAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGYBu2Ns158Fn1JDgBgB+7CTAAABAQgKuJU7UsLXS74WAwECAAEAAfwDA4K6LYgb9peQAaC+yGKSfQ44ncZ84XdNSq8PqNFo+UyoIJHCilmb8BVAxV8SeOqltgKl5o0ytImnEj4UpvBg7WThACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACLq6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAgMcGXgSTPtAvtHwaBrppAs1ogUhPlYdie8\/zN2rMve0cALQACAQEAKwALCkpKAwQDAwMCAwEAGwADAgACiooAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01254{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1431,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926944,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690956668,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1431,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926944,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291690956447,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690956668,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1432,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926998,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690957467,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQan0Owi4YaAsmoBJXgA33AAACBAV4AQMDAwQCCArC10u\/uJU7NA=="} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1433,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690926978,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690957467,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhCx3meEC1CoBJXgOW1AAACBAV4AQMDAwQCCArC10u+uJU7NA=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1434,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690957477,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690957477,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyZ9DsIvgBAB+5HpAAABAQgKuJU7U8LXS78="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1435,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":3,"flow_src_last_pkt_time":1605291690957484,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690957484,"pkt":"qtsDr8lk5EKm5WPyht1gB5miACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUL4Qsd6gBAB+2moAAABAQgKuJU7U8LXS74="} 01268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1436,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690957577,"pkt":"qtsDr8lk5EKm5WPyht1gCQMiAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGoBuxhoCyZ9DsIvgBgB+\/1RAAABAQgKuJU7U8LXS78WAwECAAEAAfwDA65NQ9z+8vgCXkINXWcIT6WxgXSerIkD30OtzZ9Uf8RRIDWtk7CyEcZiHB5uWIXfY5Croj84Q3kSS9jhYTHY4t\/XACA6OhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPa2gAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACGpqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApamoAAQAAHQAgAZPl\/EpHfkyE8GocRMfQRm6hqCG5SYQknfR1D0l4PTwALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACKioAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01254{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1436,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926998,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690957577,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1436,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926998,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690957577,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1437,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":4,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605291690957682,"pkt":"qtsDr8lk5EKm5WPyht1gB5miAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGgBu54QLUL4Qsd6gBgB+673AAABAQgKuJU7U8LXS74WAwECAAEAAfwDA+YyRlzceVtjHpKgho8tByOApAEJPG4M0zvRjAEsHgJBIF8\/qPM2GhQmlTMTYTjE9hyVNZH92oU6Aa5vM+YWAZkYACBqahMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZMKCgAAAAAAHgAcAAAZdHBjLmdvb2dsZXN5bmRpY2F0aW9uLmNvbQAXAAD\/AQABAAAKAAoACKqqAB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApqqoAAQAAHQAgklNVX2zbnVcJGiMo7ZekGZnIRwL3wUnQ0+pmG+dpG2cALQACAQEAKwALCsrKAwQDAwMCAwEAGwADAgACmpoAAQAAFQDDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01254{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1437,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926978,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690957682,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01255{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1437,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605291690926978,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291690957467,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690957682,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1440,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690983708,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690983708,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu21pGefWD3l9PagBALMKz6AAABAQgKwtdL2hrDFro="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1452,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690987243,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690987243,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22KVwltTCUkfqgBALMEDkAAABAQgKwtdL3RrDFrs="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1453,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690989609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690989609,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu22it1t9dMt7V0gBALMKHqAAABAQgKwtdL3hrDFrs="} -01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1454,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690990862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690990862,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1454,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291690953297,"flow_dst_last_pkt_time":1605291690990862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690990862,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1465,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690991527,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690991527,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23LTmo6zQxs7vgBALMI8TAAABAQgKwtdL4RrDFrw="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1466,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690992341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690992341,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgIAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbu23lfa6egzuyZagBALMOuCAAABAQgKwtdL4RrDFrw="} 00814{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1467,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291690992851,"flow_src_last_pkt_time":1605291690992851,"flow_dst_last_pkt_time":1605291690992851,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291690992851,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1467,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1605291690992851,"flow_dst_last_pkt_time":1605291690992851,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291690992851,"pkt":"qtsDr8lk5EKm5WPyht1gDPazACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGwBu4uuzGcAAAAAoAL9IIFCAAACBAWgBAIICriVO3YAAAAAAQMDBw=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1468,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690993446,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690993446,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgRAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuVFgHH2lpkCswMgBALMBc4AAABAQgKwtdL4qpUDMo="} -01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1469,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690994995,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690994995,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1483,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926769,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690996121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690996121,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1469,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291690954747,"flow_dst_last_pkt_time":1605291690994995,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690994995,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1483,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926769,"flow_src_last_pkt_time":1605291690954937,"flow_dst_last_pkt_time":1605291690996121,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690996121,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1496,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291690996246,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690996246,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZEy\/C8sr4sDhgBALMKYUAAABAQgKwtdL5LiVO1I="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1498,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291690996826,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690996826,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQZgWfUkNjbNmkgBALMFZsAAABAQgKwtdL5biVO1I="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1500,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291690998160,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690998160,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQaPhCx3qeEC9HgBALMF5GAAABAQgKwtdL5riVO1M="} -01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1501,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926802,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690998161,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690998161,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1501,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926802,"flow_src_last_pkt_time":1605291690955129,"flow_dst_last_pkt_time":1605291690998161,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690998161,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1502,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291690998162,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291690998162,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQan0Owi8YaA0rgBALMIaIAAABAQgKwtdL5riVO1M="} -01280{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1516,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926830,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690999060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690999060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -01290{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1527,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690999503,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690999503,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1537,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291691002443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691002443,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1544,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926944,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291691003085,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691003085,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1546,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926998,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291691003087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691003087,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -01299{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1556,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926978,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291691004686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691004686,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1516,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926830,"flow_src_last_pkt_time":1605291690955637,"flow_dst_last_pkt_time":1605291690999060,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690999060,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"cdn.ampproject.org","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01291{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1527,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291690955751,"flow_dst_last_pkt_time":1605291690999503,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291690999503,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fonts.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1537,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291690956563,"flow_dst_last_pkt_time":1605291691002443,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691002443,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1544,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926944,"flow_src_last_pkt_time":1605291690956668,"flow_dst_last_pkt_time":1605291691003085,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691003085,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1546,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926998,"flow_src_last_pkt_time":1605291690957577,"flow_dst_last_pkt_time":1605291691003087,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691003087,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01300{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1556,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291690926978,"flow_src_last_pkt_time":1605291690957682,"flow_dst_last_pkt_time":1605291691004686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605291691004686,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"tpc.googlesyndication.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1585,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1605291690992851,"flow_dst_last_pkt_time":1605291691029572,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291691029572,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgPAAAAAAAAIAEqAcsBIEmLB5kd7IUo3\/YpAbuQbO1037mLrsxooBJXgErvAAACBAV4AQMDAwQCCArC10wIuJU7dg=="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1586,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_src_last_pkt_time":1605291691029601,"flow_dst_last_pkt_time":1605291691029572,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":74,"pkt_l4_len":20,"thread_ts_usec":1605291691029601,"pkt":"qtsDr8lk5EKm5WPyht1gBfK\/ABQGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIDwAAAAAAACABkGwBu4uuzGgAAAAAUAQAANo6AAA="} -02196{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1666,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291691067608,"flow_dst_last_pkt_time":1605291691069122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":6622,"midstream":0,"thread_ts_usec":1605291691069122,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9126.0,"max":45897,"stddev":14144.4,"var":200064000.0,"ent":3.4,"data": [29535,29546,105,39799,6197,1,1,45897,20,10,16645,7440,877,217,45409,188,20393,461,14689,1873,1,1,16098,2949,2,0,2950,29,8,1564,1]},"pktlen": {"min":72,"avg":320.9,"max":1280,"stddev":398.4,"var":158685.9,"ent":4.1,"data": [80,80,72,589,72,1280,1280,311,72,72,72,136,164,391,375,72,652,72,103,72,103,72,72,72,551,398,207,72,72,72,1280,1280]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,1,0,0,1,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,1,1,1,0,1,1,1,0,0,0,1,1],"entropies": [4.860268116,5.316052437,5.175122738,4.626070023,5.053668499,7.798489094,7.858765125,7.213901043,5.175122738,5.175122738,5.136860371,6.074123383,6.494878292,7.385508060,7.250154495,4.998777390,7.691906452,5.175122738,5.820339203,5.053668022,5.765991211,5.015406132,5.015406132,5.147345066,7.610651970,7.403194427,6.718353748,5.175122738,5.175122738,5.114727020,7.829133987,7.837005138]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} -02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1696,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291691075065,"flow_dst_last_pkt_time":1605291691075150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":987,"flow_dst_tot_l4_payload_len":5335,"midstream":0,"thread_ts_usec":1605291691075150,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9563.9,"max":43801,"stddev":13475.5,"var":181588928.0,"ent":3.6,"data": [28655,28663,221,37924,6057,43801,75,33,588,595,16415,9761,878,43789,3898,20653,579,14876,1700,0,16044,10542,2,1,1,10492,40,13,10,172,3]},"pktlen": {"min":72,"avg":270.1,"max":1280,"stddev":336.6,"var":113301.5,"ent":4.2,"data": [80,80,72,589,72,1280,72,1280,72,572,72,136,164,355,72,652,72,103,72,103,72,72,531,897,272,357,72,72,72,72,111,72]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,1,0,1,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1,0,0,0,0,1,1],"entropies": [4.786516666,5.247180939,5.070820332,4.566688538,5.043183804,7.807061672,5.053527355,7.847422123,5.025749683,7.577804089,5.043042660,6.031175137,6.392292976,7.341467381,4.977143764,7.597589493,5.081305027,5.788832188,5.004921436,5.547259808,5.015406132,5.081305027,7.471312523,7.741707325,7.060866833,7.323482037,5.109082699,5.109082699,5.064012051,5.053527355,5.763209343,5.043183804]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02197{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1666,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291691067608,"flow_dst_last_pkt_time":1605291691069122,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1326,"flow_dst_tot_l4_payload_len":6622,"midstream":0,"thread_ts_usec":1605291691069122,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9126.0,"max":45897,"stddev":14144.4,"var":200064000.0,"ent":3.4,"data": [29535,29546,105,39799,6197,1,1,45897,20,10,16645,7440,877,217,45409,188,20393,461,14689,1873,1,1,16098,2949,2,0,2950,29,8,1564,1]},"pktlen": {"min":72,"avg":320.9,"max":1280,"stddev":398.4,"var":158685.9,"ent":4.1,"data": [80,80,72,589,72,1280,1280,311,72,72,72,136,164,391,375,72,652,72,103,72,103,72,72,72,551,398,207,72,72,72,1280,1280]},"bins": {"c_to_s": [11,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,1,0,0,1,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,1,1,1,0,1,1,1,0,0,0,1,1],"entropies": [4.860268116,5.316052437,5.175122738,4.626070023,5.053668499,7.798489094,7.858765125,7.213901043,5.175122738,5.175122738,5.136860371,6.074123383,6.494878292,7.385508060,7.250154495,4.998777390,7.691906452,5.175122738,5.820339203,5.053668022,5.765991211,5.015406132,5.015406132,5.147345066,7.610651970,7.403194427,6.718353748,5.175122738,5.175122738,5.114727020,7.829133987,7.837005138]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} +02195{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1696,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291691075065,"flow_dst_last_pkt_time":1605291691075150,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":987,"flow_dst_tot_l4_payload_len":5335,"midstream":0,"thread_ts_usec":1605291691075150,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9563.9,"max":43801,"stddev":13475.5,"var":181588928.0,"ent":3.6,"data": [28655,28663,221,37924,6057,43801,75,33,588,595,16415,9761,878,43789,3898,20653,579,14876,1700,0,16044,10542,2,1,1,10492,40,13,10,172,3]},"pktlen": {"min":72,"avg":270.1,"max":1280,"stddev":336.6,"var":113301.5,"ent":4.2,"data": [80,80,72,589,72,1280,72,1280,72,572,72,136,164,355,72,652,72,103,72,103,72,72,531,897,272,357,72,72,72,72,111,72]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,1,0,0,0,0,1,0,1,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1,0,0,0,0,1,1],"entropies": [4.786516666,5.247180939,5.070820332,4.566688538,5.043183804,7.807061672,5.053527355,7.847422123,5.025749683,7.577804089,5.043042660,6.031175137,6.392292976,7.341467381,4.977143764,7.597589493,5.081305027,5.788832188,5.004921436,5.547259808,5.015406132,5.081305027,7.471312523,7.741707325,7.060866833,7.323482037,5.109082699,5.109082699,5.064012051,5.053527355,5.763209343,5.043183804]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00808{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1830,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291696948991,"flow_dst_last_pkt_time":1605291696948991,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291696948991,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1830,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1605291696948991,"flow_dst_last_pkt_time":1605291696948991,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291696948991,"pkt":"qtsDr8lk5EKm5WPyht1gDNdJACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAAA006zst54Bu3jHKBQAAAAAoAL9IL45AAACBAWgBAIIClIhuaMAAAAAAQMDBw=="} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1831,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1605291696948991,"flow_dst_last_pkt_time":1605291696965238,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605291696965238,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9OKxV4xygVoBJXgPOCAAACBAV4AQMDAwQCCArC12M3UiG5ow=="} @@ -524,14 +524,14 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1834,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":5,"flow_src_last_pkt_time":1605291696965939,"flow_dst_last_pkt_time":1605291697012854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605291697012854,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAADTTrOwqAcsBIEmLB5kd7IUo3\/YpAbu3nh9OKxZ4xyoagBALMGwaAAABAQgKwtdjZlIhubQ="} 01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1835,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291696965939,"flow_dst_last_pkt_time":1605291697033621,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1605291697033621,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"d9.flashtalking.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01686{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1841,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291697033689,"flow_dst_last_pkt_time":1605291697034463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5484,"midstream":0,"thread_ts_usec":1605291697034463,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"d9.flashtalking.com","tls": {"version":"TLSv1.2","server_names":"tag.device9.com,www.tag.device9.com,fp.zenaps.com,the.sciencebehindecommerce.com,d9.flashtalking.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"303951d4c50efb2e991652225a6f02b1","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"OU=Domain Control Validated, CN=tag.device9.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"8B:5C:A4:62:70:92:3A:09:C3:72:49:B2:A2:22:32:16:22:87:9D:F3"}}} -01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":19,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688896703,"flow_dst_last_pkt_time":1605291688963146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1029,"flow_dst_tot_l4_payload_len":9937,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690495032,"flow_dst_last_pkt_time":1605291690520906,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":5622,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":19,"flow_first_seen":1605291688749044,"flow_src_last_pkt_time":1605291688896703,"flow_dst_last_pkt_time":1605291688963146,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1029,"flow_dst_tot_l4_payload_len":9937,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2004","src_port":57282,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1605291690384370,"flow_src_last_pkt_time":1605291690495032,"flow_dst_last_pkt_time":1605291690520906,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":5622,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2002","src_port":59336,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00822{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":14,"flow_first_seen":1605291687514756,"flow_src_last_pkt_time":1605291687640950,"flow_dst_last_pkt_time":1605291687641102,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1012,"flow_dst_tot_l4_payload_len":7244,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":53,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291691251514,"flow_dst_last_pkt_time":1605291691284111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2470,"flow_src_tot_l4_payload_len":1613,"flow_dst_tot_l4_payload_len":35472,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} +01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":53,"flow_first_seen":1605291690926912,"flow_src_last_pkt_time":1605291691251514,"flow_dst_last_pkt_time":1605291691284111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2470,"flow_src_tot_l4_payload_len":1613,"flow_dst_tot_l4_payload_len":35472,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36964,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 00825{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1605291690926944,"flow_src_last_pkt_time":1605291691053408,"flow_dst_last_pkt_time":1605291691053353,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3236,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00825{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1605291690926978,"flow_src_last_pkt_time":1605291691064462,"flow_dst_last_pkt_time":1605291691064427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3234,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36968,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00825{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1605291690926998,"flow_src_last_pkt_time":1605291691062791,"flow_dst_last_pkt_time":1605291691062731,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3235,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01088{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1605291690992851,"flow_src_last_pkt_time":1605291691029601,"flow_dst_last_pkt_time":1605291691029572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01089{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1605291690992851,"flow_src_last_pkt_time":1605291691029601,"flow_dst_last_pkt_time":1605291691029572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1605291690992851,"flow_src_last_pkt_time":1605291691029601,"flow_dst_last_pkt_time":1605291691029572,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80f::2001","src_port":36972,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00822{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291687934638,"flow_src_last_pkt_time":1605291688340797,"flow_dst_last_pkt_time":1605291688340782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":534,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":2175,"flow_dst_tot_l4_payload_len":4448,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::1736:86f1","src_port":44264,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":12,"flow_first_seen":1605291684452132,"flow_src_last_pkt_time":1605291684595834,"flow_dst_last_pkt_time":1605291684654506,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1120,"flow_dst_tot_l4_payload_len":3983,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56558,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -554,38 +554,38 @@ 00818{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1605291686064604,"flow_src_last_pkt_time":1605291686203778,"flow_dst_last_pkt_time":1605291686203769,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3648,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56588,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00820{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1605291686084924,"flow_src_last_pkt_time":1605291686232927,"flow_dst_last_pkt_time":1605291686232866,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":3963,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":18,"flow_first_seen":1605291686084954,"flow_src_last_pkt_time":1605291686248308,"flow_dst_last_pkt_time":1605291686283135,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1145,"flow_dst_tot_l4_payload_len":8775,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690530149,"flow_dst_last_pkt_time":1605291690571265,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1093,"flow_dst_tot_l4_payload_len":6986,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} +01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1605291690421002,"flow_src_last_pkt_time":1605291690530149,"flow_dst_last_pkt_time":1605291690571265,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1093,"flow_dst_tot_l4_payload_len":6986,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::2001","src_port":59624,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":56,"flow_dst_packets_processed":56,"flow_first_seen":1605291686301196,"flow_src_last_pkt_time":1605291696305230,"flow_dst_last_pkt_time":1605291696305202,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1755,"flow_dst_tot_l4_payload_len":39171,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56594,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":22,"flow_first_seen":1605291689408040,"flow_src_last_pkt_time":1605291689979594,"flow_dst_last_pkt_time":1605291689979542,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":1710,"flow_dst_tot_l4_payload_len":6627,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Reddit","proto_id":"91.205","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291688344280,"flow_src_last_pkt_time":1605291688470730,"flow_dst_last_pkt_time":1605291688502649,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":951,"flow_dst_tot_l4_payload_len":6261,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:9000:219c:ee00:6:44e3:f8c0:93a1","src_port":56186,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1605291686996891,"flow_src_last_pkt_time":1605291687145529,"flow_dst_last_pkt_time":1605291687185325,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":998,"flow_dst_tot_l4_payload_len":5014,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3b6","src_port":38320,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":22,"flow_first_seen":1605291687800179,"flow_src_last_pkt_time":1605291692129663,"flow_dst_last_pkt_time":1605291692129653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":768,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":3044,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00822{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291690405354,"flow_src_last_pkt_time":1605291690626396,"flow_dst_last_pkt_time":1605291690626372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":676,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":1989,"flow_dst_tot_l4_payload_len":7324,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::345f:7ca5","src_port":46646,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01034{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688858846,"flow_dst_last_pkt_time":1605291688835279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1624,"flow_dst_tot_l4_payload_len":5971,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":36,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687821101,"flow_dst_last_pkt_time":1605291687853616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":35001,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01017{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":37,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291698436193,"flow_dst_last_pkt_time":1605291698440198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1474,"flow_dst_tot_l4_payload_len":17331,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} +01037{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1605291688611238,"flow_src_last_pkt_time":1605291688858846,"flow_dst_last_pkt_time":1605291688835279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1624,"flow_dst_tot_l4_payload_len":5971,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:134:1a0d:1429:742:782:b6","src_port":39736,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Twitter","proto_id":"91.120","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +01030{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":36,"flow_first_seen":1605291687642048,"flow_src_last_pkt_time":1605291687821101,"flow_dst_last_pkt_time":1605291687853616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2416,"flow_src_tot_l4_payload_len":1006,"flow_dst_tot_l4_payload_len":35001,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:816::2008","src_port":39520,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":37,"flow_first_seen":1605291688830061,"flow_src_last_pkt_time":1605291698436193,"flow_dst_last_pkt_time":1605291698440198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1474,"flow_dst_tot_l4_payload_len":17331,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2001","src_port":58122,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTube","proto_id":"91.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1605291687485783,"flow_src_last_pkt_time":1605291687604676,"flow_dst_last_pkt_time":1605291687604665,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":947,"flow_dst_tot_l4_payload_len":3489,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::acd9:12c2","src_port":51026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01026{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":22,"flow_first_seen":1605291688324076,"flow_src_last_pkt_time":1605291688544035,"flow_dst_last_pkt_time":1605291688572828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1441,"flow_dst_tot_l4_payload_len":4595,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51100,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 00822{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1605291696948991,"flow_src_last_pkt_time":1605291697249997,"flow_dst_last_pkt_time":1605291697249971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":577,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1220,"flow_dst_tot_l4_payload_len":6397,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::34d3:acec","src_port":47006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00819{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1605291688336354,"flow_src_last_pkt_time":1605291688453280,"flow_dst_last_pkt_time":1605291688453229,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3457,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d1e6","src_port":51102,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00825{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":7,"flow_first_seen":1605291688831210,"flow_src_last_pkt_time":1605291688976798,"flow_dst_last_pkt_time":1605291689005094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":976,"flow_dst_tot_l4_payload_len":3675,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2016","src_port":52296,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01027{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":28,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291698565327,"flow_dst_last_pkt_time":1605291698602574,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":824,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":2920,"flow_dst_tot_l4_payload_len":5412,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":28,"flow_first_seen":1605291684451133,"flow_src_last_pkt_time":1605291698565327,"flow_dst_last_pkt_time":1605291698602574,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":824,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":2920,"flow_dst_tot_l4_payload_len":5412,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00824{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1605291684451247,"flow_src_last_pkt_time":1605291684592898,"flow_dst_last_pkt_time":1605291684592779,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":3497,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00822{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1605291687761761,"flow_src_last_pkt_time":1605291687902854,"flow_dst_last_pkt_time":1605291687902833,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1053,"flow_dst_tot_l4_payload_len":3947,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6853:b3d1","src_port":32970,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":22,"flow_first_seen":1605291687933355,"flow_src_last_pkt_time":1605291688585627,"flow_dst_last_pkt_time":1605291688585505,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1673,"flow_dst_tot_l4_payload_len":13072,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:f916:5049:f87f:108e","src_port":48648,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291691088193,"flow_dst_last_pkt_time":1605291691119107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1026,"flow_dst_tot_l4_payload_len":5335,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1605291690926867,"flow_src_last_pkt_time":1605291691088193,"flow_dst_last_pkt_time":1605291691119107,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1026,"flow_dst_tot_l4_payload_len":5335,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::200a","src_port":38166,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":41,"flow_first_seen":1605291686985710,"flow_src_last_pkt_time":1605291690314896,"flow_dst_last_pkt_time":1605291690314835,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2776,"flow_src_tot_l4_payload_len":1370,"flow_dst_tot_l4_payload_len":39870,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43492,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Amazon","proto_id":"91.178","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688883590,"flow_dst_last_pkt_time":1605291688927912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1007,"flow_dst_tot_l4_payload_len":3998,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} +01033{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1605291688712501,"flow_src_last_pkt_time":1605291688883590,"flow_dst_last_pkt_time":1605291688927912,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1007,"flow_dst_tot_l4_payload_len":3998,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2006","src_port":54726,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1605291687931808,"flow_src_last_pkt_time":1605291688031097,"flow_dst_last_pkt_time":1605291688025071,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1078,"flow_dst_tot_l4_payload_len":3824,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":54862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1605291687896532,"flow_src_last_pkt_time":1605291688158853,"flow_dst_last_pkt_time":1605291688326694,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":5643,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::2278:cf94","src_port":39626,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291691033551,"flow_dst_last_pkt_time":1605291691043564,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1291,"flow_dst_tot_l4_payload_len":10174,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01022{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":16,"flow_first_seen":1605291690926655,"flow_src_last_pkt_time":1605291691033551,"flow_dst_last_pkt_time":1605291691043564,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1291,"flow_dst_tot_l4_payload_len":10174,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46806,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1605291690926734,"flow_src_last_pkt_time":1605291691043840,"flow_dst_last_pkt_time":1605291691043780,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":7975,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46808,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":13,"flow_first_seen":1605291690926769,"flow_src_last_pkt_time":1605291691043854,"flow_dst_last_pkt_time":1605291691043782,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":7974,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46810,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291690926802,"flow_src_last_pkt_time":1605291691043975,"flow_dst_last_pkt_time":1605291691043952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":7975,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46812,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1605291690926830,"flow_src_last_pkt_time":1605291691044050,"flow_dst_last_pkt_time":1605291691043957,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":581,"flow_dst_tot_l4_payload_len":7976,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01031{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":63,"flow_dst_packets_processed":101,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291698488081,"flow_dst_last_pkt_time":1605291698522640,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1168,"flow_dst_max_l4_payload_len":2333,"flow_src_tot_l4_payload_len":3956,"flow_dst_tot_l4_payload_len":41414,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690495529,"flow_dst_last_pkt_time":1605291690520905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":4664,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1942,"packets-processed":1942,"total-skipped-flows":0,"total-l4-payload-len":546888,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":59,"total-detection-updates":90,"total-updates":0,"current-active-flows":0,"total-active-flows":60,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":588,"global_ts_usec":1605291698602574} +01032{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":63,"flow_dst_packets_processed":101,"flow_first_seen":1605291686985114,"flow_src_last_pkt_time":1605291698488081,"flow_dst_last_pkt_time":1605291698522640,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1168,"flow_dst_max_l4_payload_len":2333,"flow_src_tot_l4_payload_len":3956,"flow_dst_tot_l4_payload_len":41414,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1605291690373466,"flow_src_last_pkt_time":1605291690495529,"flow_dst_last_pkt_time":1605291690520905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":4664,"midstream":0,"thread_ts_usec":1605291698602574,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1942,"source":"cfgs\/default\/pcap\/reddit.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1942,"packets-processed":1942,"total-skipped-flows":0,"total-l4-payload-len":546888,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":59,"total-detection-updates":90,"total-updates":0,"current-active-flows":0,"total-active-flows":60,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":588,"global_ts_usec":1605291698602574} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1942/1942 ~~ skipped flows.............: 0 @@ -594,10 +594,10 @@ ~~ total active/idle flows...: 60/60 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8667218 bytes -~~ total memory freed........: 8667218 bytes -~~ total allocations/frees...: 149460/149460 +~~ total memory allocated....: 12374893 bytes +~~ total memory freed........: 12374893 bytes +~~ total allocations/frees...: 219714/219714 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 562 chars -~~ json string max len.......: 2206 chars -~~ json string avg len.......: 1384 chars +~~ json string max len.......: 2209 chars +~~ json string avg len.......: 1385 chars diff --git a/test/results/default/riot.pcapng.out b/test/results/default/riot.pcapng.out index 72bf99347..061d3cac9 100644 --- a/test/results/default/riot.pcapng.out +++ b/test/results/default/riot.pcapng.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1679740451287612} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1679740451287612} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679740451287612,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1400,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1400,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740451287612,"l3_proto":"ip4","src_ip":"52.41.135.135","dst_ip":"192.168.26.22","src_port":443,"dst_port":51817,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02407{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1679740451287612,"pkt":"rBWiWIrRJhEKmxQ6CABFAAWgaetAANwGmP00KYeHwKgaFgG7ymlvVZVZdql7b1AQAG415gAAFgMDD+sLAA\/nAA\/kAAdYMIIHVDCCBjygAwIBAgIQD6KljRei+mqTVyEujADhITANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVkIFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTIyMDMyNDAwMDAwMFoXDTIzMDQyNDIzNTk1OVowgdAxEzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQFEwc0MTU1ODQzMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxMLTG9zIEFuZ2VsZXMxGTAXBgNVBAoTEFJpb3QgR2FtZXMsIEluYy4xGjAYBgNVBAMTEWVrZy5yaW90Z2FtZXMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAus13vndQVpCZQ\/6PU8G+iDtU3rn+bD7d3d5AQ0WHga2RFZSUS4+6wZSACw1hvY9jxBAMKhZCGI2lsyH3XsGZcqmDGaQNAesHLuc6DvGlXCziBRbNOFBP05C\/on20exh8HLy3EJ\/LZMxR89Y3ZwTAOu691hgcmW6+p0X71KlNaQIO7fGLFtbN4DanvTd4uh5guifZZf9uVE7Y\/bar80NdArcGHl+U6zztdb3TJScjZRMR153rnT1qzYEjEUWDpFzWAVWCPkDLeueyPLhUoG8Wi4cDjpqnNqH4oHo2cbTeuoG+8\/gGed9TZeQgA9QE3N7f5bmLcS7A7+s47IsJ1RrFgQIDAQABo4IDgjCCA34wHwYDVR0jBBgwFoAUPdNQpdagre7zSmAKZdMh1Pj41g8wHQYDVR0OBBYEFFeL4L3PsxfrUVsE8HMc96hHy9G1MDQGA1UdEQQtMCuCEWVrZy5yaW90Z2FtZXMuY29tghZ0ZXN0LmVrZy5yaW90Z2FtZXMuY29tMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWczLmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWczLmNybDBKBgNVHSAEQzBBMAsGCWCGSAGG\/WwCATAyBgVngQwBATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYgGCCsGAQUFBwEBBHwwejAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFIGCCsGAQUFBzAChkZodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyRXh0ZW5kZWRWYWxpZGF0aW9uU2VydmVyQ0EuY3J0MAkGA1UdEwQCMAAwggF8BgorBgEEAdZ5AgQCBIIBbASCAWgBZgB1AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABf70O7bsAAAQDAEYwRAIgZcAfjxYIGLSb7O8oj5RjpQ8KzltiTGJYuU6CKygHjkICIGg7XyVQ50yZJpsXatTr+CnOqs1Ofw9NfwN15OxsGC1WAHUANc8ZG7+xbFe\/D61MbULLu7Y="} 02412{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1679740451287612,"pkt":"rBWiWIrRJhEKmxQ6CABFAAWgaexAANwGmPw0KYeHwKgaFgG7ymlvVZrRdql7b1AQAG4YEQAAJyAmUeo\/4SrvqAPDO9ZMAAABf70O7ewAAAQDAEYwRAIgbExkqx\/44d4BgvWQpdxRieBSelu86su7x8R8AGdR3CsCIDADQRj1HF0cGtcNaC1YS22cWe09BnL84k7bSvuslPfPAHYAs3N3B+GEUPhjhtYFqdwRCUp5LbFnDAuH3PADDnk2pZoAAAF\/vQ7uDgAABAMARzBFAiEAsAO\/XUJkEUyCF1g0U+MQyf6ugkG6ZlpEvNTq+J8MobECIG4mIF3E1GfYS4up\/O+nPD3Fc6JMxp0dsgeIANHAro39MA0GCSqGSIb3DQEBCwUAA4IBAQBArYmu+AQtIEuKrCGgjIojRxWSY2o6aMd1q3E29BWJDeZO56UpuaUbOuK97nyjGup3Lr6fQa5e3qpL\/uejTwGkV4SeqDKMuM5D3q0MuOU0ekxfpXSxhGONh14TIDMQ1w0Z2\/HKDfIECyfBEfg5XhF7XcI3eKoTogXveVOzeFDgPja2UbS6HAh\/z7JYI+q3ymzgJIgWN15ksiiDFZVmRjD0VfmxNorVeBx6P86FPbnEVCiBXKe6fvuPwRCgTcjwUE377F7XetwlfTxcK\/rgSX8BPdMUonImi5ilfgK+EHj9++mKQrwbgVoka3afJB6Z6A3\/2l4WB5hZvkSD0v9l0LZHAAPJMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0tMqbf5YE\/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH\/BAQDAgGGMA8GA1UdEwEB\/wQFMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe\/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2Yzi9RKR\/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CA="} @@ -14,7 +14,7 @@ 01057{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1679740451287612,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4080,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"52.41.135.135","dst_ip":"192.168.26.22","src_port":443,"dst_port":51817,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1679740451287612,"flow_src_last_pkt_time":1679740451287612,"flow_dst_last_pkt_time":1679740451287612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4080,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"52.41.135.135","dst_ip":"192.168.26.22","src_port":443,"dst_port":51817,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1679740491797221,"flow_src_last_pkt_time":1679740491800062,"flow_dst_last_pkt_time":1679740491797221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":402,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4122,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1679740491800062,"l3_proto":"ip4","src_ip":"35.234.85.218","dst_ip":"192.168.26.22","src_port":443,"dst_port":51949,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":8202,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1679740491800062} +00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/riot.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":8202,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1679740491800062} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7790506 bytes -~~ total memory freed........: 7790506 bytes -~~ total allocations/frees...: 146403/146403 +~~ total memory allocated....: 11499109 bytes +~~ total memory freed........: 11499109 bytes +~~ total allocations/frees...: 216657/216657 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 567 chars ~~ json string max len.......: 2417 chars diff --git a/test/results/default/riotgames.pcap.out b/test/results/default/riotgames.pcap.out index 288a857a9..27a1bb98e 100644 --- a/test/results/default/riotgames.pcap.out +++ b/test/results/default/riotgames.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1644446178115000} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1644446178115000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644446178115000,"flow_src_last_pkt_time":1644446178115000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644446178115000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":59956,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1644446178115000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1644446178115000,"pkt":"eJS0JASgYDjgxTWgCABFAABREOUAAH8RfLDAqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1644446178115000,"flow_src_last_pkt_time":1644446178115000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1644446178115000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":59956,"dst_port":7194,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -7,49 +7,49 @@ 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1644446180176000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1644446180176000,"pkt":"eJS0JASgYDjgxTWgCABFAABREOcAAH8RfK7AqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1644446181179000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1644446181179000,"pkt":"eJS0JASgYDjgxTWgCABFAABREOgAAH8RfK3AqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1644446182183000,"flow_dst_last_pkt_time":1644446178115000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1644446182183000,"pkt":"eJS0JASgYDjgxTWgCABFAABREOkAAH8RfKzAqAJkovlIAeo0HBoAPXYrpJ+cMaAyQgQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1648063928092000} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1648063928092000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648063928092000,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928092000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648063928092000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.179.216.242","src_port":48526,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928092000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1648063928092000,"pkt":"eJS0JASgYDjgxTWgCABFAAAkz4FAAD8R+pTAqAJk1bPY8r2Ow1QAECUCEzfK\/goAAAA="} 01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648063928092000,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928092000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648063928092000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.179.216.242","src_port":48526,"dst_port":50004,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","discord": {"client_ip":""}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928151000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":16,"thread_ts_usec":1648063928151000,"pkt":"YDjgxTWgeJS0JASgCABFAAAk5k1AADcR68jVs9jywKgCZMNUvY4AECUCEzfK\/goAAAAAAAAAAAAAAAAA"} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":5,"flow_first_seen":1644446178115000,"flow_src_last_pkt_time":1644446183618000,"flow_dst_last_pkt_time":1644446183613000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":45,"flow_src_tot_l4_payload_len":686,"flow_dst_tot_l4_payload_len":177,"midstream":0,"thread_ts_usec":1648063928151000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":59956,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":879,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1654781451507000} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":879,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1654781451507000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654781451507000,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451507000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654781451507000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":62854,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451507000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654781451507000,"pkt":"eJS0JASgYDjgxTWgCABFAABAaVkAAH8RJE3AqAJkovlIAfWGH\/UALPN\/c3T2DHIyQgSrWX+BH8wAh2u8AAAW43xAFAAAAKqqqqq7u7u7"} 01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654781451507000,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451507000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654781451507000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":62854,"dst_port":8181,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451526000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654781451526000,"pkt":"YDjgxTWgeJS0JASgCABFAABAcP9AADgRI6ei+UgBwKgCZB\/19YYALF0BcjJCBAAAAACrWX+BH8wAh2u8AAAW43xAFAAAAKqqqqq7u7u7"} 01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648063928092000,"flow_src_last_pkt_time":1648063928092000,"flow_dst_last_pkt_time":1648063928151000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1654781451526000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"213.179.216.242","src_port":48526,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1654783623503000} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1654783623503000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654783623503000,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623503000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654783623503000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":54231,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623503000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654783623503000,"pkt":"eJS0JASgYDjgxTWgCABFAABAtqAAAH8RVRrAqAJkK+VBAdPXHz4ALLwuE5sFlpUyRyCrWX+BH8wGEZxbAABBqxZPGQAAAKqqqqq7u7u7"} 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654783623503000,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623503000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654783623503000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":54231,"dst_port":7998,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623769000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654783623769000,"pkt":"YDjgxTWgeJS0JASgCABFAABA3N9AADARPdsr5UEBwKgCZB8+09cALNVflTJHIAAAAACrWX+BH8wGEZxbAABBqxZPGQAAAKqqqqq7u7u7"} 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654781451507000,"flow_src_last_pkt_time":1654781451507000,"flow_dst_last_pkt_time":1654781451526000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1654783623769000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":62854,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":22,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":1023,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1654785423332000} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":22,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":1023,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1654785423332000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654785423332000,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423332000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785423332000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":58106,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423332000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654785423332000,"pkt":"eJS0JASgYDjgxTWgCABFAABA04EAAH8RuiTAqAJkovlIAeL6H\/UALG1KXY5aogEy\/RarWX+BH8wKaJLmAAB8mNx\/HQAAAKqqqqq7u7u7"} 01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654785423332000,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423332000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654785423332000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":58106,"dst_port":8181,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423380000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654785423380000,"pkt":"YDjgxTWgeJS0JASgCABFAABASwdAADYRS5+i+UgBwKgCZB\/14voALCV7ATL9FgAAAACrWX+BH8wKaJLmAAB8mNx\/HQAAAKqqqqq7u7u7"} 01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654783623503000,"flow_src_last_pkt_time":1654783623503000,"flow_dst_last_pkt_time":1654783623769000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1654785423380000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":54231,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":1095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1654790643639000} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":1095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1654790643639000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654790643639000,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643639000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654790643639000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":50004,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643639000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654790643639000,"pkt":"eJS0JASgYDjgxTWgCABFAABAp6MAAH8R5gLAqAJkovlIAcNUH\/UALPlTK70DER4y\/RWrWX+BH8wXFh2xAABS+GKnKQAAAKqqqqq7u7u7"} 01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654790643639000,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643639000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654790643639000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":50004,"dst_port":8181,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643680000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1654790643680000,"pkt":"YDjgxTWgeJS0JASgCABFAABAVJVAADURQxGi+UgBwKgCZB\/1w1QALCgiHjL9FQAAAACrWX+BH8wXFh2xAABS+GKnKQAAAKqqqqq7u7u7"} 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654785423332000,"flow_src_last_pkt_time":1654785423332000,"flow_dst_last_pkt_time":1654785423380000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1654790643680000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":58106,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":1167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1655323563669000} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":1167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1655323563669000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655323563669000,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563669000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655323563669000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":63038,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563669000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1655323563669000,"pkt":"eJS0JASgYDjgxTWgCABFAABAIVQAAH8R6mbAqAJkK+VBAfY+Hz4ALJnHE5sFlpUyRyCrWX+BDpAHcmnvAADfWdrm+QAAAKqqqqq7u7u7"} 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655323563669000,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563669000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655323563669000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":63038,"dst_port":7998,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563941000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1655323563941000,"pkt":"YDjgxTWgeJS0JASgCABFAABAW6NAAC8RwBcr5UEBwKgCZB8+9j4ALLL4lTJHIAAAAACrWX+BDpAHcmnvAADfWdrm+QAAAKqqqqq7u7u7"} 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654790643639000,"flow_src_last_pkt_time":1654790643639000,"flow_dst_last_pkt_time":1654790643680000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1655323563941000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":50004,"dst_port":8181,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":28,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":1239,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1655757069043000} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":28,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":1239,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1655757069043000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655757069043000,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069043000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655757069043000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.241.8","src_port":61099,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069043000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1655757069043000,"pkt":"eJS0JASgYDjgxTWgCABFAAAkrucAAH8RlrbAqAJkQhbxCO6rw1QAEGNsEzfK\/hYAAAA="} 01081{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655757069043000,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069043000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655757069043000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.241.8","src_port":61099,"dst_port":50004,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative","discord": {"client_ip":""}}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069107000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":16,"thread_ts_usec":1655757069107000,"pkt":"YDjgxTWgeJS0JASgCABFAAAkQStAADYRDXNCFvEIwKgCZMNU7qsAEGNsEzfK\/hYAAAAAAAAAAAAAAAAA"} 01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1655323563669000,"flow_src_last_pkt_time":1655323563669000,"flow_dst_last_pkt_time":1655323563941000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1655757069107000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"43.229.65.1","src_port":63038,"dst_port":7998,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":30,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":1255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1657052125163000} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":30,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":1255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1657052125163000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657052125163000,"flow_src_last_pkt_time":1657052125163000,"flow_dst_last_pkt_time":1657052125163000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657052125163000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":49298,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1657052125163000,"flow_dst_last_pkt_time":1657052125163000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_usec":1657052125163000,"pkt":"eJS0JASgYDjgxTWgCABFAABRqHYAAH8R5R7AqAJkovlIAcCSHBoAPQSXzcb7QPwy+QMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmLme68LgEtiVPLEfLeojRgw="} 01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657052125163000,"flow_src_last_pkt_time":1657052125163000,"flow_dst_last_pkt_time":1657052125163000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657052125163000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":49298,"dst_port":7194,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -59,7 +59,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1657052126476000,"flow_dst_last_pkt_time":1657052126497000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1657052126497000,"pkt":"YDjgxTWgeJS0JASgCABFAAA9pxNAAPYRL5Wi+UgBwKgCZBwawJIAKbEE\/DL5AwUAAAAAAID\/PQwqd\/zywtfCXzxlgMLEt38OVBEK"} 01092{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1655757069043000,"flow_src_last_pkt_time":1655757069043000,"flow_dst_last_pkt_time":1655757069107000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":1657052127590000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"66.22.241.8","src_port":61099,"dst_port":50004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Discord","proto_by_ip_id":58,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":9,"flow_first_seen":1657052125163000,"flow_src_last_pkt_time":1657052126580000,"flow_dst_last_pkt_time":1657052127590000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":460,"flow_dst_tot_l4_payload_len":370,"midstream":0,"thread_ts_usec":1657052127590000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"162.249.72.1","src_port":49298,"dst_port":7194,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RiotGames","proto_id":"302","proto_by_ip":"RiotGames","proto_by_ip_id":302,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":2085,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":62,"global_ts_usec":1657052127590000} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/riotgames.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":2085,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":62,"global_ts_usec":1657052127590000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 ~~ skipped flows.............: 0 @@ -68,9 +68,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7785213 bytes -~~ total memory freed........: 7785213 bytes -~~ total allocations/frees...: 146503/146503 +~~ total memory allocated....: 11493704 bytes +~~ total memory freed........: 11493704 bytes +~~ total allocations/frees...: 216757/216757 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 528 chars ~~ json string max len.......: 1102 chars diff --git a/test/results/default/rmcp.pcap.out b/test/results/default/rmcp.pcap.out new file mode 100644 index 000000000..72e0f61c1 --- /dev/null +++ b/test/results/default/rmcp.pcap.out @@ -0,0 +1,44 @@ +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1685886497916092} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685886497916092,"flow_src_last_pkt_time":1685886497916092,"flow_dst_last_pkt_time":1685886497916092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685886497916092,"l3_proto":"ip4","src_ip":"123.212.25.229","dst_ip":"171.47.173.23","src_port":49531,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1685886497916092,"flow_dst_last_pkt_time":1685886497916092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1685886497916092,"pkt":"xpffLU2SPJTVQTiBCABFAAAzHmlAACIRH0x71Bnlqy+tF8F7Am8AH+\/XBgD\/BwAAAAAAAAAAAAkgGMiBADiOBLU="} +01042{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685886497916092,"flow_src_last_pkt_time":1685886497916092,"flow_dst_last_pkt_time":1685886497916092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685886497916092,"l3_proto":"ip4","src_ip":"123.212.25.229","dst_ip":"171.47.173.23","src_port":49531,"dst_port":623,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":23,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1685905522978060} +00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978060,"flow_src_last_pkt_time":1685905522978060,"flow_dst_last_pkt_time":1685905522978060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978060,"l3_proto":"ip4","src_ip":"54.229.154.152","dst_ip":"14.85.79.172","src_port":59937,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1685905522978060,"flow_dst_last_pkt_time":1685905522978060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1685905522978060,"pkt":"xgwp30Y4PJTVQTiBCABFBAAo5iEAADQRzrQ25ZqYDlVPrOohAm8AFKqEBgD\/BgAAEb6AAAAAAAAAAAAA"} +01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978060,"flow_src_last_pkt_time":1685905522978060,"flow_dst_last_pkt_time":1685905522978060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978060,"l3_proto":"ip4","src_ip":"54.229.154.152","dst_ip":"14.85.79.172","src_port":59937,"dst_port":623,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978073,"flow_src_last_pkt_time":1685905522978073,"flow_dst_last_pkt_time":1685905522978073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978073,"l3_proto":"ip4","src_ip":"137.141.61.18","dst_ip":"82.132.4.178","src_port":59937,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1685905522978073,"flow_dst_last_pkt_time":1685905522978073,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1685905522978073,"pkt":"AAwp30Y4PJTVQTiBCABFBAAo5iEAADQRzrSJjT0SUoQEsuohAm8AFKqEBgD\/BgAAEb6AAAAAAAAAAAAA"} +01040{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978073,"flow_src_last_pkt_time":1685905522978073,"flow_dst_last_pkt_time":1685905522978073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978073,"l3_proto":"ip4","src_ip":"137.141.61.18","dst_ip":"82.132.4.178","src_port":59937,"dst_port":623,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +01081{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685886497916092,"flow_src_last_pkt_time":1685886497916092,"flow_dst_last_pkt_time":1685886497916092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685905522978073,"l3_proto":"ip4","src_ip":"123.212.25.229","dst_ip":"171.47.173.23","src_port":49531,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":47,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1685929216370306} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929216370306,"flow_src_last_pkt_time":1685929216370306,"flow_dst_last_pkt_time":1685929216370306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929216370306,"l3_proto":"ip4","src_ip":"129.222.153.30","dst_ip":"190.219.142.148","src_port":58065,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1685929216370306,"flow_dst_last_pkt_time":1685929216370306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1685929216370306,"pkt":"AAwp30Y4PJTVQTiBCABFAAAz1DEAAPQRz8SB3pkevtuOlOLRAm8AHwAABgD\/BwAAAAAAAAAAAAkgGMiBADiOBLU="} +01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929216370306,"flow_src_last_pkt_time":1685929216370306,"flow_dst_last_pkt_time":1685929216370306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929216370306,"l3_proto":"ip4","src_ip":"129.222.153.30","dst_ip":"190.219.142.148","src_port":58065,"dst_port":623,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978073,"flow_src_last_pkt_time":1685905522978073,"flow_dst_last_pkt_time":1685905522978073,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929216370306,"l3_proto":"ip4","src_ip":"137.141.61.18","dst_ip":"82.132.4.178","src_port":59937,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685905522978060,"flow_src_last_pkt_time":1685905522978060,"flow_dst_last_pkt_time":1685905522978060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929216370306,"l3_proto":"ip4","src_ip":"54.229.154.152","dst_ip":"14.85.79.172","src_port":59937,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929237726279,"flow_src_last_pkt_time":1685929237726279,"flow_dst_last_pkt_time":1685929237726279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929237726279,"l3_proto":"ip4","src_ip":"64.240.55.240","dst_ip":"30.144.16.67","src_port":57984,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1685929237726279,"flow_dst_last_pkt_time":1685929237726279,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1685929237726279,"pkt":"AJffLU2SPJTVQTiBCABFAAAz1DEAAPQRz8NA8DfwHpAQQ+KAAm8AHwAABgD\/BwAAAAAAAAAAAAkgGMiBADiOBLU="} +01040{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929237726279,"flow_src_last_pkt_time":1685929237726279,"flow_dst_last_pkt_time":1685929237726279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929237726279,"l3_proto":"ip4","src_ip":"64.240.55.240","dst_ip":"30.144.16.67","src_port":57984,"dst_port":623,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929316901739,"flow_src_last_pkt_time":1685929316901739,"flow_dst_last_pkt_time":1685929316901739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929316901739,"l3_proto":"ip4","src_ip":"127.36.88.103","dst_ip":"164.114.97.252","src_port":34698,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1685929316901739,"flow_dst_last_pkt_time":1685929316901739,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1685929316901739,"pkt":"imjqc4OdPJTVQTiBCABFAAAz1DEAAPQRz8F\/JFhnpHJh\/IeKAm8AHwAABgD\/BwAAAAAAAAAAAAkgGMiBADiOBLU="} +01042{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929316901739,"flow_src_last_pkt_time":1685929316901739,"flow_dst_last_pkt_time":1685929316901739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929316901739,"l3_proto":"ip4","src_ip":"127.36.88.103","dst_ip":"164.114.97.252","src_port":34698,"dst_port":623,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +01081{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929316901739,"flow_src_last_pkt_time":1685929316901739,"flow_dst_last_pkt_time":1685929316901739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929316901739,"l3_proto":"ip4","src_ip":"127.36.88.103","dst_ip":"164.114.97.252","src_port":34698,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929237726279,"flow_src_last_pkt_time":1685929237726279,"flow_dst_last_pkt_time":1685929237726279,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929316901739,"l3_proto":"ip4","src_ip":"64.240.55.240","dst_ip":"30.144.16.67","src_port":57984,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929216370306,"flow_src_last_pkt_time":1685929216370306,"flow_dst_last_pkt_time":1685929216370306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929316901739,"l3_proto":"ip4","src_ip":"129.222.153.30","dst_ip":"190.219.142.148","src_port":58065,"dst_port":623,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RMCP","proto_id":"351","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":18,"category":"System"}} +00628{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/rmcp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1685929316901739} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 6/6 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 116 bytes +~~ total detected protocols..: 6 +~~ total active/idle flows...: 6/6 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 11486206 bytes +~~ total memory freed........: 11486206 bytes +~~ total allocations/frees...: 216686/216686 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 534 chars +~~ json string max len.......: 1089 chars +~~ json string avg len.......: 810 chars diff --git a/test/results/default/roblox.pcapng.out b/test/results/default/roblox.pcapng.out index 884b60b9d..06cd6a1fc 100644 --- a/test/results/default/roblox.pcapng.out +++ b/test/results/default/roblox.pcapng.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1686316283692571} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1686316283692571} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686316283692571,"flow_src_last_pkt_time":1686316283692571,"flow_dst_last_pkt_time":1686316283692571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686316283692571,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.89.113","src_port":42965,"dst_port":63862,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02327{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1686316283692571,"flow_dst_last_pkt_time":1686316283692571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1398,"pkt_l4_len":1364,"thread_ts_usec":1686316283692571,"pkt":"CL6sCxduJjb1W8R1CABFAAVoAABAAEARjlvAqAycgHRZcafV+XYFVItnewD\/\/wD+\/v7+\/f39\/RI0VngFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686316283692571,"flow_src_last_pkt_time":1686316283692571,"flow_dst_last_pkt_time":1686316283692571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686316283692571,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.89.113","src_port":42965,"dst_port":63862,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -17,7 +17,7 @@ 01216{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316284117183,"flow_dst_last_pkt_time":1686316284145726,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1686316284145726,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"assetgame.roblox.com","tls": {"version":"TLSv1.3","ja3":"f436b9416f37d134cadd04886327d3e8","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}} 02007{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316295462569,"flow_dst_last_pkt_time":1686316295484971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2279,"flow_dst_tot_l4_payload_len":7499,"midstream":0,"thread_ts_usec":1686316295484971,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":746596.0,"max":10785585,"stddev":2538101.5,"var":6441959161856.0,"ent":1.7,"data": [28467,194118,21533,215727,23,12,472,7,126878,1267,3499,273,4379,2627,513,240,137878,55,702,108040,106788,174593,10000206,310,357197,548002,10785585,40059,91693,5740,187593]},"pktlen": {"min":40,"avg":357.7,"max":1500,"stddev":487.7,"var":237869.3,"ent":3.9,"data": [60,60,52,569,1500,1500,1252,1500,891,52,52,52,52,52,116,1076,702,323,323,52,52,578,52,76,52,52,76,52,52,76,52,40]},"bins": {"c_to_s": [13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,1,1,1,1,0,0,0,0,1],"entropies": [4.779968262,5.300120354,5.195351124,4.779649258,7.870378971,7.875164032,7.842136383,7.870733738,7.754308224,5.156889439,5.156889439,5.118428230,5.118427753,4.988526344,6.087430477,7.824826241,7.718070984,7.273851871,7.313729286,5.195351124,5.118428230,7.627631664,5.195351124,5.716266155,5.233812809,5.065449238,5.742581844,5.142372608,5.118427753,5.663634777,5.118428230,4.019286156]}} 01220{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316295462569,"flow_dst_last_pkt_time":1686316295484971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2279,"flow_dst_tot_l4_payload_len":7499,"midstream":0,"thread_ts_usec":1686316295484971,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game","hostname":"assetgame.roblox.com","tls": {"version":"TLSv1.3","ja3":"f436b9416f37d134cadd04886327d3e8","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":48,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":13253,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1686326648493170} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":48,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":13253,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1686326648493170} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326648493170,"flow_src_last_pkt_time":1686326648493170,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326648493170,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":45693,"dst_port":53385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02329{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1686326648493170,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1398,"pkt_l4_len":1364,"thread_ts_usec":1686326648493170,"pkt":"CL6sCxduJjb1W8R1CABFAAVoAABAAEARu6vAqAycgHQsIbJ90IkFVNfxAQAAHwERAaMCLkuAjaPJ6FqVJdO4\/a0CBgoJAJDQiXsA\/\/8A\/v7+\/v39\/f0SNFZ4BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326648493170,"flow_src_last_pkt_time":1686326648493170,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326648493170,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":45693,"dst_port":53385,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -27,7 +27,7 @@ 00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1686326648735662,"flow_dst_last_pkt_time":1686326648493170,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1686326648735662,"pkt":"CL6sCxduJjb1W8R1CABFAABfhZcAAEARex3AqAycgHQsIbJ90IkAS7YiAQAAHwERAoJSCQq+6il8U+Lfk82kmGMCBgoJAJDQiQPawcSA\/bOuR7gJ5LgpDk+soFdu7AZnfJ12rVYjGKUI3M\/gLA=="} 01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1686316283692571,"flow_src_last_pkt_time":1686316283794515,"flow_dst_last_pkt_time":1686316283806465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":138,"flow_src_tot_l4_payload_len":2977,"flow_dst_tot_l4_payload_len":498,"midstream":0,"thread_ts_usec":1686326648875787,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.89.113","src_port":42965,"dst_port":63862,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":15,"flow_first_seen":1686316283901532,"flow_src_last_pkt_time":1686316296142505,"flow_dst_last_pkt_time":1686316295484971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2279,"flow_dst_tot_l4_payload_len":7499,"midstream":0,"thread_ts_usec":1686326648875787,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.122.4","src_port":39034,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Roblox","proto_id":"91.346","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":65,"packets-processed":64,"total-skipped-flows":0,"total-l4-payload-len":22280,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1686333469750635} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":65,"packets-processed":64,"total-skipped-flows":0,"total-l4-payload-len":22280,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1686333469750635} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686333469750635,"flow_src_last_pkt_time":1686333469750635,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686333469750635,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":46507,"dst_port":51438,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02328{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1686333469750635,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1398,"pkt_l4_len":1364,"thread_ts_usec":1686333469750635,"pkt":"CL6sCxduJjb1W8R1CABFAAVoAABAAEARu6vAqAycgHQsIbWryO4FVEvhAQAAHwERAYlJ+hMYU2DqGCGy2n4VfpgCBgoJBgPI7nsA\/\/8A\/v7+\/v39\/f0SNFZ4BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01054{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686333469750635,"flow_src_last_pkt_time":1686333469750635,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1356,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1356,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686333469750635,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":46507,"dst_port":51438,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -37,7 +37,7 @@ 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1686333470028956,"flow_dst_last_pkt_time":1686333469750635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1686333470028956,"pkt":"CL6sCxduJjb1W8R1CABFAABfb+QAAEARkNDAqAycgHQsIbWryO4AS++iAQAAHwERAkoGEJobUjvDjWy+zNTNvQ4CBgoJBgPI7ncnCfOsPT8PcVse23VWPpNtYldufworZLI4u9rBGniKI+a64A=="} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":2,"flow_first_seen":1686326648493170,"flow_src_last_pkt_time":1686326648875787,"flow_dst_last_pkt_time":1686326648846178,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":1332,"flow_src_tot_l4_payload_len":6363,"flow_dst_tot_l4_payload_len":2664,"midstream":0,"thread_ts_usec":1686333470172917,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":45693,"dst_port":53385,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":1,"flow_first_seen":1686333469750635,"flow_src_last_pkt_time":1686333470172917,"flow_dst_last_pkt_time":1686333470150567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1356,"flow_dst_max_l4_payload_len":1332,"flow_src_tot_l4_payload_len":6225,"flow_dst_tot_l4_payload_len":1332,"midstream":0,"thread_ts_usec":1686333470172917,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"128.116.44.33","src_port":46507,"dst_port":51438,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RakNet","proto_id":"286","proto_by_ip":"Roblox","proto_by_ip_id":346,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":78,"packets-processed":78,"total-skipped-flows":0,"total-l4-payload-len":29837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1686333470172917} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/roblox.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":78,"packets-processed":78,"total-skipped-flows":0,"total-l4-payload-len":29837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1686333470172917} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 78/78 ~~ skipped flows.............: 0 @@ -46,9 +46,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7797783 bytes -~~ total memory freed........: 7797783 bytes -~~ total allocations/frees...: 146490/146490 +~~ total memory allocated....: 11506354 bytes +~~ total memory freed........: 11506354 bytes +~~ total allocations/frees...: 216744/216744 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 548 chars ~~ json string max len.......: 2509 chars diff --git a/test/results/default/rsh-syslog-false-positive.pcap.out b/test/results/default/rsh-syslog-false-positive.pcap.out index 67e08f4b3..aa2f77e3c 100644 --- a/test/results/default/rsh-syslog-false-positive.pcap.out +++ b/test/results/default/rsh-syslog-false-positive.pcap.out @@ -1,5 +1,5 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1464076252936094} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1464076252936094} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076252936094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076252936094,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5} 00865{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1464076252936094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":292,"pkt_l4_len":272,"thread_ts_usec":1464076252936094,"pkt":"RQABJL4eQAA8Bq0urB9OgawdK8kjTwICdUbR1TedTUKAGABzPQsAAAEBCAoozL9YkELf7TwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45MjY0NTErMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ0IFNSQ0ggYmFzZT0ib3U9cGVvcGxlLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYodWlkPXRvb2xib3gpKG9iamVjdENsYXNzPXBvc2l4QWNjb3VudCkoJih1aWROdW1iZXI9KikoISh1aWROdW1iZXI9MCkpKSkiCg=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076252936094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076252936094,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -12,7 +12,7 @@ 00361{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1464076253008101,"packet_id":7,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1400,"global_ts_usec":1464076253008101} 01658{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","pkt_datalink":12,"pkt_caplen":1010,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1400,"pkt_l4_len":0,"thread_ts_usec":1464076253006101,"pkt":"RQAFeL4kQAA8BqjUrB9OgawdK8kjTwICdUbfTzedTUKAEABzI2UAAAEBCAoozL+fkELhMTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45OTYwNzYrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ4IFNSQ0ggYmFzZT0ib3U9Z3JvdXBlcyxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiIHNjb3BlPTIgZGVyZWY9MCBmaWx0ZXI9IigmKG1lbWJlclVpZD10b29sYm94KShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NjA5MSswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDggU1JDSCBhdHRyPW9iamVjdENsYXNzIGNuIHVzZXJQYXNzd29yZCBnaWROdW1iZXIgbW9kaWZ5VGltZXN0YW1wIG1vZGlmeVRpbWVzdGFtcAo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTk2MDk2KzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00OCBFTlRSWSBkbj0iY249aW50c2lyLWFkbWlucyxvdT1ncm91cGVzLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NjEwMSswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDggU0VBUkNIIFJFU1VMVCB0YWc9MTAxIGVycj0wIG5lbnRyaWVzPTEgdGV4dD0KPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NzMzMCswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDkgU1JDSCBiYXNlPSJvdT1ncm91cGVzLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYoZ2lkTnVtYmVyPTYwMDAxKShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIKPDE2Nz4yMDE2LTA1LTI0VDA5OjU="} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076253018101,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":958,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4939,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076253018101,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":4939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1464076253018101} +00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":4939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1464076253018101} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766985 bytes -~~ total memory freed........: 7766985 bytes -~~ total allocations/frees...: 146379/146379 +~~ total memory allocated....: 11475604 bytes +~~ total memory freed........: 11475604 bytes +~~ total allocations/frees...: 216633/216633 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 366 chars ~~ json string max len.......: 1663 chars diff --git a/test/results/default/rsh.pcap.out b/test/results/default/rsh.pcap.out index 81284d6e7..264b560f2 100644 --- a/test/results/default/rsh.pcap.out +++ b/test/results/default/rsh.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1654277359673876} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1654277359673876} 00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654277359673876,"flow_src_last_pkt_time":1654277359673876,"flow_dst_last_pkt_time":1654277359673876,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654277359673876,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1023,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1654277359673876,"flow_dst_last_pkt_time":1654277359673876,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1654277359673876,"pkt":"AAAAAAAAAAAAAAAACABFAAA8BJ9AAEAGOBt\/AAABfwAAAQP\/AgJQUgi+AAAAAKAC\/9f+MAAAAgT\/1wQCCAp\/2NwKAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1654277359673876,"flow_dst_last_pkt_time":1654277359673899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1654277359673899,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQICA\/+d65A3UFIIv6AS\/8v+MAAAAgT\/1wQCCAp\/2NwKf9jcCgEDAwc="} @@ -16,7 +16,7 @@ 01238{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1654277362292565,"flow_src_last_pkt_time":1654277362309472,"flow_dst_last_pkt_time":1654277362292703,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654277362309472,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1021,"dst_port":514,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"RSH","proto_id":"294","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","rsh": {"client_username":"lns","server_username":"someuser","command":"some random command"}}} 01184{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1654277362292565,"flow_src_last_pkt_time":1654277363725020,"flow_dst_last_pkt_time":1654277363725000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":18,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":18,"midstream":0,"thread_ts_usec":1654277363725020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1021,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"RSH","proto_id":"294","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess"}} 01184{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1654277359673876,"flow_src_last_pkt_time":1654277360987203,"flow_dst_last_pkt_time":1654277360987169,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":21,"midstream":0,"thread_ts_usec":1654277363725020,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":1023,"dst_port":514,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"36": {"risk":"Clear-Text Credentials","severity":"High","risk_score": {"total":200,"client":160,"server":40}}},"confidence": {"6":"DPI"},"proto":"RSH","proto_id":"294","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess"}} -00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1654277363725020} +00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/rsh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1654277363725020} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7773779 bytes -~~ total memory freed........: 7773779 bytes -~~ total allocations/frees...: 146410/146410 +~~ total memory allocated....: 11482382 bytes +~~ total memory freed........: 11482382 bytes +~~ total allocations/frees...: 216664/216664 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 545 chars ~~ json string max len.......: 1243 chars diff --git a/test/results/default/rsync.pcap.out b/test/results/default/rsync.pcap.out index 730922a88..23d8dfaca 100644 --- a/test/results/default/rsync.pcap.out +++ b/test/results/default/rsync.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1387144174826849} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1387144174826849} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1387144174826849,"flow_src_last_pkt_time":1387144174826849,"flow_dst_last_pkt_time":1387144174826849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1387144174826849,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1387144174826849,"flow_dst_last_pkt_time":1387144174826849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1387144174826849,"pkt":"AAAAAAAAAAAAAAAACABFAAA8ACBAAEAGPJp\/AAABfwAAAdTZA2mzXXC1AAAAAKACqqr+MAAAAgT\/1wQCCAoAPHCVAAAAAAEDAwo="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1387144174826849,"flow_dst_last_pkt_time":1387144174826876,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1387144174826876,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQNp1NlRGhcWs11wtqASqqr+MAAAAgT\/1wQCCAoAPHCVADxwlQEDAwo="} @@ -8,7 +8,7 @@ 00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1387144174826849,"flow_src_last_pkt_time":1387144174827057,"flow_dst_last_pkt_time":1387144174826876,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":14,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":14,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1387144174827057,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"RSYNC","proto_id":"166","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1387144174827057,"flow_dst_last_pkt_time":1387144174827090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1387144174827090,"pkt":"AAAAAAAAAAAAAAAACABFAAA0Z4JAAEAG1T9\/AAABfwAAAQNp1NlRGhcXs11wxIAQACv+KAAAAQEICgA8cJUAPHCV"} 00966{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1387144174826849,"flow_src_last_pkt_time":1387144174967121,"flow_dst_last_pkt_time":1387144174967173,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":346,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":411,"midstream":0,"thread_ts_usec":1387144174967173,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54489,"dst_port":873,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RSYNC","proto_id":"166","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":497,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1387144174967173} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/rsync.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":497,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1387144174967173} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767623 bytes -~~ total memory freed........: 7767623 bytes -~~ total allocations/frees...: 146401/146401 +~~ total memory allocated....: 11476242 bytes +~~ total memory freed........: 11476242 bytes +~~ total allocations/frees...: 216655/216655 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 544 chars ~~ json string max len.......: 971 chars diff --git a/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out b/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out index 631cc1c19..03f095770 100644 --- a/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out +++ b/test/results/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out @@ -1,5 +1,5 @@ -00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00658{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1502626544321377} +00595{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00658{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1502626544321377} 00815{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502626544321377,"flow_src_last_pkt_time":1502626544321377,"flow_dst_last_pkt_time":1502626544321377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502626544321377,"l3_proto":"ip4","src_ip":"217.12.244.34","dst_ip":"217.12.247.98","src_port":25963,"dst_port":31601,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1502626544321377,"flow_dst_last_pkt_time":1502626544321377,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":156,"pkt_l4_len":120,"thread_ts_usec":1502626544321377,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAIxyZUAAQBEqXdkM9CLZDPdiZWt7cQB4niiByAAMXZMVNN06wXBNYU34AAB9AAAAAMgAAH0AAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAgcoADl2TFTQBCDVkOTMxNTM0ByVGcmVlU1dJVENILm9yZyAtLSBDb21lIHRvIENsdWVDb24uY29tAAAA"} 01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502626544321377,"flow_src_last_pkt_time":1502626544321377,"flow_dst_last_pkt_time":1502626544321377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502626544321377,"l3_proto":"ip4","src_ip":"217.12.244.34","dst_ip":"217.12.247.98","src_port":25963,"dst_port":31601,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RTCP","proto_id":"165","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -8,7 +8,7 @@ 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1502626548341364,"flow_dst_last_pkt_time":1502626548349503,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":136,"pkt_l4_len":100,"thread_ts_usec":1502626548349503,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAHhTI0AAQBFJs9kM92LZDPQie3FlawBknhSByQAHAZMttF2TFTQAAAABAAC\/iwAAAAbBcE1hAAQFHIHKAA4Bky20AQcxOTMyZGI0ByVGcmVlU1dJVENILm9yZyAtLSBDb21lIHRvIENsdWVDb24uY29tAAAAAA=="} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1502626552361361,"flow_dst_last_pkt_time":1502626548349503,"flow_idle_time":200000000,"pkt_datalink":113,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":156,"pkt_l4_len":120,"thread_ts_usec":1502626552361361,"pkt":"AAADBAAGAAAAAAAAAAAIAEUAAIyDdEAAQBEZTtkM9CLZDPdiZWt7cQB4niiByAAMXZMVNN06wXhXnSv1AAF4QAAAAloAAXhAAZMttAAAAAEAAAAAAAAAAAAAAAAAAAAAgcoADl2TFTQBCDVkOTMxNTM0ByVGcmVlU1dJVENILm9yZyAtLSBDb21lIHRvIENsdWVDb24uY29tAAAA"} 01129{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1502626544321377,"flow_src_last_pkt_time":1502626552361361,"flow_dst_last_pkt_time":1502626548349503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":184,"midstream":0,"thread_ts_usec":1502626552361361,"l3_proto":"ip4","src_ip":"217.12.244.34","dst_ip":"217.12.247.98","src_port":25963,"dst_port":31601,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RTCP","proto_id":"165","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00663{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":520,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1502626552361361} +00663{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtcp_multiple_pkts_in_the_same_datagram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":520,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1502626552361361} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766898 bytes -~~ total memory freed........: 7766898 bytes -~~ total allocations/frees...: 146376/146376 +~~ total memory allocated....: 11475517 bytes +~~ total memory freed........: 11475517 bytes +~~ total allocations/frees...: 216630/216630 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 600 chars ~~ json string max len.......: 1134 chars diff --git a/test/results/default/rtmp.pcap.out b/test/results/default/rtmp.pcap.out index bfa6ad873..79c55cb2f 100644 --- a/test/results/default/rtmp.pcap.out +++ b/test/results/default/rtmp.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1196541506793783} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1196541506793783} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1196541506793783,"flow_src_last_pkt_time":1196541506793783,"flow_dst_last_pkt_time":1196541506793783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1196541506793783,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1196541506793783,"flow_dst_last_pkt_time":1196541506793783,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1196541506793783,"pkt":"AAwpfMZqAFBWwAAICABFAAAwAzJAAIAGH8TAqCsBwKgrgASZB49J0s7PAAAAAHAC\/\/+GgwAAAgQFtAEBBAI="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1196541506793783,"flow_dst_last_pkt_time":1196541506794048,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1196541506794048,"pkt":"AFBWwAAIAAwpfMZqCABFAAAwAABAAEAGYvbAqCuAwKgrAQePBJklcSWUSdLO0HASFtAknQAAAgQFtAEBBAI="} @@ -8,7 +8,7 @@ 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1196541506797289,"flow_dst_last_pkt_time":1196541506797539,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1196541506797539,"pkt":"AFBWwAAIAAwpfMZqCABFAAAoK39AAEAGN3\/AqCuAwKgrAQePBJklcSWVSdLUhFAQIjhARQAA"} 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1196541506793783,"flow_src_last_pkt_time":1196541506798015,"flow_dst_last_pkt_time":1196541507028289,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":1537,"flow_dst_tot_l4_payload_len":1260,"midstream":0,"thread_ts_usec":1196541507028289,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTMP","proto_id":"174","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":14,"flow_first_seen":1196541506793783,"flow_src_last_pkt_time":1196541507836444,"flow_dst_last_pkt_time":1196541507670099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3452,"flow_dst_tot_l4_payload_len":3496,"midstream":0,"thread_ts_usec":1196541507836444,"l3_proto":"ip4","src_ip":"192.168.43.1","dst_ip":"192.168.43.128","src_port":1177,"dst_port":1935,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTMP","proto_id":"174","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":6948,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1196541507836444} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/rtmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":6948,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1196541507836444} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 26/26 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769555 bytes -~~ total memory freed........: 7769555 bytes -~~ total allocations/frees...: 146398/146398 +~~ total memory allocated....: 11478174 bytes +~~ total memory freed........: 11478174 bytes +~~ total allocations/frees...: 216652/216652 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 527 chars ~~ json string max len.......: 2524 chars diff --git a/test/results/default/rtp.pcapng.out b/test/results/default/rtp.pcapng.out index ad3839299..f2271cb37 100644 --- a/test/results/default/rtp.pcapng.out +++ b/test/results/default/rtp.pcapng.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1332741131936370} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1332741131936370} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1332741131936370,"flow_src_last_pkt_time":1332741131936370,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1444,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1444,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332741131936370,"l3_proto":"ip4","src_ip":"10.204.220.71","dst_ip":"10.204.220.171","src_port":6000,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1332741131936370,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1332741131936370,"pkt":"ABNyjb9k0GflFGvTCABFAAXAU5xAAIARAAAKzNxHCszcqxdwF3AFrNRIgCIBEAAJ6IYAABZGAHAAAAAAg2oOAz\/8BcyOIdPfi8B4Xzz4VNYRGWcSjryldGYkqct6gbLBqCyFX7tOlxeIIyF41H7ve+11iRZEGoqbwZ8BxR\/mM7KSRJ8a7UYJLYgDupNskRvB7P\/F2+LyfF7a574\/f+Lxn4vAVwvkkYGQXzbheLgvjV4X8Aa7F5KLyf\/8U5YkvSlSWuDTEZb0+E4729QFtoqKTwvcF8OiLQsC+Lnxe+F+GXC9kYu\/90rt4WPWgJo2qDsfwPr\/s8F+F8Vv62za3pYs8Xhd7p\/i98XhSLxkLxBGcXsDIXnBeHYVhZ82dGyFsrGurb0PKNMBNPBU+DvepwY8CtUDJEhapZpZIfKDCenAv0sFZOFvEPq6SZq7ZGC0WNCD2rohpuFfeNnaOtWBov88A8KFlaIPuQZiCvwFUkMwNWSIPTwx46XBXMxdc42ukZKZVwxk2MwtjIOP\/GAoW2HqFRtGE73km73jLbNuNdOi46FTnGw\/R5AsQRD5jTGCdKjCRjiBlaZGSWLULBeGIXxhT0LGyulampWjYCxcF88NBf0Xi8LBeCcLwVpIx1vm4Wko\/FoveFXaTlRQDmASsdIAYgD0sFgelgVHlPWhCKjTYfCoK3tToCnTxwjU0U6tJ1AoURKc6uoVavqBuwaBU2OKB7UZZ3wVNNMoQYsCoZEGnR6rMgMCr1Frc0MVxHgMuBS\/GaQWA0H+4KeVNJ0oilvFwCGUrXanZuJMO1Ru9kW\/gGO8HW6BUMgZL++I9LM4DjgWRFoKwZlpAL3BfQAkhSFv51ulgMX\/AxwG+BgmOjn0tWELaDFAZG2y2GgOYBJdic8FLrZ1FZqzejckZ7ZxPnt4tN0qT8Owt4mbIBiOCYV7Wa0gbYzISFJsL7Z2HAqbO5veAZ+i9hlrl0GL\/luyqfe6BQ+WJQWpAFTDhlLguaUNNM9wsbX44KudOi8B4\/4RhX7EoFSstNLAXG0wJsF\/QrC+2C0xGKwtf+ZKIqQc6DFgSMykGg1F4NCAhWJteh8JkAM+AvF5WzpUeC+OQvBpQF4XzwtCtlK0STpXxwL8Kxfe6Lgq+bWQVZ7CxlrRWkFjIrCzh54VIwIaOLAtXTLlQJABIXeslIsZFAW+75LwHUAugsGkLJ4LbzreoPAx39Z0iDgXhM1zo46V8cFvAnqacHCmk+JEg5CoGb\/yMKTT9bClvYCKGC05V1BUOz4oBfCvje6uiZ7QMpjwfCwXrkIVutoFmhDDEHw\/we\/\/C+uZIRXre6tVwnDALeO5wFeLBusNLwWi+jfogBMF+BSaCxqbjX+ItQBiV60CR0F0JuLVopDELwvg0ACLtDYYhfLRqfC17qexbedTNNMnkQIwX2jclCk2IH6KMoYiM+S1ZNErU1PWiYcgqcKkhlkH0\/wVhGJNbvGupmesn9wrzn7QVSnoy3G1wacBeFj6ixeUt5riJwvBngE+L0iHSML5khhU2UjVGxKVUCQhkwSiYV+sJ14mSIDsJmv9RWtEIvCodYctsFJgKAsZY0zIsFIuTBiLwXYX+muPF4pFtBWFL4UJqKt1jGmTwgiPKhUFNPpiwoCYO3jPkT4Go6lAgL\/Zg46ysiOCNKUqM2M9lsBVwi4O20CYOHgsxRtsIBBjL3Bd+AvT4\/C4KXbgGE1mX9S772dBUjRhpD31BFfvayiUFKdZwCiYKT7Nb2p+\/qOjh4jVgqsQcRn7erJ2yk8UkJCFnlXLKVLO9F7sQ4UDMF8fCrgyf9ugQ6+o0e4A9ockoTBZ2gZH+KhP1Gi\/BkD5\/4sCzwsAq0VH22MxdSUYjN8B9\/8NwjCplKTaC63nKp1ZRBzrw6pDwViHpBF1IW6lIWYwVojIEKUDkZA+QCFT2MrCI2pTZmg5YFSypr\/qP9owB8f+g+H+FTvA4LaLWly3SoJwXoLEK3vUSA=="} 01720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1332741131938296,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":938,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":938,"pkt_l4_len":904,"thread_ts_usec":1332741131938296,"pkt":"ABNyjb9k0GflFGvTCABFAAOcU51AAIARAAAKzNxHCszcqxdwF3ADiNIkgKIBEQAJ6IYAABZGAHAAALUmHytcLGiML59YxC+2D4f7x\/dGA9s6LUsIgqL6t9mJKOwYsCwYxfFCTd\/EbKc1WTIyCk1LCi4WlIZNs3QVRZ0YtLzVrXAvQvC31Kk4U7gfk4NF\/6FcZEMXBZ+e81yFiMRHcxvlqbCkj2pxXGHDnS9oMQB1fON6nOtI0AKpgCYZlYdheFJ9ggX8QzYebHG7kCflEEcesByv1MlHJrqEBIUL1CBL8iFQoGOLjcsBzv4F4E6+kKFCBSq0ae0CiQ+zsCH75ZvxcB2VgFVgRCnBlAIpUC+zUwKqITTdXCYZNHuI9BVbULusaiwozjYOKBYIN4gEcYpGToyY6jExkpTIBl3yzfIHyVnzcBwv5Dfr8yFmjAaijTAxYENxAOBHF58LeyIiEejkXlh4KRN5mANBoAEiF4ZC9kUC8Bg9xSFbqryv9z3tqY6RthYJNOCuk6hDKLDcGN\/hwQ0mC3p8aYImFyIJ2fmFPWqsI18NKg6zc0EbSUfjIfkIvCmFCwZ8BSYnov4kQSh4cBof8MKF4018YTasVIjgcMrbTgz\/Rc3eDkGbATXu3kEIFpCorIxXzGmgMsLLtBKGAtp13CovkAInT5YWpm9VTurR4cjAGgAToU8CbURFZOrBD3yhVMgi9nahRiOif38aqXo2gwi\/eVjoMb\/YDlgVOoD7pC8Z+LzsVYNEA4Lw\/PM6YGcAYMcb60BScBi\/6ioc+Y3+gj0XdlEbEV0q880OV7rHE+CEDlf2h1AYv+6NBo6i8VhZ4y3NArvwJe40z10illdj+2pAODMwFgW\/uUPBkSAtR\/rJOF8XBaF7bI3hV+Z3mCANUkkaT7xOJgbABPrJycc9upGBDvu6ip7nStgFVZqOnTgyaNljAYz+4FjA2Ht1OBsXB+I45wZBsMXS3TH7t28fvc1E3AYv+6mzgsDgPSYcfWuamjTaUBsRip1u4vkC4L4JUF4\/JheFu7YunR6b+PxmtpNBnAFHkepsN4l6K+sMJShkaBY+6mBiwJNwWU0DYf5CFnDxsCNvpGgcUCbXRMFQ7RnBYD3\/4W\/AIohZSkMAWgXwsCyPyUXmBf1K2MheZ\/H7rp4VdhLRzwI4mAxJUd4LhcKh\/0lH5GP0AJIW9A0lLRufBcnB37e9RZ742whXTGAvrkJofgsgvmCYL5lcHrAReKQv8XLSajU="} @@ -7,7 +7,7 @@ 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1332741131936370,"flow_src_last_pkt_time":1332741131999309,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":896,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3784,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1332741131999309,"l3_proto":"ip4","src_ip":"10.204.220.71","dst_ip":"10.204.220.171","src_port":6000,"dst_port":6000,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 01890{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1332741132001295,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1054,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1054,"pkt_l4_len":1020,"thread_ts_usec":1332741132001295,"pkt":"ABNyjb9k0GflFGvTCABFAAQQU59AAIARAAAKzNxHCszcqxdwF3AD\/NKYgKIBEwAJ\/qwAABZGAHAAAC2RhlqOQwsQc9BiVkAVPG8xsRapg8Ld2AUDMONR8vsLCLSsJ+BOFbxcQUHIhegZGQxF6zMeF8OegtgcMCC+nEIiFAXwer\/nDQXsBosdEF8L6aCp9\/ODpHt0CNlg1Ecb5xOCaH4VjUKTwC+gRngYwC+VENHS1iYRyh2z6Jfp1lboMyBFoubDoXhX+4V9KDWXiNmS0cxE9hKHAfEzQeHQp\/bWx3Ud+ibGha3xZHePpYlZhDB74DMbBxf7Ae8BCUc9xuXEqnxSWDFJlmM33\/wGJ\/cmgSGTCYOgwEP4z3YBdQgVc+CrehgEYLQZQCBjf5WqKSEPiosIRE2V4kshWdRcRz4RWsgx4EC+ShqnCwb6GlYMWBH7jfONboMcBcE9NDruM9Q8KAcr+CoU6QpvymhkDJ\/ykGLAv7RlozCz8ZmdW\/4q05dq9R2iohBPET+ptT4WDJnW+daK6oUIp0kzvaiwdod+GUSoQSQr\/iqpUXY5drnMpXxAycB9P8kt+ZGiutgRONZaBH4oCi5v0kAwIG4jhD6ltvQTJGOJkqek4flozuiofg4\/8F9gLNeL2ApC7QD3j9w\/JgsbDWZixT0atAsiwHwAWdlvZWGqpT6PSxkkRsMZSraWXCQfjML4sNi83C34vSiRKIBMHQJvHBY+43usJdXsupunwxGXH74tp6L4sn36YZetYl6Eg6gegtxP5g7a6OtEXNHK2nFXDgNF\/ioX0+F0nuC9ic4F9AC\/BV5Ae\/\/CnjrrPtXh0v4wByNAopbal+O\/lsVLRwi6pxNwcHlujuoIgBwv5YQj61GzYU8fk\/teanBXIU5OFn523gEGAVdIquIRVkGYenmGhW36plk96J9t1B4spMKnvFODkHb\/qFzfcqZD1GDhAQr2u9LRsMwGiL0rba9iOqeIHjYPB02BUgjU6HBON2xwJwvlhlkyP0pOF8iFg\/CUXkwWfmML2AyH9hXg17wqTo5VAzRogm6CyCzxu8rO8pQbBi\/6gQyJPeBy\/4QoCYu2OiGL33T7p3bu3V5lUph2OioXz+Wda4HZoLH7ESdPnUNMtAsqCKhGI\/NwvhXTgvrwuoPX\/vC+mJHhbx9Jq7z9IPx+7dqpwQFMwcAxf7HcZ5o5BVlrwq5QBko7fUZNCIOSkZgl6bCzpNareQs1SFsD\/mgxgF4ZMhyRrgKC2ugxIHE2dAqpj+6JicL+NDmmQTx\/Bni8J4vZPf+FXKAOgxgHQHa20OmkrYhkJOKx+cF50L4XJQev\/C1zog0cZEVeKQsCz5ZghFHaidFLcXmAmbiUZXgyCxtyzfxGOejCmAWcL4RALH7CwpF7ZgL6bBkhNA=="} 02467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1332741132066361,"flow_dst_last_pkt_time":1332741131936370,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_usec":1332741132066361,"pkt":"ABNyjb9k0GflFGvTCABFAAXAU6BAAIARAAAKzNxHCszcqxdwF3AFrNRIgCIBFAAKFpQAABZGAHAAAAAAg3oOAz+DZvj92FjUNSxqhkDRgJ62JgTcfirF74vFUKmEAD5fGx9VAFvKeJy+aq2BgEAGB+fJ42SxT5eAmqx5VhoOMuHpcBbgdpSZ62XIiEWoLP+tl7gvhoEiB4vBaxeC0x+96xV+zRvN6ke4LOJQKAuoiAQ3xVgek4BwMCDgplavzegpYCqHgxiiJCw38e\/SoKVnws4QMEmZiufXHrZShU1IaAOHol8Uj7QKXQYsCivRl7KxaVixWpgGIUlmQZBSYB0CCXbZR6jPF3i8uoiqmGQ94LBKBgQcu\/oHJ0FMOmiwZe6mB2f5WCiAvEHwc0CCj4hK1zIIAMCEqNHheX+oErEEnhiAZIJIKcuVgV4nY9EhvyKpRCOqx4srlQ+GIVMAwEMv9ikSP8ZVbYg6MQgQA8fW5qigXghldTu8p8TqwPK51QUjMLqL3i1e6i9+F9lZcKjovIovOR+bH7x+4fu\/H9JQsuEKhAEqiIooFv2Fm4lOAHAwIQrgMGCBD\/6d5YPQV7vKIkSB8NVcL\/gVS9GIWXAOBgvX28EovSb79LcGYBwMD8f8DB\/glF8SRT5DBNMsZQiYvU+ZVQCXByMAo8IHggiV8FKh2UZ+qpV8R1XqQCQDAhCpOqRgxv8ATB2sCsLD6sDi98lFQUWXYlLaKwhAeH\/oBwSdW8r9papKnAHVWEHwMIC+VwC38KxNNSxkXKwPLWfRi0KihAgB4+EVSqrWfVU2qA+XXgH\/IRydGv6pjceLwiH7hecH7heNcXkEX0Bn+L3i84LzgqS3sHc98Cvp8t+fCsLLiQDAhRcxR\/4GHA1eQGLAtGYkDwIfqBwf+qYv9ShToy4CyVj34FUuUVhb4q1QOx1eiN1q1owA3W95jeCcX0F2LwHxfmHh+KQvi54vCyL2kgPT\/uk7TpC93hfe903ttVZwLewkaK6EpoyLwTYvJIvNwrbCdJOI61UR8H5\/zUXhfF2Fl07pumL3i+jMW08e7o76mS0GLAsF5aLAvsLtkrovIIv6D4\/4WtkcB0GDeGDwWfQLRP3ofXrWn+CK030EoybCtt60y1zSgBoNcAjEHy\/4W9HxpvsSTOHURCNRE0SIQ6eYi45q4DdT7UZY3hPAiChYIidu1cZYVNFLZYeFwXBQubSpEgWRtEWo0uaWCsFiFgU9TcwdN3MKW2oGMtxVftMDNZeYy3wCOCAfTz4jWdTo4sTYCJApKBkFE14eQDCOWxMDiAVXAkHlv1uDrCesro2aE4dDkaA0QCJxl1Q8Bh\/1F\/5hUDEfv0ec4kha+Ft52oA8w4FDf4Dq\/gIXaDlfwX3G8XnWOUGbAgYz+NijT6BdtC0LRcLwZ\/\/BNF5kL4vIheCWFvqRPtSzDgNWAoSQnhfCswFbqOdSUGLArcwmRgv9BbCbSiOCKGbCUlEmgbbYhSMOJFx0DHgXheDPf7BKJNhIBfCq\/HoyRDvC0qFwDhRtjutI5ZC39LXtioKnS1Hg4g1\/o3EM6GIShRba\/BAW2mu+XBiwIHN\/hHW+DFAcBjv5ASgmHgp9QcEKXdIkbaNa83VwujQiAQ4iuq4DlAVZ3cApPltUVIDiAYIpYLSYX1l4W+s9bAr8WhGCvCtvWYDTgOX\/BZ7kZaQ2gqsByv5pEjidgWm1zYWf+M7GeqNbBNVs8RpkBVJFzxCC1EFyZre61GkaHGBiHcxMuGIuC+TEwVtvGBwlUJGLeEoPf\/h4JwqbSao\/ypBGKhrWWIlaQ3A\/NbIIYL0FkF+FuDApIY42EiPUDWEYSBfAaZFT+7dgIoneF\/dwmIAvrHU5ML06A2F8QRiVAkhb+r\/wJwXlGgULu3MU8dwqKhxIdQhW4UdDvrBhqpUAzC3gYYwDDA0DwPDAWBZ0YMWBtgmiDMKmzGNg04Cf0FuL1+BKKvmc5AlSig=="} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":17808,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1643703745877296} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":17808,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1643703745877296} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643703745877296,"flow_src_last_pkt_time":1643703745877296,"flow_dst_last_pkt_time":1643703745877296,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":74,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":74,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703745877296,"l3_proto":"ip4","src_ip":"150.219.118.19","dst_ip":"192.113.193.227","src_port":54234,"dst_port":50003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643703745877296,"flow_dst_last_pkt_time":1643703745877296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643703745877296,"pkt":"AAAAAAAAAA0A6CjdCABFAABmXqIAAH8RTaGW23YTwHHB49Paw1MAUs7pAAEARgAafnMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAixk="} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1643703745877296,"flow_dst_last_pkt_time":1643703745893698,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":116,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":116,"pkt_l4_len":82,"thread_ts_usec":1643703745893698,"pkt":"AAAAAAAAAAkAifetCABFAABm7FVAADgRxu3AccHjltt2E8NT09oAUln0AAIARgAafnM4NS4xNTQuMi4xNDUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA09o="} @@ -25,7 +25,7 @@ 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1643703820864329,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1643703820864329,"pkt":"AAAAAAAAAAcAAAAIgQAF5AgARQAANGd7QABAEZsQCoxDp5SZVWHYahd4ACClNIFvzdUeUT0\/uAl02AAAARxIBuNyJ9wGQA=="} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":19,"flow_first_seen":1643703745877296,"flow_src_last_pkt_time":1643703746016700,"flow_dst_last_pkt_time":1643703746015681,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":165,"flow_dst_max_l4_payload_len":1104,"flow_src_tot_l4_payload_len":993,"flow_dst_tot_l4_payload_len":13839,"midstream":0,"thread_ts_usec":1643703821596170,"l3_proto":"ip4","src_ip":"150.219.118.19","dst_ip":"192.113.193.227","src_port":54234,"dst_port":50003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Discord","proto_id":"58","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":15,"category":"Collaborative"}} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1643703820776166,"flow_src_last_pkt_time":1643703821596170,"flow_dst_last_pkt_time":1643703820776166,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":60,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":801,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703821596170,"l3_proto":"ip4","src_ip":"10.140.67.167","dst_ip":"148.153.85.97","src_port":55402,"dst_port":6008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":75,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":33441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1643703821596170} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/rtp.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":75,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":33441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1643703821596170} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 75/75 ~~ skipped flows.............: 0 @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7773224 bytes -~~ total memory freed........: 7773224 bytes -~~ total allocations/frees...: 146468/146468 +~~ total memory allocated....: 11481811 bytes +~~ total memory freed........: 11481811 bytes +~~ total allocations/frees...: 216722/216722 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 540 chars ~~ json string max len.......: 2487 chars diff --git a/test/results/default/rtsp.pcap.out b/test/results/default/rtsp.pcap.out index 473ed38fb..2ba38b9b6 100644 --- a/test/results/default/rtsp.pcap.out +++ b/test/results/default/rtsp.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1627567277506127} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1627567277506127} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1627567277506127,"flow_src_last_pkt_time":1627567277506127,"flow_dst_last_pkt_time":1627567277506127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":149,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1627567277506127,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1627567277506127,"flow_dst_last_pkt_time":1627567277506127,"flow_idle_time":7580000000,"pkt_datalink":113,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"thread_ts_usec":1627567277506127,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAL1W3kAAgAaMTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} 01150{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1627567277506127,"flow_src_last_pkt_time":1627567277506127,"flow_dst_last_pkt_time":1627567277506127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":149,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":149,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":149,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1627567277506127,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} @@ -62,7 +62,7 @@ 01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":60,"flow_first_seen":1627567406342871,"flow_src_last_pkt_time":1627567465366594,"flow_dst_last_pkt_time":1627567465366846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":201,"flow_dst_max_l4_payload_len":695,"flow_src_tot_l4_payload_len":3760,"flow_dst_tot_l4_payload_len":7540,"midstream":0,"thread_ts_usec":1627567528308580,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} 01088{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":52,"flow_first_seen":1627567466882987,"flow_src_last_pkt_time":1627567526623393,"flow_dst_last_pkt_time":1627567526623799,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":695,"flow_src_tot_l4_payload_len":3772,"flow_dst_tot_l4_payload_len":7560,"midstream":0,"thread_ts_usec":1627567528308580,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":48,"flow_first_seen":1627567528106056,"flow_src_last_pkt_time":1627567528308580,"flow_dst_last_pkt_time":1627567528265801,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":695,"flow_src_tot_l4_payload_len":3176,"flow_dst_tot_l4_payload_len":7568,"midstream":0,"thread_ts_usec":1627567528308580,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":568,"packets-processed":568,"total-skipped-flows":0,"total-l4-payload-len":67396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1627567528308580} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/rtsp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":568,"packets-processed":568,"total-skipped-flows":0,"total-l4-payload-len":67396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1627567528308580} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 568/568 ~~ skipped flows.............: 0 @@ -71,9 +71,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7811429 bytes -~~ total memory freed........: 7811429 bytes -~~ total allocations/frees...: 147041/147041 +~~ total memory allocated....: 11519952 bytes +~~ total memory freed........: 11519952 bytes +~~ total allocations/frees...: 217295/217295 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 540 chars ~~ json string max len.......: 2224 chars diff --git a/test/results/default/rtsp_setup_http.pcapng.out b/test/results/default/rtsp_setup_http.pcapng.out index 13720183e..c07f1bf14 100644 --- a/test/results/default/rtsp_setup_http.pcapng.out +++ b/test/results/default/rtsp_setup_http.pcapng.out @@ -1,10 +1,10 @@ -00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1625568705778896} +00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1625568705778896} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625568705778896,"flow_src_last_pkt_time":1625568705778896,"flow_dst_last_pkt_time":1625568705778896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1625568705778896,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1625568705778896,"flow_dst_last_pkt_time":1625568705778896,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1625568705778896,"pkt":"AAwpI6CIeCSvPj0DCABFAADbwOlAAEAGFzesHAWqrBwEGvlgIWqjD4UUiv5WgFAYA\/\/+rgAAU0VUVVAgcnRzcDovLzE3Mi4yOC40LjI2Ojg1NTQvdHJhY2tJRD04OCBSVFNQLzEuMA0KQ1NlcTogNA0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpUcmFuc3BvcnQ6IFJUUC9BVlA7dW5pY2FzdDtjbGllbnRfcG9ydD01MDIyMC01MDIyMQ0KDQo="} 01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625568705778896,"flow_src_last_pkt_time":1625568705778896,"flow_dst_last_pkt_time":1625568705778896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1625568705778896,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} 01208{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625568705778896,"flow_src_last_pkt_time":1625568705778896,"flow_dst_last_pkt_time":1625568705778896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1625568705778896,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RTSP","proto_id":"50","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":1,"category":"Media"}} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1625568705778896} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rtsp_setup_http.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_usec":1625568705778896} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,9 +13,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7768882 bytes -~~ total memory freed........: 7768882 bytes -~~ total allocations/frees...: 146374/146374 +~~ total memory allocated....: 11477501 bytes +~~ total memory freed........: 11477501 bytes +~~ total allocations/frees...: 216628/216628 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 578 chars ~~ json string max len.......: 1213 chars diff --git a/test/results/default/rx.pcap.out b/test/results/default/rx.pcap.out index 9a5c16db1..a75495d74 100644 --- a/test/results/default/rx.pcap.out +++ b/test/results/default/rx.pcap.out @@ -1,5 +1,5 @@ -00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1460647264018403} +00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1460647264018403} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1460647264018403,"flow_src_last_pkt_time":1460647264018403,"flow_dst_last_pkt_time":1460647264018403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":292,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":292,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1460647264018403,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00899{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1460647264018403,"flow_dst_last_pkt_time":1460647264018403,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"thread_ts_usec":1460647264018403,"pkt":"PIqwbTfwAAjK968mCABFAAFA5\/AAAEARo32DctuowKfOfKJXG1oBLBrkVw+1YFw\/yYgAAAABAAAAAQAAAAEBBQAAAAAASQAAAfgAAAABAAAAZwAAAGkAAABvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1460647264018403,"flow_dst_last_pkt_time":1460647264026287,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1460647264026287,"pkt":"AAjK968mPIqwbTfwCABFAABAOykAADoRV0XAp858g3LbqBtaolcALPkKVw+1YFw\/yYgAAAABAAAAAQAAAAEBBAAAAAAASQAAAAEAACcR"} @@ -37,7 +37,7 @@ 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":31,"flow_first_seen":1460647299704750,"flow_src_last_pkt_time":1460647320158014,"flow_dst_last_pkt_time":1460647300329629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":468,"flow_dst_max_l4_payload_len":740,"flow_src_tot_l4_payload_len":4792,"flow_dst_tot_l4_payload_len":4266,"midstream":0,"thread_ts_usec":1460647320158051,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":9,"flow_first_seen":1460647299605656,"flow_src_last_pkt_time":1460647300326863,"flow_dst_last_pkt_time":1460647300326798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":1076,"flow_src_tot_l4_payload_len":1077,"flow_dst_tot_l4_payload_len":7708,"midstream":0,"thread_ts_usec":1460647320158051,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1460647283326954,"flow_src_last_pkt_time":1460647283340531,"flow_dst_last_pkt_time":1460647283340393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":292,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":357,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1460647320158051,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RX","proto_id":"223","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":132,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":20931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1460647320158051} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/rx.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":132,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":20931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1460647320158051} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 132/132 ~~ skipped flows.............: 0 @@ -46,9 +46,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7779173 bytes -~~ total memory freed........: 7779173 bytes -~~ total allocations/frees...: 146547/146547 +~~ total memory allocated....: 11487728 bytes +~~ total memory freed........: 11487728 bytes +~~ total allocations/frees...: 216801/216801 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 552 chars ~~ json string max len.......: 2164 chars diff --git a/test/results/default/s7comm.pcap.out b/test/results/default/s7comm.pcap.out index da40950f1..611f51f34 100644 --- a/test/results/default/s7comm.pcap.out +++ b/test/results/default/s7comm.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1408528803880679} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1408528803880679} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1408528803880679,"flow_src_last_pkt_time":1408528803880679,"flow_dst_last_pkt_time":1408528803880679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1408528803880679,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1408528803880679,"flow_dst_last_pkt_time":1408528803880679,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1408528803880679,"pkt":"ABsbI+s7kOa6hF5BCABFAAA+LUtAAIAGAADAqAEKwKgBKBBZAGaQRN2iAAL7EFAY+vCDswAAAwAAFhHgAAAABwDBAgEAwgIBAsABCg=="} 01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1408528803880679,"flow_src_last_pkt_time":1408528803880679,"flow_dst_last_pkt_time":1408528803880679,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1408528803880679,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"s7comm","proto_id":"249","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -9,7 +9,7 @@ 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1408528803887617,"flow_dst_last_pkt_time":1408528803887528,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":1408528803887617,"pkt":"ABsbI+s7kOa6hF5BCABFAAAvLU1AAIAGAADAqAEKwKgBKBBZAGaQRN3RAAL7QVAY+r+DpAAAAwAABwLwAA=="} 02258{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1408528803880679,"flow_src_last_pkt_time":1408528803957564,"flow_dst_last_pkt_time":1408528803957480,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":221,"flow_src_tot_l4_payload_len":396,"flow_dst_tot_l4_payload_len":794,"midstream":1,"thread_ts_usec":1408528803957564,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":66,"avg":4957.6,"max":9013,"stddev":3321.6,"var":11033309.0,"ent":4.5,"data": [3735,3883,3114,3055,66,6981,6927,4642,8989,4385,568,7037,6437,271,5970,5746,295,9009,8666,204,8975,8763,201,9013,8819,232,8990,8762,250,4988,4713]},"pktlen": {"min":47,"avg":77.2,"max":261,"stddev":40.3,"var":1625.5,"ent":4.9,"data": [62,62,65,67,47,73,121,47,73,121,47,73,261,47,73,121,47,69,101,47,69,101,47,69,101,47,69,101,47,71,77,47]},"bins": {"c_to_s": [17,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,5,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0],"entropies": [4.432188988,4.290980816,4.257703304,3.892863989,4.469065666,4.562385082,3.916244507,4.469065666,4.445193291,3.499234200,4.469065666,4.517119408,2.438902855,4.367897987,4.497249603,3.901077271,4.469065666,4.394919872,4.398461342,4.469065666,4.423905373,4.398461342,4.426512718,4.412964821,4.410789013,4.469065666,4.412964821,4.372174263,4.410450935,4.692483425,4.443362713,4.469065666]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"s7comm","proto_id":"249","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":19,"flow_first_seen":1408528803880679,"flow_src_last_pkt_time":1408528804003972,"flow_dst_last_pkt_time":1408528804016478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":247,"flow_dst_max_l4_payload_len":221,"flow_src_tot_l4_payload_len":1202,"flow_dst_tot_l4_payload_len":1088,"midstream":1,"thread_ts_usec":1408528804016478,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"s7comm","proto_id":"249","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":55,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":2290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1408528804016478} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/s7comm.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":55,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":2290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1408528804016478} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 55/55 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7768348 bytes -~~ total memory freed........: 7768348 bytes -~~ total allocations/frees...: 146426/146426 +~~ total memory allocated....: 11476967 bytes +~~ total memory freed........: 11476967 bytes +~~ total allocations/frees...: 216680/216680 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 540 chars ~~ json string max len.......: 2263 chars diff --git a/test/results/default/safari.pcap.out b/test/results/default/safari.pcap.out index e9a40a7d6..a834585ac 100644 --- a/test/results/default/safari.pcap.out +++ b/test/results/default/safari.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1620898024056646} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1620898024056646} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620898024056646,"flow_src_last_pkt_time":1620898024056646,"flow_dst_last_pkt_time":1620898024056646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620898024056646,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1620898024056646,"flow_dst_last_pkt_time":1620898024056646,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1620898024056646,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfeAbt7aT+8AAAAALAC\/\/8bGAAAAgQFtAEDAwUBAQgKMzDFWAAAAAAEAgAA"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1620898024056646,"flow_dst_last_pkt_time":1620898024084984,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620898024084984,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7194MY\/Pce2k\/vaAS\/ohIgwAAAgQFrAQCCAo6VqpvMzDFWAEDAwc="} @@ -66,7 +66,7 @@ 01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1620898025217296,"flow_src_last_pkt_time":1620898025483096,"flow_dst_last_pkt_time":1620898025512858,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":431,"flow_dst_max_l4_payload_len":1347,"flow_src_tot_l4_payload_len":1121,"flow_dst_tot_l4_payload_len":1488,"midstream":0,"thread_ts_usec":1620898027166473,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1620898025217638,"flow_src_last_pkt_time":1620898025483303,"flow_dst_last_pkt_time":1620898025371358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":434,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1125,"flow_dst_tot_l4_payload_len":4576,"midstream":0,"thread_ts_usec":1620898027166473,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1620898027036438,"flow_src_last_pkt_time":1620898027166473,"flow_dst_last_pkt_time":1620898027166397,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":378,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":706,"flow_dst_tot_l4_payload_len":4696,"midstream":0,"thread_ts_usec":1620898027166473,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":168,"packets-processed":168,"total-skipped-flows":0,"total-l4-payload-len":72162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":69,"global_ts_usec":1620898027166473} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":168,"source":"cfgs\/default\/pcap\/safari.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":168,"packets-processed":168,"total-skipped-flows":0,"total-l4-payload-len":72162,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":69,"global_ts_usec":1620898027166473} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 168/168 ~~ skipped flows.............: 0 @@ -75,9 +75,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7829709 bytes -~~ total memory freed........: 7829709 bytes -~~ total allocations/frees...: 146639/146639 +~~ total memory allocated....: 11538232 bytes +~~ total memory freed........: 11538232 bytes +~~ total allocations/frees...: 216893/216893 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 544 chars ~~ json string max len.......: 2302 chars diff --git a/test/results/default/salesforce.pcap.out b/test/results/default/salesforce.pcap.out index 67c6c1143..a64cc28f3 100644 --- a/test/results/default/salesforce.pcap.out +++ b/test/results/default/salesforce.pcap.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1637949675032008} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1637949675032008} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675032008,"flow_dst_last_pkt_time":1637949675032008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1637949675032008,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1637949675032008,"flow_dst_last_pkt_time":1637949675032008,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1637949675032008,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGlHnAqAGyVd6OBtR\/AbsUUf9OAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKBrZmwAAAAAAEAgAA"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1637949675032008,"flow_dst_last_pkt_time":1637949675060899,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1637949675060899,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGo31V3o4GwKgBsgG71H+paXwVFFH\/T6AScSBLcQAAAgQFjAQCCAok00OjBrZmwAEDAwc="} @@ -10,7 +10,7 @@ 01254{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675061692,"flow_dst_last_pkt_time":1637949675088486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1637949675088486,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","proto_id":"91.266","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"help.salesforce.com","tls": {"version":"TLSv1.2","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2"}}} 01563{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675061692,"flow_dst_last_pkt_time":1637949675088575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3465,"midstream":0,"thread_ts_usec":1637949675088575,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Salesforce","proto_id":"91.266","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"help.salesforce.com","tls": {"version":"TLSv1.2","server_names":"support.salesforce.com,help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=salesforce.com, inc., CN=support.salesforce.com","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","negotiated_alpn":"h2","fingerprint":"69:0B:02:F6:58:63:79:69:21:33:61:1A:5C:3D:6A:BD:FC:55:0C:6F"}}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1637949675032008,"flow_src_last_pkt_time":1637949675181063,"flow_dst_last_pkt_time":1637949675180938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":3585,"midstream":0,"thread_ts_usec":1637949675181063,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":4195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1637949675181063} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/salesforce.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":4195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1637949675181063} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777670 bytes -~~ total memory freed........: 7777670 bytes -~~ total allocations/frees...: 146396/146396 +~~ total memory allocated....: 11486289 bytes +~~ total memory freed........: 11486289 bytes +~~ total allocations/frees...: 216650/216650 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 548 chars ~~ json string max len.......: 1568 chars diff --git a/test/results/default/sccp_hw_conf_register.pcapng.out b/test/results/default/sccp_hw_conf_register.pcapng.out index d47445396..caa539ac4 100644 --- a/test/results/default/sccp_hw_conf_register.pcapng.out +++ b/test/results/default/sccp_hw_conf_register.pcapng.out @@ -1,5 +1,5 @@ -00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1557178511664958} +00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1557178511664958} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1557178511664958,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511664958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557178511664958,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511664958,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1557178511664958,"pkt":"AFBW6tqSuDhhiHXECABFYAAsOMQAAP8GkNUKtG46CrRuMLV9B9BgU38BAAAAAGACECD5kQAAAgQFtA=="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511664958,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1557178511664958,"pkt":"uDhhiHXEAFBW6tqSCABFAAAsAABAAEAGSPoKtG4wCrRuOgfQtX0KPck5YFN\/AmASchDEGQAAAgQFtA=="} @@ -8,7 +8,7 @@ 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1557178511664958,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511664958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557178511664958,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","proto_id":"164","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1557178511664958,"flow_dst_last_pkt_time":1557178511665950,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1557178511665950,"pkt":"uDhhiHXEAFBW6tqSCABFAAAo4mtAAEAGZpIKtG4wCrRuOgfQtX0KPck6YFN\/ilAQdUDYHgAA"} 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":9,"flow_first_seen":1557178511664958,"flow_src_last_pkt_time":1557178511908949,"flow_dst_last_pkt_time":1557178511907942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":316,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":496,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1557178511908949,"l3_proto":"ip4","src_ip":"10.180.110.58","dst_ip":"10.180.110.48","src_port":46461,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"CiscoSkinny","proto_id":"164","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1557178511908949} +00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/sccp_hw_conf_register.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1557178511908949} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767246 bytes -~~ total memory freed........: 7767246 bytes -~~ total allocations/frees...: 146388/146388 +~~ total memory allocated....: 11475865 bytes +~~ total memory freed........: 11475865 bytes +~~ total allocations/frees...: 216642/216642 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 545 chars ~~ json string max len.......: 997 chars diff --git a/test/results/default/sctp.cap.out b/test/results/default/sctp.cap.out index d085acf71..b239ff4b7 100644 --- a/test/results/default/sctp.cap.out +++ b/test/results/default/sctp.cap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1088696689784578} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1088696689784578} 00735{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1088696689784578,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784578,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1088696689784578,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":5} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784578,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1088696689784578,"pkt":"AKCAAF5GCAADSgA1CABFAAB8FBwAADuESlQKHAYrChwGLEAAC4AAAW8KbbAYggADAFsoAkNFAACgvQAAAAdNRUdBQ08vMiA8bWctdHI+OjE2Mzg0ClJlcGx5ID0gMTc0MDkxewpDb250ZXh0ID0gMjU1ewpNb2RpZnkgPSBNVVgvMjU1Cn0KfQpn"} 01009{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1088696689784578,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784578,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1088696689784578,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SCTP","proto_id":"84","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -10,7 +10,7 @@ 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1088696689872282,"flow_dst_last_pkt_time":1088696689872631,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1088696689872631,"pkt":"AAGvDAaWAKCAAF5GCABFAAA4u4FAAP+EnzIKHAYsChwGKgtZC1kNU+b+jI4HRgUAABgAAQAUQORLkgocBiwbZq9+AAAAAA=="} 01047{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1088696689872282,"flow_src_last_pkt_time":1088696689872282,"flow_dst_last_pkt_time":1088696689872631,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1088696689872631,"l3_proto":"ip4","src_ip":"10.28.6.42","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SCTP","proto_id":"84","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01050{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1088696689784578,"flow_src_last_pkt_time":1088696689784578,"flow_dst_last_pkt_time":1088696689784927,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1088696689872631,"l3_proto":"ip4","src_ip":"10.28.6.43","dst_ip":"10.28.6.44","l4_proto":132,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SCTP","proto_id":"84","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00627{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":204,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1088696689872631} +00627{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sctp.cap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":204,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1088696689872631} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769017 bytes -~~ total memory freed........: 7769017 bytes -~~ total allocations/frees...: 146386/146386 +~~ total memory allocated....: 11477620 bytes +~~ total memory freed........: 11477620 bytes +~~ total allocations/frees...: 216640/216640 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 537 chars ~~ json string max len.......: 1055 chars diff --git a/test/results/default/selfsigned.pcap.out b/test/results/default/selfsigned.pcap.out index 3b3bd684a..697558de2 100644 --- a/test/results/default/selfsigned.pcap.out +++ b/test/results/default/selfsigned.pcap.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1588921646472768} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1588921646472768} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588921646472768,"flow_src_last_pkt_time":1588921646472768,"flow_dst_last_pkt_time":1588921646472768,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588921646472768,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1588921646472768,"flow_dst_last_pkt_time":1588921646472768,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1588921646472768,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAByZcLuc3ubiYAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4AAAAAAQCAAA="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1588921646472768,"flow_dst_last_pkt_time":1588921646472882,"flow_idle_time":7580000000,"pkt_datalink":0,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_usec":1588921646472882,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABC7nJlxL1FVDN7m4nsBL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4E3\/M+AQCAAA="} @@ -9,7 +9,7 @@ 01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1588921646472768,"flow_src_last_pkt_time":1588921646479120,"flow_dst_last_pkt_time":1588921646472909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588921646479120,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"localhost","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}} 01681{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1588921646472768,"flow_src_last_pkt_time":1588921646479120,"flow_dst_last_pkt_time":1588921646482756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1357,"midstream":0,"thread_ts_usec":1588921646482756,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","hostname":"localhost","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=IT, ST=Some-State, O=ntop.org","subjectDN":"C=IT, ST=Some-State, O=ntop.org","advertised_alpns":"h2,http\/1.1","fingerprint":"AF:CC:98:49:F2:00:0E:05:21:18:6C:77:5F:2A:CF:10:44:6E:D8:8B"}}} 00783{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1588921646472768,"flow_src_last_pkt_time":1588921646517296,"flow_dst_last_pkt_time":1588921646517337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":849,"flow_dst_tot_l4_payload_len":1785,"midstream":0,"thread_ts_usec":1588921646517337,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":5} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":2634,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1588921646517337} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/selfsigned.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":2634,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1588921646517337} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7771581 bytes -~~ total memory freed........: 7771581 bytes -~~ total allocations/frees...: 146398/146398 +~~ total memory allocated....: 11480200 bytes +~~ total memory freed........: 11480200 bytes +~~ total allocations/frees...: 216652/216652 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 539 chars ~~ json string max len.......: 1686 chars diff --git a/test/results/default/sflow.pcap.out b/test/results/default/sflow.pcap.out index c9360204d..40fd7f041 100644 --- a/test/results/default/sflow.pcap.out +++ b/test/results/default/sflow.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1378125488790492} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1378125488790492} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1378125488790492,"flow_src_last_pkt_time":1378125488790492,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1378125488790492,"l3_proto":"ip4","src_ip":"172.21.35.17","dst_ip":"172.21.35.199","src_port":1027,"dst_port":6343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1378125488790492,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1378125488790492,"pkt":"AFBWlgDZAOCxz5TDCABFAACsIfoAAEARuUSsFSMRrBUjxwQDGMcAmAAAAAAABQAAAAGsFSMRAAAAAQAAAZ9nPdcQAAAAAQAAAAIAAABsAAAhJQAABAwAAAABAAAAAQAAAFgAAAQMAAAABgAAAAAF9eEAAAAAAQAAAAMAAAAAAYwszAAAm4MAApAWAAH2cwAAAAAAAAAAAAAAAAAAAAAAUz3BAACgtwAAIYcAAAjXAAAAAAAAAAAAAAAA"} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1378125507793302,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1378125507793302,"pkt":"AFBWlgDZAOCxz5TDCABFAACsIfsAAEARuUOsFSMRrBUjxwQDGMcAmAAAAAAABQAAAAGsFSMRAAAAAQAAAaBnPiFIAAAAAQAAAAIAAABsAAAAaAAABBMAAAABAAAAAQAAAFgAAAQTAAAABgAAAAAF9eEAAAAAAQAAAAMAAAAAAwmHZAAAPY8ACrt0AAAffQAAAAAAAAAAAAAAAAAAAAAGHWdKAABT9wAJE0IACVxYAAAAAAAAAAAAAAAA"} @@ -9,7 +9,7 @@ 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1378125537795814,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1378125537795814,"pkt":"AFBWlgDZAOCxz5TDCABFAACsIf4AAEARuUCsFSMRrBUjxwQDGMcAmAAAAAAABQAAAAGsFSMRAAAAAQAAAaNnPpZ4AAAAAQAAAAIAAABsAAAAaQAABBMAAAABAAAAAQAAAFgAAAQTAAAABgAAAAAF9eEAAAAAAQAAAAMAAAAAAwmQegAAPa0ACrt0AAAffQAAAAAAAAAAAAAAAAAAAAAGHXouAABUFQAJE1IACVxrAAAAAAAAAAAAAAAA"} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1378125488790492,"flow_src_last_pkt_time":1378125537795814,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":748,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1378125537795814,"l3_proto":"ip4","src_ip":"172.21.35.17","dst_ip":"172.21.35.199","src_port":1027,"dst_port":6343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"sFlow","proto_id":"129","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1378125488790492,"flow_src_last_pkt_time":1378125597799203,"flow_dst_last_pkt_time":1378125488790492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1324,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1378125597799203,"l3_proto":"ip4","src_ip":"172.21.35.17","dst_ip":"172.21.35.199","src_port":1027,"dst_port":6343,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"sFlow","proto_id":"129","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1378125597799203} +00630{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/sflow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1378125597799203} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767014 bytes -~~ total memory freed........: 7767014 bytes -~~ total allocations/frees...: 146380/146380 +~~ total memory allocated....: 11475633 bytes +~~ total memory freed........: 11475633 bytes +~~ total allocations/frees...: 216634/216634 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 566 chars ~~ json string max len.......: 973 chars diff --git a/test/results/default/shadowsocks.pcap.out b/test/results/default/shadowsocks.pcap.out index b38a20f3f..6483635dc 100644 --- a/test/results/default/shadowsocks.pcap.out +++ b/test/results/default/shadowsocks.pcap.out @@ -1,5 +1,5 @@ -00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1690018458225809} +00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1690018458225809} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1690018458225809,"flow_src_last_pkt_time":1690018458225809,"flow_dst_last_pkt_time":1690018458225809,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1690018458225809,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37904,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1690018458225809,"flow_dst_last_pkt_time":1690018458225809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690018458225809,"pkt":"AAAAAAAAAAAAAAAACABFAAA8OlVAAEAGAmV\/AAABfwAAAZQQBDjOLDYWAAAAAKAC\/9f+MAAAAgT\/1wQCCApvLCb4AAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1690018458225809,"flow_dst_last_pkt_time":1690018458225829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1690018458225829,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAQQ4lBAtEiM8ziw2F6AS\/8v+MAAAAgT\/1wQCCApvLCb4bywm+AEDAwc="} @@ -16,7 +16,7 @@ 00968{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1690018458225809,"flow_src_last_pkt_time":1690018459714485,"flow_dst_last_pkt_time":1690018459714444,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":16384,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":67329,"midstream":0,"thread_ts_usec":1690018459714642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":37904,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00999{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1690018458886918,"flow_src_last_pkt_time":1690018459714642,"flow_dst_last_pkt_time":1690018459714613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":18085,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":67333,"midstream":0,"thread_ts_usec":1690018459714642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44276,"dst_port":8388,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully encrypted flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1690018458886918,"flow_src_last_pkt_time":1690018459714642,"flow_dst_last_pkt_time":1690018459714613,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":18085,"flow_src_tot_l4_payload_len":105,"flow_dst_tot_l4_payload_len":67333,"midstream":0,"thread_ts_usec":1690018459714642,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":44276,"dst_port":8388,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":134863,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1690018459714642} +00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/shadowsocks.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":134863,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1690018459714642} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7774273 bytes -~~ total memory freed........: 7774273 bytes -~~ total allocations/frees...: 146428/146428 +~~ total memory allocated....: 11482876 bytes +~~ total memory freed........: 11482876 bytes +~~ total allocations/frees...: 216682/216682 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 550 chars ~~ json string max len.......: 1004 chars diff --git a/test/results/default/signal.pcap.out b/test/results/default/signal.pcap.out index 48ea0b2d4..8abdde69a 100644 --- a/test/results/default/signal.pcap.out +++ b/test/results/default/signal.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569051245838268} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569051245838268} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051245838268,"flow_src_last_pkt_time":1569051245838268,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051245838268,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569051245838268,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1569051245838268,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKS8AAP8RkXYAAAAA\/\/\/\/\/wBEAEMBNJxAAQEGACG6jqoAAQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 01016{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569051245838268,"flow_src_last_pkt_time":1569051245838268,"flow_dst_last_pkt_time":1569051245838268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569051245838268,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"lucas-imac","dhcp": {"fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}}} @@ -170,7 +170,7 @@ 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":170,"flow_dst_packets_processed":95,"flow_first_seen":1569051267121677,"flow_src_last_pkt_time":1569051267569935,"flow_dst_last_pkt_time":1569051267601717,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":195730,"flow_dst_tot_l4_payload_len":3003,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Signal","proto_id":"91.39","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569051264088425,"flow_src_last_pkt_time":1569051264088425,"flow_dst_last_pkt_time":1569051264113960,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":151,"flow_src_tot_l4_payload_len":55,"flow_dst_tot_l4_payload_len":151,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Signal","proto_id":"5.39","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569051247593701,"flow_src_last_pkt_time":1569051247593701,"flow_dst_last_pkt_time":1569051247630078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":59,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":59,"midstream":0,"thread_ts_usec":1569051267601717,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-payload-len":273842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":25,"total-updates":0,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":173,"global_ts_usec":1569051267601717} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"cfgs\/default\/pcap\/signal.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-payload-len":273842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":25,"total-updates":0,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":173,"global_ts_usec":1569051267601717} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 637/637 ~~ skipped flows.............: 0 @@ -179,9 +179,9 @@ ~~ total active/idle flows...: 19/19 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8054904 bytes -~~ total memory freed........: 8054904 bytes -~~ total allocations/frees...: 147336/147336 +~~ total memory allocated....: 11763235 bytes +~~ total memory freed........: 11763235 bytes +~~ total allocations/frees...: 217590/217590 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 545 chars ~~ json string max len.......: 2182 chars diff --git a/test/results/default/simple-dnscrypt.pcap.out b/test/results/default/simple-dnscrypt.pcap.out index 457acff60..224404d1c 100644 --- a/test/results/default/simple-dnscrypt.pcap.out +++ b/test/results/default/simple-dnscrypt.pcap.out @@ -1,5 +1,5 @@ -00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1491813284555591} +00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1491813284555591} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491813284555591,"flow_src_last_pkt_time":1491813284555591,"flow_dst_last_pkt_time":1491813284555591,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491813284555591,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1491813284555591,"flow_dst_last_pkt_time":1491813284555591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1491813284555591,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PRVAAIAGMNDAqCunhncaGMQ5Abvf\/XrjAAAAAIACIAChWwAAAgQFtAEDAwgBAQQC"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1491813284555591,"flow_dst_last_pkt_time":1491813284666208,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1491813284666208,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xDnBW87r3\/165IASchC\/iQAAAgQFHgEBBAIBAwMH"} @@ -44,7 +44,7 @@ 00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":10,"flow_first_seen":1491813286275625,"flow_src_last_pkt_time":1491813286718876,"flow_dst_last_pkt_time":1491813286718848,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":7183,"midstream":0,"thread_ts_usec":1491813286913648,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":10,"flow_first_seen":1491813286392272,"flow_src_last_pkt_time":1491813286753444,"flow_dst_last_pkt_time":1491813286753424,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":210,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":7183,"midstream":0,"thread_ts_usec":1491813286913648,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1491813286393273,"flow_src_last_pkt_time":1491813286845298,"flow_dst_last_pkt_time":1491813286913648,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":280,"flow_dst_max_l4_payload_len":1310,"flow_src_tot_l4_payload_len":1004,"flow_dst_tot_l4_payload_len":8306,"midstream":0,"thread_ts_usec":1491813286913648,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"TLS.DNScrypt","proto_id":"91.208","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":14,"category":"Network"}} -00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":111,"packets-processed":111,"total-skipped-flows":0,"total-l4-payload-len":38586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_usec":1491813286913648} +00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":111,"source":"cfgs\/default\/pcap\/simple-dnscrypt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":111,"packets-processed":111,"total-skipped-flows":0,"total-l4-payload-len":38586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_usec":1491813286913648} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 111/111 ~~ skipped flows.............: 0 @@ -53,9 +53,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7865860 bytes -~~ total memory freed........: 7865860 bytes -~~ total allocations/frees...: 146563/146563 +~~ total memory allocated....: 11574431 bytes +~~ total memory freed........: 11574431 bytes +~~ total allocations/frees...: 216817/216817 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 538 chars ~~ json string max len.......: 2001 chars diff --git a/test/results/default/sip.pcap.out b/test/results/default/sip.pcap.out index 6e772af5d..5395ccf68 100644 --- a/test/results/default/sip.pcap.out +++ b/test/results/default/sip.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1120469572844249} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1120469572844249} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469572844249,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_usec":1120469572844249,"pkt":"ADBUADRWAODtAW69CABFAAHvaZgAAIARF6bAqAEC1PIhIxPEE8QB2272UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTUxMjQ4NzM3LTQ2ZWE3MTVlMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTkwM2RmMGENClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY4IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="} 01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120469572844249,"flow_dst_last_pkt_time":1120469572844249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":467,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":467,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469572844249,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -23,7 +23,7 @@ 01093{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":2,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470102883325,"flow_dst_last_pkt_time":1120470085961798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":5813,"flow_dst_tot_l4_payload_len":1209,"midstream":0,"thread_ts_usec":1120470102883325,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01092{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470158626389,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4623,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470158626389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01093{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":3,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":6938,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470158626389,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":44,"packets-processed":43,"total-skipped-flows":0,"total-l4-payload-len":17733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1120470187658020} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":44,"packets-processed":43,"total-skipped-flows":0,"total-l4-payload-len":17733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":26,"global_ts_usec":1120470187658020} 01092{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":10,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470216689496,"flow_dst_last_pkt_time":1120469956406918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":680,"flow_dst_max_l4_payload_len":491,"flow_src_tot_l4_payload_len":4633,"flow_dst_tot_l4_payload_len":4354,"midstream":0,"thread_ts_usec":1120470216689496,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01093{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":3,"flow_first_seen":1120470049188993,"flow_src_last_pkt_time":1120470114910372,"flow_dst_last_pkt_time":1120470116279089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":347,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":822,"flow_dst_max_l4_payload_len":614,"flow_src_tot_l4_payload_len":6938,"flow_dst_tot_l4_payload_len":1818,"midstream":0,"thread_ts_usec":1120470216689496,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 02416{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470235521078,"flow_dst_last_pkt_time":1120470235448732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":825,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":7448,"flow_dst_tot_l4_payload_len":4947,"midstream":0,"thread_ts_usec":1120470235521078,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25935,"avg":42751008.0,"max":279041814,"stddev":57873684.0,"var":3349363405357056.0,"ent":4.0,"data": [136757,17415627,17424961,49834,89928591,89874891,17280679,17290428,150200040,150188219,17325180,17335822,73916043,73902652,17325038,17333170,25935,17724998,29031776,29092737,34118166,34119076,29272359,29031830,29031631,29031476,17104967,497671,1001842,279041814,227102]},"pktlen": {"min":33,"avg":415.3,"max":853,"stddev":273.0,"var":74531.7,"ent":4.6,"data": [495,514,708,334,374,495,514,708,519,495,514,708,519,495,514,708,334,498,33,33,33,33,33,33,33,33,33,853,853,853,621,368]},"bins": {"c_to_s": [9,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,0,0,0,0,4,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,2,1,0,0,0,1,6,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0],"entropies": [5.741633415,5.745016098,5.709460258,5.733335018,5.724183083,5.734008312,5.752299309,5.705936909,5.742718697,5.746319294,5.735527039,5.694232941,5.749829292,5.746265888,5.718012810,5.700710297,5.702609062,5.648171425,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.037749290,4.098355293,4.098355293,5.722674847,5.721789837,5.722674847,5.763523579,5.703196526]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -34,7 +34,7 @@ 01093{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":12,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470373595117,"flow_dst_last_pkt_time":1120470268128176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":8884,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1120470373595117,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01093{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":12,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470431658642,"flow_dst_last_pkt_time":1120470268128176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":8894,"flow_dst_tot_l4_payload_len":5392,"midstream":0,"thread_ts_usec":1120470431658642,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01094{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":33,"flow_dst_packets_processed":15,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470490643822,"flow_dst_last_pkt_time":1120470490782704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":10471,"flow_dst_tot_l4_payload_len":6852,"midstream":0,"thread_ts_usec":1120470490782704,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":69,"packets-processed":68,"total-skipped-flows":0,"total-l4-payload-len":27248,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":17,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1120470796804243} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":69,"packets-processed":68,"total-skipped-flows":0,"total-l4-payload-len":27248,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":17,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1120470796804243} 01094{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":35,"flow_dst_packets_processed":17,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470796804243,"flow_dst_last_pkt_time":1120470796941095,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":11616,"flow_dst_tot_l4_payload_len":7824,"midstream":0,"thread_ts_usec":1120470796941095,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01094{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":39,"flow_dst_packets_processed":21,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470848686860,"flow_dst_last_pkt_time":1120470848682926,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":13926,"flow_dst_tot_l4_payload_len":9670,"midstream":0,"thread_ts_usec":1120470848686860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01095{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":24,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120470900060556,"flow_dst_last_pkt_time":1120470900056743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":593,"flow_src_tot_l4_payload_len":16021,"flow_dst_tot_l4_payload_len":10997,"midstream":0,"thread_ts_usec":1120470900060556,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -56,7 +56,7 @@ 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":53,"flow_dst_packets_processed":31,"flow_first_seen":1120469572844249,"flow_src_last_pkt_time":1120471094413365,"flow_dst_last_pkt_time":1120471018881832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1076,"flow_dst_max_l4_payload_len":669,"flow_src_tot_l4_payload_len":19714,"flow_dst_tot_l4_payload_len":14333,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1120470985348411,"flow_src_last_pkt_time":1120470985511036,"flow_dst_last_pkt_time":1120470985348411,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1548,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120470986363611,"flow_src_last_pkt_time":1120470986363611,"flow_dst_last_pkt_time":1120470986363611,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120471094413365,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"RTCP","proto_id":"165","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":112,"packets-processed":112,"total-skipped-flows":0,"total-l4-payload-len":44455,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":25,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1120471094413365} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/sip.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":112,"packets-processed":112,"total-skipped-flows":0,"total-l4-payload-len":44455,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":25,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1120471094413365} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 112/112 ~~ skipped flows.............: 0 @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7776445 bytes -~~ total memory freed........: 7776445 bytes -~~ total allocations/frees...: 146516/146516 +~~ total memory allocated....: 11485016 bytes +~~ total memory freed........: 11485016 bytes +~~ total allocations/frees...: 216770/216770 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 564 chars ~~ json string max len.......: 2421 chars diff --git a/test/results/default/sip_hello.pcapng.out b/test/results/default/sip_hello.pcapng.out index 37b45414f..fdece767c 100644 --- a/test/results/default/sip_hello.pcapng.out +++ b/test/results/default/sip_hello.pcapng.out @@ -1,5 +1,5 @@ -00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645515834707950} +00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645515834707950} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645515834707950,"flow_dst_last_pkt_time":1645515834707950,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645515834707950,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645515834707950,"flow_dst_last_pkt_time":1645515834707950,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":13,"thread_ts_usec":1645515834707950,"pkt":"AAAAAAAAAAIAsZqMCABFAAAh925AAP0RDAoK75zrrB0mWxPEE8QADQAAaGVsbG8AAAAAAAAAAAA="} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645515834707950,"flow_dst_last_pkt_time":1645515834709790,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":13,"thread_ts_usec":1645515834709790,"pkt":"AAAAAAAAAAUAlkboCABFAAAhAABAAEARwHmsHSZbCu+c6xPEE8QADRonaGVsbG8AAAAAAAAAAAA="} @@ -17,7 +17,7 @@ 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645516227953912,"flow_dst_last_pkt_time":1645516227955969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":619,"flow_src_tot_l4_payload_len":999,"flow_dst_tot_l4_payload_len":1104,"midstream":0,"thread_ts_usec":1645516227955969,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645516277109636,"flow_dst_last_pkt_time":1645516277111440,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":619,"flow_src_tot_l4_payload_len":1004,"flow_dst_tot_l4_payload_len":1109,"midstream":0,"thread_ts_usec":1645516277111440,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":15,"flow_first_seen":1645515834707950,"flow_src_last_pkt_time":1645516326265358,"flow_dst_last_pkt_time":1645516326267438,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":513,"flow_dst_max_l4_payload_len":619,"flow_src_tot_l4_payload_len":1962,"flow_dst_tot_l4_payload_len":2172,"midstream":0,"thread_ts_usec":1645516326267438,"l3_proto":"ip4","src_ip":"10.239.156.235","dst_ip":"172.29.38.91","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":4134,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":9,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1645516326267438} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/sip_hello.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":4134,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":9,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1645516326267438} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767623 bytes -~~ total memory freed........: 7767623 bytes -~~ total allocations/frees...: 146401/146401 +~~ total memory allocated....: 11476242 bytes +~~ total memory freed........: 11476242 bytes +~~ total allocations/frees...: 216655/216655 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 536 chars ~~ json string max len.......: 982 chars diff --git a/test/results/default/sites.pcapng.out b/test/results/default/sites.pcapng.out index 0d70e83f3..c87b3c290 100644 --- a/test/results/default/sites.pcapng.out +++ b/test/results/default/sites.pcapng.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1595957694169758} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1595957694169758} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595957694169758,"flow_src_last_pkt_time":1595957694169758,"flow_dst_last_pkt_time":1595957694169758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595957694169758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1595957694169758,"flow_dst_last_pkt_time":1595957694169758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1595957694169758,"pkt":"CL6sCxdumt9Y+uvcCABFAAA86wlAAEAGQqHAqAypRav6FLRQAbvxSUO4AAAAAKAC\/\/943AAAAgQFtAQCCAp3CF\/6AAAAAAEDAwk="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1595957694169758,"flow_dst_last_pkt_time":1595957694175849,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1595957694175849,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAAFUGGKtFq\/oUwKgMqQG7tFDMBUIi8UlDuaASbHAk8gAAAgQFeAQCCAqwcikLdwhf+gEDAwg="} @@ -7,7 +7,7 @@ 01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1595957694169758,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694175849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":381,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595957694181636,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Messenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"edge-mqtt.facebook.com","tls": {"version":"TLSv1.2","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}} 00837{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694188758,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_usec":1595957694188758,"pkt":"mt9Y+uvcCL6sCxduCABFAAEMv+hAAFUGV\/JFq\/oUwKgMqQG7tFDMBUIj8UlFNoAYAHHhaAAAAQEICrByKRd3CGAFFgMDAIACAAB8AwPUEITn7mCrvulT\/NdcXKN5KijcI4g9k3CK2XQ772s3WyCYle6z8aZolVAW\/WsVOAFFqAocCpVZly96\/6VmRt6unBMBAAA0ACsAAvsaADMAJAAdACAO0nP6nc6Qo9rpWYhM5FN2IQ7onG5IGH\/bMnw97GrsYgApAAIAABQDAwABARcDAwBIGZYMK775StJv8IeA6uX06XwsLuMhuuiwj099ayB3wMQVpJF0HhA8WjwU9NAQeMRhHSdrrGCE3zuMW3mj8V6sAMmDjxeKSHVB"} 01239{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1595957694169758,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694188758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":216,"flow_src_tot_l4_payload_len":381,"flow_dst_tot_l4_payload_len":216,"midstream":0,"thread_ts_usec":1595957694188758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Messenger","proto_id":"91.157","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat","hostname":"edge-mqtt.facebook.com","tls": {"version":"TLSv1.3 (Fizz)","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-fb","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1623221441867993} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1623221441867993} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221441867993,"flow_dst_last_pkt_time":1623221441867993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623221441867993,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1623221441867993,"flow_dst_last_pkt_time":1623221441867993,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623221441867993,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA8opRAAEAGGajAqAH6XHpfY6OWAbs7TQBaAAAAAKAC\/\/9coQAAAgQFtAQCCAqqdeFuAAAAAAEDAwk="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1623221441867993,"flow_dst_last_pkt_time":1623221441879742,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623221441879742,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA8AABAADgGxDxcel9jwKgB+gG7o5aALohKO00AW6AS\/ojeuQAAAgQFtAQCCAoeqlgsqnXhbgEDAwc="} @@ -17,7 +17,7 @@ 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1623221441893147,"flow_dst_last_pkt_time":1623221441907431,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623221441907431,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA09P1AADgGz0Zcel9jwKgB+gG7o5aALohLO00CYIAQAfoH2wAAAQEICh6qWEaqdeGJ"} 01242{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221441893147,"flow_dst_last_pkt_time":1623221441911029,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1623221441911029,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TikTok","proto_id":"91.49","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"vcs-va.tiktokv.com","tls": {"version":"TLSv1.3","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1595957694169758,"flow_src_last_pkt_time":1595957694181636,"flow_dst_last_pkt_time":1595957694188758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":216,"flow_src_tot_l4_payload_len":381,"flow_dst_tot_l4_payload_len":216,"midstream":0,"thread_ts_usec":1623221442073719,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"69.171.250.20","src_port":46160,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":36,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":9095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1623222051753416} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":36,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":9095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1623222051753416} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051753416,"flow_dst_last_pkt_time":1623222051753416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623222051753416,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1623222051753416,"flow_dst_last_pkt_time":1623222051753416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623222051753416,"pkt":"pJGxgjQ56CrqthSFCABFAAA0YDdAAIAGW9bAqAHjNElH4sOXAbv6yL58AAAAAIAC+vC20AAAAgQFtAEDAwgBAQQC"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1623222051753416,"flow_dst_last_pkt_time":1623222051852336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623222051852336,"pkt":"6CrqthSFpJGxgjQ5CABFAAA0AABAAOkGUw00SUfiwKgB4wG7w5czz+y6+si+fYASaQMoIwAAAgQFtAEBBAIBAwMI"} @@ -28,7 +28,7 @@ 01281{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051957659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623222051957659,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"presence.fuze.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01505{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222051854478,"flow_dst_last_pkt_time":1623222051957659,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5281,"midstream":0,"thread_ts_usec":1623222051957659,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Fuze","proto_id":"91.270","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"presence.fuze.com","tls": {"version":"TLSv1.2","server_names":"*.presence.fuze.com,presence.fuze.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"8d2a028aa94425f76ced7826b1f39039","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=*.presence.fuze.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"B4:E1:85:91:CD:36:0A:89:7B:6F:A0:C1:11:B5:A5:29:CE:05:13:79"}}} 00788{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":15,"flow_first_seen":1623221441867993,"flow_src_last_pkt_time":1623221458497766,"flow_dst_last_pkt_time":1623221458494846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2486,"flow_dst_tot_l4_payload_len":6012,"midstream":0,"thread_ts_usec":1623222052202072,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"92.122.95.99","src_port":41878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":17875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1623223595952198} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":17875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1623223595952198} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223595952198,"flow_dst_last_pkt_time":1623223595952198,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623223595952198,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1623223595952198,"flow_dst_last_pkt_time":1623223595952198,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623223595952198,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8ZBhAAEAGCeXAqAGAW8au0MW8AbvaIBcHAAAAAKAC+vC78AAAAgQFtAQCCAq86k7VAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1623223595952198,"flow_dst_last_pkt_time":1623223595999034,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623223595999034,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADEGfP1bxq7QwKgBgAG7xbxrNtsg2iAXCKASqbDzDgAAAgQFnAQCCAoXn7wwvOpO1QEDAwk="} @@ -40,7 +40,7 @@ 01947{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223596109406,"flow_dst_last_pkt_time":1623223596108936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1036,"flow_dst_tot_l4_payload_len":16479,"midstream":0,"thread_ts_usec":1623223596109406,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":10127.3,"max":52937,"stddev":19772.5,"var":390950848.0,"ent":2.8,"data": [46836,50076,2241,52937,230,0,0,0,52220,0,0,0,1478,638,2420,52443,0,779,3077,0,237,0,0,0,0,0,199,47900,0,0,235]},"pktlen": {"min":52,"avg":599.8,"max":1500,"stddev":646.4,"var":417856.7,"ent":4.1,"data": [60,60,52,569,52,1500,1500,1252,152,52,52,52,52,132,222,290,355,95,83,1500,1500,1500,1500,1500,1500,1500,1500,374,52,52,52,83]},"bins": {"c_to_s": [10,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,10,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0],"entropies": [4.713301182,5.220872402,5.008629799,5.408417225,5.079967022,7.845353127,7.893048763,7.841969490,6.480354786,5.047091007,5.047091484,5.085552692,5.085553169,6.254513264,6.947219372,7.136369228,7.362440109,5.997154236,5.666953564,7.893563271,7.867501259,7.878776073,7.865104198,7.874600887,7.869311810,7.861063480,7.860395432,7.425109863,5.085552692,5.047091007,5.085552692,5.564384460]}} 01224{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223596109406,"flow_dst_last_pkt_time":1623223596108936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1036,"flow_dst_tot_l4_payload_len":16479,"midstream":0,"thread_ts_usec":1623223596109406,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Wikipedia","proto_id":"91.176","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"upload.wikimedia.org","tls": {"version":"TLSv1.3","ja3":"6b5e0cfe988c723ee71faf54f8460684","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}} 00788{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1623222051753416,"flow_src_last_pkt_time":1623222112086485,"flow_dst_last_pkt_time":1623222112185361,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":965,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2226,"flow_dst_tot_l4_payload_len":6554,"midstream":0,"thread_ts_usec":1623223596203292,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"52.73.71.226","src_port":50071,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":119,"packets-processed":118,"total-skipped-flows":0,"total-l4-payload-len":35609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":6,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1623226283573712} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":119,"packets-processed":118,"total-skipped-flows":0,"total-l4-payload-len":35609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":6,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_usec":1623226283573712} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623226283573712,"flow_src_last_pkt_time":1623226283573712,"flow_dst_last_pkt_time":1623226283573712,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623226283573712,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1623226283573712,"flow_dst_last_pkt_time":1623226283573712,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623226283573712,"pkt":"pJGxgjQ5AoEfHBPlCABFAAA8M5RAAEAGJgDAqAH6LVLxM5vSAFAXgCu+AAAAAKAC\/\/9tawAAAgQFtAQCCAolvfRMAAAAAAEDAwk="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1623226283573712,"flow_dst_last_pkt_time":1623226283601626,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623226283601626,"pkt":"AoEfHBPlpJGxgjQ5CABFAAA0AABAADMGZpwtUvEzwKgB+gBQm9LNImc9F4Arv4ASchAIQAAAAgQFeAEBBAIBAwMK"} @@ -50,7 +50,7 @@ 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1623226283612303,"flow_dst_last_pkt_time":1623226283640806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623226283640806,"pkt":"AoEfHBPlpJGxgjQ5CABFAAAox9pAADMGns0tUvEzwKgB+gBQm9LNImc+F4AsfVAQAB66DQAAAAAAAAAA"} 02146{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623226283573712,"flow_src_last_pkt_time":1623226284678348,"flow_dst_last_pkt_time":1623226284677149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":380,"flow_dst_tot_l4_payload_len":18862,"midstream":0,"thread_ts_usec":1623226284678348,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":71228.2,"max":1031142,"stddev":245139.1,"var":60093177856.0,"ent":1.6,"data": [27914,29082,9509,39180,2950,0,249,0,0,0,0,59912,0,307,0,0,304,0,974261,1031142,0,0,0,29550,491,2002,0,490,0,730,0]},"pktlen": {"min":46,"avg":645.1,"max":1500,"stddev":701.2,"var":491744.0,"ent":4.0,"data": [60,52,46,230,46,1500,1500,1500,1500,1500,1500,1382,46,46,46,46,46,46,46,230,1500,1500,1500,1500,46,46,1500,1500,46,46,46,46]},"bins": {"c_to_s": [15,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,12,0,0]},"directions": [0,1,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0],"entropies": [4.650921822,4.854286671,4.347350597,5.690956593,4.347350597,7.663578510,7.860166073,7.846680641,7.877070427,7.858085155,7.884421825,7.865271091,4.347350597,4.303872585,4.260394573,4.303872585,4.303872585,4.347350597,4.347350597,5.731587410,7.670816898,7.866776943,7.851586819,7.865674973,4.303872585,4.303872108,7.855195045,7.870656013,4.303872585,4.260394096,4.303872108,4.303872585]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Likee","proto_id":"7.261","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":24,"flow_first_seen":1623223595952198,"flow_src_last_pkt_time":1623223766553269,"flow_dst_last_pkt_time":1623223766548680,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1177,"flow_dst_tot_l4_payload_len":16557,"midstream":0,"thread_ts_usec":1623226286427901,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"91.198.174.208","src_port":50620,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Wikipedia","proto_id":"91.176","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":231,"packets-processed":230,"total-skipped-flows":0,"total-l4-payload-len":108050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":6,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1631088115362469} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":231,"packets-processed":230,"total-skipped-flows":0,"total-l4-payload-len":108050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":6,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1631088115362469} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088115362469,"flow_dst_last_pkt_time":1631088115362469,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1631088115362469,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1631088115362469,"flow_dst_last_pkt_time":1631088115362469,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1631088115362469,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8aylAAEAG8xTAqAGAx+hSbbaEAbsR7WhdAAAAAKAC+vCzrwAAAgQFtAQCCAqzLdcpAAAAAAEDAwc="} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1631088115362469,"flow_dst_last_pkt_time":1631088115376274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1631088115376274,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADQGaj7H6FJtwKgBgAG7toQ\/rdv6Ee1oXqAS\/\/\/HZwAAAgQFTAQCCApg6mr7sy3XKQEDAwk="} @@ -61,7 +61,7 @@ 01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088115376494,"flow_dst_last_pkt_time":1631088115392643,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1344,"midstream":0,"thread_ts_usec":1631088115392643,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","proto_id":"91.267","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"f.vimeocdn.com","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01493{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088115392667,"flow_dst_last_pkt_time":1631088115392674,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4032,"midstream":0,"thread_ts_usec":1631088115392674,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Vimeo","proto_id":"91.267","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"f.vimeocdn.com","tls": {"version":"TLSv1.2","server_names":"*.vimeocdn.com","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"16c0b3e6a7b8173c16d944cfeaeee9cf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020","subjectDN":"CN=*.vimeocdn.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"3A:0F:CF:EC:3C:13:25:E2:E1:4D:C6:52:A6:4D:8D:96:10:1E:8E:37"}}} 00981{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":58,"flow_dst_packets_processed":54,"flow_first_seen":1623226283573712,"flow_src_last_pkt_time":1623226466507324,"flow_dst_last_pkt_time":1623226466414542,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":190,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":950,"flow_dst_tot_l4_payload_len":71491,"midstream":0,"thread_ts_usec":1631088115406479,"l3_proto":"ip4","src_ip":"192.168.1.250","dst_ip":"45.82.241.51","src_port":39890,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Likee","proto_id":"7.261","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":256,"packets-processed":255,"total-skipped-flows":0,"total-l4-payload-len":113664,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":8,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_usec":1637349011376367} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":256,"packets-processed":255,"total-skipped-flows":0,"total-l4-payload-len":113664,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":8,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_usec":1637349011376367} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011376367,"flow_dst_last_pkt_time":1637349011376367,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1637349011376367,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1637349011376367,"flow_dst_last_pkt_time":1637349011376367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1637349011376367,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8TGJAAEAGkyTAqAGAj8wJQb8WAbs5hVBVAAAAAKAC+vA+\/wAAAgQFtAQCCAoHfmCrAAAAAAEDAww="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1637349011376367,"flow_dst_last_pkt_time":1637349011393884,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1637349011393884,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8T5MAAPMGHPOPzAlBwKgBgAG7vxa2dgKJOYVQVqASBZSQpgAAAgQFoAQCCArIQyJ4B35gqwEDAwk="} @@ -71,7 +71,7 @@ 01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011396134,"flow_dst_last_pkt_time":1637349011393908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1637349011396134,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","proto_id":"91.71","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"prod-static.disney-plus.net","tls": {"version":"TLSv1.2","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}} 01236{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011396134,"flow_dst_last_pkt_time":1637349011405023,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":1637349011405023,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.DisneyPlus","proto_id":"91.71","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"prod-static.disney-plus.net","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}} 00789{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":12,"flow_first_seen":1631088115362469,"flow_src_last_pkt_time":1631088168165179,"flow_dst_last_pkt_time":1631088168165177,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1344,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5004,"midstream":0,"thread_ts_usec":1637349011425927,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"199.232.82.109","src_port":46724,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":285,"packets-processed":284,"total-skipped-flows":0,"total-l4-payload-len":121431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":74,"global_ts_usec":1642584017659993} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":285,"packets-processed":284,"total-skipped-flows":0,"total-l4-payload-len":121431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":9,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":74,"global_ts_usec":1642584017659993} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584017659993,"flow_dst_last_pkt_time":1642584017659993,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584017659993,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1642584017659993,"flow_dst_last_pkt_time":1642584017659993,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642584017659993,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8EtFAAEAG2zrAqAypFwxoU5lQAbvzO0RFAAAAAKAC\/\/9KaQAAAgQFtAQCCApYVYYCAAAAAAEDAwk="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1642584017659993,"flow_dst_last_pkt_time":1642584017680129,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642584017680129,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADcG9wsXDGhTwKgMqQG7mVB1nT8a8ztERqAS\/ojzIwAAAgQFtAQCCAqw3vMWWFWGAgEDAwc="} @@ -81,12 +81,12 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1642584017683650,"flow_dst_last_pkt_time":1642584017706128,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1642584017706128,"pkt":"mt9Y+uvcCL6sCxduCABFAAA0SOBAADcGrjMXDGhTwKgMqQG7mVB1nT8b8ztGS4AQAfocSAAAAQEICrDe8zFYVYYZ"} 01231{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584017683650,"flow_dst_last_pkt_time":1642584017706175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1642584017706175,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AccuWeather","proto_id":"91.280","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":5,"category":"Web","hostname":"api.accuweather.com","tls": {"version":"TLSv1.3","ja3":"9b02ebd3a43b62d825e1ac605b621dc8","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00787{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":14,"flow_first_seen":1637349011376367,"flow_src_last_pkt_time":1637349011425914,"flow_dst_last_pkt_time":1637349011425927,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":6975,"midstream":0,"thread_ts_usec":1642584019409362,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"143.204.9.65","src_port":48918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":315,"packets-processed":314,"total-skipped-flows":0,"total-l4-payload-len":128021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":10,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":84,"global_ts_usec":1643355518166568} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":315,"packets-processed":314,"total-skipped-flows":0,"total-l4-payload-len":128021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":10,"total-updates":0,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":84,"global_ts_usec":1643355518166568} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643355518166568,"flow_src_last_pkt_time":1643355518166568,"flow_dst_last_pkt_time":1643355518166568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643355518166568,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02217{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1643355518166568,"flow_dst_last_pkt_time":1643355518166568,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1292,"pkt_l4_len":1258,"thread_ts_usec":1643355518166568,"pkt":"pJGxgjQ5SKRyNpegCABFAAT+PElAAIARThnAqAF72DrRLubeAbsE6urRwAAAAAEIZ7HskbOWr9QAAETQNKtjIjiCXCI+9vqBWPy31G7jDH4RlwYv0XhaWuj0UrdcSVWZIrVwzwDrJa8dEWOeUvaAw7BXeYev6bi8Nu9Z4LWOvt0+XPgNkeHB6PvaZ9N4cpB1UIRx6byg5QljaxCkgdia5\/WZz2yX\/TayWJG0egLwFK4DYqDDADilA59ewmPTSu6+F3\/EVfKw86o2Yio5HeQqtUOtEdw6pRwxBehgjTrZf0PMuk40XDPug94YB\/sEApD8Ghq1zUUVofn\/jZoji68n+CZ74BkmZ8LSaemosx3Vm7YV3yQUauQU4lBHNM2XdkooJSDGv9YINXu8hmpHdW\/1encLGdPSyOJC8itWve1maDbUaMRhrbQrpaAPeVfgND5alDCN2DMGvFe3nB6Pz2LOpDsj\/3ZN3caT5Nt0nSv8HN+DYWZc+2JmBlBY71FJ57bmTqruFnoZ\/GjM0BGxB5WlpJ0M3zE3M16k0p8WRYGK3bOkXFB5rtEix709VUri+WnB1ivvzP4A8iO977JvKVGlPddOYZ4k7qZne6v\/jb1y0P5AatOM7YYIeRI7u8jf\/xM8RY8UTL\/Pv+EQzBcgac+DyXJSt\/sJo+Uuz0dGCYpa4Aa01DbWUiA5x+j4g5WT5LGdKrytMkGgkIcVSlNAt4nWOQc2IroqJjfmf+NbusGe\/Gviz5jV93bOaTFv7sGyuvESP0iH2MD2mwPgizF6t5EabtXWaevGbit0evQ9O3bHeRpQwTlwh0hRD7WqrIf0Wri9spAJN53856UKZFRupvrVqTH40ht5wGl2g3HXmJvEKnWBsD1hEB3sacVd4lWjKim62JMTY6yUmMhRBlNu2AupnyFsChUJ1NgsRbg5cQPowXRIBVG8WcjCs7OHKUH\/zza5xjXEz1FrdKQASDLCvFyh9YUzlRmDx7d99nX5vf9AwJejikY1uel\/yRMHcT9IqYO0kZBeGiX2ZDJD7vD1sF+05Qq++ztAL3CTqhuU\/7KSbWKiGOoFGj9phj6fZiE+g9e7+HIVuvPAKr+aSbxS71gHelt+hKMcDj7jdDFk5P6TqQdUXfqrnN38RDusNZmvWB+23Sj9NvIjlpua1MtXRWVJaLY5mX9AL1kTENCHtxomZwiXSqkSWtzS8dZocOlqjfWrd2hnw5yl8b7T0843OsmN6ZOoho4X9bhFw\/52C+NFDBAC42\/6jsH2i4NdbJBqOAuf4tLWi3oaJ\/0r5Y0wWyVnBbFtq1sx6d6EHxqir52O50dkkD8SF7j+wGSCG2L1l5bcQGnAqpzpZNB8AgofMTbrgYgdYIyrh\/neffOlCQyXy2EgLb\/xWEt+QftF8p5n2FzevDADqTCGGVeWULgrEsb\/3qULNf4uZHaY4HBD6To7yTuITvaXdqFt30MJBKnhBexi0dhA\/MGpMyVJfR\/PhbhWZmiNdx\/LRAV2Semg\/nPWe+DzSBBXm7wJXZiE\/8ewkRVdkujJi\/QhXAX0aOL76X77YYeny\/V35WiIqUmuxRHrBRdP5AMMQo\/adJoX4bzVdEvw3cGw7\/\/hO2VzwL5m0trABzWAWdjRjsrTEu\/mWAVCZDP5\/peoG8YXeXsdHWwpRLyNJpzOlRz5aND24Jgn5x2v3PqoD5RBiIEHwD8jlV2fRCZXq1e7tPV6eLhSI74="} -01380{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643355518166568,"flow_src_last_pkt_time":1643355518166568,"flow_dst_last_pkt_time":1643355518166568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643355518166568,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleClassroom","proto_id":"188.281","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"classroom.google.com","quic": {"user_agent":"Chrome\/97.0.4692.99 Windows NT 10.0; Win64; x64","tls": {"version":"TLSv1.3","ja3":"a27a03a8478393fe7f8958648bb71ff4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} +01401{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643355518166568,"flow_src_last_pkt_time":1643355518166568,"flow_dst_last_pkt_time":1643355518166568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1250,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643355518166568,"l3_proto":"ip4","src_ip":"192.168.1.123","dst_ip":"216.58.209.46","src_port":59102,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleClassroom","proto_id":"188.281","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"classroom.google.com","quic": {"user_agent":"Chrome\/97.0.4692.99 Windows NT 10.0; Win64; x64","quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"a27a03a8478393fe7f8958648bb71ff4","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} 00788{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1642584017659993,"flow_src_last_pkt_time":1642584019409362,"flow_dst_last_pkt_time":1642584019407774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":924,"flow_dst_tot_l4_payload_len":5666,"midstream":0,"thread_ts_usec":1643355518166568,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"23.12.104.83","src_port":39248,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":316,"packets-processed":315,"total-skipped-flows":0,"total-l4-payload-len":129271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":10,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":89,"global_ts_usec":1646482623895784} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":316,"packets-processed":315,"total-skipped-flows":0,"total-l4-payload-len":129271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":10,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":89,"global_ts_usec":1646482623895784} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646482623895784,"flow_src_last_pkt_time":1646482623895784,"flow_dst_last_pkt_time":1646482623895784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646482623895784,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"31.222.67.112","src_port":35054,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1646482623895784,"flow_dst_last_pkt_time":1646482623895784,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646482623895784,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8U5dAAEAGwa7AqAGAH95DcIjuAbuZU7+5AAAAAKAC+vB+rAAAAgQFtAQCCAqYsCyFAAAAAAEDAwc="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1646482623895784,"flow_dst_last_pkt_time":1646482623937401,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1646482623937401,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA0AABAADIGI04f3kNwwKgBgAG7iO5SHRbemVO\/uoASa9CRawAAAgQFUAEBBAIBAwMH"} @@ -278,7 +278,7 @@ 02490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":4,"flow_src_last_pkt_time":1646483012643710,"flow_dst_last_pkt_time":1646483012821762,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646483012821762,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXch65AAOYGfOEoYaACwKgBgAG7m5Tksd5e67EgM1AQCAPV9wAAFgMDEU4CAABZAwNiI1ZE1H27b6T6JRvCm\/MD0luKFyMTDe3jrQbpiHy4ICC5MgAADb+Tw4RbiKuNvdQaqUF3iqCf4+0IdypYCofcN8AwAAARAAUAAAAjAAAAFwAA\/wEAAQALAA2dAA2aAAiqMIIIpjCCB46gAwIBAgIQBlZfm2qDLxvIgJ9OV3KS5zANBgkqhkiG9w0BAQsFADBLMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSUwIwYDVQQDExxEaWdpQ2VydCBDbG91ZCBTZXJ2aWNlcyBDQS0xMB4XDTIxMTIyMjAwMDAwMFoXDTIyMTIyMjIzNTk1OVowajELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEUMBIGA1UEAxMLb3V0bG9vay5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB9wlkgtAgWRPrtQjN+hjPY9n1E5BhRmtLNo5GgPTzKcmU9tJGqc3zsJF3xgbCIc1AB8dt7DonJfZNasePo6d0IRrMqsbrNLn0GUGS9qjY3dLxV51XQ61Sd9T5EQIE\/XwKZh3BtIehwUH0rE3omOA9+auyHPSNQb+BS4A5N6ZgG9TmdvEIgWfY9f1Id2M+DUxfatVW0Jp89Wvw8GBDfyzllLm0\/EDzmv3rk1vx4MWpb91yl2TwrYu1EMiyNNtVWRMGhTp1gkz5aMgVZO6TpdbLjcEUMxNrBEfUptVSqyzS++eERCA14Kg2rdfoONwwYHx3GIbJwcFbAJhsLXa\/I7dxAgMBAAGjggVlMIIFYTAfBgNVHSMEGDAWgBTdUdCiMXOpc66PtAF+XYxXy5\/w9zAdBgNVHQ4EFgQU3Odtv0FtIj23r9K5dpo4sXI2NS8wggIQBgNVHREEggIHMIICA4IWKi5pbnRlcm5hbC5vdXRsb29rLmNvbYINKi5vdXRsb29rLmNvbYILb3V0bG9vay5jb22CDW9mZmljZTM2NS5jb22CDyoub2ZmaWNlMzY1LmNvbYIXKi5vdXRsb29rLm9mZmljZTM2NS5jb22CDCoub2ZmaWNlLmNvbYISb3V0bG9vay5vZmZpY2UuY29tghRzdWJzdHJhdGUub2ZmaWNlLmNvbYIbYXR0YWNobWVudC5vdXRsb29rLmxpdmUubmV0gh1hdHRhY2htZW50Lm91dGxvb2sub2ZmaWNlLm5ldIIgYXR0YWNobWVudC5vdXRsb29rLm9mZmljZXBwZS5uZXSCFmF0dGFjaG1lbnRzLm9mZmljZS5uZXSCFiouY2xvLmZvb3RwcmludGRucy5jb22CFioubnJiLmZvb3RwcmludGRucy5jb22CHWNjcy5sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tgiFjY3Mtc2RmLmxvZ2luLm1pY3Jvc29mdG9ubGluZS5jb22CGHN1YnN0cmF0ZS1zZGYub2ZmaWNlLmNvbYIaYXR0YWNobWVudHMtc2RmLm9mZmljZS5uZXSCCioubGl2ZS5jb22CFm1haWwuc2VydmljZXMubGl2ZS5jb22CC2hvdG1haWwuY29tgg0qLmhvdG1haWwuY29tMA4GA1UdDwEB\/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgY0GA1UdHwSBhTCBgjA\/oD2gO4Y5aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0Q2xvdWRTZXJ2aWNlc0NBLTEtZzEuY3JsMD+gPaA7hjlodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRDbG91ZFNlcnZpY2VzQ0EtMS1nMS5jcmw="} 02505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1646483012643710,"flow_dst_last_pkt_time":1646483012821837,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":1646483012821837,"pkt":"PKn0qB\/spJGxgjQ5CABFAAXch69AAOYGfOAoYaACwKgBgAG7m5TkseQS67EgM1AQCAPVywAAMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB8BggrBgEFBQcBAQRwMG4wJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NweC5kaWdpY2VydC5jb20wRQYIKwYBBQUHMAKGOWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydENsb3VkU2VydmljZXNDQS0xLmNydDAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3HhAAAAX3fdqGRAAAEAwBHMEUCIG19vZQ3ztPNq5S85GBThQ4+TBDHFxFC0nXZ4LXpUu3rAiEA8+M15TzZmOUopQftFbHUpCuDhU09pI7ZIoZ4rqlvzwYAdwBRo7D1\/QF5nFZtuDd4jwykeswbJ8v3nohCmg3+1IsF5QAAAX3fdqIKAAAEAwBIMEYCIQCCt\/CWyrB3z5L9JJQqtKhuKwSHXVPO\/nIzLQIRvE8QSAIhALAUu2+684sYBmTAWbK9qLsoHMJRLVDtf7PKkkuPEhCsAHUAQcjKsd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF933aiIAAABAMARjBEAiAmY6DHSC0PRZfjQURv9gfH7XNEvLtjnimdIZ9DL1pP\/wIgEm240\/6jgHbB2vouW4klCYLhx1mBUl2EGyo40QGnLN8wDQYJKoZIhvcNAQELBQADggEBAKs0Do0f0D7XJa8EwMbjj8gm+KWD\/Y615EL0mYouOSdmvSw1h3kWcf3Z3gP9p7LPMTiWc9WgaATbbQQyCdIiD4lE+y\/Hgw+bok2WmRbY6mYbpvHNrk5MrGqzAuJQP6PKt3aBz7PPYPmXPTacuSVPid0KRE9WekJR9Qbk7uWzQ9sUrU4qL0vpapgXTftedAVBzNTW+x6T9ZQXCGPbPWrvcN8p2WRUpvQPorVZ+8K6hKQ74Unfe858rN6lgFCEo0o1k\/W4HSPYM\/GX2BRkg5zPfLO7nMgTuWoOm6j0aPk8QFiDRXKTGIlkTm3CU1U8PU5zGVtJrxLepFiwH8haosDkiUMABOowggTmMIIDzqADAgECAhAPFxpIxvIjgJIYzS7W3cDoMA0GCSqGSIb3DQEBCwUAMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMB4XDTIwMDkyNTAwMDAwMFoXDTMwMDkyNDIzNTk1OVowSzELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzElMCMGA1UEAxMcRGlnaUNlcnQgQ2xvdWQgU2VydmljZXMgQ0EtMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANGt9ocUeVQnV8cvBWg8mzzNZ+xFECyE8qRHxNlTQkUJu+T+M8HXvEYv0Yvmt7VneHxqcL79uOW2VM9MXqy4InRzVSkIc8hk99CVCQ55g1C\/X\/XUzJtCYY6ABLlBqs5OEpmbrNbFvlsCc7UWpKtxYtSY6kA5hab2uy\/o54fCi\/acMs3s+D6\/ied0I4JL2uq\/c6YlPP2\/qeVo\/\/gwomDHOy6j88V\/Ozv9DzGhfHQP0L8UxL1o8aXna6ffmwB+RiVO5ugT8\/YGx9RvCycgQl1hvD9g0nyWcsl8sIv\/+UgFUwT6Iq+3zVFdbd2QdAPwM0\/0x8A+VkZHr3Mgi9x6PqPyXf8CAwEAAaOCAa4wggGqMB0GA1UdDgQWBBTdUdCiMXOpc66PtAF+XYxXy5\/w9zAfBgM="} 01969{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":5,"flow_first_seen":1646483012464918,"flow_src_last_pkt_time":1646483012643710,"flow_dst_last_pkt_time":1646483012821897,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4435,"midstream":0,"thread_ts_usec":1646483012821897,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"40.97.160.2","src_port":39828,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Outlook","proto_id":"91.21","proto_by_ip":"Outlook","proto_by_ip_id":21,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"outlook.com","tls": {"version":"TLSv1.2","server_names":"*.internal.outlook.com,*.outlook.com,outlook.com,office365.com,*.office365.com,*.outlook.office365.com,*.office.com,outlook.office.com,substrate.office.com,attachment.outlook.live.net,attachment.outlook.office.net,attachment.outlook.officeppe.net,attachments.office.net,*.clo.footprintdns.com,*.nrb.footprintdns.com,ccs.login.microsoftonline.com,ccs-sdf.login.microsoftonline.com,substrate-sdf.office.com,attachments-sdf.office.net,*.live.com,mail.services.live.com,hotmail.com,*.hotmail.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"71d9ce75f347e6cf54268d7114ae6925","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=outlook.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"4E:39:B4:13:4B:8C:77:57:7D:80:3D:76:40:E8:88:22:05:00:1C:58"}}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":458,"packets-processed":457,"total-skipped-flows":0,"total-l4-payload-len":197833,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":32,"total-detection-updates":39,"total-updates":0,"current-active-flows":27,"total-active-flows":36,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":281,"global_ts_usec":1646495488872237} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":458,"packets-processed":457,"total-skipped-flows":0,"total-l4-payload-len":197833,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":32,"total-detection-updates":39,"total-updates":0,"current-active-flows":27,"total-active-flows":36,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":281,"global_ts_usec":1646495488872237} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495488872237,"flow_src_last_pkt_time":1646495488872237,"flow_dst_last_pkt_time":1646495488872237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495488872237,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1646495488872237,"flow_dst_last_pkt_time":1646495488872237,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495488872237,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8\/MhAAEAGRHDAqAGAD6Anu7NKAbvmP22QAAAAAKAC+vBpUQAAAgQFtAQCCAoE\/txmAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1646495488872237,"flow_dst_last_pkt_time":1646495488880478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495488880478,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADIGTzkPoCe7wKgBgAG7s0optQbo5j9tkaAS9LPzBQAAAgQFtAQCCAoEQEeaBP7cZgEDAwc="} @@ -366,7 +366,7 @@ 01825{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":4,"flow_first_seen":1646495749875318,"flow_src_last_pkt_time":1646495750202078,"flow_dst_last_pkt_time":1646495750523550,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1432,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":3672,"midstream":0,"thread_ts_usec":1646495750523550,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"129.226.107.210","src_port":45014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.IFLIX","proto_id":"91.202","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":26,"category":"Video","hostname":"www.iflix.com","tls": {"version":"TLSv1.2","server_names":"jan18-2022-1.ias.iflix.com,access.iflix.com,accounts.iflix.com,debugaccess.iflix.com,hwvip.iflix.com,iflix.com,live.iflix.com,pbaccess.iflix.com,pbdebugaccess.iflix.com,test.iflix.com,testupload.iflix.com,tv.iflix.com,upload.iflix.com,vplay.iflix.com,www.iflix.com","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"00447ab319e9d94ba2b4c1248e155917","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3","subjectDN":"C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jan18-2022-1.ias.iflix.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"6F:FD:C1:38:F4:2A:0B:65:51:9C:0E:11:86:63:B5:58:52:FC:96:B0"}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495785326719,"flow_src_last_pkt_time":1646495785326719,"flow_dst_last_pkt_time":1646495785326719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495785326719,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02347{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1646495785326719,"flow_dst_last_pkt_time":1646495785326719,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_usec":1646495785326719,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAVpAABAAEARxpLAqAGA2DrUjpbyAbsFVWFvygAAAAEIEaJhA\/pmmGIDGZVnAEJ9k4MXlQzkENByBWBPG6JdLnJ97tZTge\/8kX\/RhzOqc4jakqIni2HiqmCs6hTSmZEhkbOUs3lvKsO9F9+XIhOeXqIykOCxzeDPOvDHVnxP2ftNUD1lroHjevW4+JYs\/R0VPIgtCayG\/meCf7Lef9QhWL6YQmXx48ui2W6tYfyIEiaXDMtExoqL+hacVg2HpNlIwJe4PE0\/HEg3ezCS0HD8j4RVM2gk+MitT95qpQmfRz8ntx5WznfpVZvMxU23bid9\/dO3KP4LRTXApe0VNoqcMS8eAgkUyCgd5nSQ87LPgFqnkCEFratISm41sDhhr7ve32C1I\/TlAIhgBRfW87C3WFDVCBagaYOeonExydEo\/D28evz\/tjH6aV7xu0wNblTQywt3lynmNkuwCW7cnmeQuau6oQOA9GiSOfN51L3rFmCObunfGa2ezZE4y2FjFlEEKO\/QIf2CassSbDJm49YK5w7PoSq58kn\/6qIb0Tn5xVj\/LonVQw1HAkNmcP8ql0C7shrF43UdoYXvT\/hOCOA\/VAd6JiIod3M38vXNHkTBOnLJf9TfjJE64UfVXvq5UqVG0r6WldLJGu2xtNgpeDi11dyXdfvaPJX4DN1wutu28hbCiIktfSp6wZpMBmAyygGuO73TqglRovt2xSE4EHwrJMCD4O2TYEurb9uUa0gMyyJFr9\/L+BwLQIYk52z2VLzFmq3EMYlrlu4r\/zm7z83+qa7ryx2Qegl3wdMjyEciWgqgcac28uJhD3lOGWLmvmFxM9fEY1jJKzrVnaWs\/i+ophLeLFpkmeSef74TmyzGpEZIsuPNpoyrlLRH7YPjpxJQS81Wg3bRzpRPypt93N8AAAABCBGiYQP6ZphiAxmVZ0A7KMwiGjnAKddrCOyv2PDiBRWs1qpECiw2xTVInm4f3DIdG9S3r6Co1Q+QqgROt51vL3O9dOvlXAZmpcYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01303{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495785326719,"flow_src_last_pkt_time":1646495785326719,"flow_dst_last_pkt_time":1646495785326719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495785326719,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hangouts.google.com","quic": {"tls": {"version":"TLSv1.3","ja3":"2a18e6bf307f97c5e27f0ab407dc65db","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} +01324{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495785326719,"flow_src_last_pkt_time":1646495785326719,"flow_dst_last_pkt_time":1646495785326719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495785326719,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"hangouts.google.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"2a18e6bf307f97c5e27f0ab407dc65db","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} 02355{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1646495785326719,"flow_dst_last_pkt_time":1646495785351813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_usec":1646495785351813,"pkt":"PKn0qB\/spJGxgjQ5CABFgAVpAABAADMR0xLYOtSOwKgBgAG7lvIFVdbOwgAAAAEDGZVnCBGiYQP6ZphiAEPst9JjIfZ6zFXkACoVjtJE04mEvUBO80J9CXDI1AzGWloBOqzPXI+URdYvHEecgUeYllSRgTGQ\/pdzmzfdkga4V0DlNh9sMthgcZTrWfMiNpOkeHh+8VGEpoSOyr5bTtr6qKEGYg7ZZM+3g8CNri4\/Y4rmU\/u2ucvFt3wUyTEBNlGlntUryhGUoERRNT55NmFJqVuhU\/GueMTfSHsKfOOCMhdksMgHmrVyRumUWVrccMpyqwcE3vpmgCs+uFNthYNXlEj8FMdYAA6FIKpTcrXTgZ3Nm3DRRlDCt76rYa9Ed5zm8JxO+MhvWTGGpqVfgXpQEWyeWMNxG693XFsxTB07PJ3\/YeWP9LrYnM2HgdinrEmJ9dHI16vwi5FQ0cWQJ92cHEvIGKGiq8SA5HEgTnQVmdK2xOmx7dj0KaicL3ol58t8ltkbIXgfkxYhp5yyTHcH3z0UKdCT7GAS6tTRIUS1R7xH75rixlq6B8ZSkGHfajnn6P2ZcdZ\/x0f91Ed0FleO4gdbHHIHetNxBiPPjmSYid1gKObR53SjxAV83g\/W5uVBPG0cabwLojDjBF4yItmMF8ard0uchzKjL7+VPzEBpyA8VAKvlvVbjeonWQ9zdLjCu+3DI5DnZF04lHG772bPMCDbbp1L2TwHKUlogQBjbGpHA7cGqXQ+7rgXzsp8A1LJ4M7UOfhwAhpEZinbjHrtptlKXt3FIxug5QT3rZRFmRCTzNoEN+lueCUbvABz5ahUadsFXVwk+QV6y6OfittlgN9FPzvu2wbXQsdpR7HuGw5be5n5hrjM\/gt9Cn1qYtj8W7tpYyeOF6J2KVyL\/JC\/QJoDFTRmNJOaSu8I9GPipG+PZyHfbkz460Q5SYy9J6Yty8H0OpgvMOxAZyJfdY6HpBJ73a3hMG\/oeLH2XJGbp7tfnJSbIrw7OjnmUjZjC3QFC5ZT\/D9lfLZQtLioZhFU2dvfGzIgp3e6A6JbEE0vFluuvChl2C+0rBUUI4BDQaLDC36yd\/nqeU9YkBNuGMLNwmS1nu9FZU8mcDANqVoY5yVLg2kamNS5X1hNq7e0ZttiC++uqF2vAilhDlKm4Sn9UjPckZuiZBomYpyg0Mx2VTEwtpKds6MA+UAswT6IhWCQVBWewjai+fOWFc9I1PVuJXv6wszew3Hcqcb00f6u5LLpYQLzSeihJuZrVlM1j6lGBHe0EhJ6DL1teURdZuXWHdzyDqDjp983xiqcs411z8ivoxsAQrnJoCWJxd7jZsORlrj+qRu70MzdRwWows6Ir5D2WLnk\/xr5xZXlxc0qq35KzQxuScxBBYPpS5ZzPphWbiD4nd3CHT+adzTjAAAAAQMZlWcIEaJhA\/pmmGJA9VVpI4dKlmrgeF\/YggQi8sjf99E3nv5OtPvRrtZcyuW01yoBM35YdPwOsg50xXr\/BiQRHRmpg5AI\/Gxv40hVq1L2PZoVADVhqqGncF1oScVHTbM9W4m3oXbHay1EHfQ5lAWTWpN49l9Tiv7IrVgj7Dp+73Bh+\/I4be++4+GN0yWQOqn0T+ijD3iAvjW07u4KFggANU2wFU17wsvlJuMqKoty0iSiIcZD1Fpv8YeBupA3Jd5TcFAQxL\/\/amaXv8CyobSjSega7I6w3iSVpXXusfvcoL9IwMGqCbpjl4yujE+\/2nPBKVvs4iEZolT1zqdJU8Q5tR5vWxmVZ56Vkqmz6hVG35AqABKCyEo\/gk\/PneTs58wsy3Z+6AWG31mbKVGDVWKfuUivH9e1GriPy0Y1T2Vi68\/VxrxY\/w=="} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495836963393,"flow_src_last_pkt_time":1646495836963393,"flow_dst_last_pkt_time":1646495836963393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495836963393,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1646495836963393,"flow_dst_last_pkt_time":1646495836963393,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646495836963393,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8O4hAAEAG9ELAqAGAjvq5zsWwAbtVp40sAAAAAKAC+vA0nQAAAgQFtAQCCApsJfcbAAAAAAEDAwc="} @@ -377,10 +377,10 @@ 01204{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495836963393,"flow_src_last_pkt_time":1646495836983510,"flow_dst_last_pkt_time":1646495837006974,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1646495837006974,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.185.206","src_port":50608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"googleplus.com","tls": {"version":"TLSv1.3","ja3":"579ccef312d18482fc42e2b822ca2430","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495837086190,"flow_src_last_pkt_time":1646495837086190,"flow_dst_last_pkt_time":1646495837086190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495837086190,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02341{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1646495837086190,"flow_dst_last_pkt_time":1646495837086190,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_usec":1646495837086190,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAVpAABAAEARLnPAqAGAjvq17o\/gAbsFVdqKwQAAAAEIGskra7CKZYEDuYLxAEIVFxxqmZ08lCd3LEamnRnTwqMewjQTOXHJ+bQBCnc75qyddTeYHQ3SnzAULSCTOvy9BuronZfx+Rok2NEb\/1BsWpwM7HvouqIbg\/UM9rh+Oz94fTVRKCbJSe1Rt9Wi3IS3cTWhF88qqkbPlVNVfTP6qf147kmXwAclEb200UQEzcAZIv3o++EPu3L79R8FmBpBYJnCKkgaxbqODau1mi\/955te0zmkf2846gwZzwMXzDwbr6\/3HnP3h8OfoVM0MIFN9x7Ds+vGpVKDRpQM0NlvNQfFfblQvgPKr6\/wJHgowwd40oBCNI3FTXFgafKbw2f8iXs1MuIi6dbw5qDMfDg7neN7v6\/vcX4HSf8y6PVeyxCvA4+7q957ap\/3PII07iu47YhDzCD0lwTDjfi\/a1raoLz70\/SPK9NEbeWnxibfZXFeg8+E6Qmd9DFP4zQ2QPKahjqlPM4ZePdB1N+sWTrGnHY+e5VOY4qYOyABuFGeuadAN35ZvnTav7s\/+rzxtiAo1AWyqO5W85hkYntoGdWyMOzcrhaGvKoJNlyQWa3gWJkpY39Z1uzVJ9G3lDdAsC9\/zRJfbRKvAouMAfcWbKNWIPlVEx425CNhqzWnjNjSzKi5ec4e5C4us09IcxcJ6YiARP3HINF5Ycp8CM+O3SAPpWjAj1wgjVCtDNLk+H+lVLgNqHb0nSuRRFGscCZoJV0VpfhM0MYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01306{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495837086190,"flow_src_last_pkt_time":1646495837086190,"flow_dst_last_pkt_time":1646495837086190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495837086190,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GooglePlus","proto_id":"188.72","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"plus.google.com","quic": {"tls": {"version":"TLSv1.3","ja3":"b719940c5ab9a3373cb4475d8143ff88","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} +01327{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646495837086190,"flow_src_last_pkt_time":1646495837086190,"flow_dst_last_pkt_time":1646495837086190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646495837086190,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GooglePlus","proto_id":"188.72","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"plus.google.com","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"b719940c5ab9a3373cb4475d8143ff88","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} 02351{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1646495837086190,"flow_dst_last_pkt_time":1646495837102627,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1399,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1399,"pkt_l4_len":1365,"thread_ts_usec":1646495837102627,"pkt":"PKn0qB\/spJGxgjQ5CABFgAVpAABAADMROvOO+rXuwKgBgAG7j+AFVSXtyAAAAAEDuYLxCBrJK2uwimWBAEU4Tznrzq28hb1XmRDs0MFqelTnhcFUZ84H4q1aY4G8iO4oHDfc48pBHn\/VwFJa95gqSHvH4Ev8Om2dP0drKfHTm5RIabnMUwABEpNiK30Wb+s0DC1P8fJqrYirSkcMUtk+OScepXvvMoUJqb3oK\/SHueY\/CR+1r94ahlb+lQ5CMkRrFEpV8Y80c9Tk558ky1YvZroBJocv+D8x22dTrB3Nr2zV5BXUe4IfZjyM1uOvrGOzm7BFlSrMgOj6FKIkCgp\/pf+jrmIN6zoTCYHljLfpxOi3CtJlotE5kvBNJfYTIlpV6ePxOeaBHnLAnR8AUiLMe4EQhoCyafpPSu2uRilBt0zY24SPHj+Vr1q8JDD3+tdbrEpwnhqALSf4fMlI0nlCiW6KDCz9YYUL75K4IS9444yNzf1Yr99Mh0kbqbRkqVD2lz0sc+tejmla91jt2s1ymwqM2Dkc57wq\/ZGL2qTvHoCDCrWXzzSFq2DtMODbeFddKrW7D2S\/WC6gNpi8CkmnUEfrksPztXbMxr+4svM2m36IzD+uTDtBonQOeeetS42fSNmayHtkfbHFRhxhKIWxbXnDeYhaHVYjCQ+4X0zwkTVPladnLIcVEBYqwYQv5\/bz9ieX8wyoykaDLtE9CrJi2EKtZ8wkCC7Z741Zd+Wml1GFTEX8vTPcXOs4jWXGa8by36ak7R21cVgtCbMzCsX51MXYO9rxKpqzQ90YL3ZJybESTLyCZVaetnFQQy0zj9i3aMbEeaF1GIY8fpv41LJIfBTcuddEsku5mHk0ET+hIJRQHhrqv3\/7dLCFIB8IbFzqoMNXvst3vFd153RNd4+wDFw0PTKp3WxAax7aH3o4vpIKkH5MYZZm6QdYg4AXeCOVs+yOQckfo449mppsZnBCauNFwyGHgfdImQc5ChUcBackKfZKPm+8gpfez3Lh5cIH5TVZfBcX2049yxCxwBIQNMHRFZ\/l6px98JrGqv9wlLvZ9x05f9o+OBwqtGjSma1n6CqkHTjCKDb9wEKbD27oXi\/IB1KPHp2u9d\/c+7X2RVtjWmizhI43eqsfAt6YQSI\/I6i5XWGJRa1qw\/6lLbvQvj\/jHqXTS68GWhBdBLJUtfTko6qCsN7rqu1qRzGoIhl0BkGE92lNyYY\/ZTU6\/hdcvPHH\/gVolLu3hFDPu+ipgvDDLIZuRl+UaoOI4gJccnN1m37oKsX6NQtnyeGSc2tM6+62ei3A6X8waSaElCusvteiUGCHQxwaHmAxN+l0Fnrtj2W9v8HqhbG8zavLaMSK9TCSurpq1GtTp5SAztNP1KCrvVnqVhJrjpPBsMoRZgIibHU+b02bSrZ5vLUq8fMRq1DHjSpmxuFXNZXv4gyNl3Dl6lhcF466Vu3DVIKOpmXUnOt94P9drBleL2pc6g\/Rsi+uKui90velUE0hGPgoOIhhDJ0ymy34LYnDdDZuGwprFKEAglwy2+YC1sXbba6gKVjcOV1Ca5zHuLIWZHit470RXXzr7m1Xi\/5cXZYyKSyJACVo6ge6ve+Upi7YI+aW+jgyPqmHMKb+I\/eIOcKZeHyih24R2l7AgjvcvMggC5W8nbNUSu9cpnGWdlPqjTB0D+d7oT5+bGyUabkzh3dJ2t9fzH8gnGtlT1zFzufTmcBCKpbCY6sP\/0lUq7vHjuvu650M0IhuYA8e9G78Y8vHGY8YN9zIOLD+CF2bDXHwqf3VW0Z0KdlLeLkOH0oqFJ9UgLOZLQqYMUReoZ97In3a7hJ65ZurIhpFxCeAoO9kMhJrGIJTN\/Ls9g=="} 01115{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1646495785326719,"flow_src_last_pkt_time":1646495785326719,"flow_dst_last_pkt_time":1646495785351813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":1357,"midstream":0,"thread_ts_usec":1646495837102627,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"216.58.212.142","src_port":38642,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":513,"packets-processed":512,"total-skipped-flows":0,"total-l4-payload-len":233934,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":42,"total-detection-updates":48,"total-updates":1,"current-active-flows":10,"total-active-flows":46,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":383,"global_ts_usec":1646568788171099} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":513,"packets-processed":512,"total-skipped-flows":0,"total-l4-payload-len":233934,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":42,"total-detection-updates":48,"total-updates":1,"current-active-flows":10,"total-active-flows":46,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":383,"global_ts_usec":1646568788171099} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646568788171099,"flow_src_last_pkt_time":1646568788171099,"flow_dst_last_pkt_time":1646568788171099,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646568788171099,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"208.85.40.158","src_port":53978,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1646568788171099,"flow_dst_last_pkt_time":1646568788171099,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646568788171099,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8AQRAAEAGfpzAqAGA0FUontLaAbs4n4KKAAAAAKAC+vB1NgAAAgQFtAQCCArSjLpwAAAAAAEDAwc="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1646568788171099,"flow_dst_last_pkt_time":1646568788337647,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1646568788337647,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8Ke1AAPAGpbLQVSiewKgBgAG70tpN2CtOOJ+Ci6ASOQiNqgAAAgQFtAEDAwAEAggKXyXRHtKMunA="} @@ -401,7 +401,7 @@ 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1646495837086190,"flow_src_last_pkt_time":1646495837086190,"flow_dst_last_pkt_time":1646495837102627,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1357,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1357,"flow_dst_max_l4_payload_len":1357,"flow_src_tot_l4_payload_len":1357,"flow_dst_tot_l4_payload_len":1357,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.181.238","src_port":36832,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GooglePlus","proto_id":"188.72","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1646495650748124,"flow_src_last_pkt_time":1646495650812560,"flow_dst_last_pkt_time":1646495650832457,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":675,"flow_dst_tot_l4_payload_len":4252,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.113.194.132","src_port":57878,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":520,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1646495488872237,"flow_src_last_pkt_time":1646495488882948,"flow_dst_last_pkt_time":1646495488890513,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1448,"midstream":0,"thread_ts_usec":1646568788847834,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"15.160.39.187","src_port":45898,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":520,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":520,"packets-processed":520,"total-skipped-flows":0,"total-l4-payload-len":238171,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":43,"total-detection-updates":50,"total-updates":1,"current-active-flows":0,"total-active-flows":47,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":404,"global_ts_usec":1646568788847834} +00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":520,"source":"cfgs\/default\/pcap\/sites.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":520,"packets-processed":520,"total-skipped-flows":0,"total-l4-payload-len":238171,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":43,"total-detection-updates":50,"total-updates":1,"current-active-flows":0,"total-active-flows":47,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":404,"global_ts_usec":1646568788847834} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 520/520 ~~ skipped flows.............: 0 @@ -410,9 +410,9 @@ ~~ total active/idle flows...: 47/47 ~~ total timeout flows.......: 4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8369622 bytes -~~ total memory freed........: 8369622 bytes -~~ total allocations/frees...: 147934/147934 +~~ total memory allocated....: 12077505 bytes +~~ total memory freed........: 12077505 bytes +~~ total allocations/frees...: 218188/218188 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 538 chars ~~ json string max len.......: 2621 chars diff --git a/test/results/default/skinny.pcap.out b/test/results/default/skinny.pcap.out index 4c65d9aa7..418167edb 100644 --- a/test/results/default/skinny.pcap.out +++ b/test/results/default/skinny.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1317801130501299} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1317801130501299} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801130501299,"flow_src_last_pkt_time":1317801130501299,"flow_dst_last_pkt_time":1317801130501299,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317801130501299,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.12","src_port":49399,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1317801130501299,"flow_dst_last_pkt_time":1317801130501299,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1317801130501299,"pkt":"ABTy5fxCAB56JnR1CABFYABAE3YAAEAGYUrAqMM6wKjBDMD3B9A1u8s7p8yxgFAYIAAcEAAAEAAAABQAAAAmAAAAAQAAAAAAAAAAAAAA"} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1317801130501299,"flow_src_last_pkt_time":1317801130501299,"flow_dst_last_pkt_time":1317801130501299,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317801130501299,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.12","src_port":49399,"dst_port":2000,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CiscoSkinny","proto_id":"164","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -73,7 +73,7 @@ 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2975,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":356,"flow_dst_packets_processed":0,"flow_first_seen":1317801134349579,"flow_src_last_pkt_time":1317801141449056,"flow_dst_last_pkt_time":1317801134349579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1317801153428371,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.193.24","src_port":32152,"dst_port":9396,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2975,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":730,"flow_dst_packets_processed":712,"flow_first_seen":1317801134322976,"flow_src_last_pkt_time":1317801141602841,"flow_dst_last_pkt_time":1317801141448192,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":172,"flow_src_tot_l4_payload_len":125560,"flow_dst_tot_l4_payload_len":122464,"midstream":0,"thread_ts_usec":1317801153428371,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"192.168.195.50","src_port":32144,"dst_port":17718,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"RTP","proto_id":"87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} 01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2975,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1317801140764515,"flow_src_last_pkt_time":1317801140764515,"flow_dst_last_pkt_time":1317801140821803,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1317801153428371,"l3_proto":"ip4","src_ip":"192.168.195.58","dst_ip":"10.16.2.25","src_port":50917,"dst_port":2000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"CiscoSkinny","proto_id":"164","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2975,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2975,"packets-processed":2967,"total-skipped-flows":0,"total-l4-payload-len":498712,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":76,"global_ts_usec":1317801153428371} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2975,"source":"cfgs\/default\/pcap\/skinny.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2975,"packets-processed":2967,"total-skipped-flows":0,"total-l4-payload-len":498712,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":76,"global_ts_usec":1317801153428371} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2975/2967 ~~ skipped flows.............: 0 @@ -82,9 +82,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7869980 bytes -~~ total memory freed........: 7869980 bytes -~~ total allocations/frees...: 149426/149426 +~~ total memory allocated....: 11578471 bytes +~~ total memory freed........: 11578471 bytes +~~ total allocations/frees...: 219680/219680 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 536 chars ~~ json string max len.......: 2312 chars diff --git a/test/results/default/skype-conference-call.pcap.out b/test/results/default/skype-conference-call.pcap.out index f2ff348dc..6c5c32411 100644 --- a/test/results/default/skype-conference-call.pcap.out +++ b/test/results/default/skype-conference-call.pcap.out @@ -1,15 +1,15 @@ -00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1501061916646303} +00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1501061916646303} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061916646303,"flow_dst_last_pkt_time":1501061916646303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1501061916646303,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1501061916646303,"flow_dst_last_pkt_time":1501061916646303,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1501061916646303,"pkt":"XEl5dU5qxCwDBkn+CABFAACEzEwAAEARWwHAqAIUaC4oMcCC7OIAcIaYAAEAVCESpELFWk\/f3gwyXjBMYMcABgAJZ3BwZTp6V3lrAAAAACQABG7\/\/v+AKgAIAAAAAAC\/QxeAVAABMQAAAIBwAAQAAAADAAgAFMOSZmY4XAmhNOQKDGwu8wYai2KrgCgABB+1m2s="} -01285{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061916646303,"flow_dst_last_pkt_time":1501061916646303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1501061916646303,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":0}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061916646303,"flow_dst_last_pkt_time":1501061916646303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1501061916646303,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1501061916646303,"flow_dst_last_pkt_time":1501061916653642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1501061916653642,"pkt":"xCwDBkn+XEl5dU5qCABFAACERTYAAG4RtBdoLigxwKgCFOziwIIAcHm6AAEAVCESpEI8yF2moGJ4zvU2wuEABgAJeld5azpncHBlAAAAACQABG7\/\/v+AKQAIAAAAAAACl5OAVAABMQAAAIBwAAQAAAADAAgAFHnv8xovieyQrsQ6j2MMyqg8GNj1gCgABORvfhY="} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1501061916690803,"flow_dst_last_pkt_time":1501061916653642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1501061916690803,"pkt":"XEl5dU5qxCwDBkn+CABFAABkjWYAAEARmgfAqAIUaC4oMcCC7OIAUFnEAQEANCESpEI8yF2moGJ4zvU2wuEAIAAIAAHN8Ek8jHOAcAAEAAAAAwAIABSgsacIkgIOfzKEQbuerkeFTLj204AoAASK\/70B"} 00620{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1501061916690803,"flow_dst_last_pkt_time":1501061916708119,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1501061916708119,"pkt":"xCwDBkn+XEl5dU5qCABFAABkRTcAAG4RtDZoLigxwKgCFOziwIIAUMppAQEANCESpELFWk\/f3gwyXjBMYMcAIAAIAAHhkH7lJQGAcAAEAAAAAwAIABQrKEEJgBBMTTHUJMwo4kS9VvHVU4AoAARKHr2N"} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1501061916690803,"flow_dst_last_pkt_time":1501061916708296,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1501061916708296,"pkt":"xCwDBkn+XEl5dU5qCABFAACERTgAAG4RtBVoLigxwKgCFOziwIIAcHm6AAEAVCESpEI8yF2moGJ4zvU2wuEABgAJeld5azpncHBlAAAAACQABG7\/\/v+AKQAIAAAAAAACl5OAVAABMQAAAIBwAAQAAAADAAgAFHnv8xovieyQrsQ6j2MMyqg8GNj1gCgABORvfhY="} 02434{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061916821040,"flow_dst_last_pkt_time":1501061916812989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":915,"flow_dst_max_l4_payload_len":167,"flow_src_tot_l4_payload_len":6417,"flow_dst_tot_l4_payload_len":1824,"midstream":0,"thread_ts_usec":1501061916821040,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":59,"avg":11013.6,"max":100094,"stddev":22446.4,"var":503839616.0,"ent":3.0,"data": [7339,44500,54477,177,54879,336,10342,20091,24441,100094,319,61,211,59,179,235,59,177,199,208,82,2810,14708,381,241,219,267,215,202,197,3718]},"pktlen": {"min":63,"avg":285.5,"max":943,"stddev":317.0,"var":100457.8,"ent":4.3,"data": [132,132,100,100,132,100,136,138,131,123,195,63,155,155,155,155,155,155,155,155,155,155,100,71,943,943,943,943,943,943,155,121]},"bins": {"c_to_s": [0,1,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,2,12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0],"entropies": [5.475533962,5.430079460,5.716311932,5.616310120,5.445230961,5.668762684,5.554492950,6.549376011,6.536014080,6.412748814,6.806855679,5.203801155,6.467489243,6.520809174,6.645484924,6.590196609,6.458263397,6.501328468,6.432456017,6.550292969,6.547129631,6.477230072,5.552665234,5.568275928,7.755900860,7.787482262,7.793358326,7.793142319,7.798308849,7.784828663,6.622673988,6.318281174]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01251{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":133,"flow_dst_packets_processed":67,"flow_first_seen":1501061916646303,"flow_src_last_pkt_time":1501061918126158,"flow_dst_last_pkt_time":1501061918151791,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":915,"flow_dst_max_l4_payload_len":915,"flow_src_tot_l4_payload_len":19259,"flow_dst_tot_l4_payload_len":12028,"midstream":0,"thread_ts_usec":1501061918151791,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":200,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":31287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1501061918151791} +00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/skype-conference-call.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":200,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":31287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1501061918151791} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 200/200 ~~ skipped flows.............: 0 @@ -18,10 +18,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7772553 bytes -~~ total memory freed........: 7772553 bytes -~~ total allocations/frees...: 146571/146571 +~~ total memory allocated....: 11481172 bytes +~~ total memory freed........: 11481172 bytes +~~ total allocations/frees...: 216825/216825 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 582 chars ~~ json string max len.......: 2439 chars -~~ json string avg len.......: 1437 chars +~~ json string avg len.......: 1432 chars diff --git a/test/results/default/skype.pcap.out b/test/results/default/skype.pcap.out index 98c261562..80b8b3a95 100644 --- a/test/results/default/skype.pcap.out +++ b/test/results/default/skype.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skype.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1431969639825574} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skype.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1431969639825574} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/skype.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431969641947863,"flow_src_last_pkt_time":1431969641947863,"flow_dst_last_pkt_time":1431969641947863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431969641947863,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/skype.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1431969641947863,"flow_dst_last_pkt_time":1431969641947863,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1431969641947863,"pkt":"0NQSxnP1PBXCt3IOCABFAABAt5UAAEARP6TAqAEiwKgBAcALADUALIa2zTYBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"} 01195{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/skype.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431969641947863,"flow_src_last_pkt_time":1431969641947863,"flow_dst_last_pkt_time":1431969641947863,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431969641947863,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"b.config.skype.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -2123,7 +2123,7 @@ 01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"cfgs\/default\/pcap\/skype.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431969669408664,"flow_src_last_pkt_time":1431969669408664,"flow_dst_last_pkt_time":1431969669408664,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431969808951480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","proto_id":"125.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00872{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"cfgs\/default\/pcap\/skype.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":4,"flow_first_seen":1431969679451353,"flow_src_last_pkt_time":1431969698502609,"flow_dst_last_pkt_time":1431969698502541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":90,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":146,"flow_dst_tot_l4_payload_len":125,"midstream":0,"thread_ts_usec":1431969808951480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"cfgs\/default\/pcap\/skype.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":4,"flow_first_seen":1431969679451353,"flow_src_last_pkt_time":1431969698502609,"flow_dst_last_pkt_time":1431969698502541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":90,"flow_dst_max_l4_payload_len":88,"flow_src_tot_l4_payload_len":146,"flow_dst_tot_l4_payload_len":125,"midstream":0,"thread_ts_usec":1431969808951480,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3284,"source":"cfgs\/default\/pcap\/skype.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":3284,"packets-processed":3069,"total-skipped-flows":0,"total-l4-payload-len":444195,"total-not-detected-flows":59,"total-guessed-flows":28,"total-detected-flows":206,"total-detection-updates":7,"total-updates":385,"current-active-flows":0,"total-active-flows":293,"total-idle-flows":293,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2126,"global_ts_usec":1431969808951480} +00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3284,"source":"cfgs\/default\/pcap\/skype.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3284,"packets-processed":3069,"total-skipped-flows":0,"total-l4-payload-len":444195,"total-not-detected-flows":59,"total-guessed-flows":28,"total-detected-flows":206,"total-detection-updates":7,"total-updates":385,"current-active-flows":0,"total-active-flows":293,"total-idle-flows":293,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2126,"global_ts_usec":1431969808951480} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3284/3069 ~~ skipped flows.............: 0 @@ -2132,9 +2132,9 @@ ~~ total active/idle flows...: 293/293 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8700972 bytes -~~ total memory freed........: 8700972 bytes -~~ total allocations/frees...: 152766/152766 +~~ total memory allocated....: 12404919 bytes +~~ total memory freed........: 12404919 bytes +~~ total allocations/frees...: 223020/223020 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 520 chars ~~ json string max len.......: 2483 chars diff --git a/test/results/default/skype_no_unknown.pcap.out b/test/results/default/skype_no_unknown.pcap.out index 44ad79653..b5821538c 100644 --- a/test/results/default/skype_no_unknown.pcap.out +++ b/test/results/default/skype_no_unknown.pcap.out @@ -1,5 +1,5 @@ -00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skype_no_unknown.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype_no_unknown.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1431970631778638} +00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skype_no_unknown.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype_no_unknown.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1431970631778638} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970632290618,"flow_src_last_pkt_time":1431970632290618,"flow_dst_last_pkt_time":1431970632290618,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970632290618,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1431970632290618,"flow_dst_last_pkt_time":1431970632290618,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":16,"thread_ts_usec":1431970632290618,"pkt":"AQBeAAAWJKQ8\/kzXCABGwAAoAABAAAECQXbAqAHb4AAAFpQEAAAiADajAAAAAQIAAADpWbwBAAAAAAAA"} 00895{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970632290618,"flow_src_last_pkt_time":1431970632290618,"flow_dst_last_pkt_time":1431970632290618,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970632290618,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"6":"DPI"},"proto":"IGMP","proto_id":"82","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1581,7 +1581,7 @@ 01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"cfgs\/default\/pcap\/skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970669927160,"flow_src_last_pkt_time":1431970669927160,"flow_dst_last_pkt_time":1431970669927160,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970708726988,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","proto_id":"125.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01129{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"cfgs\/default\/pcap\/skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970651850367,"flow_src_last_pkt_time":1431970651850367,"flow_dst_last_pkt_time":1431970651850367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970708726988,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.160","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","proto_id":"125.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"cfgs\/default\/pcap\/skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970656861258,"flow_src_last_pkt_time":1431970656861258,"flow_dst_last_pkt_time":1431970656861258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970708726988,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","proto_id":"125.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00663{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2146,"source":"cfgs\/default\/pcap\/skype_no_unknown.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2146,"packets-processed":2079,"total-skipped-flows":0,"total-l4-payload-len":359672,"total-not-detected-flows":44,"total-guessed-flows":22,"total-detected-flows":201,"total-detection-updates":5,"total-updates":91,"current-active-flows":0,"total-active-flows":267,"total-idle-flows":267,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1584,"global_ts_usec":1431970708726988} +00663{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2146,"source":"cfgs\/default\/pcap\/skype_no_unknown.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2146,"packets-processed":2079,"total-skipped-flows":0,"total-l4-payload-len":359672,"total-not-detected-flows":44,"total-guessed-flows":22,"total-detected-flows":201,"total-detection-updates":5,"total-updates":91,"current-active-flows":0,"total-active-flows":267,"total-idle-flows":267,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1584,"global_ts_usec":1431970708726988} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2146/2079 ~~ skipped flows.............: 0 @@ -1590,9 +1590,9 @@ ~~ total active/idle flows...: 267/267 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8569378 bytes -~~ total memory freed........: 8569378 bytes -~~ total allocations/frees...: 151468/151468 +~~ total memory allocated....: 12273741 bytes +~~ total memory freed........: 12273741 bytes +~~ total allocations/frees...: 221722/221722 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 308 chars ~~ json string max len.......: 2492 chars diff --git a/test/results/default/skype_udp.pcap.out b/test/results/default/skype_udp.pcap.out index 59e500629..8fc7ccb55 100644 --- a/test/results/default/skype_udp.pcap.out +++ b/test/results/default/skype_udp.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1156534494734879} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1156534494734879} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1156534494734879,"flow_src_last_pkt_time":1156534494734879,"flow_dst_last_pkt_time":1156534494734879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1156534494734879,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1156534494734879,"flow_dst_last_pkt_time":1156534494734879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1156534494734879,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCrtEAh3kuASsbNLlPtKfPLsSj70vZ59IfZD23vQ=="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1156534496782355,"flow_dst_last_pkt_time":1156534494734879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1156534496782355,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCqvCj5HkuAStybQoRs8uOXAH\/9ayvdzDWsfxVrg=="} @@ -8,7 +8,7 @@ 01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1156534494734879,"flow_src_last_pkt_time":1156534567055540,"flow_dst_last_pkt_time":1156534494734879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1156534567055540,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","proto_id":"125.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1156534567055540,"flow_dst_last_pkt_time":1156534567244697,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1156534567244697,"pkt":"AAR2lnvaABbjGScVCABFAAAuy+IAAGUR8LwY4L6VwKgBAplejJYAGg6E4FcCztAyD8zMjQ7u\/eBiRTNa"} 01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1156534494734879,"flow_src_last_pkt_time":1156534567055540,"flow_dst_last_pkt_time":1156534567244697,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":18,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":18,"midstream":0,"thread_ts_usec":1156534567244697,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","proto_id":"125.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":129,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1156534567244697} +00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/skype_udp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":129,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1156534567244697} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766898 bytes -~~ total memory freed........: 7766898 bytes -~~ total allocations/frees...: 146376/146376 +~~ total memory allocated....: 11475517 bytes +~~ total memory freed........: 11475517 bytes +~~ total allocations/frees...: 216630/216630 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 539 chars ~~ json string max len.......: 1124 chars diff --git a/test/results/default/smb_deletefile.pcap.out b/test/results/default/smb_deletefile.pcap.out index 7e3adfa9e..3deef9033 100644 --- a/test/results/default/smb_deletefile.pcap.out +++ b/test/results/default/smb_deletefile.pcap.out @@ -1,5 +1,5 @@ -00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1584368315417275} +00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1584368315417275} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1584368315417275,"flow_src_last_pkt_time":1584368315417275,"flow_dst_last_pkt_time":1584368315417275,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":380,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":380,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":380,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1584368315417275,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01090{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1584368315417275,"flow_dst_last_pkt_time":1584368315417275,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":434,"pkt_l4_len":400,"thread_ts_usec":1584368315417275,"pkt":"2MuK4S0uKDc3AG3ICABFAAGkAABAAEAGtNLAqAF2wKgBu94QAb3ooAVq8kMyI1AYqgDfmAAAAAABeP5TTUJAAAEAAAAAAAUAAAEAAAAAmAAAAJwPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAA5AAAAAgAAAAAAAAAAAAAAAAAAAAAAAACBABAAEAAAAAcAAAABAAAAAQAAAHgAHAAAAAAAAAAAAEwAdQBjAGEAXABEAG8AdwBuAGwAbwBhAGQAcwAAAAAA\/lNNQkAAAQAAAAAADgAAAQQAAACIAAAAnQ8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAACEAJQMAAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2AAJgAAAAEAaQBuAG4AbwBzAGUAdAB1AHAALQA1AC4ANgAuADEALgBlAHgAZQAAAP5TTUJAAAEAAAAAAAYAAAEEAAAAAAAAAJ4PAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAAAP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8="} 01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1584368315417275,"flow_src_last_pkt_time":1584368315417275,"flow_dst_last_pkt_time":1584368315417275,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":380,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":380,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":380,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1584368315417275,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv23","proto_id":"10.41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}} @@ -9,7 +9,7 @@ 01165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1584368317575781,"flow_dst_last_pkt_time":1584368317576871,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":522,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":522,"pkt_l4_len":488,"thread_ts_usec":1584368317576871,"pkt":"KDc3AG3I2MuK4S0uCABFAAH8OLFAAIAGO8nAqAG7wKgBdgG93hDyQzQX6KAIKlAYEAdr9gAAAAAB0P5TTUJAAAEAAAAAAAUAAAABAAAAmAAAAJ8PAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAABZAAAAAQAAAHF8fnEN3tQBwjwds5371QFsgQlGF1nVAZpBFPwbWdUBABAAAAAAAAAAEAAAAAAAABEAAAAAAAAAEwQAAAoAAADNAAAACgAAAAAAAAAAAAAA\/lNNQkAAAQAAAAAADgAAAAUAAAC4AAAAoA8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAkASABwAAAAAAAAAAAAAABsgQlGF1nVAaWmw1ic+9UBpabDWJz71QGlpsNYnPvVAQAAAAAAAAAAAAAAAAAAAAAQAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5UGAAAABQBMAHUAYwBhAP5TTUJAAAEAAAAAAAYAAwAFAAAAAAAAAKEPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02310{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":12,"flow_first_seen":1584368315417275,"flow_src_last_pkt_time":1584368317627960,"flow_dst_last_pkt_time":1584368317628867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":412,"flow_dst_max_l4_payload_len":500,"flow_src_tot_l4_payload_len":2972,"flow_dst_tot_l4_payload_len":3826,"midstream":1,"thread_ts_usec":1584368317628867,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":20,"avg":142654.1,"max":2158424,"stddev":529256.2,"var":280112168960.0,"ent":1.2,"data": [1172,1225,2157281,2158424,1159,87,1253,1160,7461,9355,1883,124,103,75,20,492,151,550,5618,5637,4741,5866,1131,107,1245,1127,130,997,857,25951,26895]},"pktlen": {"min":40,"avg":252.6,"max":540,"stddev":190.9,"var":36432.9,"ent":4.5,"data": [420,540,40,364,508,40,380,524,40,452,166,40,540,40,144,140,46,144,40,116,40,380,524,40,420,396,40,284,356,40,388,452]},"bins": {"c_to_s": [10,0,0,2,0,0,0,1,0,0,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,1,2,0,0,0,0,0,1,0,1,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1],"entropies": [3.069277287,3.365245581,4.461769104,2.731584549,2.957580328,4.511769295,2.886561632,3.152696133,4.511769295,2.994292021,3.490118504,4.511769295,2.920198441,4.511769295,3.495491743,3.175110340,4.402616024,3.673908472,4.461769104,3.397419930,4.511769295,2.886561632,3.164842129,4.511769295,3.078800917,2.788191795,4.461769104,2.814971924,2.968542337,4.511769295,2.599048853,2.976962328]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv23","proto_id":"10.41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":62,"flow_dst_packets_processed":39,"flow_first_seen":1584368315417275,"flow_src_last_pkt_time":1584368317802053,"flow_dst_last_pkt_time":1584368317801987,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":476,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":11034,"flow_dst_tot_l4_payload_len":14218,"midstream":1,"thread_ts_usec":1584368317802053,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv23","proto_id":"10.41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":101,"packets-processed":101,"total-skipped-flows":0,"total-l4-payload-len":25252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1584368317802053} +00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/smb_deletefile.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":101,"packets-processed":101,"total-skipped-flows":0,"total-l4-payload-len":25252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1584368317802053} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 101/101 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769682 bytes -~~ total memory freed........: 7769682 bytes -~~ total allocations/frees...: 146472/146472 +~~ total memory allocated....: 11478301 bytes +~~ total memory freed........: 11478301 bytes +~~ total allocations/frees...: 216726/216726 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 536 chars ~~ json string max len.......: 2315 chars diff --git a/test/results/default/smb_frags.pcap.out b/test/results/default/smb_frags.pcap.out index a4fc58b9d..3822808d3 100644 --- a/test/results/default/smb_frags.pcap.out +++ b/test/results/default/smb_frags.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623514369772545} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623514369772545} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623514369772545,"flow_src_last_pkt_time":1623514369772545,"flow_dst_last_pkt_time":1623514369772545,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623514369772545,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623514369772545,"flow_dst_last_pkt_time":1623514369772545,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1623514369772545,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAAPJdVQAA+BrVNCsrTfQrKBwjTaAG9gKLxEgAAAACgAv\/\/GS4AAAIEIwABAwMGBAIICs5HDEsAAAAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623514369772545,"flow_dst_last_pkt_time":1623514369868191,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1623514369868191,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAAPE51QAB8BsAtCsoHCArK030BvdNoZ4rlhYCi8ROgEiAAlmYAAAIEBWQBAwMIBAIICowopxfORwxL"} @@ -8,7 +8,7 @@ 02403{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623514370258205,"flow_dst_last_pkt_time":1623514370251341,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1438,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1438,"pkt_l4_len":1400,"thread_ts_usec":1623514370258205,"pkt":"AAAAAAAAAAgAAAAIgQAGSAgARQAFjJdYQAA+Bq\/6CsrTfQrKBwjTaAG9gKLxRmeK5leAEAgZ6PkAAAEBCArORw4xjCiopgAABjz\/U01CcwAAAAAYBdgAAAAAAAAAAAAAAAAAAAEAAAABAAz\/AAAABEEyAAEAAAAAAK8FAAAAAP\/SAIABBmCCBasGggAGKwYBBQUCoIIFnTCCBZmgggARMIIADQaCAAkqhkiG9xIBAgKiggWABIIFfGCCBXgGCSqGSIb3EgECAgEAboIFZzCCBWOgAwIBBaEDAgEOogcDBQAgAAAAo4IEcmGCBG4wggRqoAMCAQWhFBsSQ0lWSUxQRU5TSU9OLkxPQ0FMoi0wK6ADAgEDoSQwIhsEY2lmcxsaaHFkYy0wMi5jaXZpbHBlbnNpb24ubG9jYWyjggQcMIIEGKADAgESoQMCASCiggQKBIIEBmtnVxcxBmkz4ZUsh+F3XvsymQ5mvu2LX+7W56rZEvZ1qmgF5eVUK11Yc3PdU24ZptZsf6GIgZZft7fDTc9iDA3FbzTWHDPjEHl6G+GfrKQ\/U66sLyoe01eLCDNDlzdYPbQNI5B+D7epgO3OqLoFCxgQnXg89dHq7kxLRlfyZ75yHYmd3cly0qeBA8TtEpLELIy5RDwh88Bbqx9lJkPNQiMt24H0yao67pgfp9aEdZ4Emm7xmyPRkPeqZWtM0bkNvn+WavQvx80wJ6ZQyFIXkOPKpVcd2AB5qVKkumKBLzfPVIv+5LsBnADCgXZoEckKZht4ry7NolrE+0HKHhPwkaoxc8bqcUuiYOluxmO4DjfSfFQueOoelGhXJ6pEhCQozBPoeArsog\/CMnvfwyGHeu2So9navfrEV7TGs9oPppW3oNCUuXo36cbimBLvIiY+Pgl\/ynJhxwXsO0RkVS9r\/PsoEMTLWDn3S3vAe\/TBqkOtoyPQJWg1FVpj7frmvNArPBFi14wVJfxtnd\/+3wtnQozSQyeZaiwe0Uki1A7mEEoQtV7AOgPYFp8ri4dHhClZYELTbpijGa0Jwtj6x6ZJsOiFg2SsOWyGploNv1wUt9FpkKTtjSnMILP9mkkt0GsDX19lwQbnfeVgl0kxeaZBDtMtasDDJW8MObctlpQH6UeIoFh4zd\/+AvklrnI66FLbyQfjFSQzmIzIW3ydE4bjVtwWmU1a9nvT5VzFxoGr9N75Jd1QR+seVejR1FQ5L+uOs9WAbzPwvooNtGJ9P10oltq2AAtLxvL22QGd7qWFsKNlILCcAk48pdh4wUcKf+EMjG6Xonr4DPvLkEyb43oHO1NuXf6G+7ier+62p0AeSbzutesdffNAKWx8nx125SeKQpNnBXnpDRdJnIJIcuLAdAebbsP88MDOzOSgr6S6eirG1TuF29PveiUZjxoiDLHdsyainMdtGrd0\/Ydkl2AhTK3O7gYsi1PPi2xvUVmDCWCipGeZ\/HFXUKBq15ucDAkq0dcppKqtynTA4t8XrmdpQTW\/R3zKQXp4YteUcutVoA63U60MWJlP325IMdQpih2Uk59JH5Dnux3Rd568y7AglM4Wn\/qV3HT6TOIU2RCepqW+t\/HKqI4PXOnM+5Qj2R2MJ25pMdBIvMiBfAjqOHwQwwec\/8syUlp9kgV4g09X0ubW+5o5iaoEB4ngqDTvZXkAfrGm9\/PFvCCGKK5LcZsH76QYjCwvtb7o+MxSnlo+MKjMgwdfysFP0RY4mM0xlHSbO4qyXFBgLhHZiagn1nbfnXKd28YECfDeWdHC\/Ig4+JxagNp\/3VNKyRkP6A4EbfQ3batKWXNlXzxKQjFl\/HI4d1Rq1dIh9CGkgdcwgdSgAwIBEqKBzASByVkzbk+ekX38PCwMB3OZSxR7r8vyZItGdtHn7\/EFdfCld4D4NfFt4ny5\/YJLf0FZrLolqw=="} 01299{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1623514369772545,"flow_src_last_pkt_time":1623514370258205,"flow_dst_last_pkt_time":1623514370251341,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":209,"flow_src_tot_l4_payload_len":1419,"flow_dst_tot_l4_payload_len":209,"midstream":0,"thread_ts_usec":1623514370258205,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System","hostname":""}} 01323{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1623514369772545,"flow_src_last_pkt_time":1623514370351676,"flow_dst_last_pkt_time":1623514370345783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":1651,"flow_dst_tot_l4_payload_len":536,"midstream":0,"thread_ts_usec":1623514370351676,"l3_proto":"ip4","src_ip":"10.202.211.125","dst_ip":"10.202.7.8","src_port":54120,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":2187,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1623514370351676} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/smb_frags.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":2187,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1623514370351676} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769066 bytes -~~ total memory freed........: 7769066 bytes -~~ total allocations/frees...: 146382/146382 +~~ total memory allocated....: 11477685 bytes +~~ total memory freed........: 11477685 bytes +~~ total allocations/frees...: 216636/216636 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 563 chars ~~ json string max len.......: 2408 chars diff --git a/test/results/default/smbv1.pcap.out b/test/results/default/smbv1.pcap.out index c2627b3e1..db2a13ddb 100644 --- a/test/results/default/smbv1.pcap.out +++ b/test/results/default/smbv1.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1492191036092974} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1492191036092974} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492191036092974,"flow_src_last_pkt_time":1492191036092974,"flow_dst_last_pkt_time":1492191036092974,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492191036092974,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1492191036092974,"flow_dst_last_pkt_time":1492191036092974,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_usec":1492191036092974,"pkt":"AFBW6AqxAAwpAu9qCABFAACxF9IAAIAGzm+sEJyCCoAA88bvAb3S22hjm3waG1AY+vCemgAAAAAAhf9TTUJyAAAAABhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAAGIAAlBDIE5FVFdPUksgUFJPR1JBTSAxLjAAAkxBTk1BTjEuMAACV2luZG93cyBmb3IgV29ya2dyb3VwcyAzLjFhAAJMTTEuMlgwMDIAAkxBTk1BTjIuMQACTlQgTE0gMC4xMgA="} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1492191036092974,"flow_dst_last_pkt_time":1492191036120420,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1492191036120420,"pkt":"AAwpAu9qAFBW6AqxCABFAACdcSEAAIAGdTQKgADzrBCcggG9xu+bfBob0tto7FAY+vCpnwAAAAAAcf9TTUJyAAAAAJhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAEQUAAzIAAQAEEQAAAAABAAAAAAD84wEAQPSc00S10gHwAAgsAAirHC\/h7OapVwBPAFIASwBHAFIATwBVAFAAAABKAE8ASABOAC0AUABDAAAA"} @@ -8,7 +8,7 @@ 00781{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1492191036120691,"flow_dst_last_pkt_time":1492191036154924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_usec":1492191036154924,"pkt":"AAwpAu9qAFBW6AqxCABFAADlcSMAAIAGdOoKgADzrBCcggG9xu+bfBqQ0ttpeFAY+vD0\/QAAAAAAuf9TTUJzAAAAAJgHwAAAAAAAAAAAAAAAAAAA\/\/4ACEAAA\/8AuQAAAJAAAFcAaQBuAGQAbwB3AHMAIAA3ACAAVQBsAHQAaQBtAGEAdABlACAANwA2ADAAMQAgAFMAZQByAHYAaQBjAGUAIABQAGEAYwBrACAAMQAAAFcAaQBuAGQAbwB3AHMAIAA3ACAAVQBsAHQAaQBtAGEAdABlACAANgAuADEAAABXAE8AUgBLAEcAUgBPAFUAUAAA"} 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1492191036157874,"flow_dst_last_pkt_time":1492191036154924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":148,"pkt_l4_len":114,"thread_ts_usec":1492191036157874,"pkt":"AFBW6AqxAAwpAu9qCABFAACGF9QAAIAGzpisEJyCCoAA88bvAb3S22l4m3wbTVAY+b51+wAAAAAAWv9TTUJ1AAAAABgHwAAAAAAAAAAAAAAAAAAA\/\/4ACEAABP8AWgAIAAEALwAAXABcADEAMAAuADEAMgA4AC4AMAAuADIANAAzAFwASQBQAEMAJAAAAD8\/Pz8\/AA=="} 01321{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1492191036092974,"flow_src_last_pkt_time":1492191036191677,"flow_dst_last_pkt_time":1492191036191436,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":189,"flow_src_tot_l4_payload_len":453,"flow_dst_tot_l4_payload_len":366,"midstream":1,"thread_ts_usec":1492191036191677,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"20": {"risk":"SMB Insecure Vers","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"NetBIOS.SMBv1","proto_id":"10.16","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Dangerous","category_id":18,"category":"System"}} -00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1492191036191677} +00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/smbv1.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1492191036191677} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769037 bytes -~~ total memory freed........: 7769037 bytes -~~ total allocations/frees...: 146381/146381 +~~ total memory allocated....: 11477656 bytes +~~ total memory freed........: 11477656 bytes +~~ total allocations/frees...: 216635/216635 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 566 chars ~~ json string max len.......: 1326 chars diff --git a/test/results/default/smpp_in_general.pcap.out b/test/results/default/smpp_in_general.pcap.out index c61d46152..c1fa61f26 100644 --- a/test/results/default/smpp_in_general.pcap.out +++ b/test/results/default/smpp_in_general.pcap.out @@ -1,5 +1,5 @@ -00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1217149853878966} +00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1217149853878966} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1217149853878966,"flow_src_last_pkt_time":1217149853878966,"flow_dst_last_pkt_time":1217149853878966,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1217149853878966,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1217149853878966,"flow_dst_last_pkt_time":1217149853878966,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1217149853878966,"pkt":"AAKlxo7UABbU5r3hCABFAAAwUN5AAIAG\/3kK4sp2CuLKNQbqIyjmvft6AAAAAHACf\/9NLQAAAgQE7AEBBAI="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1217149853878966,"flow_dst_last_pkt_time":1217149853879393,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1217149853879393,"pkt":"ABbU5r3hAAKlxo7UCABFAAAsMy0AADwGoS8K4so1CuLKdiMoBuqoDP5A5r37e2AS8ABLDAAAAgQFtAAA"} @@ -8,7 +8,7 @@ 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1217149853878966,"flow_src_last_pkt_time":1217149853879690,"flow_dst_last_pkt_time":1217149853879393,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1217149853879690,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMPP","proto_id":"207","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1217149853879690,"flow_dst_last_pkt_time":1217149853886293,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1217149853886293,"pkt":"ABbU5r3hAAKlxo7UCABFAAA9My4AADwGoR0K4so1CuLKdiMoBuqoDP5B5r37o1AY8AA72wAAAAAAFYAAAAIAAAAAAAAAAVNNU0MA"} 00978{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1217149853878966,"flow_src_last_pkt_time":1217149884833956,"flow_dst_last_pkt_time":1217149884833947,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":25,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":78,"midstream":0,"thread_ts_usec":1217149884833956,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SMPP","proto_id":"207","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1217149884833956} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/smpp_in_general.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1217149884833956} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769294 bytes -~~ total memory freed........: 7769294 bytes -~~ total allocations/frees...: 146389/146389 +~~ total memory allocated....: 11477913 bytes +~~ total memory freed........: 11477913 bytes +~~ total allocations/frees...: 216643/216643 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 538 chars ~~ json string max len.......: 983 chars diff --git a/test/results/default/smtp-starttls.pcap.out b/test/results/default/smtp-starttls.pcap.out index da5f30e88..07a297d21 100644 --- a/test/results/default/smtp-starttls.pcap.out +++ b/test/results/default/smtp-starttls.pcap.out @@ -1,5 +1,5 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1388017124762850} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1388017124762850} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017124762850,"flow_dst_last_pkt_time":1388017124762850,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388017124762850,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1388017124762850,"flow_dst_last_pkt_time":1388017124762850,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1388017124762850,"pkt":"AAAMB6wBABNyxPHhCABFAAA8JqtAAEAGeocKAAABrcJEGuA+ABlXuT72AAAAAKACOQgLsAAAAgQFtAQCCAraWRhdAAAAAAEDAwc="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1388017124762850,"flow_dst_last_pkt_time":1388017124774018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1388017124774018,"pkt":"ABNyxPHhANAr0XYACABFAAA8X3cAAC4Gk7utwkQaCgAAAQAZ4D6dvxfqV7k+96ASpiw5gwAAAgQFlgQCCAoS8Zx72lkYXQEDAwY="} @@ -12,7 +12,7 @@ 01083{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017124864532,"flow_dst_last_pkt_time":1388017124876575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":1653,"midstream":0,"thread_ts_usec":1388017124876575,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} 01083{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017124876854,"flow_dst_last_pkt_time":1388017124876863,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":3924,"midstream":0,"thread_ts_usec":1388017124876863,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} 02334{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017125217215,"flow_dst_last_pkt_time":1388017125228642,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":686,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1384,"flow_dst_tot_l4_payload_len":4627,"midstream":0,"thread_ts_usec":1388017125228642,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":29682.5,"max":156957,"stddev":34710.8,"var":1204840832.0,"ent":4.2,"data": [11168,11193,11857,11849,79,11152,39169,67072,28169,11489,12210,262,12322,26,24821,37890,13457,11887,11608,11639,11817,51431,103694,156957,13622,11529,11126,16410,67319,42853,94080]},"pktlen": {"min":52,"avg":240.3,"max":1470,"stddev":368.1,"var":135468.5,"ent":4.0,"data": [60,60,52,103,52,80,52,206,62,82,164,1470,1470,52,905,366,262,105,217,113,117,113,52,158,738,52,80,52,128,52,83,133]},"bins": {"c_to_s": [9,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,3,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,0,1],"entropies": [4.527644634,5.164738178,4.944975376,5.655648708,4.868052483,4.887005329,4.983437061,5.795777798,5.058248043,5.413370609,5.231037617,6.553743362,7.414661884,4.893245220,7.240818024,7.277081490,6.869879723,5.969118595,6.897389412,6.050327778,6.234992027,6.200943947,4.944975376,6.499523640,7.703155994,4.906513691,5.556689262,4.868052006,6.265826702,4.776611805,5.571072102,6.285814285]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} -00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":37,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":6011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1524746968365832} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":37,"packets-processed":36,"total-skipped-flows":0,"total-l4-payload-len":6011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1524746968365832} 00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968365832,"flow_dst_last_pkt_time":1524746968365832,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1524746968365832,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1524746968365832,"flow_dst_last_pkt_time":1524746968365832,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":90,"pkt_l4_len":32,"thread_ts_usec":1524746968365832,"pkt":"tAwlBY4TAAwpwTTcgQAAfYbdYAAAAAAgBkAgAwDeIBYBJfw2gxdOhstyIAMA3iAWASAAAAAACggAUx2KABlaBfS8AAAAAIACIAC67wAAAgQFoAEDAwIBAQQC"} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1524746968365832,"flow_dst_last_pkt_time":1524746968366576,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":90,"pkt_l4_len":32,"thread_ts_usec":1524746968366576,"pkt":"AAwpwTTctAwlBY4TgQAAfYbdYApHlwAgBj8gAwDeIBYBIAAAAAAKCABTIAMA3iAWASX8NoMXTobLcgAZHYpcyZ8kWgX0vYAScIBuawAAAgQFoAEBBAIBAwMH"} @@ -25,7 +25,7 @@ 02535{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968662121,"flow_dst_last_pkt_time":1524746968661622,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1034,"flow_dst_max_l4_payload_len":1140,"flow_src_tot_l4_payload_len":1734,"flow_dst_tot_l4_payload_len":2097,"midstream":0,"thread_ts_usec":1524746968662121,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":19099.3,"max":202908,"stddev":48707.1,"var":2372380928.0,"ent":2.8,"data": [744,995,19017,29506,11113,127,1248,999,1000,6126,12754,624,8625,202034,202908,998,7251,6751,7252,7260,1247,2128,2995,378,21009,21750,990,6762,2,6750,736]},"pktlen": {"min":60,"avg":180.5,"max":1200,"stddev":257.1,"var":66086.8,"ent":4.2,"data": [72,72,60,118,110,60,212,70,90,242,1200,186,139,318,227,60,149,103,123,103,95,126,60,1094,60,125,95,104,91,60,91,60]},"bins": {"c_to_s": [7,4,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,4,2,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,1,0,1,0,0,1,0],"entropies": [4.281427383,4.959185600,4.579100609,5.619654655,5.411477089,4.829739571,5.596319675,4.894675732,5.166758537,5.366472721,7.601028442,6.201757908,5.921764851,7.156020164,6.896310806,4.658349514,6.097513199,5.672229767,5.596776009,5.715824604,5.162304878,6.073466778,4.799921513,7.803120613,4.833254814,6.058705330,5.062202930,5.764057636,4.995513916,4.579101086,5.463903904,4.446732044]},"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01346{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":17,"flow_first_seen":1524746968365832,"flow_src_last_pkt_time":1524746968662121,"flow_dst_last_pkt_time":1524746968663137,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1034,"flow_dst_max_l4_payload_len":1140,"flow_src_tot_l4_payload_len":1734,"flow_dst_tot_l4_payload_len":2097,"midstream":0,"thread_ts_usec":1524746968663137,"l3_proto":"ip6","src_ip":"2003:de:2016:125:fc36:8317:4e86:cb72","dst_ip":"2003:de:2016:120::a08:53","src_port":7562,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"33": {"risk":"TLS Susp Extn","severity":"High","risk_score": {"total":60,"client":30,"server":30}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01116{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":19,"flow_first_seen":1388017124762850,"flow_src_last_pkt_time":1388017125228821,"flow_dst_last_pkt_time":1388017125239930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":686,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1384,"flow_dst_tot_l4_payload_len":4627,"midstream":0,"thread_ts_usec":1524746968663137,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"SMTPS.Google","proto_id":"29.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":3,"category":"Email"}} -00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":69,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":9842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1524746968663137} +00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/smtp-starttls.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":69,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":9842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1524746968663137} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 69/69 ~~ skipped flows.............: 0 @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7793264 bytes -~~ total memory freed........: 7793264 bytes -~~ total allocations/frees...: 146486/146486 +~~ total memory allocated....: 11501867 bytes +~~ total memory freed........: 11501867 bytes +~~ total allocations/frees...: 216740/216740 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 551 chars ~~ json string max len.......: 2540 chars diff --git a/test/results/default/smtp.pcap.out b/test/results/default/smtp.pcap.out index fe2ab2111..336b22ce3 100644 --- a/test/results/default/smtp.pcap.out +++ b/test/results/default/smtp.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":934028408568957} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":934028408568957} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":934028408568957,"flow_src_last_pkt_time":934028408568957,"flow_dst_last_pkt_time":934028408568957,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":934028408568957,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":934028408568957,"flow_dst_last_pkt_time":934028408568957,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":934028408568957,"pkt":"AMBPo1fbABB7OEYzCABFAAAsEDMAAD8GkhjCB\/iZrBByzwhPABnlqEITAAAAAGACAgCMgQAAAgQFtAAA"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":934028408568957,"flow_dst_last_pkt_time":934028408569273,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":934028408569273,"pkt":"ABB7OEYzAMBPo1fbCABFAAAsFcQAAEAGi4esEHLPwgf4mQAZCE+jURBm5ahCFGASf+Ba2AAAAgQFtAW0"} @@ -9,7 +9,7 @@ 01000{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":934028408568957,"flow_src_last_pkt_time":934028408647164,"flow_dst_last_pkt_time":934028408647434,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":154,"midstream":0,"thread_ts_usec":934028408647434,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"pigeon.eyrie.af.mil","smtp": {"user":"","password":"","auth_failed":0}}} 02131{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":934028408568957,"flow_src_last_pkt_time":934028408659170,"flow_dst_last_pkt_time":934028408659389,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":469,"flow_dst_tot_l4_payload_len":576,"midstream":0,"thread_ts_usec":934028408659389,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":316,"avg":5827.3,"max":55118,"stddev":11962.2,"var":143094448.0,"ent":3.2,"data": [316,1134,19693,31096,24595,55118,2208,21382,1142,1166,1125,1230,1225,1086,1083,1063,1064,1068,1066,1077,1106,1085,1057,1068,1067,1048,1046,1060,1062,1055,1054]},"pktlen": {"min":46,"avg":73.6,"max":124,"stddev":15.2,"var":230.1,"ent":5.0,"data": [46,46,46,124,46,62,46,66,62,84,76,83,79,78,79,78,80,79,79,78,79,78,80,79,78,77,77,76,80,79,78,77]},"bins": {"c_to_s": [5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,12,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.217956066,4.965921402,4.414441109,5.606353760,4.414441109,5.401541233,4.398030758,5.373719692,5.366997719,5.482748032,5.540370464,5.525596142,5.518477440,5.566954136,5.471196175,5.560668945,5.565314293,5.578667164,5.537589550,5.586310863,5.547144890,5.611951351,5.485757828,5.482342720,5.493423939,5.506668091,5.516471386,5.546820641,5.505877972,5.562905312,5.524069786,5.501934052]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email"}} 00963{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":44,"flow_first_seen":934028408568957,"flow_src_last_pkt_time":934028408801393,"flow_dst_last_pkt_time":934028408801610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":16527,"flow_dst_tot_l4_payload_len":1428,"midstream":0,"thread_ts_usec":934028408801610,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email"}} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":95,"packets-processed":95,"total-skipped-flows":0,"total-l4-payload-len":17955,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":934028408801610} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/smtp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":95,"packets-processed":95,"total-skipped-flows":0,"total-l4-payload-len":17955,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":934028408801610} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 95/95 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7771556 bytes -~~ total memory freed........: 7771556 bytes -~~ total allocations/frees...: 146467/146467 +~~ total memory allocated....: 11480175 bytes +~~ total memory freed........: 11480175 bytes +~~ total allocations/frees...: 216721/216721 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 531 chars ~~ json string max len.......: 2136 chars diff --git a/test/results/default/smtps.pcapng.out b/test/results/default/smtps.pcapng.out index 9c6fd94e7..fb60f8080 100644 --- a/test/results/default/smtps.pcapng.out +++ b/test/results/default/smtps.pcapng.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614938504972279} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614938504972279} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938504972279,"flow_src_last_pkt_time":1614938504972279,"flow_dst_last_pkt_time":1614938504972279,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938504972279,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614938504972279,"flow_dst_last_pkt_time":1614938504972279,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1614938504972279,"pkt":"AAAAAAAAAAEA\/khbCABFAAA0\/aNAAEAGZc0+KyRjFUFfhJMyAdF0clasAAAAAIACFrAhIQAAAgQFhAEBBAIBAwMC"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614938504972279,"flow_dst_last_pkt_time":1614938505205257,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1614938505205257,"pkt":"AAAAAAAAAAEA\/khbCABFAAA0AABAAC4GdXEVQV+EPiskYwHRkzJiRoeidHJWrYASchDbkQAAAgQFtAEBBAIBAwMH"} @@ -8,7 +8,7 @@ 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1614938505342085,"flow_dst_last_pkt_time":1614938505439757,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1614938505439757,"pkt":"AAAAAAAAAAEA\/khbCABFAADb8dpAAC4Ggu8VQV+EPiskYwHRkzJiRoejdHJWrVAYAOXjtAAAMjIwLWdhdG9yNDIyMy5ob3N0Z2F0b3IuY29tIEVTTVRQIEV4aW0gNC45MyAjMiBGcmksIDA1IE1hciAyMDIxIDA0OjAxOjQ1IC0wNjAwDQoyMjAtV2UgZG8gbm90IGF1dGhvcml6ZSB0aGUgdXNlIG9mIHRoaXMgc3lzdGVtIHRvIHRyYW5zcG9ydCB1bnNvbGljaXRlZCwNCjIyMCBhbmQvb3IgYnVsayBlLW1haWwuDQo="} 01175{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1614938504972279,"flow_src_last_pkt_time":1614938505342085,"flow_dst_last_pkt_time":1614938505439757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":1614938505439757,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01206{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1614938504972279,"flow_src_last_pkt_time":1614938505342085,"flow_dst_last_pkt_time":1614938505439757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":179,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":179,"midstream":0,"thread_ts_usec":1614938505439757,"l3_proto":"ip4","src_ip":"62.43.36.99","dst_ip":"21.65.95.132","src_port":37682,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} -00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1614938505439757} +00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/smtps.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1614938505439757} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7770973 bytes -~~ total memory freed........: 7770973 bytes -~~ total allocations/frees...: 146378/146378 +~~ total memory allocated....: 11479592 bytes +~~ total memory freed........: 11479592 bytes +~~ total allocations/frees...: 216632/216632 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 546 chars ~~ json string max len.......: 1227 chars diff --git a/test/results/default/snapchat.pcap.out b/test/results/default/snapchat.pcap.out index ceaab03d3..5328f005a 100644 --- a/test/results/default/snapchat.pcap.out +++ b/test/results/default/snapchat.pcap.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1431417993318652} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1431417993318652} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431417993318652,"flow_src_last_pkt_time":1431417993318652,"flow_dst_last_pkt_time":1431417993318652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431417993318652,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1431417993318652,"flow_dst_last_pkt_time":1431417993318652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1431417993318652,"pkt":"ABoRAAACABoRAAABCABFAAA8f1tAAEAG3k0KCAABSn2IjYHRAbtgYhiTAAAAAKAC\/\/8GegAAAgQFtAQCCAoAKmfIAAAAAAEDAwY="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1431417993318652,"flow_dst_last_pkt_time":1431417993319843,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1431417993319843,"pkt":"ABoRAAACABoRAAABCABFAAAoAalAABAGjBRKfYiNCggAAQG7gdGfnedsYGIYlFAS\/\/9PMgAA"} @@ -27,7 +27,7 @@ 01206{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1431417993318652,"flow_src_last_pkt_time":1431417995589216,"flow_dst_last_pkt_time":1431417995588971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":238,"flow_src_tot_l4_payload_len":1296,"flow_dst_tot_l4_payload_len":375,"midstream":0,"thread_ts_usec":1431418008853156,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1431418008133607,"flow_src_last_pkt_time":1431418008853156,"flow_dst_last_pkt_time":1431418008802736,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":1069,"flow_src_tot_l4_payload_len":1784,"flow_dst_tot_l4_payload_len":1221,"midstream":0,"thread_ts_usec":1431418008853156,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","proto_id":"91.199","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1431418008131807,"flow_src_last_pkt_time":1431418008701836,"flow_dst_last_pkt_time":1431418008651172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":536,"flow_dst_max_l4_payload_len":448,"flow_src_tot_l4_payload_len":1839,"flow_dst_tot_l4_payload_len":600,"midstream":0,"thread_ts_usec":1431418008853156,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Snapchat","proto_id":"91.199","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":56,"packets-processed":56,"total-skipped-flows":0,"total-l4-payload-len":7115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1431418008853156} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/snapchat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":56,"packets-processed":56,"total-skipped-flows":0,"total-l4-payload-len":7115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1431418008853156} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 56/56 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7785005 bytes -~~ total memory freed........: 7785005 bytes -~~ total allocations/frees...: 146460/146460 +~~ total memory allocated....: 11493592 bytes +~~ total memory freed........: 11493592 bytes +~~ total allocations/frees...: 216714/216714 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 532 chars ~~ json string max len.......: 1370 chars diff --git a/test/results/default/snapchat_call.pcapng.out b/test/results/default/snapchat_call.pcapng.out index d5501bc53..6bd098e5c 100644 --- a/test/results/default/snapchat_call.pcapng.out +++ b/test/results/default/snapchat_call.pcapng.out @@ -1,16 +1,16 @@ -00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1595865799020160} +00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1595865799020160} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865799020160,"flow_dst_last_pkt_time":1595865799020160,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595865799020160,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02321{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1595865799020160,"flow_dst_last_pkt_time":1595865799020160,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1595865799020160,"pkt":"CL6sCxdumt9Y+uvcCABFAAViAIdAAEARymzAqAypEriKjqRjAbsFTpy2w1EwNDZQw4BG53qjBuoAAAABZPU1L7U5tyJMVD1ioAEEAENITE8MAAAAUEFEAEgDAABWRVIATAMAAENDUwBcAwAAUERNRGADAABTTUhMZAMAAElDU0xoAwAATk9OUIgDAABNSURTjAMAAFNDTFOQAwAAQ1NDVJADAABDRkNXlAMAAFNGQ1eYAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tUTA0NgHogWCSkhrofu2AhqIVgpFYNTA5AQAAACgAAAAzbE4qRvvkp4rlFQIkD4jjmdOAAP5SZ2hG5WgHAg7x+2QAAAABAAAAAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865799020160,"flow_dst_last_pkt_time":1595865799020160,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595865799020160,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +01209{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865799020160,"flow_dst_last_pkt_time":1595865799020160,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595865799020160,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Q046"}}} 02357{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1595865799020160,"flow_dst_last_pkt_time":1595865799037006,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1595865799037006,"pkt":"mt9Y+uvcCL6sCxduCABFAAVi60BAACUR+rISuIqOwKgMqQG7pGMFThqhw1EwNDYFw4BG53qjBuoAAAABHHnqt4ztMz51vP6XgAFSRUoABwAAAFNUSwA5AAAAU05PAG0AAABQUk9GtAAAAFNDRkc7AQAAUlJFSj8BAABTVFRMRwEAAENSVP9OBwAAbUU2ixV5Jj1qHEQQZYOHtdotUTPKCy0omzKN6SE7STZ4\/rKMxZ9\/rrj8l9tx+PhU9mRQzeJZ+1Dabp0JaMw4Ax2lLo8wBUBdtg1GpS3urBIhqVx\/8nRPLB1cTLrUpB570Ce5EPUwnKR9lOYP4jBFAiB3SpfbIfQpyAe+ZsA1KXWbSYFVXmlAhM9hKVIcNwAFzwIhAKINNKjm9Y0DRmywB4GeockL0Y3PJJ2PTHmxvqAl6rucU0NGRwYAAABBRUFECAAAAFNDSUQYAAAAUFVCUzsAAABLRVhTPwAAAE9CSVRHAAAARVhQWU8AAABBRVNHQ0MyMAO\/Pud+GiRqUM930xoSwNMgAAAzgoMwBXTcjfX\/uLgWESbe\/GDn3+Z5Wy5eude5hIrxK0MyNTUy3iwBeDJ0hdzKD01zAQAADAAAAHLO80MAAAAAAQEA6ggAAHi7IlF+sTNiZQCWXKx6Bk0smxcAyyAmJgFO2z2LJtgwHuFZfF6JuflcqgEXGwewWDpny8LMbOCDWiSJGghD0i2PS2Z6Jqg4ACVbQzWg\/8FJRBYu7OrsjFmUAwsFIwNgXkJkLSMjUNYyNAJzDVJQbYOmUQ5hLmdg+knLL8rLTIQ5gV2YJzgxryRRwTc\/Dxh4hkIGAhCXcQbnJRZAMhNUKTMPj5YeMFhzMstS9TLzDSKBwuxgHzIxQr3KzMjO7MTA0igTPiXBhk\/onni666rTEwW2GV7P0HIt5RAIXKgqHG0lyz+LaQ37Sb9X68wmMzzfpJMbI+6\/war2EINr2z3pHSav6hc3MccaNDFHokTO4rnP5H\/esvQ\/kPdi4umpS28ZPuKaj1RHBL7\/ujNAPVOn37WS752O83bRN1k7DJRB0oIsMgZSTShub+JC8gdKYcjeQKjszISUlUkGCQZ6C3QWaLVpIMpKY72UTKR8UVycnKibmpysm24IrtEw1JvgV+8DKQhdDZyBxSOkYfA3h5ERX\/GLYp5zQLABBxtbeiMPMIEaVCPltXyDXNx5DdkMA1ekvGYJc3kiSLoY1TJYkgWmWEiCRSp3StBqrCbGWjYucEl5rZKJhYmliTEXiDMZ0xnKGNyWhr4u\/TVRwWDros7ML59rBXUcS\/b99dzRuvrTn4J\/ue4MDIyF97xNnBgYWJgZ3A1cmRQZZl+WnuB1dsnif3fPXLu66NVPttQQNgnXFyeSpjbviVMPvsSkkKnJ8SbX7sSrj30mcX6\/VAWXm72+rLYpIjtI\/4Pe2rlv1IH2Krm6skeGqoRNs1+o\/\/F7btsDZbXktQe862OPNcfkPeJngtqrDrdXwUB1507jl12PbQL\/ybLt+9VWcsd2\/4OdQYxPekSfzHnGdBnksoD\/k8V3L9Lbv0bDO\/WlV93k58q8IeJ7Shd\/k5gaMNlDhaGUIXDxhq9\/GSvnhOXuMK\/o51lSdUZa\/fT3eR1Os3j\/XelmfQq11x5sr5uBC5NC2tpbFwyfLJZe8nnhYvF5pYurJx\/i93xZwbWvt+mx29md\/5kUgrJ0vgl\/6lq870XJzFvZL9lvZZeX8D\/9s4v3bXp609M\/CshlE3Mmg0EakyHDDbOtMsq6skVXu5mVPu76eNXwNe+pKj\/OfovXBece+Cifdpz8TnOjJcPFhjtTSzUqxSSAWrZv6p0iOl+y6nXK3m9XXNa84pm1qPWQefDM"} 02331{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1595865799020160,"flow_dst_last_pkt_time":1595865799037074,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1595865799037074,"pkt":"mt9Y+uvcCL6sCxduCABFAAVi60FAACUR+rESuIqOwKgMqQG7pGMFTlWjw1EwNDYFw4BG53qjBuoAAAACYTy54mZ50XnS5MjxpAEFJgJoF8maXr+sg1zn\/py4s01uT+X8o3fm32Z\/27aBGVRqMq8xaGKaAi01uU5r7HKLe2rJUVZS8PnsMSHkxhwPsDGXSFTBCa1buYUF0POAoYKBHKRMFYfrgNSNCkH5+SWw9rKxgbGBBbT4BJamyFwql91lwAIWXmqyajeyMCgxJzGwPOJwelV+Q+XeAp2UJcLnHOYoF61k4uIzt1c029EbLPLt6sSp3p+nMfUWyh25cXr5\/Lj3C57VR00SnBac\/\/rAaft1f6Pt3VWez2LXm7Zvhf7ucIn1hUv2VljJvYi2yU4R1D5jot2zuIlREZjtZA2E4BmRw4ANSDEBW4soJSBjm4EJUkmhYaBGZEnhBCkYrUGNuQWmC4zbDHEWjLAggsQEKCIgzRMDW0iJZwas2ozYWIBMBpIKO0R1gLW2QK5OmO8FmIZd9Nmd9mHxI2npw9M32V4MRUt84P7L8a4Fzt5vSk4eXX1V3sDULG9GWLXHGtbkddWzwlXCz+T\/urc6d87xbbvenHt+qjjl9n0Wcy4Gz83289XWTuxReCHfwaf1O838hMGLS4dUlrt66L5iDPAynCJ8vzf+ltZuT5vEz5Un5qRNkpqm9aXaLGKxjqNAidTltx7bLu3uYnMtNBYwqKqaoXhXZeebOVsnsa9tPnYk60f5M9N9wvzqKZuc9ze\/LA+7zdE+xV3ka7zG+sUZPs39Cd+nNVS2ZpWpzZ3Ko8Dca\/euSiM1JW3JzeZXM0vO5vnWyrzu3XR0vZi034nPoa86LARNZAXX27Ov8M+6VCKor\/WneHv8IVFn1pxrtbeY9irN9r\/8sxwAcED2UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02326{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1595865799050574,"flow_dst_last_pkt_time":1595865799037074,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1595865799050574,"pkt":"CL6sCxdumt9Y+uvcCABFAAViAIpAAEARymnAqAypEriKjqRjAbsFTgAjw1EwNDZQw4BG53qjBuoAAAACKKznrhPUqJ5o7BjwQAIYOgIApAEEAAQAQ0hMTxUAAABQQUQAIwIAAFNUSwBcAgAAU05PAJACAABWRVIAlAIAAENDUwCkAgAATk9OQ8QCAABBRUFEyAIAAFNDSUTYAgAAUERNRNwCAABTTUhM4AIAAElDU0zkAgAATk9OUAQDAABQVUJTJAMAAE1JRFMoAwAAU0NMUywDAABLRVhTMAMAAFhMQ1Q4AwAAQ1NDVDgDAABDQ1JUSAMAAENGQ1dMAwAAU0ZDV1ADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tbUU2ixV5Jj1qHEQQZYOHtdotUTPKCy0omzKN6SE7STZ4\/rKMxZ9\/rrj8l9tx+PhU9mRQzeJZ+1Dabp0JaMw4Ax2lLo8wBUBdtg1GpS3urBIhqVx\/8nRPLB1cTLrUpB570Ce5EPUwnKR9lOYP4lEwNDYB6IFgkpIa6H7tgIaiFYKRkQOZdTLeLAF4MnSFOq4wCsGZFGIlTmcj5MNiAOJd\/wxBRVNHA78+534aJGpQz3fTGhLA01g1MDkBAAAAKAAAALCir626Nfdlr16nNUFUTgfR1r6cqrNy6jaIgHxu7sBUVbGuAflhncgG\/tarPbDP8Z0PbFQMXHjUk17jcBtg1V9kAAAAAQAAAEMyNTVQ9M9VwKYsE1D0z1XApiwTWWjAu58dEhUAQAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 01314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1595865799050670,"flow_dst_last_pkt_time":1595865799037074,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":625,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":625,"pkt_l4_len":591,"thread_ts_usec":1595865799050670,"pkt":"CL6sCxdumt9Y+uvcCABFAAJjAItAAEARzWfAqAypEriKjqRjAbsCT65h01EwNDZQw4BG53qjBuoAAAADhya4qYtt5V0x0ahvjuC9izVEzqKNd9dFg0dMX2kM7C7o65\/lwye0QEqUC\/fCGnlM\/1CMtfUwRQbzGMRImbuULyAzl42+\/yFFWWo+QUuwBatFfFmK4zNTm\/z1uJiJx45q8MwBT1SF49h8D00FJwLEhGuT7lLo38hxyrt1V5gKeN6Yici\/BYXIFDRbsK658sEE\/624H625s4aKxx\/\/iaYlWlw1NYemvZ81+xME4wR5jIWdtJYhoBMPjsjzd8fMlI0iroodQ9egC+VsB1acfUpvzEnydha4p2YSnGCF9FkGgwvrldhD9oOEyLcOj8IOpmDh6FQpmfIFw2Nd9YmWV1bvGPdjTV3ii5rvSBAQeyyc4GueHrrLpMcI7K5nT2bA5kT5Jb4rsXauVMAfSvIN1lWQGw2MaYoXdHWOIG9cbnVekJxe4MHacCqdA8LlfAl2pvwfeJr31UBoFfROcR5Wz9HeaGVQMd5IbPaMJh2CqwAdPKy4NjqBvTPwMr323VnfvxK\/vHBkeEfqQhhF4Yhfz\/DZ\/EJiugX4801fCaoDsbad+zTLUqhhfpcRcwnjkv4rmF18bOTeFFfjrqDCHH8kM8e9WD23FJW64Y9cQ95jV\/W9f05cZIJtKFGufGrZx\/n9lODrwnKI59iaqR7wdk8EKFX\/qunAqnHF901nrhXV22WTg54nqMXdoPFE1cRkI83F7fXGCKfTAgNcGKIOPxN8ZzZnxRc4IEYD7BWzsnJSf3+hCIEUT\/wmgg=="} -01111{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865799615597,"flow_dst_last_pkt_time":1595865799120864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3730,"flow_dst_tot_l4_payload_len":4552,"midstream":0,"thread_ts_usec":1595865799615597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","quic": {}}} +01132{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865799615597,"flow_dst_last_pkt_time":1595865799120864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3730,"flow_dst_tot_l4_payload_len":4552,"midstream":0,"thread_ts_usec":1595865799615597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","quic": {"quic_version":"Q046"}}} 02337{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865802042641,"flow_dst_last_pkt_time":1595865802853531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3902,"flow_dst_tot_l4_payload_len":5824,"midstream":0,"thread_ts_usec":1595865802853531,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":221156.5,"max":1447282,"stddev":397282.2,"var":157833134080.0,"ent":3.2,"data": [16846,68,30414,96,24231,5110,25,16,20308,29142,5531,102,7,211,2051,54351,38,19,507575,1447282,48721,53521,57932,1172660,3328,7500,379723,803486,440070,1155688,589800]},"pktlen": {"min":48,"avg":331.9,"max":1378,"stddev":468.5,"var":219532.9,"ent":3.9,"data": [1378,1378,1378,1378,611,64,1378,48,414,56,72,66,66,66,187,86,48,48,48,72,337,289,337,289,72,56,56,72,56,72,72,72]},"bins": {"c_to_s": [4,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [4,4,0,0,0,0,0,0,2,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0]},"directions": [0,1,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,1,1,0,0,0,1,0,0,1,1],"entropies": [2.189238071,7.706800461,4.743436813,3.984874964,7.719462395,5.249389172,7.849965572,5.376628876,7.440353394,5.374054909,5.683540821,5.644934177,5.675237656,5.595766544,6.808179855,6.041157246,5.293295383,5.251628876,5.209962368,5.540976048,7.375632763,7.234831333,7.426898956,7.225734234,5.603883266,5.407986164,5.336557388,5.692057133,5.063577652,5.570461750,5.619208336,5.674763680]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01132{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":25,"flow_first_seen":1595865799020160,"flow_src_last_pkt_time":1595865807298358,"flow_dst_last_pkt_time":1595865807311868,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":4245,"flow_dst_tot_l4_payload_len":6427,"midstream":0,"thread_ts_usec":1595865807311868,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":10672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1595865807311868} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/snapchat_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-payload-len":10672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1595865807311868} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 50/50 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7768203 bytes -~~ total memory freed........: 7768203 bytes -~~ total allocations/frees...: 146421/146421 +~~ total memory allocated....: 11476822 bytes +~~ total memory freed........: 11476822 bytes +~~ total allocations/frees...: 216675/216675 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 576 chars ~~ json string max len.......: 2362 chars diff --git a/test/results/default/snapchat_call_v1.pcapng.out b/test/results/default/snapchat_call_v1.pcapng.out index edde2aaf0..0443d98fa 100644 --- a/test/results/default/snapchat_call_v1.pcapng.out +++ b/test/results/default/snapchat_call_v1.pcapng.out @@ -1,16 +1,16 @@ -00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1642584090467068} +00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1642584090467068} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090467068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584090467068,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02157{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090467068,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1642584090467068,"pkt":"CL6sCxdumt9Y+uvcCABFAATM1GNAAEARienAqAypIvbnjLmgAbsEuOe0xgAAAAEIhBCu4jQ62egAAESetqOQdYkJpUmUbLd7dCny\/mAX1uVpyJthsRXpRU8VWePV6W9beCrSrw4bfN95OOqcQUuDSKA2fVL0D5kDJ\/asNmiUDm2dTxwoLy5LKegbuvpOEgXdXJGz6Gk+MnVuMvTucZRlP+kU8Z0hZYkJrEueNZLXvMiZw+w\/3JMAscB+SXgxqObQ7yqheFwPcswCbW4HViy9+ZaTJc+BYhkJ055qYehc\/zFI0KCoMBJhsKt2St7\/X\/sFqgI4XAc07X8JocrJhc\/vYXREaOwS1grTxRlgBfafpoYoos9uZIUmAfZUhVF+lLWk3CqNkdJgUXPdulhipVVYaytwLHOIKcNR+3k5D+\/5ip9PadVan\/IjuHWRUPMyGV6b3kpvu4ZcMqB6rJq4vpE73h2pGF0y4EfGtr2FNVuu\/KuZJ3dp3JvEjR\/jeOHRA42IPdKCIbXpvaPGXS28mVqFTiEIIj88lm4BOyrmXPIPMtTECpPWXYf1XbpuuCUtRrtjD6xtUwvOdF9\/49wZuztXpaWoqNcQwFnDBkZcK4JaXOC2goCGnfAWoYp5AJBHldfKbfHbk4OnTcNEk1Fc\/jmV0Dwf0S3IJ8\/MjTctjPx\/KD5qo0FuvyoLHkOQ909\/s0dlEKb3vF9qIuNXDktsuA8b\/CMA\/PICfvKu+us2XV4zg9UBqIz\/wYrRHey95hrlR2Gz9syR8cUSxAjGBEfwfSBTo+DQ4ZP4AipF\/o\/3HAEIDbIYHCtLdSkqDEGjYxeZ2YRMTfV9dex7lm1iCVcGCqNklEhG2Mmj0J3t83ZH4j+nee6OiFL89sraDjJa3wwZ8+3ZqrljAmdHSfpk4LOQDpcbbltBW5wDrl76HafLd6injkxl9HTuPqNi4WWIeQ02C4UykD3hQffn63eGYR\/x9OLvJ+YUn8A32KaYS9sQwjTZBg0J9pe+BK1hOaXgA2xiCU1YHz8WM5n0aNeT9iBNNuHuzHlzpHLfqgYDp9JcuPKHRPRujBhigh48qLYtBSwjrSf2d0jQlkgTDYM\/o8BMBgAnLPxb3W0\/3RRiGRSDSgbzQdMEpQxmRiPSdiwP+EH8+IyeRPWFFfm4uiJoQUwnY5uFAZvnFcuw+f1iwJTbp3HCxFFmpBTc\/xIvkWFx3AeN63YiZu66yn2nCpER2XafvDOLi1ZIBu6TajSC28+WMrnkUqKFx1b3gCNvogeYcsVVy7HrZv3I4oy46NRbHrQPi\/GptSdY\/S22zjlh4dpGHbjNttrFqXg645yNyJLRKndem5QJ1LpM4OCevsgIJIjTdrinLDDbDze8ywEiM5GtX3Hhdo6Ac0xvMkmw9sPMaE3r1UeGIp5+NEQ0sWutpw9ro\/rlPmKqQLBnXWwkeDL1D1SG9R39++9bQ\/PgYXx5eDDg3XSqp1bmEfBjCvyTuN97k\/U7r2ALo84ZR2EmlZemvZ3C+jFclmBJEJgBqLhouZp5kCgMVAEd5F5py9kLD1XMjkSEOrXxTq8EZ17YEC3TbzqAvAERJ52Q\/z+r7cjUfqDXPbUa8sDfuVcAF5mcmS7HgRUgcPp\/HmAfl74+cll\/xMfoNZDYD1gRHGC8lt7l"} -01339{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090467068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584090467068,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"str1-euwest1-34-246-231-140.addlive.io","quic": {"tls": {"version":"TLSv1.3","ja3":"f4545fa40dda0c87b1bd81d9a55985a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} +01360{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090467068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584090467068,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"str1-euwest1-34-246-231-140.addlive.io","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"f4545fa40dda0c87b1bd81d9a55985a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} 02157{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090510899,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1642584090510899,"pkt":"mt9Y+uvcCL6sCxduCABFAATMACtAACsRcyIi9ueMwKgMqQG7uaAEuIDvzgAAAAEACIQQruI0OtnoAEB0QD824LrLAyxFBv1fqC0vaUKEAPqXWhnEZkjfTAB\/njOtOw2ulcbmFIEugSJafyUehXXTD3itxf7ksLUq9y\/k3UQN6H0MWJJfU39bTLcLNZtRgCmzLh\/pdC+zrpjsjqE+DlwKWQj6ZxmWOATbtX5yapzh\/zLvAAAAAQAIhBCu4jQ62ehEGRgqb0lDHv2OzRv9SYMh++M74n\/5C6L81Y+NbqIA9wYxgdpUtSrpq30E8MtuyEa1BH4peOzFirFPBl3rWJrGSHKnrfhVIC+f74RkClApg0X6KrTmEQthpSukiFMtP+gmZ3vezghCdkGYaRbeff1ArdW\/idTFFtL6+Ybod4h9ZLheGlfqXbzlFncRv2O4JSFT4xwVInmvI+2OdCXpJ7mOCzyaHFWPEVM4O9G0qQ\/PCSTEGb+ie9L9Y3j4npfXpYlb\/iKV\/+TVa0bXxNltC72TO8M\/fXMHxLxD5BAtV7iS9wp+L5ktQDVhS5fTXmD2Bb6L6tmUlhdicMfEmv5cz43FS0Qeqb7Rj+y3qhWxhS3VX82JHgiD6fZ2h9mlpL731QifUS3g0SdRRwg1JqnrDFxd5zm9GKu\/W+k\/pkAX4dlueS87EYy1O6YGhluke4E3O7WB6qTdh8E1RzCSHtVmA5Tim1tmajYL+sgbjJ\/QlPS8DA23hij9dRCuyOsuNgd8u0XlhrsM\/drrobHl+YJpdSfvZPaJHatKlWeqR1i8gWtCGC2f4NeZvc6\/PIiENQezJRk0X0NcvTjGkol0THr49kxRjrte+rh63Pzl7oh2Yr3YSX6O+jWhOOUanPMASyAapnuTcMkc5Fnoeu9iaLOA70rejlFy\/be9kaaK9Bu3BhXclBx+bar9CtBzeHCgHBZuHAjXO\/0OBQavnaC3mVdtMZziyna79W8Gvr\/htuENoGE0LgBeUx+pgQFztajZzvugufZ4p0vnjbld5enolbbLNXWUx63+TZ63MnV\/dMGR8qEnzRIr1PfiFE\/6cjG6tjPbO2VdyOWae2YWMINhT+N9qcf4H1hp4pDFszQ3lWXDto70MVIjkxju0PeGj92dMPx7MNqJilcDShlGJwsLGmmQSGn+HSl\/mgwJpzWHQpNOo\/LlaLTyqBSY7pxdmX9kN3h8UN4Hd2Hr3Fk0rar\/KvXJ3mVHBaDaCVmcHltt6SahAtc\/ocPI+afleJ+CTQhyn2dj+rcBHfFgNBc73fIN+mOHAAEWC9riYo3FUcM6dZUITQhOeK4Uuqw1LA4YUs1EL7ddtpf7l1\/fuZIVcN3Lc6l59Vm5Th6IPGL\/LPZbppV\/hJBl4pDYlu2qvZ33CJfgCRxwbmj5SOWDeMzZguVTLty80nucVTJUpD3z7ix2quIVwIYifZZYIF+VzC6\/drr8N\/br1f5DsfYeJPRGr\/P49nJiWl39BNFrK0OYQv44JIlRlAt9CGCdR4g0dN3FgfiL4\/lUi8YPSU3cDIZxCdnQkdCIGcAhjfN4gggt7zg9kOnJIzAY8njDa5SRxm8rijaozS5CsNDVLCBZ40nww0LginRe2hYCVIwXbJ1vICjAFnUQldXnI1vBYa\/\/GLFN5BSD"} 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090510947,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1642584090510947,"pkt":"mt9Y+uvcCL6sCxduCABFAATMACxAACsRcyEi9ueMwKgMqQG7uaAEuL937gAAAAEACIQQruI0OtnoRJ8S2CbWB5Aa0NIEXBtQqqcNr3LJSM6luXrG5NB5jmw8BTTb7hBzxN9NXN6dQKMU6M\/xqCcyR4cjD6lSS3pMKiulwTRvlYIwVKrYm+LhqRSNNN9rSSBVey45DhDraPxQlvFusIccmf5pTLSUteoQRBy1cLSEm6nBu4RC7azyB5EL8qSVtz4J4crJKZsjs2lCJk75A3KNytR6nhnlSjUnkVZtt5RLi5uyOfP2DILzBp51r4LGtW0yXDAIdHwvsWXI2hJjcdIIrmWloDxkCwAKZC5EYqgdbkZgTSRifx9y1B1lCrjW28p0er\/SsLQRO63igT0BRcTPDDeO9SrSeefcILOCfEmPAzXPV0myN+1F3OMJ9M7bwSMdmh3Te5QLMWdOoH41yu2FlDOIypWVO9Pv96cTS5Ilj+GV7aLGyHyXi3IZYZEoKKqyhwIna2a6e4MNNKf3EAzpThQGbjqo7698qgbQUq2HL3qjCWS+CRtbfNkK9wg8uCu82wlsfmGGlRR1nmIOZXfFcAZR4x8GrXvDXKntFSIQOZB0U+tJ5PrbDi01e\/aYdqhfMwxXZtyx7KiW+TmbWbPelbmOCIHI0e08tuHB1CLCzz+4upnoCogpOKVLLALGcUjxCAu+pUv61bCHRM7tptNufqfA2xkBjhsI+cJGtnHDBDBMFoijVrmS\/zSO1u4SFIytu33p6ATJUJwcyOqZJTlezz7IqzsJSkrCe1jMss6AdqR9bqpEA0iW9qSanlGm+y0KhhX9IH9mvDfS2wHTL9vXoVLM30efMTCC2eMOc0hF2hJ\/SKhnX9kZ8nM4pLNdOggzvdJ78QbLL3XonQffjLfTUj8pdg\/k07T\/wHaWvnMTATaV8twc5oalBK1G57uIuWEU0BWTbqqh\/d8vW7HoP43MPPQqP8uleQpJ6QzGgNQchwb8GlPL+54hnzRkSAfTWDJ9fJwDnOrjl8eAuB7PaUyjnVOLK1gwmeLc4NDXtW6mSM5Y01gq5urH3wxuN7NP7cNwE1CKjtQFsHdkC0yi+1PWjuoxQQ+goJ7LxkZ0DMB6xsrceuDyQ53d9lKQ5UOtQ4OeGnOdu6vbi1BlMTpaUfbUQDIXwlgsT+DKpO9MEkG\/jS3hCwDx0\/yc0glnOfiK9kAZmEz+hgjHHRBHjnkmdeXNU4+OBDMgHXhepHBoO95qvrx9a7GP\/A2J7r7tse+Y56SOhiM8jHzI9H1U+puIjp83iWJK5CpnEU3nbD80GSM1Sup9eAXtXiCr\/B75wJKor2wn4UOj4Ux2FIHok41GsJFHB5HnorW20r\/l52IrOjHVjIhClksdjbVScYXPR5YirFs2nXT5Dva19DDqRCOwzsDyQEXH1U9vYygdFoXKcAu6wd2fHrGin9eaCK77QGr0XthC1gxPqYnqN3RTsiiUjThCv2IUTFyxqSK1IIKKHi5ZU9T1jkHGZi8dSiiLSTJD3c8mUAUTgUhTJlqsUhDQFp+o\/bCVmR9kyAbQNGBaFAYpXivaz9UsJiT0gzypPGjc+PWwg+YLHNYCZO\/PXld5eNlHXPcL3D8XCr4Hs7EURSi9cIytLJ4GUjbFU5Es"} 01066{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090510965,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":447,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":447,"pkt_l4_len":413,"thread_ts_usec":1642584090510965,"pkt":"mt9Y+uvcCL6sCxduCABFAAGxAC1AACsRdjsi9ueMwKgMqQG7uaABnQGY6QAAAAEACIQQruI0OtnoQYQYnnnY\/TwH7sisj44tuL3+S79sTC6Ii7C544FpS6RA5K1Gjsz5ONuvxXkzNOLK1cYjM1BZc5en4+alF+S80t4B6oLjeiQw6GIRzLlWrhpcCm1NOSkaA\/Dko4qIqQCni16yxQTaptE0AGFcNNAX0GOfi3XN6s6XzCG8je1LlpGI4thEqvIt2xXW\/SZWNt2Vx\/5\/xFRoRuRR+KCPJu4DsSu6O6ErV0wG+KCg2iwG4IOhINae17UeS3ykPewIVzmk3whB7bdUPJFLAycMOsw8SbTyqEDisfw54GfpPiOpKX+W6oKkLysbm3C16rjWGPHZVKbLFMTvswpdijcDfHnbZYf4Ep1ysQYvni7qm7sEvSLMA24s5MIVcSslKhAapH9jij90YjMTlIz8R5xVW5MggGl0JNueETv24ewnHSBvxe0Pai6GjyV4wsLWk95rG87iLl7hrkng4a+Va8b3OX4VTa5JNyAQz82r6PxxBKFbXxWWmpq85DihpLMv42c22LkBA1V336p6"} 02147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1642584090514239,"flow_dst_last_pkt_time":1642584090510965,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1642584090514239,"pkt":"CL6sCxdumt9Y+uvcCABFAATM1GdAAEARieXAqAypIvbnjLmgAbsEuNIaxwAAAAEIhBCu4jQ62egAAER1VsqkkGCUXUoSghfrHSEv2MjVBQn+ZioJyigAeY0ikBzmb7200Tcvi1hSBAOmhV480\/Q3Cig\/aTvbP+dCfpgUSwwzyRAaWrI+yr7LtA7hieNtNBGEuSSMGWfoH\/jhIeviO+ZkLZpBdKOHigiHov1PtOx7eqf+x1fkl5S0Ta+8YrqYQTOrQ5gbixM44N8cBqxem6ogn6PSloYENciwutVZ8uGPqP5kD87+jC0216PUNN+CNV0Iw85UiWsZNfReg3piVDPNxpLS\/Lq5So0r1ainNJZ30tyNKCH7gkA9CuIBHCA2D2ylb0wjO9HjJvee\/1k+bKFtIBjPAdWCtc\/97hbww9XmC7u84pjPn5UtwvpvXaf29PG3\/k15\/ymEzAoTbb68fA5ffoMapeBbeXpvquTAHlTNIC8pEaoC8+jnjuxKkbkK1CImwgrjpHaCJ7QogmpbGVbWj\/LoXlKNTgt2BkVjRqg5kjNM9rIcTg4E\/YZHHd4V3KvVXKGoTXM9IwoyFPfzesrHOYi1Hjt4f2AwbK4nFM06lFtiAbK+Ncrds5MU3hu+fOjlvapu2nBl2hlTpUwEwNu2OTjTlHXqodNGtfSJqqiYhKK7gghfP3NiPkmpSjYHviqpD66d6Mk7f+deYdAKb+6f\/XsxiTz2thmntL44NWQsEAKWHvWQbuVYItT9gS3oDGRAg\/xsDBVjGmSwH3hzXuNQIBVIKmEM3M7kJBgsBDwVQ+2a5KSUmaPV50LFyFxcxzfRKrreKzRGpNVe4GCu1D4gCeS71HDlqQ+Guu66i2IvHUe26\/3eef1zP+xEjiZ37QsjbcmARgOBFA03gEmFTiW8I73ezpo7Ae6zLyUrtB5D2b6UVkQTmof1nEWlxPtkQqw7rzKidHVgBiXIyA6cg2A9oIJLl6K4+N8fZ+cA\/K2C9XoaOq7axDszYDbWpbzadrIZO0XCIDio+8UlywF3Eh6ohyNKRFGWqt4ZEggeRtd0+dqXiEsZ471e5S5uB\/IzkjqcnucZa3X2fiBogCeL2N\/DBj9QLgNz3zsylLwCj08CFgQSU3mCULZED+eJzRynvoEJ1kGRR3VtKzXfrtRrmq7+djaxxg8AuFxERvP\/mW9VdBiLkd\/BIjuIYXKa+m2vheE2+KRSRWL1QKg+99GKR9b6JY7oucgWkBXG\/3wnLSMKV6p6ZfGuMDrlW0dZtMCirEdHJNgczeVIMRB5nVmfHyH83HYOIZbVxER9EnpsuxOmjRc+\/TqVm8I5ZGJj6Ay0JEsjykwHpfroi6F6Dz1DuLzXkMkl+IrYgQSnma2yYchVZd1jJylMWrw8tlBnca5vCx6PPA\/pYkCH1qBXkKvwn1TFAKFSBGzeDrxDTSrDdjOQc03vBTwF9WxXstbO8dcPEVplg3\/IV1GPORubDjghygFqmDO\/FNUWN34+k2k6vbfiDMK63+w+xqAUDJvonoFixikWEN290hSxoc+3AKJx2tRNT7+iLBUQw5rELbGYoLqE+DHx8VKNtgeaxuD3UDIMOZR3c+UAAAABCIQQruI0OtnoAEAYjLgYZ1DeuJwCT8AWduwfbAEyRKkz6dYI"} -01231{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584091048184,"flow_dst_last_pkt_time":1642584090986004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":3514,"flow_dst_tot_l4_payload_len":3706,"midstream":0,"thread_ts_usec":1642584091048184,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"str1-euwest1-34-246-231-140.addlive.io","quic": {"tls": {"version":"TLSv1.3","ja3":"f4545fa40dda0c87b1bd81d9a55985a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} +01252{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584091048184,"flow_dst_last_pkt_time":1642584090986004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":3514,"flow_dst_tot_l4_payload_len":3706,"midstream":0,"thread_ts_usec":1642584091048184,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"str1-euwest1-34-246-231-140.addlive.io","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"f4545fa40dda0c87b1bd81d9a55985a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3"}}}} 02220{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584091097462,"flow_dst_last_pkt_time":1642584091088958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":10528,"flow_dst_tot_l4_payload_len":3826,"midstream":0,"thread_ts_usec":1642584091097462,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":18,"avg":40396.3,"max":284273,"stddev":69954.6,"var":4893651456.0,"ent":3.5,"data": [43831,48,18,47171,5912,7197,49242,50,34720,7943,33195,29741,120469,284273,668,11816,262103,35232,126423,262,9441,12613,6510,7068,102933,21,6234,340,1312,2360,3138]},"pktlen": {"min":53,"avg":476.6,"max":1228,"stddev":428.3,"var":183471.5,"ent":4.4,"data": [1228,1228,1228,433,1228,117,610,446,104,62,360,61,90,53,70,70,198,53,53,88,1147,1148,1148,703,523,72,104,525,525,525,525,525]},"bins": {"c_to_s": [0,6,1,0,0,1,0,0,0,0,0,0,0,0,0,6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,2,0,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,0,0,0,1,1,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,1,1,0,0,0,0,0],"entropies": [7.846151352,7.818212032,7.842855453,7.458201885,7.834816933,6.378828526,7.731168270,7.464651108,6.216168880,5.760650158,7.392130375,5.557705879,6.136295319,5.508872986,5.957851410,5.707712650,6.936640739,5.357929230,5.395664692,5.928121090,7.845738411,7.830622196,7.823609829,7.678224087,7.645185947,5.669923306,6.181212425,7.564388752,7.568304062,7.613670826,7.625892639,7.577367783]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01013{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":386,"flow_dst_packets_processed":91,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584099996389,"flow_dst_last_pkt_time":1642584099885088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1259,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":337357,"flow_dst_tot_l4_payload_len":7923,"midstream":0,"thread_ts_usec":1642584099996389,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":477,"packets-processed":477,"total-skipped-flows":0,"total-l4-payload-len":345280,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1642584099996389} +00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":477,"packets-processed":477,"total-skipped-flows":0,"total-l4-payload-len":345280,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1642584099996389} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 477/477 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7790614 bytes -~~ total memory freed........: 7790614 bytes -~~ total allocations/frees...: 146869/146869 +~~ total memory allocated....: 11499233 bytes +~~ total memory freed........: 11499233 bytes +~~ total allocations/frees...: 217123/217123 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 579 chars ~~ json string max len.......: 2225 chars diff --git a/test/results/default/snmp.pcap.out b/test/results/default/snmp.pcap.out index 44aa95995..d8be94f93 100644 --- a/test/results/default/snmp.pcap.out +++ b/test/results/default/snmp.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1597326815572660} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1597326815572660} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597326815572660,"flow_src_last_pkt_time":1597326815572660,"flow_dst_last_pkt_time":1597326815572660,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597326815572660,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1597326815572660,"flow_dst_last_pkt_time":1597326815572660,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1597326815572660,"pkt":"AAAAmdpxAAwpCIFqCABFAABHM75AAEARRUaw0zwrYQBzo6gHAKEAM+IpMCkCAQAEBnB1YmxpY6EcAgRLeBpuAgEAAgEAMA4wDAYIKwYBAgEBBQAFAA=="} 01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597326815572660,"flow_src_last_pkt_time":1597326815572660,"flow_dst_last_pkt_time":1597326815572660,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":43,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597326815572660,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":0,"primitive":1,"error_status":0}}} @@ -47,7 +47,7 @@ 00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326815572660,"flow_src_last_pkt_time":1597326815679824,"flow_dst_last_pkt_time":1597326815833131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":57,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1597326981598419,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":43015,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326863415554,"flow_src_last_pkt_time":1597326863597558,"flow_dst_last_pkt_time":1597326863776609,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1597326981598419,"l3_proto":"ip4","src_ip":"65.2.162.193","dst_ip":"130.70.149.185","src_port":58433,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1597326858008780,"flow_src_last_pkt_time":1597326858140036,"flow_dst_last_pkt_time":1597326858289894,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":43,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":43,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":86,"flow_dst_tot_l4_payload_len":119,"midstream":0,"thread_ts_usec":1597326981598419,"l3_proto":"ip4","src_ip":"176.211.60.43","dst_ip":"97.0.115.163","src_port":37224,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":29,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":2120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":5,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1597327640387630} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":29,"packets-processed":28,"total-skipped-flows":0,"total-l4-payload-len":2120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":5,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1597327640387630} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597327640387630,"flow_src_last_pkt_time":1597327640387630,"flow_dst_last_pkt_time":1597327640387630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597327640387630,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1597327640387630,"flow_dst_last_pkt_time":1597327640387630,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1597327640387630,"pkt":"AAAA82AcAAwpEAFdCABFAABcnENAAEAR56EjX57ZHk\/WJOwYAKEASB50MD4CAQMwEQIEPsyxCwIDAP\/jBAEEAgEDBBAwDgQAAgEAAgEABAAEAAQAMBQEAAQAoA4CBGdAU6sCAQACAQAwAA=="} 01104{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597327640387630,"flow_src_last_pkt_time":1597327640387630,"flow_dst_last_pkt_time":1597327640387630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597327640387630,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":3,"primitive":0,"error_status":0}}} @@ -84,7 +84,7 @@ 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1597327805759196,"flow_dst_last_pkt_time":1597327805757822,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1597327805759196,"pkt":"AAAAV4hpAAwpsVpsCABFAACkmVJAAEAR61aDszGl\/p4BqYyCAKEAkKIiMIGFAgEDMBECBEyy1iMCAwD\/4wQBBwIBAwQ7MDkEDIAAAAkDAKq7zAABAAIBDAICBgoEClNIQTFBRVMxMjgEDFMbh\/Dk3SvVz95WoQQIgB4HBiglqmMEMJE113Q0NWMVB7TdQewvRiEzAB5zFAsRqz8So0sJQUsIHeUhtQOMlyZFVbEp0CGVvA=="} 01098{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1597327640387630,"flow_src_last_pkt_time":1597327640653531,"flow_dst_last_pkt_time":1597327640799174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":381,"midstream":0,"thread_ts_usec":1597327805899852,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":60440,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01098{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1597327646611250,"flow_src_last_pkt_time":1597327646881056,"flow_dst_last_pkt_time":1597327647026431,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":125,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":314,"flow_dst_tot_l4_payload_len":388,"midstream":0,"thread_ts_usec":1597327805899852,"l3_proto":"ip4","src_ip":"35.95.158.217","dst_ip":"30.79.214.36","src_port":49306,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":4998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":4,"total-updates":7,"current-active-flows":4,"total-active-flows":10,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":87,"global_ts_usec":1597328385284231} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":4998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":4,"total-updates":7,"current-active-flows":4,"total-active-flows":10,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":87,"global_ts_usec":1597328385284231} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597328385284231,"flow_src_last_pkt_time":1597328385284231,"flow_dst_last_pkt_time":1597328385284231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":173,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328385284231,"l3_proto":"ip4","src_ip":"92.135.15.240","dst_ip":"137.49.110.186","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00743{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1597328385284231,"flow_dst_last_pkt_time":1597328385284231,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_usec":1597328385284231,"pkt":"AAwpOSzhAAAASwKNCABFAADJAAAAAP8RVsFchw\/wiTFuutQuAKIAtdeqMIGqAgEBBAhwdWJsaWMyY6eBmgIBFwIBAAIBADCBjjAPBggrBgECAQEDAEMDAz\/FMBcGCisGAQYDAQEEAQAGCSsGAQYDAQEFAzAPBgorBgECAQICAQECAgECMBkGCisGAQIBAgIBAgIEC0V0aGVybmV0MC8xMA8GCisGAQIBAgIBAwICAQYwJQYMKwYBBAEJAgIBARQCBBVhZG1pbmlzdHJhdGl2ZWx5IGRvd24="} 01106{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1597328385284231,"flow_src_last_pkt_time":1597328385284231,"flow_dst_last_pkt_time":1597328385284231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":173,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":173,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328385284231,"l3_proto":"ip4","src_ip":"92.135.15.240","dst_ip":"137.49.110.186","src_port":54318,"dst_port":162,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":7,"error_status":0}}} @@ -113,7 +113,7 @@ 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1597328765050571,"flow_dst_last_pkt_time":1597328757701238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":262,"pkt_l4_len":228,"thread_ts_usec":1597328765050571,"pkt":"AAwpbM85AAAAgfGMCABFAAD4AAkAAP8R+958NcSwZ\/gWL9QuAKIA5B3\/MIHZAgEDMA0CASkCAgXcBAEAAgEDBCkwJwQMgAAACQMAqrvMAAEAAgEMAgIJyQQMTk9BVVRITk9QUklWBAAEADCBmQQMgAAACQMAqrvMAAEABACngYYCATACAQACAQAwezAPBggrBgECAQEDAEMDA9QeMBcGCisGAQYDAQEEAQAGCSsGAQYDAQEFBDAPBgorBgECAQICAQECAgECMBkGCisGAQIBAgIBAgIEC0V0aGVybmV0MC8xMA8GCisGAQIBAgIBAwICAQYwEgYMKwYBBAEJAgIBARQCBAJ1cA=="} 00784{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1597328648399219,"flow_src_last_pkt_time":1597328660640336,"flow_dst_last_pkt_time":1597328648399219,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":125,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":271,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328765050571,"l3_proto":"ip4","src_ip":"200.76.132.137","dst_ip":"189.111.255.214","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01095{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1597328704045369,"flow_src_last_pkt_time":1597328710051817,"flow_dst_last_pkt_time":1597328704045369,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":230,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":250,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":480,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1597328765050571,"l3_proto":"ip4","src_ip":"113.19.156.111","dst_ip":"135.201.124.55","src_port":54318,"dst_port":162,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":7038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":4,"total-updates":10,"current-active-flows":4,"total-active-flows":15,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_usec":1643702947966305} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":7038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":4,"total-updates":10,"current-active-flows":4,"total-active-flows":15,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_usec":1643702947966305} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643702947966305,"flow_src_last_pkt_time":1643702947966305,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702947966305,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00762{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1643702947966305,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_usec":1643702947966305,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1To\/AABAETBgCucChgpI9wQAoe6gAMF5TzCCALUCAQEEBGFkc2yiggCoAgJkLgIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"} 01201{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643702947966305,"flow_src_last_pkt_time":1643702947966305,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":185,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643702947966305,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","snmp": {"version":1,"primitive":2,"error_status":19}}} @@ -134,7 +134,7 @@ 00761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1643703001963541,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":231,"pkt_l4_len":193,"thread_ts_usec":1643703001963541,"pkt":"AAAAAAAAAAEAAAAIgQADjAgARcAA1WA+AABAEQphCucChgpI9wQAoe6gAMEJTzCCALUCAQEEBGFkc2yiggCoAgJkngIBEwIBATCCAJowggCWBg8rBgEEAa1zWwEBAQEBDwEEgYJCR01QAQAAAAAAAAEwMDAwMDAAAAAAAAAAAAAAAABSMS42MS4xMi4wMAAAAAAAAAAAAAAAAAAAAAAAAAEAAAABAAAAAQAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAQAA"} 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1643702987695436,"flow_src_last_pkt_time":1643702987784304,"flow_dst_last_pkt_time":1643702987801396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":565,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1097,"flow_dst_max_l4_payload_len":671,"flow_src_tot_l4_payload_len":2229,"flow_dst_tot_l4_payload_len":1364,"midstream":0,"thread_ts_usec":1643703001963541,"l3_proto":"ip4","src_ip":"10.99.8.88","dst_ip":"10.100.253.146","src_port":43242,"dst_port":161,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01186{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1643702947966305,"flow_src_last_pkt_time":1643703001963541,"flow_dst_last_pkt_time":1643702947966305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":185,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":185,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":740,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643703001963541,"l3_proto":"ip4","src_ip":"10.231.2.134","dst_ip":"10.72.247.4","src_port":161,"dst_port":61088,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SNMP","proto_id":"14","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":72,"packets-processed":72,"total-skipped-flows":0,"total-l4-payload-len":11371,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":5,"total-updates":10,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":137,"global_ts_usec":1643703001963541} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/snmp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":72,"packets-processed":72,"total-skipped-flows":0,"total-l4-payload-len":11371,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":5,"total-updates":10,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":137,"global_ts_usec":1643703001963541} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 72/72 ~~ skipped flows.............: 0 @@ -143,9 +143,9 @@ ~~ total active/idle flows...: 17/17 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7803124 bytes -~~ total memory freed........: 7803124 bytes -~~ total allocations/frees...: 146617/146617 +~~ total memory allocated....: 11511487 bytes +~~ total memory freed........: 11511487 bytes +~~ total allocations/frees...: 216871/216871 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 555 chars ~~ json string max len.......: 1987 chars diff --git a/test/results/default/soap.pcap.out b/test/results/default/soap.pcap.out index 3530f9826..4416f8d13 100644 --- a/test/results/default/soap.pcap.out +++ b/test/results/default/soap.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946731321416000} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946731321416000} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321416000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946731321416000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321416000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731321416000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Js1AAH8GJUPAqAJkFwLVpcO0AFABqrpoAAAAAIAC+vBEVAAAAgQFtAEDAwgBAQQC"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321441000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731321441000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADwGjxAXAtWlwKgCZABQw7Tpz83XAaq6aYAS+vCMpAAAAgQFrAEBBAIBAwMH"} @@ -9,7 +9,7 @@ 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946731326059000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtNAAH8GH53AqAJkFwLVpcO0EFABqrpp6c\/N2FAQAQTI+AAAUE9TVCAvZndsaW5rLz9MaW5rSUQ9MjUyNjY5JmNsY2lkPTB4NDA5IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJVVEYtMTZMRSINClVzZXItQWdlbnQ6IE1JQ1JPU09GVF9ERVZJQ0VfTUVUQURBVEFfUkVUUklFVkFMX0NMSUVOVA0KU09BUEFjdGlvbjogImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd2luZG93c21ldGFkYXRhL3NlcnZpY2VzLzIwMDcvMDkvMTgvZG1zL0RldmljZU1ldGFkYXRhU2VydmljZS9HZXREZXZpY2VNZXRhZGF0YSINCkNvbnRlbnQtTGVuZ3RoOiAzNjEyDQpIb3N0OiBnby5taWNyb3NvZnQuY29tDQoNCv\/+PAA\/AHgAbQBsACAAdgBlAHIAcwBpAG8AbgA9ACIAMQAuADAAIgAgAGUAbgBjAG8AZABpAG4AZwA9ACIAVQBUAEYALQAxADYAIgA\/AD4APABzADoARQBuAHYAZQBsAG8AcABlACAAeABtAGwAbgBzADoAcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AeABtAGwAcwBvAGEAcAAuAG8AcgBnAC8AcwBvAGEAcAAvAGUAbgB2AGUAbABvAHAAZQAvACIAPgA8AHMAOgBIAGUAYQBkAGUAcgA+ADwAaAA6AGMAZAAgAHgAbQBsAG4AcwA6AGgAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwB3AGkAbgBkAG8AdwBzAG0AZQB0AGEAZABhAHQAYQAvAHMAZQByAHYAaQBjAGUAcwAvADIAMAAwADcALwAwADkALwAxADgALwBkAG0AcwAiAD4APABoADoAYwB2AD4AMQAwAC4AMAAuADEAOQAwADQAMwA8AC8AaAA6AGMAdgA+ADwAaAA6AGMAYwA+AEQARQBVADwALwBoADoAYwBjAD4APAAvAGgAOgBjAGQAPgA8AC8AcwA6AEgAZQBhAGQAZQByAD4APABzADoAQgBvAGQAeQA+ADwARABlAHYAaQBjAGUATQBlAHQAYQBkAGEAdABhAEIAYQB0AGMAaABSAGUAcQB1AGUAcwB0ACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHMAYwBoAGUAbQBhAHMALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8AdwBpAG4AZABvAHcAcwBtAGUAdABhAGQAYQB0AGEALwBzAGUAcgB2AGkAYwBlAHMALwAyADAAMAA3AC8AMAA5AC8AMQA4AC8AZABtAHMAIgA+ADwATABvAGMATABpAHMAdAA+ADwAbABvAGMAPgBNAHUAbAB0AGkATABvAGMAPAAvAGwAbwBjAD4APABsAG8AYwA+AGQAZQAtAEQARQA8AC8AbABvAGMAPgA8AGwAbwBjAD4AZABlADwALwBsAG8AYwA+ADwALwBMAG8AYwBMAGkAcwB0AD4APABNAEkARABSAGUAcQB1AGUAcwB0AHMAPgA8AGcAZABtAGQAbQBpAGQAPgA8AHIAaQBkAD4ANwA8AC8AcgBpAGQAPgA8AG0AaQBkAD4AQQBGAEYANABCAEQAMgAxAC0ARgBGADIANgAtADUAMQBGADYALQA4ADMANgA1AC0AMQA3ADgAOAA1AEYAMwA4ADYAQwA3AEQAPAAvAG0AaQBkAD4APAAvAGcAZABtAGQAbQBpAGQAPgA8AC8ATQBJAEQAUgBlAHEAdQBlAHMAdABzAD4APABIAFcASQBEAFIAZQBxAHUAZQBzAHQA"} 01394{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"go.microsoft.com","http": {"url":"go.microsoft.com\/fwlink\/?LinkID=252669&clcid=0x409","code":0,"content_type":"","user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","request_content_type":"text\/xml"}}} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1639054092487860} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1639054092487860} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054092487860,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1639054092487860,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAANKG0QADxBqbEuSDAHlWacnEAUNrcPMefU5W6cMWAEjhAOLcAAAIEBbQBAwMABAIAAA=="} 02174{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092538042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_usec":1639054092538042,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE88IlQAB\/BvOUVZpycbkgwB7a3ABQlbpwxTzHn1RQGAIF1wgAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuUmVzb2x2ZUtJRCIgbWlub3I9IjM1IiBwYXJhbWhlYWRlcmxlbmd0aD0iMTE0IiBzaWduYXR1cmU9IkxXa1YzenFpNWFtVUUxUlVvTmtRT3cwdVhZNHczc0dXQncyMkdxYnRqZkFyS0VjanVjS2Z6ZUcydkNybjluZUIzNXlzc2xFZytJcUlDZkRHdk9qRkxJcDlBcHB2ZXJZNTBNS09WZHM4L1BGU2dwRG5oNE91UTg3Q3pKRXZUUkJZMldGakpOaS85NmY1ZktmSklqczQ5bElzcFpyZVRGWVNxYWZ4VDRPNCszbnd2MFpQYUtJNzI4akE3RWNUTUxwelZtc0RJaTBJU2srR21nOW85d3V0UXg2NEprdjdGdlFkQU1nYlVnWDhVaU1MTnRHQWVqSHBLTG1rdWo3TSsxSTNib0IraVg3MTAxaytIZGpaVmQrSjhaS0VNSkJnYTBJNjRLdmZPK2tNb1UzRVNSSm5wbWdVVmZVblVZckl4dDFHZFFMckhsa2hhZVZicUdaMzB2V2E4Zz09IiBzaWduZXI9InlNMmYzbGMzSjZSbTR3ODlmRGhlYm5RMXNxY3NBV2N0eFJiM3BDSFloTktUTnZiazlNM1pLRk9xYjIveE5hN3NaR1I4bm10c0U4T2lnaStLR2xrbndSNWx0SW9CODc1Tk8rRitWTCszYVdySlN2Zm5MQ2dCSlRMV1BwKyt1SUlqZUlCanYrTXB1S0xRM2NTMDMwQlRnUEk1dWlrS0l6Q1A0eEZucUFVampoWE9RVTR3WDMrRG1PczdEbm5QczhhZTk2UkNzWmVmZ0xpMzAyL281ZDVMRDJ1SnBEMUlmSnQ1Y1U1Y3V5UW5jYTRhd2M4bGhTcmFQbDlNNEpja29sQWt5cVlCNzg0UitKVVhYTExpKytjbHEzR1l4U2NJNjRyZHRKZWNWVENZRVcvUTJGU2VXV1c2UE9RdlBRNGZ3aFVPZEM0L05MSVJKdU9lTVAyVG9Ed3NNUT09IiBrZXk9ImduR1dLWGJFVzQwbHZHV1FxbkVKZWdtcXJCSXdBRVZtUmQwRzlJaDMzVCsycnBtRTY5WUQybHhNNHpzNy9weDVFOFRaSjdvYnV5ZVNpNTIvazZMeGp2ZWtkNTdVeTR5QSttaEZ5c1o5UGFXdHVobzRac2oyQ0NaenBjcXhRSW5pL1E4UDY4QkJSeWhKd0hVZHNmMjUxS3RLdmwzdWZFN0VpK254Rnk2bUlVZUptckpjT3U5L1dsNndUTkwxRUVrQmJzL0NIT2pQSlFpUi84UlFOdVN4aDRWYVRnNlFKM0VhVUFhYzFkV2REQmx5dmpUYzZHTnczbFUrdUtDQitpR05xeFNwSlIxMHlQS3VRR1h4S1N3ZTVOVGNuQnFmQncwZC9FMVZ6dWdmVEtqUXFDbmt4TjVEUnlWWEJwTkFyVnNjek4xMlZwdkJpdENUa25ObEhWOHMzdz09IiBpbml0dmVjdG9yPSJkWWhYYVRRWmVUaGZsTUc2VGJCdzN3PT0iPg0KPC9aTWVzc2FnZT4NCg=="} @@ -21,7 +21,7 @@ 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00954{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} 00777{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9746,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1639054092826381} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9746,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1639054092826381} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7775867 bytes -~~ total memory freed........: 7775867 bytes -~~ total allocations/frees...: 146421/146421 +~~ total memory allocated....: 11484454 bytes +~~ total memory freed........: 11484454 bytes +~~ total allocations/frees...: 216675/216675 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 539 chars ~~ json string max len.......: 2469 chars diff --git a/test/results/default/socks.pcap.out b/test/results/default/socks.pcap.out index d9907fa67..bfcd28674 100644 --- a/test/results/default/socks.pcap.out +++ b/test/results/default/socks.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1385474294492448} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1385474294492448} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1385474294492448,"flow_src_last_pkt_time":1385474294492448,"flow_dst_last_pkt_time":1385474294492448,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1385474294492448,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":1637,"dst_port":21477,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1385474294492448,"flow_dst_last_pkt_time":1385474294492448,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1385474294492448,"pkt":"AABeAAEBAAtFtxbACABFAAAwisFAAH4GgV8KAAABCgAAAgZlU+Uyuw5yAAAAAHACQAC3ZAAAAgQFUAEBBAI="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1385474294492448,"flow_dst_last_pkt_time":1385474294649364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1385474294649364,"pkt":"AAtFtxbAACaI3xfHCABFAAAwbUxAAGcGtdQKAAACCgAAAVPlBmV6GpzgMrsOc3ASIADAvAAAAgQE7AEBBAI="} @@ -7,7 +7,7 @@ 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1385474294849170,"flow_dst_last_pkt_time":1385474294649364,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_usec":1385474294849170,"pkt":"AABeAAEBAAtFtxbACABFAAAritBAAH4GgVUKAAABCgAAAgZlU+Uyuw5zehqc4VAYROjCxAAABQEAAAAA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1385474294849170,"flow_dst_last_pkt_time":1385474295006242,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_usec":1385474295006242,"pkt":"AAtFtxbAACaI3xfHCABFAAAqbU9AAGcGtdcKAAACCgAAAVPlBmV6GpzhMrsOdlAY\/\/AHuwAABQAAAAAA"} 01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1385474294492448,"flow_src_last_pkt_time":1385474294849170,"flow_dst_last_pkt_time":1385474295006242,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":3,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1385474295006242,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":1637,"dst_port":21477,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":15,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":1361,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1386004309468752} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":15,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":1361,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1386004309468752} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1386004309468752,"flow_src_last_pkt_time":1386004309468752,"flow_dst_last_pkt_time":1386004309468752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1386004309468752,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1386004309468752,"flow_dst_last_pkt_time":1386004309468752,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1386004309468752,"pkt":"ABNyxPHhAB9b\/1HLCABFAABAxApAAEAGJ5MKtJy5CrSc+dEdBDiu6S7xAAAAALAC\/\/9AOQAAAgQFtAEDAwQBAQgKFh7eWwAAAAAEAgAA"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1386004309468752,"flow_dst_last_pkt_time":1386004309469255,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1386004309469255,"pkt":"AB9b\/1HLABNyxPHhCABFAAA8AABAAEAG66EKtJz5CrScuQQ40R2gPF01ruku8qASOJDLlAAAAgQFtAQCCApiX+0zFh7eWwEDAwc="} @@ -33,7 +33,7 @@ 00970{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1386004309468752,"flow_src_last_pkt_time":1386004309478765,"flow_dst_last_pkt_time":1386004309478749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":1599,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53533,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00970{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1386004312331130,"flow_src_last_pkt_time":1386004312384665,"flow_dst_last_pkt_time":1386004312384637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1599,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53534,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1386004317979913,"flow_src_last_pkt_time":1386004317989330,"flow_dst_last_pkt_time":1386004317989312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":146,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":1603,"midstream":0,"thread_ts_usec":1386004317989330,"l3_proto":"ip4","src_ip":"10.180.156.185","dst_ip":"10.180.156.249","src_port":53535,"dst_port":1080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SOCKS","proto_id":"172","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":6648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1386004317989330} +00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/socks.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":6648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_usec":1386004317989330} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -42,9 +42,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7783129 bytes -~~ total memory freed........: 7783129 bytes -~~ total allocations/frees...: 146468/146468 +~~ total memory allocated....: 11491700 bytes +~~ total memory freed........: 11491700 bytes +~~ total allocations/frees...: 216722/216722 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 535 chars ~~ json string max len.......: 1093 chars diff --git a/test/results/default/softether.pcap.out b/test/results/default/softether.pcap.out index 5186ea5cd..c8cb21df4 100644 --- a/test/results/default/softether.pcap.out +++ b/test/results/default/softether.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1642694863816000} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1642694863816000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642694863816000,"flow_dst_last_pkt_time":1642694863816000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642694863816000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642694863816000,"flow_dst_last_pkt_time":1642694863816000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_usec":1642694863816000,"pkt":"eJS0JASgYDjgxTWgCABFAAAdZ4ZAAD8RiC7AqAJkgp4Gcci1E4wACUw2QQ=="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1642694863816000,"flow_dst_last_pkt_time":1642694864079000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1642694864079000,"pkt":"YDjgxTWgeJS0JASgCABFAAA4FVwAAG8R6j2CngZxwKgCZBOMyLUAJKgsSVA9OTAuMTg2LjEzMi4xMzMsUE9SVD01MTM4MQ=="} @@ -11,7 +11,7 @@ 00975{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642694925531000,"flow_dst_last_pkt_time":1642694925794000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":483,"flow_dst_tot_l4_payload_len":412,"midstream":0,"thread_ts_usec":1642694925794000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642694971183000,"flow_dst_last_pkt_time":1642694971445000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":468,"midstream":0,"thread_ts_usec":1642694971445000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642695022957000,"flow_dst_last_pkt_time":1642694997325000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":487,"flow_dst_tot_l4_payload_len":496,"midstream":0,"thread_ts_usec":1642695022957000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":983,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1642993710968000} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":983,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1642993710968000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642993710968000,"flow_src_last_pkt_time":1642993710968000,"flow_dst_last_pkt_time":1642993710968000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642993710968000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.75.45","src_port":37504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1642993710968000,"flow_dst_last_pkt_time":1642993710968000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642993710968000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8GPRAAD8GkfDAqAJkgp5LLZKAAFAJq5FAAAAAAKAC+vCRBgAAAgQFtAQCCApgbIO7AAAAAAEDAwY="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1642993710968000,"flow_dst_last_pkt_time":1642993711225000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642993711225000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8XxtAAHAGGsmCnkstwKgCZABQkoDyj0KZCauRQaASIAAzDwAAAgQFrAEDAwgEAggKBdAXMmBsg7s="} @@ -19,7 +19,7 @@ 02034{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1642993711226000,"flow_dst_last_pkt_time":1642993711225000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1178,"pkt_l4_len":1144,"thread_ts_usec":1642993711226000,"pkt":"eJS0JASgYDjgxTWgCABFAASMGPZAAD8GjZ7AqAJkgp5LLZKAAFAJq5FB8o9CmoAYA+yVVgAAAQEICmBshL4F0BcyUE9TVCAvZGRucy9kZG5zLmFzcHg\/dj05MjkxMjU3Njg0ODI1Mzg5MDMwIEhUVFAvMS4xDQpBY2NlcHQtTGFuZ3VhZ2U6IGphDQpDYWNoZS1Db250cm9sOiBuby1jYWNoZQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KQ29udGVudC1MZW5ndGg6IDcyNA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQNCkhvc3Q6IHgwLngwLmRldi5vcGVuLnNlcnZlcnMuZGRucy5zb2Z0ZXRoZXItbmV0d29yay5uZXQNCktlZXAtQWxpdmU6IHRpbWVvdXQ9MTU7IG1heD0xOQ0KUHJhZ21hOiBuby1jYWNoZQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4zOyBXT1c2NDsgcnY6MjkuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8yOS4wDQoNClBBQ0swMDAwMDAwNjY4QUFBQUR3QUFBQVppZFdsc1pBQUFBQUFBQUFBQkFBQWx5Z0FBQUFsa1pHNXpYMjl6Y3dBQUFBQUFBQUFCQUFBQUFRQUFBQlprWkc1elgzQnliM1J2WTI5c1gzWmxjbk5wYjI0QUFBQUFBQUFBQVFBQUFBRUFBQUFKYVhOZk5qUmlhWFFBQUFBQUFBQUFBUUFBQUFBQUFBQU1hWE5mY0dGamEyVjBhWGdBQUFBQUFBQUFBUUFBQUFBQUFBQU5hWE5mYzI5bWRHVjBhR1Z5QUFBQUFBQUFBQUVBQUFBQkFBQUFCR3RsZVFBQUFBSUFBQUFCQUFBQUtEUTFRemcwUlRjelJqTTVNMEl3TVVZeFFVSTROamc1UVVWQ1F6YzRRa1ZHTmpoRE1EWTRNRGtBQUFBUGJHRnpkR1Z5Y205eVgybHdkalFBQUFBQUFBQUFBUUFBQUFBQUFBQVBiR0Z6ZEdWeWNtOXlYMmx3ZGpZQUFBQUFBQUFBQVFBQUFBRUFBQUFNYldGamFHbHVaVjlyWlhrQUFBQUNBQUFBQVFBQUFDaENOVUZDUWpjMk1qazRNalZET0RJMU5UY3pOakZHTUVVM01UUTFRamcwTlVWQ1FqWTJOVVUwQUFBQURXMWhZMmhwYm1WZmJtRnRaUUFBQUFJQUFBQUJBQUFBQTNad2JnQUFBQWR2YzJsdVptOEFBQUFBQUFBQUFRQUFEQndBQUFBTWNISnZaSFZqZEY5emRISUFBQUFDQUFBQUFRQUFBQTFUYjJaMFJYUm9aWElnVDFOVEFBQUFDblZ6WlY5aGVuVnlaUUFBQUFBQUFBQUJBQUFBQUFBQUFBbG1kVzVqZEdsdmJnQUFBQUlBQUFBQkFBQUFDSEpsWjJsemRHVnlIQVNIMDAwMDAwMDAyOFpLVk82OGhlWUNPS2tuTSljaFlzVGxsa0daNCg="} 01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1642993710968000,"flow_src_last_pkt_time":1642993711226000,"flow_dst_last_pkt_time":1642993711225000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642993711226000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.75.45","src_port":37504,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Softether","proto_id":"7.290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN","hostname":"x0.x0.dev.open.servers.ddns.softether-network.net","http": {"url":"x0.x0.dev.open.servers.ddns.softether-network.net\/ddns\/ddns.aspx?v=9291257684825389030","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko\/20100101 Firefox\/29.0","request_content_type":"application\/x-www-form-urlencoded","detected_os":"Windows 8.1"}}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1642694863816000,"flow_src_last_pkt_time":1642695022957000,"flow_dst_last_pkt_time":1642694997325000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":487,"flow_dst_tot_l4_payload_len":496,"midstream":0,"thread_ts_usec":1642993711226000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":2095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1646316453326000} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":2095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1646316453326000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1646316453326000,"flow_dst_last_pkt_time":1646316453326000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646316453326000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1646316453326000,"flow_dst_last_pkt_time":1646316453326000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_usec":1646316453326000,"pkt":"eJS0JASgYDjgxTWgCABFAAAd9VFAAD8R+mLAqAJkgp4Gcci1E4wACUw2QQ=="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1646316453326000,"flow_dst_last_pkt_time":1646316453591000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1646316453591000,"pkt":"YDjgxTWgeJS0JASgCABFAAA4EGoAAG4R8C+CngZxwKgCZBOMyLUAJKgsSVA9OTAuMTg2LjEzMi4xMzMsUE9SVD01MTM4MQ=="} @@ -32,7 +32,7 @@ 00783{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1646316555615000,"flow_dst_last_pkt_time":1646316555881000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":140,"midstream":0,"thread_ts_usec":1646316555881000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01057{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1646316604619000,"flow_dst_last_pkt_time":1646316581404000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":486,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1646316604619000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","softether": {"client_ip":"90.186.132.133","client_port":"51381","hostname":"vpn","fqdn":"moishele.softether.net"}}} 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1646316608076000,"flow_dst_last_pkt_time":1646316604885000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":487,"flow_dst_tot_l4_payload_len":496,"midstream":0,"thread_ts_usec":1646316608076000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":35,"packets-processed":34,"total-skipped-flows":0,"total-l4-payload-len":3078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":6,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1656980485529000} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":35,"packets-processed":34,"total-skipped-flows":0,"total-l4-payload-len":3078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":6,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1656980485529000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1656980486196000,"flow_dst_last_pkt_time":1656980486196000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656980486196000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1656980486196000,"flow_dst_last_pkt_time":1656980486196000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_usec":1656980486196000,"pkt":"eJS0JASgYDjgxTWgCABFAAB\/butAAD8RgG\/AqAJkgp4Gaci1E4wAa0yQAAAAAwAAAAdvcGNvZGUAAAACAAAAAQAAAAlnZXRfdG9rZW4AAAAIdHJhbl9pZAAAAAQAAAABVcoU5Uu9F3oAAAAWbmF0X3RyYXZlcnNhbF92ZXJzaW9uAAAAAAAAAAEAAAAB"} 01126{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1656980486196000,"flow_dst_last_pkt_time":1656980486196000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":99,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":99,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":99,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656980486196000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","softether": {"client_ip":"","client_port":"","hostname":"","fqdn":""}}} @@ -47,13 +47,13 @@ 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1656980539784000,"flow_dst_last_pkt_time":1656980540028000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1039,"flow_dst_tot_l4_payload_len":986,"midstream":0,"thread_ts_usec":1656980540028000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1656980485778000,"flow_dst_last_pkt_time":1656980486029000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1008,"flow_dst_tot_l4_payload_len":1129,"midstream":0,"thread_ts_usec":1656980590747000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1656980590502000,"flow_dst_last_pkt_time":1656980590747000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1041,"flow_dst_tot_l4_payload_len":1040,"midstream":0,"thread_ts_usec":1656980590747000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":56,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":6314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":11,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1657218777631000} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":56,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":6314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":11,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1657218777631000} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1646316453326000,"flow_src_last_pkt_time":1656980485778000,"flow_dst_last_pkt_time":1656980486029000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1008,"flow_dst_tot_l4_payload_len":1129,"midstream":0,"thread_ts_usec":1657218777876000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1657218777631000,"flow_dst_last_pkt_time":1657218777876000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1043,"flow_dst_tot_l4_payload_len":1067,"midstream":0,"thread_ts_usec":1657218777876000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1657218830229000,"flow_dst_last_pkt_time":1657218830474000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1525,"flow_dst_tot_l4_payload_len":1447,"midstream":0,"thread_ts_usec":1657218830474000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1657218883169000,"flow_dst_last_pkt_time":1657218883415000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1527,"flow_dst_tot_l4_payload_len":1501,"midstream":0,"thread_ts_usec":1657218883415000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1656980486196000,"flow_src_last_pkt_time":1657218934824000,"flow_dst_last_pkt_time":1657218910555000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":326,"flow_src_tot_l4_payload_len":1529,"flow_dst_tot_l4_payload_len":1528,"midstream":0,"thread_ts_usec":1657218934824000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.105","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":7289,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":15,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1657249529677000} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":7289,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":15,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1657249529677000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657249529677000,"flow_dst_last_pkt_time":1657249529677000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657249529677000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1657249529677000,"flow_dst_last_pkt_time":1657249529677000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_usec":1657249529677000,"pkt":"eJS0JASgYDjgxTWgCABFAAAdcmhAAD8RfU3AqAJkgp4GcMi1E4wACUw1QQ=="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1657249529677000,"flow_dst_last_pkt_time":1657249529923000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1657249529923000,"pkt":"YDjgxTWgeJS0JASgCABFAAA2VBgAAHMRp4SCngZwwKgCZBOMyLUAIuZdSVA9Mi4yMDcuNjAuMTYzLFBPUlQ9NTEzODE="} @@ -65,12 +65,12 @@ 00782{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657249582560000,"flow_dst_last_pkt_time":1657249582732000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":3,"flow_dst_tot_l4_payload_len":78,"midstream":0,"thread_ts_usec":1657249582732000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00783{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657249631671000,"flow_dst_last_pkt_time":1657249631942000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":5,"flow_dst_tot_l4_payload_len":130,"midstream":0,"thread_ts_usec":1657249631942000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00783{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657249681609000,"flow_dst_last_pkt_time":1657249681857000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":1657249681857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":86,"packets-processed":85,"total-skipped-flows":0,"total-l4-payload-len":7479,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":18,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":68,"global_ts_usec":1657366460559000} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":86,"packets-processed":85,"total-skipped-flows":0,"total-l4-payload-len":7479,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":18,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":68,"global_ts_usec":1657366460559000} 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657366460559000,"flow_dst_last_pkt_time":1657366460805000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":26,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1657366460805000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657366513451000,"flow_dst_last_pkt_time":1657366513703000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":491,"flow_dst_tot_l4_payload_len":584,"midstream":0,"thread_ts_usec":1657366513703000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657366565530000,"flow_dst_last_pkt_time":1657366565776000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":493,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1657366565776000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1657249529677000,"flow_src_last_pkt_time":1657366617375000,"flow_dst_last_pkt_time":1657366591817000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":495,"flow_dst_tot_l4_payload_len":662,"midstream":0,"thread_ts_usec":1657366617375000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.112","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":101,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":8446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":22,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1657762868392000} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":101,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":8446,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":22,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1657762868392000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657762868392000,"flow_dst_last_pkt_time":1657762868392000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657762868392000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00514{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1657762868392000,"flow_dst_last_pkt_time":1657762868392000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":43,"pkt_l4_len":9,"thread_ts_usec":1657762868392000,"pkt":"eJS0JASgYDjgxTWgCABFAAAdnKhAAD8RUwzAqAJkgp4Gcci1E4wACUw2QQ=="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1657762868392000,"flow_dst_last_pkt_time":1657762868649000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1657762868649000,"pkt":"YDjgxTWgeJS0JASgCABFAAA4BUMAAHMR9laCngZxwKgCZBOMyLUAJKUsSVA9OTAuMTg2LjE2MC4yMDcsUE9SVD01MTM4MQ=="} @@ -83,28 +83,28 @@ 01058{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657762958721000,"flow_dst_last_pkt_time":1657762948678000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":484,"flow_dst_tot_l4_payload_len":112,"midstream":0,"thread_ts_usec":1657762958721000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN","softether": {"client_ip":"90.186.160.207","client_port":"51381","hostname":"vpn","fqdn":"moishele.softether.net"}}} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657762973579000,"flow_dst_last_pkt_time":1657762973832000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":468,"midstream":0,"thread_ts_usec":1657762973832000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657763027181000,"flow_dst_last_pkt_time":1657763001647000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":487,"flow_dst_tot_l4_payload_len":496,"midstream":0,"thread_ts_usec":1657763027181000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":116,"packets-processed":115,"total-skipped-flows":0,"total-l4-payload-len":9429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":25,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":86,"global_ts_usec":1657906301393000} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":116,"packets-processed":115,"total-skipped-flows":0,"total-l4-payload-len":9429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":25,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":86,"global_ts_usec":1657906301393000} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657906301393000,"flow_dst_last_pkt_time":1657906301648000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":488,"flow_dst_tot_l4_payload_len":524,"midstream":0,"thread_ts_usec":1657906301648000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":11,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657906353365000,"flow_dst_last_pkt_time":1657906353619000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":970,"flow_dst_tot_l4_payload_len":908,"midstream":0,"thread_ts_usec":1657906353619000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657906405961000,"flow_dst_last_pkt_time":1657906406215000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":972,"flow_dst_tot_l4_payload_len":964,"midstream":0,"thread_ts_usec":1657906406215000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":14,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657906456047000,"flow_dst_last_pkt_time":1657906431208000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":974,"flow_dst_tot_l4_payload_len":992,"midstream":0,"thread_ts_usec":1657906456047000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":131,"packets-processed":130,"total-skipped-flows":0,"total-l4-payload-len":10412,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":29,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_usec":1657907318692000} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":131,"packets-processed":130,"total-skipped-flows":0,"total-l4-payload-len":10412,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":29,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_usec":1657907318692000} 02280{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907318692000,"flow_dst_last_pkt_time":1657907318946000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":1657907318946000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":257000,"avg":9319382016.0,"max":1566080232,"stddev":0.0,"var":0.0,"ent":1.1,"data": [257000,27676000,27674000,26195000,26194000,26159000,26161000,10299000,10301000,14858000,14853000,27814000,27815000,25788000,1540291232,1566080232,18689000,18689000,5427000,5426000,27856000,27856000,26072000,26072000,26524000,26524000,24993000,24993000,25093000,862645000,887738000]},"pktlen": {"min":29,"avg":90.3,"max":508,"stddev":132.5,"var":17556.2,"ent":4.1,"data": [29,56,29,56,29,56,29,56,508,356,29,56,29,56,29,29,56,508,356,29,56,29,56,29,56,29,56,29,56,29,29,56]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [13,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1],"entropies": [4.513154984,5.059597492,4.582120895,5.059597492,4.582120895,4.988168716,4.582120895,5.059597492,5.016859055,4.526149750,4.582120895,5.059597492,4.513154984,5.010403156,4.582120895,4.582120895,5.001649380,5.023393631,4.521674156,4.582120895,5.001649380,4.582120895,5.059597492,4.513154984,5.059597492,4.582120895,5.059597492,4.582120895,5.059597492,4.582120895,4.582120895,4.988168716]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907318692000,"flow_dst_last_pkt_time":1657907318946000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":1020,"midstream":0,"thread_ts_usec":1657907318946000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":17,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907371998000,"flow_dst_last_pkt_time":1657907372252000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":977,"flow_dst_tot_l4_payload_len":1076,"midstream":0,"thread_ts_usec":1657907372252000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":19,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907422129000,"flow_dst_last_pkt_time":1657907422383000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":979,"flow_dst_tot_l4_payload_len":1132,"midstream":0,"thread_ts_usec":1657907422383000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":21,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657907472044000,"flow_dst_last_pkt_time":1657907465166000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1461,"flow_dst_tot_l4_payload_len":1488,"midstream":0,"thread_ts_usec":1657907472044000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":11395,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":33,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":97,"global_ts_usec":1657959489569000} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":11395,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":33,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":97,"global_ts_usec":1657959489569000} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":22,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657959489569000,"flow_dst_last_pkt_time":1657959489824000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1462,"flow_dst_tot_l4_payload_len":1516,"midstream":0,"thread_ts_usec":1657959489824000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":23,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657959673241000,"flow_dst_last_pkt_time":1657959673495000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1463,"flow_dst_tot_l4_payload_len":1544,"midstream":0,"thread_ts_usec":1657959673495000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":25,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657959725835000,"flow_dst_last_pkt_time":1657959726090000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1465,"flow_dst_tot_l4_payload_len":1600,"midstream":0,"thread_ts_usec":1657959726090000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":28,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657959784163000,"flow_dst_last_pkt_time":1657959784418000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1947,"flow_dst_tot_l4_payload_len":1984,"midstream":0,"thread_ts_usec":1657959784418000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":163,"packets-processed":162,"total-skipped-flows":0,"total-l4-payload-len":12407,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":37,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":102,"global_ts_usec":1657979228094000} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":163,"packets-processed":162,"total-skipped-flows":0,"total-l4-payload-len":12407,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":37,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":102,"global_ts_usec":1657979228094000} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":30,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657979228094000,"flow_dst_last_pkt_time":1657979228348000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":1950,"flow_dst_tot_l4_payload_len":2040,"midstream":0,"thread_ts_usec":1657979228348000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":37,"flow_dst_packets_processed":33,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657979280591000,"flow_dst_last_pkt_time":1657979280846000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":2051,"flow_dst_tot_l4_payload_len":2377,"midstream":0,"thread_ts_usec":1657979280846000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00981{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":36,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657979331035000,"flow_dst_last_pkt_time":1657979331290000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":2533,"flow_dst_tot_l4_payload_len":2761,"midstream":0,"thread_ts_usec":1657979331290000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":36,"flow_first_seen":1657762868392000,"flow_src_last_pkt_time":1657979356494000,"flow_dst_last_pkt_time":1657979331290000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":328,"flow_src_tot_l4_payload_len":2534,"flow_dst_tot_l4_payload_len":2761,"midstream":0,"thread_ts_usec":1657979356494000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"130.158.6.113","src_port":51381,"dst_port":5004,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Softether","proto_id":"290","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":177,"packets-processed":177,"total-skipped-flows":0,"total-l4-payload-len":13741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":40,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":107,"global_ts_usec":1657979356494000} +00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/softether.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":177,"packets-processed":177,"total-skipped-flows":0,"total-l4-payload-len":13741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":40,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":107,"global_ts_usec":1657979356494000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 177/177 ~~ skipped flows.............: 0 @@ -113,9 +113,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7782874 bytes -~~ total memory freed........: 7782874 bytes -~~ total allocations/frees...: 146609/146609 +~~ total memory allocated....: 11491413 bytes +~~ total memory freed........: 11491413 bytes +~~ total allocations/frees...: 216863/216863 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 517 chars ~~ json string max len.......: 2285 chars diff --git a/test/results/default/someip-tp.pcap.out b/test/results/default/someip-tp.pcap.out index 88b4a1213..3d5aab5c8 100644 --- a/test/results/default/someip-tp.pcap.out +++ b/test/results/default/someip-tp.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1433332443506391} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1433332443506391} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1433332443506391,"flow_src_last_pkt_time":1433332443506391,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1412,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1412,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1412,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1433332443506391,"l3_proto":"ip4","src_ip":"10.0.1.207","dst_ip":"10.0.1.1","src_port":56772,"dst_port":18193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1433332443506391,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1433332443506391,"pkt":"bAAAAAAOdAAAAADhCABFAAWgNUcAAIARAAAKAAHPCgABAd3ERxEFjBxtAQEACQAABXwAAAAFAQEgAAAAAAEAADAAAAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpams="} 01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1433332443506391,"flow_src_last_pkt_time":1433332443506391,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1412,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1412,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1412,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1433332443506391,"l3_proto":"ip4","src_ip":"10.0.1.207","dst_ip":"10.0.1.1","src_port":56772,"dst_port":18193,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -8,7 +8,7 @@ 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1433332443538482,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1433332443538482,"pkt":"bAAAAAAOdAAAAADhCABFAAWgNUoAAIARAAAKAAHPCgABAd3ERxEFjBxtAQEACQAABXwAAAAFAQEgAAAAEFFMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5urs="} 02431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1433332443551109,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1433332443551109,"pkt":"bAAAAAAOdAAAAADhCABFAAWgNUsAAIARAAAKAAHPCgABAd3ERxEFjBxtAQEACQAABXwAAAAFAQEgAAAAFcG8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6\/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t\/g4eLj5OXm5+jp6uvs7e7v8PHy8\/T19vf4+fr7\/P3+\/wABAgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5\/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs\/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7\/Dx8vP09fb3+Pn6+\/z9\/v8AAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4\/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr\/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u\/w8fLz9PX29\/j5+vv8\/f7\/AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKis="} 01208{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1433332443506391,"flow_src_last_pkt_time":1433332443605150,"flow_dst_last_pkt_time":1433332443506391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1176,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1412,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12472,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1433332443605150,"l3_proto":"ip4","src_ip":"10.0.1.207","dst_ip":"10.0.1.1","src_port":56772,"dst_port":18193,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":12472,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1433332443605150} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/someip-tp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":12472,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1433332443605150} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767014 bytes -~~ total memory freed........: 7767014 bytes -~~ total allocations/frees...: 146380/146380 +~~ total memory allocated....: 11475633 bytes +~~ total memory freed........: 11475633 bytes +~~ total allocations/frees...: 216634/216634 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 570 chars ~~ json string max len.......: 2436 chars diff --git a/test/results/default/someip-udp-method-call.pcapng.out b/test/results/default/someip-udp-method-call.pcapng.out index 82b0a2f96..548d101a8 100644 --- a/test/results/default/someip-udp-method-call.pcapng.out +++ b/test/results/default/someip-udp-method-call.pcapng.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1502789275686772} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1502789275686772} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502789275686772,"flow_src_last_pkt_time":1502789275686772,"flow_dst_last_pkt_time":1502789275686772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":328,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502789275686772,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"224.0.0.1","src_port":49190,"dst_port":49190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00969{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1502789275686772,"flow_dst_last_pkt_time":1502789275686772,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":370,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":370,"pkt_l4_len":336,"thread_ts_usec":1502789275686772,"pkt":"AQBeAAABdAAAAAC5CABFAAFkAHhAAAER12bAqAAB4AAAAcAmwCYBULPJ\/\/+BAAAAAUAAAAfdAQECAMAAAAAAAADAAQAAIBI0APwBAAADAAAAAAECABAAAAABAQAAAwAAAAIBAwAQAAAAAQEAAAMAAAAAAQQAIAAAAAEBAAADAAAAAAEGABAAAAABAQAAAwAAAAEBAQAQAAAAAQEAAAMAAAAAAQAAIAAAAAEBAAADAAAAAAEBABAAAAABAgAAAwAAAAABAQAQAAAAAQEAAAMAAAAAAQEAEAAAAAEBAAADAAAAAAEHABAAAAABAQAAAwAAAAEBCAAQAAAAAQEAAAMAAAAAAAAAbAAJBADAqAABAAbAMQAJBADAqAABABHAMQAJBADAqAABAAbAPwAJBADAqAABAAbAPwAJBADAqAABAAbAPwAJBADAqAABABHAPwAJBADAqAABABHAPwAJBADAqAABAAbAPwAJBADAqAABABHAPw=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502789275686772,"flow_src_last_pkt_time":1502789275686772,"flow_dst_last_pkt_time":1502789275686772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":328,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502789275686772,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"224.0.0.1","src_port":49190,"dst_port":49190,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -9,7 +9,7 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1502789275711113,"flow_dst_last_pkt_time":1502789275713141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1502789275713141,"pkt":"gAAAAAB1dAAAAAC5CABFAAA1do9AAAERgVrAqAABwKgAfcAxwCcAIWfYEjQACAAAABEAAAABAQGAAAAAAAWrq6urqw=="} 01224{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1502789275711113,"flow_src_last_pkt_time":1502789275711113,"flow_dst_last_pkt_time":1502789275713141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":25,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":25,"midstream":0,"thread_ts_usec":1502789275713141,"l3_proto":"ip4","src_ip":"192.168.0.125","dst_ip":"192.168.0.1","src_port":49191,"dst_port":49201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1502789275686772,"flow_src_last_pkt_time":1502789275686772,"flow_dst_last_pkt_time":1502789275686772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":328,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":328,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1502789275713141,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"224.0.0.1","src_port":49190,"dst_port":49190,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"SOMEIP","proto_id":"229","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":378,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1502789275713141} +00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/someip-udp-method-call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":378,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1502789275713141} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7768960 bytes -~~ total memory freed........: 7768960 bytes -~~ total allocations/frees...: 146384/146384 +~~ total memory allocated....: 11477563 bytes +~~ total memory freed........: 11477563 bytes +~~ total allocations/frees...: 216638/216638 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 565 chars ~~ json string max len.......: 1229 chars diff --git a/test/results/default/someip_sd_sample.pcap.out b/test/results/default/someip_sd_sample.pcap.out index 8797f5491..81499f717 100644 --- a/test/results/default/someip_sd_sample.pcap.out +++ b/test/results/default/someip_sd_sample.pcap.out @@ -1,5 +1,5 @@ -00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1559741544964106} +00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1559741544964106} 00313{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1559741544964106,"packet_id":1,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741544964106} 00452{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","pkt_datalink":192,"pkt_caplen":114,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1559741544964106,"pkt":"AAAQAAEAAAAIAAQAAAAAAAEAXgIDBQBUr+cDQAgARQAAVAAAQAD\/EXSfwKhYSesCAwV3GncaAEDieP\/\/gQAAAAAwAAAAAwEBAgDAAAAAAAAAEAEAABAA6wAAAQAAHgAAAAAAAAAMAAkEAMCoWEkAEcNQ"} 00313{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1559741545065160,"packet_id":2,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741545065160} @@ -12,7 +12,7 @@ 00452{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","pkt_datalink":192,"pkt_caplen":114,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1559741544964106,"pkt":"AAAQAAEAAAAIAAQAAAAAAABUr+cDQABUr+cDAAgARQAAVAAAQAD\/EUmxwKhYTcCoWEl3GncaAECLdP\/\/gQAAAAAwAAAABAEBAgDAAAAAAAAAEAYAABAA6wAAAQAAHgAAAAEAAAAMAAkEAMCoWE0AEepg"} 00313{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1559741545865698,"packet_id":6,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","layer_type":4096,"global_ts_usec":1559741545865698} 00436{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","pkt_datalink":192,"pkt_caplen":102,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":102,"pkt_l4_len":0,"thread_ts_usec":1559741544964106,"pkt":"AAAQAAEAAAAIAAQAAAAAAABUr+cDAABUr+cDQAgARQAASAAAQAD\/EUm9wKhYScCoWE13GncaADSSJv\/\/gQAAAAAkAAAAAwEBAgDAAAAAAAAAEAcAAAAA6wAAAQAAHgAAAAEAAAAA"} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":6,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1559741545865698} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/someip_sd_sample.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1559741545865698} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/0 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7764605 bytes -~~ total memory freed........: 7764605 bytes -~~ total allocations/frees...: 146360/146360 +~~ total memory allocated....: 11473240 bytes +~~ total memory freed........: 11473240 bytes +~~ total allocations/frees...: 216614/216614 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 318 chars ~~ json string max len.......: 643 chars diff --git a/test/results/default/source_engine.pcap.out b/test/results/default/source_engine.pcap.out index 2f23c7885..8e46127ad 100644 --- a/test/results/default/source_engine.pcap.out +++ b/test/results/default/source_engine.pcap.out @@ -1,24 +1,24 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1680268032673008} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1680268032673008} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268032673008,"flow_src_last_pkt_time":1680268032673008,"flow_dst_last_pkt_time":1680268032673008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268032673008,"l3_proto":"ip4","src_ip":"222.204.159.87","dst_ip":"206.125.246.211","src_port":20595,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1680268032673008,"flow_dst_last_pkt_time":1680268032673008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680268032673008,"pkt":"suZ52dfuXu41QY3PCABFAAA1wr0AACoRioXezJ9Xzn3201BzaYcAIUOC\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268032673008,"flow_src_last_pkt_time":1680268032673008,"flow_dst_last_pkt_time":1680268032673008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268032673008,"l3_proto":"ip4","src_ip":"222.204.159.87","dst_ip":"206.125.246.211","src_port":20595,"dst_port":27015,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":25,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1680268854178455} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":25,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1680268854178455} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268854178455,"flow_src_last_pkt_time":1680268854178455,"flow_dst_last_pkt_time":1680268854178455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268854178455,"l3_proto":"ip4","src_ip":"174.134.158.83","dst_ip":"206.125.246.217","src_port":47464,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1680268854178455,"flow_dst_last_pkt_time":1680268854178455,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680268854178455,"pkt":"lt5b\/81mXu41QY3PCABFAAA1amMAACcRFySuhp5Tzn322bloaYcAIQvR\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268854178455,"flow_src_last_pkt_time":1680268854178455,"flow_dst_last_pkt_time":1680268854178455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268854178455,"l3_proto":"ip4","src_ip":"174.134.158.83","dst_ip":"206.125.246.217","src_port":47464,"dst_port":27015,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268032673008,"flow_src_last_pkt_time":1680268032673008,"flow_dst_last_pkt_time":1680268032673008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680268854178455,"l3_proto":"ip4","src_ip":"222.204.159.87","dst_ip":"206.125.246.211","src_port":20595,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1680269897199187} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1680269897199187} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269897199187,"flow_src_last_pkt_time":1680269897199187,"flow_dst_last_pkt_time":1680269897199187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269897199187,"l3_proto":"ip4","src_ip":"237.117.185.247","dst_ip":"206.125.246.219","src_port":41251,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1680269897199187,"flow_dst_last_pkt_time":1680269897199187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680269897199187,"pkt":"umfZn5dXAQBeQY3PCABFAAA12CcAACoRS8rtdbn3zn3226EjaYcAIcmA\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269897199187,"flow_src_last_pkt_time":1680269897199187,"flow_dst_last_pkt_time":1680269897199187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269897199187,"l3_proto":"ip4","src_ip":"237.117.185.247","dst_ip":"206.125.246.219","src_port":41251,"dst_port":27015,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680268854178455,"flow_src_last_pkt_time":1680268854178455,"flow_dst_last_pkt_time":1680268854178455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680269897199187,"l3_proto":"ip4","src_ip":"174.134.158.83","dst_ip":"206.125.246.217","src_port":47464,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":75,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1680270565741530} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":75,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1680270565741530} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270565741530,"flow_src_last_pkt_time":1680270565741530,"flow_dst_last_pkt_time":1680270565741530,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270565741530,"l3_proto":"ip4","src_ip":"252.187.173.26","dst_ip":"206.125.246.211","src_port":42155,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1680270565741530,"flow_dst_last_pkt_time":1680270565741530,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680270565741530,"pkt":"suZ52dfuXu41QY3PCABFAAA1dSgAACkRrWj8u60azn3206SraYcAIcOX\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680270565741530,"flow_src_last_pkt_time":1680270565741530,"flow_dst_last_pkt_time":1680270565741530,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270565741530,"l3_proto":"ip4","src_ip":"252.187.173.26","dst_ip":"206.125.246.211","src_port":42155,"dst_port":27015,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680269897199187,"flow_src_last_pkt_time":1680269897199187,"flow_dst_last_pkt_time":1680269897199187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680270565741530,"l3_proto":"ip4","src_ip":"237.117.185.247","dst_ip":"206.125.246.219","src_port":41251,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1680271779776446} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1680271779776446} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271779776446,"flow_src_last_pkt_time":1680271779776446,"flow_dst_last_pkt_time":1680271779776446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271779776446,"l3_proto":"ip4","src_ip":"167.166.182.152","dst_ip":"206.125.246.212","src_port":53321,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1680271779776446,"flow_dst_last_pkt_time":1680271779776446,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680271779776446,"pkt":"tus5LcPaXu41QY3PCABFCAA1hEMAACQR7tunpraYzn321NBJaYcAIeOP\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271779776446,"flow_src_last_pkt_time":1680271779776446,"flow_dst_last_pkt_time":1680271779776446,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680271779776446,"l3_proto":"ip4","src_ip":"167.166.182.152","dst_ip":"206.125.246.212","src_port":53321,"dst_port":27015,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -37,7 +37,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272337560282,"flow_src_last_pkt_time":1680272337560282,"flow_dst_last_pkt_time":1680272337560282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272337560282,"l3_proto":"ip4","src_ip":"197.114.186.247","dst_ip":"206.125.246.222","src_port":38846,"dst_port":27015,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271905048618,"flow_src_last_pkt_time":1680271905048618,"flow_dst_last_pkt_time":1680271905048618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272337560282,"l3_proto":"ip4","src_ip":"151.182.246.17","dst_ip":"206.125.246.217","src_port":52464,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680271990901001,"flow_src_last_pkt_time":1680271990901001,"flow_dst_last_pkt_time":1680271990901001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272337560282,"l3_proto":"ip4","src_ip":"197.114.186.247","dst_ip":"206.125.246.213","src_port":64888,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1680272423587299} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":8,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1680272423587299} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272423587299,"flow_src_last_pkt_time":1680272423587299,"flow_dst_last_pkt_time":1680272423587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272423587299,"l3_proto":"ip4","src_ip":"237.117.153.178","dst_ip":"206.125.246.215","src_port":24647,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1680272423587299,"flow_dst_last_pkt_time":1680272423587299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680272423587299,"pkt":"0i7fu7XLAQBeQY3PCABFAAA1GmkAACsRKNLtdZmyzn3212BHaYcAISqm\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272423587299,"flow_src_last_pkt_time":1680272423587299,"flow_dst_last_pkt_time":1680272423587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272423587299,"l3_proto":"ip4","src_ip":"237.117.153.178","dst_ip":"206.125.246.215","src_port":24647,"dst_port":27015,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -53,7 +53,7 @@ 01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272493156815,"flow_src_last_pkt_time":1680272493156815,"flow_dst_last_pkt_time":1680272493156815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272707354790,"l3_proto":"ip4","src_ip":"252.141.177.26","dst_ip":"206.125.246.216","src_port":21572,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272337560282,"flow_src_last_pkt_time":1680272337560282,"flow_dst_last_pkt_time":1680272337560282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272707354790,"l3_proto":"ip4","src_ip":"197.114.186.247","dst_ip":"206.125.246.222","src_port":38846,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680272423587299,"flow_src_last_pkt_time":1680272423587299,"flow_dst_last_pkt_time":1680272423587299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680272707354790,"l3_proto":"ip4","src_ip":"237.117.153.178","dst_ip":"206.125.246.215","src_port":24647,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1680275154446193} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":56,"global_ts_usec":1680275154446193} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275154446193,"flow_src_last_pkt_time":1680275154446193,"flow_dst_last_pkt_time":1680275154446193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275154446193,"l3_proto":"ip4","src_ip":"140.151.209.84","dst_ip":"206.125.246.214","src_port":8335,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1680275154446193,"flow_dst_last_pkt_time":1680275154446193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680275154446193,"pkt":"8i53bZ3HXu41QY3PCABFAAA1YXkAAC4RB\/+Ml9FUzn321iCPaYcAIZOb\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275154446193,"flow_src_last_pkt_time":1680275154446193,"flow_dst_last_pkt_time":1680275154446193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275154446193,"l3_proto":"ip4","src_ip":"140.151.209.84","dst_ip":"206.125.246.214","src_port":8335,"dst_port":27015,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -62,7 +62,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1680275513818590,"flow_dst_last_pkt_time":1680275513818590,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680275513818590,"pkt":"8i53bZ3HXu41QY3PCABFAAA1YOgAACoR6hHFcrr3zn321qDqaYcAIfDB\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275513818590,"flow_src_last_pkt_time":1680275513818590,"flow_dst_last_pkt_time":1680275513818590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275513818590,"l3_proto":"ip4","src_ip":"197.114.186.247","dst_ip":"206.125.246.214","src_port":41194,"dst_port":27015,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680275154446193,"flow_src_last_pkt_time":1680275154446193,"flow_dst_last_pkt_time":1680275154446193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680275513818590,"l3_proto":"ip4","src_ip":"140.151.209.84","dst_ip":"206.125.246.214","src_port":8335,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":325,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1680276988600126} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":325,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1680276988600126} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276988600126,"flow_src_last_pkt_time":1680276988600126,"flow_dst_last_pkt_time":1680276988600126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276988600126,"l3_proto":"ip4","src_ip":"222.158.181.242","dst_ip":"206.125.246.222","src_port":58235,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1680276988600126,"flow_dst_last_pkt_time":1680276988600126,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680276988600126,"pkt":"suZ52dfuXu41QY3PCABFAAA1JwIAACkREMnenrXyzn323uN7aYcAIZoB\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276988600126,"flow_src_last_pkt_time":1680276988600126,"flow_dst_last_pkt_time":1680276988600126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680276988600126,"l3_proto":"ip4","src_ip":"222.158.181.242","dst_ip":"206.125.246.222","src_port":58235,"dst_port":27015,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -71,18 +71,18 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1680277233172685,"flow_dst_last_pkt_time":1680277233172685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680277233172685,"pkt":"umfZn5dXAQBeQY3PCABFAAA12s0AACoRaZXti5lwzn322w6KaYcAIXyL\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277233172685,"flow_src_last_pkt_time":1680277233172685,"flow_dst_last_pkt_time":1680277233172685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277233172685,"l3_proto":"ip4","src_ip":"237.139.153.112","dst_ip":"206.125.246.219","src_port":3722,"dst_port":27015,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680276988600126,"flow_src_last_pkt_time":1680276988600126,"flow_dst_last_pkt_time":1680276988600126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680277233172685,"l3_proto":"ip4","src_ip":"222.158.181.242","dst_ip":"206.125.246.222","src_port":58235,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":375,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":15,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":74,"global_ts_usec":1680278871503388} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":375,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":15,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":74,"global_ts_usec":1680278871503388} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278871503388,"flow_src_last_pkt_time":1680278871503388,"flow_dst_last_pkt_time":1680278871503388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278871503388,"l3_proto":"ip4","src_ip":"118.149.186.147","dst_ip":"206.125.246.214","src_port":21285,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1680278871503388,"flow_dst_last_pkt_time":1680278871503388,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680278871503388,"pkt":"8i53bZ3HXu41QY3PCABFAAA1stIAACkR6Gh2lbqTzn321lMlaYcAIY3I\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278871503388,"flow_src_last_pkt_time":1680278871503388,"flow_dst_last_pkt_time":1680278871503388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278871503388,"l3_proto":"ip4","src_ip":"118.149.186.147","dst_ip":"206.125.246.214","src_port":21285,"dst_port":27015,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680277233172685,"flow_src_last_pkt_time":1680277233172685,"flow_dst_last_pkt_time":1680277233172685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680278871503388,"l3_proto":"ip4","src_ip":"237.139.153.112","dst_ip":"206.125.246.219","src_port":3722,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":16,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1680279669681327} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":16,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1680279669681327} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279669681327,"flow_src_last_pkt_time":1680279669681327,"flow_dst_last_pkt_time":1680279669681327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279669681327,"l3_proto":"ip4","src_ip":"151.182.246.17","dst_ip":"206.125.246.221","src_port":17890,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1680279669681327,"flow_dst_last_pkt_time":1680279669681327,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1680279669681327,"pkt":"suZ52dfuXu41QY3PCABFAAA11kkAACkRaEuXtvYRzn323UXiaYcAIT5l\/\/\/\/\/1RTb3VyY2UgRW5naW5lIFF1ZXJ5AA=="} 01062{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279669681327,"flow_src_last_pkt_time":1680279669681327,"flow_dst_last_pkt_time":1680279669681327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279669681327,"l3_proto":"ip4","src_ip":"151.182.246.17","dst_ip":"206.125.246.221","src_port":17890,"dst_port":27015,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680278871503388,"flow_src_last_pkt_time":1680278871503388,"flow_dst_last_pkt_time":1680278871503388,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279669681327,"l3_proto":"ip4","src_ip":"118.149.186.147","dst_ip":"206.125.246.214","src_port":21285,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1680279669681327,"flow_src_last_pkt_time":1680279669681327,"flow_dst_last_pkt_time":1680279669681327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1680279669681327,"l3_proto":"ip4","src_ip":"151.182.246.17","dst_ip":"206.125.246.221","src_port":17890,"dst_port":27015,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Source_Engine","proto_id":"333","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":425,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":85,"global_ts_usec":1680279669681327} +00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/source_engine.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":425,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":85,"global_ts_usec":1680279669681327} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -91,9 +91,9 @@ ~~ total active/idle flows...: 17/17 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7801614 bytes -~~ total memory freed........: 7801614 bytes -~~ total allocations/frees...: 146564/146564 +~~ total memory allocated....: 11509977 bytes +~~ total memory freed........: 11509977 bytes +~~ total allocations/frees...: 216818/216818 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 559 chars ~~ json string max len.......: 1108 chars diff --git a/test/results/default/sql_injection.pcap.out b/test/results/default/sql_injection.pcap.out index 459cc7a2b..7516eedc1 100644 --- a/test/results/default/sql_injection.pcap.out +++ b/test/results/default/sql_injection.pcap.out @@ -1,5 +1,5 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655243907401514} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655243907401514} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655243907401514,"flow_src_last_pkt_time":1655243907401514,"flow_dst_last_pkt_time":1655243907401514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":691,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655243907401514,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655243907401514,"flow_dst_last_pkt_time":1655243907401514,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":757,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":757,"pkt_l4_len":723,"thread_ts_usec":1655243907401514,"pkt":"FE+Kc3lP4CvpcxhCCABFAALnBMxAAEAGqxzAqANtwKgDa9EYAFBtgZhQ14snP4AYAfYjSgAAAQEICpBN+1KzuubyR0VUIC9EVldBLW1hc3Rlci92dWxuZXJhYmlsaXRpZXMvc3FsaS8\/aWQ9JTNGaWQlM0RhJTI3K1VOSU9OK1NFTEVDVCslMjJ0ZXh0MSUyMiUyQyUyMnRleHQyJTIyJTNCLS0rLSUyNlN1Ym1pdCUzRFN1Ym1pdCZTdWJtaXQ9U3VibWl0IEhUVFAvMS4xDQpIb3N0OiAxOTIuMTY4LjMuMTA3DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzOiAxDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDIuMC4wLjAgU2FmYXJpLzUzNy4zNg0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS9hdmlmLGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgsYXBwbGljYXRpb24vc2lnbmVkLWV4Y2hhbmdlO3Y9YjM7cT0wLjkNClJlZmVyZXI6IGh0dHA6Ly8xOTIuMTY4LjMuMTA3L0RWV0EtbWFzdGVyL3Z1bG5lcmFiaWxpdGllcy9zcWxpLw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlDQpBY2NlcHQtTGFuZ3VhZ2U6IGl0LUlULGl0O3E9MC45LGVuLVVTO3E9MC44LGVuO3E9MC43DQpDb29raWU6IFBIUFNFU1NJRD11YTdvdW1xY2g0aDJxZWx1YnB2bzIxZGVjNjsgc2VjdXJpdHk9bG93DQoNCg=="} 01546{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655243907401514,"flow_src_last_pkt_time":1655243907401514,"flow_dst_last_pkt_time":1655243907401514,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":691,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1655243907401514,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"192.168.3.107","http": {"url":"192.168.3.107\/DVWA-master\/vulnerabilities\/sqli\/?id=%3Fid%3Da%27+UNION+SELECT+%22text1%22%2C%22text2%22%3B--+-%26Submit%3DSubmit&Submit=Submit","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/102.0.0.0 Safari\/537.36","detected_os":"Linux x86_64"}}} @@ -8,7 +8,7 @@ 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655243907401514,"flow_dst_last_pkt_time":1655243907402945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655243907402945,"pkt":"4CvpcxhCFE+Kc3lPCABFAAFLVvxAAEAGWojAqANrwKgDbQBQ0RjXiyznbYGbA4AYAfhCywAAAQEICrO7eEeQTftS8nesfXSXKCDm16lh4L3R\/3eEe5NHG9q5YFT5OLsvveilNqwc26R5XzBmjTFWaW34feZsgc6YkLiDl7Vs5LhjA8TdGSy3hF1UUEMDSwkaJeLd+8vJHFDHlsmmShu3tld43vlGLOrFc8i2VLCYAeRLnKCNMqZ1A\/3nD6TUjuG2nJ62UVLP9qCsrYRWwVTwKWRNwSaQsiJWJjZDuhQSEZghWpS8aq0J867UoXP7aGx5AHHNce7U0K6w3lYodaNh2i4UXFtfKnrIH885NP3terkEoVtneMAtJnVtem8wmTzl1Stbx2ofmfYx1+p39ZyEAjaGPZUZCw4OCadoeFnu3npZ9iVdjSJiK6D9lcA97ZP\/AQkVDNI+EAAA"} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655243907406272,"flow_dst_last_pkt_time":1655243907402945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655243907406272,"pkt":"FE+Kc3lP4CvpcxhCCABFAAA0BM1AAEAGrc7AqANtwKgDa9EYAFBtgZsD14st\/oAQAelVLQAAAQEICpBN+7Wzu3hH"} 01214{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":3,"flow_first_seen":1655243907401514,"flow_src_last_pkt_time":1655243907406272,"flow_dst_last_pkt_time":1655243907402945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":691,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":691,"flow_dst_tot_l4_payload_len":1727,"midstream":1,"thread_ts_usec":1655243907406272,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53528,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"2": {"risk":"SQL Injection","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":2418,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1655243907406272} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/sql_injection.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":2418,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1655243907406272} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767384 bytes -~~ total memory freed........: 7767384 bytes -~~ total allocations/frees...: 146384/146384 +~~ total memory allocated....: 11476003 bytes +~~ total memory freed........: 11476003 bytes +~~ total allocations/frees...: 216638/216638 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 552 chars ~~ json string max len.......: 2508 chars diff --git a/test/results/default/srvloc-v1.pcapng.out b/test/results/default/srvloc-v1.pcapng.out index c7d00254a..07c50c93f 100644 --- a/test/results/default/srvloc-v1.pcapng.out +++ b/test/results/default/srvloc-v1.pcapng.out @@ -1,5 +1,5 @@ -00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1610477174501058} +00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1610477174501058} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477174501058,"flow_src_last_pkt_time":1610477174501058,"flow_dst_last_pkt_time":1610477174501058,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":362,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477174501058,"l3_proto":"ip4","src_ip":"23.220.116.175","dst_ip":"192.168.199.71","src_port":427,"dst_port":57782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00998{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1610477174501058,"flow_dst_last_pkt_time":1610477174501058,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":404,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":404,"pkt_l4_len":370,"thread_ts_usec":1610477174501058,"pkt":"AAAAAAAAAAYApNApCABFAAGG4R4AAD8RhM0X3HSvwKjHRwGr4bYBclCtAQcBagAAZW4AAx15AAABWih4LWhwLXZlcj0wMSkoeC1ocC1wcm9kX2lkPVN0ZWxsYTROV18wMSkoeC1ocC1tYWM9M0M1MjgyMjZGRDI4KSh4LWhwLWd1aWQ9M0M1MjgyMjZGRDI4KSh4LWhwLW51bV9wb3J0PTAxKSh4LWhwLWlwPTE5Mi4xNjguMTAwLjAyOSkoeC1ocC1obj1ERVYyNkZEMjgpKHgtaHAtcDE9TUZHOkhld2xldHQtUGFja2FyZDtNREw6SFAgQ29sb3IgTGFzZXJKZXQgUHJvIE1GUCBNMTc3Znc7Q01EOkFDTCxDTUQsWkpTLFVSRixQQ0xtLFBKTDtDTFM6UFJJTlRFUjtERVM6SFAgQ29sb3IgTGFzZXJKZXQgUHJvIE1GUCBNMTc3Znc7RldWRVI6MjAxNjA5MjY7TEVETURJUzpVU0IjZmYjMDQjMDE7Q0lEOkhQTEpQQ0xNU1YxOyk="} 01077{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477174501058,"flow_src_last_pkt_time":1610477174501058,"flow_dst_last_pkt_time":1610477174501058,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":362,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477174501058,"l3_proto":"ip4","src_ip":"23.220.116.175","dst_ip":"192.168.199.71","src_port":427,"dst_port":57782,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -8,7 +8,7 @@ 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477179484120,"flow_src_last_pkt_time":1610477179484120,"flow_dst_last_pkt_time":1610477179484120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477179484120,"l3_proto":"ip4","src_ip":"250.83.105.78","dst_ip":"172.30.246.115","src_port":51708,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477174501058,"flow_src_last_pkt_time":1610477174501058,"flow_dst_last_pkt_time":1610477174501058,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":362,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":362,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477179484120,"l3_proto":"ip4","src_ip":"23.220.116.175","dst_ip":"192.168.199.71","src_port":427,"dst_port":57782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1610477179484120,"flow_src_last_pkt_time":1610477179484120,"flow_dst_last_pkt_time":1610477179484120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1610477179484120,"l3_proto":"ip4","src_ip":"250.83.105.78","dst_ip":"172.30.246.115","src_port":51708,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":406,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1610477179484120} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc-v1.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":406,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1610477179484120} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7768959 bytes -~~ total memory freed........: 7768959 bytes -~~ total allocations/frees...: 146384/146384 +~~ total memory allocated....: 11477562 bytes +~~ total memory freed........: 11477562 bytes +~~ total allocations/frees...: 216638/216638 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 572 chars ~~ json string max len.......: 1121 chars diff --git a/test/results/default/srvloc.pcap.out b/test/results/default/srvloc.pcap.out index 150e50caa..b2c151dc6 100644 --- a/test/results/default/srvloc.pcap.out +++ b/test/results/default/srvloc.pcap.out @@ -1,9 +1,9 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1685617825174445} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1685617825174445} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685617825174445,"flow_src_last_pkt_time":1685617825174445,"flow_dst_last_pkt_time":1685617825174445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685617825174445,"l3_proto":"ip4","src_ip":"37.40.101.196","dst_ip":"85.111.52.57","src_port":53106,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1685617825174445,"flow_dst_last_pkt_time":1685617825174445,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685617825174445,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbbAlKGXEVW80Oc9yAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685617825174445,"flow_src_last_pkt_time":1685617825174445,"flow_dst_last_pkt_time":1685617825174445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685617825174445,"l3_proto":"ip4","src_ip":"37.40.101.196","dst_ip":"85.111.52.57","src_port":53106,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":29,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1685630200886590} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":29,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1685630200886590} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630200886590,"flow_src_last_pkt_time":1685630200886590,"flow_dst_last_pkt_time":1685630200886590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630200886590,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":45163,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1685630200886590,"flow_dst_last_pkt_time":1685630200886590,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685630200886590,"pkt":"3jHC4dyOPJTVQTiBCABFCABL5ywAACQR3TcbhqncWo0lOLBrAasAN20TAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630200886590,"flow_src_last_pkt_time":1685630200886590,"flow_dst_last_pkt_time":1685630200886590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630200886590,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":45163,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -12,7 +12,7 @@ 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1685630282860970,"flow_dst_last_pkt_time":1685630282860970,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_usec":1685630282860970,"pkt":"xmjqc4OdPJTVQTiBCABFCACH1DEAAOsRrCYsY3GWunDKNZ6vAasAcwAAAgIAAGtAAAAAAIgRAAJlbgAAAAMAEREAHmh0dHBzOi8vZXhhbXBsZS5jb20vaW5kZXguaHRtbAAAEREAGHNjaGVtZTovL2RvbWFpbi50bGQvcGF0aAAAEREAD3NscDovL2hvc3QvcGF0aAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630282860970,"flow_src_last_pkt_time":1685630282860970,"flow_dst_last_pkt_time":1685630282860970,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":107,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":107,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630282860970,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"186.112.202.53","src_port":40623,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630200886590,"flow_src_last_pkt_time":1685630200886590,"flow_dst_last_pkt_time":1685630200886590,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630282860970,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":45163,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":183,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1685630932313616} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":183,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1685630932313616} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630932313616,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":111,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":111,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630932313616,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"90.145.180.58","src_port":34697,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_usec":1685630932313616,"pkt":"bs1PogZtPJTVQTiBCABFCACL1DEAAOsRrCEsY3GWWpG0OoeJAasAdwAAAgIAAG9AAAAAAIgRAAJlbgAAAAIAEREAHmh0dHBzOi8vZXhhbXBsZS5jb20vaW5kZXguaHRtbAIAAAANAAAAAAADQUFBAAAAEQAAAAAAB0JCQkJCQkIAIiIAE3NscDovL3Rlc3Qub3JnL3Rlc3QA"} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630932313616,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":111,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":111,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685630932313616,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"90.145.180.58","src_port":34697,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -22,13 +22,13 @@ 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1685631007788963,"flow_dst_last_pkt_time":1685631007788963,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685631007788963,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRpSXQZLGIWo0lOIHeAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685631007788963,"flow_src_last_pkt_time":1685631007788963,"flow_dst_last_pkt_time":1685631007788963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685631007788963,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.141.37.56","src_port":33246,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630932313616,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":111,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":111,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685631007788963,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"90.145.180.58","src_port":34697,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":392,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1685632512691057} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":392,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1685632512691057} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685632512691057,"flow_src_last_pkt_time":1685632512691057,"flow_dst_last_pkt_time":1685632512691057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685632512691057,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":33510,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1685632512691057,"flow_dst_last_pkt_time":1685632512691057,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685632512691057,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPMRpTItfJOcVW80OYLmAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685632512691057,"flow_src_last_pkt_time":1685632512691057,"flow_dst_last_pkt_time":1685632512691057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685632512691057,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":33510,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685631007788963,"flow_src_last_pkt_time":1685631007788963,"flow_dst_last_pkt_time":1685631007788963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685632512691057,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.141.37.56","src_port":33246,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685630932313616,"flow_src_last_pkt_time":1685630932313616,"flow_dst_last_pkt_time":1685630932313616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":111,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":111,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":111,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685632512691057,"l3_proto":"ip4","src_ip":"44.99.113.150","dst_ip":"90.145.180.58","src_port":34697,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1685634172336790} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1685634172336790} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634172336790,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634172336790,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":50663,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685634172336790,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpS0tfJOcpXLKPcXnAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634172336790,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634172336790,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":50663,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -42,22 +42,22 @@ 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634721622135,"flow_src_last_pkt_time":1685634721622135,"flow_dst_last_pkt_time":1685634721622135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634721622135,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"90.147.171.51","src_port":43154,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634172336790,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634721622135,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":41268,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1685634172336790,"flow_src_last_pkt_time":1685634172336790,"flow_dst_last_pkt_time":1685634172336790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685634721622135,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":50663,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":882,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_usec":1685636053299196} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":882,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_usec":1685636053299196} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685636053299196,"flow_src_last_pkt_time":1685636053299196,"flow_dst_last_pkt_time":1685636053299196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685636053299196,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"74.111.203.55","src_port":57141,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1685636053299196,"flow_dst_last_pkt_time":1685636053299196,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685636053299196,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRpTctfJOcSm\/LN981AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685636053299196,"flow_src_last_pkt_time":1685636053299196,"flow_dst_last_pkt_time":1685636053299196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685636053299196,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"74.111.203.55","src_port":57141,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685634721622135,"flow_src_last_pkt_time":1685634721622135,"flow_dst_last_pkt_time":1685634721622135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685636053299196,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"90.147.171.51","src_port":43154,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":980,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1685637797751103} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":980,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1685637797751103} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685637797751103,"flow_src_last_pkt_time":1685637797751103,"flow_dst_last_pkt_time":1685637797751103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685637797751103,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.144.84.62","src_port":38061,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1685637797751103,"flow_dst_last_pkt_time":1685637797751103,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685637797751103,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPARDMi4tKjwpZBUPpStAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685637797751103,"flow_src_last_pkt_time":1685637797751103,"flow_dst_last_pkt_time":1685637797751103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685637797751103,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.144.84.62","src_port":38061,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685636053299196,"flow_src_last_pkt_time":1685636053299196,"flow_dst_last_pkt_time":1685636053299196,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685637797751103,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"74.111.203.55","src_port":57141,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1685638455443887} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":1078,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":11,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1685638455443887} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685638455443887,"flow_src_last_pkt_time":1685638455443887,"flow_dst_last_pkt_time":1685638455443887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685638455443887,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"69.109.187.54","src_port":38756,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1685638455443887,"flow_dst_last_pkt_time":1685638455443887,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685638455443887,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPMRpTXsg6KdRW27NpdkAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685638455443887,"flow_src_last_pkt_time":1685638455443887,"flow_dst_last_pkt_time":1685638455443887,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685638455443887,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"69.109.187.54","src_port":38756,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685637797751103,"flow_src_last_pkt_time":1685637797751103,"flow_dst_last_pkt_time":1685637797751103,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685638455443887,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.144.84.62","src_port":38061,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":1176,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":60,"global_ts_usec":1685644247091385} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":1176,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":60,"global_ts_usec":1685644247091385} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644247091385,"flow_src_last_pkt_time":1685644247091385,"flow_dst_last_pkt_time":1685644247091385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685644247091385,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":39908,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1685644247091385,"flow_dst_last_pkt_time":1685644247091385,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685644247091385,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80OZvkAasAJU6QAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644247091385,"flow_src_last_pkt_time":1685644247091385,"flow_dst_last_pkt_time":1685644247091385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685644247091385,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":39908,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -70,13 +70,13 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1685644782769825,"flow_dst_last_pkt_time":1685644782769825,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685644782769825,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPURKLnIH5CeunDKNZLgAasAJVeXAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644782769825,"flow_src_last_pkt_time":1685644782769825,"flow_dst_last_pkt_time":1685644782769825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685644782769825,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":37600,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644675913837,"flow_src_last_pkt_time":1685644675913837,"flow_dst_last_pkt_time":1685644675913837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685644782769825,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":40656,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1263,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":15,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1685646379667471} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1263,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":15,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1685646379667471} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685646379667471,"flow_src_last_pkt_time":1685646379667471,"flow_dst_last_pkt_time":1685646379667471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685646379667471,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"90.147.171.51","src_port":53651,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1685646379667471,"flow_dst_last_pkt_time":1685646379667471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685646379667471,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbNVGHGX8WpOrM9GTAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685646379667471,"flow_src_last_pkt_time":1685646379667471,"flow_dst_last_pkt_time":1685646379667471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685646379667471,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"90.147.171.51","src_port":53651,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644782769825,"flow_src_last_pkt_time":1685644782769825,"flow_dst_last_pkt_time":1685644782769825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685646379667471,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":37600,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685644675913837,"flow_src_last_pkt_time":1685644675913837,"flow_dst_last_pkt_time":1685644675913837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685646379667471,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":40656,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":1292,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":16,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1685647342398373} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":1292,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":16,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1685647342398373} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647342398373,"flow_src_last_pkt_time":1685647342398373,"flow_dst_last_pkt_time":1685647342398373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647342398373,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":38913,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1685647342398373,"flow_dst_last_pkt_time":1685647342398373,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685647342398373,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN5gBAasAJVJ4AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647342398373,"flow_src_last_pkt_time":1685647342398373,"flow_dst_last_pkt_time":1685647342398373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647342398373,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":38913,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -85,7 +85,7 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1685647407833070,"flow_dst_last_pkt_time":1685647407833070,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685647407833070,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMoKtAasAJWfNAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647407833070,"flow_src_last_pkt_time":1685647407833070,"flow_dst_last_pkt_time":1685647407833070,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647407833070,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":33453,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647342398373,"flow_src_last_pkt_time":1685647342398373,"flow_dst_last_pkt_time":1685647342398373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647407833070,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":38913,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":4,"current-active-flows":2,"total-active-flows":18,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":88,"global_ts_usec":1685647960810732} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":4,"current-active-flows":2,"total-active-flows":18,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":88,"global_ts_usec":1685647960810732} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647960810732,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647960810732,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":60963,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685647960810732,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lOO4jAasAJfxRAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647960810732,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685647960810732,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":60963,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -95,13 +95,13 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1685648124700322,"flow_dst_last_pkt_time":1685648124700322,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685648124700322,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM6ErAasAJUlQAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685648124700322,"flow_src_last_pkt_time":1685648124700322,"flow_dst_last_pkt_time":1685648124700322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648124700322,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":41259,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647960810732,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648124700322,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":60963,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":22,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":1408,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":20,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":20,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":98,"global_ts_usec":1685648698148233} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":22,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":1408,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":20,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":20,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":98,"global_ts_usec":1685648698148233} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685648698148233,"flow_src_last_pkt_time":1685648698148233,"flow_dst_last_pkt_time":1685648698148233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648698148233,"l3_proto":"ip4","src_ip":"62.230.4.248","dst_ip":"165.144.84.62","src_port":56007,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1685648698148233,"flow_dst_last_pkt_time":1685648698148233,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685648698148233,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbM4+5gT4pZBUPtrHAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685648698148233,"flow_src_last_pkt_time":1685648698148233,"flow_dst_last_pkt_time":1685648698148233,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648698148233,"l3_proto":"ip4","src_ip":"62.230.4.248","dst_ip":"165.144.84.62","src_port":56007,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685647960810732,"flow_src_last_pkt_time":1685647960810732,"flow_dst_last_pkt_time":1685647960810732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648698148233,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":60963,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685648124700322,"flow_src_last_pkt_time":1685648124700322,"flow_dst_last_pkt_time":1685648124700322,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685648698148233,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":41259,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":23,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":1437,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":21,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":104,"global_ts_usec":1685650322996075} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":23,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":1437,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":21,"total-idle-flows":20,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":104,"global_ts_usec":1685650322996075} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650322996075,"flow_src_last_pkt_time":1685650322996075,"flow_dst_last_pkt_time":1685650322996075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650322996075,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":52741,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1685650322996075,"flow_dst_last_pkt_time":1685650322996075,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685650322996075,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPc4FAasAJRxqAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650322996075,"flow_src_last_pkt_time":1685650322996075,"flow_dst_last_pkt_time":1685650322996075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650322996075,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":52741,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -114,18 +114,18 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1685650669220572,"flow_dst_last_pkt_time":1685650669220572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685650669220572,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPqhCAasAJUIuAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650669220572,"flow_src_last_pkt_time":1685650669220572,"flow_dst_last_pkt_time":1685650669220572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650669220572,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":43074,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650536282125,"flow_src_last_pkt_time":1685650536282125,"flow_dst_last_pkt_time":1685650536282125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650669220572,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":39516,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":1524,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":6,"current-active-flows":2,"total-active-flows":24,"total-idle-flows":22,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":117,"global_ts_usec":1685650926504967} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":1524,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":6,"current-active-flows":2,"total-active-flows":24,"total-idle-flows":22,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":117,"global_ts_usec":1685650926504967} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650926504967,"flow_src_last_pkt_time":1685650926504967,"flow_dst_last_pkt_time":1685650926504967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650926504967,"l3_proto":"ip4","src_ip":"198.229.224.110","dst_ip":"90.145.180.58","src_port":56395,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1685650926504967,"flow_dst_last_pkt_time":1685650926504967,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685650926504967,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPoRbJPG5eBuWpG0OtxLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650926504967,"flow_src_last_pkt_time":1685650926504967,"flow_dst_last_pkt_time":1685650926504967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650926504967,"l3_proto":"ip4","src_ip":"198.229.224.110","dst_ip":"90.145.180.58","src_port":56395,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650669220572,"flow_src_last_pkt_time":1685650669220572,"flow_dst_last_pkt_time":1685650669220572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650926504967,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":43074,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650536282125,"flow_src_last_pkt_time":1685650536282125,"flow_dst_last_pkt_time":1685650536282125,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685650926504967,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":39516,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":27,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":1553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":25,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":25,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":123,"global_ts_usec":1685653377845672} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":27,"packets-processed":26,"total-skipped-flows":0,"total-l4-payload-len":1553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":25,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":25,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":123,"global_ts_usec":1685653377845672} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685653377845672,"flow_src_last_pkt_time":1685653377845672,"flow_dst_last_pkt_time":1685653377845672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685653377845672,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.144.84.62","src_port":27095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1685653377845672,"flow_dst_last_pkt_time":1685653377845672,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685653377845672,"pkt":"AAwp30Y4PJTVQTiBCABFAABSlBMAAG4Rf4VDnxCWpZBUPmnXAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685653377845672,"flow_src_last_pkt_time":1685653377845672,"flow_dst_last_pkt_time":1685653377845672,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685653377845672,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.144.84.62","src_port":27095,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685650926504967,"flow_src_last_pkt_time":1685650926504967,"flow_dst_last_pkt_time":1685650926504967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685653377845672,"l3_proto":"ip4","src_ip":"198.229.224.110","dst_ip":"90.145.180.58","src_port":56395,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":28,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":1607,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":26,"total-idle-flows":25,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":128,"global_ts_usec":1685656813046229} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":28,"packets-processed":27,"total-skipped-flows":0,"total-l4-payload-len":1607,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":26,"total-idle-flows":25,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":128,"global_ts_usec":1685656813046229} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685656813046229,"flow_src_last_pkt_time":1685656813046229,"flow_dst_last_pkt_time":1685656813046229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685656813046229,"l3_proto":"ip4","src_ip":"217.217.186.39","dst_ip":"186.112.202.53","src_port":52663,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1685656813046229,"flow_dst_last_pkt_time":1685656813046229,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685656813046229,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbWnZ2bonunDKNc23AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685656813046229,"flow_src_last_pkt_time":1685656813046229,"flow_dst_last_pkt_time":1685656813046229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685656813046229,"l3_proto":"ip4","src_ip":"217.217.186.39","dst_ip":"186.112.202.53","src_port":52663,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -134,7 +134,7 @@ 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1685657160451708,"flow_dst_last_pkt_time":1685657160451708,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685657160451708,"pkt":"bpHurUgdPJTVQTiBCABFCABLsZ4AACIRGQ0j\/EVxRW27NmYwAasAN7uVAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685657160451708,"flow_src_last_pkt_time":1685657160451708,"flow_dst_last_pkt_time":1685657160451708,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685657160451708,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":26160,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685656813046229,"flow_src_last_pkt_time":1685656813046229,"flow_dst_last_pkt_time":1685656813046229,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685657160451708,"l3_proto":"ip4","src_ip":"217.217.186.39","dst_ip":"186.112.202.53","src_port":52663,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":30,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":1683,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":28,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":28,"total-idle-flows":27,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":137,"global_ts_usec":1685719505759316} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":30,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":1683,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":28,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":28,"total-idle-flows":27,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":137,"global_ts_usec":1685719505759316} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719505759316,"flow_src_last_pkt_time":1685719505759316,"flow_dst_last_pkt_time":1685719505759316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685719505759316,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"90.141.37.56","src_port":45441,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1685719505759316,"flow_dst_last_pkt_time":1685719505759316,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685719505759316,"pkt":"3jHC4dyOPJTVQTiBCABFAABL9UAAACcR3eciZn14Wo0lOLGBAasAN325AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01075{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719505759316,"flow_src_last_pkt_time":1685719505759316,"flow_dst_last_pkt_time":1685719505759316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685719505759316,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"90.141.37.56","src_port":45441,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -143,12 +143,12 @@ 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1685719700086818,"flow_dst_last_pkt_time":1685719700086818,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685719700086818,"pkt":"AAwp30Y4PJTVQTiBCABFCABLINwAACQRo44bhqncWpOrM+VDAasANzhBAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719700086818,"flow_src_last_pkt_time":1685719700086818,"flow_dst_last_pkt_time":1685719700086818,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685719700086818,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.147.171.51","src_port":58691,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719505759316,"flow_src_last_pkt_time":1685719505759316,"flow_dst_last_pkt_time":1685719505759316,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685719700086818,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"90.141.37.56","src_port":45441,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":32,"packets-processed":31,"total-skipped-flows":0,"total-l4-payload-len":1777,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":30,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":146,"global_ts_usec":1685722352249009} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":32,"packets-processed":31,"total-skipped-flows":0,"total-l4-payload-len":1777,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":30,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":146,"global_ts_usec":1685722352249009} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685722352249009,"flow_src_last_pkt_time":1685722352249009,"flow_dst_last_pkt_time":1685722352249009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685722352249009,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":33386,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1685722352249009,"flow_dst_last_pkt_time":1685722352249009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685722352249009,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAOsREgyGtJCVunDKNYJqAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685722352249009,"flow_src_last_pkt_time":1685722352249009,"flow_dst_last_pkt_time":1685722352249009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685722352249009,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":33386,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685719700086818,"flow_src_last_pkt_time":1685719700086818,"flow_dst_last_pkt_time":1685719700086818,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685722352249009,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.147.171.51","src_port":58691,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":33,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":1875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":31,"total-idle-flows":30,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":151,"global_ts_usec":1685724063085340} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":33,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":1875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":31,"total-idle-flows":30,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":151,"global_ts_usec":1685724063085340} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685724063085340,"flow_src_last_pkt_time":1685724063085340,"flow_dst_last_pkt_time":1685724063085340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685724063085340,"l3_proto":"ip4","src_ip":"36.231.109.217","dst_ip":"90.145.180.58","src_port":50939,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1685724063085340,"flow_dst_last_pkt_time":1685724063085340,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685724063085340,"pkt":"bs1PogZtPJTVQTiBCABFCABLVAkAACQRcFsk523ZWpG0Osb7AasAN1aDAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685724063085340,"flow_src_last_pkt_time":1685724063085340,"flow_dst_last_pkt_time":1685724063085340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685724063085340,"l3_proto":"ip4","src_ip":"36.231.109.217","dst_ip":"90.145.180.58","src_port":50939,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -161,7 +161,7 @@ 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1685724460743313,"flow_dst_last_pkt_time":1685724460743313,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685724460743313,"pkt":"moT+\/Ph8PJTVQTiBCABFCAB+1DEAAOsREgK2tHiLVW80OeZaAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685724460743313,"flow_src_last_pkt_time":1685724460743313,"flow_dst_last_pkt_time":1685724460743313,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685724460743313,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"85.111.52.57","src_port":58970,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685724385340729,"flow_src_last_pkt_time":1685724385340729,"flow_dst_last_pkt_time":1685724385340729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685724460743313,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.111.212.50","src_port":41334,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":36,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":2067,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":0,"total-updates":7,"current-active-flows":2,"total-active-flows":34,"total-idle-flows":32,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1685725477275419} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":36,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":2067,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":0,"total-updates":7,"current-active-flows":2,"total-active-flows":34,"total-idle-flows":32,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1685725477275419} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725477275419,"flow_src_last_pkt_time":1685725477275419,"flow_dst_last_pkt_time":1685725477275419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725477275419,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":55489,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1685725477275419,"flow_dst_last_pkt_time":1685725477275419,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685725477275419,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZXItJByWm\/UMtjBAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725477275419,"flow_src_last_pkt_time":1685725477275419,"flow_dst_last_pkt_time":1685725477275419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725477275419,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":55489,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -180,7 +180,7 @@ 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725970240675,"flow_src_last_pkt_time":1685725970240675,"flow_dst_last_pkt_time":1685725970240675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725970240675,"l3_proto":"ip4","src_ip":"47.123.189.155","dst_ip":"90.147.171.51","src_port":56038,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725705626703,"flow_src_last_pkt_time":1685725705626703,"flow_dst_last_pkt_time":1685725705626703,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725970240675,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.114.202.61","src_port":60983,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685725834402274,"flow_src_last_pkt_time":1685725834402274,"flow_dst_last_pkt_time":1685725834402274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685725970240675,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.141.37.56","src_port":38679,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":2459,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":38,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":38,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":183,"global_ts_usec":1685726470530729} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-payload-len":2459,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":38,"total-detection-updates":0,"total-updates":9,"current-active-flows":2,"total-active-flows":38,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":183,"global_ts_usec":1685726470530729} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726470530729,"flow_src_last_pkt_time":1685726470530729,"flow_dst_last_pkt_time":1685726470530729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685726470530729,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"74.111.203.55","src_port":48096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1685726470530729,"flow_dst_last_pkt_time":1685726470530729,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685726470530729,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPARDNBGtG\/xSm\/LN7vgAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726470530729,"flow_src_last_pkt_time":1685726470530729,"flow_dst_last_pkt_time":1685726470530729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685726470530729,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"74.111.203.55","src_port":48096,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -190,43 +190,43 @@ 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1685726834568415,"flow_dst_last_pkt_time":1685726834568415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685726834568415,"pkt":"bs1PogZtPJTVQTiBCABFCAB+1DEAAOsREgC2tHiLWpG0OrXjAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726834568415,"flow_src_last_pkt_time":1685726834568415,"flow_dst_last_pkt_time":1685726834568415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685726834568415,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":46563,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726470530729,"flow_src_last_pkt_time":1685726470530729,"flow_dst_last_pkt_time":1685726470530729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685726834568415,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"74.111.203.55","src_port":48096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":42,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":2655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":40,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":40,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":193,"global_ts_usec":1685731799713540} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":42,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":2655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":40,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":40,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":193,"global_ts_usec":1685731799713540} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685731799713540,"flow_src_last_pkt_time":1685731799713540,"flow_dst_last_pkt_time":1685731799713540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685731799713540,"l3_proto":"ip4","src_ip":"218.19.29.186","dst_ip":"90.111.212.50","src_port":56315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1685731799713540,"flow_dst_last_pkt_time":1685731799713540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685731799713540,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbPbaEx26Wm\/UMtv7AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685731799713540,"flow_src_last_pkt_time":1685731799713540,"flow_dst_last_pkt_time":1685731799713540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685731799713540,"l3_proto":"ip4","src_ip":"218.19.29.186","dst_ip":"90.111.212.50","src_port":56315,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685726834568415,"flow_src_last_pkt_time":1685726834568415,"flow_dst_last_pkt_time":1685726834568415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685731799713540,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":46563,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":43,"packets-processed":42,"total-skipped-flows":0,"total-l4-payload-len":2684,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":41,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":41,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":198,"global_ts_usec":1685734492958804} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":43,"packets-processed":42,"total-skipped-flows":0,"total-l4-payload-len":2684,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":41,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":41,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":198,"global_ts_usec":1685734492958804} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685734492958804,"flow_src_last_pkt_time":1685734492958804,"flow_dst_last_pkt_time":1685734492958804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685734492958804,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"69.109.187.54","src_port":51349,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1685734492958804,"flow_dst_last_pkt_time":1685734492958804,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685734492958804,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRbOC61Z7hRW27NsiVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685734492958804,"flow_src_last_pkt_time":1685734492958804,"flow_dst_last_pkt_time":1685734492958804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685734492958804,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"69.109.187.54","src_port":51349,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685731799713540,"flow_src_last_pkt_time":1685731799713540,"flow_dst_last_pkt_time":1685731799713540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685734492958804,"l3_proto":"ip4","src_ip":"218.19.29.186","dst_ip":"90.111.212.50","src_port":56315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":44,"packets-processed":43,"total-skipped-flows":0,"total-l4-payload-len":2713,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":42,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":42,"total-idle-flows":41,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":203,"global_ts_usec":1685736988753451} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":44,"packets-processed":43,"total-skipped-flows":0,"total-l4-payload-len":2713,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":42,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":42,"total-idle-flows":41,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":203,"global_ts_usec":1685736988753451} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685736988753451,"flow_src_last_pkt_time":1685736988753451,"flow_dst_last_pkt_time":1685736988753451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685736988753451,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.141.37.56","src_port":7086,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1685736988753451,"flow_dst_last_pkt_time":1685736988753451,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685736988753451,"pkt":"3jHC4dyOPJTVQTiBCABFCABLe9YAACQRSJTn33nVWo0lOBuuAasANwHXAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685736988753451,"flow_src_last_pkt_time":1685736988753451,"flow_dst_last_pkt_time":1685736988753451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685736988753451,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.141.37.56","src_port":7086,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685734492958804,"flow_src_last_pkt_time":1685734492958804,"flow_dst_last_pkt_time":1685734492958804,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685736988753451,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"69.109.187.54","src_port":51349,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":45,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":2760,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":43,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":43,"total-idle-flows":42,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":208,"global_ts_usec":1685741033951129} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":45,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":2760,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":43,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":43,"total-idle-flows":42,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":208,"global_ts_usec":1685741033951129} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685741033951129,"flow_src_last_pkt_time":1685741033951129,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685741033951129,"l3_proto":"ip4","src_ip":"20.133.112.32","dst_ip":"165.114.202.61","src_port":11510,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1685741033951129,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685741033951129,"pkt":"AAwp30Y4PJTVQTiBCABFCABSKPYAACgRnOcUhXAgpXLKPSz2AasAPogCAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685741033951129,"flow_src_last_pkt_time":1685741033951129,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685741033951129,"l3_proto":"ip4","src_ip":"20.133.112.32","dst_ip":"165.114.202.61","src_port":11510,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1685741033951143,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685741033951143,"pkt":"AAwp30Y4PJTVQTiBCABFCABSKPYAACgRnOcUhXAgpXLKPSz2AasAPogCAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685736988753451,"flow_src_last_pkt_time":1685736988753451,"flow_dst_last_pkt_time":1685736988753451,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685741033951143,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.141.37.56","src_port":7086,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":47,"packets-processed":46,"total-skipped-flows":0,"total-l4-payload-len":2868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":44,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":44,"total-idle-flows":43,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":214,"global_ts_usec":1685749458942275} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":47,"packets-processed":46,"total-skipped-flows":0,"total-l4-payload-len":2868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":44,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":44,"total-idle-flows":43,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":214,"global_ts_usec":1685749458942275} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685749458942275,"flow_src_last_pkt_time":1685749458942275,"flow_dst_last_pkt_time":1685749458942275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685749458942275,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"186.112.202.53","src_port":51745,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1685749458942275,"flow_dst_last_pkt_time":1685749458942275,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685749458942275,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRYABTMNjrunDKNcohAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685749458942275,"flow_src_last_pkt_time":1685749458942275,"flow_dst_last_pkt_time":1685749458942275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685749458942275,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"186.112.202.53","src_port":51745,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1685741033951129,"flow_src_last_pkt_time":1685741033951143,"flow_dst_last_pkt_time":1685741033951129,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685749458942275,"l3_proto":"ip4","src_ip":"20.133.112.32","dst_ip":"165.114.202.61","src_port":11510,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":48,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":2897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":45,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":219,"global_ts_usec":1685750473996900} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":48,"packets-processed":47,"total-skipped-flows":0,"total-l4-payload-len":2897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":45,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":219,"global_ts_usec":1685750473996900} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685750473996900,"flow_src_last_pkt_time":1685750473996900,"flow_dst_last_pkt_time":1685750473996900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685750473996900,"l3_proto":"ip4","src_ip":"154.97.132.119","dst_ip":"165.144.84.62","src_port":64306,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1685750473996900,"flow_dst_last_pkt_time":1685750473996900,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685750473996900,"pkt":"AAwp30Y4PJTVQTiBCABFAABLscgAACcRIVOaYYR3pZBUPvsyAasANzP7AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685750473996900,"flow_src_last_pkt_time":1685750473996900,"flow_dst_last_pkt_time":1685750473996900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685750473996900,"l3_proto":"ip4","src_ip":"154.97.132.119","dst_ip":"165.144.84.62","src_port":64306,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685749458942275,"flow_src_last_pkt_time":1685749458942275,"flow_dst_last_pkt_time":1685749458942275,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685750473996900,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"186.112.202.53","src_port":51745,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":49,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":2944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":46,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":46,"total-idle-flows":45,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":224,"global_ts_usec":1685754984415729} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":49,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":2944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":46,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":46,"total-idle-flows":45,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":224,"global_ts_usec":1685754984415729} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685754984415729,"flow_src_last_pkt_time":1685754984415729,"flow_dst_last_pkt_time":1685754984415729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685754984415729,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"90.145.180.58","src_port":56358,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1685754984415729,"flow_dst_last_pkt_time":1685754984415729,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685754984415729,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPoRXvtTMNjrWpG0OtwmAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685754984415729,"flow_src_last_pkt_time":1685754984415729,"flow_dst_last_pkt_time":1685754984415729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685754984415729,"l3_proto":"ip4","src_ip":"83.48.216.235","dst_ip":"90.145.180.58","src_port":56358,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685750473996900,"flow_src_last_pkt_time":1685750473996900,"flow_dst_last_pkt_time":1685750473996900,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685754984415729,"l3_proto":"ip4","src_ip":"154.97.132.119","dst_ip":"165.144.84.62","src_port":64306,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":50,"packets-processed":49,"total-skipped-flows":0,"total-l4-payload-len":2973,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":47,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":47,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":229,"global_ts_usec":1685757305453914} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":50,"packets-processed":49,"total-skipped-flows":0,"total-l4-payload-len":2973,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":47,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":47,"total-idle-flows":46,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":229,"global_ts_usec":1685757305453914} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685757305453914,"flow_src_last_pkt_time":1685757305453914,"flow_dst_last_pkt_time":1685757305453914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685757305453914,"l3_proto":"ip4","src_ip":"72.30.8.39","dst_ip":"90.111.212.50","src_port":43690,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1685757305453914,"flow_dst_last_pkt_time":1685757305453914,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685757305453914,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+GZhAADQR3IJIHggnWm\/UMqqqAasAKnQsAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685757305453914,"flow_src_last_pkt_time":1685757305453914,"flow_dst_last_pkt_time":1685757305453914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685757305453914,"l3_proto":"ip4","src_ip":"72.30.8.39","dst_ip":"90.111.212.50","src_port":43690,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -235,7 +235,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1685757594807526,"flow_dst_last_pkt_time":1685757594807526,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685757594807526,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+4kRAADQRE8lHJggvWo0lOKbBAasAKngIAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685757594807526,"flow_src_last_pkt_time":1685757594807526,"flow_dst_last_pkt_time":1685757594807526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685757594807526,"l3_proto":"ip4","src_ip":"71.38.8.47","dst_ip":"90.141.37.56","src_port":42689,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685757305453914,"flow_src_last_pkt_time":1685757305453914,"flow_dst_last_pkt_time":1685757305453914,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685757594807526,"l3_proto":"ip4","src_ip":"72.30.8.39","dst_ip":"90.111.212.50","src_port":43690,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":52,"packets-processed":51,"total-skipped-flows":0,"total-l4-payload-len":3041,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":49,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":49,"total-idle-flows":48,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":238,"global_ts_usec":1685758217856293} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":52,"packets-processed":51,"total-skipped-flows":0,"total-l4-payload-len":3041,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":49,"total-detection-updates":0,"total-updates":9,"current-active-flows":1,"total-active-flows":49,"total-idle-flows":48,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":238,"global_ts_usec":1685758217856293} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758217856293,"flow_src_last_pkt_time":1685758217856293,"flow_dst_last_pkt_time":1685758217856293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758217856293,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"165.144.84.62","src_port":12409,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1685758217856293,"flow_dst_last_pkt_time":1685758217856293,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685758217856293,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+f25AADQRdoJ5avcUpZBUPjB5AasAKu4zAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758217856293,"flow_src_last_pkt_time":1685758217856293,"flow_dst_last_pkt_time":1685758217856293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758217856293,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"165.144.84.62","src_port":12409,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -249,7 +249,7 @@ 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758497495915,"flow_src_last_pkt_time":1685758497495915,"flow_dst_last_pkt_time":1685758497495915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758497495915,"l3_proto":"ip4","src_ip":"185.225.247.8","dst_ip":"165.114.202.61","src_port":48375,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758217856293,"flow_src_last_pkt_time":1685758217856293,"flow_dst_last_pkt_time":1685758217856293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758497495915,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"165.144.84.62","src_port":12409,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01107{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758396547203,"flow_src_last_pkt_time":1685758396547203,"flow_dst_last_pkt_time":1685758396547203,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758497495915,"l3_proto":"ip4","src_ip":"55.94.8.63","dst_ip":"90.145.180.58","src_port":43995,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":55,"packets-processed":54,"total-skipped-flows":0,"total-l4-payload-len":3143,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":52,"total-detection-updates":0,"total-updates":11,"current-active-flows":2,"total-active-flows":52,"total-idle-flows":50,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":252,"global_ts_usec":1685758883587256} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":55,"packets-processed":54,"total-skipped-flows":0,"total-l4-payload-len":3143,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":52,"total-detection-updates":0,"total-updates":11,"current-active-flows":2,"total-active-flows":52,"total-idle-flows":50,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":252,"global_ts_usec":1685758883587256} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758883587256,"flow_src_last_pkt_time":1685758883587256,"flow_dst_last_pkt_time":1685758883587256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758883587256,"l3_proto":"ip4","src_ip":"121.82.8.7","dst_ip":"85.111.52.57","src_port":60170,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1685758883587256,"flow_dst_last_pkt_time":1685758883587256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685758883587256,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+3xBAADQRFtB5UggHVW80OesKAasAKjOSAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758883587256,"flow_src_last_pkt_time":1685758883587256,"flow_dst_last_pkt_time":1685758883587256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758883587256,"l3_proto":"ip4","src_ip":"121.82.8.7","dst_ip":"85.111.52.57","src_port":60170,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -259,7 +259,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1685759315778010,"flow_dst_last_pkt_time":1685759315778010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685759315778010,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+7TlAADQRCL55avcUunDKNdiyAasAKkYBAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759315778010,"flow_src_last_pkt_time":1685759315778010,"flow_dst_last_pkt_time":1685759315778010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759315778010,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"186.112.202.53","src_port":55474,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01104{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758883587256,"flow_src_last_pkt_time":1685758883587256,"flow_dst_last_pkt_time":1685758883587256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759315778010,"l3_proto":"ip4","src_ip":"121.82.8.7","dst_ip":"85.111.52.57","src_port":60170,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":57,"packets-processed":56,"total-skipped-flows":0,"total-l4-payload-len":3211,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":54,"total-detection-updates":0,"total-updates":11,"current-active-flows":1,"total-active-flows":54,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":262,"global_ts_usec":1685759582800435} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":57,"packets-processed":56,"total-skipped-flows":0,"total-l4-payload-len":3211,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":54,"total-detection-updates":0,"total-updates":11,"current-active-flows":1,"total-active-flows":54,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":262,"global_ts_usec":1685759582800435} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759582800435,"flow_src_last_pkt_time":1685759582800435,"flow_dst_last_pkt_time":1685759582800435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759582800435,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"90.147.171.51","src_port":55474,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1685759582800435,"flow_dst_last_pkt_time":1685759582800435,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685759582800435,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+PaVAADQRuFZ5avcUWpOrM9iyAasAKkYFAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759582800435,"flow_src_last_pkt_time":1685759582800435,"flow_dst_last_pkt_time":1685759582800435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759582800435,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"90.147.171.51","src_port":55474,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -268,7 +268,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1685759668286856,"flow_dst_last_pkt_time":1685759668286856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685759668286856,"pkt":"ipffLU2SPJTVQTiBCABFAAA+WVBAADQRnKXIYfcYSm\/LN1ZsAasAKshFAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759668286856,"flow_src_last_pkt_time":1685759668286856,"flow_dst_last_pkt_time":1685759668286856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759668286856,"l3_proto":"ip4","src_ip":"200.97.247.24","dst_ip":"74.111.203.55","src_port":22124,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685759582800435,"flow_src_last_pkt_time":1685759582800435,"flow_dst_last_pkt_time":1685759582800435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685759668286856,"l3_proto":"ip4","src_ip":"121.106.247.20","dst_ip":"90.147.171.51","src_port":55474,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":59,"packets-processed":58,"total-skipped-flows":0,"total-l4-payload-len":3279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":12,"current-active-flows":2,"total-active-flows":56,"total-idle-flows":54,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":271,"global_ts_usec":1685761109424998} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":59,"packets-processed":58,"total-skipped-flows":0,"total-l4-payload-len":3279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":12,"current-active-flows":2,"total-active-flows":56,"total-idle-flows":54,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":271,"global_ts_usec":1685761109424998} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761109424998,"flow_src_last_pkt_time":1685761109424998,"flow_dst_last_pkt_time":1685761109424998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761109424998,"l3_proto":"ip4","src_ip":"121.35.244.56","dst_ip":"90.145.180.58","src_port":30580,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1685761109424998,"flow_dst_last_pkt_time":1685761109424998,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685761109424998,"pkt":"bs1PogZtPJTVQTiBCABFBABS6itAACERQQR5I\/Q4WpG0Ond0AasAPtvSAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761109424998,"flow_src_last_pkt_time":1685761109424998,"flow_dst_last_pkt_time":1685761109424998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761109424998,"l3_proto":"ip4","src_ip":"121.35.244.56","dst_ip":"90.145.180.58","src_port":30580,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -283,74 +283,74 @@ 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761390202624,"flow_src_last_pkt_time":1685761390202624,"flow_dst_last_pkt_time":1685761390202624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761390202624,"l3_proto":"ip4","src_ip":"38.236.38.224","dst_ip":"165.114.202.61","src_port":52729,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761109424998,"flow_src_last_pkt_time":1685761109424998,"flow_dst_last_pkt_time":1685761109424998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761390202624,"l3_proto":"ip4","src_ip":"121.35.244.56","dst_ip":"90.145.180.58","src_port":30580,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761214200787,"flow_src_last_pkt_time":1685761214200787,"flow_dst_last_pkt_time":1685761214200787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685761390202624,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"69.109.187.54","src_port":26060,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":62,"packets-processed":61,"total-skipped-flows":0,"total-l4-payload-len":3409,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":59,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":59,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":286,"global_ts_usec":1685764555721287} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":62,"packets-processed":61,"total-skipped-flows":0,"total-l4-payload-len":3409,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":59,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":59,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":286,"global_ts_usec":1685764555721287} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685764555721287,"flow_src_last_pkt_time":1685764555721287,"flow_dst_last_pkt_time":1685764555721287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685764555721287,"l3_proto":"ip4","src_ip":"69.230.164.78","dst_ip":"90.141.37.56","src_port":55275,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1685764555721287,"flow_dst_last_pkt_time":1685764555721287,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685764555721287,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRbXpF5qROWo0lONfrAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685764555721287,"flow_src_last_pkt_time":1685764555721287,"flow_dst_last_pkt_time":1685764555721287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685764555721287,"l3_proto":"ip4","src_ip":"69.230.164.78","dst_ip":"90.141.37.56","src_port":55275,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761214200787,"flow_src_last_pkt_time":1685761214200787,"flow_dst_last_pkt_time":1685761214200787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685764555721287,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"69.109.187.54","src_port":26060,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685761390202624,"flow_src_last_pkt_time":1685761390202624,"flow_dst_last_pkt_time":1685761390202624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685764555721287,"l3_proto":"ip4","src_ip":"38.236.38.224","dst_ip":"165.114.202.61","src_port":52729,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":3438,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":60,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":60,"total-idle-flows":59,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":292,"global_ts_usec":1685765514548491} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-payload-len":3438,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":60,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":60,"total-idle-flows":59,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":292,"global_ts_usec":1685765514548491} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685765514548491,"flow_src_last_pkt_time":1685765514548491,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685765514548491,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.144.84.62","src_port":31778,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1685765514548491,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685765514548491,"pkt":"AAwp30Y4PJTVQTiBCABFBABSeCIAADQRBE3rYkGFpZBUPnwiAasAPvtjAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685765514548491,"flow_src_last_pkt_time":1685765514548491,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685765514548491,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.144.84.62","src_port":31778,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1685765514548505,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685765514548505,"pkt":"AAwp30Y4PJTVQTiBCABFBABSeCIAADQRBE3rYkGFpZBUPnwiAasAPvtjAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685764555721287,"flow_src_last_pkt_time":1685764555721287,"flow_dst_last_pkt_time":1685764555721287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685765514548505,"l3_proto":"ip4","src_ip":"69.230.164.78","dst_ip":"90.141.37.56","src_port":55275,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":65,"packets-processed":64,"total-skipped-flows":0,"total-l4-payload-len":3546,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":298,"global_ts_usec":1685768356139839} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":65,"packets-processed":64,"total-skipped-flows":0,"total-l4-payload-len":3546,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":298,"global_ts_usec":1685768356139839} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685768356139839,"flow_src_last_pkt_time":1685768356139839,"flow_dst_last_pkt_time":1685768356139839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685768356139839,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"186.112.202.53","src_port":50660,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1685768356139839,"flow_dst_last_pkt_time":1685768356139839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685768356139839,"pkt":"xmjqc4OdPJTVQTiBCABFCABLLsoAACQRlZ5YH27bunDKNcXkAasAN1eeAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685768356139839,"flow_src_last_pkt_time":1685768356139839,"flow_dst_last_pkt_time":1685768356139839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685768356139839,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"186.112.202.53","src_port":50660,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1685765514548491,"flow_src_last_pkt_time":1685765514548505,"flow_dst_last_pkt_time":1685765514548491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685768356139839,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.144.84.62","src_port":31778,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":66,"packets-processed":65,"total-skipped-flows":0,"total-l4-payload-len":3593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":62,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":62,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":303,"global_ts_usec":1685771545738452} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":66,"packets-processed":65,"total-skipped-flows":0,"total-l4-payload-len":3593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":62,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":62,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":303,"global_ts_usec":1685771545738452} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685771545738452,"flow_src_last_pkt_time":1685771545738452,"flow_dst_last_pkt_time":1685771545738452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685771545738452,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.114.202.61","src_port":62892,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1685771545738452,"flow_dst_last_pkt_time":1685771545738452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685771545738452,"pkt":"AAwp30Y4PJTVQTiBCABFCABL4vwAACIR56cjAGRzpXLKPfWsAasANywSAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685771545738452,"flow_src_last_pkt_time":1685771545738452,"flow_dst_last_pkt_time":1685771545738452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685771545738452,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.114.202.61","src_port":62892,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685768356139839,"flow_src_last_pkt_time":1685768356139839,"flow_dst_last_pkt_time":1685768356139839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685771545738452,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"186.112.202.53","src_port":50660,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":3640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":63,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":63,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":308,"global_ts_usec":1685783660893661} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-payload-len":3640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":63,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":63,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":308,"global_ts_usec":1685783660893661} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685783660893661,"flow_src_last_pkt_time":1685783660893661,"flow_dst_last_pkt_time":1685783660893661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685783660893661,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.144.84.62","src_port":17423,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1685783660893661,"flow_dst_last_pkt_time":1685783660893661,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685783660893661,"pkt":"AAwp30Y4PJTVQTiBCABFAABLeWAAACcRWcMiZn14pZBUPkQPAasAN+smAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01076{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685783660893661,"flow_src_last_pkt_time":1685783660893661,"flow_dst_last_pkt_time":1685783660893661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685783660893661,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.144.84.62","src_port":17423,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685771545738452,"flow_src_last_pkt_time":1685771545738452,"flow_dst_last_pkt_time":1685771545738452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685783660893661,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.114.202.61","src_port":62892,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":68,"packets-processed":67,"total-skipped-flows":0,"total-l4-payload-len":3687,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":64,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":313,"global_ts_usec":1685786055859235} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":68,"packets-processed":67,"total-skipped-flows":0,"total-l4-payload-len":3687,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":64,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":313,"global_ts_usec":1685786055859235} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786055859235,"flow_src_last_pkt_time":1685786055859235,"flow_dst_last_pkt_time":1685786055859235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786055859235,"l3_proto":"ip4","src_ip":"70.232.230.229","dst_ip":"85.111.52.57","src_port":51197,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1685786055859235,"flow_dst_last_pkt_time":1685786055859235,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685786055859235,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbd9G6OblVW80Ocf9AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786055859235,"flow_src_last_pkt_time":1685786055859235,"flow_dst_last_pkt_time":1685786055859235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786055859235,"l3_proto":"ip4","src_ip":"70.232.230.229","dst_ip":"85.111.52.57","src_port":51197,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685783660893661,"flow_src_last_pkt_time":1685783660893661,"flow_dst_last_pkt_time":1685783660893661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786055859235,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.144.84.62","src_port":17423,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":69,"packets-processed":68,"total-skipped-flows":0,"total-l4-payload-len":3716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":318,"global_ts_usec":1685786672936242} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":69,"packets-processed":68,"total-skipped-flows":0,"total-l4-payload-len":3716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":318,"global_ts_usec":1685786672936242} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786672936242,"flow_src_last_pkt_time":1685786672936242,"flow_dst_last_pkt_time":1685786672936242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786672936242,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"165.144.84.62","src_port":51708,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1685786672936242,"flow_dst_last_pkt_time":1685786672936242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685786672936242,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRX96s7ZjRpZBUPsn8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786672936242,"flow_src_last_pkt_time":1685786672936242,"flow_dst_last_pkt_time":1685786672936242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786672936242,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"165.144.84.62","src_port":51708,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786055859235,"flow_src_last_pkt_time":1685786055859235,"flow_dst_last_pkt_time":1685786055859235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685786672936242,"l3_proto":"ip4","src_ip":"70.232.230.229","dst_ip":"85.111.52.57","src_port":51197,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":3745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":323,"global_ts_usec":1685787446315396} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":3745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":323,"global_ts_usec":1685787446315396} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685787446315396,"flow_src_last_pkt_time":1685787446315396,"flow_dst_last_pkt_time":1685787446315396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685787446315396,"l3_proto":"ip4","src_ip":"58.36.157.61","dst_ip":"74.111.203.55","src_port":53238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1685787446315396,"flow_dst_last_pkt_time":1685787446315396,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685787446315396,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRbFE6JJ09Sm\/LN8\/2AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685787446315396,"flow_src_last_pkt_time":1685787446315396,"flow_dst_last_pkt_time":1685787446315396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685787446315396,"l3_proto":"ip4","src_ip":"58.36.157.61","dst_ip":"74.111.203.55","src_port":53238,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685786672936242,"flow_src_last_pkt_time":1685786672936242,"flow_dst_last_pkt_time":1685786672936242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685787446315396,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"165.144.84.62","src_port":51708,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":3774,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":67,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":67,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":328,"global_ts_usec":1685789104454151} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":3774,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":67,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":67,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":328,"global_ts_usec":1685789104454151} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685789104454151,"flow_src_last_pkt_time":1685789104454151,"flow_dst_last_pkt_time":1685789104454151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685789104454151,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"85.111.52.57","src_port":37207,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1685789104454151,"flow_dst_last_pkt_time":1685789104454151,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685789104454151,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLkZcAACQRMtHjhlHUVW80OZFXAasAN4wrAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685789104454151,"flow_src_last_pkt_time":1685789104454151,"flow_dst_last_pkt_time":1685789104454151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685789104454151,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"85.111.52.57","src_port":37207,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685787446315396,"flow_src_last_pkt_time":1685787446315396,"flow_dst_last_pkt_time":1685787446315396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685789104454151,"l3_proto":"ip4","src_ip":"58.36.157.61","dst_ip":"74.111.203.55","src_port":53238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":72,"packets-processed":71,"total-skipped-flows":0,"total-l4-payload-len":3821,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":68,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":68,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":333,"global_ts_usec":1685798769239701} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":72,"packets-processed":71,"total-skipped-flows":0,"total-l4-payload-len":3821,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":68,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":68,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":333,"global_ts_usec":1685798769239701} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685798769239701,"flow_src_last_pkt_time":1685798769239701,"flow_dst_last_pkt_time":1685798769239701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685798769239701,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"85.111.52.57","src_port":51157,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1685798769239701,"flow_dst_last_pkt_time":1685798769239701,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685798769239701,"pkt":"moT+\/Ph8PJTVQTiBCABFCABL6mEAACIR4FInO4t5VW80OcfVAasAN1n5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685798769239701,"flow_src_last_pkt_time":1685798769239701,"flow_dst_last_pkt_time":1685798769239701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685798769239701,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"85.111.52.57","src_port":51157,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685789104454151,"flow_src_last_pkt_time":1685789104454151,"flow_dst_last_pkt_time":1685789104454151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685798769239701,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"85.111.52.57","src_port":37207,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":73,"packets-processed":72,"total-skipped-flows":0,"total-l4-payload-len":3868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":69,"total-idle-flows":68,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":338,"global_ts_usec":1685802654160689} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":73,"packets-processed":72,"total-skipped-flows":0,"total-l4-payload-len":3868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":69,"total-idle-flows":68,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":338,"global_ts_usec":1685802654160689} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685802654160689,"flow_src_last_pkt_time":1685802654160689,"flow_dst_last_pkt_time":1685802654160689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685802654160689,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.111.212.50","src_port":45177,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1685802654160689,"flow_dst_last_pkt_time":1685802654160689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685802654160689,"pkt":"AAwp30Y4PJTVQTiBCABFCABLGncAACQRqffjhlHUWm\/UMrB5AasAN20PAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685802654160689,"flow_src_last_pkt_time":1685802654160689,"flow_dst_last_pkt_time":1685802654160689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685802654160689,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.111.212.50","src_port":45177,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685798769239701,"flow_src_last_pkt_time":1685798769239701,"flow_dst_last_pkt_time":1685798769239701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685802654160689,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"85.111.52.57","src_port":51157,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":3915,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":343,"global_ts_usec":1685803636118223} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":3915,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":343,"global_ts_usec":1685803636118223} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685803636118223,"flow_src_last_pkt_time":1685803636118223,"flow_dst_last_pkt_time":1685803636118223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685803636118223,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"165.114.202.61","src_port":47772,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1685803636118223,"flow_dst_last_pkt_time":1685803636118223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685803636118223,"pkt":"AAwp30Y4PJTVQTiBCABFCABL\/N4AACQRx31nR5LepXLKPbqcAasAN2LaAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685803636118223,"flow_src_last_pkt_time":1685803636118223,"flow_dst_last_pkt_time":1685803636118223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685803636118223,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"165.114.202.61","src_port":47772,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685802654160689,"flow_src_last_pkt_time":1685802654160689,"flow_dst_last_pkt_time":1685802654160689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685803636118223,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.111.212.50","src_port":45177,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":75,"packets-processed":74,"total-skipped-flows":0,"total-l4-payload-len":3962,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":348,"global_ts_usec":1685804974645010} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":75,"packets-processed":74,"total-skipped-flows":0,"total-l4-payload-len":3962,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":348,"global_ts_usec":1685804974645010} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685804974645010,"flow_src_last_pkt_time":1685804974645010,"flow_dst_last_pkt_time":1685804974645010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685804974645010,"l3_proto":"ip4","src_ip":"238.132.112.150","dst_ip":"90.147.171.51","src_port":44248,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1685804974645010,"flow_dst_last_pkt_time":1685804974645010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685804974645010,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpTLuhHCWWpOrM6zYAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685804974645010,"flow_src_last_pkt_time":1685804974645010,"flow_dst_last_pkt_time":1685804974645010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685804974645010,"l3_proto":"ip4","src_ip":"238.132.112.150","dst_ip":"90.147.171.51","src_port":44248,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685803636118223,"flow_src_last_pkt_time":1685803636118223,"flow_dst_last_pkt_time":1685803636118223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685804974645010,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"165.114.202.61","src_port":47772,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":4060,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":72,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":72,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":353,"global_ts_usec":1685805765811289} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":4060,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":72,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":72,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":353,"global_ts_usec":1685805765811289} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685805765811289,"flow_src_last_pkt_time":1685805765811289,"flow_dst_last_pkt_time":1685805765811289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685805765811289,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":47037,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":1,"flow_src_last_pkt_time":1685805765811289,"flow_dst_last_pkt_time":1685805765811289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685805765811289,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPIRCw+GtJCVWpG0Ore9AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685805765811289,"flow_src_last_pkt_time":1685805765811289,"flow_dst_last_pkt_time":1685805765811289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685805765811289,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":47037,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -359,7 +359,7 @@ 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_src_last_pkt_time":1685806301914300,"flow_dst_last_pkt_time":1685806301914300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685806301914300,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSvsm2CTWm\/UMq27AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685806301914300,"flow_src_last_pkt_time":1685806301914300,"flow_dst_last_pkt_time":1685806301914300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685806301914300,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"90.111.212.50","src_port":44475,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685805765811289,"flow_src_last_pkt_time":1685805765811289,"flow_dst_last_pkt_time":1685805765811289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685806301914300,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":47037,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":78,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":4256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":74,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":74,"total-idle-flows":73,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":362,"global_ts_usec":1685809385375373} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":78,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":4256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":74,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":74,"total-idle-flows":73,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":362,"global_ts_usec":1685809385375373} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809385375373,"flow_src_last_pkt_time":1685809385375373,"flow_dst_last_pkt_time":1685809385375373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685809385375373,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"74.111.203.55","src_port":33156,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1685809385375373,"flow_dst_last_pkt_time":1685809385375373,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685809385375373,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAOsREge2tHiLSm\/LN4GEAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809385375373,"flow_src_last_pkt_time":1685809385375373,"flow_dst_last_pkt_time":1685809385375373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685809385375373,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"74.111.203.55","src_port":33156,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -368,7 +368,7 @@ 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1685809633823277,"flow_dst_last_pkt_time":1685809633823277,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685809633823277,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAPARqCMTY5OUWo0lOL+cAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809633823277,"flow_src_last_pkt_time":1685809633823277,"flow_dst_last_pkt_time":1685809633823277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685809633823277,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"90.141.37.56","src_port":49052,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809385375373,"flow_src_last_pkt_time":1685809385375373,"flow_dst_last_pkt_time":1685809385375373,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685809633823277,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"74.111.203.55","src_port":33156,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":80,"packets-processed":79,"total-skipped-flows":0,"total-l4-payload-len":4452,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":76,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":76,"total-idle-flows":75,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":371,"global_ts_usec":1685810288436552} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":80,"packets-processed":79,"total-skipped-flows":0,"total-l4-payload-len":4452,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":76,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":76,"total-idle-flows":75,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":371,"global_ts_usec":1685810288436552} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685810288436552,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685810288436552,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"165.114.202.61","src_port":44018,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685810288436552,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSkve7GapXLKPavyAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":80,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685810288436552,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685810288436552,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"165.114.202.61","src_port":44018,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -376,7 +376,7 @@ 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685810288436552,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsRrBkuZGGTpZBUPpILAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685810288436552,"flow_src_last_pkt_time":1685810288436552,"flow_dst_last_pkt_time":1685810288436552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685810288436552,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.144.84.62","src_port":37387,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685809633823277,"flow_src_last_pkt_time":1685809633823277,"flow_dst_last_pkt_time":1685809633823277,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685810288436552,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"90.141.37.56","src_port":49052,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":82,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":4648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":78,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":78,"total-idle-flows":76,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":379,"global_ts_usec":1685812438394439} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":82,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":4648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":78,"total-detection-updates":0,"total-updates":14,"current-active-flows":2,"total-active-flows":78,"total-idle-flows":76,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":379,"global_ts_usec":1685812438394439} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812438394439,"flow_src_last_pkt_time":1685812438394439,"flow_dst_last_pkt_time":1685812438394439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812438394439,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":48737,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1685812438394439,"flow_dst_last_pkt_time":1685812438394439,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685812438394439,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAOsREgyGtJCVunDKNb5hAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812438394439,"flow_src_last_pkt_time":1685812438394439,"flow_dst_last_pkt_time":1685812438394439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812438394439,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":48737,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -391,7 +391,7 @@ 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812825868185,"flow_src_last_pkt_time":1685812825868185,"flow_dst_last_pkt_time":1685812825868185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812825868185,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"85.111.52.57","src_port":35950,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812605076027,"flow_src_last_pkt_time":1685812605076027,"flow_dst_last_pkt_time":1685812605076027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812825868185,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"69.109.187.54","src_port":57533,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685812438394439,"flow_src_last_pkt_time":1685812438394439,"flow_dst_last_pkt_time":1685812438394439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685812825868185,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":48737,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":85,"packets-processed":84,"total-skipped-flows":0,"total-l4-payload-len":4942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":81,"total-detection-updates":0,"total-updates":15,"current-active-flows":1,"total-active-flows":81,"total-idle-flows":80,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":394,"global_ts_usec":1685823608659744} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":85,"packets-processed":84,"total-skipped-flows":0,"total-l4-payload-len":4942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":81,"total-detection-updates":0,"total-updates":15,"current-active-flows":1,"total-active-flows":81,"total-idle-flows":80,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":394,"global_ts_usec":1685823608659744} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685823608659744,"flow_src_last_pkt_time":1685823608659744,"flow_dst_last_pkt_time":1685823608659744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685823608659744,"l3_proto":"ip4","src_ip":"44.49.31.2","dst_ip":"90.147.171.51","src_port":51197,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_src_last_pkt_time":1685823608659744,"flow_dst_last_pkt_time":1685823608659744,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685823608659744,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXkwsMR8CWpOrM8f9AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685823608659744,"flow_src_last_pkt_time":1685823608659744,"flow_dst_last_pkt_time":1685823608659744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685823608659744,"l3_proto":"ip4","src_ip":"44.49.31.2","dst_ip":"90.147.171.51","src_port":51197,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -400,7 +400,7 @@ 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1685824045529363,"flow_dst_last_pkt_time":1685824045529363,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685824045529363,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPIRpTATY5KcWpG0OtRrAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685824045529363,"flow_src_last_pkt_time":1685824045529363,"flow_dst_last_pkt_time":1685824045529363,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685824045529363,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.145.180.58","src_port":54379,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685823608659744,"flow_src_last_pkt_time":1685823608659744,"flow_dst_last_pkt_time":1685823608659744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685824045529363,"l3_proto":"ip4","src_ip":"44.49.31.2","dst_ip":"90.147.171.51","src_port":51197,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":87,"packets-processed":86,"total-skipped-flows":0,"total-l4-payload-len":5069,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":83,"total-detection-updates":0,"total-updates":15,"current-active-flows":1,"total-active-flows":83,"total-idle-flows":82,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":403,"global_ts_usec":1685833753925206} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":87,"packets-processed":86,"total-skipped-flows":0,"total-l4-payload-len":5069,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":83,"total-detection-updates":0,"total-updates":15,"current-active-flows":1,"total-active-flows":83,"total-idle-flows":82,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":403,"global_ts_usec":1685833753925206} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833753925206,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685833753925206,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"69.109.187.54","src_port":55450,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685833753925206,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRXlSuMgcLRW27NtiaAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01067{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833753925206,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685833753925206,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"69.109.187.54","src_port":55450,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -409,28 +409,28 @@ 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":1685833820099618,"flow_dst_last_pkt_time":1685833820099618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685833820099618,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbfk62rixWm\/UMtMrAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833820099618,"flow_src_last_pkt_time":1685833820099618,"flow_dst_last_pkt_time":1685833820099618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685833820099618,"l3_proto":"ip4","src_ip":"58.218.184.177","dst_ip":"90.111.212.50","src_port":54059,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833753925206,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685833820099618,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"69.109.187.54","src_port":55450,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":89,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":5127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":85,"total-detection-updates":0,"total-updates":16,"current-active-flows":2,"total-active-flows":85,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":412,"global_ts_usec":1685837260196335} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":89,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":5127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":85,"total-detection-updates":0,"total-updates":16,"current-active-flows":2,"total-active-flows":85,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":412,"global_ts_usec":1685837260196335} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685837260196335,"flow_src_last_pkt_time":1685837260196335,"flow_dst_last_pkt_time":1685837260196335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685837260196335,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.145.180.58","src_port":40383,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1685837260196335,"flow_dst_last_pkt_time":1685837260196335,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685837260196335,"pkt":"bs1PogZtPJTVQTiBCABFCABLWQ0AACIRcZkfAJpyWpG0Op2\/AasAN4QBAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685837260196335,"flow_src_last_pkt_time":1685837260196335,"flow_dst_last_pkt_time":1685837260196335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685837260196335,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.145.180.58","src_port":40383,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833753925206,"flow_src_last_pkt_time":1685833753925206,"flow_dst_last_pkt_time":1685833753925206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685837260196335,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"69.109.187.54","src_port":55450,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685833820099618,"flow_src_last_pkt_time":1685833820099618,"flow_dst_last_pkt_time":1685833820099618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685837260196335,"l3_proto":"ip4","src_ip":"58.218.184.177","dst_ip":"90.111.212.50","src_port":54059,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":5174,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":86,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":86,"total-idle-flows":85,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":418,"global_ts_usec":1685838786050204} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":5174,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":86,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":86,"total-idle-flows":85,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":418,"global_ts_usec":1685838786050204} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685838786050204,"flow_src_last_pkt_time":1685838786050204,"flow_dst_last_pkt_time":1685838786050204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685838786050204,"l3_proto":"ip4","src_ip":"66.228.194.219","dst_ip":"186.112.202.53","src_port":53105,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":87,"flow_packet_id":1,"flow_src_last_pkt_time":1685838786050204,"flow_dst_last_pkt_time":1685838786050204,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685838786050204,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbcNC5MLbunDKNc9xAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685838786050204,"flow_src_last_pkt_time":1685838786050204,"flow_dst_last_pkt_time":1685838786050204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685838786050204,"l3_proto":"ip4","src_ip":"66.228.194.219","dst_ip":"186.112.202.53","src_port":53105,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685837260196335,"flow_src_last_pkt_time":1685837260196335,"flow_dst_last_pkt_time":1685837260196335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685838786050204,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.145.180.58","src_port":40383,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":5203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":87,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":87,"total-idle-flows":86,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":423,"global_ts_usec":1685845591689038} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-payload-len":5203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":87,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":87,"total-idle-flows":86,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":423,"global_ts_usec":1685845591689038} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685845591689038,"flow_src_last_pkt_time":1685845591689038,"flow_dst_last_pkt_time":1685845591689038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685845591689038,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":43759,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_src_last_pkt_time":1685845591689038,"flow_dst_last_pkt_time":1685845591689038,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1685845591689038,"pkt":"ipffLU2SPJTVQTiBCABFAABSAK0AAG0RE\/VDnxCWSm\/LN6rvAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685845591689038,"flow_src_last_pkt_time":1685845591689038,"flow_dst_last_pkt_time":1685845591689038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685845591689038,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":43759,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":87,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685838786050204,"flow_src_last_pkt_time":1685838786050204,"flow_dst_last_pkt_time":1685838786050204,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685845591689038,"l3_proto":"ip4","src_ip":"66.228.194.219","dst_ip":"186.112.202.53","src_port":53105,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":92,"packets-processed":91,"total-skipped-flows":0,"total-l4-payload-len":5257,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":88,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":88,"total-idle-flows":87,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":428,"global_ts_usec":1685846371302206} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":92,"packets-processed":91,"total-skipped-flows":0,"total-l4-payload-len":5257,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":88,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":88,"total-idle-flows":87,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":428,"global_ts_usec":1685846371302206} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685846371302206,"flow_src_last_pkt_time":1685846371302206,"flow_dst_last_pkt_time":1685846371302206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685846371302206,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":53596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_src_last_pkt_time":1685846371302206,"flow_dst_last_pkt_time":1685846371302206,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685846371302206,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMtFcAasAJRkeAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685846371302206,"flow_src_last_pkt_time":1685846371302206,"flow_dst_last_pkt_time":1685846371302206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685846371302206,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":53596,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685845591689038,"flow_src_last_pkt_time":1685845591689038,"flow_dst_last_pkt_time":1685845591689038,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685846371302206,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":43759,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":93,"packets-processed":92,"total-skipped-flows":0,"total-l4-payload-len":5286,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":89,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":89,"total-idle-flows":88,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":433,"global_ts_usec":1685847518566522} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":93,"packets-processed":92,"total-skipped-flows":0,"total-l4-payload-len":5286,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":89,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":89,"total-idle-flows":88,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":433,"global_ts_usec":1685847518566522} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685847518566522,"flow_src_last_pkt_time":1685847518566522,"flow_dst_last_pkt_time":1685847518566522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685847518566522,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":47879,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":90,"flow_packet_id":1,"flow_src_last_pkt_time":1685847518566522,"flow_dst_last_pkt_time":1685847518566522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685847518566522,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27NrsHAasAJS9xAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685847518566522,"flow_src_last_pkt_time":1685847518566522,"flow_dst_last_pkt_time":1685847518566522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685847518566522,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":47879,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -439,7 +439,7 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_src_last_pkt_time":1685848000557988,"flow_dst_last_pkt_time":1685848000557988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685848000557988,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM67xAasAJTuKAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685848000557988,"flow_src_last_pkt_time":1685848000557988,"flow_dst_last_pkt_time":1685848000557988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685848000557988,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":44785,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":90,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685847518566522,"flow_src_last_pkt_time":1685847518566522,"flow_dst_last_pkt_time":1685847518566522,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685848000557988,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":47879,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":95,"packets-processed":94,"total-skipped-flows":0,"total-l4-payload-len":5344,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":91,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":91,"total-idle-flows":90,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":442,"global_ts_usec":1685849540053899} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":95,"packets-processed":94,"total-skipped-flows":0,"total-l4-payload-len":5344,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":91,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":91,"total-idle-flows":90,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":442,"global_ts_usec":1685849540053899} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849540053899,"flow_src_last_pkt_time":1685849540053899,"flow_dst_last_pkt_time":1685849540053899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849540053899,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":51364,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":92,"flow_packet_id":1,"flow_src_last_pkt_time":1685849540053899,"flow_dst_last_pkt_time":1685849540053899,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685849540053899,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPsikAasAJSHMAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849540053899,"flow_src_last_pkt_time":1685849540053899,"flow_dst_last_pkt_time":1685849540053899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849540053899,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":51364,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -453,7 +453,7 @@ 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849733217189,"flow_src_last_pkt_time":1685849733217189,"flow_dst_last_pkt_time":1685849733217189,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849733217189,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":51228,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":92,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849540053899,"flow_src_last_pkt_time":1685849540053899,"flow_dst_last_pkt_time":1685849540053899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849733217189,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":51364,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685849664860009,"flow_src_last_pkt_time":1685849664860009,"flow_dst_last_pkt_time":1685849664860009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685849733217189,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":41690,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":98,"packets-processed":97,"total-skipped-flows":0,"total-l4-payload-len":5431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":94,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":94,"total-idle-flows":92,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":456,"global_ts_usec":1685851175046998} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":98,"packets-processed":97,"total-skipped-flows":0,"total-l4-payload-len":5431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":94,"total-detection-updates":0,"total-updates":18,"current-active-flows":2,"total-active-flows":94,"total-idle-flows":92,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":456,"global_ts_usec":1685851175046998} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851175046998,"flow_src_last_pkt_time":1685851175046998,"flow_dst_last_pkt_time":1685851175046998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851175046998,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.141.37.56","src_port":59682,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":95,"flow_packet_id":1,"flow_src_last_pkt_time":1685851175046998,"flow_dst_last_pkt_time":1685851175046998,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685851175046998,"pkt":"3jHC4dyOPJTVQTiBCABFCABL904AACIR01kj\/EVxWo0lOOkiAasANzigAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851175046998,"flow_src_last_pkt_time":1685851175046998,"flow_dst_last_pkt_time":1685851175046998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851175046998,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.141.37.56","src_port":59682,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -468,28 +468,28 @@ 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851372073022,"flow_src_last_pkt_time":1685851372073022,"flow_dst_last_pkt_time":1685851372073022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851372073022,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":40943,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851175046998,"flow_src_last_pkt_time":1685851175046998,"flow_dst_last_pkt_time":1685851175046998,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851372073022,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.141.37.56","src_port":59682,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851293085114,"flow_src_last_pkt_time":1685851293085114,"flow_dst_last_pkt_time":1685851293085114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685851372073022,"l3_proto":"ip4","src_ip":"208.209.71.22","dst_ip":"85.111.52.57","src_port":55733,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":101,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":5536,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":97,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":97,"total-idle-flows":95,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":471,"global_ts_usec":1685852052162325} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":101,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":5536,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":97,"total-detection-updates":0,"total-updates":20,"current-active-flows":2,"total-active-flows":97,"total-idle-flows":95,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":471,"global_ts_usec":1685852052162325} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685852052162325,"flow_src_last_pkt_time":1685852052162325,"flow_dst_last_pkt_time":1685852052162325,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685852052162325,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":33048,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_src_last_pkt_time":1685852052162325,"flow_dst_last_pkt_time":1685852052162325,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685852052162325,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPURKLTIH5CeWpG0OoEYAasAJWlaAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685852052162325,"flow_src_last_pkt_time":1685852052162325,"flow_dst_last_pkt_time":1685852052162325,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685852052162325,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":33048,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851293085114,"flow_src_last_pkt_time":1685851293085114,"flow_dst_last_pkt_time":1685851293085114,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685852052162325,"l3_proto":"ip4","src_ip":"208.209.71.22","dst_ip":"85.111.52.57","src_port":55733,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685851372073022,"flow_src_last_pkt_time":1685851372073022,"flow_dst_last_pkt_time":1685851372073022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685852052162325,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":40943,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":102,"packets-processed":101,"total-skipped-flows":0,"total-l4-payload-len":5565,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":98,"total-idle-flows":97,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":477,"global_ts_usec":1685860258822121} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":102,"packets-processed":101,"total-skipped-flows":0,"total-l4-payload-len":5565,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":98,"total-idle-flows":97,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":477,"global_ts_usec":1685860258822121} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685860258822121,"flow_src_last_pkt_time":1685860258822121,"flow_dst_last_pkt_time":1685860258822121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685860258822121,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":47964,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00644{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_src_last_pkt_time":1685860258822121,"flow_dst_last_pkt_time":1685860258822121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685860258822121,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAO0RqigTnLybunDKNbtcAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685860258822121,"flow_src_last_pkt_time":1685860258822121,"flow_dst_last_pkt_time":1685860258822121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685860258822121,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":47964,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685852052162325,"flow_src_last_pkt_time":1685852052162325,"flow_dst_last_pkt_time":1685852052162325,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685860258822121,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":33048,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":103,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":5663,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":99,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":99,"total-idle-flows":98,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":482,"global_ts_usec":1685863658998957} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":103,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":5663,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":99,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":99,"total-idle-flows":98,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":482,"global_ts_usec":1685863658998957} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685863658998957,"flow_src_last_pkt_time":1685863658998957,"flow_dst_last_pkt_time":1685863658998957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685863658998957,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":54477,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_src_last_pkt_time":1685863658998957,"flow_dst_last_pkt_time":1685863658998957,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685863658998957,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRYDnSDNiXWpG0OtTNAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685863658998957,"flow_src_last_pkt_time":1685863658998957,"flow_dst_last_pkt_time":1685863658998957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685863658998957,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":54477,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685860258822121,"flow_src_last_pkt_time":1685860258822121,"flow_dst_last_pkt_time":1685860258822121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685863658998957,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":47964,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":104,"packets-processed":103,"total-skipped-flows":0,"total-l4-payload-len":5692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":100,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":100,"total-idle-flows":99,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":487,"global_ts_usec":1685866496459415} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":104,"packets-processed":103,"total-skipped-flows":0,"total-l4-payload-len":5692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":100,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":100,"total-idle-flows":99,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":487,"global_ts_usec":1685866496459415} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685866496459415,"flow_src_last_pkt_time":1685866496459415,"flow_dst_last_pkt_time":1685866496459415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685866496459415,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"90.141.37.56","src_port":52969,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_src_last_pkt_time":1685866496459415,"flow_dst_last_pkt_time":1685866496459415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685866496459415,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRbM9GHGX8Wo0lOM7pAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685866496459415,"flow_src_last_pkt_time":1685866496459415,"flow_dst_last_pkt_time":1685866496459415,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685866496459415,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"90.141.37.56","src_port":52969,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685863658998957,"flow_src_last_pkt_time":1685863658998957,"flow_dst_last_pkt_time":1685863658998957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685866496459415,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":54477,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":105,"packets-processed":104,"total-skipped-flows":0,"total-l4-payload-len":5721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":101,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":101,"total-idle-flows":100,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":492,"global_ts_usec":1685868922612761} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":105,"packets-processed":104,"total-skipped-flows":0,"total-l4-payload-len":5721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":101,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":101,"total-idle-flows":100,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":492,"global_ts_usec":1685868922612761} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685868922612761,"flow_src_last_pkt_time":1685868922612761,"flow_dst_last_pkt_time":1685868922612761,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685868922612761,"l3_proto":"ip4","src_ip":"57.3.49.213","dst_ip":"74.111.203.55","src_port":25820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":102,"flow_packet_id":1,"flow_src_last_pkt_time":1685868922612761,"flow_dst_last_pkt_time":1685868922612761,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685868922612761,"pkt":"ipffLU2SPJTVQTiBCABFAAA+wDFAADQRPtU5AzHVSm\/LN2TcAasAKsLmAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685868922612761,"flow_src_last_pkt_time":1685868922612761,"flow_dst_last_pkt_time":1685868922612761,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685868922612761,"l3_proto":"ip4","src_ip":"57.3.49.213","dst_ip":"74.111.203.55","src_port":25820,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -498,7 +498,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":103,"flow_packet_id":1,"flow_src_last_pkt_time":1685869117973932,"flow_dst_last_pkt_time":1685869117973932,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685869117973932,"pkt":"bpHurUgdPJTVQTiBCABFAAA+ZfVAADQRmRxGwcb6RW27NnFTAasAKrZ6AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685869117973932,"flow_src_last_pkt_time":1685869117973932,"flow_dst_last_pkt_time":1685869117973932,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685869117973932,"l3_proto":"ip4","src_ip":"70.193.198.250","dst_ip":"69.109.187.54","src_port":29011,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685868922612761,"flow_src_last_pkt_time":1685868922612761,"flow_dst_last_pkt_time":1685868922612761,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685869117973932,"l3_proto":"ip4","src_ip":"57.3.49.213","dst_ip":"74.111.203.55","src_port":25820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-payload-len":5789,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":103,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":103,"total-idle-flows":102,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":501,"global_ts_usec":1685869695331980} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-payload-len":5789,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":103,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":103,"total-idle-flows":102,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":501,"global_ts_usec":1685869695331980} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685869695331980,"flow_src_last_pkt_time":1685869695331980,"flow_dst_last_pkt_time":1685869695331980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685869695331980,"l3_proto":"ip4","src_ip":"87.0.217.242","dst_ip":"85.111.52.57","src_port":54220,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_src_last_pkt_time":1685869695331980,"flow_dst_last_pkt_time":1685869695331980,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685869695331980,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+88RAADQRC1FXANnyVW80OdPMAasAKlQFAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685869695331980,"flow_src_last_pkt_time":1685869695331980,"flow_dst_last_pkt_time":1685869695331980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685869695331980,"l3_proto":"ip4","src_ip":"87.0.217.242","dst_ip":"85.111.52.57","src_port":54220,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -507,7 +507,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_src_last_pkt_time":1685870241871015,"flow_dst_last_pkt_time":1685870241871015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685870241871015,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+NXBAADQRyYU2+8bepZBUPqAmAasAKoeLAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01076{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870241871015,"flow_src_last_pkt_time":1685870241871015,"flow_dst_last_pkt_time":1685870241871015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870241871015,"l3_proto":"ip4","src_ip":"54.251.198.222","dst_ip":"165.144.84.62","src_port":40998,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685869695331980,"flow_src_last_pkt_time":1685869695331980,"flow_dst_last_pkt_time":1685869695331980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870241871015,"l3_proto":"ip4","src_ip":"87.0.217.242","dst_ip":"85.111.52.57","src_port":54220,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":109,"packets-processed":108,"total-skipped-flows":0,"total-l4-payload-len":5857,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":510,"global_ts_usec":1685870479493725} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":109,"packets-processed":108,"total-skipped-flows":0,"total-l4-payload-len":5857,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":510,"global_ts_usec":1685870479493725} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870479493725,"flow_src_last_pkt_time":1685870479493725,"flow_dst_last_pkt_time":1685870479493725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870479493725,"l3_proto":"ip4","src_ip":"87.39.57.211","dst_ip":"90.141.37.56","src_port":42486,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_src_last_pkt_time":1685870479493725,"flow_dst_last_pkt_time":1685870479493725,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685870479493725,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+4zlAADQRG81XJznTWo0lOKX2AasAKoHMAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870479493725,"flow_src_last_pkt_time":1685870479493725,"flow_dst_last_pkt_time":1685870479493725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685870479493725,"l3_proto":"ip4","src_ip":"87.39.57.211","dst_ip":"90.141.37.56","src_port":42486,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -530,7 +530,7 @@ 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871075034933,"flow_src_last_pkt_time":1685871075034933,"flow_dst_last_pkt_time":1685871075034933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871075034933,"l3_proto":"ip4","src_ip":"168.222.38.193","dst_ip":"186.112.202.53","src_port":38055,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":108,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870800640514,"flow_src_last_pkt_time":1685870800640514,"flow_dst_last_pkt_time":1685870800640514,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871075034933,"l3_proto":"ip4","src_ip":"173.241.63.36","dst_ip":"74.111.203.55","src_port":56717,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870915573371,"flow_src_last_pkt_time":1685870915573371,"flow_dst_last_pkt_time":1685870915573371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871075034933,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"90.111.212.50","src_port":49798,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":114,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":6022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":110,"total-detection-updates":0,"total-updates":23,"current-active-flows":2,"total-active-flows":110,"total-idle-flows":108,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":533,"global_ts_usec":1685871093262888} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":114,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":6022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":110,"total-detection-updates":0,"total-updates":23,"current-active-flows":2,"total-active-flows":110,"total-idle-flows":108,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":533,"global_ts_usec":1685871093262888} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871093262888,"flow_src_last_pkt_time":1685871093262888,"flow_dst_last_pkt_time":1685871093262888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871093262888,"l3_proto":"ip4","src_ip":"46.204.255.75","dst_ip":"165.144.84.62","src_port":55098,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":111,"flow_packet_id":1,"flow_src_last_pkt_time":1685871093262888,"flow_dst_last_pkt_time":1685871093262888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685871093262888,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXosuzP9LpZBUPtc6AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871093262888,"flow_src_last_pkt_time":1685871093262888,"flow_dst_last_pkt_time":1685871093262888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871093262888,"l3_proto":"ip4","src_ip":"46.204.255.75","dst_ip":"165.144.84.62","src_port":55098,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -540,7 +540,7 @@ 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685870915573371,"flow_src_last_pkt_time":1685870915573371,"flow_dst_last_pkt_time":1685870915573371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871237861116,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"90.111.212.50","src_port":49798,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01114{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":110,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871075034933,"flow_src_last_pkt_time":1685871075034933,"flow_dst_last_pkt_time":1685871075034933,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871237861116,"l3_proto":"ip4","src_ip":"168.222.38.193","dst_ip":"186.112.202.53","src_port":38055,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685871093262888,"flow_src_last_pkt_time":1685871093262888,"flow_dst_last_pkt_time":1685871093262888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685871237861116,"l3_proto":"ip4","src_ip":"46.204.255.75","dst_ip":"165.144.84.62","src_port":55098,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":116,"packets-processed":115,"total-skipped-flows":0,"total-l4-payload-len":6085,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":0,"total-updates":25,"current-active-flows":3,"total-active-flows":112,"total-idle-flows":109,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":543,"global_ts_usec":1685872555023942} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":116,"packets-processed":115,"total-skipped-flows":0,"total-l4-payload-len":6085,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":0,"total-updates":25,"current-active-flows":3,"total-active-flows":112,"total-idle-flows":109,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":543,"global_ts_usec":1685872555023942} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872555023942,"flow_src_last_pkt_time":1685872555023942,"flow_dst_last_pkt_time":1685872555023942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685872555023942,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"165.114.202.61","src_port":62479,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_src_last_pkt_time":1685872555023942,"flow_dst_last_pkt_time":1685872555023942,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685872555023942,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+aWdAADQRlZGnOTHbpXLKPfQPAasAKjOlAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872555023942,"flow_src_last_pkt_time":1685872555023942,"flow_dst_last_pkt_time":1685872555023942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685872555023942,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"165.114.202.61","src_port":62479,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -551,27 +551,27 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_src_last_pkt_time":1685872858284372,"flow_dst_last_pkt_time":1685872858284372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685872858284372,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXklTDuAOpXLKPdm1AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872858284372,"flow_src_last_pkt_time":1685872858284372,"flow_dst_last_pkt_time":1685872858284372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685872858284372,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"165.114.202.61","src_port":55733,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872555023942,"flow_src_last_pkt_time":1685872555023942,"flow_dst_last_pkt_time":1685872555023942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685872858284372,"l3_proto":"ip4","src_ip":"167.57.49.219","dst_ip":"165.114.202.61","src_port":62479,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":118,"packets-processed":117,"total-skipped-flows":0,"total-l4-payload-len":6148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":114,"total-idle-flows":113,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":554,"global_ts_usec":1685882198118291} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":118,"packets-processed":117,"total-skipped-flows":0,"total-l4-payload-len":6148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":114,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":114,"total-idle-flows":113,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":554,"global_ts_usec":1685882198118291} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685882198118291,"flow_src_last_pkt_time":1685882198118291,"flow_dst_last_pkt_time":1685882198118291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685882198118291,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"69.109.187.54","src_port":43688,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":115,"flow_packet_id":1,"flow_src_last_pkt_time":1685882198118291,"flow_dst_last_pkt_time":1685882198118291,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685882198118291,"pkt":"bpHurUgdPJTVQTiBCABFCABLT4kAACIReyefPLR2RW27NqqoAasAN3ciAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685882198118291,"flow_src_last_pkt_time":1685882198118291,"flow_dst_last_pkt_time":1685882198118291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685882198118291,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"69.109.187.54","src_port":43688,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685872858284372,"flow_src_last_pkt_time":1685872858284372,"flow_dst_last_pkt_time":1685872858284372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685882198118291,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"165.114.202.61","src_port":55733,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":119,"packets-processed":118,"total-skipped-flows":0,"total-l4-payload-len":6195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":115,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":115,"total-idle-flows":114,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":559,"global_ts_usec":1685890136540249} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":119,"packets-processed":118,"total-skipped-flows":0,"total-l4-payload-len":6195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":115,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":115,"total-idle-flows":114,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":559,"global_ts_usec":1685890136540249} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685890136540249,"flow_src_last_pkt_time":1685890136540249,"flow_dst_last_pkt_time":1685890136540249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685890136540249,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.147.171.51","src_port":38375,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":1,"flow_src_last_pkt_time":1685890136540249,"flow_dst_last_pkt_time":1685890136540249,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685890136540249,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsREhCGtJCVWpOrM5XnAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685890136540249,"flow_src_last_pkt_time":1685890136540249,"flow_dst_last_pkt_time":1685890136540249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685890136540249,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.147.171.51","src_port":38375,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685882198118291,"flow_src_last_pkt_time":1685882198118291,"flow_dst_last_pkt_time":1685882198118291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685890136540249,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"69.109.187.54","src_port":43688,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":120,"packets-processed":119,"total-skipped-flows":0,"total-l4-payload-len":6293,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":116,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":116,"total-idle-flows":115,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":564,"global_ts_usec":1685893050953648} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":120,"packets-processed":119,"total-skipped-flows":0,"total-l4-payload-len":6293,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":116,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":116,"total-idle-flows":115,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":564,"global_ts_usec":1685893050953648} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685893050953648,"flow_src_last_pkt_time":1685893050953648,"flow_dst_last_pkt_time":1685893050953648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685893050953648,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.141.37.56","src_port":52853,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_src_last_pkt_time":1685893050953648,"flow_dst_last_pkt_time":1685893050953648,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685893050953648,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAOsREgqGtJCVWo0lOM51AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685893050953648,"flow_src_last_pkt_time":1685893050953648,"flow_dst_last_pkt_time":1685893050953648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685893050953648,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.141.37.56","src_port":52853,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685890136540249,"flow_src_last_pkt_time":1685890136540249,"flow_dst_last_pkt_time":1685890136540249,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685893050953648,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.147.171.51","src_port":38375,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":6391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":117,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":117,"total-idle-flows":116,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":569,"global_ts_usec":1685894881323596} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":6391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":117,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":117,"total-idle-flows":116,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":569,"global_ts_usec":1685894881323596} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685894881323596,"flow_src_last_pkt_time":1685894881323596,"flow_dst_last_pkt_time":1685894881323596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685894881323596,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"165.114.202.61","src_port":53222,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_src_last_pkt_time":1685894881323596,"flow_dst_last_pkt_time":1685894881323596,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685894881323596,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSrvZI2ZpXLKPc\/mAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685894881323596,"flow_src_last_pkt_time":1685894881323596,"flow_dst_last_pkt_time":1685894881323596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685894881323596,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"165.114.202.61","src_port":53222,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685893050953648,"flow_src_last_pkt_time":1685893050953648,"flow_dst_last_pkt_time":1685893050953648,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685894881323596,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.141.37.56","src_port":52853,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":122,"packets-processed":121,"total-skipped-flows":0,"total-l4-payload-len":6489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":118,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":118,"total-idle-flows":117,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":574,"global_ts_usec":1685895935303589} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":122,"packets-processed":121,"total-skipped-flows":0,"total-l4-payload-len":6489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":118,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":118,"total-idle-flows":117,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":574,"global_ts_usec":1685895935303589} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685895935303589,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685895935303589,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":34238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685895935303589,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqiQtY5KSWm\/UMoW+AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685895935303589,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685895935303589,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":34238,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -580,13 +580,13 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":120,"flow_packet_id":1,"flow_src_last_pkt_time":1685896082620616,"flow_dst_last_pkt_time":1685896082620616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685896082620616,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RD\/62tHiLpZBUPuqLAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685896082620616,"flow_src_last_pkt_time":1685896082620616,"flow_dst_last_pkt_time":1685896082620616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685896082620616,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":60043,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685895935303589,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685896082620616,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":34238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":124,"packets-processed":123,"total-skipped-flows":0,"total-l4-payload-len":6685,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":120,"total-detection-updates":0,"total-updates":26,"current-active-flows":2,"total-active-flows":120,"total-idle-flows":118,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":583,"global_ts_usec":1685898155508793} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":124,"packets-processed":123,"total-skipped-flows":0,"total-l4-payload-len":6685,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":120,"total-detection-updates":0,"total-updates":26,"current-active-flows":2,"total-active-flows":120,"total-idle-flows":118,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":583,"global_ts_usec":1685898155508793} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685898155508793,"flow_src_last_pkt_time":1685898155508793,"flow_dst_last_pkt_time":1685898155508793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685898155508793,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"74.111.203.55","src_port":55816,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":121,"flow_packet_id":1,"flow_src_last_pkt_time":1685898155508793,"flow_dst_last_pkt_time":1685898155508793,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685898155508793,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAO0RqiIuZGGTSm\/LN9oIAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685898155508793,"flow_src_last_pkt_time":1685898155508793,"flow_dst_last_pkt_time":1685898155508793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685898155508793,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"74.111.203.55","src_port":55816,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685896082620616,"flow_src_last_pkt_time":1685896082620616,"flow_dst_last_pkt_time":1685896082620616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685898155508793,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":60043,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685895935303589,"flow_src_last_pkt_time":1685895935303589,"flow_dst_last_pkt_time":1685895935303589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685898155508793,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":34238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":125,"packets-processed":124,"total-skipped-flows":0,"total-l4-payload-len":6783,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":121,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":121,"total-idle-flows":120,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":589,"global_ts_usec":1685900239002858} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":125,"packets-processed":124,"total-skipped-flows":0,"total-l4-payload-len":6783,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":121,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":121,"total-idle-flows":120,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":589,"global_ts_usec":1685900239002858} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900239002858,"flow_src_last_pkt_time":1685900239002858,"flow_dst_last_pkt_time":1685900239002858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900239002858,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"69.109.187.54","src_port":47805,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":122,"flow_packet_id":1,"flow_src_last_pkt_time":1685900239002858,"flow_dst_last_pkt_time":1685900239002858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685900239002858,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPMRpTIve7GaRW27Nrq9AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900239002858,"flow_src_last_pkt_time":1685900239002858,"flow_dst_last_pkt_time":1685900239002858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900239002858,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"69.109.187.54","src_port":47805,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -599,7 +599,7 @@ 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900456106642,"flow_src_last_pkt_time":1685900456106642,"flow_dst_last_pkt_time":1685900456106642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900456106642,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"186.112.202.53","src_port":39226,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":122,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900239002858,"flow_src_last_pkt_time":1685900239002858,"flow_dst_last_pkt_time":1685900239002858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900456106642,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"69.109.187.54","src_port":47805,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685900274127763,"flow_src_last_pkt_time":1685900274127763,"flow_dst_last_pkt_time":1685900274127763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685900456106642,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":51113,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":128,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":7077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":124,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":124,"total-idle-flows":123,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":602,"global_ts_usec":1685915408138503} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":128,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":7077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":124,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":124,"total-idle-flows":123,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":602,"global_ts_usec":1685915408138503} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915408138503,"flow_src_last_pkt_time":1685915408138503,"flow_dst_last_pkt_time":1685915408138503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685915408138503,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":9681,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":125,"flow_packet_id":1,"flow_src_last_pkt_time":1685915408138503,"flow_dst_last_pkt_time":1685915408138503,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685915408138503,"pkt":"AAwp30Y4PJTVQTiBCABFCABLkhwAACIROIkjAGRzpZBUPiXRAasAN\/vuAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915408138503,"flow_src_last_pkt_time":1685915408138503,"flow_dst_last_pkt_time":1685915408138503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685915408138503,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":9681,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -608,32 +608,32 @@ 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_src_last_pkt_time":1685915597923295,"flow_dst_last_pkt_time":1685915597923295,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685915597923295,"pkt":"ipffLU2SPJTVQTiBCABFAABLM0cAACcRn97invx\/Sm\/LN2ATAasAN88kAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915597923295,"flow_src_last_pkt_time":1685915597923295,"flow_dst_last_pkt_time":1685915597923295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685915597923295,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"74.111.203.55","src_port":24595,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915408138503,"flow_src_last_pkt_time":1685915408138503,"flow_dst_last_pkt_time":1685915408138503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685915597923295,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":9681,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":130,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":7171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":126,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":126,"total-idle-flows":125,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":611,"global_ts_usec":1685918860009356} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":130,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":7171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":126,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":126,"total-idle-flows":125,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":611,"global_ts_usec":1685918860009356} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685918860009356,"flow_src_last_pkt_time":1685918860009356,"flow_dst_last_pkt_time":1685918860009356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685918860009356,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"74.111.203.55","src_port":56086,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_src_last_pkt_time":1685918860009356,"flow_dst_last_pkt_time":1685918860009356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685918860009356,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbX1CGOFNSm\/LN9sWAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685918860009356,"flow_src_last_pkt_time":1685918860009356,"flow_dst_last_pkt_time":1685918860009356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685918860009356,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"74.111.203.55","src_port":56086,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685915597923295,"flow_src_last_pkt_time":1685915597923295,"flow_dst_last_pkt_time":1685915597923295,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685918860009356,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"74.111.203.55","src_port":24595,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":131,"packets-processed":130,"total-skipped-flows":0,"total-l4-payload-len":7200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":127,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":127,"total-idle-flows":126,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":616,"global_ts_usec":1685919707980290} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":131,"packets-processed":130,"total-skipped-flows":0,"total-l4-payload-len":7200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":127,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":127,"total-idle-flows":126,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":616,"global_ts_usec":1685919707980290} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685919707980290,"flow_src_last_pkt_time":1685919707980290,"flow_dst_last_pkt_time":1685919707980290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685919707980290,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"90.145.180.58","src_port":49307,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":128,"flow_packet_id":1,"flow_src_last_pkt_time":1685919707980290,"flow_dst_last_pkt_time":1685919707980290,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685919707980290,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRX0xTDuAOWpG0OsCbAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685919707980290,"flow_src_last_pkt_time":1685919707980290,"flow_dst_last_pkt_time":1685919707980290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685919707980290,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"90.145.180.58","src_port":49307,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685918860009356,"flow_src_last_pkt_time":1685918860009356,"flow_dst_last_pkt_time":1685918860009356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685919707980290,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"74.111.203.55","src_port":56086,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":132,"packets-processed":131,"total-skipped-flows":0,"total-l4-payload-len":7229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":128,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":128,"total-idle-flows":127,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":621,"global_ts_usec":1685923909350319} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":132,"packets-processed":131,"total-skipped-flows":0,"total-l4-payload-len":7229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":128,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":128,"total-idle-flows":127,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":621,"global_ts_usec":1685923909350319} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685923909350319,"flow_src_last_pkt_time":1685923909350319,"flow_dst_last_pkt_time":1685923909350319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685923909350319,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.141.37.56","src_port":44099,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":129,"flow_packet_id":1,"flow_src_last_pkt_time":1685923909350319,"flow_dst_last_pkt_time":1685923909350319,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685923909350319,"pkt":"3jHC4dyOPJTVQTiBCABFAABLfvwAACcRVCBiZ\/1zWo0lOKxDAasAN4LrAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685923909350319,"flow_src_last_pkt_time":1685923909350319,"flow_dst_last_pkt_time":1685923909350319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685923909350319,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.141.37.56","src_port":44099,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685919707980290,"flow_src_last_pkt_time":1685919707980290,"flow_dst_last_pkt_time":1685919707980290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685923909350319,"l3_proto":"ip4","src_ip":"83.14.224.14","dst_ip":"90.145.180.58","src_port":49307,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":133,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":7276,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":129,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":129,"total-idle-flows":128,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":626,"global_ts_usec":1685927801125774} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":133,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":7276,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":129,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":129,"total-idle-flows":128,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":626,"global_ts_usec":1685927801125774} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685927801125774,"flow_src_last_pkt_time":1685927801125774,"flow_dst_last_pkt_time":1685927801125774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685927801125774,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"165.114.202.61","src_port":29946,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1685927801125774,"flow_dst_last_pkt_time":1685927801125774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685927801125774,"pkt":"AAwp30Y4PJTVQTiBCABFAABLN1kAACcRm8DigHp2pXLKPXT6AasAN7oxAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685927801125774,"flow_src_last_pkt_time":1685927801125774,"flow_dst_last_pkt_time":1685927801125774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685927801125774,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"165.114.202.61","src_port":29946,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685923909350319,"flow_src_last_pkt_time":1685923909350319,"flow_dst_last_pkt_time":1685923909350319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685927801125774,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.141.37.56","src_port":44099,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":134,"packets-processed":133,"total-skipped-flows":0,"total-l4-payload-len":7323,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":130,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":130,"total-idle-flows":129,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":631,"global_ts_usec":1685929607649688} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":134,"packets-processed":133,"total-skipped-flows":0,"total-l4-payload-len":7323,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":130,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":130,"total-idle-flows":129,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":631,"global_ts_usec":1685929607649688} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929607649688,"flow_src_last_pkt_time":1685929607649688,"flow_dst_last_pkt_time":1685929607649688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929607649688,"l3_proto":"ip4","src_ip":"64.63.219.226","dst_ip":"90.147.171.51","src_port":57092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_src_last_pkt_time":1685929607649688,"flow_dst_last_pkt_time":1685929607649688,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685929607649688,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+dqxAADQRKhJAP9viWpOrM98EAasAKup1AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685929607649688,"flow_src_last_pkt_time":1685929607649688,"flow_dst_last_pkt_time":1685929607649688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929607649688,"l3_proto":"ip4","src_ip":"64.63.219.226","dst_ip":"90.147.171.51","src_port":57092,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685927801125774,"flow_src_last_pkt_time":1685927801125774,"flow_dst_last_pkt_time":1685927801125774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685929607649688,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"165.114.202.61","src_port":29946,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":135,"packets-processed":134,"total-skipped-flows":0,"total-l4-payload-len":7357,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":131,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":131,"total-idle-flows":130,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":636,"global_ts_usec":1685930408325419} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":135,"packets-processed":134,"total-skipped-flows":0,"total-l4-payload-len":7357,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":131,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":131,"total-idle-flows":130,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":636,"global_ts_usec":1685930408325419} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685930408325419,"flow_src_last_pkt_time":1685930408325419,"flow_dst_last_pkt_time":1685930408325419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685930408325419,"l3_proto":"ip4","src_ip":"160.184.203.250","dst_ip":"74.111.203.55","src_port":41825,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_src_last_pkt_time":1685930408325419,"flow_dst_last_pkt_time":1685930408325419,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685930408325419,"pkt":"ipffLU2SPJTVQTiBCABFAAA+RodAADQRWiiguMv6Sm\/LN6NhAasAKiYKAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685930408325419,"flow_src_last_pkt_time":1685930408325419,"flow_dst_last_pkt_time":1685930408325419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685930408325419,"l3_proto":"ip4","src_ip":"160.184.203.250","dst_ip":"74.111.203.55","src_port":41825,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -642,7 +642,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_src_last_pkt_time":1685930521950503,"flow_dst_last_pkt_time":1685930521950503,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685930521950503,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+FB1AADQRjJVAP9vipXLKPd8EAasAKuppAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685930521950503,"flow_src_last_pkt_time":1685930521950503,"flow_dst_last_pkt_time":1685930521950503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685930521950503,"l3_proto":"ip4","src_ip":"64.63.219.226","dst_ip":"165.114.202.61","src_port":57092,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01114{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685930408325419,"flow_src_last_pkt_time":1685930408325419,"flow_dst_last_pkt_time":1685930408325419,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685930521950503,"l3_proto":"ip4","src_ip":"160.184.203.250","dst_ip":"74.111.203.55","src_port":41825,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":137,"packets-processed":136,"total-skipped-flows":0,"total-l4-payload-len":7425,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":133,"total-detection-updates":0,"total-updates":27,"current-active-flows":2,"total-active-flows":133,"total-idle-flows":131,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":645,"global_ts_usec":1685931213042208} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":137,"packets-processed":136,"total-skipped-flows":0,"total-l4-payload-len":7425,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":133,"total-detection-updates":0,"total-updates":27,"current-active-flows":2,"total-active-flows":133,"total-idle-flows":131,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":645,"global_ts_usec":1685931213042208} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931213042208,"flow_src_last_pkt_time":1685931213042208,"flow_dst_last_pkt_time":1685931213042208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931213042208,"l3_proto":"ip4","src_ip":"64.71.218.224","dst_ip":"85.111.52.57","src_port":20366,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":134,"flow_packet_id":1,"flow_src_last_pkt_time":1685931213042208,"flow_dst_last_pkt_time":1685931213042208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685931213042208,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+edhAADQRJt1AR9rgVW80OU+OAasAKnnjAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931213042208,"flow_src_last_pkt_time":1685931213042208,"flow_dst_last_pkt_time":1685931213042208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931213042208,"l3_proto":"ip4","src_ip":"64.71.218.224","dst_ip":"85.111.52.57","src_port":20366,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -661,17 +661,17 @@ 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931328327343,"flow_src_last_pkt_time":1685931328327343,"flow_dst_last_pkt_time":1685931328327343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931793309466,"l3_proto":"ip4","src_ip":"64.65.52.246","dst_ip":"165.144.84.62","src_port":10179,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931339492549,"flow_src_last_pkt_time":1685931339492549,"flow_dst_last_pkt_time":1685931339492549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931793309466,"l3_proto":"ip4","src_ip":"64.63.219.226","dst_ip":"90.141.37.56","src_port":10207,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":134,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931213042208,"flow_src_last_pkt_time":1685931213042208,"flow_dst_last_pkt_time":1685931213042208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685931793309466,"l3_proto":"ip4","src_ip":"64.71.218.224","dst_ip":"85.111.52.57","src_port":20366,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":141,"packets-processed":140,"total-skipped-flows":0,"total-l4-payload-len":7561,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":137,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":137,"total-idle-flows":136,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":664,"global_ts_usec":1685932001528402} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":141,"packets-processed":140,"total-skipped-flows":0,"total-l4-payload-len":7561,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":137,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":137,"total-idle-flows":136,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":664,"global_ts_usec":1685932001528402} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932001528402,"flow_src_last_pkt_time":1685932001528402,"flow_dst_last_pkt_time":1685932001528402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932001528402,"l3_proto":"ip4","src_ip":"65.62.197.248","dst_ip":"69.109.187.54","src_port":45675,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":138,"flow_packet_id":1,"flow_src_last_pkt_time":1685932001528402,"flow_dst_last_pkt_time":1685932001528402,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1685932001528402,"pkt":"bpHurUgdPJTVQTiBCABFAAA++0RAADQRpWtBPsX4RW27NrJrAasAKhcBAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932001528402,"flow_src_last_pkt_time":1685932001528402,"flow_dst_last_pkt_time":1685932001528402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932001528402,"l3_proto":"ip4","src_ip":"65.62.197.248","dst_ip":"69.109.187.54","src_port":45675,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685931793309466,"flow_src_last_pkt_time":1685931793309466,"flow_dst_last_pkt_time":1685931793309466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932001528402,"l3_proto":"ip4","src_ip":"161.193.58.225","dst_ip":"186.112.202.53","src_port":64776,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":142,"packets-processed":141,"total-skipped-flows":0,"total-l4-payload-len":7595,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":138,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":138,"total-idle-flows":137,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":669,"global_ts_usec":1685932876135808} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":142,"packets-processed":141,"total-skipped-flows":0,"total-l4-payload-len":7595,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":138,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":138,"total-idle-flows":137,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":669,"global_ts_usec":1685932876135808} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932876135808,"flow_src_last_pkt_time":1685932876135808,"flow_dst_last_pkt_time":1685932876135808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932876135808,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"165.144.84.62","src_port":48728,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_src_last_pkt_time":1685932876135808,"flow_dst_last_pkt_time":1685932876135808,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685932876135808,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAPARqBoQY5OSpZBUPr5YAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932876135808,"flow_src_last_pkt_time":1685932876135808,"flow_dst_last_pkt_time":1685932876135808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932876135808,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"165.144.84.62","src_port":48728,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685932001528402,"flow_src_last_pkt_time":1685932001528402,"flow_dst_last_pkt_time":1685932001528402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685932876135808,"l3_proto":"ip4","src_ip":"65.62.197.248","dst_ip":"69.109.187.54","src_port":45675,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":143,"packets-processed":142,"total-skipped-flows":0,"total-l4-payload-len":7693,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":139,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":139,"total-idle-flows":138,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":674,"global_ts_usec":1685933841851094} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":143,"packets-processed":142,"total-skipped-flows":0,"total-l4-payload-len":7693,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":139,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":139,"total-idle-flows":138,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":674,"global_ts_usec":1685933841851094} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685933841851094,"flow_src_last_pkt_time":1685933841851094,"flow_dst_last_pkt_time":1685933841851094,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685933841851094,"l3_proto":"ip4","src_ip":"75.153.126.243","dst_ip":"69.109.187.54","src_port":54378,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":140,"flow_packet_id":1,"flow_src_last_pkt_time":1685933841851094,"flow_dst_last_pkt_time":1685933841851094,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1685933841851094,"pkt":"bpHurUgdPJTVQTiBCABFAABU0ltAADQRvvtLmX7zRW27NtRqAasAQAAAAgEAADggAAAAAGqbAAJlbgAAABdzZXJ2aWNlOmRpcmVjdG9yeS1hZ2VudAAHZGVmYXVsdAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685933841851094,"flow_src_last_pkt_time":1685933841851094,"flow_dst_last_pkt_time":1685933841851094,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685933841851094,"l3_proto":"ip4","src_ip":"75.153.126.243","dst_ip":"69.109.187.54","src_port":54378,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -680,7 +680,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":141,"flow_packet_id":1,"flow_src_last_pkt_time":1685934156732428,"flow_dst_last_pkt_time":1685934156732428,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685934156732428,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbI5G2LpnpZBUPtpIAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":141,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685934156732428,"flow_src_last_pkt_time":1685934156732428,"flow_dst_last_pkt_time":1685934156732428,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685934156732428,"l3_proto":"ip4","src_ip":"70.216.186.103","dst_ip":"165.144.84.62","src_port":55880,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":140,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685933841851094,"flow_src_last_pkt_time":1685933841851094,"flow_dst_last_pkt_time":1685933841851094,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685934156732428,"l3_proto":"ip4","src_ip":"75.153.126.243","dst_ip":"69.109.187.54","src_port":54378,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":145,"packets-processed":144,"total-skipped-flows":0,"total-l4-payload-len":7778,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":141,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":141,"total-idle-flows":140,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":683,"global_ts_usec":1685949298361033} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":145,"packets-processed":144,"total-skipped-flows":0,"total-l4-payload-len":7778,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":141,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":141,"total-idle-flows":140,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":683,"global_ts_usec":1685949298361033} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949298361033,"flow_src_last_pkt_time":1685949298361033,"flow_dst_last_pkt_time":1685949298361033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949298361033,"l3_proto":"ip4","src_ip":"82.14.191.177","dst_ip":"186.112.202.53","src_port":51704,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":142,"flow_packet_id":1,"flow_src_last_pkt_time":1685949298361033,"flow_dst_last_pkt_time":1685949298361033,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685949298361033,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPoRXw9SDr+xunDKNcn4AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949298361033,"flow_src_last_pkt_time":1685949298361033,"flow_dst_last_pkt_time":1685949298361033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949298361033,"l3_proto":"ip4","src_ip":"82.14.191.177","dst_ip":"186.112.202.53","src_port":51704,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -694,48 +694,48 @@ 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949575864849,"flow_src_last_pkt_time":1685949575864849,"flow_dst_last_pkt_time":1685949575864849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949575864849,"l3_proto":"ip4","src_ip":"166.235.162.1","dst_ip":"165.114.202.61","src_port":50338,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":142,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949298361033,"flow_src_last_pkt_time":1685949298361033,"flow_dst_last_pkt_time":1685949298361033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949575864849,"l3_proto":"ip4","src_ip":"82.14.191.177","dst_ip":"186.112.202.53","src_port":51704,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949441960339,"flow_src_last_pkt_time":1685949441960339,"flow_dst_last_pkt_time":1685949441960339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685949575864849,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"69.109.187.54","src_port":49306,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":148,"packets-processed":147,"total-skipped-flows":0,"total-l4-payload-len":7865,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":144,"total-detection-updates":0,"total-updates":30,"current-active-flows":2,"total-active-flows":144,"total-idle-flows":142,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":697,"global_ts_usec":1685950065516616} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":148,"packets-processed":147,"total-skipped-flows":0,"total-l4-payload-len":7865,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":144,"total-detection-updates":0,"total-updates":30,"current-active-flows":2,"total-active-flows":144,"total-idle-flows":142,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":697,"global_ts_usec":1685950065516616} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950065516616,"flow_src_last_pkt_time":1685950065516616,"flow_dst_last_pkt_time":1685950065516616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950065516616,"l3_proto":"ip4","src_ip":"38.238.166.9","dst_ip":"90.147.171.51","src_port":56529,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_src_last_pkt_time":1685950065516616,"flow_dst_last_pkt_time":1685950065516616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685950065516616,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbUAm7qYJWpOrM9zRAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950065516616,"flow_src_last_pkt_time":1685950065516616,"flow_dst_last_pkt_time":1685950065516616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950065516616,"l3_proto":"ip4","src_ip":"38.238.166.9","dst_ip":"90.147.171.51","src_port":56529,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949441960339,"flow_src_last_pkt_time":1685949441960339,"flow_dst_last_pkt_time":1685949441960339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950065516616,"l3_proto":"ip4","src_ip":"70.28.101.252","dst_ip":"69.109.187.54","src_port":49306,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685949575864849,"flow_src_last_pkt_time":1685949575864849,"flow_dst_last_pkt_time":1685949575864849,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950065516616,"l3_proto":"ip4","src_ip":"166.235.162.1","dst_ip":"165.114.202.61","src_port":50338,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":149,"packets-processed":148,"total-skipped-flows":0,"total-l4-payload-len":7894,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":145,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":145,"total-idle-flows":144,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":703,"global_ts_usec":1685950716132805} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":149,"packets-processed":148,"total-skipped-flows":0,"total-l4-payload-len":7894,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":145,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":145,"total-idle-flows":144,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":703,"global_ts_usec":1685950716132805} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950716132805,"flow_src_last_pkt_time":1685950716132805,"flow_dst_last_pkt_time":1685950716132805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950716132805,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.141.37.56","src_port":51495,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_src_last_pkt_time":1685950716132805,"flow_dst_last_pkt_time":1685950716132805,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685950716132805,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRX57OzBhaWo0lOMknAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950716132805,"flow_src_last_pkt_time":1685950716132805,"flow_dst_last_pkt_time":1685950716132805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950716132805,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.141.37.56","src_port":51495,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950065516616,"flow_src_last_pkt_time":1685950065516616,"flow_dst_last_pkt_time":1685950065516616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685950716132805,"l3_proto":"ip4","src_ip":"38.238.166.9","dst_ip":"90.147.171.51","src_port":56529,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":150,"packets-processed":149,"total-skipped-flows":0,"total-l4-payload-len":7923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":146,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":146,"total-idle-flows":145,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":708,"global_ts_usec":1685952673673917} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":150,"packets-processed":149,"total-skipped-flows":0,"total-l4-payload-len":7923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":146,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":146,"total-idle-flows":145,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":708,"global_ts_usec":1685952673673917} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685952673673917,"flow_src_last_pkt_time":1685952673673917,"flow_dst_last_pkt_time":1685952673673917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685952673673917,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"90.147.171.51","src_port":5073,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_src_last_pkt_time":1685952673673917,"flow_dst_last_pkt_time":1685952673673917,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685952673673917,"pkt":"AAwp30Y4PJTVQTiBCABFAABLLRsAACcRpgilgP10WpOrMxPRAasANxtlAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685952673673917,"flow_src_last_pkt_time":1685952673673917,"flow_dst_last_pkt_time":1685952673673917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685952673673917,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"90.147.171.51","src_port":5073,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685950716132805,"flow_src_last_pkt_time":1685950716132805,"flow_dst_last_pkt_time":1685950716132805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685952673673917,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.141.37.56","src_port":51495,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":151,"packets-processed":150,"total-skipped-flows":0,"total-l4-payload-len":7970,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":147,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":147,"total-idle-flows":146,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":713,"global_ts_usec":1685953474074395} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":151,"packets-processed":150,"total-skipped-flows":0,"total-l4-payload-len":7970,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":147,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":147,"total-idle-flows":146,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":713,"global_ts_usec":1685953474074395} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685953474074395,"flow_src_last_pkt_time":1685953474074395,"flow_dst_last_pkt_time":1685953474074395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685953474074395,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.111.212.50","src_port":56070,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_src_last_pkt_time":1685953474074395,"flow_dst_last_pkt_time":1685953474074395,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685953474074395,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbdLZH+f\/Wm\/UMtsGAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685953474074395,"flow_src_last_pkt_time":1685953474074395,"flow_dst_last_pkt_time":1685953474074395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685953474074395,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.111.212.50","src_port":56070,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685952673673917,"flow_src_last_pkt_time":1685952673673917,"flow_dst_last_pkt_time":1685952673673917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685953474074395,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"90.147.171.51","src_port":5073,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":152,"packets-processed":151,"total-skipped-flows":0,"total-l4-payload-len":7999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":148,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":148,"total-idle-flows":147,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":718,"global_ts_usec":1685956234214319} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":152,"packets-processed":151,"total-skipped-flows":0,"total-l4-payload-len":7999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":148,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":148,"total-idle-flows":147,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":718,"global_ts_usec":1685956234214319} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685956234214319,"flow_src_last_pkt_time":1685956234214319,"flow_dst_last_pkt_time":1685956234214319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685956234214319,"l3_proto":"ip4","src_ip":"28.102.134.210","dst_ip":"69.109.187.54","src_port":45382,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":149,"flow_packet_id":1,"flow_src_last_pkt_time":1685956234214319,"flow_dst_last_pkt_time":1685956234214319,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685956234214319,"pkt":"bpHurUgdPJTVQTiBCABFCABLd1MAACQRTR0cZobSRW27NrFGAasAN2xEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":152,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685956234214319,"flow_src_last_pkt_time":1685956234214319,"flow_dst_last_pkt_time":1685956234214319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685956234214319,"l3_proto":"ip4","src_ip":"28.102.134.210","dst_ip":"69.109.187.54","src_port":45382,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685953474074395,"flow_src_last_pkt_time":1685953474074395,"flow_dst_last_pkt_time":1685953474074395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685956234214319,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.111.212.50","src_port":56070,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":153,"packets-processed":152,"total-skipped-flows":0,"total-l4-payload-len":8046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":149,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":149,"total-idle-flows":148,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":723,"global_ts_usec":1685959206891430} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":153,"packets-processed":152,"total-skipped-flows":0,"total-l4-payload-len":8046,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":149,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":149,"total-idle-flows":148,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":723,"global_ts_usec":1685959206891430} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685959206891430,"flow_src_last_pkt_time":1685959206891430,"flow_dst_last_pkt_time":1685959206891430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685959206891430,"l3_proto":"ip4","src_ip":"173.241.63.36","dst_ip":"85.111.52.57","src_port":50984,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_src_last_pkt_time":1685959206891430,"flow_dst_last_pkt_time":1685959206891430,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1685959206891430,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRX32t8T8kVW80OccoAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685959206891430,"flow_src_last_pkt_time":1685959206891430,"flow_dst_last_pkt_time":1685959206891430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685959206891430,"l3_proto":"ip4","src_ip":"173.241.63.36","dst_ip":"85.111.52.57","src_port":50984,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":149,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685956234214319,"flow_src_last_pkt_time":1685956234214319,"flow_dst_last_pkt_time":1685956234214319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685959206891430,"l3_proto":"ip4","src_ip":"28.102.134.210","dst_ip":"69.109.187.54","src_port":45382,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":154,"packets-processed":153,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":150,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":150,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":728,"global_ts_usec":1685960845026064} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":154,"packets-processed":153,"total-skipped-flows":0,"total-l4-payload-len":8075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":150,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":150,"total-idle-flows":149,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":728,"global_ts_usec":1685960845026064} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685960845026064,"flow_src_last_pkt_time":1685960845026064,"flow_dst_last_pkt_time":1685960845026064,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685960845026064,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.111.212.50","src_port":60145,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":151,"flow_packet_id":1,"flow_src_last_pkt_time":1685960845026064,"flow_dst_last_pkt_time":1685960845026064,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685960845026064,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPER0yNRGCtqWm\/UMurxAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685960845026064,"flow_src_last_pkt_time":1685960845026064,"flow_dst_last_pkt_time":1685960845026064,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685960845026064,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.111.212.50","src_port":60145,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685959206891430,"flow_src_last_pkt_time":1685959206891430,"flow_dst_last_pkt_time":1685959206891430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685960845026064,"l3_proto":"ip4","src_ip":"173.241.63.36","dst_ip":"85.111.52.57","src_port":50984,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":155,"packets-processed":154,"total-skipped-flows":0,"total-l4-payload-len":8100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":151,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":151,"total-idle-flows":150,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":733,"global_ts_usec":1685964244002056} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":155,"packets-processed":154,"total-skipped-flows":0,"total-l4-payload-len":8100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":151,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":151,"total-idle-flows":150,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":733,"global_ts_usec":1685964244002056} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685964244002056,"flow_src_last_pkt_time":1685964244002056,"flow_dst_last_pkt_time":1685964244002056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685964244002056,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"74.111.203.55","src_port":57096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":152,"flow_packet_id":1,"flow_src_last_pkt_time":1685964244002056,"flow_dst_last_pkt_time":1685964244002056,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685964244002056,"pkt":"ipffLU2SPJTVQTiBCABFAAA11DEAAPER0yJRGCtqSm\/LN98IAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":152,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685964244002056,"flow_src_last_pkt_time":1685964244002056,"flow_dst_last_pkt_time":1685964244002056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685964244002056,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"74.111.203.55","src_port":57096,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685960845026064,"flow_src_last_pkt_time":1685960845026064,"flow_dst_last_pkt_time":1685960845026064,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685964244002056,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.111.212.50","src_port":60145,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":156,"packets-processed":155,"total-skipped-flows":0,"total-l4-payload-len":8125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":152,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":152,"total-idle-flows":151,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":738,"global_ts_usec":1685969568367700} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":156,"packets-processed":155,"total-skipped-flows":0,"total-l4-payload-len":8125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":152,"total-detection-updates":0,"total-updates":30,"current-active-flows":1,"total-active-flows":152,"total-idle-flows":151,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":738,"global_ts_usec":1685969568367700} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969568367700,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685969568367700,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"69.109.187.54","src_port":58419,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_packet_id":1,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685969568367700,"pkt":"bpHurUgdPJTVQTiBCABFAAA11DEAAPER0yFRGCtqRW27NuQzAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969568367700,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685969568367700,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"69.109.187.54","src_port":58419,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -744,13 +744,13 @@ 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":154,"flow_packet_id":1,"flow_src_last_pkt_time":1685969623534341,"flow_dst_last_pkt_time":1685969623534341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685969623534341,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA11DEAAPER0x1RGCtqVW80OcwTAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969623534341,"flow_src_last_pkt_time":1685969623534341,"flow_dst_last_pkt_time":1685969623534341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685969623534341,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"85.111.52.57","src_port":52243,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969568367700,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685969623534341,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"69.109.187.54","src_port":58419,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":158,"packets-processed":157,"total-skipped-flows":0,"total-l4-payload-len":8175,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":154,"total-detection-updates":0,"total-updates":31,"current-active-flows":2,"total-active-flows":154,"total-idle-flows":152,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":747,"global_ts_usec":1685976878692319} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":158,"packets-processed":157,"total-skipped-flows":0,"total-l4-payload-len":8175,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":154,"total-detection-updates":0,"total-updates":31,"current-active-flows":2,"total-active-flows":154,"total-idle-flows":152,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":747,"global_ts_usec":1685976878692319} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685976878692319,"flow_src_last_pkt_time":1685976878692319,"flow_dst_last_pkt_time":1685976878692319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685976878692319,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.144.84.62","src_port":39508,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_src_last_pkt_time":1685976878692319,"flow_dst_last_pkt_time":1685976878692319,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685976878692319,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPARDMdGtG\/xpZBUPppUAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685976878692319,"flow_src_last_pkt_time":1685976878692319,"flow_dst_last_pkt_time":1685976878692319,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685976878692319,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.144.84.62","src_port":39508,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":153,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969568367700,"flow_src_last_pkt_time":1685969568367700,"flow_dst_last_pkt_time":1685969568367700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685976878692319,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"69.109.187.54","src_port":58419,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":154,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685969623534341,"flow_src_last_pkt_time":1685969623534341,"flow_dst_last_pkt_time":1685969623534341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685976878692319,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"85.111.52.57","src_port":52243,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":159,"packets-processed":158,"total-skipped-flows":0,"total-l4-payload-len":8273,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":155,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":155,"total-idle-flows":154,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":753,"global_ts_usec":1685980039598832} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":159,"packets-processed":158,"total-skipped-flows":0,"total-l4-payload-len":8273,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":155,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":155,"total-idle-flows":154,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":753,"global_ts_usec":1685980039598832} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980039598832,"flow_src_last_pkt_time":1685980039598832,"flow_dst_last_pkt_time":1685980039598832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980039598832,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.111.212.50","src_port":45704,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_src_last_pkt_time":1685980039598832,"flow_dst_last_pkt_time":1685980039598832,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685980039598832,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSrQZLGIWm\/UMrKIAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980039598832,"flow_src_last_pkt_time":1685980039598832,"flow_dst_last_pkt_time":1685980039598832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980039598832,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.111.212.50","src_port":45704,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -759,7 +759,7 @@ 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":157,"flow_packet_id":1,"flow_src_last_pkt_time":1685980256079266,"flow_dst_last_pkt_time":1685980256079266,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685980256079266,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPER0xlRGCtqpZBUPrejAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980256079266,"flow_src_last_pkt_time":1685980256079266,"flow_dst_last_pkt_time":1685980256079266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980256079266,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"165.144.84.62","src_port":47011,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980039598832,"flow_src_last_pkt_time":1685980039598832,"flow_dst_last_pkt_time":1685980039598832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980256079266,"l3_proto":"ip4","src_ip":"208.100.177.136","dst_ip":"90.111.212.50","src_port":45704,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":161,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":8396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":157,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":157,"total-idle-flows":156,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":762,"global_ts_usec":1685980966068969} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":161,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":8396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":157,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":157,"total-idle-flows":156,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":762,"global_ts_usec":1685980966068969} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980966068969,"flow_src_last_pkt_time":1685980966068969,"flow_dst_last_pkt_time":1685980966068969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980966068969,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"69.109.187.54","src_port":33316,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":158,"flow_packet_id":1,"flow_src_last_pkt_time":1685980966068969,"flow_dst_last_pkt_time":1685980966068969,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685980966068969,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPIRCw62tHiLRW27NoIkAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980966068969,"flow_src_last_pkt_time":1685980966068969,"flow_dst_last_pkt_time":1685980966068969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685980966068969,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"69.109.187.54","src_port":33316,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -768,7 +768,7 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_src_last_pkt_time":1685981433727126,"flow_dst_last_pkt_time":1685981433727126,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685981433727126,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPIRCwu2tHiLWo0lOJWZAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685981433727126,"flow_src_last_pkt_time":1685981433727126,"flow_dst_last_pkt_time":1685981433727126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685981433727126,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":38297,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685980966068969,"flow_src_last_pkt_time":1685980966068969,"flow_dst_last_pkt_time":1685980966068969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685981433727126,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"69.109.187.54","src_port":33316,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":163,"packets-processed":162,"total-skipped-flows":0,"total-l4-payload-len":8592,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":159,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":159,"total-idle-flows":158,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":771,"global_ts_usec":1685983024598099} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":163,"packets-processed":162,"total-skipped-flows":0,"total-l4-payload-len":8592,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":159,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":159,"total-idle-flows":158,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":771,"global_ts_usec":1685983024598099} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983024598099,"flow_src_last_pkt_time":1685983024598099,"flow_dst_last_pkt_time":1685983024598099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983024598099,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":49217,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_src_last_pkt_time":1685983024598099,"flow_dst_last_pkt_time":1685983024598099,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685983024598099,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPMRCY72S2hzWpG0OsBBAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":163,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983024598099,"flow_src_last_pkt_time":1685983024598099,"flow_dst_last_pkt_time":1685983024598099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983024598099,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":49217,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -776,7 +776,7 @@ 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983044584108,"flow_src_last_pkt_time":1685983044584108,"flow_dst_last_pkt_time":1685983044584108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983044584108,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"186.112.202.53","src_port":50697,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_src_last_pkt_time":1685983044584108,"flow_dst_last_pkt_time":1685983044584108,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685983044584108,"pkt":"xmjqc4OdPJTVQTiBCABFAAB+1DEAAPMRCZP2S2hzunDKNcYJAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983044584108,"flow_src_last_pkt_time":1685983044584108,"flow_dst_last_pkt_time":1685983044584108,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983044584108,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"186.112.202.53","src_port":50697,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":165,"packets-processed":164,"total-skipped-flows":0,"total-l4-payload-len":8788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":161,"total-detection-updates":0,"total-updates":31,"current-active-flows":2,"total-active-flows":161,"total-idle-flows":159,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":779,"global_ts_usec":1685983887017305} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":165,"packets-processed":164,"total-skipped-flows":0,"total-l4-payload-len":8788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":161,"total-detection-updates":0,"total-updates":31,"current-active-flows":2,"total-active-flows":161,"total-idle-flows":159,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":779,"global_ts_usec":1685983887017305} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983887017305,"flow_src_last_pkt_time":1685983887017305,"flow_dst_last_pkt_time":1685983887017305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983887017305,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":57093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_src_last_pkt_time":1685983887017305,"flow_dst_last_pkt_time":1685983887017305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685983887017305,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPMRpTItfJOcVW80Od8FAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983887017305,"flow_src_last_pkt_time":1685983887017305,"flow_dst_last_pkt_time":1685983887017305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685983887017305,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":57093,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -786,7 +786,7 @@ 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":163,"flow_packet_id":1,"flow_src_last_pkt_time":1685984091734191,"flow_dst_last_pkt_time":1685984091734191,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685984091734191,"pkt":"3jHC4dyOPJTVQTiBCABFAAA11DEAAPER0x5RGCtqWo0lOO2PAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":163,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685984091734191,"flow_src_last_pkt_time":1685984091734191,"flow_dst_last_pkt_time":1685984091734191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685984091734191,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.141.37.56","src_port":60815,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685983887017305,"flow_src_last_pkt_time":1685983887017305,"flow_dst_last_pkt_time":1685983887017305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685984091734191,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"85.111.52.57","src_port":57093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":167,"packets-processed":166,"total-skipped-flows":0,"total-l4-payload-len":8911,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":163,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":163,"total-idle-flows":162,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":789,"global_ts_usec":1685986621173581} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":167,"packets-processed":166,"total-skipped-flows":0,"total-l4-payload-len":8911,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":163,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":163,"total-idle-flows":162,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":789,"global_ts_usec":1685986621173581} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986621173581,"flow_src_last_pkt_time":1685986621173581,"flow_dst_last_pkt_time":1685986621173581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685986621173581,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"74.111.203.55","src_port":34990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_src_last_pkt_time":1685986621173581,"flow_dst_last_pkt_time":1685986621173581,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685986621173581,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRCZX2S2hzSm\/LN4iuAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986621173581,"flow_src_last_pkt_time":1685986621173581,"flow_dst_last_pkt_time":1685986621173581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685986621173581,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"74.111.203.55","src_port":34990,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -798,54 +798,54 @@ 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986755864865,"flow_src_last_pkt_time":1685986755864865,"flow_dst_last_pkt_time":1685986755864865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685986755864865,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.114.202.61","src_port":39574,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":166,"flow_packet_id":1,"flow_src_last_pkt_time":1685986755864865,"flow_dst_last_pkt_time":1685986755864865,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1685986755864865,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPARDMe4tKjwpXLKPZqWAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986755864865,"flow_src_last_pkt_time":1685986755864865,"flow_dst_last_pkt_time":1685986755864865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685986755864865,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.114.202.61","src_port":39574,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":9205,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":166,"total-detection-updates":0,"total-updates":32,"current-active-flows":3,"total-active-flows":166,"total-idle-flows":163,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":801,"global_ts_usec":1685988729872897} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":9205,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":166,"total-detection-updates":0,"total-updates":32,"current-active-flows":3,"total-active-flows":166,"total-idle-flows":163,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":801,"global_ts_usec":1685988729872897} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685988729872897,"flow_src_last_pkt_time":1685988729872897,"flow_dst_last_pkt_time":1685988729872897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.147.171.51","src_port":58836,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":167,"flow_packet_id":1,"flow_src_last_pkt_time":1685988729872897,"flow_dst_last_pkt_time":1685988729872897,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1685988729872897,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPER0yRRGCtqWpOrM+XUAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685988729872897,"flow_src_last_pkt_time":1685988729872897,"flow_dst_last_pkt_time":1685988729872897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.147.171.51","src_port":58836,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":166,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986755864865,"flow_src_last_pkt_time":1685986755864865,"flow_dst_last_pkt_time":1685986755864865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"165.114.202.61","src_port":39574,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986621173581,"flow_src_last_pkt_time":1685986621173581,"flow_dst_last_pkt_time":1685986621173581,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"74.111.203.55","src_port":34990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685986711741123,"flow_src_last_pkt_time":1685986711741123,"flow_dst_last_pkt_time":1685986711741123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685988729872897,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"90.147.171.51","src_port":41989,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":171,"packets-processed":170,"total-skipped-flows":0,"total-l4-payload-len":9230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":167,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":167,"total-idle-flows":166,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":808,"global_ts_usec":1685993522728404} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":171,"packets-processed":170,"total-skipped-flows":0,"total-l4-payload-len":9230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":167,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":167,"total-idle-flows":166,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":808,"global_ts_usec":1685993522728404} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685993522728404,"flow_src_last_pkt_time":1685993522728404,"flow_dst_last_pkt_time":1685993522728404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685993522728404,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.147.171.51","src_port":1724,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":168,"flow_packet_id":1,"flow_src_last_pkt_time":1685993522728404,"flow_dst_last_pkt_time":1685993522728404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685993522728404,"pkt":"AAwp30Y4PJTVQTiBCABFCABLWP8AACIRca5kOJtwWpOrMwa8AasANxsMAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685993522728404,"flow_src_last_pkt_time":1685993522728404,"flow_dst_last_pkt_time":1685993522728404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685993522728404,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.147.171.51","src_port":1724,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":167,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685988729872897,"flow_src_last_pkt_time":1685988729872897,"flow_dst_last_pkt_time":1685988729872897,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685993522728404,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.147.171.51","src_port":58836,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":172,"packets-processed":171,"total-skipped-flows":0,"total-l4-payload-len":9277,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":168,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":168,"total-idle-flows":167,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":813,"global_ts_usec":1685998634406588} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":172,"packets-processed":171,"total-skipped-flows":0,"total-l4-payload-len":9277,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":168,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":168,"total-idle-flows":167,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":813,"global_ts_usec":1685998634406588} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685998634406588,"flow_src_last_pkt_time":1685998634406588,"flow_dst_last_pkt_time":1685998634406588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685998634406588,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"74.111.203.55","src_port":10457,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":169,"flow_packet_id":1,"flow_src_last_pkt_time":1685998634406588,"flow_dst_last_pkt_time":1685998634406588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1685998634406588,"pkt":"ipffLU2SPJTVQTiBCABFCABLN5cAACQRjNbjhlHUSm\/LNyjZAasAN\/SuAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685998634406588,"flow_src_last_pkt_time":1685998634406588,"flow_dst_last_pkt_time":1685998634406588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685998634406588,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"74.111.203.55","src_port":10457,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":168,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685993522728404,"flow_src_last_pkt_time":1685993522728404,"flow_dst_last_pkt_time":1685993522728404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685998634406588,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.147.171.51","src_port":1724,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":173,"packets-processed":172,"total-skipped-flows":0,"total-l4-payload-len":9324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":169,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":169,"total-idle-flows":168,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":818,"global_ts_usec":1685999686351420} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":173,"packets-processed":172,"total-skipped-flows":0,"total-l4-payload-len":9324,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":169,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":169,"total-idle-flows":168,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":818,"global_ts_usec":1685999686351420} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685999686351420,"flow_src_last_pkt_time":1685999686351420,"flow_dst_last_pkt_time":1685999686351420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685999686351420,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"74.111.203.55","src_port":6448,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_src_last_pkt_time":1685999686351420,"flow_dst_last_pkt_time":1685999686351420,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1685999686351420,"pkt":"ipffLU2SPJTVQTiBCABFAABUtPJAADQR3GZLiYbySm\/LNxkwAasAQAAAAgEAADggAAAAAGqbAAJlbgAAABdzZXJ2aWNlOmRpcmVjdG9yeS1hZ2VudAAHZGVmYXVsdAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685999686351420,"flow_src_last_pkt_time":1685999686351420,"flow_dst_last_pkt_time":1685999686351420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685999686351420,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"74.111.203.55","src_port":6448,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":169,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685998634406588,"flow_src_last_pkt_time":1685998634406588,"flow_dst_last_pkt_time":1685998634406588,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685999686351420,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"74.111.203.55","src_port":10457,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":174,"packets-processed":173,"total-skipped-flows":0,"total-l4-payload-len":9380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":170,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":170,"total-idle-flows":169,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":823,"global_ts_usec":1686000601569343} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":174,"packets-processed":173,"total-skipped-flows":0,"total-l4-payload-len":9380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":170,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":170,"total-idle-flows":169,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":823,"global_ts_usec":1686000601569343} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686000601569343,"flow_src_last_pkt_time":1686000601569343,"flow_dst_last_pkt_time":1686000601569343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686000601569343,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"165.144.84.62","src_port":2534,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":171,"flow_packet_id":1,"flow_src_last_pkt_time":1686000601569343,"flow_dst_last_pkt_time":1686000601569343,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686000601569343,"pkt":"AAwp30Y4PJTVQTiBCABFCABLI3sAACQRoOVbIWrapZBUPgnmAasANxOVAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686000601569343,"flow_src_last_pkt_time":1686000601569343,"flow_dst_last_pkt_time":1686000601569343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686000601569343,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"165.144.84.62","src_port":2534,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685999686351420,"flow_src_last_pkt_time":1685999686351420,"flow_dst_last_pkt_time":1685999686351420,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686000601569343,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"74.111.203.55","src_port":6448,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":175,"packets-processed":174,"total-skipped-flows":0,"total-l4-payload-len":9427,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":171,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":171,"total-idle-flows":170,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":828,"global_ts_usec":1686003718804460} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":175,"packets-processed":174,"total-skipped-flows":0,"total-l4-payload-len":9427,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":171,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":171,"total-idle-flows":170,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":828,"global_ts_usec":1686003718804460} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686003718804460,"flow_src_last_pkt_time":1686003718804460,"flow_dst_last_pkt_time":1686003718804460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686003718804460,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"85.111.52.57","src_port":6239,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":172,"flow_packet_id":1,"flow_src_last_pkt_time":1686003718804460,"flow_dst_last_pkt_time":1686003718804460,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686003718804460,"pkt":"moT+\/Ph8PJTVQTiBCABFAABLfOYAACcRVjsid3p+VW80ORhfAasANxbVAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686003718804460,"flow_src_last_pkt_time":1686003718804460,"flow_dst_last_pkt_time":1686003718804460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686003718804460,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"85.111.52.57","src_port":6239,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":171,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686000601569343,"flow_src_last_pkt_time":1686000601569343,"flow_dst_last_pkt_time":1686000601569343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686003718804460,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"165.144.84.62","src_port":2534,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":176,"packets-processed":175,"total-skipped-flows":0,"total-l4-payload-len":9474,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":172,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":172,"total-idle-flows":171,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":833,"global_ts_usec":1686005514515876} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":176,"packets-processed":175,"total-skipped-flows":0,"total-l4-payload-len":9474,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":172,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":172,"total-idle-flows":171,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":833,"global_ts_usec":1686005514515876} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686005514515876,"flow_src_last_pkt_time":1686005514515876,"flow_dst_last_pkt_time":1686005514515876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686005514515876,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":52664,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":1,"flow_src_last_pkt_time":1686005514515876,"flow_dst_last_pkt_time":1686005514515876,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686005514515876,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqhguZGGTpXLKPc24AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686005514515876,"flow_src_last_pkt_time":1686005514515876,"flow_dst_last_pkt_time":1686005514515876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686005514515876,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":52664,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":172,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686003718804460,"flow_src_last_pkt_time":1686003718804460,"flow_dst_last_pkt_time":1686003718804460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686005514515876,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"85.111.52.57","src_port":6239,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":177,"packets-processed":176,"total-skipped-flows":0,"total-l4-payload-len":9572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":173,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":173,"total-idle-flows":172,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":838,"global_ts_usec":1686006182252244} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":177,"packets-processed":176,"total-skipped-flows":0,"total-l4-payload-len":9572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":173,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":173,"total-idle-flows":172,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":838,"global_ts_usec":1686006182252244} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006182252244,"flow_src_last_pkt_time":1686006182252244,"flow_dst_last_pkt_time":1686006182252244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006182252244,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.145.180.58","src_port":48098,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":174,"flow_packet_id":1,"flow_src_last_pkt_time":1686006182252244,"flow_dst_last_pkt_time":1686006182252244,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686006182252244,"pkt":"bs1PogZtPJTVQTiBCABFAAA11DEAAPER0xtRGCtqWpG0OrviAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":177,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006182252244,"flow_src_last_pkt_time":1686006182252244,"flow_dst_last_pkt_time":1686006182252244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006182252244,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.145.180.58","src_port":48098,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":173,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686005514515876,"flow_src_last_pkt_time":1686005514515876,"flow_dst_last_pkt_time":1686005514515876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006182252244,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":52664,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":178,"packets-processed":177,"total-skipped-flows":0,"total-l4-payload-len":9597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":174,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":174,"total-idle-flows":173,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":843,"global_ts_usec":1686006861718393} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":178,"packets-processed":177,"total-skipped-flows":0,"total-l4-payload-len":9597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":174,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":174,"total-idle-flows":173,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":843,"global_ts_usec":1686006861718393} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006861718393,"flow_src_last_pkt_time":1686006861718393,"flow_dst_last_pkt_time":1686006861718393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006861718393,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"165.114.202.61","src_port":43525,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":1,"flow_src_last_pkt_time":1686006861718393,"flow_dst_last_pkt_time":1686006861718393,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686006861718393,"pkt":"AAwp30Y4PJTVQTiBCABFAAA11DEAAPER0xhRGCtqpXLKPaoFAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006861718393,"flow_src_last_pkt_time":1686006861718393,"flow_dst_last_pkt_time":1686006861718393,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006861718393,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"165.114.202.61","src_port":43525,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":174,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686006182252244,"flow_src_last_pkt_time":1686006182252244,"flow_dst_last_pkt_time":1686006182252244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686006861718393,"l3_proto":"ip4","src_ip":"81.24.43.106","dst_ip":"90.145.180.58","src_port":48098,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":179,"packets-processed":178,"total-skipped-flows":0,"total-l4-payload-len":9622,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":175,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":175,"total-idle-flows":174,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":848,"global_ts_usec":1686010416557191} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":179,"packets-processed":178,"total-skipped-flows":0,"total-l4-payload-len":9622,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":175,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":175,"total-idle-flows":174,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":848,"global_ts_usec":1686010416557191} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010416557191,"flow_src_last_pkt_time":1686010416557191,"flow_dst_last_pkt_time":1686010416557191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686010416557191,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"90.147.171.51","src_port":53342,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":176,"flow_packet_id":1,"flow_src_last_pkt_time":1686010416557191,"flow_dst_last_pkt_time":1686010416557191,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686010416557191,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbFkh2Fo4WpOrM9BeAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010416557191,"flow_src_last_pkt_time":1686010416557191,"flow_dst_last_pkt_time":1686010416557191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686010416557191,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"90.147.171.51","src_port":53342,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -854,12 +854,12 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":177,"flow_packet_id":1,"flow_src_last_pkt_time":1686010882769715,"flow_dst_last_pkt_time":1686010882769715,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686010882769715,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbWahL8clunDKNcNaAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010882769715,"flow_src_last_pkt_time":1686010882769715,"flow_dst_last_pkt_time":1686010882769715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686010882769715,"l3_proto":"ip4","src_ip":"161.47.199.37","dst_ip":"186.112.202.53","src_port":50010,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":176,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010416557191,"flow_src_last_pkt_time":1686010416557191,"flow_dst_last_pkt_time":1686010416557191,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686010882769715,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"90.147.171.51","src_port":53342,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":181,"packets-processed":180,"total-skipped-flows":0,"total-l4-payload-len":9680,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":177,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":177,"total-idle-flows":176,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":857,"global_ts_usec":1686014238036586} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":181,"packets-processed":180,"total-skipped-flows":0,"total-l4-payload-len":9680,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":177,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":177,"total-idle-flows":176,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":857,"global_ts_usec":1686014238036586} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686014238036586,"flow_src_last_pkt_time":1686014238036586,"flow_dst_last_pkt_time":1686014238036586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686014238036586,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"90.111.212.50","src_port":41596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":178,"flow_packet_id":1,"flow_src_last_pkt_time":1686014238036586,"flow_dst_last_pkt_time":1686014238036586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686014238036586,"pkt":"AAwp30Y4PJTVQTiBCABFAABLra8AACcRJW9dZnxwWm\/UMqJ8AasAN4y0AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686014238036586,"flow_src_last_pkt_time":1686014238036586,"flow_dst_last_pkt_time":1686014238036586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686014238036586,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"90.111.212.50","src_port":41596,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686010882769715,"flow_src_last_pkt_time":1686010882769715,"flow_dst_last_pkt_time":1686010882769715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686014238036586,"l3_proto":"ip4","src_ip":"161.47.199.37","dst_ip":"186.112.202.53","src_port":50010,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":182,"packets-processed":181,"total-skipped-flows":0,"total-l4-payload-len":9727,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":178,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":178,"total-idle-flows":177,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":862,"global_ts_usec":1686016759751712} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":182,"packets-processed":181,"total-skipped-flows":0,"total-l4-payload-len":9727,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":178,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":178,"total-idle-flows":177,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":862,"global_ts_usec":1686016759751712} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686016759751712,"flow_src_last_pkt_time":1686016759751712,"flow_dst_last_pkt_time":1686016759751712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686016759751712,"l3_proto":"ip4","src_ip":"119.34.147.222","dst_ip":"90.145.180.58","src_port":56878,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":179,"flow_packet_id":1,"flow_src_last_pkt_time":1686016759751712,"flow_dst_last_pkt_time":1686016759751712,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686016759751712,"pkt":"bs1PogZtPJTVQTiBCABFAAA+I89AADQRPpp3IpPeWpG0Ot4uAasAKqz2AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686016759751712,"flow_src_last_pkt_time":1686016759751712,"flow_dst_last_pkt_time":1686016759751712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686016759751712,"l3_proto":"ip4","src_ip":"119.34.147.222","dst_ip":"90.145.180.58","src_port":56878,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -881,7 +881,7 @@ 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686017305054145,"flow_src_last_pkt_time":1686017305054145,"flow_dst_last_pkt_time":1686017305054145,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686017305054145,"l3_proto":"ip4","src_ip":"185.97.76.211","dst_ip":"69.109.187.54","src_port":42268,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":181,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686016985898059,"flow_src_last_pkt_time":1686016985898059,"flow_dst_last_pkt_time":1686016985898059,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686017305054145,"l3_proto":"ip4","src_ip":"118.158.148.196","dst_ip":"165.114.202.61","src_port":44102,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":182,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686017148856498,"flow_src_last_pkt_time":1686017148856498,"flow_dst_last_pkt_time":1686017148856498,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686017305054145,"l3_proto":"ip4","src_ip":"134.217.184.242","dst_ip":"85.111.52.57","src_port":23876,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":187,"packets-processed":186,"total-skipped-flows":0,"total-l4-payload-len":9897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":183,"total-detection-updates":0,"total-updates":34,"current-active-flows":2,"total-active-flows":183,"total-idle-flows":181,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":884,"global_ts_usec":1686018209196915} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":187,"packets-processed":186,"total-skipped-flows":0,"total-l4-payload-len":9897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":183,"total-detection-updates":0,"total-updates":34,"current-active-flows":2,"total-active-flows":183,"total-idle-flows":181,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":884,"global_ts_usec":1686018209196915} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018209196915,"flow_src_last_pkt_time":1686018209196915,"flow_dst_last_pkt_time":1686018209196915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686018209196915,"l3_proto":"ip4","src_ip":"71.170.115.245","dst_ip":"74.111.203.55","src_port":44124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":184,"flow_packet_id":1,"flow_src_last_pkt_time":1686018209196915,"flow_dst_last_pkt_time":1686018209196915,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686018209196915,"pkt":"ipffLU2SPJTVQTiBCABFAAA+j29AADQR0xhHqnP1Sm\/LN6xcAasAKt7nAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":187,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018209196915,"flow_src_last_pkt_time":1686018209196915,"flow_dst_last_pkt_time":1686018209196915,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686018209196915,"l3_proto":"ip4","src_ip":"71.170.115.245","dst_ip":"74.111.203.55","src_port":44124,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -898,58 +898,58 @@ 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018707030417,"flow_src_last_pkt_time":1686018707030417,"flow_dst_last_pkt_time":1686018707030417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686018707030417,"l3_proto":"ip4","src_ip":"134.217.184.242","dst_ip":"90.147.171.51","src_port":41215,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":1,"flow_src_last_pkt_time":1686018707030417,"flow_dst_last_pkt_time":1686018707030417,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686018707030417,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+oClAADQRwmSG2bjyWpOrM6D\/AasAKupKAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018707030417,"flow_src_last_pkt_time":1686018707030417,"flow_dst_last_pkt_time":1686018707030417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686018707030417,"l3_proto":"ip4","src_ip":"134.217.184.242","dst_ip":"90.147.171.51","src_port":41215,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":191,"packets-processed":190,"total-skipped-flows":0,"total-l4-payload-len":10033,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":187,"total-detection-updates":0,"total-updates":34,"current-active-flows":2,"total-active-flows":187,"total-idle-flows":185,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":901,"global_ts_usec":1686019249802467} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":191,"packets-processed":190,"total-skipped-flows":0,"total-l4-payload-len":10033,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":187,"total-detection-updates":0,"total-updates":34,"current-active-flows":2,"total-active-flows":187,"total-idle-flows":185,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":901,"global_ts_usec":1686019249802467} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686019249802467,"flow_src_last_pkt_time":1686019249802467,"flow_dst_last_pkt_time":1686019249802467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686019249802467,"l3_proto":"ip4","src_ip":"56.82.128.250","dst_ip":"186.112.202.53","src_port":53705,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_src_last_pkt_time":1686019249802467,"flow_dst_last_pkt_time":1686019249802467,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686019249802467,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+q7VAADQRtsw4UoD6unDKNdHJAasAKrl0AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":191,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686019249802467,"flow_src_last_pkt_time":1686019249802467,"flow_dst_last_pkt_time":1686019249802467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686019249802467,"l3_proto":"ip4","src_ip":"56.82.128.250","dst_ip":"186.112.202.53","src_port":53705,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018707030417,"flow_src_last_pkt_time":1686018707030417,"flow_dst_last_pkt_time":1686018707030417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686019249802467,"l3_proto":"ip4","src_ip":"134.217.184.242","dst_ip":"90.147.171.51","src_port":41215,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686018689761553,"flow_src_last_pkt_time":1686018689761553,"flow_dst_last_pkt_time":1686018689761553,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686019249802467,"l3_proto":"ip4","src_ip":"71.170.115.245","dst_ip":"90.111.212.50","src_port":44124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":192,"packets-processed":191,"total-skipped-flows":0,"total-l4-payload-len":10067,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":188,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":188,"total-idle-flows":187,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":907,"global_ts_usec":1686021648125792} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":192,"packets-processed":191,"total-skipped-flows":0,"total-l4-payload-len":10067,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":188,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":188,"total-idle-flows":187,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":907,"global_ts_usec":1686021648125792} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686021648125792,"flow_src_last_pkt_time":1686021648125792,"flow_dst_last_pkt_time":1686021648125792,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686021648125792,"l3_proto":"ip4","src_ip":"218.211.196.58","dst_ip":"85.111.52.57","src_port":52158,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":189,"flow_packet_id":1,"flow_src_last_pkt_time":1686021648125792,"flow_dst_last_pkt_time":1686021648125792,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686021648125792,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbU\/a08Q6VW80Ocu+AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":192,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686021648125792,"flow_src_last_pkt_time":1686021648125792,"flow_dst_last_pkt_time":1686021648125792,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686021648125792,"l3_proto":"ip4","src_ip":"218.211.196.58","dst_ip":"85.111.52.57","src_port":52158,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686019249802467,"flow_src_last_pkt_time":1686019249802467,"flow_dst_last_pkt_time":1686019249802467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686021648125792,"l3_proto":"ip4","src_ip":"56.82.128.250","dst_ip":"186.112.202.53","src_port":53705,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":193,"packets-processed":192,"total-skipped-flows":0,"total-l4-payload-len":10096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":189,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":189,"total-idle-flows":188,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":912,"global_ts_usec":1686031186113585} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":193,"packets-processed":192,"total-skipped-flows":0,"total-l4-payload-len":10096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":189,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":189,"total-idle-flows":188,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":912,"global_ts_usec":1686031186113585} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686031186113585,"flow_src_last_pkt_time":1686031186113585,"flow_dst_last_pkt_time":1686031186113585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686031186113585,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.147.171.51","src_port":34095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":1,"flow_src_last_pkt_time":1686031186113585,"flow_dst_last_pkt_time":1686031186113585,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686031186113585,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpTjsg6KdWpOrM4UvAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686031186113585,"flow_src_last_pkt_time":1686031186113585,"flow_dst_last_pkt_time":1686031186113585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686031186113585,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.147.171.51","src_port":34095,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686021648125792,"flow_src_last_pkt_time":1686021648125792,"flow_dst_last_pkt_time":1686021648125792,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686031186113585,"l3_proto":"ip4","src_ip":"218.211.196.58","dst_ip":"85.111.52.57","src_port":52158,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":194,"packets-processed":193,"total-skipped-flows":0,"total-l4-payload-len":10194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":190,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":190,"total-idle-flows":189,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":917,"global_ts_usec":1686032769267683} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":194,"packets-processed":193,"total-skipped-flows":0,"total-l4-payload-len":10194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":190,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":190,"total-idle-flows":189,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":917,"global_ts_usec":1686032769267683} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686032769267683,"flow_src_last_pkt_time":1686032769267683,"flow_dst_last_pkt_time":1686032769267683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686032769267683,"l3_proto":"ip4","src_ip":"177.48.184.247","dst_ip":"165.114.202.61","src_port":56640,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_src_last_pkt_time":1686032769267683,"flow_dst_last_pkt_time":1686032769267683,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686032769267683,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXuqxMLj3pXLKPd1AAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686032769267683,"flow_src_last_pkt_time":1686032769267683,"flow_dst_last_pkt_time":1686032769267683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686032769267683,"l3_proto":"ip4","src_ip":"177.48.184.247","dst_ip":"165.114.202.61","src_port":56640,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686031186113585,"flow_src_last_pkt_time":1686031186113585,"flow_dst_last_pkt_time":1686031186113585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686032769267683,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.147.171.51","src_port":34095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":195,"packets-processed":194,"total-skipped-flows":0,"total-l4-payload-len":10223,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":191,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":191,"total-idle-flows":190,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":922,"global_ts_usec":1686040872007912} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":195,"packets-processed":194,"total-skipped-flows":0,"total-l4-payload-len":10223,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":191,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":191,"total-idle-flows":190,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":922,"global_ts_usec":1686040872007912} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686040872007912,"flow_src_last_pkt_time":1686040872007912,"flow_dst_last_pkt_time":1686040872007912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686040872007912,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"90.111.212.50","src_port":53489,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_src_last_pkt_time":1686040872007912,"flow_dst_last_pkt_time":1686040872007912,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686040872007912,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbedFJOfmWm\/UMtDxAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686040872007912,"flow_src_last_pkt_time":1686040872007912,"flow_dst_last_pkt_time":1686040872007912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686040872007912,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"90.111.212.50","src_port":53489,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686032769267683,"flow_src_last_pkt_time":1686032769267683,"flow_dst_last_pkt_time":1686032769267683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686040872007912,"l3_proto":"ip4","src_ip":"177.48.184.247","dst_ip":"165.114.202.61","src_port":56640,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":196,"packets-processed":195,"total-skipped-flows":0,"total-l4-payload-len":10252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":192,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":192,"total-idle-flows":191,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":927,"global_ts_usec":1686043388705512} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":196,"packets-processed":195,"total-skipped-flows":0,"total-l4-payload-len":10252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":192,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":192,"total-idle-flows":191,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":927,"global_ts_usec":1686043388705512} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686043388705512,"flow_src_last_pkt_time":1686043388705512,"flow_dst_last_pkt_time":1686043388705512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686043388705512,"l3_proto":"ip4","src_ip":"44.239.95.30","dst_ip":"74.111.203.55","src_port":56105,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_src_last_pkt_time":1686043388705512,"flow_dst_last_pkt_time":1686043388705512,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686043388705512,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRXlks718eSm\/LN9spAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686043388705512,"flow_src_last_pkt_time":1686043388705512,"flow_dst_last_pkt_time":1686043388705512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686043388705512,"l3_proto":"ip4","src_ip":"44.239.95.30","dst_ip":"74.111.203.55","src_port":56105,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686040872007912,"flow_src_last_pkt_time":1686040872007912,"flow_dst_last_pkt_time":1686040872007912,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686043388705512,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"90.111.212.50","src_port":53489,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":197,"packets-processed":196,"total-skipped-flows":0,"total-l4-payload-len":10281,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":193,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":193,"total-idle-flows":192,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":932,"global_ts_usec":1686044168857770} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":197,"packets-processed":196,"total-skipped-flows":0,"total-l4-payload-len":10281,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":193,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":193,"total-idle-flows":192,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":932,"global_ts_usec":1686044168857770} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686044168857770,"flow_src_last_pkt_time":1686044168857770,"flow_dst_last_pkt_time":1686044168857770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686044168857770,"l3_proto":"ip4","src_ip":"80.16.0.251","dst_ip":"165.144.84.62","src_port":49389,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":194,"flow_packet_id":1,"flow_src_last_pkt_time":1686044168857770,"flow_dst_last_pkt_time":1686044168857770,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686044168857770,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRX+RQEAD7pZBUPsDtAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686044168857770,"flow_src_last_pkt_time":1686044168857770,"flow_dst_last_pkt_time":1686044168857770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686044168857770,"l3_proto":"ip4","src_ip":"80.16.0.251","dst_ip":"165.144.84.62","src_port":49389,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686043388705512,"flow_src_last_pkt_time":1686043388705512,"flow_dst_last_pkt_time":1686043388705512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686044168857770,"l3_proto":"ip4","src_ip":"44.239.95.30","dst_ip":"74.111.203.55","src_port":56105,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":198,"packets-processed":197,"total-skipped-flows":0,"total-l4-payload-len":10310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":194,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":194,"total-idle-flows":193,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":937,"global_ts_usec":1686046546512327} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":198,"packets-processed":197,"total-skipped-flows":0,"total-l4-payload-len":10310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":194,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":194,"total-idle-flows":193,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":937,"global_ts_usec":1686046546512327} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686046546512327,"flow_src_last_pkt_time":1686046546512327,"flow_dst_last_pkt_time":1686046546512327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686046546512327,"l3_proto":"ip4","src_ip":"165.37.39.94","dst_ip":"69.109.187.54","src_port":49159,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":1,"flow_src_last_pkt_time":1686046546512327,"flow_dst_last_pkt_time":1686046546512327,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686046546512327,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRbY2lJSdeRW27NsAHAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686046546512327,"flow_src_last_pkt_time":1686046546512327,"flow_dst_last_pkt_time":1686046546512327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686046546512327,"l3_proto":"ip4","src_ip":"165.37.39.94","dst_ip":"69.109.187.54","src_port":49159,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":194,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686044168857770,"flow_src_last_pkt_time":1686044168857770,"flow_dst_last_pkt_time":1686044168857770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686046546512327,"l3_proto":"ip4","src_ip":"80.16.0.251","dst_ip":"165.144.84.62","src_port":49389,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":199,"packets-processed":198,"total-skipped-flows":0,"total-l4-payload-len":10339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":195,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":195,"total-idle-flows":194,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":942,"global_ts_usec":1686047674470156} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":199,"packets-processed":198,"total-skipped-flows":0,"total-l4-payload-len":10339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":195,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":195,"total-idle-flows":194,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":942,"global_ts_usec":1686047674470156} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686047674470156,"flow_src_last_pkt_time":1686047674470156,"flow_dst_last_pkt_time":1686047674470156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686047674470156,"l3_proto":"ip4","src_ip":"178.14.64.233","dst_ip":"90.141.37.56","src_port":55586,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_src_last_pkt_time":1686047674470156,"flow_dst_last_pkt_time":1686047674470156,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686047674470156,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRXv+yDkDpWo0lONkiAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686047674470156,"flow_src_last_pkt_time":1686047674470156,"flow_dst_last_pkt_time":1686047674470156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686047674470156,"l3_proto":"ip4","src_ip":"178.14.64.233","dst_ip":"90.141.37.56","src_port":55586,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":195,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686046546512327,"flow_src_last_pkt_time":1686046546512327,"flow_dst_last_pkt_time":1686046546512327,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686047674470156,"l3_proto":"ip4","src_ip":"165.37.39.94","dst_ip":"69.109.187.54","src_port":49159,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":200,"packets-processed":199,"total-skipped-flows":0,"total-l4-payload-len":10368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":196,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":196,"total-idle-flows":195,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":947,"global_ts_usec":1686052550759741} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":200,"packets-processed":199,"total-skipped-flows":0,"total-l4-payload-len":10368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":196,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":196,"total-idle-flows":195,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":947,"global_ts_usec":1686052550759741} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686052550759741,"flow_src_last_pkt_time":1686052550759741,"flow_dst_last_pkt_time":1686052550759741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686052550759741,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":47437,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_src_last_pkt_time":1686052550759741,"flow_dst_last_pkt_time":1686052550759741,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686052550759741,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPblNAasAJTEiAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686052550759741,"flow_src_last_pkt_time":1686052550759741,"flow_dst_last_pkt_time":1686052550759741,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686052550759741,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":47437,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686047674470156,"flow_src_last_pkt_time":1686047674470156,"flow_dst_last_pkt_time":1686047674470156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686052550759741,"l3_proto":"ip4","src_ip":"178.14.64.233","dst_ip":"90.141.37.56","src_port":55586,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":201,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":10397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":197,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":197,"total-idle-flows":196,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":952,"global_ts_usec":1686054840592952} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":201,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":10397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":197,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":197,"total-idle-flows":196,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":952,"global_ts_usec":1686054840592952} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686054840592952,"flow_src_last_pkt_time":1686054840592952,"flow_dst_last_pkt_time":1686054840592952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686054840592952,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":44893,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_src_last_pkt_time":1686054840592952,"flow_dst_last_pkt_time":1686054840592952,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686054840592952,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27Nq9dAasAJTsbAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686054840592952,"flow_src_last_pkt_time":1686054840592952,"flow_dst_last_pkt_time":1686054840592952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686054840592952,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":44893,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -958,12 +958,12 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":199,"flow_packet_id":1,"flow_src_last_pkt_time":1686055302350311,"flow_dst_last_pkt_time":1686055302350311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686055302350311,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80ObceAasAJTNWAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686055302350311,"flow_src_last_pkt_time":1686055302350311,"flow_dst_last_pkt_time":1686055302350311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686055302350311,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":46878,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686054840592952,"flow_src_last_pkt_time":1686054840592952,"flow_dst_last_pkt_time":1686054840592952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686055302350311,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":44893,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":203,"packets-processed":202,"total-skipped-flows":0,"total-l4-payload-len":10455,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":199,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":199,"total-idle-flows":198,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":961,"global_ts_usec":1686056089625694} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":203,"packets-processed":202,"total-skipped-flows":0,"total-l4-payload-len":10455,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":199,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":199,"total-idle-flows":198,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":961,"global_ts_usec":1686056089625694} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686056089625694,"flow_src_last_pkt_time":1686056089625694,"flow_dst_last_pkt_time":1686056089625694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686056089625694,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":39691,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":200,"flow_packet_id":1,"flow_src_last_pkt_time":1686056089625694,"flow_dst_last_pkt_time":1686056089625694,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686056089625694,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMpsLAasAJU9vAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":200,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686056089625694,"flow_src_last_pkt_time":1686056089625694,"flow_dst_last_pkt_time":1686056089625694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686056089625694,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":39691,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":199,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686055302350311,"flow_src_last_pkt_time":1686055302350311,"flow_dst_last_pkt_time":1686055302350311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686056089625694,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":46878,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":204,"packets-processed":203,"total-skipped-flows":0,"total-l4-payload-len":10484,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":200,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":200,"total-idle-flows":199,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":966,"global_ts_usec":1686057077798333} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":204,"packets-processed":203,"total-skipped-flows":0,"total-l4-payload-len":10484,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":200,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":200,"total-idle-flows":199,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":966,"global_ts_usec":1686057077798333} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057077798333,"flow_src_last_pkt_time":1686057077798333,"flow_dst_last_pkt_time":1686057077798333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057077798333,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":59069,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":201,"flow_packet_id":1,"flow_src_last_pkt_time":1686057077798333,"flow_dst_last_pkt_time":1686057077798333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686057077798333,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN+a9AasAJQO8AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057077798333,"flow_src_last_pkt_time":1686057077798333,"flow_dst_last_pkt_time":1686057077798333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057077798333,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":59069,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -972,7 +972,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_src_last_pkt_time":1686057628692531,"flow_dst_last_pkt_time":1686057628692531,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686057628692531,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM8jOAasAJSGtAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057628692531,"flow_src_last_pkt_time":1686057628692531,"flow_dst_last_pkt_time":1686057628692531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057628692531,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":51406,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":201,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057077798333,"flow_src_last_pkt_time":1686057077798333,"flow_dst_last_pkt_time":1686057077798333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057628692531,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":59069,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":206,"packets-processed":205,"total-skipped-flows":0,"total-l4-payload-len":10542,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":202,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":202,"total-idle-flows":201,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":975,"global_ts_usec":1686057720083465} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":206,"packets-processed":205,"total-skipped-flows":0,"total-l4-payload-len":10542,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":202,"total-detection-updates":0,"total-updates":34,"current-active-flows":1,"total-active-flows":202,"total-idle-flows":201,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":975,"global_ts_usec":1686057720083465} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057720083465,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057720083465,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":35296,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_packet_id":1,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686057720083465,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lOIngAasAJWCVAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057720083465,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057720083465,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":35296,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -982,13 +982,13 @@ 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":207,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057824020237,"flow_src_last_pkt_time":1686057824020237,"flow_dst_last_pkt_time":1686057824020237,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057824020237,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":48172,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057628692531,"flow_src_last_pkt_time":1686057628692531,"flow_dst_last_pkt_time":1686057628692531,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057824020237,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":51406,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057720083465,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686057824020237,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":35296,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":208,"packets-processed":207,"total-skipped-flows":0,"total-l4-payload-len":10600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":204,"total-detection-updates":0,"total-updates":36,"current-active-flows":2,"total-active-flows":204,"total-idle-flows":202,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":985,"global_ts_usec":1686059089399919} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":208,"packets-processed":207,"total-skipped-flows":0,"total-l4-payload-len":10600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":204,"total-detection-updates":0,"total-updates":36,"current-active-flows":2,"total-active-flows":204,"total-idle-flows":202,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":985,"global_ts_usec":1686059089399919} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686059089399919,"flow_src_last_pkt_time":1686059089399919,"flow_dst_last_pkt_time":1686059089399919,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686059089399919,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":53249,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":205,"flow_packet_id":1,"flow_src_last_pkt_time":1686059089399919,"flow_dst_last_pkt_time":1686059089399919,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686059089399919,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPtABAasAJRpvAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":205,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686059089399919,"flow_src_last_pkt_time":1686059089399919,"flow_dst_last_pkt_time":1686059089399919,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686059089399919,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":53249,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057720083465,"flow_src_last_pkt_time":1686057720083465,"flow_dst_last_pkt_time":1686057720083465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686059089399919,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":35296,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":204,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686057824020237,"flow_src_last_pkt_time":1686057824020237,"flow_dst_last_pkt_time":1686057824020237,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686059089399919,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":48172,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":209,"packets-processed":208,"total-skipped-flows":0,"total-l4-payload-len":10629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":205,"total-detection-updates":0,"total-updates":36,"current-active-flows":1,"total-active-flows":205,"total-idle-flows":204,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":991,"global_ts_usec":1686063230217187} +00644{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":209,"packets-processed":208,"total-skipped-flows":0,"total-l4-payload-len":10629,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":205,"total-detection-updates":0,"total-updates":36,"current-active-flows":1,"total-active-flows":205,"total-idle-flows":204,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":991,"global_ts_usec":1686063230217187} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063230217187,"flow_src_last_pkt_time":1686063230217187,"flow_dst_last_pkt_time":1686063230217187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063230217187,"l3_proto":"ip4","src_ip":"16.100.83.145","dst_ip":"90.147.171.51","src_port":60232,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_src_last_pkt_time":1686063230217187,"flow_dst_last_pkt_time":1686063230217187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686063230217187,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqiYQZFORWpOrM+tIAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063230217187,"flow_src_last_pkt_time":1686063230217187,"flow_dst_last_pkt_time":1686063230217187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063230217187,"l3_proto":"ip4","src_ip":"16.100.83.145","dst_ip":"90.147.171.51","src_port":60232,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1002,17 +1002,17 @@ 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063784551832,"flow_src_last_pkt_time":1686063784551832,"flow_dst_last_pkt_time":1686063784551832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063784551832,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"90.111.212.50","src_port":34236,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063230217187,"flow_src_last_pkt_time":1686063230217187,"flow_dst_last_pkt_time":1686063230217187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063784551832,"l3_proto":"ip4","src_ip":"16.100.83.145","dst_ip":"90.147.171.51","src_port":60232,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":207,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063367901199,"flow_src_last_pkt_time":1686063367901199,"flow_dst_last_pkt_time":1686063367901199,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686063784551832,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"186.112.202.53","src_port":36840,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":212,"packets-processed":211,"total-skipped-flows":0,"total-l4-payload-len":10923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":208,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":208,"total-idle-flows":207,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1005,"global_ts_usec":1686065747925784} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":212,"packets-processed":211,"total-skipped-flows":0,"total-l4-payload-len":10923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":208,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":208,"total-idle-flows":207,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1005,"global_ts_usec":1686065747925784} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686065747925784,"flow_src_last_pkt_time":1686065747925784,"flow_dst_last_pkt_time":1686065747925784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686065747925784,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":53230,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_src_last_pkt_time":1686065747925784,"flow_dst_last_pkt_time":1686065747925784,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686065747925784,"pkt":"bs1PogZtPJTVQTiBCABFCAB+1DEAAO0REAC2tHiLWpG0Os\/uAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686065747925784,"flow_src_last_pkt_time":1686065747925784,"flow_dst_last_pkt_time":1686065747925784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686065747925784,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":53230,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686063784551832,"flow_src_last_pkt_time":1686063784551832,"flow_dst_last_pkt_time":1686063784551832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686065747925784,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"90.111.212.50","src_port":34236,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":213,"packets-processed":212,"total-skipped-flows":0,"total-l4-payload-len":11021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":209,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":209,"total-idle-flows":208,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1010,"global_ts_usec":1686066398914580} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":213,"packets-processed":212,"total-skipped-flows":0,"total-l4-payload-len":11021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":209,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":209,"total-idle-flows":208,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1010,"global_ts_usec":1686066398914580} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686066398914580,"flow_src_last_pkt_time":1686066398914580,"flow_dst_last_pkt_time":1686066398914580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686066398914580,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":38609,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":210,"flow_packet_id":1,"flow_src_last_pkt_time":1686066398914580,"flow_dst_last_pkt_time":1686066398914580,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686066398914580,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAO0REAO2tHiLWo0lOJbRAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686066398914580,"flow_src_last_pkt_time":1686066398914580,"flow_dst_last_pkt_time":1686066398914580,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686066398914580,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":38609,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686065747925784,"flow_src_last_pkt_time":1686065747925784,"flow_dst_last_pkt_time":1686065747925784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686066398914580,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.145.180.58","src_port":53230,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":214,"packets-processed":213,"total-skipped-flows":0,"total-l4-payload-len":11119,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":210,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":210,"total-idle-flows":209,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1015,"global_ts_usec":1686067317662813} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":214,"packets-processed":213,"total-skipped-flows":0,"total-l4-payload-len":11119,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":210,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":210,"total-idle-flows":209,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1015,"global_ts_usec":1686067317662813} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067317662813,"flow_src_last_pkt_time":1686067317662813,"flow_dst_last_pkt_time":1686067317662813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686067317662813,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":36797,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":211,"flow_packet_id":1,"flow_src_last_pkt_time":1686067317662813,"flow_dst_last_pkt_time":1686067317662813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686067317662813,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSUTY5OUpXLKPY+9AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067317662813,"flow_src_last_pkt_time":1686067317662813,"flow_dst_last_pkt_time":1686067317662813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686067317662813,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":36797,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1021,17 +1021,17 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":212,"flow_packet_id":1,"flow_src_last_pkt_time":1686067699688902,"flow_dst_last_pkt_time":1686067699688902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686067699688902,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqiQtg6GYpZBUPo+PAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067699688902,"flow_src_last_pkt_time":1686067699688902,"flow_dst_last_pkt_time":1686067699688902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686067699688902,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"165.144.84.62","src_port":36751,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":211,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067317662813,"flow_src_last_pkt_time":1686067317662813,"flow_dst_last_pkt_time":1686067317662813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686067699688902,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":36797,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":216,"packets-processed":215,"total-skipped-flows":0,"total-l4-payload-len":11315,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":212,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":212,"total-idle-flows":211,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1024,"global_ts_usec":1686071042176869} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":216,"packets-processed":215,"total-skipped-flows":0,"total-l4-payload-len":11315,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":212,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":212,"total-idle-flows":211,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1024,"global_ts_usec":1686071042176869} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686071042176869,"flow_src_last_pkt_time":1686071042176869,"flow_dst_last_pkt_time":1686071042176869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686071042176869,"l3_proto":"ip4","src_ip":"45.100.140.153","dst_ip":"74.111.203.55","src_port":54538,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":213,"flow_packet_id":1,"flow_src_last_pkt_time":1686071042176869,"flow_dst_last_pkt_time":1686071042176869,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686071042176869,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAO0RqiwtZIyZSm\/LN9UKAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686071042176869,"flow_src_last_pkt_time":1686071042176869,"flow_dst_last_pkt_time":1686071042176869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686071042176869,"l3_proto":"ip4","src_ip":"45.100.140.153","dst_ip":"74.111.203.55","src_port":54538,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":212,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686067699688902,"flow_src_last_pkt_time":1686067699688902,"flow_dst_last_pkt_time":1686067699688902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686071042176869,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"165.144.84.62","src_port":36751,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-payload-len":11413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":213,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":213,"total-idle-flows":212,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1029,"global_ts_usec":1686075500413977} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-payload-len":11413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":213,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":213,"total-idle-flows":212,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1029,"global_ts_usec":1686075500413977} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686075500413977,"flow_src_last_pkt_time":1686075500413977,"flow_dst_last_pkt_time":1686075500413977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686075500413977,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.141.37.56","src_port":26355,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":214,"flow_packet_id":1,"flow_src_last_pkt_time":1686075500413977,"flow_dst_last_pkt_time":1686075500413977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686075500413977,"pkt":"3jHC4dyOPJTVQTiBCABFCABLp64AACQRHLRnR5LeWo0lOGbzAasAN7aJAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":214,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686075500413977,"flow_src_last_pkt_time":1686075500413977,"flow_dst_last_pkt_time":1686075500413977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686075500413977,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.141.37.56","src_port":26355,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":213,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686071042176869,"flow_src_last_pkt_time":1686071042176869,"flow_dst_last_pkt_time":1686071042176869,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686075500413977,"l3_proto":"ip4","src_ip":"45.100.140.153","dst_ip":"74.111.203.55","src_port":54538,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":218,"packets-processed":217,"total-skipped-flows":0,"total-l4-payload-len":11460,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":214,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":214,"total-idle-flows":213,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1034,"global_ts_usec":1686081952749133} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":218,"packets-processed":217,"total-skipped-flows":0,"total-l4-payload-len":11460,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":214,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":214,"total-idle-flows":213,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1034,"global_ts_usec":1686081952749133} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686081952749133,"flow_src_last_pkt_time":1686081952749133,"flow_dst_last_pkt_time":1686081952749133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686081952749133,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.147.171.51","src_port":64387,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":215,"flow_packet_id":1,"flow_src_last_pkt_time":1686081952749133,"flow_dst_last_pkt_time":1686081952749133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686081952749133,"pkt":"AAwp30Y4PJTVQTiBCABFCABLEn4AACQRsepnR5LeWpOrM\/uDAasANyH\/AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686081952749133,"flow_src_last_pkt_time":1686081952749133,"flow_dst_last_pkt_time":1686081952749133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686081952749133,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.147.171.51","src_port":64387,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1040,7 +1040,7 @@ 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_src_last_pkt_time":1686082067713083,"flow_dst_last_pkt_time":1686082067713083,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686082067713083,"pkt":"AAwp30Y4PJTVQTiBCABFCABLYc8AACIRaN1kOJtwWm\/UMs+KAasAN1I8AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082067713083,"flow_src_last_pkt_time":1686082067713083,"flow_dst_last_pkt_time":1686082067713083,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082067713083,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.111.212.50","src_port":53130,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686081952749133,"flow_src_last_pkt_time":1686081952749133,"flow_dst_last_pkt_time":1686081952749133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082067713083,"l3_proto":"ip4","src_ip":"103.71.146.222","dst_ip":"90.147.171.51","src_port":64387,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":220,"packets-processed":219,"total-skipped-flows":0,"total-l4-payload-len":11554,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":216,"total-detection-updates":0,"total-updates":38,"current-active-flows":2,"total-active-flows":216,"total-idle-flows":214,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1043,"global_ts_usec":1686082597517294} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":220,"packets-processed":219,"total-skipped-flows":0,"total-l4-payload-len":11554,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":216,"total-detection-updates":0,"total-updates":38,"current-active-flows":2,"total-active-flows":216,"total-idle-flows":214,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1043,"global_ts_usec":1686082597517294} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082597517294,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082597517294,"l3_proto":"ip4","src_ip":"186.27.5.237","dst_ip":"90.147.171.51","src_port":51315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686082597517294,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbe66GwXtWpOrM8hzAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082597517294,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082597517294,"l3_proto":"ip4","src_ip":"186.27.5.237","dst_ip":"90.147.171.51","src_port":51315,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1050,43 +1050,43 @@ 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":1,"flow_src_last_pkt_time":1686082771466382,"flow_dst_last_pkt_time":1686082771466382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686082771466382,"pkt":"moT+\/Ph8PJTVQTiBCABFCABL6nUAACIR4DqnB5p9VW80OSAcAasANwGvAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082771466382,"flow_src_last_pkt_time":1686082771466382,"flow_dst_last_pkt_time":1686082771466382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082771466382,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"85.111.52.57","src_port":8220,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082597517294,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686082771466382,"l3_proto":"ip4","src_ip":"186.27.5.237","dst_ip":"90.147.171.51","src_port":51315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":222,"packets-processed":221,"total-skipped-flows":0,"total-l4-payload-len":11630,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":218,"total-detection-updates":0,"total-updates":39,"current-active-flows":2,"total-active-flows":218,"total-idle-flows":216,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1053,"global_ts_usec":1686085137783742} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":222,"packets-processed":221,"total-skipped-flows":0,"total-l4-payload-len":11630,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":218,"total-detection-updates":0,"total-updates":39,"current-active-flows":2,"total-active-flows":218,"total-idle-flows":216,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1053,"global_ts_usec":1686085137783742} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686085137783742,"flow_src_last_pkt_time":1686085137783742,"flow_dst_last_pkt_time":1686085137783742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686085137783742,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"85.111.52.57","src_port":59003,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_src_last_pkt_time":1686085137783742,"flow_dst_last_pkt_time":1686085137783742,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686085137783742,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPIRpSUuZGGTVW80OeZ7AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686085137783742,"flow_src_last_pkt_time":1686085137783742,"flow_dst_last_pkt_time":1686085137783742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686085137783742,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"85.111.52.57","src_port":59003,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082771466382,"flow_src_last_pkt_time":1686082771466382,"flow_dst_last_pkt_time":1686082771466382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686085137783742,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"85.111.52.57","src_port":8220,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686082597517294,"flow_src_last_pkt_time":1686082597517294,"flow_dst_last_pkt_time":1686082597517294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686085137783742,"l3_proto":"ip4","src_ip":"186.27.5.237","dst_ip":"90.147.171.51","src_port":51315,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":223,"packets-processed":222,"total-skipped-flows":0,"total-l4-payload-len":11728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":219,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":219,"total-idle-flows":218,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1059,"global_ts_usec":1686086498336760} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":223,"packets-processed":222,"total-skipped-flows":0,"total-l4-payload-len":11728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":219,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":219,"total-idle-flows":218,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1059,"global_ts_usec":1686086498336760} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686086498336760,"flow_src_last_pkt_time":1686086498336760,"flow_dst_last_pkt_time":1686086498336760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686086498336760,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.141.37.56","src_port":35493,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_src_last_pkt_time":1686086498336760,"flow_dst_last_pkt_time":1686086498336760,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686086498336760,"pkt":"3jHC4dyOPJTVQTiBCABFAABSWVwAAG0Ru0FDnxCWWo0lOIqlAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686086498336760,"flow_src_last_pkt_time":1686086498336760,"flow_dst_last_pkt_time":1686086498336760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686086498336760,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.141.37.56","src_port":35493,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686085137783742,"flow_src_last_pkt_time":1686085137783742,"flow_dst_last_pkt_time":1686085137783742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686086498336760,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"85.111.52.57","src_port":59003,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":224,"packets-processed":223,"total-skipped-flows":0,"total-l4-payload-len":11782,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":220,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":220,"total-idle-flows":219,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1064,"global_ts_usec":1686087364946144} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":224,"packets-processed":223,"total-skipped-flows":0,"total-l4-payload-len":11782,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":220,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":220,"total-idle-flows":219,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1064,"global_ts_usec":1686087364946144} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686087364946144,"flow_src_last_pkt_time":1686087364946144,"flow_dst_last_pkt_time":1686087364946144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686087364946144,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"69.109.187.54","src_port":35856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_src_last_pkt_time":1686087364946144,"flow_dst_last_pkt_time":1686087364946144,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686087364946144,"pkt":"bpHurUgdPJTVQTiBCABFAABS0PQAAG4RQqxDnxCWRW27NowQAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686087364946144,"flow_src_last_pkt_time":1686087364946144,"flow_dst_last_pkt_time":1686087364946144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686087364946144,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"69.109.187.54","src_port":35856,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686086498336760,"flow_src_last_pkt_time":1686086498336760,"flow_dst_last_pkt_time":1686086498336760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686087364946144,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.141.37.56","src_port":35493,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":225,"packets-processed":224,"total-skipped-flows":0,"total-l4-payload-len":11836,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":221,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":221,"total-idle-flows":220,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1069,"global_ts_usec":1686088327419270} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":225,"packets-processed":224,"total-skipped-flows":0,"total-l4-payload-len":11836,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":221,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":221,"total-idle-flows":220,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1069,"global_ts_usec":1686088327419270} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686088327419270,"flow_src_last_pkt_time":1686088327419270,"flow_dst_last_pkt_time":1686088327419270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686088327419270,"l3_proto":"ip4","src_ip":"34.220.38.0","dst_ip":"186.112.202.53","src_port":54720,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_src_last_pkt_time":1686088327419270,"flow_dst_last_pkt_time":1686088327419270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686088327419270,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPoRbDEi3CYAunDKNdXAAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686088327419270,"flow_src_last_pkt_time":1686088327419270,"flow_dst_last_pkt_time":1686088327419270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686088327419270,"l3_proto":"ip4","src_ip":"34.220.38.0","dst_ip":"186.112.202.53","src_port":54720,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686087364946144,"flow_src_last_pkt_time":1686087364946144,"flow_dst_last_pkt_time":1686087364946144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686088327419270,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"69.109.187.54","src_port":35856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":226,"packets-processed":225,"total-skipped-flows":0,"total-l4-payload-len":11865,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":222,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":222,"total-idle-flows":221,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1074,"global_ts_usec":1686095963626743} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":226,"packets-processed":225,"total-skipped-flows":0,"total-l4-payload-len":11865,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":222,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":222,"total-idle-flows":221,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1074,"global_ts_usec":1686095963626743} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686095963626743,"flow_src_last_pkt_time":1686095963626743,"flow_dst_last_pkt_time":1686095963626743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686095963626743,"l3_proto":"ip4","src_ip":"173.49.159.50","dst_ip":"74.111.203.55","src_port":54834,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_src_last_pkt_time":1686095963626743,"flow_dst_last_pkt_time":1686095963626743,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686095963626743,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRXnWtMZ8ySm\/LN9YyAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686095963626743,"flow_src_last_pkt_time":1686095963626743,"flow_dst_last_pkt_time":1686095963626743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686095963626743,"l3_proto":"ip4","src_ip":"173.49.159.50","dst_ip":"74.111.203.55","src_port":54834,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686088327419270,"flow_src_last_pkt_time":1686088327419270,"flow_dst_last_pkt_time":1686088327419270,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686095963626743,"l3_proto":"ip4","src_ip":"34.220.38.0","dst_ip":"186.112.202.53","src_port":54720,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":227,"packets-processed":226,"total-skipped-flows":0,"total-l4-payload-len":11894,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":223,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":223,"total-idle-flows":222,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1079,"global_ts_usec":1686100690494262} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":227,"packets-processed":226,"total-skipped-flows":0,"total-l4-payload-len":11894,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":223,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":223,"total-idle-flows":222,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1079,"global_ts_usec":1686100690494262} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686100690494262,"flow_src_last_pkt_time":1686100690494262,"flow_dst_last_pkt_time":1686100690494262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686100690494262,"l3_proto":"ip4","src_ip":"206.17.216.171","dst_ip":"69.109.187.54","src_port":53625,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":224,"flow_packet_id":1,"flow_src_last_pkt_time":1686100690494262,"flow_dst_last_pkt_time":1686100690494262,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686100690494262,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRYB3OEdirRW27NtF5AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686100690494262,"flow_src_last_pkt_time":1686100690494262,"flow_dst_last_pkt_time":1686100690494262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686100690494262,"l3_proto":"ip4","src_ip":"206.17.216.171","dst_ip":"69.109.187.54","src_port":53625,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686095963626743,"flow_src_last_pkt_time":1686095963626743,"flow_dst_last_pkt_time":1686095963626743,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686100690494262,"l3_proto":"ip4","src_ip":"173.49.159.50","dst_ip":"74.111.203.55","src_port":54834,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":228,"packets-processed":227,"total-skipped-flows":0,"total-l4-payload-len":11923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":224,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":224,"total-idle-flows":223,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1084,"global_ts_usec":1686102050692991} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":228,"packets-processed":227,"total-skipped-flows":0,"total-l4-payload-len":11923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":224,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":224,"total-idle-flows":223,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1084,"global_ts_usec":1686102050692991} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102050692991,"flow_src_last_pkt_time":1686102050692991,"flow_dst_last_pkt_time":1686102050692991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102050692991,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":42341,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":1,"flow_src_last_pkt_time":1686102050692991,"flow_dst_last_pkt_time":1686102050692991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686102050692991,"pkt":"ipffLU2SPJTVQTiBCABFAAA+KfdAADQRdt1AOMuySm\/LN6VlAasAKiQrAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":225,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102050692991,"flow_src_last_pkt_time":1686102050692991,"flow_dst_last_pkt_time":1686102050692991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102050692991,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":42341,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":224,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686100690494262,"flow_src_last_pkt_time":1686100690494262,"flow_dst_last_pkt_time":1686100690494262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102050692991,"l3_proto":"ip4","src_ip":"206.17.216.171","dst_ip":"69.109.187.54","src_port":53625,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":229,"packets-processed":228,"total-skipped-flows":0,"total-l4-payload-len":11957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":225,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":225,"total-idle-flows":224,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1089,"global_ts_usec":1686102672425183} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":229,"packets-processed":228,"total-skipped-flows":0,"total-l4-payload-len":11957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":225,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":225,"total-idle-flows":224,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1089,"global_ts_usec":1686102672425183} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102672425183,"flow_src_last_pkt_time":1686102672425183,"flow_dst_last_pkt_time":1686102672425183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102672425183,"l3_proto":"ip4","src_ip":"166.70.59.181","dst_ip":"90.111.212.50","src_port":46093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":1,"flow_src_last_pkt_time":1686102672425183,"flow_dst_last_pkt_time":1686102672425183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686102672425183,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+Lo9AADQRckmmRju1Wm\/UMrQNAasAKhWHAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102672425183,"flow_src_last_pkt_time":1686102672425183,"flow_dst_last_pkt_time":1686102672425183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686102672425183,"l3_proto":"ip4","src_ip":"166.70.59.181","dst_ip":"90.111.212.50","src_port":46093,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1110,12 +1110,12 @@ 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103250321132,"flow_src_last_pkt_time":1686103250321132,"flow_dst_last_pkt_time":1686103250321132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103250321132,"l3_proto":"ip4","src_ip":"184.199.219.188","dst_ip":"90.141.37.56","src_port":30639,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103038730179,"flow_src_last_pkt_time":1686103038730179,"flow_dst_last_pkt_time":1686103038730179,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103250321132,"l3_proto":"ip4","src_ip":"88.192.213.176","dst_ip":"165.114.202.61","src_port":63574,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":228,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686102873592315,"flow_src_last_pkt_time":1686102873592315,"flow_dst_last_pkt_time":1686102873592315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103250321132,"l3_proto":"ip4","src_ip":"33.26.187.87","dst_ip":"90.141.37.56","src_port":52761,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":234,"packets-processed":233,"total-skipped-flows":0,"total-l4-payload-len":12122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":230,"total-detection-updates":0,"total-updates":42,"current-active-flows":1,"total-active-flows":230,"total-idle-flows":229,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1113,"global_ts_usec":1686103373634504} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":234,"packets-processed":233,"total-skipped-flows":0,"total-l4-payload-len":12122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":230,"total-detection-updates":0,"total-updates":42,"current-active-flows":1,"total-active-flows":230,"total-idle-flows":229,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1113,"global_ts_usec":1686103373634504} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103373634504,"flow_src_last_pkt_time":1686103373634504,"flow_dst_last_pkt_time":1686103373634504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103373634504,"l3_proto":"ip4","src_ip":"166.199.219.182","dst_ip":"69.109.187.54","src_port":28881,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_src_last_pkt_time":1686103373634504,"flow_dst_last_pkt_time":1686103373634504,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686103373634504,"pkt":"bpHurUgdPJTVQTiBCABFAAA+HIVAADQRhFKmx9u2RW27NnDRAasAKljCAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103373634504,"flow_src_last_pkt_time":1686103373634504,"flow_dst_last_pkt_time":1686103373634504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103373634504,"l3_proto":"ip4","src_ip":"166.199.219.182","dst_ip":"69.109.187.54","src_port":28881,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686103250321132,"flow_src_last_pkt_time":1686103250321132,"flow_dst_last_pkt_time":1686103250321132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686103373634504,"l3_proto":"ip4","src_ip":"184.199.219.188","dst_ip":"90.141.37.56","src_port":30639,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":235,"packets-processed":234,"total-skipped-flows":0,"total-l4-payload-len":12156,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":231,"total-detection-updates":0,"total-updates":43,"current-active-flows":2,"total-active-flows":231,"total-idle-flows":229,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1118,"global_ts_usec":1686104038936046} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":235,"packets-processed":234,"total-skipped-flows":0,"total-l4-payload-len":12156,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":231,"total-detection-updates":0,"total-updates":43,"current-active-flows":2,"total-active-flows":231,"total-idle-flows":229,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1118,"global_ts_usec":1686104038936046} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104038936046,"flow_src_last_pkt_time":1686104038936046,"flow_dst_last_pkt_time":1686104038936046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104038936046,"l3_proto":"ip4","src_ip":"95.64.196.186","dst_ip":"186.112.202.53","src_port":18841,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_src_last_pkt_time":1686104038936046,"flow_dst_last_pkt_time":1686104038936046,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686104038936046,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+0DtAADQR0JFfQMS6unDKNUmZAasAKn\/wAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104038936046,"flow_src_last_pkt_time":1686104038936046,"flow_dst_last_pkt_time":1686104038936046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104038936046,"l3_proto":"ip4","src_ip":"95.64.196.186","dst_ip":"186.112.202.53","src_port":18841,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1125,22 +1125,22 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":1,"flow_src_last_pkt_time":1686104544084969,"flow_dst_last_pkt_time":1686104544084969,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686104544084969,"pkt":"bs1PogZtPJTVQTiBCABFAAA+LfFAADQRctlYP9q4WpG0OsdTAasAKgIzAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104544084969,"flow_src_last_pkt_time":1686104544084969,"flow_dst_last_pkt_time":1686104544084969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104544084969,"l3_proto":"ip4","src_ip":"88.63.218.184","dst_ip":"90.145.180.58","src_port":51027,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104038936046,"flow_src_last_pkt_time":1686104038936046,"flow_dst_last_pkt_time":1686104038936046,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104544084969,"l3_proto":"ip4","src_ip":"95.64.196.186","dst_ip":"186.112.202.53","src_port":18841,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":237,"packets-processed":236,"total-skipped-flows":0,"total-l4-payload-len":12224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":233,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":233,"total-idle-flows":232,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1128,"global_ts_usec":1686104819369835} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":237,"packets-processed":236,"total-skipped-flows":0,"total-l4-payload-len":12224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":233,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":233,"total-idle-flows":232,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1128,"global_ts_usec":1686104819369835} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104819369835,"flow_src_last_pkt_time":1686104819369835,"flow_dst_last_pkt_time":1686104819369835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104819369835,"l3_proto":"ip4","src_ip":"71.64.36.183","dst_ip":"85.111.52.57","src_port":57381,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_src_last_pkt_time":1686104819369835,"flow_dst_last_pkt_time":1686104819369835,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686104819369835,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+9FFAADQRrIJHQCS3VW80OeAlAasAKulqAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104819369835,"flow_src_last_pkt_time":1686104819369835,"flow_dst_last_pkt_time":1686104819369835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104819369835,"l3_proto":"ip4","src_ip":"71.64.36.183","dst_ip":"85.111.52.57","src_port":57381,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104544084969,"flow_src_last_pkt_time":1686104544084969,"flow_dst_last_pkt_time":1686104544084969,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686104819369835,"l3_proto":"ip4","src_ip":"88.63.218.184","dst_ip":"90.145.180.58","src_port":51027,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":238,"packets-processed":237,"total-skipped-flows":0,"total-l4-payload-len":12258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":234,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":234,"total-idle-flows":233,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1133,"global_ts_usec":1686109686670972} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":238,"packets-processed":237,"total-skipped-flows":0,"total-l4-payload-len":12258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":234,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":234,"total-idle-flows":233,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1133,"global_ts_usec":1686109686670972} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686109686670972,"flow_src_last_pkt_time":1686109686670972,"flow_dst_last_pkt_time":1686109686670972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686109686670972,"l3_proto":"ip4","src_ip":"165.211.188.239","dst_ip":"165.114.202.61","src_port":50862,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":235,"flow_packet_id":1,"flow_src_last_pkt_time":1686109686670972,"flow_dst_last_pkt_time":1686109686670972,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686109686670972,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbeWl07zvpXLKPcauAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686109686670972,"flow_src_last_pkt_time":1686109686670972,"flow_dst_last_pkt_time":1686109686670972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686109686670972,"l3_proto":"ip4","src_ip":"165.211.188.239","dst_ip":"165.114.202.61","src_port":50862,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686104819369835,"flow_src_last_pkt_time":1686104819369835,"flow_dst_last_pkt_time":1686104819369835,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686109686670972,"l3_proto":"ip4","src_ip":"71.64.36.183","dst_ip":"85.111.52.57","src_port":57381,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":239,"packets-processed":238,"total-skipped-flows":0,"total-l4-payload-len":12287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":235,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":235,"total-idle-flows":234,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1138,"global_ts_usec":1686115314323562} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":239,"packets-processed":238,"total-skipped-flows":0,"total-l4-payload-len":12287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":235,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":235,"total-idle-flows":234,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1138,"global_ts_usec":1686115314323562} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686115314323562,"flow_src_last_pkt_time":1686115314323562,"flow_dst_last_pkt_time":1686115314323562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686115314323562,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.141.37.56","src_port":31214,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":236,"flow_packet_id":1,"flow_src_last_pkt_time":1686115314323562,"flow_dst_last_pkt_time":1686115314323562,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686115314323562,"pkt":"3jHC4dyOPJTVQTiBCABFCABLy\/0AACIR\/qsfAJpyWo0lOHnuAasAN6fVAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686115314323562,"flow_src_last_pkt_time":1686115314323562,"flow_dst_last_pkt_time":1686115314323562,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686115314323562,"l3_proto":"ip4","src_ip":"31.0.154.114","dst_ip":"90.141.37.56","src_port":31214,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":235,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686109686670972,"flow_src_last_pkt_time":1686109686670972,"flow_dst_last_pkt_time":1686109686670972,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686115314323562,"l3_proto":"ip4","src_ip":"165.211.188.239","dst_ip":"165.114.202.61","src_port":50862,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":240,"packets-processed":239,"total-skipped-flows":0,"total-l4-payload-len":12334,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":236,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":236,"total-idle-flows":235,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1143,"global_ts_usec":1686120842599135} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":240,"packets-processed":239,"total-skipped-flows":0,"total-l4-payload-len":12334,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":236,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":236,"total-idle-flows":235,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1143,"global_ts_usec":1686120842599135} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686120842599135,"flow_src_last_pkt_time":1686120842599135,"flow_dst_last_pkt_time":1686120842599135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686120842599135,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"165.144.84.62","src_port":19055,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":237,"flow_packet_id":1,"flow_src_last_pkt_time":1686120842599135,"flow_dst_last_pkt_time":1686120842599135,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686120842599135,"pkt":"AAwp30Y4PJTVQTiBCABFAABLInYAACcRsKcid3p+pZBUPkpvAasAN+TAAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686120842599135,"flow_src_last_pkt_time":1686120842599135,"flow_dst_last_pkt_time":1686120842599135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686120842599135,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"165.144.84.62","src_port":19055,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1149,38 +1149,38 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_src_last_pkt_time":1686121348877532,"flow_dst_last_pkt_time":1686121348877532,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686121348877532,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPoRbQ1Z1jiBVW80OcXLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686121348877532,"flow_src_last_pkt_time":1686121348877532,"flow_dst_last_pkt_time":1686121348877532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686121348877532,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"85.111.52.57","src_port":50635,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":237,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686120842599135,"flow_src_last_pkt_time":1686120842599135,"flow_dst_last_pkt_time":1686120842599135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686121348877532,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"165.144.84.62","src_port":19055,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":242,"packets-processed":241,"total-skipped-flows":0,"total-l4-payload-len":12410,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":238,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":238,"total-idle-flows":237,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1152,"global_ts_usec":1686122375311586} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":242,"packets-processed":241,"total-skipped-flows":0,"total-l4-payload-len":12410,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":238,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":238,"total-idle-flows":237,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1152,"global_ts_usec":1686122375311586} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686122375311586,"flow_src_last_pkt_time":1686122375311586,"flow_dst_last_pkt_time":1686122375311586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686122375311586,"l3_proto":"ip4","src_ip":"193.209.38.96","dst_ip":"90.111.212.50","src_port":56783,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_src_last_pkt_time":1686122375311586,"flow_dst_last_pkt_time":1686122375311586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686122375311586,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbJLB0SZgWm\/UMt3PAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686122375311586,"flow_src_last_pkt_time":1686122375311586,"flow_dst_last_pkt_time":1686122375311586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686122375311586,"l3_proto":"ip4","src_ip":"193.209.38.96","dst_ip":"90.111.212.50","src_port":56783,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686121348877532,"flow_src_last_pkt_time":1686121348877532,"flow_dst_last_pkt_time":1686121348877532,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686122375311586,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"85.111.52.57","src_port":50635,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":243,"packets-processed":242,"total-skipped-flows":0,"total-l4-payload-len":12439,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":239,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":239,"total-idle-flows":238,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1157,"global_ts_usec":1686127609854442} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":243,"packets-processed":242,"total-skipped-flows":0,"total-l4-payload-len":12439,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":239,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":239,"total-idle-flows":238,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1157,"global_ts_usec":1686127609854442} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686127609854442,"flow_src_last_pkt_time":1686127609854442,"flow_dst_last_pkt_time":1686127609854442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686127609854442,"l3_proto":"ip4","src_ip":"34.16.223.107","dst_ip":"165.144.84.62","src_port":49482,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":240,"flow_packet_id":1,"flow_src_last_pkt_time":1686127609854442,"flow_dst_last_pkt_time":1686127609854442,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686127609854442,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbJQiEN9rpZBUPsFKAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01077{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":243,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686127609854442,"flow_src_last_pkt_time":1686127609854442,"flow_dst_last_pkt_time":1686127609854442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686127609854442,"l3_proto":"ip4","src_ip":"34.16.223.107","dst_ip":"165.144.84.62","src_port":49482,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686122375311586,"flow_src_last_pkt_time":1686122375311586,"flow_dst_last_pkt_time":1686122375311586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686127609854442,"l3_proto":"ip4","src_ip":"193.209.38.96","dst_ip":"90.111.212.50","src_port":56783,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":244,"packets-processed":243,"total-skipped-flows":0,"total-l4-payload-len":12468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":240,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":240,"total-idle-flows":239,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1162,"global_ts_usec":1686147000405705} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":244,"packets-processed":243,"total-skipped-flows":0,"total-l4-payload-len":12468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":240,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":240,"total-idle-flows":239,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1162,"global_ts_usec":1686147000405705} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686147000405705,"flow_src_last_pkt_time":1686147000405705,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686147000405705,"l3_proto":"ip4","src_ip":"235.96.127.30","dst_ip":"165.144.84.62","src_port":30596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":1,"flow_src_last_pkt_time":1686147000405705,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686147000405705,"pkt":"AAwp30Y4PJTVQTiBCABFAABSc4QAADIRDzbrYH8epZBUPneEAasAPgRJAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686147000405705,"flow_src_last_pkt_time":1686147000405705,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686147000405705,"l3_proto":"ip4","src_ip":"235.96.127.30","dst_ip":"165.144.84.62","src_port":30596,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":245,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_packet_id":2,"flow_src_last_pkt_time":1686147000405720,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686147000405720,"pkt":"AAwp30Y4PJTVQTiBCABFAABSc4QAADIRDzbrYH8epZBUPneEAasAPgRJAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686127609854442,"flow_src_last_pkt_time":1686127609854442,"flow_dst_last_pkt_time":1686127609854442,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686147000405720,"l3_proto":"ip4","src_ip":"34.16.223.107","dst_ip":"165.144.84.62","src_port":49482,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":246,"packets-processed":245,"total-skipped-flows":0,"total-l4-payload-len":12576,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":241,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":241,"total-idle-flows":240,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1168,"global_ts_usec":1686148169982093} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":246,"packets-processed":245,"total-skipped-flows":0,"total-l4-payload-len":12576,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":241,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":241,"total-idle-flows":240,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1168,"global_ts_usec":1686148169982093} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686148169982093,"flow_src_last_pkt_time":1686148169982093,"flow_dst_last_pkt_time":1686148169982093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686148169982093,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"74.111.203.55","src_port":30879,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":242,"flow_packet_id":1,"flow_src_last_pkt_time":1686148169982093,"flow_dst_last_pkt_time":1686148169982093,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686148169982093,"pkt":"ipffLU2SPJTVQTiBCABFAABL+PEAACcR2jmaYAV5Sm\/LN3ifAasAN7aeAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686148169982093,"flow_src_last_pkt_time":1686148169982093,"flow_dst_last_pkt_time":1686148169982093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686148169982093,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"74.111.203.55","src_port":30879,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":241,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1686147000405705,"flow_src_last_pkt_time":1686147000405720,"flow_dst_last_pkt_time":1686147000405705,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686148169982093,"l3_proto":"ip4","src_ip":"235.96.127.30","dst_ip":"165.144.84.62","src_port":30596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":247,"packets-processed":246,"total-skipped-flows":0,"total-l4-payload-len":12623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":242,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":242,"total-idle-flows":241,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1173,"global_ts_usec":1686150111716704} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":247,"packets-processed":246,"total-skipped-flows":0,"total-l4-payload-len":12623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":242,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":242,"total-idle-flows":241,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1173,"global_ts_usec":1686150111716704} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686150111716704,"flow_src_last_pkt_time":1686150111716704,"flow_dst_last_pkt_time":1686150111716704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686150111716704,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"90.141.37.56","src_port":53775,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":243,"flow_packet_id":1,"flow_src_last_pkt_time":1686150111716704,"flow_dst_last_pkt_time":1686150111716704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686150111716704,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPIRpS\/Qe7CaWo0lONIPAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686150111716704,"flow_src_last_pkt_time":1686150111716704,"flow_dst_last_pkt_time":1686150111716704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686150111716704,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"90.141.37.56","src_port":53775,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686148169982093,"flow_src_last_pkt_time":1686148169982093,"flow_dst_last_pkt_time":1686148169982093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686150111716704,"l3_proto":"ip4","src_ip":"154.96.5.121","dst_ip":"74.111.203.55","src_port":30879,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":248,"packets-processed":247,"total-skipped-flows":0,"total-l4-payload-len":12721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":243,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":243,"total-idle-flows":242,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1178,"global_ts_usec":1686151018568427} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":248,"packets-processed":247,"total-skipped-flows":0,"total-l4-payload-len":12721,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":243,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":243,"total-idle-flows":242,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1178,"global_ts_usec":1686151018568427} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686151018568427,"flow_src_last_pkt_time":1686151018568427,"flow_dst_last_pkt_time":1686151018568427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686151018568427,"l3_proto":"ip4","src_ip":"236.131.82.145","dst_ip":"69.109.187.54","src_port":40660,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_src_last_pkt_time":1686151018568427,"flow_dst_last_pkt_time":1686151018568427,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686151018568427,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPMRpSvsg1KRRW27Np7UAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686151018568427,"flow_src_last_pkt_time":1686151018568427,"flow_dst_last_pkt_time":1686151018568427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686151018568427,"l3_proto":"ip4","src_ip":"236.131.82.145","dst_ip":"69.109.187.54","src_port":40660,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":243,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686150111716704,"flow_src_last_pkt_time":1686150111716704,"flow_dst_last_pkt_time":1686150111716704,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686151018568427,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"90.141.37.56","src_port":53775,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":249,"packets-processed":248,"total-skipped-flows":0,"total-l4-payload-len":12819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":244,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":244,"total-idle-flows":243,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1183,"global_ts_usec":1686152692161183} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":249,"packets-processed":248,"total-skipped-flows":0,"total-l4-payload-len":12819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":244,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":244,"total-idle-flows":243,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1183,"global_ts_usec":1686152692161183} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152692161183,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686152692161183,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"74.111.203.55","src_port":47749,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686152692161183,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPIRpTITnLybSm\/LN7qFAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152692161183,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686152692161183,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"74.111.203.55","src_port":47749,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1189,48 +1189,48 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":246,"flow_packet_id":1,"flow_src_last_pkt_time":1686152794742928,"flow_dst_last_pkt_time":1686152794742928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686152794742928,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPIRpSDthLCIpZBUPoZyAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152794742928,"flow_src_last_pkt_time":1686152794742928,"flow_dst_last_pkt_time":1686152794742928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686152794742928,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"165.144.84.62","src_port":34418,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152692161183,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686152794742928,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"74.111.203.55","src_port":47749,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":251,"packets-processed":250,"total-skipped-flows":0,"total-l4-payload-len":13015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":246,"total-detection-updates":0,"total-updates":44,"current-active-flows":2,"total-active-flows":246,"total-idle-flows":244,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1192,"global_ts_usec":1686157605088607} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":251,"packets-processed":250,"total-skipped-flows":0,"total-l4-payload-len":13015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":246,"total-detection-updates":0,"total-updates":44,"current-active-flows":2,"total-active-flows":246,"total-idle-flows":244,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1192,"global_ts_usec":1686157605088607} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686157605088607,"flow_src_last_pkt_time":1686157605088607,"flow_dst_last_pkt_time":1686157605088607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686157605088607,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":55189,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":247,"flow_packet_id":1,"flow_src_last_pkt_time":1686157605088607,"flow_dst_last_pkt_time":1686157605088607,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686157605088607,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAPARqCUtfJOcpXLKPdeVAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686157605088607,"flow_src_last_pkt_time":1686157605088607,"flow_dst_last_pkt_time":1686157605088607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686157605088607,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":55189,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":246,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152794742928,"flow_src_last_pkt_time":1686152794742928,"flow_dst_last_pkt_time":1686152794742928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686157605088607,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"165.144.84.62","src_port":34418,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686152692161183,"flow_src_last_pkt_time":1686152692161183,"flow_dst_last_pkt_time":1686152692161183,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686157605088607,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"74.111.203.55","src_port":47749,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":252,"packets-processed":251,"total-skipped-flows":0,"total-l4-payload-len":13113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":247,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":247,"total-idle-flows":246,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1198,"global_ts_usec":1686158302309017} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":252,"packets-processed":251,"total-skipped-flows":0,"total-l4-payload-len":13113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":247,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":247,"total-idle-flows":246,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1198,"global_ts_usec":1686158302309017} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686158302309017,"flow_src_last_pkt_time":1686158302309017,"flow_dst_last_pkt_time":1686158302309017,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686158302309017,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.145.180.58","src_port":37873,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":248,"flow_packet_id":1,"flow_src_last_pkt_time":1686158302309017,"flow_dst_last_pkt_time":1686158302309017,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686158302309017,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAO8RDclGtG\/xWpG0OpPxAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686158302309017,"flow_src_last_pkt_time":1686158302309017,"flow_dst_last_pkt_time":1686158302309017,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686158302309017,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.145.180.58","src_port":37873,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":247,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686157605088607,"flow_src_last_pkt_time":1686157605088607,"flow_dst_last_pkt_time":1686157605088607,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686158302309017,"l3_proto":"ip4","src_ip":"45.124.147.156","dst_ip":"165.114.202.61","src_port":55189,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":253,"packets-processed":252,"total-skipped-flows":0,"total-l4-payload-len":13211,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":248,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":248,"total-idle-flows":247,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1203,"global_ts_usec":1686159210157364} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":253,"packets-processed":252,"total-skipped-flows":0,"total-l4-payload-len":13211,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":248,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":248,"total-idle-flows":247,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1203,"global_ts_usec":1686159210157364} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686159210157364,"flow_src_last_pkt_time":1686159210157364,"flow_dst_last_pkt_time":1686159210157364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686159210157364,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"90.111.212.50","src_port":50527,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_src_last_pkt_time":1686159210157364,"flow_dst_last_pkt_time":1686159210157364,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686159210157364,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAPARqCwve7GaWm\/UMsVfAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686159210157364,"flow_src_last_pkt_time":1686159210157364,"flow_dst_last_pkt_time":1686159210157364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686159210157364,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"90.111.212.50","src_port":50527,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686158302309017,"flow_src_last_pkt_time":1686158302309017,"flow_dst_last_pkt_time":1686158302309017,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686159210157364,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.145.180.58","src_port":37873,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":254,"packets-processed":253,"total-skipped-flows":0,"total-l4-payload-len":13309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":249,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":249,"total-idle-flows":248,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1208,"global_ts_usec":1686164441587309} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":254,"packets-processed":253,"total-skipped-flows":0,"total-l4-payload-len":13309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":249,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":249,"total-idle-flows":248,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1208,"global_ts_usec":1686164441587309} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686164441587309,"flow_src_last_pkt_time":1686164441587309,"flow_dst_last_pkt_time":1686164441587309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686164441587309,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"74.111.203.55","src_port":22596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":250,"flow_packet_id":1,"flow_src_last_pkt_time":1686164441587309,"flow_dst_last_pkt_time":1686164441587309,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686164441587309,"pkt":"ipffLU2SPJTVQTiBCABFCABLFfMAACIRtMTjx1p6Sm\/LN1hEAasAN8mNAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686164441587309,"flow_src_last_pkt_time":1686164441587309,"flow_dst_last_pkt_time":1686164441587309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686164441587309,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"74.111.203.55","src_port":22596,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686159210157364,"flow_src_last_pkt_time":1686159210157364,"flow_dst_last_pkt_time":1686159210157364,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686164441587309,"l3_proto":"ip4","src_ip":"47.123.177.154","dst_ip":"90.111.212.50","src_port":50527,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":255,"packets-processed":254,"total-skipped-flows":0,"total-l4-payload-len":13356,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":250,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":250,"total-idle-flows":249,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1213,"global_ts_usec":1686172962599222} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":255,"packets-processed":254,"total-skipped-flows":0,"total-l4-payload-len":13356,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":250,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":250,"total-idle-flows":249,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1213,"global_ts_usec":1686172962599222} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686172962599222,"flow_src_last_pkt_time":1686172962599222,"flow_dst_last_pkt_time":1686172962599222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686172962599222,"l3_proto":"ip4","src_ip":"161.45.5.172","dst_ip":"90.147.171.51","src_port":56443,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":1,"flow_src_last_pkt_time":1686172962599222,"flow_dst_last_pkt_time":1686172962599222,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686172962599222,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbgWhLQWsWpOrM9x7AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686172962599222,"flow_src_last_pkt_time":1686172962599222,"flow_dst_last_pkt_time":1686172962599222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686172962599222,"l3_proto":"ip4","src_ip":"161.45.5.172","dst_ip":"90.147.171.51","src_port":56443,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":250,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686164441587309,"flow_src_last_pkt_time":1686164441587309,"flow_dst_last_pkt_time":1686164441587309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686172962599222,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"74.111.203.55","src_port":22596,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":256,"packets-processed":255,"total-skipped-flows":0,"total-l4-payload-len":13385,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":251,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":251,"total-idle-flows":250,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1218,"global_ts_usec":1686178920053120} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":256,"packets-processed":255,"total-skipped-flows":0,"total-l4-payload-len":13385,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":251,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":251,"total-idle-flows":250,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1218,"global_ts_usec":1686178920053120} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686178920053120,"flow_src_last_pkt_time":1686178920053120,"flow_dst_last_pkt_time":1686178920053120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686178920053120,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"85.111.52.57","src_port":55319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_src_last_pkt_time":1686178920053120,"flow_dst_last_pkt_time":1686178920053120,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686178920053120,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbXhCGOFNVW80OdgXAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686178920053120,"flow_src_last_pkt_time":1686178920053120,"flow_dst_last_pkt_time":1686178920053120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686178920053120,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"85.111.52.57","src_port":55319,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":251,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686172962599222,"flow_src_last_pkt_time":1686172962599222,"flow_dst_last_pkt_time":1686172962599222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686178920053120,"l3_proto":"ip4","src_ip":"161.45.5.172","dst_ip":"90.147.171.51","src_port":56443,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":257,"packets-processed":256,"total-skipped-flows":0,"total-l4-payload-len":13414,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":252,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":252,"total-idle-flows":251,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1223,"global_ts_usec":1686182909163488} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":257,"packets-processed":256,"total-skipped-flows":0,"total-l4-payload-len":13414,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":252,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":252,"total-idle-flows":251,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1223,"global_ts_usec":1686182909163488} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686182909163488,"flow_src_last_pkt_time":1686182909163488,"flow_dst_last_pkt_time":1686182909163488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686182909163488,"l3_proto":"ip4","src_ip":"88.56.155.126","dst_ip":"186.112.202.53","src_port":14639,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":253,"flow_packet_id":1,"flow_src_last_pkt_time":1686182909163488,"flow_dst_last_pkt_time":1686182909163488,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686182909163488,"pkt":"xmjqc4OdPJTVQTiBCABFCABLnDYAACIRLnxYOJt+unDKNTkvAasAN+idAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686182909163488,"flow_src_last_pkt_time":1686182909163488,"flow_dst_last_pkt_time":1686182909163488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686182909163488,"l3_proto":"ip4","src_ip":"88.56.155.126","dst_ip":"186.112.202.53","src_port":14639,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686178920053120,"flow_src_last_pkt_time":1686178920053120,"flow_dst_last_pkt_time":1686178920053120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686182909163488,"l3_proto":"ip4","src_ip":"66.24.225.77","dst_ip":"85.111.52.57","src_port":55319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":258,"packets-processed":257,"total-skipped-flows":0,"total-l4-payload-len":13461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":253,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":253,"total-idle-flows":252,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1228,"global_ts_usec":1686186373659453} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":258,"packets-processed":257,"total-skipped-flows":0,"total-l4-payload-len":13461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":253,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":253,"total-idle-flows":252,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1228,"global_ts_usec":1686186373659453} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686186373659453,"flow_src_last_pkt_time":1686186373659453,"flow_dst_last_pkt_time":1686186373659453,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686186373659453,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":15055,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":254,"flow_packet_id":1,"flow_src_last_pkt_time":1686186373659453,"flow_dst_last_pkt_time":1686186373659453,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686186373659453,"pkt":"bpHurUgdPJTVQTiBCABFCABLbu4AACIRW70j\/EVxRW27NjrPAasAN+b2AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":254,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686186373659453,"flow_src_last_pkt_time":1686186373659453,"flow_dst_last_pkt_time":1686186373659453,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686186373659453,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":15055,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686182909163488,"flow_src_last_pkt_time":1686182909163488,"flow_dst_last_pkt_time":1686182909163488,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686186373659453,"l3_proto":"ip4","src_ip":"88.56.155.126","dst_ip":"186.112.202.53","src_port":14639,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":259,"packets-processed":258,"total-skipped-flows":0,"total-l4-payload-len":13508,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":254,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":254,"total-idle-flows":253,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1233,"global_ts_usec":1686188598232342} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":259,"packets-processed":258,"total-skipped-flows":0,"total-l4-payload-len":13508,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":254,"total-detection-updates":0,"total-updates":44,"current-active-flows":1,"total-active-flows":254,"total-idle-flows":253,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1233,"global_ts_usec":1686188598232342} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188598232342,"flow_src_last_pkt_time":1686188598232342,"flow_dst_last_pkt_time":1686188598232342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188598232342,"l3_proto":"ip4","src_ip":"93.22.25.240","dst_ip":"165.144.84.62","src_port":53557,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":255,"flow_packet_id":1,"flow_src_last_pkt_time":1686188598232342,"flow_dst_last_pkt_time":1686188598232342,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686188598232342,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbdZdFhnwpZBUPtE1AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":259,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188598232342,"flow_src_last_pkt_time":1686188598232342,"flow_dst_last_pkt_time":1686188598232342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188598232342,"l3_proto":"ip4","src_ip":"93.22.25.240","dst_ip":"165.144.84.62","src_port":53557,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1244,33 +1244,33 @@ 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188964145763,"flow_src_last_pkt_time":1686188964145763,"flow_dst_last_pkt_time":1686188964145763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188964145763,"l3_proto":"ip4","src_ip":"211.49.103.57","dst_ip":"69.109.187.54","src_port":55377,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":256,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188644341439,"flow_src_last_pkt_time":1686188644341439,"flow_dst_last_pkt_time":1686188644341439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188964145763,"l3_proto":"ip4","src_ip":"94.46.221.227","dst_ip":"90.141.37.56","src_port":49978,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":255,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188598232342,"flow_src_last_pkt_time":1686188598232342,"flow_dst_last_pkt_time":1686188598232342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686188964145763,"l3_proto":"ip4","src_ip":"93.22.25.240","dst_ip":"165.144.84.62","src_port":53557,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":262,"packets-processed":261,"total-skipped-flows":0,"total-l4-payload-len":13595,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":257,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":257,"total-idle-flows":256,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1247,"global_ts_usec":1686189923950356} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":262,"packets-processed":261,"total-skipped-flows":0,"total-l4-payload-len":13595,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":257,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":257,"total-idle-flows":256,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1247,"global_ts_usec":1686189923950356} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686189923950356,"flow_src_last_pkt_time":1686189923950356,"flow_dst_last_pkt_time":1686189923950356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686189923950356,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"186.112.202.53","src_port":57227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":258,"flow_packet_id":1,"flow_src_last_pkt_time":1686189923950356,"flow_dst_last_pkt_time":1686189923950356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686189923950356,"pkt":"xmjqc4OdPJTVQTiBCABFCABS0+QAAGsRQrNDnxCWunDKNd+LAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686189923950356,"flow_src_last_pkt_time":1686189923950356,"flow_dst_last_pkt_time":1686189923950356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686189923950356,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"186.112.202.53","src_port":57227,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":257,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686188964145763,"flow_src_last_pkt_time":1686188964145763,"flow_dst_last_pkt_time":1686188964145763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686189923950356,"l3_proto":"ip4","src_ip":"211.49.103.57","dst_ip":"69.109.187.54","src_port":55377,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":263,"packets-processed":262,"total-skipped-flows":0,"total-l4-payload-len":13649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":258,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":258,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1252,"global_ts_usec":1686195826361567} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":263,"packets-processed":262,"total-skipped-flows":0,"total-l4-payload-len":13649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":258,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":258,"total-idle-flows":257,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1252,"global_ts_usec":1686195826361567} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686195826361567,"flow_src_last_pkt_time":1686195826361567,"flow_dst_last_pkt_time":1686195826361567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686195826361567,"l3_proto":"ip4","src_ip":"70.210.130.41","dst_ip":"186.112.202.53","src_port":50379,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":259,"flow_packet_id":1,"flow_src_last_pkt_time":1686195826361567,"flow_dst_last_pkt_time":1686195826361567,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686195826361567,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbWRG0oIpunDKNcTLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":263,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686195826361567,"flow_src_last_pkt_time":1686195826361567,"flow_dst_last_pkt_time":1686195826361567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686195826361567,"l3_proto":"ip4","src_ip":"70.210.130.41","dst_ip":"186.112.202.53","src_port":50379,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":258,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686189923950356,"flow_src_last_pkt_time":1686189923950356,"flow_dst_last_pkt_time":1686189923950356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686195826361567,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"186.112.202.53","src_port":57227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":264,"packets-processed":263,"total-skipped-flows":0,"total-l4-payload-len":13678,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":259,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":259,"total-idle-flows":258,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1257,"global_ts_usec":1686197444990656} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":264,"packets-processed":263,"total-skipped-flows":0,"total-l4-payload-len":13678,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":259,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":259,"total-idle-flows":258,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1257,"global_ts_usec":1686197444990656} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686197444990656,"flow_src_last_pkt_time":1686197444990656,"flow_dst_last_pkt_time":1686197444990656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686197444990656,"l3_proto":"ip4","src_ip":"217.23.159.199","dst_ip":"74.111.203.55","src_port":54694,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":260,"flow_packet_id":1,"flow_src_last_pkt_time":1686197444990656,"flow_dst_last_pkt_time":1686197444990656,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686197444990656,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbbfZF5\/HSm\/LN9WmAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":264,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686197444990656,"flow_src_last_pkt_time":1686197444990656,"flow_dst_last_pkt_time":1686197444990656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686197444990656,"l3_proto":"ip4","src_ip":"217.23.159.199","dst_ip":"74.111.203.55","src_port":54694,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":259,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686195826361567,"flow_src_last_pkt_time":1686195826361567,"flow_dst_last_pkt_time":1686195826361567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686197444990656,"l3_proto":"ip4","src_ip":"70.210.130.41","dst_ip":"186.112.202.53","src_port":50379,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":265,"packets-processed":264,"total-skipped-flows":0,"total-l4-payload-len":13707,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":260,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":260,"total-idle-flows":259,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1262,"global_ts_usec":1686200474358772} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":265,"packets-processed":264,"total-skipped-flows":0,"total-l4-payload-len":13707,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":260,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":260,"total-idle-flows":259,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1262,"global_ts_usec":1686200474358772} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686200474358772,"flow_src_last_pkt_time":1686200474358772,"flow_dst_last_pkt_time":1686200474358772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686200474358772,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"165.114.202.61","src_port":54962,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":261,"flow_packet_id":1,"flow_src_last_pkt_time":1686200474358772,"flow_dst_last_pkt_time":1686200474358772,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686200474358772,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXtfQ8\/jUpXLKPdayAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":265,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686200474358772,"flow_src_last_pkt_time":1686200474358772,"flow_dst_last_pkt_time":1686200474358772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686200474358772,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"165.114.202.61","src_port":54962,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":260,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686197444990656,"flow_src_last_pkt_time":1686197444990656,"flow_dst_last_pkt_time":1686197444990656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686200474358772,"l3_proto":"ip4","src_ip":"217.23.159.199","dst_ip":"74.111.203.55","src_port":54694,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":266,"packets-processed":265,"total-skipped-flows":0,"total-l4-payload-len":13736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":261,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":261,"total-idle-flows":260,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1267,"global_ts_usec":1686201624944069} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":266,"packets-processed":265,"total-skipped-flows":0,"total-l4-payload-len":13736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":261,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":261,"total-idle-flows":260,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1267,"global_ts_usec":1686201624944069} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686201624944069,"flow_src_last_pkt_time":1686201624944069,"flow_dst_last_pkt_time":1686201624944069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686201624944069,"l3_proto":"ip4","src_ip":"42.224.153.12","dst_ip":"90.147.171.51","src_port":15346,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":1,"flow_src_last_pkt_time":1686201624944069,"flow_dst_last_pkt_time":1686201624944069,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686201624944069,"pkt":"AAwp30Y4PJTVQTiBCABFAABSN\/IAADIRVuMq4JkMWpOrMzvyAasAPkv2AgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":262,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686201624944069,"flow_src_last_pkt_time":1686201624944069,"flow_dst_last_pkt_time":1686201624944069,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686201624944069,"l3_proto":"ip4","src_ip":"42.224.153.12","dst_ip":"90.147.171.51","src_port":15346,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":262,"flow_packet_id":2,"flow_src_last_pkt_time":1686201624944084,"flow_dst_last_pkt_time":1686201624944069,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686201624944084,"pkt":"AAwp30Y4PJTVQTiBCABFAABSN\/IAADIRVuMq4JkMWpOrMzvyAasAPkv2AgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":261,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686200474358772,"flow_src_last_pkt_time":1686200474358772,"flow_dst_last_pkt_time":1686200474358772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686201624944084,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"165.114.202.61","src_port":54962,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":268,"packets-processed":267,"total-skipped-flows":0,"total-l4-payload-len":13844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":262,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":262,"total-idle-flows":261,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1273,"global_ts_usec":1686204308831707} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":268,"packets-processed":267,"total-skipped-flows":0,"total-l4-payload-len":13844,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":262,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":262,"total-idle-flows":261,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1273,"global_ts_usec":1686204308831707} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686204308831707,"flow_src_last_pkt_time":1686204308831707,"flow_dst_last_pkt_time":1686204308831707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686204308831707,"l3_proto":"ip4","src_ip":"199.221.139.233","dst_ip":"90.145.180.58","src_port":45906,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":263,"flow_packet_id":1,"flow_src_last_pkt_time":1686204308831707,"flow_dst_last_pkt_time":1686204308831707,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686204308831707,"pkt":"bs1PogZtPJTVQTiBCABFAAA+UJNAADQREf\/H3YvpWpG0OrNSAasAKtf7AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":268,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686204308831707,"flow_src_last_pkt_time":1686204308831707,"flow_dst_last_pkt_time":1686204308831707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686204308831707,"l3_proto":"ip4","src_ip":"199.221.139.233","dst_ip":"90.145.180.58","src_port":45906,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1279,7 +1279,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":264,"flow_packet_id":1,"flow_src_last_pkt_time":1686204816985223,"flow_dst_last_pkt_time":1686204816985223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686204816985223,"pkt":"bpHurUgdPJTVQTiBCABFAAA++fVAADQRaIr27WP9RW27NjGRAasAKlmrAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":264,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686204816985223,"flow_src_last_pkt_time":1686204816985223,"flow_dst_last_pkt_time":1686204816985223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686204816985223,"l3_proto":"ip4","src_ip":"246.237.99.253","dst_ip":"69.109.187.54","src_port":12689,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":263,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686204308831707,"flow_src_last_pkt_time":1686204308831707,"flow_dst_last_pkt_time":1686204308831707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686204816985223,"l3_proto":"ip4","src_ip":"199.221.139.233","dst_ip":"90.145.180.58","src_port":45906,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":270,"packets-processed":269,"total-skipped-flows":0,"total-l4-payload-len":13912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":264,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":264,"total-idle-flows":263,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1282,"global_ts_usec":1686205296905334} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":270,"packets-processed":269,"total-skipped-flows":0,"total-l4-payload-len":13912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":264,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":264,"total-idle-flows":263,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1282,"global_ts_usec":1686205296905334} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686205296905334,"flow_src_last_pkt_time":1686205296905334,"flow_dst_last_pkt_time":1686205296905334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686205296905334,"l3_proto":"ip4","src_ip":"247.45.112.206","dst_ip":"90.111.212.50","src_port":20029,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":265,"flow_packet_id":1,"flow_src_last_pkt_time":1686205296905334,"flow_dst_last_pkt_time":1686205296905334,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686205296905334,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+r0hAADQRsyX3LXDOWm\/UMk49AasAKjztAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":265,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686205296905334,"flow_src_last_pkt_time":1686205296905334,"flow_dst_last_pkt_time":1686205296905334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686205296905334,"l3_proto":"ip4","src_ip":"247.45.112.206","dst_ip":"90.111.212.50","src_port":20029,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1292,7 +1292,7 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_src_last_pkt_time":1686205768491443,"flow_dst_last_pkt_time":1686205768491443,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686205768491443,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+3TBAADQRhVdGJmvxVW80OQ75AasAKnxLAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":272,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686205768491443,"flow_src_last_pkt_time":1686205768491443,"flow_dst_last_pkt_time":1686205768491443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686205768491443,"l3_proto":"ip4","src_ip":"70.38.107.241","dst_ip":"85.111.52.57","src_port":3833,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686205683745012,"flow_src_last_pkt_time":1686205683745012,"flow_dst_last_pkt_time":1686205683745012,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686205768491443,"l3_proto":"ip4","src_ip":"56.174.92.201","dst_ip":"165.114.202.61","src_port":12782,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":273,"packets-processed":272,"total-skipped-flows":0,"total-l4-payload-len":14014,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":267,"total-detection-updates":0,"total-updates":46,"current-active-flows":2,"total-active-flows":267,"total-idle-flows":265,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1295,"global_ts_usec":1686206099528813} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":273,"packets-processed":272,"total-skipped-flows":0,"total-l4-payload-len":14014,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":267,"total-detection-updates":0,"total-updates":46,"current-active-flows":2,"total-active-flows":267,"total-idle-flows":265,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1295,"global_ts_usec":1686206099528813} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206099528813,"flow_src_last_pkt_time":1686206099528813,"flow_dst_last_pkt_time":1686206099528813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206099528813,"l3_proto":"ip4","src_ip":"70.106.99.214","dst_ip":"74.111.203.55","src_port":10633,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":268,"flow_packet_id":1,"flow_src_last_pkt_time":1686206099528813,"flow_dst_last_pkt_time":1686206099528813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686206099528813,"pkt":"ipffLU2SPJTVQTiBCABFAAA+0FpAADQRkh5GamPWSm\/LNymJAasAKmGsAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":273,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206099528813,"flow_src_last_pkt_time":1686206099528813,"flow_dst_last_pkt_time":1686206099528813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206099528813,"l3_proto":"ip4","src_ip":"70.106.99.214","dst_ip":"74.111.203.55","src_port":10633,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1302,22 +1302,22 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":269,"flow_packet_id":1,"flow_src_last_pkt_time":1686206507820187,"flow_dst_last_pkt_time":1686206507820187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686206507820187,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+f0tAADQR4yz27WP9pZBUPm5IAasAKhzsAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206507820187,"flow_src_last_pkt_time":1686206507820187,"flow_dst_last_pkt_time":1686206507820187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206507820187,"l3_proto":"ip4","src_ip":"246.237.99.253","dst_ip":"165.144.84.62","src_port":28232,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":268,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206099528813,"flow_src_last_pkt_time":1686206099528813,"flow_dst_last_pkt_time":1686206099528813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206507820187,"l3_proto":"ip4","src_ip":"70.106.99.214","dst_ip":"74.111.203.55","src_port":10633,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":275,"packets-processed":274,"total-skipped-flows":0,"total-l4-payload-len":14082,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":269,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":269,"total-idle-flows":268,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1305,"global_ts_usec":1686206929031157} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":275,"packets-processed":274,"total-skipped-flows":0,"total-l4-payload-len":14082,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":269,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":269,"total-idle-flows":268,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1305,"global_ts_usec":1686206929031157} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206929031157,"flow_src_last_pkt_time":1686206929031157,"flow_dst_last_pkt_time":1686206929031157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206929031157,"l3_proto":"ip4","src_ip":"200.29.108.217","dst_ip":"90.141.37.56","src_port":55185,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":270,"flow_packet_id":1,"flow_src_last_pkt_time":1686206929031157,"flow_dst_last_pkt_time":1686206929031157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686206929031157,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+TBRAADQRFl3IHWzZWo0lONeRAasAKrObAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206929031157,"flow_src_last_pkt_time":1686206929031157,"flow_dst_last_pkt_time":1686206929031157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206929031157,"l3_proto":"ip4","src_ip":"200.29.108.217","dst_ip":"90.141.37.56","src_port":55185,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":269,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206507820187,"flow_src_last_pkt_time":1686206507820187,"flow_dst_last_pkt_time":1686206507820187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686206929031157,"l3_proto":"ip4","src_ip":"246.237.99.253","dst_ip":"165.144.84.62","src_port":28232,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":276,"packets-processed":275,"total-skipped-flows":0,"total-l4-payload-len":14116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":270,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":270,"total-idle-flows":269,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1310,"global_ts_usec":1686207705291823} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":276,"packets-processed":275,"total-skipped-flows":0,"total-l4-payload-len":14116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":270,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":270,"total-idle-flows":269,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1310,"global_ts_usec":1686207705291823} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686207705291823,"flow_src_last_pkt_time":1686207705291823,"flow_dst_last_pkt_time":1686207705291823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686207705291823,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":48238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":271,"flow_packet_id":1,"flow_src_last_pkt_time":1686207705291823,"flow_dst_last_pkt_time":1686207705291823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686207705291823,"pkt":"moT+\/Ph8PJTVQTiBCABFAABSu9QAAG0RWMhDnxCWVW80ObxuAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":276,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686207705291823,"flow_src_last_pkt_time":1686207705291823,"flow_dst_last_pkt_time":1686207705291823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686207705291823,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":48238,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":270,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686206929031157,"flow_src_last_pkt_time":1686206929031157,"flow_dst_last_pkt_time":1686206929031157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686207705291823,"l3_proto":"ip4","src_ip":"200.29.108.217","dst_ip":"90.141.37.56","src_port":55185,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":277,"packets-processed":276,"total-skipped-flows":0,"total-l4-payload-len":14170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":271,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":271,"total-idle-flows":270,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1315,"global_ts_usec":1686209332165512} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":277,"packets-processed":276,"total-skipped-flows":0,"total-l4-payload-len":14170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":271,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":271,"total-idle-flows":270,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1315,"global_ts_usec":1686209332165512} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686209332165512,"flow_src_last_pkt_time":1686209332165512,"flow_dst_last_pkt_time":1686209332165512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686209332165512,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":24038,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":272,"flow_packet_id":1,"flow_src_last_pkt_time":1686209332165512,"flow_dst_last_pkt_time":1686209332165512,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686209332165512,"pkt":"AAwp30Y4PJTVQTiBCABFCABLNKwAACIRlfkjAGRzpZBUPl3mAasAN8PZAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":272,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686209332165512,"flow_src_last_pkt_time":1686209332165512,"flow_dst_last_pkt_time":1686209332165512,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686209332165512,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":24038,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":271,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686207705291823,"flow_src_last_pkt_time":1686207705291823,"flow_dst_last_pkt_time":1686207705291823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686209332165512,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":48238,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":278,"packets-processed":277,"total-skipped-flows":0,"total-l4-payload-len":14217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":272,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":272,"total-idle-flows":271,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1320,"global_ts_usec":1686218743990736} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":278,"packets-processed":277,"total-skipped-flows":0,"total-l4-payload-len":14217,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":272,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":272,"total-idle-flows":271,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1320,"global_ts_usec":1686218743990736} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218743990736,"flow_src_last_pkt_time":1686218743990736,"flow_dst_last_pkt_time":1686218743990736,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686218743990736,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"165.114.202.61","src_port":29445,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":273,"flow_packet_id":1,"flow_src_last_pkt_time":1686218743990736,"flow_dst_last_pkt_time":1686218743990736,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686218743990736,"pkt":"AAwp30Y4PJTVQTiBCABFCABLunsAACIRECpb\/2t0pXLKPXMFAasAN666AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218743990736,"flow_src_last_pkt_time":1686218743990736,"flow_dst_last_pkt_time":1686218743990736,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686218743990736,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"165.114.202.61","src_port":29445,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1326,32 +1326,32 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":274,"flow_packet_id":1,"flow_src_last_pkt_time":1686218930278883,"flow_dst_last_pkt_time":1686218930278883,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686218930278883,"pkt":"AAwp30Y4PJTVQTiBCABFAABLV70AACcRe1hiiQNypXLKPRTWAasANxpSAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218930278883,"flow_src_last_pkt_time":1686218930278883,"flow_dst_last_pkt_time":1686218930278883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686218930278883,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"165.114.202.61","src_port":5334,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":273,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218743990736,"flow_src_last_pkt_time":1686218743990736,"flow_dst_last_pkt_time":1686218743990736,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686218930278883,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"165.114.202.61","src_port":29445,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":280,"packets-processed":279,"total-skipped-flows":0,"total-l4-payload-len":14311,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":274,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":274,"total-idle-flows":273,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1329,"global_ts_usec":1686227357942748} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":280,"packets-processed":279,"total-skipped-flows":0,"total-l4-payload-len":14311,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":274,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":274,"total-idle-flows":273,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1329,"global_ts_usec":1686227357942748} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686227357942748,"flow_src_last_pkt_time":1686227357942748,"flow_dst_last_pkt_time":1686227357942748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686227357942748,"l3_proto":"ip4","src_ip":"224.127.98.214","dst_ip":"90.147.171.51","src_port":19171,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":275,"flow_packet_id":1,"flow_src_last_pkt_time":1686227357942748,"flow_dst_last_pkt_time":1686227357942748,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686227357942748,"pkt":"AAwp30Y4PJTVQTiBCABFCABLNlUAACQRjhzgf2LWWpOrM0rjAasAN9KoAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":280,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686227357942748,"flow_src_last_pkt_time":1686227357942748,"flow_dst_last_pkt_time":1686227357942748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686227357942748,"l3_proto":"ip4","src_ip":"224.127.98.214","dst_ip":"90.147.171.51","src_port":19171,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":274,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686218930278883,"flow_src_last_pkt_time":1686218930278883,"flow_dst_last_pkt_time":1686218930278883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686227357942748,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"165.114.202.61","src_port":5334,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":281,"packets-processed":280,"total-skipped-flows":0,"total-l4-payload-len":14358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":275,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":275,"total-idle-flows":274,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1334,"global_ts_usec":1686234455283740} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":281,"packets-processed":280,"total-skipped-flows":0,"total-l4-payload-len":14358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":275,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":275,"total-idle-flows":274,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1334,"global_ts_usec":1686234455283740} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686234455283740,"flow_src_last_pkt_time":1686234455283740,"flow_dst_last_pkt_time":1686234455283740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686234455283740,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.145.180.58","src_port":37363,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":276,"flow_packet_id":1,"flow_src_last_pkt_time":1686234455283740,"flow_dst_last_pkt_time":1686234455283740,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686234455283740,"pkt":"bs1PogZtPJTVQTiBCABFAABLt7IAACcRG3GdePx7WpG0OpHzAasAN51CAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":281,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686234455283740,"flow_src_last_pkt_time":1686234455283740,"flow_dst_last_pkt_time":1686234455283740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686234455283740,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.145.180.58","src_port":37363,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":275,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686227357942748,"flow_src_last_pkt_time":1686227357942748,"flow_dst_last_pkt_time":1686227357942748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686234455283740,"l3_proto":"ip4","src_ip":"224.127.98.214","dst_ip":"90.147.171.51","src_port":19171,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":282,"packets-processed":281,"total-skipped-flows":0,"total-l4-payload-len":14405,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":276,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":276,"total-idle-flows":275,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1339,"global_ts_usec":1686236482989100} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":282,"packets-processed":281,"total-skipped-flows":0,"total-l4-payload-len":14405,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":276,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":276,"total-idle-flows":275,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1339,"global_ts_usec":1686236482989100} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686236482989100,"flow_src_last_pkt_time":1686236482989100,"flow_dst_last_pkt_time":1686236482989100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686236482989100,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":37519,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":277,"flow_packet_id":1,"flow_src_last_pkt_time":1686236482989100,"flow_dst_last_pkt_time":1686236482989100,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686236482989100,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPMRCY72S2hzWpG0OpKPAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686236482989100,"flow_src_last_pkt_time":1686236482989100,"flow_dst_last_pkt_time":1686236482989100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686236482989100,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":37519,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":276,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686234455283740,"flow_src_last_pkt_time":1686234455283740,"flow_dst_last_pkt_time":1686234455283740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686236482989100,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.145.180.58","src_port":37363,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":283,"packets-processed":282,"total-skipped-flows":0,"total-l4-payload-len":14503,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":277,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":277,"total-idle-flows":276,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1344,"global_ts_usec":1686238266508865} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":283,"packets-processed":282,"total-skipped-flows":0,"total-l4-payload-len":14503,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":277,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":277,"total-idle-flows":276,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1344,"global_ts_usec":1686238266508865} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686238266508865,"flow_src_last_pkt_time":1686238266508865,"flow_dst_last_pkt_time":1686238266508865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686238266508865,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"74.111.203.55","src_port":47606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":278,"flow_packet_id":1,"flow_src_last_pkt_time":1686238266508865,"flow_dst_last_pkt_time":1686238266508865,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686238266508865,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRpSrsm2CTSm\/LN7n2AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686238266508865,"flow_src_last_pkt_time":1686238266508865,"flow_dst_last_pkt_time":1686238266508865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686238266508865,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"74.111.203.55","src_port":47606,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":277,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686236482989100,"flow_src_last_pkt_time":1686236482989100,"flow_dst_last_pkt_time":1686236482989100,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686238266508865,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":37519,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":284,"packets-processed":283,"total-skipped-flows":0,"total-l4-payload-len":14601,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":278,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":278,"total-idle-flows":277,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1349,"global_ts_usec":1686241261208452} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":284,"packets-processed":283,"total-skipped-flows":0,"total-l4-payload-len":14601,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":278,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":278,"total-idle-flows":277,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1349,"global_ts_usec":1686241261208452} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241261208452,"flow_src_last_pkt_time":1686241261208452,"flow_dst_last_pkt_time":1686241261208452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241261208452,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":32910,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":279,"flow_packet_id":1,"flow_src_last_pkt_time":1686241261208452,"flow_dst_last_pkt_time":1686241261208452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686241261208452,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsRrCQtY5KSWm\/UMoCOAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":279,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241261208452,"flow_src_last_pkt_time":1686241261208452,"flow_dst_last_pkt_time":1686241261208452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241261208452,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"90.111.212.50","src_port":32910,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":278,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686238266508865,"flow_src_last_pkt_time":1686238266508865,"flow_dst_last_pkt_time":1686238266508865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241261208452,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"74.111.203.55","src_port":47606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":285,"packets-processed":284,"total-skipped-flows":0,"total-l4-payload-len":14699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":279,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":279,"total-idle-flows":278,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1354,"global_ts_usec":1686241917944669} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":285,"packets-processed":284,"total-skipped-flows":0,"total-l4-payload-len":14699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":279,"total-detection-updates":0,"total-updates":46,"current-active-flows":1,"total-active-flows":279,"total-idle-flows":278,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1354,"global_ts_usec":1686241917944669} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241917944669,"flow_src_last_pkt_time":1686241917944669,"flow_dst_last_pkt_time":1686241917944669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241917944669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"186.112.202.53","src_port":52790,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":280,"flow_packet_id":1,"flow_src_last_pkt_time":1686241917944669,"flow_dst_last_pkt_time":1686241917944669,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686241917944669,"pkt":"xmjqc4OdPJTVQTiBCABFAAB+1DEAAPMRCZLItJByunDKNc42AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241917944669,"flow_src_last_pkt_time":1686241917944669,"flow_dst_last_pkt_time":1686241917944669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686241917944669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"186.112.202.53","src_port":52790,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1365,7 +1365,7 @@ 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":282,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686242407915366,"flow_src_last_pkt_time":1686242407915366,"flow_dst_last_pkt_time":1686242407915366,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686242407915366,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.114.202.61","src_port":60621,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686242007697569,"flow_src_last_pkt_time":1686242007697569,"flow_dst_last_pkt_time":1686242007697569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686242407915366,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"69.109.187.54","src_port":36409,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":280,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686241917944669,"flow_src_last_pkt_time":1686241917944669,"flow_dst_last_pkt_time":1686241917944669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686242407915366,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"186.112.202.53","src_port":52790,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":288,"packets-processed":287,"total-skipped-flows":0,"total-l4-payload-len":14993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":282,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":282,"total-idle-flows":281,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1368,"global_ts_usec":1686243579374691} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":288,"packets-processed":287,"total-skipped-flows":0,"total-l4-payload-len":14993,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":282,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":282,"total-idle-flows":281,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1368,"global_ts_usec":1686243579374691} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686243579374691,"flow_src_last_pkt_time":1686243579374691,"flow_dst_last_pkt_time":1686243579374691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686243579374691,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"165.144.84.62","src_port":60327,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":283,"flow_packet_id":1,"flow_src_last_pkt_time":1686243579374691,"flow_dst_last_pkt_time":1686243579374691,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686243579374691,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsRrBotY5KSpZBUPuunAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686243579374691,"flow_src_last_pkt_time":1686243579374691,"flow_dst_last_pkt_time":1686243579374691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686243579374691,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"165.144.84.62","src_port":60327,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1374,17 +1374,17 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":284,"flow_packet_id":1,"flow_src_last_pkt_time":1686244097863995,"flow_dst_last_pkt_time":1686244097863995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686244097863995,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRCZDItJByWo0lONuvAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244097863995,"flow_src_last_pkt_time":1686244097863995,"flow_dst_last_pkt_time":1686244097863995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244097863995,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.141.37.56","src_port":56239,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":283,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686243579374691,"flow_src_last_pkt_time":1686243579374691,"flow_dst_last_pkt_time":1686243579374691,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244097863995,"l3_proto":"ip4","src_ip":"45.99.146.146","dst_ip":"165.144.84.62","src_port":60327,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":290,"packets-processed":289,"total-skipped-flows":0,"total-l4-payload-len":15189,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":284,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":284,"total-idle-flows":283,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1377,"global_ts_usec":1686244966838652} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":290,"packets-processed":289,"total-skipped-flows":0,"total-l4-payload-len":15189,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":284,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":284,"total-idle-flows":283,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1377,"global_ts_usec":1686244966838652} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244966838652,"flow_src_last_pkt_time":1686244966838652,"flow_dst_last_pkt_time":1686244966838652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244966838652,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"85.111.52.57","src_port":41408,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":285,"flow_packet_id":1,"flow_src_last_pkt_time":1686244966838652,"flow_dst_last_pkt_time":1686244966838652,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686244966838652,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPMRpSXsm2CTVW80OaHAAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244966838652,"flow_src_last_pkt_time":1686244966838652,"flow_dst_last_pkt_time":1686244966838652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244966838652,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"85.111.52.57","src_port":41408,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":284,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244097863995,"flow_src_last_pkt_time":1686244097863995,"flow_dst_last_pkt_time":1686244097863995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686244966838652,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.141.37.56","src_port":56239,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":291,"packets-processed":290,"total-skipped-flows":0,"total-l4-payload-len":15287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":285,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":285,"total-idle-flows":284,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1382,"global_ts_usec":1686256443473506} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":291,"packets-processed":290,"total-skipped-flows":0,"total-l4-payload-len":15287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":285,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":285,"total-idle-flows":284,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1382,"global_ts_usec":1686256443473506} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686256443473506,"flow_src_last_pkt_time":1686256443473506,"flow_dst_last_pkt_time":1686256443473506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686256443473506,"l3_proto":"ip4","src_ip":"162.219.248.180","dst_ip":"90.147.171.51","src_port":51156,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":286,"flow_packet_id":1,"flow_src_last_pkt_time":1686256443473506,"flow_dst_last_pkt_time":1686256443473506,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686256443473506,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbP6i2\/i0WpOrM8fUAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":286,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686256443473506,"flow_src_last_pkt_time":1686256443473506,"flow_dst_last_pkt_time":1686256443473506,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686256443473506,"l3_proto":"ip4","src_ip":"162.219.248.180","dst_ip":"90.147.171.51","src_port":51156,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":285,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686244966838652,"flow_src_last_pkt_time":1686244966838652,"flow_dst_last_pkt_time":1686244966838652,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686256443473506,"l3_proto":"ip4","src_ip":"236.155.96.147","dst_ip":"85.111.52.57","src_port":41408,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":292,"packets-processed":291,"total-skipped-flows":0,"total-l4-payload-len":15316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":286,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":286,"total-idle-flows":285,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1387,"global_ts_usec":1686257607667798} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":292,"packets-processed":291,"total-skipped-flows":0,"total-l4-payload-len":15316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":286,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":286,"total-idle-flows":285,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1387,"global_ts_usec":1686257607667798} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257607667798,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686257607667798,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":55455,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_packet_id":1,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686257607667798,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80OdifAasAJRHVAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257607667798,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686257607667798,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":55455,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1393,13 +1393,13 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":288,"flow_packet_id":1,"flow_src_last_pkt_time":1686257765544403,"flow_dst_last_pkt_time":1686257765544403,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686257765544403,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPcZcAasAJSQTAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257765544403,"flow_src_last_pkt_time":1686257765544403,"flow_dst_last_pkt_time":1686257765544403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686257765544403,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":50780,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257607667798,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686257765544403,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":55455,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":294,"packets-processed":293,"total-skipped-flows":0,"total-l4-payload-len":15374,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":288,"total-detection-updates":0,"total-updates":48,"current-active-flows":2,"total-active-flows":288,"total-idle-flows":286,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1396,"global_ts_usec":1686258512561586} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":294,"packets-processed":293,"total-skipped-flows":0,"total-l4-payload-len":15374,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":288,"total-detection-updates":0,"total-updates":48,"current-active-flows":2,"total-active-flows":288,"total-idle-flows":286,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1396,"global_ts_usec":1686258512561586} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686258512561586,"flow_src_last_pkt_time":1686258512561586,"flow_dst_last_pkt_time":1686258512561586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686258512561586,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":56478,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":289,"flow_packet_id":1,"flow_src_last_pkt_time":1686258512561586,"flow_dst_last_pkt_time":1686258512561586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686258512561586,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPURKLnIH5CeunDKNdyeAasAJQ3ZAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":289,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686258512561586,"flow_src_last_pkt_time":1686258512561586,"flow_dst_last_pkt_time":1686258512561586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686258512561586,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":56478,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":287,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257607667798,"flow_src_last_pkt_time":1686257607667798,"flow_dst_last_pkt_time":1686257607667798,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686258512561586,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":55455,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":288,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686257765544403,"flow_src_last_pkt_time":1686257765544403,"flow_dst_last_pkt_time":1686257765544403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686258512561586,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":50780,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":295,"packets-processed":294,"total-skipped-flows":0,"total-l4-payload-len":15403,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":289,"total-detection-updates":0,"total-updates":48,"current-active-flows":1,"total-active-flows":289,"total-idle-flows":288,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1402,"global_ts_usec":1686261546684605} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":295,"packets-processed":294,"total-skipped-flows":0,"total-l4-payload-len":15403,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":289,"total-detection-updates":0,"total-updates":48,"current-active-flows":1,"total-active-flows":289,"total-idle-flows":288,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1402,"global_ts_usec":1686261546684605} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686261546684605,"flow_src_last_pkt_time":1686261546684605,"flow_dst_last_pkt_time":1686261546684605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686261546684605,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":48895,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":290,"flow_packet_id":1,"flow_src_last_pkt_time":1686261546684605,"flow_dst_last_pkt_time":1686261546684605,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686261546684605,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPr7\/AasAJStxAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686261546684605,"flow_src_last_pkt_time":1686261546684605,"flow_dst_last_pkt_time":1686261546684605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686261546684605,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":48895,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1414,7 +1414,7 @@ 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":292,"flow_packet_id":2,"flow_src_last_pkt_time":1686261885374256,"flow_dst_last_pkt_time":1686261885374242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686261885374256,"pkt":"3jHC4dyOPJTVQTiBCABFBABS1h8AADQRotfUmt9nWo0lONofAasAPpnuAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":290,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686261546684605,"flow_src_last_pkt_time":1686261546684605,"flow_dst_last_pkt_time":1686261546684605,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686261885374256,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":48895,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":291,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686261656437832,"flow_src_last_pkt_time":1686261656437832,"flow_dst_last_pkt_time":1686261656437832,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686261885374256,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":37856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":299,"packets-processed":298,"total-skipped-flows":0,"total-l4-payload-len":15569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":292,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":292,"total-idle-flows":291,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1417,"global_ts_usec":1686262180549880} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":299,"packets-processed":298,"total-skipped-flows":0,"total-l4-payload-len":15569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":292,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":292,"total-idle-flows":291,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1417,"global_ts_usec":1686262180549880} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262180549880,"flow_src_last_pkt_time":1686262180549880,"flow_dst_last_pkt_time":1686262180549880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262180549880,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"165.114.202.61","src_port":59307,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":293,"flow_packet_id":1,"flow_src_last_pkt_time":1686262180549880,"flow_dst_last_pkt_time":1686262180549880,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1686262180549880,"pkt":"AAwp30Y4PJTVQTiBCABFAABUwx1AADQRzjFLiYbypXLKPeerAasAQAAAAgEAADggAAAAAGqbAAJlbgAAABdzZXJ2aWNlOmRpcmVjdG9yeS1hZ2VudAAHZGVmYXVsdAAAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262180549880,"flow_src_last_pkt_time":1686262180549880,"flow_dst_last_pkt_time":1686262180549880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262180549880,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"165.114.202.61","src_port":59307,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1423,7 +1423,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":294,"flow_packet_id":1,"flow_src_last_pkt_time":1686262531882256,"flow_dst_last_pkt_time":1686262531882256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686262531882256,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lONHuAasAJRiHAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":294,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262531882256,"flow_src_last_pkt_time":1686262531882256,"flow_dst_last_pkt_time":1686262531882256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262531882256,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":53742,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":293,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262180549880,"flow_src_last_pkt_time":1686262180549880,"flow_dst_last_pkt_time":1686262180549880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262531882256,"l3_proto":"ip4","src_ip":"75.137.134.242","dst_ip":"165.114.202.61","src_port":59307,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":301,"packets-processed":300,"total-skipped-flows":0,"total-l4-payload-len":15654,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":294,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":294,"total-idle-flows":293,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1426,"global_ts_usec":1686262998390221} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":301,"packets-processed":300,"total-skipped-flows":0,"total-l4-payload-len":15654,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":294,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":294,"total-idle-flows":293,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1426,"global_ts_usec":1686262998390221} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262998390221,"flow_src_last_pkt_time":1686262998390221,"flow_dst_last_pkt_time":1686262998390221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262998390221,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":33892,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":295,"flow_packet_id":1,"flow_src_last_pkt_time":1686262998390221,"flow_dst_last_pkt_time":1686262998390221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686262998390221,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM4RkAasAJWYXAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":295,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686262998390221,"flow_src_last_pkt_time":1686262998390221,"flow_dst_last_pkt_time":1686262998390221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686262998390221,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":33892,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1449,22 +1449,22 @@ 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":296,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686263094542703,"flow_src_last_pkt_time":1686263094542703,"flow_dst_last_pkt_time":1686263094542703,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686263490143641,"l3_proto":"ip4","src_ip":"197.23.155.213","dst_ip":"90.145.180.58","src_port":51534,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":298,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686263272401090,"flow_src_last_pkt_time":1686263272401090,"flow_dst_last_pkt_time":1686263272401090,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686263490143641,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":49681,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":297,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686263142896966,"flow_src_last_pkt_time":1686263142896966,"flow_dst_last_pkt_time":1686263142896966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686263490143641,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":50776,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":306,"packets-processed":305,"total-skipped-flows":0,"total-l4-payload-len":15799,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":299,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":299,"total-idle-flows":298,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1452,"global_ts_usec":1686264627972582} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":306,"packets-processed":305,"total-skipped-flows":0,"total-l4-payload-len":15799,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":299,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":299,"total-idle-flows":298,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1452,"global_ts_usec":1686264627972582} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686264627972582,"flow_src_last_pkt_time":1686264627972582,"flow_dst_last_pkt_time":1686264627972582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686264627972582,"l3_proto":"ip4","src_ip":"66.224.226.183","dst_ip":"165.144.84.62","src_port":52476,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":300,"flow_packet_id":1,"flow_src_last_pkt_time":1686264627972582,"flow_dst_last_pkt_time":1686264627972582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686264627972582,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbfZC4OK3pZBUPsz8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686264627972582,"flow_src_last_pkt_time":1686264627972582,"flow_dst_last_pkt_time":1686264627972582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686264627972582,"l3_proto":"ip4","src_ip":"66.224.226.183","dst_ip":"165.144.84.62","src_port":52476,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":299,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686263490143641,"flow_src_last_pkt_time":1686263490143641,"flow_dst_last_pkt_time":1686263490143641,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686264627972582,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":36077,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":307,"packets-processed":306,"total-skipped-flows":0,"total-l4-payload-len":15828,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":300,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":300,"total-idle-flows":299,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1457,"global_ts_usec":1686265884829767} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":307,"packets-processed":306,"total-skipped-flows":0,"total-l4-payload-len":15828,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":300,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":300,"total-idle-flows":299,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1457,"global_ts_usec":1686265884829767} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686265884829767,"flow_src_last_pkt_time":1686265884829767,"flow_dst_last_pkt_time":1686265884829767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686265884829767,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"69.109.187.54","src_port":59902,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":301,"flow_packet_id":1,"flow_src_last_pkt_time":1686265884829767,"flow_dst_last_pkt_time":1686265884829767,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686265884829767,"pkt":"bpHurUgdPJTVQTiBCABFCABLZJsAACQRX81bIWraRW27Nun+AasANzOEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686265884829767,"flow_src_last_pkt_time":1686265884829767,"flow_dst_last_pkt_time":1686265884829767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686265884829767,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"69.109.187.54","src_port":59902,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":300,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686264627972582,"flow_src_last_pkt_time":1686264627972582,"flow_dst_last_pkt_time":1686264627972582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686265884829767,"l3_proto":"ip4","src_ip":"66.224.226.183","dst_ip":"165.144.84.62","src_port":52476,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":308,"packets-processed":307,"total-skipped-flows":0,"total-l4-payload-len":15875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":301,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":301,"total-idle-flows":300,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1462,"global_ts_usec":1686266868932026} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":308,"packets-processed":307,"total-skipped-flows":0,"total-l4-payload-len":15875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":301,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":301,"total-idle-flows":300,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1462,"global_ts_usec":1686266868932026} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686266868932026,"flow_src_last_pkt_time":1686266868932026,"flow_dst_last_pkt_time":1686266868932026,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686266868932026,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"85.111.52.57","src_port":50356,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":302,"flow_packet_id":1,"flow_src_last_pkt_time":1686266868932026,"flow_dst_last_pkt_time":1686266868932026,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686266868932026,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRX53OzBhaVW80OcS0AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":302,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686266868932026,"flow_src_last_pkt_time":1686266868932026,"flow_dst_last_pkt_time":1686266868932026,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686266868932026,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"85.111.52.57","src_port":50356,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":301,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686265884829767,"flow_src_last_pkt_time":1686265884829767,"flow_dst_last_pkt_time":1686265884829767,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686266868932026,"l3_proto":"ip4","src_ip":"91.33.106.218","dst_ip":"69.109.187.54","src_port":59902,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":309,"packets-processed":308,"total-skipped-flows":0,"total-l4-payload-len":15904,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":302,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":302,"total-idle-flows":301,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1467,"global_ts_usec":1686268741318193} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":309,"packets-processed":308,"total-skipped-flows":0,"total-l4-payload-len":15904,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":302,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":302,"total-idle-flows":301,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1467,"global_ts_usec":1686268741318193} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686268741318193,"flow_src_last_pkt_time":1686268741318193,"flow_dst_last_pkt_time":1686268741318193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686268741318193,"l3_proto":"ip4","src_ip":"76.45.103.228","dst_ip":"90.111.212.50","src_port":55007,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":303,"flow_packet_id":1,"flow_src_last_pkt_time":1686268741318193,"flow_dst_last_pkt_time":1686268741318193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686268741318193,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRX\/9MLWfkWm\/UMtbfAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686268741318193,"flow_src_last_pkt_time":1686268741318193,"flow_dst_last_pkt_time":1686268741318193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686268741318193,"l3_proto":"ip4","src_ip":"76.45.103.228","dst_ip":"90.111.212.50","src_port":55007,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1473,17 +1473,17 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":304,"flow_packet_id":1,"flow_src_last_pkt_time":1686269328666858,"flow_dst_last_pkt_time":1686269328666858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686269328666858,"pkt":"xmjqc4OdPJTVQTiBCABFAABLWZ4AACcReX7adoNxunDKNSGuAasANw2BAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686269328666858,"flow_src_last_pkt_time":1686269328666858,"flow_dst_last_pkt_time":1686269328666858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686269328666858,"l3_proto":"ip4","src_ip":"218.118.131.113","dst_ip":"186.112.202.53","src_port":8622,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":303,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686268741318193,"flow_src_last_pkt_time":1686268741318193,"flow_dst_last_pkt_time":1686268741318193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686269328666858,"l3_proto":"ip4","src_ip":"76.45.103.228","dst_ip":"90.111.212.50","src_port":55007,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":311,"packets-processed":310,"total-skipped-flows":0,"total-l4-payload-len":15980,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":304,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":304,"total-idle-flows":303,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1476,"global_ts_usec":1686271029434310} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":311,"packets-processed":310,"total-skipped-flows":0,"total-l4-payload-len":15980,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":304,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":304,"total-idle-flows":303,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1476,"global_ts_usec":1686271029434310} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686271029434310,"flow_src_last_pkt_time":1686271029434310,"flow_dst_last_pkt_time":1686271029434310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686271029434310,"l3_proto":"ip4","src_ip":"189.229.250.75","dst_ip":"165.114.202.61","src_port":50111,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":305,"flow_packet_id":1,"flow_src_last_pkt_time":1686271029434310,"flow_dst_last_pkt_time":1686271029434310,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686271029434310,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbHG95fpLpXLKPcO\/AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686271029434310,"flow_src_last_pkt_time":1686271029434310,"flow_dst_last_pkt_time":1686271029434310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686271029434310,"l3_proto":"ip4","src_ip":"189.229.250.75","dst_ip":"165.114.202.61","src_port":50111,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":304,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686269328666858,"flow_src_last_pkt_time":1686269328666858,"flow_dst_last_pkt_time":1686269328666858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686271029434310,"l3_proto":"ip4","src_ip":"218.118.131.113","dst_ip":"186.112.202.53","src_port":8622,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":312,"packets-processed":311,"total-skipped-flows":0,"total-l4-payload-len":16009,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":305,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":305,"total-idle-flows":304,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1481,"global_ts_usec":1686272210557633} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":312,"packets-processed":311,"total-skipped-flows":0,"total-l4-payload-len":16009,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":305,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":305,"total-idle-flows":304,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1481,"global_ts_usec":1686272210557633} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686272210557633,"flow_src_last_pkt_time":1686272210557633,"flow_dst_last_pkt_time":1686272210557633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686272210557633,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"69.109.187.54","src_port":21256,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":306,"flow_packet_id":1,"flow_src_last_pkt_time":1686272210557633,"flow_dst_last_pkt_time":1686272210557633,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686272210557633,"pkt":"bpHurUgdPJTVQTiBCABFAABLiBsAACcRSwWlgP10RW27NlMIAasAN9wqAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":306,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686272210557633,"flow_src_last_pkt_time":1686272210557633,"flow_dst_last_pkt_time":1686272210557633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686272210557633,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"69.109.187.54","src_port":21256,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":305,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686271029434310,"flow_src_last_pkt_time":1686271029434310,"flow_dst_last_pkt_time":1686271029434310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686272210557633,"l3_proto":"ip4","src_ip":"189.229.250.75","dst_ip":"165.114.202.61","src_port":50111,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":313,"packets-processed":312,"total-skipped-flows":0,"total-l4-payload-len":16056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":306,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":306,"total-idle-flows":305,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1486,"global_ts_usec":1686276490401508} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":313,"packets-processed":312,"total-skipped-flows":0,"total-l4-payload-len":16056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":306,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":306,"total-idle-flows":305,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1486,"global_ts_usec":1686276490401508} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686276490401508,"flow_src_last_pkt_time":1686276490401508,"flow_dst_last_pkt_time":1686276490401508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686276490401508,"l3_proto":"ip4","src_ip":"94.230.158.79","dst_ip":"74.111.203.55","src_port":55750,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":307,"flow_packet_id":1,"flow_src_last_pkt_time":1686276490401508,"flow_dst_last_pkt_time":1686276490401508,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686276490401508,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRbH9e5p5PSm\/LN9nGAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686276490401508,"flow_src_last_pkt_time":1686276490401508,"flow_dst_last_pkt_time":1686276490401508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686276490401508,"l3_proto":"ip4","src_ip":"94.230.158.79","dst_ip":"74.111.203.55","src_port":55750,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1492,32 +1492,32 @@ 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":308,"flow_packet_id":1,"flow_src_last_pkt_time":1686277031596938,"flow_dst_last_pkt_time":1686277031596938,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686277031596938,"pkt":"bs1PogZtPJTVQTiBCABFCABLQa4AACIRiPcj\/EVxWpG0OpLiAasAN47dAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686277031596938,"flow_src_last_pkt_time":1686277031596938,"flow_dst_last_pkt_time":1686277031596938,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686277031596938,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.145.180.58","src_port":37602,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":307,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686276490401508,"flow_src_last_pkt_time":1686276490401508,"flow_dst_last_pkt_time":1686276490401508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686277031596938,"l3_proto":"ip4","src_ip":"94.230.158.79","dst_ip":"74.111.203.55","src_port":55750,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":315,"packets-processed":314,"total-skipped-flows":0,"total-l4-payload-len":16132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":308,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":308,"total-idle-flows":307,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1495,"global_ts_usec":1686279640620137} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":315,"packets-processed":314,"total-skipped-flows":0,"total-l4-payload-len":16132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":308,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":308,"total-idle-flows":307,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1495,"global_ts_usec":1686279640620137} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686279640620137,"flow_src_last_pkt_time":1686279640620137,"flow_dst_last_pkt_time":1686279640620137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686279640620137,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"90.147.171.51","src_port":46606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":309,"flow_packet_id":1,"flow_src_last_pkt_time":1686279640620137,"flow_dst_last_pkt_time":1686279640620137,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686279640620137,"pkt":"AAwp30Y4PJTVQTiBCABFCABL5wQAACIR47OY\/6p8WpOrM7YOAasAN2vEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686279640620137,"flow_src_last_pkt_time":1686279640620137,"flow_dst_last_pkt_time":1686279640620137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686279640620137,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"90.147.171.51","src_port":46606,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":308,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686277031596938,"flow_src_last_pkt_time":1686277031596938,"flow_dst_last_pkt_time":1686277031596938,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686279640620137,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.145.180.58","src_port":37602,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":316,"packets-processed":315,"total-skipped-flows":0,"total-l4-payload-len":16179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":309,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":309,"total-idle-flows":308,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1500,"global_ts_usec":1686282116013463} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":316,"packets-processed":315,"total-skipped-flows":0,"total-l4-payload-len":16179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":309,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":309,"total-idle-flows":308,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1500,"global_ts_usec":1686282116013463} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686282116013463,"flow_src_last_pkt_time":1686282116013463,"flow_dst_last_pkt_time":1686282116013463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686282116013463,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":54818,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":310,"flow_packet_id":1,"flow_src_last_pkt_time":1686282116013463,"flow_dst_last_pkt_time":1686282116013463,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686282116013463,"pkt":"AAwp30Y4PJTVQTiBCABFCABSCtkAAGsRC7dDnxCWpXLKPdYiAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686282116013463,"flow_src_last_pkt_time":1686282116013463,"flow_dst_last_pkt_time":1686282116013463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686282116013463,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":54818,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":309,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686279640620137,"flow_src_last_pkt_time":1686279640620137,"flow_dst_last_pkt_time":1686279640620137,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686282116013463,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"90.147.171.51","src_port":46606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":317,"packets-processed":316,"total-skipped-flows":0,"total-l4-payload-len":16233,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":310,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":310,"total-idle-flows":309,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1505,"global_ts_usec":1686283230398748} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":317,"packets-processed":316,"total-skipped-flows":0,"total-l4-payload-len":16233,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":310,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":310,"total-idle-flows":309,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1505,"global_ts_usec":1686283230398748} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686283230398748,"flow_src_last_pkt_time":1686283230398748,"flow_dst_last_pkt_time":1686283230398748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686283230398748,"l3_proto":"ip4","src_ip":"93.26.159.17","dst_ip":"186.112.202.53","src_port":57065,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":311,"flow_packet_id":1,"flow_src_last_pkt_time":1686283230398748,"flow_dst_last_pkt_time":1686283230398748,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686283230398748,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbUxdGp8RunDKNd7pAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686283230398748,"flow_src_last_pkt_time":1686283230398748,"flow_dst_last_pkt_time":1686283230398748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686283230398748,"l3_proto":"ip4","src_ip":"93.26.159.17","dst_ip":"186.112.202.53","src_port":57065,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":310,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686282116013463,"flow_src_last_pkt_time":1686282116013463,"flow_dst_last_pkt_time":1686282116013463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686283230398748,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":54818,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":318,"packets-processed":317,"total-skipped-flows":0,"total-l4-payload-len":16262,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":311,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":311,"total-idle-flows":310,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1510,"global_ts_usec":1686284127841221} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":318,"packets-processed":317,"total-skipped-flows":0,"total-l4-payload-len":16262,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":311,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":311,"total-idle-flows":310,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1510,"global_ts_usec":1686284127841221} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686284127841221,"flow_src_last_pkt_time":1686284127841221,"flow_dst_last_pkt_time":1686284127841221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686284127841221,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.141.37.56","src_port":49891,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":312,"flow_packet_id":1,"flow_src_last_pkt_time":1686284127841221,"flow_dst_last_pkt_time":1686284127841221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686284127841221,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRbM3ZH+f\/Wo0lOMLjAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686284127841221,"flow_src_last_pkt_time":1686284127841221,"flow_dst_last_pkt_time":1686284127841221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686284127841221,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.141.37.56","src_port":49891,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":311,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686283230398748,"flow_src_last_pkt_time":1686283230398748,"flow_dst_last_pkt_time":1686283230398748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686284127841221,"l3_proto":"ip4","src_ip":"93.26.159.17","dst_ip":"186.112.202.53","src_port":57065,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":319,"packets-processed":318,"total-skipped-flows":0,"total-l4-payload-len":16291,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":312,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":312,"total-idle-flows":311,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1515,"global_ts_usec":1686290568082392} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":319,"packets-processed":318,"total-skipped-flows":0,"total-l4-payload-len":16291,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":312,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":312,"total-idle-flows":311,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1515,"global_ts_usec":1686290568082392} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686290568082392,"flow_src_last_pkt_time":1686290568082392,"flow_dst_last_pkt_time":1686290568082392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686290568082392,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.144.84.62","src_port":12620,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":313,"flow_packet_id":1,"flow_src_last_pkt_time":1686290568082392,"flow_dst_last_pkt_time":1686290568082392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686290568082392,"pkt":"AAwp30Y4PJTVQTiBCABFAABScHIAAG0RpCZDnxCWpZBUPjFMAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":313,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686290568082392,"flow_src_last_pkt_time":1686290568082392,"flow_dst_last_pkt_time":1686290568082392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686290568082392,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.144.84.62","src_port":12620,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":312,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686284127841221,"flow_src_last_pkt_time":1686284127841221,"flow_dst_last_pkt_time":1686284127841221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686290568082392,"l3_proto":"ip4","src_ip":"217.31.231.255","dst_ip":"90.141.37.56","src_port":49891,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":320,"packets-processed":319,"total-skipped-flows":0,"total-l4-payload-len":16345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":313,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":313,"total-idle-flows":312,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1520,"global_ts_usec":1686292143831347} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":320,"packets-processed":319,"total-skipped-flows":0,"total-l4-payload-len":16345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":313,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":313,"total-idle-flows":312,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1520,"global_ts_usec":1686292143831347} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292143831347,"flow_src_last_pkt_time":1686292143831347,"flow_dst_last_pkt_time":1686292143831347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686292143831347,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":12480,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":314,"flow_packet_id":1,"flow_src_last_pkt_time":1686292143831347,"flow_dst_last_pkt_time":1686292143831347,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686292143831347,"pkt":"moT+\/Ph8PJTVQTiBCABFCABL62sAACIR3z5b\/2t0VW80OTDAAasAN\/EEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292143831347,"flow_src_last_pkt_time":1686292143831347,"flow_dst_last_pkt_time":1686292143831347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686292143831347,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":12480,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1526,17 +1526,17 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":315,"flow_packet_id":1,"flow_src_last_pkt_time":1686292431165594,"flow_dst_last_pkt_time":1686292431165594,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686292431165594,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRXt6v7\/\/ZRW27NtI8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":321,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292431165594,"flow_src_last_pkt_time":1686292431165594,"flow_dst_last_pkt_time":1686292431165594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686292431165594,"l3_proto":"ip4","src_ip":"175.239.255.217","dst_ip":"69.109.187.54","src_port":53820,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":314,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292143831347,"flow_src_last_pkt_time":1686292143831347,"flow_dst_last_pkt_time":1686292143831347,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686292431165594,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":12480,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":322,"packets-processed":321,"total-skipped-flows":0,"total-l4-payload-len":16421,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":315,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":315,"total-idle-flows":314,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1529,"global_ts_usec":1686295204381615} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":322,"packets-processed":321,"total-skipped-flows":0,"total-l4-payload-len":16421,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":315,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":315,"total-idle-flows":314,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1529,"global_ts_usec":1686295204381615} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686295204381615,"flow_src_last_pkt_time":1686295204381615,"flow_dst_last_pkt_time":1686295204381615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686295204381615,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.145.180.58","src_port":53644,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":316,"flow_packet_id":1,"flow_src_last_pkt_time":1686295204381615,"flow_dst_last_pkt_time":1686295204381615,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686295204381615,"pkt":"bs1PogZtPJTVQTiBCABFCABSvkIAAGsRWFBDnxCWWpG0OtGMAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686295204381615,"flow_src_last_pkt_time":1686295204381615,"flow_dst_last_pkt_time":1686295204381615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686295204381615,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.145.180.58","src_port":53644,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":315,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686292431165594,"flow_src_last_pkt_time":1686292431165594,"flow_dst_last_pkt_time":1686292431165594,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686295204381615,"l3_proto":"ip4","src_ip":"175.239.255.217","dst_ip":"69.109.187.54","src_port":53820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":323,"packets-processed":322,"total-skipped-flows":0,"total-l4-payload-len":16475,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":316,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":316,"total-idle-flows":315,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1534,"global_ts_usec":1686301765843785} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":323,"packets-processed":322,"total-skipped-flows":0,"total-l4-payload-len":16475,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":316,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":316,"total-idle-flows":315,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1534,"global_ts_usec":1686301765843785} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686301765843785,"flow_src_last_pkt_time":1686301765843785,"flow_dst_last_pkt_time":1686301765843785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686301765843785,"l3_proto":"ip4","src_ip":"7.110.179.205","dst_ip":"165.144.84.62","src_port":58317,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":317,"flow_packet_id":1,"flow_src_last_pkt_time":1686301765843785,"flow_dst_last_pkt_time":1686301765843785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686301765843785,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+ZMJAADQR\/Z8HbrPNpZBUPuPNAasAKqdQAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":317,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686301765843785,"flow_src_last_pkt_time":1686301765843785,"flow_dst_last_pkt_time":1686301765843785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686301765843785,"l3_proto":"ip4","src_ip":"7.110.179.205","dst_ip":"165.144.84.62","src_port":58317,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":316,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686295204381615,"flow_src_last_pkt_time":1686295204381615,"flow_dst_last_pkt_time":1686295204381615,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686301765843785,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"90.145.180.58","src_port":53644,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":324,"packets-processed":323,"total-skipped-flows":0,"total-l4-payload-len":16509,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":317,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":317,"total-idle-flows":316,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1539,"global_ts_usec":1686303104961112} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":324,"packets-processed":323,"total-skipped-flows":0,"total-l4-payload-len":16509,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":317,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":317,"total-idle-flows":316,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1539,"global_ts_usec":1686303104961112} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303104961112,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303104961112,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"165.114.202.61","src_port":37975,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_packet_id":1,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686303104961112,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+LXZAADQRNPvJ7YfSpXLKPZRXAasAKvbVAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303104961112,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303104961112,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"165.114.202.61","src_port":37975,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1545,13 +1545,13 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":319,"flow_packet_id":1,"flow_src_last_pkt_time":1686303160580622,"flow_dst_last_pkt_time":1686303160580622,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686303160580622,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+Py1AADQRI2U5ooDqVW80OflAAasAKpINAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303160580622,"flow_src_last_pkt_time":1686303160580622,"flow_dst_last_pkt_time":1686303160580622,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303160580622,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"85.111.52.57","src_port":63808,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01115{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303104961112,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303160580622,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"165.114.202.61","src_port":37975,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":326,"packets-processed":325,"total-skipped-flows":0,"total-l4-payload-len":16577,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":319,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":319,"total-idle-flows":317,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1548,"global_ts_usec":1686303829470774} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":326,"packets-processed":325,"total-skipped-flows":0,"total-l4-payload-len":16577,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":319,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":319,"total-idle-flows":317,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1548,"global_ts_usec":1686303829470774} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303829470774,"flow_src_last_pkt_time":1686303829470774,"flow_dst_last_pkt_time":1686303829470774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303829470774,"l3_proto":"ip4","src_ip":"120.46.80.212","dst_ip":"74.111.203.55","src_port":60012,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":320,"flow_packet_id":1,"flow_src_last_pkt_time":1686303829470774,"flow_dst_last_pkt_time":1686303829470774,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686303829470774,"pkt":"ipffLU2SPJTVQTiBCABFAAA+mKZAADQRydB4LlDUSm\/LN+psAasAKqDGAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":320,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303829470774,"flow_src_last_pkt_time":1686303829470774,"flow_dst_last_pkt_time":1686303829470774,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303829470774,"l3_proto":"ip4","src_ip":"120.46.80.212","dst_ip":"74.111.203.55","src_port":60012,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":319,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303160580622,"flow_src_last_pkt_time":1686303160580622,"flow_dst_last_pkt_time":1686303160580622,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303829470774,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"85.111.52.57","src_port":63808,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":318,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686303104961112,"flow_src_last_pkt_time":1686303104961112,"flow_dst_last_pkt_time":1686303104961112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686303829470774,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"165.114.202.61","src_port":37975,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":327,"packets-processed":326,"total-skipped-flows":0,"total-l4-payload-len":16611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":320,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":320,"total-idle-flows":319,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1554,"global_ts_usec":1686304502775958} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":327,"packets-processed":326,"total-skipped-flows":0,"total-l4-payload-len":16611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":320,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":320,"total-idle-flows":319,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1554,"global_ts_usec":1686304502775958} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686304502775958,"flow_src_last_pkt_time":1686304502775958,"flow_dst_last_pkt_time":1686304502775958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686304502775958,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"69.109.187.54","src_port":48188,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":321,"flow_packet_id":1,"flow_src_last_pkt_time":1686304502775958,"flow_dst_last_pkt_time":1686304502775958,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686304502775958,"pkt":"bpHurUgdPJTVQTiBCABFAAA+ef9AADQR6JY5ooDqRW27Nrw8AasAKs8VAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686304502775958,"flow_src_last_pkt_time":1686304502775958,"flow_dst_last_pkt_time":1686304502775958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686304502775958,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"69.109.187.54","src_port":48188,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1560,7 +1560,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":322,"flow_packet_id":1,"flow_src_last_pkt_time":1686304868179785,"flow_dst_last_pkt_time":1686304868179785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686304868179785,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+RtxAADQRG7c5ooDqWo0lOEzRAasAKj5+AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":322,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686304868179785,"flow_src_last_pkt_time":1686304868179785,"flow_dst_last_pkt_time":1686304868179785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686304868179785,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"90.141.37.56","src_port":19665,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":321,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686304502775958,"flow_src_last_pkt_time":1686304502775958,"flow_dst_last_pkt_time":1686304502775958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686304868179785,"l3_proto":"ip4","src_ip":"57.162.128.234","dst_ip":"69.109.187.54","src_port":48188,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":329,"packets-processed":328,"total-skipped-flows":0,"total-l4-payload-len":16679,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":322,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":322,"total-idle-flows":321,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1563,"global_ts_usec":1686305286126745} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":329,"packets-processed":328,"total-skipped-flows":0,"total-l4-payload-len":16679,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":322,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":322,"total-idle-flows":321,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1563,"global_ts_usec":1686305286126745} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305286126745,"flow_src_last_pkt_time":1686305286126745,"flow_dst_last_pkt_time":1686305286126745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686305286126745,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"90.145.180.58","src_port":6545,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":323,"flow_packet_id":1,"flow_src_last_pkt_time":1686305286126745,"flow_dst_last_pkt_time":1686305286126745,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686305286126745,"pkt":"bs1PogZtPJTVQTiBCABFAAA+FfdAADQRTH3J7YfSWpG0OhmRAasAKnGfAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305286126745,"flow_src_last_pkt_time":1686305286126745,"flow_dst_last_pkt_time":1686305286126745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686305286126745,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"90.145.180.58","src_port":6545,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1572,23 +1572,23 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":325,"flow_packet_id":1,"flow_src_last_pkt_time":1686305544554511,"flow_dst_last_pkt_time":1686305544554511,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686305544554511,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+PF5AADQRJgP3XbfFunDKNSAVAasAKmsIAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":331,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305544554511,"flow_src_last_pkt_time":1686305544554511,"flow_dst_last_pkt_time":1686305544554511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686305544554511,"l3_proto":"ip4","src_ip":"247.93.183.197","dst_ip":"186.112.202.53","src_port":8213,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":323,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305286126745,"flow_src_last_pkt_time":1686305286126745,"flow_dst_last_pkt_time":1686305286126745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686305544554511,"l3_proto":"ip4","src_ip":"201.237.135.210","dst_ip":"90.145.180.58","src_port":6545,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":332,"packets-processed":331,"total-skipped-flows":0,"total-l4-payload-len":16781,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":325,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":325,"total-idle-flows":323,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1575,"global_ts_usec":1686312624909971} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":332,"packets-processed":331,"total-skipped-flows":0,"total-l4-payload-len":16781,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":325,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":325,"total-idle-flows":323,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1575,"global_ts_usec":1686312624909971} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686312624909971,"flow_src_last_pkt_time":1686312624909971,"flow_dst_last_pkt_time":1686312624909971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686312624909971,"l3_proto":"ip4","src_ip":"37.97.4.125","dst_ip":"90.141.37.56","src_port":16072,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":326,"flow_packet_id":1,"flow_src_last_pkt_time":1686312624909971,"flow_dst_last_pkt_time":1686312624909971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686312624909971,"pkt":"3jHC4dyOPJTVQTiBCABFAABLr5UAACcRI44lYQR9Wo0lOD7IAasAN\/BtAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":332,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686312624909971,"flow_src_last_pkt_time":1686312624909971,"flow_dst_last_pkt_time":1686312624909971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686312624909971,"l3_proto":"ip4","src_ip":"37.97.4.125","dst_ip":"90.141.37.56","src_port":16072,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":325,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305544554511,"flow_src_last_pkt_time":1686305544554511,"flow_dst_last_pkt_time":1686305544554511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686312624909971,"l3_proto":"ip4","src_ip":"247.93.183.197","dst_ip":"186.112.202.53","src_port":8213,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":324,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686305534685025,"flow_src_last_pkt_time":1686305534685025,"flow_dst_last_pkt_time":1686305534685025,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686312624909971,"l3_proto":"ip4","src_ip":"247.93.183.197","dst_ip":"90.147.171.51","src_port":10997,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":333,"packets-processed":332,"total-skipped-flows":0,"total-l4-payload-len":16828,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":326,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":326,"total-idle-flows":325,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1581,"global_ts_usec":1686321706660675} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":333,"packets-processed":332,"total-skipped-flows":0,"total-l4-payload-len":16828,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":326,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":326,"total-idle-flows":325,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1581,"global_ts_usec":1686321706660675} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686321706660675,"flow_src_last_pkt_time":1686321706660675,"flow_dst_last_pkt_time":1686321706660675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686321706660675,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"85.111.52.57","src_port":34761,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":327,"flow_packet_id":1,"flow_src_last_pkt_time":1686321706660675,"flow_dst_last_pkt_time":1686321706660675,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686321706660675,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPMRCZD2S2hzVW80OYfJAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686321706660675,"flow_src_last_pkt_time":1686321706660675,"flow_dst_last_pkt_time":1686321706660675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686321706660675,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"85.111.52.57","src_port":34761,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":326,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686312624909971,"flow_src_last_pkt_time":1686312624909971,"flow_dst_last_pkt_time":1686312624909971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686321706660675,"l3_proto":"ip4","src_ip":"37.97.4.125","dst_ip":"90.141.37.56","src_port":16072,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":334,"packets-processed":333,"total-skipped-flows":0,"total-l4-payload-len":16926,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":327,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":327,"total-idle-flows":326,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1586,"global_ts_usec":1686324009293668} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":334,"packets-processed":333,"total-skipped-flows":0,"total-l4-payload-len":16926,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":327,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":327,"total-idle-flows":326,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1586,"global_ts_usec":1686324009293668} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324009293668,"flow_src_last_pkt_time":1686324009293668,"flow_dst_last_pkt_time":1686324009293668,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324009293668,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":51620,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":328,"flow_packet_id":1,"flow_src_last_pkt_time":1686324009293668,"flow_dst_last_pkt_time":1686324009293668,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686324009293668,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAO0REAO2tHiLWo0lOMmkAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":328,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324009293668,"flow_src_last_pkt_time":1686324009293668,"flow_dst_last_pkt_time":1686324009293668,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324009293668,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"90.141.37.56","src_port":51620,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":327,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686321706660675,"flow_src_last_pkt_time":1686321706660675,"flow_dst_last_pkt_time":1686321706660675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324009293668,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"85.111.52.57","src_port":34761,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":335,"packets-processed":334,"total-skipped-flows":0,"total-l4-payload-len":17024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":328,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":328,"total-idle-flows":327,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1591,"global_ts_usec":1686324751894084} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":335,"packets-processed":334,"total-skipped-flows":0,"total-l4-payload-len":17024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":328,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":328,"total-idle-flows":327,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1591,"global_ts_usec":1686324751894084} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324751894084,"flow_src_last_pkt_time":1686324751894084,"flow_dst_last_pkt_time":1686324751894084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324751894084,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.145.180.58","src_port":41843,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":329,"flow_packet_id":1,"flow_src_last_pkt_time":1686324751894084,"flow_dst_last_pkt_time":1686324751894084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686324751894084,"pkt":"bs1PogZtPJTVQTiBCABFCAB+1DEAAO0RqigTY5KcWpG0OqNzAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":335,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324751894084,"flow_src_last_pkt_time":1686324751894084,"flow_dst_last_pkt_time":1686324751894084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324751894084,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.145.180.58","src_port":41843,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1596,28 +1596,28 @@ 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324780665773,"flow_src_last_pkt_time":1686324780665773,"flow_dst_last_pkt_time":1686324780665773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324780665773,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":29266,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":330,"flow_packet_id":1,"flow_src_last_pkt_time":1686324780665773,"flow_dst_last_pkt_time":1686324780665773,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686324780665773,"pkt":"AAwp30Y4PJTVQTiBCABFAABL\/uwAACcR1DRiZ\/1zWm\/UMnJSAasAN7zhAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":336,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324780665773,"flow_src_last_pkt_time":1686324780665773,"flow_dst_last_pkt_time":1686324780665773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686324780665773,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":29266,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":337,"packets-processed":336,"total-skipped-flows":0,"total-l4-payload-len":17169,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":330,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":330,"total-idle-flows":328,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1599,"global_ts_usec":1686325702442238} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":337,"packets-processed":336,"total-skipped-flows":0,"total-l4-payload-len":17169,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":330,"total-detection-updates":0,"total-updates":55,"current-active-flows":2,"total-active-flows":330,"total-idle-flows":328,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1599,"global_ts_usec":1686325702442238} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686325702442238,"flow_src_last_pkt_time":1686325702442238,"flow_dst_last_pkt_time":1686325702442238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686325702442238,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":34997,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":331,"flow_packet_id":1,"flow_src_last_pkt_time":1686325702442238,"flow_dst_last_pkt_time":1686325702442238,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686325702442238,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZXItJByWm\/UMoi1AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686325702442238,"flow_src_last_pkt_time":1686325702442238,"flow_dst_last_pkt_time":1686325702442238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686325702442238,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":34997,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":329,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324751894084,"flow_src_last_pkt_time":1686324751894084,"flow_dst_last_pkt_time":1686324751894084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686325702442238,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.145.180.58","src_port":41843,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":330,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686324780665773,"flow_src_last_pkt_time":1686324780665773,"flow_dst_last_pkt_time":1686324780665773,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686325702442238,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":29266,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":338,"packets-processed":337,"total-skipped-flows":0,"total-l4-payload-len":17267,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":331,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":331,"total-idle-flows":330,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1605,"global_ts_usec":1686326962813579} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":338,"packets-processed":337,"total-skipped-flows":0,"total-l4-payload-len":17267,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":331,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":331,"total-idle-flows":330,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1605,"global_ts_usec":1686326962813579} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326962813579,"flow_src_last_pkt_time":1686326962813579,"flow_dst_last_pkt_time":1686326962813579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326962813579,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":32881,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":332,"flow_packet_id":1,"flow_src_last_pkt_time":1686326962813579,"flow_dst_last_pkt_time":1686326962813579,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686326962813579,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZbItJByWpOrM4BxAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326962813579,"flow_src_last_pkt_time":1686326962813579,"flow_dst_last_pkt_time":1686326962813579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326962813579,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":32881,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":331,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686325702442238,"flow_src_last_pkt_time":1686325702442238,"flow_dst_last_pkt_time":1686325702442238,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686326962813579,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.111.212.50","src_port":34997,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":339,"packets-processed":338,"total-skipped-flows":0,"total-l4-payload-len":17365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":332,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":332,"total-idle-flows":331,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1610,"global_ts_usec":1686329069716669} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":339,"packets-processed":338,"total-skipped-flows":0,"total-l4-payload-len":17365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":332,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":332,"total-idle-flows":331,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1610,"global_ts_usec":1686329069716669} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686329069716669,"flow_src_last_pkt_time":1686329069716669,"flow_dst_last_pkt_time":1686329069716669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686329069716669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"165.144.84.62","src_port":36679,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":333,"flow_packet_id":1,"flow_src_last_pkt_time":1686329069716669,"flow_dst_last_pkt_time":1686329069716669,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686329069716669,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCYvItJBypZBUPo9HAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":339,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686329069716669,"flow_src_last_pkt_time":1686329069716669,"flow_dst_last_pkt_time":1686329069716669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686329069716669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"165.144.84.62","src_port":36679,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":332,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686326962813579,"flow_src_last_pkt_time":1686326962813579,"flow_dst_last_pkt_time":1686326962813579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686329069716669,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":32881,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":340,"packets-processed":339,"total-skipped-flows":0,"total-l4-payload-len":17463,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":333,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":333,"total-idle-flows":332,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1615,"global_ts_usec":1686330200907102} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":340,"packets-processed":339,"total-skipped-flows":0,"total-l4-payload-len":17463,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":333,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":333,"total-idle-flows":332,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1615,"global_ts_usec":1686330200907102} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686330200907102,"flow_src_last_pkt_time":1686330200907102,"flow_dst_last_pkt_time":1686330200907102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686330200907102,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":50741,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_src_last_pkt_time":1686330200907102,"flow_dst_last_pkt_time":1686330200907102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686330200907102,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAO0RqigTnLybunDKNcY1AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":334,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686330200907102,"flow_src_last_pkt_time":1686330200907102,"flow_dst_last_pkt_time":1686330200907102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686330200907102,"l3_proto":"ip4","src_ip":"19.156.188.155","dst_ip":"186.112.202.53","src_port":50741,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":333,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686329069716669,"flow_src_last_pkt_time":1686329069716669,"flow_dst_last_pkt_time":1686329069716669,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686330200907102,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"165.144.84.62","src_port":36679,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":341,"packets-processed":340,"total-skipped-flows":0,"total-l4-payload-len":17561,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":334,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":334,"total-idle-flows":333,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1620,"global_ts_usec":1686331103032820} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":341,"packets-processed":340,"total-skipped-flows":0,"total-l4-payload-len":17561,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":334,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":334,"total-idle-flows":333,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1620,"global_ts_usec":1686331103032820} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331103032820,"flow_src_last_pkt_time":1686331103032820,"flow_dst_last_pkt_time":1686331103032820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686331103032820,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"69.109.187.54","src_port":52293,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_src_last_pkt_time":1686331103032820,"flow_dst_last_pkt_time":1686331103032820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686331103032820,"pkt":"bpHurUgdPJTVQTiBCABFCAB+1DEAAO0REA2GtJCVRW27NsxFAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331103032820,"flow_src_last_pkt_time":1686331103032820,"flow_dst_last_pkt_time":1686331103032820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686331103032820,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"69.109.187.54","src_port":52293,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1626,12 +1626,12 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":336,"flow_packet_id":1,"flow_src_last_pkt_time":1686331598448412,"flow_dst_last_pkt_time":1686331598448412,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686331598448412,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRCZTItJBySm\/LN99gAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331598448412,"flow_src_last_pkt_time":1686331598448412,"flow_dst_last_pkt_time":1686331598448412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686331598448412,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"74.111.203.55","src_port":57184,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331103032820,"flow_src_last_pkt_time":1686331103032820,"flow_dst_last_pkt_time":1686331103032820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686331598448412,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"69.109.187.54","src_port":52293,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":343,"packets-processed":342,"total-skipped-flows":0,"total-l4-payload-len":17757,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":336,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":336,"total-idle-flows":335,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1629,"global_ts_usec":1686332169029831} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":343,"packets-processed":342,"total-skipped-flows":0,"total-l4-payload-len":17757,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":336,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":336,"total-idle-flows":335,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1629,"global_ts_usec":1686332169029831} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686332169029831,"flow_src_last_pkt_time":1686332169029831,"flow_dst_last_pkt_time":1686332169029831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686332169029831,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":54751,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":337,"flow_packet_id":1,"flow_src_last_pkt_time":1686332169029831,"flow_dst_last_pkt_time":1686332169029831,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686332169029831,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqhguZGGTpXLKPdXfAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":337,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686332169029831,"flow_src_last_pkt_time":1686332169029831,"flow_dst_last_pkt_time":1686332169029831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686332169029831,"l3_proto":"ip4","src_ip":"46.100.97.147","dst_ip":"165.114.202.61","src_port":54751,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":336,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686331598448412,"flow_src_last_pkt_time":1686331598448412,"flow_dst_last_pkt_time":1686331598448412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686332169029831,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"74.111.203.55","src_port":57184,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":344,"packets-processed":343,"total-skipped-flows":0,"total-l4-payload-len":17855,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":337,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":337,"total-idle-flows":336,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1634,"global_ts_usec":1686334800212088} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":344,"packets-processed":343,"total-skipped-flows":0,"total-l4-payload-len":17855,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":337,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":337,"total-idle-flows":336,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1634,"global_ts_usec":1686334800212088} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334800212088,"flow_src_last_pkt_time":1686334800212088,"flow_dst_last_pkt_time":1686334800212088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334800212088,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"90.147.171.51","src_port":58914,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":338,"flow_packet_id":1,"flow_src_last_pkt_time":1686334800212088,"flow_dst_last_pkt_time":1686334800212088,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686334800212088,"pkt":"AAwp30Y4PJTVQTiBCABFAABSPDMAAOoRJurHERCvWpOrM+YiAasAPi4OAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334800212088,"flow_src_last_pkt_time":1686334800212088,"flow_dst_last_pkt_time":1686334800212088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334800212088,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"90.147.171.51","src_port":58914,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1650,7 +1650,7 @@ 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":348,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":342,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334859871850,"flow_src_last_pkt_time":1686334859871850,"flow_dst_last_pkt_time":1686334859871850,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334859871850,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"90.111.212.50","src_port":58914,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":339,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334813478068,"flow_src_last_pkt_time":1686334813478068,"flow_dst_last_pkt_time":1686334813478068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334859871850,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"165.114.202.61","src_port":58914,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":338,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686334800212088,"flow_src_last_pkt_time":1686334800212088,"flow_dst_last_pkt_time":1686334800212088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686334859871850,"l3_proto":"ip4","src_ip":"199.17.16.175","dst_ip":"90.147.171.51","src_port":58914,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":349,"packets-processed":348,"total-skipped-flows":0,"total-l4-payload-len":18125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":342,"total-detection-updates":0,"total-updates":57,"current-active-flows":5,"total-active-flows":342,"total-idle-flows":337,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1653,"global_ts_usec":1686335939300740} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":349,"packets-processed":348,"total-skipped-flows":0,"total-l4-payload-len":18125,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":342,"total-detection-updates":0,"total-updates":57,"current-active-flows":5,"total-active-flows":342,"total-idle-flows":337,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1653,"global_ts_usec":1686335939300740} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686335939300740,"flow_src_last_pkt_time":1686335939300740,"flow_dst_last_pkt_time":1686335939300740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686335939300740,"l3_proto":"ip4","src_ip":"198.215.2.104","dst_ip":"165.114.202.61","src_port":55462,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":343,"flow_packet_id":1,"flow_src_last_pkt_time":1686335939300740,"flow_dst_last_pkt_time":1686335939300740,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686335939300740,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbZXG1wJopXLKPdimAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686335939300740,"flow_src_last_pkt_time":1686335939300740,"flow_dst_last_pkt_time":1686335939300740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686335939300740,"l3_proto":"ip4","src_ip":"198.215.2.104","dst_ip":"165.114.202.61","src_port":55462,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1663,37 +1663,37 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":344,"flow_packet_id":1,"flow_src_last_pkt_time":1686336218624230,"flow_dst_last_pkt_time":1686336218624230,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686336218624230,"pkt":"AAwp30Y4PJTVQTiBCABFCABLMOwAACQRk3IbhqncpXLKPdPLAasAN0mtAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686336218624230,"flow_src_last_pkt_time":1686336218624230,"flow_dst_last_pkt_time":1686336218624230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686336218624230,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"165.114.202.61","src_port":54219,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":343,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686335939300740,"flow_src_last_pkt_time":1686335939300740,"flow_dst_last_pkt_time":1686335939300740,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686336218624230,"l3_proto":"ip4","src_ip":"198.215.2.104","dst_ip":"165.114.202.61","src_port":55462,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":351,"packets-processed":350,"total-skipped-flows":0,"total-l4-payload-len":18201,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":344,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":344,"total-idle-flows":343,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1666,"global_ts_usec":1686337417264371} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":351,"packets-processed":350,"total-skipped-flows":0,"total-l4-payload-len":18201,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":344,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":344,"total-idle-flows":343,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1666,"global_ts_usec":1686337417264371} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686337417264371,"flow_src_last_pkt_time":1686337417264371,"flow_dst_last_pkt_time":1686337417264371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686337417264371,"l3_proto":"ip4","src_ip":"80.16.56.40","dst_ip":"74.111.203.55","src_port":49864,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":345,"flow_packet_id":1,"flow_src_last_pkt_time":1686337417264371,"flow_dst_last_pkt_time":1686337417264371,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686337417264371,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRX4BQEDgoSm\/LN8LIAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686337417264371,"flow_src_last_pkt_time":1686337417264371,"flow_dst_last_pkt_time":1686337417264371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686337417264371,"l3_proto":"ip4","src_ip":"80.16.56.40","dst_ip":"74.111.203.55","src_port":49864,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":344,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686336218624230,"flow_src_last_pkt_time":1686336218624230,"flow_dst_last_pkt_time":1686336218624230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686337417264371,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"165.114.202.61","src_port":54219,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":352,"packets-processed":351,"total-skipped-flows":0,"total-l4-payload-len":18230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":345,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":345,"total-idle-flows":344,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1671,"global_ts_usec":1686348943265542} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":352,"packets-processed":351,"total-skipped-flows":0,"total-l4-payload-len":18230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":345,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":345,"total-idle-flows":344,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1671,"global_ts_usec":1686348943265542} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686348943265542,"flow_src_last_pkt_time":1686348943265542,"flow_dst_last_pkt_time":1686348943265542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686348943265542,"l3_proto":"ip4","src_ip":"206.240.152.225","dst_ip":"90.145.180.58","src_port":52955,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":346,"flow_packet_id":1,"flow_src_last_pkt_time":1686348943265542,"flow_dst_last_pkt_time":1686348943265542,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686348943265542,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRX\/PO8JjhWpG0Os7bAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686348943265542,"flow_src_last_pkt_time":1686348943265542,"flow_dst_last_pkt_time":1686348943265542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686348943265542,"l3_proto":"ip4","src_ip":"206.240.152.225","dst_ip":"90.145.180.58","src_port":52955,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":345,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686337417264371,"flow_src_last_pkt_time":1686337417264371,"flow_dst_last_pkt_time":1686337417264371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686348943265542,"l3_proto":"ip4","src_ip":"80.16.56.40","dst_ip":"74.111.203.55","src_port":49864,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":353,"packets-processed":352,"total-skipped-flows":0,"total-l4-payload-len":18259,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":346,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":346,"total-idle-flows":345,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1676,"global_ts_usec":1686352403512683} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":353,"packets-processed":352,"total-skipped-flows":0,"total-l4-payload-len":18259,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":346,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":346,"total-idle-flows":345,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1676,"global_ts_usec":1686352403512683} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686352403512683,"flow_src_last_pkt_time":1686352403512683,"flow_dst_last_pkt_time":1686352403512683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686352403512683,"l3_proto":"ip4","src_ip":"172.206.191.39","dst_ip":"165.144.84.62","src_port":55684,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":347,"flow_packet_id":1,"flow_src_last_pkt_time":1686352403512683,"flow_dst_last_pkt_time":1686352403512683,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686352403512683,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXnuszr8npZBUPtmEAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} -01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686352403512683,"flow_src_last_pkt_time":1686352403512683,"flow_dst_last_pkt_time":1686352403512683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686352403512683,"l3_proto":"ip4","src_ip":"172.206.191.39","dst_ip":"165.144.84.62","src_port":55684,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686352403512683,"flow_src_last_pkt_time":1686352403512683,"flow_dst_last_pkt_time":1686352403512683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686352403512683,"l3_proto":"ip4","src_ip":"172.206.191.39","dst_ip":"165.144.84.62","src_port":55684,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":346,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686348943265542,"flow_src_last_pkt_time":1686348943265542,"flow_dst_last_pkt_time":1686348943265542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686352403512683,"l3_proto":"ip4","src_ip":"206.240.152.225","dst_ip":"90.145.180.58","src_port":52955,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":354,"packets-processed":353,"total-skipped-flows":0,"total-l4-payload-len":18288,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":347,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":347,"total-idle-flows":346,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1681,"global_ts_usec":1686355642711445} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":354,"packets-processed":353,"total-skipped-flows":0,"total-l4-payload-len":18288,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":347,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":347,"total-idle-flows":346,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1681,"global_ts_usec":1686355642711445} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686355642711445,"flow_src_last_pkt_time":1686355642711445,"flow_dst_last_pkt_time":1686355642711445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686355642711445,"l3_proto":"ip4","src_ip":"175.206.31.84","dst_ip":"69.109.187.54","src_port":52553,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":348,"flow_packet_id":1,"flow_src_last_pkt_time":1686355642711445,"flow_dst_last_pkt_time":1686355642711445,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686355642711445,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRX5yvzh9URW27Ns1JAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686355642711445,"flow_src_last_pkt_time":1686355642711445,"flow_dst_last_pkt_time":1686355642711445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686355642711445,"l3_proto":"ip4","src_ip":"175.206.31.84","dst_ip":"69.109.187.54","src_port":52553,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686352403512683,"flow_src_last_pkt_time":1686352403512683,"flow_dst_last_pkt_time":1686352403512683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686355642711445,"l3_proto":"ip4","src_ip":"172.206.191.39","dst_ip":"165.144.84.62","src_port":55684,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":355,"packets-processed":354,"total-skipped-flows":0,"total-l4-payload-len":18317,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":348,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":348,"total-idle-flows":347,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1686,"global_ts_usec":1686356686492578} +01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":347,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686352403512683,"flow_src_last_pkt_time":1686352403512683,"flow_dst_last_pkt_time":1686352403512683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686355642711445,"l3_proto":"ip4","src_ip":"172.206.191.39","dst_ip":"165.144.84.62","src_port":55684,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":355,"packets-processed":354,"total-skipped-flows":0,"total-l4-payload-len":18317,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":348,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":348,"total-idle-flows":347,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1686,"global_ts_usec":1686356686492578} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686356686492578,"flow_src_last_pkt_time":1686356686492578,"flow_dst_last_pkt_time":1686356686492578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686356686492578,"l3_proto":"ip4","src_ip":"80.51.127.74","dst_ip":"85.111.52.57","src_port":54217,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":349,"flow_packet_id":1,"flow_src_last_pkt_time":1686356686492578,"flow_dst_last_pkt_time":1686356686492578,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686356686492578,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPoRXo5QM39KVW80OdPJAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":355,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686356686492578,"flow_src_last_pkt_time":1686356686492578,"flow_dst_last_pkt_time":1686356686492578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686356686492578,"l3_proto":"ip4","src_ip":"80.51.127.74","dst_ip":"85.111.52.57","src_port":54217,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":348,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686355642711445,"flow_src_last_pkt_time":1686355642711445,"flow_dst_last_pkt_time":1686355642711445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686356686492578,"l3_proto":"ip4","src_ip":"175.206.31.84","dst_ip":"69.109.187.54","src_port":52553,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":356,"packets-processed":355,"total-skipped-flows":0,"total-l4-payload-len":18346,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":349,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":349,"total-idle-flows":348,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1691,"global_ts_usec":1686361225400035} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":356,"packets-processed":355,"total-skipped-flows":0,"total-l4-payload-len":18346,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":349,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":349,"total-idle-flows":348,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1691,"global_ts_usec":1686361225400035} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686361225400035,"flow_src_last_pkt_time":1686361225400035,"flow_dst_last_pkt_time":1686361225400035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686361225400035,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"186.112.202.53","src_port":51231,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":350,"flow_packet_id":1,"flow_src_last_pkt_time":1686361225400035,"flow_dst_last_pkt_time":1686361225400035,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686361225400035,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRbUHGF1kcunDKNcgfAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":356,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":350,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686361225400035,"flow_src_last_pkt_time":1686361225400035,"flow_dst_last_pkt_time":1686361225400035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686361225400035,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"186.112.202.53","src_port":51231,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":349,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686356686492578,"flow_src_last_pkt_time":1686356686492578,"flow_dst_last_pkt_time":1686356686492578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686361225400035,"l3_proto":"ip4","src_ip":"80.51.127.74","dst_ip":"85.111.52.57","src_port":54217,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":357,"packets-processed":356,"total-skipped-flows":0,"total-l4-payload-len":18375,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":350,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":350,"total-idle-flows":349,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1696,"global_ts_usec":1686376742132232} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":357,"packets-processed":356,"total-skipped-flows":0,"total-l4-payload-len":18375,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":350,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":350,"total-idle-flows":349,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1696,"global_ts_usec":1686376742132232} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686376742132232,"flow_src_last_pkt_time":1686376742132232,"flow_dst_last_pkt_time":1686376742132232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686376742132232,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"74.111.203.55","src_port":25821,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":351,"flow_packet_id":1,"flow_src_last_pkt_time":1686376742132232,"flow_dst_last_pkt_time":1686376742132232,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686376742132232,"pkt":"ipffLU2SPJTVQTiBCABFAABL5L0AACcR7mFiiQNySm\/LN2TdAasAN8pUAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686376742132232,"flow_src_last_pkt_time":1686376742132232,"flow_dst_last_pkt_time":1686376742132232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686376742132232,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"74.111.203.55","src_port":25821,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1702,12 +1702,12 @@ 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":352,"flow_packet_id":1,"flow_src_last_pkt_time":1686377192208651,"flow_dst_last_pkt_time":1686377192208651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686377192208651,"pkt":"xmjqc4OdPJTVQTiBCABFCABLA5EAACQRwODboGXRunDKNShSAasAN\/U5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686377192208651,"flow_src_last_pkt_time":1686377192208651,"flow_dst_last_pkt_time":1686377192208651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686377192208651,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"186.112.202.53","src_port":10322,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":351,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686376742132232,"flow_src_last_pkt_time":1686376742132232,"flow_dst_last_pkt_time":1686376742132232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686377192208651,"l3_proto":"ip4","src_ip":"98.137.3.114","dst_ip":"74.111.203.55","src_port":25821,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":359,"packets-processed":358,"total-skipped-flows":0,"total-l4-payload-len":18469,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":352,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":352,"total-idle-flows":351,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1705,"global_ts_usec":1686378731428268} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":359,"packets-processed":358,"total-skipped-flows":0,"total-l4-payload-len":18469,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":352,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":352,"total-idle-flows":351,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1705,"global_ts_usec":1686378731428268} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686378731428268,"flow_src_last_pkt_time":1686378731428268,"flow_dst_last_pkt_time":1686378731428268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686378731428268,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"90.141.37.56","src_port":50837,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":353,"flow_packet_id":1,"flow_src_last_pkt_time":1686378731428268,"flow_dst_last_pkt_time":1686378731428268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686378731428268,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRbdWh54D1Wo0lOMaVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":359,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686378731428268,"flow_src_last_pkt_time":1686378731428268,"flow_dst_last_pkt_time":1686378731428268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686378731428268,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"90.141.37.56","src_port":50837,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":352,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686377192208651,"flow_src_last_pkt_time":1686377192208651,"flow_dst_last_pkt_time":1686377192208651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686378731428268,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"186.112.202.53","src_port":10322,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":360,"packets-processed":359,"total-skipped-flows":0,"total-l4-payload-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":353,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":353,"total-idle-flows":352,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1710,"global_ts_usec":1686384968861051} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":360,"packets-processed":359,"total-skipped-flows":0,"total-l4-payload-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":353,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":353,"total-idle-flows":352,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1710,"global_ts_usec":1686384968861051} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686384968861051,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686384968861051,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"165.114.202.61","src_port":27637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":354,"flow_packet_id":1,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686384968861051,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+0ZZAADQRzpamvyUzpXLKPWv1AasAKlz0AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":354,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686384968861051,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686384968861051,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"165.114.202.61","src_port":27637,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1715,7 +1715,7 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":355,"flow_packet_id":1,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686384968861051,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+SnBAADQRVctGP9UwWpOrM\/uJAasAKs1tAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":355,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686384968861051,"flow_src_last_pkt_time":1686384968861051,"flow_dst_last_pkt_time":1686384968861051,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686384968861051,"l3_proto":"ip4","src_ip":"70.63.213.48","dst_ip":"90.147.171.51","src_port":64393,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":353,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686378731428268,"flow_src_last_pkt_time":1686378731428268,"flow_dst_last_pkt_time":1686378731428268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686384968861051,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"90.141.37.56","src_port":50837,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":362,"packets-processed":361,"total-skipped-flows":0,"total-l4-payload-len":18566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":355,"total-detection-updates":0,"total-updates":57,"current-active-flows":2,"total-active-flows":355,"total-idle-flows":353,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1718,"global_ts_usec":1686385671822712} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":362,"packets-processed":361,"total-skipped-flows":0,"total-l4-payload-len":18566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":355,"total-detection-updates":0,"total-updates":57,"current-active-flows":2,"total-active-flows":355,"total-idle-flows":353,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1718,"global_ts_usec":1686385671822712} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686385671822712,"flow_src_last_pkt_time":1686385671822712,"flow_dst_last_pkt_time":1686385671822712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686385671822712,"l3_proto":"ip4","src_ip":"89.198.219.40","dst_ip":"69.109.187.54","src_port":13087,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":356,"flow_packet_id":1,"flow_src_last_pkt_time":1686385671822712,"flow_dst_last_pkt_time":1686385671822712,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686385671822712,"pkt":"bpHurUgdPJTVQTiBCABFAAA+U4xAADQRTLRZxtsoRW27NjMfAasAKpXdAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":356,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686385671822712,"flow_src_last_pkt_time":1686385671822712,"flow_dst_last_pkt_time":1686385671822712,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686385671822712,"l3_proto":"ip4","src_ip":"89.198.219.40","dst_ip":"69.109.187.54","src_port":13087,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1732,7 +1732,7 @@ 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386117996493,"flow_src_last_pkt_time":1686386117996493,"flow_dst_last_pkt_time":1686386117996493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386117996493,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"186.112.202.53","src_port":27637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":359,"flow_packet_id":1,"flow_src_last_pkt_time":1686386117996493,"flow_dst_last_pkt_time":1686386117996493,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686386117996493,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+tYhAADQR6qymvyUzunDKNWv1AasAKlz8AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":365,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":359,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386117996493,"flow_src_last_pkt_time":1686386117996493,"flow_dst_last_pkt_time":1686386117996493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386117996493,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"186.112.202.53","src_port":27637,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":366,"packets-processed":365,"total-skipped-flows":0,"total-l4-payload-len":18702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":359,"total-detection-updates":0,"total-updates":58,"current-active-flows":3,"total-active-flows":359,"total-idle-flows":356,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1735,"global_ts_usec":1686386455119430} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":366,"packets-processed":365,"total-skipped-flows":0,"total-l4-payload-len":18702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":359,"total-detection-updates":0,"total-updates":58,"current-active-flows":3,"total-active-flows":359,"total-idle-flows":356,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1735,"global_ts_usec":1686386455119430} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386455119430,"flow_src_last_pkt_time":1686386455119430,"flow_dst_last_pkt_time":1686386455119430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386455119430,"l3_proto":"ip4","src_ip":"94.70.203.49","dst_ip":"74.111.203.55","src_port":9065,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":360,"flow_packet_id":1,"flow_src_last_pkt_time":1686386455119430,"flow_dst_last_pkt_time":1686386455119430,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686386455119430,"pkt":"ipffLU2SPJTVQTiBCABFAAA+wzhAADQR3P9eRssxSm\/LNyNpAasAKqWLAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":360,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386455119430,"flow_src_last_pkt_time":1686386455119430,"flow_dst_last_pkt_time":1686386455119430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386455119430,"l3_proto":"ip4","src_ip":"94.70.203.49","dst_ip":"74.111.203.55","src_port":9065,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1751,39 +1751,39 @@ 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386835611315,"flow_src_last_pkt_time":1686386835611315,"flow_dst_last_pkt_time":1686386835611315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386835611315,"l3_proto":"ip4","src_ip":"185.211.4.13","dst_ip":"90.111.212.50","src_port":55127,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386734896340,"flow_src_last_pkt_time":1686386734896340,"flow_dst_last_pkt_time":1686386734896340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386835611315,"l3_proto":"ip4","src_ip":"166.65.42.37","dst_ip":"90.141.37.56","src_port":37412,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386733673439,"flow_src_last_pkt_time":1686386733673439,"flow_dst_last_pkt_time":1686386733673439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686386835611315,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"165.144.84.62","src_port":27637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":370,"packets-processed":369,"total-skipped-flows":0,"total-l4-payload-len":18833,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":363,"total-detection-updates":0,"total-updates":60,"current-active-flows":3,"total-active-flows":363,"total-idle-flows":360,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1754,"global_ts_usec":1686401776042881} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":370,"packets-processed":369,"total-skipped-flows":0,"total-l4-payload-len":18833,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":363,"total-detection-updates":0,"total-updates":60,"current-active-flows":3,"total-active-flows":363,"total-idle-flows":360,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1754,"global_ts_usec":1686401776042881} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686401776042881,"flow_src_last_pkt_time":1686401776042881,"flow_dst_last_pkt_time":1686401776042881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.141.37.56","src_port":12751,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":364,"flow_packet_id":1,"flow_src_last_pkt_time":1686401776042881,"flow_dst_last_pkt_time":1686401776042881,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686401776042881,"pkt":"3jHC4dyOPJTVQTiBCABFCABLnL8AACIRLehkOJtwWo0lODHPAasAN+\/yAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686401776042881,"flow_src_last_pkt_time":1686401776042881,"flow_dst_last_pkt_time":1686401776042881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.141.37.56","src_port":12751,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":362,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386734896340,"flow_src_last_pkt_time":1686386734896340,"flow_dst_last_pkt_time":1686386734896340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"166.65.42.37","dst_ip":"90.141.37.56","src_port":37412,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":363,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386835611315,"flow_src_last_pkt_time":1686386835611315,"flow_dst_last_pkt_time":1686386835611315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"185.211.4.13","dst_ip":"90.111.212.50","src_port":55127,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":361,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686386733673439,"flow_src_last_pkt_time":1686386733673439,"flow_dst_last_pkt_time":1686386733673439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686401776042881,"l3_proto":"ip4","src_ip":"166.191.37.51","dst_ip":"165.144.84.62","src_port":27637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":371,"packets-processed":370,"total-skipped-flows":0,"total-l4-payload-len":18880,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":364,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":364,"total-idle-flows":363,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1761,"global_ts_usec":1686404500406996} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":371,"packets-processed":370,"total-skipped-flows":0,"total-l4-payload-len":18880,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":364,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":364,"total-idle-flows":363,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1761,"global_ts_usec":1686404500406996} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686404500406996,"flow_src_last_pkt_time":1686404500406996,"flow_dst_last_pkt_time":1686404500406996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686404500406996,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.111.212.50","src_port":44046,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":365,"flow_packet_id":1,"flow_src_last_pkt_time":1686404500406996,"flow_dst_last_pkt_time":1686404500406996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686404500406996,"pkt":"AAwp30Y4PJTVQTiBCABFCABLxOMAACIRBdXjx1p6Wm\/UMqwOAasAN3XEAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686404500406996,"flow_src_last_pkt_time":1686404500406996,"flow_dst_last_pkt_time":1686404500406996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686404500406996,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.111.212.50","src_port":44046,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":364,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686401776042881,"flow_src_last_pkt_time":1686401776042881,"flow_dst_last_pkt_time":1686401776042881,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686404500406996,"l3_proto":"ip4","src_ip":"100.56.155.112","dst_ip":"90.141.37.56","src_port":12751,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":372,"packets-processed":371,"total-skipped-flows":0,"total-l4-payload-len":18927,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":365,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":365,"total-idle-flows":364,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1766,"global_ts_usec":1686408138334214} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":372,"packets-processed":371,"total-skipped-flows":0,"total-l4-payload-len":18927,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":365,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":365,"total-idle-flows":364,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1766,"global_ts_usec":1686408138334214} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686408138334214,"flow_src_last_pkt_time":1686408138334214,"flow_dst_last_pkt_time":1686408138334214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686408138334214,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":47863,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":366,"flow_packet_id":1,"flow_src_last_pkt_time":1686408138334214,"flow_dst_last_pkt_time":1686408138334214,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686408138334214,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZbItJByWpOrM7r3AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":372,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686408138334214,"flow_src_last_pkt_time":1686408138334214,"flow_dst_last_pkt_time":1686408138334214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686408138334214,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":47863,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":365,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686404500406996,"flow_src_last_pkt_time":1686404500406996,"flow_dst_last_pkt_time":1686404500406996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686408138334214,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.111.212.50","src_port":44046,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":373,"packets-processed":372,"total-skipped-flows":0,"total-l4-payload-len":19025,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":366,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":366,"total-idle-flows":365,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1771,"global_ts_usec":1686409062599010} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":373,"packets-processed":372,"total-skipped-flows":0,"total-l4-payload-len":19025,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":366,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":366,"total-idle-flows":365,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1771,"global_ts_usec":1686409062599010} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686409062599010,"flow_src_last_pkt_time":1686409062599010,"flow_dst_last_pkt_time":1686409062599010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686409062599010,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"74.111.203.55","src_port":32952,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":367,"flow_packet_id":1,"flow_src_last_pkt_time":1686409062599010,"flow_dst_last_pkt_time":1686409062599010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686409062599010,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAOsRrC8TY5KcSm\/LN4C4AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":373,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686409062599010,"flow_src_last_pkt_time":1686409062599010,"flow_dst_last_pkt_time":1686409062599010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686409062599010,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"74.111.203.55","src_port":32952,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":366,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686408138334214,"flow_src_last_pkt_time":1686408138334214,"flow_dst_last_pkt_time":1686408138334214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686409062599010,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"90.147.171.51","src_port":47863,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":374,"packets-processed":373,"total-skipped-flows":0,"total-l4-payload-len":19123,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":367,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":367,"total-idle-flows":366,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1776,"global_ts_usec":1686410047846257} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":374,"packets-processed":373,"total-skipped-flows":0,"total-l4-payload-len":19123,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":367,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":367,"total-idle-flows":366,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1776,"global_ts_usec":1686410047846257} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686410047846257,"flow_src_last_pkt_time":1686410047846257,"flow_dst_last_pkt_time":1686410047846257,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686410047846257,"l3_proto":"ip4","src_ip":"209.124.163.157","dst_ip":"69.109.187.54","src_port":55599,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":368,"flow_packet_id":1,"flow_src_last_pkt_time":1686410047846257,"flow_dst_last_pkt_time":1686410047846257,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686410047846257,"pkt":"bpHurUgdPJTVQTiBCABFCAB+1DEAAOsRrC3RfKOdRW27NtkvAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686410047846257,"flow_src_last_pkt_time":1686410047846257,"flow_dst_last_pkt_time":1686410047846257,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686410047846257,"l3_proto":"ip4","src_ip":"209.124.163.157","dst_ip":"69.109.187.54","src_port":55599,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":367,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686409062599010,"flow_src_last_pkt_time":1686409062599010,"flow_dst_last_pkt_time":1686409062599010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686410047846257,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"74.111.203.55","src_port":32952,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":375,"packets-processed":374,"total-skipped-flows":0,"total-l4-payload-len":19221,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":368,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":368,"total-idle-flows":367,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1781,"global_ts_usec":1686412803511471} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":375,"packets-processed":374,"total-skipped-flows":0,"total-l4-payload-len":19221,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":368,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":368,"total-idle-flows":367,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1781,"global_ts_usec":1686412803511471} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686412803511471,"flow_src_last_pkt_time":1686412803511471,"flow_dst_last_pkt_time":1686412803511471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686412803511471,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.145.180.58","src_port":54859,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":369,"flow_packet_id":1,"flow_src_last_pkt_time":1686412803511471,"flow_dst_last_pkt_time":1686412803511471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686412803511471,"pkt":"bs1PogZtPJTVQTiBCABFCABLZYcAACQRXt\/jhlHUWpG0OtZLAasAN0c1AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":369,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686412803511471,"flow_src_last_pkt_time":1686412803511471,"flow_dst_last_pkt_time":1686412803511471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686412803511471,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.145.180.58","src_port":54859,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":368,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686410047846257,"flow_src_last_pkt_time":1686410047846257,"flow_dst_last_pkt_time":1686410047846257,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686412803511471,"l3_proto":"ip4","src_ip":"209.124.163.157","dst_ip":"69.109.187.54","src_port":55599,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":376,"packets-processed":375,"total-skipped-flows":0,"total-l4-payload-len":19268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":369,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":369,"total-idle-flows":368,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1786,"global_ts_usec":1686413757609123} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":376,"packets-processed":375,"total-skipped-flows":0,"total-l4-payload-len":19268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":369,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":369,"total-idle-flows":368,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1786,"global_ts_usec":1686413757609123} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686413757609123,"flow_src_last_pkt_time":1686413757609123,"flow_dst_last_pkt_time":1686413757609123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686413757609123,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"186.112.202.53","src_port":49844,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":370,"flow_packet_id":1,"flow_src_last_pkt_time":1686413757609123,"flow_dst_last_pkt_time":1686413757609123,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686413757609123,"pkt":"xmjqc4OdPJTVQTiBCABFCAB+1DEAAOsRrCstg6GYunDKNcK0AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686413757609123,"flow_src_last_pkt_time":1686413757609123,"flow_dst_last_pkt_time":1686413757609123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686413757609123,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"186.112.202.53","src_port":49844,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1792,7 +1792,7 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":371,"flow_packet_id":1,"flow_src_last_pkt_time":1686414114295045,"flow_dst_last_pkt_time":1686414114295045,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686414114295045,"pkt":"bs1PogZtPJTVQTiBCABFCAB+1DEAAOsREgeGtJCVWpG0OsMfAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":377,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":371,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686414114295045,"flow_src_last_pkt_time":1686414114295045,"flow_dst_last_pkt_time":1686414114295045,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686414114295045,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"90.145.180.58","src_port":49951,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":370,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686413757609123,"flow_src_last_pkt_time":1686413757609123,"flow_dst_last_pkt_time":1686413757609123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686414114295045,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"186.112.202.53","src_port":49844,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":378,"packets-processed":377,"total-skipped-flows":0,"total-l4-payload-len":19464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":371,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":371,"total-idle-flows":370,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1795,"global_ts_usec":1686414638495400} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":378,"packets-processed":377,"total-skipped-flows":0,"total-l4-payload-len":19464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":371,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":371,"total-idle-flows":370,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1795,"global_ts_usec":1686414638495400} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686414638495400,"flow_src_last_pkt_time":1686414638495400,"flow_dst_last_pkt_time":1686414638495400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686414638495400,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"85.111.52.57","src_port":42561,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":372,"flow_packet_id":1,"flow_src_last_pkt_time":1686414638495400,"flow_dst_last_pkt_time":1686414638495400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686414638495400,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAO8RDcy4tKjwVW80OaZBAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686414638495400,"flow_src_last_pkt_time":1686414638495400,"flow_dst_last_pkt_time":1686414638495400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686414638495400,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"85.111.52.57","src_port":42561,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1801,7 +1801,7 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":373,"flow_packet_id":1,"flow_src_last_pkt_time":1686415196829472,"flow_dst_last_pkt_time":1686415196829472,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686415196829472,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsRrB3SfJyVpZBUPqOnAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":379,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":373,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686415196829472,"flow_src_last_pkt_time":1686415196829472,"flow_dst_last_pkt_time":1686415196829472,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686415196829472,"l3_proto":"ip4","src_ip":"210.124.156.149","dst_ip":"165.144.84.62","src_port":41895,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":372,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686414638495400,"flow_src_last_pkt_time":1686414638495400,"flow_dst_last_pkt_time":1686414638495400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686415196829472,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"85.111.52.57","src_port":42561,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":380,"packets-processed":379,"total-skipped-flows":0,"total-l4-payload-len":19660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":373,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":373,"total-idle-flows":372,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1804,"global_ts_usec":1686418497785828} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":380,"packets-processed":379,"total-skipped-flows":0,"total-l4-payload-len":19660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":373,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":373,"total-idle-flows":372,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1804,"global_ts_usec":1686418497785828} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686418497785828,"flow_src_last_pkt_time":1686418497785828,"flow_dst_last_pkt_time":1686418497785828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686418497785828,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.114.202.61","src_port":45313,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":374,"flow_packet_id":1,"flow_src_last_pkt_time":1686418497785828,"flow_dst_last_pkt_time":1686418497785828,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686418497785828,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAOsREf22tHiLpXLKPbEBAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":380,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686418497785828,"flow_src_last_pkt_time":1686418497785828,"flow_dst_last_pkt_time":1686418497785828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686418497785828,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.114.202.61","src_port":45313,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1810,7 +1810,7 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":375,"flow_packet_id":1,"flow_src_last_pkt_time":1686418806265572,"flow_dst_last_pkt_time":1686418806265572,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686418806265572,"pkt":"3jHC4dyOPJTVQTiBCABFCAB+1DEAAOsRrCfQe7CaWo0lOORZAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":375,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686418806265572,"flow_src_last_pkt_time":1686418806265572,"flow_dst_last_pkt_time":1686418806265572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686418806265572,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"90.141.37.56","src_port":58457,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":374,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686418497785828,"flow_src_last_pkt_time":1686418497785828,"flow_dst_last_pkt_time":1686418497785828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686418806265572,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.114.202.61","src_port":45313,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":382,"packets-processed":381,"total-skipped-flows":0,"total-l4-payload-len":19856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":375,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":375,"total-idle-flows":374,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1813,"global_ts_usec":1686419691124244} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":382,"packets-processed":381,"total-skipped-flows":0,"total-l4-payload-len":19856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":375,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":375,"total-idle-flows":374,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1813,"global_ts_usec":1686419691124244} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686419691124244,"flow_src_last_pkt_time":1686419691124244,"flow_dst_last_pkt_time":1686419691124244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686419691124244,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"85.111.52.57","src_port":38445,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":376,"flow_packet_id":1,"flow_src_last_pkt_time":1686419691124244,"flow_dst_last_pkt_time":1686419691124244,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686419691124244,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLEswAACQRsZcbhqncVW80OZYtAasAN4dQAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686419691124244,"flow_src_last_pkt_time":1686419691124244,"flow_dst_last_pkt_time":1686419691124244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686419691124244,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"85.111.52.57","src_port":38445,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1819,17 +1819,17 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":377,"flow_packet_id":1,"flow_src_last_pkt_time":1686420033978573,"flow_dst_last_pkt_time":1686420033978573,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686420033978573,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPMRpTTvZI2ZSm\/LN7ntAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686420033978573,"flow_src_last_pkt_time":1686420033978573,"flow_dst_last_pkt_time":1686420033978573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686420033978573,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"74.111.203.55","src_port":47597,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":376,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686419691124244,"flow_src_last_pkt_time":1686419691124244,"flow_dst_last_pkt_time":1686419691124244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686420033978573,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"85.111.52.57","src_port":38445,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":384,"packets-processed":383,"total-skipped-flows":0,"total-l4-payload-len":20001,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":377,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":377,"total-idle-flows":376,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1822,"global_ts_usec":1686427429600756} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":384,"packets-processed":383,"total-skipped-flows":0,"total-l4-payload-len":20001,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":377,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":377,"total-idle-flows":376,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1822,"global_ts_usec":1686427429600756} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686427429600756,"flow_src_last_pkt_time":1686427429600756,"flow_dst_last_pkt_time":1686427429600756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686427429600756,"l3_proto":"ip4","src_ip":"157.121.130.117","dst_ip":"165.144.84.62","src_port":7470,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":378,"flow_packet_id":1,"flow_src_last_pkt_time":1686427429600756,"flow_dst_last_pkt_time":1686427429600756,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686427429600756,"pkt":"AAwp30Y4PJTVQTiBCABFAABLrRoAACYRJv+deYJ1pZBUPh0uAasANxH+AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686427429600756,"flow_src_last_pkt_time":1686427429600756,"flow_dst_last_pkt_time":1686427429600756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686427429600756,"l3_proto":"ip4","src_ip":"157.121.130.117","dst_ip":"165.144.84.62","src_port":7470,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":377,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686420033978573,"flow_src_last_pkt_time":1686420033978573,"flow_dst_last_pkt_time":1686420033978573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686427429600756,"l3_proto":"ip4","src_ip":"239.100.141.153","dst_ip":"74.111.203.55","src_port":47597,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":385,"packets-processed":384,"total-skipped-flows":0,"total-l4-payload-len":20048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":378,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":378,"total-idle-flows":377,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1827,"global_ts_usec":1686431866256173} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":385,"packets-processed":384,"total-skipped-flows":0,"total-l4-payload-len":20048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":378,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":378,"total-idle-flows":377,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1827,"global_ts_usec":1686431866256173} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686431866256173,"flow_src_last_pkt_time":1686431866256173,"flow_dst_last_pkt_time":1686431866256173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686431866256173,"l3_proto":"ip4","src_ip":"36.231.109.217","dst_ip":"90.111.212.50","src_port":49319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":379,"flow_packet_id":1,"flow_src_last_pkt_time":1686431866256173,"flow_dst_last_pkt_time":1686431866256173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686431866256173,"pkt":"AAwp30Y4PJTVQTiBCABFCABLx8kAACQR\/KIk523ZWm\/UMsCnAasAN1zfAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":379,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686431866256173,"flow_src_last_pkt_time":1686431866256173,"flow_dst_last_pkt_time":1686431866256173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686431866256173,"l3_proto":"ip4","src_ip":"36.231.109.217","dst_ip":"90.111.212.50","src_port":49319,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":378,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686427429600756,"flow_src_last_pkt_time":1686427429600756,"flow_dst_last_pkt_time":1686427429600756,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686431866256173,"l3_proto":"ip4","src_ip":"157.121.130.117","dst_ip":"165.144.84.62","src_port":7470,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":386,"packets-processed":385,"total-skipped-flows":0,"total-l4-payload-len":20095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":379,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":379,"total-idle-flows":378,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1832,"global_ts_usec":1686435052414223} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":386,"packets-processed":385,"total-skipped-flows":0,"total-l4-payload-len":20095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":379,"total-detection-updates":0,"total-updates":60,"current-active-flows":1,"total-active-flows":379,"total-idle-flows":378,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1832,"global_ts_usec":1686435052414223} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686435052414223,"flow_src_last_pkt_time":1686435052414223,"flow_dst_last_pkt_time":1686435052414223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686435052414223,"l3_proto":"ip4","src_ip":"209.44.167.7","dst_ip":"90.111.212.50","src_port":53096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":380,"flow_packet_id":1,"flow_src_last_pkt_time":1686435052414223,"flow_dst_last_pkt_time":1686435052414223,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686435052414223,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRX1HRLKcHWm\/UMs9oAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686435052414223,"flow_src_last_pkt_time":1686435052414223,"flow_dst_last_pkt_time":1686435052414223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686435052414223,"l3_proto":"ip4","src_ip":"209.44.167.7","dst_ip":"90.111.212.50","src_port":53096,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1838,7 +1838,7 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":381,"flow_packet_id":1,"flow_src_last_pkt_time":1686435200937981,"flow_dst_last_pkt_time":1686435200937981,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686435200937981,"pkt":"AAwp30Y4PJTVQTiBCABFCABLhnIAACQRPfdjx03TpZBUPrMFAasAN2p+AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":387,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":381,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686435200937981,"flow_src_last_pkt_time":1686435200937981,"flow_dst_last_pkt_time":1686435200937981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686435200937981,"l3_proto":"ip4","src_ip":"99.199.77.211","dst_ip":"165.144.84.62","src_port":45829,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":380,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686435052414223,"flow_src_last_pkt_time":1686435052414223,"flow_dst_last_pkt_time":1686435052414223,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686435200937981,"l3_proto":"ip4","src_ip":"209.44.167.7","dst_ip":"90.111.212.50","src_port":53096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":388,"packets-processed":387,"total-skipped-flows":0,"total-l4-payload-len":20171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":381,"total-detection-updates":0,"total-updates":61,"current-active-flows":2,"total-active-flows":381,"total-idle-flows":379,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1841,"global_ts_usec":1686438148010499} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":388,"packets-processed":387,"total-skipped-flows":0,"total-l4-payload-len":20171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":381,"total-detection-updates":0,"total-updates":61,"current-active-flows":2,"total-active-flows":381,"total-idle-flows":379,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1841,"global_ts_usec":1686438148010499} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438148010499,"flow_src_last_pkt_time":1686438148010499,"flow_dst_last_pkt_time":1686438148010499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438148010499,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"85.111.52.57","src_port":44733,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":382,"flow_packet_id":1,"flow_src_last_pkt_time":1686438148010499,"flow_dst_last_pkt_time":1686438148010499,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686438148010499,"pkt":"moT+\/Ph8PJTVQTiBCABFCABSAABAAOsRy+HXMP3JVW80Oa69AasAPg9AAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":388,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":382,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438148010499,"flow_src_last_pkt_time":1686438148010499,"flow_dst_last_pkt_time":1686438148010499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438148010499,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"85.111.52.57","src_port":44733,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1887,7 +1887,7 @@ 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":385,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438220823551,"flow_src_last_pkt_time":1686438220823551,"flow_dst_last_pkt_time":1686438220823551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438369437015,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"90.147.171.51","src_port":42457,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":384,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438209212158,"flow_src_last_pkt_time":1686438209212158,"flow_dst_last_pkt_time":1686438209212158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438369437015,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"90.141.37.56","src_port":50630,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01114{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":389,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686438308618262,"flow_src_last_pkt_time":1686438308618262,"flow_dst_last_pkt_time":1686438308618262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686438369437015,"l3_proto":"ip4","src_ip":"215.48.253.201","dst_ip":"165.114.202.61","src_port":53506,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":397,"packets-processed":396,"total-skipped-flows":0,"total-l4-payload-len":20657,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":390,"total-detection-updates":0,"total-updates":78,"current-active-flows":7,"total-active-flows":390,"total-idle-flows":383,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1890,"global_ts_usec":1686442660761538} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":397,"packets-processed":396,"total-skipped-flows":0,"total-l4-payload-len":20657,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":390,"total-detection-updates":0,"total-updates":78,"current-active-flows":7,"total-active-flows":390,"total-idle-flows":383,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1890,"global_ts_usec":1686442660761538} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686442660761538,"flow_src_last_pkt_time":1686442660761538,"flow_dst_last_pkt_time":1686442660761538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686442660761538,"l3_proto":"ip4","src_ip":"44.242.231.77","dst_ip":"186.112.202.53","src_port":50261,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":391,"flow_packet_id":1,"flow_src_last_pkt_time":1686442660761538,"flow_dst_last_pkt_time":1686442660761538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686442660761538,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPoRXpQs8udNunDKNcRVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01076{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686442660761538,"flow_src_last_pkt_time":1686442660761538,"flow_dst_last_pkt_time":1686442660761538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686442660761538,"l3_proto":"ip4","src_ip":"44.242.231.77","dst_ip":"186.112.202.53","src_port":50261,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1902,17 +1902,17 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":392,"flow_packet_id":1,"flow_src_last_pkt_time":1686443032934623,"flow_dst_last_pkt_time":1686443032934623,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686443032934623,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRbWgl6mQgWpG0Ot3tAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443032934623,"flow_src_last_pkt_time":1686443032934623,"flow_dst_last_pkt_time":1686443032934623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443032934623,"l3_proto":"ip4","src_ip":"37.234.100.32","dst_ip":"90.145.180.58","src_port":56813,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":391,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686442660761538,"flow_src_last_pkt_time":1686442660761538,"flow_dst_last_pkt_time":1686442660761538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443032934623,"l3_proto":"ip4","src_ip":"44.242.231.77","dst_ip":"186.112.202.53","src_port":50261,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":399,"packets-processed":398,"total-skipped-flows":0,"total-l4-payload-len":20715,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":392,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":392,"total-idle-flows":391,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1905,"global_ts_usec":1686443411193185} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":399,"packets-processed":398,"total-skipped-flows":0,"total-l4-payload-len":20715,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":392,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":392,"total-idle-flows":391,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1905,"global_ts_usec":1686443411193185} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443411193185,"flow_src_last_pkt_time":1686443411193185,"flow_dst_last_pkt_time":1686443411193185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443411193185,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":44054,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":393,"flow_packet_id":1,"flow_src_last_pkt_time":1686443411193185,"flow_dst_last_pkt_time":1686443411193185,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686443411193185,"pkt":"3jHC4dyOPJTVQTiBCABFCABLjXwAACQRNugbhqncWo0lOKwWAasAN3FoAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443411193185,"flow_src_last_pkt_time":1686443411193185,"flow_dst_last_pkt_time":1686443411193185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443411193185,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":44054,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":392,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443032934623,"flow_src_last_pkt_time":1686443032934623,"flow_dst_last_pkt_time":1686443032934623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686443411193185,"l3_proto":"ip4","src_ip":"37.234.100.32","dst_ip":"90.145.180.58","src_port":56813,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":400,"packets-processed":399,"total-skipped-flows":0,"total-l4-payload-len":20762,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":393,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":393,"total-idle-flows":392,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1910,"global_ts_usec":1686448122797857} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":400,"packets-processed":399,"total-skipped-flows":0,"total-l4-payload-len":20762,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":393,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":393,"total-idle-flows":392,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1910,"global_ts_usec":1686448122797857} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686448122797857,"flow_src_last_pkt_time":1686448122797857,"flow_dst_last_pkt_time":1686448122797857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686448122797857,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":46249,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":394,"flow_packet_id":1,"flow_src_last_pkt_time":1686448122797857,"flow_dst_last_pkt_time":1686448122797857,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686448122797857,"pkt":"ipffLU2SPJTVQTiBCABFCABSQJAAAGsR1glDnxCWSm\/LN7SpAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":400,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":394,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686448122797857,"flow_src_last_pkt_time":1686448122797857,"flow_dst_last_pkt_time":1686448122797857,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686448122797857,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"74.111.203.55","src_port":46249,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":393,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686443411193185,"flow_src_last_pkt_time":1686443411193185,"flow_dst_last_pkt_time":1686443411193185,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686448122797857,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"90.141.37.56","src_port":44054,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":401,"packets-processed":400,"total-skipped-flows":0,"total-l4-payload-len":20816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":394,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":394,"total-idle-flows":393,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1915,"global_ts_usec":1686453545484404} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":401,"packets-processed":400,"total-skipped-flows":0,"total-l4-payload-len":20816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":394,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":394,"total-idle-flows":393,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1915,"global_ts_usec":1686453545484404} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686453545484404,"flow_src_last_pkt_time":1686453545484404,"flow_dst_last_pkt_time":1686453545484404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686453545484404,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"74.111.203.55","src_port":64251,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":395,"flow_packet_id":1,"flow_src_last_pkt_time":1686453545484404,"flow_dst_last_pkt_time":1686453545484404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686453545484404,"pkt":"ipffLU2SPJTVQTiBCABFCABLA5wAACQRwMwbhqncSm\/LN\/r7AasANyKHAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686453545484404,"flow_src_last_pkt_time":1686453545484404,"flow_dst_last_pkt_time":1686453545484404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686453545484404,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"74.111.203.55","src_port":64251,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1921,7 +1921,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":396,"flow_packet_id":1,"flow_src_last_pkt_time":1686454040614924,"flow_dst_last_pkt_time":1686454040614924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686454040614924,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+VZxAADMRS4lYRyo6pZBUPjxoAasAKox5AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":396,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686454040614924,"flow_src_last_pkt_time":1686454040614924,"flow_dst_last_pkt_time":1686454040614924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686454040614924,"l3_proto":"ip4","src_ip":"88.71.42.58","dst_ip":"165.144.84.62","src_port":15464,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":395,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686453545484404,"flow_src_last_pkt_time":1686453545484404,"flow_dst_last_pkt_time":1686453545484404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686454040614924,"l3_proto":"ip4","src_ip":"27.134.169.220","dst_ip":"74.111.203.55","src_port":64251,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":403,"packets-processed":402,"total-skipped-flows":0,"total-l4-payload-len":20897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":396,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":396,"total-idle-flows":395,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1924,"global_ts_usec":1686454835524989} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":403,"packets-processed":402,"total-skipped-flows":0,"total-l4-payload-len":20897,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":396,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":396,"total-idle-flows":395,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1924,"global_ts_usec":1686454835524989} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686454835524989,"flow_src_last_pkt_time":1686454835524989,"flow_dst_last_pkt_time":1686454835524989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686454835524989,"l3_proto":"ip4","src_ip":"191.62.219.57","dst_ip":"186.112.202.53","src_port":29227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":397,"flow_packet_id":1,"flow_src_last_pkt_time":1686454835524989,"flow_dst_last_pkt_time":1686454835524989,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686454835524989,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+jJRAADMRFJq\/Pts5unDKNXIrAasAKla\/AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686454835524989,"flow_src_last_pkt_time":1686454835524989,"flow_dst_last_pkt_time":1686454835524989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686454835524989,"l3_proto":"ip4","src_ip":"191.62.219.57","dst_ip":"186.112.202.53","src_port":29227,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1930,7 +1930,7 @@ 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":398,"flow_packet_id":1,"flow_src_last_pkt_time":1686455045546385,"flow_dst_last_pkt_time":1686455045546385,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686455045546385,"pkt":"bpHurUgdPJTVQTiBCABFAAA+lIxAADMRDKe+Ryo2RW27NrkEAasAKg\/rAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":404,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":398,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686455045546385,"flow_src_last_pkt_time":1686455045546385,"flow_dst_last_pkt_time":1686455045546385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686455045546385,"l3_proto":"ip4","src_ip":"190.71.42.54","dst_ip":"69.109.187.54","src_port":47364,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":397,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686454835524989,"flow_src_last_pkt_time":1686454835524989,"flow_dst_last_pkt_time":1686454835524989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686455045546385,"l3_proto":"ip4","src_ip":"191.62.219.57","dst_ip":"186.112.202.53","src_port":29227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":405,"packets-processed":404,"total-skipped-flows":0,"total-l4-payload-len":20965,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":398,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":398,"total-idle-flows":397,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1933,"global_ts_usec":1686455864946730} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":405,"packets-processed":404,"total-skipped-flows":0,"total-l4-payload-len":20965,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":398,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":398,"total-idle-flows":397,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1933,"global_ts_usec":1686455864946730} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686455864946730,"flow_src_last_pkt_time":1686455864946730,"flow_dst_last_pkt_time":1686455864946730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686455864946730,"l3_proto":"ip4","src_ip":"166.62.197.60","dst_ip":"165.114.202.61","src_port":35606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":399,"flow_packet_id":1,"flow_src_last_pkt_time":1686455864946730,"flow_dst_last_pkt_time":1686455864946730,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686455864946730,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+EMNAADMRkF2mPsU8pXLKPYsWAasAKj3GAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":405,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686455864946730,"flow_src_last_pkt_time":1686455864946730,"flow_dst_last_pkt_time":1686455864946730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686455864946730,"l3_proto":"ip4","src_ip":"166.62.197.60","dst_ip":"165.114.202.61","src_port":35606,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1939,7 +1939,7 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":400,"flow_packet_id":1,"flow_src_last_pkt_time":1686456361937981,"flow_dst_last_pkt_time":1686456361937981,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686456361937981,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+GgRAADMRhy2\/Pts5Wm\/UMkj9AasAKn\/wAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":400,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456361937981,"flow_src_last_pkt_time":1686456361937981,"flow_dst_last_pkt_time":1686456361937981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686456361937981,"l3_proto":"ip4","src_ip":"191.62.219.57","dst_ip":"90.111.212.50","src_port":18685,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":399,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686455864946730,"flow_src_last_pkt_time":1686455864946730,"flow_dst_last_pkt_time":1686455864946730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686456361937981,"l3_proto":"ip4","src_ip":"166.62.197.60","dst_ip":"165.114.202.61","src_port":35606,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":407,"packets-processed":406,"total-skipped-flows":0,"total-l4-payload-len":21033,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":400,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":400,"total-idle-flows":399,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1942,"global_ts_usec":1686456730972924} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":407,"packets-processed":406,"total-skipped-flows":0,"total-l4-payload-len":21033,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":400,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":400,"total-idle-flows":399,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1942,"global_ts_usec":1686456730972924} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456730972924,"flow_src_last_pkt_time":1686456730972924,"flow_dst_last_pkt_time":1686456730972924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686456730972924,"l3_proto":"ip4","src_ip":"88.70.212.56","dst_ip":"85.111.52.57","src_port":65013,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":401,"flow_packet_id":1,"flow_src_last_pkt_time":1686456730972924,"flow_dst_last_pkt_time":1686456730972924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686456730972924,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+jhRAADMRExhYRtQ4VW80Of31AasAKsryAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456730972924,"flow_src_last_pkt_time":1686456730972924,"flow_dst_last_pkt_time":1686456730972924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686456730972924,"l3_proto":"ip4","src_ip":"88.70.212.56","dst_ip":"85.111.52.57","src_port":65013,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1953,27 +1953,27 @@ 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457196084311,"flow_src_last_pkt_time":1686457196084311,"flow_dst_last_pkt_time":1686457196084311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457196084311,"l3_proto":"ip4","src_ip":"161.199.58.19","dst_ip":"90.147.171.51","src_port":64864,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":402,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456819293547,"flow_src_last_pkt_time":1686456819293547,"flow_dst_last_pkt_time":1686456819293547,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457196084311,"l3_proto":"ip4","src_ip":"184.199.42.59","dst_ip":"90.141.37.56","src_port":42047,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":401,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686456730972924,"flow_src_last_pkt_time":1686456730972924,"flow_dst_last_pkt_time":1686456730972924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457196084311,"l3_proto":"ip4","src_ip":"88.70.212.56","dst_ip":"85.111.52.57","src_port":65013,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":410,"packets-processed":409,"total-skipped-flows":0,"total-l4-payload-len":21135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":403,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":403,"total-idle-flows":402,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1956,"global_ts_usec":1686457611262806} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":410,"packets-processed":409,"total-skipped-flows":0,"total-l4-payload-len":21135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":403,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":403,"total-idle-flows":402,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1956,"global_ts_usec":1686457611262806} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457611262806,"flow_src_last_pkt_time":1686457611262806,"flow_dst_last_pkt_time":1686457611262806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457611262806,"l3_proto":"ip4","src_ip":"161.62.218.52","dst_ip":"74.111.203.55","src_port":37093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":404,"flow_packet_id":1,"flow_src_last_pkt_time":1686457611262806,"flow_dst_last_pkt_time":1686457611262806,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686457611262806,"pkt":"ipffLU2SPJTVQTiBCABFAAA+elpAADMRJtihPto0Sm\/LN5DlAasAKjgJAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457611262806,"flow_src_last_pkt_time":1686457611262806,"flow_dst_last_pkt_time":1686457611262806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457611262806,"l3_proto":"ip4","src_ip":"161.62.218.52","dst_ip":"74.111.203.55","src_port":37093,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":403,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457196084311,"flow_src_last_pkt_time":1686457196084311,"flow_dst_last_pkt_time":1686457196084311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686457611262806,"l3_proto":"ip4","src_ip":"161.199.58.19","dst_ip":"90.147.171.51","src_port":64864,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":411,"packets-processed":410,"total-skipped-flows":0,"total-l4-payload-len":21169,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":404,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":404,"total-idle-flows":403,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1961,"global_ts_usec":1686459303680190} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":411,"packets-processed":410,"total-skipped-flows":0,"total-l4-payload-len":21169,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":404,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":404,"total-idle-flows":403,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1961,"global_ts_usec":1686459303680190} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686459303680190,"flow_src_last_pkt_time":1686459303680190,"flow_dst_last_pkt_time":1686459303680190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686459303680190,"l3_proto":"ip4","src_ip":"194.43.223.106","dst_ip":"165.114.202.61","src_port":55142,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":405,"flow_packet_id":1,"flow_src_last_pkt_time":1686459303680190,"flow_dst_last_pkt_time":1686459303680190,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686459303680190,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbZLCK99qpXLKPddmAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":411,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686459303680190,"flow_src_last_pkt_time":1686459303680190,"flow_dst_last_pkt_time":1686459303680190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686459303680190,"l3_proto":"ip4","src_ip":"194.43.223.106","dst_ip":"165.114.202.61","src_port":55142,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":404,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686457611262806,"flow_src_last_pkt_time":1686457611262806,"flow_dst_last_pkt_time":1686457611262806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686459303680190,"l3_proto":"ip4","src_ip":"161.62.218.52","dst_ip":"74.111.203.55","src_port":37093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":412,"packets-processed":411,"total-skipped-flows":0,"total-l4-payload-len":21198,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":405,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":405,"total-idle-flows":404,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1966,"global_ts_usec":1686460297406877} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":412,"packets-processed":411,"total-skipped-flows":0,"total-l4-payload-len":21198,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":405,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":405,"total-idle-flows":404,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1966,"global_ts_usec":1686460297406877} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686460297406877,"flow_src_last_pkt_time":1686460297406877,"flow_dst_last_pkt_time":1686460297406877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686460297406877,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"85.111.52.57","src_port":33255,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":406,"flow_packet_id":1,"flow_src_last_pkt_time":1686460297406877,"flow_dst_last_pkt_time":1686460297406877,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686460297406877,"pkt":"moT+\/Ph8PJTVQTiBCABFAABL8BcAACYR5Ajinvx\/VW80OYHnAasAN61LAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":412,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686460297406877,"flow_src_last_pkt_time":1686460297406877,"flow_dst_last_pkt_time":1686460297406877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686460297406877,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"85.111.52.57","src_port":33255,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":405,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686459303680190,"flow_src_last_pkt_time":1686459303680190,"flow_dst_last_pkt_time":1686459303680190,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686460297406877,"l3_proto":"ip4","src_ip":"194.43.223.106","dst_ip":"165.114.202.61","src_port":55142,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":413,"packets-processed":412,"total-skipped-flows":0,"total-l4-payload-len":21245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":406,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":406,"total-idle-flows":405,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1971,"global_ts_usec":1686461245285022} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":413,"packets-processed":412,"total-skipped-flows":0,"total-l4-payload-len":21245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":406,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":406,"total-idle-flows":405,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1971,"global_ts_usec":1686461245285022} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686461245285022,"flow_src_last_pkt_time":1686461245285022,"flow_dst_last_pkt_time":1686461245285022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686461245285022,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":36149,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":407,"flow_packet_id":1,"flow_src_last_pkt_time":1686461245285022,"flow_dst_last_pkt_time":1686461245285022,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686461245285022,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPURKLnIH5CeunDKNY01AasAJV1CAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":413,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":407,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686461245285022,"flow_src_last_pkt_time":1686461245285022,"flow_dst_last_pkt_time":1686461245285022,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686461245285022,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":36149,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":406,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686460297406877,"flow_src_last_pkt_time":1686460297406877,"flow_dst_last_pkt_time":1686460297406877,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686461245285022,"l3_proto":"ip4","src_ip":"226.158.252.127","dst_ip":"85.111.52.57","src_port":33255,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":21274,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":407,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":407,"total-idle-flows":406,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1976,"global_ts_usec":1686462756222356} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":21274,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":407,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":407,"total-idle-flows":406,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1976,"global_ts_usec":1686462756222356} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686462756222356,"flow_src_last_pkt_time":1686462756222356,"flow_dst_last_pkt_time":1686462756222356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686462756222356,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":45294,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":408,"flow_packet_id":1,"flow_src_last_pkt_time":1686462756222356,"flow_dst_last_pkt_time":1686462756222356,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686462756222356,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPbDuAasAJTmBAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":408,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686462756222356,"flow_src_last_pkt_time":1686462756222356,"flow_dst_last_pkt_time":1686462756222356,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686462756222356,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":45294,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -1986,7 +1986,7 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":410,"flow_packet_id":1,"flow_src_last_pkt_time":1686463232786177,"flow_dst_last_pkt_time":1686463232786177,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686463232786177,"pkt":"AAwp30Y4PJTVQTiBCABFAABLPb8AACYRlmBdZnxwWpOrMyrYAasANwRaAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":410,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463232786177,"flow_src_last_pkt_time":1686463232786177,"flow_dst_last_pkt_time":1686463232786177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686463232786177,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"90.147.171.51","src_port":10968,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":409,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463066276572,"flow_src_last_pkt_time":1686463066276572,"flow_dst_last_pkt_time":1686463066276572,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686463232786177,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":45056,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":417,"packets-processed":416,"total-skipped-flows":0,"total-l4-payload-len":21379,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":410,"total-detection-updates":0,"total-updates":80,"current-active-flows":2,"total-active-flows":410,"total-idle-flows":408,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1989,"global_ts_usec":1686463744473624} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":417,"packets-processed":416,"total-skipped-flows":0,"total-l4-payload-len":21379,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":410,"total-detection-updates":0,"total-updates":80,"current-active-flows":2,"total-active-flows":410,"total-idle-flows":408,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1989,"global_ts_usec":1686463744473624} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463744473624,"flow_src_last_pkt_time":1686463744473624,"flow_dst_last_pkt_time":1686463744473624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686463744473624,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54431,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":411,"flow_packet_id":1,"flow_src_last_pkt_time":1686463744473624,"flow_dst_last_pkt_time":1686463744473624,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686463744473624,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lONSfAasAJRXWAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":411,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463744473624,"flow_src_last_pkt_time":1686463744473624,"flow_dst_last_pkt_time":1686463744473624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686463744473624,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54431,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2000,7 +2000,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":413,"flow_packet_id":1,"flow_src_last_pkt_time":1686464114985492,"flow_dst_last_pkt_time":1686464114985492,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686464114985492,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27NsnbAasAJSCdAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":413,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686464114985492,"flow_src_last_pkt_time":1686464114985492,"flow_dst_last_pkt_time":1686464114985492,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686464114985492,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":51675,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":412,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686463955005585,"flow_src_last_pkt_time":1686463955005585,"flow_dst_last_pkt_time":1686463955005585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686464114985492,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":59262,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":420,"packets-processed":419,"total-skipped-flows":0,"total-l4-payload-len":21466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":413,"total-detection-updates":0,"total-updates":81,"current-active-flows":2,"total-active-flows":413,"total-idle-flows":411,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2003,"global_ts_usec":1686465127922786} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":420,"packets-processed":419,"total-skipped-flows":0,"total-l4-payload-len":21466,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":413,"total-detection-updates":0,"total-updates":81,"current-active-flows":2,"total-active-flows":413,"total-idle-flows":411,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2003,"global_ts_usec":1686465127922786} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465127922786,"flow_src_last_pkt_time":1686465127922786,"flow_dst_last_pkt_time":1686465127922786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686465127922786,"l3_proto":"ip4","src_ip":"174.237.64.176","dst_ip":"90.141.37.56","src_port":49218,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":414,"flow_packet_id":1,"flow_src_last_pkt_time":1686465127922786,"flow_dst_last_pkt_time":1686465127922786,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686465127922786,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRYA6u7UCwWo0lOMBCAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":414,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465127922786,"flow_src_last_pkt_time":1686465127922786,"flow_dst_last_pkt_time":1686465127922786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686465127922786,"l3_proto":"ip4","src_ip":"174.237.64.176","dst_ip":"90.141.37.56","src_port":49218,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2013,23 +2013,23 @@ 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465448467764,"flow_src_last_pkt_time":1686465448467764,"flow_dst_last_pkt_time":1686465448467764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686465448467764,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":57245,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":416,"flow_packet_id":1,"flow_src_last_pkt_time":1686465448467764,"flow_dst_last_pkt_time":1686465448467764,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686465448467764,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80Od+dAasAJQrXAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465448467764,"flow_src_last_pkt_time":1686465448467764,"flow_dst_last_pkt_time":1686465448467764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686465448467764,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":57245,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":423,"packets-processed":422,"total-skipped-flows":0,"total-l4-payload-len":21553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":416,"total-detection-updates":0,"total-updates":81,"current-active-flows":2,"total-active-flows":416,"total-idle-flows":414,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2016,"global_ts_usec":1686466394503634} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":423,"packets-processed":422,"total-skipped-flows":0,"total-l4-payload-len":21553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":416,"total-detection-updates":0,"total-updates":81,"current-active-flows":2,"total-active-flows":416,"total-idle-flows":414,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2016,"global_ts_usec":1686466394503634} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686466394503634,"flow_src_last_pkt_time":1686466394503634,"flow_dst_last_pkt_time":1686466394503634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686466394503634,"l3_proto":"ip4","src_ip":"193.219.252.221","dst_ip":"90.147.171.51","src_port":51650,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":417,"flow_packet_id":1,"flow_src_last_pkt_time":1686466394503634,"flow_dst_last_pkt_time":1686466394503634,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686466394503634,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbcTB2\/zdWpOrM8nCAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686466394503634,"flow_src_last_pkt_time":1686466394503634,"flow_dst_last_pkt_time":1686466394503634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686466394503634,"l3_proto":"ip4","src_ip":"193.219.252.221","dst_ip":"90.147.171.51","src_port":51650,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":416,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465448467764,"flow_src_last_pkt_time":1686465448467764,"flow_dst_last_pkt_time":1686465448467764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686466394503634,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":57245,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":415,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686465406790123,"flow_src_last_pkt_time":1686465406790123,"flow_dst_last_pkt_time":1686465406790123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686466394503634,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":57345,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":424,"packets-processed":423,"total-skipped-flows":0,"total-l4-payload-len":21582,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":417,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":417,"total-idle-flows":416,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2022,"global_ts_usec":1686467393700733} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":424,"packets-processed":423,"total-skipped-flows":0,"total-l4-payload-len":21582,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":417,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":417,"total-idle-flows":416,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2022,"global_ts_usec":1686467393700733} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686467393700733,"flow_src_last_pkt_time":1686467393700733,"flow_dst_last_pkt_time":1686467393700733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686467393700733,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":41180,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":418,"flow_packet_id":1,"flow_src_last_pkt_time":1686467393700733,"flow_dst_last_pkt_time":1686467393700733,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686467393700733,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN6DcAasAJUmdAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686467393700733,"flow_src_last_pkt_time":1686467393700733,"flow_dst_last_pkt_time":1686467393700733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686467393700733,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":41180,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":417,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686466394503634,"flow_src_last_pkt_time":1686466394503634,"flow_dst_last_pkt_time":1686466394503634,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686467393700733,"l3_proto":"ip4","src_ip":"193.219.252.221","dst_ip":"90.147.171.51","src_port":51650,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":425,"packets-processed":424,"total-skipped-flows":0,"total-l4-payload-len":21611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":418,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":418,"total-idle-flows":417,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2027,"global_ts_usec":1686469130125468} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":425,"packets-processed":424,"total-skipped-flows":0,"total-l4-payload-len":21611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":418,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":418,"total-idle-flows":417,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2027,"global_ts_usec":1686469130125468} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686469130125468,"flow_src_last_pkt_time":1686469130125468,"flow_dst_last_pkt_time":1686469130125468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686469130125468,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":40785,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":419,"flow_packet_id":1,"flow_src_last_pkt_time":1686469130125468,"flow_dst_last_pkt_time":1686469130125468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686469130125468,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMp9RAasAJUspAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":419,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686469130125468,"flow_src_last_pkt_time":1686469130125468,"flow_dst_last_pkt_time":1686469130125468,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686469130125468,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":40785,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":418,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686467393700733,"flow_src_last_pkt_time":1686467393700733,"flow_dst_last_pkt_time":1686467393700733,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686469130125468,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":41180,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":426,"packets-processed":425,"total-skipped-flows":0,"total-l4-payload-len":21640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":419,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":419,"total-idle-flows":418,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2032,"global_ts_usec":1686473127013443} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":426,"packets-processed":425,"total-skipped-flows":0,"total-l4-payload-len":21640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":419,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":419,"total-idle-flows":418,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2032,"global_ts_usec":1686473127013443} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473127013443,"flow_src_last_pkt_time":1686473127013443,"flow_dst_last_pkt_time":1686473127013443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686473127013443,"l3_proto":"ip4","src_ip":"174.18.32.224","dst_ip":"74.111.203.55","src_port":53272,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":420,"flow_packet_id":1,"flow_src_last_pkt_time":1686473127013443,"flow_dst_last_pkt_time":1686473127013443,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686473127013443,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRX\/muEiDgSm\/LN9AYAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473127013443,"flow_src_last_pkt_time":1686473127013443,"flow_dst_last_pkt_time":1686473127013443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686473127013443,"l3_proto":"ip4","src_ip":"174.18.32.224","dst_ip":"74.111.203.55","src_port":53272,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2038,22 +2038,22 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":421,"flow_packet_id":1,"flow_src_last_pkt_time":1686473724125289,"flow_dst_last_pkt_time":1686473724125289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686473724125289,"pkt":"bpHurUgdPJTVQTiBCABFCAB+1DEAAOsRrCDthLCIRW27NubXAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473724125289,"flow_src_last_pkt_time":1686473724125289,"flow_dst_last_pkt_time":1686473724125289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686473724125289,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"69.109.187.54","src_port":59095,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":420,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473127013443,"flow_src_last_pkt_time":1686473127013443,"flow_dst_last_pkt_time":1686473127013443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686473724125289,"l3_proto":"ip4","src_ip":"174.18.32.224","dst_ip":"74.111.203.55","src_port":53272,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":428,"packets-processed":427,"total-skipped-flows":0,"total-l4-payload-len":21767,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":421,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":421,"total-idle-flows":420,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2041,"global_ts_usec":1686474011529942} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":428,"packets-processed":427,"total-skipped-flows":0,"total-l4-payload-len":21767,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":421,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":421,"total-idle-flows":420,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2041,"global_ts_usec":1686474011529942} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686474011529942,"flow_src_last_pkt_time":1686474011529942,"flow_dst_last_pkt_time":1686474011529942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686474011529942,"l3_proto":"ip4","src_ip":"37.36.31.210","dst_ip":"165.144.84.62","src_port":53791,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":422,"flow_packet_id":1,"flow_src_last_pkt_time":1686474011529942,"flow_dst_last_pkt_time":1686474011529942,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686474011529942,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbMMlJB\/SpZBUPtIfAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686474011529942,"flow_src_last_pkt_time":1686474011529942,"flow_dst_last_pkt_time":1686474011529942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686474011529942,"l3_proto":"ip4","src_ip":"37.36.31.210","dst_ip":"165.144.84.62","src_port":53791,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":421,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686473724125289,"flow_src_last_pkt_time":1686473724125289,"flow_dst_last_pkt_time":1686473724125289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686474011529942,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"69.109.187.54","src_port":59095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":429,"packets-processed":428,"total-skipped-flows":0,"total-l4-payload-len":21796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":422,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":422,"total-idle-flows":421,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2046,"global_ts_usec":1686475183417032} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":429,"packets-processed":428,"total-skipped-flows":0,"total-l4-payload-len":21796,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":422,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":422,"total-idle-flows":421,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2046,"global_ts_usec":1686475183417032} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475183417032,"flow_src_last_pkt_time":1686475183417032,"flow_dst_last_pkt_time":1686475183417032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475183417032,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":34976,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":423,"flow_packet_id":1,"flow_src_last_pkt_time":1686475183417032,"flow_dst_last_pkt_time":1686475183417032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686475183417032,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLWusAACIRb79b\/2t0VW80OYigAasAN5kkAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475183417032,"flow_src_last_pkt_time":1686475183417032,"flow_dst_last_pkt_time":1686475183417032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475183417032,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":34976,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":422,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686474011529942,"flow_src_last_pkt_time":1686474011529942,"flow_dst_last_pkt_time":1686474011529942,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475183417032,"l3_proto":"ip4","src_ip":"37.36.31.210","dst_ip":"165.144.84.62","src_port":53791,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":430,"packets-processed":429,"total-skipped-flows":0,"total-l4-payload-len":21843,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":423,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":423,"total-idle-flows":422,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2051,"global_ts_usec":1686475826792753} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":430,"packets-processed":429,"total-skipped-flows":0,"total-l4-payload-len":21843,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":423,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":423,"total-idle-flows":422,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2051,"global_ts_usec":1686475826792753} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475826792753,"flow_src_last_pkt_time":1686475826792753,"flow_dst_last_pkt_time":1686475826792753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475826792753,"l3_proto":"ip4","src_ip":"47.51.0.222","dst_ip":"69.109.187.54","src_port":53190,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":424,"flow_packet_id":1,"flow_src_last_pkt_time":1686475826792753,"flow_dst_last_pkt_time":1686475826792753,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686475826792753,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRXtkvMwDeRW27Ns\/GAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":424,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475826792753,"flow_src_last_pkt_time":1686475826792753,"flow_dst_last_pkt_time":1686475826792753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475826792753,"l3_proto":"ip4","src_ip":"47.51.0.222","dst_ip":"69.109.187.54","src_port":53190,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":423,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686475183417032,"flow_src_last_pkt_time":1686475183417032,"flow_dst_last_pkt_time":1686475183417032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686475826792753,"l3_proto":"ip4","src_ip":"91.255.107.116","dst_ip":"85.111.52.57","src_port":34976,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":431,"packets-processed":430,"total-skipped-flows":0,"total-l4-payload-len":21872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":424,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":424,"total-idle-flows":423,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2056,"global_ts_usec":1686495926985957} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":431,"packets-processed":430,"total-skipped-flows":0,"total-l4-payload-len":21872,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":424,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":424,"total-idle-flows":423,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2056,"global_ts_usec":1686495926985957} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686495926985957,"flow_src_last_pkt_time":1686495926985957,"flow_dst_last_pkt_time":1686495926985957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686495926985957,"l3_proto":"ip4","src_ip":"238.156.97.151","dst_ip":"74.111.203.55","src_port":35769,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":425,"flow_packet_id":1,"flow_src_last_pkt_time":1686495926985957,"flow_dst_last_pkt_time":1686495926985957,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686495926985957,"pkt":"ipffLU2SPJTVQTiBCABFCAB+1DEAAO0RqinunGGXSm\/LN4u5AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686495926985957,"flow_src_last_pkt_time":1686495926985957,"flow_dst_last_pkt_time":1686495926985957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686495926985957,"l3_proto":"ip4","src_ip":"238.156.97.151","dst_ip":"74.111.203.55","src_port":35769,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2062,17 +2062,17 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":426,"flow_packet_id":1,"flow_src_last_pkt_time":1686496447196573,"flow_dst_last_pkt_time":1686496447196573,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686496447196573,"pkt":"moT+\/Ph8PJTVQTiBCABFCAB+1DEAAO0REAmGtJCVVW80OYPRAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686496447196573,"flow_src_last_pkt_time":1686496447196573,"flow_dst_last_pkt_time":1686496447196573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686496447196573,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"85.111.52.57","src_port":33745,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":425,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686495926985957,"flow_src_last_pkt_time":1686495926985957,"flow_dst_last_pkt_time":1686495926985957,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686496447196573,"l3_proto":"ip4","src_ip":"238.156.97.151","dst_ip":"74.111.203.55","src_port":35769,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":433,"packets-processed":432,"total-skipped-flows":0,"total-l4-payload-len":22068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":426,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":426,"total-idle-flows":425,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2065,"global_ts_usec":1686497167515992} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":433,"packets-processed":432,"total-skipped-flows":0,"total-l4-payload-len":22068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":426,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":426,"total-idle-flows":425,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2065,"global_ts_usec":1686497167515992} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686497167515992,"flow_src_last_pkt_time":1686497167515992,"flow_dst_last_pkt_time":1686497167515992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686497167515992,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.147.171.51","src_port":37012,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":427,"flow_packet_id":1,"flow_src_last_pkt_time":1686497167515992,"flow_dst_last_pkt_time":1686497167515992,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686497167515992,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCZf2S2hzWpOrM5CUAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686497167515992,"flow_src_last_pkt_time":1686497167515992,"flow_dst_last_pkt_time":1686497167515992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686497167515992,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.147.171.51","src_port":37012,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":426,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686496447196573,"flow_src_last_pkt_time":1686496447196573,"flow_dst_last_pkt_time":1686496447196573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686497167515992,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"85.111.52.57","src_port":33745,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":434,"packets-processed":433,"total-skipped-flows":0,"total-l4-payload-len":22166,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":427,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":427,"total-idle-flows":426,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2070,"global_ts_usec":1686499664191010} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":434,"packets-processed":433,"total-skipped-flows":0,"total-l4-payload-len":22166,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":427,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":427,"total-idle-flows":426,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2070,"global_ts_usec":1686499664191010} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686499664191010,"flow_src_last_pkt_time":1686499664191010,"flow_dst_last_pkt_time":1686499664191010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686499664191010,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.114.202.61","src_port":54319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":428,"flow_packet_id":1,"flow_src_last_pkt_time":1686499664191010,"flow_dst_last_pkt_time":1686499664191010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686499664191010,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAO8RDcZGtG\/xpXLKPdQvAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":428,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686499664191010,"flow_src_last_pkt_time":1686499664191010,"flow_dst_last_pkt_time":1686499664191010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686499664191010,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.114.202.61","src_port":54319,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":427,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686497167515992,"flow_src_last_pkt_time":1686497167515992,"flow_dst_last_pkt_time":1686497167515992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686499664191010,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.147.171.51","src_port":37012,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":435,"packets-processed":434,"total-skipped-flows":0,"total-l4-payload-len":22264,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":428,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":428,"total-idle-flows":427,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2075,"global_ts_usec":1686501344601870} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":435,"packets-processed":434,"total-skipped-flows":0,"total-l4-payload-len":22264,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":428,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":428,"total-idle-flows":427,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2075,"global_ts_usec":1686501344601870} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501344601870,"flow_src_last_pkt_time":1686501344601870,"flow_dst_last_pkt_time":1686501344601870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501344601870,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.111.212.50","src_port":59479,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":429,"flow_packet_id":1,"flow_src_last_pkt_time":1686501344601870,"flow_dst_last_pkt_time":1686501344601870,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686501344601870,"pkt":"AAwp30Y4PJTVQTiBCABFCAB+1DEAAO0RqjATY5KcWm\/UMuhXAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501344601870,"flow_src_last_pkt_time":1686501344601870,"flow_dst_last_pkt_time":1686501344601870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501344601870,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.111.212.50","src_port":59479,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2085,72 +2085,72 @@ 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501844780096,"flow_src_last_pkt_time":1686501844780096,"flow_dst_last_pkt_time":1686501844780096,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501844780096,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"74.111.203.55","src_port":16085,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":430,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501359797956,"flow_src_last_pkt_time":1686501359797956,"flow_dst_last_pkt_time":1686501359797956,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501844780096,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.145.180.58","src_port":46227,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":429,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501344601870,"flow_src_last_pkt_time":1686501344601870,"flow_dst_last_pkt_time":1686501344601870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686501844780096,"l3_proto":"ip4","src_ip":"19.99.146.156","dst_ip":"90.111.212.50","src_port":59479,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":438,"packets-processed":437,"total-skipped-flows":0,"total-l4-payload-len":22507,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":431,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":431,"total-idle-flows":430,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2088,"global_ts_usec":1686503041221893} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":438,"packets-processed":437,"total-skipped-flows":0,"total-l4-payload-len":22507,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":431,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":431,"total-idle-flows":430,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2088,"global_ts_usec":1686503041221893} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503041221893,"flow_src_last_pkt_time":1686503041221893,"flow_dst_last_pkt_time":1686503041221893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503041221893,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":37571,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":432,"flow_packet_id":1,"flow_src_last_pkt_time":1686503041221893,"flow_dst_last_pkt_time":1686503041221893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686503041221893,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRCZH2S2hzWo0lOJLDAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503041221893,"flow_src_last_pkt_time":1686503041221893,"flow_dst_last_pkt_time":1686503041221893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503041221893,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":37571,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":431,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686501844780096,"flow_src_last_pkt_time":1686501844780096,"flow_dst_last_pkt_time":1686501844780096,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503041221893,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"74.111.203.55","src_port":16085,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":439,"packets-processed":438,"total-skipped-flows":0,"total-l4-payload-len":22605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":432,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":432,"total-idle-flows":431,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2093,"global_ts_usec":1686503642111524} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":439,"packets-processed":438,"total-skipped-flows":0,"total-l4-payload-len":22605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":432,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":432,"total-idle-flows":431,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2093,"global_ts_usec":1686503642111524} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503642111524,"flow_src_last_pkt_time":1686503642111524,"flow_dst_last_pkt_time":1686503642111524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503642111524,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"69.109.187.54","src_port":52184,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":433,"flow_packet_id":1,"flow_src_last_pkt_time":1686503642111524,"flow_dst_last_pkt_time":1686503642111524,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686503642111524,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAO8RDc9GtG\/xRW27NsvYAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503642111524,"flow_src_last_pkt_time":1686503642111524,"flow_dst_last_pkt_time":1686503642111524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503642111524,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"69.109.187.54","src_port":52184,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":432,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503041221893,"flow_src_last_pkt_time":1686503041221893,"flow_dst_last_pkt_time":1686503041221893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686503642111524,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":37571,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":440,"packets-processed":439,"total-skipped-flows":0,"total-l4-payload-len":22703,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":433,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":433,"total-idle-flows":432,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2098,"global_ts_usec":1686504303052084} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":440,"packets-processed":439,"total-skipped-flows":0,"total-l4-payload-len":22703,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":433,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":433,"total-idle-flows":432,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2098,"global_ts_usec":1686504303052084} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686504303052084,"flow_src_last_pkt_time":1686504303052084,"flow_dst_last_pkt_time":1686504303052084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686504303052084,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"165.144.84.62","src_port":40378,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":434,"flow_packet_id":1,"flow_src_last_pkt_time":1686504303052084,"flow_dst_last_pkt_time":1686504303052084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686504303052084,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRCYz2S2hzpZBUPp26AasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686504303052084,"flow_src_last_pkt_time":1686504303052084,"flow_dst_last_pkt_time":1686504303052084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686504303052084,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"165.144.84.62","src_port":40378,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":433,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686503642111524,"flow_src_last_pkt_time":1686503642111524,"flow_dst_last_pkt_time":1686503642111524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686504303052084,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"69.109.187.54","src_port":52184,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":441,"packets-processed":440,"total-skipped-flows":0,"total-l4-payload-len":22801,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":434,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":434,"total-idle-flows":433,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2103,"global_ts_usec":1686509878709062} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":441,"packets-processed":440,"total-skipped-flows":0,"total-l4-payload-len":22801,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":434,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":434,"total-idle-flows":433,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2103,"global_ts_usec":1686509878709062} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686509878709062,"flow_src_last_pkt_time":1686509878709062,"flow_dst_last_pkt_time":1686509878709062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686509878709062,"l3_proto":"ip4","src_ip":"138.18.252.120","dst_ip":"165.114.202.61","src_port":11561,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":435,"flow_packet_id":1,"flow_src_last_pkt_time":1686509878709062,"flow_dst_last_pkt_time":1686509878709062,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686509878709062,"pkt":"AAwp30Y4PJTVQTiBCABFBABSCXBAACIRPHOKEvx4pXLKPS0pAasAPkHRAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686509878709062,"flow_src_last_pkt_time":1686509878709062,"flow_dst_last_pkt_time":1686509878709062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686509878709062,"l3_proto":"ip4","src_ip":"138.18.252.120","dst_ip":"165.114.202.61","src_port":11561,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":434,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686504303052084,"flow_src_last_pkt_time":1686504303052084,"flow_dst_last_pkt_time":1686504303052084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686509878709062,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"165.144.84.62","src_port":40378,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":442,"packets-processed":441,"total-skipped-flows":0,"total-l4-payload-len":22855,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":435,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":435,"total-idle-flows":434,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2108,"global_ts_usec":1686512676583485} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":442,"packets-processed":441,"total-skipped-flows":0,"total-l4-payload-len":22855,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":435,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":435,"total-idle-flows":434,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2108,"global_ts_usec":1686512676583485} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686512676583485,"flow_src_last_pkt_time":1686512676583485,"flow_dst_last_pkt_time":1686512676583485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686512676583485,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"90.141.37.56","src_port":55022,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":436,"flow_packet_id":1,"flow_src_last_pkt_time":1686512676583485,"flow_dst_last_pkt_time":1686512676583485,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686512676583485,"pkt":"3jHC4dyOPJTVQTiBCABFCABLlmEAACQRLg7boGXRWo0lONbuAasAN0abAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686512676583485,"flow_src_last_pkt_time":1686512676583485,"flow_dst_last_pkt_time":1686512676583485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686512676583485,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"90.141.37.56","src_port":55022,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":435,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686509878709062,"flow_src_last_pkt_time":1686509878709062,"flow_dst_last_pkt_time":1686509878709062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686512676583485,"l3_proto":"ip4","src_ip":"138.18.252.120","dst_ip":"165.114.202.61","src_port":11561,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":443,"packets-processed":442,"total-skipped-flows":0,"total-l4-payload-len":22902,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":436,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":436,"total-idle-flows":435,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2113,"global_ts_usec":1686513474297518} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":443,"packets-processed":442,"total-skipped-flows":0,"total-l4-payload-len":22902,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":436,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":436,"total-idle-flows":435,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2113,"global_ts_usec":1686513474297518} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686513474297518,"flow_src_last_pkt_time":1686513474297518,"flow_dst_last_pkt_time":1686513474297518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686513474297518,"l3_proto":"ip4","src_ip":"66.228.166.55","dst_ip":"69.109.187.54","src_port":51471,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":437,"flow_packet_id":1,"flow_src_last_pkt_time":1686513474297518,"flow_dst_last_pkt_time":1686513474297518,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686513474297518,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRbVpC5KY3RW27NskPAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686513474297518,"flow_src_last_pkt_time":1686513474297518,"flow_dst_last_pkt_time":1686513474297518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686513474297518,"l3_proto":"ip4","src_ip":"66.228.166.55","dst_ip":"69.109.187.54","src_port":51471,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":436,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686512676583485,"flow_src_last_pkt_time":1686512676583485,"flow_dst_last_pkt_time":1686512676583485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686513474297518,"l3_proto":"ip4","src_ip":"219.160.101.209","dst_ip":"90.141.37.56","src_port":55022,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":444,"packets-processed":443,"total-skipped-flows":0,"total-l4-payload-len":22931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":437,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":437,"total-idle-flows":436,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2118,"global_ts_usec":1686525113247519} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":444,"packets-processed":443,"total-skipped-flows":0,"total-l4-payload-len":22931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":437,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":437,"total-idle-flows":436,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2118,"global_ts_usec":1686525113247519} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686525113247519,"flow_src_last_pkt_time":1686525113247519,"flow_dst_last_pkt_time":1686525113247519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686525113247519,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"90.147.171.51","src_port":53093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":438,"flow_packet_id":1,"flow_src_last_pkt_time":1686525113247519,"flow_dst_last_pkt_time":1686525113247519,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686525113247519,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXums7ZjRWpOrM89lAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686525113247519,"flow_src_last_pkt_time":1686525113247519,"flow_dst_last_pkt_time":1686525113247519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686525113247519,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"90.147.171.51","src_port":53093,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":437,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686513474297518,"flow_src_last_pkt_time":1686513474297518,"flow_dst_last_pkt_time":1686513474297518,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686525113247519,"l3_proto":"ip4","src_ip":"66.228.166.55","dst_ip":"69.109.187.54","src_port":51471,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":445,"packets-processed":444,"total-skipped-flows":0,"total-l4-payload-len":22960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":438,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":438,"total-idle-flows":437,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2123,"global_ts_usec":1686526077263977} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":445,"packets-processed":444,"total-skipped-flows":0,"total-l4-payload-len":22960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":438,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":438,"total-idle-flows":437,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2123,"global_ts_usec":1686526077263977} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686526077263977,"flow_src_last_pkt_time":1686526077263977,"flow_dst_last_pkt_time":1686526077263977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686526077263977,"l3_proto":"ip4","src_ip":"82.19.88.220","dst_ip":"186.112.202.53","src_port":49990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":439,"flow_packet_id":1,"flow_src_last_pkt_time":1686526077263977,"flow_dst_last_pkt_time":1686526077263977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686526077263977,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRX9pSE1jcunDKNcNGAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":445,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686526077263977,"flow_src_last_pkt_time":1686526077263977,"flow_dst_last_pkt_time":1686526077263977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686526077263977,"l3_proto":"ip4","src_ip":"82.19.88.220","dst_ip":"186.112.202.53","src_port":49990,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":438,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686525113247519,"flow_src_last_pkt_time":1686525113247519,"flow_dst_last_pkt_time":1686525113247519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686526077263977,"l3_proto":"ip4","src_ip":"172.237.152.209","dst_ip":"90.147.171.51","src_port":53093,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":446,"packets-processed":445,"total-skipped-flows":0,"total-l4-payload-len":22989,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":439,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":439,"total-idle-flows":438,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2128,"global_ts_usec":1686529340012662} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":446,"packets-processed":445,"total-skipped-flows":0,"total-l4-payload-len":22989,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":439,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":439,"total-idle-flows":438,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2128,"global_ts_usec":1686529340012662} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686529340012662,"flow_src_last_pkt_time":1686529340012662,"flow_dst_last_pkt_time":1686529340012662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686529340012662,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":2538,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":440,"flow_packet_id":1,"flow_src_last_pkt_time":1686529340012662,"flow_dst_last_pkt_time":1686529340012662,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686529340012662,"pkt":"3jHC4dyOPJTVQTiBCABFCABLCXUAACIRwTynB5p9Wo0lOAnqAasANxfiAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686529340012662,"flow_src_last_pkt_time":1686529340012662,"flow_dst_last_pkt_time":1686529340012662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686529340012662,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":2538,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":439,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686526077263977,"flow_src_last_pkt_time":1686526077263977,"flow_dst_last_pkt_time":1686526077263977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686529340012662,"l3_proto":"ip4","src_ip":"82.19.88.220","dst_ip":"186.112.202.53","src_port":49990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":447,"packets-processed":446,"total-skipped-flows":0,"total-l4-payload-len":23036,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":440,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":440,"total-idle-flows":439,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2133,"global_ts_usec":1686547842864988} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":447,"packets-processed":446,"total-skipped-flows":0,"total-l4-payload-len":23036,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":440,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":440,"total-idle-flows":439,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2133,"global_ts_usec":1686547842864988} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686547842864988,"flow_src_last_pkt_time":1686547842864988,"flow_dst_last_pkt_time":1686547842864988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686547842864988,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.111.212.50","src_port":54057,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":441,"flow_packet_id":1,"flow_src_last_pkt_time":1686547842864988,"flow_dst_last_pkt_time":1686547842864988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686547842864988,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXqPOzBhaWm\/UMtMpAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":447,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686547842864988,"flow_src_last_pkt_time":1686547842864988,"flow_dst_last_pkt_time":1686547842864988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686547842864988,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.111.212.50","src_port":54057,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":440,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686529340012662,"flow_src_last_pkt_time":1686529340012662,"flow_dst_last_pkt_time":1686529340012662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686547842864988,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":2538,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":448,"packets-processed":447,"total-skipped-flows":0,"total-l4-payload-len":23065,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":441,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":441,"total-idle-flows":440,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2138,"global_ts_usec":1686548676434879} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":448,"packets-processed":447,"total-skipped-flows":0,"total-l4-payload-len":23065,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":441,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":441,"total-idle-flows":440,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2138,"global_ts_usec":1686548676434879} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686548676434879,"flow_src_last_pkt_time":1686548676434879,"flow_dst_last_pkt_time":1686548676434879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686548676434879,"l3_proto":"ip4","src_ip":"185.33.65.208","dst_ip":"74.111.203.55","src_port":52802,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":442,"flow_packet_id":1,"flow_src_last_pkt_time":1686548676434879,"flow_dst_last_pkt_time":1686548676434879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686548676434879,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRbM+5IUHQSm\/LN85CAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":448,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686548676434879,"flow_src_last_pkt_time":1686548676434879,"flow_dst_last_pkt_time":1686548676434879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686548676434879,"l3_proto":"ip4","src_ip":"185.33.65.208","dst_ip":"74.111.203.55","src_port":52802,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":441,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686547842864988,"flow_src_last_pkt_time":1686547842864988,"flow_dst_last_pkt_time":1686547842864988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686548676434879,"l3_proto":"ip4","src_ip":"206.204.24.90","dst_ip":"90.111.212.50","src_port":54057,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":449,"packets-processed":448,"total-skipped-flows":0,"total-l4-payload-len":23094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":442,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":442,"total-idle-flows":441,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2143,"global_ts_usec":1686549393930759} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":449,"packets-processed":448,"total-skipped-flows":0,"total-l4-payload-len":23094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":442,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":442,"total-idle-flows":441,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2143,"global_ts_usec":1686549393930759} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686549393930759,"flow_src_last_pkt_time":1686549393930759,"flow_dst_last_pkt_time":1686549393930759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686549393930759,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"186.112.202.53","src_port":28374,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":443,"flow_packet_id":1,"flow_src_last_pkt_time":1686549393930759,"flow_dst_last_pkt_time":1686549393930759,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686549393930759,"pkt":"xmjqc4OdPJTVQTiBCABFCABLQj4AACQRhmwj\/EVxunDKNW7WAasAN7LuAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":449,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686549393930759,"flow_src_last_pkt_time":1686549393930759,"flow_dst_last_pkt_time":1686549393930759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686549393930759,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"186.112.202.53","src_port":28374,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":442,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686548676434879,"flow_src_last_pkt_time":1686548676434879,"flow_dst_last_pkt_time":1686548676434879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686549393930759,"l3_proto":"ip4","src_ip":"185.33.65.208","dst_ip":"74.111.203.55","src_port":52802,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":450,"packets-processed":449,"total-skipped-flows":0,"total-l4-payload-len":23141,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":443,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":443,"total-idle-flows":442,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2148,"global_ts_usec":1686554987062980} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":450,"packets-processed":449,"total-skipped-flows":0,"total-l4-payload-len":23141,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":443,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":443,"total-idle-flows":442,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2148,"global_ts_usec":1686554987062980} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686554987062980,"flow_src_last_pkt_time":1686554987062980,"flow_dst_last_pkt_time":1686554987062980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686554987062980,"l3_proto":"ip4","src_ip":"47.236.248.231","dst_ip":"90.141.37.56","src_port":52985,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":444,"flow_packet_id":1,"flow_src_last_pkt_time":1686554987062980,"flow_dst_last_pkt_time":1686554987062980,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686554987062980,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRXvwv7PjnWo0lOM75AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":444,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686554987062980,"flow_src_last_pkt_time":1686554987062980,"flow_dst_last_pkt_time":1686554987062980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686554987062980,"l3_proto":"ip4","src_ip":"47.236.248.231","dst_ip":"90.141.37.56","src_port":52985,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":443,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686549393930759,"flow_src_last_pkt_time":1686549393930759,"flow_dst_last_pkt_time":1686549393930759,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686554987062980,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"186.112.202.53","src_port":28374,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":451,"packets-processed":450,"total-skipped-flows":0,"total-l4-payload-len":23170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":444,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":444,"total-idle-flows":443,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2153,"global_ts_usec":1686556816084247} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":451,"packets-processed":450,"total-skipped-flows":0,"total-l4-payload-len":23170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":444,"total-detection-updates":0,"total-updates":81,"current-active-flows":1,"total-active-flows":444,"total-idle-flows":443,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2153,"global_ts_usec":1686556816084247} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686556816084247,"flow_src_last_pkt_time":1686556816084247,"flow_dst_last_pkt_time":1686556816084247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686556816084247,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.111.212.50","src_port":43924,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":445,"flow_packet_id":1,"flow_src_last_pkt_time":1686556816084247,"flow_dst_last_pkt_time":1686556816084247,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686556816084247,"pkt":"AAwp30Y4PJTVQTiBCABFCAA11DEAAPERM4GtoQqtWm\/UMquUAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686556816084247,"flow_src_last_pkt_time":1686556816084247,"flow_dst_last_pkt_time":1686556816084247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686556816084247,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.111.212.50","src_port":43924,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2164,7 +2164,7 @@ 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":447,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686557322938004,"flow_src_last_pkt_time":1686557322938004,"flow_dst_last_pkt_time":1686557322938004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557322938004,"l3_proto":"ip4","src_ip":"191.184.52.78","dst_ip":"90.111.212.50","src_port":64609,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":445,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686556816084247,"flow_src_last_pkt_time":1686556816084247,"flow_dst_last_pkt_time":1686556816084247,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557322938004,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.111.212.50","src_port":43924,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":446,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686556919146434,"flow_src_last_pkt_time":1686556919146434,"flow_dst_last_pkt_time":1686556919146434,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557322938004,"l3_proto":"ip4","src_ip":"185.213.154.138","dst_ip":"165.114.202.61","src_port":52528,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Mullvad","proto_by_ip_id":348,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":454,"packets-processed":453,"total-skipped-flows":0,"total-l4-payload-len":23258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":447,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":447,"total-idle-flows":446,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2167,"global_ts_usec":1686557572392407} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":454,"packets-processed":453,"total-skipped-flows":0,"total-l4-payload-len":23258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":447,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":447,"total-idle-flows":446,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2167,"global_ts_usec":1686557572392407} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686557572392407,"flow_src_last_pkt_time":1686557572392407,"flow_dst_last_pkt_time":1686557572392407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557572392407,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"165.144.84.62","src_port":3597,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":448,"flow_packet_id":1,"flow_src_last_pkt_time":1686557572392407,"flow_dst_last_pkt_time":1686557572392407,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686557572392407,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+j2xAADMREeWnQdRQpZBUPg4NAasAKrsAAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686557572392407,"flow_src_last_pkt_time":1686557572392407,"flow_dst_last_pkt_time":1686557572392407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686557572392407,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"165.144.84.62","src_port":3597,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2173,7 +2173,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":449,"flow_packet_id":1,"flow_src_last_pkt_time":1686558124354447,"flow_dst_last_pkt_time":1686558124354447,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686558124354447,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+H7dAADMRgZO5PsRKpXLKPcU1AasAKgPRAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":455,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":449,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558124354447,"flow_src_last_pkt_time":1686558124354447,"flow_dst_last_pkt_time":1686558124354447,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558124354447,"l3_proto":"ip4","src_ip":"185.62.196.74","dst_ip":"165.114.202.61","src_port":50485,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":448,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686557572392407,"flow_src_last_pkt_time":1686557572392407,"flow_dst_last_pkt_time":1686557572392407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558124354447,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"165.144.84.62","src_port":3597,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":456,"packets-processed":455,"total-skipped-flows":0,"total-l4-payload-len":23326,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":449,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":449,"total-idle-flows":448,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2176,"global_ts_usec":1686558422116551} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":456,"packets-processed":455,"total-skipped-flows":0,"total-l4-payload-len":23326,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":449,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":449,"total-idle-flows":448,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2176,"global_ts_usec":1686558422116551} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558422116551,"flow_src_last_pkt_time":1686558422116551,"flow_dst_last_pkt_time":1686558422116551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558422116551,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"90.145.180.58","src_port":8856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":450,"flow_packet_id":1,"flow_src_last_pkt_time":1686558422116551,"flow_dst_last_pkt_time":1686558422116551,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686558422116551,"pkt":"bs1PogZtPJTVQTiBCABFAAA+YlBAADMRPwOnQdRQWpG0OiKYAasAKqZ3AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":456,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558422116551,"flow_src_last_pkt_time":1686558422116551,"flow_dst_last_pkt_time":1686558422116551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558422116551,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"90.145.180.58","src_port":8856,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2186,7 +2186,7 @@ 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":452,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558852064997,"flow_src_last_pkt_time":1686558852064997,"flow_dst_last_pkt_time":1686558852064997,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558852064997,"l3_proto":"ip4","src_ip":"64.64.43.81","dst_ip":"90.141.37.56","src_port":58560,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":451,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558440675193,"flow_src_last_pkt_time":1686558440675193,"flow_dst_last_pkt_time":1686558440675193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558852064997,"l3_proto":"ip4","src_ip":"65.70.43.75","dst_ip":"74.111.203.55","src_port":46615,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":450,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686558422116551,"flow_src_last_pkt_time":1686558422116551,"flow_dst_last_pkt_time":1686558422116551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686558852064997,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"90.145.180.58","src_port":8856,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":459,"packets-processed":458,"total-skipped-flows":0,"total-l4-payload-len":23428,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":452,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":452,"total-idle-flows":451,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2189,"global_ts_usec":1686559367388486} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":459,"packets-processed":458,"total-skipped-flows":0,"total-l4-payload-len":23428,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":452,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":452,"total-idle-flows":451,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2189,"global_ts_usec":1686559367388486} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559367388486,"flow_src_last_pkt_time":1686559367388486,"flow_dst_last_pkt_time":1686559367388486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559367388486,"l3_proto":"ip4","src_ip":"65.70.43.75","dst_ip":"85.111.52.57","src_port":24868,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":453,"flow_packet_id":1,"flow_src_last_pkt_time":1686559367388486,"flow_dst_last_pkt_time":1686559367388486,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686559367388486,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+tTJAADMR7B1BRitLVW80OWEkAasAKmfoAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559367388486,"flow_src_last_pkt_time":1686559367388486,"flow_dst_last_pkt_time":1686559367388486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559367388486,"l3_proto":"ip4","src_ip":"65.70.43.75","dst_ip":"85.111.52.57","src_port":24868,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2195,7 +2195,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":454,"flow_packet_id":1,"flow_src_last_pkt_time":1686559497105642,"flow_dst_last_pkt_time":1686559497105642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686559497105642,"pkt":"bpHurUgdPJTVQTiBCABFAAA+H+JAADMRgXenQdRQRW27Nj+eAasAKol3AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":454,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559497105642,"flow_src_last_pkt_time":1686559497105642,"flow_dst_last_pkt_time":1686559497105642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559497105642,"l3_proto":"ip4","src_ip":"167.65.212.80","dst_ip":"69.109.187.54","src_port":16286,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":453,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559367388486,"flow_src_last_pkt_time":1686559367388486,"flow_dst_last_pkt_time":1686559367388486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559497105642,"l3_proto":"ip4","src_ip":"65.70.43.75","dst_ip":"85.111.52.57","src_port":24868,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":461,"packets-processed":460,"total-skipped-flows":0,"total-l4-payload-len":23496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":454,"total-detection-updates":0,"total-updates":83,"current-active-flows":2,"total-active-flows":454,"total-idle-flows":452,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2198,"global_ts_usec":1686559998830359} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":461,"packets-processed":460,"total-skipped-flows":0,"total-l4-payload-len":23496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":454,"total-detection-updates":0,"total-updates":83,"current-active-flows":2,"total-active-flows":454,"total-idle-flows":452,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2198,"global_ts_usec":1686559998830359} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559998830359,"flow_src_last_pkt_time":1686559998830359,"flow_dst_last_pkt_time":1686559998830359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559998830359,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"74.111.203.55","src_port":2631,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":455,"flow_packet_id":1,"flow_src_last_pkt_time":1686559998830359,"flow_dst_last_pkt_time":1686559998830359,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686559998830359,"pkt":"ipffLU2SPJTVQTiBCABFAABLXmYAACYRdcAid3p+Sm\/LNwpHAasANyTyAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559998830359,"flow_src_last_pkt_time":1686559998830359,"flow_dst_last_pkt_time":1686559998830359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686559998830359,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"74.111.203.55","src_port":2631,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2205,7 +2205,7 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":456,"flow_packet_id":1,"flow_src_last_pkt_time":1686560166108940,"flow_dst_last_pkt_time":1686560166108940,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686560166108940,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXo\/TMphPpZBUPtg8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":456,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686560166108940,"flow_src_last_pkt_time":1686560166108940,"flow_dst_last_pkt_time":1686560166108940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686560166108940,"l3_proto":"ip4","src_ip":"211.50.152.79","dst_ip":"165.144.84.62","src_port":55356,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":455,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686559998830359,"flow_src_last_pkt_time":1686559998830359,"flow_dst_last_pkt_time":1686559998830359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686560166108940,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"74.111.203.55","src_port":2631,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":463,"packets-processed":462,"total-skipped-flows":0,"total-l4-payload-len":23572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":456,"total-detection-updates":0,"total-updates":84,"current-active-flows":2,"total-active-flows":456,"total-idle-flows":454,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2208,"global_ts_usec":1686560793652859} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":463,"packets-processed":462,"total-skipped-flows":0,"total-l4-payload-len":23572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":456,"total-detection-updates":0,"total-updates":84,"current-active-flows":2,"total-active-flows":456,"total-idle-flows":454,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2208,"global_ts_usec":1686560793652859} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686560793652859,"flow_src_last_pkt_time":1686560793652859,"flow_dst_last_pkt_time":1686560793652859,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686560793652859,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"186.112.202.53","src_port":45539,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":457,"flow_packet_id":1,"flow_src_last_pkt_time":1686560793652859,"flow_dst_last_pkt_time":1686560793652859,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686560793652859,"pkt":"xmjqc4OdPJTVQTiBCABFCAA11DEAAPERM36toQqtunDKNbHjAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":457,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686560793652859,"flow_src_last_pkt_time":1686560793652859,"flow_dst_last_pkt_time":1686560793652859,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686560793652859,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"186.112.202.53","src_port":45539,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2224,14 +2224,14 @@ 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561147477324,"flow_src_last_pkt_time":1686561147477324,"flow_dst_last_pkt_time":1686561147477324,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686561147477324,"l3_proto":"ip4","src_ip":"209.239.135.211","dst_ip":"85.111.52.57","src_port":55124,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561012661463,"flow_src_last_pkt_time":1686561012661463,"flow_dst_last_pkt_time":1686561012661463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686561147477324,"l3_proto":"ip4","src_ip":"88.185.36.86","dst_ip":"90.147.171.51","src_port":4763,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561057684079,"flow_src_last_pkt_time":1686561057684079,"flow_dst_last_pkt_time":1686561057684079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686561147477324,"l3_proto":"ip4","src_ip":"94.64.218.76","dst_ip":"186.112.202.53","src_port":16452,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":467,"packets-processed":466,"total-skipped-flows":0,"total-l4-payload-len":23694,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":460,"total-detection-updates":0,"total-updates":87,"current-active-flows":3,"total-active-flows":460,"total-idle-flows":457,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2227,"global_ts_usec":1686562035943293} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":467,"packets-processed":466,"total-skipped-flows":0,"total-l4-payload-len":23694,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":460,"total-detection-updates":0,"total-updates":87,"current-active-flows":3,"total-active-flows":460,"total-idle-flows":457,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2227,"global_ts_usec":1686562035943293} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686562035943293,"flow_src_last_pkt_time":1686562035943293,"flow_dst_last_pkt_time":1686562035943293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"90.145.180.58","src_port":58464,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":461,"flow_packet_id":1,"flow_src_last_pkt_time":1686562035943293,"flow_dst_last_pkt_time":1686562035943293,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686562035943293,"pkt":"bs1PogZtPJTVQTiBCABFAABLyDkAACcRCuPigHp2WpG0OuRgAasAN0rOAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":461,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686562035943293,"flow_src_last_pkt_time":1686562035943293,"flow_dst_last_pkt_time":1686562035943293,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"226.128.122.118","dst_ip":"90.145.180.58","src_port":58464,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":460,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561147477324,"flow_src_last_pkt_time":1686561147477324,"flow_dst_last_pkt_time":1686561147477324,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"209.239.135.211","dst_ip":"85.111.52.57","src_port":55124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":458,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561012661463,"flow_src_last_pkt_time":1686561012661463,"flow_dst_last_pkt_time":1686561012661463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"88.185.36.86","dst_ip":"90.147.171.51","src_port":4763,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":459,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686561057684079,"flow_src_last_pkt_time":1686561057684079,"flow_dst_last_pkt_time":1686561057684079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686562035943293,"l3_proto":"ip4","src_ip":"94.64.218.76","dst_ip":"186.112.202.53","src_port":16452,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":468,"packets-processed":467,"total-skipped-flows":0,"total-l4-payload-len":23741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":461,"total-detection-updates":0,"total-updates":87,"current-active-flows":1,"total-active-flows":461,"total-idle-flows":460,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2234,"global_ts_usec":1686565369552713} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":468,"packets-processed":467,"total-skipped-flows":0,"total-l4-payload-len":23741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":461,"total-detection-updates":0,"total-updates":87,"current-active-flows":1,"total-active-flows":461,"total-idle-flows":460,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2234,"global_ts_usec":1686565369552713} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565369552713,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686565369552713,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.114.202.61","src_port":51324,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_packet_id":1,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686565369552713,"pkt":"AAwp30Y4PJTVQTiBCABFAABL95AAACcR25EiZn14pXLKPch8AasAN2a4AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01079{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":468,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565369552713,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686565369552713,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.114.202.61","src_port":51324,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2240,13 +2240,13 @@ 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":463,"flow_packet_id":1,"flow_src_last_pkt_time":1686565439403208,"flow_dst_last_pkt_time":1686565439403208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686565439403208,"pkt":"AAwp30Y4PJTVQTiBCABFBAA11DEAAOURP3utoQqtpZBUPqVAAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565439403208,"flow_src_last_pkt_time":1686565439403208,"flow_dst_last_pkt_time":1686565439403208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686565439403208,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"165.144.84.62","src_port":42304,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01120{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565369552713,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686565439403208,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.114.202.61","src_port":51324,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":470,"packets-processed":469,"total-skipped-flows":0,"total-l4-payload-len":23813,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":463,"total-detection-updates":0,"total-updates":88,"current-active-flows":2,"total-active-flows":463,"total-idle-flows":461,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2243,"global_ts_usec":1686572533804714} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":470,"packets-processed":469,"total-skipped-flows":0,"total-l4-payload-len":23813,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":463,"total-detection-updates":0,"total-updates":88,"current-active-flows":2,"total-active-flows":463,"total-idle-flows":461,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2243,"global_ts_usec":1686572533804714} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686572533804714,"flow_src_last_pkt_time":1686572533804714,"flow_dst_last_pkt_time":1686572533804714,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686572533804714,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.145.180.58","src_port":53096,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":464,"flow_packet_id":1,"flow_src_last_pkt_time":1686572533804714,"flow_dst_last_pkt_time":1686572533804714,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686572533804714,"pkt":"bs1PogZtPJTVQTiBCABFCAA11DEAAPERM3mtoQqtWpG0Os9oAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":464,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686572533804714,"flow_src_last_pkt_time":1686572533804714,"flow_dst_last_pkt_time":1686572533804714,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686572533804714,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.145.180.58","src_port":53096,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":463,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565439403208,"flow_src_last_pkt_time":1686565439403208,"flow_dst_last_pkt_time":1686565439403208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686572533804714,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"165.144.84.62","src_port":42304,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":462,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686565369552713,"flow_src_last_pkt_time":1686565369552713,"flow_dst_last_pkt_time":1686565369552713,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686572533804714,"l3_proto":"ip4","src_ip":"34.102.125.120","dst_ip":"165.114.202.61","src_port":51324,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":471,"packets-processed":470,"total-skipped-flows":0,"total-l4-payload-len":23838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":464,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":464,"total-idle-flows":463,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2249,"global_ts_usec":1686582591141391} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":471,"packets-processed":470,"total-skipped-flows":0,"total-l4-payload-len":23838,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":464,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":464,"total-idle-flows":463,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2249,"global_ts_usec":1686582591141391} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686582591141391,"flow_src_last_pkt_time":1686582591141391,"flow_dst_last_pkt_time":1686582591141391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686582591141391,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"85.111.52.57","src_port":51824,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":465,"flow_packet_id":1,"flow_src_last_pkt_time":1686582591141391,"flow_dst_last_pkt_time":1686582591141391,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686582591141391,"pkt":"moT+\/Ph8PJTVQTiBCABFAAB+1DEAAPIRCxGGtJCVVW80OcpwAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":471,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":465,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686582591141391,"flow_src_last_pkt_time":1686582591141391,"flow_dst_last_pkt_time":1686582591141391,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686582591141391,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"85.111.52.57","src_port":51824,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2259,17 +2259,17 @@ 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":467,"flow_packet_id":1,"flow_src_last_pkt_time":1686583068043463,"flow_dst_last_pkt_time":1686583068043463,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686583068043463,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPIRpTYtg6GYWm\/UMuIEAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583068043463,"flow_src_last_pkt_time":1686583068043463,"flow_dst_last_pkt_time":1686583068043463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583068043463,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"90.111.212.50","src_port":57860,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":466,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686582817928624,"flow_src_last_pkt_time":1686582817928624,"flow_dst_last_pkt_time":1686582817928624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583068043463,"l3_proto":"ip4","src_ip":"236.131.162.157","dst_ip":"90.147.171.51","src_port":35531,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":474,"packets-processed":473,"total-skipped-flows":0,"total-l4-payload-len":24132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":467,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":467,"total-idle-flows":466,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2262,"global_ts_usec":1686583896993524} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":474,"packets-processed":473,"total-skipped-flows":0,"total-l4-payload-len":24132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":467,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":467,"total-idle-flows":466,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2262,"global_ts_usec":1686583896993524} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583896993524,"flow_src_last_pkt_time":1686583896993524,"flow_dst_last_pkt_time":1686583896993524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583896993524,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.141.37.56","src_port":60345,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":468,"flow_packet_id":1,"flow_src_last_pkt_time":1686583896993524,"flow_dst_last_pkt_time":1686583896993524,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686583896993524,"pkt":"3jHC4dyOPJTVQTiBCABFBAA11DEAAOURP4CtoQqtWo0lOOu5AasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583896993524,"flow_src_last_pkt_time":1686583896993524,"flow_dst_last_pkt_time":1686583896993524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583896993524,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.141.37.56","src_port":60345,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":467,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583068043463,"flow_src_last_pkt_time":1686583068043463,"flow_dst_last_pkt_time":1686583068043463,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686583896993524,"l3_proto":"ip4","src_ip":"45.131.161.152","dst_ip":"90.111.212.50","src_port":57860,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":475,"packets-processed":474,"total-skipped-flows":0,"total-l4-payload-len":24157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":468,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":468,"total-idle-flows":467,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2267,"global_ts_usec":1686585375283341} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":475,"packets-processed":474,"total-skipped-flows":0,"total-l4-payload-len":24157,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":468,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":468,"total-idle-flows":467,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2267,"global_ts_usec":1686585375283341} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686585375283341,"flow_src_last_pkt_time":1686585375283341,"flow_dst_last_pkt_time":1686585375283341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686585375283341,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"90.141.37.56","src_port":60624,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":469,"flow_packet_id":1,"flow_src_last_pkt_time":1686585375283341,"flow_dst_last_pkt_time":1686585375283341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686585375283341,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRpScQY5OSWo0lOOzQAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":469,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686585375283341,"flow_src_last_pkt_time":1686585375283341,"flow_dst_last_pkt_time":1686585375283341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686585375283341,"l3_proto":"ip4","src_ip":"16.99.147.146","dst_ip":"90.141.37.56","src_port":60624,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":468,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686583896993524,"flow_src_last_pkt_time":1686583896993524,"flow_dst_last_pkt_time":1686583896993524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686585375283341,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.141.37.56","src_port":60345,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":476,"packets-processed":475,"total-skipped-flows":0,"total-l4-payload-len":24255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":469,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":469,"total-idle-flows":468,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2272,"global_ts_usec":1686586012577392} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":476,"packets-processed":475,"total-skipped-flows":0,"total-l4-payload-len":24255,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":469,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":469,"total-idle-flows":468,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2272,"global_ts_usec":1686586012577392} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586012577392,"flow_src_last_pkt_time":1686586012577392,"flow_dst_last_pkt_time":1686586012577392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686586012577392,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":50595,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":470,"flow_packet_id":1,"flow_src_last_pkt_time":1686586012577392,"flow_dst_last_pkt_time":1686586012577392,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686586012577392,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPIRCwa2tHiLpZBUPsWjAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586012577392,"flow_src_last_pkt_time":1686586012577392,"flow_dst_last_pkt_time":1686586012577392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686586012577392,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":50595,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2278,22 +2278,22 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":471,"flow_packet_id":1,"flow_src_last_pkt_time":1686586604126248,"flow_dst_last_pkt_time":1686586604126248,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686586604126248,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpSUTY5OUpXLKPeRUAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586604126248,"flow_src_last_pkt_time":1686586604126248,"flow_dst_last_pkt_time":1686586604126248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686586604126248,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":58452,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":470,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586012577392,"flow_src_last_pkt_time":1686586012577392,"flow_dst_last_pkt_time":1686586012577392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686586604126248,"l3_proto":"ip4","src_ip":"182.180.120.139","dst_ip":"165.144.84.62","src_port":50595,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":478,"packets-processed":477,"total-skipped-flows":0,"total-l4-payload-len":24451,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":471,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":471,"total-idle-flows":470,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2281,"global_ts_usec":1686588963792964} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":478,"packets-processed":477,"total-skipped-flows":0,"total-l4-payload-len":24451,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":471,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":471,"total-idle-flows":470,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2281,"global_ts_usec":1686588963792964} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686588963792964,"flow_src_last_pkt_time":1686588963792964,"flow_dst_last_pkt_time":1686588963792964,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686588963792964,"l3_proto":"ip4","src_ip":"210.124.156.149","dst_ip":"69.109.187.54","src_port":52931,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":472,"flow_packet_id":1,"flow_src_last_pkt_time":1686588963792964,"flow_dst_last_pkt_time":1686588963792964,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686588963792964,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPIRpS3SfJyVRW27Ns7DAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686588963792964,"flow_src_last_pkt_time":1686588963792964,"flow_dst_last_pkt_time":1686588963792964,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686588963792964,"l3_proto":"ip4","src_ip":"210.124.156.149","dst_ip":"69.109.187.54","src_port":52931,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":471,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686586604126248,"flow_src_last_pkt_time":1686586604126248,"flow_dst_last_pkt_time":1686586604126248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686588963792964,"l3_proto":"ip4","src_ip":"19.99.147.148","dst_ip":"165.114.202.61","src_port":58452,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":479,"packets-processed":478,"total-skipped-flows":0,"total-l4-payload-len":24549,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":472,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":472,"total-idle-flows":471,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2286,"global_ts_usec":1686590370864320} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":479,"packets-processed":478,"total-skipped-flows":0,"total-l4-payload-len":24549,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":472,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":472,"total-idle-flows":471,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2286,"global_ts_usec":1686590370864320} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686590370864320,"flow_src_last_pkt_time":1686590370864320,"flow_dst_last_pkt_time":1686590370864320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686590370864320,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":57887,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":473,"flow_packet_id":1,"flow_src_last_pkt_time":1686590370864320,"flow_dst_last_pkt_time":1686590370864320,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686590370864320,"pkt":"xmjqc4OdPJTVQTiBCABFAAB+1DEAAPIRCxSGtJCVunDKNeIfAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":479,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686590370864320,"flow_src_last_pkt_time":1686590370864320,"flow_dst_last_pkt_time":1686590370864320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686590370864320,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":57887,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":472,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686588963792964,"flow_src_last_pkt_time":1686588963792964,"flow_dst_last_pkt_time":1686588963792964,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686590370864320,"l3_proto":"ip4","src_ip":"210.124.156.149","dst_ip":"69.109.187.54","src_port":52931,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":480,"packets-processed":479,"total-skipped-flows":0,"total-l4-payload-len":24647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":473,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":473,"total-idle-flows":472,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2291,"global_ts_usec":1686591026824273} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":480,"packets-processed":479,"total-skipped-flows":0,"total-l4-payload-len":24647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":473,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":473,"total-idle-flows":472,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2291,"global_ts_usec":1686591026824273} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591026824273,"flow_src_last_pkt_time":1686591026824273,"flow_dst_last_pkt_time":1686591026824273,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591026824273,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"74.111.203.55","src_port":56968,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":474,"flow_packet_id":1,"flow_src_last_pkt_time":1686591026824273,"flow_dst_last_pkt_time":1686591026824273,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686591026824273,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAO0RD9G4tKjwSm\/LN96IAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":480,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":474,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591026824273,"flow_src_last_pkt_time":1686591026824273,"flow_dst_last_pkt_time":1686591026824273,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591026824273,"l3_proto":"ip4","src_ip":"184.180.168.240","dst_ip":"74.111.203.55","src_port":56968,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":473,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686590370864320,"flow_src_last_pkt_time":1686590370864320,"flow_dst_last_pkt_time":1686590370864320,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591026824273,"l3_proto":"ip4","src_ip":"134.180.144.149","dst_ip":"186.112.202.53","src_port":57887,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":481,"packets-processed":480,"total-skipped-flows":0,"total-l4-payload-len":24745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":474,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":474,"total-idle-flows":473,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2296,"global_ts_usec":1686591654230904} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":481,"packets-processed":480,"total-skipped-flows":0,"total-l4-payload-len":24745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":474,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":474,"total-idle-flows":473,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2296,"global_ts_usec":1686591654230904} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591654230904,"flow_src_last_pkt_time":1686591654230904,"flow_dst_last_pkt_time":1686591654230904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591654230904,"l3_proto":"ip4","src_ip":"16.131.191.144","dst_ip":"90.145.180.58","src_port":57563,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":475,"flow_packet_id":1,"flow_src_last_pkt_time":1686591654230904,"flow_dst_last_pkt_time":1686591654230904,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686591654230904,"pkt":"bs1PogZtPJTVQTiBCABFAAB+1DEAAPIRpSYQg7+QWpG0OuDbAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591654230904,"flow_src_last_pkt_time":1686591654230904,"flow_dst_last_pkt_time":1686591654230904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686591654230904,"l3_proto":"ip4","src_ip":"16.131.191.144","dst_ip":"90.145.180.58","src_port":57563,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2302,27 +2302,27 @@ 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":476,"flow_packet_id":1,"flow_src_last_pkt_time":1686592164666841,"flow_dst_last_pkt_time":1686592164666841,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686592164666841,"pkt":"AAwp30Y4PJTVQTiBCABFCAA11DEAAPERM3atoQqtpXLKPYGrAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592164666841,"flow_src_last_pkt_time":1686592164666841,"flow_dst_last_pkt_time":1686592164666841,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592164666841,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"165.114.202.61","src_port":33195,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":475,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686591654230904,"flow_src_last_pkt_time":1686591654230904,"flow_dst_last_pkt_time":1686591654230904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592164666841,"l3_proto":"ip4","src_ip":"16.131.191.144","dst_ip":"90.145.180.58","src_port":57563,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":483,"packets-processed":482,"total-skipped-flows":0,"total-l4-payload-len":24868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":476,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":476,"total-idle-flows":475,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2305,"global_ts_usec":1686592363602889} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":483,"packets-processed":482,"total-skipped-flows":0,"total-l4-payload-len":24868,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":476,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":476,"total-idle-flows":475,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2305,"global_ts_usec":1686592363602889} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592363602889,"flow_src_last_pkt_time":1686592363602889,"flow_dst_last_pkt_time":1686592363602889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592363602889,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.147.171.51","src_port":48688,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":477,"flow_packet_id":1,"flow_src_last_pkt_time":1686592363602889,"flow_dst_last_pkt_time":1686592363602889,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686592363602889,"pkt":"AAwp30Y4PJTVQTiBCABFCAA11DEAAPERM4KtoQqtWpOrM74wAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592363602889,"flow_src_last_pkt_time":1686592363602889,"flow_dst_last_pkt_time":1686592363602889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592363602889,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.147.171.51","src_port":48688,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":476,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592164666841,"flow_src_last_pkt_time":1686592164666841,"flow_dst_last_pkt_time":1686592164666841,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686592363602889,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"165.114.202.61","src_port":33195,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":484,"packets-processed":483,"total-skipped-flows":0,"total-l4-payload-len":24893,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":477,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":477,"total-idle-flows":476,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2310,"global_ts_usec":1686596322335333} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":484,"packets-processed":483,"total-skipped-flows":0,"total-l4-payload-len":24893,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":477,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":477,"total-idle-flows":476,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2310,"global_ts_usec":1686596322335333} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686596322335333,"flow_src_last_pkt_time":1686596322335333,"flow_dst_last_pkt_time":1686596322335333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686596322335333,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"165.144.84.62","src_port":41269,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":478,"flow_packet_id":1,"flow_src_last_pkt_time":1686596322335333,"flow_dst_last_pkt_time":1686596322335333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686596322335333,"pkt":"AAwp30Y4PJTVQTiBCABFCABLns0AACQRJZHnJlLdpZBUPqE1AasAN3xDAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686596322335333,"flow_src_last_pkt_time":1686596322335333,"flow_dst_last_pkt_time":1686596322335333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686596322335333,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"165.144.84.62","src_port":41269,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":477,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686592363602889,"flow_src_last_pkt_time":1686592363602889,"flow_dst_last_pkt_time":1686592363602889,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686596322335333,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"90.147.171.51","src_port":48688,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":485,"packets-processed":484,"total-skipped-flows":0,"total-l4-payload-len":24940,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":478,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":478,"total-idle-flows":477,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2315,"global_ts_usec":1686602955779893} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":485,"packets-processed":484,"total-skipped-flows":0,"total-l4-payload-len":24940,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":478,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":478,"total-idle-flows":477,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2315,"global_ts_usec":1686602955779893} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686602955779893,"flow_src_last_pkt_time":1686602955779893,"flow_dst_last_pkt_time":1686602955779893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686602955779893,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":14173,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":479,"flow_packet_id":1,"flow_src_last_pkt_time":1686602955779893,"flow_dst_last_pkt_time":1686602955779893,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686602955779893,"pkt":"bpHurUgdPJTVQTiBCABFCABLVG4AACIRdj0j\/EVxRW27NjddAasAN+poAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686602955779893,"flow_src_last_pkt_time":1686602955779893,"flow_dst_last_pkt_time":1686602955779893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686602955779893,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":14173,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":478,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686596322335333,"flow_src_last_pkt_time":1686596322335333,"flow_dst_last_pkt_time":1686596322335333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686602955779893,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"165.144.84.62","src_port":41269,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":486,"packets-processed":485,"total-skipped-flows":0,"total-l4-payload-len":24987,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":479,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":479,"total-idle-flows":478,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2320,"global_ts_usec":1686608660321945} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":486,"packets-processed":485,"total-skipped-flows":0,"total-l4-payload-len":24987,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":479,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":479,"total-idle-flows":478,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2320,"global_ts_usec":1686608660321945} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686608660321945,"flow_src_last_pkt_time":1686608660321945,"flow_dst_last_pkt_time":1686608660321945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686608660321945,"l3_proto":"ip4","src_ip":"173.19.223.218","dst_ip":"85.111.52.57","src_port":54527,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":480,"flow_packet_id":1,"flow_src_last_pkt_time":1686608660321945,"flow_dst_last_pkt_time":1686608660321945,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686608660321945,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPoRXtitE9\/aVW80OdT\/AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":480,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686608660321945,"flow_src_last_pkt_time":1686608660321945,"flow_dst_last_pkt_time":1686608660321945,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686608660321945,"l3_proto":"ip4","src_ip":"173.19.223.218","dst_ip":"85.111.52.57","src_port":54527,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":479,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686602955779893,"flow_src_last_pkt_time":1686602955779893,"flow_dst_last_pkt_time":1686602955779893,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686608660321945,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"69.109.187.54","src_port":14173,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":487,"packets-processed":486,"total-skipped-flows":0,"total-l4-payload-len":25016,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":480,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":480,"total-idle-flows":479,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2325,"global_ts_usec":1686612659801075} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":487,"packets-processed":486,"total-skipped-flows":0,"total-l4-payload-len":25016,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":480,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":480,"total-idle-flows":479,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2325,"global_ts_usec":1686612659801075} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686612659801075,"flow_src_last_pkt_time":1686612659801075,"flow_dst_last_pkt_time":1686612659801075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686612659801075,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"90.145.180.58","src_port":52104,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":481,"flow_packet_id":1,"flow_src_last_pkt_time":1686612659801075,"flow_dst_last_pkt_time":1686612659801075,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686612659801075,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPoRXtrQ8\/jUWpG0OsuIAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686612659801075,"flow_src_last_pkt_time":1686612659801075,"flow_dst_last_pkt_time":1686612659801075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686612659801075,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"90.145.180.58","src_port":52104,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2331,12 +2331,12 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":488,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":482,"flow_packet_id":1,"flow_src_last_pkt_time":1686613204876638,"flow_dst_last_pkt_time":1686613204876638,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686613204876638,"pkt":"AAwp30Y4PJTVQTiBCABFCABL8UEAACIR2W0nO4t5pXLKPUanAasAN9siAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":488,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686613204876638,"flow_src_last_pkt_time":1686613204876638,"flow_dst_last_pkt_time":1686613204876638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686613204876638,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"165.114.202.61","src_port":18087,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":481,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686612659801075,"flow_src_last_pkt_time":1686612659801075,"flow_dst_last_pkt_time":1686612659801075,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686613204876638,"l3_proto":"ip4","src_ip":"208.243.248.212","dst_ip":"90.145.180.58","src_port":52104,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":489,"packets-processed":488,"total-skipped-flows":0,"total-l4-payload-len":25092,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":482,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":482,"total-idle-flows":481,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2334,"global_ts_usec":1686615481954219} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":489,"packets-processed":488,"total-skipped-flows":0,"total-l4-payload-len":25092,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":482,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":482,"total-idle-flows":481,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2334,"global_ts_usec":1686615481954219} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686615481954219,"flow_src_last_pkt_time":1686615481954219,"flow_dst_last_pkt_time":1686615481954219,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686615481954219,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"69.109.187.54","src_port":33095,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":483,"flow_packet_id":1,"flow_src_last_pkt_time":1686615481954219,"flow_dst_last_pkt_time":1686615481954219,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686615481954219,"pkt":"bpHurUgdPJTVQTiBCABFCAA11DEAAPERM3+toQqtRW27NoFHAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":483,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686615481954219,"flow_src_last_pkt_time":1686615481954219,"flow_dst_last_pkt_time":1686615481954219,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686615481954219,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"69.109.187.54","src_port":33095,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":482,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686613204876638,"flow_src_last_pkt_time":1686613204876638,"flow_dst_last_pkt_time":1686613204876638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686615481954219,"l3_proto":"ip4","src_ip":"39.59.139.121","dst_ip":"165.114.202.61","src_port":18087,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":490,"packets-processed":489,"total-skipped-flows":0,"total-l4-payload-len":25117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":483,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":483,"total-idle-flows":482,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2339,"global_ts_usec":1686616634395567} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":490,"packets-processed":489,"total-skipped-flows":0,"total-l4-payload-len":25117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":483,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":483,"total-idle-flows":482,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2339,"global_ts_usec":1686616634395567} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686616634395567,"flow_src_last_pkt_time":1686616634395567,"flow_dst_last_pkt_time":1686616634395567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686616634395567,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"85.111.52.57","src_port":42481,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":484,"flow_packet_id":1,"flow_src_last_pkt_time":1686616634395567,"flow_dst_last_pkt_time":1686616634395567,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686616634395567,"pkt":"moT+\/Ph8PJTVQTiBCABFBAA11DEAAOURP3+toQqtVW80OaXxAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686616634395567,"flow_src_last_pkt_time":1686616634395567,"flow_dst_last_pkt_time":1686616634395567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686616634395567,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"85.111.52.57","src_port":42481,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2345,12 +2345,12 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":485,"flow_packet_id":1,"flow_src_last_pkt_time":1686617105964842,"flow_dst_last_pkt_time":1686617105964842,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686617105964842,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbgVG0kSqWm\/UMsPJAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686617105964842,"flow_src_last_pkt_time":1686617105964842,"flow_dst_last_pkt_time":1686617105964842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686617105964842,"l3_proto":"ip4","src_ip":"70.210.68.170","dst_ip":"90.111.212.50","src_port":50121,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":484,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686616634395567,"flow_src_last_pkt_time":1686616634395567,"flow_dst_last_pkt_time":1686616634395567,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686617105964842,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"85.111.52.57","src_port":42481,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":492,"packets-processed":491,"total-skipped-flows":0,"total-l4-payload-len":25171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":485,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":485,"total-idle-flows":484,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2348,"global_ts_usec":1686621073847677} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":492,"packets-processed":491,"total-skipped-flows":0,"total-l4-payload-len":25171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":485,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":485,"total-idle-flows":484,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2348,"global_ts_usec":1686621073847677} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621073847677,"flow_src_last_pkt_time":1686621073847677,"flow_dst_last_pkt_time":1686621073847677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621073847677,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.145.180.58","src_port":51729,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":486,"flow_packet_id":1,"flow_src_last_pkt_time":1686621073847677,"flow_dst_last_pkt_time":1686621073847677,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686621073847677,"pkt":"bs1PogZtPJTVQTiBCABFCABLfhMAACIRTJ3jx1p6WpG0OsoRAasAN1e5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":486,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621073847677,"flow_src_last_pkt_time":1686621073847677,"flow_dst_last_pkt_time":1686621073847677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621073847677,"l3_proto":"ip4","src_ip":"227.199.90.122","dst_ip":"90.145.180.58","src_port":51729,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":485,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686617105964842,"flow_src_last_pkt_time":1686617105964842,"flow_dst_last_pkt_time":1686617105964842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621073847677,"l3_proto":"ip4","src_ip":"70.210.68.170","dst_ip":"90.111.212.50","src_port":50121,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":493,"packets-processed":492,"total-skipped-flows":0,"total-l4-payload-len":25218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":486,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":486,"total-idle-flows":485,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2353,"global_ts_usec":1686621999752750} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":493,"packets-processed":492,"total-skipped-flows":0,"total-l4-payload-len":25218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":486,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":486,"total-idle-flows":485,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2353,"global_ts_usec":1686621999752750} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621999752750,"flow_src_last_pkt_time":1686621999752750,"flow_dst_last_pkt_time":1686621999752750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621999752750,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"74.111.203.55","src_port":56820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":487,"flow_packet_id":1,"flow_src_last_pkt_time":1686621999752750,"flow_dst_last_pkt_time":1686621999752750,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686621999752750,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbdmh54D1Sm\/LN930AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621999752750,"flow_src_last_pkt_time":1686621999752750,"flow_dst_last_pkt_time":1686621999752750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686621999752750,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"74.111.203.55","src_port":56820,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2359,22 +2359,22 @@ 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":488,"flow_packet_id":1,"flow_src_last_pkt_time":1686622450094352,"flow_dst_last_pkt_time":1686622450094352,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1686622450094352,"pkt":"ipffLU2SPJTVQTiBCABFBAA11DEAAOURP4StoQqtSm\/LN9dbAasAIQAAAQkAGQAAZW4AA5T9AAD\/\/wAHZGVmYXVsdA=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686622450094352,"flow_src_last_pkt_time":1686622450094352,"flow_dst_last_pkt_time":1686622450094352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686622450094352,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"74.111.203.55","src_port":55131,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":487,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686621999752750,"flow_src_last_pkt_time":1686621999752750,"flow_dst_last_pkt_time":1686621999752750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686622450094352,"l3_proto":"ip4","src_ip":"161.231.128.245","dst_ip":"74.111.203.55","src_port":56820,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":495,"packets-processed":494,"total-skipped-flows":0,"total-l4-payload-len":25272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":488,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":488,"total-idle-flows":487,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2362,"global_ts_usec":1686623052095688} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":495,"packets-processed":494,"total-skipped-flows":0,"total-l4-payload-len":25272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":488,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":488,"total-idle-flows":487,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2362,"global_ts_usec":1686623052095688} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623052095688,"flow_src_last_pkt_time":1686623052095688,"flow_dst_last_pkt_time":1686623052095688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623052095688,"l3_proto":"ip4","src_ip":"99.199.77.211","dst_ip":"165.114.202.61","src_port":14222,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":489,"flow_packet_id":1,"flow_src_last_pkt_time":1686623052095688,"flow_dst_last_pkt_time":1686623052095688,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686623052095688,"pkt":"AAwp30Y4PJTVQTiBCABFCABLa\/IAACQRWHZjx03TpXLKPTeOAasAN+X0AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623052095688,"flow_src_last_pkt_time":1686623052095688,"flow_dst_last_pkt_time":1686623052095688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623052095688,"l3_proto":"ip4","src_ip":"99.199.77.211","dst_ip":"165.114.202.61","src_port":14222,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":488,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686622450094352,"flow_src_last_pkt_time":1686622450094352,"flow_dst_last_pkt_time":1686622450094352,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623052095688,"l3_proto":"ip4","src_ip":"173.161.10.173","dst_ip":"74.111.203.55","src_port":55131,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":496,"packets-processed":495,"total-skipped-flows":0,"total-l4-payload-len":25319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":489,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":489,"total-idle-flows":488,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2367,"global_ts_usec":1686623787230359} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":496,"packets-processed":495,"total-skipped-flows":0,"total-l4-payload-len":25319,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":489,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":489,"total-idle-flows":488,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2367,"global_ts_usec":1686623787230359} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623787230359,"flow_src_last_pkt_time":1686623787230359,"flow_dst_last_pkt_time":1686623787230359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623787230359,"l3_proto":"ip4","src_ip":"222.41.7.222","dst_ip":"90.147.171.51","src_port":55970,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":490,"flow_packet_id":1,"flow_src_last_pkt_time":1686623787230359,"flow_dst_last_pkt_time":1686623787230359,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686623787230359,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbcPeKQfeWpOrM9qiAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623787230359,"flow_src_last_pkt_time":1686623787230359,"flow_dst_last_pkt_time":1686623787230359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623787230359,"l3_proto":"ip4","src_ip":"222.41.7.222","dst_ip":"90.147.171.51","src_port":55970,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":489,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623052095688,"flow_src_last_pkt_time":1686623052095688,"flow_dst_last_pkt_time":1686623052095688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686623787230359,"l3_proto":"ip4","src_ip":"99.199.77.211","dst_ip":"165.114.202.61","src_port":14222,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":497,"packets-processed":496,"total-skipped-flows":0,"total-l4-payload-len":25348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":490,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":490,"total-idle-flows":489,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2372,"global_ts_usec":1686625900350760} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":497,"packets-processed":496,"total-skipped-flows":0,"total-l4-payload-len":25348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":490,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":490,"total-idle-flows":489,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2372,"global_ts_usec":1686625900350760} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686625900350760,"flow_src_last_pkt_time":1686625900350760,"flow_dst_last_pkt_time":1686625900350760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686625900350760,"l3_proto":"ip4","src_ip":"89.28.95.249","dst_ip":"165.144.84.62","src_port":56710,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":491,"flow_packet_id":1,"flow_src_last_pkt_time":1686625900350760,"flow_dst_last_pkt_time":1686625900350760,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686625900350760,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbc1ZHF\/5pZBUPt2GAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":491,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686625900350760,"flow_src_last_pkt_time":1686625900350760,"flow_dst_last_pkt_time":1686625900350760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686625900350760,"l3_proto":"ip4","src_ip":"89.28.95.249","dst_ip":"165.144.84.62","src_port":56710,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":490,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686623787230359,"flow_src_last_pkt_time":1686623787230359,"flow_dst_last_pkt_time":1686623787230359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686625900350760,"l3_proto":"ip4","src_ip":"222.41.7.222","dst_ip":"90.147.171.51","src_port":55970,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":498,"packets-processed":497,"total-skipped-flows":0,"total-l4-payload-len":25377,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":491,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":491,"total-idle-flows":490,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2377,"global_ts_usec":1686628530442979} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":498,"packets-processed":497,"total-skipped-flows":0,"total-l4-payload-len":25377,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":491,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":491,"total-idle-flows":490,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2377,"global_ts_usec":1686628530442979} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686628530442979,"flow_src_last_pkt_time":1686628530442979,"flow_dst_last_pkt_time":1686628530442979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686628530442979,"l3_proto":"ip4","src_ip":"85.47.224.171","dst_ip":"74.111.203.55","src_port":16312,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":492,"flow_packet_id":1,"flow_src_last_pkt_time":1686628530442979,"flow_dst_last_pkt_time":1686628530442979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686628530442979,"pkt":"ipffLU2SPJTVQTiBCABFAAA+QgFAADQR6spVL+CrSm\/LNz+4AasAKhXQAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":492,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686628530442979,"flow_src_last_pkt_time":1686628530442979,"flow_dst_last_pkt_time":1686628530442979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686628530442979,"l3_proto":"ip4","src_ip":"85.47.224.171","dst_ip":"74.111.203.55","src_port":16312,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2387,12 +2387,12 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":494,"flow_packet_id":1,"flow_src_last_pkt_time":1686629067407805,"flow_dst_last_pkt_time":1686629067407805,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686629067407805,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+joxAADQRnjdKjiiuWo0lOCkgAasAKixgAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":500,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629067407805,"flow_src_last_pkt_time":1686629067407805,"flow_dst_last_pkt_time":1686629067407805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629067407805,"l3_proto":"ip4","src_ip":"74.142.40.174","dst_ip":"90.141.37.56","src_port":10528,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":493,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686628814387687,"flow_src_last_pkt_time":1686628814387687,"flow_dst_last_pkt_time":1686628814387687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629067407805,"l3_proto":"ip4","src_ip":"85.47.224.171","dst_ip":"165.144.84.62","src_port":46040,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":501,"packets-processed":500,"total-skipped-flows":0,"total-l4-payload-len":25479,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":494,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":494,"total-idle-flows":493,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2390,"global_ts_usec":1686629318462692} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":501,"packets-processed":500,"total-skipped-flows":0,"total-l4-payload-len":25479,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":494,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":494,"total-idle-flows":493,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2390,"global_ts_usec":1686629318462692} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629318462692,"flow_src_last_pkt_time":1686629318462692,"flow_dst_last_pkt_time":1686629318462692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629318462692,"l3_proto":"ip4","src_ip":"85.174.88.154","dst_ip":"69.109.187.54","src_port":20504,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":495,"flow_packet_id":1,"flow_src_last_pkt_time":1686629318462692,"flow_dst_last_pkt_time":1686629318462692,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686629318462692,"pkt":"bpHurUgdPJTVQTiBCABFAAA+O+VAADQR8QlVrliaRW27NlAYAasAKgWTAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":495,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629318462692,"flow_src_last_pkt_time":1686629318462692,"flow_dst_last_pkt_time":1686629318462692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629318462692,"l3_proto":"ip4","src_ip":"85.174.88.154","dst_ip":"69.109.187.54","src_port":20504,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":494,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629067407805,"flow_src_last_pkt_time":1686629067407805,"flow_dst_last_pkt_time":1686629067407805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629318462692,"l3_proto":"ip4","src_ip":"74.142.40.174","dst_ip":"90.141.37.56","src_port":10528,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":502,"packets-processed":501,"total-skipped-flows":0,"total-l4-payload-len":25513,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":495,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":495,"total-idle-flows":494,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2395,"global_ts_usec":1686629919351142} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":502,"packets-processed":501,"total-skipped-flows":0,"total-l4-payload-len":25513,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":495,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":495,"total-idle-flows":494,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2395,"global_ts_usec":1686629919351142} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629919351142,"flow_src_last_pkt_time":1686629919351142,"flow_dst_last_pkt_time":1686629919351142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629919351142,"l3_proto":"ip4","src_ip":"170.238.168.143","dst_ip":"85.111.52.57","src_port":62476,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":496,"flow_packet_id":1,"flow_src_last_pkt_time":1686629919351142,"flow_dst_last_pkt_time":1686629919351142,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686629919351142,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+qEdAADQRhJOq7qiPVW80OfQMAasAKmGKAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":496,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686629919351142,"flow_src_last_pkt_time":1686629919351142,"flow_dst_last_pkt_time":1686629919351142,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686629919351142,"l3_proto":"ip4","src_ip":"170.238.168.143","dst_ip":"85.111.52.57","src_port":62476,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2408,29 +2408,29 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":499,"flow_packet_id":1,"flow_src_last_pkt_time":1686630458164673,"flow_dst_last_pkt_time":1686630458164673,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686630458164673,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+D4ZAADQRHSyq8yi6pXLKPYrIAasAKsqlAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630458164673,"flow_src_last_pkt_time":1686630458164673,"flow_dst_last_pkt_time":1686630458164673,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630458164673,"l3_proto":"ip4","src_ip":"170.243.40.186","dst_ip":"165.114.202.61","src_port":35528,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630406259808,"flow_src_last_pkt_time":1686630406259808,"flow_dst_last_pkt_time":1686630406259808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630458164673,"l3_proto":"ip4","src_ip":"170.18.87.162","dst_ip":"186.112.202.53","src_port":58469,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":506,"packets-processed":505,"total-skipped-flows":0,"total-l4-payload-len":25649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":499,"total-detection-updates":0,"total-updates":89,"current-active-flows":3,"total-active-flows":499,"total-idle-flows":496,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2411,"global_ts_usec":1686630725136169} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":506,"packets-processed":505,"total-skipped-flows":0,"total-l4-payload-len":25649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":499,"total-detection-updates":0,"total-updates":89,"current-active-flows":3,"total-active-flows":499,"total-idle-flows":496,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2411,"global_ts_usec":1686630725136169} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630725136169,"flow_src_last_pkt_time":1686630725136169,"flow_dst_last_pkt_time":1686630725136169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"74.239.16.156","dst_ip":"90.145.180.58","src_port":46464,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":500,"flow_packet_id":1,"flow_src_last_pkt_time":1686630725136169,"flow_dst_last_pkt_time":1686630725136169,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686630725136169,"pkt":"bs1PogZtPJTVQTiBCABFAAA+gpBAADQRqlxK7xCcWpG0OrWAAasAKqAoAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630725136169,"flow_src_last_pkt_time":1686630725136169,"flow_dst_last_pkt_time":1686630725136169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"74.239.16.156","dst_ip":"90.145.180.58","src_port":46464,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":498,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630430100534,"flow_src_last_pkt_time":1686630430100534,"flow_dst_last_pkt_time":1686630430100534,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"85.47.224.171","dst_ip":"90.111.212.50","src_port":16312,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":497,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630406259808,"flow_src_last_pkt_time":1686630406259808,"flow_dst_last_pkt_time":1686630406259808,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"170.18.87.162","dst_ip":"186.112.202.53","src_port":58469,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":499,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630458164673,"flow_src_last_pkt_time":1686630458164673,"flow_dst_last_pkt_time":1686630458164673,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686630725136169,"l3_proto":"ip4","src_ip":"170.243.40.186","dst_ip":"165.114.202.61","src_port":35528,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":507,"packets-processed":506,"total-skipped-flows":0,"total-l4-payload-len":25683,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":500,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":500,"total-idle-flows":499,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2418,"global_ts_usec":1686633699223089} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":507,"packets-processed":506,"total-skipped-flows":0,"total-l4-payload-len":25683,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":500,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":500,"total-idle-flows":499,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2418,"global_ts_usec":1686633699223089} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686633699223089,"flow_src_last_pkt_time":1686633699223089,"flow_dst_last_pkt_time":1686633699223089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686633699223089,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":46588,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":501,"flow_packet_id":1,"flow_src_last_pkt_time":1686633699223089,"flow_dst_last_pkt_time":1686633699223089,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686633699223089,"pkt":"AAwp30Y4PJTVQTiBCABFCABL7LwAACIR3egjAGRzpZBUPrX8AasAN2vDAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":507,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686633699223089,"flow_src_last_pkt_time":1686633699223089,"flow_dst_last_pkt_time":1686633699223089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686633699223089,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":46588,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":500,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686630725136169,"flow_src_last_pkt_time":1686630725136169,"flow_dst_last_pkt_time":1686630725136169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686633699223089,"l3_proto":"ip4","src_ip":"74.239.16.156","dst_ip":"90.145.180.58","src_port":46464,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":508,"packets-processed":507,"total-skipped-flows":0,"total-l4-payload-len":25730,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":501,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":501,"total-idle-flows":500,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2423,"global_ts_usec":1686635615867515} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":508,"packets-processed":507,"total-skipped-flows":0,"total-l4-payload-len":25730,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":501,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":501,"total-idle-flows":500,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2423,"global_ts_usec":1686635615867515} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686635615867515,"flow_src_last_pkt_time":1686635615867515,"flow_dst_last_pkt_time":1686635615867515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686635615867515,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.147.171.51","src_port":17542,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":502,"flow_packet_id":1,"flow_src_last_pkt_time":1686635615867515,"flow_dst_last_pkt_time":1686635615867515,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686635615867515,"pkt":"AAwp30Y4PJTVQTiBCABFCABLHKcAACQRp8jjhlHUWpOrM0SGAasAN9kDAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686635615867515,"flow_src_last_pkt_time":1686635615867515,"flow_dst_last_pkt_time":1686635615867515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686635615867515,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.147.171.51","src_port":17542,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":501,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686633699223089,"flow_src_last_pkt_time":1686633699223089,"flow_dst_last_pkt_time":1686633699223089,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686635615867515,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"165.144.84.62","src_port":46588,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":509,"packets-processed":508,"total-skipped-flows":0,"total-l4-payload-len":25777,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":502,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":502,"total-idle-flows":501,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2428,"global_ts_usec":1686645708313834} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":509,"packets-processed":508,"total-skipped-flows":0,"total-l4-payload-len":25777,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":502,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":502,"total-idle-flows":501,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2428,"global_ts_usec":1686645708313834} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686645708313834,"flow_src_last_pkt_time":1686645708313834,"flow_dst_last_pkt_time":1686645708313834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686645708313834,"l3_proto":"ip4","src_ip":"93.36.35.136","dst_ip":"165.114.202.61","src_port":56600,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":503,"flow_packet_id":1,"flow_src_last_pkt_time":1686645708313834,"flow_dst_last_pkt_time":1686645708313834,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686645708313834,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbhVdJCOIpXLKPd0YAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":503,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686645708313834,"flow_src_last_pkt_time":1686645708313834,"flow_dst_last_pkt_time":1686645708313834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686645708313834,"l3_proto":"ip4","src_ip":"93.36.35.136","dst_ip":"165.114.202.61","src_port":56600,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":502,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686635615867515,"flow_src_last_pkt_time":1686635615867515,"flow_dst_last_pkt_time":1686635615867515,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686645708313834,"l3_proto":"ip4","src_ip":"227.134.81.212","dst_ip":"90.147.171.51","src_port":17542,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":510,"packets-processed":509,"total-skipped-flows":0,"total-l4-payload-len":25806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":503,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":503,"total-idle-flows":502,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2433,"global_ts_usec":1686648509180305} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":510,"packets-processed":509,"total-skipped-flows":0,"total-l4-payload-len":25806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":503,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":503,"total-idle-flows":502,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2433,"global_ts_usec":1686648509180305} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648509180305,"flow_src_last_pkt_time":1686648509180305,"flow_dst_last_pkt_time":1686648509180305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686648509180305,"l3_proto":"ip4","src_ip":"76.50.135.245","dst_ip":"90.141.37.56","src_port":51836,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":504,"flow_packet_id":1,"flow_src_last_pkt_time":1686648509180305,"flow_dst_last_pkt_time":1686648509180305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686648509180305,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPoRXu5MMof1Wo0lOMp8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648509180305,"flow_src_last_pkt_time":1686648509180305,"flow_dst_last_pkt_time":1686648509180305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686648509180305,"l3_proto":"ip4","src_ip":"76.50.135.245","dst_ip":"90.141.37.56","src_port":51836,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2439,17 +2439,17 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":505,"flow_packet_id":1,"flow_src_last_pkt_time":1686648822385793,"flow_dst_last_pkt_time":1686648822385793,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686648822385793,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRbOVFJOfmRW27NthOAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":511,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648822385793,"flow_src_last_pkt_time":1686648822385793,"flow_dst_last_pkt_time":1686648822385793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686648822385793,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"69.109.187.54","src_port":55374,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":504,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648509180305,"flow_src_last_pkt_time":1686648509180305,"flow_dst_last_pkt_time":1686648509180305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686648822385793,"l3_proto":"ip4","src_ip":"76.50.135.245","dst_ip":"90.141.37.56","src_port":51836,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":512,"packets-processed":511,"total-skipped-flows":0,"total-l4-payload-len":25864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":505,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":505,"total-idle-flows":504,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2442,"global_ts_usec":1686659729108378} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":512,"packets-processed":511,"total-skipped-flows":0,"total-l4-payload-len":25864,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":505,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":505,"total-idle-flows":504,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2442,"global_ts_usec":1686659729108378} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686659729108378,"flow_src_last_pkt_time":1686659729108378,"flow_dst_last_pkt_time":1686659729108378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686659729108378,"l3_proto":"ip4","src_ip":"122.122.167.9","dst_ip":"90.141.37.56","src_port":43646,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":506,"flow_packet_id":1,"flow_src_last_pkt_time":1686659729108378,"flow_dst_last_pkt_time":1686659729108378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686659729108378,"pkt":"3jHC4dyOPJTVQTiBCABFCABSFQsAAO0Rd7F6eqcJWo0lOKp+AasAPpZZAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":512,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686659729108378,"flow_src_last_pkt_time":1686659729108378,"flow_dst_last_pkt_time":1686659729108378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686659729108378,"l3_proto":"ip4","src_ip":"122.122.167.9","dst_ip":"90.141.37.56","src_port":43646,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":505,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686648822385793,"flow_src_last_pkt_time":1686648822385793,"flow_dst_last_pkt_time":1686648822385793,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686659729108378,"l3_proto":"ip4","src_ip":"69.36.231.230","dst_ip":"69.109.187.54","src_port":55374,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":513,"packets-processed":512,"total-skipped-flows":0,"total-l4-payload-len":25918,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":506,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":506,"total-idle-flows":505,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2447,"global_ts_usec":1686665626336271} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":513,"packets-processed":512,"total-skipped-flows":0,"total-l4-payload-len":25918,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":506,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":506,"total-idle-flows":505,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2447,"global_ts_usec":1686665626336271} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686665626336271,"flow_src_last_pkt_time":1686665626336271,"flow_dst_last_pkt_time":1686665626336271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686665626336271,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":48498,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":507,"flow_packet_id":1,"flow_src_last_pkt_time":1686665626336271,"flow_dst_last_pkt_time":1686665626336271,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686665626336271,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPb1yAasAJSz9AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":507,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686665626336271,"flow_src_last_pkt_time":1686665626336271,"flow_dst_last_pkt_time":1686665626336271,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686665626336271,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":48498,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":506,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686659729108378,"flow_src_last_pkt_time":1686659729108378,"flow_dst_last_pkt_time":1686659729108378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686665626336271,"l3_proto":"ip4","src_ip":"122.122.167.9","dst_ip":"90.141.37.56","src_port":43646,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":514,"packets-processed":513,"total-skipped-flows":0,"total-l4-payload-len":25947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":507,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":507,"total-idle-flows":506,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2452,"global_ts_usec":1686666893687687} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":514,"packets-processed":513,"total-skipped-flows":0,"total-l4-payload-len":25947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":507,"total-detection-updates":0,"total-updates":89,"current-active-flows":1,"total-active-flows":507,"total-idle-flows":506,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2452,"global_ts_usec":1686666893687687} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686666893687687,"flow_src_last_pkt_time":1686666893687687,"flow_dst_last_pkt_time":1686666893687687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686666893687687,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":35848,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":508,"flow_packet_id":1,"flow_src_last_pkt_time":1686666893687687,"flow_dst_last_pkt_time":1686666893687687,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686666893687687,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPURKLTIH5CeWpG0OowIAasAJV5qAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686666893687687,"flow_src_last_pkt_time":1686666893687687,"flow_dst_last_pkt_time":1686666893687687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686666893687687,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":35848,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2458,7 +2458,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":509,"flow_packet_id":1,"flow_src_last_pkt_time":1686666997632966,"flow_dst_last_pkt_time":1686666997632966,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686666997632966,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27NpV4AasAJVUAAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":515,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":509,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686666997632966,"flow_src_last_pkt_time":1686666997632966,"flow_dst_last_pkt_time":1686666997632966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686666997632966,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":38264,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":508,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686666893687687,"flow_src_last_pkt_time":1686666893687687,"flow_dst_last_pkt_time":1686666893687687,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686666997632966,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.145.180.58","src_port":35848,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":516,"packets-processed":515,"total-skipped-flows":0,"total-l4-payload-len":26005,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":509,"total-detection-updates":0,"total-updates":90,"current-active-flows":2,"total-active-flows":509,"total-idle-flows":507,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2461,"global_ts_usec":1686668729813725} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":516,"packets-processed":515,"total-skipped-flows":0,"total-l4-payload-len":26005,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":509,"total-detection-updates":0,"total-updates":90,"current-active-flows":2,"total-active-flows":509,"total-idle-flows":507,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2461,"global_ts_usec":1686668729813725} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686668729813725,"flow_src_last_pkt_time":1686668729813725,"flow_dst_last_pkt_time":1686668729813725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686668729813725,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":49404,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":510,"flow_packet_id":1,"flow_src_last_pkt_time":1686668729813725,"flow_dst_last_pkt_time":1686668729813725,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686668729813725,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPURKLbIH5CeVW80OcD8AasAJSl4AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686668729813725,"flow_src_last_pkt_time":1686668729813725,"flow_dst_last_pkt_time":1686668729813725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686668729813725,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":49404,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2468,7 +2468,7 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":511,"flow_packet_id":1,"flow_src_last_pkt_time":1686668903038990,"flow_dst_last_pkt_time":1686668903038990,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686668903038990,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPMRpTfvg6CYWpOrM57NAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":517,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":511,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686668903038990,"flow_src_last_pkt_time":1686668903038990,"flow_dst_last_pkt_time":1686668903038990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686668903038990,"l3_proto":"ip4","src_ip":"239.131.160.152","dst_ip":"90.147.171.51","src_port":40653,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":510,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686668729813725,"flow_src_last_pkt_time":1686668729813725,"flow_dst_last_pkt_time":1686668729813725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686668903038990,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"85.111.52.57","src_port":49404,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":518,"packets-processed":517,"total-skipped-flows":0,"total-l4-payload-len":26132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":511,"total-detection-updates":0,"total-updates":91,"current-active-flows":2,"total-active-flows":511,"total-idle-flows":509,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2471,"global_ts_usec":1686669522645622} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":518,"packets-processed":517,"total-skipped-flows":0,"total-l4-payload-len":26132,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":511,"total-detection-updates":0,"total-updates":91,"current-active-flows":2,"total-active-flows":511,"total-idle-flows":509,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2471,"global_ts_usec":1686669522645622} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686669522645622,"flow_src_last_pkt_time":1686669522645622,"flow_dst_last_pkt_time":1686669522645622,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686669522645622,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":33216,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":512,"flow_packet_id":1,"flow_src_last_pkt_time":1686669522645622,"flow_dst_last_pkt_time":1686669522645622,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686669522645622,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPoHAAasAJWiwAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":512,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686669522645622,"flow_src_last_pkt_time":1686669522645622,"flow_dst_last_pkt_time":1686669522645622,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686669522645622,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":33216,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2481,7 +2481,7 @@ 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":520,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686669802055928,"flow_src_last_pkt_time":1686669802055928,"flow_dst_last_pkt_time":1686669802055928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686669802055928,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"74.111.203.55","src_port":51278,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":520,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":514,"flow_packet_id":1,"flow_src_last_pkt_time":1686669802055928,"flow_dst_last_pkt_time":1686669802055928,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686669802055928,"pkt":"ipffLU2SPJTVQTiBCABFAAB+1DEAAPIRpSnthLCISm\/LN8hOAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":520,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":514,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686669802055928,"flow_src_last_pkt_time":1686669802055928,"flow_dst_last_pkt_time":1686669802055928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686669802055928,"l3_proto":"ip4","src_ip":"237.132.176.136","dst_ip":"74.111.203.55","src_port":51278,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":521,"packets-processed":520,"total-skipped-flows":0,"total-l4-payload-len":26288,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":514,"total-detection-updates":0,"total-updates":91,"current-active-flows":2,"total-active-flows":514,"total-idle-flows":512,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2484,"global_ts_usec":1686670236730839} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":521,"packets-processed":520,"total-skipped-flows":0,"total-l4-payload-len":26288,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":514,"total-detection-updates":0,"total-updates":91,"current-active-flows":2,"total-active-flows":514,"total-idle-flows":512,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2484,"global_ts_usec":1686670236730839} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686670236730839,"flow_src_last_pkt_time":1686670236730839,"flow_dst_last_pkt_time":1686670236730839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686670236730839,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"186.112.202.53","src_port":50377,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":515,"flow_packet_id":1,"flow_src_last_pkt_time":1686670236730839,"flow_dst_last_pkt_time":1686670236730839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686670236730839,"pkt":"xmjqc4OdPJTVQTiBCABFAAB+1DEAAPMRCZP2S2hzunDKNcTJAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":515,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686670236730839,"flow_src_last_pkt_time":1686670236730839,"flow_dst_last_pkt_time":1686670236730839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686670236730839,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"186.112.202.53","src_port":50377,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2495,7 +2495,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":517,"flow_packet_id":1,"flow_src_last_pkt_time":1686670830957645,"flow_dst_last_pkt_time":1686670830957645,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686670830957645,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPURKLnIH5CeunDKNbxnAasAJS4QAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":523,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":517,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686670830957645,"flow_src_last_pkt_time":1686670830957645,"flow_dst_last_pkt_time":1686670830957645,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686670830957645,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"186.112.202.53","src_port":48231,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":516,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686670733471596,"flow_src_last_pkt_time":1686670733471596,"flow_dst_last_pkt_time":1686670733471596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686670830957645,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"165.144.84.62","src_port":51457,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":524,"packets-processed":523,"total-skipped-flows":0,"total-l4-payload-len":26513,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":517,"total-detection-updates":0,"total-updates":92,"current-active-flows":2,"total-active-flows":517,"total-idle-flows":515,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2498,"global_ts_usec":1686671088394461} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":524,"packets-processed":523,"total-skipped-flows":0,"total-l4-payload-len":26513,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":517,"total-detection-updates":0,"total-updates":92,"current-active-flows":2,"total-active-flows":517,"total-idle-flows":515,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2498,"global_ts_usec":1686671088394461} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671088394461,"flow_src_last_pkt_time":1686671088394461,"flow_dst_last_pkt_time":1686671088394461,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686671088394461,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":55658,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":518,"flow_packet_id":1,"flow_src_last_pkt_time":1686671088394461,"flow_dst_last_pkt_time":1686671088394461,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686671088394461,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN9lqAasAJREPAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671088394461,"flow_src_last_pkt_time":1686671088394461,"flow_dst_last_pkt_time":1686671088394461,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686671088394461,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":55658,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2505,12 +2505,12 @@ 00647{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":519,"flow_packet_id":1,"flow_src_last_pkt_time":1686671667122633,"flow_dst_last_pkt_time":1686671667122633,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686671667122633,"pkt":"AAwp30Y4PJTVQTiBCABFAAB+1DEAAPARDNFGtG\/xWm\/UMuPMAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671667122633,"flow_src_last_pkt_time":1686671667122633,"flow_dst_last_pkt_time":1686671667122633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686671667122633,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.111.212.50","src_port":58316,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":518,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671088394461,"flow_src_last_pkt_time":1686671088394461,"flow_dst_last_pkt_time":1686671088394461,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686671667122633,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":55658,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":526,"packets-processed":525,"total-skipped-flows":0,"total-l4-payload-len":26640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":519,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":519,"total-idle-flows":518,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2508,"global_ts_usec":1686672644862134} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":526,"packets-processed":525,"total-skipped-flows":0,"total-l4-payload-len":26640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":519,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":519,"total-idle-flows":518,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2508,"global_ts_usec":1686672644862134} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686672644862134,"flow_src_last_pkt_time":1686672644862134,"flow_dst_last_pkt_time":1686672644862134,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686672644862134,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":45270,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":520,"flow_packet_id":1,"flow_src_last_pkt_time":1686672644862134,"flow_dst_last_pkt_time":1686672644862134,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686672644862134,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMrDWAasAJTmkAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":520,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686672644862134,"flow_src_last_pkt_time":1686672644862134,"flow_dst_last_pkt_time":1686672644862134,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686672644862134,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":45270,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":519,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686671667122633,"flow_src_last_pkt_time":1686671667122633,"flow_dst_last_pkt_time":1686671667122633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686672644862134,"l3_proto":"ip4","src_ip":"70.180.111.241","dst_ip":"90.111.212.50","src_port":58316,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":527,"packets-processed":526,"total-skipped-flows":0,"total-l4-payload-len":26669,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":520,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":520,"total-idle-flows":519,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2513,"global_ts_usec":1686675995117787} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":527,"packets-processed":526,"total-skipped-flows":0,"total-l4-payload-len":26669,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":520,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":520,"total-idle-flows":519,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2513,"global_ts_usec":1686675995117787} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675995117787,"flow_src_last_pkt_time":1686675995117787,"flow_dst_last_pkt_time":1686675995117787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675995117787,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"69.109.187.54","src_port":54554,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":521,"flow_packet_id":1,"flow_src_last_pkt_time":1686675995117787,"flow_dst_last_pkt_time":1686675995117787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686675995117787,"pkt":"bpHurUgdPJTVQTiBCABFAAB+1DEAAPMRCZPItJByRW27NtUaAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":527,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":521,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686675995117787,"flow_src_last_pkt_time":1686675995117787,"flow_dst_last_pkt_time":1686675995117787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686675995117787,"l3_proto":"ip4","src_ip":"200.180.144.114","dst_ip":"69.109.187.54","src_port":54554,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2523,43 +2523,43 @@ 00645{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":523,"flow_packet_id":1,"flow_src_last_pkt_time":1686676562888350,"flow_dst_last_pkt_time":1686676562888350,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":1686676562888350,"pkt":"3jHC4dyOPJTVQTiBCABFAAB+1DEAAPMRCZH2S2hzWo0lOOAVAasAagAAAgMAAGJAAAAAAIgRAAJlbgABLAAVc2xwVGVzdDovL3Rlc3Q6MzEzMzcvAAApc2xwVGVzdDovL3Rlc3Q6MzEzMzcvYWFhYWFhYWFhYWFhYWFhYWFhYWEAB2RlZmF1bHQAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686676562888350,"flow_src_last_pkt_time":1686676562888350,"flow_dst_last_pkt_time":1686676562888350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686676562888350,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":57365,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686676477972093,"flow_src_last_pkt_time":1686676477972093,"flow_dst_last_pkt_time":1686676477972093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686676562888350,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"85.111.52.57","src_port":56229,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":530,"packets-processed":529,"total-skipped-flows":0,"total-l4-payload-len":26963,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":523,"total-detection-updates":0,"total-updates":93,"current-active-flows":2,"total-active-flows":523,"total-idle-flows":521,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2526,"global_ts_usec":1686680332589205} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":530,"packets-processed":529,"total-skipped-flows":0,"total-l4-payload-len":26963,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":523,"total-detection-updates":0,"total-updates":93,"current-active-flows":2,"total-active-flows":523,"total-idle-flows":521,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2526,"global_ts_usec":1686680332589205} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686680332589205,"flow_src_last_pkt_time":1686680332589205,"flow_dst_last_pkt_time":1686680332589205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686680332589205,"l3_proto":"ip4","src_ip":"194.23.249.243","dst_ip":"74.111.203.55","src_port":54741,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":524,"flow_packet_id":1,"flow_src_last_pkt_time":1686680332589205,"flow_dst_last_pkt_time":1686680332589205,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686680332589205,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbdzCF\/nzSm\/LN9XVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686680332589205,"flow_src_last_pkt_time":1686680332589205,"flow_dst_last_pkt_time":1686680332589205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686680332589205,"l3_proto":"ip4","src_ip":"194.23.249.243","dst_ip":"74.111.203.55","src_port":54741,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":522,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686676477972093,"flow_src_last_pkt_time":1686676477972093,"flow_dst_last_pkt_time":1686676477972093,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686680332589205,"l3_proto":"ip4","src_ip":"208.123.176.154","dst_ip":"85.111.52.57","src_port":56229,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":523,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686676562888350,"flow_src_last_pkt_time":1686676562888350,"flow_dst_last_pkt_time":1686676562888350,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686680332589205,"l3_proto":"ip4","src_ip":"246.75.104.115","dst_ip":"90.141.37.56","src_port":57365,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":531,"packets-processed":530,"total-skipped-flows":0,"total-l4-payload-len":26992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":524,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":524,"total-idle-flows":523,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2532,"global_ts_usec":1686682695732816} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":531,"packets-processed":530,"total-skipped-flows":0,"total-l4-payload-len":26992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":524,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":524,"total-idle-flows":523,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2532,"global_ts_usec":1686682695732816} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686682695732816,"flow_src_last_pkt_time":1686682695732816,"flow_dst_last_pkt_time":1686682695732816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686682695732816,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"165.144.84.62","src_port":53358,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":525,"flow_packet_id":1,"flow_src_last_pkt_time":1686682695732816,"flow_dst_last_pkt_time":1686682695732816,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686682695732816,"pkt":"AAwp30Y4PJTVQTiBCABFAABL3fsAACcR9RylgP10pZBUPtBuAasAN168AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686682695732816,"flow_src_last_pkt_time":1686682695732816,"flow_dst_last_pkt_time":1686682695732816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686682695732816,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"165.144.84.62","src_port":53358,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":524,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686680332589205,"flow_src_last_pkt_time":1686680332589205,"flow_dst_last_pkt_time":1686680332589205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686682695732816,"l3_proto":"ip4","src_ip":"194.23.249.243","dst_ip":"74.111.203.55","src_port":54741,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":532,"packets-processed":531,"total-skipped-flows":0,"total-l4-payload-len":27039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":525,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":525,"total-idle-flows":524,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2537,"global_ts_usec":1686684959984610} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":532,"packets-processed":531,"total-skipped-flows":0,"total-l4-payload-len":27039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":525,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":525,"total-idle-flows":524,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2537,"global_ts_usec":1686684959984610} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686684959984610,"flow_src_last_pkt_time":1686684959984610,"flow_dst_last_pkt_time":1686684959984610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686684959984610,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"186.112.202.53","src_port":11982,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":526,"flow_packet_id":1,"flow_src_last_pkt_time":1686684959984610,"flow_dst_last_pkt_time":1686684959984610,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686684959984610,"pkt":"xmjqc4OdPJTVQTiBCABFAABLbxIAACcRZBadePx7unDKNS7OAasANwBtAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01074{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686684959984610,"flow_src_last_pkt_time":1686684959984610,"flow_dst_last_pkt_time":1686684959984610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686684959984610,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"186.112.202.53","src_port":11982,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":525,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686682695732816,"flow_src_last_pkt_time":1686682695732816,"flow_dst_last_pkt_time":1686682695732816,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686684959984610,"l3_proto":"ip4","src_ip":"165.128.253.116","dst_ip":"165.144.84.62","src_port":53358,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":533,"packets-processed":532,"total-skipped-flows":0,"total-l4-payload-len":27086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":526,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":526,"total-idle-flows":525,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2542,"global_ts_usec":1686700828543151} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":533,"packets-processed":532,"total-skipped-flows":0,"total-l4-payload-len":27086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":526,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":526,"total-idle-flows":525,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2542,"global_ts_usec":1686700828543151} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686700828543151,"flow_src_last_pkt_time":1686700828543151,"flow_dst_last_pkt_time":1686700828543151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686700828543151,"l3_proto":"ip4","src_ip":"79.210.95.146","dst_ip":"165.114.202.61","src_port":54728,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":527,"flow_packet_id":1,"flow_src_last_pkt_time":1686700828543151,"flow_dst_last_pkt_time":1686700828543151,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686700828543151,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRYDBP0l+SpXLKPdXIAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686700828543151,"flow_src_last_pkt_time":1686700828543151,"flow_dst_last_pkt_time":1686700828543151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686700828543151,"l3_proto":"ip4","src_ip":"79.210.95.146","dst_ip":"165.114.202.61","src_port":54728,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":526,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686684959984610,"flow_src_last_pkt_time":1686684959984610,"flow_dst_last_pkt_time":1686684959984610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686700828543151,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"186.112.202.53","src_port":11982,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":534,"packets-processed":533,"total-skipped-flows":0,"total-l4-payload-len":27115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":527,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":527,"total-idle-flows":526,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2547,"global_ts_usec":1686703749016048} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":534,"packets-processed":533,"total-skipped-flows":0,"total-l4-payload-len":27115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":527,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":527,"total-idle-flows":526,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2547,"global_ts_usec":1686703749016048} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686703749016048,"flow_src_last_pkt_time":1686703749016048,"flow_dst_last_pkt_time":1686703749016048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686703749016048,"l3_proto":"ip4","src_ip":"185.31.153.50","dst_ip":"186.112.202.53","src_port":50851,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":528,"flow_packet_id":1,"flow_src_last_pkt_time":1686703749016048,"flow_dst_last_pkt_time":1686703749016048,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686703749016048,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPoRbFq5H5kyunDKNcajAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686703749016048,"flow_src_last_pkt_time":1686703749016048,"flow_dst_last_pkt_time":1686703749016048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686703749016048,"l3_proto":"ip4","src_ip":"185.31.153.50","dst_ip":"186.112.202.53","src_port":50851,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":527,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686700828543151,"flow_src_last_pkt_time":1686700828543151,"flow_dst_last_pkt_time":1686700828543151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686703749016048,"l3_proto":"ip4","src_ip":"79.210.95.146","dst_ip":"165.114.202.61","src_port":54728,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":535,"packets-processed":534,"total-skipped-flows":0,"total-l4-payload-len":27144,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":528,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":528,"total-idle-flows":527,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2552,"global_ts_usec":1686704612212174} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":535,"packets-processed":534,"total-skipped-flows":0,"total-l4-payload-len":27144,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":528,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":528,"total-idle-flows":527,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2552,"global_ts_usec":1686704612212174} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686704612212174,"flow_src_last_pkt_time":1686704612212174,"flow_dst_last_pkt_time":1686704612212174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686704612212174,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"90.141.37.56","src_port":34795,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":529,"flow_packet_id":1,"flow_src_last_pkt_time":1686704612212174,"flow_dst_last_pkt_time":1686704612212174,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686704612212174,"pkt":"3jHC4dyOPJTVQTiBCABFAABLT2YAACcRg7wid3p+Wo0lOIfrAasAN6dJAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686704612212174,"flow_src_last_pkt_time":1686704612212174,"flow_dst_last_pkt_time":1686704612212174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686704612212174,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"90.141.37.56","src_port":34795,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":528,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686703749016048,"flow_src_last_pkt_time":1686703749016048,"flow_dst_last_pkt_time":1686703749016048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686704612212174,"l3_proto":"ip4","src_ip":"185.31.153.50","dst_ip":"186.112.202.53","src_port":50851,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":536,"packets-processed":535,"total-skipped-flows":0,"total-l4-payload-len":27191,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":529,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":529,"total-idle-flows":528,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2557,"global_ts_usec":1686705292730193} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":536,"packets-processed":535,"total-skipped-flows":0,"total-l4-payload-len":27191,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":529,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":529,"total-idle-flows":528,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2557,"global_ts_usec":1686705292730193} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686705292730193,"flow_src_last_pkt_time":1686705292730193,"flow_dst_last_pkt_time":1686705292730193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686705292730193,"l3_proto":"ip4","src_ip":"253.112.232.91","dst_ip":"69.109.187.54","src_port":40051,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":530,"flow_packet_id":1,"flow_src_last_pkt_time":1686705292730193,"flow_dst_last_pkt_time":1686705292730193,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686705292730193,"pkt":"bpHurUgdPJTVQTiBCABFAABSlN0AAPMR8Cz9cOhbRW27NpxzAasAPqKqAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":536,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":530,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686705292730193,"flow_src_last_pkt_time":1686705292730193,"flow_dst_last_pkt_time":1686705292730193,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686705292730193,"l3_proto":"ip4","src_ip":"253.112.232.91","dst_ip":"69.109.187.54","src_port":40051,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":529,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686704612212174,"flow_src_last_pkt_time":1686704612212174,"flow_dst_last_pkt_time":1686704612212174,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686705292730193,"l3_proto":"ip4","src_ip":"34.119.122.126","dst_ip":"90.141.37.56","src_port":34795,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":537,"packets-processed":536,"total-skipped-flows":0,"total-l4-payload-len":27245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":530,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":530,"total-idle-flows":529,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2562,"global_ts_usec":1686709262177735} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":537,"packets-processed":536,"total-skipped-flows":0,"total-l4-payload-len":27245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":530,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":530,"total-idle-flows":529,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2562,"global_ts_usec":1686709262177735} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686709262177735,"flow_src_last_pkt_time":1686709262177735,"flow_dst_last_pkt_time":1686709262177735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686709262177735,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":47719,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":531,"flow_packet_id":1,"flow_src_last_pkt_time":1686709262177735,"flow_dst_last_pkt_time":1686709262177735,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686709262177735,"pkt":"AAwp30Y4PJTVQTiBCABFAABLpjwAACcRLOViZ\/1zWm\/UMrpnAasAN3TMAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686709262177735,"flow_src_last_pkt_time":1686709262177735,"flow_dst_last_pkt_time":1686709262177735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686709262177735,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":47719,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2568,7 +2568,7 @@ 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":532,"flow_packet_id":1,"flow_src_last_pkt_time":1686709804807056,"flow_dst_last_pkt_time":1686709804807056,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686709804807056,"pkt":"ipffLU2SPJTVQTiBCABFCABL1UgAACER9mnk\/1R3Sm\/LN\/BTAasANzF5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":532,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686709804807056,"flow_src_last_pkt_time":1686709804807056,"flow_dst_last_pkt_time":1686709804807056,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686709804807056,"l3_proto":"ip4","src_ip":"228.255.84.119","dst_ip":"74.111.203.55","src_port":61523,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":531,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686709262177735,"flow_src_last_pkt_time":1686709262177735,"flow_dst_last_pkt_time":1686709262177735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686709804807056,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"90.111.212.50","src_port":47719,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":539,"packets-processed":538,"total-skipped-flows":0,"total-l4-payload-len":27339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":532,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":532,"total-idle-flows":531,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2571,"global_ts_usec":1686713625992470} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":539,"packets-processed":538,"total-skipped-flows":0,"total-l4-payload-len":27339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":532,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":532,"total-idle-flows":531,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2571,"global_ts_usec":1686713625992470} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713625992470,"flow_src_last_pkt_time":1686713625992470,"flow_dst_last_pkt_time":1686713625992470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686713625992470,"l3_proto":"ip4","src_ip":"178.240.255.34","dst_ip":"69.109.187.54","src_port":54964,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":533,"flow_packet_id":1,"flow_src_last_pkt_time":1686713625992470,"flow_dst_last_pkt_time":1686713625992470,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686713625992470,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRXoSy8P8iRW27Nta0AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":539,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713625992470,"flow_src_last_pkt_time":1686713625992470,"flow_dst_last_pkt_time":1686713625992470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686713625992470,"l3_proto":"ip4","src_ip":"178.240.255.34","dst_ip":"69.109.187.54","src_port":54964,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2577,12 +2577,12 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":534,"flow_packet_id":1,"flow_src_last_pkt_time":1686713856291158,"flow_dst_last_pkt_time":1686713856291158,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686713856291158,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRbY1Z7HpkWpG0OsrWAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":540,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713856291158,"flow_src_last_pkt_time":1686713856291158,"flow_dst_last_pkt_time":1686713856291158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686713856291158,"l3_proto":"ip4","src_ip":"89.236.122.100","dst_ip":"90.145.180.58","src_port":51926,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":533,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713625992470,"flow_src_last_pkt_time":1686713625992470,"flow_dst_last_pkt_time":1686713625992470,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686713856291158,"l3_proto":"ip4","src_ip":"178.240.255.34","dst_ip":"69.109.187.54","src_port":54964,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":541,"packets-processed":540,"total-skipped-flows":0,"total-l4-payload-len":27397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":534,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":534,"total-idle-flows":533,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2580,"global_ts_usec":1686714599962630} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":541,"packets-processed":540,"total-skipped-flows":0,"total-l4-payload-len":27397,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":534,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":534,"total-idle-flows":533,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2580,"global_ts_usec":1686714599962630} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686714599962630,"flow_src_last_pkt_time":1686714599962630,"flow_dst_last_pkt_time":1686714599962630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686714599962630,"l3_proto":"ip4","src_ip":"154.129.123.124","dst_ip":"69.109.187.54","src_port":35057,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":535,"flow_packet_id":1,"flow_src_last_pkt_time":1686714599962630,"flow_dst_last_pkt_time":1686714599962630,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686714599962630,"pkt":"bpHurUgdPJTVQTiBCABFAABLYvQAACcRcDOagXt8RW27NojxAasAN6ZIAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":535,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686714599962630,"flow_src_last_pkt_time":1686714599962630,"flow_dst_last_pkt_time":1686714599962630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686714599962630,"l3_proto":"ip4","src_ip":"154.129.123.124","dst_ip":"69.109.187.54","src_port":35057,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":534,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686713856291158,"flow_src_last_pkt_time":1686713856291158,"flow_dst_last_pkt_time":1686713856291158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686714599962630,"l3_proto":"ip4","src_ip":"89.236.122.100","dst_ip":"90.145.180.58","src_port":51926,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":542,"packets-processed":541,"total-skipped-flows":0,"total-l4-payload-len":27444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":535,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":535,"total-idle-flows":534,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2585,"global_ts_usec":1686715614560571} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":542,"packets-processed":541,"total-skipped-flows":0,"total-l4-payload-len":27444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":535,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":535,"total-idle-flows":534,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2585,"global_ts_usec":1686715614560571} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686715614560571,"flow_src_last_pkt_time":1686715614560571,"flow_dst_last_pkt_time":1686715614560571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686715614560571,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.111.212.50","src_port":61013,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":536,"flow_packet_id":1,"flow_src_last_pkt_time":1686715614560571,"flow_dst_last_pkt_time":1686715614560571,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686715614560571,"pkt":"AAwp30Y4PJTVQTiBCABFCABLxe4AACIRBL8j\/EVxWm\/UMu5VAasANzNyAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686715614560571,"flow_src_last_pkt_time":1686715614560571,"flow_dst_last_pkt_time":1686715614560571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686715614560571,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.111.212.50","src_port":61013,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2591,7 +2591,7 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":537,"flow_packet_id":1,"flow_src_last_pkt_time":1686716172395855,"flow_dst_last_pkt_time":1686716172395855,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686716172395855,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbTxe0sIfVW80OdC4AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":537,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686716172395855,"flow_src_last_pkt_time":1686716172395855,"flow_dst_last_pkt_time":1686716172395855,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686716172395855,"l3_proto":"ip4","src_ip":"94.210.194.31","dst_ip":"85.111.52.57","src_port":53432,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":536,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686715614560571,"flow_src_last_pkt_time":1686715614560571,"flow_dst_last_pkt_time":1686715614560571,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686716172395855,"l3_proto":"ip4","src_ip":"35.252.69.113","dst_ip":"90.111.212.50","src_port":61013,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":544,"packets-processed":543,"total-skipped-flows":0,"total-l4-payload-len":27520,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":537,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":537,"total-idle-flows":536,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2594,"global_ts_usec":1686717273049688} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":544,"packets-processed":543,"total-skipped-flows":0,"total-l4-payload-len":27520,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":537,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":537,"total-idle-flows":536,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2594,"global_ts_usec":1686717273049688} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717273049688,"flow_src_last_pkt_time":1686717273049688,"flow_dst_last_pkt_time":1686717273049688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686717273049688,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"90.111.212.50","src_port":16953,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":538,"flow_packet_id":1,"flow_src_last_pkt_time":1686717273049688,"flow_dst_last_pkt_time":1686717273049688,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686717273049688,"pkt":"AAwp30Y4PJTVQTiBCABFCABLtG0AACQRD\/vnJlLdWm\/UMkI5AasAN9tJAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717273049688,"flow_src_last_pkt_time":1686717273049688,"flow_dst_last_pkt_time":1686717273049688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686717273049688,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"90.111.212.50","src_port":16953,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2600,12 +2600,12 @@ 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":539,"flow_packet_id":1,"flow_src_last_pkt_time":1686717773171081,"flow_dst_last_pkt_time":1686717773171081,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686717773171081,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLaxoAACQRWUtYH27bVW80OZqoAasAN4LXAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717773171081,"flow_src_last_pkt_time":1686717773171081,"flow_dst_last_pkt_time":1686717773171081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686717773171081,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"85.111.52.57","src_port":39592,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":538,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717273049688,"flow_src_last_pkt_time":1686717273049688,"flow_dst_last_pkt_time":1686717273049688,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686717773171081,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"90.111.212.50","src_port":16953,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":546,"packets-processed":545,"total-skipped-flows":0,"total-l4-payload-len":27614,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":539,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":539,"total-idle-flows":538,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2603,"global_ts_usec":1686720855584550} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":546,"packets-processed":545,"total-skipped-flows":0,"total-l4-payload-len":27614,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":539,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":539,"total-idle-flows":538,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2603,"global_ts_usec":1686720855584550} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686720855584550,"flow_src_last_pkt_time":1686720855584550,"flow_dst_last_pkt_time":1686720855584550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686720855584550,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"69.109.187.54","src_port":4034,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":540,"flow_packet_id":1,"flow_src_last_pkt_time":1686720855584550,"flow_dst_last_pkt_time":1686720855584550,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686720855584550,"pkt":"bpHurUgdPJTVQTiBCABFCABLQSYAACQRg0fn33nVRW27Ng\/CAasANw3GAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":540,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686720855584550,"flow_src_last_pkt_time":1686720855584550,"flow_dst_last_pkt_time":1686720855584550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686720855584550,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"69.109.187.54","src_port":4034,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":539,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686717773171081,"flow_src_last_pkt_time":1686717773171081,"flow_dst_last_pkt_time":1686717773171081,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686720855584550,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"85.111.52.57","src_port":39592,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":547,"packets-processed":546,"total-skipped-flows":0,"total-l4-payload-len":27661,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":540,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":540,"total-idle-flows":539,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2608,"global_ts_usec":1686722365950548} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":547,"packets-processed":546,"total-skipped-flows":0,"total-l4-payload-len":27661,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":540,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":540,"total-idle-flows":539,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2608,"global_ts_usec":1686722365950548} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722365950548,"flow_src_last_pkt_time":1686722365950548,"flow_dst_last_pkt_time":1686722365950548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722365950548,"l3_proto":"ip4","src_ip":"64.63.36.139","dst_ip":"165.114.202.61","src_port":49841,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":541,"flow_packet_id":1,"flow_src_last_pkt_time":1686722365950548,"flow_dst_last_pkt_time":1686722365950548,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686722365950548,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+bGJAADQRNItAPySLpXLKPcKxAasAKgb4AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":541,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722365950548,"flow_src_last_pkt_time":1686722365950548,"flow_dst_last_pkt_time":1686722365950548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722365950548,"l3_proto":"ip4","src_ip":"64.63.36.139","dst_ip":"165.114.202.61","src_port":49841,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Twitter","proto_by_ip_id":120,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2623,7 +2623,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":544,"flow_packet_id":1,"flow_src_last_pkt_time":1686722933062511,"flow_dst_last_pkt_time":1686722933062511,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686722933062511,"pkt":"bpHurUgdPJTVQTiBCABFAAA+udZAADQR5x9APySLRW27NsKxAasAKgcBAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":544,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722933062511,"flow_src_last_pkt_time":1686722933062511,"flow_dst_last_pkt_time":1686722933062511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722933062511,"l3_proto":"ip4","src_ip":"64.63.36.139","dst_ip":"69.109.187.54","src_port":49841,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Twitter","proto_by_ip_id":120,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":543,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722723892485,"flow_src_last_pkt_time":1686722723892485,"flow_dst_last_pkt_time":1686722723892485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722933062511,"l3_proto":"ip4","src_ip":"64.63.52.142","dst_ip":"90.147.171.51","src_port":14637,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Twitter","proto_by_ip_id":120,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":551,"packets-processed":550,"total-skipped-flows":0,"total-l4-payload-len":27797,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":544,"total-detection-updates":0,"total-updates":94,"current-active-flows":1,"total-active-flows":544,"total-idle-flows":543,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2626,"global_ts_usec":1686722979135224} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":551,"packets-processed":550,"total-skipped-flows":0,"total-l4-payload-len":27797,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":544,"total-detection-updates":0,"total-updates":94,"current-active-flows":1,"total-active-flows":544,"total-idle-flows":543,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2626,"global_ts_usec":1686722979135224} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722979135224,"flow_src_last_pkt_time":1686722979135224,"flow_dst_last_pkt_time":1686722979135224,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722979135224,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":30888,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":545,"flow_packet_id":1,"flow_src_last_pkt_time":1686722979135224,"flow_dst_last_pkt_time":1686722979135224,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686722979135224,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+JuRAADQRegS\/OSSHpZBUPnioAasAKlD8AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":551,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":545,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686722979135224,"flow_src_last_pkt_time":1686722979135224,"flow_dst_last_pkt_time":1686722979135224,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686722979135224,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":30888,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2643,99 +2643,99 @@ 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723578690477,"flow_src_last_pkt_time":1686723578690477,"flow_dst_last_pkt_time":1686723578690477,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723578690477,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.145.180.58","src_port":6016,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":547,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723218825916,"flow_src_last_pkt_time":1686723218825916,"flow_dst_last_pkt_time":1686723218825916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723578690477,"l3_proto":"ip4","src_ip":"64.63.52.142","dst_ip":"85.111.52.57","src_port":45266,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Twitter","proto_by_ip_id":120,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":546,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723156732545,"flow_src_last_pkt_time":1686723156732545,"flow_dst_last_pkt_time":1686723156732545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723578690477,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"74.111.203.55","src_port":21356,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":555,"packets-processed":554,"total-skipped-flows":0,"total-l4-payload-len":27933,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":548,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":548,"total-idle-flows":547,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2646,"global_ts_usec":1686723785197536} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":555,"packets-processed":554,"total-skipped-flows":0,"total-l4-payload-len":27933,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":548,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":548,"total-idle-flows":547,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2646,"global_ts_usec":1686723785197536} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723785197536,"flow_src_last_pkt_time":1686723785197536,"flow_dst_last_pkt_time":1686723785197536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723785197536,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.141.37.56","src_port":21356,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":549,"flow_packet_id":1,"flow_src_last_pkt_time":1686723785197536,"flow_dst_last_pkt_time":1686723785197536,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686723785197536,"pkt":"3jHC4dyOPJTVQTiBCABFAAA++PJAADQRp\/m4wTqGWo0lOFNsAasAKnY8AgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723785197536,"flow_src_last_pkt_time":1686723785197536,"flow_dst_last_pkt_time":1686723785197536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723785197536,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.141.37.56","src_port":21356,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":548,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723578690477,"flow_src_last_pkt_time":1686723578690477,"flow_dst_last_pkt_time":1686723578690477,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686723785197536,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.145.180.58","src_port":6016,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":556,"packets-processed":555,"total-skipped-flows":0,"total-l4-payload-len":27967,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":549,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":549,"total-idle-flows":548,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2651,"global_ts_usec":1686725098326675} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":556,"packets-processed":555,"total-skipped-flows":0,"total-l4-payload-len":27967,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":549,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":549,"total-idle-flows":548,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2651,"global_ts_usec":1686725098326675} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725098326675,"flow_src_last_pkt_time":1686725098326675,"flow_dst_last_pkt_time":1686725098326675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725098326675,"l3_proto":"ip4","src_ip":"51.242.192.58","dst_ip":"165.144.84.62","src_port":51989,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":550,"flow_packet_id":1,"flow_src_last_pkt_time":1686725098326675,"flow_dst_last_pkt_time":1686725098326675,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686725098326675,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXmQz8sA6pZBUPssVAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725098326675,"flow_src_last_pkt_time":1686725098326675,"flow_dst_last_pkt_time":1686725098326675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725098326675,"l3_proto":"ip4","src_ip":"51.242.192.58","dst_ip":"165.144.84.62","src_port":51989,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":549,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686723785197536,"flow_src_last_pkt_time":1686723785197536,"flow_dst_last_pkt_time":1686723785197536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725098326675,"l3_proto":"ip4","src_ip":"184.193.58.134","dst_ip":"90.141.37.56","src_port":21356,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":557,"packets-processed":556,"total-skipped-flows":0,"total-l4-payload-len":27996,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":550,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":550,"total-idle-flows":549,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2656,"global_ts_usec":1686725813807299} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":557,"packets-processed":556,"total-skipped-flows":0,"total-l4-payload-len":27996,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":550,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":550,"total-idle-flows":549,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2656,"global_ts_usec":1686725813807299} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725813807299,"flow_src_last_pkt_time":1686725813807299,"flow_dst_last_pkt_time":1686725813807299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725813807299,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"186.112.202.53","src_port":45764,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":551,"flow_packet_id":1,"flow_src_last_pkt_time":1686725813807299,"flow_dst_last_pkt_time":1686725813807299,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686725813807299,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+QzNAADQRXblAwcSFunDKNbLEAasAKhbkAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725813807299,"flow_src_last_pkt_time":1686725813807299,"flow_dst_last_pkt_time":1686725813807299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725813807299,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"186.112.202.53","src_port":45764,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":550,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725098326675,"flow_src_last_pkt_time":1686725098326675,"flow_dst_last_pkt_time":1686725098326675,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686725813807299,"l3_proto":"ip4","src_ip":"51.242.192.58","dst_ip":"165.144.84.62","src_port":51989,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":558,"packets-processed":557,"total-skipped-flows":0,"total-l4-payload-len":28030,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":551,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":551,"total-idle-flows":550,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2661,"global_ts_usec":1686729365919386} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":558,"packets-processed":557,"total-skipped-flows":0,"total-l4-payload-len":28030,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":551,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":551,"total-idle-flows":550,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2661,"global_ts_usec":1686729365919386} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686729365919386,"flow_src_last_pkt_time":1686729365919386,"flow_dst_last_pkt_time":1686729365919386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686729365919386,"l3_proto":"ip4","src_ip":"185.29.253.207","dst_ip":"90.141.37.56","src_port":55308,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":552,"flow_packet_id":1,"flow_src_last_pkt_time":1686729365919386,"flow_dst_last_pkt_time":1686729365919386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686729365919386,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRbbu5Hf3PWo0lONgMAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686729365919386,"flow_src_last_pkt_time":1686729365919386,"flow_dst_last_pkt_time":1686729365919386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686729365919386,"l3_proto":"ip4","src_ip":"185.29.253.207","dst_ip":"90.141.37.56","src_port":55308,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":551,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686725813807299,"flow_src_last_pkt_time":1686725813807299,"flow_dst_last_pkt_time":1686725813807299,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686729365919386,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"186.112.202.53","src_port":45764,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":559,"packets-processed":558,"total-skipped-flows":0,"total-l4-payload-len":28059,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":552,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":552,"total-idle-flows":551,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2666,"global_ts_usec":1686732302782823} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":559,"packets-processed":558,"total-skipped-flows":0,"total-l4-payload-len":28059,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":552,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":552,"total-idle-flows":551,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2666,"global_ts_usec":1686732302782823} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686732302782823,"flow_src_last_pkt_time":1686732302782823,"flow_dst_last_pkt_time":1686732302782823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686732302782823,"l3_proto":"ip4","src_ip":"49.49.71.169","dst_ip":"90.147.171.51","src_port":56940,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":553,"flow_packet_id":1,"flow_src_last_pkt_time":1686732302782823,"flow_dst_last_pkt_time":1686732302782823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686732302782823,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXyExMUepWpOrM95sAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686732302782823,"flow_src_last_pkt_time":1686732302782823,"flow_dst_last_pkt_time":1686732302782823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686732302782823,"l3_proto":"ip4","src_ip":"49.49.71.169","dst_ip":"90.147.171.51","src_port":56940,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":552,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686729365919386,"flow_src_last_pkt_time":1686729365919386,"flow_dst_last_pkt_time":1686729365919386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686732302782823,"l3_proto":"ip4","src_ip":"185.29.253.207","dst_ip":"90.141.37.56","src_port":55308,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":560,"packets-processed":559,"total-skipped-flows":0,"total-l4-payload-len":28088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":553,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":553,"total-idle-flows":552,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2671,"global_ts_usec":1686734552484911} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":560,"packets-processed":559,"total-skipped-flows":0,"total-l4-payload-len":28088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":553,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":553,"total-idle-flows":552,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2671,"global_ts_usec":1686734552484911} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686734552484911,"flow_src_last_pkt_time":1686734552484911,"flow_dst_last_pkt_time":1686734552484911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686734552484911,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"90.111.212.50","src_port":55179,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":554,"flow_packet_id":1,"flow_src_last_pkt_time":1686734552484911,"flow_dst_last_pkt_time":1686734552484911,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686734552484911,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbUTGF1kcWm\/UMteLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686734552484911,"flow_src_last_pkt_time":1686734552484911,"flow_dst_last_pkt_time":1686734552484911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686734552484911,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"90.111.212.50","src_port":55179,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":553,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686732302782823,"flow_src_last_pkt_time":1686732302782823,"flow_dst_last_pkt_time":1686732302782823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686734552484911,"l3_proto":"ip4","src_ip":"49.49.71.169","dst_ip":"90.147.171.51","src_port":56940,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":561,"packets-processed":560,"total-skipped-flows":0,"total-l4-payload-len":28117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":554,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":554,"total-idle-flows":553,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2676,"global_ts_usec":1686745116214925} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":561,"packets-processed":560,"total-skipped-flows":0,"total-l4-payload-len":28117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":554,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":554,"total-idle-flows":553,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2676,"global_ts_usec":1686745116214925} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686745116214925,"flow_src_last_pkt_time":1686745116214925,"flow_dst_last_pkt_time":1686745116214925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686745116214925,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"186.112.202.53","src_port":33154,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":555,"flow_packet_id":1,"flow_src_last_pkt_time":1686745116214925,"flow_dst_last_pkt_time":1686745116214925,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686745116214925,"pkt":"xmjqc4OdPJTVQTiBCABFCABLQo0AACQRgdjnJlLdunDKNYGCAasAN5v9AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686745116214925,"flow_src_last_pkt_time":1686745116214925,"flow_dst_last_pkt_time":1686745116214925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686745116214925,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"186.112.202.53","src_port":33154,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":554,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686734552484911,"flow_src_last_pkt_time":1686734552484911,"flow_dst_last_pkt_time":1686734552484911,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686745116214925,"l3_proto":"ip4","src_ip":"198.23.89.28","dst_ip":"90.111.212.50","src_port":55179,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":562,"packets-processed":561,"total-skipped-flows":0,"total-l4-payload-len":28164,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":555,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":555,"total-idle-flows":554,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2681,"global_ts_usec":1686766680148551} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":562,"packets-processed":561,"total-skipped-flows":0,"total-l4-payload-len":28164,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":555,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":555,"total-idle-flows":554,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2681,"global_ts_usec":1686766680148551} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686766680148551,"flow_src_last_pkt_time":1686766680148551,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686766680148551,"l3_proto":"ip4","src_ip":"43.95.195.22","dst_ip":"85.111.52.57","src_port":50287,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":1,"flow_src_last_pkt_time":1686766680148551,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686766680148551,"pkt":"moT+\/Ph8PJTVQTiBCABFAABSwG8AAC0RJTYrX8MWVW80OcRvAasAPhVJAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686766680148551,"flow_src_last_pkt_time":1686766680148551,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686766680148551,"l3_proto":"ip4","src_ip":"43.95.195.22","dst_ip":"85.111.52.57","src_port":50287,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_packet_id":2,"flow_src_last_pkt_time":1686766680148564,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686766680148564,"pkt":"moT+\/Ph8PJTVQTiBCABFAABSwG8AAC0RJTYrX8MWVW80OcRvAasAPhVJAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":555,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686745116214925,"flow_src_last_pkt_time":1686745116214925,"flow_dst_last_pkt_time":1686745116214925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686766680148564,"l3_proto":"ip4","src_ip":"231.38.82.221","dst_ip":"186.112.202.53","src_port":33154,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":564,"packets-processed":563,"total-skipped-flows":0,"total-l4-payload-len":28272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":556,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":556,"total-idle-flows":555,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2687,"global_ts_usec":1686776388352182} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":564,"packets-processed":563,"total-skipped-flows":0,"total-l4-payload-len":28272,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":556,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":556,"total-idle-flows":555,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2687,"global_ts_usec":1686776388352182} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686776388352182,"flow_src_last_pkt_time":1686776388352182,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686776388352182,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.114.202.61","src_port":26337,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":1,"flow_src_last_pkt_time":1686776388352182,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686776388352182,"pkt":"AAwp30Y4PJTVQTiBCABFBABSYuEAADQRGY3rYkGFpXLKPWbhAasAPhCkAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":564,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686776388352182,"flow_src_last_pkt_time":1686776388352182,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686776388352182,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.114.202.61","src_port":26337,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_packet_id":2,"flow_src_last_pkt_time":1686776388352185,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686776388352185,"pkt":"AAwp30Y4PJTVQTiBCABFBABSYuEAADQRGY3rYkGFpXLKPWbhAasAPhCkAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":556,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1686766680148551,"flow_src_last_pkt_time":1686766680148564,"flow_dst_last_pkt_time":1686766680148551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686776388352185,"l3_proto":"ip4","src_ip":"43.95.195.22","dst_ip":"85.111.52.57","src_port":50287,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":566,"packets-processed":565,"total-skipped-flows":0,"total-l4-payload-len":28380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":557,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":557,"total-idle-flows":556,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2693,"global_ts_usec":1686782629632128} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":566,"packets-processed":565,"total-skipped-flows":0,"total-l4-payload-len":28380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":557,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":557,"total-idle-flows":556,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2693,"global_ts_usec":1686782629632128} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686782629632128,"flow_src_last_pkt_time":1686782629632128,"flow_dst_last_pkt_time":1686782629632128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686782629632128,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"165.114.202.61","src_port":39471,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":558,"flow_packet_id":1,"flow_src_last_pkt_time":1686782629632128,"flow_dst_last_pkt_time":1686782629632128,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686782629632128,"pkt":"AAwp30Y4PJTVQTiBCABFCABLh+kAACIRQr6fPLR2pXLKPZovAasAN4eSAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686782629632128,"flow_src_last_pkt_time":1686782629632128,"flow_dst_last_pkt_time":1686782629632128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686782629632128,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"165.114.202.61","src_port":39471,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":557,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1686776388352182,"flow_src_last_pkt_time":1686776388352185,"flow_dst_last_pkt_time":1686776388352182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686782629632128,"l3_proto":"ip4","src_ip":"235.98.65.133","dst_ip":"165.114.202.61","src_port":26337,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":567,"packets-processed":566,"total-skipped-flows":0,"total-l4-payload-len":28427,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":558,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":558,"total-idle-flows":557,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2698,"global_ts_usec":1686783435918307} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":567,"packets-processed":566,"total-skipped-flows":0,"total-l4-payload-len":28427,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":558,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":558,"total-idle-flows":557,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2698,"global_ts_usec":1686783435918307} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686783435918307,"flow_src_last_pkt_time":1686783435918307,"flow_dst_last_pkt_time":1686783435918307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686783435918307,"l3_proto":"ip4","src_ip":"164.192.91.117","dst_ip":"165.144.84.62","src_port":41275,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":559,"flow_packet_id":1,"flow_src_last_pkt_time":1686783435918307,"flow_dst_last_pkt_time":1686783435918307,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686783435918307,"pkt":"AAwp30Y4PJTVQTiBCABFCABL9voAACIR06ykwFt1pZBUPqE7AasAN4CGAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686783435918307,"flow_src_last_pkt_time":1686783435918307,"flow_dst_last_pkt_time":1686783435918307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686783435918307,"l3_proto":"ip4","src_ip":"164.192.91.117","dst_ip":"165.144.84.62","src_port":41275,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":558,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686782629632128,"flow_src_last_pkt_time":1686782629632128,"flow_dst_last_pkt_time":1686782629632128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686783435918307,"l3_proto":"ip4","src_ip":"159.60.180.118","dst_ip":"165.114.202.61","src_port":39471,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":568,"packets-processed":567,"total-skipped-flows":0,"total-l4-payload-len":28474,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":559,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":559,"total-idle-flows":558,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2703,"global_ts_usec":1686785007737222} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":568,"packets-processed":567,"total-skipped-flows":0,"total-l4-payload-len":28474,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":559,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":559,"total-idle-flows":558,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2703,"global_ts_usec":1686785007737222} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686785007737222,"flow_src_last_pkt_time":1686785007737222,"flow_dst_last_pkt_time":1686785007737222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686785007737222,"l3_proto":"ip4","src_ip":"155.160.165.208","dst_ip":"69.109.187.54","src_port":51124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":560,"flow_packet_id":1,"flow_src_last_pkt_time":1686785007737222,"flow_dst_last_pkt_time":1686785007737222,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686785007737222,"pkt":"bpHurUgdPJTVQTiBCABFCABLA0AAACQRwTOboKXQRW27Nse0AasAN1XZAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686785007737222,"flow_src_last_pkt_time":1686785007737222,"flow_dst_last_pkt_time":1686785007737222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686785007737222,"l3_proto":"ip4","src_ip":"155.160.165.208","dst_ip":"69.109.187.54","src_port":51124,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":559,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686783435918307,"flow_src_last_pkt_time":1686783435918307,"flow_dst_last_pkt_time":1686783435918307,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686785007737222,"l3_proto":"ip4","src_ip":"164.192.91.117","dst_ip":"165.144.84.62","src_port":41275,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":569,"packets-processed":568,"total-skipped-flows":0,"total-l4-payload-len":28521,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":560,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":560,"total-idle-flows":559,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2708,"global_ts_usec":1686790507373750} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":569,"packets-processed":568,"total-skipped-flows":0,"total-l4-payload-len":28521,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":560,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":560,"total-idle-flows":559,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2708,"global_ts_usec":1686790507373750} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686790507373750,"flow_src_last_pkt_time":1686790507373750,"flow_dst_last_pkt_time":1686790507373750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686790507373750,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"186.112.202.53","src_port":65092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":561,"flow_packet_id":1,"flow_src_last_pkt_time":1686790507373750,"flow_dst_last_pkt_time":1686790507373750,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686790507373750,"pkt":"xmjqc4OdPJTVQTiBCABFCABLxbwAACIRBPAjAGRzunDKNf5EAasANyOCAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686790507373750,"flow_src_last_pkt_time":1686790507373750,"flow_dst_last_pkt_time":1686790507373750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686790507373750,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"186.112.202.53","src_port":65092,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":560,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686785007737222,"flow_src_last_pkt_time":1686785007737222,"flow_dst_last_pkt_time":1686785007737222,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686790507373750,"l3_proto":"ip4","src_ip":"155.160.165.208","dst_ip":"69.109.187.54","src_port":51124,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":570,"packets-processed":569,"total-skipped-flows":0,"total-l4-payload-len":28568,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":561,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":561,"total-idle-flows":560,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2713,"global_ts_usec":1686794003013015} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":570,"packets-processed":569,"total-skipped-flows":0,"total-l4-payload-len":28568,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":561,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":561,"total-idle-flows":560,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2713,"global_ts_usec":1686794003013015} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686794003013015,"flow_src_last_pkt_time":1686794003013015,"flow_dst_last_pkt_time":1686794003013015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686794003013015,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.147.171.51","src_port":15170,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":562,"flow_packet_id":1,"flow_src_last_pkt_time":1686794003013015,"flow_dst_last_pkt_time":1686794003013015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686794003013015,"pkt":"AAwp30Y4PJTVQTiBCABFCABLrMYAACQRF6rn33nVWpOrMztCAasAN+JIAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686794003013015,"flow_src_last_pkt_time":1686794003013015,"flow_dst_last_pkt_time":1686794003013015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686794003013015,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.147.171.51","src_port":15170,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":561,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686790507373750,"flow_src_last_pkt_time":1686790507373750,"flow_dst_last_pkt_time":1686790507373750,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686794003013015,"l3_proto":"ip4","src_ip":"35.0.100.115","dst_ip":"186.112.202.53","src_port":65092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":571,"packets-processed":570,"total-skipped-flows":0,"total-l4-payload-len":28615,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":562,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":562,"total-idle-flows":561,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2718,"global_ts_usec":1686799154433661} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":571,"packets-processed":570,"total-skipped-flows":0,"total-l4-payload-len":28615,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":562,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":562,"total-idle-flows":561,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2718,"global_ts_usec":1686799154433661} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686799154433661,"flow_src_last_pkt_time":1686799154433661,"flow_dst_last_pkt_time":1686799154433661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686799154433661,"l3_proto":"ip4","src_ip":"65.218.6.160","dst_ip":"165.114.202.61","src_port":55146,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":563,"flow_packet_id":1,"flow_src_last_pkt_time":1686799154433661,"flow_dst_last_pkt_time":1686799154433661,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686799154433661,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbQVB2gagpXLKPddqAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":571,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686799154433661,"flow_src_last_pkt_time":1686799154433661,"flow_dst_last_pkt_time":1686799154433661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686799154433661,"l3_proto":"ip4","src_ip":"65.218.6.160","dst_ip":"165.114.202.61","src_port":55146,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":562,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686794003013015,"flow_src_last_pkt_time":1686794003013015,"flow_dst_last_pkt_time":1686794003013015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686799154433661,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"90.147.171.51","src_port":15170,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":572,"packets-processed":571,"total-skipped-flows":0,"total-l4-payload-len":28644,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":563,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":563,"total-idle-flows":562,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2723,"global_ts_usec":1686801707865988} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":572,"packets-processed":571,"total-skipped-flows":0,"total-l4-payload-len":28644,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":563,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":563,"total-idle-flows":562,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2723,"global_ts_usec":1686801707865988} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686801707865988,"flow_src_last_pkt_time":1686801707865988,"flow_dst_last_pkt_time":1686801707865988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686801707865988,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"85.111.52.57","src_port":64449,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":564,"flow_packet_id":1,"flow_src_last_pkt_time":1686801707865988,"flow_dst_last_pkt_time":1686801707865988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686801707865988,"pkt":"moT+\/Ph8PJTVQTiBCABFAABLmP8AACcROhldZnxwVW80OfvBAasANzNpAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686801707865988,"flow_src_last_pkt_time":1686801707865988,"flow_dst_last_pkt_time":1686801707865988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686801707865988,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"85.111.52.57","src_port":64449,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":563,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686799154433661,"flow_src_last_pkt_time":1686799154433661,"flow_dst_last_pkt_time":1686799154433661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686801707865988,"l3_proto":"ip4","src_ip":"65.218.6.160","dst_ip":"165.114.202.61","src_port":55146,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":573,"packets-processed":572,"total-skipped-flows":0,"total-l4-payload-len":28691,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":564,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":564,"total-idle-flows":563,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2728,"global_ts_usec":1686809757231212} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":573,"packets-processed":572,"total-skipped-flows":0,"total-l4-payload-len":28691,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":564,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":564,"total-idle-flows":563,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2728,"global_ts_usec":1686809757231212} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686809757231212,"flow_src_last_pkt_time":1686809757231212,"flow_dst_last_pkt_time":1686809757231212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686809757231212,"l3_proto":"ip4","src_ip":"32.248.84.127","dst_ip":"90.141.37.56","src_port":45264,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":565,"flow_packet_id":1,"flow_src_last_pkt_time":1686809757231212,"flow_dst_last_pkt_time":1686809757231212,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686809757231212,"pkt":"3jHC4dyOPJTVQTiBCABFCABLKJcAACIRohgg+FR\/Wo0lOLDQAasAN3D5AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686809757231212,"flow_src_last_pkt_time":1686809757231212,"flow_dst_last_pkt_time":1686809757231212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686809757231212,"l3_proto":"ip4","src_ip":"32.248.84.127","dst_ip":"90.141.37.56","src_port":45264,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":564,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686801707865988,"flow_src_last_pkt_time":1686801707865988,"flow_dst_last_pkt_time":1686801707865988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686809757231212,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"85.111.52.57","src_port":64449,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":574,"packets-processed":573,"total-skipped-flows":0,"total-l4-payload-len":28738,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":565,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":565,"total-idle-flows":564,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2733,"global_ts_usec":1686815428144220} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":574,"packets-processed":573,"total-skipped-flows":0,"total-l4-payload-len":28738,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":565,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":565,"total-idle-flows":564,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2733,"global_ts_usec":1686815428144220} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686815428144220,"flow_src_last_pkt_time":1686815428144220,"flow_dst_last_pkt_time":1686815428144220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686815428144220,"l3_proto":"ip4","src_ip":"69.24.27.60","dst_ip":"90.111.212.50","src_port":56117,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":566,"flow_packet_id":1,"flow_src_last_pkt_time":1686815428144220,"flow_dst_last_pkt_time":1686815428144220,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686815428144220,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbFFFGBs8Wm\/UMts1AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01069{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":566,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686815428144220,"flow_src_last_pkt_time":1686815428144220,"flow_dst_last_pkt_time":1686815428144220,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686815428144220,"l3_proto":"ip4","src_ip":"69.24.27.60","dst_ip":"90.111.212.50","src_port":56117,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":565,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686809757231212,"flow_src_last_pkt_time":1686809757231212,"flow_dst_last_pkt_time":1686809757231212,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686815428144220,"l3_proto":"ip4","src_ip":"32.248.84.127","dst_ip":"90.141.37.56","src_port":45264,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":575,"packets-processed":574,"total-skipped-flows":0,"total-l4-payload-len":28767,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":566,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":566,"total-idle-flows":565,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2738,"global_ts_usec":1686819439098098} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":575,"packets-processed":574,"total-skipped-flows":0,"total-l4-payload-len":28767,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":566,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":566,"total-idle-flows":565,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2738,"global_ts_usec":1686819439098098} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686819439098098,"flow_src_last_pkt_time":1686819439098098,"flow_dst_last_pkt_time":1686819439098098,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686819439098098,"l3_proto":"ip4","src_ip":"64.62.219.130","dst_ip":"85.111.52.57","src_port":17454,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":567,"flow_packet_id":1,"flow_src_last_pkt_time":1686819439098098,"flow_dst_last_pkt_time":1686819439098098,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686819439098098,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA+YmVAADQRPoBAPtuCVW80OUQuAasAKoVzAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":567,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686819439098098,"flow_src_last_pkt_time":1686819439098098,"flow_dst_last_pkt_time":1686819439098098,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686819439098098,"l3_proto":"ip4","src_ip":"64.62.219.130","dst_ip":"85.111.52.57","src_port":17454,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2751,7 +2751,7 @@ 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686819690034608,"flow_src_last_pkt_time":1686819690034608,"flow_dst_last_pkt_time":1686819690034608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686819690034608,"l3_proto":"ip4","src_ip":"9.160.170.26","dst_ip":"69.109.187.54","src_port":53573,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":570,"flow_packet_id":1,"flow_src_last_pkt_time":1686819690034608,"flow_dst_last_pkt_time":1686819690034608,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686819690034608,"pkt":"bpHurUgdPJTVQTiBCABFCABS21FAAC4Ros0JoKoaRW27NtFFAasAPuH0AgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":570,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686819690034608,"flow_src_last_pkt_time":1686819690034608,"flow_dst_last_pkt_time":1686819690034608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686819690034608,"l3_proto":"ip4","src_ip":"9.160.170.26","dst_ip":"69.109.187.54","src_port":53573,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":579,"packets-processed":578,"total-skipped-flows":0,"total-l4-payload-len":28923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":570,"total-detection-updates":0,"total-updates":97,"current-active-flows":2,"total-active-flows":570,"total-idle-flows":568,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2754,"global_ts_usec":1686820137258813} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":579,"packets-processed":578,"total-skipped-flows":0,"total-l4-payload-len":28923,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":570,"total-detection-updates":0,"total-updates":97,"current-active-flows":2,"total-active-flows":570,"total-idle-flows":568,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2754,"global_ts_usec":1686820137258813} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820137258813,"flow_src_last_pkt_time":1686820137258813,"flow_dst_last_pkt_time":1686820137258813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820137258813,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"90.145.180.58","src_port":51380,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":571,"flow_packet_id":1,"flow_src_last_pkt_time":1686820137258813,"flow_dst_last_pkt_time":1686820137258813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686820137258813,"pkt":"bs1PogZtPJTVQTiBCABFAAA+CBNAADQRmNRAwcSFWpG0Osi0AasAKgDvAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820137258813,"flow_src_last_pkt_time":1686820137258813,"flow_dst_last_pkt_time":1686820137258813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820137258813,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"90.145.180.58","src_port":51380,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2765,7 +2765,7 @@ 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":573,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820293978966,"flow_src_last_pkt_time":1686820293978966,"flow_dst_last_pkt_time":1686820293978966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820293978966,"l3_proto":"ip4","src_ip":"160.71.213.140","dst_ip":"186.112.202.53","src_port":41896,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":572,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820163339870,"flow_src_last_pkt_time":1686820163339870,"flow_dst_last_pkt_time":1686820163339870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820293978966,"l3_proto":"ip4","src_ip":"80.51.127.74","dst_ip":"90.141.37.56","src_port":51252,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":571,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820137258813,"flow_src_last_pkt_time":1686820137258813,"flow_dst_last_pkt_time":1686820137258813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820293978966,"l3_proto":"ip4","src_ip":"64.193.196.133","dst_ip":"90.145.180.58","src_port":51380,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":582,"packets-processed":581,"total-skipped-flows":0,"total-l4-payload-len":29020,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":573,"total-detection-updates":0,"total-updates":99,"current-active-flows":3,"total-active-flows":573,"total-idle-flows":570,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2768,"global_ts_usec":1686820910359963} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":582,"packets-processed":581,"total-skipped-flows":0,"total-l4-payload-len":29020,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":573,"total-detection-updates":0,"total-updates":99,"current-active-flows":3,"total-active-flows":573,"total-idle-flows":570,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2768,"global_ts_usec":1686820910359963} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820910359963,"flow_src_last_pkt_time":1686820910359963,"flow_dst_last_pkt_time":1686820910359963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820910359963,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":38472,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":574,"flow_packet_id":1,"flow_src_last_pkt_time":1686820910359963,"flow_dst_last_pkt_time":1686820910359963,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686820910359963,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+iNFAADQRGBe\/OSSHpZBUPpZIAasAKjNcAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820910359963,"flow_src_last_pkt_time":1686820910359963,"flow_dst_last_pkt_time":1686820910359963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686820910359963,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":38472,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2776,22 +2776,22 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":575,"flow_packet_id":1,"flow_src_last_pkt_time":1686821183061310,"flow_dst_last_pkt_time":1686821183061310,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686821183061310,"pkt":"3jHC4dyOPJTVQTiBCABFAAA+lolAADQRCl9BwcuBWo0lOPn2AasAKs+tAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821183061310,"flow_src_last_pkt_time":1686821183061310,"flow_dst_last_pkt_time":1686821183061310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821183061310,"l3_proto":"ip4","src_ip":"65.193.203.129","dst_ip":"90.141.37.56","src_port":63990,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":574,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686820910359963,"flow_src_last_pkt_time":1686820910359963,"flow_dst_last_pkt_time":1686820910359963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821183061310,"l3_proto":"ip4","src_ip":"191.57.36.135","dst_ip":"165.144.84.62","src_port":38472,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":584,"packets-processed":583,"total-skipped-flows":0,"total-l4-payload-len":29088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":575,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":575,"total-idle-flows":574,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2779,"global_ts_usec":1686821576328540} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":584,"packets-processed":583,"total-skipped-flows":0,"total-l4-payload-len":29088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":575,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":575,"total-idle-flows":574,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2779,"global_ts_usec":1686821576328540} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821576328540,"flow_src_last_pkt_time":1686821576328540,"flow_dst_last_pkt_time":1686821576328540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821576328540,"l3_proto":"ip4","src_ip":"71.191.53.138","dst_ip":"165.114.202.61","src_port":59582,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":576,"flow_packet_id":1,"flow_src_last_pkt_time":1686821576328540,"flow_dst_last_pkt_time":1686821576328540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686821576328540,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+edNAADQRJxlHvzWKpXLKPei+AasAKuDpAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821576328540,"flow_src_last_pkt_time":1686821576328540,"flow_dst_last_pkt_time":1686821576328540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821576328540,"l3_proto":"ip4","src_ip":"71.191.53.138","dst_ip":"165.114.202.61","src_port":59582,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":575,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821183061310,"flow_src_last_pkt_time":1686821183061310,"flow_dst_last_pkt_time":1686821183061310,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686821576328540,"l3_proto":"ip4","src_ip":"65.193.203.129","dst_ip":"90.141.37.56","src_port":63990,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":585,"packets-processed":584,"total-skipped-flows":0,"total-l4-payload-len":29122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":576,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":576,"total-idle-flows":575,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2784,"global_ts_usec":1686822857775383} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":585,"packets-processed":584,"total-skipped-flows":0,"total-l4-payload-len":29122,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":576,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":576,"total-idle-flows":575,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2784,"global_ts_usec":1686822857775383} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686822857775383,"flow_src_last_pkt_time":1686822857775383,"flow_dst_last_pkt_time":1686822857775383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686822857775383,"l3_proto":"ip4","src_ip":"160.71.213.140","dst_ip":"74.111.203.55","src_port":32482,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":577,"flow_packet_id":1,"flow_src_last_pkt_time":1686822857775383,"flow_dst_last_pkt_time":1686822857775383,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686822857775383,"pkt":"ipffLU2SPJTVQTiBCABFAAA+b3NAADQRMYKgR9WMSm\/LN37iAasAKkrPAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686822857775383,"flow_src_last_pkt_time":1686822857775383,"flow_dst_last_pkt_time":1686822857775383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686822857775383,"l3_proto":"ip4","src_ip":"160.71.213.140","dst_ip":"74.111.203.55","src_port":32482,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":576,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686821576328540,"flow_src_last_pkt_time":1686821576328540,"flow_dst_last_pkt_time":1686821576328540,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686822857775383,"l3_proto":"ip4","src_ip":"71.191.53.138","dst_ip":"165.114.202.61","src_port":59582,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":586,"packets-processed":585,"total-skipped-flows":0,"total-l4-payload-len":29156,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":577,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":577,"total-idle-flows":576,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2789,"global_ts_usec":1686823539150971} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":586,"packets-processed":585,"total-skipped-flows":0,"total-l4-payload-len":29156,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":577,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":577,"total-idle-flows":576,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2789,"global_ts_usec":1686823539150971} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686823539150971,"flow_src_last_pkt_time":1686823539150971,"flow_dst_last_pkt_time":1686823539150971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686823539150971,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"74.111.203.55","src_port":41415,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":578,"flow_packet_id":1,"flow_src_last_pkt_time":1686823539150971,"flow_dst_last_pkt_time":1686823539150971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686823539150971,"pkt":"ipffLU2SPJTVQTiBCABFAABLhjwAACcRTORiZ\/1zSm\/LN6HHAasAN41rAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":578,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686823539150971,"flow_src_last_pkt_time":1686823539150971,"flow_dst_last_pkt_time":1686823539150971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686823539150971,"l3_proto":"ip4","src_ip":"98.103.253.115","dst_ip":"74.111.203.55","src_port":41415,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":577,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686822857775383,"flow_src_last_pkt_time":1686822857775383,"flow_dst_last_pkt_time":1686822857775383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686823539150971,"l3_proto":"ip4","src_ip":"160.71.213.140","dst_ip":"74.111.203.55","src_port":32482,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":587,"packets-processed":586,"total-skipped-flows":0,"total-l4-payload-len":29203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":578,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":578,"total-idle-flows":577,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2794,"global_ts_usec":1686825966772504} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":587,"packets-processed":586,"total-skipped-flows":0,"total-l4-payload-len":29203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":578,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":578,"total-idle-flows":577,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2794,"global_ts_usec":1686825966772504} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686825966772504,"flow_src_last_pkt_time":1686825966772504,"flow_dst_last_pkt_time":1686825966772504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686825966772504,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"165.144.84.62","src_port":56415,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":579,"flow_packet_id":1,"flow_src_last_pkt_time":1686825966772504,"flow_dst_last_pkt_time":1686825966772504,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686825966772504,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbU4h2Fo4pZBUPtxfAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":587,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":579,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686825966772504,"flow_src_last_pkt_time":1686825966772504,"flow_dst_last_pkt_time":1686825966772504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686825966772504,"l3_proto":"ip4","src_ip":"33.216.90.56","dst_ip":"165.144.84.62","src_port":56415,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2804,18 +2804,18 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":581,"flow_packet_id":1,"flow_src_last_pkt_time":1686826372484485,"flow_dst_last_pkt_time":1686826372484485,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686826372484485,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRYDnSDNiXWpG0OtnBAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686826372484485,"flow_src_last_pkt_time":1686826372484485,"flow_dst_last_pkt_time":1686826372484485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686826372484485,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":55745,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01114{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686826280078870,"flow_src_last_pkt_time":1686826280078870,"flow_dst_last_pkt_time":1686826280078870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686826372484485,"l3_proto":"ip4","src_ip":"154.129.123.124","dst_ip":"186.112.202.53","src_port":6873,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":590,"packets-processed":589,"total-skipped-flows":0,"total-l4-payload-len":29308,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":581,"total-detection-updates":0,"total-updates":100,"current-active-flows":2,"total-active-flows":581,"total-idle-flows":579,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2807,"global_ts_usec":1686827895727367} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":590,"packets-processed":589,"total-skipped-flows":0,"total-l4-payload-len":29308,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":581,"total-detection-updates":0,"total-updates":100,"current-active-flows":2,"total-active-flows":581,"total-idle-flows":579,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2807,"global_ts_usec":1686827895727367} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686827895727367,"flow_src_last_pkt_time":1686827895727367,"flow_dst_last_pkt_time":1686827895727367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686827895727367,"l3_proto":"ip4","src_ip":"65.20.223.151","dst_ip":"90.147.171.51","src_port":51977,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":582,"flow_packet_id":1,"flow_src_last_pkt_time":1686827895727367,"flow_dst_last_pkt_time":1686827895727367,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686827895727367,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbilBFN+XWpOrM8sJAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686827895727367,"flow_src_last_pkt_time":1686827895727367,"flow_dst_last_pkt_time":1686827895727367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686827895727367,"l3_proto":"ip4","src_ip":"65.20.223.151","dst_ip":"90.147.171.51","src_port":51977,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":581,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686826372484485,"flow_src_last_pkt_time":1686826372484485,"flow_dst_last_pkt_time":1686826372484485,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686827895727367,"l3_proto":"ip4","src_ip":"210.12.216.151","dst_ip":"90.145.180.58","src_port":55745,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":580,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686826280078870,"flow_src_last_pkt_time":1686826280078870,"flow_dst_last_pkt_time":1686826280078870,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686827895727367,"l3_proto":"ip4","src_ip":"154.129.123.124","dst_ip":"186.112.202.53","src_port":6873,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":591,"packets-processed":590,"total-skipped-flows":0,"total-l4-payload-len":29337,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":582,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":582,"total-idle-flows":581,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2813,"global_ts_usec":1686831590603565} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":591,"packets-processed":590,"total-skipped-flows":0,"total-l4-payload-len":29337,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":582,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":582,"total-idle-flows":581,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2813,"global_ts_usec":1686831590603565} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686831590603565,"flow_src_last_pkt_time":1686831590603565,"flow_dst_last_pkt_time":1686831590603565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686831590603565,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"165.114.202.61","src_port":54342,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":583,"flow_packet_id":1,"flow_src_last_pkt_time":1686831590603565,"flow_dst_last_pkt_time":1686831590603565,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686831590603565,"pkt":"AAwp30Y4PJTVQTiBCABFCABL3soAACQR5ZVYH27bpXLKPdRGAasAN0k0AgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":583,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686831590603565,"flow_src_last_pkt_time":1686831590603565,"flow_dst_last_pkt_time":1686831590603565,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686831590603565,"l3_proto":"ip4","src_ip":"88.31.110.219","dst_ip":"165.114.202.61","src_port":54342,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":582,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686827895727367,"flow_src_last_pkt_time":1686827895727367,"flow_dst_last_pkt_time":1686827895727367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686831590603565,"l3_proto":"ip4","src_ip":"65.20.223.151","dst_ip":"90.147.171.51","src_port":51977,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":592,"packets-processed":591,"total-skipped-flows":0,"total-l4-payload-len":29384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":583,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":583,"total-idle-flows":582,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2818,"global_ts_usec":1686834792524626} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":592,"packets-processed":591,"total-skipped-flows":0,"total-l4-payload-len":29384,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":583,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":583,"total-idle-flows":582,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2818,"global_ts_usec":1686834792524626} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834792524626,"flow_src_last_pkt_time":1686834792524626,"flow_dst_last_pkt_time":1686834792524626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686834792524626,"l3_proto":"ip4","src_ip":"206.206.184.241","dst_ip":"69.109.187.54","src_port":50350,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":584,"flow_packet_id":1,"flow_src_last_pkt_time":1686834792524626,"flow_dst_last_pkt_time":1686834792524626,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686834792524626,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPkRX\/bOzrjxRW27NsSuAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":592,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834792524626,"flow_src_last_pkt_time":1686834792524626,"flow_dst_last_pkt_time":1686834792524626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686834792524626,"l3_proto":"ip4","src_ip":"206.206.184.241","dst_ip":"69.109.187.54","src_port":50350,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2823,33 +2823,33 @@ 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834822514899,"flow_src_last_pkt_time":1686834822514899,"flow_dst_last_pkt_time":1686834822514899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686834822514899,"l3_proto":"ip4","src_ip":"190.35.225.89","dst_ip":"85.111.52.57","src_port":52867,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":585,"flow_packet_id":1,"flow_src_last_pkt_time":1686834822514899,"flow_dst_last_pkt_time":1686834822514899,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686834822514899,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPkRbYW+I+FZVW80Oc6DAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834822514899,"flow_src_last_pkt_time":1686834822514899,"flow_dst_last_pkt_time":1686834822514899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686834822514899,"l3_proto":"ip4","src_ip":"190.35.225.89","dst_ip":"85.111.52.57","src_port":52867,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":594,"packets-processed":593,"total-skipped-flows":0,"total-l4-payload-len":29442,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":585,"total-detection-updates":0,"total-updates":100,"current-active-flows":2,"total-active-flows":585,"total-idle-flows":583,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2826,"global_ts_usec":1686835718979040} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":594,"packets-processed":593,"total-skipped-flows":0,"total-l4-payload-len":29442,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":585,"total-detection-updates":0,"total-updates":100,"current-active-flows":2,"total-active-flows":585,"total-idle-flows":583,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2826,"global_ts_usec":1686835718979040} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686835718979040,"flow_src_last_pkt_time":1686835718979040,"flow_dst_last_pkt_time":1686835718979040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686835718979040,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"165.144.84.62","src_port":63301,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":586,"flow_packet_id":1,"flow_src_last_pkt_time":1686835718979040,"flow_dst_last_pkt_time":1686835718979040,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686835718979040,"pkt":"AAwp30Y4PJTVQTiBCABFCABL0T8AACQR8xzjB7LfpZBUPvdFAasANyYxAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686835718979040,"flow_src_last_pkt_time":1686835718979040,"flow_dst_last_pkt_time":1686835718979040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686835718979040,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"165.144.84.62","src_port":63301,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":584,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834792524626,"flow_src_last_pkt_time":1686834792524626,"flow_dst_last_pkt_time":1686834792524626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686835718979040,"l3_proto":"ip4","src_ip":"206.206.184.241","dst_ip":"69.109.187.54","src_port":50350,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":585,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686834822514899,"flow_src_last_pkt_time":1686834822514899,"flow_dst_last_pkt_time":1686834822514899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686835718979040,"l3_proto":"ip4","src_ip":"190.35.225.89","dst_ip":"85.111.52.57","src_port":52867,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":595,"packets-processed":594,"total-skipped-flows":0,"total-l4-payload-len":29489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":586,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":586,"total-idle-flows":585,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2832,"global_ts_usec":1686837738680875} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":595,"packets-processed":594,"total-skipped-flows":0,"total-l4-payload-len":29489,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":586,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":586,"total-idle-flows":585,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2832,"global_ts_usec":1686837738680875} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686837738680875,"flow_src_last_pkt_time":1686837738680875,"flow_dst_last_pkt_time":1686837738680875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686837738680875,"l3_proto":"ip4","src_ip":"34.214.128.211","dst_ip":"74.111.203.55","src_port":50699,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":587,"flow_packet_id":1,"flow_src_last_pkt_time":1686837738680875,"flow_dst_last_pkt_time":1686837738680875,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686837738680875,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPkRbc0i1oDTSm\/LN8YLAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01076{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686837738680875,"flow_src_last_pkt_time":1686837738680875,"flow_dst_last_pkt_time":1686837738680875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686837738680875,"l3_proto":"ip4","src_ip":"34.214.128.211","dst_ip":"74.111.203.55","src_port":50699,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":586,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686835718979040,"flow_src_last_pkt_time":1686835718979040,"flow_dst_last_pkt_time":1686835718979040,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686837738680875,"l3_proto":"ip4","src_ip":"227.7.178.223","dst_ip":"165.144.84.62","src_port":63301,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":596,"packets-processed":595,"total-skipped-flows":0,"total-l4-payload-len":29518,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":587,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":587,"total-idle-flows":586,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2837,"global_ts_usec":1686840095634071} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":596,"packets-processed":595,"total-skipped-flows":0,"total-l4-payload-len":29518,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":587,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":587,"total-idle-flows":586,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2837,"global_ts_usec":1686840095634071} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840095634071,"flow_src_last_pkt_time":1686840095634071,"flow_dst_last_pkt_time":1686840095634071,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840095634071,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":44047,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":588,"flow_packet_id":1,"flow_src_last_pkt_time":1686840095634071,"flow_dst_last_pkt_time":1686840095634071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686840095634071,"pkt":"moT+\/Ph8PJTVQTiBCABFCABSMJwAAGsR5fhDnxCWVW80OawPAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840095634071,"flow_src_last_pkt_time":1686840095634071,"flow_dst_last_pkt_time":1686840095634071,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840095634071,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":44047,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":587,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686837738680875,"flow_src_last_pkt_time":1686837738680875,"flow_dst_last_pkt_time":1686837738680875,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840095634071,"l3_proto":"ip4","src_ip":"34.214.128.211","dst_ip":"74.111.203.55","src_port":50699,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":597,"packets-processed":596,"total-skipped-flows":0,"total-l4-payload-len":29572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":588,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":588,"total-idle-flows":587,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2842,"global_ts_usec":1686840886120988} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":597,"packets-processed":596,"total-skipped-flows":0,"total-l4-payload-len":29572,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":588,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":588,"total-idle-flows":587,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2842,"global_ts_usec":1686840886120988} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840886120988,"flow_src_last_pkt_time":1686840886120988,"flow_dst_last_pkt_time":1686840886120988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840886120988,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"74.111.203.55","src_port":38016,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":589,"flow_packet_id":1,"flow_src_last_pkt_time":1686840886120988,"flow_dst_last_pkt_time":1686840886120988,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686840886120988,"pkt":"ipffLU2SPJTVQTiBCABFCABL2jYAACQR6jfn33nVSm\/LN5SAAasAN4kIAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840886120988,"flow_src_last_pkt_time":1686840886120988,"flow_dst_last_pkt_time":1686840886120988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840886120988,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"74.111.203.55","src_port":38016,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":588,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840095634071,"flow_src_last_pkt_time":1686840095634071,"flow_dst_last_pkt_time":1686840095634071,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686840886120988,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"85.111.52.57","src_port":44047,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":598,"packets-processed":597,"total-skipped-flows":0,"total-l4-payload-len":29619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":589,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":589,"total-idle-flows":588,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2847,"global_ts_usec":1686854380719448} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":598,"packets-processed":597,"total-skipped-flows":0,"total-l4-payload-len":29619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":589,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":589,"total-idle-flows":588,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2847,"global_ts_usec":1686854380719448} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686854380719448,"flow_src_last_pkt_time":1686854380719448,"flow_dst_last_pkt_time":1686854380719448,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686854380719448,"l3_proto":"ip4","src_ip":"218.225.124.29","dst_ip":"69.109.187.54","src_port":52381,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":590,"flow_packet_id":1,"flow_src_last_pkt_time":1686854380719448,"flow_dst_last_pkt_time":1686854380719448,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686854380719448,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPoRbEHa4XwdRW27NsydAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":598,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":590,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686854380719448,"flow_src_last_pkt_time":1686854380719448,"flow_dst_last_pkt_time":1686854380719448,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686854380719448,"l3_proto":"ip4","src_ip":"218.225.124.29","dst_ip":"69.109.187.54","src_port":52381,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":589,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686840886120988,"flow_src_last_pkt_time":1686840886120988,"flow_dst_last_pkt_time":1686840886120988,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686854380719448,"l3_proto":"ip4","src_ip":"231.223.121.213","dst_ip":"74.111.203.55","src_port":38016,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":599,"packets-processed":598,"total-skipped-flows":0,"total-l4-payload-len":29648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":590,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":590,"total-idle-flows":589,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2852,"global_ts_usec":1686869889080815} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":599,"packets-processed":598,"total-skipped-flows":0,"total-l4-payload-len":29648,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":590,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":590,"total-idle-flows":589,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2852,"global_ts_usec":1686869889080815} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686869889080815,"flow_src_last_pkt_time":1686869889080815,"flow_dst_last_pkt_time":1686869889080815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686869889080815,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":47273,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":591,"flow_packet_id":1,"flow_src_last_pkt_time":1686869889080815,"flow_dst_last_pkt_time":1686869889080815,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686869889080815,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPURKLvIH5CeSm\/LN7ipAasAJTHQAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":599,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686869889080815,"flow_src_last_pkt_time":1686869889080815,"flow_dst_last_pkt_time":1686869889080815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686869889080815,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":47273,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2858,17 +2858,17 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":592,"flow_packet_id":1,"flow_src_last_pkt_time":1686870203714333,"flow_dst_last_pkt_time":1686870203714333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686870203714333,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRXtoxLaDXpXLKPcuOAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686870203714333,"flow_src_last_pkt_time":1686870203714333,"flow_dst_last_pkt_time":1686870203714333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686870203714333,"l3_proto":"ip4","src_ip":"49.45.160.215","dst_ip":"165.114.202.61","src_port":52110,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":591,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686869889080815,"flow_src_last_pkt_time":1686869889080815,"flow_dst_last_pkt_time":1686869889080815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686870203714333,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"74.111.203.55","src_port":47273,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":601,"packets-processed":600,"total-skipped-flows":0,"total-l4-payload-len":29706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":592,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":592,"total-idle-flows":591,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2861,"global_ts_usec":1686871454458967} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":601,"packets-processed":600,"total-skipped-flows":0,"total-l4-payload-len":29706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":592,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":592,"total-idle-flows":591,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2861,"global_ts_usec":1686871454458967} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686871454458967,"flow_src_last_pkt_time":1686871454458967,"flow_dst_last_pkt_time":1686871454458967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686871454458967,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":56053,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":593,"flow_packet_id":1,"flow_src_last_pkt_time":1686871454458967,"flow_dst_last_pkt_time":1686871454458967,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686871454458967,"pkt":"bpHurUgdPJTVQTiBCABFAAA51DEAAPURKLrIH5CeRW27Ntr1AasAJQ+DAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686871454458967,"flow_src_last_pkt_time":1686871454458967,"flow_dst_last_pkt_time":1686871454458967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686871454458967,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":56053,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":592,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686870203714333,"flow_src_last_pkt_time":1686870203714333,"flow_dst_last_pkt_time":1686870203714333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686871454458967,"l3_proto":"ip4","src_ip":"49.45.160.215","dst_ip":"165.114.202.61","src_port":52110,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":602,"packets-processed":601,"total-skipped-flows":0,"total-l4-payload-len":29735,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":593,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":593,"total-idle-flows":592,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2866,"global_ts_usec":1686873049876707} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":602,"packets-processed":601,"total-skipped-flows":0,"total-l4-payload-len":29735,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":593,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":593,"total-idle-flows":592,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2866,"global_ts_usec":1686873049876707} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686873049876707,"flow_src_last_pkt_time":1686873049876707,"flow_dst_last_pkt_time":1686873049876707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686873049876707,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":44785,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":594,"flow_packet_id":1,"flow_src_last_pkt_time":1686873049876707,"flow_dst_last_pkt_time":1686873049876707,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686873049876707,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKL3IH5CeWpOrM67xAasAJTuKAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":594,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686873049876707,"flow_src_last_pkt_time":1686873049876707,"flow_dst_last_pkt_time":1686873049876707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686873049876707,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.147.171.51","src_port":44785,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":593,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686871454458967,"flow_src_last_pkt_time":1686871454458967,"flow_dst_last_pkt_time":1686871454458967,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686873049876707,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"69.109.187.54","src_port":56053,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":603,"packets-processed":602,"total-skipped-flows":0,"total-l4-payload-len":29764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":594,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":594,"total-idle-flows":593,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2871,"global_ts_usec":1686874733087762} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":603,"packets-processed":602,"total-skipped-flows":0,"total-l4-payload-len":29764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":594,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":594,"total-idle-flows":593,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2871,"global_ts_usec":1686874733087762} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686874733087762,"flow_src_last_pkt_time":1686874733087762,"flow_dst_last_pkt_time":1686874733087762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686874733087762,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54403,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":595,"flow_packet_id":1,"flow_src_last_pkt_time":1686874733087762,"flow_dst_last_pkt_time":1686874733087762,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686874733087762,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPURKLfIH5CeWo0lONSDAasAJRXyAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":603,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686874733087762,"flow_src_last_pkt_time":1686874733087762,"flow_dst_last_pkt_time":1686874733087762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686874733087762,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54403,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2877,47 +2877,47 @@ 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":604,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":596,"flow_packet_id":1,"flow_src_last_pkt_time":1686875253404813,"flow_dst_last_pkt_time":1686875253404813,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686875253404813,"pkt":"moT+\/Ph8PJTVQTiBCABFCABLoTQAACIRKX2Y\/6p8VW80ORc1AasANwqXAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":604,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875253404813,"flow_src_last_pkt_time":1686875253404813,"flow_dst_last_pkt_time":1686875253404813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875253404813,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"85.111.52.57","src_port":5941,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":595,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686874733087762,"flow_src_last_pkt_time":1686874733087762,"flow_dst_last_pkt_time":1686874733087762,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875253404813,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.141.37.56","src_port":54403,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":605,"packets-processed":604,"total-skipped-flows":0,"total-l4-payload-len":29840,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":596,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":596,"total-idle-flows":595,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2880,"global_ts_usec":1686875903844766} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":605,"packets-processed":604,"total-skipped-flows":0,"total-l4-payload-len":29840,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":596,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":596,"total-idle-flows":595,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2880,"global_ts_usec":1686875903844766} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875903844766,"flow_src_last_pkt_time":1686875903844766,"flow_dst_last_pkt_time":1686875903844766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875903844766,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":41849,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":597,"flow_packet_id":1,"flow_src_last_pkt_time":1686875903844766,"flow_dst_last_pkt_time":1686875903844766,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686875903844766,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLzIH5CeWm\/UMqN5AasAJUcBAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875903844766,"flow_src_last_pkt_time":1686875903844766,"flow_dst_last_pkt_time":1686875903844766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875903844766,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":41849,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":596,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875253404813,"flow_src_last_pkt_time":1686875253404813,"flow_dst_last_pkt_time":1686875253404813,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686875903844766,"l3_proto":"ip4","src_ip":"152.255.170.124","dst_ip":"85.111.52.57","src_port":5941,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":606,"packets-processed":605,"total-skipped-flows":0,"total-l4-payload-len":29869,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":597,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":597,"total-idle-flows":596,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2885,"global_ts_usec":1686876990016671} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":606,"packets-processed":605,"total-skipped-flows":0,"total-l4-payload-len":29869,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":597,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":597,"total-idle-flows":596,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2885,"global_ts_usec":1686876990016671} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686876990016671,"flow_src_last_pkt_time":1686876990016671,"flow_dst_last_pkt_time":1686876990016671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686876990016671,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":55801,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":598,"flow_packet_id":1,"flow_src_last_pkt_time":1686876990016671,"flow_dst_last_pkt_time":1686876990016671,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686876990016671,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLHIH5CepXLKPdn5AasAJRB2AgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":606,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686876990016671,"flow_src_last_pkt_time":1686876990016671,"flow_dst_last_pkt_time":1686876990016671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686876990016671,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":55801,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":597,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686875903844766,"flow_src_last_pkt_time":1686875903844766,"flow_dst_last_pkt_time":1686875903844766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686876990016671,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"90.111.212.50","src_port":41849,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":607,"packets-processed":606,"total-skipped-flows":0,"total-l4-payload-len":29898,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":598,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":598,"total-idle-flows":597,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2890,"global_ts_usec":1686878041820268} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":607,"packets-processed":606,"total-skipped-flows":0,"total-l4-payload-len":29898,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":598,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":598,"total-idle-flows":597,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2890,"global_ts_usec":1686878041820268} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686878041820268,"flow_src_last_pkt_time":1686878041820268,"flow_dst_last_pkt_time":1686878041820268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686878041820268,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":59938,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":599,"flow_packet_id":1,"flow_src_last_pkt_time":1686878041820268,"flow_dst_last_pkt_time":1686878041820268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686878041820268,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPURKLLIH5CepZBUPuoiAasAJQBOAgkAAB0AAAAAABIEAAJlbgAA\/\/8AB2RlZmF1bHQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":607,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686878041820268,"flow_src_last_pkt_time":1686878041820268,"flow_dst_last_pkt_time":1686878041820268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686878041820268,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":59938,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":598,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686876990016671,"flow_src_last_pkt_time":1686876990016671,"flow_dst_last_pkt_time":1686876990016671,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686878041820268,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.114.202.61","src_port":55801,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":608,"packets-processed":607,"total-skipped-flows":0,"total-l4-payload-len":29927,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":599,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":599,"total-idle-flows":598,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2895,"global_ts_usec":1686879129948527} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":608,"packets-processed":607,"total-skipped-flows":0,"total-l4-payload-len":29927,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":599,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":599,"total-idle-flows":598,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2895,"global_ts_usec":1686879129948527} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686879129948527,"flow_src_last_pkt_time":1686879129948527,"flow_dst_last_pkt_time":1686879129948527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686879129948527,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.147.171.51","src_port":42800,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":600,"flow_packet_id":1,"flow_src_last_pkt_time":1686879129948527,"flow_dst_last_pkt_time":1686879129948527,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686879129948527,"pkt":"AAwp30Y4PJTVQTiBCABFAABLl1IAACcRO9qdePx7WpOrM6cwAasAN4gOAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":608,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686879129948527,"flow_src_last_pkt_time":1686879129948527,"flow_dst_last_pkt_time":1686879129948527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686879129948527,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.147.171.51","src_port":42800,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":599,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686878041820268,"flow_src_last_pkt_time":1686878041820268,"flow_dst_last_pkt_time":1686878041820268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686879129948527,"l3_proto":"ip4","src_ip":"200.31.144.158","dst_ip":"165.144.84.62","src_port":59938,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":609,"packets-processed":608,"total-skipped-flows":0,"total-l4-payload-len":29974,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":600,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":600,"total-idle-flows":599,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2900,"global_ts_usec":1686883384416005} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":609,"packets-processed":608,"total-skipped-flows":0,"total-l4-payload-len":29974,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":600,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":600,"total-idle-flows":599,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2900,"global_ts_usec":1686883384416005} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686883384416005,"flow_src_last_pkt_time":1686883384416005,"flow_dst_last_pkt_time":1686883384416005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686883384416005,"l3_proto":"ip4","src_ip":"155.185.93.215","dst_ip":"165.144.84.62","src_port":16031,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":601,"flow_packet_id":1,"flow_src_last_pkt_time":1686883384416005,"flow_dst_last_pkt_time":1686883384416005,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686883384416005,"pkt":"AAwp30Y4PJTVQTiBCABFCABLS3QAACMRefObuV3XpZBUPj6fAasAN97iAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":609,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686883384416005,"flow_src_last_pkt_time":1686883384416005,"flow_dst_last_pkt_time":1686883384416005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686883384416005,"l3_proto":"ip4","src_ip":"155.185.93.215","dst_ip":"165.144.84.62","src_port":16031,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":600,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686879129948527,"flow_src_last_pkt_time":1686879129948527,"flow_dst_last_pkt_time":1686879129948527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686883384416005,"l3_proto":"ip4","src_ip":"157.120.252.123","dst_ip":"90.147.171.51","src_port":42800,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":610,"packets-processed":609,"total-skipped-flows":0,"total-l4-payload-len":30021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":601,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":601,"total-idle-flows":600,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2905,"global_ts_usec":1686884068384734} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":610,"packets-processed":609,"total-skipped-flows":0,"total-l4-payload-len":30021,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":601,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":601,"total-idle-flows":600,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2905,"global_ts_usec":1686884068384734} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686884068384734,"flow_src_last_pkt_time":1686884068384734,"flow_dst_last_pkt_time":1686884068384734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686884068384734,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"186.112.202.53","src_port":49286,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":602,"flow_packet_id":1,"flow_src_last_pkt_time":1686884068384734,"flow_dst_last_pkt_time":1686884068384734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686884068384734,"pkt":"xmjqc4OdPJTVQTiBCABFAAA51DEAAPkRX1OuMgcLunDKNcCGAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":610,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686884068384734,"flow_src_last_pkt_time":1686884068384734,"flow_dst_last_pkt_time":1686884068384734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686884068384734,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"186.112.202.53","src_port":49286,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":601,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686883384416005,"flow_src_last_pkt_time":1686883384416005,"flow_dst_last_pkt_time":1686883384416005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686884068384734,"l3_proto":"ip4","src_ip":"155.185.93.215","dst_ip":"165.144.84.62","src_port":16031,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":611,"packets-processed":610,"total-skipped-flows":0,"total-l4-payload-len":30050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":602,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":602,"total-idle-flows":601,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2910,"global_ts_usec":1686887976934834} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":611,"packets-processed":610,"total-skipped-flows":0,"total-l4-payload-len":30050,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":602,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":602,"total-idle-flows":601,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2910,"global_ts_usec":1686887976934834} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686887976934834,"flow_src_last_pkt_time":1686887976934834,"flow_dst_last_pkt_time":1686887976934834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686887976934834,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"74.111.203.55","src_port":54129,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":603,"flow_packet_id":1,"flow_src_last_pkt_time":1686887976934834,"flow_dst_last_pkt_time":1686887976934834,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686887976934834,"pkt":"ipffLU2SPJTVQTiBCABFAAA51DEAAPoRbRJZ1jiBSm\/LN9NxAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686887976934834,"flow_src_last_pkt_time":1686887976934834,"flow_dst_last_pkt_time":1686887976934834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686887976934834,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"74.111.203.55","src_port":54129,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":602,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686884068384734,"flow_src_last_pkt_time":1686884068384734,"flow_dst_last_pkt_time":1686884068384734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686887976934834,"l3_proto":"ip4","src_ip":"174.50.7.11","dst_ip":"186.112.202.53","src_port":49286,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":612,"packets-processed":611,"total-skipped-flows":0,"total-l4-payload-len":30079,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":603,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":603,"total-idle-flows":602,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2915,"global_ts_usec":1686889052799486} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":612,"packets-processed":611,"total-skipped-flows":0,"total-l4-payload-len":30079,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":603,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":603,"total-idle-flows":602,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2915,"global_ts_usec":1686889052799486} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686889052799486,"flow_src_last_pkt_time":1686889052799486,"flow_dst_last_pkt_time":1686889052799486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686889052799486,"l3_proto":"ip4","src_ip":"166.209.36.168","dst_ip":"90.141.37.56","src_port":54765,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":604,"flow_packet_id":1,"flow_src_last_pkt_time":1686889052799486,"flow_dst_last_pkt_time":1686889052799486,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686889052799486,"pkt":"3jHC4dyOPJTVQTiBCABFAAA51DEAAPkRbgOm0SSoWo0lONXtAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":604,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686889052799486,"flow_src_last_pkt_time":1686889052799486,"flow_dst_last_pkt_time":1686889052799486,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686889052799486,"l3_proto":"ip4","src_ip":"166.209.36.168","dst_ip":"90.141.37.56","src_port":54765,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":603,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686887976934834,"flow_src_last_pkt_time":1686887976934834,"flow_dst_last_pkt_time":1686887976934834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686889052799486,"l3_proto":"ip4","src_ip":"89.214.56.129","dst_ip":"74.111.203.55","src_port":54129,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":613,"packets-processed":612,"total-skipped-flows":0,"total-l4-payload-len":30108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":604,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":604,"total-idle-flows":603,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2920,"global_ts_usec":1686891665856707} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":613,"packets-processed":612,"total-skipped-flows":0,"total-l4-payload-len":30108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":604,"total-detection-updates":0,"total-updates":100,"current-active-flows":1,"total-active-flows":604,"total-idle-flows":603,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2920,"global_ts_usec":1686891665856707} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891665856707,"flow_src_last_pkt_time":1686891665856707,"flow_dst_last_pkt_time":1686891665856707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686891665856707,"l3_proto":"ip4","src_ip":"70.191.37.189","dst_ip":"90.145.180.58","src_port":53867,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":605,"flow_packet_id":1,"flow_src_last_pkt_time":1686891665856707,"flow_dst_last_pkt_time":1686891665856707,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686891665856707,"pkt":"bs1PogZtPJTVQTiBCABFAAA+4yBAADQRvaRGvyW9WpG0OtJrAasAKvcVAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":605,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891665856707,"flow_src_last_pkt_time":1686891665856707,"flow_dst_last_pkt_time":1686891665856707,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686891665856707,"l3_proto":"ip4","src_ip":"70.191.37.189","dst_ip":"90.145.180.58","src_port":53867,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2941,12 +2941,12 @@ 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":608,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891994836858,"flow_src_last_pkt_time":1686891994836858,"flow_dst_last_pkt_time":1686891994836858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686892196221763,"l3_proto":"ip4","src_ip":"88.192.213.176","dst_ip":"165.144.84.62","src_port":12807,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":606,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891861875895,"flow_src_last_pkt_time":1686891861875895,"flow_dst_last_pkt_time":1686891861875895,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686892196221763,"l3_proto":"ip4","src_ip":"166.70.59.181","dst_ip":"69.109.187.54","src_port":28945,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":607,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686891930334421,"flow_src_last_pkt_time":1686891930334421,"flow_dst_last_pkt_time":1686891930334421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686892196221763,"l3_proto":"ip4","src_ip":"88.192.213.176","dst_ip":"165.114.202.61","src_port":12807,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":618,"packets-processed":617,"total-skipped-flows":0,"total-l4-payload-len":30278,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":609,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":609,"total-idle-flows":608,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2944,"global_ts_usec":1686893335451836} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":618,"packets-processed":617,"total-skipped-flows":0,"total-l4-payload-len":30278,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":609,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":609,"total-idle-flows":608,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2944,"global_ts_usec":1686893335451836} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686893335451836,"flow_src_last_pkt_time":1686893335451836,"flow_dst_last_pkt_time":1686893335451836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686893335451836,"l3_proto":"ip4","src_ip":"88.63.218.184","dst_ip":"186.112.202.53","src_port":57760,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":610,"flow_packet_id":1,"flow_src_last_pkt_time":1686893335451836,"flow_dst_last_pkt_time":1686893335451836,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686893335451836,"pkt":"xmjqc4OdPJTVQTiBCABFAAA+KW1AADQRd2JYP9q4unDKNeGgAasAKufqAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":610,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686893335451836,"flow_src_last_pkt_time":1686893335451836,"flow_dst_last_pkt_time":1686893335451836,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686893335451836,"l3_proto":"ip4","src_ip":"88.63.218.184","dst_ip":"186.112.202.53","src_port":57760,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":609,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686892196221763,"flow_src_last_pkt_time":1686892196221763,"flow_dst_last_pkt_time":1686892196221763,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686893335451836,"l3_proto":"ip4","src_ip":"95.185.37.180","dst_ip":"85.111.52.57","src_port":56601,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":619,"packets-processed":618,"total-skipped-flows":0,"total-l4-payload-len":30312,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":610,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":610,"total-idle-flows":609,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2949,"global_ts_usec":1686894095858225} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":619,"packets-processed":618,"total-skipped-flows":0,"total-l4-payload-len":30312,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":610,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":610,"total-idle-flows":609,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2949,"global_ts_usec":1686894095858225} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894095858225,"flow_src_last_pkt_time":1686894095858225,"flow_dst_last_pkt_time":1686894095858225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686894095858225,"l3_proto":"ip4","src_ip":"95.190.219.185","dst_ip":"90.111.212.50","src_port":65399,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":611,"flow_packet_id":1,"flow_src_last_pkt_time":1686894095858225,"flow_dst_last_pkt_time":1686894095858225,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686894095858225,"pkt":"AAwp30Y4PJTVQTiBCABFAAA+DzlAADQRkZhfvtu5Wm\/UMv93AasAKsoVAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":619,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":611,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894095858225,"flow_src_last_pkt_time":1686894095858225,"flow_dst_last_pkt_time":1686894095858225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686894095858225,"l3_proto":"ip4","src_ip":"95.190.219.185","dst_ip":"90.111.212.50","src_port":65399,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2958,28 +2958,28 @@ 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894627287214,"flow_src_last_pkt_time":1686894627287214,"flow_dst_last_pkt_time":1686894627287214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686894627287214,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":58318,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":613,"flow_packet_id":1,"flow_src_last_pkt_time":1686894627287214,"flow_dst_last_pkt_time":1686894627287214,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":1686894627287214,"pkt":"ipffLU2SPJTVQTiBCABFAAA+zylAADQR0apAOMuySm\/LN+POAasAKuXBAgEAACIAAAAAAAAFAAJlbgAAAAAAAAAAAAhBQUFBQUFBQQ=="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894627287214,"flow_src_last_pkt_time":1686894627287214,"flow_dst_last_pkt_time":1686894627287214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686894627287214,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":58318,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":622,"packets-processed":621,"total-skipped-flows":0,"total-l4-payload-len":30414,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":613,"total-detection-updates":0,"total-updates":103,"current-active-flows":2,"total-active-flows":613,"total-idle-flows":611,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2961,"global_ts_usec":1686895136332318} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":622,"packets-processed":621,"total-skipped-flows":0,"total-l4-payload-len":30414,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":613,"total-detection-updates":0,"total-updates":103,"current-active-flows":2,"total-active-flows":613,"total-idle-flows":611,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2961,"global_ts_usec":1686895136332318} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686895136332318,"flow_src_last_pkt_time":1686895136332318,"flow_dst_last_pkt_time":1686895136332318,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686895136332318,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"69.109.187.54","src_port":43680,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":614,"flow_packet_id":1,"flow_src_last_pkt_time":1686895136332318,"flow_dst_last_pkt_time":1686895136332318,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686895136332318,"pkt":"bpHurUgdPJTVQTiBCABFAABLZR8AACcRbf1dZnxwRW27NqqgAasAN4SOAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":622,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686895136332318,"flow_src_last_pkt_time":1686895136332318,"flow_dst_last_pkt_time":1686895136332318,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686895136332318,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"69.109.187.54","src_port":43680,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":613,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894627287214,"flow_src_last_pkt_time":1686894627287214,"flow_dst_last_pkt_time":1686894627287214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686895136332318,"l3_proto":"ip4","src_ip":"64.56.203.178","dst_ip":"74.111.203.55","src_port":58318,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":612,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686894584993003,"flow_src_last_pkt_time":1686894584993003,"flow_dst_last_pkt_time":1686894584993003,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686895136332318,"l3_proto":"ip4","src_ip":"71.64.36.183","dst_ip":"90.147.171.51","src_port":43664,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":623,"packets-processed":622,"total-skipped-flows":0,"total-l4-payload-len":30461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":614,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":614,"total-idle-flows":613,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2967,"global_ts_usec":1686900080044444} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":623,"packets-processed":622,"total-skipped-flows":0,"total-l4-payload-len":30461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":614,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":614,"total-idle-flows":613,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2967,"global_ts_usec":1686900080044444} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686900080044444,"flow_src_last_pkt_time":1686900080044444,"flow_dst_last_pkt_time":1686900080044444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686900080044444,"l3_proto":"ip4","src_ip":"185.27.37.156","dst_ip":"90.145.180.58","src_port":54712,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":615,"flow_packet_id":1,"flow_src_last_pkt_time":1686900080044444,"flow_dst_last_pkt_time":1686900080044444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686900080044444,"pkt":"bs1PogZtPJTVQTiBCABFAAA51DEAAPkRbia5GyWcWpG0OtW4AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686900080044444,"flow_src_last_pkt_time":1686900080044444,"flow_dst_last_pkt_time":1686900080044444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686900080044444,"l3_proto":"ip4","src_ip":"185.27.37.156","dst_ip":"90.145.180.58","src_port":54712,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":614,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686895136332318,"flow_src_last_pkt_time":1686895136332318,"flow_dst_last_pkt_time":1686895136332318,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686900080044444,"l3_proto":"ip4","src_ip":"93.102.124.112","dst_ip":"69.109.187.54","src_port":43680,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":624,"packets-processed":623,"total-skipped-flows":0,"total-l4-payload-len":30490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":615,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":615,"total-idle-flows":614,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2972,"global_ts_usec":1686903641258422} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":624,"packets-processed":623,"total-skipped-flows":0,"total-l4-payload-len":30490,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":615,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":615,"total-idle-flows":614,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2972,"global_ts_usec":1686903641258422} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686903641258422,"flow_src_last_pkt_time":1686903641258422,"flow_dst_last_pkt_time":1686903641258422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686903641258422,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"90.111.212.50","src_port":53551,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":616,"flow_packet_id":1,"flow_src_last_pkt_time":1686903641258422,"flow_dst_last_pkt_time":1686903641258422,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686903641258422,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPoRbOK61Z7hWm\/UMtEvAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01073{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":624,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686903641258422,"flow_src_last_pkt_time":1686903641258422,"flow_dst_last_pkt_time":1686903641258422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686903641258422,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"90.111.212.50","src_port":53551,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":615,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686900080044444,"flow_src_last_pkt_time":1686900080044444,"flow_dst_last_pkt_time":1686900080044444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686903641258422,"l3_proto":"ip4","src_ip":"185.27.37.156","dst_ip":"90.145.180.58","src_port":54712,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":625,"packets-processed":624,"total-skipped-flows":0,"total-l4-payload-len":30519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":616,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":616,"total-idle-flows":615,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2977,"global_ts_usec":1686910566541526} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":625,"packets-processed":624,"total-skipped-flows":0,"total-l4-payload-len":30519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":616,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":616,"total-idle-flows":615,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2977,"global_ts_usec":1686910566541526} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686910566541526,"flow_src_last_pkt_time":1686910566541526,"flow_dst_last_pkt_time":1686910566541526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686910566541526,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":55642,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":617,"flow_packet_id":1,"flow_src_last_pkt_time":1686910566541526,"flow_dst_last_pkt_time":1686910566541526,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1686910566541526,"pkt":"3jHC4dyOPJTVQTiBCABFCABL+kUAACIR0GunB5p9Wo0lONlaAasAN0hxAgEAAC8AAAAAAEQAAAJlbgAAAA5zZXJ2aWNlOmNlbnN5cwAHREVGQVVMVAAAAAA="} 01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":617,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686910566541526,"flow_src_last_pkt_time":1686910566541526,"flow_dst_last_pkt_time":1686910566541526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686910566541526,"l3_proto":"ip4","src_ip":"167.7.154.125","dst_ip":"90.141.37.56","src_port":55642,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":616,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686903641258422,"flow_src_last_pkt_time":1686903641258422,"flow_dst_last_pkt_time":1686903641258422,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686910566541526,"l3_proto":"ip4","src_ip":"186.213.158.225","dst_ip":"90.111.212.50","src_port":53551,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":626,"packets-processed":625,"total-skipped-flows":0,"total-l4-payload-len":30566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":617,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":617,"total-idle-flows":616,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2982,"global_ts_usec":1686916643605858} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":626,"packets-processed":625,"total-skipped-flows":0,"total-l4-payload-len":30566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":617,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":617,"total-idle-flows":616,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2982,"global_ts_usec":1686916643605858} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686916643605858,"flow_src_last_pkt_time":1686916643605858,"flow_dst_last_pkt_time":1686916643605858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686916643605858,"l3_proto":"ip4","src_ip":"70.216.186.103","dst_ip":"90.147.171.51","src_port":52251,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":618,"flow_packet_id":1,"flow_src_last_pkt_time":1686916643605858,"flow_dst_last_pkt_time":1686916643605858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686916643605858,"pkt":"AAwp30Y4PJTVQTiBCABFAAA51DEAAPkRbZlG2LpnWpOrM8wbAasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":626,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":618,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686916643605858,"flow_src_last_pkt_time":1686916643605858,"flow_dst_last_pkt_time":1686916643605858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686916643605858,"l3_proto":"ip4","src_ip":"70.216.186.103","dst_ip":"90.147.171.51","src_port":52251,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2987,7 +2987,7 @@ 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686916678686629,"flow_src_last_pkt_time":1686916678686629,"flow_dst_last_pkt_time":1686916678686629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686916678686629,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":26319,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":619,"flow_packet_id":1,"flow_src_last_pkt_time":1686916678686629,"flow_dst_last_pkt_time":1686916678686629,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_usec":1686916678686629,"pkt":"AAwp30Y4PJTVQTiBCABFCABS3OcAAGsROahDnxCWpXLKPWbPAasAPgAAAgEAADYgAAAAAAABAAJlbgAAABVzZXJ2aWNlOnNlcnZpY2UtYWdlbnQAB2RlZmF1bHQAAAAA"} 01072{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":627,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":619,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686916678686629,"flow_src_last_pkt_time":1686916678686629,"flow_dst_last_pkt_time":1686916678686629,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":54,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686916678686629,"l3_proto":"ip4","src_ip":"67.159.16.150","dst_ip":"165.114.202.61","src_port":26319,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":628,"packets-processed":627,"total-skipped-flows":0,"total-l4-payload-len":30649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":619,"total-detection-updates":0,"total-updates":103,"current-active-flows":2,"total-active-flows":619,"total-idle-flows":617,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2990,"global_ts_usec":1686918716711404} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":628,"packets-processed":627,"total-skipped-flows":0,"total-l4-payload-len":30649,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":619,"total-detection-updates":0,"total-updates":103,"current-active-flows":2,"total-active-flows":619,"total-idle-flows":617,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2990,"global_ts_usec":1686918716711404} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686918716711404,"flow_src_last_pkt_time":1686918716711404,"flow_dst_last_pkt_time":1686918716711404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686918716711404,"l3_proto":"ip4","src_ip":"58.22.67.22","dst_ip":"85.111.52.57","src_port":52092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":620,"flow_packet_id":1,"flow_src_last_pkt_time":1686918716711404,"flow_dst_last_pkt_time":1686918716711404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1686918716711404,"pkt":"moT+\/Ph8PJTVQTiBCABFAAA51DEAAPoRbEQ6FkMWVW80Oct8AasAJQAAAgkAAB0AAAAAAJ32AAJlbgAA\/\/8AB0RFRkFVTFQ="} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":628,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686918716711404,"flow_src_last_pkt_time":1686918716711404,"flow_dst_last_pkt_time":1686918716711404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686918716711404,"l3_proto":"ip4","src_ip":"58.22.67.22","dst_ip":"85.111.52.57","src_port":52092,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} @@ -2998,7 +2998,7 @@ 01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686919264737057,"flow_src_last_pkt_time":1686919264737057,"flow_dst_last_pkt_time":1686919264737057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686919264737057,"l3_proto":"ip4","src_ip":"217.39.155.99","dst_ip":"165.144.84.62","src_port":51503,"dst_port":427,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":620,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686918716711404,"flow_src_last_pkt_time":1686918716711404,"flow_dst_last_pkt_time":1686918716711404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686919264737057,"l3_proto":"ip4","src_ip":"58.22.67.22","dst_ip":"85.111.52.57","src_port":52092,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","flow_id":621,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1686919264737057,"flow_src_last_pkt_time":1686919264737057,"flow_dst_last_pkt_time":1686919264737057,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1686919264737057,"l3_proto":"ip4","src_ip":"217.39.155.99","dst_ip":"165.144.84.62","src_port":51503,"dst_port":427,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Service_Location_Protocol","proto_id":"347","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":629,"packets-processed":629,"total-skipped-flows":0,"total-l4-payload-len":30707,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":621,"total-detection-updates":0,"total-updates":103,"current-active-flows":0,"total-active-flows":621,"total-idle-flows":621,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3001,"global_ts_usec":1686919264737057} +00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":629,"source":"cfgs\/default\/pcap\/srvloc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":629,"packets-processed":629,"total-skipped-flows":0,"total-l4-payload-len":30707,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":621,"total-detection-updates":0,"total-updates":103,"current-active-flows":0,"total-active-flows":621,"total-idle-flows":621,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3001,"global_ts_usec":1686919264737057} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 629/629 ~~ skipped flows.............: 0 @@ -3007,9 +3007,9 @@ ~~ total active/idle flows...: 621/621 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 9116754 bytes -~~ total memory freed........: 9116754 bytes -~~ total allocations/frees...: 153820/153820 +~~ total memory allocated....: 12815453 bytes +~~ total memory freed........: 12815453 bytes +~~ total allocations/frees...: 224074/224074 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 553 chars ~~ json string max len.......: 1125 chars diff --git a/test/results/default/ssdp-m-search-ua.pcap.out b/test/results/default/ssdp-m-search-ua.pcap.out index c6ca88a5c..59c959f9d 100644 --- a/test/results/default/ssdp-m-search-ua.pcap.out +++ b/test/results/default/ssdp-m-search-ua.pcap.out @@ -1,5 +1,5 @@ -00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648315275444157} +00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648315275444157} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648315275444157,"flow_src_last_pkt_time":1648315275444157,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648315275444157,"l3_proto":"ip4","src_ip":"192.168.242.50","dst_ip":"239.255.255.250","src_port":56446,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648315275444157,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1648315275444157,"pkt":"AQBef\/\/68C9LCZO8CABFAADKnWgAAAEReOXAqPIy7\/\/\/+tx+B2wAtraSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS85OS4wLjQ4NDQuNzQgTWFjIE9TIFgNCg0K"} 00974{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648315275444157,"flow_src_last_pkt_time":1648315275444157,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648315275444157,"l3_proto":"ip4","src_ip":"192.168.242.50","dst_ip":"239.255.255.250","src_port":56446,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} @@ -7,7 +7,7 @@ 00756{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1648315277449906,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1648315277449906,"pkt":"AQBef\/\/68C9LCZO8CABFAADKWrMAAAERu5rAqPIy7\/\/\/+tx+B2wAtraSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS85OS4wLjQ4NDQuNzQgTWFjIE9TIFgNCg0K"} 00757{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1648315278446168,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_usec":1648315278446168,"pkt":"AQBef\/\/68C9LCZO8CABFAADKE\/4AAAERAlDAqPIy7\/\/\/+tx+B2wAtraSTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KVVNFUi1BR0VOVDogR29vZ2xlIENocm9tZS85OS4wLjQ4NDQuNzQgTWFjIE9TIFgNCg0K"} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1648315275444157,"flow_src_last_pkt_time":1648315278446168,"flow_dst_last_pkt_time":1648315275444157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":174,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":174,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":696,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648315278446168,"l3_proto":"ip4","src_ip":"192.168.242.50","dst_ip":"239.255.255.250","src_port":56446,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1648315278446168} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ssdp-m-search-ua.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":696,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1648315278446168} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766877 bytes -~~ total memory freed........: 7766877 bytes -~~ total allocations/frees...: 146375/146375 +~~ total memory allocated....: 11475496 bytes +~~ total memory freed........: 11475496 bytes +~~ total allocations/frees...: 216629/216629 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 577 chars ~~ json string max len.......: 984 chars diff --git a/test/results/default/ssdp-m-search.pcap.out b/test/results/default/ssdp-m-search.pcap.out index d9d12b8c4..d8f33f4ae 100644 --- a/test/results/default/ssdp-m-search.pcap.out +++ b/test/results/default/ssdp-m-search.pcap.out @@ -1,5 +1,5 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1532054645808785} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1532054645808785} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532054645808785,"flow_src_last_pkt_time":1532054645808785,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":21,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532054645808785,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1532054645808785,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"thread_ts_usec":1532054645808785,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxO0tAAEARmRfAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"} 00948{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532054645808785,"flow_src_last_pkt_time":1532054645808785,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":21,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532054645808785,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":""}} @@ -9,7 +9,7 @@ 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1532054665808769,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"thread_ts_usec":1532054665808769,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxfl5AAEARVgTAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1532054645808785,"flow_src_last_pkt_time":1532054700808779,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":21,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532054700808779,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1532054645808785,"flow_src_last_pkt_time":1532054735808753,"flow_dst_last_pkt_time":1532054645808785,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":21,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":399,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532054735808753,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":399,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1532054735808753} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/ssdp-m-search.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-payload-len":399,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1532054735808753} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767276 bytes -~~ total memory freed........: 7767276 bytes -~~ total allocations/frees...: 146389/146389 +~~ total memory allocated....: 11475895 bytes +~~ total memory freed........: 11475895 bytes +~~ total allocations/frees...: 216643/216643 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 555 chars ~~ json string max len.......: 983 chars diff --git a/test/results/default/ssh.pcap.out b/test/results/default/ssh.pcap.out index 4a3ac8d87..7c970c176 100644 --- a/test/results/default/ssh.pcap.out +++ b/test/results/default/ssh.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1320435464760244} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1320435464760244} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1320435464760244,"flow_src_last_pkt_time":1320435464760244,"flow_dst_last_pkt_time":1320435464760244,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1320435464760244,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1320435464760244,"flow_dst_last_pkt_time":1320435464760244,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1320435464760244,"pkt":"AAwppUXgAFBWwAAICABFAABAek9AAEAGi52sEO4BrBDuqOQbABY3Xn+qAAAAALAC\/\/+abgAAAgQFtAEDAwMBAQgKHJWv9QAAAAAEAgAA"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1320435464760244,"flow_dst_last_pkt_time":1320435464760270,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1320435464760270,"pkt":"AFBWwAAIAAwppUXgCABFAAA8AABAAEAGBfGsEO6orBDuAQAW5BtConY2N15\/q6ASFqC42wAAAgQFtAQCCAoAEyL4HJWv9QEDAwY="} @@ -13,7 +13,7 @@ 01383{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1320435464760244,"flow_src_last_pkt_time":1320435464769196,"flow_dst_last_pkt_time":1320435464770779,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":904,"flow_dst_max_l4_payload_len":784,"flow_src_tot_l4_payload_len":925,"flow_dst_tot_l4_payload_len":805,"midstream":0,"thread_ts_usec":1320435464770779,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess","ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":"B1C6C0D56317555B85C7005A3DE29325"}}} 02425{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1320435464760244,"flow_src_last_pkt_time":1320435472330349,"flow_dst_last_pkt_time":1320435469423179,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":904,"flow_dst_max_l4_payload_len":784,"flow_src_tot_l4_payload_len":1509,"flow_dst_tot_l4_payload_len":1885,"midstream":0,"thread_ts_usec":1320435472330349,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":26,"avg":394614.2,"max":2907110,"stddev":888738.9,"var":789856780288.0,"ent":2.5,"data": [26,41,8112,8146,295,788,470,140,1469,1611,306,1791,1560,1614,14729,13069,1842,42337,40496,170,257,393,251,40593,51194,91555,2632288,2632557,1868772,1869058,2907110]},"pktlen": {"min":52,"avg":158.7,"max":956,"stddev":230.1,"var":52961.8,"ent":4.1,"data": [64,60,52,73,52,73,52,956,52,836,52,76,204,52,196,772,52,68,52,100,52,100,52,116,52,132,52,196,52,132,52,196]},"bins": {"c_to_s": [12,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [8,1,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0],"entropies": [4.495864868,5.031404495,4.947339535,5.395304680,4.870416641,5.379396915,4.940637589,5.147055149,4.940637589,5.183596134,4.923395157,4.404554367,6.511710644,4.985801220,6.696379662,7.508841991,4.884933472,4.511087418,4.815073490,5.981212139,4.902175903,6.028761387,4.894361019,6.251031399,4.940637589,6.350845814,4.932822704,6.810175419,4.853535175,6.303876877,4.902175426,6.814750671]},"ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01230{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":159,"flow_dst_packets_processed":99,"flow_first_seen":1320435464760244,"flow_src_last_pkt_time":1320435713237065,"flow_dst_last_pkt_time":1320435713237024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":904,"flow_dst_max_l4_payload_len":1280,"flow_src_tot_l4_payload_len":5109,"flow_dst_tot_l4_payload_len":13389,"midstream":0,"thread_ts_usec":1320435713237065,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Cli Vers\/Cipher","severity":"High","risk_score": {"total":300,"client":210,"server":90}},"19": {"risk":"SSH Obsolete Ser Vers\/Cipher","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"SSH","proto_id":"92","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":258,"packets-processed":258,"total-skipped-flows":0,"total-l4-payload-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1320435713237065} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/ssh.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":258,"packets-processed":258,"total-skipped-flows":0,"total-l4-payload-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1320435713237065} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 258/258 ~~ skipped flows.............: 0 @@ -22,9 +22,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7776287 bytes -~~ total memory freed........: 7776287 bytes -~~ total allocations/frees...: 146635/146635 +~~ total memory allocated....: 11484906 bytes +~~ total memory freed........: 11484906 bytes +~~ total allocations/frees...: 216889/216889 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 545 chars ~~ json string max len.......: 2430 chars diff --git a/test/results/default/ssl-cert-name-mismatch.pcap.out b/test/results/default/ssl-cert-name-mismatch.pcap.out index 36517ccd1..fc4bfc727 100644 --- a/test/results/default/ssl-cert-name-mismatch.pcap.out +++ b/test/results/default/ssl-cert-name-mismatch.pcap.out @@ -1,5 +1,5 @@ -00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1620643422034834} +00578{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1620643422034834} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422034834,"flow_dst_last_pkt_time":1620643422034834,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1620643422034834,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1620643422034834,"flow_dst_last_pkt_time":1620643422034834,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620643422034834,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA8gCNAAEAGNQ\/AqALeaJpZadX0AbtP8LY3AAAAAKACchCFuAAAAgQFtAQCCAoBlw8kAAAAAAEDAwc="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1620643422034834,"flow_dst_last_pkt_time":1620643422162607,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1620643422162607,"pkt":"ACWQ1Mz5BBjWBrNaCABFAAA8AABAADAGxTJomllpwKgC3gG71fRoLFRgT\/C2OKASbgBjmAAAAgQFjAQCCAqtfZhXAZcPJAEDAwc="} @@ -10,7 +10,7 @@ 01226{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422196037,"flow_dst_last_pkt_time":1620643422325332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1408,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1408,"midstream":0,"thread_ts_usec":1620643422325332,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"wrong.host.badssl.com","tls": {"version":"TLSv1.2","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1"}}} 01503{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422325356,"flow_dst_last_pkt_time":1620643422325538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1408,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":3334,"midstream":0,"thread_ts_usec":1620643422325538,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"wrong.host.badssl.com","tls": {"version":"TLSv1.2","server_names":"*.badssl.com,badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Walnut Creek, O=Lucas Garron Torres, CN=*.badssl.com","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"18:45:B2:16:EF:D0:83:9A:18:51:A9:57:32:5D:A3:36:21:70:49:CB"}}} 00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1620643422034834,"flow_src_last_pkt_time":1620643422749798,"flow_dst_last_pkt_time":1620643422754639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1408,"flow_src_tot_l4_payload_len":402,"flow_dst_tot_l4_payload_len":3608,"midstream":0,"thread_ts_usec":1620643422754639,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":21,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":4010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1620643422754639} +00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ssl-cert-name-mismatch.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":21,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":4010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1620643422754639} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 21/21 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777627 bytes -~~ total memory freed........: 7777627 bytes -~~ total allocations/frees...: 146402/146402 +~~ total memory allocated....: 11486246 bytes +~~ total memory freed........: 11486246 bytes +~~ total allocations/frees...: 216656/216656 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 560 chars ~~ json string max len.......: 1508 chars diff --git a/test/results/default/starcraft_battle.pcap.out b/test/results/default/starcraft_battle.pcap.out index dd9b3b4ed..a9b363007 100644 --- a/test/results/default/starcraft_battle.pcap.out +++ b/test/results/default/starcraft_battle.pcap.out @@ -1,5 +1,5 @@ -00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1437389953643103} +00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1437389953643103} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389953643103,"flow_src_last_pkt_time":1437389953643103,"flow_dst_last_pkt_time":1437389953643103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389953643103,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1437389953643103,"flow_dst_last_pkt_time":1437389953643103,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1437389953643103,"pkt":"IImEa8W6hCYVPnXECABFAABHZtpAAPMGok\/AHvxbwKgBZAG7DI12Mx9qhBzaXVAYAB\/+XQAAFwMDABrSe+rfqh1HHm09zJFdvf5O5AwaBTHDWE16Zg=="} 01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437389953643103,"flow_src_last_pkt_time":1437389953643103,"flow_dst_last_pkt_time":1437389953643103,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389953643103,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Github","proto_by_ip_id":203,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -359,9 +359,9 @@ 00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1437389985320648,"flow_src_last_pkt_time":1437389985635256,"flow_dst_last_pkt_time":1437389985635209,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":145,"flow_dst_max_l4_payload_len":499,"flow_src_tot_l4_payload_len":145,"flow_dst_tot_l4_payload_len":499,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.26","src_port":3524,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1437389985434803,"flow_src_last_pkt_time":1437389985610939,"flow_dst_last_pkt_time":1437389985610905,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":209,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":209,"flow_dst_tot_l4_payload_len":3046,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3525,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00975{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1437389985446792,"flow_src_last_pkt_time":1437389985631224,"flow_dst_last_pkt_time":1437389985631183,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":211,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":211,"flow_dst_tot_l4_payload_len":2851,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"80.239.186.40","src_port":3526,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00957{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1437389955670603,"flow_src_last_pkt_time":1437389984585571,"flow_dst_last_pkt_time":1437389984611162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":41,"flow_src_tot_l4_payload_len":117,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +00988{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1437389955670603,"flow_src_last_pkt_time":1437389984585571,"flow_dst_last_pkt_time":1437389984611162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":41,"flow_src_tot_l4_payload_len":117,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} 00792{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1437389955670603,"flow_src_last_pkt_time":1437389984585571,"flow_dst_last_pkt_time":1437389984611162,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":41,"flow_dst_max_l4_payload_len":41,"flow_src_tot_l4_payload_len":117,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"173.194.40.22","dst_ip":"192.168.1.100","src_port":443,"dst_port":53568,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00942{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1437389982769377,"flow_src_last_pkt_time":1437389982769377,"flow_dst_last_pkt_time":1437389982823721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} +00938{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1437389982769377,"flow_src_last_pkt_time":1437389982769377,"flow_dst_last_pkt_time":1437389982823721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Starcraft","proto_id":"213","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1437389982769377,"flow_src_last_pkt_time":1437389982769377,"flow_dst_last_pkt_time":1437389982823721,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":2,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2,"flow_dst_max_l4_payload_len":2,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":2,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"5.42.180.154","src_port":53146,"dst_port":1119,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00932{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1437389968487945,"flow_src_last_pkt_time":1437389968610372,"flow_dst_last_pkt_time":1437389968610342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00786{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1437389968487945,"flow_src_last_pkt_time":1437389968610372,"flow_dst_last_pkt_time":1437389968610342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"199.38.164.156","src_port":3486,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -376,7 +376,7 @@ 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1437389955747893,"flow_src_last_pkt_time":1437389955747893,"flow_dst_last_pkt_time":1437389955800556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":82,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":82,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1437389956550428,"flow_src_last_pkt_time":1437389956550723,"flow_dst_last_pkt_time":1437389956605099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":89,"flow_dst_tot_l4_payload_len":198,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01219{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1437389967432431,"flow_src_last_pkt_time":1437389968027107,"flow_dst_last_pkt_time":1437389968027078,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":273,"midstream":0,"thread_ts_usec":1437389985996137,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","proto_id":"7.76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":800,"packets-processed":797,"total-skipped-flows":0,"total-l4-payload-len":316668,"total-not-detected-flows":0,"total-guessed-flows":13,"total-detected-flows":39,"total-detection-updates":12,"total-updates":0,"current-active-flows":0,"total-active-flows":52,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":379,"global_ts_usec":1437389985996137} +00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":800,"source":"cfgs\/default\/pcap\/starcraft_battle.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":800,"packets-processed":797,"total-skipped-flows":0,"total-l4-payload-len":316668,"total-not-detected-flows":0,"total-guessed-flows":13,"total-detected-flows":39,"total-detection-updates":12,"total-updates":0,"current-active-flows":0,"total-active-flows":52,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":379,"global_ts_usec":1437389985996137} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 800/797 ~~ skipped flows.............: 0 @@ -385,9 +385,9 @@ ~~ total active/idle flows...: 52/52 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7928506 bytes -~~ total memory freed........: 7928506 bytes -~~ total allocations/frees...: 147841/147841 +~~ total memory allocated....: 11636309 bytes +~~ total memory freed........: 11636309 bytes +~~ total allocations/frees...: 218095/218095 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 310 chars ~~ json string max len.......: 2402 chars diff --git a/test/results/default/steam.pcap.out b/test/results/default/steam.pcap.out index 5bf338b04..e5f78538e 100644 --- a/test/results/default/steam.pcap.out +++ b/test/results/default/steam.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1357332164693497} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1357332164693497} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164693497,"flow_src_last_pkt_time":1357332164693497,"flow_dst_last_pkt_time":1357332164693497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1357332164693497,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1357332164693497,"flow_dst_last_pkt_time":1357332164693497,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1357332164693497,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx\/AqLyVkkKYDbJhaYoALLORVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} 01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164693497,"flow_src_last_pkt_time":1357332164693497,"flow_dst_last_pkt_time":1357332164693497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1357332164693497,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} @@ -208,74 +208,89 @@ 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":3,"flow_src_last_pkt_time":1357332165586753,"flow_dst_last_pkt_time":1357332165330124,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1357332165586753,"pkt":"AFBW4RiuAAwp3FvtCABFAABEAABAAEARNwrAqLyVSKU9vLJhaYoAMEhAVlMwMQQAAwQABgAAAAAAAAEAAAABAAAAAQAAAAEAAAAEAAAAbm6TxQ=="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":4,"flow_src_last_pkt_time":1357332165586753,"flow_dst_last_pkt_time":1357332165619306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1357332165619306,"pkt":"AAwp3FvtAFBW4RiuCABFAABAWU4AAIAR3b9IpT28wKi8lWmKsmEALKNoVlMwMQAABAQAwKtTAAYAAAIAAAABAAAAAQAAAAIAAAAAAAAA"} 00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1357332165586753,"flow_dst_last_pkt_time":1357332165620102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1357332165620102,"pkt":"AAwp3FvtAFBW4RiuCABFAABcWU8AAIAR3aJIpT28wKi8lWmKsmEASE4rVlMwMRwABgQAwKtTAAYAAAMAAAABAAAAAQAAAAMAAAAcAAAAFwUAAP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8BAAAAAQAAAA=="} -01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332165137546,"flow_src_last_pkt_time":1357332165137546,"flow_dst_last_pkt_time":1357332165137546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164737048,"flow_src_last_pkt_time":1357332164737048,"flow_dst_last_pkt_time":1357332164737048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332165138337,"flow_src_last_pkt_time":1357332165138337,"flow_dst_last_pkt_time":1357332165138337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164694714,"flow_src_last_pkt_time":1357332164694714,"flow_dst_last_pkt_time":1357332164694714,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332165289304,"flow_src_last_pkt_time":1357332165289304,"flow_dst_last_pkt_time":1357332165289304,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332165037133,"flow_src_last_pkt_time":1357332165037133,"flow_dst_last_pkt_time":1357332165037133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164786555,"flow_src_last_pkt_time":1357332164786555,"flow_dst_last_pkt_time":1357332164786555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164694326,"flow_src_last_pkt_time":1357332164694326,"flow_dst_last_pkt_time":1357332164694326,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332165287742,"flow_src_last_pkt_time":1357332165287742,"flow_dst_last_pkt_time":1357332165287742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164937088,"flow_src_last_pkt_time":1357332164937088,"flow_dst_last_pkt_time":1357332164937088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164837780,"flow_src_last_pkt_time":1357332164837780,"flow_dst_last_pkt_time":1357332164837780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164787460,"flow_src_last_pkt_time":1357332164787460,"flow_dst_last_pkt_time":1357332164787460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164987504,"flow_src_last_pkt_time":1357332164987504,"flow_dst_last_pkt_time":1357332165020030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164837381,"flow_src_last_pkt_time":1357332164837381,"flow_dst_last_pkt_time":1357332164869478,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164787832,"flow_src_last_pkt_time":1357332164787832,"flow_dst_last_pkt_time":1357332164823633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165337468,"flow_src_last_pkt_time":1357332165337468,"flow_dst_last_pkt_time":1357332165370602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165238086,"flow_src_last_pkt_time":1357332165238086,"flow_dst_last_pkt_time":1357332165266390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164736574,"flow_src_last_pkt_time":1357332164736574,"flow_dst_last_pkt_time":1357332164761287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165337861,"flow_src_last_pkt_time":1357332165337861,"flow_dst_last_pkt_time":1357332165375115,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165188410,"flow_src_last_pkt_time":1357332165188410,"flow_dst_last_pkt_time":1357332165229000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165137979,"flow_src_last_pkt_time":1357332165137979,"flow_dst_last_pkt_time":1357332165175965,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165037556,"flow_src_last_pkt_time":1357332165037556,"flow_dst_last_pkt_time":1357332165075421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164987107,"flow_src_last_pkt_time":1357332164987107,"flow_dst_last_pkt_time":1357332165027560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164888531,"flow_src_last_pkt_time":1357332164888531,"flow_dst_last_pkt_time":1357332164927241,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1357332165288542,"flow_src_last_pkt_time":1357332165983077,"flow_dst_last_pkt_time":1357332165950083,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":636,"flow_dst_tot_l4_payload_len":356,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165238956,"flow_src_last_pkt_time":1357332165238956,"flow_dst_last_pkt_time":1357332165277274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165187985,"flow_src_last_pkt_time":1357332165187985,"flow_dst_last_pkt_time":1357332165226135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165087803,"flow_src_last_pkt_time":1357332165087803,"flow_dst_last_pkt_time":1357332165125176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164936712,"flow_src_last_pkt_time":1357332164936712,"flow_dst_last_pkt_time":1357332164974050,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164836991,"flow_src_last_pkt_time":1357332164836991,"flow_dst_last_pkt_time":1357332164873184,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332165037929,"flow_src_last_pkt_time":1357332165037929,"flow_dst_last_pkt_time":1357332165037929,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164887493,"flow_src_last_pkt_time":1357332164887493,"flow_dst_last_pkt_time":1357332164887493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.4","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165188765,"flow_src_last_pkt_time":1357332165188765,"flow_dst_last_pkt_time":1357332165285882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.35","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165288951,"flow_src_last_pkt_time":1357332165288951,"flow_dst_last_pkt_time":1357332165310175,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.178","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164888054,"flow_src_last_pkt_time":1357332164888054,"flow_dst_last_pkt_time":1357332164912924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.179","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164886847,"flow_src_last_pkt_time":1357332164886847,"flow_dst_last_pkt_time":1357332164980734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.34","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164737426,"flow_src_last_pkt_time":1357332164737426,"flow_dst_last_pkt_time":1357332164834981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.36","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165187509,"flow_src_last_pkt_time":1357332165187509,"flow_dst_last_pkt_time":1357332165344423,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165088203,"flow_src_last_pkt_time":1357332165088203,"flow_dst_last_pkt_time":1357332165243079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164936282,"flow_src_last_pkt_time":1357332164936282,"flow_dst_last_pkt_time":1357332165017274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.82","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164787027,"flow_src_last_pkt_time":1357332164787027,"flow_dst_last_pkt_time":1357332164787027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.83","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165138716,"flow_src_last_pkt_time":1357332165138716,"flow_dst_last_pkt_time":1357332165291495,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164987855,"flow_src_last_pkt_time":1357332164987855,"flow_dst_last_pkt_time":1357332165148604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165238600,"flow_src_last_pkt_time":1357332165238600,"flow_dst_last_pkt_time":1357332165425182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164986669,"flow_src_last_pkt_time":1357332164986669,"flow_dst_last_pkt_time":1357332165166578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165088572,"flow_src_last_pkt_time":1357332165088572,"flow_dst_last_pkt_time":1357332165279030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164937511,"flow_src_last_pkt_time":1357332164937511,"flow_dst_last_pkt_time":1357332165121960,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165337053,"flow_src_last_pkt_time":1357332165337053,"flow_dst_last_pkt_time":1357332165520263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165038324,"flow_src_last_pkt_time":1357332165038324,"flow_dst_last_pkt_time":1357332165230092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164737823,"flow_src_last_pkt_time":1357332164737823,"flow_dst_last_pkt_time":1357332164925660,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164693497,"flow_src_last_pkt_time":1357332164693497,"flow_dst_last_pkt_time":1357332164876828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165087319,"flow_src_last_pkt_time":1357332165087319,"flow_dst_last_pkt_time":1357332165270837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165237614,"flow_src_last_pkt_time":1357332165237614,"flow_dst_last_pkt_time":1357332165424526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164836588,"flow_src_last_pkt_time":1357332164836588,"flow_dst_last_pkt_time":1357332165015111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164693949,"flow_src_last_pkt_time":1357332164693949,"flow_dst_last_pkt_time":1357332164892062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1357332165983077,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":104,"packets-processed":104,"total-skipped-flows":0,"total-l4-payload-len":4652,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":55,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":55,"total-idle-flows":55,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":266,"global_ts_usec":1357332165983077} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":105,"packets-processed":104,"total-skipped-flows":0,"total-l4-payload-len":4652,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":55,"total-detection-updates":0,"total-updates":0,"current-active-flows":55,"total-active-flows":55,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":211,"global_ts_usec":1685621742497677} +00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685621742497677,"flow_src_last_pkt_time":1685621742497677,"flow_dst_last_pkt_time":1685621742497677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"118.105.60.5","dst_ip":"2.95.26.169","src_port":14963,"dst_port":27036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1685621742497677,"flow_dst_last_pkt_time":1685621742497677,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1685621742497677,"pkt":"AM1PogZtPJTVQTiBCABFAAAzyz8AAG0RSXp2aTwFAl8aqTpzaZwAHwAA\/\/\/\/\/yFMX6AFAAAACNIJEAACAAAACAE="} +01040{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685621742497677,"flow_src_last_pkt_time":1685621742497677,"flow_dst_last_pkt_time":1685621742497677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"118.105.60.5","dst_ip":"2.95.26.169","src_port":14963,"dst_port":27036,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332165137546,"flow_src_last_pkt_time":1357332165137546,"flow_dst_last_pkt_time":1357332165137546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164737048,"flow_src_last_pkt_time":1357332164737048,"flow_dst_last_pkt_time":1357332164737048,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332165138337,"flow_src_last_pkt_time":1357332165138337,"flow_dst_last_pkt_time":1357332165138337,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164694714,"flow_src_last_pkt_time":1357332164694714,"flow_dst_last_pkt_time":1357332164694714,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332165289304,"flow_src_last_pkt_time":1357332165289304,"flow_dst_last_pkt_time":1357332165289304,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332165037133,"flow_src_last_pkt_time":1357332165037133,"flow_dst_last_pkt_time":1357332165037133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164786555,"flow_src_last_pkt_time":1357332164786555,"flow_dst_last_pkt_time":1357332164786555,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164694326,"flow_src_last_pkt_time":1357332164694326,"flow_dst_last_pkt_time":1357332164694326,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332165287742,"flow_src_last_pkt_time":1357332165287742,"flow_dst_last_pkt_time":1357332165287742,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.7","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164937088,"flow_src_last_pkt_time":1357332164937088,"flow_dst_last_pkt_time":1357332164937088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.5","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164837780,"flow_src_last_pkt_time":1357332164837780,"flow_dst_last_pkt_time":1357332164837780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.6","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164787460,"flow_src_last_pkt_time":1357332164787460,"flow_dst_last_pkt_time":1357332164787460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"81.171.115.8","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164987504,"flow_src_last_pkt_time":1357332164987504,"flow_dst_last_pkt_time":1357332165020030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164837381,"flow_src_last_pkt_time":1357332164837381,"flow_dst_last_pkt_time":1357332164869478,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164787832,"flow_src_last_pkt_time":1357332164787832,"flow_dst_last_pkt_time":1357332164823633,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165337468,"flow_src_last_pkt_time":1357332165337468,"flow_dst_last_pkt_time":1357332165370602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.171","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165238086,"flow_src_last_pkt_time":1357332165238086,"flow_dst_last_pkt_time":1357332165266390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.170","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164736574,"flow_src_last_pkt_time":1357332164736574,"flow_dst_last_pkt_time":1357332164761287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"69.28.145.172","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165337861,"flow_src_last_pkt_time":1357332165337861,"flow_dst_last_pkt_time":1357332165375115,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165188410,"flow_src_last_pkt_time":1357332165188410,"flow_dst_last_pkt_time":1357332165229000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165137979,"flow_src_last_pkt_time":1357332165137979,"flow_dst_last_pkt_time":1357332165175965,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165037556,"flow_src_last_pkt_time":1357332165037556,"flow_dst_last_pkt_time":1357332165075421,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164987107,"flow_src_last_pkt_time":1357332164987107,"flow_dst_last_pkt_time":1357332165027560,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164888531,"flow_src_last_pkt_time":1357332164888531,"flow_dst_last_pkt_time":1357332164927241,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1357332165288542,"flow_src_last_pkt_time":1357332165983077,"flow_dst_last_pkt_time":1357332165950083,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":324,"flow_dst_max_l4_payload_len":116,"flow_src_tot_l4_payload_len":636,"flow_dst_tot_l4_payload_len":356,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.188","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165238956,"flow_src_last_pkt_time":1357332165238956,"flow_dst_last_pkt_time":1357332165277274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.175","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165187985,"flow_src_last_pkt_time":1357332165187985,"flow_dst_last_pkt_time":1357332165226135,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.176","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165087803,"flow_src_last_pkt_time":1357332165087803,"flow_dst_last_pkt_time":1357332165125176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.174","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164936712,"flow_src_last_pkt_time":1357332164936712,"flow_dst_last_pkt_time":1357332164974050,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.185","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164836991,"flow_src_last_pkt_time":1357332164836991,"flow_dst_last_pkt_time":1357332164873184,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"72.165.61.187","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332165037929,"flow_src_last_pkt_time":1357332165037929,"flow_dst_last_pkt_time":1357332165037929,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.5","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164887493,"flow_src_last_pkt_time":1357332164887493,"flow_dst_last_pkt_time":1357332164887493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"203.77.185.4","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165188765,"flow_src_last_pkt_time":1357332165188765,"flow_dst_last_pkt_time":1357332165285882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.35","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165288951,"flow_src_last_pkt_time":1357332165288951,"flow_dst_last_pkt_time":1357332165310175,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.178","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164888054,"flow_src_last_pkt_time":1357332164888054,"flow_dst_last_pkt_time":1357332164912924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.116.179","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164886847,"flow_src_last_pkt_time":1357332164886847,"flow_dst_last_pkt_time":1357332164980734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.34","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164737426,"flow_src_last_pkt_time":1357332164737426,"flow_dst_last_pkt_time":1357332164834981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"68.142.91.36","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165187509,"flow_src_last_pkt_time":1357332165187509,"flow_dst_last_pkt_time":1357332165344423,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165088203,"flow_src_last_pkt_time":1357332165088203,"flow_dst_last_pkt_time":1357332165243079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164936282,"flow_src_last_pkt_time":1357332164936282,"flow_dst_last_pkt_time":1357332165017274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.82","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1357332164787027,"flow_src_last_pkt_time":1357332164787027,"flow_dst_last_pkt_time":1357332164787027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.171.83","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165138716,"flow_src_last_pkt_time":1357332165138716,"flow_dst_last_pkt_time":1357332165291495,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.84","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164987855,"flow_src_last_pkt_time":1357332164987855,"flow_dst_last_pkt_time":1357332165148604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"208.111.133.85","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165238600,"flow_src_last_pkt_time":1357332165238600,"flow_dst_last_pkt_time":1357332165425182,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164986669,"flow_src_last_pkt_time":1357332164986669,"flow_dst_last_pkt_time":1357332165166578,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165088572,"flow_src_last_pkt_time":1357332165088572,"flow_dst_last_pkt_time":1357332165279030,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164937511,"flow_src_last_pkt_time":1357332164937511,"flow_dst_last_pkt_time":1357332165121960,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27017,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165337053,"flow_src_last_pkt_time":1357332165337053,"flow_dst_last_pkt_time":1357332165520263,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165038324,"flow_src_last_pkt_time":1357332165038324,"flow_dst_last_pkt_time":1357332165230092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164737823,"flow_src_last_pkt_time":1357332164737823,"flow_dst_last_pkt_time":1357332164925660,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164693497,"flow_src_last_pkt_time":1357332164693497,"flow_dst_last_pkt_time":1357332164876828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165087319,"flow_src_last_pkt_time":1357332165087319,"flow_dst_last_pkt_time":1357332165270837,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.15","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332165237614,"flow_src_last_pkt_time":1357332165237614,"flow_dst_last_pkt_time":1357332165424526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01085{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164836588,"flow_src_last_pkt_time":1357332164836588,"flow_dst_last_pkt_time":1357332165015111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1357332164693949,"flow_src_last_pkt_time":1357332164693949,"flow_dst_last_pkt_time":1357332164892062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1685621742497677,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Steam","proto_by_ip_id":74,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":4675,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":56,"total-idle-flows":55,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":270,"global_ts_usec":1685635815824400} +00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685635815824400,"flow_src_last_pkt_time":1685635815824400,"flow_dst_last_pkt_time":1685635815824400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685635815824400,"l3_proto":"ip4","src_ip":"245.111.219.147","dst_ip":"104.191.198.151","src_port":27380,"dst_port":27036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1685635815824400,"flow_dst_last_pkt_time":1685635815824400,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1685635815824400,"pkt":"AAwp30Y4PJTVQTiBCABFCABEmGwAAG8RJgH1b9uTaL\/Gl2r0aZwAMHF5\/\/\/\/\/yFMX6AWAAAACJqampqampqaURAAGNT4qKqZg+WAdAIAAAAIAQ=="} +01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685635815824400,"flow_src_last_pkt_time":1685635815824400,"flow_dst_last_pkt_time":1685635815824400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685635815824400,"l3_proto":"ip4","src_ip":"245.111.219.147","dst_ip":"104.191.198.151","src_port":27380,"dst_port":27036,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685621742497677,"flow_src_last_pkt_time":1685621742497677,"flow_dst_last_pkt_time":1685621742497677,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685635815824400,"l3_proto":"ip4","src_ip":"118.105.60.5","dst_ip":"2.95.26.169","src_port":14963,"dst_port":27036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-payload-len":4715,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":57,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":57,"total-idle-flows":56,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":275,"global_ts_usec":1685758855717765} +00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758855717765,"flow_src_last_pkt_time":1685758855717765,"flow_dst_last_pkt_time":1685758855717765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758855717765,"l3_proto":"ip4","src_ip":"98.10.157.76","dst_ip":"164.144.140.184","src_port":10595,"dst_port":27036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_src_last_pkt_time":1685758855717765,"flow_dst_last_pkt_time":1685758855717765,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1685758855717765,"pkt":"AAwp30Y4PJTVQTiBCABFAAAzJ20AAG0R7UpiCp1MpJCMuCljaZwAHwAA\/\/\/\/\/yFMX6AFAAAACNIJEAACAAAACAE="} +01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758855717765,"flow_src_last_pkt_time":1685758855717765,"flow_dst_last_pkt_time":1685758855717765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758855717765,"l3_proto":"ip4","src_ip":"98.10.157.76","dst_ip":"164.144.140.184","src_port":10595,"dst_port":27036,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685635815824400,"flow_src_last_pkt_time":1685635815824400,"flow_dst_last_pkt_time":1685635815824400,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758855717765,"l3_proto":"ip4","src_ip":"245.111.219.147","dst_ip":"104.191.198.151","src_port":27380,"dst_port":27036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +01083{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1685758855717765,"flow_src_last_pkt_time":1685758855717765,"flow_dst_last_pkt_time":1685758855717765,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1685758855717765,"l3_proto":"ip4","src_ip":"98.10.157.76","dst_ip":"164.144.140.184","src_port":10595,"dst_port":27036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/steam.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":107,"packets-processed":107,"total-skipped-flows":0,"total-l4-payload-len":4738,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":58,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":281,"global_ts_usec":1685758855717765} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ -~~ packets captured/processed: 104/104 +~~ packets captured/processed: 107/107 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 4652 bytes -~~ total detected protocols..: 55 -~~ total active/idle flows...: 55/55 +~~ total layer4 data length..: 4738 bytes +~~ total detected protocols..: 58 +~~ total active/idle flows...: 58/58 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7885761 bytes -~~ total memory freed........: 7885761 bytes -~~ total allocations/frees...: 147069/147069 +~~ total memory allocated....: 11599999 bytes +~~ total memory freed........: 11599999 bytes +~~ total allocations/frees...: 217359/217359 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 558 chars +~~ json string min len.......: 550 chars ~~ json string max len.......: 1095 chars -~~ json string avg len.......: 825 chars +~~ json string avg len.......: 821 chars diff --git a/test/results/default/steam_datagram_relay_ping.pcapng.out b/test/results/default/steam_datagram_relay_ping.pcapng.out index 8832c5223..d5cbe55dc 100644 --- a/test/results/default/steam_datagram_relay_ping.pcapng.out +++ b/test/results/default/steam_datagram_relay_ping.pcapng.out @@ -1,11 +1,11 @@ -00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/steam_datagram_relay_ping.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam_datagram_relay_ping.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1625599888890043} +00583{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/steam_datagram_relay_ping.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam_datagram_relay_ping.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1625599888890043} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625599888890043,"flow_src_last_pkt_time":1625599888890043,"flow_dst_last_pkt_time":1625599888890043,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625599888890043,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"139.45.193.10","src_port":52157,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1625599888890043,"flow_dst_last_pkt_time":1625599888890043,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1342,"pkt_l4_len":1308,"thread_ts_usec":1625599888890043,"pkt":"eJS0JASgYDjgxTWgCABFAAUwjsUAAH8RmLPAqAJkiy3BCsu9aYoFHNuQAQFzZHBpbmeh3CnjmWUAAAAAAAA\/AQAAk6QtixMMCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 01068{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625599888890043,"flow_src_last_pkt_time":1625599888890043,"flow_dst_last_pkt_time":1625599888890043,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625599888890043,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"139.45.193.10","src_port":52157,"dst_port":27018,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} 02270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1625599891412113,"flow_dst_last_pkt_time":1625599888890043,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1342,"pkt_l4_len":1308,"thread_ts_usec":1625599891412113,"pkt":"eJS0JASgYDjgxTWgCABFAAUwjsYAAH8RmLLAqAJkiy3BCsu9aYoFHPISAQFzZHBpbmdkWlDjmWUAAAAAAAA\/AQAAk6QtixMMCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 01107{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1625599888890043,"flow_src_last_pkt_time":1625599891412113,"flow_dst_last_pkt_time":1625599888890043,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2600,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625599891412113,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"139.45.193.10","src_port":52157,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Steam","proto_id":"74","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":8,"category":"Game"}} -00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/steam_datagram_relay_ping.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1625599891412113} +00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/steam_datagram_relay_ping.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":2600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_usec":1625599891412113} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,9 +14,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766811 bytes -~~ total memory freed........: 7766811 bytes -~~ total allocations/frees...: 146373/146373 +~~ total memory allocated....: 11475430 bytes +~~ total memory freed........: 11475430 bytes +~~ total allocations/frees...: 216627/216627 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 588 chars ~~ json string max len.......: 2275 chars diff --git a/test/results/default/stun.pcap.out b/test/results/default/stun.pcap.out index dbd6440d2..9afbcd848 100644 --- a/test/results/default/stun.pcap.out +++ b/test/results/default/stun.pcap.out @@ -1,57 +1,58 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1568718599876883} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1568718599876883} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599876883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718599876883,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599876883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1568718599876883,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAND5VQAB7BgrSCk1uMwrOMu+idKQQzU6orgAAAACAAiAA3LQAAAIEBVABAwMIAQEEAg=="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1568718599876883,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1568718599920416,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARQAANHKjQAB9BtTjCs4y7wpNbjOkEKJ058UMHs1OqK+AEv\/\/CFwAAAIEBbQBAwMIAQEEAg=="} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":164,"pkt_l4_len":126,"thread_ts_usec":1568718600246272,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAkkBfQAB8BgdqCk1uMwrOMu+idKQQzU6or+fFDB9QGAID5RwAAABoAAEAVCESpELzQ5RTtpj7KVC7Bu0ABgAJL3BJMDpUb0VkAAAAACQABG5r\/P+AKQAIAAAAAAAEwtGAVAABMgAAAIBwAAQAAAADAAgAFP6Sh2rUbXt5fULrjXmoBfrzHXLRgCgABAIA\/Ec="} -01026{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":106,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718600246272,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":0}}} +00955{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":106,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1568718600246272,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718599920416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":164,"pkt_l4_len":126,"thread_ts_usec":1568718600246272,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARWAAkkBgQAB8BgdpCk1uMwrOMu+idKQQzU6pGefFDB9QGAIDfYIAAABoAAEAVCESpELzQ5RTtpj7KVC7Bu0ABgAML3BJMDpUb0VkAAAAACQABG5r\/P+AKQAIAAAAAAAEwtGAVAAEMgAAAIBwAAQAAAADAAgAFE3CuT+mSQnt\/XCbEyheNg3aE4FAgCgABC51Ucc="} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1568718600246272,"flow_dst_last_pkt_time":1568718600319984,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":156,"pkt_l4_len":118,"thread_ts_usec":1568718600319984,"pkt":"AAAAAAAAAAgAAAAjgQAGSwgARQAAinKyQAB9BtR+Cs4y7wpNbjOkEKJ058UMH81OqYNQGAEDPFEAAABgAQEATCESpELzQ5RTtpj7KVC7Bu0AIAAIAAGDZitfynEABgAJL3BJMDpUb0VkAAAAgDcABAAAAAGAcAAEAAAAAwAIABT3XyNLEfjiVg6vTdc0SJ1BoW97H4AoAAQNJssy"} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":1224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1614938022295727} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":1224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1614938022295727} 00823{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1614938022295727,"pkt":"AAAAAAAAAAQADrOzht1gAAAAABwRPzUWvwv8U3XncK\/2f45J9gMqOOFWgWejM\/rOsAwAACTZ3jANlgAcI38AAQAAIRKkQkJxcUN2YzZ5L2tJZQ=="} +01111{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022302588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1614938022302588,"pkt":"AAAAAAAAAAMAYN1Qht1kgAAAADQRNCo44VaBZ6Mz+s6wDAAAJNk1Fr8L\/FN153Cv9n+OSfYDDZbeMAA0NvABAQAYIRKkQkJxcUN2YzZ5L2tJZQABABQAAt4wIAEWcAAM6wRwr\/Z\/jkn2Aw=="} 00984{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1568718599876883,"flow_src_last_pkt_time":1568718600876092,"flow_dst_last_pkt_time":1568718600931144,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":114,"flow_src_tot_l4_payload_len":588,"flow_dst_tot_l4_payload_len":636,"midstream":0,"thread_ts_usec":1614938022302588,"l3_proto":"ip4","src_ip":"10.77.110.51","dst_ip":"10.206.50.239","src_port":41588,"dst_port":42000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1614938032427953,"flow_dst_last_pkt_time":1614938022302588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1614938032427953,"pkt":"AAAAAAAAAAQADrOzht1gAAAAABwRPzUWvwv8U3XncK\/2f45J9gMqOOFWgWejM\/rOsAwAACTZ3jANlgAc7vkAAQAAIRKkQjNwdjFXT0JUck9YUg=="} 00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1614938032427953,"flow_dst_last_pkt_time":1614938032434845,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1614938032434845,"pkt":"AAAAAAAAAAMAYN1Qht1kgAAAADQRNCo44VaBZ6Mz+s6wDAAAJNk1Fr8L\/FN153Cv9n+OSfYDDZbeMAA0AmsBAQAYIRKkQjNwdjFXT0JUck9YUgABABQAAt4wIAEWcAAM6wRwr\/Z\/jkn2Aw=="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1614938042786502,"flow_dst_last_pkt_time":1614938032434845,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1614938042786502,"pkt":"AAAAAAAAAAQADrOzht1gAAAAABwRPzUWvwv8U3XncK\/2f45J9gMqOOFWgWejM\/rOsAwAACTZ3jANlgAcy8EAAQAAIRKkQk1lcFZ5ek1LZHJIKw=="} -01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938042789437,"flow_dst_last_pkt_time":1614938042793385,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1614938042793385,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":4,"num_processed_pkts":3}}} 01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938072959021,"flow_dst_last_pkt_time":1614938072965856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":308,"midstream":0,"thread_ts_usec":1614938072965856,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01019{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938123200754,"flow_dst_last_pkt_time":1614938123207596,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":528,"midstream":0,"thread_ts_usec":1614938123207596,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 02308{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938163424247,"flow_dst_last_pkt_time":1614938163431063,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":704,"midstream":0,"thread_ts_usec":1614938163431063,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2867,"avg":9105286.0,"max":10358549,"stddev":2980037.5,"var":8880623976448.0,"ent":4.8,"data": [6861,10132226,10132257,10358549,2935,10358540,2867,10055433,10055494,10056921,10056927,10057230,10057183,10053930,10053957,10069481,10069496,10027109,10027105,10027261,10027286,10063952,10063896,10098322,10098363,10035461,10035403,10061356,10061442,10028354,10028259]},"pktlen": {"min":68,"avg":80.0,"max":92,"stddev":12.0,"var":144.0,"ent":5.0,"data": [68,92,68,92,68,68,92,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.422471046,5.541838169,5.422470093,5.514770508,5.451882362,5.451882362,5.536509514,5.536509514,5.481293678,5.593521595,5.451882362,5.558248997,5.393059731,5.558248997,5.510704994,5.571783066,5.352545738,5.460210800,5.451882362,5.514770508,5.422471046,5.550043106,5.422470093,5.541838169,5.451882362,5.550043583,5.451882362,5.593522072,5.451882362,5.541838169,5.393058777,5.528304577]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01019{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":17,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938173452831,"flow_dst_last_pkt_time":1614938173459694,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":748,"midstream":0,"thread_ts_usec":1614938173459694,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":2568,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1629291451242856} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":2568,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1629291451242856} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1629291451242856,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1629291451242856,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4VYJAAEARop7AqAypHw1WNpTrnEMAJO1IAAMACCESpEJBSzdRUHlQSzlldVYAGQAEEQAAAA=="} +01183{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451242856,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1629291451242856,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1629291451254377,"pkt":"mt9Y+uvcCL6sCxduCABFAACER+pAAFURmuofDVY2wKgMqZxDlOsAcMgPARMAVCESpEJBSzdRUHlQSzlldVYACQAQAAAEAXVuYXV0aG9yaXplZAAVAChiYjAzMWQ2MWNjYzFiZTgyZTI0MDE0NDM1ZWQ1MmYyNmZiYTYyNDgzABQAD3R1cm5lci5mYWNlYm9vawA="} -01177{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1629291451254377,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turner.facebook","stun": {"num_pkts":2,"num_binding_requests":0,"num_processed_pkts":1}}} +01114{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291451242856,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1629291451254377,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turner.facebook"}} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1629291451258494,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1629291451258494,"pkt":"CL6sCxdumt9Y+uvcCABFAACkVYNAAEARojHAqAypHw1WNpTrnEMAkHyWAAMAdCESpEI1elVqTVhIdmV3K3MAGQAEEQAAAAAGABBNZjJoOUhpNWFQTVJwbEYxABQAD3R1cm5lci5mYWNlYm9vawAAFQAoYmIwMzFkNjFjY2MxYmU4MmUyNDAxNDQzNWVkNTJmMjZmYmE2MjQ4MwAIABSHhqaIN2rgJVJbblyGsNjNga5wAA=="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1629291451258494,"flow_dst_last_pkt_time":1629291451270324,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1629291451270324,"pkt":"mt9Y+uvcCL6sCxduCABFAABoR\/RAAFURmvwfDVY2wKgMqZxDlOsAVNHFAQMAOCESpEI1elVqTVhIdmV3K3MAIAAIAAEKiHw9RkMAFgAIAAHzDz4f8nQADQAEAAADhAAIABQOnZFMqSzdx5eUgJnLKFvGMJq2Uw=="} 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1629291457262853,"flow_dst_last_pkt_time":1629291451270324,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1629291457262853,"pkt":"CL6sCxdumt9Y+uvcCABFAACoVltAAEARoVXAqAypHw1WNpTrnEMAlIWPAAgAeCESpEJGYi9SMVA1cFBNWWQAEgAIAAGMueG6pCQABgAQTWYyaDlIaTVhUE1ScGxGMQAUAA90dXJuZXIuZmFjZWJvb2sAABUAKGJiMDMxZDYxY2NjMWJlODJlMjQwMTQ0MzVlZDUyZjI2ZmJhNjI0ODMACAAUTGbb+kTKlKKmYo+\/Jw5ehEWYdT8="} 02350{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291458067482,"flow_dst_last_pkt_time":1629291458262623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":2076,"flow_dst_tot_l4_payload_len":1496,"midstream":0,"thread_ts_usec":1629291458262623,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":446593.3,"max":6004359,"stddev":1462539.6,"var":2139022032896.0,"ent":1.9,"data": [11521,15638,15947,6004359,4743,5997443,4483,7520,7140,108439,344493,499169,68464,195,19689,29038,92171,23636,96419,1566,50324,48303,277,50092,3265,34,52919,437,9663,44853,232153]},"pktlen": {"min":56,"avg":139.6,"max":168,"stddev":32.1,"var":1033.4,"ent":5.0,"data": [56,132,164,104,168,168,140,168,140,72,164,164,160,168,128,72,164,128,160,128,164,160,128,164,128,160,128,168,128,72,160,160]},"bins": {"c_to_s": [1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1],"entropies": [4.949250221,5.629978180,5.902420998,5.787013531,5.926646233,5.987994671,5.561037540,5.822503567,5.524854183,5.646986008,5.864535809,5.979504585,5.991234303,5.944041729,5.750370979,5.532198906,5.952124596,5.921264172,5.968927860,5.858764172,5.939929485,5.964835167,5.834393978,6.016089916,5.896893978,6.048427582,5.933710575,5.919234276,5.831344128,5.608724117,6.145952225,6.009518147]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":129,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938213778839,"flow_dst_last_pkt_time":1614938213785682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":924,"midstream":0,"thread_ts_usec":1629291461216501,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":133,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":9972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1643626018009166} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":133,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":9972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":3,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_usec":1643626018009166} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643626018009166,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643626018009166,"pkt":"AAAAAAAAAAIAmUIoCABFAAA8AABAAC4GIeBXL2QRNgE5mw2WkYlv2uEwZMfN9aAScSBlfgAAAgQFtAQCCAqf27foB2LEZgEDAwc="} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018016908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643626018016908,"pkt":"AAAAAAAAAAUALNPrCABFAABQFVpAAD8G+3E2ATmbVy9kEZGJDZZkx831b9rhMYAYAQDj2AAAAQEICgdixWGf27foAAMACCESpEJwTVNWeGJTOWtyTkQAGQAEEQAAAA=="} +00936{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018016908,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1643626018016908,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643626018269673,"pkt":"AAAAAAAAAAUALNPrCABFAABQFVtAAD8G+3A2ATmbVy9kEZGJDZZkx84Rb9rhMYAYAQDivwAAAQEICgdixl6f27foAAMACCESpEJwTVNWeGJTOWtyTkQAGQAEEQAAAA=="} 00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1643626018276412,"pkt":"AAAAAAAAAAIAmUIoCABFAACsWRhAAC4GyFdXL2QRNgE5mw2WkYlv2uExZMfOEYAYAOOJVAAAAQEICp\/buCoHYsVhARMAZCESpEJwTVNWeGJTOWtyTkQACQAQAAAEAVVuYXV0aG9yaXplZAAVABBjYmNkY2NjZjczNTNhNzEwABQADWFwcHMtaG9zdC5jb21pZGWAIgAaQ290dXJuLTQuNS4wLjUgJ2RhbiBFaWRlcicABIAoAAQF+V\/p"} -01024{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1643626018276412,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com","stun": {"num_pkts":3,"num_binding_requests":0,"num_processed_pkts":3}}} +00961{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1643626018276412,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com"}} 00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018282040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1643626018282040,"pkt":"AAAAAAAAAAUALNPrCABFAADAFV1AAD8G+v42ATmbVy9kEZGJDZZkx84tb9rhqYAYAQDFDgAAAQEICgdixmqf27gqAAMAeCESpEIwS0liOW85U1ZZeVMAGQAEEQAAAAAGACwxNjQzNjI5NTI3OlJPVUxPTTMwMDErdDc4eUlLaXlmZEUzQVZON2Frc3RYdwAUAA1hcHBzLWhvc3QuY29tAAAAABUAEGNiY2RjY2NmNzM1M2E3MTAACAAUEKPLC4yIRo0ZYTSYOcifZ5nxpRk="} 01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":35,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291461328776,"flow_dst_last_pkt_time":1629291461336154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":4454,"flow_dst_tot_l4_payload_len":2950,"midstream":0,"thread_ts_usec":1643626018957379,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":153,"packets-processed":152,"total-skipped-flows":0,"total-l4-payload-len":12316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1647958145472010} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":153,"packets-processed":152,"total-skipped-flows":0,"total-l4-payload-len":12316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":2,"total-updates":3,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1647958145472010} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1647958145472010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1647958145472010,"pkt":"CL6sCxdumt9Y+uvcCABFAACIXMVAAEARLvHAqAypjvpSY8ABDZYAdIYdAAEAWCESpEJ3bGtZRHRGSndEMi8ABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAwFcABAADAAqAKgAIm1kRHMWaA6wAJAAEbn8e\/wAIABQgoq\/oigOja2ENES7+eYfoJkViaIAoAARShoZ6"} +01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1647958145472010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1647958145494943,"pkt":"mt9Y+uvcCL6sCxduCABFgAB4CTMAAGgRmhOO+lJjwKgMqQ2WwAEAZP2fAQEASCESpEJ3bGtZRHRGSndEMi8ABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAACAACAABDpd8PUUEAAgAFMkvMxJ2ZVgNos4I+G8Cki6KP0KSgCgABEOVy9w="} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1647958145497647,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1647958145497647,"pkt":"CL6sCxdumt9Y+uvcCABFAAC1XMZAAEARLsPAqAypjvpSY8ABDZYAoaIVFv7\/AAAAAAAAAAAAjAEAAIAAAAAAAAAAgP791X1ylaTuNVSstdiIoIYfSIMff5WF4WIe0fPoTt2GU88AAAAWwCvAL8ypzKjACcATwArAFACcAC8ANQEAAEAAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAA4ABQACAAEA"} -01302{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145497647,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1647958145497647,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} 00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":156,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145494943,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1647958145516401,"pkt":"CL6sCxdumt9Y+uvcCABFAACMXMdAAEARLuvAqAypjvpSY8ABDZYAePkAAAEAXCESpEJBQXJDQXNDU1c3RGUABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAwFcABAADAAqAKgAIm1kRHMWaA6wAJQAAACQABG5\/Hv8ACAAU7HdlKrvT1M4pE3\/8LaAzyLRfKuCAKAAEaPPzUQ=="} 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145521909,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1240,"pkt_l4_len":1206,"thread_ts_usec":1647958145521909,"pkt":"mt9Y+uvcCL6sCxduCABFgATKCTkAAGgRlbuO+lJjwKgMqQ2WwAEEtpQxFv79AAAAAAAAAAAAUAIAAEQAAAAAAAAARP79YjnYgQ5eG2LfZqyVyxoZi+6CtOTsYwsdJCYMKROVXGcAwC8AABwAFwAA\/wEAAQAACwACAQAAIwAAAA4ABQACAAEAFv79AAAAAAAAAAECuAsAAqwAAQAAAAACrAACqQACpjCCAqIwggGKAgkAny3VlFYafIkwDQYJKoZIhvcNAQELBQAwEzERMA8GA1UEAwwIaGFuZ291dHMwHhcNMjIwMzE3MDIxMTE3WhcNMjMwMzE4MDIxMTE3WjATMREwDwYDVQQDDAhoYW5nb3V0czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJN79VYhJJmaCot75jmGh6xWJYN2151GuDW0nfg2Df6Jmbrp31upp3kHxQJWmGaSPXRYfml8Cl3Tg86JKDMEmrhxjL\/R\/1AjvIfyaYtHXzF\/xB7OESvX36WqhTavBqUaUaDusLznYi+r8IZNxP9b986\/blklElf2DpdOu2w4VLXuh4gGmMsx1vKP5IPsMK3vUP1xD8T1nxfMNhLmqRi8PeSnZ48\/THj1BX5yGpA+VWHX3p0+BT1LmsuIJbETYptnrZhhI7d2wsebrfvZbl6c+Wyfz\/unnO4UCeGsa7n+WcHNS\/fxajl1lkk27V54A+RXJQ4hzFOgk7RiVugSIm70Tw0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAfSgM9durzGL4ir9VkG8itVG+ioss9WUosFBER2ocK9Kfg37EPR0V5sTPtc+o62NhqvZxUI8el5M17SX+ledWCBYram8Y9lcJslDd8jQTVaK\/g4kPv0HES1rPFcm05+7xjeonRitLYSr4szNvR5m4MiltT3AAtdEh4fVVCTF1v\/B6XbGasMdsH5FgjIgGu\/o\/ah\/90wM9GbLkmNBxqh9PUPrt3H0BhWgTYWqi8EQkhOIoAet+8a2pzP8KK\/3Jk4ZvoLZnYdyM+b2dEYMWGpKNocvc6gy1NGkViOvdiMOC4wKAazQb66jsfjq01Rd7TJOyVz2Zn\/Gvqi45ZQ2n6Pq+jxb+\/QAAAAAAAAACATQMAAEoAAIAAAAAASgDAB0gWO85qTgc41jsrYAVUV8Pam2fB7qlNCO+CG\/yV46IE34IBAEAQiatr1myYKLGqbU09xBd7W5hs4AeIGZh6Ok5JysE6JnDlAH7vqbHtKO\/w5eO6qNhlPKD185ipReDt+\/7SN3JbOhAQsxNuub8QVkn6xeShY3gCzDAl2BtRlsVnWLYIMiY\/C6lbHho8XEs7VF7jTKIbjPqaOFR6lavjuQRiAFHF4YqtYOXs29HqkGzWn78ry62PLQncem6Ajcx4IeAs4lItRuxWILyDXGQ9aY0N+f+hO1+3QDyWbL3qVsD0p\/vAzfqL06mfhZB6HtpUaUTBPlXRD8So0qSwyu+0YSNJKPQUm11a7IGOPScniv+hStTpzVhgdQiVYvn9Q+cFwHXqFOrEhb+\/QAAAAAAAAADACUNAAAZAAMAAAAAABkCAUAAEgQDCAQEAQUDCAUFAQgGBgECAQAAFv79AAAAAAAAAAQADA4AAAAABAAAAAAAAA=="} -01620{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":157,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145521909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":373,"flow_dst_tot_l4_payload_len":1290,"midstream":0,"thread_ts_usec":1647958145521909,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.GoogleHangoutDuo","proto_id":"30.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"6C:D0:9A:70:A1:F1:9E:BF:8E:EF:FE:B6:F1:37:A3:E8:8A:3B:F7:C8"}}} -02567{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147569135,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2034,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1647958147569135,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":10,"avg":131323.2,"max":835905,"stddev":227053.5,"var":51553292288.0,"ent":3.4,"data": [22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681]},"pktlen": {"min":62,"avg":179.2,"max":1226,"stddev":221.3,"var":48965.1,"ent":4.4,"data": [136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95]},"bins": {"c_to_s": [0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0],"entropies": [5.892770290,5.917269707,5.007872105,5.887039185,7.338845253,6.721559048,5.830899239,5.701940536,7.409162045,5.674040794,6.041372776,6.178256989,6.436406612,5.927646160,6.099106312,5.359262466,5.425189495,5.590319157,5.866630077,5.268241882,5.246464729,5.907410622,5.825631142,5.235982895,6.120714188,5.927108288,5.950603008,6.068934917,6.005105495,5.939156055,6.060311317,5.943433762]},"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.GoogleHangoutDuo","proto_id":"30.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01346{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147591534,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1647958147591534,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.GoogleHangoutDuo","proto_id":"30.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02341{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147569135,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2034,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1647958147569135,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":10,"avg":131323.2,"max":835905,"stddev":227053.5,"var":51553292288.0,"ent":3.4,"data": [22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681]},"pktlen": {"min":62,"avg":179.2,"max":1226,"stddev":221.3,"var":48965.1,"ent":4.4,"data": [136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95]},"bins": {"c_to_s": [0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0],"entropies": [5.892770290,5.917269707,5.007872105,5.887039185,7.338845253,6.721559048,5.830899239,5.701940536,7.409162045,5.674040794,6.041372776,6.178256989,6.436406612,5.927646160,6.099106312,5.359262466,5.425189495,5.590319157,5.866630077,5.268241882,5.246464729,5.907410622,5.825631142,5.235982895,6.120714188,5.927108288,5.950603008,6.068934917,6.005105495,5.939156055,6.060311317,5.943433762]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147591534,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1647958147591534,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018957379,"flow_dst_last_pkt_time":1643626018908035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1647958147591534,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":185,"packets-processed":185,"total-skipped-flows":0,"total-l4-payload-len":17222,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":1,"total-updates":3,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_usec":1647958147591534} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":185,"packets-processed":185,"total-skipped-flows":0,"total-l4-payload-len":17222,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":3,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1647958147591534} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 185/185 ~~ skipped flows.............: 0 @@ -60,10 +61,10 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7784850 bytes -~~ total memory freed........: 7784850 bytes -~~ total allocations/frees...: 146606/146606 +~~ total memory allocated....: 11493361 bytes +~~ total memory freed........: 11493361 bytes +~~ total allocations/frees...: 216856/216856 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 550 chars -~~ json string max len.......: 2572 chars -~~ json string avg len.......: 1554 chars +~~ json string max len.......: 2355 chars +~~ json string avg len.......: 1451 chars diff --git a/test/results/default/stun_classic.pcap.out b/test/results/default/stun_classic.pcap.out index eebbe9c2b..64ba16e9c 100644 --- a/test/results/default/stun_classic.pcap.out +++ b/test/results/default/stun_classic.pcap.out @@ -1,14 +1,14 @@ -00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1343740773475497} +00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1343740773475497} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773475497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1343740773475497,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773475497,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1343740773475497,"pkt":"AAwpNoBVAAQTMSCJCABFoAA4AABAAEARYv+sED\/grBA\/FdcKNoYAJLX1AAEACJQp74gpTdUmMscpMcuNu0wAAwAEAAAAAA=="} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773475497,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1343740773475497,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773475559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1343740773475559,"pkt":"AAQTMSCJAAwpNoBVCABFuAA8AABAAEARYuOsED8VrBA\/4DaG1woAKPHqAQEADJQp74gpTdUmMscpMcuNu0wAAQAIAAHXCqwQP+A="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773518458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1343740773518458,"pkt":"AAQTMSCJAAwpNoBVCABFuAA8AABAAEARYuOsED8VrBA\/4DaG1woAKK\/2gJKuFQTp+Zg6ptkiktiFIAD61K+9LBnIwoNfshVpLdY="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773519014,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1343740773519014,"pkt":"AAQTMSCJAAwpNoBVCABFuAA8AABAAEARYuOsED8VrBA\/4DaG1woAKIHYgBKuFgTp+jg6ptkixFMgl8ob0pereNKsssPr4lzFXNo="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773519635,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1343740773519635,"pkt":"AAQTMSCJAAwpNoBVCABFuAA8AABAAEARYuOsED8VrBA\/4DaG1woAKGlAgBKuFwTp+tg6ptki+Hq86nrAqyROkV67ctF76o6uaf8="} -01155{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773475497,"flow_dst_last_pkt_time":1343740773519635,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1343740773519635,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.RTP","proto_id":"78.87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media","hostname":"","stun": {"num_pkts":2,"num_binding_requests":1,"num_processed_pkts":2}}} -01112{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":13,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773708889,"flow_dst_last_pkt_time":1343740773691032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1343740773708889,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.RTP","proto_id":"78.87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":1,"category":"Media"}} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":22,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1343740773708889} +01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":13,"flow_first_seen":1343740773475497,"flow_src_last_pkt_time":1343740773708889,"flow_dst_last_pkt_time":1343740773691032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":284,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1343740773708889,"l3_proto":"ip4","src_ip":"172.16.63.224","dst_ip":"172.16.63.21","src_port":55050,"dst_port":13958,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.RTP","proto_id":"78.87","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/stun_classic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":22,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1343740773708889} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 22/22 ~~ skipped flows.............: 0 @@ -17,10 +17,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767391 bytes -~~ total memory freed........: 7767391 bytes -~~ total allocations/frees...: 146393/146393 +~~ total memory allocated....: 11476010 bytes +~~ total memory freed........: 11476010 bytes +~~ total allocations/frees...: 216647/216647 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 559 chars -~~ json string max len.......: 1160 chars -~~ json string avg len.......: 835 chars +~~ json string max len.......: 1192 chars +~~ json string avg len.......: 872 chars diff --git a/test/results/default/stun_dtls_unidirectional_client.pcap.out b/test/results/default/stun_dtls_unidirectional_client.pcap.out new file mode 100644 index 000000000..c94f5435d --- /dev/null +++ b/test/results/default/stun_dtls_unidirectional_client.pcap.out @@ -0,0 +1,27 @@ +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1441761975037261} +00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975037261,"flow_src_last_pkt_time":1441761975037261,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975037261,"l3_proto":"ip4","src_ip":"26.83.9.81","dst_ip":"33.35.223.103","src_port":57567,"dst_port":540,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1441761975037261,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1441761975037261,"pkt":"AAAA1W9UrOh7zGISCABFuACMS9UAAD8RCqYaUwlRISPfZ+DfAhwAeBxIAAEAXCESpEKZUujby\/MKtb8jCDoAJAAEfv\/\/\/4AqAAgAAAAAAAAAAAAGACE0RDJ1Z1BuQnpFMFJ3ejEvOldacWs5TytnaWo4YXp0TVQgICAACAAUvs4hyEIUQeaHuhq3F0UydHxRy82AKAAEFxfLgw=="} +01205{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975037261,"flow_src_last_pkt_time":1441761975037261,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975037261,"l3_proto":"ip4","src_ip":"26.83.9.81","dst_ip":"33.35.223.103","src_port":57567,"dst_port":540,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1441761975322785,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1441761975322785,"pkt":"AAAA1W9UrOh7zGISCABFuACQpu4AAD8Rr4gaUwlRISPfZ+DfAhwAfKyCAAEAYCESpEKNBDrS8+vWXmiUEj8AJQAAACQABH7\/\/\/+AKgAIAAAAAAAAAAAABgAhNEQydWdQbkJ6RTBSd3oxLzpXWnFrOU8rZ2lqOGF6dE1UICAgAAgAFJ1lE3iulScRFHYsqkUDsOTbR3jzgCgABJnOUrQ="} +00830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1441761975609299,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":259,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":259,"pkt_l4_len":225,"thread_ts_usec":1441761975609299,"pkt":"AAAA1W9UrOh7zGISCABFuAD1lQ4AAD8RwQMaUwlRISPfZ+DfAhwA4bjWFv7\/AAAAAAAAAAAAzAEAAMAAAAAAAAAAwP7\/fP2dNK5HSSEl+QrubMEF8aptH3\/U+umh4bhpzrGBgzIAAABGwBTACgA5ADgAiACHwBnAD8AFADUAhMATwAkAMwAyAJoAmQBFAETAGMAOwAQALwCWAEEAB8ASwAgAFgATwBfADcADAAoA\/wEAAFAACwAEAwABAgAKADQAMgAOAA0AGQALAAwAGAAJAAoAFgAXAAgABgAHABQAFQAEAAUAEgATAAEAAgADAA8AEAARAA8AAQEADgAHAAQAAgABAA=="} +01521{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1441761975037261,"flow_src_last_pkt_time":1441761975609299,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":445,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975609299,"l3_proto":"ip4","src_ip":"26.83.9.81","dst_ip":"33.35.223.103","src_port":57567,"dst_port":540,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","tls": {"version":"DTLSv1.0","ja3":"f5eee7bc59657db39e2b9cdd401d78b7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} +01664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1441761975908886,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":873,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":873,"pkt_l4_len":839,"thread_ts_usec":1441761975908886,"pkt":"AAAA1W9UrOh7zGISCABFuANb39wAAD8Rc88aUwlRISPfZ+DfAhwDR3CWFv7\/AAAAAAAAAAEA8wsAAbwAAQAAAAAA5wABuQABtjCCAbIwggEboAMCAQACCQD0VYORJLQQeTANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBMaXZlRm91bmRyeSBJbmMuMB4XDTE1MDkwODAwNTYzOFoXDTE2MDkwODAwNTYzOFowGzEZMBcGA1UEAwwQTGl2ZUZvdW5kcnkgSW5jLjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuyhRVMs+Bz5qXqjQxGuyubanVpTs60WsXdygsd2nIf4kvClwVquI8p1OxMqlgF8HlLijUgedsnTkkRmXmvipQaKNlBb+\/wAAAAAAAAACAOELAAG8AAEAAOcAANUnAKw\/TDJBOJEtFXJH4pn5j+EVPXFJwG0ewl7Y3I+QBvhsLsEcisVV6boyWBxnFqgDuk46QV\/oUQago8jLAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAbmuxjO+DGgTv9Cpvf7qVf5kLHqHELP9rky2H1P4GJ2nkhu32wLxDpHbNkCNXubBcoeKjifYW\/p7enSVXgJbHkC6K6K4pvbE6MpZEZziaHK+me7jcyIPcDIetLLB8DCmNWqBB1nwLfbv5oHQ\/sW4Fk7kc2N\/BnYBZnooBLXGA+QIW\/v8AAAAAAAAAAwBOEAAAQgACAAAAAABCQQRmi6ltyNjABc7J9cmLPyxxoFJaQFZGAdA4a0tDfgl\/OKIfL84oddpzdf6Kayr7\/BgOAKI24ob\/PlWf\/svbnjLBFv7\/AAAAAAAAAAQAjg8AAIIAAwAAAAAAggCAsV3MYNlV6t3t7wUcqu8HNVVy6F6itfNXpKr+SPzgWi5H+pHWgBnNYHji0+tD\/BDAG5eMCMDzQTG8jsgJXK5BB6Hr9Fe4qk2975dPYTHajbw52dKgFiq3UWDX4uFUP\/pzlqsiwXx3Mu39P5qXb6EHVSIE0\/ju6iWmEKcUmF\/7MZcU\/v8AAAAAAAAABQABARb+\/wABAAAAAAAAAEAMbAJX5zrSBaDIrFais+q41JcBYbEnW\/coGYBOyFA2dIufD7sV4lF\/Cqc3FzuF4ZsErUUG3QtWv\/gI2EBqztZC"} +00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1441761976197146,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1441761976197146,"pkt":"AAAA1W9UrOh7zGISCABFuACQk6QAAD8RwtIaUwlRISPfZ+DfAhwAfLweAAEAYCESpEJrTB4zaBoKl1i8ZbIAJQAAACQABH7\/\/\/+AKgAIAAAAAAAAAAAABgAhNEQydWdQbkJ6RTBSd3oxLzpXWnFrOU8rZ2lqOGF6dE1UICAgAAgAFOc58IHgzuDAt1G6OOMDB5sPTvG4gCgABJMut1k="} +01418{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1441761975037261,"flow_src_last_pkt_time":1441761976198231,"flow_dst_last_pkt_time":1441761975037261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":831,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1456,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761976198231,"l3_proto":"ip4","src_ip":"26.83.9.81","dst_ip":"33.35.223.103","src_port":57567,"dst_port":540,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe"}} +00656{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_client.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1441761976198231} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 6/6 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 1456 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 11477602 bytes +~~ total memory freed........: 11477602 bytes +~~ total allocations/frees...: 216633/216633 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 592 chars +~~ json string max len.......: 1669 chars +~~ json string avg len.......: 1119 chars diff --git a/test/results/default/stun_dtls_unidirectional_server.pcap.out b/test/results/default/stun_dtls_unidirectional_server.pcap.out new file mode 100644 index 000000000..1122c4253 --- /dev/null +++ b/test/results/default/stun_dtls_unidirectional_server.pcap.out @@ -0,0 +1,27 @@ +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1441761975301582} +00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761975301582,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975301582,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1441761975301582,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1441761975301582,"pkt":"AAAA1W9UACWeBue\/CABFAABckk9AAC8RlRMhI99nGlMJUQIc4N8ASKsWAQEALCESpEKZUujby\/MKtb8jCDoAIAAIAAHBzSQ2G6oACAAUOG6\/PReCUq3JlsJgMEqY8IjJzYmAKAAEznYIbw=="} +01202{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761975301582,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975301582,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1441761975587269,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1441761975587269,"pkt":"AAAA1W9UACWeBue\/CABFAABckotAAC8RlNchI99nGlMJUQIc4N8ASNSBAQEALCESpEKNBDrS8+vWXmiUEj8AIAAIAAHBzSQ2G6oACAAUIpKr5uGsXESfGDFUtNMC1hzHXuWAKAAEdDFJvQ=="} +01778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1441761975874926,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":958,"pkt_l4_len":924,"thread_ts_usec":1441761975874926,"pkt":"AAAA1W9UACWeBue\/CABFAAOwksNAAC8RkUshI99nGlMJUQIc4N8DnECPFv7\/AAAAAAAAAAAATwIAAEMAAAAAAAAAQ\/7\/Ut3Mk6tuqUdmPtD\/0S2zU9RVqlxrWoD6U0a\/TVOn1OYAwBQAABv\/AQABAAALAAQDAAECAA4ABQACAAIAAA8AAQEW\/v8AAAAAAAAAAQCXCwABvAABAAAAAACLAAG5AAG2MIIBsjCCARugAwIBAAIJAI+IoV4BAT+sMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAMMEExpdmVGb3VuZHJ5IEluYy4wHhcNMTUwODI3MDkwNzA1WhcNMTYwODI3MDkwNzA1WjAbMRkwFwYDVQQDDBBMaXZlRm91bmRyeSBJbmMuMIGfMBb+\/wAAAAAAAAACAPMLAAG8AAEAAIsAAOcNBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxCrcxmZoAQDywCn+GhZjY6HfSn5rqMz8TRnXcc9jU23Yw7Ja92mohgOZR+Qo+cJxTl4KAbuGwcr15mpZW4EgmhWKDiKWrm9p\/InJjxp8EV\/j\/1I882DRAH5+Q+bPFLybYmb9D8k0aB4Pk6G1yg7rz7edN3mQLG1gWVM9B0Sue+kCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB67saGPVm1sTpv5AjMP5+R3wU1alP1uCQcdTSjQINc9PU43HFJfgx3hRO9z0woHwd2\/SmekpEW\/v8AAAAAAAAAAwBWCwABvAABAAFyAABKWhEiJyIl8FFqfxCQFxSbeWOB+D4Mj0loQYDEtNn\/e6zVt69xYS8qgj0pEtvGIMjbCvtoIRAqZIAUIz008tTLs+oxzjGtCikCEMUW\/v8AAAAAAAAABACQDAAAxwACAAAAAACEAwAXQQR27Dr9onTZFENOQON2yhMqGeeWpnA0EbRn2QO4OiJK3PLw0gM9x1w47T3fp9MKcmnScctNeU08Pt58g+r58mG1AIBFM9pY+i47LW6ummB3ST2yBADv+dkmiRvzbBVmJd7PE9AYvjXL3Eafz8RkdBipCaI0id38AvmmeIcRnmMhFv7\/AAAAAAAAAAUATwwAAMcAAgAAhAAAQ903Y0Smx2StBdClTKUpU+l8IW81bgDY\/Jw8GMnhUuvrt8K1pDJ8KSmKX+lYFjY3wXaYjpuEk6aXRxBcS7chMS98E+gW\/v8AAAAAAAAABgASDQAABgADAAAAAAAGAwECQAAAFv7\/AAAAAAAAAAcADA4AAAAABAAAAAAAAA=="} +01580{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761975874926,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975874926,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","tls": {"version":"DTLSv1.0","notafter":"2016-08-27 09:07:05","ja3":"","ja3s":"1974c5c625e99dc22d0477079a54aed3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=LiveFoundry Inc.","subjectDN":"CN=LiveFoundry Inc.","fingerprint":"23:F4:E7:42:93:22:91:BB:A3:54:70:97:94:2A:DE:AF:26:61:18:98"}}} +00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1441761976174312,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1441761976174312,"pkt":"AAAA1W9UACWeBue\/CABFAAB3kwJAAC8RlEUhI99nGlMJUQIc4N8AY1hwFP7\/AAAAAAAAAAgAAQEW\/v8AAQAAAAAAAABAMEcyXPNODypMYT0Ssk4r7kdOXW+9U7+hCDxTj4d5TTNRdICHtbeHbXcfrCzPQpDaPm44sdeZ+qA0rw0R8k1fQA=="} +00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1441761976174318,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1441761976174318,"pkt":"AAAA1W9UACWeBue\/CABFAACMkwNAAC8RlC8hI99nGlMJUQIc4N8AeKyrAAEAXCESpEKP0YtwXMNQlfFxwRMAJAAEfv\/\/\/4ApAAgAAAAAAAAAAAAGACFXWnFrOU8rZ2lqOGF6dE1UOjREMnVnUG5CekUwUnd6MS8gICAACAAUiKI62VDnyBUKfHf8mnzR1DIkRoWAKAAEF76wAg=="} +01290{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761976462611,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1311,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761976462611,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe"}} +00656{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":1311,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1441761976462611} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 6/6 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 1311 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 11479702 bytes +~~ total memory freed........: 11479702 bytes +~~ total allocations/frees...: 216636/216636 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 592 chars +~~ json string max len.......: 1783 chars +~~ json string avg len.......: 1181 chars diff --git a/test/results/default/stun_google_meet.pcapng.out b/test/results/default/stun_google_meet.pcapng.out index 25e561c8c..988c863f9 100644 --- a/test/results/default/stun_google_meet.pcapng.out +++ b/test/results/default/stun_google_meet.pcapng.out @@ -1,56 +1,58 @@ -00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1687685002250009} +00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1687685002250009} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250009,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685002250009,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFppAAEARi+LAqAycSn2Af5UIS2YAHMbcAAEAACESpEJrQUdOTnp2SE5INTk="} +01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002250009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250009,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002250407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250407,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002250407,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685002250407,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFptAAEARi+HAqAycSn2Af7FYS2YAHPW+AAEAACESpEI5R2RXSytLQjJQSUU="} +01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002250407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685002250407,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1687685002250009,"flow_dst_last_pkt_time":1687685002268181,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685002268181,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmlQgAKIBgAQEADCESpEJrQUdOTnp2SE5INTkAIAAIAAG5anwxD5M="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1687685002250407,"flow_dst_last_pkt_time":1687685002268368,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685002268368,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmsVgAKK9BAQEADCESpEI5R2RXSytLQjJQSUUAIAAIAAG5a3wxD5M="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003685843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003685843,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003685843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685003685843,"pkt":"CL6sCxduJjb1W8R1CABFAACYqbBAAEAR4hnAqAycjvpSTJUIS2kAhI1dAAEAaCESpEJmUVJDSFcxSjg2d0gABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAkAARufx7\/wFkAAgABAAAACAAUSRkFwEU4Xe2ByBahcg5+zSK7DUGAKAAE7yXU\/g=="} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003685843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003685843,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1687685003685843,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685003713559,"pkt":"Jjb1W8R1CL6sCxduCABFgABcAAAAACkR4oaO+lJMwKgMnEtplQgASIF0AQEALCESpEJmUVJDSFcxSjg2d0gAIAAIAAG5anwxD5MACAAUnCbUxns7ByhLQe3gWJggj2fuRtmAKAAEzTlfeQ=="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003846345,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003846345,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003846345,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003846345,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685003846345,"pkt":"CL6sCxduJjb1W8R1CABFAACYqb1AAEAR4gzAqAycjvpSTLFYS2kAhPiuAAEAaCESpEJ5eUQvQ0MySmgwQzgABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/wFkAAgABAAAACAAU4qPC0PvptNKr3xno5a6znzZ8MzGAKAAEv54I6w=="} +01217{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685003846345,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003846345,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685003846345,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1687685003850184,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1687685003850184,"pkt":"CL6sCxduJjb1W8R1CABFAACUqb5AAEAR4g\/AqAycjvpSTJUIS2kAgFc2AAEAZCESpEJDY3Vnd0VjS3M1U3EABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAlAAAAJAAEbn8e\/wAIABQRBPG5ZvdojwQrf8+QT0UUl+pOj4AoAAQCVNkR"} -01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003850184,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":120,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":244,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1687685003850184,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":3,"num_binding_requests":2,"num_processed_pkts":3}}} 00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003713559,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1687685003855449,"pkt":"CL6sCxduJjb1W8R1CABFAAC5qb9AAEAR4enAqAycjvpSTJUIS2kApae7Fv7\/AAAAAAAAAAAAkAEAAIQAAAAAAAAAhP79U8QvlMKD8CG3V6IBJXGiID2FZCQNFMTf8XUxGUuriccAAAAWwCvAL8ypzKjACcATwArAFACcAC8ANQEAAEQAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAA4ACQAGAAEACAAHAA=="} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1687685003855449,"flow_dst_last_pkt_time":1687685003867991,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685003867991,"pkt":"Jjb1W8R1CL6sCxduCABFgABcAAAAACkR4oaO+lJMwKgMnEtplQgASHlbAQEALCESpEJDY3Vnd0VjS3M1U3EAIAAIAAG5anwxD5MACAAUwCCc9hgGT3NviGnhjeZxerIm0rSAKAAEHcTQ5Q=="} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003871067,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685003871067,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnEtpsVgASNxmAQEALCESpEJ5eUQvQ0MySmgwQzgAIAAIAAG5a3wxD5MACAAUaD29YF1YYGCxoofK6W8JUGRlPi2AKAAEqdOw\/Q=="} -01181{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1687685003846345,"flow_src_last_pkt_time":1687685003846345,"flow_dst_last_pkt_time":1687685003871067,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1687685003871067,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} -02289{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":27,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003919073,"flow_dst_last_pkt_time":1687685003929116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":1027,"flow_dst_tot_l4_payload_len":7356,"midstream":0,"thread_ts_usec":1687685003929116,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":15371.1,"max":164341,"stddev":39368.1,"var":1549851008.0,"ent":2.4,"data": [27716,164341,5265,154432,6654,36352,35377,88,7,4,14,5,6,4,5,33,4,8,4,4,4,4,27272,18857,13,4,4,9,4,5,4]},"pktlen": {"min":65,"avg":290.0,"max":1231,"stddev":203.2,"var":41279.0,"ent":4.7,"data": [152,92,148,185,92,1231,573,598,65,288,288,288,288,288,288,288,288,288,288,288,288,288,109,109,288,288,288,165,288,288,288,288]},"bins": {"c_to_s": [0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,3,0,1,0,0,0,20,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1],"entropies": [5.938431740,5.693446159,5.907145500,4.997817039,5.679912090,7.332775593,6.760993004,7.409891605,4.603593349,7.060424328,7.083664894,7.159259796,7.130215645,7.048931122,7.046199322,7.094227314,7.077503204,7.049725533,7.095977306,7.143758297,7.077943802,7.098464012,5.672235966,5.727212906,7.040598869,7.076782703,7.038190842,6.382246494,7.161954880,7.089690685,7.073032856,7.083381176]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02399{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":27,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685003919073,"flow_dst_last_pkt_time":1687685003929116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":1027,"flow_dst_tot_l4_payload_len":7356,"midstream":0,"thread_ts_usec":1687685003929116,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":15371.1,"max":164341,"stddev":39368.1,"var":1549851008.0,"ent":2.4,"data": [27716,164341,5265,154432,6654,36352,35377,88,7,4,14,5,6,4,5,33,4,8,4,4,4,4,27272,18857,13,4,4,9,4,5,4]},"pktlen": {"min":65,"avg":290.0,"max":1231,"stddev":203.2,"var":41279.0,"ent":4.7,"data": [152,92,148,185,92,1231,573,598,65,288,288,288,288,288,288,288,288,288,288,288,288,288,109,109,288,288,288,165,288,288,288,288]},"bins": {"c_to_s": [0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,3,0,1,0,0,0,20,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1],"entropies": [5.938431740,5.693446159,5.907145500,4.997817039,5.679912090,7.332775593,6.760993004,7.409891605,4.603593349,7.060424328,7.083664894,7.159259796,7.130215645,7.048931122,7.046199322,7.094227314,7.077503204,7.049725533,7.095977306,7.143758297,7.077943802,7.098464012,5.672235966,5.727212906,7.040598869,7.076782703,7.038190842,6.382246494,7.161954880,7.089690685,7.073032856,7.083381176]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1687685004461444,"flow_dst_last_pkt_time":1687685003871067,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1687685004461444,"pkt":"CL6sCxduJjb1W8R1CABFAACQqfNAAEAR4d7AqAycjvpSTLFYS2kAfJPgAAEAYCESpEJGRUJQYzFVQThCU1AABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/AAgAFJQqoiZNzooLvSeLzTVTKlh5edo9gCgABHuCmMA="} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1687685004461444,"flow_dst_last_pkt_time":1687685004479004,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685004479004,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnEtpsVgASO9LAQEALCESpEJGRUJQYzFVQThCU1AAIAAIAAG5a3wxD5MACAAUZp5QRw5NXPsy5Qrlhatah3HbNzqAKAAE\/XolSw=="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004552860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685004552860,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004552860,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685004552860,"pkt":"CL6sCxduJjb1W8R1CABFAACYqfxAAEAR4c3AqAycjvpSTJUIDZYAhMEOAAEAaCESpEJkZjhUNVpmTjU5SmwABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAkAARufx7\/wFkAAgABAAAACAAU\/8e7e1q7nO+JanZDE+IEZSthIJKAKAAEX0MtGQ=="} -01171{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004552860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685004552860,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01100{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004552860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685004552860,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1687685004552860,"flow_dst_last_pkt_time":1687685004581588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685004581588,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WlQgASCeyAQEALCESpEJkZjhUNVpmTjU5SmwAIAAIAAG5anwxD5MACAAUknV2wFqXEiEKuyN60myVdsDzL\/aAKAAEo4ih3Q=="} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1687685004584424,"flow_dst_last_pkt_time":1687685004581588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1687685004584424,"pkt":"CL6sCxduJjb1W8R1CABFAACUqf9AAEAR4c7AqAycjvpSTJUIDZYAgLy7AAEAZCESpEJJam5UNEJmQVFiVEMABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAlAAAAJAAEbn8e\/wAIABTB+QY1ErQZS1eZfETcnOWmhQrDlIAoAAQyeiKC"} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1687685004584424,"flow_dst_last_pkt_time":1687685004602242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685004602242,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WlQgASIipAQEALCESpEJJam5UNEJmQVFiVEMAIAAIAAG5anwxD5MACAAUNyYqXJb8YAlyLHDvuycWYeMvOtaAKAAEKV9M7g=="} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1687685004641696,"flow_dst_last_pkt_time":1687685004602242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1687685004641696,"pkt":"CL6sCxduJjb1W8R1CABFAACUqgBAAEAR4c3AqAycjvpSTJUIDZYAgPdGAAEAZCESpEIybDZuYTBpandaOWEABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAMACoAqAAhI5WWTUM2MtQAlAAAAJAAEbn8e\/wAIABTU+ZYmIa5GK5iS7Yttc1wYBV3aaIAoAATzHAuQ"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005044008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685005044008,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00691{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005044008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1687685005044008,"pkt":"CL6sCxduJjb1W8R1CABFAACYqhVAAEAR4bTAqAycjvpSTLFYDZYAhPO5AAEAaCESpEI1dDZmdW80dXd2ZFEABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/wFkAAgABAAAACAAUwxd71h3E7agGXCWb8vXAdS7WxdiAKAAE3AMc7g=="} +01100{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005044008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1687685005044008,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1687685005044008,"flow_dst_last_pkt_time":1687685005074246,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685005074246,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WsVgASDkIAQEALCESpEI1dDZmdW80dXd2ZFEAIAAIAAG5a3wxD5MACAAUKJAPNrjYz21z+bHY5KMtFb5duTSAKAAE5XSGkg=="} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1687685005134784,"flow_dst_last_pkt_time":1687685005074246,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1687685005134784,"pkt":"CL6sCxduJjb1W8R1CABFAACQqhdAAEAR4brAqAycjvpSTLFYDZYAfBEPAAEAYCESpEJMdTA0T2pTbmZiWUwABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/AAgAFCDz+0pfbrz6PIl8RjxJCBwiBtxogCgABB6deew="} -01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685005134784,"flow_dst_last_pkt_time":1687685005074246,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1687685005134784,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":3,"num_binding_requests":2,"num_processed_pkts":3}}} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1687685005134784,"flow_dst_last_pkt_time":1687685005152424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1687685005152424,"pkt":"Jjb1W8R1CL6sCxduCABFAABcAAAAACgR5AaO+lJMwKgMnA2WsVgASIG9AQEALCESpEJMdTA0T2pTbmZiWUwAIAAIAAG5a3wxD5MACAAUuQ1+j1g08fL3se212BIsEXEi+UiAKAAE2tP0Qg=="} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":112,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1687685006880453,"flow_dst_last_pkt_time":1687685005152424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1687685006880453,"pkt":"CL6sCxduJjb1W8R1CABFAACQqo5AAEAR4UPAqAycjvpSTLFYDZYAfBw7AAEAYCESpEJkc3FYeGtnZGhzUlgABgAfSHJSZ3BhZDdQZm9LYUFvS0FBaUtBaUFERUE6UDgvTADAVwAEAAAD54AqAAhI5WWTUM2MtQAkAARuAB7\/AAgAFPlpNUakcs8YpG4lPzhlKqXBYvLJgCgABLD\/\/FE="} 02356{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685007476840,"flow_dst_last_pkt_time":1687685007173710,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":1668,"flow_dst_tot_l4_payload_len":977,"midstream":0,"thread_ts_usec":1687685007476840,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":286,"avg":178865.5,"max":1000041,"stddev":232359.1,"var":53990768640.0,"ent":4.0,"data": [28728,31564,20654,57272,57107,114859,326724,7631,286,359302,399475,20851,399538,20813,60291,761585,238269,310501,33128,16660,106522,1355,298484,11725,401011,18917,1000041,80368,40305,278612,42252]},"pktlen": {"min":68,"avg":110.7,"max":565,"stddev":85.7,"var":7337.9,"ent":4.8,"data": [152,92,148,92,148,92,565,91,73,93,68,107,73,91,73,148,92,68,80,91,73,80,80,107,73,91,73,68,148,92,128,91]},"bins": {"c_to_s": [0,14,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0],"entropies": [6.010119915,5.593475819,5.960068226,5.666897774,6.019278049,5.652763844,7.600190163,5.996479034,5.525039673,5.555425644,5.480339050,5.729862213,5.662026882,5.878293514,5.487302303,5.954136372,5.579943180,5.333281517,5.766850948,6.062412739,5.607231617,5.697978497,5.816851616,5.767245293,5.504358292,5.886589527,5.579834938,5.333281517,5.923795223,5.623420238,6.336440086,5.996479034]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1687685012276569,"flow_dst_last_pkt_time":1687685002268181,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685012276569,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFwhAAEARi3TAqAycSn2Af5UIS2YAHLudAAEAACESpEJId3pvTWRNK3NxNSs="} -01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685012276569,"flow_dst_last_pkt_time":1687685002268181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1687685012276569,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} +01128{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685012276569,"flow_dst_last_pkt_time":1687685002268181,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1687685012276569,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1687685012277026,"flow_dst_last_pkt_time":1687685002268368,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685012277026,"pkt":"CL6sCxduJjb1W8R1CABFAAAwFwlAAEARi3PAqAycSn2Af7FYS2YAHH+BAAEAACESpEJ3NDhicURMWGJEVmc="} -01180{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685012277026,"flow_dst_last_pkt_time":1687685002268368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1687685012277026,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} +01128{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":173,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685012277026,"flow_dst_last_pkt_time":1687685002268368,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":32,"midstream":0,"thread_ts_usec":1687685012277026,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1687685012276569,"flow_dst_last_pkt_time":1687685012293995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685012293995,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmlQgAKHUhAQEADCESpEJId3pvTWRNK3NxNSsAIAAIAAG5anwxD5M="} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1687685012277026,"flow_dst_last_pkt_time":1687685012294220,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1687685012294220,"pkt":"Jjb1W8R1CL6sCxduCABFgAA8AAAAACkR+PBKfYB\/wKgMnEtmsVgAKDkEAQEADCESpEJ3NDhicURMWGJEVmcAIAAIAAG5a3wxD5M="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1687685022297743,"flow_dst_last_pkt_time":1687685012293995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685022297743,"pkt":"CL6sCxduJjb1W8R1CABFAAAwGNNAAEARianAqAycSn2Af5UIS2YAHKJSAAEAACESpEJyZU55VnlHRHFRT3A="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1687685022298017,"flow_dst_last_pkt_time":1687685012294220,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1687685022298017,"pkt":"CL6sCxduJjb1W8R1CABFAAAwGNRAAEARiajAqAycSn2Af7FYS2YAHLRsAAEAACESpEJrNHRjRWNhcTQ3NlA="} -02278{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685041837696,"flow_dst_last_pkt_time":1687685041855156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":1864,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1687685041855156,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":30238,"avg":2374349.5,"max":8437597,"stddev":2513707.0,"var":6318722646016.0,"ent":4.3,"data": [30238,90776,78178,1745669,1745625,749698,749771,2799723,2799844,3108626,3108432,997539,997498,1610326,1610265,582546,582775,6554830,6554484,8437477,8437597,882386,882517,6551657,6551432,792405,792639,992950,992997,897080,896856]},"pktlen": {"min":92,"avg":118.2,"max":152,"stddev":26.3,"var":690.9,"ent":5.0,"data": [152,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92]},"bins": {"c_to_s": [0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [6.041833401,5.593477249,6.058853149,5.579942226,5.987570286,5.506519794,6.008540154,5.558203220,6.054466248,5.666898727,5.907513618,5.762059689,6.055450439,5.636953354,6.025833607,5.636953354,6.114410400,5.631624699,5.992813587,5.636953831,6.027671337,5.623420238,5.998055458,5.639230251,6.058160305,5.571735382,6.015348434,5.740320206,6.043981075,5.718581200,5.986004829,5.718581676]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01137{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1687685003846345,"flow_src_last_pkt_time":1687685004461444,"flow_dst_last_pkt_time":1687685004479004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01008{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685059743208,"flow_dst_last_pkt_time":1687685041855156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685052357802,"flow_dst_last_pkt_time":1687685052375389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01143{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":46,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685004555487,"flow_dst_last_pkt_time":1687685004163202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":2858,"flow_dst_tot_l4_payload_len":10256,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02403{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685041837696,"flow_dst_last_pkt_time":1687685041855156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":1864,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1687685041855156,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":30238,"avg":2374349.5,"max":8437597,"stddev":2513707.0,"var":6318722646016.0,"ent":4.3,"data": [30238,90776,78178,1745669,1745625,749698,749771,2799723,2799844,3108626,3108432,997539,997498,1610326,1610265,582546,582775,6554830,6554484,8437477,8437597,882386,882517,6551657,6551432,792405,792639,992950,992997,897080,896856]},"pktlen": {"min":92,"avg":118.2,"max":152,"stddev":26.3,"var":690.9,"ent":5.0,"data": [152,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92]},"bins": {"c_to_s": [0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [6.041833401,5.593477249,6.058853149,5.579942226,5.987570286,5.506519794,6.008540154,5.558203220,6.054466248,5.666898727,5.907513618,5.762059689,6.055450439,5.636953354,6.025833607,5.636953354,6.114410400,5.631624699,5.992813587,5.636953831,6.027671337,5.623420238,5.998055458,5.639230251,6.058160305,5.571735382,6.015348434,5.740320206,6.043981075,5.718581200,5.986004829,5.718581676]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01247{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1687685003846345,"flow_src_last_pkt_time":1687685004461444,"flow_dst_last_pkt_time":1687685004479004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":128,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01133{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":16,"flow_first_seen":1687685005044008,"flow_src_last_pkt_time":1687685059743208,"flow_dst_last_pkt_time":1687685041855156,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":1024,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":45400,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01147{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250407,"flow_src_last_pkt_time":1687685052357802,"flow_dst_last_pkt_time":1687685052375389,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":45400,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01253{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":46,"flow_first_seen":1687685003685843,"flow_src_last_pkt_time":1687685004555487,"flow_dst_last_pkt_time":1687685004163202,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":2858,"flow_dst_tot_l4_payload_len":10256,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01133{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":55,"flow_dst_packets_processed":24,"flow_first_seen":1687685004552860,"flow_src_last_pkt_time":1687685011180562,"flow_dst_last_pkt_time":1687685011133449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":381,"flow_dst_max_l4_payload_len":537,"flow_src_tot_l4_payload_len":5092,"flow_dst_tot_l4_payload_len":2517,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":38152,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685052357557,"flow_dst_last_pkt_time":1687685052375005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":214,"packets-processed":214,"total-skipped-flows":0,"total-l4-payload-len":24719,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_usec":1687685059743208} +01147{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1687685002250009,"flow_src_last_pkt_time":1687685052357557,"flow_dst_last_pkt_time":1687685052375005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1687685059743208,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"74.125.128.127","src_port":38152,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_google_meet.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":214,"packets-processed":214,"total-skipped-flows":0,"total-l4-payload-len":24719,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1687685059743208} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 214/214 ~~ skipped flows.............: 0 @@ -59,10 +61,10 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7783699 bytes -~~ total memory freed........: 7783699 bytes -~~ total allocations/frees...: 146640/146640 +~~ total memory allocated....: 11492238 bytes +~~ total memory freed........: 11492238 bytes +~~ total allocations/frees...: 216894/216894 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 551 chars -~~ json string max len.......: 2361 chars -~~ json string avg len.......: 1455 chars +~~ json string max len.......: 2408 chars +~~ json string avg len.......: 1478 chars diff --git a/test/results/default/stun_msteams_unidir.pcapng.out b/test/results/default/stun_msteams_unidir.pcapng.out index 43213e060..6ef64b30c 100644 --- a/test/results/default/stun_msteams_unidir.pcapng.out +++ b/test/results/default/stun_msteams_unidir.pcapng.out @@ -1,14 +1,14 @@ -00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744005970632} +00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744005970632} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744005970632,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744005970632,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744005970632,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1618744005970632,"pkt":"AAAAAAAAAAUA5TB2CABFAABkOG0AAG4RTXE0c4g3CgAAAQ2Xw1YAUAESAQEANCESpEJWcAnCrgDmmNmPAZCAcAAEAAAABwAgAAgAAeJEc6CbOQAIABQIHBh8TPkDR23jBTje41VGgqHl0IAoAARRPQxU"} +01207{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744005970632,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744005970632,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744006480313,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1618744006480313,"pkt":"AAAAAAAAAAUA5TB2CABFAABDOHAAAG4RTY80c4g3CgAAAQ2Xw1YAL7urgMkABQAAA+hURUE7b2gVFPqcmMldelzzgAChXgHj5LmQ6OP80uFw"} 02175{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1618744006480313,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1257,"pkt_l4_len":1223,"thread_ts_usec":1618744006480313,"pkt":"AAAAAAAAAAUA5TB2CABFAATbOHEAAG4RSPY0c4g3CgAAAQ2Xw1YExyyCgMkBKwAAA+g04NBQkTiMlctbYK4Ra5ZLFxfT\/GCsQYdz1vjgNQA1Yv3zTqyHRqqkzmfn4FhRBqYB99GgUjrRqOuhvmKcA\/Lt3E3NRJRdu306hPEpD00o2CCAYtDvSrHOD4KmaFm31I8JRlmZcekFc3KGedIrt39z66JpA2S2KmkNos15cl6k7bkUhHDVz\/noudmFAm+ttAqMeR2Ht229wsfef49c1wB2VCP6NMdq52i\/BsRt2Yriaf9JgkkwxZ0hOmElJhbth\/\/VOXxqWfx3hsmECk+3sBNLLbKQSZoen3KPLK5dl97FeVlHMA5zrUT2\/PXyL3OGPD+KQexREy\/ycs\/cK+vthQcxym2f9SUSiZUDDnSG8vu0797yG6+njY7z78b9u8mhN418L25e7RzNDgrGrD+Nwn5OYf\/Yn93Seenj9qPgzXbLOrDc\/uNKkrw8rHlnLqGggO\/SqOqn50rngJzGCxrrQa7AHRZu3m7rTK8x3M0ojCGv9Y7R9xSdmM2f7qCdpYZmmF7Nu9K9FnvXeGbSdOqvGbjq3IWoNDra5tmx8c5h5XZSMwgKmO00OZOj7W4u074hccuoJwD7XP6y8qhc\/+Rc1\/AHpXtZAFft02QWkdGiP1+w1\/OHU009QR7q6DXiQ1TiPTKyZtHJEIhTxoFs\/YB5jjmyn5qGDMtVVPYPTYJ\/Zrmmb3ENsnPkOzZ7WIhjLZblk+9B32L6\/6LCfZx4WGEO5d2GJO34mReC8CpkBOWQsm+XgYIGkqJzetGxpQdPcq59PDDvC0dhjtBOJ90b9q\/JOrIrC0Aa6OoYQMATGO\/+bBvUwbLqEcEVwsKW3zh96a9ST4YRXrd3hQEEk4nHmOryRc\/t34lz8iH4+2S2OaK3IpD1rDpQ9UQ+fkW0Twbc2YUqgB0ltG2iNX2JaewC62q3ln3vK4i49OPjfED+CAusbaqzYuPvj2lg61xa6bBXuHaE3R2z5SHs0kH03NOgtoEpedOZ6eol1piYdkHRIqW\/uV3m1ZvSHgLaIKVS2bToeI8mpiIB8cvCRRlYcXdVnnGBeU21nIq6ptov2ipm1j142PWQtY0YPI3NHkLy2mhKuRjr8YYuwrJl2KxP0OYFdrhKF2bcXqbJytKrShR9597UTHHw6ukhv2m19IjNYDMEts9YNaN1IwixG8DsyKB+bAfvfh9ALZOLJQQLAO0v1oUPVU2yNZ9QAdo773Q1R81glQvHRCzRxfhJP1+0GSDlQwcLtXPIyyOQv9M5dfKmjl9znQFz+BvQpsCkv0rNyKmREyfBQ2\/i1DpywnKQXTEJyaBxDtZshq6xz\/4TH3dhWt5AC84ZpNxQAoUzyhoLWwiRcnrUUuI6rWJE9sI2mRklLdt1rpIpRECWbKRULyWCHLkNfER1zgLftc3aTijTVu0MUnu7bpPtDBRIs2GNiIK9Kwj2QDP3FUDViBP+ekkyn+MfxL1\/SMG1vf5rrAzWe961dxAdmfvFgU3Yf\/ge6w39I1pB46H9wAeViPTu5xA8L3xhUb2KynqSUAJbxGTEGGSRDvQhWhaLJBn+pvcnB\/C\/N7E0W+kyjyN6SYxyKhkihBNZihCaRhGeNNnSxmvdgAChXwFNTpX4H6DrGf6c"} 02170{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1618744006480360,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1257,"pkt_l4_len":1223,"thread_ts_usec":1618744006480360,"pkt":"AAAAAAAAAAUA5TB2CABFAATbOHIAAG4RSPU0c4g3CgAAAQ2Xw1YEx\/GBgMkBKwAAA+gk6GdnQrq1sxg2rp3tQsLgw0gVWymTaLOvFHT9ui9D7gDmu\/IOxaHejjGputpbrUbXgAbO8Er99xmHrDIMUbUtyv51Hl7AneuGh6Dd2p5b\/VwN4FXKvV+F+9SbOhEAXHBCYBh8VFS+gkvRvb5DM05KtlLw3IlGYKJIjBf+U9MtVgNdPrr\/SUHwUJnVhqaFyMbeFNwwwjKt6W2sHlQ72rrpPBq4S3rd+Oe6kEb1pEYreq6bW1jEGHdkOV0iMK0Jrk+7Mr\/iAK1zlpK6Lr\/o+CIxRNeX3vLHLOFk63nkefy0IYKoOev6VK0c2oTcvttvlpvT4nuVeCtO34N9H1eF6gZ5iQfmgYZnv8JY6Gse5CnhCmALTKVCNIzytzsvQP5nntxH1Re9YTf38i1Wn7vQ3q\/GsfKaeEQFnApXe7KiW0ezdf7Wa1SQ\/gCnbIJs2390UpYixvatPIUurguPoVkFZUWMx21eEdysM9loFemtygvGTTFEr6TVPztELotocBHR05nFbKhmEumGH0VD11Z9Zn00I6Qcy9GrBja9dX7AMG9MWIh6dO1uT6Q7K32st76EZcJMPK6jf2mRRu2rmKjvy3iyMJI4zao8WBQ+RS\/q1HkmDaQQfOMGlzLEy24bXJ6bl6jeHzl0VrhmJ5lIBGm6YxLbNAWKJK7pW\/1+e9nAUIpqcna3GU7DZqjcDQYLYcYGbYl9MxJ8yJtwv8TUlEzOgeoR6gLH8odQhnVskEi9WnOkrb0FXzeU5vpLKLTevAisomyWbIJAQXW1jmnCMnZsU9bXqz6gsW9rOvE8aIwRLWzn72RU+B+rD13+E7VdNEQu+CxTs0HXh5eswjm+jKjiL4XIN+B1HyAFjm7gfxpPZVA0VXGgVxcb6ECAUg91y2oSFlfwSzKSqlpnM5GjsmkEEgIWKh+jaRFv7w\/leDpePcdailRyGFuKP2FfSJQST2W2zlQrMF\/oNUjP6aZdNaxzoSoCXMJd7Up\/mt8RqMgsrWcYUMHvQ06h+exj898vCZtB1V+TLwW9uBektzF+CXOqqrF1Z9FSLK6FRk\/mRj4sDj4kh9egaoIbswL\/TUDlkzUlOiGsXKLhjW3tS3FyfPt1tfezIXGHEh4EW60zksXjIEgJDPLc\/qO4WG42aNVJdylffvScrUJ3xzSfGuM0vqgfMiB+3CM4zhYcDJCEucrnFdmhMiEQPdR7A9TRXrNULsYoSroOvapvGllOcBcM6yVEVim0NhZ6IqBqdVPRFgM6TEKUId6MqCsrZOn505zSvp6uI+iYbTVt2vAwVNgy8zy9fIWVcuykSzkvH+d42DP+VXtpttwkWetjb36T\/ZS2XTr7PuIk7Yvla\/G4HlzHMbBpi60aJl0BS37yoR0f2qm9WHw2KnODhEyhAYb4IeKTGj\/HuRy9XbO6k1YH6otSJwQ\/cgkZs2iWIsENJksqX0PSeqfZ7ACHXxQiZEIMG8YTWkv4u7u2JT7ExAILLkiwT\/QQD4jmFyu\/ht83e0GIjVy9NYLfpkj64XFHRO7PLRYwx8ki+XfUPsu1+DA2BfaB3A+I8\/B11Z4sg+PtwrTD3Q9hvnk7uPTQPIiGzwEGgAChYAHgggO6ksVgq664"} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1618744006794573,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_usec":1618744006794573,"pkt":"AAAAAAAAAAUA5TB2CABFAACHOHQAAG4RTUc0c4g3CgAAAQ2Xw1YAc6HlgMgADgAAA+hZLCORUikt0lMMVuqc62jK8b9ObVoTSM\/lJgLtxS1nRRDaLJ4KDYgtyq2PsWx4ZAx8e0UeKef0\/\/qTc52IDGdgIZ3TuK4YxTFWM4fkMdciSGlScqeAAKFiAVZYWPTPO\/w0aQ0="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744008391145,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2792,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744008391145,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_Teams","proto_id":"78.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":3,"num_binding_requests":0,"num_processed_pkts":3}}} -01235{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744010505540,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5440,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744010505540,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_Teams","proto_id":"78.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":5440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1618744010505540} +01238{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1618744005970632,"flow_src_last_pkt_time":1618744010505540,"flow_dst_last_pkt_time":1618744005970632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1215,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5440,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744010505540,"l3_proto":"ip4","src_ip":"52.115.136.55","dst_ip":"10.0.0.1","src_port":3479,"dst_port":50006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_msteams_unidir.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-payload-len":5440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1618744010505540} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -17,10 +17,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7767101 bytes -~~ total memory freed........: 7767101 bytes -~~ total allocations/frees...: 146383/146383 +~~ total memory allocated....: 11475720 bytes +~~ total memory freed........: 11475720 bytes +~~ total allocations/frees...: 216637/216637 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 578 chars ~~ json string max len.......: 2180 chars -~~ json string avg len.......: 1367 chars +~~ json string avg len.......: 1361 chars diff --git a/test/results/default/stun_signal.pcapng.out b/test/results/default/stun_signal.pcapng.out index 5cb80fcc8..b43dfa3b0 100644 --- a/test/results/default/stun_signal.pcapng.out +++ b/test/results/default/stun_signal.pcapng.out @@ -1,17 +1,23 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1636901936040353} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1636901936040353} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040353,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936040353,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdVpAAEAR0ZTAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936040353,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040353,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936040699,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040699,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936040699,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936040699,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdVtAAEAR0ZPAqAyprP15f7hkS2YAHGpqAAEAACESpEJ0a0VLMmtzWEZzMm8="} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936040699,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936040699,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936065479,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936065479,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU1AAEAR9NjAqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936065479,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936065479,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070153,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070153,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU5AAEAR9NfAqAypI563p7hkDZYAHPweAAEAACESpEJjaDExN25ZQXk2MTA="} +01077{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936070153,"flow_dst_last_pkt_time":1636901936070153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070153,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070262,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070262,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnU9AAEAR9NbAqAypI563p5peDZYAHOX3AAEAACESpEJkOSt6R0JMc3JIbis="} +01077{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936070262,"flow_dst_last_pkt_time":1636901936070262,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070262,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936070410,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnVBAAEAR9NXAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} +01193{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936070410,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936070410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936083692,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901936083692,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbq0AAOABw2wjnrenwKgMqQMDpcEAAAAARQAAMJ1NQAAgERTZwKgMqSOet6e4ZAG7ABzz8QABAAAhEqRCME1BM2doTDV4K0Zu"} 01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901936083692,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936083692,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.050556}} @@ -22,20 +28,22 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936135326,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936135326,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVNAAEAR9MrAqAypI563p7hkAbsAJNuCAAMACCESpEI0YTJQbEl4dk1TUisAGQAEEQAAAA=="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936135836,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936135836,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVRAAEAR9MnAqAypI563p5peAbsAJPWkAAMACCESpEJKS0hOWUJHNGV5VkoAGQAEEQAAAA=="} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901936138159,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4Lz5AAOMRv58jnrenwKgMqQ2Wml4AZJPmARMASCESpEI3Q1lCTmVMaEVzcmUACQAQAAAEAVVuYXV0aG9yaXplZAAVABBjOGY3M2M5NzZiMDJiOWM4ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABHmTjPc="} -01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936138159,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","stun": {"num_pkts":3,"num_binding_requests":1,"num_processed_pkts":2}}} +00986{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901936120747,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":176,"midstream":0,"thread_ts_usec":1636901936138159,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936144242,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nVVAAEAR9MjAqAypI563p7hkDZYAJNmuAAMACCESpEIwWE1VcCtxUS9rUlMAGQAEEQAAAA=="} -01038{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901936144242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} +00986{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936087734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901936144242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936144585,"flow_dst_last_pkt_time":1636901936138159,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901936144585,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnVZAAEAR9G\/AqAypI563p5peDZYAfGxHAAMAYCESpEJTREg5Z3IrK1V4dm0AGQAEEQAAAAAGABUxNjM2OTg4MzM1OjE4NzU0MzQwNDUAAAAAFAAKc2lnbmFsLm9yZwAAABUAEGM4ZjczYzk3NmIwMmI5YzgACAAUVADVyCcFlHpNR6\/JlEM11GK82Wc="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936150779,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901936150779,"pkt":"mt9Y+uvcCL6sCxduCABFAABUbrkAAOABw1gjnrenwKgMqQMDpckAAAAARQAAOJ1TQAAgERTLwKgMqSOet6e4ZAG7ACTbggADAAghEqRCNGEyUGxJeHZNU1IrABkABBEAAAA="} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936150821,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901936150821,"pkt":"mt9Y+uvcCL6sCxduCABFAABUbroAAOABw1cjnrenwKgMqQMDpckAAAAARQAAOJ1UQAAdERfKwKgMqSOet6eaXgG7ACT1pAADAAghEqRCSktITllCRzRleVZKABkABBEAAAA="} 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936144242,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901936160415,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4L0JAAOARwpsjnrenwKgMqQ2WuGQAZP9bARMASCESpEIwWE1VcCtxUS9rUlMACQAQAAAEAVVuYXV0aG9yaXplZAAVABA5NTNlMjE2ZTYwMmRiMDdlABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABBFo+J8="} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936185855,"flow_dst_last_pkt_time":1636901936160415,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1636901936185855,"pkt":"CL6sCxdumt9Y+uvcCABFAACQnVhAAEAR9G3AqAypI563p7hkDZYAfGwXAAMAYCESpEJMbjdHYmN5WG5rbm4AGQAEEQAAAAAGABUxNjM2OTg4MzM1OjE4NzU0MzQwNDUAAAAAFAAKc2lnbmFsLm9yZwAAABUAEDk1M2UyMTZlNjAyZGIwN2UACAAUIW2HvRLiM2\/Mn2aCV9BfzE1X65g="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936292139,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWhAAEAR0YbAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936292139,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":1,"num_processed_pkts":0}}} +01225{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936040353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936292139,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936292790,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdWlAAEAR0YXAqAyprP15f7hkS2YAHGpqAAEAACESpEJ0a0VLMmtzWEZzMm8="} +01225{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936040699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936292790,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936316455,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936316455,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWJAAEAR9MPAqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} +01225{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936316455,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936316455,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936320168,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWNAAEAR9MLAqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936320168,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} +01225{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901936320168,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936320168,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936331596,"flow_dst_last_pkt_time":1636901936083692,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901936331596,"pkt":"mt9Y+uvcCL6sCxduCABFAABMbuUAAOABwzQjnrenwKgMqQMDpcEAAAAARQAAMJ1iQAAgERTEwKgMqSOet6e4ZAG7ABzz8QABAAAhEqRCME1BM2doTDV4K0Zu"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936385688,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936385688,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nWRAAEAR9LnAqAypI563p7hkAbsAJNuCAAMACCESpEI0YTJQbEl4dk1TUisAGQAEEQAAAA=="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936386031,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901936386031,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nWVAAEAR9LjAqAypI563p5peAbsAJPWkAAMACCESpEJKS0hOWUJHNGV5VkoAGQAEEQAAAA=="} @@ -45,22 +53,25 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901936667023,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8TocAACURUtys\/Xl\/wKgMqUtmuGQAKJgrAQEADCESpEJ0a0VLMmtzWEZzMm8AIAAIAAEPY3w9RVE="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936817391,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936817391,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWZAAEAR9L\/AqAypI563p7hkAbsAHPPxAAEAACESpEIwTUEzZ2hMNXgrRm4="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1636901936821517,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901936821517,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnWdAAEAR9L7AqAypI563p5peAbsAHIqqAAEAACESpEJaZmI0ZFV3bVhyejU="} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901936889693,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901936889693,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":3,"num_processed_pkts":3}}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956886692,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuBAAEAR80XAqAypI563p6g8DZYAHMrjAAEAACESpEJ3MXhZWGxMSlFtK2Q="} -01161{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01098{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956886692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956886692,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956899977,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuFAAEAR80TAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901956899977,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956899977,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956900169,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956900169,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevFAAEARy\/3AqAyprP15f6g8S2YAHDXLAAEAACESpEJuRGJFSkJreUFwVW4="} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901956900169,"flow_dst_last_pkt_time":1636901956900169,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956900169,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956886692,"flow_dst_last_pkt_time":1636901956903176,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901956903176,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP61AAOARsjgjnrenwKgMqQ2WqDwAXIeiAQEAQCESpEJ3MXhZWGxMSlFtK2QAIAAIAAEPlHw9RVEAAQAIAAEuhl0v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAARTHy4\/"} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901956921410,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956921410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956921410,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956921410,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwevJAAEARy\/zAqAyprP15f5wOS2YAHEUhAAEAACESpEJOVFU1cXVJU2dZVFA="} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901956921410,"flow_dst_last_pkt_time":1636901956921410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956921410,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956929987,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuJAAEAR80PAqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} +01215{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901956929987,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956929987,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901956930390,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnuNAAEAR80LAqAypI563p5wODZYAHNwWAAEAACESpEI1alVGbDBvdmFLRGs="} -01162{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956930390,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901956930390,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956930390,"flow_dst_last_pkt_time":1636901956946587,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901956946587,"pkt":"mt9Y+uvcCL6sCxduCABFAABwP65AAOQRrjcjnrenwKgMqQ2WnA4AXORTAQEAQCESpEI1alVGbDBvdmFLRGsAIAAIAAEPlXw9RVEAAQAIAAEuh10v4ROAKwAIAAENliOet6eALAAIAAEAUCOet6eAIgAETm9uZYAoAAT10UAM"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1636901956960274,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956960274,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nuZAAEAR8zfAqAypI563p6g8AbsAJMHVAAMACCESpEJwYTVMazRiQkhvWTEAGQAEEQAAAA=="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1636901956962305,"flow_dst_last_pkt_time":1636901956946587,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901956962305,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4nudAAEAR8zbAqAypI563p5wODZYAJOqGAAMACCESpEJuWjVNSmNUejZrc3YAGQAEEQAAAA=="} @@ -82,41 +93,43 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1636901957172132,"flow_dst_last_pkt_time":1636901957551924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901957551924,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8ergAACURJyus\/Xl\/wKgMqUtmnA4AKHKwAQEADCESpEJOVFU1cXVJU2dZVFAAIAAIAAEPlXw9RVE="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1636901957650455,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957650455,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnxNAAEAR8xLAqAypI563p6g8AbsAHKfZAAEAACESpEJpNFFIaG51aVlxTjI="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1636901957680781,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901957680781,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwnxZAAEAR8w\/AqAypI563p5wOAbsAHAwRAAEAACESpEJneHI1SHRPK0tqKzc="} -01266{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901957711133,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901957711133,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":3,"num_processed_pkts":3}}} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901957719478,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901957719478,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":3,"num_processed_pkts":3}}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958294242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636901958294242,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8azVAAEARa5jAqAypEsODj6g87uQAaP5FAAEATCESpEJyRHdyaGtEci8vOWUABgAJV0pzdTptTndxAAAAwFcABAADAAqAKgAIbYcgPZwg8UAAJAAEbn8e\/wAIABR\/b\/AcoEEqLjwzw3SbmvWontQU34AoAARPt0SR"} +01197{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958294242,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901958294242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636901958378136,"pkt":"mt9Y+uvcCL6sCxduCABFSABcrnFAAAMRZTQSw4OPwKgMqe7kqDwASOO3AQEALCESpEJyRHdyaGtEci8vOWUAIAAIAAEPmHw9RVEACAAUZTe+q2TI1x26\/6LLBdUUDVZaZoOAKAAEsQfEQQ=="} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636901958378173,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8rnJAAAMRZRMSw4OPwKgMqe7kqDwAaODiAAEATCESpEJ2dFg5dWZIQUdCakMABgAJbU53cTpXSnN1AAAAwFcABAADA4SAKQAIQYCdgvFBqWUAJAAEbn8g\/wAIABSzQMYtF7YKfV2BCR2ZgRKFjKrZ7YAoAASRLc2k"} -01162{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":2,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901958294242,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":160,"midstream":0,"thread_ts_usec":1636901958378173,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":2,"num_processed_pkts":3}}} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1636901958386718,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636901958386718,"pkt":"CL6sCxdumt9Y+uvcCABFAABcaztAAEARa7LAqAypEsODj6g87uQASCG+AQEALCESpEJ2dFg5dWZIQUdCakMAIAAIAAHP9jPRJ80ACAAUJmmebdkZZFSwkh7L8yz62k564LmAKAAEReD9tw=="} 00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1636901958394511,"flow_dst_last_pkt_time":1636901958378173,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1636901958394511,"pkt":"CL6sCxdumt9Y+uvcCABFAACEazxAAEARa4nAqAypEsODj6g87uQAcJERAAEAVCESpEJwNFQrb1h3aGNEZzcABgAJV0pzdTptTndxAAAAwFcABAADAAqAKgAIbYcgPZwg8UDAAQAEAAAAAQAkAARufx7\/AAgAFAU5PfclhugC7DGLkMWmAbOXS5FggCgABGgSKPI="} 02325{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901960601813,"flow_dst_last_pkt_time":1636901960620966,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1032,"flow_dst_tot_l4_payload_len":1012,"midstream":0,"thread_ts_usec":1636901960620966,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":25,"avg":149493.4,"max":679364,"stddev":200828.1,"var":40331911168.0,"ent":3.9,"data": [83894,37,92476,7793,46066,91419,25,37867,39955,9097,41868,367689,125,441001,43,600796,610250,117949,49918,49758,64212,212886,679364,8747,45,503798,102888,200994,101814,9344,62177]},"pktlen": {"min":56,"avg":91.9,"max":132,"stddev":24.9,"var":621.5,"ent":4.9,"data": [124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,84,84,124,92,56,84,56,56,56,124,92,84,56,84]},"bins": {"c_to_s": [4,3,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,0,1,1,0,0,1,1,1,0,0,1,0,0,1],"entropies": [5.768973827,5.811776161,5.931350708,5.819116592,5.739065170,5.636717796,5.871664047,5.907987118,5.819117546,5.781831741,5.903046608,5.775639534,5.668575764,5.083614826,5.811898232,5.271638393,5.861793995,5.810910702,5.781786919,5.698687553,5.893005371,5.819117069,5.083614826,5.770115376,5.235924244,5.200210571,5.083615780,5.835623741,5.811777115,5.606133938,5.119328976,5.779102325]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01081{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":2,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901964741654,"flow_dst_last_pkt_time":1636901940925734,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636901966826937,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1636901967279945,"flow_dst_last_pkt_time":1636901957525218,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901967279945,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwfCFAAEARys3AqAyprP15f6g8S2YAHDMFAAEAACESpEI4KzdNdk9qTHloVm0="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1636901967305260,"flow_dst_last_pkt_time":1636901957551924,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901967305260,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwfCRAAEARysrAqAyprP15f5wOS2YAHCjCAAEAACESpEJCTndzakJKdHNsVHY="} -01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901967532099,"flow_dst_last_pkt_time":1636901967653267,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1636901967653267,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":4,"num_processed_pkts":3}}} -01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901967553880,"flow_dst_last_pkt_time":1636901967684533,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1636901967684533,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":4,"num_processed_pkts":3}}} 02297{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":2,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901940925734,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636901980739508,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":15,"avg":1596705.0,"max":17079364,"stddev":3547473.5,"var":12584568750080.0,"ent":2.8,"data": [4084,63003,42,180775,3510,1499231,2002773,15,4841966,76,17079364,30045,28084,9989,178591,30710,1472432,2000483,30998,3968781,29896,37348,7808,7927339,28492,35381,6539,7931223,29238,34577,5065]},"pktlen": {"min":76,"avg":81.5,"max":124,"stddev":11.6,"var":133.8,"ent":5.0,"data": [76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84]},"bins": {"c_to_s": [0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [5.045846939,5.151109695,5.089153290,5.017724991,5.072162628,5.124794006,5.045846939,5.035913944,5.088545322,5.533661366,5.689179420,4.953483582,4.999665260,4.975942135,4.999751568,4.937100887,4.999665260,5.025980949,5.025980949,4.999665260,4.989732265,4.983282089,4.999751568,4.975942135,5.025980949,5.062229633,5.056357384,5.008738518,4.999665260,5.035913944,5.008738041,5.056357384]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01224{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00794{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01236{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01236{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01247{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01247{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01247{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01247{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01009{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00998{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636901987911616,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998588925,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdlAAEARxRXAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998588925,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998588925,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998589226,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998589226,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgdpAAEARxRTAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636901998589226,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998589226,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637116,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998637116,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EdAAEAR8rLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998637116,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637116,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998637207,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EhAAEAR8rHAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901998637207,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998637207,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998642149,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998642149,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43ElAAEAR8qjAqAypI55607qXAbsAJIeGAAMACCESpEJ0b3RZc3QzdHNudm0AGQAEEQAAAA=="} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644152,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998644152,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43EpAAEAR8qfAqAypI55607qXDZYAJM8KAAMACCESpEJRck1mY3NySEUrbG4AGQAEEQAAAA=="} +01100{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998644152,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644152,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644452,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998644452,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3EtAAEAR8q7AqAypI55605RSDZYAHOlfAAEAACESpEJTRld4cWpibUxkeFo="} +01100{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998644452,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998644452,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998644152,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998645824,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3ExAAEAR8q3AqAypI55607qXDZYAHAfgAAEAACESpEJsR1ZDTTdDN1dMVEo="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":297,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998644452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998654073,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E1AAEAR8qTAqAypI55605RSDZYAJBd3AAMACCESpEJOTG9MWFNjWDdLU3cAGQAEEQAAAA=="} 00756{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636901998654623,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998654623,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} @@ -125,9 +138,7 @@ 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998654665,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998654665,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVVQAAOMBFpojnnrTwKgMqQMDaO0AAAAARQAAMNxIQAAgERKywKgMqSOeetOUUgG7ABwljAABAAAhEqRCVjVicmFhSFdCOW5q"} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998657287,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901998657287,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVUAAOMBFpEjnnrTwKgMqQMDaPUAAAAARQAAONxJQAAgERKpwKgMqSOeetO6lwG7ACSHhgADAAghEqRCdG90WXN0M3RzbnZtABkABBEAAAA="} 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1636901998660620,"pkt":"mt9Y+uvcCL6sCxduCABFIAB49klAAOMRNUgjnnrTwKgMqQ2WupcAZEK5ARMASCESpEJRck1mY3NySEUrbG4ACQAQAAAEAVVuYXV0aG9yaXplZAAVABA0YTlmNTljZmZlODk0NGE5ABQACnNpZ25hbC5vcmcAAIAiAAROb25lgCgABLOFpWg="} -01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":301,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1636901998660620,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","stun": {"num_pkts":2,"num_binding_requests":1,"num_processed_pkts":1}}} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998660636,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901998660636,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9kpAAOQRNE8jnnrTwKgMqQ2WlFIAXFMAAQEAQCESpEJTRld4cWpibUxkeFoAIAAIAAEPi3w9RVEAAQAIAAEumV0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAASDCssQ"} -01040{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636901998654073,"flow_dst_last_pkt_time":1636901998660636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1636901998660636,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998645824,"flow_dst_last_pkt_time":1636901998660651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1636901998660651,"pkt":"mt9Y+uvcCL6sCxduCABFIABw9ktAAOMRNU4jnnrTwKgMqQ2WupcAXFiiAQEAQCESpEJsR1ZDTTdDN1dMVEoAIAAIAAEPinw9RVEAAQAIAAEumF0v4ROAKwAIAAENliOeetOALAAIAAEAUCOeetOAIgAETm9uZYAoAAR90ekp"} 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998662264,"flow_dst_last_pkt_time":1636901998660651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1636901998662264,"pkt":"CL6sCxdumt9Y+uvcCABFAACM3E5AAEAR8k\/AqAypI55607qXDZYAeBRYAAMAXCESpEJIUGFhU0tWSmtQRG4AGQAEEQAAAAAGABQxNjM2OTg4Mzk4OjE3NTI0MDc5OAAUAApzaWduYWwub3JnAAAAFQAQNGE5ZjU5Y2ZmZTg5NDRhOQAIABRI+uTzM7nII\/sVpvC6uyZXC+3v6w=="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998663215,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998663215,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43E9AAEAR8qLAqAypI55605RSAbsAJLdQAAMACCESpEJxcXQycnUyTXoya28AGQAEEQAAAA=="} @@ -135,10 +146,8 @@ 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998676426,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1636901998676426,"pkt":"mt9Y+uvcCL6sCxduCABFAABUVVYAAOMBFpAjnnrTwKgMqQMDaPUAAAAARQAAONxPQAAgERKjwKgMqSOeetOUUgG7ACS3UAADAAghEqRCcXF0MnJ1Mk16MmtvABkABBEAAAA="} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998684473,"flow_dst_last_pkt_time":1636901998669539,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1636901998684473,"pkt":"CL6sCxdumt9Y+uvcCABFAACM3FFAAEAR8kzAqAypI55605RSDZYAeCtfAAMAXCESpEJzQVJaQW1IdkdKV0kAGQAEEQAAAAAGABQxNjM2OTg4Mzk4OjE3NTI0MDc5OAAUAApzaWduYWwub3JnAAAAFQAQNjMxMTI0YWVlMWQxMzQ1MAAIABSPAYmQd4zQiPDDbTAeeOez+Voceg=="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998865284,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwgexAAEARxQLAqAyprP15f7qXS2YAHLUpAAEAACESpEJFRDdhYWpCejZ6NGY="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":311,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901998588925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998865284,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":1,"num_processed_pkts":0}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":312,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1636901998865349,"flow_dst_last_pkt_time":1636901998589226,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998865349,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwge1AAEARxQHAqAyprP15f5RSS2YAHI3jAAEAACESpEJHZko4WW5Ca1ZEVTk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998885173,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998885173,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FdAAEAR8qLAqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636901998885173,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901998885173,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":1}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1636901998885598,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901998885598,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3FhAAEAR8qHAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998892782,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1636901998892782,"pkt":"CL6sCxdumt9Y+uvcCABFAAA43FlAAEAR8pjAqAypI55607qXAbsAJIeGAAMACCESpEJ0b3RZc3QzdHNudm0AGQAEEQAAAA=="} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1636901998900771,"flow_dst_last_pkt_time":1636901998654623,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1636901998900771,"pkt":"mt9Y+uvcCL6sCxduCABFAABMVXoAAOMBFnQjnnrTwKgMqQMDaO0AAAAARQAAMNxXQAAgERKjwKgMqSOeetO6lwG7ABwfgwABAAAhEqRCQ01KSFFMTnpxN1Q0"} @@ -149,13 +158,12 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1636901998865284,"flow_dst_last_pkt_time":1636901999242113,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1636901999242113,"pkt":"mt9Y+uvcCL6sCxduCABFgAA8OWgAACYRZvus\/Xl\/wKgMqUtmupcAKOLDAQEADCESpEJFRDdhYWpCejZ6NGYAIAAIAAEPinw9RVE="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":323,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1636901999386450,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901999386450,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3HxAAEAR8n3AqAypI55607qXAbsAHB+DAAEAACESpEJDTUpIUUxOenE3VDQ="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1636901999386783,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636901999386783,"pkt":"CL6sCxdumt9Y+uvcCABFAAAw3H1AAEAR8nzAqAypI55605RSAbsAHCWMAAEAACESpEJWNWJyYWFIV0I5bmo="} -01268{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636901999417923,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636901999417923,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":3,"num_processed_pkts":3}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000024715,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d+5AAEARXt\/AqAypEsODj7qX0yYAaAl7AAEATCESpEJCeElWSlVyQXpFMWUABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABTJ3jNA\/lTtI\/cIgWHSZfc\/Jdi3xoAoAAQAuGXB"} -01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000024715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000024715,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000073738,"pkt":"CL6sCxdumt9Y+uvcCABFAAB8d\/NAAEARXtrAqAypEsODj7qX8DoAaE2WAAEATCESpEI3OHB2NXh3VHhSY2IABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9AAJAAEbn8e\/wAIABQCGGRp5dlaWaRPyMCnCJTZLYHOaoAoAATw85Tp"} -01281{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":344,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000073738,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902000073738,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000102078,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000102078,"pkt":"mt9Y+uvcCL6sCxduCABFSABcw7JAAAYRTPMSw4OPwKgMqdMmupcASMDpAQEALCESpEJCeElWSlVyQXpFMWUAIAAIAAEPinw9RVEACAAUIB3cDwXbxtjdDKqyJ3Jq4xtLsfaAKAAEpnvqQg=="} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1636902000024715,"flow_dst_last_pkt_time":1636902000107063,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000107063,"pkt":"mt9Y+uvcCL6sCxduCABFSAB8w7NAAAYRTNISw4OPwKgMqdMmupcAaK01AAEATCESpEJBbDNpSTF1eStSR1UABgAJN2tzczoxRVpzAAAAwFcABAAAA+eAKQAIiflXHs5q0dMAJAAEbgAg\/wAIABQSmjpLVWLcQ98KImy+h9G3RC6S1IAoAATBitk4"} 00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1636902000114802,"flow_dst_last_pkt_time":1636902000107063,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000114802,"pkt":"CL6sCxdumt9Y+uvcCABFAABcd\/RAAEARXvnAqAypEsODj7qX0yYASLB3AQEALCESpEJBbDNpSTF1eStSR1UAIAAIAAHyNDPRJ80ACAAUTu361RDreRFUJBDgnwLv4nPGjjiAKAAENi4ivw=="} @@ -164,55 +172,53 @@ 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1636902000073738,"flow_dst_last_pkt_time":1636902000142270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1636902000142270,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8w7dAAAYRTRYSw4OPwKgMqfA6upcAaP5PAAEATCESpEIwbFM2UjdmdjFzOTMABgAJN2tzczoxRVpzAAAAwFcABAADA4SAKQAIiflXHs5q0dMAJAAEbn8g\/wAIABT+u0FmMYg2qxKb1bY78Qe06uM1KoAoAAQrkPMA"} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1636902000144041,"flow_dst_last_pkt_time":1636902000142270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1636902000144041,"pkt":"CL6sCxdumt9Y+uvcCABFAABcd\/ZAAEARXvfAqAypEsODj7qX8DoASAMeAQEALCESpEIwbFM2UjdmdjFzOTMAIAAIAAHRKDPRJ80ACAAUI\/bFSLNMUitVQi8z7dVLO\/aQEHmAKAAEAVoedw=="} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1636902000173314,"flow_dst_last_pkt_time":1636902000142270,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1636902000173314,"pkt":"CL6sCxdumt9Y+uvcCABFAACEd\/dAAEARXs7AqAypEsODj7qX8DoAcOfaAAEAVCESpEJYdGpHMEQ4MEppTE0ABgAJMUVaczo3a3NzAAAAwFcABAADAAqAKgAINhoW4DAHa9DAAQAEAAAAAgAkAARufx7\/AAgAFM7+Ft2Y0101jZUj75NnkTl5UB7JgCgABNI9yPM="} -02452{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002442030,"flow_dst_last_pkt_time":1636902002440493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1068,"flow_dst_tot_l4_payload_len":1052,"midstream":0,"thread_ts_usec":1636902002442030,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":43,"avg":152743.5,"max":665020,"stddev":189167.3,"var":35784253440.0,"ent":4.0,"data": [68482,50,70303,29273,44732,113365,45,43187,26522,8477,31033,313588,306,410657,43,665020,630540,122450,190474,61616,378076,7868,325508,42160,76005,424878,96788,5410,434339,47676,66176]},"pktlen": {"min":56,"avg":94.2,"max":132,"stddev":24.6,"var":605.9,"ent":4.9,"data": [124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92]},"bins": {"c_to_s": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0],"entropies": [5.861794472,5.759229183,5.867881298,5.702216148,5.875429153,5.754216671,5.819118500,5.958508492,5.832649708,5.805582047,5.875729084,5.797377586,5.796609879,5.155043602,5.748991013,5.105850220,5.758409977,5.819116116,5.891858101,5.702215672,5.716967583,5.862202168,5.155044079,5.141563416,5.119328976,5.772800446,5.887964725,5.772800446,5.119329453,5.783843040,5.817300797,5.830357552]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01126{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01224{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01117{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +02460{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":393,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002442030,"flow_dst_last_pkt_time":1636902002440493,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1068,"flow_dst_tot_l4_payload_len":1052,"midstream":0,"thread_ts_usec":1636902002442030,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":43,"avg":152743.5,"max":665020,"stddev":189167.3,"var":35784253440.0,"ent":4.0,"data": [68482,50,70303,29273,44732,113365,45,43187,26522,8477,31033,313588,306,410657,43,665020,630540,122450,190474,61616,378076,7868,325508,42160,76005,424878,96788,5410,434339,47676,66176]},"pktlen": {"min":56,"avg":94.2,"max":132,"stddev":24.6,"var":605.9,"ent":4.9,"data": [124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92]},"bins": {"c_to_s": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0],"entropies": [5.861794472,5.759229183,5.867881298,5.702216148,5.875429153,5.754216671,5.819118500,5.958508492,5.832649708,5.805582047,5.875729084,5.797377586,5.796609879,5.155043602,5.748991013,5.105850220,5.758409977,5.819116116,5.891858101,5.702215672,5.716967583,5.862202168,5.155044079,5.141563416,5.119328976,5.772800446,5.887964725,5.772800446,5.119329453,5.783843040,5.817300797,5.830357552]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01134{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01244{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01247{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01125{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01225{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01128{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01117{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901977940450,"flow_dst_last_pkt_time":1636901978319285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01245{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01136{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01247{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901977940450,"flow_dst_last_pkt_time":1636901978319285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01081{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":4,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901987911616,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1636902006440608,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":427,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1636902008969021,"flow_dst_last_pkt_time":1636901999242071,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636902008969021,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwhaxAAEARwULAqAyprP15f5RSS2YAHHeOAAEAACESpEJORW10V0g4dmFhQnE="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1636902008970187,"flow_dst_last_pkt_time":1636901999242113,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1636902008970187,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwha1AAEARwUHAqAyprP15f7qXS2YAHGY1AAEAACESpEI5bGJNUnBSbytQbnU="} -01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":431,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636902009219801,"flow_dst_last_pkt_time":1636902009345395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":96,"midstream":0,"thread_ts_usec":1636902009345395,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":4,"num_processed_pkts":3}}} -01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636902021365208,"flow_dst_last_pkt_time":1636902021381899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":744,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01222{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01222{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01240{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000121229,"flow_dst_last_pkt_time":1636902000208503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":224,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01035{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":2,"num_binding_requests":2,"num_processed_pkts":2}}} -00792{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01132{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901956930390,"flow_src_last_pkt_time":1636901987891969,"flow_dst_last_pkt_time":1636901987908068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01132{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1636901998644452,"flow_src_last_pkt_time":1636902021365208,"flow_dst_last_pkt_time":1636902021381899,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":776,"flow_dst_tot_l4_payload_len":744,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01242{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956899977,"flow_src_last_pkt_time":1636901980718780,"flow_dst_last_pkt_time":1636901956899977,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01245{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936065479,"flow_src_last_pkt_time":1636901939886818,"flow_dst_last_pkt_time":1636901936065479,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01248{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1636902000024715,"flow_src_last_pkt_time":1636902000121229,"flow_dst_last_pkt_time":1636902000208503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":224,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":54054,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01245{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956900169,"flow_src_last_pkt_time":1636901977907336,"flow_dst_last_pkt_time":1636901978278487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":43068,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01245{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040699,"flow_src_last_pkt_time":1636901936292790,"flow_dst_last_pkt_time":1636901936667023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":58,"flow_first_seen":1636901958294242,"flow_src_last_pkt_time":1636901970409349,"flow_dst_last_pkt_time":1636901970399537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":2676,"flow_dst_tot_l4_payload_len":5194,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":43068,"dst_port":61156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01234{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01235{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636902014416950,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01234{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01237{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636902019600785,"flow_dst_last_pkt_time":1636902019979253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01126{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636902014417770,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901977940450,"flow_dst_last_pkt_time":1636901978319285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636902019597330,"flow_dst_last_pkt_time":1636902019976482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01245{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":35,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002659586,"flow_dst_last_pkt_time":1636902002742599,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":1144,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01245{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1636901936070410,"flow_src_last_pkt_time":1636901939887803,"flow_dst_last_pkt_time":1636901936070410,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01243{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637116,"flow_src_last_pkt_time":1636902014416950,"flow_dst_last_pkt_time":1636901998637116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01245{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1636901936040353,"flow_src_last_pkt_time":1636901936292139,"flow_dst_last_pkt_time":1636901936663206,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01245{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998588925,"flow_src_last_pkt_time":1636902019600785,"flow_dst_last_pkt_time":1636902019979253,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47767,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01243{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1636901956929987,"flow_src_last_pkt_time":1636901980724359,"flow_dst_last_pkt_time":1636901956929987,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":384,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39950,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01134{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1636901956886692,"flow_src_last_pkt_time":1636901987891193,"flow_dst_last_pkt_time":1636901987907955,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":1052,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":43068,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01007{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070153,"flow_src_last_pkt_time":1636901940907731,"flow_dst_last_pkt_time":1636901940923790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":47204,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01243{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":0,"flow_first_seen":1636901998637207,"flow_src_last_pkt_time":1636902014417770,"flow_dst_last_pkt_time":1636901998637207,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":336,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":37970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01245{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901956921410,"flow_src_last_pkt_time":1636901977940450,"flow_dst_last_pkt_time":1636901978319285,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39950,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01245{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1636901998589226,"flow_src_last_pkt_time":1636902019597330,"flow_dst_last_pkt_time":1636902019976482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":37970,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01253{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":35,"flow_first_seen":1636902000073738,"flow_src_last_pkt_time":1636902002659586,"flow_dst_last_pkt_time":1636902002742599,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":264,"flow_src_tot_l4_payload_len":1144,"flow_dst_tot_l4_payload_len":5026,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.195.131.143","src_port":47767,"dst_port":61498,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01080{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":2,"flow_first_seen":1636901998654623,"flow_src_last_pkt_time":1636902014432732,"flow_dst_last_pkt_time":1636902021384737,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1000,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"35.158.122.211","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":4,"flow_first_seen":1636901936083692,"flow_src_last_pkt_time":1636901980739508,"flow_dst_last_pkt_time":1636901987911616,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":104,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1636901936070262,"flow_src_last_pkt_time":1636901940906811,"flow_dst_last_pkt_time":1636901940923754,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01000{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636902021364947,"flow_dst_last_pkt_time":1636902021381882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":876,"flow_dst_tot_l4_payload_len":892,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":460,"packets-processed":460,"total-skipped-flows":0,"total-l4-payload-len":29600,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":22,"total-detection-updates":0,"total-updates":15,"current-active-flows":0,"total-active-flows":23,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":203,"global_ts_usec":1636902021384737} +01133{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1636901998644152,"flow_src_last_pkt_time":1636902021364947,"flow_dst_last_pkt_time":1636902021381882,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":876,"flow_dst_tot_l4_payload_len":892,"midstream":0,"thread_ts_usec":1636902021384737,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"cfgs\/default\/pcap\/stun_signal.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":460,"packets-processed":460,"total-skipped-flows":0,"total-l4-payload-len":29600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":6,"total-updates":15,"current-active-flows":0,"total-active-flows":23,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":209,"global_ts_usec":1636902021384737} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 460/460 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 29600 bytes -~~ total detected protocols..: 22 +~~ total detected protocols..: 23 ~~ total active/idle flows...: 23/23 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7827481 bytes -~~ total memory freed........: 7827481 bytes -~~ total allocations/frees...: 147079/147079 +~~ total memory allocated....: 11535748 bytes +~~ total memory freed........: 11535748 bytes +~~ total allocations/frees...: 217333/217333 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 546 chars -~~ json string max len.......: 2457 chars -~~ json string avg len.......: 1500 chars +~~ json string max len.......: 2465 chars +~~ json string avg len.......: 1504 chars diff --git a/test/results/default/stun_tcp_multiple_msgs_same_pkt.pcap.out b/test/results/default/stun_tcp_multiple_msgs_same_pkt.pcap.out new file mode 100644 index 000000000..c8c909569 --- /dev/null +++ b/test/results/default/stun_tcp_multiple_msgs_same_pkt.pcap.out @@ -0,0 +1,26 @@ +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00650{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1645514762350619} +00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645514762350619,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514762350619,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645514762350619,"l3_proto":"ip4","src_ip":"166.172.142.131","dst_ip":"23.183.197.71","src_port":3479,"dst_port":42849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514762350619,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1645514762350619,"pkt":"AAAAAAAAAAoA2nGfCABFAAA8AABAAFcGEY6mrI6DF7fFRw2Xp2H0bFeT0HMflKAS\/\/+7nwAAAgQFtAQCCAr+HMRdGiKsgwEDAwg="} +00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514762356326,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1645514762356326,"pkt":"AAAAAAAAAA4AwKFPCABFAABQsxJAAD8GdmcXt8VHpqyOg6dhDZfQcx+U9GxXlIAYAU3vTgAAAQEIChoirLb+HMRdAAMACCESpEJwS25FOVJYZ0ZZbFkAGQAEEQAAAA=="} +00966{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1645514762350619,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514762356326,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":28,"midstream":0,"thread_ts_usec":1645514762356326,"l3_proto":"ip4","src_ip":"166.172.142.131","dst_ip":"23.183.197.71","src_port":3479,"dst_port":42849,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514762715323,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1645514762715323,"pkt":"AAAAAAAAAA4AwKFPCABFAABQsxNAAD8GdmYXt8VHpqyOg6dhDZfQcx+w9GxXlIAYAU3ulgAAAQEIChoirQH+HMSuAAMACCESpEJwS25FOVJYZ0ZZbFkAGQAEEQAAAA=="} +00605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514763155219,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1645514763155219,"pkt":"AAAAAAAAAA4AwKFPCABFAABQsxVAAD8GdmQXt8VHpqyOg6dhDZfQcx\/M9GxXlIAYAU3t4wAAAQEIChoirZj+HMSuAAMACCESpEJwS25FOVJYZ0ZZbFkAGQAEEQAAAA=="} +00680{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514773276175,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1645514773276175,"pkt":"AAAAAAAAAA4AwKFPCABFAACIsxpAAD8GdicXt8VHpqyOg6dhDZfQcx\/o9GxXlIAZAU3usAAAAQEIChoiuYL+HMSuAAMACCESpEJwS25FOVJYZ0ZZbFkAGQAEEQAAAAADAAghEqRCcEtuRTlSWGdGWWxZABkABBEAAAAAAwAIIRKkQnBLbkU5UlhnRllsWQAZAAQRAAAA"} +00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":4,"flow_first_seen":1645514762350619,"flow_src_last_pkt_time":1645514762350619,"flow_dst_last_pkt_time":1645514773276175,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1645514773276175,"l3_proto":"ip4","src_ip":"166.172.142.131","dst_ip":"23.183.197.71","src_port":3479,"dst_port":42849,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00655{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_tcp_multiple_msgs_same_pkt.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":168,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1645514773276175} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 5/5 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 168 bytes +~~ total detected protocols..: 1 +~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 11477565 bytes +~~ total memory freed........: 11477565 bytes +~~ total allocations/frees...: 216631/216631 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 583 chars +~~ json string max len.......: 971 chars +~~ json string avg len.......: 775 chars diff --git a/test/results/default/stun_wa_call.pcapng.out b/test/results/default/stun_wa_call.pcapng.out index f8d0f3ca2..d3f86f590 100644 --- a/test/results/default/stun_wa_call.pcapng.out +++ b/test/results/default/stun_wa_call.pcapng.out @@ -1,24 +1,24 @@ -00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1676659968029444} +00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1676659968029444} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968029444,"pkt":"CL6sCxduJjb1W8R1CABFwADw\/iFAAEARlLrAqAycXTl747Y8DZYA3LHsAAMAwCESpEJwdYtExyOnTtGTSiVAAACWCQK2KB7zQ7qLyqomatrasQEu9DL3wZ7hCtWVyMuhXanwNF5C+CJQZxH6MYVnGTbF6jGFc8Ra7q+tUTra0vtHBZoPsqgDXOfgB5x1\/6e\/ekoB1CeD7MsRipcZjz4uFoBrVRmh8t\/rSICod6ktukvIiZ6yItLQ7Y8kTJkbjPTyOKYPsF+LjDRbuhMBEHxTecFVlM8fNhbBAAAAFgAIAAEshHwr36EACAAUJM4QSLb1BesAMLdUeEcTNdZmV28="} -01160{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +01089{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659968029444,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968029444,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968029444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968029608,"pkt":"CL6sCxduJjb1W8R1CABFwADw\/iJAAEARlLnAqAycXTl747Y8DZYA3ICVAAMAwCESpEJwdYtExyOnTtGTSiZAAACWCQK2KB7zQ7qLyqomatrasQEu9DL3wZ7hCtWVyMuhXanwNF5C+CJQZxH6MYVnGTbF6jGFc8Ra7q+tUTra0vtHBZoPsqgDXOfgB5x1\/6e\/ekoB1CeD7MsRipcZjz4uFoBrVRmh8t\/rSICod6ktukvIiZ6yItLQ7Y8kTJkbjPTyOKYPsF+LjDRbuhMBEHxTecFVlM8fNhbBAAAAFgAIAAEshHwr36EACAAUYWrisy40lbl9bq4cXAmMmnnA\/ig="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00802{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035471,"pkt":"CL6sCxduJjb1W8R1CABFwADwfTlAAEARhZDAqAycnfDLPrY8DZYA3GV0AAMAwCESpEJwdYtExyOnTtGTSidAAACWCQMtTkgnCkB3mlyHo2hELpK34qN\/tn27kX9DRUmi65QznJnJXr0IVJ+d4Fxix8NmNcmsfFkQLOW6576+A4JwNmi2uSQdWXRM2VKcszNCnJz207wH1jUAcpCU9XZA6ttuPzt6cvS6PNIk8FwKlWlblH32PnQxSRg2bkLvkOMPE7sKF8F2oGKz69cDRT5LGhyKnJSGY5lnAAAAFgAIAAEshLzib3wACAAUAA8jYlqEzFOauoSyCbgYSf5lAAk="} -01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659968035471,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035471,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968035552,"flow_dst_last_pkt_time":1676659968035471,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035552,"pkt":"CL6sCxduJjb1W8R1CABFwADwfTpAAEARhY\/AqAycnfDLPrY8DZYA3BLxAAMAwCESpEJwdYtExyOnTtGTSihAAACWCQMtTkgnCkB3mlyHo2hELpK34qN\/tn27kX9DRUmi65QznJnJXr0IVJ+d4Fxix8NmNcmsfFkQLOW6576+A4JwNmi2uSQdWXRM2VKcszNCnJz207wH1jUAcpCU9XZA6ttuPzt6cvS6PNIk8FwKlWlblH32PnQxSRg2bkLvkOMPE7sKF8F2oGKz69cDRT5LGhyKnJSGY5lnAAAAFgAIAAEshLzib3wACAAUhAn28C7qfrkxLYQ0p3TNXw2BfFM="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00803{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968035642,"pkt":"CL6sCxduJjb1W8R1CABFwADwj9lAAEARVvDAqAycnfDnPrY8DZYA3J+gAAMAwCESpEJwdYtExyOnTtGTSilAAACWCQNxyDQh65HCwK\/NwM57eGVAnp73+KYPg1k+lNrVEVkNPnu5t9hC5BRxAv+1EaOtzlbgzlIq2\/WPsB5SRMDksABVRMTM9J4aDhkK8p1864X++Y5SKMM+YDG4F3l8CE9EEsygUCuw1FeaQaDvzERSEqz4d5mYYPBEmipy1b3wHHsk5VkyouOLzceIjWTBDv1RY+CT0wD4AAAAFgAIAAEshLziQ3wACAAUBDu46Kp0MzZ62SMrNOCqwnrJBCw="} -01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659968035642,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968035642,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968036993,"flow_dst_last_pkt_time":1676659968035642,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968036993,"pkt":"CL6sCxduJjb1W8R1CABFwADwj9pAAEARVu\/AqAycnfDnPrY8DZYA3K1KAAMAwCESpEJwdYtExyOnTtGTSipAAACWCQNxyDQh65HCwK\/NwM57eGVAnp73+KYPg1k+lNrVEVkNPnu5t9hC5BRxAv+1EaOtzlbgzlIq2\/WPsB5SRMDksABVRMTM9J4aDhkK8p1864X++Y5SKMM+YDG4F3l8CE9EEsygUCuw1FeaQaDvzERSEqz4d5mYYPBEmipy1b3wHHsk5VkyouOLzceIjWTBDv1RY+CT0wD4AAAAFgAIAAEshLziQ3wACAAUPZihrJHzcl+3y+bEvnKo9qVH+uY="} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037054,"pkt":"CL6sCxduJjb1W8R1CABFwADwz9NAAEAR6QHAqAycnfAVM7Y8DZYA3Ij9AAMAwCESpEJwdYtExyOnTtGTSitAAACWCQNaRGvs7+ccuZ\/MfxmbOvUVp8noEHkp7nF6xocCdKtvmOlig71m6+555gD\/mKnSGLIGNRynB98Dn1I4xNjPBc\/JcXx85sPvklgbnR+jKW8z3v+tFyKmLoRYXO+76gRpJvbZMI+O\/1oNzvmh6C\/4OrGc+hLich1SR+QSsMSOS20JWZv3s1la5zjKfswADrKC6jyH7ubtAAAAFgAIAAEshLzisXEACAAUjla64e3RO4Za5yiogz0w5BPrVCA="} -01163{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659968037054,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037054,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00806{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968037165,"flow_dst_last_pkt_time":1676659968037054,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037165,"pkt":"CL6sCxduJjb1W8R1CABFwADwz9RAAEAR6QDAqAycnfAVM7Y8DZYA3Ds6AAMAwCESpEJwdYtExyOnTtGTSixAAACWCQNaRGvs7+ccuZ\/MfxmbOvUVp8noEHkp7nF6xocCdKtvmOlig71m6+555gD\/mKnSGLIGNRynB98Dn1I4xNjPBc\/JcXx85sPvklgbnR+jKW8z3v+tFyKmLoRYXO+76gRpJvbZMI+O\/1oNzvmh6C\/4OrGc+hLich1SR+QSsMSOS20JWZv3s1la5zjKfswADrKC6jyH7ubtAAAAFgAIAAEshLzisXEACAAUHONBvdq4CMLPEotcA1cTDrS++GA="} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037404,"pkt":"CL6sCxduJjb1W8R1CABFwADwBWlAAEARBW\/AqAycnfDDMLY8DZYA3EQwAAMAwCESpEJwdYtExyOnTtGTSi1AAACWCQOx8jP4xX+S8mUrXXk2n15fuMSnBwYiWgGrpiuTXvKiSw3Eir1rG\/\/xENKpYnRSCtBCjSrxtliPheTZDngaGDi34a9YHKHQKUIhCjhpwP8Uvudi7up1PRXt6lCRefFe8K3b0jR++YvWvVrmASoE\/yY9XlSxVZ+G0ZOPBL6y2y9ny+kFjdqzj7\/4wvCraZgPwm+CCYR+AAAAFgAIAAEshLziZ3IACAAUYW\/o+S1f89d5dQU1\/5j2oMMTsiw="} -01164{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676659968037404,"flow_src_last_pkt_time":1676659968037404,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":212,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676659968037404,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.195.48","src_port":46652,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00807{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1676659968037483,"flow_dst_last_pkt_time":1676659968037404,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1676659968037483,"pkt":"CL6sCxduJjb1W8R1CABFwADwBWpAAEARBW7AqAycnfDDMLY8DZYA3L3JAAMAwCESpEJwdYtExyOnTtGTSi5AAACWCQOx8jP4xX+S8mUrXXk2n15fuMSnBwYiWgGrpiuTXvKiSw3Eir1rG\/\/xENKpYnRSCtBCjSrxtliPheTZDngaGDi34a9YHKHQKUIhCjhpwP8Uvudi7up1PRXt6lCRefFe8K3b0jR++YvWvVrmASoE\/yY9XlSxVZ+G0ZOPBL6y2y9ny+kFjdqzj7\/4wvCraZgPwm+CCYR+AAAAFgAIAAEshLziZ3IACAAUN3sV7GYe+yROEsWZI\/FgD4k1DJ4="} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037875,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968037875,"pkt":"Jjb1W8R1CL6sCxduCABFAABg\/qtAAFcRfoBdOXvjwKgMnA2WtjwATGHpAQMAMCESpEJwdYtExyOnTtGTSiUAIAAIAAHRJHwxD0FAAgAIAAABhmC4yCcACAAUqnIJzW\/j1X8c\/WgxJFDYTIjCG04="} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1676659968029608,"flow_dst_last_pkt_time":1676659968037923,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676659968037923,"pkt":"Jjb1W8R1CL6sCxduCABFAABg\/qxAAFcRfn9dOXvjwKgMnA2WtjwATH+6AQMAMCESpEJwdYtExyOnTtGTSiYAIAAIAAHRJHwxD0FAAgAIAAABhmC4yCcACAAUsXruinhNMVlcZwjO7SsYhIE3y+M="} @@ -38,23 +38,23 @@ 02327{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659971853147,"flow_dst_last_pkt_time":1676659971919436,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":245,"flow_src_tot_l4_payload_len":2693,"flow_dst_tot_l4_payload_len":1097,"midstream":0,"thread_ts_usec":1676659971919436,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":33,"avg":248828.9,"max":2505343,"stddev":601339.2,"var":361608839168.0,"ent":2.9,"data": [164,8431,48,2463749,2505343,241,3586,277,39475,77,6128,4820,33,25931,31612,82045,37743,1684,120855,35,78585,59946,292774,129998,59732,381615,376352,412427,48,227940,362001]},"pktlen": {"min":48,"avg":146.4,"max":300,"stddev":92.2,"var":8492.2,"ent":4.7,"data": [240,240,96,96,74,300,300,300,300,96,96,74,96,96,48,48,98,300,300,96,96,89,53,107,108,53,77,86,150,73,227,273]},"bins": {"c_to_s": [2,4,1,1,0,0,3,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,10,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,1,0,0,0,0,1,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,1,0,1,0,0,0,1],"entropies": [7.019773483,6.984464645,5.818136215,5.825999260,5.808753967,6.987159729,6.971193790,6.971321106,6.997097969,5.676367760,5.789438725,5.665334225,5.732045174,5.722330570,5.218094349,5.178508282,5.782431126,6.963978291,6.992527008,5.698242188,5.789439201,5.829556465,4.883490086,6.023591995,6.055227757,5.025671005,5.503230572,5.670224667,6.552639484,5.494553089,6.944911957,7.162023067]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625604,"pkt":"CL6sCxduJjb1W8R1CABFwAEsi9JAAEARdrvAqAycnfDLPsF2DZYBGCb2AAMA\/CESpEI9TftlKWJACU3e+TlAAACWCQOxp8aYvFg8y+QXBpsvhjNMa1N4G7Sf9JFjapUuLmz0CsTDFAPO9KqiGsXxWezQ59eQpoCSxT1fsfDFF2XYEWLYT7Z5ywaH6eaIeDG7vzkQfWGJo3mm7lbdY7xd0W8bEsEGktqDrQsGdB5\/+jjeW0yFm1wJQhQWIaUpZQMlzDvLLl3GStdW2AnbX4eC5IclH+Gf\/MylAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLzib3wACAAUpYIpus8qv8w9yHZkGb+Y7RORCLU="} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020625604,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625604,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00887{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020625604,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625741,"pkt":"CL6sCxduJjb1W8R1CABFwAEsi9NAAEARdrrAqAycnfDLPsF2DZYBGPgrAAMA\/CESpEI9TftlKWJACU3e+TpAAACWCQOxp8aYvFg8y+QXBpsvhjNMa1N4G7Sf9JFjapUuLmz0CsTDFAPO9KqiGsXxWezQ59eQpoCSxT1fsfDFF2XYEWLYT7Z5ywaH6eaIeDG7vzkQfWGJo3mm7lbdY7xd0W8bEsEGktqDrQsGdB5\/+jjeW0yFm1wJQhQWIaUpZQMlzDvLLl3GStdW2AnbX4eC5IclH+Gf\/MylAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLzib3wACAAUEQwgZYwKJgQ4LTYK3y4FIA+jynM="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020625888,"pkt":"CL6sCxduJjb1W8R1CABFwAEsmRpAAEARTXPAqAycnfDnPsF2DZYBGH7rAAMA\/CESpEI9TftlKWJACU3e+TtAAACWCQPeFjak0d7PKFAs7XLj2+P+s\/PhMuWphSLboMCgL8FYcsJ22UWhr314dj\/sKuxUjmg5xQ\/jx9XG\/YEFdqUUT0rbOYoIi50IwG51J2FjLJRXjMezKXn+8dloeg+G6pVS2Czb4qwcI\/U\/yOu2RsIn1ZkxZBTgillM10QGiC2nxS3GP3Pyg89JFN85UcQxXm3doEZ8I2gXAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziQ3wACAAUCDd5eQa4+xNebQ8SJJA4mgXX1Xw="} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":416,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660020625888,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020625888,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":417,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020626848,"flow_dst_last_pkt_time":1676660020625888,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020626848,"pkt":"CL6sCxduJjb1W8R1CABFwAEsmRtAAEARTXLAqAycnfDnPsF2DZYBGAyJAAMA\/CESpEI9TftlKWJACU3e+TxAAACWCQPeFjak0d7PKFAs7XLj2+P+s\/PhMuWphSLboMCgL8FYcsJ22UWhr314dj\/sKuxUjmg5xQ\/jx9XG\/YEFdqUUT0rbOYoIi50IwG51J2FjLJRXjMezKXn+8dloeg+G6pVS2Czb4qwcI\/U\/yOu2RsIn1ZkxZBTgillM10QGiC2nxS3GP3Pyg89JFN85UcQxXm3doEZ8I2gXAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziQ3wACAAUmjsvXCKwESsJBUhkQNrKqeK5XsE="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00892{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020626979,"pkt":"CL6sCxduJjb1W8R1CABFwAEsOIpAAEAR0QPAqAycnfDEPsF2DZYBGJUCAAMA\/CESpEI9TftlKWJACU3e+T1AAACWCQPGTvqHwwSK7PRiLSImLIKh\/fPLrOsx\/rtb4xnlO+h\/S8O\/UZlWtSeGS1rfAQxxwD3rylX96sS7cSBQmvCNf2TOwF\/JRt9mywjNe1pUQo9jU5c0ZxrdUZDRq+CZMIW0FSHrmDPoAXCraaMzfQ1aJVz\/5ObQw+UDNrc6hxQu5PTn27CWWZVuQS13m6BeFu60vevHT2j7AAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziYHwACAAUB5JO\/KlnIgtwDyIZGyJD72U36pw="} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660020626979,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020626979,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627131,"flow_dst_last_pkt_time":1676660020626979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627131,"pkt":"CL6sCxduJjb1W8R1CABFwAEsOItAAEAR0QLAqAycnfDEPsF2DZYBGPuoAAMA\/CESpEI9TftlKWJACU3e+T5AAACWCQPGTvqHwwSK7PRiLSImLIKh\/fPLrOsx\/rtb4xnlO+h\/S8O\/UZlWtSeGS1rfAQxxwD3rylX96sS7cSBQmvCNf2TOwF\/JRt9mywjNe1pUQo9jU5c0ZxrdUZDRq+CZMIW0FSHrmDPoAXCraaMzfQ1aJVz\/5ObQw+UDNrc6hxQu5PTn27CWWZVuQS13m6BeFu60vevHT2j7AAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshLziYHwACAAUfoSihPG3YBzTpEujhX4y3pFRIJQ="} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627268,"pkt":"CL6sCxduJjb1W8R1CABFwAEsdxlAAEARgTbAqAycszzAMMF2DZYBGFP0AAMA\/CESpEI9TftlKWJACU3e+T9AAACWCQNKyv924htSBDgoPvPaA6yOr0x9kSC6Te5xTak23qUax5cZtJwuAApb8Ui+tHOwfpbSpWzleIv+\/Y\/zgmUivrJJrbIFK11cX6yt\/W617VBhxdI74dpc53FDSKllCH09m2ZVJ6nirDntuXoVFquWylwpGeMX8BF7kcX7XJ\/ujSasdt1cdHPd78hU0rxNGJvrkV7sECvDAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJIuZHIACAAUhqeiK6BMauUxm+\/Y2otPN+x\/Trc="} -01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660020627268,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627268,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00889{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627411,"flow_dst_last_pkt_time":1676660020627268,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627411,"pkt":"CL6sCxduJjb1W8R1CABFwAEsdxpAAEARgTXAqAycszzAMMF2DZYBGONAAAMA\/CESpEI9TftlKWJACU3e+UBAAACWCQNKyv924htSBDgoPvPaA6yOr0x9kSC6Te5xTak23qUax5cZtJwuAApb8Ui+tHOwfpbSpWzleIv+\/Y\/zgmUivrJJrbIFK11cX6yt\/W617VBhxdI74dpc53FDSKllCH09m2ZVJ6nirDntuXoVFquWylwpGeMX8BF7kcX7XJ\/ujSasdt1cdHPd78hU0rxNGJvrkV7sECvDAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJIuZHIACAAUyHPsRBz2TIoTMZ+WvAxhGroaguM="} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627509,"pkt":"CL6sCxduJjb1W8R1CABFwAEsa6ZAAEARbqbAqAycuTzYM8F2DZYBGAVtAAMA\/CESpEI9TftlKWJACU3e+UFAAACWCQOH4\/VCAbPTeMBQBMAl\/C5Apejo8c+1K6Qp4JXppgVH0mQBYEvtKrySE8q2mN2RHr6SUlSQIl0QzHLhhkGXTmiDzzcayhZ2Q3j+W2AjW7xjHlhoZ\/1oB6f1R7cM2YJpevSLPRG1\/9xX5i8OwLQGJZP0IxmexdIX7onMgJjjwxjNZQ25j3xFqkTqBfg35nDf7wZxC\/YQAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJgufHEACAAUkNyfIYYrYkDQ4zmgKorzXUAe8eI="} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660020627509,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":272,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":272,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660020627509,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1676660020627695,"flow_dst_last_pkt_time":1676660020627509,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1676660020627695,"pkt":"CL6sCxduJjb1W8R1CABFwAEsa6dAAEARbqXAqAycuTzYM8F2DZYBGKyuAAMA\/CESpEI9TftlKWJACU3e+UJAAACWCQOH4\/VCAbPTeMBQBMAl\/C5Apejo8c+1K6Qp4JXppgVH0mQBYEvtKrySE8q2mN2RHr6SUlSQIl0QzHLhhkGXTmiDzzcayhZ2Q3j+W2AjW7xjHlhoZ\/1oB6f1R7cM2YJpevSLPRG1\/9xX5i8OwLQGJZP0IxmexdIX7onMgJjjwxjNZQ25j3xFqkTqBfg35nDf7wZxC\/YQAAAAIgAQA1wnJY8VQYrMrds8LwExAAAiAA4Djh5nVd\/1ziuce4idAAAAACIAEANRZ9y246wbSEgX3HYBMQAAFgAIAAEshJgufHEACAAU1fgpuSj5BRZ8oNucqnlM0gIwTBo="} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":424,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633882,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020633882,"pkt":"Jjb1W8R1CL6sCxduCABFAABgu4RAAFURM5Wd8Ms+wKgMnA2WwXYATBxlAQMAMCESpEI9TftlKWJACU3e+TkAIAAIAAHRX3wxD0FAAgAIAAABhmC5lZsACAAUUb\/WTpOkWW3X+FJVIBlYvEA2oDs="} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1676660020625741,"flow_dst_last_pkt_time":1676660020633906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1676660020633906,"pkt":"Jjb1W8R1CL6sCxduCABFAABgu4VAAFURM5Sd8Ms+wKgMnA2WwXYATMHnAQMAMCESpEI9TftlKWJACU3e+ToAIAAIAAHRX3wxD0FAAgAIAAABhmC5lZsACAAUDYqarGE3M6w9+UUOpDJLk0B0AtY="} @@ -70,10 +70,10 @@ 02331{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":461,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660020791890,"flow_dst_last_pkt_time":1676660020799292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":512,"flow_src_tot_l4_payload_len":1396,"flow_dst_tot_l4_payload_len":6812,"midstream":0,"thread_ts_usec":1676660020799292,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":24,"avg":10966.9,"max":25268,"stddev":4978.7,"var":24787812.0,"ent":4.8,"data": [137,8278,24,10101,8060,24512,25268,11561,10122,12790,14381,10560,10576,10583,10464,16311,6103,16248,5886,9963,9713,10612,11320,10716,10523,10812,10574,10236,10724,11289,11527]},"pktlen": {"min":48,"avg":284.5,"max":540,"stddev":217.5,"var":47305.8,"ent":4.6,"data": [300,300,96,96,92,540,92,540,92,540,92,540,92,540,92,540,48,92,48,540,92,540,92,540,92,540,92,540,92,540,92,540]},"bins": {"c_to_s": [1,0,13,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [6.990001202,7.010884762,5.755636215,5.672302246,5.721662998,1.491354108,5.778674603,1.487650514,5.626501560,1.484854460,5.623420715,1.491354465,5.691719532,1.491354108,5.569489479,1.485344768,5.160700798,5.721662998,5.136841774,1.489048600,5.743401527,1.492752314,5.735196590,1.489956141,5.640035152,1.476539373,5.664651394,1.487650633,5.808619022,1.477447271,5.713458061,1.502465248]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024064221,"pkt":"CL6sCxduJjb1W8R1CABFwABISENAAEAR8RrAqAycClIo8cF2nfQANFuYAAEAGCESpEJVqr9siNtocRyv\/Q8ACAAUchhTvhiAgB6AsW9lN0aBjK2SqVw="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":531,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660024064221,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024064221,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024118990,"pkt":"CL6sCxduJjb1W8R1CABFwABIQMlAAEARWF\/AqAycXSF2V8F2oJMANCgyAAEAGCESpEJkgPwVvmQKYO\/3pCAACAAUg1CfFRfb1oP8Sp+duu11SA8TZZg="} -01277{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01214{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024118990,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660024118990,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":540,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024190308,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024190308,"pkt":"Jjb1W8R1CL6sCxduCABFKABIhuhAADYRHNhdIXZXwKgMnKCTwXYANMoKAQEAGCESpEJkgPwVvmQKYO\/3pCAACAAU75F70SqUX4Lgp4cEKxEnrcitNiQ="} 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1676660024118990,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024239979,"pkt":"Jjb1W8R1CL6sCxduCABFKABIhuxAADYRHNRdIXZXwKgMnKCTwXYANNC\/AAEAGCESpEKLftcLEYCUSZQPnhMACAAUyvIcEMHWqj2hvqdguHUxOVHLVE0="} 00577{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1676660024243082,"flow_dst_last_pkt_time":1676660024239979,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1676660024243082,"pkt":"CL6sCxduJjb1W8R1CABFwABIQNRAAEARWFTAqAycXSF2V8F2oJMANHYOAQEAGCESpEKLftcLEYCUSZQPnhMACAAUURXXOFysTKzVt50fky2JdWR1wBg="} @@ -98,8 +98,8 @@ 01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020625888,"flow_src_last_pkt_time":1676660035302538,"flow_dst_last_pkt_time":1676660020646394,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020626979,"flow_src_last_pkt_time":1676660035302780,"flow_dst_last_pkt_time":1676660020649623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.196.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":73,"flow_first_seen":1676660020625604,"flow_src_last_pkt_time":1676660035302005,"flow_dst_last_pkt_time":1676660032998729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":500,"flow_dst_max_l4_payload_len":1113,"flow_src_tot_l4_payload_len":10937,"flow_dst_tot_l4_payload_len":37017,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01233{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660034747875,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01239{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024502343,"flow_dst_last_pkt_time":1676660024457689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":834,"flow_src_tot_l4_payload_len":3129,"flow_dst_tot_l4_payload_len":5056,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01241{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1676660024064221,"flow_src_last_pkt_time":1676660034747875,"flow_dst_last_pkt_time":1676660024064221,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.82.40.241","src_port":49526,"dst_port":40436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01247{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1676660024118990,"flow_src_last_pkt_time":1676660024502343,"flow_dst_last_pkt_time":1676660024457689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":955,"flow_dst_max_l4_payload_len":834,"flow_src_tot_l4_payload_len":3129,"flow_dst_tot_l4_payload_len":5056,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.33.118.87","src_port":49526,"dst_port":41107,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020627268,"flow_src_last_pkt_time":1676660035302856,"flow_dst_last_pkt_time":1676660020649585,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"179.60.192.48","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1676660020627509,"flow_src_last_pkt_time":1676660035303048,"flow_dst_last_pkt_time":1676660020646471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":220,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":764,"flow_dst_tot_l4_payload_len":136,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.60.216.51","src_port":49526,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968035642,"flow_src_last_pkt_time":1676659999805645,"flow_dst_last_pkt_time":1676659970555584,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.231.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -107,7 +107,7 @@ 01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968037054,"flow_src_last_pkt_time":1676659999805772,"flow_dst_last_pkt_time":1676659970555657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.21.51","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1676659968035471,"flow_src_last_pkt_time":1676659999805428,"flow_dst_last_pkt_time":1676659970541205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":212,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":272,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"157.240.203.62","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01127{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":171,"flow_dst_packets_processed":206,"flow_first_seen":1676659968029444,"flow_src_last_pkt_time":1676659999805377,"flow_dst_last_pkt_time":1676659999441975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":392,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":21189,"flow_dst_tot_l4_payload_len":21151,"midstream":0,"thread_ts_usec":1676660035303048,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"93.57.123.227","src_port":46652,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":591,"packets-processed":591,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":110,"global_ts_usec":1676660035303048} +00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/stun_wa_call.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":591,"packets-processed":591,"total-skipped-flows":0,"total-l4-payload-len":108875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":110,"global_ts_usec":1676660035303048} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 591/591 ~~ skipped flows.............: 0 @@ -116,9 +116,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7809668 bytes -~~ total memory freed........: 7809668 bytes -~~ total allocations/frees...: 147094/147094 +~~ total memory allocated....: 11518095 bytes +~~ total memory freed........: 11518095 bytes +~~ total allocations/frees...: 217348/217348 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 575 chars ~~ json string max len.......: 2336 chars diff --git a/test/results/default/stun_zoom.pcapng.out b/test/results/default/stun_zoom.pcapng.out new file mode 100644 index 000000000..058be25c6 --- /dev/null +++ b/test/results/default/stun_zoom.pcapng.out @@ -0,0 +1,38 @@ +00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1661169535535091} +00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535535091,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzBAAEAR2WPAqCuphuBab77WImEApEJpAAEAiCESpEIJLXMzkXIYSWor3N8ABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABQBKtqrmyxMEjIdswOfhTMx+y49voAoAASJCByW"} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535555383,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzJAAEAR2WHAqCuphuBab77WImEApPIXAAEAiCESpEI4RCHR9KJD4dY6X5oABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABTFtYB0ycot0Qy1S9naomjILfmurIAoAAQ+7lku"} +00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1661169535607032,"pkt":"PKn0qB\/sBLFnWRHgCABFAABcD3xAADERbHSG4FpvwKgrqSJhvtYASE6sAQEALCESpEIJLXMzkXIYSWor3N8AIAAIAAEAAHwzzS0ACAAUX9ajIUvkC+s+fBB\/ykxaS5wOOuqAKAAEnxO\/9Q=="} +00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1661169535607198,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535607198,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzhAAEAR2VvAqCuphuBab77WImEApMlhAAEAiCESpELh2wHdYLBaO1o3kj4ABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABSuLzMpSQJ1k35eeZhTIs+Mn14fOYAoAATxREob"} +00772{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_usec":1661169535607340,"pkt":"BLFnWRHgPKn0qB\/sCABFAADZkzlAAEAR2TnAqCuphuBab77WImEAxZeyFv7\/AAAAAAAAAAAAsAEAAKQAAAAAAAAApP79\/DOP2Z8sGz4yGXA4ZlFO9zOHpZDtCkri7Pkm\/\/cH3ZMAAAAQwCvAL8ypzKjACsAJwBPAFAEAAGoAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAEAASABAGd2VicnRjCGMtd2VicnRjAA0AIAAeBAMFAwYDAgMIBAgFCAYEAQUBBgECAQQCBQIGAgICABwAAkAAAA4ACwAIAAcACAABAAIA"} +01314{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":657,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535607340,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","tls": {"version":"DTLSv1.2","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc"}}} +00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535618755,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535618755,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535618755,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535618755,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kztAAEAR2VjAqCuphuBab89JImEApL\/wAAEAiCESpEJLP6Z0mpHuyXM99DsABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQVCSdtSQAdStsSN058SaFOtEGuzIAoAARNKhxK"} +01190{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535618755,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535618755,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1661169535638993,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535638993,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4k0BAAEAR2VPAqCuphuBab89JImEApLZaAAEAiCESpEL9LPrXga3tdiwo33AABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQChv5mW36ahJOVgp5AHXlcdTAbQoAoAAQBQcBH"} +00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1661169535718922,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535718922,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4k0tAAEAR2UjAqCuphuBab89JImEApL\/wAAEAiCESpEJLP6Z0mpHuyXM99DsABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQVCSdtSQAdStsSN058SaFOtEGuzIAoAARNKhxK"} +00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1661169535739218,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535739218,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4k09AAEAR2UTAqCuphuBab89JImEApLZaAAEAiCESpEL9LPrXga3tdiwo33AABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQChv5mW36ahJOVgp5AHXlcdTAbQoAoAAQBQcBH"} +01372{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535757744,"flow_dst_last_pkt_time":1661169535771624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1191,"flow_dst_tot_l4_payload_len":1244,"midstream":0,"thread_ts_usec":1661169535771624,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","tls": {"version":"DTLSv1.2","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"323ab23be4a686962b978f9ca6735add","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"webrtc,c-webrtc"}}} +01704{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535757744,"flow_dst_last_pkt_time":1661169535771656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1191,"flow_dst_tot_l4_payload_len":4400,"midstream":0,"thread_ts_usec":1661169535771656,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","tls": {"version":"DTLSv1.2","server_names":"*.cloud.zoom.us","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"323ab23be4a686962b978f9ca6735add","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us","advertised_alpns":"webrtc,c-webrtc","fingerprint":"FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9"}}} +00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1661169535739218,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1661169535812586,"pkt":"PKn0qB\/sBLFnWRHgCABFAABcD6NAADARbU2G4FpvwKgrqSJhz0kASPHKAQEALCESpEJLP6Z0mpHuyXM99DsAIAAIAAEAAHwzzS0ACAAUCL5PYVNYAABIJaSs+ThbSkIV4CuAKAAEBcrGkQ=="} +02318{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536326542,"flow_dst_last_pkt_time":1661169536383924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":5172,"midstream":0,"thread_ts_usec":1661169536383924,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":47514.7,"max":193831,"stddev":51140.5,"var":2615352320.0,"ent":4.1,"data": [20238,79929,20296,193831,73632,247,50353,49657,26391,24351,170235,80565,10991,149570,50735,24,93581,6,7,6,7,5,8274,29660,4814,50217,80837,100195,42158,3678,58466]},"pktlen": {"min":42,"avg":270.1,"max":1080,"stddev":313.1,"var":98043.5,"ent":4.3,"data": [184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42]},"bins": {"c_to_s": [0,1,1,0,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1],"entropies": [5.849215031,5.820121765,5.845112324,5.820121765,5.609286785,5.848187923,5.155805588,5.151053905,5.856935501,5.837758064,5.169487476,5.679913521,5.609286785,5.658175468,5.856935501,5.312055111,4.055345058,5.723389149,7.020439625,7.330272198,7.262623310,7.369262695,7.183655262,6.090222359,5.701650143,5.679913521,6.082654476,5.723389149,6.098002911,5.370398521,6.009067535,4.320421696]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01232{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":17,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169536293401,"flow_dst_last_pkt_time":1661169536292551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1945,"flow_dst_tot_l4_payload_len":5176,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} +01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":21,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536627218,"flow_dst_last_pkt_time":1661169536805680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2726,"flow_dst_tot_l4_payload_len":5471,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":70,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1661169536805680} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 70/70 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 15318 bytes +~~ total detected protocols..: 2 +~~ total active/idle flows...: 2/2 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 11488713 bytes +~~ total memory freed........: 11488713 bytes +~~ total allocations/frees...: 216713/216713 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 572 chars +~~ json string max len.......: 2323 chars +~~ json string avg len.......: 1424 chars diff --git a/test/results/default/syncthing.pcap.out b/test/results/default/syncthing.pcap.out index aa7d95213..640ab5cca 100644 --- a/test/results/default/syncthing.pcap.out +++ b/test/results/default/syncthing.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1663058610822000} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1663058610822000} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610822000,"flow_src_last_pkt_time":1663058610822000,"flow_dst_last_pkt_time":1663058610822000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":205,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058610822000,"l3_proto":"ip6","src_ip":"fe80::6238:e0ff:fec5:35a0","dst_ip":"ff12::8384","src_port":42370,"dst_port":21027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1663058610822000,"flow_dst_last_pkt_time":1663058610822000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":267,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":267,"pkt_l4_len":213,"thread_ts_usec":1663058610822000,"pkt":"MzMAAIOEYDjgxTWght1gAesUANURAf6AAAAAAAAAYjjg\/\/7FNaD\/EgAAAAAAAAAAAAAAAIOEpYJSIwDV+Zwup9kLCiCSt2JimWKUgl\/GzObPNHlCiCgtc7Xs3y3LKb\/UhMQtbxIZdGNwOi8vMTkyLjE2OC4yLjEwMDoyMjAwMBIXdGNwOi8vMTkyLjE2OC4wLjE6MjIwMDASF3RjcDovLzE5Mi4xNjguMy4xOjIyMDAwEhpxdWljOi8vMTkyLjE2OC4yLjEwMDoyMjAwMBIYcXVpYzovLzE5Mi4xNjguMC4xOjIyMDAwEhhxdWljOi8vMTkyLjE2OC4zLjE6MjIwMDAYzqG5+MLl+b1h"} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663058610822000,"flow_src_last_pkt_time":1663058610822000,"flow_dst_last_pkt_time":1663058610822000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":205,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":205,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":205,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663058610822000,"l3_proto":"ip6","src_ip":"fe80::6238:e0ff:fec5:35a0","dst_ip":"ff12::8384","src_port":42370,"dst_port":21027,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syncthing","proto_id":"313","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":7,"category":"Download"}} @@ -37,7 +37,7 @@ 01148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1663059067177000,"flow_dst_last_pkt_time":1663059067177000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":510,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":510,"pkt_l4_len":476,"thread_ts_usec":1663059067177000,"pkt":"\/\/\/\/\/\/\/\/YDjgxTWgCABFAAHwU\/5AALkR5UrAqAJkwKgC\/9bBUiMB3IihLqfZCwogkrdiYplilIJfxszmzzR5QogoLXO17N8tyym\/1ITELW8S6gFyZWxheTovLzE1MS44MC40My4xNjc6MjIwNjcvP2dsb2JhbExpbWl0QnBzPTAmaWQ9UVpKRllPUy1CSlBBNFVPLVlQQVhDTlUtUEVHT1BWNC1YNTZJSU9aLTNJR0pEMlAtSDVZNUFDSS00Rk1DTkFOJm5ldHdvcmtUaW1lb3V0PTJtMHMmcGluZ0ludGVydmFsPTFtMHMmcHJvdmlkZWRCeT1odHRwcyUzQSUyRiUyRmtleWJhc2UuaW8lMkZtb3ZpdXJvJnNlc3Npb25MaW1pdEJwcz0wJnN0YXR1c0FkZHI9JTNBMjIwNzASGnF1aWM6Ly8xOTIuMTY4LjIuMTAwOjIyMDAwEhhxdWljOi8vMTkyLjE2OC4wLjE6MjIwMDASGHF1aWM6Ly8xOTIuMTY4LjMuMToyMjAwMBIYcXVpYzovLzIuMjAzLjIzNC40OjIyMDAwEhl0Y3A6Ly8xOTIuMTY4LjIuMTAwOjIyMDAwEhd0Y3A6Ly8xOTIuMTY4LjAuMToyMjAwMBIXdGNwOi8vMTkyLjE2OC4zLjE6MjIwMDAYtbyZh9yrvO9z"} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1663059067177000,"flow_src_last_pkt_time":1663059067179000,"flow_dst_last_pkt_time":1663059067177000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":205,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":468,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6520,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663059067179000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"192.168.2.255","src_port":54977,"dst_port":21027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syncthing","proto_id":"313","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":7,"category":"Download"}} 00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1663058647185000,"flow_src_last_pkt_time":1663059067177000,"flow_dst_last_pkt_time":1663058647185000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":205,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":468,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6520,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663059067179000,"l3_proto":"ip6","src_ip":"fe80::6238:e0ff:fec5:35a0","dst_ip":"ff12::8384","src_port":47077,"dst_port":21027,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syncthing","proto_id":"313","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":7,"category":"Download"}} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":34,"packets-processed":34,"total-skipped-flows":0,"total-l4-payload-len":13912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":11,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1663059067179000} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/syncthing.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":34,"packets-processed":34,"total-skipped-flows":0,"total-l4-payload-len":13912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":11,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1663059067179000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 34/34 ~~ skipped flows.............: 0 @@ -46,9 +46,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7774071 bytes -~~ total memory freed........: 7774071 bytes -~~ total allocations/frees...: 146434/146434 +~~ total memory allocated....: 11482642 bytes +~~ total memory freed........: 11482642 bytes +~~ total allocations/frees...: 216688/216688 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 570 chars ~~ json string max len.......: 1177 chars diff --git a/test/results/default/synscan.pcap.out b/test/results/default/synscan.pcap.out index ced297a56..26d86601b 100644 --- a/test/results/default/synscan.pcap.out +++ b/test/results/default/synscan.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1278275056274870} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1278275056274870} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275056274870,"flow_src_last_pkt_time":1278275056274870,"flow_dst_last_pkt_time":1278275056274870,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275056274870,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1278275056274870,"flow_dst_last_pkt_time":1278275056274870,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1278275056274870,"pkt":"ACYLMQczACWzv5HuCABFAAAs5wgAADYGK2qsEAAIQA2GNIzSAbvdUoMYAAAAAGACDAAq1AAAAgQFtA=="} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275056276409,"flow_src_last_pkt_time":1278275056276409,"flow_dst_last_pkt_time":1278275056276409,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275056276409,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -7993,7 +7993,7 @@ 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275058595442,"flow_src_last_pkt_time":1278275058595442,"flow_dst_last_pkt_time":1278275058595442,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01067{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060335364,"flow_src_last_pkt_time":1278275060335364,"flow_dst_last_pkt_time":1278275060335364,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"PostgreSQL","proto_id":"19","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":11,"category":"Database"}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1278275060335364,"flow_src_last_pkt_time":1278275060335364,"flow_dst_last_pkt_time":1278275060335364,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1278275079360213,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2011,"packets-processed":2011,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":1870,"total-guessed-flows":124,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1994,"total-idle-flows":1994,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7996,"global_ts_usec":1278275079360213} +00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2011,"source":"cfgs\/default\/pcap\/synscan.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2011,"packets-processed":2011,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":1870,"total-guessed-flows":124,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1994,"total-idle-flows":1994,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7996,"global_ts_usec":1278275079360213} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2011/2011 ~~ skipped flows.............: 0 @@ -8002,9 +8002,9 @@ ~~ total active/idle flows...: 1994/1994 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 12106196 bytes -~~ total memory freed........: 12106196 bytes -~~ total allocations/frees...: 170312/170312 +~~ total memory allocated....: 15782927 bytes +~~ total memory freed........: 15782927 bytes +~~ total allocations/frees...: 240566/240566 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 537 chars ~~ json string max len.......: 1216 chars diff --git a/test/results/default/syslog.pcap.out b/test/results/default/syslog.pcap.out index 7d6f5bd42..f6328847c 100644 --- a/test/results/default/syslog.pcap.out +++ b/test/results/default/syslog.pcap.out @@ -1,9 +1,9 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00280{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":108743144,"packet_id":1,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":108743144} 01223{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":703,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":703,"pkt_l4_len":0,"thread_ts_usec":108743144,"pkt":"ABczYQAA4KHXGMJziGQRABs9AqsAIUW0AqkAAEAAQBEKT1+I8jZdFH5uAgICAgKVMFQ8MjY+SmFuIDAxIDAwOjAxOjQ3IG5iNiBuYmQ6IDAxPTc7MDM9OTUuMTM2LjI0Mi41NDswND1OQjYtRlhDLXIyOzA1PUUwQTFENzE4QzI3MDswNj0xMDc7MjA9MTsyOT05NS4xMzYuMjQyLjU0OzJBPU5CNi1CT09UTE9BREVSLVIxLjMyLjBfTkI2LU1BSU4tUjMuMy40X05CNi1SRVNDVUUtUjMuMS44X05CNi1BRFNMLUEycEQwMzVwX05CNi1DT05GSUctUjMuMy40LjI7MDc9NDA7MDg9MTA7MEE9MTQwMTA7MEI9MTEyODswQz0xNjAwMDswRD0xMDY4OzBFPTMzLjA7MEY9MTguNDsxMj02LjI7MTM9Ni44OzE0PTE5Ljg7MTU9MTIuMTsxNj0wOzE3PTA7MTg9MDsxOT0wOzFCPTE7MUM9QURTTDIrOzFEPTA7MUU9YXV0bzsxRj0xOzIxPTA7MjI9Mzk7MjM9MDsyND0yNjs0Qj0zOzRDPTA7NEQ9MjQ3Mzg7NEU9MzEzNTE2OzRGPTA7NTA9MDs1MT0wOzUyPTA7MTA9MTsxMT00OzMwPTA7MzE9MDszMj0yOzMzPTI7MzQ9MDszNT0wOzM2PTA7NDE9MDs0Mj11bmtub3duOzdDPTA7N0Q9dW5rbm93bjsyRD11bmtub3duOzJGPXVua25vd247Mzk9MDszQT0wOzQ0PTQ5OzQ2PTQ5OzQ4PTQ5OzNCPTA7M0M9MDszRD0wOzNFPTA7M0Y9MDs0MD0wOzc3PTU7Nzg9MDs3OT0wOzkwPTA7OTE9MDs5Mj0wOzk4PTs5OT07OWE9dW5rbm93bjs5Yj1vbjs5Yz1kb3duOzlkPTA7QjA9MA=="} 00280{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":113756696,"packet_id":2,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":113756696} 00791{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":379,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":379,"pkt_l4_len":0,"thread_ts_usec":108743144,"pkt":"ABczYQAA4KHXGMJziGQRABs9AWcAIUW0AWUAAEAAQBEL0V+I8jZdFH4wAgICAgFRGxc8MjY+SmFuIDAxIDAwOjAxOjUzIG5iNiBuYmQ6IDAxPTg7MDM9OTUuMTM2LjI0Mi41NDswND1OQjYtRlhDLXIyOzA1PUUwQTFENzE4QzI3MDswNj0xMTM7MjA9MTsyOT05NS4xMzYuMjQyLjU0OzJBPU5CNi1CT09UTE9BREVSLVIxLjMyLjBfTkI2LU1BSU4tUjMuMy40X05CNi1SRVNDVUUtUjMuMS44X05CNi1BRFNMLUEycEQwMzVwX05CNi1DT05GSUctUjMuMy40LjI7Mzc9NDszMD0wOzMxPTA7MzI9MjszMz0yOzM0PTA7MzU9MDszNj0wOzQxPTA7NDI9dW5rbm93bjs3Qz0wOzdEPXVua25vd247MkQ9dW5rbm93bjsyRj11bmtub3duOzM5PTA7M0E9MDs0ND01NTs0Nj01NTs0OD01NQ=="} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":3,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1377043331844398} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1377043331844398} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844398,"flow_src_last_pkt_time":1377043331844398,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":140,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377043331844398,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1377043331844398,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1377043331844398,"pkt":"vDBb56YVAASWJ4vKCABFAACoJ0cAADwRXWysFDM2rB9uKAICAgIAlCzbPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyMyBDT05GSUcgUUxBMjNYWCBQQ0lERVYwMyBEaXNjTG9vcElkIHFsYTIzeHhTdE1hY2hSdW4uY3h4IDM1MTAKMCBMb2NhbCBQb3J0IENvbm5lY3Rpb24gVHlwZT0gTE9PUDogbG9vcElkPTB4N0QKCgA="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844398,"flow_src_last_pkt_time":1377043331844398,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":140,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1377043331844398,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -11,14 +11,14 @@ 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1377043331893307,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_usec":1377043331893307,"pkt":"vDBb56YVAASWJ4vKCABFAADcJ0kAADwRXTasFDM2rB9uKAICAgIAyJYPPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyMyBDT05GSUcgRkNQVCBHZW5lcmF0ZUV2ZW50IGZjcFRyYW5zcG9ydExvY2FsUG9ydC5jcHAgMTIxOAowIEZDUCBMb2NhbCBQb3J0IFN0YXRlIFVQICA6IFdXTj0weDUwMDBEMzEwMDAwMzU2MDYgcG9ydElkPTB4MDAwMDAxIHBvcnRSb2xlPUJvdGggTG9jYWxQb3J0SW5kZXg9MHgwMDAzCgoA"} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1377043337197703,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1377043337197703,"pkt":"vDBb56YVAASWJ4vKCABFAACIJ3YAADwRXV2sFDM2rB9uKAICAgIAdHXTPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyOCBDT05GSUcgUUxBMjNYWCBQQ0lERVYwMyBJZGxlIHFsYTIzeHhTdE1hY2hSdW4uY3h4IDYyNTQKMCBMSVAoRjgsRjcpIFJlY2VpdmVkCgoA"} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1377043337206117,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":234,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":234,"pkt_l4_len":200,"thread_ts_usec":1377043337206117,"pkt":"vDBb56YVAASWJ4vKCABFAADcJ3cAADwRXQisFDM2rB9uKAICAgIAyG\/hPDEzND44NTQgMDgvMjAvMjAxMy0xOTowNToyOCBDT05GSUcgRkNQVCBHZW5lcmF0ZUV2ZW50IGZjcFRyYW5zcG9ydExvY2FsUG9ydC5jcHAgMTI0MQowIEZDUCBMb2NhbCBQb3J0IFN0YXRlIERPV046IFdXTj0weDUwMDBEMzEwMDAwMzU2MDYgcG9ydElkPTB4MDAwMDAxIHBvcnRSb2xlPUJvdGggTG9jYWxQb3J0SW5kZXg9MHgwMDAzCgoA"} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":18,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":2295,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1388653792914155} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":18,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":2295,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1388653792914155} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653792914155,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653792914155,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1388653792914155,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1388653792914155,"pkt":"gPsG8EXX4KHXGMJyCABFtABoYZ9AAEARc\/cK+xeLPicDjuc6AgIAVGhaPDE0Nz5KYW4gIDIgMTA6MDk6NTIgbmI2IGNoaWxsaXNwb3RbNDIyMl06IEM6MTkyLjE2OC4yLjgzLzAwOjE5OjdEOjNCOjZGOkQ0Cg=="} 00924{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653792914155,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653792914155,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1377043331844398,"flow_src_last_pkt_time":1377043354299811,"flow_dst_last_pkt_time":1377043331844398,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":192,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2295,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653792914155,"l3_proto":"ip4","src_ip":"172.20.51.54","dst_ip":"172.31.110.40","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1388653841215658,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1388653841215658,"pkt":"gPsG8EXX4KHXGMJyCABFtABoYaBAAEARc\/YK+xeLPicDjuc6AgIAVHJZPDE0Nz5KYW4gIDIgMTA6MTA6NDEgbmI2IGNoaWxsaXNwb3RbNDIyMl06IEQ6MTkyLjE2OC4yLjgzLzAwOjE5OjdEOjNCOjZGOkQ0Cg=="} 00966{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1388653792914155,"flow_src_last_pkt_time":1388653841215658,"flow_dst_last_pkt_time":1388653792914155,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1388653841215658,"l3_proto":"ip4","src_ip":"10.251.23.139","dst_ip":"62.39.3.142","src_port":59194,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":2447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1488571038380901} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":2447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1488571038380901} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571038380901,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":161,"pkt_l4_len":123,"thread_ts_usec":1488571038380901,"pkt":"AAAMn\/B5ACEbrjHBgQAAeQgARQAAjwBGAAD\/EUiywKh5CsCoeArDoAICAHsygDwxODk+NzI6IE1hciAgMyAxOTo1NzoxNy4zNzE6ICVMSU5LLTUtQ0hBTkdFRDogSW50ZXJmYWNlIEdpZ2FiaXRFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byBhZG1pbmlzdHJhdGl2ZWx5IGRvd24="} 00931{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571038380901,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":115,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":115,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":115,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571038380901,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -32,7 +32,7 @@ 00930{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1488571330521769,"flow_src_last_pkt_time":1488571330521769,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":138,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":138,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330521769,"l3_proto":"ip4","src_ip":"192.168.121.2","dst_ip":"192.168.120.10","src_port":50352,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00724{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1488571330522327,"flow_dst_last_pkt_time":1488571330521769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":201,"pkt_l4_len":163,"thread_ts_usec":1488571330522327,"pkt":"ABpsoSuZAB56eT8RgQAAeQgARQAAtwA\/AAD\/EUiZwKh5AsCoeArEsAICAKOtbzwxOTA+NjQ6IE1hciAgMyAyMDowMjowOS40Njg6ICVJUFY2X0FDTC02LUFDQ0VTU0xPR1A6IGxpc3QgdnR5LWFjY2Vzcy8xMCBwZXJtaXR0ZWQgdGNwIDIwMDM6NTE6NjAxMjoxMTA6OkIxNToyMig2MDg5MikgLT4gMjAwMzo1MTo2MDEyOjEyMTo6MigyMiksIDEgcGFja2V0"} 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1488571330522327,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":26,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":3186,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1557406267494812} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":26,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":3186,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1557406267494812} 00744{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1557406267494812,"flow_src_last_pkt_time":1557406267494812,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406267494812,"l3_proto":"ip4","src_ip":"193.24.227.10","dst_ip":"216.66.86.114","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} 01096{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1557406267494812,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":480,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":480,"pkt_l4_len":446,"thread_ts_usec":1557406267494812,"pkt":"ABDb\/xAAACFZH\/EMCABFAAHSd60AAIAp7n3BGOMK2EJWcmAAAAABlhFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAZY93TwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MDgiIGR1cmF0aW9uPTU5IHBvbGljeV9pZD0xIHNlcnZpY2U9ZG5zIHByb3RvPTE3IHNyYyB6b25lPVRydXN0IGRzdCB6b25lPVVudHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTEzNiByY3ZkPTAgc3JjPTE5My4yNC4yMjcuMTk2IGRzdD05LjkuOS45IHNyY19wb3J0PTQxNDQzIGRzdF9wb3J0PTUzIHNyYy14bGF0ZWQgaXA9MTkzLjI0LjIyNy4xOTYgcG9ydD00MTQ0MyBkc3QteGxhdGVkIGlwPTkuOS45LjkgcG9ydD01MyBzZXNzaW9uX2lkPTQ4MDQ2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 00743{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1557406267510571,"flow_src_last_pkt_time":1557406267510571,"flow_dst_last_pkt_time":1557406267510571,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":446,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406267510571,"l3_proto":"ip4","src_ip":"216.66.80.30","dst_ip":"193.24.227.12","l4_proto":41,"flow_datalink":1,"flow_max_packets":5} @@ -43,7 +43,7 @@ 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1488571038380901,"flow_src_last_pkt_time":1488571189276080,"flow_dst_last_pkt_time":1488571038380901,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":95,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":119,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1557406275511725,"l3_proto":"ip4","src_ip":"192.168.121.10","dst_ip":"192.168.120.10","src_port":50080,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01172{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1557406279481997,"flow_dst_last_pkt_time":1557406267494812,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_usec":1557406279481997,"pkt":"ABDb\/xAAACFZH\/EMCABFAAILd7sAAIAp7jbBGOMK2EJWcmAAAAABzxFAIAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAc8p5DwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTgiIGR1cmF0aW9uPTYxIHBvbGljeV9pZD04IHNlcnZpY2U9TmV0d29yayBUaW1lIHByb3RvPTE3IHNyYyB6b25lPVVudHJ1c3QgZHN0IHpvbmU9VHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTE1NCByY3ZkPTEzNCBzcmM9MjAwMTo0NzA6MWYwYToxMDFhOjoyIGRzdD0yMDAxOjQ3MDo2ZDphMTo6ZGNmYjoxMjMgc3JjX3BvcnQ9MTIzIGRzdF9wb3J0PTEyMyBzcmMteGxhdGVkIGlwPTIwMDE6NDcwOjFmMGE6MTAxYTo6MiBwb3J0PTEyMyBkc3QteGxhdGVkIGlwPTIwMDE6NDcwOjZkOmExOjpkY2ZiOjEyMyBwb3J0PTEyMyBzZXNzaW9uX2lkPTQ4MDU2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} 01171{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1557406279497874,"flow_dst_last_pkt_time":1557406267510571,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":537,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":537,"pkt_l4_len":503,"thread_ts_usec":1557406279497874,"pkt":"ABRpnhFAABDb\/xAACABFAAILsN5AAPspAGXYQlAewRjjDGAAAAABzxE7IAEEcABsAKEAAAAAAAAAAiABBHB2WwAAAAAAAAsVACKVDwICAc8p5DwxMzM+c3NnOiBOZXRTY3JlZW4gZGV2aWNlX2lkPTAxODUwODIwMDgwMDE1NDEgIFtSb290XXN5c3RlbS1ub3RpZmljYXRpb24tMDAyNTcodHJhZmZpYyk6IHN0YXJ0X3RpbWU9IjIwMTktMDUtMDkgMTQ6NTA6MTgiIGR1cmF0aW9uPTYxIHBvbGljeV9pZD04IHNlcnZpY2U9TmV0d29yayBUaW1lIHByb3RvPTE3IHNyYyB6b25lPVVudHJ1c3QgZHN0IHpvbmU9VHJ1c3QgYWN0aW9uPVBlcm1pdCBzZW50PTE1NCByY3ZkPTEzNCBzcmM9MjAwMTo0NzA6MWYwYToxMDFhOjoyIGRzdD0yMDAxOjQ3MDo2ZDphMTo6ZGNmYjoxMjMgc3JjX3BvcnQ9MTIzIGRzdF9wb3J0PTEyMyBzcmMteGxhdGVkIGlwPTIwMDE6NDcwOjFmMGE6MTAxYTo6MiBwb3J0PTEyMyBkc3QteGxhdGVkIGlwPTIwMDE6NDcwOjZkOmExOjpkY2ZiOjEyMyBwb3J0PTEyMyBzZXNzaW9uX2lkPTQ4MDU2IHJlYXNvbj1DbG9zZSAtIEFHRSBPVVQA"} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":32,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":5976,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1600781689297122} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":32,"packets-processed":29,"total-skipped-flows":0,"total-l4-payload-len":5976,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_usec":1600781689297122} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781689297122,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781689297122,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1600781689297122,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_usec":1600781689297122,"pkt":"qrvMbk9eqrvMlgwFCABFAABuAAAAAP8RpCWsFfskrBPEC\/TXAgIAWrkePDE4OT4zMDogKlNlcCAyMiAxMzozNDo0OS4xOTU6ICVTWVMtNS1DT05GSUdfSTogQ29uZmlndXJlZCBmcm9tIGNvbnNvbGUgYnkgY29uc29sZQ=="} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781689297122,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781689297122,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -63,7 +63,7 @@ 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1600781952293713,"flow_dst_last_pkt_time":1600781952293359,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_usec":1600781952293713,"pkt":"qrvMySBnqrvMPDqhCABFAACPAAkAAP8RdvTAqEPxCsE1BvTXAgIAe0jbPDE4OT4zOTogUjE6ICpTZXAgMjIgMTM6Mzk6MTIuMjUyOiAlTElORVBST1RPLTUtVVBET1dOOiBMaW5lIHByb3RvY29sIG9uIEludGVyZmFjZSBFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byB1cA=="} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781689297122,"flow_src_last_pkt_time":1600781690282270,"flow_dst_last_pkt_time":1600781689297122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":118,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781952293713,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600781776117552,"flow_src_last_pkt_time":1600781777157257,"flow_dst_last_pkt_time":1600781776117552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":81,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600781952293713,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":38,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":6581,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_usec":1600782411853866} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":38,"packets-processed":35,"total-skipped-flows":0,"total-l4-payload-len":6581,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_usec":1600782411853866} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782411853866,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":304,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":304,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782411853866,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1600782411853866,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_usec":1600782411853866,"pkt":"qrvMCetCqrvMS9ZJCABFAAFMAAAAAP8RHZjAqH5mrBOx5t9OAgIBOHsYPDE5MD44MjogUjE6IFtzeXNsb2dAOSBzX3NuPSIxIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+Njwvc2V2ZXJpdHk+PG1zZy1pZD5MT0dHSU5HSE9TVF9TVEFSVFNUT1A8L21zZy1pZD48dGltZT4qU2VwIDIyIDEzOjQ2OjUwLjgxMjwvdGltZT48YXJncz48YXJnIGlkPSIwIj4xMC4xLjIuMjwvYXJnPjxhcmcgaWQ9IjEiPiBwb3J0IDUxNDwvYXJnPjxhcmcgaWQ9IjIiPjwvYXJnPjxhcmcgaWQ9IjMiPiBzdGFydGVkIC0gQ0xJIGluaXRpYXRlZDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782411853866,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":304,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":304,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782411853866,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -93,7 +93,7 @@ 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1600782411853866,"flow_src_last_pkt_time":1600782438439705,"flow_dst_last_pkt_time":1600782411853866,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":226,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":304,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":989,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782653380844,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1600782466695334,"flow_src_last_pkt_time":1600782501747500,"flow_dst_last_pkt_time":1600782466695334,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":107,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":642,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782653380844,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1600782514222729,"flow_src_last_pkt_time":1600782515213099,"flow_dst_last_pkt_time":1600782514222729,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":207,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":208,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":415,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1600782653380844,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":52,"packets-processed":49,"total-skipped-flows":0,"total-l4-payload-len":9237,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":9,"current-active-flows":3,"total-active-flows":13,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":96,"global_ts_usec":1618744015613076} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":52,"packets-processed":49,"total-skipped-flows":0,"total-l4-payload-len":9237,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":9,"current-active-flows":3,"total-active-flows":13,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":96,"global_ts_usec":1618744015613076} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613076,"flow_src_last_pkt_time":1618744015613076,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015613076,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1618744015613076,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":99,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":99,"pkt_l4_len":65,"thread_ts_usec":1618744015613076,"pkt":"AAAAAAAAAAgA5occCABFAABVAABAADwRr+OsGuW+rBdQxAICAgIAQS7mPDMwPnNubXBkWzY5NTZdOiBDb25uZWN0aW9uIGZyb20gVURQOiBbMTI3LjAuMC4xXToyMTMxMSAK"} 00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744015613076,"flow_src_last_pkt_time":1618744015613076,"flow_dst_last_pkt_time":1618744015613076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":57,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":57,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":57,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744015613076,"l3_proto":"ip4","src_ip":"172.26.229.190","dst_ip":"172.23.80.196","src_port":514,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -116,13 +116,13 @@ 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744358191948,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_usec":1618744358191948,"pkt":"AAAAAAAAAAgA5occCABF4ACnOuMAAP4RubfAqP6dxPBClMHLAgIAk0yqPDEzND4gMjAyMS0wNC0xOCAxNToxMjozOCswNDowMCAxMC4xMjYuMjAuNjggTG9nLCAgICAgNjU5MzQsMC8zLzAvMCwyMjQuMi4yLjIzMSwxLDIwMjEtMDQtMTggMTM6MTI6MzgsMjAyMS0wNC0xOCAxNToxMjozOCxQUk9HUkFNLTEzMSwqLDExLA=="} 00933{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744358191948,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":84,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":10756,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":10,"current-active-flows":2,"total-active-flows":16,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":119,"global_ts_usec":1639052948178444} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":84,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":10756,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":10,"current-active-flows":2,"total-active-flows":16,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":119,"global_ts_usec":1639052948178444} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":761,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":761,"pkt_l4_len":671,"thread_ts_usec":1639052948178444,"pkt":"AAAAAAAAAAQAAAAIgQABmAgARQACs1yXAAA\/EY\/tCgtpmgoGDwtQkwICAp+o6DwxODk+ZGF0ZT0yMDIxLTEyLTA5IHRpbWU9MTY6Mjk6MDYgZGV2bmFtZT0iQVRNRkxKUUFCSUwtVVQtODMiIGRldmlkPSJGR1Q2MUVUSzE5MDA5NDQ5IiBldmVudHRpbWU9MTYzOTA1Mjk0ODE1NDgzMTg4OSB0ej0iKzA0MDAiIGxvZ2lkPSIwMDAwMDAwMDEzIiB0eXBlPSJ0cmFmZmljIiBzdWJ0eXBlPSJmb3J3YXJkIiBsZXZlbD0ibm90aWNlIiB2ZD0icm9vdCIgc3JjaXA9MTAuMC4wLjEzIHNyY3BvcnQ9NTczODEgc3JjaW50Zj0iSFEtRkdUX0d3VjQtMSIgc3JjaW50ZnJvbGU9InVuZGVmaW5lZCIgZHN0aXA9MTAuMS4yNTEuNTEgZHN0cG9ydD04MDAwIGRzdGludGY9ImludGVybmFsIiBkc3RpbnRmcm9sZT0ibGFuIiBzcmNjb3VudHJ5PSJSZXNlcnZlZCIgZHN0Y291bnRyeT0iUmVzZXJ2ZWQiIHNlc3Npb25pZD03OTYwMjE2IHByb3RvPTYgYWN0aW9uPSJjbGllbnQtcnN0IiBwb2xpY3lpZD0yIHBvbGljeXR5cGU9InBvbGljeSIgcG9sdXVpZD0iMzUyMjgzMTYtYWY4Yy01MWVhLTMxYzItY2ZiNmUzYjc2M2NhIiBzZXJ2aWNlPSJUQ1AtODAwMCIgdHJhbmRpc3A9Im5vb3AiIGR1cmF0aW9uPTYgc2VudGJ5dGU9MjQ0IHJjdmRieXRlPTkwMCBzZW50cGt0PTUgdnBuPSJIUS1GR1RfR3dWNC0xIiB2cG50eXBlPSJpcHNlYy1zdGF0aWMiIGFwcGNhdD0idW5zY2FubmVkIhmBEQkBlwGXAWQCAQAAAAAAAAAAAAAAAAGXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWukSU="} 00927{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744358191948,"flow_src_last_pkt_time":1618744358191948,"flow_dst_last_pkt_time":1618744358191948,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":139,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":139,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":139,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"192.168.254.157","dst_ip":"196.240.66.148","src_port":49611,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01103{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":1,"flow_first_seen":1618744117704164,"flow_src_last_pkt_time":1618744314014150,"flow_dst_last_pkt_time":1618744128983164,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":136,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":136,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948178444,"l3_proto":"ip4","src_ip":"10.186.117.194","dst_ip":"169.46.82.162","src_port":49948,"dst_port":52173,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":85,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":1646228387732435} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":85,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":125,"global_ts_usec":1646228387732435} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228387732435,"packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228387732435} 00991{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":525,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":525,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAfkAIUUAAfduywAAMxGwY8N4pYZT66ndAgIq+AHjFX48NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ3LjY4OTM5Mi0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ3LjU2MTUyMy0wMTAwIiwgImZsb3dfaWQiOiAzODEwNzkzNTU4MjI1NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAic3NoIiwgInNyY19pcCI6ICIxMDYuMTMuMjIzLjEiLCAic3JjX3BvcnQiOiA1MjUzMiwgImRlc3RfaXAiOiAiMTk1LjEyMC4xNjUuMTM0IiwgImRlc3RfcG9ydCI6IDIyMjIsICJwcm90byI6ICJUQ1AiLCAic3NoIjogeyJjbGllbnQiOiB7InByb3RvX3ZlcnNpb24iOiAiMi4wIiwgInNvZnR3YXJlX3ZlcnNpb24iOiAibGlic3NoLTAuNi4zIn0sICJzZXJ2ZXIiOiB7InByb3RvX3ZlcnNpb24iOiAiMi4wIiwgInNvZnR3YXJlX3ZlcnNpb24iOiAiT3BlblNTSF82LjdwMSBEZWJpYW4tNStkZWI4dTMifX19"} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228388234384,"packet_id":86,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228388234384} @@ -131,7 +131,7 @@ 00891{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":449,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":449,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAa0AIUUAAav9yAAAMxEhssN4pYZT66ndAgIq+AGXbaE8NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ4LjcyMjMzOC0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ4LjE5NzI2NS0wMTAwIiwgImZsb3dfaWQiOiAyOTAwNDk2NzE1NjE4NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAiZG5zIiwgInNyY19pcCI6ICIxOTUuMTIwLjE2NS4xMzQiLCAic3JjX3BvcnQiOiA0NjkyLCAiZGVzdF9pcCI6ICI4LjguOC44IiwgImRlc3RfcG9ydCI6IDUzLCAicHJvdG8iOiAiVURQIiwgImRucyI6IHsidHlwZSI6ICJxdWVyeSIsICJpZCI6IDM5MDc0LCAicnJuYW1lIjogIm9wZW52cG50ZWMuZXRyYS1pZC5jb20iLCAicnJ0eXBlIjogIkEiLCAidHhfaWQiOiAwfX0="} 00295{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1646228388765633,"packet_id":88,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","layer_type":34916,"global_ts_usec":1646228388765633} 00999{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":530,"pkt_type":34916,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":530,"pkt_l4_len":0,"thread_ts_usec":1639052948178444,"pkt":"JFpMlM8sAB0cD7o8iGQRAAABAf4AIUUAAfwa3gAAMxEETMN4pYZT66ndAgIq+AHo0Bs8NDU+MSAyMDIyLTAzLTAyVDEyOjM5OjQ4LjcyMjQzOC0wMTowMCBwZlNlbnNlLmxvY2FsZG9tYWluIHN1cmljYXRhIDM3MDQ2IC0gLSB7InRpbWVzdGFtcCI6ICIyMDIyLTAzLTAyVDEyOjM5OjQ4LjIxNTI3Ny0wMTAwIiwgImZsb3dfaWQiOiAyOTAwNDk2NzE1NjE4NzMsICJpbl9pZmFjZSI6ICJiZ2U5IiwgImV2ZW50X3R5cGUiOiAiZG5zIiwgInNyY19pcCI6ICIxOTUuMTIwLjE2NS4xMzQiLCAic3JjX3BvcnQiOiA0NjkyLCAiZGVzdF9pcCI6ICI4LjguOC44IiwgImRlc3RfcG9ydCI6IDUzLCAicHJvdG8iOiAiVURQIiwgImRucyI6IHsidmVyc2lvbiI6IDIsICJ0eXBlIjogImFuc3dlciIsICJpZCI6IDM5MDc0LCAiZmxhZ3MiOiAiODE4MCIsICJxciI6IHRydWUsICJyZCI6IHRydWUsICJyYSI6IHRydWUsICJycm5hbWUiOiAib3BlbnZwbnRlYy5ldHJhLWlkLmNvbSIsICJycnR5cGUiOiAiQSIsICJyY29kZSI6ICJOT0VSUk9SIiwgImFuc3c="} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":89,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":134,"global_ts_usec":1646781267422628} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":89,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":11419,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":134,"global_ts_usec":1646781267422628} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781267422628,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":137,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":137,"pkt_l4_len":99,"thread_ts_usec":1646781267422628,"pkt":"AAkPCQAVREyokzbXgQAH1QgARQAAd4NyQAA+ESYdCl7oFQpelhXgHgICAGMIejw2Pk1hciAgOSAwNDo0NDoyNyBOREMzQ0xORE1WQTIyIGtlcm5lbDogSVB2NjogQUREUkNPTkYoTkVUREVWX1VQKTogZXRoMDogbGluayBpcyBub3QgcmVhZHk="} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":89,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267422628,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":91,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":91,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781267422628,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -145,7 +145,7 @@ 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1646781268509996,"flow_src_last_pkt_time":1646781268509996,"flow_dst_last_pkt_time":1646781268509996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1270,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1270,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1270,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.94.80.60","dst_ip":"10.94.150.22","src_port":39438,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948178444,"flow_src_last_pkt_time":1639052948178444,"flow_dst_last_pkt_time":1639052948178444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":663,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":663,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":663,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.11.105.154","dst_ip":"10.6.15.11","src_port":20627,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1646781267422628,"flow_src_last_pkt_time":1646781267427418,"flow_dst_last_pkt_time":1646781267422628,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":91,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":510,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1646781268509996,"l3_proto":"ip4","src_ip":"10.94.232.21","dst_ip":"10.94.150.21","src_port":57374,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":94,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":13199,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":10,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":148,"global_ts_usec":1646781268509996} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/syslog.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":94,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":13199,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":10,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":148,"global_ts_usec":1646781268509996} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 94/88 ~~ skipped flows.............: 0 @@ -154,9 +154,9 @@ ~~ total active/idle flows...: 19/19 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7810213 bytes -~~ total memory freed........: 7810213 bytes -~~ total allocations/frees...: 146665/146665 +~~ total memory allocated....: 11518544 bytes +~~ total memory freed........: 11518544 bytes +~~ total allocations/frees...: 216919/216919 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 285 chars ~~ json string max len.......: 2219 chars diff --git a/test/results/default/tailscale.pcap.out b/test/results/default/tailscale.pcap.out index 6f30054db..bb8c796e1 100644 --- a/test/results/default/tailscale.pcap.out +++ b/test/results/default/tailscale.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623328901893092} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623328901893092} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328901893092,"flow_dst_last_pkt_time":1623328901893092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623328901893092,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623328901893092,"flow_dst_last_pkt_time":1623328901893092,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1623328901893092,"pkt":"poPnuslkAAwplE+vCABFAAB4d9xAAEART3bAqFgDEsRHs6KpoqkAZHYFVFPwn5KstoR90hKud3v64hSzbQ2XEVLwx+BSTgwosKAQW1+mFhcDIU7pTkASV+cPow8CosaxW7erOd5Ypqum39pp9XjnyWeXa9gOouLKbhi2mYRqmqG3HWqWW+4="} 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328901893092,"flow_dst_last_pkt_time":1623328901893092,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623328901893092,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Tailscale","proto_id":"24","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -9,7 +9,7 @@ 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623328903725945,"flow_dst_last_pkt_time":1623328904184015,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1623328904184015,"pkt":"AAwplE+vpoPnuslkCABFAACcwGAAADARAAASxEezwKhYA6KpoqkAiNUeBAAAAJjIPnoBAAAAAAAAAIDRhelXasbgL\/+zYa0dujImbboZHw5LtTzrMLrAnJiErjX4Q\/gpsHyUZ2phBiZAcnlAJHPknh+UjOJs8w8oU91sAPPQbskYRx3J+rH+DeFVFEtkDOzsDsjpsegoPlzrb\/fiUGSsuyCgJy+T4mnA9xA="} 02364{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328910935194,"flow_dst_last_pkt_time":1623328911751937,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":128,"flow_src_tot_l4_payload_len":1430,"flow_dst_tot_l4_payload_len":2162,"midstream":0,"thread_ts_usec":1623328911751937,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":609708.0,"max":1999684,"stddev":605237.1,"var":366311899136.0,"ent":4.2,"data": [1831567,1832853,459337,19,7,851239,689283,1999684,305038,1197527,993302,17713,10,118067,686079,686069,167240,28515,268363,28631,1001510,1709853,809387,161594,38729,229122,33650,39336,1000927,1009891,706405]},"pktlen": {"min":120,"avg":140.2,"max":156,"stddev":15.4,"var":237.9,"ent":5.0,"data": [120,120,138,156,156,156,156,120,138,156,120,138,156,120,138,120,138,120,156,138,156,156,120,138,120,156,156,138,156,156,156,120]},"bins": {"c_to_s": [0,0,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,6,3,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,1,1,1,1,0,1,0,1,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1],"entropies": [6.258774757,6.327646255,6.564895153,6.334487915,6.307401657,6.374646664,6.326507568,6.403507233,6.611924648,6.410363674,6.506895065,6.510478020,6.402382374,6.340927124,6.480768204,6.334637165,6.568448067,6.498397350,6.475291729,6.619921207,6.387466908,6.409846783,6.390228748,6.538738251,6.500603676,6.552214622,6.461646080,6.474994183,6.375043869,6.467308998,6.309903622,6.317968845]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Tailscale","proto_id":"24","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":56,"flow_first_seen":1623328901893092,"flow_src_last_pkt_time":1623328931902798,"flow_dst_last_pkt_time":1623328933775730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":128,"flow_src_tot_l4_payload_len":5700,"flow_dst_tot_l4_payload_len":6322,"midstream":0,"thread_ts_usec":1623328933775730,"l3_proto":"ip4","src_ip":"192.168.88.3","dst_ip":"18.196.71.179","src_port":41641,"dst_port":41641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Tailscale","proto_id":"24","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":107,"packets-processed":107,"total-skipped-flows":0,"total-l4-payload-len":12022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1623328933775730} +00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tailscale.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":107,"packets-processed":107,"total-skipped-flows":0,"total-l4-payload-len":12022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1623328933775730} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 107/107 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769856 bytes -~~ total memory freed........: 7769856 bytes -~~ total allocations/frees...: 146478/146478 +~~ total memory allocated....: 11478475 bytes +~~ total memory freed........: 11478475 bytes +~~ total allocations/frees...: 216732/216732 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 570 chars ~~ json string max len.......: 2369 chars diff --git a/test/results/default/targusdataspeed_false_positives.pcap.out b/test/results/default/targusdataspeed_false_positives.pcap.out index bfbee55df..6c26efe2e 100644 --- a/test/results/default/targusdataspeed_false_positives.pcap.out +++ b/test/results/default/targusdataspeed_false_positives.pcap.out @@ -1,4 +1,4 @@ -00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00587{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":35569737,"flow_src_last_pkt_time":35569737,"flow_dst_last_pkt_time":35569737,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":35569737,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.164.55.123","src_port":23994,"dst_port":5001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":35569737,"flow_dst_last_pkt_time":35569737,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"thread_ts_usec":35569737,"pkt":"UlQAEjUCCAAn5uVZCABFAAB+ehEAAIARLTAKAAIPT6Q3e126E4kAahVHZDE6YWQyOmlkMjA69gJ3AZhiwRyVvvTzAO9QVrdoSnA2OnRhcmdldDIwOvYCdwGYYsEclb708wDvUFa3aEpxZTE6cTk6ZmluZF9ub2RlMTp0ODqI0o3DoQnQUDE6eTE6cWU="} 01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":35569737,"flow_src_last_pkt_time":35569737,"flow_dst_last_pkt_time":35569737,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":35569737,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.164.55.123","src_port":23994,"dst_port":5001,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","bittorrent": {"hash":""}}} @@ -9,7 +9,7 @@ 00916{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":46627016,"flow_dst_last_pkt_time":47351725,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":47351725,"pkt":"CAAn5uVZUlQAEjUCCABFAAFLPoUAAEARp+tZQC3jCgACDxRRXboBN3DOZDI6aXA2Ol0v4fi2NTE6cmQyOmlkMjA6Cixkc\/ArsXcJ7U3wslfTpV0++Qo1Om5vZGVzMjA4OgnoTWcn5Dz1WsC7MJGi19W6kHfXwIMsWf7sCMB+iYC28R+pvpNIPRWUbo8TACBttiU\/eIoJTCvSXHm7E6mVIW1xdJVtFGBxj71Fdbbh6Qi0O4aQ71PNaDpVSFMJBfrOkxEjUPl1HgURCYdIr0PZ+eaVADua7fVMXBTcQ4EChJrSdkcJ4hLhbiau6yJI+VuOfD+bIhmzz7V5SbNlNQhV3fqFlrrzSnPbqxOCr29KlotYDsDTJxC1CNuf8fG76euzpts8hww+mSReDZCIHta8ty8xOnBpNDY2NDVlZTE6dDg6yqEY3ZzscnUxOnY0OkxUAQIxOnkxOnJl"} 00769{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":46627016,"flow_src_last_pkt_time":46627016,"flow_dst_last_pkt_time":47351725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":303,"midstream":0,"thread_ts_usec":47351725,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"89.64.45.227","src_port":23994,"dst_port":5201,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00770{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":35569737,"flow_src_last_pkt_time":35569737,"flow_dst_last_pkt_time":35636027,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":98,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":272,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":272,"midstream":0,"thread_ts_usec":47351725,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"79.164.55.123","src_port":23994,"dst_port":5001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":771,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":47351725} +00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/targusdataspeed_false_positives.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-payload-len":771,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":47351725} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769073 bytes -~~ total memory freed........: 7769073 bytes -~~ total allocations/frees...: 146388/146388 +~~ total memory allocated....: 11477676 bytes +~~ total memory freed........: 11477676 bytes +~~ total allocations/frees...: 216642/216642 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 592 chars ~~ json string max len.......: 1193 chars diff --git a/test/results/default/tcp_scan.pcapng.out b/test/results/default/tcp_scan.pcapng.out index 8fa35a704..97ac896d7 100644 --- a/test/results/default/tcp_scan.pcapng.out +++ b/test/results/default/tcp_scan.pcapng.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1674583448287506} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1674583448287506} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1674583461865595,"flow_src_last_pkt_time":1674583461865595,"flow_dst_last_pkt_time":1674583461865595,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583461865595,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1674583461865595,"flow_dst_last_pkt_time":1674583461865595,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1674583461865595,"pkt":"AICPmq69KDc3AG3ICABFAABAAABAAP8G97LAqAGywKgBAtvQAFAaMXySAAAAALAC\/\/+gxwAAAgQFtAEDAwUBAQgKBzOYGQAAAAAEAgAA"} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1674583461865599,"flow_src_last_pkt_time":1674583461865599,"flow_dst_last_pkt_time":1674583461865599,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583461865599,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56273,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -39,7 +39,7 @@ 00776{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1674583461865599,"flow_src_last_pkt_time":1674583461866946,"flow_dst_last_pkt_time":1674583461866839,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56273,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01063{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583461880765,"flow_src_last_pkt_time":1674583461880765,"flow_dst_last_pkt_time":1674583461881499,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56274,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"SMBv23","proto_id":"41","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00776{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1674583461880765,"flow_src_last_pkt_time":1674583461880765,"flow_dst_last_pkt_time":1674583461881499,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1674583501983146,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.2","src_port":56274,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":30,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":3,"total-guessed-flows":4,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1674583501983146} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tcp_scan.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":30,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":3,"total-guessed-flows":4,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1674583501983146} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/18 ~~ skipped flows.............: 0 @@ -48,9 +48,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7780326 bytes -~~ total memory freed........: 7780326 bytes -~~ total allocations/frees...: 146463/146463 +~~ total memory allocated....: 11488849 bytes +~~ total memory freed........: 11488849 bytes +~~ total allocations/frees...: 216717/216717 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 532 chars ~~ json string max len.......: 1182 chars diff --git a/test/results/default/teams.pcap.out b/test/results/default/teams.pcap.out index 3de9b6acd..69bee0fc3 100644 --- a/test/results/default/teams.pcap.out +++ b/test/results/default/teams.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1587041672419153} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1587041672419153,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 01001{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041672419153,"flow_src_last_pkt_time":1587041672419153,"flow_dst_last_pkt_time":1587041672419153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041672419153,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}} @@ -453,7 +453,7 @@ 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1237,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693475613,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1587041693475613,"pkt":"KDc3AG3IEBMx8Tl2CABFAADdNJMAAGwR1dQ0ck2IwKgBBg2WyeEAyV65B51cqyKYlOqfHC4eUj71t0+3OzD2kNc2OfFPQNt7fwvuOZltdCnrcr0l94iSgE3VeMj4bdDb+vZ+CObqTNO+QGlUnkV8bcknbNvGUx42nvxp8mhw\/srnkVApKnhDe\/uy29skE82ON2NOubAQd6VBKyo6DT6MaE1A1qjybrSe5XwDrj8OJ1EA\/FUFx\/b063Ar395Oi1sw+DBTZ16KUXaymVRCSFNXRrfz6yWlsSmdtxTLQfpVrW5dlejTUGgaSVxvSg=="} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1238,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1238,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693515047,"pkt":"EBMx8Tl2KDc3AG3ICABFAABg5p0AAEARo1PAqAEGNHL6e8NgDZYATAKlAAMAMCESpEKyND9uZ\/QdWKy6Y58ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1238,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1238,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693515047,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693515047,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693515047,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1239,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693516414,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1239,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693516414,"flow_dst_last_pkt_time":1587041693516414,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693516414,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NiAbvwxDFFAAAAALAC\/\/9VoQAAAgQFtAEDAwUBAQgKMITZEwAAAAAEAgAA"} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1240,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693517336,"flow_src_last_pkt_time":1587041693517336,"flow_dst_last_pkt_time":1587041693517336,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":67,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":67,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":67,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693517336,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":55765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -470,17 +470,17 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1247,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693428391,"flow_dst_last_pkt_time":1587041693576566,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1587041693576566,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJUAAGwR1m40ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1248,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1248,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693582165,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgF74AAEARcjPAqAEGNHL6e8N0DZYATEppAAMAMCESpEI9x0RmdejywONbcT4ADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1248,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582165,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693582165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582165,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693582610,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693582610,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1587041693582610,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGShzAqAEGNHL6e8NlAbtcWVYoAAAAALAC\/\/\/E5AAAAgQFtAEDAwUBAQgKMITZVQAAAAAEAgAA"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1250,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1250,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693597783,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="} -01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1250,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693597783,"flow_src_last_pkt_time":1587041693597783,"flow_dst_last_pkt_time":1587041693597783,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693597783,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 02485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1251,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693608822,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUnZVAAGwGevI0cvp7wKgBBgG7w2KOQOnM8MQyAVAQCARhxAAANjIwWjCBmzCBmDBMMAkGBSsOAwIaBQAEFCmF\/GE9vi+wEg9eQg5MnsPVnv18BBQI\/iWfdOqHBMK8u46oOF8zxtFsZQITLQAGXpgoyD\/NFydgrgAAAAZemIAAGA8yMDIwMDQxNTE5MDYyMFqgERgPMjAyMDA0MTkxOTA2MjBaoSIwIDAeBgkrBgEFBQcwAQYEERgPMjAxOTA0MTYxOTA2MjBaMA0GCSqGSIb3DQEBCwUAA4IBAQAaQYaDpwd6DNwyOUeit6mUOBXgoV06pe6ThWCURamS0COPur719YO54pzaWQ\/wQiNdRfJ+6IxdL624Y9ECjW7h0i3GVY5McK\/JE0+t8QKiDyIrzja2mdM3dr87glc0ghsX25i5Wq+uovmAq2y0kIR5ZDxPkSCewMHChNQBpgB6w7ldXqSVgO6mMxOPGIUJeCKP7XKb6HxICQ+KDOclyTMlRvOfgXDsfJ+qgS\/\/Xx69gdsXVVKuxxVgmTXKPjwc6+0PAhk7AM38T+1uvkyY+cnLoNXnWfuXwei6nw4U+wy7NBkdjTNfderi681shWsjrz7QTveMgXHXa8hDzke10XqeoIIFIzCCBR8wggUbMIIDA6ADAgECAhNuABXTTwZmllgRJK\/RAAAAFdNPMA0GCSqGSIb3DQEBCwUAMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTAeFw0yMDA0MDIxNjU4MDlaFw0yMTA0MDIxNjU4MDlaMCsxKTAnBgNVBAMMIE1pY3Jvc29mdF9JVF9UTFNfQ0FfNV9LZXlCaW5kaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt72xRWYGvzznDDT8NXYL9rp9+Ya3b0Z6P2wS3akQ58NdGCNNqh5bkYWl59MsBDUHv9Ef+w2CazdUk3Nynho4E8vpdECh67pX0G62DZBOiFmluBNKbuC5wy0qFpuDZifuCaL\/JIioH+qZxw1n9T+IlPYbhUIt9LEWbIcz3NKvVAjL22uCbIe4fgQeiRQY6CQMOOiKJvbVG0ji+rtc86+Mxhhl4WT\/oA0rEF\/rkByMk2VOShPm7OYdkPB4JadSsYxElQdJQqZtZ7Dx1QoI7ppuYvpwizs9bk5\/qpPbZOX2ffENmbYPX8IEIoHImvw+d5OCujhcH8ND8y2D3AEt3YOySwIDAQABo4HWMIHTMB0GA1UdDgQWBBQodwHOZZ6LuFUo+CvPI9\/FvHYaTDAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwkwDwYJKwYBBQUHMAEFBAIFADAfBgNVHSMEGDAWgBQI\/iWfdOqHBMK8u46oOF8zxtFsZTA+BgkrBgEEAYI3FQcEMTAvBicrBgEEAYI3FQiH2oZ1g+7ZAYLJhRuBtZ5hhfTrYIFdgcybR4HI6RYCAWQCAQcwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDCTANBgkqhkiG9w0BAQsFAAOCAgEAZeWmp3UPfRLZIyUkIOP3qzADvvJHesY63Dc2ynSZnVwywgjceFf+k+yQAXU4qttDwcVbl8RAxZ3TRxOK\/tx9uYmaavtEm3swh9h5B7DCvmIXfqsJJlRpK\/OFGfcf49BNBZXJky59f8YfJ49hsiJiWchclECz2p04IejlY2rjzCMngCMT2bpAzYBsJXomAbKsVRl07LYT4CLhdIIHrd+syTeudyjkMfJb34y+qxxeDCvdd+fLKHcrxUao3ZXsd7wz3mk1EWQVaTo+Md3\/ECUv"} 01261{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1251,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041693516414,"flow_src_last_pkt_time":1587041693561676,"flow_dst_last_pkt_time":1587041693608822,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041693608822,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1267,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1267,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693611913,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1267,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693611913,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693611913,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693611913,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1271,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693625394,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693625394,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXVxUAAGwRBmU0cvp7wKgBBg2Ww3QAwyhaARMApyESpEI9x0RmdejywONbcT4ADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+okAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6iYCVAAhb5VsGDC2J+oAgAAgAAc5scadqCg=="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1272,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693582610,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1587041693628354,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0Nx9AAGwG5wg0cvp7wKgBBgG7w2XeqFvwXFlWKYAS\/\/\/MOwAAAgQFoAEDAwgBAQQC"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1273,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693628427,"flow_dst_last_pkt_time":1587041693628354,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1587041693628427,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGSjTAqAEGNHL6e8NlAbtcWVYp3qhb8VAQIADs+gAA"} @@ -489,11 +489,11 @@ 00719{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1275,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693515047,"flow_dst_last_pkt_time":1587041693640777,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693640777,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1fJUAAGwR4QY0cvp7wKgBBg2Ww2AAoaFUAQMAhSESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqNgAgABAAAAAaAIAAIAAHB1XGnagqAUAAYm3E8YjrBv7v21SN1g6+m0xjhRrQAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIK\/9w8VcH20Bp+o9r1mX6tB+MRypEJNYTX2DO\/tetQep"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00804{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_usec":1587041693654732,"pkt":"EBMx8Tl2KDc3AG3ICABFAADySXIAAEARP9\/AqAEGNHL6icN0DZYA3q9FAAMAwiESpELOvwn047sA+HEU4bYADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIW+VbBgwtifoAFAAUPK7\/QeTw1Z9oICgNLxST+LDzEgAAFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACCU7UyKuDgKSJKUvk8SSs9ovhsGMp06Kok2oE1dFOuKzQ=="} -01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1276,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693654732,"flow_src_last_pkt_time":1587041693654732,"flow_dst_last_pkt_time":1587041693654732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":214,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":214,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":214,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693654732,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50036,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00766{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1277,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1587041693611913,"flow_dst_last_pkt_time":1587041693658468,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":229,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":229,"pkt_l4_len":195,"thread_ts_usec":1587041693658468,"pkt":"KDc3AG3IEBMx8Tl2CABFAADXfJYAAGwR4NE0cvqNwKgBBg2Ww2EAw+F\/ARMApyESpELalY8VcoE3uJ+0vVMADwAEcsZLxoAIAAQAAAAGAAkAPQAABAFUaGUgcmVxdWVzdCBkaWQgbm90IGNvbnRhaW4gYSBNZXNzYWdlLUludGVncml0eSBhdHRyaWJ1dGUADgAIAAENljRy+o0AFAAUPpo\/SSn4PJAIkOO6zaqfvtmAt1IAFQAKInJ0Y21lZGlhIgABAAgAAQ2YNHL6jYCVAAiQUL8kDsWN+oAgAAgAAcwTcadqCg=="} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1281,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1281,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1587041693668523,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgYKIAAEARKUHAqAEGNHL6icN1DZYATE9EAAMAMCESpEJNv3gTxWrFDZ5wS8sADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} -01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1281,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041693668523,"flow_src_last_pkt_time":1587041693668523,"flow_dst_last_pkt_time":1587041693668523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":68,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":68,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041693668523,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.137","src_port":50037,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 02488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1282,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":5,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1587041693675117,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUNyJAAGwG4WU0cvp7wKgBBgG7w2XeqGPBXFlW5FAQCASBlQAAW6sdwoMA3bRkqxv5VpjyajDfFXWqL4G9QZfl841dfR9SjQLMnRDtMHjHLLEHhJCKLU2ikazGCdNZMqtfaxeWquCIWw56s0bCKwmin9Y3DIsAdEejps5dwVGPEJfdlpEbIxcuBzCIRY0C23wA8SsmAke7nyJfwnrDoCjE4H7m3XXod08er9hfv0q4nITSnedP3o61Oc42o6ZTtprTcb83jeNHnfqPTx\/r7JoPcNdqLrU2S9F5B\/3\/72kY0IJW8GVz3JfVywG\/oGQZf4DtR+N9iCPyVunnsxwatk5VQeVSeoKWofbhmm5\/59\/eJyGGKNh6xcOod+zQ\/yRc87f6tHNG2YoyFngY2b4iSL5cKDGkUG4HW8AD3tnSSMB+eS+kUxAHQWzl9sk8GGj5SN\/h6yZsZx0M8Cajppy8O10hsA4MnuDtB3uK64JLD12Do4vw3+8vrlcfGCUgqrNGgRVPtSVulxGnCvWOq0JhUVItmI195Is0h3MiJgXc2KNuZpMfbIcuyiiUJx2zdkFT81nL1PidcMdiaFVUoMih7rr4UtgVbmkgKemK\/Z7z3no4iLWFOB0NszihbN+mXEPfve7ERdipQf9N4gAFuDCCBbQwggScoAMCAQICEAiIzVJfGSRETRSlgpHeuVIwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9yZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVyVHJ1c3QgUm9vdDAeFw0xNjA1MjAxMjUzMDNaFw0yNDA1MjAxMjUzMDNaMIGLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMRUwEwYDVQQLEwxNaWNyb3NvZnQgSVQxHjAcBgNVBAMTFU1pY3Jvc29mdCBJVCBUTFMgQ0EgNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJrfgVw7j67peZa5mnmngfI52lUoRiMCxYJmB7YV3v2cOhqbkQnSZo8LiRf4cYchfzjTP5olALc10Kv4CHo281Bb3yspJ96k3SSS+vTGcI02KprwgN41+h5CnQmBqtUHChalxVpCbUK+HkKCtFcwmVtFK9SP0woGxnOTpOGD78W\/BSeneM2zC+CeIhbzmNymFOjMlNcj+dBQmbu1CxCV8d8C6Y+OnVaZPNiP01j7XJJ+PXv4UEla9xB7d\/jmSpBKVVLelK10CaBkVyzNB5CfFq2Vw9EGuvHvbAW1BKyp3Bsxmw4tGZUET95my601cq8ZggiyFDoWX7A8m9uNDLAC1iYf6BVxxO\/5YzlDjOnCki6hwqAwJQ6WJ1+eoyuC1hC9PBkepof+VSE6XEH8AZjML5L\/Zji0uGacDxJoS0qshrtemP+eppxTbDMRpNCuUkfXi4\/xlqy5KZqPLPGtZBjDJrsAZN5QcMC77MZrrtOg78DxXA3yzHpZ2hgzL1kQrWcULF8iQ0pE4ejd4OdVFk4J7wNMDEhQWvAD347vY8pbZ4dDQCwGth8PPlPAZj\/XFBXmCGKYSH6D5ae1XVEtVC1h\/TRd1LeAzdJ9zrEkO\/OXbGwT3ooXyYr1SJVC9xKQ4xAX9qEAxTYqZZGeBexCLlq4mRv\/1E61+mZV2YOOvwgpjfoLAgMBAAGjggFCMIIBPjAdBgNVHQ4EFgQUCP4ln3TqhwTCvLuOqDhfM8bRbGUwHwYDVR0jBBgwFoAU5Z1ZMIJHWMys+ghUNoZ7OrUETfAwEgYDVR0TAQH\/BAgwBgEB\/wIBADAOBgNVHQ8BAf8EBAMCAYYwJwYDVR0lBCAwHgYIKwYBBQUHAwEGCCsGAQUF"} 01261{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1282,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041693582610,"flow_src_last_pkt_time":1587041693628756,"flow_dst_last_pkt_time":1587041693675117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":187,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041693675117,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50021,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"euaz.tr.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1298,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_src_last_pkt_time":1587041693582165,"flow_dst_last_pkt_time":1587041693698272,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":195,"pkt_l4_len":161,"thread_ts_usec":1587041693698272,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC1VxYAAGwRBoY0cvp7wKgBBg2Ww3QAoWPcAQMAhSESpELOvwn047sA+HEU4bYADwAEcsZLxgANAAQAAAA8AAEACAABDZg0cvqJgAgABAAAAAaAIAAIAAHObHGnagqAUAAYmiULR7BQSjV7GJ7mOy6WXuQ5anUAAAAAgCIACTIuMC4xLjIxMQAQAAQAAC7gAAgAIJWLEhTAIKUMzT0EuyGZ9cU94RPVJanGef0JixSMSj4H"} @@ -533,16 +533,16 @@ 01268{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1380,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1587041694219802,"flow_src_last_pkt_time":1587041694263191,"flow_dst_last_pkt_time":1587041694308351,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":195,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1587041694308351,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Teams","proto_id":"91.250","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Safe","category_id":15,"category":"Collaborative","hostname":"api.flightproxy.teams.microsoft.com","tls": {"version":"TLSv1.2","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1404,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00667{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1404,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278787,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMhisAAEARcdvAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} -01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1404,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278787,"flow_src_last_pkt_time":1587041695278787,"flow_dst_last_pkt_time":1587041695278787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278787,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1405,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1405,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695278905,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZ7QAAEARkFLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} -01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1405,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695278905,"flow_src_last_pkt_time":1587041695278905,"flow_dst_last_pkt_time":1587041695278905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695278905,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50036,"dst_port":50020,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1406,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1406,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305290,"pkt":"KDc3AG3IEBMx8Tl2CABFAACMbOkAADURirVdR27NwKgBBj\/Mw2AAeJv\/AAEAXCESpEJpQfrkOEmJN4IqUAgABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUCA60OBRrDjRc1P+cP0BpsLC+QjmAKAAEPxxxZQ=="} -01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1406,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01202{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1406,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305290,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695305290,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305290,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16332,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1407,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1407,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695305879,"pkt":"KDc3AG3IEBMx8Tl2CABFAACM2aMAADURHftdR27NwKgBBj\/Nw3QAeFT\/AAEAXCESpEKjF0z2+O91Jw0PY1cABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/3+gDcABAAAAAIACAAUo4jart22gVLrHF0JHGaI64vA9HeAKAAEUHwvEg=="} -01273{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01202{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1407,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695305879,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695305879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":112,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":112,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695305879,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","src_port":16333,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1409,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330085,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330085,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0TLUAAEARoAHAqAEGXUduzcNgP8wAYAttAQEARCESpEJpQfrkOEmJN4IqUAiAcAAEAAAABwAgAAgAAR7efFXKj4A3AAQAAAACgDYABAAAAAEACAAUlU+ROI4McMZBUuZSU8\/gWyGrdx6AKAAE+OcqVw=="} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1410,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":3,"flow_src_last_pkt_time":1587041695305290,"flow_dst_last_pkt_time":1587041695330306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1587041695330306,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMkXkAAEARWyXAqAEGXUduzcNgP8wAeAk2AAEAXCESpEL9LF5WbGc54yQwO\/cABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAU1YbVJoGA61aUBne1Qcfqud7BOGOAKAAEmnK+Jw=="} 00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1411,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695305879,"flow_dst_last_pkt_time":1587041695330316,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695330316,"pkt":"EBMx8Tl2KDc3AG3ICABFAAB0gkYAAEARanDAqAEGXUduzcN0P80AYEblAQEARCESpEKjF0z2+O91Jw0PY1eAcAAEAAAABwAgAAgAAR7ffFXKj4A3AAQAAAACgDYABAAAAAEACAAUNbjIzLk8Htcx5rlGPdUzB6Mtkf+AKAAECmy4uA=="} @@ -555,10 +555,10 @@ 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1419,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695407379,"flow_dst_last_pkt_time":1587041695330389,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1587041695407379,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB0iYEAADURbjVdR27NwKgBBj\/Nw3QAYAIVAQEARCESpEJvsFtMkRg8G\/ztdLyAcAAEAAAABwAgAAgAAc5scadqCoA3AAQAAAACgDYABAAAAAEACAAUt0fBakPBlSed9Q+UJ+6ZvN9VvN+AKAAELvJkIw=="} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1421,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1421,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695421892,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="} -01272{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01201{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1421,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695421892,"flow_src_last_pkt_time":1587041695421892,"flow_dst_last_pkt_time":1587041695421892,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695421892,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1422,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00682{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1422,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":1,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1587041695422685,"pkt":"KDc3AG3IEBMx8Tl2CABFAACY4AMAAG0Reyg0cvwIwKgBBg2Xw2AAhBBVAAEAaCESpEKBJ1p+KLNk2I89FPkABgAJRlkzMjpvNS9JAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACN6qKWcI9wj8gDcABAAAAAIACAAUyAS6wVT6GpHQ1gnRXe5kbQ9LDuWAKAAEokvlFA=="} -01271{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1422,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041695422685,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695422685,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":124,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":124,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041695422685,"l3_proto":"ip4","src_ip":"52.114.252.8","dst_ip":"192.168.1.6","src_port":3479,"dst_port":50016,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Skype_TeamsCall","proto_id":"78.38","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00833{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1423,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":4,"flow_src_last_pkt_time":1587041695432593,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":278,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":278,"pkt_l4_len":244,"thread_ts_usec":1587041695432593,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEIQwIAAEARRjXAqAEGNHL6jcNgDZYA9FdMAAQA2CESpEKfui7uErrywVVZDhwADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAWAEBAEQhEqRCk5PuKqhPmjByQQbWgHAABAAAAAcAIAAIAAEe3nxVyo+ANwAEAAAAAoA2AAQAAAABAAgAFFFp\/EIw9m0w0dRwmYyqML3\/iSKPgCgABN8vUt8ACAAgqGRf4o8r70c+bwbjLKjnyOxfHW\/RCLgda6bT0E3pUpo="} 00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1424,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":81,"flow_packet_id":2,"flow_src_last_pkt_time":1587041695422685,"flow_dst_last_pkt_time":1587041695432665,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1587041695432665,"pkt":"EBMx8Tl2KDc3AG3ICABFAACA0aoAAEARtpnAqAEGNHL8CMNgDZcAbO2O\/xAAYN6qKWcI9wj8AQEARCESpEKBJ1p+KLNk2I89FPmAcAAEAAAABwAgAAgAASyFFWBYSoA3AAQAAAACgDYABAAAAAEACAAUmYtT\/sgffZE\/GPjMTGRSk5h1N+2AKAAEPqesNg=="} 00885{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1425,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_src_last_pkt_time":1587041695432806,"flow_dst_last_pkt_time":1587041695389155,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_usec":1587041695432806,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsslcAAEAR1rvAqAEGNHL6jcNgDZYBGA46AAQA\/CESpEKGfpR3I6Wm38Zk7TUADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP8xdR27NABMAfAABAGghEqRCH9y33u2t\/jYyT2+1AAYACW81L0k6RlkzMgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAh\/IMTdT4SN+oA3AAQAAAACAAgAFLkI9+jCSAoSd\/OOXciVMXiIrqbdgCgABLPHZEgACAAg4ni\/MyGpn0IPPfamZXcwXcyTP9hFKqNf3gjYqNKVXl0="} @@ -640,7 +640,7 @@ 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1587041679280885,"flow_src_last_pkt_time":1587041679280885,"flow_dst_last_pkt_time":1587041679280885,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":485,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":485,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":485,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1587041692808980,"flow_src_last_pkt_time":1587041695538890,"flow_dst_last_pkt_time":1587041695538791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":946,"flow_dst_max_l4_payload_len":1225,"flow_src_tot_l4_payload_len":2423,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.ntop","proto_id":"91.26","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041683142905,"flow_src_last_pkt_time":1587041683142905,"flow_dst_last_pkt_time":1587041683184989,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":180,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":180,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57504,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00952{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"Skype_Teams","proto_id":"125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00952{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Skype_Teams","proto_id":"125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":14,"flow_dst_packets_processed":17,"flow_first_seen":1587041693428391,"flow_src_last_pkt_time":1587041697999048,"flow_dst_last_pkt_time":1587041697997834,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1201,"flow_dst_max_l4_payload_len":1185,"flow_src_tot_l4_payload_len":5250,"flow_dst_tot_l4_payload_len":7193,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041682668456,"flow_src_last_pkt_time":1587041682668456,"flow_dst_last_pkt_time":1587041682697730,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":139,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Microsoft","proto_id":"5.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00869{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1587041692528594,"flow_src_last_pkt_time":1587041692578366,"flow_dst_last_pkt_time":1587041692528752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":72,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":72,"midstream":1,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -677,7 +677,7 @@ 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041694221137,"flow_src_last_pkt_time":1587041694221137,"flow_dst_last_pkt_time":1587041694234511,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":58,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":58,"flow_dst_max_l4_payload_len":134,"flow_src_tot_l4_payload_len":58,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00999{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1587041687436782,"flow_src_last_pkt_time":1587041687725655,"flow_dst_last_pkt_time":1587041687725568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1313,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":2206,"flow_dst_tot_l4_payload_len":7143,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"3":"DPI (partial)"},"proto":"TLS.Skype_Teams","proto_id":"91.125","proto_by_ip":"Azure","proto_by_ip_id":276,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1587041685093044,"flow_src_last_pkt_time":1587041685093044,"flow_dst_last_pkt_time":1587041685127636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":53,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":53,"flow_dst_max_l4_payload_len":174,"flow_src_tot_l4_payload_len":53,"flow_dst_tot_l4_payload_len":174,"midstream":0,"thread_ts_usec":1587041698021081,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Teams","proto_id":"5.250","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1540,"packets-processed":1498,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":63,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":680,"global_ts_usec":1587041698021081} +00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1540,"source":"cfgs\/default\/pcap\/teams.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1540,"packets-processed":1498,"total-skipped-flows":0,"total-l4-payload-len":587095,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":80,"total-detection-updates":63,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":680,"global_ts_usec":1587041698021081} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1540/1498 ~~ skipped flows.............: 0 @@ -686,9 +686,9 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8898782 bytes -~~ total memory freed........: 8898782 bytes -~~ total allocations/frees...: 149171/149171 +~~ total memory allocated....: 12606089 bytes +~~ total memory freed........: 12606089 bytes +~~ total allocations/frees...: 219425/219425 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 295 chars ~~ json string max len.......: 2501 chars diff --git a/test/results/default/teamspeak3.pcap.out b/test/results/default/teamspeak3.pcap.out index fe5ae3951..770f59aa3 100644 --- a/test/results/default/teamspeak3.pcap.out +++ b/test/results/default/teamspeak3.pcap.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946745680740311} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946745680740311} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946745680740311,"flow_src_last_pkt_time":946745680740311,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946745680740311,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946745680740311,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":946745680740311,"pkt":"REREREREZmZmZmZmCABFAAA+yVhAAHgRnjQKAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2EAAAAAAAAAAA=="} 01036{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946745680740311,"flow_src_last_pkt_time":946745680740311,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946745680740311,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} @@ -7,7 +7,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":946745681306941,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":946745681306941,"pkt":"REREREREZmZmZmZmCABFAAA+yX1AAHgRng8KAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2IAAAAAAAAAAA=="} 00765{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":946745681306983,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":946745681306983,"pkt":"REREREREZmZmZmZmCABFAADYyX5AAHgRnXQKAAABCgAAAs\/DJwMAxJv3eXRj6JO6fmAAAAAAIp10i0Wqe++5nv6tCBm6z0HgFqIVc9rwk+JLXtHwnSIOS9qVPnECnykaLcJG8hX08WvnftBqcJmqRqZMetkjLRcZ56Qb0yr7w3DD9zi02VU5x7l+AWx+kCtuxsALbdDKU+g3u9+7M\/R0k3h6Cj2dgqVHMwYrJL8wicW8AZK\/KfPOtEoKiRpNuYkxO9WWvZSdqdAZVZGl4X6vDNBIwrDu7kll5TuFIGNHjpSa9tdfD6M="} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":946745682007760,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_usec":946745682007760,"pkt":"REREREREZmZmZmZmCABFAAA+yf1AAHgRnY8KAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2MAAAAAAAAAAA=="} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":1365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1667856551682719} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":1365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1667856551682719} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667856551682719,"flow_dst_last_pkt_time":1667856551682719,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1667856551682719,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1667856551682719,"flow_dst_last_pkt_time":1667856551682719,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1667856551682719,"pkt":"AABeAAEK6qmpVXFVCABFAAAg6GhAAD8RkF7BHxlGM0S1XAfbB9oADMMjAYCEAQ=="} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1667856551682719,"flow_dst_last_pkt_time":1667856551687540,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"thread_ts_usec":1667856551687540,"pkt":"6qmpVXFVEA5+JvHACABFAAAkwyxAADQRwJYzRLVcwR8ZRgfaB9sAEFGEAYCEAXxl2acAAAAAAAA="} @@ -17,247 +17,247 @@ 01081{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":946745680740311,"flow_src_last_pkt_time":946745717746131,"flow_dst_last_pkt_time":946745680740311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1365,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1667856551693001,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1667857151661156,"flow_dst_last_pkt_time":1667856551693001,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"thread_ts_usec":1667857151661156,"pkt":"AABeAAEK6qmpVXFVCABFAAAgFyVAAD8RYaLBHxlGM0S1XAfbB9oADMMjAYKEAQ=="} 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667857151666127,"flow_dst_last_pkt_time":1667857151670963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":26,"midstream":0,"thread_ts_usec":1667857151670963,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":22,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1667857751746605} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":22,"packets-processed":21,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1667857751746605} 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667857751751776,"flow_dst_last_pkt_time":1667857751756665,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":39,"midstream":0,"thread_ts_usec":1667857751756665,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":1464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1667858351841483} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":1464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1667858351841483} 00964{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667858351846489,"flow_dst_last_pkt_time":1667858351851342,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":52,"midstream":0,"thread_ts_usec":1667858351851342,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":10,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667858951749360,"flow_dst_last_pkt_time":1667858951754177,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":65,"midstream":0,"thread_ts_usec":1667858951754177,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":34,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":1530,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1667859551930352} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":34,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":1530,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":4,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1667859551930352} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667859551935305,"flow_dst_last_pkt_time":1667859551940122,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":78,"midstream":0,"thread_ts_usec":1667859551940122,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00967{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":14,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667860151925248,"flow_dst_last_pkt_time":1667860151930037,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":140,"flow_dst_tot_l4_payload_len":91,"midstream":0,"thread_ts_usec":1667860151930037,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":42,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":1596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1667860752077584} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":42,"packets-processed":41,"total-skipped-flows":0,"total-l4-payload-len":1596,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":6,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1667860752077584} 02222{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667860752082559,"flow_dst_last_pkt_time":1667860752087365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1667860752087365,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4821,"avg":270993696.0,"max":600180997,"stddev":298614912.0,"var":89170865459036160.0,"ent":3.8,"data": [4821,5374,5461,599973063,599972971,4971,4991,600080478,600080533,5171,5169,600089707,600089636,5006,5041,599897642,599897696,5229,5139,600180992,600180997,4953,4948,599984779,599984795,5164,5120,600152336,600152365,4975,4963]},"pktlen": {"min":32,"avg":40.0,"max":44,"stddev":4.7,"var":22.0,"ent":5.0,"data": [32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42,32,42,44,42]},"bins": {"c_to_s": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.625000000,4.458523273,4.765583038,4.075578690,4.625000000,4.506142139,4.765583038,4.075578690,4.500000000,4.345311642,4.674674511,4.009986401,4.625000000,4.458523273,4.720128536,4.075578690,4.562500000,4.458523273,4.720128536,3.980340719,4.625000000,4.315666676,4.720128536,3.980340719,4.562500000,4.458523273,4.629220009,4.075578690,4.562500000,4.506142139,4.720128536,4.027959824]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667860752082559,"flow_dst_last_pkt_time":1667860752087365,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":160,"flow_dst_tot_l4_payload_len":104,"midstream":0,"thread_ts_usec":1667860752087365,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":18,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667861351993175,"flow_dst_last_pkt_time":1667861351998031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1667861351998031,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":50,"packets-processed":49,"total-skipped-flows":0,"total-l4-payload-len":1662,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":8,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1667861952155552} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":50,"packets-processed":49,"total-skipped-flows":0,"total-l4-payload-len":1662,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":8,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1667861952155552} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":20,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667861952160606,"flow_dst_last_pkt_time":1667861952165473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":200,"flow_dst_tot_l4_payload_len":130,"midstream":0,"thread_ts_usec":1667861952165473,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":22,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667862552075384,"flow_dst_last_pkt_time":1667862552080210,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":220,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1667862552080210,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":1728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1667863152145991} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":1728,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":10,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1667863152145991} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667863152150938,"flow_dst_last_pkt_time":1667863152155777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1667863152155777,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":26,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667863752105541,"flow_dst_last_pkt_time":1667863752110395,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":169,"midstream":0,"thread_ts_usec":1667863752110395,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":66,"packets-processed":65,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":12,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1667864352264298} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":66,"packets-processed":65,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":12,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_usec":1667864352264298} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":28,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667864352269395,"flow_dst_last_pkt_time":1667864352274267,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":182,"midstream":0,"thread_ts_usec":1667864352274267,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":1827,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":13,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1667864952277211} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":70,"packets-processed":69,"total-skipped-flows":0,"total-l4-payload-len":1827,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":13,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1667864952277211} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":30,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667864952282201,"flow_dst_last_pkt_time":1667864952287024,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":195,"midstream":0,"thread_ts_usec":1667864952287024,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":1860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1667865552502273} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":1860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":14,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1667865552502273} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":78,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":32,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667865552507391,"flow_dst_last_pkt_time":1667865552512264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":320,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1667865552512264,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":34,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667866152387758,"flow_dst_last_pkt_time":1667866152392764,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":221,"midstream":0,"thread_ts_usec":1667866152392764,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":82,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":1926,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_usec":1667866752540859} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":82,"packets-processed":81,"total-skipped-flows":0,"total-l4-payload-len":1926,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":16,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_usec":1667866752540859} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":36,"flow_dst_packets_processed":36,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667866752545981,"flow_dst_last_pkt_time":1667866752550878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":234,"midstream":0,"thread_ts_usec":1667866752550878,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":38,"flow_dst_packets_processed":38,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667867352498846,"flow_dst_last_pkt_time":1667867352503806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":380,"flow_dst_tot_l4_payload_len":247,"midstream":0,"thread_ts_usec":1667867352503806,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":1992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":18,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1667867952564843} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":1992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":18,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1667867952564843} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":40,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667867952571449,"flow_dst_last_pkt_time":1667867952576449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":400,"flow_dst_tot_l4_payload_len":260,"midstream":0,"thread_ts_usec":1667867952576449,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":94,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":2025,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":19,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1667868552626724} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":94,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":2025,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":19,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_usec":1667868552626724} 00968{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":42,"flow_dst_packets_processed":42,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667868552631982,"flow_dst_last_pkt_time":1667868552644435,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":273,"midstream":0,"thread_ts_usec":1667868552644435,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":98,"packets-processed":97,"total-skipped-flows":0,"total-l4-payload-len":2058,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1667869152831749} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":98,"packets-processed":97,"total-skipped-flows":0,"total-l4-payload-len":2058,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":20,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_usec":1667869152831749} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":44,"flow_dst_packets_processed":44,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667869152836944,"flow_dst_last_pkt_time":1667869152841890,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":440,"flow_dst_tot_l4_payload_len":286,"midstream":0,"thread_ts_usec":1667869152841890,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":46,"flow_dst_packets_processed":46,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667869752718957,"flow_dst_last_pkt_time":1667869752723999,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":460,"flow_dst_tot_l4_payload_len":299,"midstream":0,"thread_ts_usec":1667869752723999,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":2124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":22,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1667870352860295} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":2124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":22,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1667870352860295} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":48,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667870352865541,"flow_dst_last_pkt_time":1667870352870527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":480,"flow_dst_tot_l4_payload_len":312,"midstream":0,"thread_ts_usec":1667870352870527,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":113,"packets-processed":112,"total-skipped-flows":0,"total-l4-payload-len":2185,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":23,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1667870952861879} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":113,"packets-processed":112,"total-skipped-flows":0,"total-l4-payload-len":2185,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":23,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_usec":1667870952861879} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":50,"flow_dst_packets_processed":50,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667870952856962,"flow_dst_last_pkt_time":1667870952861879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":500,"flow_dst_tot_l4_payload_len":325,"midstream":0,"thread_ts_usec":1667870952861879,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":114,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":2190,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":24,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1667871552965002} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":114,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":2190,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":24,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1667871552965002} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":52,"flow_dst_packets_processed":52,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667871552970090,"flow_dst_last_pkt_time":1667871552974984,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":520,"flow_dst_tot_l4_payload_len":338,"midstream":0,"thread_ts_usec":1667871552974984,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":2251,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":61,"global_ts_usec":1667872152967383} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":2251,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":25,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":61,"global_ts_usec":1667872152967383} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":54,"flow_dst_packets_processed":54,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667872152962414,"flow_dst_last_pkt_time":1667872152967383,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":540,"flow_dst_tot_l4_payload_len":351,"midstream":0,"thread_ts_usec":1667872152967383,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":122,"packets-processed":121,"total-skipped-flows":0,"total-l4-payload-len":2256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1667872753004113} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":122,"packets-processed":121,"total-skipped-flows":0,"total-l4-payload-len":2256,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":26,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1667872753004113} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":56,"flow_dst_packets_processed":56,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667872753009396,"flow_dst_last_pkt_time":1667872753014340,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":560,"flow_dst_tot_l4_payload_len":364,"midstream":0,"thread_ts_usec":1667872753014340,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":126,"packets-processed":125,"total-skipped-flows":0,"total-l4-payload-len":2289,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":27,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1667873353144571} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":126,"packets-processed":125,"total-skipped-flows":0,"total-l4-payload-len":2289,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":27,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_usec":1667873353144571} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":58,"flow_dst_packets_processed":58,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667873353149829,"flow_dst_last_pkt_time":1667873353154817,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":377,"midstream":0,"thread_ts_usec":1667873353154817,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":133,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":2350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1667873953146815} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":133,"packets-processed":132,"total-skipped-flows":0,"total-l4-payload-len":2350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":28,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_usec":1667873953146815} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":60,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667873953141847,"flow_dst_last_pkt_time":1667873953146815,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":600,"flow_dst_tot_l4_payload_len":390,"midstream":0,"thread_ts_usec":1667873953146815,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":134,"packets-processed":133,"total-skipped-flows":0,"total-l4-payload-len":2355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":29,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":69,"global_ts_usec":1667874553276670} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":134,"packets-processed":133,"total-skipped-flows":0,"total-l4-payload-len":2355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":29,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":69,"global_ts_usec":1667874553276670} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":62,"flow_dst_packets_processed":62,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667874553281783,"flow_dst_last_pkt_time":1667874553286698,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":620,"flow_dst_tot_l4_payload_len":403,"midstream":0,"thread_ts_usec":1667874553286698,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":64,"flow_dst_packets_processed":64,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667875153244452,"flow_dst_last_pkt_time":1667875153249351,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":640,"flow_dst_tot_l4_payload_len":416,"midstream":0,"thread_ts_usec":1667875153249351,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":142,"packets-processed":141,"total-skipped-flows":0,"total-l4-payload-len":2421,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":72,"global_ts_usec":1667875753342484} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":142,"packets-processed":141,"total-skipped-flows":0,"total-l4-payload-len":2421,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":31,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":72,"global_ts_usec":1667875753342484} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":66,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667875753347778,"flow_dst_last_pkt_time":1667875753352702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":429,"midstream":0,"thread_ts_usec":1667875753352702,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":2454,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":74,"global_ts_usec":1667876353408264} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":2454,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":32,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":74,"global_ts_usec":1667876353408264} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":68,"flow_dst_packets_processed":68,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667876353413449,"flow_dst_last_pkt_time":1667876353418444,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":680,"flow_dst_tot_l4_payload_len":442,"midstream":0,"thread_ts_usec":1667876353418444,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":150,"packets-processed":149,"total-skipped-flows":0,"total-l4-payload-len":2487,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":33,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":76,"global_ts_usec":1667876953587033} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":150,"packets-processed":149,"total-skipped-flows":0,"total-l4-payload-len":2487,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":33,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":76,"global_ts_usec":1667876953587033} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":70,"flow_dst_packets_processed":70,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667876953592257,"flow_dst_last_pkt_time":1667876953597228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":700,"flow_dst_tot_l4_payload_len":455,"midstream":0,"thread_ts_usec":1667876953597228,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":72,"flow_dst_packets_processed":72,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667877553543097,"flow_dst_last_pkt_time":1667877553548159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":720,"flow_dst_tot_l4_payload_len":468,"midstream":0,"thread_ts_usec":1667877553548159,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":158,"packets-processed":157,"total-skipped-flows":0,"total-l4-payload-len":2553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":35,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1667878153569226} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":158,"packets-processed":157,"total-skipped-flows":0,"total-l4-payload-len":2553,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":35,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":79,"global_ts_usec":1667878153569226} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":74,"flow_dst_packets_processed":74,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667878153574404,"flow_dst_last_pkt_time":1667878153579443,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":740,"flow_dst_tot_l4_payload_len":481,"midstream":0,"thread_ts_usec":1667878153579443,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":162,"packets-processed":161,"total-skipped-flows":0,"total-l4-payload-len":2586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":36,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":81,"global_ts_usec":1667878753632528} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":162,"packets-processed":161,"total-skipped-flows":0,"total-l4-payload-len":2586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":36,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":81,"global_ts_usec":1667878753632528} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":76,"flow_dst_packets_processed":76,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667878753638134,"flow_dst_last_pkt_time":1667878753643091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":760,"flow_dst_tot_l4_payload_len":494,"midstream":0,"thread_ts_usec":1667878753643091,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":166,"packets-processed":165,"total-skipped-flows":0,"total-l4-payload-len":2619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_usec":1667879353636120} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":166,"packets-processed":165,"total-skipped-flows":0,"total-l4-payload-len":2619,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":37,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_usec":1667879353636120} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":78,"flow_dst_packets_processed":78,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667879353641506,"flow_dst_last_pkt_time":1667879353646439,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":780,"flow_dst_tot_l4_payload_len":507,"midstream":0,"thread_ts_usec":1667879353646439,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":2652,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":38,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":85,"global_ts_usec":1667879953703352} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":2652,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":38,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":85,"global_ts_usec":1667879953703352} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":80,"flow_dst_packets_processed":80,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667879953708739,"flow_dst_last_pkt_time":1667879953713725,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":520,"midstream":0,"thread_ts_usec":1667879953713725,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":174,"packets-processed":173,"total-skipped-flows":0,"total-l4-payload-len":2685,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":87,"global_ts_usec":1667880553876737} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":174,"packets-processed":173,"total-skipped-flows":0,"total-l4-payload-len":2685,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":39,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":87,"global_ts_usec":1667880553876737} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":178,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":82,"flow_dst_packets_processed":82,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667880553881895,"flow_dst_last_pkt_time":1667880553886879,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":820,"flow_dst_tot_l4_payload_len":533,"midstream":0,"thread_ts_usec":1667880553886879,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":84,"flow_dst_packets_processed":84,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667881153859790,"flow_dst_last_pkt_time":1667881153864831,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":840,"flow_dst_tot_l4_payload_len":546,"midstream":0,"thread_ts_usec":1667881153864831,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":182,"packets-processed":181,"total-skipped-flows":0,"total-l4-payload-len":2751,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":41,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_usec":1667881753952134} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":182,"packets-processed":181,"total-skipped-flows":0,"total-l4-payload-len":2751,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":41,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":90,"global_ts_usec":1667881753952134} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":86,"flow_dst_packets_processed":86,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667881753957333,"flow_dst_last_pkt_time":1667881753962303,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":860,"flow_dst_tot_l4_payload_len":559,"midstream":0,"thread_ts_usec":1667881753962303,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":88,"flow_dst_packets_processed":88,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667882353935191,"flow_dst_last_pkt_time":1667882353940184,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":572,"midstream":0,"thread_ts_usec":1667882353940184,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":190,"packets-processed":189,"total-skipped-flows":0,"total-l4-payload-len":2817,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":93,"global_ts_usec":1667882954166449} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":190,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":190,"packets-processed":189,"total-skipped-flows":0,"total-l4-payload-len":2817,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":43,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":93,"global_ts_usec":1667882954166449} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":194,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":90,"flow_dst_packets_processed":90,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667882954171570,"flow_dst_last_pkt_time":1667882954176520,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":900,"flow_dst_tot_l4_payload_len":585,"midstream":0,"thread_ts_usec":1667882954176520,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":92,"flow_dst_packets_processed":92,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667883554074126,"flow_dst_last_pkt_time":1667883554079112,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":920,"flow_dst_tot_l4_payload_len":598,"midstream":0,"thread_ts_usec":1667883554079112,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":198,"packets-processed":197,"total-skipped-flows":0,"total-l4-payload-len":2883,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":96,"global_ts_usec":1667884154200917} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":198,"packets-processed":197,"total-skipped-flows":0,"total-l4-payload-len":2883,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":45,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":96,"global_ts_usec":1667884154200917} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":94,"flow_dst_packets_processed":94,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667884154206101,"flow_dst_last_pkt_time":1667884154211101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":940,"flow_dst_tot_l4_payload_len":611,"midstream":0,"thread_ts_usec":1667884154211101,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":96,"flow_dst_packets_processed":96,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667884754157900,"flow_dst_last_pkt_time":1667884754162909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":960,"flow_dst_tot_l4_payload_len":624,"midstream":0,"thread_ts_usec":1667884754162909,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":206,"packets-processed":205,"total-skipped-flows":0,"total-l4-payload-len":2949,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":99,"global_ts_usec":1667885354328064} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":206,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":206,"packets-processed":205,"total-skipped-flows":0,"total-l4-payload-len":2949,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":47,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":99,"global_ts_usec":1667885354328064} 00969{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":98,"flow_dst_packets_processed":98,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667885354333244,"flow_dst_last_pkt_time":1667885354338234,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":980,"flow_dst_tot_l4_payload_len":637,"midstream":0,"thread_ts_usec":1667885354338234,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":210,"packets-processed":209,"total-skipped-flows":0,"total-l4-payload-len":2982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":48,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":101,"global_ts_usec":1667885954340552} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":210,"packets-processed":209,"total-skipped-flows":0,"total-l4-payload-len":2982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":48,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":101,"global_ts_usec":1667885954340552} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":100,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667885954345790,"flow_dst_last_pkt_time":1667885954350789,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1000,"flow_dst_tot_l4_payload_len":650,"midstream":0,"thread_ts_usec":1667885954350789,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":214,"packets-processed":213,"total-skipped-flows":0,"total-l4-payload-len":3015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":103,"global_ts_usec":1667886554547380} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":214,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":214,"packets-processed":213,"total-skipped-flows":0,"total-l4-payload-len":3015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":49,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":103,"global_ts_usec":1667886554547380} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":102,"flow_dst_packets_processed":102,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667886554552478,"flow_dst_last_pkt_time":1667886554557490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1020,"flow_dst_tot_l4_payload_len":663,"midstream":0,"thread_ts_usec":1667886554557490,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":104,"flow_dst_packets_processed":104,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667887154419061,"flow_dst_last_pkt_time":1667887154424032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1040,"flow_dst_tot_l4_payload_len":676,"midstream":0,"thread_ts_usec":1667887154424032,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":222,"packets-processed":221,"total-skipped-flows":0,"total-l4-payload-len":3081,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":51,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":106,"global_ts_usec":1667887754581847} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":222,"packets-processed":221,"total-skipped-flows":0,"total-l4-payload-len":3081,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":51,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":106,"global_ts_usec":1667887754581847} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":106,"flow_dst_packets_processed":106,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667887754587099,"flow_dst_last_pkt_time":1667887754592084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":689,"midstream":0,"thread_ts_usec":1667887754592084,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":108,"flow_dst_packets_processed":108,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667888354542054,"flow_dst_last_pkt_time":1667888354546973,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1080,"flow_dst_tot_l4_payload_len":702,"midstream":0,"thread_ts_usec":1667888354546973,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":230,"packets-processed":229,"total-skipped-flows":0,"total-l4-payload-len":3147,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":53,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":109,"global_ts_usec":1667888954680644} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":230,"packets-processed":229,"total-skipped-flows":0,"total-l4-payload-len":3147,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":53,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":109,"global_ts_usec":1667888954680644} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":110,"flow_dst_packets_processed":110,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667888954685885,"flow_dst_last_pkt_time":1667888954690939,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1100,"flow_dst_tot_l4_payload_len":715,"midstream":0,"thread_ts_usec":1667888954690939,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":234,"packets-processed":233,"total-skipped-flows":0,"total-l4-payload-len":3180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":111,"global_ts_usec":1667889554755560} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":234,"packets-processed":233,"total-skipped-flows":0,"total-l4-payload-len":3180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":54,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":111,"global_ts_usec":1667889554755560} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":112,"flow_dst_packets_processed":112,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667889554760836,"flow_dst_last_pkt_time":1667889554765828,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1120,"flow_dst_tot_l4_payload_len":728,"midstream":0,"thread_ts_usec":1667889554765828,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":238,"packets-processed":237,"total-skipped-flows":0,"total-l4-payload-len":3213,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":113,"global_ts_usec":1667890154914103} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":238,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":238,"packets-processed":237,"total-skipped-flows":0,"total-l4-payload-len":3213,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":55,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":113,"global_ts_usec":1667890154914103} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":114,"flow_dst_packets_processed":114,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667890154919389,"flow_dst_last_pkt_time":1667890154924380,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1140,"flow_dst_tot_l4_payload_len":741,"midstream":0,"thread_ts_usec":1667890154924380,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":116,"flow_dst_packets_processed":116,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667890754878493,"flow_dst_last_pkt_time":1667890754883473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1160,"flow_dst_tot_l4_payload_len":754,"midstream":0,"thread_ts_usec":1667890754883473,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":246,"packets-processed":245,"total-skipped-flows":0,"total-l4-payload-len":3279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_usec":1667891355001091} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":246,"packets-processed":245,"total-skipped-flows":0,"total-l4-payload-len":3279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":57,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_usec":1667891355001091} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":118,"flow_dst_packets_processed":118,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667891355006788,"flow_dst_last_pkt_time":1667891355011838,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1180,"flow_dst_tot_l4_payload_len":767,"midstream":0,"thread_ts_usec":1667891355011838,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":120,"flow_dst_packets_processed":120,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667891954956914,"flow_dst_last_pkt_time":1667891954961842,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":780,"midstream":0,"thread_ts_usec":1667891954961842,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":254,"packets-processed":253,"total-skipped-flows":0,"total-l4-payload-len":3345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":59,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":119,"global_ts_usec":1667892555167346} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":254,"packets-processed":253,"total-skipped-flows":0,"total-l4-payload-len":3345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":59,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":119,"global_ts_usec":1667892555167346} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":258,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":122,"flow_dst_packets_processed":122,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667892555172533,"flow_dst_last_pkt_time":1667892555177496,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1220,"flow_dst_tot_l4_payload_len":793,"midstream":0,"thread_ts_usec":1667892555177496,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":124,"flow_dst_packets_processed":124,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667893155127871,"flow_dst_last_pkt_time":1667893155132919,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1240,"flow_dst_tot_l4_payload_len":806,"midstream":0,"thread_ts_usec":1667893155132919,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":262,"packets-processed":261,"total-skipped-flows":0,"total-l4-payload-len":3411,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":61,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":122,"global_ts_usec":1667893755260179} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":262,"packets-processed":261,"total-skipped-flows":0,"total-l4-payload-len":3411,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":61,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":122,"global_ts_usec":1667893755260179} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":126,"flow_dst_packets_processed":126,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667893755265342,"flow_dst_last_pkt_time":1667893755270276,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1260,"flow_dst_tot_l4_payload_len":819,"midstream":0,"thread_ts_usec":1667893755270276,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":266,"packets-processed":265,"total-skipped-flows":0,"total-l4-payload-len":3444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":62,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":124,"global_ts_usec":1667894355302105} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":266,"packets-processed":265,"total-skipped-flows":0,"total-l4-payload-len":3444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":62,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":124,"global_ts_usec":1667894355302105} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":128,"flow_dst_packets_processed":128,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667894355307414,"flow_dst_last_pkt_time":1667894355312359,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1280,"flow_dst_tot_l4_payload_len":832,"midstream":0,"thread_ts_usec":1667894355312359,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":270,"packets-processed":269,"total-skipped-flows":0,"total-l4-payload-len":3477,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":63,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":126,"global_ts_usec":1667894955409230} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":270,"packets-processed":269,"total-skipped-flows":0,"total-l4-payload-len":3477,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":63,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":126,"global_ts_usec":1667894955409230} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":130,"flow_dst_packets_processed":130,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667894955414396,"flow_dst_last_pkt_time":1667894955419371,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":845,"midstream":0,"thread_ts_usec":1667894955419371,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":132,"flow_dst_packets_processed":132,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667895555356769,"flow_dst_last_pkt_time":1667895555361872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1320,"flow_dst_tot_l4_payload_len":858,"midstream":0,"thread_ts_usec":1667895555361872,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":278,"packets-processed":277,"total-skipped-flows":0,"total-l4-payload-len":3543,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":65,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":129,"global_ts_usec":1667896155512008} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":278,"packets-processed":277,"total-skipped-flows":0,"total-l4-payload-len":3543,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":65,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":129,"global_ts_usec":1667896155512008} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":134,"flow_dst_packets_processed":134,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667896155517256,"flow_dst_last_pkt_time":1667896155522215,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1340,"flow_dst_tot_l4_payload_len":871,"midstream":0,"thread_ts_usec":1667896155522215,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":136,"flow_dst_packets_processed":136,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667896755496441,"flow_dst_last_pkt_time":1667896755501407,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1360,"flow_dst_tot_l4_payload_len":884,"midstream":0,"thread_ts_usec":1667896755501407,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":286,"packets-processed":285,"total-skipped-flows":0,"total-l4-payload-len":3609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":67,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_usec":1667897355721055} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":286,"packets-processed":285,"total-skipped-flows":0,"total-l4-payload-len":3609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":67,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_usec":1667897355721055} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":138,"flow_dst_packets_processed":138,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667897355726163,"flow_dst_last_pkt_time":1667897355731141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1380,"flow_dst_tot_l4_payload_len":897,"midstream":0,"thread_ts_usec":1667897355731141,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":140,"flow_dst_packets_processed":140,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667897955693161,"flow_dst_last_pkt_time":1667897955698197,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1400,"flow_dst_tot_l4_payload_len":910,"midstream":0,"thread_ts_usec":1667897955698197,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":294,"packets-processed":293,"total-skipped-flows":0,"total-l4-payload-len":3675,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":69,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":135,"global_ts_usec":1667898555812144} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":294,"packets-processed":293,"total-skipped-flows":0,"total-l4-payload-len":3675,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":69,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":135,"global_ts_usec":1667898555812144} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":142,"flow_dst_packets_processed":142,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667898555817351,"flow_dst_last_pkt_time":1667898555822315,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1420,"flow_dst_tot_l4_payload_len":923,"midstream":0,"thread_ts_usec":1667898555822315,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":144,"flow_dst_packets_processed":144,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667899155761861,"flow_dst_last_pkt_time":1667899155766839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1440,"flow_dst_tot_l4_payload_len":936,"midstream":0,"thread_ts_usec":1667899155766839,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":302,"packets-processed":301,"total-skipped-flows":0,"total-l4-payload-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":71,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":138,"global_ts_usec":1667899755907084} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":302,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":302,"packets-processed":301,"total-skipped-flows":0,"total-l4-payload-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":71,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":138,"global_ts_usec":1667899755907084} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":146,"flow_dst_packets_processed":146,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667899755912613,"flow_dst_last_pkt_time":1667899755917554,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1460,"flow_dst_tot_l4_payload_len":949,"midstream":0,"thread_ts_usec":1667899755917554,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":148,"flow_dst_packets_processed":148,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667900355876128,"flow_dst_last_pkt_time":1667900355881101,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1480,"flow_dst_tot_l4_payload_len":962,"midstream":0,"thread_ts_usec":1667900355881101,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":310,"packets-processed":309,"total-skipped-flows":0,"total-l4-payload-len":3807,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":73,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":141,"global_ts_usec":1667900956028384} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":310,"packets-processed":309,"total-skipped-flows":0,"total-l4-payload-len":3807,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":73,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":141,"global_ts_usec":1667900956028384} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":150,"flow_dst_packets_processed":150,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667900956033514,"flow_dst_last_pkt_time":1667900956038487,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1500,"flow_dst_tot_l4_payload_len":975,"midstream":0,"thread_ts_usec":1667900956038487,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":152,"flow_dst_packets_processed":152,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667901555988133,"flow_dst_last_pkt_time":1667901555993121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1520,"flow_dst_tot_l4_payload_len":988,"midstream":0,"thread_ts_usec":1667901555993121,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":318,"packets-processed":317,"total-skipped-flows":0,"total-l4-payload-len":3873,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":75,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":144,"global_ts_usec":1667902156041748} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":318,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":318,"packets-processed":317,"total-skipped-flows":0,"total-l4-payload-len":3873,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":75,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":144,"global_ts_usec":1667902156041748} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":154,"flow_dst_packets_processed":154,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667902156047066,"flow_dst_last_pkt_time":1667902156052018,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1540,"flow_dst_tot_l4_payload_len":1001,"midstream":0,"thread_ts_usec":1667902156052018,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":322,"packets-processed":321,"total-skipped-flows":0,"total-l4-payload-len":3906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":76,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":146,"global_ts_usec":1667902756106952} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":322,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":322,"packets-processed":321,"total-skipped-flows":0,"total-l4-payload-len":3906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":76,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":146,"global_ts_usec":1667902756106952} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":156,"flow_dst_packets_processed":156,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667902756112485,"flow_dst_last_pkt_time":1667902756117482,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1560,"flow_dst_tot_l4_payload_len":1014,"midstream":0,"thread_ts_usec":1667902756117482,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":326,"packets-processed":325,"total-skipped-flows":0,"total-l4-payload-len":3939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":77,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":148,"global_ts_usec":1667903356166082} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":326,"packets-processed":325,"total-skipped-flows":0,"total-l4-payload-len":3939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":77,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":148,"global_ts_usec":1667903356166082} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":158,"flow_dst_packets_processed":158,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667903356171219,"flow_dst_last_pkt_time":1667903356176150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1580,"flow_dst_tot_l4_payload_len":1027,"midstream":0,"thread_ts_usec":1667903356176150,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":330,"packets-processed":329,"total-skipped-flows":0,"total-l4-payload-len":3972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":150,"global_ts_usec":1667903956205391} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":330,"packets-processed":329,"total-skipped-flows":0,"total-l4-payload-len":3972,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":78,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":150,"global_ts_usec":1667903956205391} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":160,"flow_dst_packets_processed":160,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667903956210625,"flow_dst_last_pkt_time":1667903956215536,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1600,"flow_dst_tot_l4_payload_len":1040,"midstream":0,"thread_ts_usec":1667903956215536,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":334,"packets-processed":333,"total-skipped-flows":0,"total-l4-payload-len":4005,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":152,"global_ts_usec":1667904556255353} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":334,"packets-processed":333,"total-skipped-flows":0,"total-l4-payload-len":4005,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":79,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":152,"global_ts_usec":1667904556255353} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":162,"flow_dst_packets_processed":162,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667904556260623,"flow_dst_last_pkt_time":1667904556265561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1620,"flow_dst_tot_l4_payload_len":1053,"midstream":0,"thread_ts_usec":1667904556265561,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":338,"packets-processed":337,"total-skipped-flows":0,"total-l4-payload-len":4038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":80,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":154,"global_ts_usec":1667905156369162} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":338,"packets-processed":337,"total-skipped-flows":0,"total-l4-payload-len":4038,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":80,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":154,"global_ts_usec":1667905156369162} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":164,"flow_dst_packets_processed":164,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667905156374273,"flow_dst_last_pkt_time":1667905156379254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1640,"flow_dst_tot_l4_payload_len":1066,"midstream":0,"thread_ts_usec":1667905156379254,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":166,"flow_dst_packets_processed":166,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667905756313488,"flow_dst_last_pkt_time":1667905756318378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1660,"flow_dst_tot_l4_payload_len":1079,"midstream":0,"thread_ts_usec":1667905756318378,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":346,"packets-processed":345,"total-skipped-flows":0,"total-l4-payload-len":4104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":157,"global_ts_usec":1667906356457980} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":346,"packets-processed":345,"total-skipped-flows":0,"total-l4-payload-len":4104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":82,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":157,"global_ts_usec":1667906356457980} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":168,"flow_dst_packets_processed":168,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667906356463124,"flow_dst_last_pkt_time":1667906356468031,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1680,"flow_dst_tot_l4_payload_len":1092,"midstream":0,"thread_ts_usec":1667906356468031,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":170,"flow_dst_packets_processed":170,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667906956410643,"flow_dst_last_pkt_time":1667906956415568,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1700,"flow_dst_tot_l4_payload_len":1105,"midstream":0,"thread_ts_usec":1667906956415568,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":354,"packets-processed":353,"total-skipped-flows":0,"total-l4-payload-len":4170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":84,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":160,"global_ts_usec":1667907556513484} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":354,"packets-processed":353,"total-skipped-flows":0,"total-l4-payload-len":4170,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":84,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":160,"global_ts_usec":1667907556513484} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":358,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":172,"flow_dst_packets_processed":172,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667907556518677,"flow_dst_last_pkt_time":1667907556523620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1720,"flow_dst_tot_l4_payload_len":1118,"midstream":0,"thread_ts_usec":1667907556523620,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":361,"packets-processed":360,"total-skipped-flows":0,"total-l4-payload-len":4231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":162,"global_ts_usec":1667908156515424} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":361,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":361,"packets-processed":360,"total-skipped-flows":0,"total-l4-payload-len":4231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":85,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":162,"global_ts_usec":1667908156515424} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":174,"flow_dst_packets_processed":174,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667908156510528,"flow_dst_last_pkt_time":1667908156515424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1740,"flow_dst_tot_l4_payload_len":1131,"midstream":0,"thread_ts_usec":1667908156515424,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":362,"packets-processed":361,"total-skipped-flows":0,"total-l4-payload-len":4236,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":86,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1667908756689314} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":362,"packets-processed":361,"total-skipped-flows":0,"total-l4-payload-len":4236,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":86,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":164,"global_ts_usec":1667908756689314} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":366,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":176,"flow_dst_packets_processed":176,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667908756694403,"flow_dst_last_pkt_time":1667908756699292,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1760,"flow_dst_tot_l4_payload_len":1144,"midstream":0,"thread_ts_usec":1667908756699292,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":178,"flow_dst_packets_processed":178,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667909356671590,"flow_dst_last_pkt_time":1667909356676397,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1780,"flow_dst_tot_l4_payload_len":1157,"midstream":0,"thread_ts_usec":1667909356676397,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":370,"packets-processed":369,"total-skipped-flows":0,"total-l4-payload-len":4302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":167,"global_ts_usec":1667909956810650} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":370,"packets-processed":369,"total-skipped-flows":0,"total-l4-payload-len":4302,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":88,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":167,"global_ts_usec":1667909956810650} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":180,"flow_dst_packets_processed":180,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667909956815838,"flow_dst_last_pkt_time":1667909956820716,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1800,"flow_dst_tot_l4_payload_len":1170,"midstream":0,"thread_ts_usec":1667909956820716,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":182,"flow_dst_packets_processed":182,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667910556765092,"flow_dst_last_pkt_time":1667910556769939,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1820,"flow_dst_tot_l4_payload_len":1183,"midstream":0,"thread_ts_usec":1667910556769939,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":378,"packets-processed":377,"total-skipped-flows":0,"total-l4-payload-len":4368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":90,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":170,"global_ts_usec":1667911156952838} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":378,"packets-processed":377,"total-skipped-flows":0,"total-l4-payload-len":4368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":90,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":170,"global_ts_usec":1667911156952838} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":184,"flow_dst_packets_processed":184,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667911156957940,"flow_dst_last_pkt_time":1667911156962766,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1840,"flow_dst_tot_l4_payload_len":1196,"midstream":0,"thread_ts_usec":1667911156962766,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":186,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667911756928410,"flow_dst_last_pkt_time":1667911756933311,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1860,"flow_dst_tot_l4_payload_len":1209,"midstream":0,"thread_ts_usec":1667911756933311,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":386,"packets-processed":385,"total-skipped-flows":0,"total-l4-payload-len":4434,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":173,"global_ts_usec":1667912357066553} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":386,"packets-processed":385,"total-skipped-flows":0,"total-l4-payload-len":4434,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":92,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":173,"global_ts_usec":1667912357066553} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":188,"flow_dst_packets_processed":188,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667912357071592,"flow_dst_last_pkt_time":1667912357076394,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1880,"flow_dst_tot_l4_payload_len":1222,"midstream":0,"thread_ts_usec":1667912357076394,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":390,"packets-processed":389,"total-skipped-flows":0,"total-l4-payload-len":4467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":175,"global_ts_usec":1667912957180917} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":390,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":390,"packets-processed":389,"total-skipped-flows":0,"total-l4-payload-len":4467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":93,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":175,"global_ts_usec":1667912957180917} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":394,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":190,"flow_dst_packets_processed":190,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667912957187835,"flow_dst_last_pkt_time":1667912957193306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1900,"flow_dst_tot_l4_payload_len":1235,"midstream":0,"thread_ts_usec":1667912957193306,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":192,"flow_dst_packets_processed":192,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667913557149355,"flow_dst_last_pkt_time":1667913557154138,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1920,"flow_dst_tot_l4_payload_len":1248,"midstream":0,"thread_ts_usec":1667913557154138,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":398,"packets-processed":397,"total-skipped-flows":0,"total-l4-payload-len":4533,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":95,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":178,"global_ts_usec":1667914157284622} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":398,"packets-processed":397,"total-skipped-flows":0,"total-l4-payload-len":4533,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":95,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":178,"global_ts_usec":1667914157284622} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":194,"flow_dst_packets_processed":194,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667914157289594,"flow_dst_last_pkt_time":1667914157294449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1940,"flow_dst_tot_l4_payload_len":1261,"midstream":0,"thread_ts_usec":1667914157294449,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":402,"packets-processed":401,"total-skipped-flows":0,"total-l4-payload-len":4566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":96,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":180,"global_ts_usec":1667914757354818} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":402,"packets-processed":401,"total-skipped-flows":0,"total-l4-payload-len":4566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":96,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":180,"global_ts_usec":1667914757354818} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":196,"flow_dst_packets_processed":196,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667914757360081,"flow_dst_last_pkt_time":1667914757364918,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1960,"flow_dst_tot_l4_payload_len":1274,"midstream":0,"thread_ts_usec":1667914757364918,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":406,"packets-processed":405,"total-skipped-flows":0,"total-l4-payload-len":4599,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":182,"global_ts_usec":1667915357412080} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":406,"packets-processed":405,"total-skipped-flows":0,"total-l4-payload-len":4599,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":97,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":182,"global_ts_usec":1667915357412080} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":198,"flow_dst_packets_processed":198,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667915357417116,"flow_dst_last_pkt_time":1667915357421996,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":1980,"flow_dst_tot_l4_payload_len":1287,"midstream":0,"thread_ts_usec":1667915357421996,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":410,"packets-processed":409,"total-skipped-flows":0,"total-l4-payload-len":4632,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":98,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":184,"global_ts_usec":1667915957427289} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":410,"packets-processed":409,"total-skipped-flows":0,"total-l4-payload-len":4632,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":98,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":184,"global_ts_usec":1667915957427289} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":200,"flow_dst_packets_processed":200,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667915957432416,"flow_dst_last_pkt_time":1667915957437254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2000,"flow_dst_tot_l4_payload_len":1300,"midstream":0,"thread_ts_usec":1667915957437254,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":4665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":186,"global_ts_usec":1667916557456657} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":4665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":99,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":186,"global_ts_usec":1667916557456657} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":202,"flow_dst_packets_processed":202,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667916557461709,"flow_dst_last_pkt_time":1667916557466499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2020,"flow_dst_tot_l4_payload_len":1313,"midstream":0,"thread_ts_usec":1667916557466499,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":204,"flow_dst_packets_processed":204,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667917157423210,"flow_dst_last_pkt_time":1667917157428021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2040,"flow_dst_tot_l4_payload_len":1326,"midstream":0,"thread_ts_usec":1667917157428021,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":422,"packets-processed":421,"total-skipped-flows":0,"total-l4-payload-len":4731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":101,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":189,"global_ts_usec":1667917757547203} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":422,"packets-processed":421,"total-skipped-flows":0,"total-l4-payload-len":4731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":101,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":189,"global_ts_usec":1667917757547203} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":206,"flow_dst_packets_processed":206,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667917757552293,"flow_dst_last_pkt_time":1667917757557136,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2060,"flow_dst_tot_l4_payload_len":1339,"midstream":0,"thread_ts_usec":1667917757557136,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":426,"packets-processed":425,"total-skipped-flows":0,"total-l4-payload-len":4764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":102,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":191,"global_ts_usec":1667918357617085} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":426,"packets-processed":425,"total-skipped-flows":0,"total-l4-payload-len":4764,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":102,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":191,"global_ts_usec":1667918357617085} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":208,"flow_dst_packets_processed":208,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667918357622166,"flow_dst_last_pkt_time":1667918357626995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2080,"flow_dst_tot_l4_payload_len":1352,"midstream":0,"thread_ts_usec":1667918357626995,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":430,"packets-processed":429,"total-skipped-flows":0,"total-l4-payload-len":4797,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":193,"global_ts_usec":1667918957773708} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":430,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":430,"packets-processed":429,"total-skipped-flows":0,"total-l4-payload-len":4797,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":103,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":193,"global_ts_usec":1667918957773708} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":210,"flow_dst_packets_processed":210,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667918957778810,"flow_dst_last_pkt_time":1667918957783659,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":1365,"midstream":0,"thread_ts_usec":1667918957783659,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":212,"flow_dst_packets_processed":212,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667919557747659,"flow_dst_last_pkt_time":1667919557752579,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2120,"flow_dst_tot_l4_payload_len":1378,"midstream":0,"thread_ts_usec":1667919557752579,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":438,"packets-processed":437,"total-skipped-flows":0,"total-l4-payload-len":4863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":105,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":196,"global_ts_usec":1667920157885500} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":438,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":438,"packets-processed":437,"total-skipped-flows":0,"total-l4-payload-len":4863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":105,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":196,"global_ts_usec":1667920157885500} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":214,"flow_dst_packets_processed":214,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667920157890541,"flow_dst_last_pkt_time":1667920157895403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2140,"flow_dst_tot_l4_payload_len":1391,"midstream":0,"thread_ts_usec":1667920157895403,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":216,"flow_dst_packets_processed":216,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667920757821189,"flow_dst_last_pkt_time":1667920757826024,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2160,"flow_dst_tot_l4_payload_len":1404,"midstream":0,"thread_ts_usec":1667920757826024,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":446,"packets-processed":445,"total-skipped-flows":0,"total-l4-payload-len":4929,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":107,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":199,"global_ts_usec":1667921357934789} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":446,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":446,"packets-processed":445,"total-skipped-flows":0,"total-l4-payload-len":4929,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":107,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":199,"global_ts_usec":1667921357934789} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":218,"flow_dst_packets_processed":218,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667921357939819,"flow_dst_last_pkt_time":1667921357944657,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2180,"flow_dst_tot_l4_payload_len":1417,"midstream":0,"thread_ts_usec":1667921357944657,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":450,"packets-processed":449,"total-skipped-flows":0,"total-l4-payload-len":4962,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":108,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":201,"global_ts_usec":1667921957936046} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":450,"packets-processed":449,"total-skipped-flows":0,"total-l4-payload-len":4962,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":108,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":201,"global_ts_usec":1667921957936046} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":220,"flow_dst_packets_processed":220,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667921957941247,"flow_dst_last_pkt_time":1667921957946139,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2200,"flow_dst_tot_l4_payload_len":1430,"midstream":0,"thread_ts_usec":1667921957946139,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":454,"packets-processed":453,"total-skipped-flows":0,"total-l4-payload-len":4995,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":109,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":203,"global_ts_usec":1667922558027247} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":454,"packets-processed":453,"total-skipped-flows":0,"total-l4-payload-len":4995,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":109,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":203,"global_ts_usec":1667922558027247} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":222,"flow_dst_packets_processed":222,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667922558032278,"flow_dst_last_pkt_time":1667922558037152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2220,"flow_dst_tot_l4_payload_len":1443,"midstream":0,"thread_ts_usec":1667922558037152,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":224,"flow_dst_packets_processed":224,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667923157994247,"flow_dst_last_pkt_time":1667923157999099,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2240,"flow_dst_tot_l4_payload_len":1456,"midstream":0,"thread_ts_usec":1667923157999099,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":462,"packets-processed":461,"total-skipped-flows":0,"total-l4-payload-len":5061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":111,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":206,"global_ts_usec":1667923758140912} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":462,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":462,"packets-processed":461,"total-skipped-flows":0,"total-l4-payload-len":5061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":111,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":206,"global_ts_usec":1667923758140912} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":226,"flow_dst_packets_processed":226,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667923758145987,"flow_dst_last_pkt_time":1667923758150812,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2260,"flow_dst_tot_l4_payload_len":1469,"midstream":0,"thread_ts_usec":1667923758150812,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":466,"packets-processed":465,"total-skipped-flows":0,"total-l4-payload-len":5094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":112,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":208,"global_ts_usec":1667924358195146} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":466,"packets-processed":465,"total-skipped-flows":0,"total-l4-payload-len":5094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":112,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":208,"global_ts_usec":1667924358195146} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":228,"flow_dst_packets_processed":228,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667924358200510,"flow_dst_last_pkt_time":1667924358205436,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2280,"flow_dst_tot_l4_payload_len":1482,"midstream":0,"thread_ts_usec":1667924358205436,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":470,"packets-processed":469,"total-skipped-flows":0,"total-l4-payload-len":5127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":113,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":210,"global_ts_usec":1667924958336024} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":470,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":470,"packets-processed":469,"total-skipped-flows":0,"total-l4-payload-len":5127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":113,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":210,"global_ts_usec":1667924958336024} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":230,"flow_dst_packets_processed":230,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667924958341359,"flow_dst_last_pkt_time":1667924958346268,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2300,"flow_dst_tot_l4_payload_len":1495,"midstream":0,"thread_ts_usec":1667924958346268,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":232,"flow_dst_packets_processed":232,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667925558331107,"flow_dst_last_pkt_time":1667925558336001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2320,"flow_dst_tot_l4_payload_len":1508,"midstream":0,"thread_ts_usec":1667925558336001,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":478,"packets-processed":477,"total-skipped-flows":0,"total-l4-payload-len":5193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":115,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":213,"global_ts_usec":1667926158477541} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":478,"packets-processed":477,"total-skipped-flows":0,"total-l4-payload-len":5193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":115,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":213,"global_ts_usec":1667926158477541} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":234,"flow_dst_packets_processed":234,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667926158482640,"flow_dst_last_pkt_time":1667926158487504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2340,"flow_dst_tot_l4_payload_len":1521,"midstream":0,"thread_ts_usec":1667926158487504,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":236,"flow_dst_packets_processed":236,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667926758424196,"flow_dst_last_pkt_time":1667926758429128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2360,"flow_dst_tot_l4_payload_len":1534,"midstream":0,"thread_ts_usec":1667926758429128,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":486,"packets-processed":485,"total-skipped-flows":0,"total-l4-payload-len":5259,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":117,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":216,"global_ts_usec":1667927358576852} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":486,"packets-processed":485,"total-skipped-flows":0,"total-l4-payload-len":5259,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":117,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":216,"global_ts_usec":1667927358576852} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":238,"flow_dst_packets_processed":238,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667927358582077,"flow_dst_last_pkt_time":1667927358587005,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2380,"flow_dst_tot_l4_payload_len":1547,"midstream":0,"thread_ts_usec":1667927358587005,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":240,"flow_dst_packets_processed":240,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667927958536913,"flow_dst_last_pkt_time":1667927958541805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2400,"flow_dst_tot_l4_payload_len":1560,"midstream":0,"thread_ts_usec":1667927958541805,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":494,"packets-processed":493,"total-skipped-flows":0,"total-l4-payload-len":5325,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":219,"global_ts_usec":1667928558676547} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":494,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":494,"packets-processed":493,"total-skipped-flows":0,"total-l4-payload-len":5325,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":119,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":219,"global_ts_usec":1667928558676547} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":242,"flow_dst_packets_processed":242,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667928558681642,"flow_dst_last_pkt_time":1667928558686523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2420,"flow_dst_tot_l4_payload_len":1573,"midstream":0,"thread_ts_usec":1667928558686523,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":244,"flow_dst_packets_processed":244,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667929158637190,"flow_dst_last_pkt_time":1667929158642079,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2440,"flow_dst_tot_l4_payload_len":1586,"midstream":0,"thread_ts_usec":1667929158642079,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":502,"packets-processed":501,"total-skipped-flows":0,"total-l4-payload-len":5391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":121,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":222,"global_ts_usec":1667929758769940} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":502,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":502,"packets-processed":501,"total-skipped-flows":0,"total-l4-payload-len":5391,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":121,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":222,"global_ts_usec":1667929758769940} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":246,"flow_dst_packets_processed":246,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667929758775023,"flow_dst_last_pkt_time":1667929758779865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2460,"flow_dst_tot_l4_payload_len":1599,"midstream":0,"thread_ts_usec":1667929758779865,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":248,"flow_dst_packets_processed":248,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667930358755038,"flow_dst_last_pkt_time":1667930358759853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2480,"flow_dst_tot_l4_payload_len":1612,"midstream":0,"thread_ts_usec":1667930358759853,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":510,"packets-processed":509,"total-skipped-flows":0,"total-l4-payload-len":5457,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":225,"global_ts_usec":1667930958886671} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":510,"packets-processed":509,"total-skipped-flows":0,"total-l4-payload-len":5457,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":123,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":225,"global_ts_usec":1667930958886671} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":250,"flow_dst_packets_processed":250,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667930958891808,"flow_dst_last_pkt_time":1667930958896692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2500,"flow_dst_tot_l4_payload_len":1625,"midstream":0,"thread_ts_usec":1667930958896692,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":252,"flow_dst_packets_processed":252,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667931558871110,"flow_dst_last_pkt_time":1667931558875920,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2520,"flow_dst_tot_l4_payload_len":1638,"midstream":0,"thread_ts_usec":1667931558875920,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":518,"packets-processed":517,"total-skipped-flows":0,"total-l4-payload-len":5523,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":125,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":228,"global_ts_usec":1667932159023314} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":518,"packets-processed":517,"total-skipped-flows":0,"total-l4-payload-len":5523,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":125,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":228,"global_ts_usec":1667932159023314} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":254,"flow_dst_packets_processed":254,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667932159028303,"flow_dst_last_pkt_time":1667932159033132,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2540,"flow_dst_tot_l4_payload_len":1651,"midstream":0,"thread_ts_usec":1667932159033132,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":522,"packets-processed":521,"total-skipped-flows":0,"total-l4-payload-len":5556,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":126,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":230,"global_ts_usec":1667932759077722} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":522,"packets-processed":521,"total-skipped-flows":0,"total-l4-payload-len":5556,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":126,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":230,"global_ts_usec":1667932759077722} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":526,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":256,"flow_dst_packets_processed":256,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667932759082733,"flow_dst_last_pkt_time":1667932759087559,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2560,"flow_dst_tot_l4_payload_len":1664,"midstream":0,"thread_ts_usec":1667932759087559,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":258,"flow_dst_packets_processed":258,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667933358966393,"flow_dst_last_pkt_time":1667933358971321,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2580,"flow_dst_tot_l4_payload_len":1677,"midstream":0,"thread_ts_usec":1667933358971321,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":530,"packets-processed":529,"total-skipped-flows":0,"total-l4-payload-len":5622,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":128,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":233,"global_ts_usec":1667933959089706} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":530,"packets-processed":529,"total-skipped-flows":0,"total-l4-payload-len":5622,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":128,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":233,"global_ts_usec":1667933959089706} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":260,"flow_dst_packets_processed":260,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667933959094917,"flow_dst_last_pkt_time":1667933959099748,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2600,"flow_dst_tot_l4_payload_len":1690,"midstream":0,"thread_ts_usec":1667933959099748,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":534,"packets-processed":533,"total-skipped-flows":0,"total-l4-payload-len":5655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":129,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":235,"global_ts_usec":1667934559114048} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":534,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":534,"packets-processed":533,"total-skipped-flows":0,"total-l4-payload-len":5655,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":129,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":235,"global_ts_usec":1667934559114048} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":262,"flow_dst_packets_processed":262,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667934559119423,"flow_dst_last_pkt_time":1667934559124245,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2620,"flow_dst_tot_l4_payload_len":1703,"midstream":0,"thread_ts_usec":1667934559124245,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":538,"packets-processed":537,"total-skipped-flows":0,"total-l4-payload-len":5688,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":130,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":237,"global_ts_usec":1667935159188577} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":538,"packets-processed":537,"total-skipped-flows":0,"total-l4-payload-len":5688,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":130,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":237,"global_ts_usec":1667935159188577} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":264,"flow_dst_packets_processed":264,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667935159193608,"flow_dst_last_pkt_time":1667935159198401,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2640,"flow_dst_tot_l4_payload_len":1716,"midstream":0,"thread_ts_usec":1667935159198401,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":266,"flow_dst_packets_processed":266,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667935759106386,"flow_dst_last_pkt_time":1667935759111237,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2660,"flow_dst_tot_l4_payload_len":1729,"midstream":0,"thread_ts_usec":1667935759111237,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":546,"packets-processed":545,"total-skipped-flows":0,"total-l4-payload-len":5754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":132,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":240,"global_ts_usec":1667936359250805} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":546,"packets-processed":545,"total-skipped-flows":0,"total-l4-payload-len":5754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":132,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":240,"global_ts_usec":1667936359250805} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":268,"flow_dst_packets_processed":268,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667936359255952,"flow_dst_last_pkt_time":1667936359260802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2680,"flow_dst_tot_l4_payload_len":1742,"midstream":0,"thread_ts_usec":1667936359260802,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":550,"packets-processed":549,"total-skipped-flows":0,"total-l4-payload-len":5787,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":133,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":242,"global_ts_usec":1667936959271744} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":550,"packets-processed":549,"total-skipped-flows":0,"total-l4-payload-len":5787,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":133,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":242,"global_ts_usec":1667936959271744} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":270,"flow_dst_packets_processed":270,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667936959276903,"flow_dst_last_pkt_time":1667936959281745,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2700,"flow_dst_tot_l4_payload_len":1755,"midstream":0,"thread_ts_usec":1667936959281745,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":554,"packets-processed":553,"total-skipped-flows":0,"total-l4-payload-len":5820,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":134,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":244,"global_ts_usec":1667937559422166} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":554,"packets-processed":553,"total-skipped-flows":0,"total-l4-payload-len":5820,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":134,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":244,"global_ts_usec":1667937559422166} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":272,"flow_dst_packets_processed":272,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667937559427332,"flow_dst_last_pkt_time":1667937559432171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":1768,"midstream":0,"thread_ts_usec":1667937559432171,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":274,"flow_dst_packets_processed":274,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667938159333625,"flow_dst_last_pkt_time":1667938159338503,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2740,"flow_dst_tot_l4_payload_len":1781,"midstream":0,"thread_ts_usec":1667938159338503,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":562,"packets-processed":561,"total-skipped-flows":0,"total-l4-payload-len":5886,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":136,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":247,"global_ts_usec":1667938759434538} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":562,"packets-processed":561,"total-skipped-flows":0,"total-l4-payload-len":5886,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":136,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":247,"global_ts_usec":1667938759434538} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":566,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":276,"flow_dst_packets_processed":276,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667938759439542,"flow_dst_last_pkt_time":1667938759444375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2760,"flow_dst_tot_l4_payload_len":1794,"midstream":0,"thread_ts_usec":1667938759444375,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":278,"flow_dst_packets_processed":278,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667939359421713,"flow_dst_last_pkt_time":1667939359426519,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2780,"flow_dst_tot_l4_payload_len":1807,"midstream":0,"thread_ts_usec":1667939359426519,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":570,"packets-processed":569,"total-skipped-flows":0,"total-l4-payload-len":5952,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":138,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":250,"global_ts_usec":1667939959475875} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":570,"packets-processed":569,"total-skipped-flows":0,"total-l4-payload-len":5952,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":138,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":250,"global_ts_usec":1667939959475875} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":280,"flow_dst_packets_processed":280,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667939959480953,"flow_dst_last_pkt_time":1667939959485802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2800,"flow_dst_tot_l4_payload_len":1820,"midstream":0,"thread_ts_usec":1667939959485802,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":574,"packets-processed":573,"total-skipped-flows":0,"total-l4-payload-len":5985,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":139,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":252,"global_ts_usec":1667940559505023} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":574,"packets-processed":573,"total-skipped-flows":0,"total-l4-payload-len":5985,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":139,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":252,"global_ts_usec":1667940559505023} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":282,"flow_dst_packets_processed":282,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667940559510206,"flow_dst_last_pkt_time":1667940559515036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2820,"flow_dst_tot_l4_payload_len":1833,"midstream":0,"thread_ts_usec":1667940559515036,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":578,"packets-processed":577,"total-skipped-flows":0,"total-l4-payload-len":6018,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":140,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":254,"global_ts_usec":1667941159559112} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":578,"packets-processed":577,"total-skipped-flows":0,"total-l4-payload-len":6018,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":140,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":254,"global_ts_usec":1667941159559112} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":284,"flow_dst_packets_processed":284,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667941159564239,"flow_dst_last_pkt_time":1667941159569033,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2840,"flow_dst_tot_l4_payload_len":1846,"midstream":0,"thread_ts_usec":1667941159569033,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":582,"packets-processed":581,"total-skipped-flows":0,"total-l4-payload-len":6051,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":141,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":256,"global_ts_usec":1667941759635973} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":582,"packets-processed":581,"total-skipped-flows":0,"total-l4-payload-len":6051,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":141,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":256,"global_ts_usec":1667941759635973} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":286,"flow_dst_packets_processed":286,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667941759641101,"flow_dst_last_pkt_time":1667941759645959,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2860,"flow_dst_tot_l4_payload_len":1859,"midstream":0,"thread_ts_usec":1667941759645959,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":586,"packets-processed":585,"total-skipped-flows":0,"total-l4-payload-len":6084,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":142,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":258,"global_ts_usec":1667942359803826} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":586,"packets-processed":585,"total-skipped-flows":0,"total-l4-payload-len":6084,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":142,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":258,"global_ts_usec":1667942359803826} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":288,"flow_dst_packets_processed":288,"flow_first_seen":1667856551682719,"flow_src_last_pkt_time":1667942359808855,"flow_dst_last_pkt_time":1667942359813747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":8,"flow_src_tot_l4_payload_len":2880,"flow_dst_tot_l4_payload_len":1872,"midstream":0,"thread_ts_usec":1667942359813747,"l3_proto":"ip4","src_ip":"193.31.25.70","dst_ip":"51.68.181.92","src_port":2011,"dst_port":2010,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamSpeak","proto_id":"162","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":10,"category":"VoIP"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":589,"packets-processed":589,"total-skipped-flows":0,"total-l4-payload-len":6117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":142,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":260,"global_ts_usec":1667942359813747} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/teamspeak3.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":589,"packets-processed":589,"total-skipped-flows":0,"total-l4-payload-len":6117,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":142,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":260,"global_ts_usec":1667942359813747} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 589/589 ~~ skipped flows.............: 0 @@ -266,9 +266,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7785982 bytes -~~ total memory freed........: 7785982 bytes -~~ total allocations/frees...: 146971/146971 +~~ total memory allocated....: 11494585 bytes +~~ total memory freed........: 11494585 bytes +~~ total allocations/frees...: 217225/217225 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 524 chars ~~ json string max len.......: 2227 chars diff --git a/test/results/default/teamviewer.pcap.out b/test/results/default/teamviewer.pcap.out index 8394c136d..5bbe5302b 100644 --- a/test/results/default/teamviewer.pcap.out +++ b/test/results/default/teamviewer.pcap.out @@ -1,4 +1,4 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00746{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":330297046,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330297046,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":330297046,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.250.2.170","src_port":35732,"dst_port":5938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330297046,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":330297046,"pkt":"UlQAEjUCCAAns+YuCABFAAA8OlxAAEAGTq0KAAIPovoCqouUFzIpaMgpAAAAAKAC+vCAjgAAAgQFtAQCCAosLVpIAAAAAAEDAwc="} 00516{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":330297046,"flow_dst_last_pkt_time":330433319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":330433319,"pkt":"CAAns+YuUlQAEjUCCABFAAAsCdUAAEAGv0Si+gKqCgACDxcyi5QCaioBKWjIKmAS\/\/8lnwAAAgQFtA=="} @@ -16,11 +16,11 @@ 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":520201475,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":520201475,"pkt":"CAAns+YuUlQAEjUCCABFAAAwFQEAAEARG41dL+DxCgACD4zFhnEAHDKfAAAAAAAAAABEJgMXJHMEAAAAAAA="} 02384{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":31,"flow_first_seen":520136114,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":521274313,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":13050,"midstream":0,"thread_ts_usec":521274313,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":7,"avg":36716.1,"max":442863,"stddev":96766.6,"var":9363771392.0,"ent":2.6,"data": [12327,12251,57,40726,3898,3159,6600,81845,9028,72,7415,9247,442863,41858,345075,64,9,8,11,9,7,2034,57,13,9567,57,8,51028,58831,63,12]},"pktlen": {"min":44,"avg":438.8,"max":1052,"stddev":450.4,"var":202865.5,"ent":4.2,"data": [124,124,492,1052,48,84,76,76,76,177,104,52,52,76,76,1052,1052,1052,1052,1052,1052,1052,1052,1052,1052,168,104,104,44,225,117,71]},"bins": {"c_to_s": [0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,7,4,1,2,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1],"entropies": [2.665547609,2.681676626,0.777366042,0.400940508,3.903489351,2.792044401,3.098856926,2.998324156,3.315334082,4.078965187,4.029050350,3.961237431,3.922775745,3.062608480,3.152767181,0.385090381,0.379928052,0.378026903,0.379928052,0.378026903,0.379928052,0.379928052,0.379928052,0.378026903,0.390793800,4.132575512,3.859765768,5.537042618,4.036628723,3.928550959,4.210556507,4.727299213]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":62,"flow_first_seen":520136114,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":521459535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":28902,"midstream":0,"thread_ts_usec":579147460,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":337,"packets-processed":336,"total-skipped-flows":0,"total-l4-payload-len":152049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":633881700} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":337,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":337,"packets-processed":336,"total-skipped-flows":0,"total-l4-payload-len":152049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":633881700} 01203{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":62,"flow_first_seen":520136114,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":521459535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":28902,"midstream":0,"thread_ts_usec":639022187,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":62,"flow_first_seen":520136114,"flow_src_last_pkt_time":520136114,"flow_dst_last_pkt_time":521459535,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":28902,"midstream":0,"thread_ts_usec":729854393,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"93.47.224.241","src_port":34417,"dst_port":36037,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":129,"flow_dst_packets_processed":160,"flow_first_seen":330297046,"flow_src_last_pkt_time":729854393,"flow_dst_last_pkt_time":729854070,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":60753,"flow_dst_tot_l4_payload_len":64705,"midstream":0,"thread_ts_usec":729854393,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"162.250.2.170","src_port":35732,"dst_port":5938,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TeamViewer","proto_id":"148","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":352,"packets-processed":352,"total-skipped-flows":0,"total-l4-payload-len":154456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":729854393} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":352,"source":"cfgs\/default\/pcap\/teamviewer.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":352,"packets-processed":352,"total-skipped-flows":0,"total-l4-payload-len":154456,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":729854393} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 352/352 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7779126 bytes -~~ total memory freed........: 7779126 bytes -~~ total allocations/frees...: 146735/146735 +~~ total memory allocated....: 11487729 bytes +~~ total memory freed........: 11487729 bytes +~~ total allocations/frees...: 216989/216989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 513 chars ~~ json string max len.......: 2389 chars diff --git a/test/results/default/telegram.pcap.out b/test/results/default/telegram.pcap.out index 19c0908d5..5ea226313 100644 --- a/test/results/default/telegram.pcap.out +++ b/test/results/default/telegram.pcap.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1588779596451825} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1588779596451825} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779596451825,"flow_src_last_pkt_time":1588779596451825,"flow_dst_last_pkt_time":1588779596451825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779596451825,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00897{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1588779596451825,"flow_dst_last_pkt_time":1588779596451825,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_usec":1588779596451825,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJVAAEARYHzAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGANsCwWgAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 01004{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779596451825,"flow_src_last_pkt_time":1588779596451825,"flow_dst_last_pkt_time":1588779596451825,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":279,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":279,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779596451825,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"tl-sg116e","dhcp": {"fingerprint":"1,3","class_ident":"TL-SG116E"}}} @@ -181,10 +181,10 @@ 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":723,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1588779632315962,"flow_dst_last_pkt_time":1588779608134321,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1588779632315962,"pkt":"\/\/\/\/\/\/\/\/wJrQLWJ0CABFAABES\/gAAEARqizAqAE1wKgB\/+EV4RUAMNBmU3BvdFVkcDClWtsnvt2XzwABAACyJIr8D\/N2Z9WO7tpCHKgrvJhaBg=="} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":725,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779634762513,"flow_src_last_pkt_time":1588779634762513,"flow_dst_last_pkt_time":1588779634762513,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779634762513,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":725,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1588779634762513,"flow_dst_last_pkt_time":1588779634762513,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1588779634762513,"pkt":"EBMx8Tl2KDc3AG3ICABFAAViWJsAAEARtXvAqAFN2DrNRPIWAbsFTgTHw1EwNDZQozVJE19KlwkAAAABdLDg+WGAhzOZu62GoAEEAENITE8ZAAAAUEFEAPUBAABTTkkAAwIAAFNUSwA5AgAAVkVSAD0CAABDQ1MATQIAAE5PTkNtAgAAQUVBRHECAABVQUlEoAIAAFNDSUSwAgAAVENJRLQCAABQRE1EuAIAAFNNSEy8AgAASUNTTMACAABOT05Q4AIAAFBVQlMAAwAATUlEUwQDAABTQ0xTCAMAAEtFWFMMAwAAWExDVBQDAABDU0NUFAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS13d3cuZ29vZ2xlLmNvbfji0b2UKZEBPixRS8R5FV4DZD4i7T\/6B0Z4nKaYTElCcNQLL0+vajT\/QP9tp6wIGReVi8x7NFEwNDYB6IFgkpIa6H7tgIaiFYKRXrLacjAwMDAwMDAwAuVjx2eeSNkn+AhDtSgQn3BeW8lDQzIwYmV0YSBDaHJvbWUvODMuMC40MTAzLjM0IEludGVsIE1hYyBPUyBYIDEwXzEzXzYriYKzggSKpsC6slaoCl0fAAAAAFg1MDkBAAAAHgAAAAuXQLYHE9JIhKrGV8rvXoOxMjFuf2JfKTHXlSKWC8+sAyENtsO94X6K9sux59v7JM7rsrjePubGsEAWqYL7e1xkAAAAAQAAAEMyNTXvR+qpngpSje9H6qmeClKNYDLLkqBBTd8GdwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779634762513,"flow_src_last_pkt_time":1588779634762513,"flow_dst_last_pkt_time":1588779634762513,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779634762513,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"beta Chrome\/83.0.4103.34 Intel Mac OS X 10_13_6"}}} +01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":725,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779634762513,"flow_src_last_pkt_time":1588779634762513,"flow_dst_last_pkt_time":1588779634762513,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779634762513,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"beta Chrome\/83.0.4103.34 Intel Mac OS X 10_13_6","quic_version":"Q046"}}} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":726,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779634764481,"flow_src_last_pkt_time":1588779634764481,"flow_dst_last_pkt_time":1588779634764481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779634764481,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":726,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1588779634764481,"flow_dst_last_pkt_time":1588779634764481,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1588779634764481,"pkt":"EBMx8Tl2KDc3AG3ICABFAAViUS0AAEARvOnAqAFN2DrNRMaGAbsFTkE+w1EwNDZQdSQ0JxgV+\/AAAAABpTtWGWoI4a2O5woGoAEEAENITE8ZAAAAUEFEAPUBAABTTkkAAwIAAFNUSwA5AgAAVkVSAD0CAABDQ1MATQIAAE5PTkNtAgAAQUVBRHECAABVQUlEoAIAAFNDSUSwAgAAVENJRLQCAABQRE1EuAIAAFNNSEy8AgAASUNTTMACAABOT05Q4AIAAFBVQlMAAwAATUlEUwQDAABTQ0xTCAMAAEtFWFMMAwAAWExDVBQDAABDU0NUFAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS13d3cuZ29vZ2xlLmNvbapsx9TSQuPwh8YeJs33Nmze8URvGPZoGeJQWhFImAF+FKGJcZ5Gv+AWggZjhNIH2DzcOgKswVEwNDYB6IFgkpIa6H7tgIaiFYKRXrLacjAwMDAwMDAwTrr3TE8EhubDtCHdJzdVC1d+PPBDQzIwYmV0YSBDaHJvbWUvODMuMC40MTAzLjM0IEludGVsIE1hYyBPUyBYIDEwXzEzXzYriYKzggSKpsC6slaoCl0fAAAAAFg1MDkBAAAAHgAAAIbXL08ZJ3aJ+3OQ3+Rsvbic8DCd31+92QlBmAfJ4ZcgyovDvfnINbPNV9UIgMSv\/oTfYVDM1unv0Eg0xlJTYVZkAAAAAQAAAEMyNTXvR+qpngpSje9H6qmeClKNYDLLkqBBTd8GdwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779634764481,"flow_src_last_pkt_time":1588779634764481,"flow_dst_last_pkt_time":1588779634764481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779634764481,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"beta Chrome\/83.0.4103.34 Intel Mac OS X 10_13_6"}}} +01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":726,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1588779634764481,"flow_src_last_pkt_time":1588779634764481,"flow_dst_last_pkt_time":1588779634764481,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779634764481,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":50822,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.com","quic": {"user_agent":"beta Chrome\/83.0.4103.34 Intel Mac OS X 10_13_6","quic_version":"Q046"}}} 02339{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":727,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1588779634762513,"flow_dst_last_pkt_time":1588779634794508,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1588779634794508,"pkt":"KDc3AG3IEBMx8Tl2CABFAAViAABAADcR1xbYOs1EwKgBTQG78hYFTlCg01EwNDYFozVJE19KlwkAAAABlFnOyl1IE6Kl9p2lJqJe20wr+YJJK3OQaQI+K1yyeZR9yLW3lS\/Tdnt9xcKqAlOjTi1OwA2w6a7+tRtr3KAKpiTPSke9Qgxq9RZuUGOobpscabZyRsqHgng7hPe2XFawQxldFDSjxKnYQdE5FFv9BpDrnq\/TTXf9TFvgw\/QnXVAz5Cyt9UqBUF1hH0e8eHxu6vo8lxkhnIhe5h6hLOoAm1BnioEr9hnRo4ORCSZRNuTGnhroEuVGyj5HhhPz45sTADcZH\/aRhJy7qwSQPpjxKMRjwHfkXW+yFpSOG3Hp5CsHedxutEJhnZDI+4BG1I6mpoDE8Zvk+SOrrxTdABEKpyABqDKs78QbQi9n46y46LF2JTAo36T9cjW0OkfnS1dX8RBGe5tpl\/GX8HAEOsAa\/z+6O4B5WSOIZhf34xGOy\/N3OFC+u9lN+ttVyLf++3WOzpd57ZzPwtC+yE\/BNwbA4eO5JHsp6kPUffzjzL5K4L4obRfRfmFzgUJr2AvlNCCKETOUv9FcgCj+O3Ce2J+FzvWWvPIvOKN37xrUN\/mjFcjn6vrnzc3WHSBHZUUQPgLL9gdUFNa8\/yQjJhbGLlt8bvQA1SJaoWXDVmYJjnjFSJJFF8RWpizfJP35dxquwrjEwUged8l6McoK7qHu4Ld19f6o8UJyTgkxjnhmujMkW40UK64Bo1F6vaXjIzepbsvzrfPs4buhFyCPcm2wLFZq5nMbYvmNgbBAMNYgQ7+Y4Zo47U6dIvcnsHay4b8rdIZC\/Ra4RUg2MEAVMY04nZVwsS9kMvxjw7tWpuLXdlQCjlvuGOf6dZ6k9rHdaI3URstXL6UuWo0Gdj\/NtiaGySmIHVV6i7EbmaJp3uFyYDnUvrIMjfc6ghlolVGsZni+GAZQbXnpWH5ualh+GQk\/IS2IEz0uyBJ6dsYticBr8EFAQR7hHY\/3OyEr27WwpwoLmUJn9UQqUUNET0+qTxL027bZTqGeTGLe2rH0z4qd78Ue12s\/mmitdGeaTOEIB+kN9Oz976ydi7i+SoMBr\/+hKLj5gjHsfiNqAK8opkFFxqyBh0nqOBdwUSl8gZVmShAcuOo649XW2Yut5pCeSZfn3ZoRq+lWx89wdySCjOMW8exEEWunv6bjn3slpy7AmRkw+sPRuDmUtrstSTMggBfN+zYz4kU9msu81pr+IK0y7aQh4mmTipBI3toWvtKGgxtFFCU+90ZF+2e26g7ax+JPhJWCf1aeqV2qjVTswyDUe+X8YVqx5YC7ACn0pIzEQj12x8eSFM60TkG8kXSrR+cBcSE4aaYhrAy3pypcCtMV26Co80JeaaDwDMCwmVAzo0E\/BwpqMknzmJBeyZjvON\/562D3ZU9nDxApe4H14sNeh3KyKanbNvTWcgxWJPs+wQ9X1d9egrD3CNpHov7eGsS9E5PTryqkw6dcr07anAdXKz39OKneC7uTIi2xMN4pi9HDUne9kKxezY6JaiaaEds0Egs5TrKu5MlMzp7QSr1MmDFu7VQLrafQLtQSQLw0f+CkdiOkRSoewADHR7WnRu3Pw\/1y7ALeor+7d7v\/xVkXtV0+u1JaX2B1bUYYuBQruUl0bp5QCHut4tI5G7u+9P1dYnUX\/rSklohEaFv70M62kLeKCl4bX8BdPalaH0yKRZF9q2iCLDdluLwx+pd3G8lRNNpU8gMggNTI9z\/7Pxs0oOqfN32KINp0rOMXmr0ZD6E5U7SeSuShxUVrIQgXkF5QTsc4zAeYQXZrfPFcKANcrPTz3MqQYdpM"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":728,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1588779634795180,"flow_dst_last_pkt_time":1588779634794508,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1588779634795180,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4emwAAEARmNTAqAFN2DrNRPIWAbsAJN5oQKM1SRNfSpcJAg\/VJy\/hU5JXfMk208XyiTI7oA=="} 02349{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":729,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1588779634764481,"flow_dst_last_pkt_time":1588779634797116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1588779634797116,"pkt":"KDc3AG3IEBMx8Tl2CABFAAViAABAADgR1hbYOs1EwKgBTQG7xoYFTqbf01EwNDYFdSQ0JxgV+\/AAAAAB\/upOH6rH2BIyQSeP5oglrVNRjLzUPYUddHT9m6BsmcKmApdlysrOkxHuxx9vijlyM8wYkq7JvX19IQMhKJZA0U6a8sLp7rHlGFo5nqmm0jMnW7WPHt\/LNpmp9sMej9LIYl7HVWlYuGONw23gJgIuAlpWAO6yh+eVnrhPvfDTj31c6\/L1ooPLrq5NV7Gc7jNhPXAjTc4ZaIElGMpTUieuhBDEobdC\/yRUwhIJac7BNwvPjcF+IDwdoZlLRJw3R5oXAi2b\/NF4EAf1KMRYvNmplcTy11GLuiSvRAmihe5Rh\/orc2nsZbWj+vVmUmzCiWHVssa5KLzmBbkyMh6lJPB3gwNR9L\/Fq9yeGKy0+1JnwE4BdYx5u8HLnX2wgYVFT\/rFfn1Oc62CdMeazmAG7K4pybekkUnanBSVSlDsTtacnk6lBahTKCPl4BKZo41FpeNyrCv6CdLYcTHgeBE4YGrMXUeFT\/ilVEPrTMzFe5kzHIStA3AKnuB\/P+S0D02eLWMotPjv93++mmxST6HP114UWR5QNEIWRxUS8RL0hQeu4zY97Ng6cw4CKN+Csj\/ZvkP4kxD\/Zq7tP6yj9mYvYIO9zExfP9oeGiwS\/4f+6unIp0FdFoZmq8bqYOIOw8QtYVOoNnStryjcigG\/awK2ZaMXV+46Pnbc7phNOyTwsLBxxc\/12QJJ45cSQCeX9fI3HOGC6Lef+EyN3wVq9oB+wBoxI5umm0icT\/zZ2yvFo6UFJ2uDstyecW1AqbCfnn6WWrQLz6eMr+vL\/JleVbbatuBYa5gdk2Yt+67fkdck3Dk3mkph8oGaf+SDkR7Tf9p8ulHM4RwOnQJFlNf4xkSWeQGBLD6wjBE4rkLONEpat+rbynMjiBPAofixsPnISwVDLf0nq9DMrjUvdWlIIMyhGej2e24qnTkMu6p7FC\/huIoB0mRmYhHnBPlCQn\/LUzArFEcNys29X1cxw25iplZFvHkHdOc24AY5G54G00MdsxNdaE\/paJZz93dfFlaEUpxXdsPnTzUS4pfi+tXdLdZlCDSCbcoeLXsZ10o3zvR7bkNwPdSYObv6FtEohnNHd5N8A7GThnHg9zUXltLPSF3xHvq8673iVUYgBtPyG5IX44udpmQI7jeus04VvFTz2gu4npRTD34iJ0hoN0ntT0nFkqcX5\/lL09qWjNDuFP\/S1ls4UAok+2ha5s3PvhtAKIlco7aoWYLrSj95gTSsEvt+vv6BHLLnycSfEmJgy7LNVNyoUK4C4+9WgT1JfWOmVbGaY23xkwzP15QjiTTdKIEkJwiBmgJIruM0dA1J41jJPUcFpH8opFJyrh1InbMhpwrdsem5Er87sEkX0BhYPXkyvKucSZm6W1RMofNDgCdyw5TOBfDKdoqNmc54r82qBE2FvdTks67OsedSUGg\/xIKev6elshEbqcaKfcXRRyuerRJ9Na1ZC85buNS0\/0S8Uk1MnuNcWLIniDOgLmxDYioY8+6ffXPskGoeJ6mpsWIPFN\/ZXPivRS+0hFla3abk42RYHrYiht3fXvADKY3mvEEwWMSzU84L2ho8ij4vLNJYBjTvbpsEkPGMqANA85Spe5XJ9p4g9hQurfHWfSLDKdhStCgrn8jpcM\/\/FkUBZViwdPAW2JLOvsdSXQXeDGKI7nTEgI0kYpnr4frOKaPCHqb3HEqFHSRiARTSD0ufyxhTd6AYnG3WyBQ7hHD\/6lTnreRmZxISZ6q\/gFRJTubvR8\/BO8IvV1XaeMgD55oE\/mi7ALMHyuc8OmMt"} @@ -336,7 +336,7 @@ 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":148,"flow_dst_packets_processed":153,"flow_first_seen":1588779617174153,"flow_src_last_pkt_time":1588779629315487,"flow_dst_last_pkt_time":1588779629237403,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":48,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":256,"flow_dst_max_l4_payload_len":272,"flow_src_tot_l4_payload_len":30560,"flow_dst_tot_l4_payload_len":28992,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.52","src_port":23174,"dst_port":31480,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1588779634762513,"flow_src_last_pkt_time":1588779634795180,"flow_dst_last_pkt_time":1588779634794508,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":1378,"flow_dst_tot_l4_payload_len":1350,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":120,"flow_dst_packets_processed":0,"flow_first_seen":1588779596708683,"flow_src_last_pkt_time":1588779655298782,"flow_dst_last_pkt_time":1588779596708683,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":427,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19803,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1588779655298782,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1566,"packets-processed":1566,"total-skipped-flows":0,"total-l4-payload-len":268533,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":46,"total-detection-updates":13,"total-updates":10,"current-active-flows":0,"total-active-flows":48,"total-idle-flows":48,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":339,"global_ts_usec":1588779655298782} +00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1566,"source":"cfgs\/default\/pcap\/telegram.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1566,"packets-processed":1566,"total-skipped-flows":0,"total-l4-payload-len":268533,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":46,"total-detection-updates":13,"total-updates":10,"current-active-flows":0,"total-active-flows":48,"total-idle-flows":48,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":339,"global_ts_usec":1588779655298782} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1566/1566 ~~ skipped flows.............: 0 @@ -345,9 +345,9 @@ ~~ total active/idle flows...: 48/48 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7912769 bytes -~~ total memory freed........: 7912769 bytes -~~ total allocations/frees...: 148440/148440 +~~ total memory allocated....: 11620636 bytes +~~ total memory freed........: 11620636 bytes +~~ total allocations/frees...: 218694/218694 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 556 chars ~~ json string max len.......: 2354 chars diff --git a/test/results/default/telegram_videocall.pcapng.out b/test/results/default/telegram_videocall.pcapng.out new file mode 100644 index 000000000..ed8905f7e --- /dev/null +++ b/test/results/default/telegram_videocall.pcapng.out @@ -0,0 +1,271 @@ +00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648032334213648} +00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334213648,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1648032334213648,"pkt":"MzMAAAACmt9Y+uvcht1gAAAAABA6\/\/6AAAAAAAAAmN9Y\/\/7669z\/AgAAAAAAAAAAAAAAAAAChQC\/wAAAAAABAZrfWPrr3A=="} +00917{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213648,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334213648,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1648032334213678,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1648032334213678,"pkt":"MzMAAAACmt9Y+uvcht1gAAAAABA6\/\/6AAAAAAAAAmN9Y\/\/7669z\/AgAAAAAAAAAAAAAAAAAChQC\/wAAAAAABAZrfWPrr3A=="} +00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334318608,"flow_src_last_pkt_time":1648032334318608,"flow_dst_last_pkt_time":1648032334318608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334318608,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1648032334318608,"flow_dst_last_pkt_time":1648032334318608,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1648032334318608,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACg1lZAAEARyaXAqAwBwKgM\/0RcRFwAjFAceyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNDEwNzAzNTIwMDMwMzgwNzA5MTc5NzYyNjA1Mzg1NzIwNTQ5OTksICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"} +00945{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032334318608,"flow_src_last_pkt_time":1648032334318608,"flow_dst_last_pkt_time":1648032334318608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032334318608,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032336009920,"flow_src_last_pkt_time":1648032336009920,"flow_dst_last_pkt_time":1648032336009920,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336009920,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1648032336009920,"flow_dst_last_pkt_time":1648032336009920,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336009920,"pkt":"CL6sCxdumt9Y+uvcCABFAAA88YVAAEAGPu\/AqAyplZqnW5Q8Abt0xEFmAAAAAKAC\/\/\/nNgAAAgQFtAQCCArE7EVxAAAAAAEDAwk="} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032336009996,"flow_src_last_pkt_time":1648032336009996,"flow_dst_last_pkt_time":1648032336009996,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336009996,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37950,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1648032336009996,"flow_dst_last_pkt_time":1648032336009996,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336009996,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8iT5AAEAGpzbAqAyplZqnW5Q+Abv5z7A3AAAAAKAC\/\/\/zSgAAAgQFtAQCCArE7EV+AAAAAAEDAwk="} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032336020865,"flow_src_last_pkt_time":1648032336020865,"flow_dst_last_pkt_time":1648032336020865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336020865,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1648032336020865,"flow_dst_last_pkt_time":1648032336020865,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336020865,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8ocRAAEAGjtjAqAyplZqnM7cOAbtHtY5HAAAAAKAC\/\/9zlwAAAgQFtAQCCApovtLCAAAAAAEDAwk="} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032336039036,"flow_src_last_pkt_time":1648032336039036,"flow_dst_last_pkt_time":1648032336039036,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336039036,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1648032336039036,"flow_dst_last_pkt_time":1648032336039036,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336039036,"pkt":"CL6sCxdumt9Y+uvcCABFAAA85gJAAEAGSprAqAyplZqnM7cSAbs3E+VPAAAAAKAC\/\/8tGgAAAgQFtAQCCApovtLVAAAAAAEDAwk="} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1648032336009920,"flow_dst_last_pkt_time":1648032336040673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336040673,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADIGPnWVmqdbwKgMqQG7lDyVOI9MdMRBZ6AS\/\/\/aeAAAAgQE2AQCCAonSsG9xOxFcQEDAwU="} +00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1648032336009996,"flow_dst_last_pkt_time":1648032336040727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336040727,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADIGPnWVmqdbwKgMqQG7lD41gWDX+c+wOKAScSA4BAAAAgQFtAQCCAo1hn46xOxFfgEDAwU="} +00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1648032336041683,"flow_dst_last_pkt_time":1648032336040673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1648032336041683,"pkt":"CL6sCxdumt9Y+uvcCABFAAAoAABAAEAGMInAqAyplZqnW5Q8Abt0xEFnAAAAAFAEAABZdgAA"} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1648032336041933,"flow_dst_last_pkt_time":1648032336040727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032336041933,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0iT9AAEAGpz3AqAyplZqnW5Q+Abv5z7A4NYFg2IAQAKzXIQAAAQEICsTsRZ81hn46"} +00941{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1648032336042221,"flow_dst_last_pkt_time":1648032336040727,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":347,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":347,"pkt_l4_len":313,"thread_ts_usec":1648032336042221,"pkt":"CL6sCxdumt9Y+uvcCABFAAFNiUBAAEAGpiPAqAyplZqnW5Q+Abv5z7A4NYFg2IAYAKw4fwAAAQEICsTsRZ81hn46+Lk1fQH\/auTy5DqAZnRJsTQlVXb3tGXJRLqxvKQW6crH1iDPeN\/8Btw52lhMm0Ir3VpqEhzSpNaNPlr3o1wuzMiaC+NevOVQf99nPw+BptAPG44HrHZjkRGXpUbf\/9POtouGGHiyyBpqEFEiUgPuvQcj824Y\/QguUQPxQem7WqbCtc+WCJ\/S3Dl\/Br9w2EPC7H3hTz+\/0Yu8av9aU6k0\/uNw2Mar9ONynRbonUDwhOAwj91YVyRjTQBeaUlE+FgOh367MdRuXw9Hor5aOx2KYfvdnT5reoT+eZN9Oxqgj7LqJKoPz40UJWBvVe+PDZAjxJKri48+dx2kcKXZj3cv8P9HPjdnXuXGoN8SnZXGoAqGfFFOyQLwWD4="} +00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1648032336020865,"flow_dst_last_pkt_time":1648032336051278,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336051278,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADIGPp2VmqczwKgMqQG7tw5qdtt4R7WOSKASX\/CpRQAAAgQE2AQCCAp4wqx+aL7SwgEDAwU="} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1648032336052412,"flow_dst_last_pkt_time":1648032336051278,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032336052412,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0ocVAAEAGjt\/AqAyplZqnM7cOAbtHtY5IanbbeYAQAKw2WAAAAQEICmi+0uJ4wqx+"} +01029{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1648032336052663,"flow_dst_last_pkt_time":1648032336051278,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":411,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":411,"pkt_l4_len":377,"thread_ts_usec":1648032336052663,"pkt":"CL6sCxdumt9Y+uvcCABFAAGNocZAAEAGjYXAqAyplZqnM7cOAbtHtY5IanbbeYAYAKw1DwAAAQEICmi+0uJ4wqx+Acn3RSLLd3YEwQjF80nH3tE7HHvyyAHjEePwuQq\/575o6YQsFu5J6aDYIaSg18SI4pejEeXwg0TzQ+ju+Iy4K4LC0o\/TwgCSPT1sd+HH9dnEuSXeyHecF3rTZIJjgvJc0xVveI\/5+K+6D3aoQ39o0bDbSum5\/7LSkWQlXsTK522MbUY+t13nvpi59H+3qU\/UFmtDccIFw4YaCx+RwjTnfDXuwKhWV5Ihb+1HAXdEnxPVR\/us28QCbaj0OqUrXtEnDOWu5qKgIwNO5+6dMUcrqwzbCZ5FkbQ7\/6W+NLmOZbDkqhpGHCOQ1\/baX5RS9ebeZ5pkktoOfCJoi8Of3CJuL4aa3hlu3J\/tS92rZ++2LnWpqY5FoX5kYdvJSYDEf3JaRIsu6440+SahTn\/xw1yNvKSURCVogQAxmwI9oyFPbXL3hqK\/A4p8y5PrJDEDcJxBAA2\/82XmZU4O"} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1648032336039036,"flow_dst_last_pkt_time":1648032336069751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336069751,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADIGPp2VmqczwKgMqQG7txI\/0JvTNxPlUKASX\/AtqQAAAgQE2AQCCApqXFpPaL7S1QEDAwU="} +00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1648032336070840,"flow_dst_last_pkt_time":1648032336069751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032336070840,"pkt":"CL6sCxdumt9Y+uvcCABFAAA05gNAAEAGSqHAqAyplZqnM7cSAbs3E+VQP9Cb1IAQAKy6uwAAAQEICmi+0vVqXFpP"} +01049{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1648032336071153,"flow_dst_last_pkt_time":1648032336069751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":427,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":427,"pkt_l4_len":393,"thread_ts_usec":1648032336071153,"pkt":"CL6sCxdumt9Y+uvcCABFAAGd5gRAAEAGSTfAqAyplZqnM7cSAbs3E+VQP9Cb1IAYAKxMJQAAAQEICmi+0vVqXFpPqOdZfkxQG0lUQxGTpMmM6MVDuBW36bevA2befI\/W7ia6zYPsveEXr3q4MtOgVqu0kagEgqrVloX7VQeiYuqGx6wKkwiM9IJRyeJBWfKRaLOc4X\/xaBMeGCrM5E\/XnbMcmpKlOihCex8SqfoljNAZCXSb6lXMijzIzVErA4hkXdzgSoHdlzqQy8vCUsslNAMrNdnQFVu\/dYvCrf90305joJO5gMiZDr99z53GMk2oM82PanfcuYq+2FWrNu91fsvhbPDL+74IE4xtx1cY6aFSmHaP8tvUvNKnL2Hk2Lv5SZmwdaVl9tcBi6Obbkmfoi\/vM45qioUY3jdwnRWmkoGfNtZHDGtRCR+oyvb7Es1ZDLz3hBeBpS1jZdrVs+67gNMR\/\/nFSp5rOKWdQDtaHCiVXpBnwk5EGd\/KNzsXiAZ+HXkjHHB1m2AwzTL0eSp6h+xzTexxbdp3xKnflRrA1L6XVWG884n2ZLf3bA=="} +00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1648032336042221,"flow_dst_last_pkt_time":1648032336073733,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1648032336073733,"pkt":"mt9Y+uvcCL6sCxduCABFAACdHppAADIGH3qVmqdbwKgMqQG7lD41gWDY+c+xUYAYA6uidgAAAQEICjWGfkLE7EWfmACPBozpETqrykECQNJkjhVFOCt8I0tETutuMSvkgCPiIPkCQ0cSt4ItJVu8hYFVnhU4pvChFtXnjX\/3M0B9m3lohUf0NpYS6Ceo8adtOAqrBqThNPEJVCh5d3Q6wA0OPVsBgWUJ2lBg"} +00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1648032336052663,"flow_dst_last_pkt_time":1648032336083442,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1648032336083442,"pkt":"mt9Y+uvcCL6sCxduCABFAACd6sBAADIGU3uVmqczwKgMqQG7tw5qdtt5R7WPoYAYA7JkYAAAAQEICnjCrNVovtLi90WQuFvsfkC+tB+Wj\/PnPkfWnjrPdjtws4rEHFuvErWFyi3AdO+hzQLvKUcxSSK4fgiGUe2pd2QXamoPEtJ3IBvYTrXPphVIAcXe93dS4oYpgdpX9Sqx4ffOTKtEbAmeq8QJ97k1FWIz"} +00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1648032336071153,"flow_dst_last_pkt_time":1648032336100887,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1648032336100887,"pkt":"mt9Y+uvcCL6sCxduCABFAACdzSxAADIGcQ+VmqczwKgMqQG7txI\/0JvUNxPmuYAYA7ItYAAAAQEICmpcWqhovtL13B24eIMJT8gSFmaZGCQPVAqlDuUI26yj4odks4G0NiQPEB3JOQcLd\/9JgWGIarA5LugJyPSwIZSUaC0ONvP5EXDjqmqbQthPmbt9X1mCGzZ1UIV0TAI8NQMksDVEscXUtBa5wziv50Je"} +02008{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1648032336009996,"flow_src_last_pkt_time":1648032336391148,"flow_dst_last_pkt_time":1648032336391586,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":884,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":2636,"flow_dst_tot_l4_payload_len":13025,"midstream":0,"thread_ts_usec":1648032336391586,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37950,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":24604.6,"max":126888,"stddev":31047.4,"var":963939136.0,"ent":3.9,"data": [30731,31937,288,33006,35575,10197,44497,8215,4395,4095,48658,1376,3118,6445,36520,17815,50889,88402,126888,78673,32858,54,22,21,65506,275,2211,37,14,12,12]},"pktlen": {"min":52,"avg":541.9,"max":1280,"stddev":516.1,"var":266324.8,"ent":4.3,"data": [60,60,52,333,157,52,936,825,672,141,141,52,767,189,301,52,349,317,52,157,52,1280,1280,1280,1280,52,52,1280,1280,1280,1280,1280]},"bins": {"c_to_s": [6,0,0,1,1,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,2,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,1,1,1,0,0,1,1,1,1,1],"entropies": [4.759215832,5.200119972,5.156889439,7.326955795,6.678098679,5.118428230,7.754227638,7.716340542,7.727574825,6.586546898,6.619811058,5.118428230,7.671398640,6.924524307,7.207767487,5.154968739,7.392677784,7.317721844,5.308815479,6.654307365,5.270353794,7.858087063,7.839837551,7.851624012,7.845353127,5.195351601,5.195351601,7.846577168,7.826389313,7.858784676,7.859879017,7.849138260]}} +00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032336638090,"flow_src_last_pkt_time":1648032336638090,"flow_dst_last_pkt_time":1648032336638090,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336638090,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40830,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1648032336638090,"flow_dst_last_pkt_time":1648032336638090,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336638090,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8r4BAAEAGgHHAqAyplZqn3p9+AbuMNAhoAAAAAKAC\/\/9LuwAAAgQFtAQCCArq9NCtAAAAAAEDAwk="} +00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032336639074,"flow_src_last_pkt_time":1648032336639074,"flow_dst_last_pkt_time":1648032336639074,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336639074,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1648032336639074,"flow_dst_last_pkt_time":1648032336639074,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336639074,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8IZRAAEAGDl7AqAyplZqn3p+AAbtmgchnAAAAAKAC\/\/+xawAAAgQFtAQCCArq9NCuAAAAAAEDAwk="} +00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1648032336638090,"flow_dst_last_pkt_time":1648032336668166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336668166,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADIGPfKVmqfewKgMqQG7n34c3\/UDjDQIaaAS\/\/+hAwAAAgQE2AQCCArrLK526vTQrQEDAwU="} +00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1648032336639074,"flow_dst_last_pkt_time":1648032336668213,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336668213,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADIGPfKVmqfewKgMqQG7n4C7jM8hZoHIaKAS\/\/\/p3gAAAgQE2AQCCAry50rF6vTQrgEDAwU="} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1648032336669461,"flow_dst_last_pkt_time":1648032336668166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032336669461,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0r4FAAEAGgHjAqAyplZqn3p9+AbuMNAhpHN\/1BIAQAKzOJgAAAQEICur00MzrLK52"} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1648032336669640,"flow_dst_last_pkt_time":1648032336668213,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032336669640,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0IZVAAEAGDmXAqAyplZqn3p+AAbtmgchou4zPIoAQAKwXAwAAAQEICur00Mzy50rF"} +01341{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1648032336669773,"flow_dst_last_pkt_time":1648032336668166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":644,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":644,"pkt_l4_len":610,"thread_ts_usec":1648032336669773,"pkt":"CL6sCxdumt9Y+uvcCABFAAJ2r4JAAEAGfjXAqAyplZqn3p9+AbuMNAhpHN\/1BIAYAKx7RQAAAQEICur00MzrLK5265xT+Amd4bw1tgbuswVrSsrG7xnH9KXn7ftOCfplW+DxZv6clJQOVM5M4r9laOtg6yvFIjhZDCnpdsf1U3z5\/LNafiD+EqeoerOZ1mv2no0EeSwo+BVjvcVB0CzwQdjedpaUonlISJ9Bwyp1H6UbXd4tT+O3XyVSJRoYpa\/TiARRT2Fih6dwJU9R6geBaOKDCtEkDjE91c3VND1scge9i7Y3eE+HimfChV2BOZO0ibqr6zVxBQVd2gBGIQV7F+Ou8rEw5naQ78B1kflhU5bLTRSwMRstUe\/egGthMG451s+4oAHMpXgiN5Oq4zsD+fl+8b02irsVRkOFycX2ijuNK5afSQSHhaNZzpSrFYwrYve3J50muI+7V45lEiRDiHV1NmgifYHl4Xu0g59V6U+FGhisrrMTA3U\/GijteIB\/HCHDxnEyfaMkm5S7RlJMRBHGCOp556pnjSLfhymbwTAtnBZwgbbSKhVJHKyWXLRFrUKENnZmPYTyx9jua64PCVJhnisT4LI3BMJLk\/+O06mDS3EKidxY244V4hZRB8h3lEuZ\/32BPbIwnOiUau7zNgdSs5pdQ4Tlrt\/luu5K15dMXHLaIPwPB\/7ZywXc6yJugN9nJItgx27ZnS\/nzub+amCc1UVEQDAGalubPQ9fTlCcLVKkiSotULYsBrKWcKtMNKMBgUFNqkuaFeW4JwEL98cDmQItpIKiMLFQVvftleQ25BlPfD+Yxwekl6AHZwqRjehfghUZtcN9e0PlyQ0FWyjmYMo="} +01344{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1648032336670120,"flow_dst_last_pkt_time":1648032336668213,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":644,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":644,"pkt_l4_len":610,"thread_ts_usec":1648032336670120,"pkt":"CL6sCxdumt9Y+uvcCABFAAJ2IZZAAEAGDCLAqAyplZqn3p+AAbtmgchou4zPIoAYAKxMAAAAAQEICur00M3y50rF2xUPE660qY9dKIFFLL5gUER0BNI8q010zwwg0h7ubLbHg3S1hI384usbwQ+TWc7bnGObvQrHO0zjetxxb6WcIs7Ll\/+z\/76ZfJeOqczhtzsYvOa8WtmiA8yK\/iV4j2WaHkAPapRnttJd5obxql25rwy3Y1O5lRwhnAqhXZRD7zZw2Km3dXUFzYLAzIa1Ib2PLPz0Je9PK7y9eb6U5maaNJ65av5haZl08YVHdSBCRNawHMw2nmxBNl+YtQ3lUxZBQU\/Hi71mcjL1bY7MW1\/WWITFmb3qq\/JsRL2EqX\/\/2Dhm4EKRFjzdBsVgUGbA46xhEy9eImVljw5Y4Ez1qmGAwfOysulQvl3H2UX32n8wZ1mhPfW\/ROPmX7l\/rFTDUpFm7\/ruJ1Xa7kClWiBnobyITIPI7E8f05acG63LzNaV8WbTk4p82EupleEk7c7ERIYADgneHEXYp+t8eEzwIQ+EUgQ3VDa85bNhWtWhyKdlki0ATkHKSccq2KaXdKItRH1eT5n4ST3HK5MAmhWwL6+Nj7C4HnMFrCd63mQNUBuRu8BKz\/cArIDYyZBPfp0PF3Ub4pzxvE872uXQ36WQc8JkbJO7Oxgyayyk1lZ0HsrCTbSikOnHWbMgQrENwjkFfE+EZ29Scne6K1ihX5u9uBaoc3cCUIRB4vBz\/WfH4B47kyMkPGEtdJ24hJQeprcXc2M8LpLn8cF8wdWEZFv3XSVJFlwKBLK5QlXN8wgEBvct\/vfDfsDWMpoGZ67twmj5AULDqQQ="} +00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1648032336670356,"flow_dst_last_pkt_time":1648032336668166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":235,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":235,"pkt_l4_len":201,"thread_ts_usec":1648032336670356,"pkt":"CL6sCxdumt9Y+uvcCABFAADdr4NAAEAGf83AqAyplZqn3p9+AbuMNAqrHN\/1BIAYAKxYmAAAAQEICur00M3rLK52Duk6tUhKiSGG2CFngBNHmD8+kTodND5JR0qWFZneYBdPkSs5H1dWnPQxIahgpKqh2FMTkqmTZWVYjlwHNs+GerGTusvZnUsJH6odqOl5bynFphbIkO5m9pWSmc\/jH5GDVlDEOzN6Wvb3iV6\/8Xls+SQlBF\/s+eswgzH32F7dDb1ebmVA5k2+pbKAkoP5ndRI47AZ0IjAHkfmS7\/lePCxEZgGV6lta3XzvQ=="} +00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1648032336670120,"flow_dst_last_pkt_time":1648032336699775,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":276,"pkt_l4_len":242,"thread_ts_usec":1648032336699775,"pkt":"mt9Y+uvcCL6sCxduCABFAAEGJC9AADIGGPmVmqfewKgMqQG7n4C7jM8iZoHKqoAYCCX2\/QAAAQEICvLnSuXq9NDNU+5Tl1kRkQL1NNlVBHvAtd79kbOqhdqcsqSzP8pBmjtGNAYuimGAuwftlaLulSARk+H9Y+zA2G\/rtAJcW3Tl9cJ10k9v6p9plq35O9gV+aeoCMJUIVBlKthzibmyeZO0WqCNEj+pHzeoplsryOU82UercykbZGfQAaw648XkXFUXHo4+MK+WquSkkuuEMciRsdJ+O\/UXTxxokBxpxoUyP7z+fuArXERa0glUahDJ+xbFCASWMyl5258x\/HUQiEX\/90HGBMr5U2y+ThE+bpWGUxBH"} +00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032336710519,"flow_src_last_pkt_time":1648032336710519,"flow_dst_last_pkt_time":1648032336710519,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032336710519,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1648032336710519,"flow_dst_last_pkt_time":1648032336710519,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336710519,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8LBBAAEAGA+LAqAyplZqn3p+CAbvM4p88AAAAAKAC\/\/9z7QAAAgQFtAQCCArq9ND0AAAAAAEDAwk="} +00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1648032336710519,"flow_dst_last_pkt_time":1648032336741353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032336741353,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADIGPfKVmqfewKgMqQG7n4IlEusOzOKfPaAS\/\/87rwAAAgQE2AQCCAqQb5h86vTQ9AEDAwU="} +00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":188,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1648032336742441,"flow_dst_last_pkt_time":1648032336741353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032336742441,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0LBFAAEAGA+nAqAyplZqn3p+CAbvM4p89JRLrD4AQAKxo0AAAAQEICur00RWQb5h8"} +00894{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1648032336758992,"flow_dst_last_pkt_time":1648032336741353,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":315,"pkt_l4_len":281,"thread_ts_usec":1648032336758992,"pkt":"CL6sCxdumt9Y+uvcCABFAAEtLBJAAEAGAu\/AqAyplZqn3p+CAbvM4p89JRLrD4AYAKyl\/AAAAQEICur00SKQb5h8Y\/xwWuqDt5ukxIf9Y70g5p9e8OMSJem5Jzy7qIpRaWvhqZo5OlmmTgf19UXt0ncT2GgHBAzpdiDzGn482pqyTG8Bd8lt8AmHVf6BBxAuGa0tpmE3A7f4LLKQKjsHXP8qpGEtUo09rFYdyiAAo7byEuQjO9PGPCPuXTI3cfxtOqyghpwChB0FcGWukqIuk3jRFsoh\/ZyMbjE3WHJdGTQLa5PrwxUtv32a7rkjZH6W86GFhjrjV3TGeUWFGUhCExY6LRIf773nGQvhAQnkpto8Wzl64XJtBAXIjoL7KawOf8k6FN7giOAtp3YnYvgBu7k0Sng1v+G2eTyO"} +01984{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1648032336638090,"flow_src_last_pkt_time":1648032336766698,"flow_dst_last_pkt_time":1648032336786651,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":578,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":1261,"flow_dst_tot_l4_payload_len":17676,"midstream":0,"thread_ts_usec":1648032336786651,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40830,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":8940.9,"max":46767,"stddev":14845.6,"var":220392240.0,"ent":3.2,"data": [30076,31371,312,583,31529,37,19,34994,157,6898,41656,13027,44,22,16,15,16,23,15,20,46767,55,14,127,880,6450,31944,44,19,13,26]},"pktlen": {"min":52,"avg":644.3,"max":1280,"stddev":571.9,"var":327061.8,"ent":4.3,"data": [60,60,52,630,221,52,157,262,52,52,333,221,1280,1280,1280,1280,1280,1280,1280,1280,1280,52,52,52,52,52,285,1280,1280,1280,1280,1280]},"bins": {"c_to_s": [9,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1],"entropies": [4.759216309,5.233454227,5.156889915,7.660384178,6.987750053,5.217375278,6.765834332,7.120079041,5.195351601,5.156889915,7.396682262,7.101703167,7.850454330,7.853686333,7.825681210,7.871449947,7.830209732,7.847279072,7.843949795,7.808338642,7.841329575,5.118428230,5.156889915,5.118428230,5.118428230,5.156889915,7.139685631,7.851319790,7.844550133,7.850350380,7.835945606,7.848772049]}} +01483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1648032336758992,"flow_dst_last_pkt_time":1648032336789143,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":750,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":750,"pkt_l4_len":716,"thread_ts_usec":1648032336789143,"pkt":"mt9Y+uvcCL6sCxduCABFAALg2Q9AADIGYj6VmqfewKgMqQG7n4IlEusPzOKgNoAYCCKvOgAAAQEICpBvmK3q9NEiosjJHTrlxopJRfmPmY2Zfo5bL0c66QGbHaldi0InLNbbwGAMkdVCp1vcW3WYbBCCjxlHeZ6tsbqJGuuUpChwcUkjoYG\/S4wdWIynj0dE5aGTV6TRLWIAQTtrg\/yhaV4nYkiscetugpCrDxvppRWUBIvX7V5ymZTxVA1mZ0Q\/KhJvX\/61P76g2wnMuTVtO0fi3VmR0DT3YdgQcDPckngwi4tZuvvQ4HWMFCuaR1kzQg0VsnL7TJTnAPbzvfG109LPHA\/tFUsjQ9yy2XVcY+HlVTYP7lTjTc4+U2iS9nlNnCLJDihe44PqiZo9w4pEbYwQTzxpRL3xfJRjIKVtT7jAnLagmMBaS+WDR9XSP90N2L0+EX46nbeE4aszLqZ6WNQp7FNqadoeF1Wn8kkWSj6BopCqua+BuREVR7z+KYPCgCVX3ZJ7iiAdbXnmBHudQPZCa\/qRqPLZqvYGgHvBF5N7hZPViQvKv0PemTkmByoNe3UdPKmKVuAuUX7zEYiFjJVh2PgMKKGdwgHsnMsmymWQ3uJN01VkGHOkgi2o\/ytLQw+X6aUf3jrmZmw5PA4uLdO50LBphkV6nJP02wtXPO5pQGhoRjJKnXEB\/0dzXgpLNa41Yp+mwHozcz9iqXAFhULw9I47YZNYuGP4fEpt0ePPQYirm4dq+CzkvHb1KLqf5udLx3iB\/2N59qNuIo\/gQ7jnH\/IJ\/ezym1prytC+owCYQN8ge16Mv4Nbh+nQ6YzeWS55zSBUIhXk9oOG90ABf39FnIYxMVwz3xL3E+V3C1UlIz+YS1PvAH9mb3k38CPeqzWqrGhpsDdNdsCS+JD2i3dFJh1mJhq3tYfG0xgG3Bvwbja1H8IseQtJz4OhgviUvWyXvFpcm6uCPRvuXrz+\/ARrYbP1eT9ag8S04NN2"} +00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032340008639,"flow_src_last_pkt_time":1648032340008639,"flow_dst_last_pkt_time":1648032340008639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032340008639,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":484,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1648032340008639,"flow_dst_last_pkt_time":1648032340008639,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032340008639,"pkt":"CL6sCxdumt9Y+uvcCABFAAA8En5AAEAGHffAqAyplZqnW5ROAbvkjnemAAAAAKAC\/\/8xbgAAAgQFtAQCCArE7FUdAAAAAAEDAwk="} +00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1648032340008639,"flow_dst_last_pkt_time":1648032340038305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648032340038305,"pkt":"mt9Y+uvcCL6sCxduCABFAAA8AABAADIGPnWVmqdbwKgMqQG7lE5E3r5g5I53p6AScSD2kAAAAgQFtAQCCAq54gyOxOxVHQEDAwU="} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1648032340040339,"flow_dst_last_pkt_time":1648032340038305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032340040339,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0En9AAEAGHf7AqAyplZqnW5ROAbvkjnenRN6+YYAQAKyVrwAAAQEICsTsVT254gyO"} +01189{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1648032340040654,"flow_dst_last_pkt_time":1648032340038305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":532,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":532,"pkt_l4_len":498,"thread_ts_usec":1648032340040654,"pkt":"CL6sCxdumt9Y+uvcCABFAAIGEoBAAEAGHCvAqAyplZqnW5ROAbvkjnenRN6+YYAYAKzOyAAAAQEICsTsVT254gyOcbYq7LMguMBsrk6eKib3Up0RH30h3W1zb2wH8B2idZVRDxPs21dKHtu0F3\/VKJPTio75mHfryQ1aF+WhJFmPHkAhwkfZGJc6YWdnGdm0TTFPj+8j+josJk3MO5No1usk4BU+sExfSsJMxNyXMSnMpC4l165WSC1WhbCbohkimGSzOB2bmZ+3YFlUiZOIVjRXGTiNidSSNrAGZH2buxxnWGLdjkw4MImPvDLdIoPert9UJDqJ9CelzdbviB4uZhAhw4czATXjx3oK\/Hvl+I3KrYjh7QauixcJWf3hjelOzd6hLIr1WtWrBRqe4d+XSsV7hI7NoMIdv6SYjP9S\/zBXP1XpzkOP+E4DzbWmEF3jr0W5hHkkT89avdN0Iagf\/wxF3rwBmk7xpyXlhs58YA\/Pumq1O8BoH8bLbhirh36qNE\/vNegve+zRG9g8MgJuTDDKQvmLsuc2fQpHRwXXYLNdSrHcMFplzD2mcUSZmmrMR904KgFv3qpAPVk1D5KjQZ6rmGFlzqVNCIzoehqA+YeZQPu1J7Ry2k3tVXrtzhulAf9Z6q2M475p+YmGtRhz59n08sVDrZVPimuVNBW+xim5u2U94GGLdpmfGHF5hjo4oG4Chw=="} +00909{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1648032340040654,"flow_dst_last_pkt_time":1648032340071167,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":324,"pkt_l4_len":290,"thread_ts_usec":1648032340071167,"pkt":"mt9Y+uvcCL6sCxduCABFAAE2svRAADIGioaVmqdbwKgMqQG7lE5E3r5h5I55eYAYA6skbAAAAQEICrniDJbE7FU9Ox8w2jsi1XA8SutSnpGd+2vrapwLJDtdlR3smO0h5FRfZ2nep7hBWFf1ITh+59STbADxPeHHEhHZzmhvQYvcTeWAI2OX9rWHVg9zUcDl4xHA7RsfO6G1pNtp2L2skYgNgJRvV\/JC8inYa9EsgkrZyycBe0t3MFq7wjvXcBEKXn\/ecuh4BlBavkmWM14\/58mUb1omDl2IaaptzaLDTA6ugToypJypAh9\/e0g2VZ5E7\/NqcbQzxCRXaEwGmBP7EcYt2UfDTIq+9Wr3xXrzWLeUz+sMin2jQec7jbHpvgK+tcA0tqsywfEHAxippv1nLLoa3yKCh70jwx6x70utiIA\/911d"} +00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032352156412,"flow_src_last_pkt_time":1648032352156412,"flow_dst_last_pkt_time":1648032352156412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032352156412,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1648032352156412,"flow_dst_last_pkt_time":1648032352156412,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_usec":1648032352156412,"pkt":"AQBeAAD7CL6sCxduCABFAABJPd1AAP8RkCHAqAwB4AAA+xTpFOkANSaSAAAAAAACAAAAAAAABV9pcHBzBF90Y3AFbG9jYWwAAAwAAQRfaXBwwBIADAAB"} +00978{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032352156412,"flow_src_last_pkt_time":1648032352156412,"flow_dst_last_pkt_time":1648032352156412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032352156412,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","mdns": {}}} +00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353524693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524693,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353524693,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524693,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwV5hAAEARsUTAqAypW2wJI5\/KBXgAHDtQAAEAACESpEJIMnFVQ1lxbmo0T2k="} +01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":542,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353524693,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524693,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353524739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524739,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353524739,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524739,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwAJRAAEARBFXAqAypW2wNF5\/KBXgAHHQdAAEAACESpEJIUHBYOFJCa1BTZ3I="} +01201{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":543,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353524739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524739,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353524758,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353524758,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524758,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwhapAAEARe1PAqAypW2wRAp\/KBXgAHEVfAAEAACESpEJ6MlBsUVQ4ZXFBUGU="} +01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":544,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353524758,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524758,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353524853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524853,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353524853,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524853,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwV5lAAEARsUPAqAypW2wJI6TVBXgAHErTAAEAACESpEJkbkR6YnRjOCtUeXU="} +01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":545,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353524853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524853,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353524865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524865,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353524865,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524865,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwAJVAAEARBFTAqAypW2wNF6TVBXgAHA1WAAEAACESpEJySFdkRXFhMm8xbWY="} +01201{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":546,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353524865,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524865,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353524980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524980,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353524980,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032353524980,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwhatAAEARe1LAqAypW2wRAqTVBXgAHD1nAAEAACESpEJhWUs4ZHp0RDFIYlM="} +01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":547,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353524980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353524980,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524693,"flow_dst_last_pkt_time":1648032353554802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353554802,"pkt":"mt9Y+uvcCL6sCxduCABFAABwT\/lAADIRxqNbbAkjwKgMqQV4n8oAXEAzAQEAQCESpEJIMnFVQ1lxbmo0T2kAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAATBooRE"} +00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":550,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524853,"flow_dst_last_pkt_time":1648032353554820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353554820,"pkt":"mt9Y+uvcCL6sCxduCABFAABwT\/pAADIRxqJbbAkjwKgMqQV4pNUAXBWkAQEAQCESpEJkbkR6YnRjOCtUeXUAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAAR+XQGa"} +00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353559621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353559621,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353559621,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353559621,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4V55AAEARsTbAqAypW2wJI57DBXgAJBZLAAMACCESpEJHRnE0WVpwcXk3QUQAGQAEEQAAAA=="} +01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353559621,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353559621,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353561154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353561154,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353561154,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353561154,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4AJZAAEARBEvAqAypW2wNF8IDBXgAJEywAAMACCESpEJLQjVlaHNjb05HRFcAGQAEEQAAAA=="} +01201{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353561154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353561154,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353562490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353562490,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353562490,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353562490,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4hbBAAEARe0XAqAypW2wRAsJ0BXgAJDsLAAMACCESpEJFS2c2dEFDQVFCNysAGQAEEQAAAA=="} +01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353562490,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353562490,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353563617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353563617,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353563617,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353563617,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4V59AAEARsTXAqAypW2wJI5PZBXgAJDwFAAMACCESpEJzL2NkT3M5d09DczAAGQAEEQAAAA=="} +01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":558,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353563617,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353563617,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353566545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353566545,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353566545,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353566545,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4AJdAAEARBErAqAypW2wNF5KaBXgAJGk9AAMACCESpEIvdUUyY2tqRkhzZzgAGQAEEQAAAA=="} +01201{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":559,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353566545,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353566545,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353568287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353568287,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353568287,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1648032353568287,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4hbFAAEARe0TAqAypW2wRApJEBXgAJEOkAAMACCESpEJXdzMwem5Vb2lRUDIAGQAEEQAAAA=="} +01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":560,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353568287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353568287,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353592239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353592239,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4UAFAADIRxpNbbAkjwKgMqQV4k9kAZPzIARMASCESpEJzL2NkT3M5d09DczAACQAQAAAEAVVuYXV0aG9yaXplZAAVABBhNGI2N2JkMTFmM2NiZmYyABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABO5pXhk="} +01126{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032353563617,"flow_dst_last_pkt_time":1648032353592239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353592239,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} +00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353592256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353592256,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4UAJAADIRxpJbbAkjwKgMqQV4nsMAZEcIARMASCESpEJHRnE0WVpwcXk3QUQACQAQAAAEAVVuYXV0aG9yaXplZAAVABBlYWIwNmM2ZGY2ZjJmYmQwABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABGO2Od8="} +01126{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":563,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032353559621,"flow_dst_last_pkt_time":1648032353592256,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353592256,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} +00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":565,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353594045,"flow_dst_last_pkt_time":1648032353592239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353594045,"pkt":"CL6sCxdumt9Y+uvcCABFAACYV6JAAEARsNLAqAypW2wJI5PZBXgAhCZ9AAMAaCESpEJFSFhETzUvU2I4WmwAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQYTRiNjdiZDExZjNjYmZmMgAIABSa2oTP+7Bjuk0YfAJVIWF1r6CZLw=="} +00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":567,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353594670,"flow_dst_last_pkt_time":1648032353592256,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353594670,"pkt":"CL6sCxdumt9Y+uvcCABFAACYV6NAAEARsNHAqAypW2wJI57DBXgAhH5NAAMAaCESpEJCSnNBNVVDNDVaczQAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQZWFiMDZjNmRmNmYyZmJkMAAIABQ3n8Ssx4zZQ2K\/+FBSUazQoV0PUg=="} +00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":568,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":4,"flow_src_last_pkt_time":1648032353594045,"flow_dst_last_pkt_time":1648032353637592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353637592,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4UApAADIRxopbbAkjwKgMqQV4k9kAZBfMAQMASCESpEJFSFhETzUvU2I4WmwAFgAIAAHWO3p+rWEAIAAIAAEMd3w9RQQADQAEAAAAPIAiAAROb25lAAgAFDGrj6855gYmVWWfBmziWEVvbHJ9gCgABAsNSy8="} +00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1648032353594670,"flow_dst_last_pkt_time":1648032353637618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353637618,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4UAlAADIRxotbbAkjwKgMqQV4nsMAZK7aAQMASCESpEJCSnNBNVVDNDVaczQAFgAIAAH76Hp+rWEAIAAIAAEMcHw9RQQADQAEAAAAPIAiAAROb25lAAgAFNHeh0AeJMWgFMztoIL3ae2C9iQ3gCgABLVApPM="} +00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524865,"flow_dst_last_pkt_time":1648032353658379,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353658379,"pkt":"mt9Y+uvcCL6sCxduCABFAABwWp5AAC4RvApbbA0XwKgMqQV4pNUAXGLAAQEAQCESpEJySFdkRXFhMm8xbWYAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsDReALAAIAAEFeQqgwmeAIgAETm9uZYAoAATYtphR"} +00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":574,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524739,"flow_dst_last_pkt_time":1648032353668244,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353668244,"pkt":"mt9Y+uvcCL6sCxduCABFAABwWp9AAC4RvAlbbA0XwKgMqQV4n8oAXGSUAQEAQCESpEJIUHBYOFJCa1BTZ3IAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsDReALAAIAAEFeQqgwmeAIgAETm9uZYAoAAT2q99R"} +00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524758,"flow_dst_last_pkt_time":1648032353672049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353672049,"pkt":"mt9Y+uvcCL6sCxduCABFAABwYb9AADARrv5bbBECwKgMqQV4n8oAXCujAQEAQCESpEJ6MlBsUVQ4ZXFBUGUAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsEQKALAAIAAEFeQqCwmKAIgAETm9uZYAoAAQpALNo"} +00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":578,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353524980,"flow_dst_last_pkt_time":1648032353675084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032353675084,"pkt":"mt9Y+uvcCL6sCxduCABFAABwYcBAADARrv1bbBECwKgMqQV4pNUAXHVmAQEAQCESpEJhWUs4ZHp0RDFIYlMAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsEQKALAAIAAEFeQqCwmKAIgAETm9uZYAoAAS7Js+E"} +00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353693931,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353693931,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4WqVAAC4Ru\/tbbA0XwKgMqQV4wgMAZCInARMASCESpEJLQjVlaHNjb05HRFcACQAQAAAEAVVuYXV0aG9yaXplZAAVABA2NzMyOTkyMzg2Njc4NTEyABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABG2eqec="} +01127{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":579,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032353561154,"flow_dst_last_pkt_time":1648032353693931,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353693931,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} +00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353695557,"flow_dst_last_pkt_time":1648032353693931,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353695557,"pkt":"CL6sCxdumt9Y+uvcCABFAACYAKBAAEARA+HAqAypW2wNF8IDBXgAhKOZAAMAaCESpEJBZEN4cW5HdEFGQU8AGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQNjczMjk5MjM4NjY3ODUxMgAIABRKYn5RRlidqeK90JE9dWYntqfWLQ=="} +00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353698133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353698133,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4WqZAAC4Ru\/pbbA0XwKgMqQV4kpoAZPeaARMASCESpEIvdUUyY2tqRkhzZzgACQAQAAAEAVVuYXV0aG9yaXplZAAVABA3ZjJlMDdkMzhhN2Q1YThjABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABDZy+Rc="} +01127{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032353566545,"flow_dst_last_pkt_time":1648032353698133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353698133,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} +00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":582,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353700165,"flow_dst_last_pkt_time":1648032353698133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353700165,"pkt":"CL6sCxdumt9Y+uvcCABFAACYAKFAAEARA+DAqAypW2wNF5KaBXgAhB4eAAMAaCESpEI2L3k5MTJBekgxNVIAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQN2YyZTA3ZDM4YTdkNWE4YwAIABTXGOjRtHPJu2U2mkxXIuxzgoEzTg=="} +00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353712008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353712008,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4YcdAADARru5bbBECwKgMqQV4wnQAZOVuARMASCESpEJFS2c2dEFDQVFCNysACQAQAAAEAVVuYXV0aG9yaXplZAAVABA5MjNjZjRhOTEyZWVjNjExABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABFPoPFk="} +01126{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":583,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032353562490,"flow_dst_last_pkt_time":1648032353712008,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353712008,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} +00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353715592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353715592,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4YchAADARru1bbBECwKgMqQV4kkQAZK5TARMASCESpEJXdzMwem5Vb2lRUDIACQAQAAAEAVVuYXV0aG9yaXplZAAVABAxMDliZmI2ZjU1NGFiNmFkABQADHRlbGVncmFtLm9yZ4AiAAROb25lgCgABNveHo0="} +01126{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":584,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032353568287,"flow_dst_last_pkt_time":1648032353715592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":92,"midstream":0,"thread_ts_usec":1648032353715592,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} +00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353724990,"flow_dst_last_pkt_time":1648032353712008,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353724990,"pkt":"CL6sCxdumt9Y+uvcCABFAACYhbhAAEARet3AqAypW2wRAsJ0BXgAhOBeAAMAaCESpEJOYVAxRW84NkxIcTEAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQOTIzY2Y0YTkxMmVlYzYxMQAIABTpiYU0jQHbI6r9fZq35jAxaSIy6w=="} +00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1648032353727618,"flow_dst_last_pkt_time":1648032353715592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032353727618,"pkt":"CL6sCxdumt9Y+uvcCABFAACYhblAAEARetzAqAypW2wRApJEBXgAhGZOAAMAaCESpEJoMWhNTlhETUJIWlUAGQAEEQAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQMTA5YmZiNmY1NTRhYjZhZAAIABS50SfZ32flyf6YLkGd\/QoaStRrpQ=="} +00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":4,"flow_src_last_pkt_time":1648032353695557,"flow_dst_last_pkt_time":1648032353827428,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353827428,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4WqlAAC4Ru\/dbbA0XwKgMqQV4wgMAZNM9AQMASCESpEJBZEN4cW5HdEFGQU8AFgAIAAHSfHp+qVUAIAAIAAEMcXw9RQQADQAEAAAAPIAiAAROb25lAAgAFLgmrFOsF293H+j5NDMwvQveTpPagCgABNdIUvI="} +00651{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":591,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1648032353700165,"flow_dst_last_pkt_time":1648032353830219,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353830219,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4WqpAAC4Ru\/ZbbA0XwKgMqQV4kpoAZLrOAQMASCESpEI2L3k5MTJBekgxNVIAFgAIAAGk4Hp+qVUAIAAIAAEMdHw9RQQADQAEAAAAPIAiAAROb25lAAgAFAQrWx0xApu7OPqs0BEvTiGNp9XzgCgABGn+fTk="} +00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1648032353727618,"flow_dst_last_pkt_time":1648032353874651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353874651,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4Yd5AADARrtdbbBECwKgMqQV4kkQAZFfPAQMASCESpEJoMWhNTlhETUJIWlUAFgAIAAGtKHp+tUAAIAAIAAEMdXw9RQQADQAEAAAAPIAiAAROb25lAAgAFKZqEf90CTHzpfFMz5vo5sBQG9RPgCgABG5qQFs="} +00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":595,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":4,"flow_src_last_pkt_time":1648032353724990,"flow_dst_last_pkt_time":1648032353874706,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1648032353874706,"pkt":"mt9Y+uvcCL6sCxduCABFAAB4Yd1AADARrthbbBECwKgMqQV4wnQAZC\/uAQMASCESpEJOYVAxRW84NkxIcTEAFgAIAAGQcnp+tUAAIAAIAAEMdnw9RQQADQAEAAAAPIAiAAROb25lAAgAFF3+Rj5Hta+ica6d\/P9rht\/UDl8zgCgABKQP2Jo="} +00699{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_packet_id":5,"flow_src_last_pkt_time":1648032353978197,"flow_dst_last_pkt_time":1648032353874706,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1648032353978197,"pkt":"CL6sCxdumt9Y+uvcCABFAACchcVAAEAReszAqAypW2wRAsJ0BXgAiIp+AAgAbCESpEI3MUdDb3hWZ0E3NDkAEgAIAAGHKCs8w4oABgAdMTY0ODA1Mzk1Mzo3M2Y4MDM4Y2E2NTEwMmQ1YjUAAAAAFAAMdGVsZWdyYW0ub3JnABUAEDkyM2NmNGE5MTJlZWM2MTEACAAUAszBFpLQ4u7F\/QJhwRDKspnQbNs="} +00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1648032353978986,"flow_dst_last_pkt_time":1648032353827428,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1648032353978986,"pkt":"CL6sCxdumt9Y+uvcCABFAACcALNAAEARA8rAqAypW2wNF8IDBXgAiMkmAAgAbCESpEJ0UmRSMzVqcDhWL1kAEgAIAAGHKCs8w4oABgAdMTY0ODA1Mzk1Mzo3M2Y4MDM4Y2E2NTEwMmQ1YjUAAAAAFAAMdGVsZWdyYW0ub3JnABUAEDY3MzI5OTIzODY2Nzg1MTIACAAUbtWKpYmT+PYhcRulJujD4geAPOA="} +00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1648032353979030,"flow_dst_last_pkt_time":1648032353637618,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1648032353979030,"pkt":"CL6sCxdumt9Y+uvcCABFAACcV8FAAEARsK\/AqAypW2wJI57DBXgAiFzeAAgAbCESpEJLaEd2a0srdWZmaFcAEgAIAAGHKCs8w4oABgAdMTY0ODA1Mzk1Mzo3M2Y4MDM4Y2E2NTEwMmQ1YjUAAAAAFAAMdGVsZWdyYW0ub3JnABUAEGVhYjA2YzZkZjZmMmZiZDAACAAUou+k3ZoALmVPw8\/5VjA1fhf0byM="} +00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353980549,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032353980549,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3nBAAEARHLXAqAypCi5nyKWlpjoAbMb5AAEAUCESpEJPWEdZRU12Q2M1emIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUHa4B58DlCkqNNIW2N\/CJ9XQ+OsmAKAAEIkgRlA=="} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032353980549,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032353980549,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} +00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354029382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354029382,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3nRAAEARHLHAqAypCi5nyJ\/KpjoAbAm8AAEAUCESpEJCRXZwZkpKcGErWXYABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUV+RY7KavrTSyyjnYz1cDc6MlH+eAKAAEpABGKg=="} +01225{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":625,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032354029382,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354029382,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} +00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354077734,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354077734,"pkt":"CL6sCxdumt9Y+uvcCABFAACAq5pAAEARVurAqAypXSQNc6WlikEAbG5EAAEAUCESpEJQRW1oRjBpWkxwdVIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUeafd1aPwqIpYtKwwpuDeqKaNUbSAKAAEORW\/pw=="} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":633,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354077734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354077734,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} +00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354126265,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354126265,"pkt":"CL6sCxdumt9Y+uvcCABFAACAq55AAEARVubAqAypXSQNc5\/KikEAbGK3AAEAUCESpEJMbE5LWHlWbCtGZlIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAU9Z04zkepdoWOsJ4ulp8YAe9jLUWAKAAEwATfyg=="} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":642,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354126265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":100,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354126265,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} +00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354077734,"flow_dst_last_pkt_time":1648032354153456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1648032354153456,"pkt":"mt9Y+uvcCL6sCxduCABFAABckpZAADYRehJdJA1zwKgMqYpBpaUASG0rAQEALCESpEJQRW1oRjBpWkxwdVIAIAAIAAEMenw9RQQACAAUrYd+q6RhgtRWxOyn0FCZYgykzwuAKAAEkVZ5KQ=="} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354165754,"flow_dst_last_pkt_time":1648032354153456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1648032354165754,"pkt":"CL6sCxdumt9Y+uvcCABFAAAzq6JAAEARVy\/AqAypXSQNc6WlikEAH+78q+Dhs46p+vnyB59A6gTAmoVxX5wJtWc="} +00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1648032354165754,"flow_dst_last_pkt_time":1648032354166263,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032354166263,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8kpdAADYRefFdJA1zwKgMqYpBpaUAaPtpAAEATCESpEJnZHVuWHZ4blRHNEYABgAJU3VVMzpsL3djAAAAwFcABAADA4SAKQAIAAAAAAAAAAAAJAAEbn8fAAAIABSu\/Dy1RdR7tJjCJ1zcoT327GhS+4AoAASaKnbd"} +00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1648032354168082,"flow_dst_last_pkt_time":1648032354166263,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1648032354168082,"pkt":"CL6sCxdumt9Y+uvcCABFAABcq6NAAEARVwXAqAypXSQNc6WlikEASKUEAQEALCESpEJnZHVuWHZ4blRHNEYAIAAIAAGrU3w2qTEACAAUIG4EHSxC102rwPqBEsHP66FXaP6AKAAEYOyISA=="} +00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":655,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354193397,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1648032354193397,"pkt":"mt9Y+uvcCL6sCxduCABFAABckphAADYRehBdJA1zwKgMqYpBn8oASHsvAQEALCESpEJMbE5LWHlWbCtGZlIAIAAIAAEMcnw9RQQACAAU5wiFHkDSFZpOYeIzmE3UX454Y5WAKAAEDXbTAg=="} +00654{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":663,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354126265,"flow_dst_last_pkt_time":1648032354253306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032354253306,"pkt":"mt9Y+uvcCL6sCxduCABFAAB8kp1AADYReetdJA1zwKgMqYpBn8oAaCMkAAEATCESpEJIcTZVWmxodDUwUysABgAJU3VVMzpsL3djAAAAwFcABAADA4SAKQAIAAAAAAAAAAAAJAAEbn8fAAAIABQBRhbWlQ7rMVy3PFduS9dj7gJsXoAoAARM5ARh"} +00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":4,"flow_src_last_pkt_time":1648032354255084,"flow_dst_last_pkt_time":1648032354253306,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1648032354255084,"pkt":"CL6sCxdumt9Y+uvcCABFAABcq61AAEARVvvAqAypXSQNc5\/KikEASJBeAQEALCESpEJIcTZVWmxodDUwUysAIAAIAAGrU3w2qTEACAAUOSToq9gxyjIfvqnLxYFg75erULqAKAAEpWnpWQ=="} +00663{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354274610,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354274610,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3npAAEARHKvAqAypCi5nyKWlpjoAbOFzAAEAUCESpEJtdnE4djNMTnl3dk0ABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUDInqNRBWk8dEJqTJc6HmCvGSZlqAKAAEY6GN3A=="} +00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":682,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1648032354323453,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354323453,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3n5AAEARHKfAqAypCi5nyJ\/KpjoAbLNZAAEAUCESpEJFbzlBWnVtb3doY3gABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUhaAVye4hAtQKKUN05sPT8bSFgCSAKAAEE\/ftBA=="} +00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":687,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354372109,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354372109,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3oFAAEARHKTAqAypCi5nyKWlpjoAbMtbAAEAUCESpEJTRTZGa284cW1DQmIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUzYBYKBlzlZ6Eaa\/nFMVbWPeH8RSAKAAER59Heg=="} +00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1648032354421706,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354421706,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3oNAAEARHKLAqAypCi5nyJ\/KpjoAbNnMAAEAUCESpEJkVUE4UWRoMit2dFIABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAU9E6Knx5J8q4IYolGkKVYGZzVeFSAKAAEDziXvg=="} +00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354824070,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354824070,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5} +00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1648032354824070,"pkt":"MzMAAAACCL6sCxduht1gAAAAABA6\/\/6AAAAAAAAACr6s\/\/4LF27\/AgAAAAAAAAAAAAAAAAAChQDivgAAAAABAQi+rAsXbg=="} +00919{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354824070,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354824070,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::2","l4_proto":"icmp6","ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +02458{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":715,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032354886306,"flow_dst_last_pkt_time":1648032354873460,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":237,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":1854,"flow_dst_tot_l4_payload_len":649,"midstream":0,"thread_ts_usec":1648032354886306,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":49,"avg":51751.5,"max":474673,"stddev":95446.3,"var":9109989376.0,"ent":3.6,"data": [75722,88020,12807,2328,9002,48923,21674,183,117533,50,18901,57450,295,20709,49,35124,54640,306358,41620,24769,9929,17729,18103,17365,474673,50,42102,15504,14083,40108,18495]},"pktlen": {"min":49,"avg":106.2,"max":265,"stddev":48.9,"var":2396.0,"ent":4.9,"data": [128,92,51,124,92,128,128,65,71,92,92,124,54,92,64,49,124,92,265,119,119,119,119,119,265,53,64,59,119,119,79,119]},"bins": {"c_to_s": [3,2,11,3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0],"entropies": [5.404182434,5.729283333,5.265467167,5.614555359,5.634122849,5.456954956,5.404182434,5.653138161,5.772913456,5.756935120,5.745695591,5.598426342,5.458592415,5.767434120,5.687500000,5.328994274,5.576209545,5.797379017,7.103881836,6.518718719,6.438805580,6.381202221,6.471578598,6.393888950,7.201899052,5.463770390,5.656250000,5.577555180,6.334901810,6.354772091,5.879608154,6.455611706]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":721,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1648032354972956,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032354972956,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3rRAAEARHHHAqAypCi5nyKWlpjoAbKiIAAEAUCESpEJIMGllM1hUOElYclgABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUIfqSi1aNpSsABSuloxN5Y\/\/7Bh2AKAAEpHJZAg=="} +00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":724,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354991775,"flow_src_last_pkt_time":1648032354991775,"flow_dst_last_pkt_time":1648032354991775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354991775,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":724,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1648032354991775,"flow_dst_last_pkt_time":1648032354991775,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":107,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":107,"pkt_l4_len":53,"thread_ts_usec":1648032354991775,"pkt":"MzMAAAD7CL6sCxduht1gAkk0ADUR\/\/6AAAAAAAAACr6s\/\/4LF27\/AgAAAAAAAAAAAAAAAAD7FOkU6QA1CIEAAAAAAAIAAAAAAAAFX2lwcHMEX3RjcAVsb2NhbAAADAABBF9pcHDAEgAMAAE="} +00987{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":724,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354991775,"flow_src_last_pkt_time":1648032354991775,"flow_dst_last_pkt_time":1648032354991775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032354991775,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"_ipps._tcp.local","mdns": {}}} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":789,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1648032355975233,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032355975233,"pkt":"CL6sCxdumt9Y+uvcCABFAACA3utAAEARHDrAqAypCi5nyJ\/KpjoAbCQ0AAEAUCESpEIvMksvQTdhNmdaMWQABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUQn4OwxCruPYNs70ikufkqqbqY\/aAKAAEQjwa\/g=="} +00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1648032356977510,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032356977510,"pkt":"CL6sCxdumt9Y+uvcCABFAACA30tAAEARG9rAqAypCi5nyKWlpjoAbB1JAAEAUCESpEJQUjdKd1ZWNmhPSU8ABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUtAHrdAcRYAd6FYxrNDpUw59dLBmAKAAE\/jQVgw=="} +00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":802,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1648032357478346,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1648032357478346,"pkt":"CL6sCxdumt9Y+uvcCABFAACA33BAAEARG7XAqAypCi5nyJ\/KpjoAbEUJAAEAUCESpEI1bVMyQnh5OXM3MmMABgAJbC93YzpTdVUzAAAAwFcABAADAAqAKgAIAAAAAAAAAAAAJQAAACQABG5\/HwAACAAUAMPiAwxW\/GHCKSC9Q5d15nRSFMKAKAAEOjwk\/w=="} +00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":807,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032359090868,"flow_src_last_pkt_time":1648032359090868,"flow_dst_last_pkt_time":1648032359090868,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032359090868,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"52.58.18.25","src_port":40710,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":807,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1648032359090868,"flow_dst_last_pkt_time":1648032359090868,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1648032359090868,"pkt":"CL6sCxdumt9Y+uvcCABFAABAS0lAAEAG28rAqAypNDoSGZ8GFGZ2npAv5mpAKoAYAKzxSgAAAQEICkEsdOlPerjBwv4ABQAAAAANIwHG"} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":808,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1648032359090868,"flow_dst_last_pkt_time":1648032359106963,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032359106963,"pkt":"mt9Y+uvcCL6sCxduCABFAAA0p+FAAOsG1D00OhIZwKgMqRRmnwbmakAqdp6QO4AQAHIM9gAAAQEICk97b0RBLHTp"} +00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":809,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1648032359090868,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1648032359107008,"pkt":"mt9Y+uvcCL6sCxduCABFAABAp+JAAOsG1DA0OhIZwKgMqRRmnwbmakAqdp6QO4AYAHI69AAAAQEICk97b0VBLHTpwv4ABQAAAAANIwHG"} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":810,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032359108251,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0S0pAAEAG29XAqAypNDoSGZ8GFGZ2npA75mpANoAQAKwMngAAAQEICkEsdPpPe29F"} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":819,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032353554802,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363557266,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwWxxAAEARrcDAqAypW2wJI5\/KBXgAHJMEAAEAACESpEJKWGZZVmEzZGpzK04="} +01125{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":819,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032353554802,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363557266,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":820,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032353554820,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363557512,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwWx1AAEARrb\/AqAypW2wJI6TVBXgAHEc2AAEAACESpEJaT3lOZUhRVUNaSWY="} +01125{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":820,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032353554820,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363557512,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":821,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032363587689,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363587689,"pkt":"mt9Y+uvcCL6sCxduCABFAABwVUlAADIRwVNbbAkjwKgMqQV4n8oAXLPRAQEAQCESpEJKWGZZVmEzZGpzK04AIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAAQThhZ3"} +00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":822,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032363587715,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363587715,"pkt":"mt9Y+uvcCL6sCxduCABFAABwVUpAADIRwVJbbAkjwKgMqQV4pNUAXGDgAQEAQCESpEJaT3lOZUhRVUNaSWYAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsCSOALAAIAAEFeQpDQmOAIgAETm9uZYAoAATgolB7"} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":823,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032353658379,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363660886,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwBFlAAEARAJDAqAypW2wNF6TVBXgAHIUQAAEAACESpEJ4TDNiVmMzcVJ5TTE="} +01126{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":823,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032353658379,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363660886,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":824,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032353668244,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363670970,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwBFpAAEARAI\/AqAypW2wNF5\/KBXgAHDFOAAEAACESpEJ4Mld2aHpNWHgzMEw="} +01126{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":824,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032353668244,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363670970,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":825,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032353672049,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363673567,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwiUNAAEARd7rAqAypW2wRAp\/KBXgAHEXLAAEAACESpEJOZGorcy85N3hYOEQ="} +01125{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":825,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032353672049,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363673567,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":826,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032353675084,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1648032363677290,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwiURAAEARd7nAqAypW2wRAqTVBXgAHGCFAAEAACESpEJZeUEvTW1CRVIxeUE="} +01125{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":826,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032353675084,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1648032363677290,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} +00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":827,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032363794064,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363794064,"pkt":"mt9Y+uvcCL6sCxduCABFAABwXVNAAC4RuVVbbA0XwKgMqQV4pNUAXC8AAQEAQCESpEJ4TDNiVmMzcVJ5TTEAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsDReALAAIAAEFeQqgwmeAIgAETm9uZYAoAASEVJgu"} +00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032363805878,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363805878,"pkt":"mt9Y+uvcCL6sCxduCABFAABwXVZAAC4RuVJbbA0XwKgMqQV4n8oAXDw7AQEAQCESpEJ4Mld2aHpNWHgzMEwAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsDReALAAIAAEFeQqgwmeAIgAETm9uZYAoAAQ+iHz\/"} +00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032363819830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363819830,"pkt":"mt9Y+uvcCL6sCxduCABFAABwZztAADARqYJbbBECwKgMqQV4n8oAXJquAQEAQCESpEJOZGorcy85N3hYOEQAIAAIAAEMcnw9RQQAAQAIAAEtYF0v4UaAKwAIAAEFeFtsEQKALAAIAAEFeQqCwmKAIgAETm9uZYAoAASOxt8C"} +00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":830,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032363826861,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1648032363826861,"pkt":"mt9Y+uvcCL6sCxduCABFAABwZzxAADARqYFbbBECwKgMqQV4pNUAXP6KAQEAQCESpEJZeUEvTW1CRVIxeUEAIAAIAAEMc3w9RQQAAQAIAAEtYV0v4UaAKwAIAAEFeFtsEQKALAAIAAEFeQqCwmKAIgAETm9uZYAoAAQL9hiv"} +00710{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":831,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1648032364328703,"flow_dst_last_pkt_time":1648032334318608,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1648032364328703,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACg8T1AAEARrr7AqAwBwKgM\/0RcRFwAjFAceyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNDEwNzAzNTIwMDMwMzgwNzA5MTc5NzYyNjA1Mzg1NzIwNTQ5OTksICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"} +00960{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":833,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032334213678,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032364495680,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +02007{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":836,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1648032336639074,"flow_src_last_pkt_time":1648032364799931,"flow_dst_last_pkt_time":1648032364830191,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":578,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":12707,"midstream":0,"thread_ts_usec":1648032364830191,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":8,"avg":1817805.6,"max":25078496,"stddev":6146606.0,"var":37780767899648.0,"ent":1.5,"data": [29139,30566,480,31562,35447,6512,41656,9889,49,31,23,46927,8,41719,2909634,2997736,16,16,15,2357,76,56,44252,15,34,56,139,73,125,25044870,25078496]},"pktlen": {"min":52,"avg":482.7,"max":1280,"stddev":530.0,"var":280877.2,"ent":4.1,"data": [60,60,52,630,262,52,205,221,1280,1280,1280,700,52,52,52,381,1280,1280,1280,1280,1280,1280,680,52,52,52,52,52,52,52,52,52]},"bins": {"c_to_s": [14,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1],"entropies": [4.859216213,5.266787529,5.156889439,7.555443287,7.119448662,5.118427753,6.908961773,6.987295628,7.824494839,7.835509300,7.843729496,7.724673271,5.195351124,5.094483852,5.115703106,7.462384224,7.834102154,7.851257801,7.840057850,7.862158298,7.844310284,7.831385612,7.709258080,5.156889439,5.041504860,5.079966545,5.118427753,5.156889439,5.156889439,5.115703106,5.077241421,5.156889439]}} +00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":842,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1648032366834628,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1648032366834628,"pkt":"MzMAAAACmt9Y+uvcht1gAAAAABA6\/\/6AAAAAAAAAmN9Y\/\/7669z\/AgAAAAAAAAAAAAAAAAAChQC\/wAAAAAABAZrfWPrr3A=="} +00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":843,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1648032366834658,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":70,"pkt_l4_len":16,"thread_ts_usec":1648032366834658,"pkt":"MzMAAAACmt9Y+uvcht1gAAAAABA6\/\/6AAAAAAAAAmN9Y\/\/7669z\/AgAAAAAAAAAAAAAAAAAChQC\/wAAAAAABAZrfWPrr3A=="} +00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1648032367732783,"flow_dst_last_pkt_time":1648032353637592,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032367732783,"pkt":"CL6sCxdumt9Y+uvcCABFAACYXJxAAEARq9jAqAypW2wJI5PZBXgAhA\/JAAQAaCESpEJBcGdMQnQ5T2VTWlAADQAEAAAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQYTRiNjdiZDExZjNjYmZmMgAIABS1pJxBqJPfDf+FiivEmPFrLMwd4g=="} +00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_packet_id":5,"flow_src_last_pkt_time":1648032367733104,"flow_dst_last_pkt_time":1648032353830219,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032367733104,"pkt":"CL6sCxdumt9Y+uvcCABFAACYBHJAAEARAA\/AqAypW2wNF5KaBXgAhEftAAQAaCESpEJKd2lTVytqR09teHQADQAEAAAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQN2YyZTA3ZDM4YTdkNWE4YwAIABQpM2EIdxvQJh1tc4hEATxmCLSVKQ=="} +00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":852,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1648032367733413,"flow_dst_last_pkt_time":1648032353874651,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_usec":1648032367733413,"pkt":"CL6sCxdumt9Y+uvcCABFAACYiqdAAEARde7AqAypW2wRApJEBXgAhJK2AAQAaCESpEJLSE9pcnJGVENxRXoADQAEAAAAAAAGAB0xNjQ4MDUzOTUzOjczZjgwMzhjYTY1MTAyZDViNQAAAAAUAAx0ZWxlZ3JhbS5vcmcAFQAQMTA5YmZiNmY1NTRhYjZhZAAIABS\/34sPfahin5BHG\/PkvedGGFl+eQ=="} +00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":860,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032367762702,"flow_src_last_pkt_time":1648032367762702,"flow_dst_last_pkt_time":1648032367762702,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032367762702,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} +00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":860,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1648032367762702,"flow_dst_last_pkt_time":1648032367762702,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032367762702,"pkt":"CL6sCxdumt9Y+uvcCABFwAB8VLcAAEAB8ynAqAypW2wJIwMDLzsAAAAARQAAYFe7QAAyEb7xW2wJI8CoDKkFeJ7DAEwpDwEEADAhEqRCOU9SdFJMb28vZnBpAA0ABAAAAACAIgAETm9uZQAIABQWnSCybuekV\/exPSudWYHv7DhfEYAoAAQA9KQL"} +01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":860,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032367762702,"flow_src_last_pkt_time":1648032367762702,"flow_dst_last_pkt_time":1648032367762702,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032367762702,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","l4_proto":"icmp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.590070}} +00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":861,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1648032367764744,"flow_dst_last_pkt_time":1648032367762702,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032367764744,"pkt":"CL6sCxdumt9Y+uvcCABFwAB8VLgAAEAB8yjAqAypW2wJIwMDLzsAAAAARQAAYFe8QAAyEb7wW2wJI8CoDKkFeJPZAEy9nAEEADAhEqRCQXBnTEJ0OU9lU1pQAA0ABAAAAACAIgAETm9uZQAIABSTWZ780EmFr0qRvpHmP19WWJ92ZoAoAAR+N+o\/"} +00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":869,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032367859462,"flow_src_last_pkt_time":1648032367859462,"flow_dst_last_pkt_time":1648032367859462,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032367859462,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} +00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":869,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1648032367859462,"flow_dst_last_pkt_time":1648032367859462,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032367859462,"pkt":"CL6sCxdumt9Y+uvcCABFwAB81loAAEABbZLAqAypW2wNFwMDMy8AAAAARQAAYF\/zQAAuEbbFW2wNF8CoDKkFeMIDAEwIRQEEADAhEqRCMkJ1Qk5mZlZTZDJNAA0ABAAAAACAIgAETm9uZQAIABSWeB6wlJc9B2Ka\/i76tTq8JQr4boAoAAQFS1Qp"} +01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":869,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032367859462,"flow_src_last_pkt_time":1648032367859462,"flow_dst_last_pkt_time":1648032367859462,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032367859462,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","l4_proto":"icmp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.612482}} +00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1648032367864669,"flow_dst_last_pkt_time":1648032367859462,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032367864669,"pkt":"CL6sCxdumt9Y+uvcCABFwAB81lsAAEABbZHAqAypW2wNFwMDMy8AAAAARQAAYF\/0QAAuEbbEW2wNF8CoDKkFeJKaAEzE4QEEADAhEqRCSndpU1crakdPbXh0AA0ABAAAAACAIgAETm9uZQAIABQPNVNRz4szF0100qKPc8TsBV2eFYAoAARAKe5T"} +00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":874,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032367877247,"flow_src_last_pkt_time":1648032367877247,"flow_dst_last_pkt_time":1648032367877247,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032367877247,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} +00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1648032367877247,"flow_dst_last_pkt_time":1648032367877247,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032367877247,"pkt":"CL6sCxdumt9Y+uvcCABFwAB8pogAAEABmXnAqAypW2wRAgMDNxoAAAAARQAAYGkyQAAwEaebW2wRAsCoDKkFeMJ0AExkFwEEADAhEqRCWXFROFI2akdHVHBiAA0ABAAAAACAIgAETm9uZQAIABQ73DX4akHHG\/t7arnPhHpDd\/3YyIAoAARsGubG"} +01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":874,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032367877247,"flow_src_last_pkt_time":1648032367877247,"flow_dst_last_pkt_time":1648032367877247,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":104,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032367877247,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","l4_proto":"icmp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.737482}} +00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_src_last_pkt_time":1648032367885663,"flow_dst_last_pkt_time":1648032367877247,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1648032367885663,"pkt":"CL6sCxdumt9Y+uvcCABFwAB8pokAAEABmXjAqAypW2wRAgMDNxoAAAAARQAAYGk1QAAwEaeYW2wRAsCoDKkFeJJEAEylPgEEADAhEqRCS0hPaXJyRlRDcUV6AA0ABAAAAACAIgAETm9uZQAIABTZOmmRI5FcQW+rAa8g\/fpFll3GzoAoAASHsPRA"} +00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":877,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373241368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032373241368,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373241368,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_usec":1648032373241368,"pkt":"mt9Y+uvcCL6sCxduCABFAABT6ldAAOsGItsSw6JdwKgMqQG7mCy7WPtHxPlC24AYAHtr3AAAAQEICnkLeDpCTgbkFQMDABr+u10WYqqjSVLzlRa1hyPjBkG+M0x+dgZKjg=="} +01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373241368,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032373241368,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1648032373241368,"flow_dst_last_pkt_time":1648032373315177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032373315177,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0tt9AAEAGAXPAqAypEsOiXZgsAbvE+ULbu1j7ZoAQAMhy4gAAAQEICkJO9JB5C3g6"} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":888,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1648032378245645,"flow_dst_last_pkt_time":1648032373315177,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032378245645,"pkt":"mt9Y+uvcCL6sCxduCABFAAA06lhAAOsGIvkSw6JdwKgMqQG7mCy7WPtmxPlC24ARAHtfogAAAQEICnkLi8ZCTvSQ"} +00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1648032378245645,"flow_dst_last_pkt_time":1648032378336597,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648032378336597,"pkt":"CL6sCxdumt9Y+uvcCABFAAA0tuBAAEAGAXLAqAypEsOiXZgsAbvE+ULbu1j7Z4AQAMhLuAAAAQEICkJPCC15C4vG"} +01068{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032336009920,"flow_src_last_pkt_time":1648032336041683,"flow_dst_last_pkt_time":1648032336040673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37948,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"50": {"risk":"TCP Connection Issues","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00791{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032336009920,"flow_src_last_pkt_time":1648032336041683,"flow_dst_last_pkt_time":1648032336040673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01086{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":156,"flow_dst_packets_processed":214,"flow_first_seen":1648032336009996,"flow_src_last_pkt_time":1648032377077811,"flow_dst_last_pkt_time":1648032377149578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":30433,"flow_dst_tot_l4_payload_len":128721,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37950,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully encrypted flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":156,"flow_dst_packets_processed":214,"flow_first_seen":1648032336009996,"flow_src_last_pkt_time":1648032377077811,"flow_dst_last_pkt_time":1648032377149578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":30433,"flow_dst_tot_l4_payload_len":128721,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37950,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01076{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1648032340008639,"flow_src_last_pkt_time":1648032340089757,"flow_dst_last_pkt_time":1648032340162942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":466,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37966,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully encrypted flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1648032340008639,"flow_src_last_pkt_time":1648032340089757,"flow_dst_last_pkt_time":1648032340162942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":466,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":10,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032367726063,"flow_dst_last_pkt_time":1648032367761550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":888,"flow_dst_tot_l4_payload_len":816,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354824070,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032334318608,"flow_src_last_pkt_time":1648032364328703,"flow_dst_last_pkt_time":1648032334318608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032363819830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524739,"flow_src_last_pkt_time":1648032363670970,"flow_dst_last_pkt_time":1648032363805878,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524693,"flow_src_last_pkt_time":1648032363557266,"flow_dst_last_pkt_time":1648032363587689,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01252{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1648032353980549,"flow_src_last_pkt_time":1648032367002740,"flow_dst_last_pkt_time":1648032353980549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":42405,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032352156412,"flow_src_last_pkt_time":1648032352156412,"flow_dst_last_pkt_time":1648032352156412,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1648032334213648,"flow_src_last_pkt_time":1648032366834658,"flow_dst_last_pkt_time":1648032334213648,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip6","src_ip":"fe80::98df:58ff:fefa:ebdc","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354991775,"flow_src_last_pkt_time":1648032354991775,"flow_dst_last_pkt_time":1648032354991775,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":45,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":45,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":45,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01078{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1648032336020865,"flow_src_last_pkt_time":1648032346150156,"flow_dst_last_pkt_time":1648032346134942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":604,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":2022,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46862,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully encrypted flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00802{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":8,"flow_first_seen":1648032336020865,"flow_src_last_pkt_time":1648032346150156,"flow_dst_last_pkt_time":1648032346134942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":386,"flow_dst_max_l4_payload_len":604,"flow_src_tot_l4_payload_len":1229,"flow_dst_tot_l4_payload_len":2022,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46862,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01077{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1648032336039036,"flow_src_last_pkt_time":1648032346150274,"flow_dst_last_pkt_time":1648032346134975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":773,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46866,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully encrypted flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00801{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1648032336039036,"flow_src_last_pkt_time":1648032346150274,"flow_dst_last_pkt_time":1648032346134975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":370,"flow_dst_max_l4_payload_len":773,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":1418,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.51","src_port":46866,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01084{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":80,"flow_dst_packets_processed":100,"flow_first_seen":1648032336638090,"flow_src_last_pkt_time":1648032364833042,"flow_dst_last_pkt_time":1648032364830140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":578,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":1999,"flow_dst_tot_l4_payload_len":114100,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40830,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully encrypted flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00808{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":80,"flow_dst_packets_processed":100,"flow_first_seen":1648032336638090,"flow_src_last_pkt_time":1648032364833042,"flow_dst_last_pkt_time":1648032364830140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":578,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":1999,"flow_dst_tot_l4_payload_len":114100,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40830,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01082{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1648032336639074,"flow_src_last_pkt_time":1648032364836832,"flow_dst_last_pkt_time":1648032364830191,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":578,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":12707,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40832,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully encrypted flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1648032336639074,"flow_src_last_pkt_time":1648032364836832,"flow_dst_last_pkt_time":1648032364830191,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":578,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":12707,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01076{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1648032336710519,"flow_src_last_pkt_time":1648032336807614,"flow_dst_last_pkt_time":1648032336880010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":684,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":684,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40834,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully encrypted flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1648032336710519,"flow_src_last_pkt_time":1648032336807614,"flow_dst_last_pkt_time":1648032336880010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":684,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":684,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032367726487,"flow_dst_last_pkt_time":1648032367858291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":452,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01252{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032367501855,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032367733413,"flow_dst_last_pkt_time":1648032367880227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":276,"flow_dst_tot_l4_payload_len":252,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01258{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":59,"flow_dst_packets_processed":55,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032356099058,"flow_dst_last_pkt_time":1648032356073261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":15509,"flow_dst_tot_l4_payload_len":6792,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01134{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032367726813,"flow_dst_last_pkt_time":1648032367876128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":452,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367877247,"flow_src_last_pkt_time":1648032367885663,"flow_dst_last_pkt_time":1648032367877247,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01080{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367859462,"flow_src_last_pkt_time":1648032367864669,"flow_dst_last_pkt_time":1648032367859462,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367762702,"flow_src_last_pkt_time":1648032367764744,"flow_dst_last_pkt_time":1648032367762702,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1648032353566545,"flow_src_last_pkt_time":1648032367733104,"flow_dst_last_pkt_time":1648032367862465,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":276,"flow_dst_tot_l4_payload_len":252,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":37530,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01097{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032373241368,"flow_src_last_pkt_time":1648032378245645,"flow_dst_last_pkt_time":1648032378336597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"18.195.162.93","dst_ip":"192.168.12.169","src_port":443,"dst_port":38956,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00958{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032359090868,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"52.58.18.25","src_port":40710,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"AmazonAWS","proto_id":"265","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} +00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032359090868,"flow_src_last_pkt_time":1648032359108251,"flow_dst_last_pkt_time":1648032359107008,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":1,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"52.58.18.25","src_port":40710,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1648032353563617,"flow_src_last_pkt_time":1648032367732783,"flow_dst_last_pkt_time":1648032367761600,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":276,"flow_dst_tot_l4_payload_len":252,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":37849,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01251{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032354126265,"flow_src_last_pkt_time":1648032354255084,"flow_dst_last_pkt_time":1648032354253306,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":96,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":160,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":40906,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524980,"flow_src_last_pkt_time":1648032363677290,"flow_dst_last_pkt_time":1648032363826861,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524865,"flow_src_last_pkt_time":1648032363660886,"flow_dst_last_pkt_time":1648032363794064,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524853,"flow_src_last_pkt_time":1648032363557512,"flow_dst_last_pkt_time":1648032363587715,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":42197,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00658{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":889,"packets-processed":887,"total-skipped-flows":0,"total-l4-payload-len":330235,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":25,"total-detection-updates":12,"total-updates":1,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":256,"global_ts_usec":1648032378336597} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 889/887 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 330235 bytes +~~ total detected protocols..: 25 +~~ total active/idle flows...: 34/34 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 11589771 bytes +~~ total memory freed........: 11589771 bytes +~~ total allocations/frees...: 217880/217880 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 543 chars +~~ json string max len.......: 2463 chars +~~ json string avg len.......: 1503 chars diff --git a/test/results/default/telnet.pcap.out b/test/results/default/telnet.pcap.out index 46878a084..0db86b52f 100644 --- a/test/results/default/telnet.pcap.out +++ b/test/results/default/telnet.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":943755158387203} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":943755158387203} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755158387203,"flow_dst_last_pkt_time":943755158387203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":943755158387203,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":943755158387203,"flow_dst_last_pkt_time":943755158387203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":943755158387203,"pkt":"AADAn6CXAKDMO7\/6CABFEAA8RjxAAEAGcxzAqAACwKgAAQYOABeZxaDsAAAAAKACfXjgowAAAgQFtAQCCAoAnCckAAAAAAEDAwA="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":943755158387203,"flow_dst_last_pkt_time":943755158389728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":943755158389728,"pkt":"AKDMO7\/6AADAn6CXCABFAAA8UeMAAEAGp4XAqAABwKgAAgAXBg4X8WM9mcWg7aASQ+D7twAAAgQFqAEDAwABAQgKACWmLACcJyQ="} @@ -12,7 +12,7 @@ 01966{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755160950568,"flow_dst_last_pkt_time":943755159705066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":943755160950568,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":172,"avg":125200.9,"max":1232764,"stddev":336743.6,"var":113396252672.0,"ent":2.2,"data": [2525,2572,1588,147810,146242,172,1611,1711,3291,1327,593,1791,1069,2370,3571,617,1174,22251,20360,1248,13791,15049,1196,784,12789,12241,20023,1107336,1099990,1232764,1372]},"pktlen": {"min":52,"avg":63.2,"max":137,"stddev":18.8,"var":354.0,"ent":4.9,"data": [60,60,52,79,55,52,55,52,77,116,52,70,61,52,76,52,137,52,55,55,52,64,58,52,67,52,84,52,59,52,58,52]},"bins": {"c_to_s": [15,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,1,0,1,1,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,0,0,0],"entropies": [4.315444469,4.777318954,4.791129112,5.044729233,4.800010681,4.791129112,4.871557236,4.662475586,5.051413059,5.269734383,4.647958755,5.011583805,5.044849873,4.777860641,4.820554256,4.791128635,5.556590080,4.868052006,4.850099087,4.862643719,4.777860641,4.944003105,4.924550533,4.739398956,4.948766708,4.791129112,5.493695259,4.829590797,5.035621166,4.686420441,5.042736053,4.829590321]}} 01095{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755160950568,"flow_dst_last_pkt_time":943755159705066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":32,"flow_src_tot_l4_payload_len":203,"flow_dst_tot_l4_payload_len":139,"midstream":0,"thread_ts_usec":943755160950568,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess","telnet": {"username":"fake","password":""}}} 01083{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":48,"flow_dst_packets_processed":44,"flow_first_seen":943755158387203,"flow_src_last_pkt_time":943755197957149,"flow_dst_last_pkt_time":943755197958477,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":488,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":1371,"midstream":0,"thread_ts_usec":943755197958477,"l3_proto":"ip4","src_ip":"192.168.0.2","dst_ip":"192.168.0.1","src_port":1550,"dst_port":23,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Telnet","proto_id":"77","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":12,"category":"RemoteAccess"}} -00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":92,"packets-processed":92,"total-skipped-flows":0,"total-l4-payload-len":1660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":943755197958477} +00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":92,"source":"cfgs\/default\/pcap\/telnet.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":92,"packets-processed":92,"total-skipped-flows":0,"total-l4-payload-len":1660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":943755197958477} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 92/92 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7771469 bytes -~~ total memory freed........: 7771469 bytes -~~ total allocations/frees...: 146464/146464 +~~ total memory allocated....: 11480088 bytes +~~ total memory freed........: 11480088 bytes +~~ total allocations/frees...: 216718/216718 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 543 chars ~~ json string max len.......: 1971 chars diff --git a/test/results/default/teredo.pcap.out b/test/results/default/teredo.pcap.out index a9632dd9c..ef46f05d0 100644 --- a/test/results/default/teredo.pcap.out +++ b/test/results/default/teredo.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1438853615305874} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1438853615305874} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1438853615305874,"flow_src_last_pkt_time":1438853615305874,"flow_dst_last_pkt_time":1438853615305874,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1438853615305874,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1438853615305874,"flow_dst_last_pkt_time":1438853615305874,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1438853615305874,"pkt":"bEFqjICJABsXAAEVCABFAABZWboAAH4R6SsKcBBqwogcTM0hDdgARX2HAAEAALEbP+pGqa\/pAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="} 01053{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1438853615305874,"flow_src_last_pkt_time":1438853615305874,"flow_dst_last_pkt_time":1438853615305874,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1438853615305874,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -30,7 +30,7 @@ 01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1438853619792073,"flow_src_last_pkt_time":1438853619792073,"flow_dst_last_pkt_time":1438853619844656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":1438853653403120,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1438853615305874,"flow_src_last_pkt_time":1438853653349933,"flow_dst_last_pkt_time":1438853653403120,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":122,"flow_dst_tot_l4_payload_len":218,"midstream":0,"thread_ts_usec":1438853653403120,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1438853629357785,"flow_src_last_pkt_time":1438853629357785,"flow_dst_last_pkt_time":1438853629411015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":109,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":109,"midstream":0,"thread_ts_usec":1438853653403120,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Teredo","proto_id":"214","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1438853653403120} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/teredo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-payload-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1438853653403120} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 ~~ skipped flows.............: 0 @@ -39,9 +39,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7776041 bytes -~~ total memory freed........: 7776041 bytes -~~ total allocations/frees...: 146439/146439 +~~ total memory allocated....: 11484596 bytes +~~ total memory freed........: 11484596 bytes +~~ total allocations/frees...: 216693/216693 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 567 chars ~~ json string max len.......: 1103 chars diff --git a/test/results/default/tftp.pcap.out b/test/results/default/tftp.pcap.out index 936938d98..bfd57533f 100644 --- a/test/results/default/tftp.pcap.out +++ b/test/results/default/tftp.pcap.out @@ -1,11 +1,9 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946730124846355} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946730124846355} 00765{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54626,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":946730124846355,"pkt":"9Opn97JCCAAnntJbCABFAAAv+hlAAEAR3pisHAQ1rBAFqtViAEUAGx52AAEAAAAAAAAAAAAAAG9jdGV0AA=="} -01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54626,"dst_port":69,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":""}}} 00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54632,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00513{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":51,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":51,"pkt_l4_len":17,"thread_ts_usec":946730124846355,"pkt":"9Opn97JCCAAnntJbCABFAAAl+hlAAEAR3pisHAQ1rBAFqtVoAEUAER52AAEAb2N0ZXQA"} -01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54632,"dst_port":69,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":""}}} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":946730124846355,"pkt":"AFCN14tDAAu+GJpACABFAAAwAAAAAP8ROWXAqAD9wKgACsW6AEUAHD4gAAFyZmMxMzUwLnR4dABvY3RldAA="} 01080{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":"rfc1350.txt"}}} @@ -17,15 +15,17 @@ 01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":516,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":516,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":1032,"flow_dst_tot_l4_payload_len":8,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":""}}} 01194{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"thread_ts_usec":946730124846355,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkygAAIARI03AqAAKwKgA\/Q11xboCDFT\/AAMAA3Byb3RvY29sIHdhcyBvcmlnaW5hbGx5IGRlc2lnbmVkIGJ5IE5vZWwgQ2hpYXBwYSwgYW5kIHdhcwogICByZWRlc2lnbmVkIGJ5IGhpbSwgQm9iIEJhbGR3aW4gYW5kIERhdmUgQ2xhcmssIHdpdGggY29tbWVudHMgZnJvbQogICBTdGV2ZSBTenltYW5za2kuICBUaGUgY3VycmVudCByZXZpc2lvbiBvZiB0aGUgZG9jdW1lbnQgaW5jbHVkZXMKICAgbW9kaWZpY2F0aW9ucyBzdGVtbWluZyBmcm9tIGRpc2N1c3Npb25zIHdpdGggYW5kIHN1Z2dlc3Rpb25zIGZyb20KICAgTGFycnkgQWxsZW4sIE5vZWwgQ2hpYXBwYSwgRGF2ZSBDbGFyaywgR2VvZmYgQ29vcGVyLCBNaWtlIEdyZWVud2FsZCwKICAgTGl6YSBNYXJ0aW4sIERhdmlkIFJlZWQsIENyYWlnIE1pbG8gUm9nZXJzIChvZiBVU0MtSVNJKSwgS2F0aHkKICAgWWVsbGljaywgYW5kIHRoZSBhdXRob3IuICBUaGUgYWNrbm93bGVkZ2VtZW50IGFuZCByZXRyYW5zbWlzc2lvbgogICBzY2hlbWUgd2FzIGluc3BpcmVkIGJ5IFRDUCwgYW5kIHRoZSBlcnJv"} 02174{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":516,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":516,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":8256,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":946730124846355,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":0.0,"max":0,"stddev":0.0,"var":0.0,"ent":0.0,"data": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"pktlen": {"min":46,"avg":295.0,"max":544,"stddev":249.0,"var":62001.0,"ent":4.4,"data": [544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.265709877,3.000972986,4.623624802,3.000972986,4.859318733,3.000972986,4.935849667,2.941084146,4.381216049,2.957494497,4.600720406,3.000972986,4.634294987,3.000972986,4.567757130,3.000972986,4.459813595,3.000972986,4.388016701,2.941084146,4.358253002,3.000972986,4.537627220,2.941084146,4.658279419,2.941084146,4.567505836,3.000972986,4.506970406,3.000972986,4.253873825,3.000972986]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":102,"packets-processed":101,"total-skipped-flows":0,"total-l4-payload-len":25039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":946733724846355} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":102,"packets-processed":101,"total-skipped-flows":0,"total-l4-payload-len":25039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":946733724846355} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946733724846355,"flow_src_last_pkt_time":946733724846355,"flow_dst_last_pkt_time":946733724846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54627,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":946733724846355,"flow_dst_last_pkt_time":946733724846355,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":946733724846355,"pkt":"9Opn97JCCAAnntJbCABFAAAv+hlAAEAR3pisHAQ1rBAFqtVjAEUAGx52AAFzeXNtYW4ubGlzAG9jdGV0AA=="} 01079{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946733724846355,"flow_src_last_pkt_time":946733724846355,"flow_dst_last_pkt_time":946733724846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54627,"dst_port":69,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":"sysman.lis"}}} -01187{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54626,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -01184{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54632,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":160,"client":80,"server":80}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} +01078{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54626,"dst_port":69,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":""}}} +00768{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54626,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +01075{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54632,"dst_port":69,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":""}}} +00765{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":9,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":9,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54632,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01103{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":49,"flow_dst_packets_processed":49,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":516,"flow_dst_max_l4_payload_len":4,"flow_src_tot_l4_payload_len":24795,"flow_dst_tot_l4_payload_len":196,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946730124846355,"flow_src_last_pkt_time":946730124846355,"flow_dst_last_pkt_time":946730124846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946733724846355,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":103,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":25058,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":946737844630728} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":103,"packets-processed":102,"total-skipped-flows":0,"total-l4-payload-len":25058,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":946737844630728} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946737844630728,"flow_src_last_pkt_time":946737844630728,"flow_dst_last_pkt_time":946737844630728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946737844630728,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":946737844630728,"flow_dst_last_pkt_time":946737844630728,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":946737844630728,"pkt":"eCSvPj0DAFBWn8+KCABFAAAuYudAAEARdJqsHAVbrBwFqq5KAEUAGkfgAAJ6ei5iaW4AbmV0YXNjaWkA"} 01075{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946737844630728,"flow_src_last_pkt_time":946737844630728,"flow_dst_last_pkt_time":946737844630728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946737844630728,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer","tftp": {"filename":"zz.bin"}}} @@ -38,18 +38,18 @@ 01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":946737844631726,"flow_src_last_pkt_time":946737844632198,"flow_dst_last_pkt_time":946737844632149,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4,"flow_dst_max_l4_payload_len":516,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":1032,"midstream":0,"thread_ts_usec":946737844632198,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946733724846355,"flow_src_last_pkt_time":946733724846355,"flow_dst_last_pkt_time":946733724846355,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":19,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":19,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":19,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946737844632198,"l3_proto":"ip4","src_ip":"172.28.4.53","dst_ip":"172.16.5.170","src_port":54627,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} 01084{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946737844630728,"flow_src_last_pkt_time":946737844630728,"flow_dst_last_pkt_time":946737844630728,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946737844632198,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TFTP","proto_id":"96","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":4,"category":"DataTransfer"}} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":107,"packets-processed":107,"total-skipped-flows":0,"total-l4-payload-len":26116,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":946737844632198} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/tftp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":107,"packets-processed":107,"total-skipped-flows":0,"total-l4-payload-len":26116,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":946737844632198} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 107/107 ~~ skipped flows.............: 0 ~~ total layer4 data length..: 26116 bytes -~~ total detected protocols..: 7 +~~ total detected protocols..: 5 ~~ total active/idle flows...: 7/7 -~~ total timeout flows.......: 0 +~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7782862 bytes -~~ total memory freed........: 7782862 bytes -~~ total allocations/frees...: 146546/146546 +~~ total memory allocated....: 11491267 bytes +~~ total memory freed........: 11491267 bytes +~~ total allocations/frees...: 216798/216798 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 517 chars ~~ json string max len.......: 2179 chars diff --git a/test/results/default/threema.pcap.out b/test/results/default/threema.pcap.out index 385286c89..db7701427 100644 --- a/test/results/default/threema.pcap.out +++ b/test/results/default/threema.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655301424082000} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655301424082000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655301424082000,"flow_src_last_pkt_time":1655301424082000,"flow_dst_last_pkt_time":1655301424082000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655301424082000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50298,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655301424082000,"flow_dst_last_pkt_time":1655301424082000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655301424082000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8sOJAAD8GIgbAqAJkuVjsbsR6FGaFcI59AAAAAKAC\/\/+zrwAAAgQFtAQCCAoADj6fAAAAAAEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655301424082000,"flow_dst_last_pkt_time":1655301424108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655301424108000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxHpp4+23hXCOfqAS\/\/9\/CwAAAgQFrAEDAwYEAggK7ZTvbAAOPp8="} @@ -21,7 +21,7 @@ 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1655301676990000,"flow_dst_last_pkt_time":1655301676985000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1655301676990000,"pkt":"eJS0JASgYDjgxTWgCABFAABkOh1AAD8GmKPAqAJkuVjsbsVEFGa+1hz2PrdC4oAYAVeW7QAAAQEICgAPJvYNuzbqEUJFmOSyRNdj1OXy3vj+pKv1w2\/HNx68wOhAgRLg2k5Ez5IOu8sHTBCPJKxiuLUM"} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1655301676990000,"flow_dst_last_pkt_time":1655301677017000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1655301677017000,"pkt":"YDjgxTWgeJS0JASgCABFAACEAABAADgG2aC5WOxuwKgCZBRmxUQ+t0LivtYdJoAYBBT1kQAAAQEICg27NwgADyb2pST6cJDhur1ILq6UIEWtlnuQFkcU2\/xfWadEuFW78qsYg5wMjFnUvaWsfnK6Fp3dpRxs6\/7D1WxjM2X8\/Gu1wMcVtNcAnkhA9GW1gMlDC+8="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1655301676958000,"flow_src_last_pkt_time":1655301678700000,"flow_dst_last_pkt_time":1655301677048000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":404,"midstream":0,"thread_ts_usec":1655301678700000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50500,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":43,"packets-processed":42,"total-skipped-flows":0,"total-l4-payload-len":4306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1655304039977000} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":43,"packets-processed":42,"total-skipped-flows":0,"total-l4-payload-len":4306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1655304039977000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655304039977000,"flow_src_last_pkt_time":1655304039977000,"flow_dst_last_pkt_time":1655304039977000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655304039977000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50618,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1655304039977000,"flow_dst_last_pkt_time":1655304039977000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655304039977000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8D\/ZAAD8GwvLAqAJkuVjsbsW6FGZ91skoAAAAAKAC\/\/\/3HAAAAgQFtAQCCAoAEMbeAAAAAAEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1655304039977000,"flow_dst_last_pkt_time":1655304040001000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655304040001000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxbp03BGqfdbJKaAS\/\/+2UQAAAgQFrAEDAwYEAggKO2t+0gAQxt4="} @@ -30,7 +30,7 @@ 00656{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1655304040005000,"flow_dst_last_pkt_time":1655304040029000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1655304040029000,"pkt":"YDjgxTWgeJS0JASgCABFAACEAABAADgG2aC5WOxuwKgCZBRmxbp03BGrfdbJWYAYBBS+bwAAAQEICjtrfvAAEMblDwmY0u1\/FJJlG8pGMzR4DHUA2SbDCPgL7VMIbmcQJS5Wyz7JHVONLuWdk575DHG9THznkpqJQgv38Qj\/f\/dhFRs1\/8YAkvYQ2sZA5fjM1T8="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":3,"flow_first_seen":1655304039977000,"flow_src_last_pkt_time":1655304040312000,"flow_dst_last_pkt_time":1655304040064000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":595,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":675,"midstream":0,"thread_ts_usec":1655304040312000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50618,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":4,"flow_first_seen":1655301676958000,"flow_src_last_pkt_time":1655301738438000,"flow_dst_last_pkt_time":1655301678762000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":324,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":404,"midstream":0,"thread_ts_usec":1655304045367000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50500,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":5258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1655306704436000} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":5258,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1655306704436000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655306704436000,"flow_src_last_pkt_time":1655306704436000,"flow_dst_last_pkt_time":1655306704436000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655306704436000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50718,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1655306704436000,"flow_dst_last_pkt_time":1655306704436000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655306704436000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8W4NAAD8Gd2XAqAJkuVjsbsYeFGbGZSToAAAAAKAC\/\/+Z2wAAAgQFtAQCCAoAEn9rAAAAAAEDAwg="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1655306704436000,"flow_dst_last_pkt_time":1655306704460000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655306704460000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxh4tYXzzxmUk6aAS\/\/9+tQAAAgQFrAEDAwYEAggKd2P5ZgASf2s="} @@ -38,7 +38,7 @@ 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1655306704464000,"flow_dst_last_pkt_time":1655306704460000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1655306704464000,"pkt":"eJS0JASgYDjgxTWgCABFAABkW4VAAD8GdzvAqAJkuVjsbsYeFGbGZSTpLWF89IAYAVetkAAAAQEICgASf3J3Y\/lmEUJFmOSyRNdj1OXy3vj+pKv1w2\/HNx68wOhAgRLg2k4sbataBLDe6as2OUn4cnpB"} 00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1655306704464000,"flow_dst_last_pkt_time":1655306704488000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1655306704488000,"pkt":"YDjgxTWgeJS0JASgCABFAACEAABAADgG2aC5WOxuwKgCZBRmxh4tYXz0xmUlGYAYBBTJUQAAAQEICndj+YQAEn9yeZWV+OdkU0mSnCGppCSAJbL9JS8rd+OXEO3cXQRLF+HwyR8sz+yuANi\/FNlAZNb3PrHf0YF9udqW3VvcrW+\/D2pjQJ1v\/TFBzsLCAdVVzZ8="} 00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1655304039977000,"flow_src_last_pkt_time":1655304045367000,"flow_dst_last_pkt_time":1655304045364000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":595,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":675,"midstream":0,"thread_ts_usec":1655306704559000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50618,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5631,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":5,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":1655307958972000} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5631,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":5,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":41,"global_ts_usec":1655307958972000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655307958972000,"flow_src_last_pkt_time":1655307958972000,"flow_dst_last_pkt_time":1655307958972000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655307958972000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50860,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1655307958972000,"flow_dst_last_pkt_time":1655307958972000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655307958972000,"pkt":"eJS0JASgYDjgxTWgCABFAAA80XZAAD8GAXLAqAJkuVjsbsasFGYhOI\/mAAAAAKAC\/\/\/0UwAAAgQFtAQCCAoAFl6QAAAAAAEDAwg="} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1655307958972000,"flow_dst_last_pkt_time":1655307958996000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655307958996000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAADgG2ei5WOxuwKgCZBRmxqxr+FC1ITiP56AS\/\/\/D1gAAAgQFrAEDAwYEAggK\/JV3MgAWXpA="} @@ -51,7 +51,7 @@ 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":6,"flow_first_seen":1655301591783000,"flow_src_last_pkt_time":1655301621987000,"flow_dst_last_pkt_time":1655301622013000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":735,"flow_dst_max_l4_payload_len":468,"flow_src_tot_l4_payload_len":1396,"flow_dst_tot_l4_payload_len":662,"midstream":0,"thread_ts_usec":1655308018973000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50484,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 01062{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1655307958972000,"flow_src_last_pkt_time":1655308018973000,"flow_dst_last_pkt_time":1655308018969000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1655308018973000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50860,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"51": {"risk":"Fully encrypted flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"7":"Match by IP"},"proto":"Threema","proto_id":"305","proto_by_ip":"Threema","proto_by_ip_id":305,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00784{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1655307958972000,"flow_src_last_pkt_time":1655308018973000,"flow_dst_last_pkt_time":1655308018969000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":191,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":239,"flow_dst_tot_l4_payload_len":134,"midstream":0,"thread_ts_usec":1655308018973000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"185.88.236.110","src_port":50860,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":83,"packets-processed":83,"total-skipped-flows":0,"total-l4-payload-len":6004,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_usec":1655308018973000} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/threema.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":83,"packets-processed":83,"total-skipped-flows":0,"total-l4-payload-len":6004,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_usec":1655308018973000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 83/83 ~~ skipped flows.............: 0 @@ -60,9 +60,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7792188 bytes -~~ total memory freed........: 7792188 bytes -~~ total allocations/frees...: 146515/146515 +~~ total memory allocated....: 11500727 bytes +~~ total memory freed........: 11500727 bytes +~~ total allocations/frees...: 216769/216769 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 545 chars ~~ json string max len.......: 1067 chars diff --git a/test/results/default/thrift.pcap.out b/test/results/default/thrift.pcap.out index 1a0c2c00e..00bd401ed 100644 --- a/test/results/default/thrift.pcap.out +++ b/test/results/default/thrift.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618939325157360} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618939325157360} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325157360,"flow_dst_last_pkt_time":1618939325157360,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618939325157360,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618939325157360,"flow_dst_last_pkt_time":1618939325157360,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618939325157360,"pkt":"ZGV2aWNlZHJpdmVyCABFAAA0aulAAIAGAACp\/jv3qf4uBNCLKwLKdsytAAAAAIACIAB\/HQAAAgQFtAEDAwgBAQQC"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618939325157360,"flow_dst_last_pkt_time":1618939325157427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618939325157427,"pkt":"ZHJpdmVyZGV2aWNlCABFAAA0AABAAD4Gvc2p\/i4Eqf479ysC0Iu7suEFynbMroASchBOjwAAAgQFtAEBBAIBAwMG"} @@ -8,14 +8,14 @@ 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325157555,"flow_dst_last_pkt_time":1618939325157427,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618939325157555,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1618939325157555,"flow_dst_last_pkt_time":1618939325157615,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1618939325157615,"pkt":"ZHJpdmVyZGV2aWNlCABFAAAoqt1AAD4GEvyp\/i4Eqf479ysC0Iu7suEGynbM1lAQAcn\/fwAAAAAAAAAA"} 02111{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325159246,"flow_dst_last_pkt_time":1618939325159187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2920,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":3250,"flow_dst_tot_l4_payload_len":7422,"midstream":0,"thread_ts_usec":1618939325159246,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":59,"avg":119.8,"max":188,"stddev":47.3,"var":2241.9,"ent":4.8,"data": [67,135,60,188,60,179,118,60,178,118,59,178,119,60,178,118,59,178,123,123,119,60,187,132,60,183,118,69,188,120,119]},"pktlen": {"min":40,"avg":375.2,"max":2960,"stddev":637.8,"var":406764.6,"ent":3.6,"data": [52,52,40,80,46,88,80,46,80,82,46,106,121,46,311,90,46,104,78,89,79,1500,628,40,1500,628,40,1500,628,40,780,2960]},"bins": {"c_to_s": [5,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1],"s_to_c": [6,3,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,0],"entropies": [4.382568836,4.855899811,4.571928978,4.561148643,4.565871716,5.056412220,4.614388943,4.549460888,4.772574902,4.961133480,4.462504387,4.880326271,3.973908663,4.549460888,5.147182465,4.755144119,4.565872192,4.847397804,4.628648281,4.771815300,4.955598831,6.128622055,6.129070759,4.621928692,6.089191914,6.081182480,4.621928692,6.083991051,6.070480347,4.621928692,6.112934589,6.078311443]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":171,"packets-processed":170,"total-skipped-flows":0,"total-l4-payload-len":85745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1622206473205908} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":171,"packets-processed":170,"total-skipped-flows":0,"total-l4-payload-len":85745,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1622206473205908} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1622206473205908,"flow_src_last_pkt_time":1622206473205908,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4894,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4894,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4894,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622206473205908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49164,"dst_port":6831,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 07056{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1622206473205908,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":4936,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4936,"pkt_l4_len":4902,"thread_ts_usec":1622206473205908,"pkt":"AAAAAAAAAAAAAAAACABFABM6Zi5AAEARw4J\/AAABfwAAAcAMGq8TJhE6goGygQEJZW1pdEJhdGNoHBwYGG1hdHJpeC5vcmcgdGVzdF93b3JrZXItMRk8GA5qYWVnZXIudmVyc2lvbhUAGAxQeXRob24tNC4xLjAAGAJpcBUAGA8xNzYuMTI2LjI0MC4xNTgAGAhob3N0bmFtZRUAGBVoaXBwb2dyaWZmLm1hdHJpeC5vcmcAABn8FBaGuaOvmYTOqQQWABbMtcCLqNbW4eoBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFprMtIHs2OEFFrAHGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI3NzUxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWnNG0gezY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWxJryxpeBoekEFgAWyPDeuea8r6YuFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFval54Hs2OEFFqwJGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI3ODMxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW\/qvngezY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAgAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgAAAAAW8uWpt+qqgKsEFgAWqYLBtf270evxARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbonO2B7NjhBRbeBxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyNzgzOAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFoSh7YHs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFvqGnZy9+dfwAhYAFtO46sffyaa7GhYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaOjdaC7NjhBRaqBhk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyNzk4NQAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFtaQ1oLs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFuzjrKCg6bX5ARYAFpqsg8CNmf7v3wEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWxozeguzY4QUW1AcZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjc5OTQAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBb4kN6C7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABbgo7HM4sDc9gIWABat27nxrfeN4TsWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW5q\/Cg+zY4QUW+AcZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MjgxMDgAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBawtMKD7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABbcivTis8qLvAEWABbczvODu7Ks5pEBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFrrbloTs2OEFFrQFGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4MjQxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFuaWr8eDzPlFFgAW2IOOiNmRvvVRFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFqjTnoTs2OEFFsIFGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4MjUyABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWrtaehOzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWqOOBz+7B0NMCFgAW5qywk4TRx6YBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFs6wo4Ts2OEFFsoDGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4MjU2ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFozT1u+3sNX5AxYAFruLnr+svsXNXBYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhas7ryE7NjhBRbKCxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyODI5MwAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFqD2vITs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFuTvlKK6tbniBBYAFt7TxoLztJ7ExgEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWqrLkhezY4QUW3g0ZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjg1NzMAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBbMu+SF7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABaAqfv135ayxQEWABbxqpG05PnOr20WABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW3PrvhezY4QUWgAIZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjg1ODUAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAW7v+RypLGwoIFFgAWpa2JyqmV2qBHFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFs7htobs2OEFFvoKGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4NzA2ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW2Oi2huzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWvrSo25Lk6ZEBFgAW\/Mu25N3Uuy8WABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWnKqph+zY4QUWygQZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjg4MjcAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWqqCtwe+ZmegCFgAWrqHm7O\/56JRtFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFrT9rYfs2OEFFrgMGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI4ODM3ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW6oSuh+zY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAgAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgAAAAAWtIi99PnliOMDFgAWr4D1oIH+tqbMARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbIi9iH7NjhBRa4Cxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyODg4NgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFvyS2Ifs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFpiG28yl9YTqAxYAFp6Khpqln4D\/vAEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWtIWniOzY4QUWwgcZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MjkwMDUAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBa6iqeI7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABbU4KrL85XASBYAFtnRoOjBlpPt8wEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW9tnkiOzY4QUW4AYZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MjkxMDgAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBaI3uSI7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYCABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAAAAABbyn72E39iHyQIWABb8lfCbktCR8\/QBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFo7D84js2OEFFtYGGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5MTMyABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWtMfziOzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAW1r+jys2k3sEBFgAWqbSn9uzasMAgFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFpDVs4ns2OEFFsYIGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5MjM4ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWutqziezY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAAAA=="} 01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1622206473205908,"flow_src_last_pkt_time":1622206473205908,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4894,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4894,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4894,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622206473205908,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49164,"dst_port":6831,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 00980{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":66,"flow_dst_packets_processed":104,"flow_first_seen":1618939325157360,"flow_src_last_pkt_time":1618939325167655,"flow_dst_last_pkt_time":1618939325167596,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":6875,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":14450,"flow_dst_tot_l4_payload_len":71295,"midstream":0,"thread_ts_usec":1622206473205908,"l3_proto":"ip4","src_ip":"169.254.59.247","dst_ip":"169.254.46.4","src_port":53387,"dst_port":11010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} 06247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1622206484939295,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":4322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":4322,"pkt_l4_len":4288,"thread_ts_usec":1622206484939295,"pkt":"AAAAAAAAAAAAAAAACABFABDUa\/ZAAEARwCB\/AAABfwAAAcAMGq8QwA7UgoG0gQEJZW1pdEJhdGNoHBwYGG1hdHJpeC5vcmcgdGVzdF93b3JrZXItMRk8GA5qYWVnZXIudmVyc2lvbhUAGAxQeXRob24tNC4xLjAAGAJpcBUAGA8xNzYuMTI2LjI0MC4xNTgAGAhob3N0bmFtZRUAGBVoaXBwb2dyaWZmLm1hdHJpeC5vcmcAABn8FBa0g7LzyrnngQEWABblrKGoxcOvpxwWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWhLSTiuzY4QUW8AIZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0Mjk0MDQAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWtv6FuMfW8JgCFgAW3qHqkaHita3BARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbAwKqK7NjhBRbKAxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyOTQ0MgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkMABbstN+sgbOr9wMWABbIn4yOmKP384MBFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFuSY7ovs2OEFFp4JGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5NjcxABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwWlp\/ui+zY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAW0tWM2OiK4r0BFgAWo+eQwO2qkOjeARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAha414eM7NjhBRbmBhk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQyOTcwNAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFsDbh4zs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgIAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYAAAAAFpryttmhxKdTFgAWseWtqrqlgq9cFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFtqLpI3s2OEFFtYFGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDI5OTMwABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFtrmpq3dmcfxARYAFtjY6ratrM+VrgEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWqsnLjezY4QUWpAgZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzAwMTYAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAW3sK6\/MSryJHTARYAFqLGvoqEgZqcLBYAGAZ4eHgxMjMlBhaUjfCM7NjhBRbc+Z4BGRwYEXNhbXBsaW5nLnByaW9yaXR5FQZGAgAZDAAWyKqwjd6emYcEFgAW4qH\/nbeXkeoCFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFuyjkY7s2OEFFtAMGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDMwMTM1ABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGRwW8KuRjuzY4QUZLBgYd2FraW5nX3VwX2V4cGxpY2l0X3VzZXJzFQZGAAAYGHdha2luZ191cF9leHBsaWNpdF9yb29tcxUGRgIAAAAWpLug4Pyk6vkCFgAW3OjsypaSgdgeFgAYGHByb2Nlc3MtcmVwbGljYXRpb24tZGF0YSUCFryryo7s2OEFFsIDGTwYCnJlcXVlc3RfaWQVABghcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhLTE2NDMwMjMwABgMc2FtcGxlci50eXBlFQAYDXByb2JhYmlsaXN0aWMAGA1zYW1wbGVyLnBhcmFtFQInP4R64UeuFHsAGQwAFvzArf3L35zQBBYAFq2f5a3mhJWg9QEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIW\/P7pjuzY4QUW+AYZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzAyODAAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWkvOmk8WC2swCFgAWtI7dwaDc4Z2\/ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbqnOWP7NjhBRaWCxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMDQ3MAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFvSj5Y\/s2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFpTB1qCT2cqkBBYAFvSMwrWC39zRxQEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWtOPrj+zY4QUWigYZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzA0ODAAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBbi5uuP7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYAABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAgAAABb+mOqot9nKqQQWABa2lJymztvVvjYWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWgpOxkOzY4QUWwgEZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzA1ODAAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWjv\/Q15zA+P8DFgAW+\/2iuY3E3+P9ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaepeOQ7NjhBRaWBBk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMDY1OAAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFsyn45Ds2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFujnhs\/6qqS7AxYAFub224W23ojIPhYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaGgYeS7NjhBRamAhk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMDk2NQAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkMABakkI\/xl8iqzQMWABaIpcHvzq\/79SoWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWzNuwkuzY4QUWwAoZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzEwMzQAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZHBa04rCS7NjhBRksGBh3YWtpbmdfdXBfZXhwbGljaXRfdXNlcnMVBkYCABgYd2FraW5nX3VwX2V4cGxpY2l0X3Jvb21zFQZGAAAAABa8+tv72OzRmAIWABbH5c6EkKG4hCIWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWloTAkuzY4QUW4gEZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzEwNTYAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAW\/N+I9eTZqIwDFgAWg7v+\/4PfgvG7ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhbQ+fuS7NjhBRbcAxk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMTE0MgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFtz7+5Ls2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgAAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYCAAAAFsSeqPfrlcbzAhYAFqXK8qPO186QwAEWABgYcHJvY2Vzcy1yZXBsaWNhdGlvbi1kYXRhJQIWlNCJk+zY4QUW9AMZPBgKcmVxdWVzdF9pZBUAGCFwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGEtMTY0MzExNjgAGAxzYW1wbGVyLnR5cGUVABgNcHJvYmFiaWxpc3RpYwAYDXNhbXBsZXIucGFyYW0VAic\/hHrhR64UewAZDAAWxPPB2pP1wZMBFgAW+KuAr+XO8fi\/ARYAGBhwcm9jZXNzLXJlcGxpY2F0aW9uLWRhdGElAhaO\/8uU7NjhBRa6BBk8GApyZXF1ZXN0X2lkFQAYIXByb2Nlc3MtcmVwbGljYXRpb24tZGF0YS0xNjQzMTQzNgAYDHNhbXBsZXIudHlwZRUAGA1wcm9iYWJpbGlzdGljABgNc2FtcGxlci5wYXJhbRUCJz+EeuFHrhR7ABkcFuyBzJTs2OEFGSwYGHdha2luZ191cF9leHBsaWNpdF91c2VycxUGRgIAGBh3YWtpbmdfdXBfZXhwbGljaXRfcm9vbXMVBkYAAAAAAAA="} 01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1622206473205908,"flow_src_last_pkt_time":1622206484939295,"flow_dst_last_pkt_time":1622206473205908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":4280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":4894,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":9174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1622206484939295,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49164,"dst_port":6831,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Thrift","proto_id":"345","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":16,"category":"RPC"}} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":172,"packets-processed":172,"total-skipped-flows":0,"total-l4-payload-len":94919,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1622206484939295} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":172,"source":"cfgs\/default\/pcap\/thrift.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":172,"packets-processed":172,"total-skipped-flows":0,"total-l4-payload-len":94919,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_usec":1622206484939295} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 172/172 ~~ skipped flows.............: 0 @@ -24,9 +24,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7775937 bytes -~~ total memory freed........: 7775937 bytes -~~ total allocations/frees...: 146555/146555 +~~ total memory allocated....: 11484540 bytes +~~ total memory freed........: 11484540 bytes +~~ total allocations/frees...: 216809/216809 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 530 chars ~~ json string max len.......: 7061 chars diff --git a/test/results/default/tinc.pcap.out b/test/results/default/tinc.pcap.out index 901b2d77e..48ad281d4 100644 --- a/test/results/default/tinc.pcap.out +++ b/test/results/default/tinc.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1495983427717971} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1495983427717971} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983427717971,"flow_src_last_pkt_time":1495983427717971,"flow_dst_last_pkt_time":1495983427717971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983427717971,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1495983427717971,"flow_dst_last_pkt_time":1495983427717971,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1495983427717971,"pkt":"ABcILL3nACbGCvpSCABFEAA8vEtAAEAGvw6DcqgbuVPacOds2We5l\/9AAAAAAKACchD0JwAAAgQFtAQCCAp3tTETAAAAAAEDAwc="} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983427744301,"flow_src_last_pkt_time":1495983427744301,"flow_dst_last_pkt_time":1495983427744301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983427744301,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -34,7 +34,7 @@ 01229{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":101,"flow_dst_packets_processed":29,"flow_first_seen":1495983428000367,"flow_src_last_pkt_time":1495983470930418,"flow_dst_last_pkt_time":1495983470973187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1468,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":132724,"flow_dst_tot_l4_payload_len":31332,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01230{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":105,"flow_first_seen":1495983428043218,"flow_src_last_pkt_time":1495983463866065,"flow_dst_last_pkt_time":1495983463817214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1468,"flow_src_tot_l4_payload_len":28820,"flow_dst_tot_l4_payload_len":135316,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01106{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":11,"flow_first_seen":1495983427717971,"flow_src_last_pkt_time":1495983475073125,"flow_dst_last_pkt_time":1495983475073073,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1039,"flow_dst_max_l4_payload_len":1037,"flow_src_tot_l4_payload_len":2339,"flow_dst_tot_l4_payload_len":2308,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":317,"packets-processed":317,"total-skipped-flows":0,"total-l4-payload-len":338229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1495983475109122} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":317,"packets-processed":317,"total-skipped-flows":0,"total-l4-payload-len":338229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1495983475109122} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 317/317 ~~ skipped flows.............: 0 @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7786714 bytes -~~ total memory freed........: 7786714 bytes -~~ total allocations/frees...: 146731/146731 +~~ total memory allocated....: 11495285 bytes +~~ total memory freed........: 11495285 bytes +~~ total allocations/frees...: 216985/216985 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 527 chars ~~ json string max len.......: 2481 chars diff --git a/test/results/default/tk.pcap.out b/test/results/default/tk.pcap.out index e9323f788..ad8cdf714 100644 --- a/test/results/default/tk.pcap.out +++ b/test/results/default/tk.pcap.out @@ -1,5 +1,5 @@ -00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1613939315029133} +00558{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00621{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1613939315029133} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613939315029133,"flow_src_last_pkt_time":1613939315029133,"flow_dst_last_pkt_time":1613939315029133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613939315029133,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1613939315029133,"flow_dst_last_pkt_time":1613939315029133,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1613939315029133,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6W4cAAEARmyjAqAGywKgBAcryADUAJu9GCIYBAAABAAAAAAAABXdob2lzA2RvdAJ0awAAAQAB"} 01171{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1613939315029133,"flow_src_last_pkt_time":1613939315029133,"flow_dst_last_pkt_time":1613939315029133,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1613939315029133,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"whois.dot.tk","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -18,7 +18,7 @@ 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613939315127815,"flow_src_last_pkt_time":1613939315127815,"flow_dst_last_pkt_time":1613939315183610,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":89,"midstream":0,"thread_ts_usec":1613939315239614,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613939315184123,"flow_src_last_pkt_time":1613939315184123,"flow_dst_last_pkt_time":1613939315239614,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":89,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":89,"midstream":0,"thread_ts_usec":1613939315239614,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1613939315029133,"flow_src_last_pkt_time":1613939315029133,"flow_dst_last_pkt_time":1613939315127338,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1613939315239614,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00626{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1613939315239614} +00626{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tk.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1613939315239614} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7771223 bytes -~~ total memory freed........: 7771223 bytes -~~ total allocations/frees...: 146399/146399 +~~ total memory allocated....: 11479810 bytes +~~ total memory freed........: 11479810 bytes +~~ total allocations/frees...: 216653/216653 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 547 chars ~~ json string max len.......: 1177 chars diff --git a/test/results/default/tls-appdata.pcap.out b/test/results/default/tls-appdata.pcap.out index eb120b401..54ffe86f6 100644 --- a/test/results/default/tls-appdata.pcap.out +++ b/test/results/default/tls-appdata.pcap.out @@ -1,5 +1,5 @@ -00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1642636825083000} +00567{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1642636825083000} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642636825083000,"flow_src_last_pkt_time":1642636825083000,"flow_dst_last_pkt_time":1642636825083000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642636825083000,"l3_proto":"ip4","src_ip":"179.60.195.173","dst_ip":"192.168.2.100","src_port":443,"dst_port":60636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00760{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642636825083000,"flow_dst_last_pkt_time":1642636825083000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":225,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":225,"pkt_l4_len":191,"thread_ts_usec":1642636825083000,"pkt":"YDjgxTWgeJS0JASgCABFAADTdsZAAFQGdWizPMOtwKgCZAG77NyYT4Q6bz7CkoAYARcapAAAAQEICuA9efAA6xLnFwMDAJq6kl+L8CkANElxlxEecHMQmMQNkeaHxIp41zgnfTmHWl1kbYylGWBjaZG2NzJzlVXZWLztslEjbtyBdUs5oPdXaxkx+\/Qqz25LpRnvI2Oa6mejiJQ6cva3m1sq7WKg7Tr1kRyTeD3F3LCkV1iqkLWh7Tv+UIHyUeGMLTuUM2Ln4Jd+SMy0A0nofS3noQlT0jEHIJotqStJgnoJ"} 01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642636825083000,"flow_src_last_pkt_time":1642636825083000,"flow_dst_last_pkt_time":1642636825083000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642636825083000,"l3_proto":"ip4","src_ip":"179.60.195.173","dst_ip":"192.168.2.100","src_port":443,"dst_port":60636,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -7,7 +7,7 @@ 00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1642636825195000,"flow_dst_last_pkt_time":1642636825083000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_usec":1642636825195000,"pkt":"YDjgxTWgeJS0JASgCABFAAC7dshAAFQGdX6zPMOtwKgCZAG77NyYT4TZbz7CkoAYARcjuQAAAQEICuA9el8A6xLnFwMDAIJ8qPBKps43VjN1CWNCU\/WQelHzsIBMbYPAQ\/uBSeCttdwQAVQSVQY\/KbbED1BcMIjBMrVVvujIJVS8087\/CMQGAwaAK+HgSw64pU81VCnjfYTfRMnDYpHQuxsdF63QBFPXffdndgc5510Oi0rcddoDPyb3I5kt\/aPyPwwpROArhlOP"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1642636825195000,"flow_dst_last_pkt_time":1642636825302000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1642636825302000,"pkt":"eJS0JASgYDjgxTWgCABFAAAoAABAAD8GAdrAqAJkszzDrezcAbtvPsKSAAAAAFAEAABVgQAA"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1642636825195000,"flow_dst_last_pkt_time":1642636825303000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1642636825303000,"pkt":"eJS0JASgYDjgxTWgCABFAAAoAABAAD8GAdrAqAJkszzDrezcAbtvPsKSAAAAAFAEAABVgQAA"} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1643610288722000} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":429,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1643610288722000} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643610288722000,"flow_src_last_pkt_time":1643610288722000,"flow_dst_last_pkt_time":1643610288722000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643610288722000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643610288722000,"flow_dst_last_pkt_time":1643610288722000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":1643610288722000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUr1ZAAG4GmdrAqAJkNN\/GB+ZgAbs5J4UhnRUwIFAQJz3DuQAAFwMDBbsPVRnTUZmGPBlnKdgK94iLfa1WzOumranE61s0xvAtVjrmnivoUriXENTZHZ6xJ+jtI02SpI1pRFy9oatnRAti+z3dflh9zDeImNOzWaaReV7pRcOrrq7tetZhYkU+J8nisBJ42M5+CPOJz2x9RWtShEja6uVC5aX31AdfQo20rLfO\/h359IB7fzanuauTs\/HdR9kryxM8fpmunMnX8WXp67VFyeXC9tn4sMVL2L1iFuAZ2WReqtOFPjc27OdH3FdONsJrS3rdK2QVlml0LGbtHI9L05So1IHq5iGWqnYrZQ589c78wmLTg0z6Ka0yN+W3FGjoIGV3+LcQLvz6QRgjR\/kIHAJohOAQCxTc9V8F6Gv4p79TOjrL8QYreKxwrcyV7t0\/ffxHqa6wsgnwahqHz5mGSmBc+NEk20kRh8LU5Ux04uV1MrApZkpFkwVelAuPdI3nbz4UYiSP08RLjt7FwNdonwA2wk0UsATBQ2iYBLpKcWy8MNYJXPH2+OoHv7AYz4ifKDgWz1xsViG63GdMyM6QWXC1knvXeFbsFV0zb686r04l1qD5DGVWted1hpWErKnl1mFLjhp7NBh19Fu92aw6Pp1LmbPygTeDVvX2BkgA980SLqucCK1QQ\/87Y2y1rEMBDJI337XRO9fLLom3N1GZGcfdjcOmFx23h3Xsl+JOKuIRqUHcNjsuWmsI93vxv7AiXhfl3ON6PBpCzXsWfQd5CnOow3DrBISIOf0QBKNxmFchEodhvvam7eYuYBOrQVQbZqwqAEmXVvmKkPfxg11O7945k9bJbHrHGnTHIJFPF8Wi5iInrrMIczLCm1Ty3X1uvh+KSzqOKu23gp0oy8tw8FSTiaFy88XbiN7NdhsKDDqcgzhRWXEyoPsqv8ZLHWmNQtFHEc1otdBhKSXxBo4sSfSRCFeFjnRiWuoJkIwrZr\/BJCPDk0kJntgUkKLVBB9u32VxY3auwEwW8zwog0Kk3+GGDIkvqFTJNbiOxAZx3Bh00tLdNxMKdSO2fUGW4NL+WwwvLg+eGNlmxqkHecoyIHU6SnMN0ibGz7t0FimXl9FSI77SBAp8XGca7+fLewD9OHIgZzvqQJhSicTTl9ZflYmqdns0hrrJmkNCykZ4VHxI+domV7DRJABw2KvQ0HwDx5SMRpKeA2sueP598Raa+9F37mFZha6n1dhCKRSIkHPBCXwqEfhybcdOppz7dducg\/rDRmksOfTm7RdRFeBiYRjuqqdrpfrvqj4+n50RtPuOEamaACLRJe6TZ7AW60wNgZ4dbP5mBUOsUL+tGIvS3nrV+yuTsPHrJLA6h95nQQJJp1gPln6Nqwtu9dkRRA6KEKJsdtHc3JqWZjaSLJzaseg\/8y7N52Wwn6qAh47XHIlR\/ujrZyknuYN7irKa4apesgI2eDCnzFOHgd17m7AHq7vKvKmnQgplT+sFJcUwVu3nfqOhQjoDv02P5GlZXrAskO+6m+j9jtZMWk5ljB89fKaXNeLo2zjdBvluIThOvbDD4qSD+Jyi+\/ACr297jxF4hgS34EXR2bPMBCWBQ7weITTmdrwxEGtvfRK6RrUaKt0mA7Mmh2K3xkeJIyTQWAWBfCDfp+4+jtl\/HFNZ3X72EWk2uH6pI3SkOAUM71ZFkDV0zGFae0Xl1Uvj44SLDq0NxVlzOiFLtUYYjE6EZp45LPVhL8l6xcclI4RpJZwSBG5E9xwp658S+bV\/0zFdLWUxoCdi1hOVc+KmQMRQFDNgNxnLdxBG\/I6e1KPzAP3ozk4qy5VXGqPMtnuKoWBMuYqKTJjEAlG62upJHVz1g7aZjkN7ewqhTZXT4U3\/nLD+KKBpRA+6aGJQ3Wk\/Yc7YyxkVi+HCxxNdytkZcR22mmETB+o4WMzW60Iu0eFVoPREMdUcI4HUkA0F\/UGykYOAX3kyJbTw"} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1643610288724000,"flow_dst_last_pkt_time":1643610288722000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643610288724000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8r1dAAG4Gn3HAqAJkNN\/GB+ZgAbs5J4rNnRUwIFAYJz2+IQAAaUBxB\/Gc\/nglm3L+T6FaB1y1dAs="} @@ -18,11 +18,11 @@ 00786{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1642636825083000,"flow_src_last_pkt_time":1642636825195000,"flow_dst_last_pkt_time":1642636825303000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":429,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1643610288741000,"l3_proto":"ip4","src_ip":"179.60.195.173","dst_ip":"192.168.2.100","src_port":443,"dst_port":60636,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01967{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1643610288722000,"flow_src_last_pkt_time":1643610304703000,"flow_dst_last_pkt_time":1643610304703000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":4416,"flow_dst_tot_l4_payload_len":30419,"midstream":1,"thread_ts_usec":1643610304703000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":1031032.2,"max":15956000,"stddev":3917522.5,"var":15346982453248.0,"ent":1.0,"data": [2000,15000,3000,0,16000,0,0,0,0,1000,1000,0,0,0,0,0,0,0,0,0,0,0,0,15941000,1000,15956000,5000,0,19000,1000,1000]},"pktlen": {"min":40,"avg":1129.2,"max":2944,"stddev":1252.1,"var":1567845.6,"ent":4.0,"data": [1492,60,46,1492,2944,40,2944,40,40,2944,2871,40,40,40,40,1492,60,46,1492,2944,40,2944,40,2944,1492,60,46,1492,2944,40,2944,40]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0],"s_to_c": [3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,9]},"directions": [0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,0],"entropies": [7.874306679,5.500818253,4.652828693,7.888679028,7.939795017,4.981687069,7.939328194,4.931686878,4.931686878,7.934259415,7.938295841,4.981687069,4.931687355,4.931687355,4.981687069,7.885500431,5.513399124,4.565871716,7.865909100,7.927158833,4.881687164,7.936643124,4.881687164,7.934941769,7.882087708,5.613399506,4.522394180,7.860544682,7.936390877,4.881687641,7.928893089,4.912815094]}} 00939{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1643610288722000,"flow_src_last_pkt_time":1643610304703000,"flow_dst_last_pkt_time":1643610304703000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":4416,"flow_dst_tot_l4_payload_len":30419,"midstream":1,"thread_ts_usec":1643610304703000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Twitch","proto_by_ip_id":195,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":41014,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1643611942615000} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":70000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1643612754900000} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":98963,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1643614758865000} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-payload-len":41014,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1643611942615000} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-payload-len":70000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1643612754900000} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":98963,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1643614758865000} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":65,"flow_dst_packets_processed":49,"flow_first_seen":1643610288722000,"flow_src_last_pkt_time":1643614758886000,"flow_dst_last_pkt_time":1643614758885000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":2904,"flow_src_tot_l4_payload_len":11776,"flow_dst_tot_l4_payload_len":101176,"midstream":1,"thread_ts_usec":1643614758886000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.223.198.7","src_port":58976,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Twitch","proto_by_ip_id":195,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":120,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":113381,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1643614758886000} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/tls-appdata.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":120,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":113381,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1643614758886000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 120/120 ~~ skipped flows.............: 0 @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7813304 bytes -~~ total memory freed........: 7813304 bytes -~~ total allocations/frees...: 146509/146509 +~~ total memory allocated....: 11521907 bytes +~~ total memory freed........: 11521907 bytes +~~ total allocations/frees...: 216763/216763 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 533 chars ~~ json string max len.......: 4468 chars diff --git a/test/results/default/tls-esni-fuzzed.pcap.out b/test/results/default/tls-esni-fuzzed.pcap.out index d0258bd6b..ecbcb4605 100644 --- a/test/results/default/tls-esni-fuzzed.pcap.out +++ b/test/results/default/tls-esni-fuzzed.pcap.out @@ -1,5 +1,5 @@ -00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1590680386576239} +00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1590680386576239} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680386576239,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_usec":1590680386576239,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="} 01292{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680386576239,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} @@ -8,11 +8,11 @@ 01293{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847337,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680387847337,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_usec":1590680391590254,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGxnTAqAEMaBZHxcLpAbsLJg40SW6gUlAYIAANXgAAFgMBAscBAALDAwMJLl9l\/OldUJYbpqd0xOpts3Kv4zg2hroTXcdX9KeB2CBjkfBVUTqX532YPuVZHQd0J5lIK2OZH9nsSRBnWwKDWwAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAgsbxhJX9IcnjB7rdgEb2YIBohnnxEhKIToNk1er8CIioAFwBBBLtlLNXLCuP0okhISXwuyj6tgeyLGZ5yaSZ9uT3zAbum2y5l1gYjS6RGBBL9dNcuY2pA4Ze582sOuuo0cAvw2TsAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACCgcq\/jSZGFwhXJHl9nfU84W9RHblecX+XHXi+knd++egAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUjmwk2PLEJ57JKeThEiW3dFrbufb5XbXZxYdeC179v7EU6Bakj2Njpvv\/Jfo5WxPGqtwjTPLrxKpdN+3jkm4v5pXmXQY7xTIeDCWHjyEgNKkvyfWHZEc70MAkkqfNhBXSLrthF\/1heQEBlRbs1xtqteJZDPsTf1rb0lyjahdcH23rHhPVaZljcat4wh7Hka7vt+kTz6HVLMaa8+FGdKR02KYBfqCbkN5nqbjMCHPCoPKBXF7APN9aYQZNPW1vyVMZGeIilksOKMAfbO31cu423QrZX+PlzwFC6qBeqVxOTzYpLwLIxJGCnfdBRD0u85D1TvPM05OjHVwJVu9F3FEA\/S2klQ0zWf5b6ngXXAHdoEO61eGscgYik1z+CCLYUuTKEqAk5KVlL4AHAACQAE="} -01403{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01513{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680386576239,"flow_src_last_pkt_time":1590680386576239,"flow_dst_last_pkt_time":1590680386576239,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680391590254,"flow_src_last_pkt_time":1590680391590254,"flow_dst_last_pkt_time":1590680391590254,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1590680387847337,"flow_src_last_pkt_time":1590680387847337,"flow_dst_last_pkt_time":1590680387847337,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":716,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":716,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":716,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1590680391590254,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1590680391590254} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls-esni-fuzzed.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-payload-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1590680391590254} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 ~~ skipped flows.............: 0 @@ -21,10 +21,10 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7778576 bytes -~~ total memory freed........: 7778576 bytes -~~ total allocations/frees...: 146407/146407 +~~ total memory allocated....: 11487163 bytes +~~ total memory freed........: 11487163 bytes +~~ total allocations/frees...: 216661/216661 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 576 chars -~~ json string max len.......: 1509 chars -~~ json string avg len.......: 1041 chars +~~ json string max len.......: 1518 chars +~~ json string avg len.......: 1046 chars diff --git a/test/results/default/tls-rdn-extract.pcap.out b/test/results/default/tls-rdn-extract.pcap.out index 7fc58dd01..4e77f62c3 100644 --- a/test/results/default/tls-rdn-extract.pcap.out +++ b/test/results/default/tls-rdn-extract.pcap.out @@ -1,5 +1,5 @@ -00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946681200000000} +00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946681200000000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_usec":946681200000000,"pkt":"ERERERERIiIiIiIiCABFAACnLudAAIAGnZoKAAAB1ceV+3ppAbtkZ4Ye79i2a1AYQCmgXgAAFgMBAHoBAAB2AwEAAAAAM7RDB2u\/HXE+9PsbFMYgy+4A2s6CH4THeQytZwAAGAAvADUABQAKwBPAFMAJwAoAMgA4ABMABAEAADX\/AQABAAAAABMAEQAADmFkczEubXNhZHMubmV0AAUABQEAAAAAAAoABgAEABcAGAALAAIBAA=="} 01318{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"ads1.msads.net","tls": {"version":"TLSv1","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} @@ -10,7 +10,7 @@ 02497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_usec":946681200000000,"pkt":"ERERERERIiIiIiIiCABFAAXc5UxAADUGLQDVx5X7CgAAAQG7emnv2MeHZGeGnVAQGJhPMQAAiAWJbWaSMKuviDnX1C0Llpx4JK8Aq88JPhOua8Pg4c9gf4tT3ALQ87CGEd69AgMBAAGjggHaMIIB1jASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBQIQuPbThFm87UIxUDbVXwzRhGDODALBgNVHQ8EBAMCAYYwEgYJKwYBBAGCNxUBBAUCAwgACDAjBgkrBgEEAYI3FQIEFgQUforCnFoyjMJxotlPdXD3qRv2lAUwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwHwYDVR0jBBgwFoAUMyHwy\/6ioESS3vY7M9hfAUuXeF0wgaMGA1UdHwSBmzCBmDCBlaCBkqCBj4Y2aHR0cDovL21zY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvbXN3d3coNSkuY3JshjRodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL21zY29ycC9jcmwvbXN3d3coNSkuY3Jshh9odHRwOi8vY29ycHBraS9jcmwvbXN3d3coNSkuY3JsMHkGCCsGAQUFBwEBBG0wazA8BggrBgEFBQcwAoYwaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvbXN3d3coNSkuY3J0MCsGCCsGAQUFBzAChh9odHRwOi8vY29ycHBraS9haWEvbXN3d3coNSkuY3J0MA0GCSqGSIb3DQEBBQUAA4ICAQCPwtFc7xQRdxdjBzxMfGja\/oZK4iDMP7AnPdHirMiLSKbkWfc6Bq19UvH2ZWGWISKuaL4vet6zDPXpxd34ZYJdy2w+DDcRdBUJeFW9JhK71pV007z1dgkqat82xI5W1R8g33+CMNdDq2gii2paxZvQnY0LDFCFfsxagAeLA06\/vV9sVg8FqeJUw6XTUlxfTQvdBfhREgMhb5xsl5gqwcERvL0brvvjV19PHwCe4qRR0\/esCTdYpQkh0XLQssGL203cE9FUWE0rwK36Uxk1sRWoQmS37ccfpXmoDTjUUL\/0Wv8v6b8\/fTjl+yAM1E7gLx1FevsoLzFIb8xuXGhC+urICwEw7BAmQjgjqcMZuNlwGmgsksufc+bM\/zMj7ttetX8FWD9QxRwIGPTrL2KqU\/ehzd7j64IcGmdroUynaHFA0WU7QRicSeNx++tNg5PTR+ZkQsu2NRz7NA6hKPuMoacfAShR5XGUN5zcQVt8fuksI2eUnXPfX0B5o42VMMxTFwi8UIbz\/BAZgfz0Wm7z3KKadXvDrKBR7TK2WN9PjpFTatKqG13mU7iJo56JoeMp4LNs6xrMb1qqwuL2HkUp79bCQ7E7rT4m\/IGXXEj9Ylk0ksn7uaHXQgX7GfZ+MvspNNWHZuUEHcg+EPqmePUefd4aOnh83CpxBqMtbwVVI4uQ7wAFFjCCBRIwggR7oAMCAQICBAcnYgIwDQYJKoZIhvcNAQEFBQAwdTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEnMCUGA1UECxMeR1RFIEN5YmVyVHJ1c3QgU29sdXRpb25zLCBJbmMuMSMwIQYDVQQDExpHVEUgQ3liZXJUcnVzdCBHbG9iYWwgUm9vdDAeFw0xMDA0MTQxODEyMjZaFw0xODA0MTQxODEyMTRaMCcxJTAjBgNVBAMTHE1pY3Jvc29mdCBJbnRlcm5ldCBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC99M0npUrYkBnbsgp7YKROjw6Yo5x8UHbrs0qMnxiw55rFK4KGCSisERIyJvUZ6vC4Z2jFBv30Ga7ZE6DQgScIpnmcBPVIMi42H6trJuyhQ7SdgLBJA+qCSV8FE8Wgg1\/hKvQEGUt+yNqIvLVdA7x4VqHpf8Vq77b\/HQFZtx9TWl\/G+JFtxX1Dkxg="} 03594{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":5,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":6754,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TLS.Microsoft","proto_id":"91.212","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"ads1.msads.net","tls": {"version":"TLSv1","server_names":"*.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=Microsoft Secure Server Authority","subjectDN":"C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net","fingerprint":"FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B"}}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":5,"flow_first_seen":946681200000000,"flow_src_last_pkt_time":946681200000000,"flow_dst_last_pkt_time":946681200000000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":127,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":127,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":127,"flow_dst_tot_l4_payload_len":6754,"midstream":1,"thread_ts_usec":946681200000000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":6881,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":946681200000000} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls-rdn-extract.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":6881,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":946681200000000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7810728 bytes -~~ total memory freed........: 7810728 bytes -~~ total allocations/frees...: 146430/146430 +~~ total memory allocated....: 11519347 bytes +~~ total memory freed........: 11519347 bytes +~~ total allocations/frees...: 216684/216684 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 576 chars ~~ json string max len.......: 3599 chars diff --git a/test/results/default/tls_2_reasms.pcapng.out b/test/results/default/tls_2_reasms.pcapng.out index 17602ec7a..6acad4ee8 100644 --- a/test/results/default/tls_2_reasms.pcapng.out +++ b/test/results/default/tls_2_reasms.pcapng.out @@ -1,5 +1,5 @@ -00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639052958270296} +00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639052958270296} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052958270296,"flow_src_last_pkt_time":1639052958270296,"flow_dst_last_pkt_time":1639052958270296,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052958270296,"l3_proto":"ip4","src_ip":"192.91.186.174","dst_ip":"25.137.80.32","src_port":443,"dst_port":38134,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052958270296,"flow_dst_last_pkt_time":1639052958270296,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1639052958270296,"pkt":"AAAAAAAAAAgAHsfjCABFAAA8AABAAFkGPQnAW7quGYlQIAG7lPYStl7aMwcmoaAS\/\/+mFwAAAgQFcAQCCAqXmyQsjJgTHgEDAwg="} 01093{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052958270296,"flow_dst_last_pkt_time":1639052958421275,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":470,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":470,"pkt_l4_len":436,"thread_ts_usec":1639052958421275,"pkt":"AAAAAAAAAAQAaxhhCABFAAHI7AFAAD8GaXsZiVAgwFu6rpT2AbszByahErZe24AYAVd0fQAAAQEICoyYE\/2XmyQsFgMBAY8BAAGLAwMAlXJSyLbTWNrF02NSj28hHamky0L5wCYQnHUCL\/6z3iD5LhfBzVNFGwCCqzHgNKOymBfZ7K0vIQElpPRSPY852QAGEwETAhMDAQABPAArAAUEAwT7GgAKAAYABAAdABcAMwAmACQAHQAgECxpEscXa0pzp0dwcj2NsRSDz0wt8A5bNiy0soe+2RYADQAKAAgEAwUDBgMIBAAAABQAEgAAD2kuaW5zdGFncmFtLmNvbQAQABQAEgJoMgVoMi1mYghodHRwLzEuMQAtAAMCAQAAKgAAACkAsgCNAIeEDo4Sq5aYEoWVI9gb5X7lsbxoLQQbqHnFpnF8aI1WLwAAAADufwuTcgHc7lYZ8SVlha1U3Zkr0Vd9xmvbgpohpkFSNMLDIZ8FmR2pTMB4b2CxLJGFEpspmoijBCvKQSfpFOQOBLhObW1gKrl6AV8Y7rEcYgAxc577AZrXxt9LdTNXMRicjW5cSz1JACEgle78vT7B+RG\/cD3MjAcV8pXx7rRg8Vriehdr1EpDdxs="} @@ -9,7 +9,7 @@ 01249{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1639052958270296,"flow_src_last_pkt_time":1639052958440022,"flow_dst_last_pkt_time":1639052958436332,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":216,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":1752,"midstream":0,"thread_ts_usec":1639052958440022,"l3_proto":"ip4","src_ip":"192.91.186.174","dst_ip":"25.137.80.32","src_port":443,"dst_port":38134,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"i.instagram.com","tls": {"version":"TLSv1.3 (Fizz)","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,h2-fb,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639052958440086,"flow_dst_last_pkt_time":1639052958436332,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_usec":1639052958440086,"pkt":"AAAAAAAAAAgAHsfjCABFAACEnctAAFkGnvXAW7quGYlQIAG7lPYStl+zMwcoNYAYAQVfGQAAAQEICpebJNaMmBP9FwMDAEsVFAAoT9R4PGUK6JrmQv\/2lo7Dahbke\/2rvVxk1LkuGDP3Y8z\/sO7TJHJKOoOMuj6Phx3KHeI4aO8E3Ijyz4MTDLUa8BC7ydQgDY8="} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":3,"flow_first_seen":1639052958270296,"flow_src_last_pkt_time":1639052959221756,"flow_dst_last_pkt_time":1639052958885962,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":3685,"flow_dst_tot_l4_payload_len":2290,"midstream":0,"thread_ts_usec":1639052959221756,"l3_proto":"ip4","src_ip":"192.91.186.174","dst_ip":"25.137.80.32","src_port":443,"dst_port":38134,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Instagram","proto_id":"91.211","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":5975,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1639052959221756} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_2_reasms.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":5975,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1639052959221756} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7771296 bytes -~~ total memory freed........: 7771296 bytes -~~ total allocations/frees...: 146389/146389 +~~ total memory allocated....: 11479915 bytes +~~ total memory freed........: 11479915 bytes +~~ total allocations/frees...: 216643/216643 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 566 chars ~~ json string max len.......: 2386 chars diff --git a/test/results/default/tls_2_reasms_b.pcapng.out b/test/results/default/tls_2_reasms_b.pcapng.out index cebcf6382..20be01687 100644 --- a/test/results/default/tls_2_reasms_b.pcapng.out +++ b/test/results/default/tls_2_reasms_b.pcapng.out @@ -1,5 +1,5 @@ -00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639052962482663} +00572{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639052962482663} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052962482663,"flow_src_last_pkt_time":1639052962482663,"flow_dst_last_pkt_time":1639052962482663,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052962482663,"l3_proto":"ip4","src_ip":"88.14.137.195","dst_ip":"196.234.165.216","src_port":443,"dst_port":37658,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052962482663,"flow_dst_last_pkt_time":1639052962482663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1639052962482663,"pkt":"AAAAAAAAAAEAEgm4CABFAAA8AABAAFgG1idYDonDxOql2AG7kxooFUS4SyLHNqASe\/zceQAAAgQFcAQCCAq\/P97mAJHwdAEDAwg="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052963485255,"flow_dst_last_pkt_time":1639052962482663,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1639052963485255,"pkt":"AAAAAAAAAAEAEgm4CABFAAA8AABAAFgG1idYDonDxOql2AG7kxooFUS4SyLHNqASe\/zYjwAAAgQFcAQCCAq\/P+LQAJHwdAEDAwg="} @@ -9,7 +9,7 @@ 00853{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639052963520379,"flow_dst_last_pkt_time":1639052963519069,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":288,"pkt_l4_len":254,"thread_ts_usec":1639052963520379,"pkt":"AAAAAAAAAAEAEgm4CABFAAESFlNAAFgGvv5YDonDxOql2AG7kxooFUS5SyLI2YAYAHvAaQAAAQEICr8\/4vQAkfDbFgMDAIACAAB8AwO6kuss6bcDSmq8e3GmR05l1RLxmI+dIDHmj2MZ7KgmySCbv0ACoTPxsYE+8Du\/oovylIsJjYgk88YoxhddfiCfjBMBAAA0ACsAAvsaADMAJAAdACAT3wI3T1d\/roP16TYt+DuVSSDCoKmbANYTUw0nFkrHCgApAAIAABQDAwABARcDAwBOZM1cpMqCvWSFHnQFxWqH2pxndfCRMiA\/Np\/+gM72QwNKEfL75BOGgEEdzjYI+CBE83znTyMCWcL06Crm+s3ylM3y+iehn1hG+hQOkfn2"} 01261{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1639052962482663,"flow_src_last_pkt_time":1639052963520379,"flow_dst_last_pkt_time":1639052963519069,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":222,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":222,"flow_dst_tot_l4_payload_len":1767,"midstream":0,"thread_ts_usec":1639052963520379,"l3_proto":"ip4","src_ip":"88.14.137.195","dst_ip":"196.234.165.216","src_port":443,"dst_port":37658,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.FbookReelStory","proto_id":"91.337","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"video.fmct2-3.fna.fbcdn.net","tls": {"version":"TLSv1.3 (Fizz)","ja3":"44dab16d680ef93487bc16ad23b3ffb1","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.3 (Fizz)"}}} 00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":3,"flow_first_seen":1639052962482663,"flow_src_last_pkt_time":1639052963537951,"flow_dst_last_pkt_time":1639052963523453,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1348,"flow_src_tot_l4_payload_len":10270,"flow_dst_tot_l4_payload_len":2179,"midstream":0,"thread_ts_usec":1639052963537951,"l3_proto":"ip4","src_ip":"88.14.137.195","dst_ip":"196.234.165.216","src_port":443,"dst_port":37658,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":12449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1639052963537951} +00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/tls_2_reasms_b.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":12449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1639052963537951} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7807718 bytes -~~ total memory freed........: 7807718 bytes -~~ total allocations/frees...: 146396/146396 +~~ total memory allocated....: 11516337 bytes +~~ total memory freed........: 11516337 bytes +~~ total allocations/frees...: 216650/216650 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 568 chars ~~ json string max len.......: 2393 chars diff --git a/test/results/default/tls_alert.pcap.out b/test/results/default/tls_alert.pcap.out index 55705089c..a94508cf9 100644 --- a/test/results/default/tls_alert.pcap.out +++ b/test/results/default/tls_alert.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1628259176203392} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1628259176203392} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1628259176203392,"flow_src_last_pkt_time":1628259176203392,"flow_dst_last_pkt_time":1628259176203392,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1628259176203392,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1628259176203392,"flow_dst_last_pkt_time":1628259176203392,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1628259176203392,"pkt":"AICPmq69oM7IELEuCABFAABAAABAAEAGtpPAqAHAwKgBFPa2AbvtIEkOAAAAALAC\/\/9MagAAAgQFtAEDAwUBAQgKE9Ij+wAAAAAEAgAA"} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1628259176203392,"flow_dst_last_pkt_time":1628259176203813,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1628259176203813,"pkt":"oM7IELEuAICPmq69CABFAAA8AABAAEAGtpfAqAEUwKgBwAG79rbEoc1F7SBJD6AScSBz9QAAAgQFtAQCCAoAseWtE9Ij+wEDAwc="} @@ -7,7 +7,7 @@ 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1628259176204397,"flow_dst_last_pkt_time":1628259176203813,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1628259176204397,"pkt":"AICPmq69oM7IELEuCABFAAD7AABAAEAGtdjAqAHAwKgBFPa2AbvtIEkPxKHNRoAYEBXUyQAAAQEIChPSI\/wAseWtFgMBAMIBAAC+AwFS2zXz6qEYi\/Hhk\/zPMz5Yc\/Q1u9wcSBgXhT9UdiVqOgAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGUtYW5hbHl0aWNzLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} 01315{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1628259176203392,"flow_src_last_pkt_time":1628259176204397,"flow_dst_last_pkt_time":1628259176203813,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1628259176204397,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"www.google-analytics.com","tls": {"version":"TLSv1","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1628259176204397,"flow_dst_last_pkt_time":1628259176204809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1628259176204809,"pkt":"oM7IELEuAICPmq69CABFAAA0KOtAAEAGjbTAqAEUwKgBwAG79rbEoc1G7SBJ1oAQAOsSLwAAAQEICgCx5a0T0iP8"} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":206,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1642662403350000} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":206,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1642662403350000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642662403350000,"flow_src_last_pkt_time":1642662403350000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642662403350000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.202.202","src_port":37780,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1642662403350000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1642662403350000,"pkt":"eJS0JASgYDjgxTWgCABFAABHB2VAAD8GBknAqAJkoCzKypOUAbvHogbZRxwevVAYAY\/SKwAAFQMDABoAAAAAAAAAAveoY2RlTzXreZQA7uCWWlmb9Q=="} 01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642662403350000,"flow_src_last_pkt_time":1642662403350000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642662403350000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.202.202","src_port":37780,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -17,7 +17,7 @@ 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1642662404144000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_usec":1642662404144000,"pkt":"eJS0JASgYDjgxTWgCABFAABHB2lAAD8GBkXAqAJkoCzKypOUAbvHogbZRxwevVAZAY\/SKgAAFQMDABoAAAAAAAAAAveoY2RlTzXreZQA7uCWWlmb9Q=="} 00780{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1628259176203392,"flow_src_last_pkt_time":1628259176205826,"flow_dst_last_pkt_time":1628259176206182,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":7,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":7,"midstream":0,"thread_ts_usec":1642662407022000,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01081{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1642662403350000,"flow_src_last_pkt_time":1642662407022000,"flow_dst_last_pkt_time":1642662403350000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":155,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1642662407022000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.202.202","src_port":37780,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":361,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1642662407022000} +00636{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/tls_alert.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":361,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1642662407022000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7775619 bytes -~~ total memory freed........: 7775619 bytes -~~ total allocations/frees...: 146405/146405 +~~ total memory allocated....: 11484222 bytes +~~ total memory freed........: 11484222 bytes +~~ total allocations/frees...: 216659/216659 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 532 chars ~~ json string max len.......: 1320 chars diff --git a/test/results/default/tls_certificate_too_long.pcap.out b/test/results/default/tls_certificate_too_long.pcap.out index 402d91624..719d4ad63 100644 --- a/test/results/default/tls_certificate_too_long.pcap.out +++ b/test/results/default/tls_certificate_too_long.pcap.out @@ -1,5 +1,5 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1626168074745096} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1626168074745096} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168074745096,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074745096,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168074745096,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1626168074745096,"flow_dst_last_pkt_time":1626168074745096,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1626168074745096,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoYkwAAEAGDJLAqAF5NJUVPM4KAbsrlJN\/t5VLK1AQEAACSAAA"} 00799{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626168074926313,"flow_src_last_pkt_time":1626168074926313,"flow_dst_last_pkt_time":1626168074926313,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":394,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":394,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1626168074926313,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -247,7 +247,7 @@ 00894{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1626168074926313,"flow_src_last_pkt_time":1626168076790343,"flow_dst_last_pkt_time":1626168076790262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1182,"flow_dst_tot_l4_payload_len":3530,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1626168074926313,"flow_src_last_pkt_time":1626168076790343,"flow_dst_last_pkt_time":1626168076790262,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":394,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1182,"flow_dst_tot_l4_payload_len":3530,"midstream":1,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1626168077735142,"flow_src_last_pkt_time":1626168077735142,"flow_dst_last_pkt_time":1626168077749239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":38,"flow_dst_max_l4_payload_len":151,"flow_src_tot_l4_payload_len":38,"flow_dst_tot_l4_payload_len":151,"midstream":0,"thread_ts_usec":1626168081946770,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00661{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":315,"packets-processed":315,"total-skipped-flows":0,"total-l4-payload-len":95708,"total-not-detected-flows":1,"total-guessed-flows":1,"total-detected-flows":33,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":35,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":250,"global_ts_usec":1626168081946770} +00661{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"cfgs\/default\/pcap\/tls_certificate_too_long.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":315,"packets-processed":315,"total-skipped-flows":0,"total-l4-payload-len":95708,"total-not-detected-flows":1,"total-guessed-flows":1,"total-detected-flows":33,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":35,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":250,"global_ts_usec":1626168081946770} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 315/315 ~~ skipped flows.............: 0 @@ -256,9 +256,9 @@ ~~ total active/idle flows...: 35/35 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7968538 bytes -~~ total memory freed........: 7968538 bytes -~~ total allocations/frees...: 147199/147199 +~~ total memory allocated....: 11676613 bytes +~~ total memory freed........: 11676613 bytes +~~ total allocations/frees...: 217453/217453 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 537 chars ~~ json string max len.......: 2529 chars diff --git a/test/results/default/tls_cipher_lens.pcap.out b/test/results/default/tls_cipher_lens.pcap.out index 9f7283c21..f0c4e291e 100644 --- a/test/results/default/tls_cipher_lens.pcap.out +++ b/test/results/default/tls_cipher_lens.pcap.out @@ -1,5 +1,5 @@ -00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1391444859282829} +00571{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1391444859282829} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_usec":1391444859282829,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mDAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAASAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} 01343{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.google.it","tls": {"version":"TLSv1","ja3":"755cdaa3496eb8728247a639dee17aad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} @@ -20,7 +20,7 @@ 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1391444859282829,"flow_src_last_pkt_time":1391444859282829,"flow_dst_last_pkt_time":1391444859282829,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":179,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":179,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":179,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1391444859282829,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1391444859282829} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_cipher_lens.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_usec":1391444859282829} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -29,9 +29,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7785760 bytes -~~ total memory freed........: 7785760 bytes -~~ total allocations/frees...: 146430/146430 +~~ total memory allocated....: 11494315 bytes +~~ total memory freed........: 11494315 bytes +~~ total allocations/frees...: 216684/216684 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 576 chars ~~ json string max len.......: 1348 chars diff --git a/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out b/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out index 218c22df1..c333767dc 100644 --- a/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out +++ b/test/results/default/tls_client_certificate_with_missing_server_one.pcapng.out @@ -1,5 +1,5 @@ -00604{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00667{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1663090549179486} +00604{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00667{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1663090549179486} 00817{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663090549179486,"flow_src_last_pkt_time":1663090549179486,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549179486,"l3_proto":"ip4","src_ip":"195.181.174.176","dst_ip":"192.168.1.128","src_port":443,"dst_port":48260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1663090549179486,"flow_dst_last_pkt_time":1663090549179486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549179486,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADYGEC7Dta6wwKgBgAG7vIT\/L0tlGwKnqaAS\/ogbxgAAAgQFtAQCCAqczD4KOPYZxQEDAwc="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1663090549179486,"flow_dst_last_pkt_time":1663090549179586,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549179586,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0b6dAAEAGlo7AqAGAw7WusLyEAbsbAqep\/y9LZoAQAfZHFAAAAQEICjj2GdaczD4K"} @@ -17,7 +17,7 @@ 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1663090549535303,"flow_dst_last_pkt_time":1663090549540818,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549540818,"pkt":"PKn0qB\/seq+3+1HBCABFAAA02g9AAEAG3C7AqAG1wKgBgBue6WrMegHJm3t+OIAQAKzwSQAAAQEICp2aQ2XJG2ol"} 00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1663090549179486,"flow_src_last_pkt_time":1663090549200737,"flow_dst_last_pkt_time":1663090549222749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":1094,"flow_src_tot_l4_payload_len":1448,"flow_dst_tot_l4_payload_len":1383,"midstream":0,"thread_ts_usec":1663090549603905,"l3_proto":"ip4","src_ip":"195.181.174.176","dst_ip":"192.168.1.128","src_port":443,"dst_port":48260,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00824{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":2,"flow_first_seen":1663090549527373,"flow_src_last_pkt_time":1663090549603905,"flow_dst_last_pkt_time":1663090549540818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1286,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1549,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549603905,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"192.168.1.181","src_port":59754,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00676{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":4380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1663090549603905} +00676{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/tls_client_certificate_with_missing_server_one.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-payload-len":4380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1663090549603905} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7775599 bytes -~~ total memory freed........: 7775599 bytes -~~ total allocations/frees...: 146406/146406 +~~ total memory allocated....: 11484202 bytes +~~ total memory freed........: 11484202 bytes +~~ total allocations/frees...: 216660/216660 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 588 chars ~~ json string max len.......: 2545 chars diff --git a/test/results/default/tls_ech.pcapng.out b/test/results/default/tls_ech.pcapng.out index baae129af..e722f6921 100644 --- a/test/results/default/tls_ech.pcapng.out +++ b/test/results/default/tls_ech.pcapng.out @@ -1,15 +1,15 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1688191412679858} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1688191412679858} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412679858,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688191412679858,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412679858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1688191412679858,"pkt":"ILAB4IZiNObXAhsnht1gC2UeACgGQCABCwcKPcESzha0CT0KkXcmBkcAAAAAAAAAAABoEh5OuWQBuzJpPqoAAAAAoAL\/KDqPAAACBAWMBAIICnfjZxIAAAAAAQMDBw=="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1688191412679858,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1688191412684172,"pkt":"NObXAhsnILAB4IZiht1gBxYjACgGOiYGRwAAAAAAAAAAAGgSHk4gAQsHCj3BEs4WtAk9CpF3Abu5ZDjwJksyaT6roBL8wPi1AAACBATEBAIICk7TX8p342cSAQMDDQ=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1688191412684193,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1688191412684193,"pkt":"ILAB4IZiNObXAhsnht1gC2UeACAGQCABCwcKPcESzha0CT0KkXcmBkcAAAAAAAAAAABoEh5OuWQBuzJpPqs48CZMgBAB\/zqHAAABAQgKd+NnFk7TX8o="} 01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":670,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":670,"pkt_l4_len":616,"thread_ts_usec":1688191412684389,"pkt":"ILAB4IZiNObXAhsnht1gC2UeAmgGQCABCwcKPcESzha0CT0KkXcmBkcAAAAAAAAAAABoEh5OuWQBuzJpPqs48CZMgBgB\/zzPAAABAQgKd+NnFk7TX8oWAwECQwEAAj8DAx0oZiYaJMwMFcbeulsOlxoZojtyUk06HKKs6lbQH9u+IOCcoK4iEjoWXwEA+vIN+3ks9Ri5QAqLtS74CzwGBZzZACCqqhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAdZqagAAADMAKwApGhoAAQAAHQAgdElCiNf\/wfqgRpaFVvZGsCSoVf7tJ8eT6AhUE6p0ETYAIwAA\/wEAAQAALQACAQEAGwADAgACAAoACgAIGhoAHQAXABgAFwAAAAUABQEAAAAAABIAAAArAAcG2toDBAMDAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQAQAA4ADAJoMghodHRwLzEuMQAAACUAIwAAIHBlcmZvcm1hbmNlLnJhZGFyLmNsb3VkZmxhcmUuY29t\/g0A+gAAAQAB2AAglVfBAMcb93aSkFbQIVkfZRUAHcHfESW5JAjZhoGloWcA0A3wlw2ffLQmwFmx4P6V\/Xwi+KVETWUyFJb6hXgeTF4xRlzHA+M2ityLRqaqstnSve4wBOXVwImLA1UxfzIS0WDh6AaqRcw+CjUVBgcYyXYCWv0\/BLltvQOamfSn2Yghqa2qNygp2re8mWWVmlqPTuNlBs0bq6CL0ll\/RkQD3P7tmjxJ8rguU6XKjQnqQxWLWMeHhqcsbPq7mZn6MaquKi9UFC9Hvvz1QsgFMFhOJYPWeDInAPacsjv2zKCBDD3vPKFk09\/rYX57ZNvnbmSJxNoACwACAQBEaQAFAAMCaDL6+gABAA=="} -01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688191412684389,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"performance.radar.cloudflare.com","tls": {"version":"TLSv1.2","ja3":"6820f114cf3b0809ffdcb30cb277848a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +01237{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412684172,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1688191412684389,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"performance.radar.cloudflare.com","tls": {"version":"TLSv1.2","ja3":"6820f114cf3b0809ffdcb30cb277848a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412688931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1688191412688931,"pkt":"NObXAhsnILAB4IZiht1gBxYjACAGOiYGRwAAAAAAAAAAAGgSHk4gAQsHCj3BEs4WtAk9CpF3Abu5ZDjwJkwyaUDzgBAAByECAAABAQgKTtNfznfjZxY="} -01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412692841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":2174,"midstream":0,"thread_ts_usec":1688191412692841,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"performance.radar.cloudflare.com","tls": {"version":"TLSv1.3","ja3":"6820f114cf3b0809ffdcb30cb277848a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} +01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412684389,"flow_dst_last_pkt_time":1688191412692841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":584,"flow_dst_tot_l4_payload_len":2174,"midstream":0,"thread_ts_usec":1688191412692841,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"performance.radar.cloudflare.com","tls": {"version":"TLSv1.3","ja3":"6820f114cf3b0809ffdcb30cb277848a","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} 00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1688191412679858,"flow_src_last_pkt_time":1688191412746874,"flow_dst_last_pkt_time":1688191412700618,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":584,"flow_dst_max_l4_payload_len":2174,"flow_src_tot_l4_payload_len":648,"flow_dst_tot_l4_payload_len":2702,"midstream":0,"thread_ts_usec":1688191412746874,"l3_proto":"ip6","src_ip":"2001:b07:a3d:c112:ce16:b409:3d0a:9177","dst_ip":"2606:4700::6812:1e4e","src_port":47460,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":3350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1688191412746874} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_ech.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":3350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1688191412746874} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7773349 bytes -~~ total memory freed........: 7773349 bytes -~~ total allocations/frees...: 146386/146386 +~~ total memory allocated....: 11481968 bytes +~~ total memory freed........: 11481968 bytes +~~ total allocations/frees...: 216640/216640 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 570 chars ~~ json string max len.......: 1368 chars diff --git a/test/results/default/tls_esni_sni_both.pcap.out b/test/results/default/tls_esni_sni_both.pcap.out index 057a19def..cbbade09a 100644 --- a/test/results/default/tls_esni_sni_both.pcap.out +++ b/test/results/default/tls_esni_sni_both.pcap.out @@ -1,5 +1,5 @@ -00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1595697574192522} +00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1595697574192522} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595697574192522,"flow_src_last_pkt_time":1595697574192522,"flow_dst_last_pkt_time":1595697574192522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1595697574192522,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1595697574192522,"flow_dst_last_pkt_time":1595697574192522,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1595697574192522,"pkt":"LLBdqyO5+P\/CRWqLCABFAABAAABAAEAGYZTAqAEVaBGvVdjMAbsVnUj1AAAAALAC\/\/+ITAAAAgQFtAEDAwYBAQgKRX5W8wAAAAAEAgAA"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1595697574192522,"flow_dst_last_pkt_time":1595697574222665,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1595697574222665,"pkt":"+P\/CRWqLLLBdqyO5CABFAAA0AABAADkGaKBoEa9VwKgBFQG72MxjNlEZFZ1I9oAS\/\/+oqwAAAgQFeAEBBAIBAwMK"} @@ -18,7 +18,7 @@ 01460{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1595697597731441,"flow_src_last_pkt_time":1595697597760792,"flow_dst_last_pkt_time":1595697597802693,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":639,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":639,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1595697597802693,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"21": {"risk":"TLS Susp ESNI Usage","severity":"Medium","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"you-think-thats-normal-tls-traffic-youre-seeing.com","tls": {"version":"TLSv1.3","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}}} 00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1595697574192522,"flow_src_last_pkt_time":1595697574326162,"flow_dst_last_pkt_time":1595697574326417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":634,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":843,"flow_dst_tot_l4_payload_len":6772,"midstream":0,"thread_ts_usec":1595697597855622,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00795{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1595697597731441,"flow_src_last_pkt_time":1595697597855622,"flow_dst_last_pkt_time":1595697597855003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":639,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":848,"flow_dst_tot_l4_payload_len":5312,"midstream":0,"thread_ts_usec":1595697597855622,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":13775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1595697597855622} +00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/tls_esni_sni_both.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-payload-len":13775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1595697597855622} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7792653 bytes -~~ total memory freed........: 7792653 bytes -~~ total allocations/frees...: 146436/146436 +~~ total memory allocated....: 11501256 bytes +~~ total memory freed........: 11501256 bytes +~~ total allocations/frees...: 216690/216690 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 540 chars ~~ json string max len.......: 1465 chars diff --git a/test/results/default/tls_false_positives.pcapng.out b/test/results/default/tls_false_positives.pcapng.out index 206f9b02b..aa8c94464 100644 --- a/test/results/default/tls_false_positives.pcapng.out +++ b/test/results/default/tls_false_positives.pcapng.out @@ -1,5 +1,5 @@ -00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1641232761063506} +00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1641232761063506} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1641232761063506,"flow_src_last_pkt_time":1641232761063506,"flow_dst_last_pkt_time":1641232761063506,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1641232761063506,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1445,"dst_port":20979,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1641232761063506,"flow_dst_last_pkt_time":1641232761063506,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1641232761063506,"pkt":"AAAAAAAAAAcAi3YBCABFAAA0AABAADcGbxAKCgoBwKgAAQWlUfMZL\/oS1g972YASchBrdgAAAgQFtAEBBAIBAwMK"} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1641232761063506,"flow_dst_last_pkt_time":1641232761612243,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1641232761612243,"pkt":"AAAAAAAAAAcAi3YBCABFAACs+xRAAD4GbIPAqAABCgoKAVHzBaXWD3vZGS\/6E1AYBVnujAAAhAAAAAKIJwDIAAUJDggAAAAEAFNDuAsEAAEAAAAEAFND8wMEAGAAAAAFAGFidmVyBAAxMDA3CwBjb3VudHJ5Y29kZQIAT00DAGlzcAcAT29yZWRvbwIAb3MHAGFuZHJvaWQHAHNka3R5cGUEAG5lcnYLAHZlcnNpb25jb2RlBAA0ODIz"} @@ -8,7 +8,7 @@ 01007{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1641232761626007,"flow_dst_last_pkt_time":1641232767278395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"thread_ts_usec":1641232767278395,"pkt":"AAAAAAAAAAcAi3YBCABFAAF\/+xdAAD4Ga63AqAABCgoKAVHzBaXWD4HVGS\/6IFAYBVm3VgAAb2RlBAAAABQAcXVpY19kb3dubG9hZF9wYXJhbTEAAAAAEgBxdWljX3VwbG9hZF9wYXJhbTIAAAAAFABxdWljX2Rvd25sb2FkX3BhcmFtMgAAAAAJAGV3bWFfc2xvdwMAAAASAHF1aWNfdXBsb2FkX3BhcmFtMQAAAAAOAGxpbWl0X3Jlc2xldmVsAQAAABEAc19waWNrX2xldmVsX21vZGUNAAAAEgBxdWljX3VwbG9hZF9wYXJhbTACAAAACgBzcGVlZF9tb2RlBAAAAAkAZXdtYV9mYXN0CQAAABgAcXVpY19kb3dubG9hZF9wYXJhbXNfbnVtAwAAAAgAcGxheV9vd24DAAAAFgBwaWNrX2xldmVsX2luZGVwZW5kZW50AAAAAAcAYndlX2RlZgEAAAAUAHF1aWNfZG93bmxvYWRfcGFyYW0wAgAAAP\/\/\/\/8BAAAAgAAAAA=="} 00887{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":27,"flow_dst_packets_processed":3,"flow_first_seen":1641232761063506,"flow_src_last_pkt_time":1641232767465459,"flow_dst_last_pkt_time":1641232767278395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":33806,"flow_dst_tot_l4_payload_len":1875,"midstream":0,"thread_ts_usec":1641232767465459,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1445,"dst_port":20979,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":27,"flow_dst_packets_processed":3,"flow_first_seen":1641232761063506,"flow_src_last_pkt_time":1641232767465459,"flow_dst_last_pkt_time":1641232767278395,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":33806,"flow_dst_tot_l4_payload_len":1875,"midstream":0,"thread_ts_usec":1641232767465459,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1445,"dst_port":20979,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":35681,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1641232767465459} +00650{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/tls_false_positives.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":35681,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1641232767465459} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769671 bytes -~~ total memory freed........: 7769671 bytes -~~ total allocations/frees...: 146402/146402 +~~ total memory allocated....: 11478290 bytes +~~ total memory freed........: 11478290 bytes +~~ total allocations/frees...: 216656/216656 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 560 chars ~~ json string max len.......: 2419 chars diff --git a/test/results/default/tls_invalid_reads.pcap.out b/test/results/default/tls_invalid_reads.pcap.out index 0239135b4..382777138 100644 --- a/test/results/default/tls_invalid_reads.pcap.out +++ b/test/results/default/tls_invalid_reads.pcap.out @@ -1,5 +1,5 @@ -00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1252380859868541} +00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1252380859868541} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859868541,"flow_dst_last_pkt_time":1252380859868541,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1252380859868541,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1252380859868541,"flow_dst_last_pkt_time":1252380859868541,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1252380859868541,"pkt":"ABTRQblQABy\/OaVJCABFAAA0MFlAAIAG8ynAqAplziE9cQ9\/AbtzVLVxAAAAAIAC+vBjhwAAAgQFtAEDAwABAQQC"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1252380859868541,"flow_dst_last_pkt_time":1252380859884558,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1252380859884558,"pkt":"ABy\/OaUlABTRQblQCABFIBA0ZLoAADYGSUrOIT1xwKgKZQG7D3++yAIvc1S1coASFtCGmAAAAgQFtAEBBAIBAwMx"} @@ -9,11 +9,11 @@ 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1252380859885010,"flow_dst_last_pkt_time":1252380859903858,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1252380859903858,"pkt":"ABy\/OaVxABTRQblQCABFIAAoZLsAADcGSFXOIT1xwKgKZQG7D3++yAIwc1S12FAQAC7dpgAAAAAAAAAA"} 01214{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859885010,"flow_dst_last_pkt_time":1252380859904145,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":102,"flow_dst_max_l4_payload_len":851,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":851,"midstream":0,"thread_ts_usec":1252380859904145,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"","ja3s":"53611273a714cb4789c8222932efd5a7","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}} 01215{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859885010,"flow_dst_last_pkt_time":1252380859942787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":102,"flow_dst_max_l4_payload_len":851,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":1329,"midstream":0,"thread_ts_usec":1252380859942787,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1","ja3":"","ja3s":"53611273a714cb4789c8222932efd5a7","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1421985541772794} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1421985541772794} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1421985541772794,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_usec":1421985541772794,"pkt":"AAOf2SAhEFbKCIWJCABFAAAyM2VAAH8GFrhKUKBjQ9lNHAy6AbvQcb+g7Sa+J1AY\/QKZOwAlAAMBAAUBAAABAQ=="} 01101{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1252380859868541,"flow_src_last_pkt_time":1252380859943054,"flow_dst_last_pkt_time":1252380859942787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":102,"flow_dst_max_l4_payload_len":851,"flow_src_tot_l4_payload_len":102,"flow_dst_tot_l4_payload_len":1329,"midstream":0,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1544035479538596} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_usec":1544035479538596} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1544035479538596,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1544035479538596} 00469{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1421985541772794,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAGDVegAA\/xG3XAruJEAK7vQxCGgIaABMAAAw\/wA8B+zklkUAADyx3UAAQAbcAwq\/ixE23eAt5LgBu\/kVfJ4AAAAAoAL\/\/3GmAAACBAW0BAIICgAUzUMAAAAAAQMDBg=="} 00306{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1544035479721867,"packet_id":11,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_usec":1544035479721867} @@ -22,7 +22,7 @@ 00743{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":324,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":324,"pkt_l4_len":0,"thread_ts_usec":1421985541772794,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAS7V9AAA\/xG2FAruJEAK7vQxCGgIaAEaAAAw\/wEKB+zklkUAAOux30AAQAbbUgq\/ixE23eAt5LgBu\/kVfJ8aWkgcgBgFWRb9AAABAQgKABTNax1e0BYWAwEAsgEAAK4DA+Jfj3VZ7Se+llOF2hoK\/0SOWa4JB8kGoFPipHXr6zI3AAAowCvALMAvwDAAngCfwAnACsATwBQAMwA5wAfAEQCcAJ0ALwA1AAUA\/wEAAF0AAAAWABQAABFlLmNyYXNobHl0aWNzLmNvbQAXAAAAIwAAAA0AFgAUBgEGAwUBBQMEAQQDAwEDAwIBAgMAEAALuImlL1Y1GeVflD5H40\/GlDV3w0Q4eHATzs15UMvq3bDFbT9WBxf4WY7WsXHZhuEm\/fgNJZccyFnwUKMb"} 01055{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1421985541772794,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoTo","proto_by_ip_id":293,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1421985541772794,"flow_src_last_pkt_time":1421985541772794,"flow_dst_last_pkt_time":1421985541772794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":10,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":10,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1421985541772794,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":12,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1544035479768404} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_invalid_reads.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":12,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1441,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1544035479768404} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/9 ~~ skipped flows.............: 0 @@ -31,9 +31,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7775312 bytes -~~ total memory freed........: 7775312 bytes -~~ total allocations/frees...: 146395/146395 +~~ total memory allocated....: 11483915 bytes +~~ total memory freed........: 11483915 bytes +~~ total allocations/frees...: 216649/216649 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 311 chars ~~ json string max len.......: 1220 chars diff --git a/test/results/default/tls_long_cert.pcap.out b/test/results/default/tls_long_cert.pcap.out index 2f12c4e02..e35f6291a 100644 --- a/test/results/default/tls_long_cert.pcap.out +++ b/test/results/default/tls_long_cert.pcap.out @@ -1,5 +1,5 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1553619078033240} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1553619078033240} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078033240,"flow_dst_last_pkt_time":1553619078033240,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1553619078033240,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1553619078033240,"flow_dst_last_pkt_time":1553619078033240,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1553619078033240,"pkt":"BBjWMe9aeDHBvV4kCABFAABAAABAAEAGN8XAqAJ+aG\/XXesOAbssL+yBAAAAALAC\/\/8wZwAAAgQFtAEDAwYBAQgKJK\/ZdwAAAAAEAgAA"} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1553619078033240,"flow_dst_last_pkt_time":1553619078058439,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1553619078058439,"pkt":"eDHBvV4kBBjWMe9aCABFAAA8AABAADYGQclob9ddwKgCfgG76w4xmkZeLC\/sgqAScSAcqQAAAgQFtAQCCArQt2rgJK\/ZdwEDAwc="} @@ -11,7 +11,7 @@ 02733{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":5,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078093048,"flow_dst_last_pkt_time":1553619078093749,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1553619078093749,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"www.repubblica.it","tls": {"version":"TLSv1.2","server_names":"www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","subjectDN":"C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1"}}} 02150{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619078157096,"flow_dst_last_pkt_time":1553619078157742,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":836,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1610,"flow_dst_tot_l4_payload_len":13760,"midstream":0,"thread_ts_usec":1553619078157742,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":8011.5,"max":34221,"stddev":11402.3,"var":130012760.0,"ent":3.6,"data": [25199,25284,303,30105,3339,1074,34221,792,742,1850,1850,782,8352,423,28143,18603,6453,607,7069,119,26007,3,43,25894,1,59,186,154,696,4,1]},"pktlen": {"min":52,"avg":532.9,"max":1500,"stddev":584.9,"var":342142.3,"ent":4.1,"data": [64,60,52,569,52,1500,1500,52,1252,52,841,52,178,145,888,294,52,52,129,52,90,1105,1105,1500,52,52,52,710,52,1500,1500,1500]},"bins": {"c_to_s": [11,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,6,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,0,0,0,0,1,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,1],"entropies": [4.464972496,5.400120735,5.115703106,4.441882610,5.233812809,6.523200512,6.789650440,5.070538998,7.259748936,5.109000683,7.672616482,5.192625999,6.387032032,6.158265114,7.732074261,7.074759483,5.192625999,5.272274494,6.411020756,5.192625999,5.541742325,7.789433956,7.819917679,7.870871544,5.154164314,5.154164314,5.032077789,7.695037842,5.154164314,7.862812519,7.871836662,7.867298126]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00973{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":86,"flow_dst_packets_processed":96,"flow_first_seen":1553619078033240,"flow_src_last_pkt_time":1553619149347313,"flow_dst_last_pkt_time":1553619149372363,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":836,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2858,"flow_dst_tot_l4_payload_len":102711,"midstream":0,"thread_ts_usec":1553619149372363,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":182,"packets-processed":182,"total-skipped-flows":0,"total-l4-payload-len":105569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1553619149372363} +00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":182,"source":"cfgs\/default\/pcap\/tls_long_cert.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":182,"packets-processed":182,"total-skipped-flows":0,"total-l4-payload-len":105569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_usec":1553619149372363} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 182/182 ~~ skipped flows.............: 0 @@ -20,9 +20,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7814920 bytes -~~ total memory freed........: 7814920 bytes -~~ total allocations/frees...: 146617/146617 +~~ total memory allocated....: 11523539 bytes +~~ total memory freed........: 11523539 bytes +~~ total allocations/frees...: 216871/216871 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 552 chars ~~ json string max len.......: 2738 chars diff --git a/test/results/default/tls_missing_ch_frag.pcap.out b/test/results/default/tls_missing_ch_frag.pcap.out index 573657511..0a8eb70c1 100644 --- a/test/results/default/tls_missing_ch_frag.pcap.out +++ b/test/results/default/tls_missing_ch_frag.pcap.out @@ -1,5 +1,5 @@ -00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1626252471399786} +00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1626252471399786} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1626252471399786,"flow_src_last_pkt_time":1626252471399786,"flow_dst_last_pkt_time":1626252471399786,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1626252471399786,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":33063,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1626252471399786,"flow_dst_last_pkt_time":1626252471399786,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1626252471399786,"pkt":"ZIeIEyz\/WPmHGpl1CABFAAA8hHQAAH0G5JMKCgoBwKgAAQG7gScvWJhthsBAKqAS\/\/9QwwAAAgQFtAQCCApDaqR2wYhnewEDAwg="} 01943{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1626252471399786,"flow_dst_last_pkt_time":1626252471549953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1090,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1090,"pkt_l4_len":1056,"thread_ts_usec":1626252471549953,"pkt":"WPmHGpl1ZIeIEyz\/CABFAAQ0\/b1AADMGcVLAqAABCgoKAYEnAbuGwEAqL1iYboAYAKxR2gAAAQEICsGIaBBDaqR2FgMBBdwBAAXYAwNEa2hVTZJgASBSwfkI66LYxvlq75ZhdUSD3hgV+1QPOSD\/YaaV0OXvSK6c4cW3cThct7voag1kyNOqp2BHGtTdrgAgamoTARMCEwPAK8AvwCzAMMypzKjAE8AUAJwAnQAvADUBAAVviooAAAAAACwAKgAAJ3IxLS0tc24tNWY1bnhndmg1by1oanVsLmdvb2dsZXZpZGVvLmNvbQAXAAD\/AQABAAAKAAwACvr6QTgAHQAXABgACwACAQAAIwAAABAACwAJCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwTBBL\/6+gABAEE4BJJN2na6uqPHrTPCb\/ILC4h5b3iKIpiqhO312LpjPLgWI86KCmdcCFKYTA3q3tYncymKC7UeIblB55L9t0UFbXqgEn\/fqdxSz6ckZsrtMqwRqfX2cel2WxfY\/aCfW\/vDYB9cWgIbMVWFo2botYfIlYMs0+p+iPkUjoVrNGSCC2VFWOOl1kkUQlsLOGuuFrivum9yxjiZNtHxmAMLLE0umqwruzOY3v9MhI11X9Rs2e4pdwrusuWg+crjjLJLuNx2PDVhjGTRlSvKZIDkgs584qrnA4lK+6TMLkjjfdVqz8YlHU\/ukhF\/OkMR4STHU0TtP9j6fb5+IBTm4M3T7+aKBDgbO5Hlh5+C8KkuBZGMPCbCyyKyiMwmwYV6w4Z7FsEw4szZms4D1vNzCTtzmDX1iFlrRZ39HnHTOWGlFhOSpWxQ1alyFepq0amj5qrD5lEvsid4WL9YWPA6iEH+lS2HeVFxxX6+jjMoxiIobXnjSbihlEeJcjau9qW1HFM5Cf5OK6fgE+qsckMrRD+YBi7IR3FZyn50e4A3B8EUBjnUVb1WOvGXtljlHpAsp7E+9dpaG79UnFS1oz42rTBAf+hfswwdjp6OUNAy3mW\/mKgdG2DJUB1G6xGuCdDkvCiNAMuiSu0sn+24wJf35y13AA5Q3yi6BouVJ3zsl70B8HaknCCcr6p2NTZO9CpEW2h85dbOzpy6RvfWJDYrSXlz7xTgBc3xb9NFXoe92VswvO\/t9Y\/euwUjjOCHegKSVZeTWzbyQet6U0oOGhLjzN1lccJPGSSiHgjhQeZsHB4JeDMe8JqFXFLLBAU5aZJ7DOpRoMquil1EUV0AwlN2ufTfLnLEVoThaC8bUobosvXMg7TyMFtHlSBIAfIvnjqMWiuXTg416E50S3\/9\/mUZYnOfu30kw0DWTkH7rVL7FRcnryKmnk26KijDapfaBn3tczZ6CkMEklqww1oSSqMFwGKANYj9ia0u9A467OwvDTGpp9NQuw4Dpr2\/LPsZcQ=="} @@ -8,7 +8,7 @@ 02432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1626252471561460,"flow_dst_last_pkt_time":1626252471549953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1626252471561460,"pkt":"ZIeIEyz\/WPmHGpl1CABFAAWghoEAAH0G3SIKCgoBwKgAAQG7gScvWJ3ahsBGC4AQARQdlwAAAQEICkNqpRfBiGgQLjUyE6mzLz+vWovIaoDU7c1aSmNZ7ckkGpcjHq+Zs6kWfD0Do8FrM4cLVV8PUqsQI0Gn956PKHQW3yAdxqD9JQczlAn8Q3x9QAEJNGr6flpe6S5CaTqM6FoDp\/dLFlwLBTeiibV6ZJvrJtn5X9\/fewzJTdwBjRiQ9PuN69skL1uu7AWFSGSpHWPd3wTy7jq83fttcU15jnhv1jWjYbX0myHuvDb9jMe6+t4tjxxTHB7fn14x5ShHvXoHCPL3b9ekqDP9txy0NMOzkk1iGhLGy0TMLhDepafRYgXDNUQA0jq+FeMFM1mI9qRuolZcxYCl6magHjI6Yzk8NbBzxvlq2i\/l01oDXmOyETOneNxaDpMEA5ULsGYeHjbnoH6+WNaIwrChoggZmXW998QtH2VnhTbpB+a+vTVY347dyVc+wBODPa\/qj7KH3Igi0b9PKWOWrCUGUEz25BBGlbeFm5e2jQG2FBbXSf4sGvR\/7Em2tVplLwJdfED3AJRds7xxCFa1aE2FFjVkpRR3deYTSedcPAHD8Ot1pKHb+2OtoxaLpzEd2LvaWfH+APj9rXPwnppF+rxzzG+FbFSONBmzqeyJjdMUXkkDq8iSkg4SWVPPCj4UX8A69WGYd1LAnTyax6GQQy5D142NsvpAhAid2vKYgBgSl5KIgvEaWfqHzqOfVn7XxiT+luD3e5TsozVOb09kvcfIjgXRaRc7J8R4VWrtwQw3S0UmJgfJ7voaPb1bk8PjJyTvaOsyR4460u3IgpLvelLz4J7gDf0ouy\/+rWmbVihg6yzCS0nXHITykyGI1I1+GMpZRgBl5Kf5vC8qfgfEqfJ8E62nCkXp4iszrdKiXiGGejfE6CkCBduKfTFyV5t35wYVxGNJF3OIC6o+pVn+jgGZelAqlQcIyAmBD9pYpaKBGo2W\/a9XbKJuBNLxvghTm0KLJQjHmHYcT0r5wtryOVlb8d4ygj9G88V6orvZcTrzxu3uo53ZrzFCTQK1Tbma70xIH9gTOoxU4rfphwXW7DPcMYC2wVEPRxQZicL8pZxw8rEuNcNLP\/jcOxWreWsaMcExdlsgoIwQJjlqIeO2yw5MerYsKb+koSWLz32E9iubBIvzdnqCcj4yUD2+NSwphRb\/j8FJXJ6Yjli4wusIoQQKVEpY3WpyUbmUUOlXYgSirH6oFhCApF1KZ4ZjoISl7g7j\/QF\/\/eNL7F9EsM92sCop2padW0b\/CxdNSBHjgQT9rqU\/5Wrv4s194NQQA6XLN8E5BjUUbhwT8XZRFqaFTlUPVdEvjpMyPB2fX3HY0XlTfpBjHYjJ7N9ypazmAf3\/2SltbgI9AL2J+QyCGUmM7btpWTPvRIU77ZXPeHuwdVJ66YN4q3JH7DYkCupd5rzFWDNCpYcp+7hLBtJxBC7ixKVCwCb5A3JDWy3kFXKvmU+PufQMPBY64EwXmheRdAeMiDBoTyT5NB0rzH36BPawUCiBp6ngUgeVwF4wp5NYWCTxvSu1n9xn6dNScFch3F9270gfEVIyPT8PLMXJHqedWWabErPWAiqpWUVODVDKK8td5QsQxTuRDDeiXDHxFSbkqSbZwzXfJRW+XNgLCizmMLLRgyxq1mTlPgy11\/vV6sU\/uuh\/OQT2S3xjKJrV+BUAnbSb18NrNROH64cnLN+D\/DT5QPWo6DPRmKiRLvay1Q78D3C6kP4y+NAdpTYaJm8ae5zHb8sa0+1Fq7AFDmxBGSuNEUM7gY0yPQEtz2NCtO+iJ7nVT5lTYudViuJaeAPp4iUOCpzTa8y7pYq7Mw7IM+rqKtWFbBHy5RlgnUEqDvAjcF3j\/FYtWQlRS\/7c50Vh8UE2DTYqu7OeV7w="} 02440{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1626252471561481,"flow_dst_last_pkt_time":1626252471549953,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1626252471561481,"pkt":"ZIeIEyz\/WPmHGpl1CABFAAWghoIAAH0G3SEKCgoBwKgAAQG7gScvWKNGhsBGC4AQARRbywAAAQEICkNqpRfBiGgQRaOfchYHfhkEuC+plydgQpXSK9I6ZkSYOkCsdCiCnDmK0WwRx57RrGKWw2KHjtIVlQ\/4zQUTZ5jfEvt97SYQbBDdcLHULbKkEbNedv3iYxXxjT+nCb4IXSchmmTSGQECdaqDj5h79oc4CjRX\/4cATKK\/qcxeRESDvN6tq3yxkZYFG8+N+Arf0e\/wdmZBZBZybFhkJwA\/1YpmFd320ieTDe92z9NUz1culXvp8lPlRhI3RMm\/xmjaed+arMpZO7rY+Q\/e3rg3FOXdr0T5xYxZnEHs2LSXEcqagca0DH5kvLPZ7UYRtU0SHlh2LFXa470iU8qQ+AIYwMcgNxkz9RLy8QUDp1NeYj6a7DuAONGUN6TjhdSeskZ51YNna8nHRAfWO\/mNpfS+fo7ECjkbzuxyraKe99lMQV9SDZQSRzHb9McaufyEQmf4owwlZ5ixKuhXkdZEsOJBs9rjtcIQ56qOizQeKcMkHVPYGK2r0GnHeE5VJcCycgsuOezT+QCvbrZLaPU5crNcY0vQ5LTY4UrKbLbJQiAI2W+HrDdtGMGfnXdDxWf2dNLWxoosntoLuYzhD0zo4\/89xh2MaQv8ukMhBYzyGHApxJK2zPP28UJk59XiR5t5cNI6wE1ypz+3zeT6VMImVsQKr8mX5UwbJV5NR1wGD9YJUZTKzP3mKVx4NYSn04DAkTg5GS8G6RwmfYpFfwy52S8UIekf8KlDMFGZY\/hsNIvYUzjlrg5eHINAovTJIoprQsDi2Zcb8itOX2ZlAx0U7VQjske86xyrNL29NGkEJGvaiSdOkC1fN\/0hC5xMVZdqWGs1ctl8immhsx\/5pvHB1w+TN4i5\/vIkBleKBuZR1yTfNVS7eKSVoFSOjabkOQSmnxPkGnedUoV5zGaqP2gSNB5XulklcOGO\/6dgcaY7lb1vaWcc2wk5nKOrUEhEkZDUD43AqlncBiSPTOEERBRHqSY79rkfpxoOtKjTAkJoq2Ln2Ne9eKQ+lgHk4Kkz8hSc\/G20klTxnYyyxuJcukthpO\/CGQJiVi9C1tgng0rG7jx8jRFW07oxmOa7ceSS6N\/asgsYbGLaItsqhe4b94MNOvL8INUmpNWpBrSe447hATYea4nYdlWcB17QV+yS3NrVygWvyUUSh+uO0U3cR9+yvO\/AP\/1lnnNllCAViXXp4NFqVL2r+R7nkQ25+zCvkBM\/OIed8bOoGQ6f70gTGCmk2W5mej\/dFwnjNrqC43Iv18QXnnBKqoyRosrvYj4PSraBWlHocnugHlhdlsCR7LikvWPQtGVjayQshq8l2Ez2JGK\/xOjNB28ZMqaOlWlhodgcZVXFvmABgrO6QGSsRcJ9OIpjO\/u0qn519WG6O2bkfZkMKq6GnDN\/eUUkQx6w2ESTIaKLjMwYBri89DYsubD9cmBW4cZVwnbUl4ECYN9pQbGDnoPvLHOOPbvTNVEtQuGH\/CbBqBzlwqwdtGEQHMRPb2c8UHaiESvtSCQeA\/NjnUZYIT5BJfO9rFiZoBXosTLyObfmZK1gLb4qd7fClq1zNt1vxijHgbjY3hncITIKuBNHa+HW0FK07V5bn6lqfG75pOsFo84vaWxlDkuQ4yF+svLcRACkRbeKse+1R63Y9mPfiCvBMUWZBxLBIX3lb8u3WScx0AmC99+EgId8\/QNZydqfBAiFrq5dMWyyfZgXuqhgEziEwhi926d1FttgIxGE1D34kr1iqzPxKFcIi55Zmeq6q8zEfMhrDhRVIRwO6P+QhYDuvXKAjfjWVnB66R\/zLie\/R4yV74PcgieI+Jd0B3DlvlUEEFOrmVJxi6RGdSpjig66uZCI+Ahxx0JlkB8j1V3DaaR1rXc="} 00794{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":8,"flow_first_seen":1626252471399786,"flow_src_last_pkt_time":1626252471614928,"flow_dst_last_pkt_time":1626252471774171,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1957,"flow_dst_max_l4_payload_len":1024,"flow_src_tot_l4_payload_len":6121,"flow_dst_tot_l4_payload_len":3029,"midstream":0,"thread_ts_usec":1626252471774171,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":33063,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":9150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1626252471774171} +00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tls_missing_ch_frag.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":9150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1626252471774171} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7779000 bytes -~~ total memory freed........: 7779000 bytes -~~ total allocations/frees...: 146389/146389 +~~ total memory allocated....: 11487619 bytes +~~ total memory freed........: 11487619 bytes +~~ total allocations/frees...: 216643/216643 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 572 chars ~~ json string max len.......: 2446 chars diff --git a/test/results/default/tls_multiple_synack_different_seq.pcapng.out b/test/results/default/tls_multiple_synack_different_seq.pcapng.out index d91aec872..d01aaf8b2 100644 --- a/test/results/default/tls_multiple_synack_different_seq.pcapng.out +++ b/test/results/default/tls_multiple_synack_different_seq.pcapng.out @@ -1,5 +1,5 @@ -00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639054241336766} +00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00654{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639054241336766} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054241336766,"flow_dst_last_pkt_time":1639054241336766,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054241336766,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639054241336766,"flow_dst_last_pkt_time":1639054241336766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054241336766,"pkt":"AAAAAAAAAAEATp6rCABFAAA0+iUAACsGwOoKCgoBwKgAAQG76hcOOx8Ly+TVr4AS\/\/\/YwQAAAgQFmAMDCAEEAgEB"} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639054243383123,"flow_dst_last_pkt_time":1639054241336766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054243383123,"pkt":"AAAAAAAAAAEATp6rCABFAAA0+iUAACsGwOoKCgoBwKgAAQG76hcOOx8Ly+TVr4AS\/\/\/YwQAAAgQFmAMDCAEEAgEB"} @@ -10,7 +10,7 @@ 01311{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270712706,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270712706,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"704239182a9091e4453fdbfe0fd17586","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 02008{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270712778,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5427,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270712778,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.AmazonAWS","proto_id":"91.265","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"bolt-prod-s3-eu-west-1.s3.eu-west-1.amazonaws.com","tls": {"version":"TLSv1.2","server_names":"s3-eu-west-1.amazonaws.com,*.s3-eu-west-1.amazonaws.com,s3.eu-west-1.amazonaws.com,*.s3.eu-west-1.amazonaws.com,s3.dualstack.eu-west-1.amazonaws.com,*.s3.dualstack.eu-west-1.amazonaws.com,*.s3.amazonaws.com,*.s3-control.eu-west-1.amazonaws.com,s3-control.eu-west-1.amazonaws.com,*.s3-control.dualstack.eu-west-1.amazonaws.com,s3-control.dualstack.eu-west-1.amazonaws.com,*.s3-accesspoint.eu-west-1.amazonaws.com,*.s3-accesspoint.dualstack.eu-west-1.amazonaws.com,*.s3.eu-west-1.vpce.amazonaws.com","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"704239182a9091e4453fdbfe0fd17586","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Amazon, OU=Server CA 1B, CN=Amazon","subjectDN":"CN=*.s3-eu-west-1.amazonaws.com","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"5A:47:18:0A:2F:90:02:C9:30:5C:B1:BE:D6:0D:5A:42:24:C8:81:76"}}} 00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":1,"flow_first_seen":1639054241336766,"flow_src_last_pkt_time":1639054270712778,"flow_dst_last_pkt_time":1639054270551210,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":517,"flow_src_tot_l4_payload_len":5427,"flow_dst_tot_l4_payload_len":517,"midstream":0,"thread_ts_usec":1639054270712778,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":59927,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00663{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":5944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1639054270712778} +00663{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/tls_multiple_synack_different_seq.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":5944,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1639054270712778} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7786811 bytes -~~ total memory freed........: 7786811 bytes -~~ total allocations/frees...: 146404/146404 +~~ total memory allocated....: 11495430 bytes +~~ total memory freed........: 11495430 bytes +~~ total allocations/frees...: 216658/216658 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 575 chars ~~ json string max len.......: 2013 chars diff --git a/test/results/default/tls_port_80.pcapng.out b/test/results/default/tls_port_80.pcapng.out index 30e0f382b..5f1e55a36 100644 --- a/test/results/default/tls_port_80.pcapng.out +++ b/test/results/default/tls_port_80.pcapng.out @@ -1,5 +1,5 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744619257945} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1618744619257945} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1618744619257945,"flow_src_last_pkt_time":1618744619257945,"flow_dst_last_pkt_time":1618744619257945,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744619257945,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1618744619257945,"flow_dst_last_pkt_time":1618744619257945,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744619257945,"pkt":"AAAAAAAAAAQAaFgECABFAAA062pAAH8G+tE5W8rChDGNOMVtAFCEMAfKAAAAAIAC+vANRAAAAgQFUAEDAwgBAQQC"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1618744619257945,"flow_dst_last_pkt_time":1618744619383792,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1618744619383792,"pkt":"AAAAAAAAAAMAlyocCABFAAA0AABAADUGMD2EMY04OVvKwgBQxW2J+2kQhDAHy4AS+vAZxAAAAgQFtAEBBAIBAwMH"} @@ -9,7 +9,7 @@ 01432{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":7,"flow_first_seen":1618744619257945,"flow_src_last_pkt_time":1618744633780253,"flow_dst_last_pkt_time":1618744630475192,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1618744633780253,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}} 01494{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1618744619257945,"flow_src_last_pkt_time":1618744633780253,"flow_dst_last_pkt_time":1618744633908597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1618744633908597,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}}} 00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1618744619257945,"flow_src_last_pkt_time":1618744633780253,"flow_dst_last_pkt_time":1618744633908597,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":1360,"flow_src_tot_l4_payload_len":245,"flow_dst_tot_l4_payload_len":1360,"midstream":0,"thread_ts_usec":1618744633908597,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":1605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1618744633908597} +00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tls_port_80.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-payload-len":1605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1618744633908597} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 ~~ skipped flows.............: 0 @@ -18,9 +18,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7771339 bytes -~~ total memory freed........: 7771339 bytes -~~ total allocations/frees...: 146391/146391 +~~ total memory allocated....: 11479958 bytes +~~ total memory freed........: 11479958 bytes +~~ total allocations/frees...: 216645/216645 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 551 chars ~~ json string max len.......: 1499 chars diff --git a/test/results/default/tls_torrent.pcapng.out b/test/results/default/tls_torrent.pcapng.out index dcc151e7f..f689d5535 100644 --- a/test/results/default/tls_torrent.pcapng.out +++ b/test/results/default/tls_torrent.pcapng.out @@ -1,5 +1,5 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639054407415018} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639054407415018} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054407415018,"flow_src_last_pkt_time":1639054407415018,"flow_dst_last_pkt_time":1639054407415018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054407415018,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639054407415018,"flow_dst_last_pkt_time":1639054407415018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054407415018,"pkt":"AAAAAAAAAAcAAh9nCABFAAA0ug0AAOIGSgIKCgoBwKgAAQG75dqEHE30Ee7ob4ASBaDg4gAAAgQFeAEBBAIBAwMJ"} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639054407427808,"flow_dst_last_pkt_time":1639054407415018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1639054407427808,"pkt":"AAAAAAAAAAcAAh9nCABFAAA0ug8AAOIGSgAKCgoBwKgAAQG75dqEHE30Ee7ob4ASBaDg4gAAAgQFeAEBBAIBAwMJ"} @@ -10,7 +10,7 @@ 02417{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639054407574962,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1454,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1454,"pkt_l4_len":1420,"thread_ts_usec":1639054407574962,"pkt":"AAAAAAAAAAcAAh9nCABFAAWguhUAAOMGQ44KCgoBwKgAAQG75dqEHFNtEe7pu1AQAAUYcAAATOdWegB3AN+lXqtogk8fbK3uuF9OPlrqzaISpGpejjsSwCBEXCpzAAABfCYcl7YAAAQDAEgwRgIhAK4QNflwf2+HmIqhCL9XiHr\/3hZ4rrGkhnfWeFejDXyxAiEAkt4xpF+LNjEYvkL7B3tjWsbNVXyTtKH9fOJGtd3NG3swDQYJKoZIhvcNAQELBQADggEBAIFf2lmzR3Mwx1K7jh2VeoyiVGSWAcezryvzzvuJkFttEXNY9uQ6fzVJ1GQwHY8Sgk4RebBUmLhxeHVBfbL4oklNJVitp3p0rJlVE66ss2RvgGq+BLxu8QkuSBvws6zi5r1mCJHh6DlGGb\/l8FXxnxlRL9iztFjmEDreL\/juCdzrKe4yoFY9OwFK0hDfG6NY5eXFxMDAvqJ3aHoK2c+0FO1kROazovg3o3Sb0vhbjlT\/Mvxcygcek7IjdtKQTqXGaT3UdrQTZZmrCaHWPIvNhYuEuIcPApBXT31DgdD5bjzjBMZ76wnMcGd1Wcajuonylorrq+jtjuunrrK1xqwO5vMABNQwggTQMIIDuKADAgECAgEHMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTEwNTAzMDcwMDAwWhcNMzEwNTAzMDcwMDAwWjCBtDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALngyxDUr3a91JNi6zBkuIEIbMME2WIXji\/\/PmXPj85i5jxSHNoWRUtVq3hrY4NikM4PaWyZyBoUi0zMRTPqiNyeo68r\/oBhnXlXxM8u9D8wPF1H\/JoWvMM3lkFRjhFLVPgovtCMvvAwOB7zsCb4Zkdjbd5xJkePOEdT0UYdtOPcAOpFrL28cdmqbwDb280wOnlPX0xH+B3vW8LEnWA7sbJDkdikM07qs9YnT60liqXG9NXQpq50BWRXiLVEVdQtKjo++Li96TIKApRkxBY6UPFKrud5M68MIAd\/6N8EOcJpAmxjUvp3wRvIdIfIuZMYUFQ1S2lOvDvTSS4f3MHSUvsCAwEAAaOCARowggEWMA8GA1UdEwEB\/wQFMAMBAf8wDgYDVR0PAQH\/BAQDAgEGMB0GA1UdDgQWBBRAwr0njsw0gzCiM9f7bLPwtCyAzjAfBgNVHSMEGDAWgBQ6moUHEGcotu\/2vQVBbiDBlNoP3jA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkcm9vdC1nMi5jcmwwRgYDVR0gBD8wPTA7BgRVHSAAMDMwMQYIKwYBBQUHAgEWJWh0dHBzOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAAh+bJMQyDi4lqmQS\/+hX08="} 01610{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1639054407415018,"flow_src_last_pkt_time":1639054407576647,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5574,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1639054407576647,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.BitTorrent","proto_id":"91.37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"web.utorrent.com","tls": {"version":"TLSv1.2","server_names":"*.utorrent.com,utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"CN=*.utorrent.com","fingerprint":"E4:8F:E4:15:C7:D0:B7:EA:E6:F6:B1:B4:40:F0:13:D1:5E:7F:64:E8"}}} 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1639054407415018,"flow_src_last_pkt_time":1639054407576647,"flow_dst_last_pkt_time":1639054407443003,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1400,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5574,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1639054407576647,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":5906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1639054407576647} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_torrent.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-payload-len":5906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1639054407576647} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7783538 bytes -~~ total memory freed........: 7783538 bytes -~~ total allocations/frees...: 146388/146388 +~~ total memory allocated....: 11492157 bytes +~~ total memory freed........: 11492157 bytes +~~ total allocations/frees...: 216642/216642 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 551 chars ~~ json string max len.......: 2426 chars diff --git a/test/results/default/tls_unidirectional.pcap.out b/test/results/default/tls_unidirectional.pcap.out index 2b0f4ac1e..12c59c2f5 100644 --- a/test/results/default/tls_unidirectional.pcap.out +++ b/test/results/default/tls_unidirectional.pcap.out @@ -1,5 +1,5 @@ -00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639053848567575} +00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639053848567575} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639053848567575,"flow_src_last_pkt_time":1639053848567575,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639053848567575,"l3_proto":"ip4","src_ip":"142.250.27.188","dst_ip":"10.140.72.24","src_port":5228,"dst_port":12654,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639053848567575,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1639053848567575,"pkt":"AAAAAAAAAAMAAAAIgQABNAgARQAAPBpQAAA0Bm8SjvobvAqMSBgUbDFuUzeA1SLoaN2gEv\/\/alkAAAIEBVAEAggK1TA3SQAvLkoBAwMI"} 02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639053848727889,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1418,"pkt_l4_len":1380,"thread_ts_usec":1639053848727889,"pkt":"AAAAAAAAAAMAAAAIgQABNAgARQAFeBqFAAA0BmmhjvobvAqMSBgUbDFuUzeA1iLoaYSAEAEF8lAAAAEBCArVMDfpAC8u7BYDAwA\/AgAAOwMDYbH6GObXMcPZc0\/u\/07ySDL99AAM65vqRE9XTkdSRAEAwCsAABMAFwAA\/wEAAQAACwACAQAAIwAAFgMDGMULABjBABi+AA21MIINsTCCDJmgAwIBAgIRAL6SfJeXpnf+CgAAAAEZUYgwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjExMTAxMDIxOTUyWhcNMjIwMTI0MDIxOTUxWjAXMRUwEwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARLbBeX0LU3pUWH+9THnnoTQpPglvYMsDQRme2L8rmDF7QEHRFBON4Z6Ol4rL30ubSFYN6X86eKdFg2N4IKsQ0Vo4ILkjCCC44wDgYDVR0PAQH\/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\/wQCMAAwHQYDVR0OBBYEFB918eNtsRAgQAykLBR6lPrqjLfUMB8GA1UdIwQYMBaAFIp0f6+Fze6VzT2c0OJGFPNxNR0nMGoGCCsGAQUFBwEBBF4wXDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AucGtpLmdvb2cvZ3RzMWMzMDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHMxYzMuZGVyMIIJQgYDVR0RBIIJOTCCCTWCDCouZ29vZ2xlLmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYIJKi5iZG4uZGV2ghIqLmNsb3VkLmdvb2dsZS5jb22CGCouY3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIYKi5kYXRhY29tcHV0ZS5nb29nbGUuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5jb22CDyouZ29vZ2xlYXBpcy5jboIRKi5nb29nbGV2aWRlby5jb22CDCouZ3N0YXRpYy5jboIQKi5nc3RhdGljLWNuLmNvbYIPZ29vZ2xlY25hcHBzLmNughEqLmdvb2dsZWNuYXBwcy5jboIRZ29vZ2xlYXBwcy1jbi5jb22CEyouZ29vZ2xlYXBwcy1jbi5jb22CDGdrZWNuYXBwcy5jboIOKi5na2VjbmFwcHMuY26CEmdvb2dsZWRvd25sb2Fkcy5jboIUKi5nb29nbGVkb3dubG9hZHMuY26CEHJlY2FwdGNoYS5uZXQuY26CEioucmVjYXB0Y2hhLm5ldC5jboILd2lkZXZpbmUuY26CDSoud2lkZXZpbmUuY26CEWFtcHByb2plY3Qub3JnLmNughMqLmFtcHByb2o="} @@ -8,7 +8,7 @@ 02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1639053848727889,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1418,"pkt_l4_len":1380,"thread_ts_usec":1639053848727889,"pkt":"AAAAAAAAAAMAAAAIgQABNAgARQAFeBqHAAA0BmmfjvobvAqMSBgUbDFuUzeLXiLoaYSAEAEFo1kAAAEBCArVMDfpAC8u7HVyY2hpbi5jb22CCHlvdXR1LmJlggt5b3V0dWJlLmNvbYINKi55b3V0dWJlLmNvbYIUeW91dHViZWVkdWNhdGlvbi5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CD3lvdXR1YmVraWRzLmNvbYIRKi55b3V0dWJla2lkcy5jb22CBXl0LmJlggcqLnl0LmJlghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYIbZGV2ZWxvcGVyLmFuZHJvaWQuZ29vZ2xlLmNughxkZXZlbG9wZXJzLmFuZHJvaWQuZ29vZ2xlLmNughhzb3VyY2UuYW5kcm9pZC5nb29nbGUuY24wIQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxYzMvZlZKeGJWLUt0bWsuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF82YK70QAABAMARjBEAiARmGVm7JB3\/oaiBObGX7ROVBBSBRLYITFiTlEAkfPyHgIgcCqtTtRkXEWtBLRMdlLCyCYM1mcHiE111yE3Oz\/NZIAAdwBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq\/L8cP5tRwAAAXzZgruvAAAEAwBIMEYCIQCdEWa\/V20J9qsoD+RWkg98YsZ+GN7Iw02KvnAz9ok\/BQIhAIUpxYOKIJBQapnn340xxt3\/h79Jm5lUc5BI1s6PP4IAMA0GCSqGSIb3DQEBCwUAA4IBAQABqQYCPziQTB9R2Rgn5Q8W9muFuMiL4KxImQgWyMFIzShVMs4tIvcdbxGCTlA9XAgmyeDKzU2kf\/bc7nhWpWCLIA45f8+E9bVyHr\/X4mri7FiDHK2XCXO0FRC3eZdepiGSobgPjXlY3Fe7j7+iCnir3opglZmCSKGSUlJMiRAr0AeCNtNEpLzqKc1rUyIpSe7ExrIITKl54o\/8ETyKOlT61jBq4Mbjhmtn0bsrRvaJfV9SOBCa+HlHt+j\/OMqIRm0JNViqmtqAn3eHET3kepM8j2LM3MNs6rMYC9GX6t\/kdQ9LuBdtLk5Beg1yxxPZQicDwEvmo\/KKC8OFwyRb+wekAAWaMIIFljCCA36gAwIBAgINAgO8U1lrNMcY9QFQZjANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjAwODEzMDAwMDQyWhcNMjcwOTMwMDAwMDQyWjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFDMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPWI3+dijB43+DdCkH9sh9D7ZYIl\/ejLa6T\/belaI+KZ9hzpkgOZE3wJCor6QtZeViSqejOEH9Hpabu5dOxXTGZok3c3VVP+ORBNtzS7XyV3NzsXlOo85Z3VvMO0Q+sup0fvsEQRY9i0QYXdQTBIkxu\/t\/bgRQIh4JZCF8\/ZK2VWNAcmBA2o\/X3KLu\/qSHw3TT8An4Pf73WELnlXXPxXbhqW\/\/yMmqaZviXZf5YsBvcRKgKAgOtjGDxQSYflispfGStZloE="} 02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639053848727889,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1418,"pkt_l4_len":1380,"thread_ts_usec":1639053848727889,"pkt":"AAAAAAAAAAMAAAAIgQABNAgARQAFeBqIAAA0BmmejvobvAqMSBgUbDFuUzeQoiLoaYSAEAEFW90AAAEBCArVMDfpAC8u7ACg+1HbyncLC8mWT+9wScdcbSD9mbS04soud\/0t3Au2axMMjBkrF5aYufCL9qAnu7bjjVGPva7Hm7GJnQIDAQABo4IBgDCCAXwwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBSKdH+vhc3ulc09nNDiRhTzcTUdJzAfBgNVHSMEGDAWgBTkrysmcRorSCeFL1JmLO\/wiRNxPjBoBggrBgEFBQcBAQRcMFowJgYIKwYBBQUHMAGGGmh0dHA6Ly9vY3NwLnBraS5nb29nL2d0c3IxMDAGCCsGAQUFBzAChiRodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHNyMS5kZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC5wa2kuZ29vZy9ndHNyMS9ndHNyMS5jcmwwVwYDVR0gBFAwTjA4BgorBgEEAdZ5AgUDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vcGtpLmdvb2cvcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQsFAAOCAgEAiX2sIFwMPL6aqFeVG7Su+qulcnG0NpX930ARA0zCRhS7FCSr8FBxItutxG5\/z\/Fqb8iDG9jOiV+HbIe4qQyjm6FilJOV31uuZhkLApae\/LXnEGk+estGSV9G4UGx15hNZTQAgBo\/T59sf0kAgVNBpJIhgoIa8aNEWypQEhNNwVM280IIr1T6jndTG2Q4JxcJvVjJG3w5LVvzztTtl9sUA78JUyQfwgwEeZgm8mHxU1L9QowbZis\/FaG7\/\/ab44GaAQZxiTUoJN3hvesZLeFIyz1Zg1G0dMadfMaxhluvzDTE08zUgRGVAKH0EiIB+rSDca+Mt4xzJKw3U8IAkD8R\/lztNpQQO70pruLHOmI7bGPZgL9ZcaxjJ7lMF6Da9nMVvyrej\/OlbDKBMwPQhlFxmTS6k41dtVFY97KT6AH2Wb5xm\/1NKM7PbccW3PfR1kabp8pr6XcP\/aC2GyODHRAa2QkAhOBE06J1I7M0hvYgsKReEB3gUkYAnbEPHyFwUfWa3Qb8VfQrDjN3w0tCwvF3E\/xzgJTrH7s3P84CKmawcx0ypTJsMrCO4MQj\/1t9TWVwrCubPc7b4G2OMoC+lp+SY7yXu1259OFxXirk7wMisYplOo\/Ak2XUhc0PD1uDWRZHFi2cJDrIgKYmFIWb9jebrG\/5xcMGUfPif8WxELpR9N0ABWYwggViMIIESqADAgECAhB3vQ1s2zb5GuohD8TwWNMNMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMjAwNjE5MDAwMDQyWhcNMjgwMTI4MDAwMDQyWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaMf\/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7wCl7raKY="} 03807{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1639053848567575,"flow_src_last_pkt_time":1639053848727919,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639053848727919,"l3_proto":"ip4","src_ip":"142.250.27.188","dst_ip":"10.140.72.24","src_port":5228,"dst_port":12654,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.google.com,*.appengine.google.com,*.bdn.dev,*.cloud.google.com,*.crowdsource.google.com,*.datacompute.google.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlevideo.com,*.gstatic.cn,*.gstatic-cn.com,googlecnapps.cn,*.googlecnapps.cn,googleapps-cn.com,*.googleapps-cn.com,gkecnapps.cn,*.gkecnapps.cn,googledownloads.cn,*.googledownloads.cn,recaptcha.net.cn,*.recaptcha.net.cn,widevine.cn,*.widevine.cn,ampproject.org.cn,*.ampproject.org.cn,ampproject.net.cn,*.ampproject.net.cn,google-analytics-cn.com,*.google-analytics-cn.com,googleadservices-cn.com,*.googleadservices-cn.com,googlevads-cn.com,*.googlevads-cn.com,googleapis-cn.com,*.googleapis-cn.com,googleoptimize-cn.com,*.googleoptimize-cn.com,doubleclick-cn.net,*.doubleclick-cn.net,*.fls.doubleclick-cn.net,*.g.doubleclick-cn.net,doubleclick.cn,*.doubleclick.cn,*.fls.doubleclick.cn,*.g.doubleclick.cn,dartsearch-cn.net,*.dartsearch-cn.net,googletraveladservices-cn.com,*.googletraveladservices-cn.com,googletagservices-cn.com,*.googletagservices-cn.com,googletagmanager-cn.com,*.googletagmanager-cn.com,googlesyndication-cn.com,*.googlesyndication-cn.com,*.safeframe.googlesyndication-cn.com,app-measurement-cn.com,*.app-measurement-cn.com,gvt1-cn.com,*.gvt1-cn.com,gvt2-cn.com,*.gvt2-cn.com,2mdn-cn.net,*.2mdn-cn.net,googleflights-cn.net,*.googleflights-cn.net,admob-cn.com,*.admob-cn.com,*.gstatic.com,*.metric.gstatic.com,*.gvt1.com,*.gcpcdn.gvt1.com,*.gvt2.com,*.gcp.gvt2.com,*.url.google.com,*.youtube-nocookie.com,*.ytimg.com,android.com,*.android.com,*.flash.android.com,g.cn,*.g.cn,g.co,*.g.co,goo.gl,www.goo.gl,google-analytics.com,*.google-analytics.com,google.com,googlecommerce.com,*.googlecommerce.com,ggpht.cn,*.ggpht.cn,urchin.com,*.urchin.com,youtu.be,youtube.com,*.youtube.com,youtubeeducation.com,*.youtubeeducation.com,youtubekids.com,*.youtubekids.com,yt.be,*.yt.be,android.clients.google.com,developer.android.google.cn,developers.android.google.cn,source.android.google.cn","notafter":"2022-01-24 02:19:51","ja3":"","ja3s":"84aaf6d03fc8c5bfb56d1d188735b268","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services LLC, CN=GTS CA 1C3","subjectDN":"CN=*.google.com","fingerprint":"02:64:CA:2E:8A:2F:BB:C4:97:9D:A7:AC:2B:47:FF:DE:28:0E:71:B1"}}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":6544,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1663090549161771} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":6544,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1663090549161771} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549161771,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549161771,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8b6ZAAEAGlofAqAGAw7WusLyEAbsbAqeoAAAAAKAC+vBE2wAAAgQFtAQCCAo49hnFAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1663090549179586,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549179586,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0b6dAAEAGlo7AqAGAw7WusLyEAbsbAqep\/y9LZoAQAfZHFAAAAQEICjj2GdaczD4K"} @@ -18,7 +18,7 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1663090549200840,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549200840,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0b6pAAEAGlovAqAGAw7WusLyEAbsbAqjK\/y9VRoAQAeU7+gAAAQEICjj2GeyczD4e"} 00794{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1639053848567575,"flow_src_last_pkt_time":1639053848727919,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090558366747,"l3_proto":"ip4","src_ip":"142.250.27.188","dst_ip":"10.140.72.24","src_port":5228,"dst_port":12654,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00796{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":27,"flow_dst_packets_processed":0,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090607951443,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5903,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090607951443,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":12447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1663090607951443} +00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":12447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1663090607951443} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 33/33 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7943728 bytes -~~ total memory freed........: 7943728 bytes -~~ total allocations/frees...: 146556/146556 +~~ total memory allocated....: 11652331 bytes +~~ total memory freed........: 11652331 bytes +~~ total allocations/frees...: 216810/216810 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 558 chars ~~ json string max len.......: 3812 chars diff --git a/test/results/default/tls_verylong_certificate.pcap.out b/test/results/default/tls_verylong_certificate.pcap.out index 7e4e53cf2..f356de32c 100644 --- a/test/results/default/tls_verylong_certificate.pcap.out +++ b/test/results/default/tls_verylong_certificate.pcap.out @@ -1,18 +1,18 @@ -00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1578254908457751} +00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1578254908457751} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908457751,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908457751,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1578254908457751,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1578254908457751,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1578254908469342,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1578254908469463,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578254908469463,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGnuXAqAGgl2VCMdYUAbur4+BF2Hadx4AQEAgJrQAAAQEICgG\/txJynbuC"} 01256{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1578254908475203,"pkt":"EBMx8Tl2KDc3AG3ICABFAAI5AABAAEAGnODAqAGgl2VCMdYUAbur4+BF2Hadx4AYEAjFKwAAAQEICgG\/txdynbuCFgMBAgABAAH8AwNreR1fucqnaT8n7FpnpsjcXpwujsf+X6\/m0ZYauF9Z+gAAhswUzBPMFcAwwCzAKMAkwBTACgCjAJ8AawBqADkAOP+FAMQAwwCIAIcAgcAywC7AKsAmwA\/ABQCdAD0ANQDAAITAL8ArwCfAI8ATwAkAogCeAGcAQAAzADIAvgC9AEUARMAxwC3AKcAlwA7ABACcADwALwC6AEHAEsAIABYAE8ANwAMACgD\/AQABTQAAABoAGAAAFWZlb2RvdHJhY2tlci5hYnVzZS5jaAALAAQDAAECAAoAOgA4AA4ADQAZABwACwAMABsAGAAJAAoAGgAWABcACAAGAAcAFAAVAAQABQASABMAAQACAAMADwAQABEADQAmACQGAQYCBgPv7wUBBQIFAwQBBAIEA+7u7e0DAQMCAwMCAQICAgMzdAAAABAACwAJCGh0dHAvMS4xABUAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01131{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908475203,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}} +01155{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908469342,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1578254908475203,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"http\/1.1"}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908487025,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1578254908487025,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0JkBAADYGgqWXZUIxwKgBoAG71hTYdp3Hq+PiSoAQADgXbgAAAQEICnKdu4cBv7cX"} -01221{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908490162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1578254908490162,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1"}}} -03909{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media","hostname":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}}} +01245{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908475203,"flow_dst_last_pkt_time":1578254908490162,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1368,"midstream":0,"thread_ts_usec":1578254908490162,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1"}}} +03931{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908490465,"flow_dst_last_pkt_time":1578254908490567,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":5472,"midstream":0,"thread_ts_usec":1578254908490567,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}}} 01976{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":4559.7,"max":21714,"stddev":6622.1,"var":43852844.0,"ent":3.5,"data": [11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2]},"pktlen": {"min":52,"avg":518.6,"max":1420,"stddev":615.3,"var":378610.9,"ent":4.0,"data": [64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104]},"bins": {"c_to_s": [12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1],"entropies": [4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465]}} -03912{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media","hostname":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}}} -00982{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908551114,"flow_dst_last_pkt_time":1578254908551079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":844,"flow_dst_tot_l4_payload_len":18233,"midstream":0,"thread_ts_usec":1578254908551114,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":1,"category":"Media"}} -00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1578254908551114} +03934{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908528417,"flow_dst_last_pkt_time":1578254908528437,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":813,"flow_dst_tot_l4_payload_len":14097,"midstream":0,"thread_ts_usec":1578254908528437,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"feodotracker.abuse.ch","tls": {"version":"TLSv1.2","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","advertised_alpns":"http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}}} +01004{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":24,"flow_first_seen":1578254908457751,"flow_src_last_pkt_time":1578254908551114,"flow_dst_last_pkt_time":1578254908551079,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1368,"flow_src_tot_l4_payload_len":844,"flow_dst_tot_l4_payload_len":18233,"midstream":0,"thread_ts_usec":1578254908551114,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Cybersec","proto_id":"91.283","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":33,"category":"Cybersecurity"}} +00653{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/tls_verylong_certificate.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1578254908551114} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 48/48 ~~ skipped flows.............: 0 @@ -21,10 +21,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7942481 bytes -~~ total memory freed........: 7942481 bytes -~~ total allocations/frees...: 146558/146558 +~~ total memory allocated....: 11651100 bytes +~~ total memory freed........: 11651100 bytes +~~ total allocations/frees...: 216812/216812 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 562 chars -~~ json string max len.......: 3917 chars -~~ json string avg len.......: 2196 chars +~~ json string max len.......: 3939 chars +~~ json string avg len.......: 2207 chars diff --git a/test/results/default/toca-boca.pcap.out b/test/results/default/toca-boca.pcap.out index 16da30e7c..aa20f8511 100644 --- a/test/results/default/toca-boca.pcap.out +++ b/test/results/default/toca-boca.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648999646082000} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648999646082000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648999646082000,"flow_src_last_pkt_time":1648999646082000,"flow_dst_last_pkt_time":1648999646082000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648999646082000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.225","src_port":50173,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648999646082000,"flow_dst_last_pkt_time":1648999646082000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1648999646082000,"pkt":"eJS0JASgYDjgxTWgCABFAABUT6gAAD8RuzzAqAJkW8dR4cP9E78AQBEY\/\/8AAQAAAAQitua6Av8BBAAAACwAAAABAAAEsAAAgAAAAAACAAAAAAAAAAAAABOIAAAAAgAAAAI="} 01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648999646082000,"flow_src_last_pkt_time":1648999646082000,"flow_dst_last_pkt_time":1648999646082000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648999646082000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.225","src_port":50173,"dst_port":5055,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -7,12 +7,12 @@ 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1648999646128000,"flow_dst_last_pkt_time":1648999646116000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1648999646128000,"pkt":"eJS0JASgYDjgxTWgCABFAABxT6sAAD8RuxzAqAJkW8dR4cP9E78AXV\/iu8gAAgAAADIitua6Af8ABAAAABQAAAAAAAAAAH370YUGAAEEAAAANQAAAAHzAAEIHkEGAwBmMzYxNWExNy02MDg0LTQwYzUtYmZkNS0yZmZiYTRkMQ=="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1648999646128000,"flow_dst_last_pkt_time":1648999646161000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1648999646161000,"pkt":"YDjgxTWgeJS0JASgCABFAABLMqoAADsR3ENbx1HhwKgCZBO\/w\/0AN2KSAAAAAn370bQitua6AQAAAAAAABQAAAAAAAAAAQAAADIGAAEAAAAADwAAAAHzAQA="} 00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1648999646194000,"flow_dst_last_pkt_time":1648999646161000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_usec":1648999646194000,"pkt":"eJS0JASgYDjgxTWgCABFAAC7T7gAAD8RusXAqAJkW8dR4cP9E78Ap6eQu8gAAwAAAHQitua6AQAABAAAABQAAAAAAAAAAX370bQGAAEEAAAAcwAAAALzBgABAUNgHwPphFRWEeG7K1su8dh7ceJAIgMbYEW8\/IlaIVUMHV0pUYGkvKEUCp0YWnRyweSVzbsPVZeP3OdC\/CCq\/oATU+qSsKMyrHnO8SqUZVPoXQLHChtZdlXOpTLON959iRFoDP8BBAAAAAwAAAAC"} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":1831,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1649338791869000} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":1831,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1649338791869000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649338791869000,"flow_src_last_pkt_time":1649338791869000,"flow_dst_last_pkt_time":1649338791869000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649338791869000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":42022,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1649338791869000,"flow_dst_last_pkt_time":1649338791869000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1649338791869000,"pkt":"eJS0JASgYDjgxTWgCABFAABUquwAAD8RF0nAqAJkXCaaMaQmE78AQOkN\/\/8AAQAAAA0lI+N2Av8BBAAAACwAAAABAAAEsAAAgAAAAAACAAAAAAAAAAAAABOIAAAAAgAAAAI="} 01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649338791869000,"flow_src_last_pkt_time":1649338791869000,"flow_dst_last_pkt_time":1649338791869000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649338791869000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":42022,"dst_port":5055,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1648999646082000,"flow_src_last_pkt_time":1648999647452000,"flow_dst_last_pkt_time":1648999648493000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":416,"flow_dst_max_l4_payload_len":386,"flow_src_tot_l4_payload_len":840,"flow_dst_tot_l4_payload_len":991,"midstream":0,"thread_ts_usec":1649338791869000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.225","src_port":50173,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1887,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1649339413371000} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-payload-len":1887,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1649339413371000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649339413371000,"flow_src_last_pkt_time":1649339413371000,"flow_dst_last_pkt_time":1649339413371000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649339413371000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":55544,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1649339413371000,"flow_dst_last_pkt_time":1649339413371000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_usec":1649339413371000,"pkt":"eJS0JASgYDjgxTWgCABFAABUVGwAAD8RbcnAqAJkXCaaMdj4E78AQKGB\/\/8AAQAAAA8HHhQ0Av8BBAAAACwAAAABAAAEsAAAgAAAAAACAAAAAAAAAAAAABOIAAAAAgAAAAI="} 01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649339413371000,"flow_src_last_pkt_time":1649339413371000,"flow_dst_last_pkt_time":1649339413371000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":56,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":56,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":56,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649339413371000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"92.38.154.49","src_port":55544,"dst_port":5055,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -24,7 +24,7 @@ 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649339424328000,"flow_src_last_pkt_time":1649339424328000,"flow_dst_last_pkt_time":1649339424328000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649339424328000,"l3_proto":"ip4","src_ip":"92.38.154.49","dst_ip":"192.168.2.100","src_port":5055,"dst_port":32867,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1649339424328000,"flow_dst_last_pkt_time":1649339424328000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1649339424328000,"pkt":"YDjgxTWgeJS0JASgCABFAABojnsAAHkR+aVcJpoxwKgCZBO\/gGMAVCBGAAAAAhCV6uVoVFlOAf8AAAAAABQAAAAAAAAAAQAAABAD\/wEAAAAALAAAAAA0zASwAACAAAAAAAIAAAAAAAAAAAAAE4gAAAACAAAAAg=="} 01047{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649339424328000,"flow_src_last_pkt_time":1649339424328000,"flow_dst_last_pkt_time":1649339424328000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":76,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":76,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649339424328000,"l3_proto":"ip4","src_ip":"92.38.154.49","dst_ip":"192.168.2.100","src_port":5055,"dst_port":32867,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":33,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":4155,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1649357329801000} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":33,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":4155,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_usec":1649357329801000} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357329801000,"flow_src_last_pkt_time":1649357329801000,"flow_dst_last_pkt_time":1649357329801000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649357329801000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":54983,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1649357329801000,"flow_dst_last_pkt_time":1649357329801000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":127,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":127,"pkt_l4_len":93,"thread_ts_usec":1649357329801000,"pkt":"eJS0JASgYDjgxTWgCABFAABxId0AAD8R6VDAqAJkW8dRe9bHE78AXZvqAZ0AAgAAADR76ExLAf8AAAAAABQAAAAAAAAAAIrS+jcGAAEEAAAANQAAAAHzAAEIHkEEAQA4MjYyMDUzMS04NzM3LTQ4MjQtOGZkMi1hNGQyOWUyNA=="} 01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357329801000,"flow_src_last_pkt_time":1649357329801000,"flow_dst_last_pkt_time":1649357329801000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":85,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":85,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649357329801000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":54983,"dst_port":5055,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -52,13 +52,13 @@ 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1649357796478000,"flow_dst_last_pkt_time":1649357796478000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":201,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":201,"pkt_l4_len":167,"thread_ts_usec":1649357796478000,"pkt":"eJS0JASgYDjgxTWgCABFAAC76dUAAD8RIQ7AqAJkW8dRe5FiE78Ap9\/gQYIAAwAAEKFwWW0qAQAAAAAAABQAAAAAAAAAAYraGScGAAEEAAAAcwAAAALzBgABAUNgqO2TCWkNPwQmb\/To5eafmHwk2M3jcXw+syR8\/2ZkLpAnxsjBo9NJIRg3niLIEBe1BKRcjcw9VsSC9Wp8xiV3ZwLnTCAQMR7QxRv8JFOFvJff26sic0VghOwZl+0g5UdBDP8BBAAAAAwAAAAC"} 01051{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357796478000,"flow_src_last_pkt_time":1649357796478000,"flow_dst_last_pkt_time":1649357796478000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649357796478000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":37218,"dst_port":5055,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01089{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357623776000,"flow_src_last_pkt_time":1649357623776000,"flow_dst_last_pkt_time":1649357623776000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649357796478000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":60837,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":52,"packets-processed":51,"total-skipped-flows":0,"total-l4-payload-len":6173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1649358122834000} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":52,"packets-processed":51,"total-skipped-flows":0,"total-l4-payload-len":6173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1649358122834000} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649358122834000,"flow_src_last_pkt_time":1649358122834000,"flow_dst_last_pkt_time":1649358122834000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":150,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649358122834000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":33311,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1649358122834000,"flow_dst_last_pkt_time":1649358122834000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_usec":1649358122834000,"pkt":"YDjgxTWgeJS0JASgCABFAACyLPAAADsR4fxbx1F7wKgCZBO\/gh8AnmVJAAAAAorfFD0zMIisAQAAAAAAABQAAAAAAAAAAgAAAG4GAAEAAAAAdgAAAALzBwAAAAgBAUNg8vSS5O+J\/XjOQQuCE\/Kz82hilWidCgaS8LTWICvsbjJnfEWbmMIZg+HqoUshflWYbYRWr5V8d81p2Yo8Hq57m1zea2a8m\/5YufPz7tt8hhSQ3WPzZMeBz21Wv8GmKuYQ"} 01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649358122834000,"flow_src_last_pkt_time":1649358122834000,"flow_dst_last_pkt_time":1649358122834000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":150,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649358122834000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":33311,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357623776000,"flow_src_last_pkt_time":1649357623776000,"flow_dst_last_pkt_time":1649357623776000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649358122834000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":60837,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649357796478000,"flow_src_last_pkt_time":1649357796478000,"flow_dst_last_pkt_time":1649357796478000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":159,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":159,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":159,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649358122834000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":37218,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":6323,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":61,"global_ts_usec":1649360879587000} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":6323,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":10,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":61,"global_ts_usec":1649360879587000} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649360879587000,"flow_src_last_pkt_time":1649360879587000,"flow_dst_last_pkt_time":1649360879587000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":150,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649360879587000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":40290,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1649360879587000,"flow_dst_last_pkt_time":1649360879587000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":192,"pkt_l4_len":158,"thread_ts_usec":1649360879587000,"pkt":"YDjgxTWgeJS0JASgCABFAACykLMAADsRfjlbx1F7wKgCZBO\/nWIAnpDwAAAAAosJJVgh87CXAQAAAAAAABQAAAAAAAAAAgAAAn4GAAEAAAAAdgAAAALzBwAAAAgBAUNgLNWb5SaCJAocJvmSqainbl+Oa4DJn3IT4qVSI8qFj6X5DLzbYJpCJ8LrRJdeJ7QpAQUlDLFkzmCIsWSJViCx2U\/siT702DkXpm6dZLrYzkK0dSx2ekQBCbW\/YHJC1uBB"} 01052{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649360879587000,"flow_src_last_pkt_time":1649360879587000,"flow_dst_last_pkt_time":1649360879587000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":150,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":150,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649360879587000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":40290,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -70,7 +70,7 @@ 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649361166006000,"flow_src_last_pkt_time":1649361166006000,"flow_dst_last_pkt_time":1649361166006000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649361166006000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":56864,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1649361166006000,"flow_dst_last_pkt_time":1649361166006000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649361166006000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8JwkAAD8R5FnAqAJkW8dRe94gE78AKB4+Pk0AAQAADyI7JuZnAQAAAAAAABQAAAAAAAAAA4sNhA4="} 01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649361166006000,"flow_src_last_pkt_time":1649361166006000,"flow_dst_last_pkt_time":1649361166006000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649361166006000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":56864,"dst_port":5055,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":56,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":6537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":13,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1649411629031000} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":56,"packets-processed":55,"total-skipped-flows":0,"total-l4-payload-len":6537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":3,"current-active-flows":2,"total-active-flows":13,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_usec":1649411629031000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411629031000,"flow_src_last_pkt_time":1649411629031000,"flow_dst_last_pkt_time":1649411629031000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649411629031000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":50600,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1649411629031000,"flow_dst_last_pkt_time":1649411629031000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649411629031000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8d50AAD8Rk8XAqAJkW8dRe8WoE78AKHeQB0IAAQAAAiMEvRHkAQAAAAAAABQAAAAAAAAAA44Pjyk="} 01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411629031000,"flow_src_last_pkt_time":1649411629031000,"flow_dst_last_pkt_time":1649411629031000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649411629031000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":50600,"dst_port":5055,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -88,18 +88,18 @@ 01119{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1649411857970000,"flow_dst_last_pkt_time":1649411857970000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":495,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":495,"pkt_l4_len":461,"thread_ts_usec":1649411857970000,"pkt":"YDjgxTWgeJS0JASgCABFAAHhCAgAADsRBbZbx1F7wKgCZBO\/kS8Bza5qAAAAAo4TDaEsoxytBwAAAAAAACAAAAACAAAAAfME4gPjDRYC5Q03COQN3wMGAAEAAAABmQAAAAPzA+YAAAgC3x7dB4ADNjVOQzAyZGNzN0NUenlXakNnbnRIZGQ4Uzc2NXZZeXdsTy9qM3pYcW9OdGpvRkozdTlGZHFjeUVpeksvdktmMy9IdldhSkwySW9EdW9Ia0VPSE1sYkQ2aHlPVlBGZkpSaEtxUnRuZUVYNUdGZ0NMRkF1WGl1ai9FdHd2RWFRdURVM3dUZXY3WTFCZ0pqL0tHaHhVdnBDWHpLWkFIb3ZVdkVZNDk0dmFMQSswNlJrUHBXNnVJNU9JYzZSaU5ZODhuK0RtYTRtdm11bGZQakZzQWxCNlE2WlZWZGpoWnJOV1NQcjlaL0ROR2VaUlRFNEc4aEFJZDRrRVl4ZWExZE1UU2Y0cHhmL3RibndmcVdvQ2JWNmhsbE5nSkt3akF0REkxQUV3cmZVeUdxLytxaUc3S2RWVXpDRndMSDVUdWRCRU1vak5XTjlNM0RsV0FHZnBtaW14T1g1S2pmWWw2WkhLV3RKRmhuNUM4dmN6dXZWTTdJZENXeXZzWWl3Umhuam9O"} 01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411629031000,"flow_src_last_pkt_time":1649411629031000,"flow_dst_last_pkt_time":1649411629031000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649411857970000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":50600,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01096{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1649411716027000,"flow_src_last_pkt_time":1649411718310000,"flow_dst_last_pkt_time":1649411718292000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":473,"flow_src_tot_l4_payload_len":836,"flow_dst_tot_l4_payload_len":834,"midstream":0,"thread_ts_usec":1649411857970000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":35671,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":73,"packets-processed":72,"total-skipped-flows":0,"total-l4-payload-len":8692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":16,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_usec":1649756653649000} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":73,"packets-processed":72,"total-skipped-flows":0,"total-l4-payload-len":8692,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":16,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_usec":1649756653649000} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649756653649000,"flow_src_last_pkt_time":1649756653649000,"flow_dst_last_pkt_time":1649756653649000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":34503,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1649756653649000,"flow_dst_last_pkt_time":1649756653649000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649756653649000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8JawAADsR6bdbx1F6wKgCZBO\/hscAKBKXAAAAAa\/cVZosVa4ZAQAAAAAAABQAAAAAAAAABAAAATQ="} 01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":73,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649756653649000,"flow_src_last_pkt_time":1649756653649000,"flow_dst_last_pkt_time":1649756653649000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":34503,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01061{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411857970000,"flow_src_last_pkt_time":1649411857970000,"flow_dst_last_pkt_time":1649411857970000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":453,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":453,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":453,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":37167,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649411857970000,"flow_src_last_pkt_time":1649411857970000,"flow_dst_last_pkt_time":1649411857970000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":453,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":453,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":453,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"91.199.81.123","dst_ip":"192.168.2.100","src_port":5055,"dst_port":37167,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1649411716027000,"flow_src_last_pkt_time":1649411718310000,"flow_dst_last_pkt_time":1649411718292000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":473,"flow_src_tot_l4_payload_len":836,"flow_dst_tot_l4_payload_len":834,"midstream":0,"thread_ts_usec":1649756653649000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.123","src_port":35671,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":8724,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":98,"global_ts_usec":1649949002676000} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":8724,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":98,"global_ts_usec":1649949002676000} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649949002676000,"flow_src_last_pkt_time":1649949002676000,"flow_dst_last_pkt_time":1649949002676000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649949002676000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":50337,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1649949002676000,"flow_dst_last_pkt_time":1649949002676000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1649949002676000,"pkt":"YDjgxTWgeJS0JASgCABFAATMcx8AADsRl01bx1HhwKgCZBO\/xKEEuJV9AAAAAbaSYs0pd\/HxCAABAAAABKQAAAAFAAAABQAAAAsAAAAAAAAtKgAAAADzBOYB3hXbAQcgYnVzY28gYW1pZ29zIHNveSBwb2xpY2lhIGZyYW5jZXMVBwcCc3QG8KfG20BqSUED\/RwD\/AMKBwJtZAMBBwJtcAMeBwJzdiID\/wMKBwU0OTExMhUHBwJzdAYOLbLdRgoyQQP9HAP8AwoHAm1kAwEHAm1wAxkHAnN2IgP\/AwoHB1NoZXJsb24VBwcCc3QGcT0Kp+h8QkED\/RwD\/AMKBwJtZAMBBwJtcAMFBwJzdiID\/wMKBxNnYXRvcyBnYW1lXzEwOjUzOjMyFQcHAnN0BjeJQaB7OklBA\/0cA\/wDCgcCbWQDAQcCbXADDwcCc3YDAQP\/AwoHCTEwMDAwNDAwMBUHBwJzdAbjpZt0D0BJQQP9HAP8AwoHAm1kAwEHAm1wAwcHAnN2IgP\/AwoHCeaIkeeahOWPkRUHBwJzdAaWQ4v8vMVJQQP9HAP8AwYHAm1kAwEHAm1wAxQHAnN2IgP\/AwYHEHB2cCBoYXJkZWNvcvCfkoAVBwcCc3QG\/tR42XVFSUED\/RwD\/AMJBwJtZAMBBwJtcAMPBwJzdiID\/wMKBwU0MzY4MhUHBwJzdAbn+6nx3kJJQQP9HAP8AwoHAm1kAwEHAm1wAxwHAnN2IgP\/AwoHBGJvdDMVBwcCc3QGAAAAkNDkSUED\/RwD\/AMKBwJtZAMBBwJtcAMeBwJzdiID\/wMKBw4gZ2FtZV8wMjozNTo0MxUHBwJzdAYzMzNDUqhJQQP9HAP8AwoHAm1kAwEHAm1wIgcCc3YDAQP\/AwoHCkdUQSBWIGxpZmUVBwcCc3QGqvHS3eg1SUED\/RwD\/AMKBwJtZAMBBwJtcAMBBwJzdiID\/wMKBxPRg9GDMSBnYW1lXzA2OjE0OjIwFQcHAnN0BrByaKHFz0ZBA\/0cA\/wDCgcCbWQDAQcCbXADCwcCc3YDAQP\/AwoHBTY1MjIwFQcHAnN0BolBYKUCYEdBA\/0cA\/wDCgcCbWQDAQcCbXAiBwJzdiID\/wMKBwU4MTU0OBUHBwJzdAbfT433oXoxQQP9HAP8AwoHAm1kAwEHAm1wAx4HAnN2IgP\/AwoHDiBnYW1lXzA0OjMwOjQxFQcHAnN0BqabxBDRRUlBA\/0cA\/wDCgcCbWQDAQcCbXADHQcCc3YDAQP\/AwoHBTI4NjQ1FQcHAnN0Bi2ynf8p6kpBA\/0cA\/wDCgcCbWQDAQcCbXADFQcCc3YiA\/8DCgcFMTMxNjUVBwcCc3QGvHSTeDIhQ0ED\/RwD\/AMKBwJtZAMBBwJtcAMVBwJzdiID\/wMKBwU0NDg2OBUHBwJzdAYZBFbuLowxQQP9HAP8AwoHAm1kAwEHAm1wAw0HAnN2IgP\/AwoHCWphamFqYWphahUHBwJzdAYbL90E6kNDQQP9HAP8AwoHAm1kAwEHAm1wAx4HAnN2IgP\/AwoHBDcxNjAVBwcCc3QGj8L16LZhMkED\/RwD\/AMKBwJtZCIHAm1wAxsHAnN2IgP\/AwoHBuWSjOW5sxUHBwJzdAacxCBQ\/Po0QQP9HAP8AwoHAm1kAwIHAm1wAwMHAnN2"} 01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649756653649000,"flow_src_last_pkt_time":1649756653649000,"flow_dst_last_pkt_time":1649756653649000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649949002676000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":34503,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":75,"packets-processed":74,"total-skipped-flows":0,"total-l4-payload-len":9924,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":102,"global_ts_usec":1649959918209000} +00639{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":75,"packets-processed":74,"total-skipped-flows":0,"total-l4-payload-len":9924,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":16,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":18,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":102,"global_ts_usec":1649959918209000} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":56920,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1649959918209000,"pkt":"YDjgxTWgeJS0JASgCABFAATMlmcAADsRdGxbx1F6wKgCZBO\/3lgEuGJXAAAAAbv54rwVf+7RCAABAAAABKQAAAAFAAAABQAAAB4AAAAAAACDaAAAAADzBOYAAd5oAfRzAAkyNTY1ODIyODNoAAhi\/W8BcwACTFZzAARNYWxscwACQ0x5AARpAAAAAgAAAAMAAAAEAAAABXMAAkNUcwABQWL8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAKMTM2MDA2OTEyNWgABGL\/YgpzAAJMVnMABlNjaG9vbGL9bwFi\/GIHcwAKMjExMDU4MjkwNGgACGL9bwFzAAJMVnMABlNjaG9vbHMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwAGRGlncmVmYvxiB3MAAkNQcwAAcwACQ0dvAWL\/YgpzAAg5OTY4MzY0MmgACGL9bwFzAAJMVnMABE1hbGxzAAJDTHkAAWkAAAAFcwACQ1RzAAFRYvxiCnMAAkNQcwAAcwACQ0dvAWL\/YgpzAAkxNTUyMTI1OTdoAAhi\/W8BcwACTFZzAAdGYWN0b3J5cwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAAjZgdin2LHYs2L8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAKMTc2NjI2NTIyN2gACGL9bwFzAAJMVnMACEhhbmdhclYycwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAARCYW5pYvxiCXMAAkNQcwAAcwACQ0dvAWL\/YgpzAAg5MTc3MDA5N2gACGL9bwFzAAJMVnMABk9mZmljZXMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwAEWmFza2L8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAJNzU4NjQ3NzY4aAAIYv1vAXMAAkxWcwAETWFsbHMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwADY2F0YvxiCnMAAkNQcwAAcwACQ0dvAWL\/YgpzAAoxNzMzNTE4NjcyaAAIYv1vAXMAAkxWcwAETWFsbHMAAkNMeQAGaQAAAAAAAAABAAAAAgAAAAMAAAAEAAAABXMAAkNUcwAFVmlyZ2li\/GIKcwACQ1BzAABzAAJDR28BYv9iCnMACTg0ODM1MzYzN2gACGL9bwFzAAJMVnMACEhhbmdhclYycwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAAdnaXltZXJ0YvxiCnMAAkNQcwAAcwACQ0dvAWL\/YgpzAAoxNzQ5OTgwOTQ2aAAIYv1vAXMAAkxWcwAGU2Nob29scwACQ0x5AAZpAAAAAAAAAAEAAAACAAAAAwAAAAQAAAAFcwACQ1RzAAZ2dnZ2dnZi\/GIJcwACQ1BzAABzAAJDR28BYv9iCnMACjE1ODg5MTA3NDVoAAhi\/W8BcwACTFZzAAZTY2hvb2xzAAJDTHkABmkAAAAAAAAAAQAAAAIAAAADAAAABAAAAAVzAAJDVHMABjExMjIzM2L8YgpzAAJDUHMAAHMAAkNHbwFi\/2IKcwAJNzY2Njk2NjY0aAAE"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.208","src_port":45096,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -107,7 +107,7 @@ 01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.208","src_port":45096,"dst_port":5055,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01064{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649949002676000,"flow_src_last_pkt_time":1649949002676000,"flow_dst_last_pkt_time":1649949002676000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":50337,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649949002676000,"flow_src_last_pkt_time":1649949002676000,"flow_dst_last_pkt_time":1649949002676000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649959918209000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":50337,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":77,"packets-processed":76,"total-skipped-flows":0,"total-l4-payload-len":11137,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":20,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":110,"global_ts_usec":1650009948783000} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":77,"packets-processed":76,"total-skipped-flows":0,"total-l4-payload-len":11137,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":2,"total-active-flows":20,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":110,"global_ts_usec":1650009948783000} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650009948783000,"flow_src_last_pkt_time":1650009948783000,"flow_dst_last_pkt_time":1650009948783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":43151,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02171{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1650009948783000,"flow_dst_last_pkt_time":1650009948783000,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1650009948783000,"pkt":"YDjgxTWgeJS0JASgCABFAATMx5YAADsRQtZbx1HhwKgCZBO\/qI8EuNNNAAAAAbo0YlQBhGKwCAABAAAABKQAAAAIAAAABQAAAAgAAAADAAAj7AAADYwDAgcCbXAiBwJzdiID\/wMKBwU1NDI1ORUHBwJzdAb0\/dQYS1k2QQP9HAP8AwEHAm1kIgcCbXADDQcCc3YiA\/8DAgdI0LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtdC10LXQtSBnYW1lXzEwOjI3OjAxFQcHAnN0BnsUrmeuBTZBA\/0cA\/wDAQcCbWQDAQcCbXADHgcCc3YDAQP\/AwoHCEdhbWU4NjgzFQcHAnN0BvLSTULOBjZBA\/0cA\/wDAQcCbWQDAgcCbXADIAcCc3YiA\/8DAQcIR2FtZTIxMjkVBwcCc3QG8tJNsnClS0ED\/RwD\/AMBBwJtZAMCBwJtcAMWBwJzdiID\/wMBBwNvcmEVBwcCc3QG+n5qXFaeS0ED\/RwD\/AMHBwJtZAMCBwJtcAMgBwJzdiID\/wMKBwhHYW1lNTA4NBUHBwJzdAakcD2aTKZLQQP9HAP8AwEHAm1kAwIHAm1wAxUHAnN2IgP\/AwEHCEdhbWU2ODM3FQcHAnN0BlpkO2+BpEtBA\/0cA\/wDAQcCbWQDAgcCbXADGwcCc3YiA\/8DAQcIR2FtZTc1MDIVBwcCc3QGxSCwkiDnREED\/RwD\/AMBBwJtZAMCBwJtcAMZBwJzdiID\/wMBBwhHYW1lODMzNRUHBwJzdAamm8TQnahLQQP9HAP8AwEHAm1kAwIHAm1wIgcCc3YiA\/8DAQcIR2FtZTg5MjYVBwcCc3QGtvP9xMypS0ED\/RwD\/AMBBwJtZAMCBwJtcAMeBwJzdiID\/wMBBwRtZW1lFQcHAnN0Bq5H4YrzN0lBA\/0cA\/wDAgcCbWQDAgcCbXADHgcCc3YiA\/8DAgcIR2FtZTMxMjUVBwcCc3QGHVpkG0xbNkED\/RwD\/AMBBwJtZAMCBwJtcAMdBwJzdiID\/wMBBwhHYW1lNDQxMxUHBwJzdAYzMzMT7lo2QQP9HAP8AwEHAm1kAwIHAm1wAw4HAnN2IgP\/AwEHAzAwMBUHBwJzdAb+1Hi5oeZEQQP9HAP8AwIHAm1kAwIHAm1wAx4HAnN2IgP\/AwIHCEdhbWUyMDU4FQcHAnN0Bilcj7LI5kRBA\/0cA\/wDAQcCbWQDAgcCbXADBwcCc3YiA\/8DAQcIR2FtZTQ2OTYVBwcCc3QGoBovvVRbNkED\/RwD\/AMBBwJtZAMCBwJtcAMQBwJzdiID\/wMBBwUyMzQzMBUHBwJzdAZWDi2CBeZEQQP9HAP8AwEHAm1kAwIHAm1wAxsHAnN2IgP\/AwoHCEdhbWU3NDUzFQcHAnN0BhkEVo6EOUlBA\/0cA\/wDAQcCbWQDAgcCbXADDQcCc3YiA\/8DAQcFNjA4NDIVBwcCc3QGuB6Fq9mpS0ED\/RwD\/AMBBwJtZAMCBwJtcAMQBwJzdiID\/wMKBwRPa3VsFQcHAnN0BkSLbMc\/WzZBA\/0cA\/wDAwcCbWQDAQcCbXADFAcCc3YiA\/8DCgcIR2FtZTQzODYVBwcCc3QGYhBYacWlS0ED\/RwD\/AMBBwJtZAMCBwJtcAMV"} 01064{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"91.199.81.122","dst_ip":"192.168.2.100","src_port":5055,"dst_port":56920,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} @@ -115,7 +115,7 @@ 01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649959918209000,"flow_src_last_pkt_time":1649959918209000,"flow_dst_last_pkt_time":1649959918209000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"91.199.81.208","src_port":45096,"dst_port":5055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01064{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650009948783000,"flow_src_last_pkt_time":1650009948783000,"flow_dst_last_pkt_time":1650009948783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":43151,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TocaBoca","proto_id":"155","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 00788{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650009948783000,"flow_src_last_pkt_time":1650009948783000,"flow_dst_last_pkt_time":1650009948783000,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650009948783000,"l3_proto":"ip4","src_ip":"91.199.81.225","dst_ip":"192.168.2.100","src_port":5055,"dst_port":43151,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":12337,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":118,"global_ts_usec":1650009948783000} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"cfgs\/default\/pcap\/toca-boca.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-payload-len":12337,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":17,"total-detection-updates":0,"total-updates":5,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":118,"global_ts_usec":1650009948783000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 77/77 ~~ skipped flows.............: 0 @@ -124,9 +124,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7811946 bytes -~~ total memory freed........: 7811946 bytes -~~ total allocations/frees...: 146668/146668 +~~ total memory allocated....: 11520245 bytes +~~ total memory freed........: 11520245 bytes +~~ total allocations/frees...: 216922/216922 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 537 chars ~~ json string max len.......: 2176 chars diff --git a/test/results/default/tor.pcap.out b/test/results/default/tor.pcap.out index 298aefbfa..3487d3f45 100644 --- a/test/results/default/tor.pcap.out +++ b/test/results/default/tor.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1383821660212806} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1383821660212806} 00288{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821660212806,"packet_id":1,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821660212806} 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1383821660212806,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00288{"error_event_id":5,"error_event_name":"Unknown packet type","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1383821662212866,"packet_id":2,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_usec":1383821662212866} @@ -153,7 +153,7 @@ 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":469,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1383822224935668,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822224935668,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhCWMBZjPcAAgAAgMgAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1383822232938483,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_usec":1383822232938483,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhBkMBZjPcAAgAAgZAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00970{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":476,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1383821673254958,"flow_src_last_pkt_time":1383822214039100,"flow_dst_last_pkt_time":1383821673254958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1152,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822232938483,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":495,"packets-processed":337,"total-skipped-flows":0,"total-l4-payload-len":117122,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":5,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":156,"global_ts_usec":1383822262211943} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":495,"packets-processed":337,"total-skipped-flows":0,"total-l4-payload-len":117122,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":5,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":156,"global_ts_usec":1383822262211943} 02450{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":504,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1383822129889928,"flow_src_last_pkt_time":1383822265160118,"flow_dst_last_pkt_time":1383822265159585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2761,"flow_dst_tot_l4_payload_len":5864,"midstream":0,"thread_ts_usec":1383822265160118,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":319,"avg":8727092.0,"max":72890007,"stddev":22568808.0,"var":509351076823040.0,"ent":2.1,"data": [59390,61607,13819,72120,2062,62909,63545,60042,79423,319,78805,1749,98338,96626,56518,4501,61844,64873,64036,73717,275721,252847,50798,9733,261423,61538274,61491411,72591366,72890007,3990,98034]},"pktlen": {"min":40,"avg":312.0,"max":1500,"stddev":345.9,"var":119666.8,"ent":4.2,"data": [52,52,46,249,40,783,174,99,114,1500,126,46,626,40,626,40,626,626,626,626,626,46,626,52,626,46,626,46,46,40,40,46]},"bins": {"c_to_s": [9,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0],"entropies": [4.501619816,4.930902481,4.441508770,5.332808495,4.834183693,7.397306919,6.658778667,6.048449516,6.157279968,7.876633167,6.546604156,4.441508770,7.673907757,4.834183693,7.638509750,4.884183884,7.663495541,7.670399189,7.645442486,7.664111614,7.640780926,4.484987259,7.650365353,4.880648136,7.645416737,4.544876099,7.673004150,4.457919598,4.457919598,4.734183788,4.734183788,4.501397610]},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"41": {"risk":"TLS Cert About To Expire","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00975{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1383822217531372,"flow_src_last_pkt_time":1383822248944702,"flow_dst_last_pkt_time":1383822217531372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":89,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":89,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":534,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1383822265221448,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01443{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":21,"flow_first_seen":1383822129897135,"flow_src_last_pkt_time":1383822265221448,"flow_dst_last_pkt_time":1383822265220844,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":4523,"flow_dst_tot_l4_payload_len":5885,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}},"41": {"risk":"TLS Cert About To Expire","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}} @@ -163,7 +163,7 @@ 01207{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1383822129889928,"flow_src_last_pkt_time":1383822265160118,"flow_dst_last_pkt_time":1383822265159585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":2761,"flow_dst_tot_l4_payload_len":5864,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"41": {"risk":"TLS Cert About To Expire","severity":"Medium","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01328{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":23,"flow_first_seen":1383821668403824,"flow_src_last_pkt_time":1383821726553851,"flow_dst_last_pkt_time":1383821727479587,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":5770,"flow_dst_tot_l4_payload_len":8096,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"TLS.Tor","proto_id":"91.163","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Potentially Dangerous","category_id":2,"category":"VPN"}} 01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":9,"flow_first_seen":1383822130889737,"flow_src_last_pkt_time":1383822131785827,"flow_dst_last_pkt_time":1383822131929382,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":586,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1654,"flow_dst_tot_l4_payload_len":2534,"midstream":0,"thread_ts_usec":1383822274144364,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":514,"packets-processed":349,"total-skipped-flows":0,"total-l4-payload-len":117266,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":6,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":166,"global_ts_usec":1383822276211998} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tor.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":514,"packets-processed":349,"total-skipped-flows":0,"total-l4-payload-len":117266,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":6,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":166,"global_ts_usec":1383822276211998} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 514/349 ~~ skipped flows.............: 0 @@ -172,9 +172,9 @@ ~~ total active/idle flows...: 11/11 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7827556 bytes -~~ total memory freed........: 7827556 bytes -~~ total allocations/frees...: 146868/146868 +~~ total memory allocated....: 11536015 bytes +~~ total memory freed........: 11536015 bytes +~~ total allocations/frees...: 217122/217122 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 293 chars ~~ json string max len.......: 2678 chars diff --git a/test/results/default/tplink_shp.pcap.out b/test/results/default/tplink_shp.pcap.out index effd810ad..c8c53bb91 100644 --- a/test/results/default/tplink_shp.pcap.out +++ b/test/results/default/tplink_shp.pcap.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1671480246580620} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1671480246580620} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480246580620,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480246580620,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1671480246580620,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1671480246580620,"pkt":"\/\/\/\/\/\/\/\/IN+5tLqxCABFAAA5AABAAEARh+LAqPIp\/\/\/\/\/ycPJw8AJQ1F0PKB+Iv\/mvfV75S20bTAn+yV5o\/hh+jK8Iv2i\/Y="} 00940{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671480246580620,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480246580620,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -129,7 +129,7 @@ 00983{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671480773884477,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480829271720,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671480820817294,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480829271720,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671480829271720,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480829271720,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":81,"packets-processed":80,"total-skipped-flows":0,"total-l4-payload-len":2320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":73,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_usec":1671480846725682} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":81,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":81,"packets-processed":80,"total-skipped-flows":0,"total-l4-payload-len":2320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":73,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_usec":1671480846725682} 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671480852858303,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480855668852,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671480798218993,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":290,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480855668852,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671480855668852,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":319,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671480855668852,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -210,7 +210,7 @@ 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481373980200,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":551,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481430535190,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671481420854606,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481430535190,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671481429280552,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481430535190,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":161,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":4640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":153,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":213,"global_ts_usec":1671481446878800} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":161,"packets-processed":160,"total-skipped-flows":0,"total-l4-payload-len":4640,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":153,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":213,"global_ts_usec":1671481446878800} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671481452994794,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481455655666,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481398291656,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":580,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481455655666,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":164,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671481455655666,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":609,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671481455655666,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -291,7 +291,7 @@ 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":0,"flow_first_seen":1671480293814339,"flow_src_last_pkt_time":1671481974156304,"flow_dst_last_pkt_time":1671480293814339,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":841,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482030718391,"l3_proto":"ip4","src_ip":"192.168.242.33","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480280769735,"flow_src_last_pkt_time":1671482020847120,"flow_dst_last_pkt_time":1671480280769735,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482030718391,"l3_proto":"ip4","src_ip":"192.168.242.98","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00986{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":240,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480289264790,"flow_src_last_pkt_time":1671482029297368,"flow_dst_last_pkt_time":1671480289264790,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482030718391,"l3_proto":"ip4","src_ip":"192.168.242.122","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":241,"packets-processed":240,"total-skipped-flows":0,"total-l4-payload-len":6960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":233,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":294,"global_ts_usec":1671482047021959} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":241,"packets-processed":240,"total-skipped-flows":0,"total-l4-payload-len":6960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":233,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":294,"global_ts_usec":1671482047021959} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671482053161546,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482055666013,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":30,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671481998330813,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":870,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482055666013,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00985{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":244,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480255663786,"flow_src_last_pkt_time":1671482055666013,"flow_dst_last_pkt_time":1671480255663786,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482055666013,"l3_proto":"ip4","src_ip":"192.168.242.99","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -311,7 +311,7 @@ 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":31,"flow_dst_packets_processed":0,"flow_first_seen":1671480258080467,"flow_src_last_pkt_time":1671482058418105,"flow_dst_last_pkt_time":1671480258080467,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":899,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.38","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1671480252766159,"flow_src_last_pkt_time":1671482113211224,"flow_dst_last_pkt_time":1671480252766159,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.40","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1671480246580620,"flow_src_last_pkt_time":1671482107022461,"flow_dst_last_pkt_time":1671480246580620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":928,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671482115665844,"l3_proto":"ip4","src_ip":"192.168.242.41","dst_ip":"255.255.255.255","src_port":9999,"dst_port":9999,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TPLINK_SHP","proto_id":"332","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":251,"packets-processed":251,"total-skipped-flows":0,"total-l4-payload-len":7279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":241,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":314,"global_ts_usec":1671482115665844} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/tplink_shp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":251,"packets-processed":251,"total-skipped-flows":0,"total-l4-payload-len":7279,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":241,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":314,"global_ts_usec":1671482115665844} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 251/251 ~~ skipped flows.............: 0 @@ -320,9 +320,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7788844 bytes -~~ total memory freed........: 7788844 bytes -~~ total allocations/frees...: 146691/146691 +~~ total memory allocated....: 11497351 bytes +~~ total memory freed........: 11497351 bytes +~~ total allocations/frees...: 216945/216945 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 571 chars ~~ json string max len.......: 2290 chars diff --git a/test/results/default/trickbot.pcap.out b/test/results/default/trickbot.pcap.out index 6be8812d1..92bf2e280 100644 --- a/test/results/default/trickbot.pcap.out +++ b/test/results/default/trickbot.pcap.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1609266107551500} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1609266107551500} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1609266107551500,"flow_src_last_pkt_time":1609266107551500,"flow_dst_last_pkt_time":1609266107551500,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1609266107551500,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1609266107551500,"flow_dst_last_pkt_time":1609266107551500,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1609266107551500,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0c9FAAIAGK0cKDB1lUnbhxO+GG6gSdtdWAAAAAIAC\/\/8eaQAAAgQFtAEDAwgBAQQC"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1609266107551500,"flow_dst_last_pkt_time":1609266107797175,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1609266107797175,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsYEQAAIAGftxSduHECgwdZRuo74Zi7VJcEnbXV2AS+vCXMwAAAgQFtA=="} @@ -10,7 +10,7 @@ 01623{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1609266107551500,"flow_src_last_pkt_time":1609266107797702,"flow_dst_last_pkt_time":1609266108728827,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":928,"flow_dst_max_l4_payload_len":1358,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":1358,"midstream":0,"thread_ts_usec":1609266108728827,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"82.118.225.196","http": {"url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":200,"content_type":"text\/html","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)","request_content_type":"application\/x-www-form-urlencoded","detected_os":"Windows 10"}}} 02530{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1609266107551500,"flow_src_last_pkt_time":1609266109737227,"flow_dst_last_pkt_time":1609266110219915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":928,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":27187,"midstream":0,"thread_ts_usec":1609266110219915,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6,"avg":156585.2,"max":931328,"stddev":258444.3,"var":66793451520.0,"ent":3.3,"data": [245675,245918,203,81,530,37,931085,931328,2339,2280,480234,19,480300,297566,15,8,7,8,7,8,8,7,7,6,9,297680,227938,227937,482874,14,14]},"pktlen": {"min":40,"avg":930.0,"max":1500,"stddev":662.5,"var":438885.5,"ent":4.5,"data": [52,44,40,389,968,40,40,1398,40,1398,40,1500,1323,40,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,276,40,1398,40,1500,1500,1194]},"bins": {"c_to_s": [7,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,3,0,0,14,0,0]},"directions": [0,1,0,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,1],"entropies": [4.776611805,4.925117970,4.762815475,5.824206829,6.033888340,4.784183979,4.834183693,7.786707878,4.931687355,7.831421852,4.931687355,7.870709896,7.856476307,4.931687355,7.869441509,7.864507675,7.865448475,7.873723507,7.871662140,7.892165661,7.878643513,7.860257149,7.887190342,7.870031357,7.873756886,7.255901337,4.931687355,7.870108604,4.931687355,7.875472546,7.873021603,7.864452362]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 01335{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":46,"flow_first_seen":1609266107551500,"flow_src_last_pkt_time":1609266115947454,"flow_dst_last_pkt_time":1609266115947521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":928,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1277,"flow_dst_tot_l4_payload_len":56713,"midstream":0,"thread_ts_usec":1609266115947521,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}},"25": {"risk":"HTTP Susp Content","severity":"High","risk_score": {"total":310,"client":215,"server":95}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":74,"packets-processed":74,"total-skipped-flows":0,"total-l4-payload-len":57990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1609266115947521} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/trickbot.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":74,"packets-processed":74,"total-skipped-flows":0,"total-l4-payload-len":57990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1609266115947521} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 74/74 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769140 bytes -~~ total memory freed........: 7769140 bytes -~~ total allocations/frees...: 146453/146453 +~~ total memory allocated....: 11477759 bytes +~~ total memory freed........: 11477759 bytes +~~ total allocations/frees...: 216707/216707 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 532 chars ~~ json string max len.......: 2535 chars diff --git a/test/results/default/tumblr.pcap.out b/test/results/default/tumblr.pcap.out index 91a74b9cd..b20b976e6 100644 --- a/test/results/default/tumblr.pcap.out +++ b/test/results/default/tumblr.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1605292102219041} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1605292102219041} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292102219041,"flow_src_last_pkt_time":1605292102219041,"flow_dst_last_pkt_time":1605292102219041,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292102219041,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1605292102219041,"flow_dst_last_pkt_time":1605292102219041,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292102219041,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJhiq5D+6LgBAB9a70AAABAQgKqXs\/nsLc288="} 00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292102602965,"flow_src_last_pkt_time":1605292102602965,"flow_dst_last_pkt_time":1605292102602965,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292102602965,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -52,20 +52,20 @@ 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105197307,"flow_dst_last_pkt_time":1605292105230486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105230486,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDMLhfl2n7vTnoBJXgHalAAACBAV4AQMDAwQCCArC3Z3zUVPzYg=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105230554,"flow_dst_last_pkt_time":1605292105230486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105230554,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OfC4X5egBAB+\/qVAAABAQgKUVPzg8LdnfM="} 01266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105230486,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292105231042,"pkt":"qtsDr8lk5EKm5WPyht1gCsuaAiUGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5AwBu6fu9OfC4X5egBgB++4yAAABAQgKUVPzg8LdnfMWAwECAAEAAfwDAwsTuD27e9O7zSR9QGg\/BjcA3VInM4oSJon9YBOCv5++IFdStpb+CkXQy2c2uOI7+AVrIzBfj1oZ8gAG3CYIQoMEACC6uhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZPq6gAAAAAAGQAXAAAUY29uc2VudC5jbXAub2F0aC5jb20AFwAA\/wEAAQAACgAKAAja2gAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKdraAAEAAB0AIDYvcGjd9fK5d+Sh8kpRELYm8anOzkwuInZrhF5dnrEgAC0AAgEBACsACwp6egMEAwMDAgMBABsAAwIAAjo6AAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105230486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105231042,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105230486,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105231042,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 01983{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292105171046,"flow_src_last_pkt_time":1605292105231565,"flow_dst_last_pkt_time":1605292105231522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":16800,"midstream":1,"thread_ts_usec":1605292105231565,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":3903.1,"max":45055,"stddev":9416.3,"var":88667112.0,"ent":2.8,"data": [365,4822,355,27249,2992,337,2701,17288,45055,519,518,603,1,579,9,7282,1,7292,34,289,2,248,25,174,1,157,27,1036,1,1005,28]},"pktlen": {"min":72,"avg":608.3,"max":1472,"stddev":669.7,"var":448506.0,"ent":4.1,"data": [184,111,183,172,72,72,72,72,1472,72,1472,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72]},"bins": {"c_to_s": [12,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0]},"directions": [0,0,0,0,1,1,1,1,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0],"entropies": [6.587406158,5.914531231,6.603403568,6.519369125,4.980900764,4.980900764,4.894209862,4.980900764,7.851428509,5.118321419,7.864492416,5.118321419,7.853987694,7.848294735,5.062766075,5.080059052,7.860019684,7.828007221,5.118321419,5.118321419,7.856985092,7.866126060,5.118321419,5.080059052,7.856244087,7.840456009,5.146099091,5.080059052,7.871989727,7.857123375,5.118321419,5.118321419]}} 00964{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292105171046,"flow_src_last_pkt_time":1605292105231565,"flow_dst_last_pkt_time":1605292105231522,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":112,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":362,"flow_dst_tot_l4_payload_len":16800,"midstream":1,"thread_ts_usec":1605292105231565,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43434,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00826{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105274861,"flow_dst_last_pkt_time":1605292105274861,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105274861,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":140,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105274861,"flow_dst_last_pkt_time":1605292105274861,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105274861,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACgGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZYAAAAAoAL9IG8jAAACBAWgBAIIClFT868AAAAAAQMDBw=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105278180,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105278180,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDMLhfl6n7vbsgBALMO8iAAABAQgKwt2eLFFT84M="} -01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105278180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605292105278180,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105231042,"flow_dst_last_pkt_time":1605292105278180,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605292105278180,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1605292105274861,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105299371,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSYGKAABNRVaI7oLKiX\/Ei0qAcsBIEmLB5kd7IUo3\/YpAbvkDobnvZrixr2XoBJXgG87AAACBAV4AQMDAwQCCArC3Z5DUVPzrw=="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1605292105299399,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105299399,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZeG572bgBAB+\/MzAAABAQgKUVPzyMLdnkM="} 01268{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1605292105299606,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292105299606,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5AiUGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGvZeG572bgBgB+x+BAAABAQgKUVPzyMLdnkMWAwECAAEAAfwDAy8GqoFoWkNyI7mYtVTa5cXzmnUMn\/AW4e4uQZtHexViIHBqihZlPQxi4\/Swmz8DIl9f5mkTuI3AenD0Ehe9UmbOACAaGhMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAGQAXAAAUY29uc2VudC5jbXAub2F0aC5jb20AFwAA\/wEAAQAACgAKAAi6ugAdABcAGAALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAADQASABAEAwgEBAEFAwgFBQEIBgYBABIAAAAzACsAKbq6AAEAAB0AIBw5Ol89JTdAu7B94JP0srEvQLd+Q79aN+DwFdZiG4R\/AC0AAgEBACsACwr6+gMEAwMDAgMBABsAAwIAAhoaAAEAABUAyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105299606,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105299606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105299606,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105299606,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1605292105322435,"flow_dst_last_pkt_time":1605292105299371,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292105322435,"pkt":"qtsDr8lk5EKm5WPyht1gA8c5ACAGQCoBywEgSYsHmR3shSjf9ikmBigAATUVWiO6Cyol\/xIt5A4Bu+LGv5yG572bgBEB+\/EWAAABAQgKUVPz38LdnkM="} -01273{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105322435,"flow_dst_last_pkt_time":1605292105340527,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605292105340527,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -02174{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105347875,"flow_dst_last_pkt_time":1605292105347850,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1519,"flow_dst_tot_l4_payload_len":5784,"midstream":0,"thread_ts_usec":1605292105347875,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9713.3,"max":47694,"stddev":16101.6,"var":259260704.0,"ent":3.2,"data": [33179,33247,488,47694,0,47160,1225,37725,2106,0,0,38598,23,3,754,718,796,796,2589,248,171,60,26260,592,1,74,1362,0,0,25234,8]},"pktlen": {"min":72,"avg":300.7,"max":1280,"stddev":381.9,"var":145812.8,"ent":4.1,"data": [80,80,72,589,72,171,72,595,72,1280,1280,1280,72,72,72,544,72,1055,72,146,164,329,128,72,72,72,72,327,327,168,72,72]},"bins": {"c_to_s": [10,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,2,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,1,1,0,0,0,1,0,1,0,0,0,0,0,1,1,1,1,1,1,1,0,0],"entropies": [5.295193195,5.637294769,5.563652992,4.598795891,5.459350586,6.223492146,5.497612953,5.044443607,5.487128258,7.814322472,7.863967419,7.842244625,5.591430664,5.503256798,5.563652992,7.612953186,5.591430664,7.763548851,5.563652992,6.558448792,6.685117722,7.291459560,6.278277397,5.487128258,5.487128258,5.431572914,5.487128258,7.317289352,7.268368721,6.510692596,5.591430664,5.563652992]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105322435,"flow_dst_last_pkt_time":1605292105340527,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605292105340527,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"consent.cmp.oath.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +02177{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":179,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105347875,"flow_dst_last_pkt_time":1605292105347850,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1519,"flow_dst_tot_l4_payload_len":5784,"midstream":0,"thread_ts_usec":1605292105347875,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":9713.3,"max":47694,"stddev":16101.6,"var":259260704.0,"ent":3.2,"data": [33179,33247,488,47694,0,47160,1225,37725,2106,0,0,38598,23,3,754,718,796,796,2589,248,171,60,26260,592,1,74,1362,0,0,25234,8]},"pktlen": {"min":72,"avg":300.7,"max":1280,"stddev":381.9,"var":145812.8,"ent":4.1,"data": [80,80,72,589,72,171,72,595,72,1280,1280,1280,72,72,72,544,72,1055,72,146,164,329,128,72,72,72,72,327,327,168,72,72]},"bins": {"c_to_s": [10,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,2,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,1,1,0,0,0,1,0,1,0,0,0,0,0,1,1,1,1,1,1,1,0,0],"entropies": [5.295193195,5.637294769,5.563652992,4.598795891,5.459350586,6.223492146,5.497612953,5.044443607,5.487128258,7.814322472,7.863967419,7.842244625,5.591430664,5.503256798,5.563652992,7.612953186,5.591430664,7.763548851,5.563652992,6.558448792,6.685117722,7.291459560,6.278277397,5.487128258,5.487128258,5.431572914,5.487128258,7.317289352,7.268368721,6.510692596,5.591430664,5.563652992]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00806{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105418417,"flow_src_last_pkt_time":1605292105418417,"flow_dst_last_pkt_time":1605292105418417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105418417,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":198,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1605292105418417,"flow_dst_last_pkt_time":1605292105418417,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292105418417,"pkt":"qtsDr8lk5EKm5WPyht1gDBurACgGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABgBgdJmPABuw7mG3sAAAAAoAL9IOHqAAACBAWgBAIIChNm5EYAAAAAAQMDBw=="} 00811{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292105433892,"flow_src_last_pkt_time":1605292105433892,"flow_dst_last_pkt_time":1605292105433892,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292105433892,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2001:4998:14:800::1001","src_port":47118,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -200,7 +200,7 @@ 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":432,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122064463,"flow_dst_last_pkt_time":1605292122094721,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122094721,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTL5FAHmhqoBJXgI\/cAAACBAV4AQMDAwQCCArC3d\/Z2Fs6HQ=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122094761,"flow_dst_last_pkt_time":1605292122094721,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122094761,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGok0y+SgBAB+xPQAAABAQgK2Fs6O8Ld39k="} 01264{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122094721,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292122094987,"pkt":"qtsDr8lk5EKm5WPyht1gAy+bAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICQAAAAAAACAOwYwBu0AeaGok0y+SgBgB+5pFAAABAQgK2Fs6O8Ld39kWAwECAAEAAfwDA4SEFpd+Ui2RJOstUdyWPiOQJLso1+e8murU+rSUvScLIOxlBCWQSXeBEkOuoY9ArjNfnRtplIaJsV3gAzrnHWtBACBKShMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZP6+gAAAAAAFAASAAAPYXBpcy5nb29nbGUuY29tABcAAP8BAAEAAAoACgAIysoAHQAXABgACwACAQAAIwAAABAADgAMAmgyCGh0dHAvMS4xAAUABQEAAAAAAA0AEgAQBAMIBAQBBQMIBQUBCAYGAQASAAAAMwArACnKygABAAAdACBB0ZlvhvxIZjessBrEqcEd8cKmBCymsB2\/FWOJUIU9TwAtAAIBAQArAAsK2toDBAMDAwIDAQAbAAMCAAKKigABAAAVAM0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122094721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122094987,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122094721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122094987,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122095843,"flow_dst_last_pkt_time":1605292122095843,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122095843,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1605292122095843,"flow_dst_last_pkt_time":1605292122095843,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122095843,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5CzgAAAAAoAL9IPiAAAACBAWgBAIIChLBJ8gAAAAAAQMDBw=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122076586,"flow_dst_last_pkt_time":1605292122116538,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122116538,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleJ0qAcsBIEmLB5kd7IUo3\/YpAbu8cGx6OhMItkI1gBAMRA6zAAABAQgKwt3f5SRHkBQ="} @@ -210,15 +210,15 @@ 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122095843,"flow_dst_last_pkt_time":1605292122163288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_usec":1605292122163288,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACgGPSoAFFBABwgLAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuW0O3zbp+IuQs5oBJXgJ7NAAACBAV4AQMDAwQCCArC3d\/9EsEnyA=="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":496,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122163315,"flow_dst_last_pkt_time":1605292122163288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122163315,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5Cznt826ggBAB+yKbAAABAQgKEsEoDMLd3\/0="} 01267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122163288,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":603,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":603,"pkt_l4_len":549,"thread_ts_usec":1605292122163584,"pkt":"qtsDr8lk5EKm5WPyht1gD2uVAiUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICwAAAAAAACAKltABu4i5Cznt826ggBgB+67mAAABAQgKEsEoDMLd3\/0WAwECAAEAAfwDA7bS9qVsy5B4YR21YJQRtEh5Py7oz+4S+4EMfJZtbGRGIFTZBy5p0gziG2ybvndeac3\/kMpuKpBLUHIf7VQxlGl9ACDq6hMBEwITA8ArwC\/ALMAwzKnMqMATwBQAnACdAC8ANQEAAZNqagAAAAAAGAAWAAATYWpheC5nb29nbGVhcGlzLmNvbQAXAAD\/AQABAAAKAAoACPr6AB0AFwAYAAsAAgEAACMAAAAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwAp+voAAQAAHQAg8WEmWZ9OWDe9\/XkTSDe85PaENProAIW9qnEE9QmUWSAALQACAQEAKwALCurqAwQDAwMCAwEAGwADAgACWloAAQAAFQDJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01243{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122163288,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122163584,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ajax.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01244{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122163288,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1605292122163584,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ajax.googleapis.com","tls": {"version":"TLSv1.2","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122165400,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122165400,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgJAAAAAAAAIA4qAcsBIEmLB5kd7IUo3\/YpAbvBjCTTL5JAHmpvgBALMAhqAAABAQgKwt3gBdhbOjs="} -01276{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":499,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122177975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605292122177975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01277{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":499,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122094987,"flow_dst_last_pkt_time":1605292122177975,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605292122177975,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"apis.google.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122207366,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122207366,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgLAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuW0O3zbqCIuQ0+gBALMBcPAAABAQgKwt3gTxLBKAw="} -01288{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122212637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605292122212637,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ajax.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -02188{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":548,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122274057,"flow_dst_last_pkt_time":1605292122274042,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":982,"flow_dst_tot_l4_payload_len":8808,"midstream":0,"thread_ts_usec":1605292122274057,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11497.2,"max":67472,"stddev":19899.9,"var":396007328.0,"ent":3.2,"data": [67445,67472,269,44078,5271,1,49097,3,94,53,18571,10150,718,42370,0,12940,229,14297,2020,1,16083,2556,1,2570,25,64,1,0,22,4,8]},"pktlen": {"min":72,"avg":378.4,"max":1280,"stddev":464.3,"var":215557.6,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,572,72,136,164,350,72,652,72,103,72,103,72,72,521,1280,72,72,1280,1280,1280,72,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,0,0,1,1,1,0,0,0],"entropies": [4.880388737,5.286173344,5.204868793,4.536604404,5.107836723,7.787920475,7.830109596,5.260424137,5.232646465,7.542898178,5.232646465,6.192057133,6.535644054,7.298229218,5.014019012,7.680838585,5.232646465,5.914041996,5.041796684,5.815946102,5.052281380,5.166606426,7.546278477,7.846930027,5.117859364,5.138828754,7.830280781,7.832926273,7.840851784,5.194384098,5.099461079,5.156121731]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -02188{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122281616,"flow_dst_last_pkt_time":1605292122282509,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":962,"flow_dst_tot_l4_payload_len":9011,"midstream":0,"thread_ts_usec":1605292122282509,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":14038.7,"max":83018,"stddev":20606.9,"var":424642560.0,"ent":3.6,"data": [30258,30298,226,70679,12575,2,1,83018,62,4,882,32413,0,31475,5911,16277,137,34580,1914,14156,7168,10659,16853,1,0,1,34679,24,2,2,942]},"pktlen": {"min":72,"avg":384.2,"max":1280,"stddev":474.8,"var":225406.5,"ent":4.1,"data": [80,80,72,589,72,1280,1280,311,72,72,72,136,72,652,72,164,103,330,72,103,72,72,72,985,1280,1280,1280,72,72,72,72,1280]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,0,1],"entropies": [4.836515903,5.311173439,5.222161770,4.516429901,5.097352028,7.813626766,7.833569527,7.238987446,5.249939442,5.211677551,5.222161770,6.183825970,5.163392067,7.648269653,5.182794571,6.507936478,5.802297115,7.243775845,5.097352028,5.700409889,5.249939919,5.097352028,5.163392067,7.756225586,7.832665920,7.840676308,7.826161861,5.222161770,5.222161770,5.166606426,5.183899403,7.820078373]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01289{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122163584,"flow_dst_last_pkt_time":1605292122212637,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1208,"midstream":0,"thread_ts_usec":1605292122212637,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ajax.googleapis.com","tls": {"version":"TLSv1.3","ja3":"b32309a26951912be7dba376398abc3b","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +02189{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":548,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122274057,"flow_dst_last_pkt_time":1605292122274042,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":982,"flow_dst_tot_l4_payload_len":8808,"midstream":0,"thread_ts_usec":1605292122274057,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":11497.2,"max":67472,"stddev":19899.9,"var":396007328.0,"ent":3.2,"data": [67445,67472,269,44078,5271,1,49097,3,94,53,18571,10150,718,42370,0,12940,229,14297,2020,1,16083,2556,1,2570,25,64,1,0,22,4,8]},"pktlen": {"min":72,"avg":378.4,"max":1280,"stddev":464.3,"var":215557.6,"ent":4.1,"data": [80,80,72,589,72,1280,1280,72,72,572,72,136,164,350,72,652,72,103,72,103,72,72,521,1280,72,72,1280,1280,1280,72,72,72]},"bins": {"c_to_s": [13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,0,0,1,1,1,0,0,0],"entropies": [4.880388737,5.286173344,5.204868793,4.536604404,5.107836723,7.787920475,7.830109596,5.260424137,5.232646465,7.542898178,5.232646465,6.192057133,6.535644054,7.298229218,5.014019012,7.680838585,5.232646465,5.914041996,5.041796684,5.815946102,5.052281380,5.166606426,7.546278477,7.846930027,5.117859364,5.138828754,7.830280781,7.832926273,7.840851784,5.194384098,5.099461079,5.156121731]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +02189{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":572,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122281616,"flow_dst_last_pkt_time":1605292122282509,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":962,"flow_dst_tot_l4_payload_len":9011,"midstream":0,"thread_ts_usec":1605292122282509,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":14038.7,"max":83018,"stddev":20606.9,"var":424642560.0,"ent":3.6,"data": [30258,30298,226,70679,12575,2,1,83018,62,4,882,32413,0,31475,5911,16277,137,34580,1914,14156,7168,10659,16853,1,0,1,34679,24,2,2,942]},"pktlen": {"min":72,"avg":384.2,"max":1280,"stddev":474.8,"var":225406.5,"ent":4.1,"data": [80,80,72,589,72,1280,1280,311,72,72,72,136,72,652,72,164,103,330,72,103,72,72,72,985,1280,1280,1280,72,72,72,72,1280]},"bins": {"c_to_s": [12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,0,1],"entropies": [4.836515903,5.311173439,5.222161770,4.516429901,5.097352028,7.813626766,7.833569527,7.238987446,5.249939442,5.211677551,5.222161770,6.183825970,5.163392067,7.648269653,5.182794571,6.507936478,5.802297115,7.243775845,5.097352028,5.700409889,5.249939919,5.097352028,5.163392067,7.756225586,7.832665920,7.840676308,7.826161861,5.222161770,5.222161770,5.166606426,5.183899403,7.820078373]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00731{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122439986,"flow_dst_last_pkt_time":1605292121698552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":203,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":203,"pkt_l4_len":149,"thread_ts_usec":1605292122439986,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRAJUGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v3+ZlfzugBgB9aL3AAABAQgKG7m5ccLd3lMXAwMAcFVxaXihuhejZCNpZ5nuv6bEN9Yj5XMBxAt2QHwyRgmT6ybDwC5C73DyglYgxmIhMzt282zpUtE5GphT7ONBXskP6qssi1eNQHysgmBFeTvR+6kSeL0yhYhtFPIEYfWd8KPo3wOHIQIgFNXMNqMrZ9Q="} -00954{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1605292121674877,"flow_src_last_pkt_time":1605292122439986,"flow_dst_last_pkt_time":1605292121698552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":117,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":117,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122439986,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00955{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":670,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1605292121674877,"flow_src_last_pkt_time":1605292122439986,"flow_dst_last_pkt_time":1605292121698552,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":117,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":117,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122439986,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":671,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":4,"flow_src_last_pkt_time":1605292122440221,"flow_dst_last_pkt_time":1605292121698552,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":125,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":125,"pkt_l4_len":71,"thread_ts_usec":1605292122440221,"pkt":"qtsDr8lk5EKm5WPyht1gDKQRAEcGQCoBywEgSYsHmR3shSjf9ikqABRQQAcIFwAAAAAAACAK2QgBu\/13v\/SZlfzugBgB9Z8fAAABAQgKG7m5csLd3lMXAwMAInk1I4nIPSajLKiA35EuKIlPm\/oqqHEG+SP9VTSkSQmA2P0="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":5,"flow_src_last_pkt_time":1605292122440221,"flow_dst_last_pkt_time":1605292122468567,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122468567,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgXAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbvZCJmV\/O79d7\/0gBALpNeNAAABAQgKwt3hVRu5uXE="} 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":698,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1605292122501104,"flow_dst_last_pkt_time":1605292104716333,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":149,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":149,"pkt_l4_len":95,"thread_ts_usec":1605292122501104,"pkt":"qtsDr8lk5EKm5WPyht1gBEqMAF8GQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAABo9CrI3c4Bu\/+MQoadXXNVgBgB9QaPAAABAQgKTYUvYcLdm\/0XAwMAOgAAAAAAAAAIvZM7k4G8cjK7Q9\/YrVI4eMbPvi74lWEwjtUtgcQJsZEKgX5x1KPe5+ARIWOSp6YRK8o="} @@ -240,9 +240,9 @@ 00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":754,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1605292122874816,"flow_src_last_pkt_time":1605292122874816,"flow_dst_last_pkt_time":1605292122874816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122874816,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":754,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1605292122874816,"flow_dst_last_pkt_time":1605292122874816,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122874816,"pkt":"qtsDr8lk5EKm5WPyht1gDJQ7ACAGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnP4Bu4CgSN\/gvLosgBAB9qrlAAABAQgK1OQQnsLdMvM="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1605292122874816,"flow_dst_last_pkt_time":1605292122899206,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_usec":1605292122899206,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPSoAFFBABwgKAAAAAAAAIAoqAcsBIEmLB5kd7IUo3\/YpAbuc\/uC8uiyAoEjggBALQrp6AAABAQgKwt3jAtThR68="} -00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292118714869,"flow_src_last_pkt_time":1605292118714869,"flow_dst_last_pkt_time":1605292118786493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292118714869,"flow_src_last_pkt_time":1605292118714869,"flow_dst_last_pkt_time":1605292118786493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292118714869,"flow_src_last_pkt_time":1605292118714869,"flow_dst_last_pkt_time":1605292118786493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":48988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654893,"flow_src_last_pkt_time":1605292120654893,"flow_dst_last_pkt_time":1605292120853914,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654893,"flow_src_last_pkt_time":1605292120654893,"flow_dst_last_pkt_time":1605292120853914,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654893,"flow_src_last_pkt_time":1605292120654893,"flow_dst_last_pkt_time":1605292120853914,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:811::2004","src_port":49002,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1605292103804319,"flow_src_last_pkt_time":1605292104013801,"flow_dst_last_pkt_time":1605292104013772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":664,"flow_dst_max_l4_payload_len":400,"flow_src_tot_l4_payload_len":756,"flow_dst_tot_l4_payload_len":446,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2620:116:800d:21:8c6e:cf2c:8d6:9fb5","src_port":41266,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":38,"flow_dst_packets_processed":38,"flow_first_seen":1605292102602965,"flow_src_last_pkt_time":1605292122470330,"flow_dst_last_pkt_time":1605292122470323,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":130,"flow_dst_max_l4_payload_len":1048,"flow_src_tot_l4_payload_len":262,"flow_dst_tot_l4_payload_len":34972,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -262,47 +262,47 @@ 00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":8,"flow_first_seen":1605292121674877,"flow_src_last_pkt_time":1605292122484196,"flow_dst_last_pkt_time":1605292122517767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":117,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":212,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:817::200a","src_port":55560,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00952{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292102603001,"flow_src_last_pkt_time":1605292102603001,"flow_dst_last_pkt_time":1605292102678719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292102603001,"flow_src_last_pkt_time":1605292102603001,"flow_dst_last_pkt_time":1605292102678719,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56640,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554924,"flow_src_last_pkt_time":1605292116554924,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554924,"flow_src_last_pkt_time":1605292116554924,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554924,"flow_src_last_pkt_time":1605292116554924,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554906,"flow_src_last_pkt_time":1605292116554906,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554906,"flow_src_last_pkt_time":1605292116554906,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554906,"flow_src_last_pkt_time":1605292116554906,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49464,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554865,"flow_src_last_pkt_time":1605292116554865,"flow_dst_last_pkt_time":1605292116783930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554865,"flow_src_last_pkt_time":1605292116554865,"flow_dst_last_pkt_time":1605292116783930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554865,"flow_src_last_pkt_time":1605292116554865,"flow_dst_last_pkt_time":1605292116783930,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49496,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554946,"flow_src_last_pkt_time":1605292116554946,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554946,"flow_src_last_pkt_time":1605292116554946,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554946,"flow_src_last_pkt_time":1605292116554946,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2003","src_port":49546,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01020{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":38,"flow_dst_packets_processed":69,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122413893,"flow_dst_last_pkt_time":1605292122440928,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6040,"flow_src_tot_l4_payload_len":1195,"flow_dst_tot_l4_payload_len":75024,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +01021{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":38,"flow_dst_packets_processed":69,"flow_first_seen":1605292122064463,"flow_src_last_pkt_time":1605292122413893,"flow_dst_last_pkt_time":1605292122440928,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":6040,"flow_src_tot_l4_payload_len":1195,"flow_dst_tot_l4_payload_len":75024,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:809::200e","src_port":49548,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1605292104650967,"flow_src_last_pkt_time":1605292122733019,"flow_dst_last_pkt_time":1605292122732998,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":287,"flow_src_tot_l4_payload_len":109,"flow_dst_tot_l4_payload_len":333,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::68f4:2ac8","src_port":56782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292119370851,"flow_src_last_pkt_time":1605292119370851,"flow_dst_last_pkt_time":1605292119458269,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292119370851,"flow_src_last_pkt_time":1605292119370851,"flow_dst_last_pkt_time":1605292119458269,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292119370851,"flow_src_last_pkt_time":1605292119370851,"flow_dst_last_pkt_time":1605292119458269,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57770,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00997{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":24,"flow_first_seen":1605292105669051,"flow_src_last_pkt_time":1605292105729122,"flow_dst_last_pkt_time":1605292105729386,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":254,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1161,"flow_dst_tot_l4_payload_len":13925,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56794,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554935,"flow_src_last_pkt_time":1605292116554935,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554935,"flow_src_last_pkt_time":1605292116554935,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554935,"flow_src_last_pkt_time":1605292116554935,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200e","src_port":57788,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1605292108895208,"flow_src_last_pkt_time":1605292109034942,"flow_dst_last_pkt_time":1605292109043498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1335,"flow_dst_tot_l4_payload_len":5617,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d03","src_port":56842,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00953{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292122698834,"flow_src_last_pkt_time":1605292122698834,"flow_dst_last_pkt_time":1605292122741055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292122698834,"flow_src_last_pkt_time":1605292122698834,"flow_dst_last_pkt_time":1605292122741055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a15","src_port":42674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554888,"flow_src_last_pkt_time":1605292116554888,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554888,"flow_src_last_pkt_time":1605292116554888,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554888,"flow_src_last_pkt_time":1605292116554888,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200e","src_port":45706,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654870,"flow_src_last_pkt_time":1605292120654870,"flow_dst_last_pkt_time":1605292120839721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654870,"flow_src_last_pkt_time":1605292120654870,"flow_dst_last_pkt_time":1605292120839721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654870,"flow_src_last_pkt_time":1605292120654870,"flow_dst_last_pkt_time":1605292120839721,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::200e","src_port":58004,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00953{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292118602881,"flow_src_last_pkt_time":1605292118602881,"flow_dst_last_pkt_time":1605292118777753,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292118602881,"flow_src_last_pkt_time":1605292118602881,"flow_dst_last_pkt_time":1605292118777753,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::d83a:d582","src_port":50906,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":18,"flow_first_seen":1605292103810303,"flow_src_last_pkt_time":1605292105112205,"flow_dst_last_pkt_time":1605292105112263,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":382,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":607,"flow_dst_tot_l4_payload_len":14274,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::98c7:1593","src_port":42908,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1605292103804485,"flow_src_last_pkt_time":1605292104007252,"flow_dst_last_pkt_time":1605292104007225,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":644,"flow_dst_max_l4_payload_len":527,"flow_src_tot_l4_payload_len":722,"flow_dst_tot_l4_payload_len":566,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::8fcc:d927","src_port":57286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":29,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105351681,"flow_dst_last_pkt_time":1605292105378152,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1550,"flow_dst_tot_l4_payload_len":18160,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":29,"flow_first_seen":1605292105197307,"flow_src_last_pkt_time":1605292105351681,"flow_dst_last_pkt_time":1605292105378152,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":523,"flow_dst_max_l4_payload_len":1208,"flow_src_tot_l4_payload_len":1550,"flow_dst_tot_l4_payload_len":18160,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58380,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Edgecast","proto_by_ip_id":288,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00832{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":5,"flow_first_seen":1605292105274861,"flow_src_last_pkt_time":1605292105347857,"flow_dst_last_pkt_time":1605292105347849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":99,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":99,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2606:2800:135:155a:23ba:b2a:25ff:122d","src_port":58382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554881,"flow_src_last_pkt_time":1605292116554881,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554881,"flow_src_last_pkt_time":1605292116554881,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554881,"flow_src_last_pkt_time":1605292116554881,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:815::2002","src_port":35892,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554955,"flow_src_last_pkt_time":1605292116554955,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554955,"flow_src_last_pkt_time":1605292116554955,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554955,"flow_src_last_pkt_time":1605292116554955,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2003","src_port":44164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1605292105418417,"flow_src_last_pkt_time":1605292122864867,"flow_dst_last_pkt_time":1605292122864791,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":764,"flow_dst_max_l4_payload_len":1279,"flow_src_tot_l4_payload_len":4217,"flow_dst_tot_l4_payload_len":4946,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39152,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.ADS_Analytic_Track","proto_id":"91.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Tracker\/Ads","category_id":101,"category":"Advertisement"}} 00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1605292122674024,"flow_src_last_pkt_time":1605292122861140,"flow_dst_last_pkt_time":1605292122861115,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":620,"flow_dst_max_l4_payload_len":600,"flow_src_tot_l4_payload_len":1856,"flow_dst_tot_l4_payload_len":1427,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::6006:749","src_port":39164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554985,"flow_src_last_pkt_time":1605292116554985,"flow_dst_last_pkt_time":1605292116783932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554985,"flow_src_last_pkt_time":1605292116554985,"flow_dst_last_pkt_time":1605292116783932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554985,"flow_src_last_pkt_time":1605292116554985,"flow_dst_last_pkt_time":1605292116783932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554976,"flow_src_last_pkt_time":1605292116554976,"flow_dst_last_pkt_time":1605292116783951,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554976,"flow_src_last_pkt_time":1605292116554976,"flow_dst_last_pkt_time":1605292116783951,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554976,"flow_src_last_pkt_time":1605292116554976,"flow_dst_last_pkt_time":1605292116783951,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58616,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554965,"flow_src_last_pkt_time":1605292116554965,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554965,"flow_src_last_pkt_time":1605292116554965,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554965,"flow_src_last_pkt_time":1605292116554965,"flow_dst_last_pkt_time":1605292116783952,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::200e","src_port":58618,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292122874816,"flow_src_last_pkt_time":1605292122874816,"flow_dst_last_pkt_time":1605292122899206,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292122874816,"flow_src_last_pkt_time":1605292122874816,"flow_dst_last_pkt_time":1605292122899206,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292122874816,"flow_src_last_pkt_time":1605292122874816,"flow_dst_last_pkt_time":1605292122899206,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40190,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01016{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":33,"flow_first_seen":1605292121486006,"flow_src_last_pkt_time":1605292122503493,"flow_dst_last_pkt_time":1605292122503481,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":1423,"flow_dst_tot_l4_payload_len":22629,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::4a72:9a16","src_port":43328,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Tumblr","proto_id":"91.90","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":16,"flow_first_seen":1605292105170049,"flow_src_last_pkt_time":1605292105221538,"flow_dst_last_pkt_time":1605292105221612,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":160,"flow_dst_max_l4_payload_len":1400,"flow_src_tot_l4_payload_len":311,"flow_dst_tot_l4_payload_len":12058,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4d28","src_port":43420,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -310,12 +310,12 @@ 00952{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554874,"flow_src_last_pkt_time":1605292116554874,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554874,"flow_src_last_pkt_time":1605292116554874,"flow_dst_last_pkt_time":1605292116783931,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::df9:21c6","src_port":43602,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":14,"flow_first_seen":1605292105726518,"flow_src_last_pkt_time":1605292122804785,"flow_dst_last_pkt_time":1605292122804743,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":119,"flow_src_tot_l4_payload_len":767,"flow_dst_tot_l4_payload_len":604,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::c000:4c03","src_port":51874,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01028{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":37,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122306980,"flow_dst_last_pkt_time":1605292122344801,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3141,"flow_src_tot_l4_payload_len":1021,"flow_dst_tot_l4_payload_len":38525,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654889,"flow_src_last_pkt_time":1605292120654889,"flow_dst_last_pkt_time":1605292120853149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":37,"flow_first_seen":1605292122095843,"flow_src_last_pkt_time":1605292122306980,"flow_dst_last_pkt_time":1605292122344801,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3141,"flow_src_tot_l4_payload_len":1021,"flow_dst_tot_l4_payload_len":38525,"midstream":0,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80b::200a","src_port":38608,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} +00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654889,"flow_src_last_pkt_time":1605292120654889,"flow_dst_last_pkt_time":1605292120853149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292120654889,"flow_src_last_pkt_time":1605292120654889,"flow_dst_last_pkt_time":1605292120853149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00959{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554831,"flow_src_last_pkt_time":1605292116554831,"flow_dst_last_pkt_time":1605292116783801,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00960{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554831,"flow_src_last_pkt_time":1605292116554831,"flow_dst_last_pkt_time":1605292116783801,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1605292116554831,"flow_src_last_pkt_time":1605292116554831,"flow_dst_last_pkt_time":1605292116783801,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1605292122899206,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":755,"packets-processed":755,"total-skipped-flows":0,"total-l4-payload-len":294634,"total-not-detected-flows":0,"total-guessed-flows":28,"total-detected-flows":19,"total-detection-updates":14,"total-updates":0,"current-active-flows":0,"total-active-flows":47,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":318,"global_ts_usec":1605292122899206} +00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":755,"source":"cfgs\/default\/pcap\/tumblr.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":755,"packets-processed":755,"total-skipped-flows":0,"total-l4-payload-len":294634,"total-not-detected-flows":0,"total-guessed-flows":28,"total-detected-flows":19,"total-detection-updates":14,"total-updates":0,"current-active-flows":0,"total-active-flows":47,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":318,"global_ts_usec":1605292122899206} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 755/755 ~~ skipped flows.............: 0 @@ -324,9 +324,9 @@ ~~ total active/idle flows...: 47/47 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8414923 bytes -~~ total memory freed........: 8414923 bytes -~~ total allocations/frees...: 147758/147758 +~~ total memory allocated....: 12122806 bytes +~~ total memory freed........: 12122806 bytes +~~ total allocations/frees...: 218012/218012 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 567 chars ~~ json string max len.......: 2269 chars diff --git a/test/results/default/tunnelbear.pcap.out b/test/results/default/tunnelbear.pcap.out index 6219ab6c4..1293c6a22 100644 --- a/test/results/default/tunnelbear.pcap.out +++ b/test/results/default/tunnelbear.pcap.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655734524312623} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655734524312623} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655734524312623,"flow_src_last_pkt_time":1655734524312623,"flow_dst_last_pkt_time":1655734524312623,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734524312623,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.154.236","src_port":50178,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655734524312623,"flow_dst_last_pkt_time":1655734524312623,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655734524312623,"pkt":"ABoRAAACABoRAAABCABFAAA8wQ5AAEAGbKcKCAABaBGa7MQCAbs6\/WaPAAAAAKAC\/\/8qygAAAgQFtAQCCAoBY6eBAAAAAAEDAwg="} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655734524312623,"flow_dst_last_pkt_time":1655734524319931,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1655734524319931,"pkt":"ABoRAAACABoRAAABCABFAAAoAFRAABAGXXZoEZrsCggAAQG7xALFAplwOv1mkFAS\/\/\/dDQAA"} @@ -190,7 +190,7 @@ 00985{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":9,"flow_first_seen":1655734776527103,"flow_src_last_pkt_time":1655734776901504,"flow_dst_last_pkt_time":1655734776891156,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":738,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33846,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00984{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1655734776538093,"flow_src_last_pkt_time":1655734776971287,"flow_dst_last_pkt_time":1655734776963310,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":156,"flow_src_tot_l4_payload_len":738,"flow_dst_tot_l4_payload_len":225,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33848,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.TunnelBear","proto_id":"91.299","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1655734777904202,"flow_src_last_pkt_time":1655734777912168,"flow_dst_last_pkt_time":1655734777912678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655734778245353,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"104.17.114.40","src_port":33858,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":421,"packets-processed":421,"total-skipped-flows":0,"total-l4-payload-len":92077,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":20,"total-detection-updates":19,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":193,"global_ts_usec":1655734778245353} +00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":421,"source":"cfgs\/default\/pcap\/tunnelbear.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":421,"packets-processed":421,"total-skipped-flows":0,"total-l4-payload-len":92077,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":20,"total-detection-updates":19,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":193,"global_ts_usec":1655734778245353} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 421/421 ~~ skipped flows.............: 0 @@ -199,9 +199,9 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7943048 bytes -~~ total memory freed........: 7943048 bytes -~~ total allocations/frees...: 147133/147133 +~~ total memory allocated....: 11651347 bytes +~~ total memory freed........: 11651347 bytes +~~ total allocations/frees...: 217387/217387 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 534 chars ~~ json string max len.......: 2185 chars diff --git a/test/results/default/tuya_lp.pcap.out b/test/results/default/tuya_lp.pcap.out index b8d7496a8..44533b67b 100644 --- a/test/results/default/tuya_lp.pcap.out +++ b/test/results/default/tuya_lp.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1671220121927386} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1671220121927386} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220121927386,"flow_src_last_pkt_time":1671220121927386,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220121927386,"l3_proto":"ip4","src_ip":"192.168.242.181","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1671220121927386,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_usec":1671220121927386,"pkt":"\/\/\/\/\/\/\/\/3E8ivUChCABFAADYtTsAAP8RUnvAqPK1\/\/\/\/\/8ACGgsAxHNKAABVqgAAAAAAAAATAAAArAAAAACXuT\/uS2nJX+6z0zvaNSlSV1zhkjZl3eRdq2Gsnt4E\/2UVen4KqM+oJMgVFlInd6Y+HvB9m3ef+vX5p0fD+Q9k0k6f3KelOooqs0S2rzdE\/jrKP2mVmgpDAuQ77zynEaKxicLHary3iqfVMTHAmVhtjKZQQNXz+SzyWX\/vpkjRbCsiKyHA8wc5AKuAN2eCZhABN47Nf4GoVTyKXyTxy7HF3HJEEQAAqlU="} 00938{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1671220121927386,"flow_src_last_pkt_time":1671220121927386,"flow_dst_last_pkt_time":1671220121927386,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220121927386,"l3_proto":"ip4","src_ip":"192.168.242.181","dst_ip":"255.255.255.255","src_port":49154,"dst_port":6667,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} @@ -104,7 +104,7 @@ 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671220125048168,"flow_src_last_pkt_time":1671220155060818,"flow_dst_last_pkt_time":1671220125048168,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.234","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1671220124943616,"flow_src_last_pkt_time":1671220154967079,"flow_dst_last_pkt_time":1671220124943616,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.240","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1671220122307161,"flow_src_last_pkt_time":1671220157322347,"flow_dst_last_pkt_time":1671220122307161,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":172,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":172,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1376,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1671220158572989,"l3_proto":"ip4","src_ip":"192.168.242.202","dst_ip":"255.255.255.255","src_port":59727,"dst_port":6667,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TuyaLP","proto_id":"331","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":98,"packets-processed":98,"total-skipped-flows":0,"total-l4-payload-len":17832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":107,"global_ts_usec":1671220158572989} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/tuya_lp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":98,"packets-processed":98,"total-skipped-flows":0,"total-l4-payload-len":17832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":107,"global_ts_usec":1671220158572989} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 98/98 ~~ skipped flows.............: 0 @@ -113,9 +113,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7795007 bytes -~~ total memory freed........: 7795007 bytes -~~ total allocations/frees...: 146588/146588 +~~ total memory allocated....: 11503434 bytes +~~ total memory freed........: 11503434 bytes +~~ total allocations/frees...: 216842/216842 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 568 chars ~~ json string max len.......: 985 chars diff --git a/test/results/default/ubntac2.pcap.out b/test/results/default/ubntac2.pcap.out index 175943d4f..66e68695a 100644 --- a/test/results/default/ubntac2.pcap.out +++ b/test/results/default/ubntac2.pcap.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1486943433175002} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1486943433175002} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943433175002,"flow_src_last_pkt_time":1486943433175002,"flow_dst_last_pkt_time":1486943433175002,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943433175002,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00759{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1486943433175002,"flow_dst_last_pkt_time":1486943433175002,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_usec":1486943433175002,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4FAAEARuPfAqAEB\/\/\/\/\/4UlJxEAtx2vAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADeYAsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFc8bAAU0LjAuMA=="} 00984{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943433175002,"flow_src_last_pkt_time":1486943433175002,"flow_dst_last_pkt_time":1486943433175002,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943433175002,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network","ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}}} @@ -34,7 +34,7 @@ 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943443357445,"flow_src_last_pkt_time":1486943443357445,"flow_dst_last_pkt_time":1486943443357445,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943504301123,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943504301123,"flow_src_last_pkt_time":1486943504301123,"flow_dst_last_pkt_time":1486943504301123,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943504301123,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1486943453510239,"flow_src_last_pkt_time":1486943453510239,"flow_dst_last_pkt_time":1486943453510239,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":175,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":175,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":175,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1486943504301123,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UBNTAC2","proto_id":"31","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":1400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1486943504301123} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ubntac2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":1400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1486943504301123} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -43,9 +43,9 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7781797 bytes -~~ total memory freed........: 7781797 bytes -~~ total allocations/frees...: 146448/146448 +~~ total memory allocated....: 11490304 bytes +~~ total memory freed........: 11490304 bytes +~~ total allocations/frees...: 216702/216702 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 568 chars ~~ json string max len.......: 989 chars diff --git a/test/results/default/ultrasurf.pcap.out b/test/results/default/ultrasurf.pcap.out index a72a1387f..b4bb91ccb 100644 --- a/test/results/default/ultrasurf.pcap.out +++ b/test/results/default/ultrasurf.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1656652731609846} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1656652731609846} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652731609846,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656652731609846,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 04044{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1656652731609846,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2646,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":2646,"pkt_l4_len":2608,"thread_ts_usec":1656652731609846,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAKRM7tQAA3BtrhQTFEGQqEABfDhZQKC2KlCkpUkTKAEAFmmhsAAAEBCAom3sf8A1a0+8wcMEFbpDhmmW\/ro\/\/D3SORouvGcLJVns8eaTu23\/042aUVj61nN6Xm0ijnaUg+Npmao+ahS5YFWlU5gxCt1Bv2Dd8X34iKweQUI1pV18JFIZQX4tZ8BgqPMHrM3xcO0sUVX\/OJ2pP8yGrJvNpjXCDZ3sKsZ8ObIJNR5C9HtP8VqqX5BjlcTX8CqWIvl0ZBgk5WvH2JDhc248aWcjJLqPpHeFkT7LlN9WbJOIcs7fIr7w\/l\/4QosbfyzysqE5\/jPdpXVbudJyd5Co9YEs4l8Q\/6o70Ffd9ZnAxSFwa0dpQq9l84dMMc++LU4g\/5uQo7ByYovlcOyQGaJMbvwFaomPtCm2gWgqlbGVYuy1fssTPKvOwtvuxi+uQSp0x90L4yICcjWy7QquRyX6vF4Kj7bnDBXk4Yuwhy\/eBFma8pYGq3nFybEXkBIoJM5PIx+daLngl8AMAATYZytmx8fvkxAn9nAl1vSL8DDtuJzW4bIpWNuUkrrQEo1qDNWTbFKTev+4WI2s2Dq0ECsJXkOzrv7ys8hbU9zt92MomzoOYqefTDPaVuUCZTdCEQ9uujt8du7o\/jXx78zGYtv58gGSActDbLr2l16bg\/8Uk3qmgnE4b9MmARdZqn4TXakOrfI7oMcpdzvXVxR02+JkOD2SzX0V6zyWGabGkpaHNUvZKhT9p9qT+xCygM23AxUgBVWRhbJOtoeCCmB9GtvrbByAuiFwMDCxpSuPxAzaqU1CDJRf0ARgMOGGitml366m2q80qwL6szhusBMTOpH\/+lZ+4L1ssuGJ7LmGwmTwj7CD7eU0QlRuuYEYdh\/W6inXP9pJwRRn5uXzjK2UGyXSKJQgFhgjKV\/gTtslaG1kJ9wEH3bRwjXGp+ck2NQY4p+Bw8hIGicivItS9FcKEUt6XedxsZehCTx0hYNbo5lDpgelreL+du2TIrCAGAHDGERkejYlaJXbPaNGkoCdPiWIM\/wKUpngDY6o\/X+oS4sqzbyHIJrWfx\/DNsKnakfj\/2CY9hTzppyXRIIMYoyhCThF4ViWWG951XQxJX59hIiJ0P800Ff7a\/5G5VD7ycCukCJw8TO+sLeaHNh0quy2GVip7vE7h6qblNGu0Gk9cK51FTnAHXCv6Q3d4ELba6G4KCOUY3W0JffhWzAOEmTJXAEn\/AlMO2rWx\/k5N9xej0nT\/nkreUz1f1WDVQX6TVNBY\/eRFDtb+TFH+sKdpkHf7qxhfQFxyqkO3FqpeLRYLb2aGXgnvyumtFIbL1yK2alLZq7VfOIertUcgFGWCflf2oGAQMP494aoiJeNdkUmDGGagS7Z55kvWOGnhHAq7vsPk2kKAjsA1WiALpxOUCeufBXfydppP5eHVnoy28uj69BNxwot9pZUkBBYCeXDj3oFR7Gc9bpRrdMTyafPDB90bcnb3nOWmeh6KPFWxajHcXo0ahl0atfQ0xcfDpv70YkPiVHvN5anji\/jwqd+wJMI02C2CHQYt0A0sb9htNsGJTYmz+qMEhhQgck9uTTyfTQQdK6\/Wo8Rw4c2ys8Ejy8JuJwmtCvHILWdrH8t+XzmYUjHgSjqsA2HLkDPFRZ\/NnGE1jWIEHA1mz46FdQt2Rz4VpbzOBlhqXfDAGkgWEXCyxg9Xt27URhieFz2k6YtWj1FBxrzsegVYDqhgLu95Xv61CBvesoUlZ9xj6Kl4Yl3DHrSrHkP69714VHd12KjEfy7I6PDUSEKGOgsDz2k3gWEz1Vc+5H98dopHMlCP13Yfv0lgLia4AI9tg03z8EoOpAEtDjYmJC8jyZR7z8MFAqjVJ+KlRi7Va6lXMgiTy48noI4EJnp+d3YCu\/TvYdatO\/n8f0FwyP3cI7Bw1wJQYGLb8BE+1FxjfVZo1\/FCFmY5z5t2vZ1fLUc8VgQCCrdPI9Reqj0rAEBhJQzYhyyrI5sO+d0uUiZm1ZjMrsAuR1R+D8ViDPDKJgNTF+lFzmzRvVhWOwiVB62wQx0H1nuzBWVrJnVTyu3Td+HivoL56Fmw46FaLO5cqZKJ4kdrfcT7dOr5SBNdiyjnF7hS41D6qjd1GwoYClOmY65UzGvO\/LpJXnZXNNzcmlebgMFy797BQ5WUmd7VC5FdTGCC8DMqElgFA+rp3WoHjwFyoua2tPfKAEOcMjf\/DXXePwU3Ik4UHmQADTzoJAa9I3MJkafNrUiyVVonoJubGqfmrjkZSA4gDie37sGxEUI86ocE60tLrdZB+SyKA8DHTfOJ4ywPWXCzMMHVfSQPr7V\/TcVQus\/74nuldXt48tcQWezCEyjrk4wEup0Xxil5tfRt81R5SKnXiLTQKHEZIf0HqSXIESqul3tuehmW4c9Q1wxJPZqqhjadeeubZ0gIjhZ9hs9B\/6aDfWtslbETpt0Jbd\/Ri0xqEdLzsqFyIafwtncy88mYnLcalIh0rBtSJuU\/LhKGCkVIE+gUPPF1DbTYZY4YKEaeb+2qo\/\/JDj6zwXltjrJPllzgJKQNGUCykc5KZO1hlo311el8xzVEOheb4BzRB9rrUaDmjaCVi8CyuEyMO5b2YxxWHzBzuZCfmdbLRqSQLyu+LSzVRqFA+T79T7kHNu3xGMSCuKVSsG2pREebnblNVGkCfubEdGKnPL686GbKWglEv7v2CfHncHfVZct\/s0hHAbjxQUdnfLXoTISdI7+bsxXb+ra8Q\/1RtrRBVzu+48UJKnUfoIM1auofVab2EM52OgI1cJXu8rWam94puZzFKEWGHN5jrPhx\/1njYeBqUbgiSNKRjjW+fz8xMBFQ5gSSCk0oalrdEbE7BnRoIdN\/vRg9D\/N51B7MdkbJ2Gmv55poGFAMgIExvo2B\/JlYaCIHgXg41f0\/LPeqrMcFhe2j5UYCpb3n2IzOKezh\/TS0GI0iMwrY1GP7aVptjhYXhhys7MA9TMX9mjk30oA5Li3Yeg25blNJqeDxKu+vxwlNbxqOKs86fBSxzrYDDpnNu5QdAQ7sboEki75xxiMB7G2qxumkThEE3WMNP1TP2cyPa+KzTwAEUydo7dmB7r1BYVlH445Zqui\/gQ9B7FCwh5ykQiRlEVepOqNbbaYU6jrc3JQmu9yNVQ516c7KEY3PmTJGfIomYYQCg0xQ64qJbX+Ng2D40mseTOcV\/nfh\/lZ1gI1tQQr6VxcSHohyQ0owuuvE7GS\/s9KhqIZNKrqD7fH3CftARHmTYUxtD5t+c+oO0QyPgfXcmsUaQ277fzvTac55sC8LTxTlb6qQ6lTQ9Jxj5AhKLanf25vF3ivpTZoHcf\/UbFC7yAm1PT5k8IxbUybglXXWOr+hDrIncmBDz99Gq0DNEyl2Sk\/khhOFsvG2taZ4rfI\/Iq+r72y5uXdniCSx0ABH9OlSRvpo\/6aASUseGq305nqAhb9HZEY9zmIB4WBYmNdv2m2FQvjwfqskoI3NcL8wSS92+WJiP"} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652731609846,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":2576,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656652731609846,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -13,23 +13,23 @@ 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1656652778161151,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1656652778372319,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAAPAAAQAA3BrPXQTFEGQqEABfDhZTovxOnA7MzdQ6gEnEg1IYAAAIEBYwEAggKJt9+2gNW4rIBAwMJ"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1656652778421535,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1656652778421535,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAANJfAQAA\/BhQfCoQAF0ExRBmU6MOFszN1Dr8TpwSAEAFXcrgAAAEBCAoDVuLwJt9+2g=="} 01250{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":587,"pkt_l4_len":549,"thread_ts_usec":1656652778421539,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQACOZfBQAA\/BhIZCoQAF0ExRBmU6MOFszN1Dr8TpwSAGAFXVWEAAAEBCAoDVuLyJt9+2hYDAQIAAQAB\/AMDr1TvmxMyvNf+q717HlpuVMH9\/2gtPNvQ62Ai\/wsFQ4Egfoq8jeo6ii7AK7CjRsR0vzcKrDa5VfBts3k4lPGsvG8AIJqaEwETAhMDwCvAL8AswDDMqcyowBPAFACcAJ0ALwA1AQABk8rKAAAAFwAA\/wEAAQAACgAKAAhaWgAdABcAGAALAAIBAAAjAHGHH7Cr+kyKwaPZQerkEYwZ3vWq9kYKj\/3HkFLmmuM0Bc2kp7XBZSKjegj2paQwPPt0ERZnWpYSLR+I7K4AUK9Y2TaBWgf+V91OWtns7JMLmSahqNo2fkYDjSGf\/yU2ej1t1mOtjzmMMwNNMp0AhdbJ5wAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApWloAAQAAHQAg+punvdb2lxSVGdI6QjnaO96xqz7MDZUMuBufWP7ID30ALQACAQEAKwALCvr6AwQDAwMCAwEAGwADAgACCgoAAQAAFQB0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEgHP+C37PmGfwkkqH3YtMvFo8GlUohGpFAmkcmxiOcfaY="} -01405{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652778421539,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01515{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652778421539,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778641891,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1656652778641891,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAANDC5QAA3BoMmQTFEGQqEABfDhZTovxOnBLMzdxOAEAA1cMUAAAEBCAom33\/oA1bi8g=="} -01450{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778641896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1288,"midstream":0,"thread_ts_usec":1656652778641896,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -02394{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652779042511,"flow_dst_last_pkt_time":1656652779222772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":5006,"flow_dst_tot_l4_payload_len":4491,"midstream":0,"thread_ts_usec":1656652779222772,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":62676.8,"max":270784,"stddev":99488.0,"var":9897854976.0,"ent":3.4,"data": [211168,260384,4,269572,5,10096,9894,260379,4,20013,20030,10943,4,270784,9694,4,10276,229481,5,19977,40078,29866,14,10092,29929,210869,5,2,9,9396,4]},"pktlen": {"min":52,"avg":349.3,"max":1400,"stddev":449.6,"var":202163.0,"ent":4.0,"data": [60,60,52,569,52,1340,1340,1256,52,52,52,116,138,690,107,87,83,108,83,52,94,1400,86,1148,680,650,52,87,244,187,87,113]},"bins": {"c_to_s": [7,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0],"s_to_c": [4,8,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,0,0,0,1,1,1,1,1,1],"entropies": [4.726680756,5.240227222,5.272274494,6.111527920,5.130220413,7.844857216,7.849434853,7.833609104,5.233813286,5.156889915,5.233813286,6.138292789,6.368075848,7.651264191,6.278759480,5.928515911,5.691242695,6.148318291,5.806828022,5.233812809,5.950813293,7.875130177,5.929117203,7.818894386,7.718791008,7.725904465,5.168681622,5.919838905,6.926432133,6.780454636,5.896851063,6.240451336]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01560{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652778421539,"flow_dst_last_pkt_time":1656652778641896,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1288,"midstream":0,"thread_ts_usec":1656652778641896,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +02504{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":132,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652779042511,"flow_dst_last_pkt_time":1656652779222772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":5006,"flow_dst_tot_l4_payload_len":4491,"midstream":0,"thread_ts_usec":1656652779222772,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":62676.8,"max":270784,"stddev":99488.0,"var":9897854976.0,"ent":3.4,"data": [211168,260384,4,269572,5,10096,9894,260379,4,20013,20030,10943,4,270784,9694,4,10276,229481,5,19977,40078,29866,14,10092,29929,210869,5,2,9,9396,4]},"pktlen": {"min":52,"avg":349.3,"max":1400,"stddev":449.6,"var":202163.0,"ent":4.0,"data": [60,60,52,569,52,1340,1340,1256,52,52,52,116,138,690,107,87,83,108,83,52,94,1400,86,1148,680,650,52,87,244,187,87,113]},"bins": {"c_to_s": [7,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0],"s_to_c": [4,8,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,0,0,0,1,1,1,1,1,1],"entropies": [4.726680756,5.240227222,5.272274494,6.111527920,5.130220413,7.844857216,7.849434853,7.833609104,5.233813286,5.156889915,5.233813286,6.138292789,6.368075848,7.651264191,6.278759480,5.928515911,5.691242695,6.148318291,5.806828022,5.233812809,5.950813293,7.875130177,5.929117203,7.818894386,7.718791008,7.725904465,5.168681622,5.919838905,6.926432133,6.780454636,5.896851063,6.240451336]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652831434184,"flow_dst_last_pkt_time":1656652831434184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652831434184,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1656652831434184,"flow_dst_last_pkt_time":1656652831434184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1656652831434184,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAAPDStQAA\/BncqCoQAF0ExRBmVCMOFn9EiagAAAACgAv\/\/g5YAAAIEBVAEAggKA1cWxwAAAAABAwMI"} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1656652831434184,"flow_dst_last_pkt_time":1656652831643678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1656652831643678,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAAPAAAQAA3BrPXQTFEGQqEABfDhZUIPEwzlZ\/RImugEnEgLEwAAAIEBYwEAggKJuBPGgNXFscBAwMJ"} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1656652831673898,"flow_dst_last_pkt_time":1656652831643678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1656652831673898,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAANDSuQAA\/BncxCoQAF0ExRBmVCMOFn9EiazxMM5aAEAFXyn8AAAEBCAoDVxcDJuBPGg=="} 01249{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831643678,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":587,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":587,"pkt_l4_len":549,"thread_ts_usec":1656652831673908,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQACOTSvQAA\/BnUrCoQAF0ExRBmVCMOFn9EiazxMM5aAGAFXu7MAAAEBCAoDVxcEJuBPGhYDAQIAAQAB\/AMDO7Zo\/JbRTk369S4SCoIhOmdg2TC3hkHYNT7vL9EGoF4gmvMu5lvj5xNX7exy1AfIdKk6v5iYOkqNu7hLh1Y7e9QAIFpaEwETAhMDwCvAL8AswDDMqcyowBPAFACcAJ0ALwA1AQABk1paAAAAFwAA\/wEAAQAACgAKAAi6ugAdABcAGAALAAIBAAAjAHGHH7Cr+kyKwaPZQerkEYwZA+EuMf2lqc1yOKhVFtOQQEzV7TIAzUr4SQaoe3tyBYupujSwQJJFCyCF65TcO0wfF4l8YlF7mJ8mCVWiyJnQVyFOQ5cPFn287fUzN2Zjut\/czCT8Xb6ucpXDdeIzkMQwPQAQAA4ADAJoMghodHRwLzEuMQAFAAUBAAAAAAANABIAEAQDCAQEAQUDCAUFAQgGBgEAEgAAADMAKwApuroAAQAAHQAghi1p4yRBK379yGiurG3H4Jj+BGfDg24Eyg2DXh39FV0ALQACAQEAKwALCjo6AwQDAwMCAwEAGwADAgACGhoAAQAAFQB0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEgJjoaetj0dIRwl01FzpE8h7C\/sNwfh2G7XMxsxF6YNAA="} -01405{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831643678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652831673908,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01515{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831643678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652831673908,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831894729,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1656652831894729,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAANPHLQAA3BsITQTFEGQqEABfDhZUIPEwzlp\/RJHCAEAA1yI0AAAEBCAom4FAoA1cXBA=="} -01450{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831894735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1288,"midstream":0,"thread_ts_usec":1656652831894735,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -02381{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652832235258,"flow_dst_last_pkt_time":1656652832454997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":4808,"flow_dst_tot_l4_payload_len":5851,"midstream":0,"thread_ts_usec":1656652832454997,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":58770.5,"max":269120,"stddev":100848.2,"var":10170350592.0,"ent":3.1,"data": [209494,239714,10,251051,6,11439,12,260675,5,9589,20029,20030,269120,19987,5,231024,5,19971,10,4,3,3,2,249606,8,2,3,3,10064,10,3]},"pktlen": {"min":52,"avg":385.6,"max":1400,"stddev":479.7,"var":230117.0,"ent":4.1,"data": [60,60,52,569,52,1340,1340,1256,52,52,52,116,368,107,87,139,52,83,1400,428,1400,480,250,234,52,87,113,200,244,87,187,1340]},"bins": {"c_to_s": [7,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [3,5,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1],"entropies": [4.680766106,5.194312096,5.041505337,6.080573082,5.168682098,7.827150345,7.863349915,7.855801105,5.156889915,5.156889915,5.118428230,6.048384190,7.387241364,5.998385429,5.810531616,6.322457314,5.118428230,5.674062252,7.876391411,7.449967384,7.849254131,7.577188969,7.053901672,7.035159111,5.130220413,5.850873470,6.129572392,6.822973251,6.886046886,5.873862267,6.798689365,7.860256195]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01560{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831894735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1288,"midstream":0,"thread_ts_usec":1656652831894735,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +02491{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652832235258,"flow_dst_last_pkt_time":1656652832454997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":4808,"flow_dst_tot_l4_payload_len":5851,"midstream":0,"thread_ts_usec":1656652832454997,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":58770.5,"max":269120,"stddev":100848.2,"var":10170350592.0,"ent":3.1,"data": [209494,239714,10,251051,6,11439,12,260675,5,9589,20029,20030,269120,19987,5,231024,5,19971,10,4,3,3,2,249606,8,2,3,3,10064,10,3]},"pktlen": {"min":52,"avg":385.6,"max":1400,"stddev":479.7,"var":230117.0,"ent":4.1,"data": [60,60,52,569,52,1340,1340,1256,52,52,52,116,368,107,87,139,52,83,1400,428,1400,480,250,234,52,87,113,200,244,87,187,1340]},"bins": {"c_to_s": [7,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [3,5,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1],"entropies": [4.680766106,5.194312096,5.041505337,6.080573082,5.168682098,7.827150345,7.863349915,7.855801105,5.156889915,5.156889915,5.118428230,6.048384190,7.387241364,5.998385429,5.810531616,6.322457314,5.118428230,5.674062252,7.876391411,7.449967384,7.849254131,7.577188969,7.053901672,7.035159111,5.130220413,5.850873470,6.129572392,6.822973251,6.886046886,5.873862267,6.798689365,7.860256195]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":40,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652734111599,"flow_dst_last_pkt_time":1656652734111609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":112048,"flow_dst_tot_l4_payload_len":455,"midstream":1,"thread_ts_usec":1656652832876498,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -01211{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":53,"flow_dst_packets_processed":76,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652780054386,"flow_dst_last_pkt_time":1656652780064014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1424,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":14019,"flow_dst_tot_l4_payload_len":30413,"midstream":0,"thread_ts_usec":1656652832876498,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01211{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":53,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652832855529,"flow_dst_last_pkt_time":1656652832876498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":13653,"flow_dst_tot_l4_payload_len":31617,"midstream":0,"thread_ts_usec":1656652832876498,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":333,"packets-processed":333,"total-skipped-flows":0,"total-l4-payload-len":202205,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1656652832876498} +01321{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":53,"flow_dst_packets_processed":76,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652780054386,"flow_dst_last_pkt_time":1656652780064014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1424,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":14019,"flow_dst_tot_l4_payload_len":30413,"midstream":0,"thread_ts_usec":1656652832876498,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01321{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":53,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652832855529,"flow_dst_last_pkt_time":1656652832876498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":13653,"flow_dst_tot_l4_payload_len":31617,"midstream":0,"thread_ts_usec":1656652832876498,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":333,"packets-processed":333,"total-skipped-flows":0,"total-l4-payload-len":202205,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1656652832876498} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 333/333 ~~ skipped flows.............: 0 @@ -38,9 +38,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7805657 bytes -~~ total memory freed........: 7805657 bytes -~~ total allocations/frees...: 146740/146740 +~~ total memory allocated....: 11514244 bytes +~~ total memory freed........: 11514244 bytes +~~ total allocations/frees...: 216994/216994 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 558 chars ~~ json string max len.......: 4049 chars diff --git a/test/results/default/upnp.pcap.out b/test/results/default/upnp.pcap.out index c450d0650..0aee7be93 100644 --- a/test/results/default/upnp.pcap.out +++ b/test/results/default/upnp.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1541515314826314} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1541515314826314} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1541515314826314,"flow_src_last_pkt_time":1541515314826314,"flow_dst_last_pkt_time":1541515314826314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1541515314826314,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01414{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1541515314826314,"flow_dst_last_pkt_time":1541515314826314,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":718,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":718,"pkt_l4_len":664,"thread_ts_usec":1541515314826314,"pkt":"MzMAAAAMGNvyL6AYht1gDeGUApgRAf6AAAAAAAAANEE9JG0wqAf\/AgAAAAAAAAAAAAAAAAAM5jQOdgKYg108P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvUmVzb2x2ZTwvd3NhOkFjdGlvbj48d3NhOk1lc3NhZ2VJRD51cm46dXVpZDozZjQyZGM5YS0yNGNlLTQ4ZDEtODhmOS0xNmI5NmExMzdkNzE8L3dzYTpNZXNzYWdlSUQ+PC9zb2FwOkhlYWRlcj48c29hcDpCb2R5Pjx3c2Q6UmVzb2x2ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDplMzI0ODAwMC04MGNlLTExZGItODAwMC0wMDFiYTk5ZWM5NTY8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOlJlc29sdmU+PC9zb2FwOkJvZHk+PC9zb2FwOkVudmVsb3BlPg=="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1541515314826314,"flow_src_last_pkt_time":1541515314826314,"flow_dst_last_pkt_time":1541515314826314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":656,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1541515314826314,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -16,7 +16,7 @@ 01389{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1541515317470215,"flow_dst_last_pkt_time":1541515314827161,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":698,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":698,"pkt_l4_len":664,"thread_ts_usec":1541515317470215,"pkt":"AQBef\/\/6GNvyL6AYCABFAAKsCtoAAAERvoLAqD1C7\/\/\/+uYzDnYCmBmmPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48c29hcDpFbnZlbG9wZSB4bWxuczpzb2FwPSJodHRwOi8vd3d3LnczLm9yZy8yMDAzLzA1L3NvYXAtZW52ZWxvcGUiIHhtbG5zOndzYT0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNC8wOC9hZGRyZXNzaW5nIiB4bWxuczp3c2Q9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5Ij48c29hcDpIZWFkZXI+PHdzYTpUbz51cm46c2NoZW1hcy14bWxzb2FwLW9yZzp3czoyMDA1OjA0OmRpc2NvdmVyeTwvd3NhOlRvPjx3c2E6QWN0aW9uPmh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDQvZGlzY292ZXJ5L1Jlc29sdmU8L3dzYTpBY3Rpb24+PHdzYTpNZXNzYWdlSUQ+dXJuOnV1aWQ6M2Y0MmRjOWEtMjRjZS00OGQxLTg4ZjktMTZiOTZhMTM3ZDcxPC93c2E6TWVzc2FnZUlEPjwvc29hcDpIZWFkZXI+PHNvYXA6Qm9keT48d3NkOlJlc29sdmU+PHdzYTpFbmRwb2ludFJlZmVyZW5jZT48d3NhOkFkZHJlc3M+dXJuOnV1aWQ6ZTMyNDgwMDAtODBjZS0xMWRiLTgwMDAtMDAxYmE5OWVjOTU2PC93c2E6QWRkcmVzcz48L3dzYTpFbmRwb2ludFJlZmVyZW5jZT48L3dzZDpSZXNvbHZlPjwvc29hcDpCb2R5Pjwvc29hcDpFbnZlbG9wZT4="} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1541515314826314,"flow_src_last_pkt_time":1541515320458778,"flow_dst_last_pkt_time":1541515314826314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4592,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1541515321472909,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1541515314827161,"flow_src_last_pkt_time":1541515321472909,"flow_dst_last_pkt_time":1541515314827161,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":656,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":656,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4592,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1541515321472909,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WSD","proto_id":"153","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":9184,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1541515321472909} +00632{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/upnp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-payload-len":9184,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1541515321472909} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -25,9 +25,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769251 bytes -~~ total memory freed........: 7769251 bytes -~~ total allocations/frees...: 146394/146394 +~~ total memory allocated....: 11477854 bytes +~~ total memory freed........: 11477854 bytes +~~ total allocations/frees...: 216648/216648 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 565 chars ~~ json string max len.......: 1419 chars diff --git a/test/results/default/viber.pcap.out b/test/results/default/viber.pcap.out index b3c11cfa4..69b23e7ff 100644 --- a/test/results/default/viber.pcap.out +++ b/test/results/default/viber.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1527155638428936} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1527155638428936} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155638428936,"flow_src_last_pkt_time":1527155638428936,"flow_dst_last_pkt_time":1527155638428936,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":101,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1527155638428936,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00679{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1527155638428936,"flow_dst_last_pkt_time":1527155638428936,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1527155638428936,"pkt":"AA6OMNv9MAdNo1+nCABFAACZvbBAAEAGio\/AqAARNAD9ZYG4EJTYH5QATQ0UaIAYAtokAwAAAQEICgAhYEL3kz3SZQAKAAAALtCh9tIA1PL3FQOheV4He+mBM0W\/i9pTb10sHI+OMXtBs1b9JHGGgzJlSCkVK80QeHWJMpbzU2NcxAJaXXoLguc1CK5osKkCx6zZTIH0SZ0piWwLO+YlPXpdR9T6nHw="} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1527155638474128,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638474128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1527155638474128,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -167,7 +167,7 @@ 00990{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639005882,"flow_src_last_pkt_time":1527155639005882,"flow_dst_last_pkt_time":1527155639008484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":261,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":261,"midstream":0,"thread_ts_usec":1527155685757669,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":35283,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.ADS_Analytic_Track","proto_id":"5.107","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Tracker\/Ads","category_id":14,"category":"Network"}} 00971{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155638474128,"flow_src_last_pkt_time":1527155638474128,"flow_dst_last_pkt_time":1527155638476527,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":161,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":161,"midstream":0,"thread_ts_usec":1527155685757669,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Facebook","proto_id":"5.119","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00965{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155639234839,"flow_src_last_pkt_time":1527155639234839,"flow_dst_last_pkt_time":1527155639237450,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":331,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":331,"midstream":0,"thread_ts_usec":1527155685757669,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":62872,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":425,"packets-processed":420,"total-skipped-flows":0,"total-l4-payload-len":122215,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":22,"total-detection-updates":20,"total-updates":4,"current-active-flows":26,"total-active-flows":26,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":170,"global_ts_usec":1648952182644000} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":425,"packets-processed":420,"total-skipped-flows":0,"total-l4-payload-len":122215,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":22,"total-detection-updates":20,"total-updates":4,"current-active-flows":26,"total-active-flows":26,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":170,"global_ts_usec":1648952182644000} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648952182644000,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182644000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952182644000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182644000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648952182644000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8QZ1AAD8GBoHAqAJkNAD8kb4yEJT33RMVAAAAAKAC\/\/+7mwAAAgQFtAQCCApvD0\/7AAAAAAEDAwk="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1648952182644000,"flow_dst_last_pkt_time":1648952182749000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648952182749000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAOcGoB00APyRwKgCZBCUvjJ96pBe990TFqASaN8gOAAAAgQFrAQCCArnVjzbbw9P+wEDAwk="} @@ -177,7 +177,7 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":429,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1648952183458000,"flow_dst_last_pkt_time":1648952183563000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648952183563000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0fqdAAOcGIX40APyRwKgCZBCUvjJ96pBf990TdoAQADWytAAAAQEICudWQAlvD1Fh"} 00785{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1527155639240854,"flow_src_last_pkt_time":1527155640080793,"flow_dst_last_pkt_time":1527155640252435,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":366,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":703,"flow_dst_tot_l4_payload_len":5690,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36986,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00964{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1527155640085923,"flow_src_last_pkt_time":1527155640836078,"flow_dst_last_pkt_time":1527155641008759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":367,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":704,"flow_dst_tot_l4_payload_len":5441,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"54.69.166.226","src_port":36988,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00945{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1527155644240774,"flow_src_last_pkt_time":1527155644243647,"flow_dst_last_pkt_time":1527155644244636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":22,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":22,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +00976{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1527155644240774,"flow_src_last_pkt_time":1527155644243647,"flow_dst_last_pkt_time":1527155644244636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":22,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":22,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} 00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1527155644240774,"flow_src_last_pkt_time":1527155644243647,"flow_dst_last_pkt_time":1527155644244636,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":22,"flow_src_tot_l4_payload_len":46,"flow_dst_tot_l4_payload_len":22,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"172.217.23.106","src_port":41993,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01093{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":22,"flow_first_seen":1527155670640484,"flow_src_last_pkt_time":1527155677861045,"flow_dst_last_pkt_time":1527155677861880,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":257,"flow_dst_max_l4_payload_len":76,"flow_src_tot_l4_payload_len":4027,"flow_dst_tot_l4_payload_len":1378,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155670640566,"flow_src_last_pkt_time":1527155670640566,"flow_dst_last_pkt_time":1527155670672314,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":20,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":20,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.32","src_port":47171,"dst_port":7987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} @@ -205,7 +205,7 @@ 00921{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1527155679410348,"flow_src_last_pkt_time":1527155685132180,"flow_dst_last_pkt_time":1527155685130784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1527155679410348,"flow_src_last_pkt_time":1527155685132180,"flow_dst_last_pkt_time":1527155685130784,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1527155641813689,"flow_src_last_pkt_time":1527155641813689,"flow_dst_last_pkt_time":1527155641840131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":143,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":143,"midstream":0,"thread_ts_usec":1648952183755000,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Viber","proto_id":"5.144","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":440,"packets-processed":435,"total-skipped-flows":0,"total-l4-payload-len":125733,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":23,"total-detection-updates":20,"total-updates":4,"current-active-flows":1,"total-active-flows":27,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":208,"global_ts_usec":1648954023554000} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":440,"packets-processed":435,"total-skipped-flows":0,"total-l4-payload-len":125733,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":23,"total-detection-updates":20,"total-updates":4,"current-active-flows":1,"total-active-flows":27,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":208,"global_ts_usec":1648954023554000} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023554000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648954023554000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023554000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648954023554000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86GpAAD8GYELAqAJkNAD8AqDgFHo59lPMAAAAAKAC\/\/81EwAAAgQFtAQCCArXUgVsAAAAAAEDAwk="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1648954023554000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648954023662000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAOwGm6w0APwCwKgCZBR6oOA1qzY9OfZTzaASaN\/krwAAAgQFrAQCCApiDhmE11IFbAEDAwk="} @@ -213,14 +213,14 @@ 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_usec":1648954023697000,"pkt":"eJS0JASgYDjgxTWgCABFAABM6GxAAD8GYDDAqAJkNAD8AqDgFHo59lPNNas2PoAYAKwkewAAAQEICtdSBfpiDhmEGAAAAAAA\/P8FgAkAAAAAAAAAAAAzAAAA"} 00916{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023662000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648954023697000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1648954023697000,"flow_dst_last_pkt_time":1648954023803000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648954023803000,"pkt":"YDjgxTWgeJS0JASgCABFAAA07m1AAOwGrUY0APwCwKgCZBR6oOA1qzY+OfZT5YAQADV67AAAAQEICmIOGhLXUgX6"} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":451,"packets-processed":446,"total-skipped-flows":0,"total-l4-payload-len":126273,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":24,"total-detection-updates":20,"total-updates":4,"current-active-flows":2,"total-active-flows":28,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":216,"global_ts_usec":1648968035683000} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":451,"packets-processed":446,"total-skipped-flows":0,"total-l4-payload-len":126273,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":24,"total-detection-updates":20,"total-updates":4,"current-active-flows":2,"total-active-flows":28,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":216,"global_ts_usec":1648968035683000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00674{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1648968035683000,"pkt":"eJS0JASgYDjgxTWgCABFAACU2kpAAD8GpwLAqAJkLMDKSqeUEJTyP2Q6cEHfOoAYAVdrNwAAAQEICphN6aPkLWTjYAAuDuoU\/P8DgFkAGwAAAAAAAAAuDuoUyCWY+Eiv3vNvHuU8izmtmd1xLKgDGQAAAC4GaTctzm2TgBHTuz9kkBDO3BN0gtQM11m3wPtySAu5MwDtuOA\/BIT7TjIAAaAP"} 01049{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648968035683000,"flow_src_last_pkt_time":1648968035683000,"flow_dst_last_pkt_time":1648968035683000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":96,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":96,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"44.192.202.74","src_port":42900,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1648954023554000,"flow_src_last_pkt_time":1648954024001000,"flow_dst_last_pkt_time":1648954024107000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":516,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":516,"midstream":0,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.2","src_port":41184,"dst_port":5242,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} 00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1648952182644000,"flow_src_last_pkt_time":1648952183650000,"flow_dst_last_pkt_time":1648952183755000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":101,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":3321,"midstream":0,"thread_ts_usec":1648968035683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"52.0.252.145","src_port":48690,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Viber","proto_id":"144","proto_by_ip":"Viber","proto_by_ip_id":144,"encrypted":1,"breed":"Fun","category_id":10,"category":"VoIP"}} -00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":451,"packets-processed":447,"total-skipped-flows":0,"total-l4-payload-len":126369,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":25,"total-detection-updates":20,"total-updates":4,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":223,"global_ts_usec":1648968035683000} +00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":451,"source":"cfgs\/default\/pcap\/viber.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":451,"packets-processed":447,"total-skipped-flows":0,"total-l4-payload-len":126369,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":25,"total-detection-updates":20,"total-updates":4,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":223,"global_ts_usec":1648968035683000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 451/447 ~~ skipped flows.............: 0 @@ -229,9 +229,9 @@ ~~ total active/idle flows...: 29/29 ~~ total timeout flows.......: 4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7999841 bytes -~~ total memory freed........: 7999841 bytes -~~ total allocations/frees...: 147185/147185 +~~ total memory allocated....: 11708012 bytes +~~ total memory freed........: 11708012 bytes +~~ total allocations/frees...: 217439/217439 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 537 chars ~~ json string max len.......: 2483 chars diff --git a/test/results/default/vk.pcapng.out b/test/results/default/vk.pcapng.out index 0a8d40a51..8de852ad6 100644 --- a/test/results/default/vk.pcapng.out +++ b/test/results/default/vk.pcapng.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675334160555793} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675334160555793} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334160555793,"flow_src_last_pkt_time":1675334160555793,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334160555793,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.131","src_port":33904,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675334160555793,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1675334160555793,"pkt":"dNqIE5X\/CI6QkAulCABFAABYkT1AAEAGDU7AqAH5V\/CBg4RwAbulKVT5c9gL4IAYAfUCFQAAAQEIColQoiPg\/q3hFwMDAB8CiHoHbb46sk3wEVp76KY8pTJ63EhTj6jLGV9BFA03"} 01033{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334160555793,"flow_src_last_pkt_time":1675334160555793,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334160555793,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.131","src_port":33904,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -77,7 +77,7 @@ 01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":706,"flow_dst_packets_processed":0,"flow_first_seen":1675334161630633,"flow_src_last_pkt_time":1675334178414776,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38528,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.132.78","src_port":60436,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1675334160555793,"flow_src_last_pkt_time":1675334171438126,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":305,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.131","src_port":33904,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1675334163969940,"flow_src_last_pkt_time":1675334164019208,"flow_dst_last_pkt_time":1675334163969940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":633,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":922,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.135","src_port":56504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":909,"packets-processed":909,"total-skipped-flows":0,"total-l4-payload-len":66779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":1675334178414776} +00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":909,"packets-processed":909,"total-skipped-flows":0,"total-l4-payload-len":66779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":1675334178414776} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 909/909 ~~ skipped flows.............: 0 @@ -86,9 +86,9 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7833038 bytes -~~ total memory freed........: 7833038 bytes -~~ total allocations/frees...: 147397/147397 +~~ total memory allocated....: 11541513 bytes +~~ total memory freed........: 11541513 bytes +~~ total allocations/frees...: 217651/217651 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 544 chars ~~ json string max len.......: 1979 chars diff --git a/test/results/default/vnc.pcap.out b/test/results/default/vnc.pcap.out index 837f24fda..273ca4be6 100644 --- a/test/results/default/vnc.pcap.out +++ b/test/results/default/vnc.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1476111264364066} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1476111264364066} 00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1476111264364066,"flow_src_last_pkt_time":1476111264364066,"flow_dst_last_pkt_time":1476111264364066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1476111264364066,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1476111264364066,"flow_dst_last_pkt_time":1476111264364066,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1476111264364066,"pkt":"EP7tAkntxOodxQGGCABFAAA0Xs1AAHQGVCNf7TDQwKgCbumPGvTqxTBkAAAAAIACIADbnAAAAgQFrAEDAwIBAQQC"} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1476111264364066,"flow_dst_last_pkt_time":1476111264364590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1476111264364590,"pkt":"xOodxQGGEP7tAkntCABFAAA0fFNAAIAGAADAqAJuX+0w0Br06Y8QfmeF6sUwZYASIABT+gAAAgQFtAEDAwgBAQQC"} @@ -18,7 +18,7 @@ 02384{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3575,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1476111286462067,"flow_src_last_pkt_time":1476111287358990,"flow_dst_last_pkt_time":1476111287224950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":185,"midstream":0,"thread_ts_usec":1476111287358990,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":53542.1,"max":538844,"stddev":125065.9,"var":15641482240.0,"ent":3.0,"data": [107,37501,48667,49552,38334,36850,46381,48516,45667,1708,45497,182,37420,547,413,36764,2984,39898,772,181,762,824,181,2,1005,501772,46,703,538844,2,97724]},"pktlen": {"min":40,"avg":56.8,"max":75,"stddev":12.6,"var":158.0,"ent":5.0,"data": [52,52,46,52,52,48,46,40,46,40,59,46,69,74,74,62,46,75,40,74,72,40,68,72,63,40,70,68,72,46,46,67]},"bins": {"c_to_s": [13,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,0,1,1,1,1,0,0,0],"entropies": [4.518056870,4.878231525,4.652828693,5.022342682,5.176993847,4.993162155,4.698037148,4.711769104,4.609350204,4.730641365,5.204673767,4.652828693,5.591832638,5.651554108,5.655132294,5.470327854,4.565871716,5.718621254,4.680641174,5.781727314,5.694025517,4.621928692,5.533761978,5.648954391,5.381884575,4.621928692,5.550290108,5.491440296,5.523682594,4.505982876,4.565872192,5.593677998]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"VNC","proto_id":"89","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01220{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":684,"flow_dst_packets_processed":324,"flow_first_seen":1476111286462067,"flow_src_last_pkt_time":1476111290613528,"flow_dst_last_pkt_time":1476111290394024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":17754,"flow_dst_tot_l4_payload_len":212,"midstream":0,"thread_ts_usec":1476111290613528,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"VNC","proto_id":"89","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} 01221{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2485,"flow_dst_packets_processed":1058,"flow_first_seen":1476111264364066,"flow_src_last_pkt_time":1476111280884547,"flow_dst_last_pkt_time":1476111280846496,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":64000,"flow_dst_tot_l4_payload_len":300,"midstream":0,"thread_ts_usec":1476111290613528,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"VNC","proto_id":"89","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":4551,"packets-processed":4551,"total-skipped-flows":0,"total-l4-payload-len":82266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1476111290613528} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":4551,"packets-processed":4551,"total-skipped-flows":0,"total-l4-payload-len":82266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1476111290613528} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4551/4551 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7904996 bytes -~~ total memory freed........: 7904996 bytes -~~ total allocations/frees...: 150937/150937 +~~ total memory allocated....: 11613599 bytes +~~ total memory freed........: 11613599 bytes +~~ total allocations/frees...: 221191/221191 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 533 chars ~~ json string max len.......: 2389 chars diff --git a/test/results/default/vrrp3.pcapng.out b/test/results/default/vrrp3.pcapng.out index 13b527225..c3ed7dea1 100644 --- a/test/results/default/vrrp3.pcapng.out +++ b/test/results/default/vrrp3.pcapng.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1589370606456815} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1589370606456815} 00731{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606456815,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370606456815,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370606456815,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAEjEkZAED6DQb\/oAAAAAAAAAAAAAAAAA2Ng=="} 00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606456815,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370606456815,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -12,7 +12,7 @@ 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1589370643139440,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":82,"pkt_l4_len":24,"thread_ts_usec":1589370643139440,"pkt":"MzMAAAASAABeAAIkgQAAJIbdbgAAAAAYcP\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAEjEkaQED6C8c\/oAAAAAAAAAAAAAAAAA2Ng=="} 00921{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1589370606915904,"flow_src_last_pkt_time":1589370680701452,"flow_dst_last_pkt_time":1589370606915904,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370680701452,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00920{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1589370606456815,"flow_src_last_pkt_time":1589370606456815,"flow_dst_last_pkt_time":1589370606456815,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1589370680701452,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::12","l4_proto":112,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"VRRP","proto_id":"73","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":240,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1589370680701452} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/vrrp3.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":240,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1589370680701452} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -21,9 +21,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769135 bytes -~~ total memory freed........: 7769135 bytes -~~ total allocations/frees...: 146390/146390 +~~ total memory allocated....: 11477738 bytes +~~ total memory freed........: 11477738 bytes +~~ total allocations/frees...: 216644/216644 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 568 chars ~~ json string max len.......: 926 chars diff --git a/test/results/default/vxlan.pcap.out b/test/results/default/vxlan.pcap.out index 0afb11a7a..4027d3269 100644 --- a/test/results/default/vxlan.pcap.out +++ b/test/results/default/vxlan.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639650442645225} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639650442645225} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442645225,"flow_src_last_pkt_time":1639650442645225,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442645225,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639650442645225,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"thread_ts_usec":1639650442645225,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbAM\/AABAEcnowKgWBMCoFgXt1xK1AFhqBAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA6NbBAAEAR1uUKChQECAgICK2VADUAJhfikMYBAAABAAAAAAAACGZhY2Vib29rA2NvbQAAAQAB"} 01048{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639650442645225,"flow_src_last_pkt_time":1639650442645225,"flow_dst_last_pkt_time":1639650442645225,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650442645225,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -60,7 +60,7 @@ 01090{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639650443097770,"flow_src_last_pkt_time":1639650443097920,"flow_dst_last_pkt_time":1639650443097770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":62,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":62,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":186,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01094{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1639650442720908,"flow_src_last_pkt_time":1639650443097493,"flow_dst_last_pkt_time":1639650442720908,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":74,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1454,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5058,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1639650442682647,"flow_src_last_pkt_time":1639650442711366,"flow_dst_last_pkt_time":1639650442682647,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":204,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639650443276366,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":43866,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"VXLAN","proto_id":"64","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":127,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":79480,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1639650443276366} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"cfgs\/default\/pcap\/vxlan.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":127,"packets-processed":127,"total-skipped-flows":0,"total-l4-payload-len":79480,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1639650443276366} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 127/127 ~~ skipped flows.............: 0 @@ -69,9 +69,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7787620 bytes -~~ total memory freed........: 7787620 bytes -~~ total allocations/frees...: 146586/146586 +~~ total memory allocated....: 11496111 bytes +~~ total memory freed........: 11496111 bytes +~~ total allocations/frees...: 216840/216840 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 566 chars ~~ json string max len.......: 2500 chars diff --git a/test/results/default/wa_video.pcap.out b/test/results/default/wa_video.pcap.out index 7a4aca77b..db9d0e629 100644 --- a/test/results/default/wa_video.pcap.out +++ b/test/results/default/wa_video.pcap.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1561455764448302} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1561455764448302} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455764448302,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455764448302,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455764448302,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI0kIAAEARIhLAqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="} 00921{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455764448302,"flow_src_last_pkt_time":1561455764448302,"flow_dst_last_pkt_time":1561455764448302,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455764448302,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} @@ -11,23 +11,23 @@ 01162{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1561455767339689,"flow_dst_last_pkt_time":1561455767568247,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":522,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":522,"pkt_l4_len":488,"thread_ts_usec":1561455767568247,"pkt":"kLkxKPrKxiwDYGpkCABFAAH8cYEAAFMGf6Gd8BQ1wKgCDBRmwMsu6FKhm9EhroAYALRm5AAAAQEICh5+deo0zyVKLSQRVEKsxJjcWg\/H\/lMobRMW7X9RKF\/hZslxhUvme\/4heGQVcnrwt\/Fm5F2U+oLk+gFf2tebzVJU2bS4GWtpyfd7t0eGRRsksu\/IwWXxVQVfXmQWdqBagMROU0+Iv7cKU9E8j8khrgiQj04I4dJ4yob8xXCok1OIYUG8NdpqehsPn5Rq59THddLOmCgUSKZz\/u1aE7VKWVIXUVp7k19fdFvu2yb39GEDWSdBf4J9Oqs32QeZC52b5oVKE0ithMi9GHf6l\/ui7QsmMqIoJ3dCOeAzESPIDse\/Uw0Z19U+hGKwuaFZZxgdpjsRxn00Hd+xbUGY0TDE8Z\/s2TerF+yrQYARAtLEhyCWaiulNjDn+9f5mpFDmqUMLqsqClVwjcqNgfvRUqMf1Kng1nEjbYVdz0eYwkqEjFo20rkpLUKiaSh7EGttgz7HvZkjaMo8Q4Blqb1fKhQbir5L3ofhHA7goOKU5PHOFmaXZoL5abuQvfLea45eBI4EWKOxGMZDoeA8fGnY5ydOnOswhZUwVx+Pbot37CPOJwe1CCDdAiYytUlelaYcf3Hqbnb4mn5pjMUkvJohvpHobUScb2AcifLrDY6QnEnHXu93"} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455769789452,"flow_dst_last_pkt_time":1561455769789452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789452,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1561455769789452,"flow_dst_last_pkt_time":1561455769789452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769789452,"pkt":"xiwDYGpkkLkxKPrKCABFAACaxMYAAEARfZvAqAIMHw1WMNG4DZYAhm0oAAMAaiESpEIMCJFuDJOtHXjqlExAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -01154{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455769789452,"flow_dst_last_pkt_time":1561455769789452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789452,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +01083{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455769789452,"flow_dst_last_pkt_time":1561455769789452,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789452,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1561455769789547,"flow_dst_last_pkt_time":1561455769789452,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769789547,"pkt":"xiwDYGpkkLkxKPrKCABFAACax74AAEAReqPAqAIMHw1WMNG4DZYAhm0nAAMAaiESpEIMCJFuDJOtHXjqlE1AAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455769789676,"flow_dst_last_pkt_time":1561455769789676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789676,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1561455769789676,"flow_dst_last_pkt_time":1561455769789676,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769789676,"pkt":"xiwDYGpkkLkxKPrKCABFAACaIVsAAEARBNTAqAIMuTzYM9G4DZYAhlDzAAMAaiESpEIMCJFuDJOtHXjqlE5AAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455769789676,"flow_dst_last_pkt_time":1561455769789676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789676,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455769789676,"flow_dst_last_pkt_time":1561455769789676,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769789676,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1561455769789803,"flow_dst_last_pkt_time":1561455769789676,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769789803,"pkt":"xiwDYGpkkLkxKPrKCABFAACa3V0AAEARSNHAqAIMuTzYM9G4DZYAhlDyAAMAaiESpEIMCJFuDJOtHXjqlE9AAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455769790205,"flow_dst_last_pkt_time":1561455769790205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790205,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1561455769790205,"flow_dst_last_pkt_time":1561455769790205,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769790205,"pkt":"xiwDYGpkkLkxKPrKCABFAACaO9gAAEARHKbAqAIMnfDBMNG4DZYAhoNAAAMAaiESpEIMCJFuDJOtHXjqlFBAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -01157{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455769790205,"flow_dst_last_pkt_time":1561455769790205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790205,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01086{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790205,"flow_src_last_pkt_time":1561455769790205,"flow_dst_last_pkt_time":1561455769790205,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790205,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1561455769790329,"flow_dst_last_pkt_time":1561455769790205,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769790329,"pkt":"xiwDYGpkkLkxKPrKCABFAACaLgUAAEARKnnAqAIMnfDBMNG4DZYAhoM\/AAMAaiESpEIMCJFuDJOtHXjqlFFAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790753,"flow_src_last_pkt_time":1561455769790753,"flow_dst_last_pkt_time":1561455769790753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790753,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1561455769790753,"flow_dst_last_pkt_time":1561455769790753,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769790753,"pkt":"xiwDYGpkkLkxKPrKCABFAACab00AAEAR1OTAqAIMszzAMNG4DZYAhm7yAAMAaiESpEIMCJFuDJOtHXjqlFJAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790753,"flow_src_last_pkt_time":1561455769790753,"flow_dst_last_pkt_time":1561455769790753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790753,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769790753,"flow_src_last_pkt_time":1561455769790753,"flow_dst_last_pkt_time":1561455769790753,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769790753,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1561455769790875,"flow_dst_last_pkt_time":1561455769790753,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769790875,"pkt":"xiwDYGpkkLkxKPrKCABFAACaCwQAAEAROS7AqAIMszzAMNG4DZYAhm7xAAMAaiESpEIMCJFuDJOtHXjqlFNAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455769791001,"flow_dst_last_pkt_time":1561455769791001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769791001,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1561455769791001,"flow_dst_last_pkt_time":1561455769791001,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769791001,"pkt":"xiwDYGpkkLkxKPrKCABFAACaNcQAAEARH6zAqAIMnfDEPtG4DZYAhoAuAAMAaiESpEIMCJFuDJOtHXjqlFRAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} -01157{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455769791001,"flow_dst_last_pkt_time":1561455769791001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769791001,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01086{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455769791001,"flow_src_last_pkt_time":1561455769791001,"flow_dst_last_pkt_time":1561455769791001,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455769791001,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":53688,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1561455769791128,"flow_dst_last_pkt_time":1561455769791001,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455769791128,"pkt":"xiwDYGpkkLkxKPrKCABFAACaC9gAAEARSZjAqAIMnfDEPtG4DZYAhoAtAAMAaiESpEIMCJFuDJOtHXjqlFVAAABmBQMCyDZF2ddgtlA0UBZWUTgM5bMiF47oTfkR8gxwf\/X6xPiwJonhfyRnCC\/1O3gjqwa36NKC7reorVrW4TGrS5w3rc3nItJV\/XceDJIdYAVMp2RD9UKe1LYtRXT0bfL9vCinKf9\/"} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1561455769789547,"flow_dst_last_pkt_time":1561455769802594,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455769802594,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/k4AAFQRMGUfDVYwwKgCDA2W0bgANE7GAQMAGCESpEIMCJFuDJOtHXjqlEwAIAAIAAHuJHGmBnJAAgAIAAABa44EONE="} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1561455769789547,"flow_dst_last_pkt_time":1561455769803703,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455769803703,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/k8AAFQRMGQfDVYwwKgCDA2W0bgANE7FAQMAGCESpEIMCJFuDJOtHXjqlE0AIAAIAAHuJHGmBnJAAgAIAAABa44EONE="} @@ -51,10 +51,10 @@ 00928{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1561455780246416,"flow_dst_last_pkt_time":1561455772049243,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1561455780246416,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInq0AAP8RG\/gAAAAA\/\/\/\/\/wBEAEMBNNtIAQEGAH5K8tcAOwAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455781247252,"flow_src_last_pkt_time":1561455781247252,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781247252,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1561455781247252,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455781247252,"pkt":"xiwDYGpkkLkxKPrKCABFAABIyagAAEARnszAqAIMATxOQNG46GMANIouAAEAGCESpELJdbow6qY0UK1Q3DAACAAUjCUqyJwTIDkKR+sjy0Uf5fkPaoE="} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455781247252,"flow_src_last_pkt_time":1561455781247252,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781247252,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":371,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455781247252,"flow_src_last_pkt_time":1561455781247252,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781247252,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455781352254,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781352254,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1561455781352254,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455781352254,"pkt":"xiwDYGpkkLkxKPrKCABFAABIUPMAAEAR0s7AqAIMW\/w4M9G4f4EANAIPAAEAGCESpEIZqLFMH0mnKh34iiEACAAUNcgqBRg9v\/os\/sidMBIfN2R1dO0="} -01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455781352254,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781352254,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":381,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455781352254,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455781352254,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":426,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1561455781879070,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455781879070,"pkt":"xiwDYGpkkLkxKPrKCABFAABIUTkAAEARFzzAqAIMATxOQNG46GMANHzbAAEAGCESpELHuuAP05RaI+J6URIACAAUsHZdEyJr5uObsKQa7DYbE4YCA9M="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":434,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1561455782059394,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455782059394,"pkt":"xiwDYGpkkLkxKPrKCABFAABI8PwAAEARMsXAqAIMW\/w4M9G4f4EANE0kAAEAGCESpEKAWzwjt5VRcfVmBmsACAAUJw9zjdQvQsjy5FQih0Itb6wHKg0="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_src_last_pkt_time":1561455782574285,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455782574285,"pkt":"xiwDYGpkkLkxKPrKCABFAABIwHEAAEARqAPAqAIMATxOQNG46GMANGXPAAEAGCESpEIoM9pd\/2PDbhKoL1oACAAUvqQBu1i76V7zg0ib1\/6QLghtUUY="} @@ -62,7 +62,7 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":555,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":4,"flow_src_last_pkt_time":1561455783193737,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455783193737,"pkt":"xiwDYGpkkLkxKPrKCABFAABIsaMAAEARttHAqAIMATxOQNG46GMANHtxAAEAGCESpEIVyYRJkvEHQDbjhQYACAAUZX4tAsQf0pHGsCjjkogdi3Laxls="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":570,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1561455783298322,"flow_dst_last_pkt_time":1561455781352254,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455783298322,"pkt":"xiwDYGpkkLkxKPrKCABFAABIAp0AAEARISXAqAIMW\/w4M9G4f4EANIWbAAEAGCESpEK7pDhewrPJPGinrSwACAAUDjWxbcggz7kXknMp3MU9Yvs9ftw="} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":576,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1561455783298322,"flow_dst_last_pkt_time":1561455783331681,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455783331681,"pkt":"kLkxKPrKxiwDYGpkCABFAABIi6YAADERpxtb\/DgzwKgCDH+B0bgANIC7AAEAGCESpELmDdRM\/MC6WEQIBDAACAAUFJ5Jo0QxW+Y3GOxMikLa0AFDz2E="} -02456{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":6,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455783672290,"flow_dst_last_pkt_time":1561455783683909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":15240,"flow_dst_tot_l4_payload_len":615,"midstream":0,"thread_ts_usec":1561455783683909,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":139,"avg":150054.5,"max":1979427,"stddev":383224.6,"var":146861080576.0,"ent":2.7,"data": [707140,619781,619147,1979427,36290,69699,132037,26361,100137,1489,36501,24632,139,224,338,341,10692,26140,102372,15137,296,563,516,886,169,757,7597,915,148,631,131189]},"pktlen": {"min":72,"avg":523.5,"max":1146,"stddev":432.0,"var":186635.8,"ent":4.5,"data": [72,72,72,72,72,72,72,156,72,165,150,130,899,899,899,898,1146,194,143,198,1022,1022,1022,1022,1022,1020,150,920,920,920,1048,210]},"bins": {"c_to_s": [0,6,0,2,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,1,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1],"entropies": [5.551460743,5.652086735,5.531393051,5.607016087,5.440350056,5.499580860,5.568753719,6.624680996,5.697700977,6.683998108,6.496982574,6.426134586,7.747357368,7.800405025,7.780704021,7.774211884,7.821574688,6.735989094,6.400922298,6.908179283,7.822691441,7.800770760,7.811967850,7.818122864,7.793910027,7.785738468,6.611948967,7.770941734,7.800857544,7.760899067,7.788744450,6.986406326]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02464{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":623,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":6,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455783672290,"flow_dst_last_pkt_time":1561455783683909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":182,"flow_src_tot_l4_payload_len":15240,"flow_dst_tot_l4_payload_len":615,"midstream":0,"thread_ts_usec":1561455783683909,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":139,"avg":150054.5,"max":1979427,"stddev":383224.6,"var":146861080576.0,"ent":2.7,"data": [707140,619781,619147,1979427,36290,69699,132037,26361,100137,1489,36501,24632,139,224,338,341,10692,26140,102372,15137,296,563,516,886,169,757,7597,915,148,631,131189]},"pktlen": {"min":72,"avg":523.5,"max":1146,"stddev":432.0,"var":186635.8,"ent":4.5,"data": [72,72,72,72,72,72,72,156,72,165,150,130,899,899,899,898,1146,194,143,198,1022,1022,1022,1022,1022,1020,150,920,920,920,1048,210]},"bins": {"c_to_s": [0,6,0,2,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,1,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1],"entropies": [5.551460743,5.652086735,5.531393051,5.607016087,5.440350056,5.499580860,5.568753719,6.624680996,5.697700977,6.683998108,6.496982574,6.426134586,7.747357368,7.800405025,7.780704021,7.774211884,7.821574688,6.735989094,6.400922298,6.908179283,7.822691441,7.800770760,7.811967850,7.818122864,7.793910027,7.785738468,6.611948967,7.770941734,7.800857544,7.760899067,7.788744450,6.986406326]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":5,"flow_src_last_pkt_time":1561455783829036,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455783829036,"pkt":"xiwDYGpkkLkxKPrKCABFAABICZUAAEARXuDAqAIMATxOQNG46GMANOSYAAEAGCESpELddkAJ1F+LPT0EgzwACAAUXmgJtoJkdYveryQNIL+PUoNUtYY="} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":742,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455791449110,"flow_src_last_pkt_time":1561455791449110,"flow_dst_last_pkt_time":1561455791449110,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":341,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":341,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455791449110,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00979{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":742,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1561455791449110,"flow_dst_last_pkt_time":1561455791449110,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_usec":1561455791449110,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxMkoAAEARwOHAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="} @@ -91,11 +91,11 @@ 01113{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1561455769789676,"flow_src_last_pkt_time":1561455792270460,"flow_dst_last_pkt_time":1561455769813684,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":44,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":347,"flow_dst_packets_processed":146,"flow_first_seen":1561455769789452,"flow_src_last_pkt_time":1561455792270349,"flow_dst_last_pkt_time":1561455789410471,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1139,"flow_dst_max_l4_payload_len":1053,"flow_src_tot_l4_payload_len":209223,"flow_dst_tot_l4_payload_len":18746,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":53688,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455792270282,"flow_src_last_pkt_time":1561455795277117,"flow_dst_last_pkt_time":1561455792270282,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":269,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":65025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -01237{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":72,"flow_dst_packets_processed":35,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455784398894,"flow_dst_last_pkt_time":1561455784357701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":1098,"flow_src_tot_l4_payload_len":45824,"flow_dst_tot_l4_payload_len":21351,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01245{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":72,"flow_dst_packets_processed":35,"flow_first_seen":1561455781352254,"flow_src_last_pkt_time":1561455784398894,"flow_dst_last_pkt_time":1561455784357701,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1118,"flow_dst_max_l4_payload_len":1098,"flow_src_tot_l4_payload_len":45824,"flow_dst_tot_l4_payload_len":21351,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00951{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":66,"flow_dst_packets_processed":67,"flow_first_seen":1561455767339689,"flow_src_last_pkt_time":1561455795283003,"flow_dst_last_pkt_time":1561455795007751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":4406,"flow_dst_tot_l4_payload_len":7336,"midstream":1,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"7":"Match by IP"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00792{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":66,"flow_dst_packets_processed":67,"flow_first_seen":1561455767339689,"flow_src_last_pkt_time":1561455795283003,"flow_dst_last_pkt_time":1561455795007751,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1388,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":4406,"flow_dst_tot_l4_payload_len":7336,"midstream":1,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1561455781247252,"flow_src_last_pkt_time":1561455791996221,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":781,"packets-processed":781,"total-skipped-flows":0,"total-l4-payload-len":311775,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":14,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":98,"global_ts_usec":1561455795283003} +01231{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1561455781247252,"flow_src_last_pkt_time":1561455791996221,"flow_dst_last_pkt_time":1561455781247252,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455795283003,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":781,"source":"cfgs\/default\/pcap\/wa_video.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":781,"packets-processed":781,"total-skipped-flows":0,"total-l4-payload-len":311775,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":14,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":98,"global_ts_usec":1561455795283003} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 781/781 ~~ skipped flows.............: 0 @@ -104,10 +104,10 @@ ~~ total active/idle flows...: 14/14 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7819206 bytes -~~ total memory freed........: 7819206 bytes -~~ total allocations/frees...: 147290/147290 +~~ total memory allocated....: 11527617 bytes +~~ total memory freed........: 11527617 bytes +~~ total allocations/frees...: 217544/217544 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 546 chars -~~ json string max len.......: 2461 chars -~~ json string avg len.......: 1502 chars +~~ json string max len.......: 2469 chars +~~ json string avg len.......: 1506 chars diff --git a/test/results/default/wa_voice.pcap.out b/test/results/default/wa_voice.pcap.out index 924a1938a..aa6ace668 100644 --- a/test/results/default/wa_voice.pcap.out +++ b/test/results/default/wa_voice.pcap.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1561455687942546} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1561455687942546} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687942546,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1561455687942546,"pkt":"xiwDYGpkkLkxKPrKCABFAAA8VCwAAP8R4ibAqAIMwKgCAcjnADUAKL4MZG8BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} 01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687942546,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -69,23 +69,23 @@ 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706881597,"flow_dst_last_pkt_time":1561455705874523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"thread_ts_usec":1561455706881597,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5e0MAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADAABCF9haXJwbGF5wBIADAAB"} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912375,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912375,"pkt":"xiwDYGpkkLkxKPrKCABFAACav+gAAEARgnnAqAIMHw1WMNwIDZYAhhEmAAMAaiESpEKmZ0918K0sABMVszZAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01156{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912375,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +01085{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912375,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912436,"pkt":"xiwDYGpkkLkxKPrKCABFAACaKEAAAEARGiLAqAIMHw1WMNwIDZYAhhElAAMAaiESpEKmZ0918K0sABMVszdAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912561,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912561,"pkt":"xiwDYGpkkLkxKPrKCABFAACa\/egAAEARKEbAqAIMuTzYM9wIDZYAhvTwAAMAaiESpEKmZ0918K0sABMVszhAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01158{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912561,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912561,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706912682,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912682,"pkt":"xiwDYGpkkLkxKPrKCABFAACaQnoAAEAR47TAqAIMuTzYM9wIDZYAhvTvAAMAaiESpEKmZ0918K0sABMVszlAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913062,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913062,"pkt":"xiwDYGpkkLkxKPrKCABFAACaTo8AAEARCe\/AqAIMnfDBMNwIDZYAhic+AAMAaiESpEKmZ0918K0sABMVszpAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913062,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913062,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706913136,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913136,"pkt":"xiwDYGpkkLkxKPrKCABFAACapTEAAEARs0zAqAIMnfDBMNwIDZYAhic9AAMAaiESpEKmZ0918K0sABMVsztAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913639,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913639,"pkt":"xiwDYGpkkLkxKPrKCABFAACa5uYAAEARXUvAqAIMszzAMNwIDZYAhhLwAAMAaiESpEKmZ0918K0sABMVszxAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01158{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913639,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01087{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913639,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706913891,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913891,"pkt":"xiwDYGpkkLkxKPrKCABFAACaa6sAAEAR2IbAqAIMszzAMNwIDZYAhhLvAAMAaiESpEKmZ0918K0sABMVsz1AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706914378,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706914378,"pkt":"xiwDYGpkkLkxKPrKCABFAACa6jAAAEARaz\/AqAIMnfDEPtwIDZYAhiQsAAMAaiESpEKmZ0918K0sABMVsz5AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706914378,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01088{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706914378,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706914597,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706914597,"pkt":"xiwDYGpkkLkxKPrKCABFAACa\/isAAEARV0TAqAIMnfDEPtwIDZYAhiQrAAMAaiESpEKmZ0918K0sABMVsz9AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706925823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455706925823,"pkt":"kLkxKPrKxiwDYGpkCABFAABIJPUAAFQRCb8fDVYwwKgCDA2W3AgANMY6AQMAGCESpEKmZ0918K0sABMVszYAIAAIAAHthnGmBnJAAgAIAAABa44DQzM="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706925951,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455706925951,"pkt":"kLkxKPrKxiwDYGpkCABFAABIJPYAAFQRCb4fDVYwwKgCDA2W3AgANMY5AQMAGCESpEKmZ0918K0sABMVszcAIAAIAAHthnGmBnJAAgAIAAABa44DQzM="} @@ -135,20 +135,20 @@ 00929{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1561455729803232,"flow_dst_last_pkt_time":1561455721320417,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1561455729803232,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqcAAP8RG\/4AAAAA\/\/\/\/\/wBEAEMBNNt7AQEGAH5K8tcACAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455730495456,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455730495456,"pkt":"kLkxKPrKxiwDYGpkCABFAABI7nAAADERRFFb\/DgzwKgCDH\/A3AgANOnLAAEAGCESpEJZi1FU1SmRVkxGZgQACAAUYCmYSN+rkyNYVIx9I16CdotJWKc="} -01269{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455730495456,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01206{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455730495456,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1561455731073692,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731073692,"pkt":"kLkxKPrKxiwDYGpkCABFAABIAlEAADERMHFb\/DgzwKgCDH\/A3AgANGApAAEAGCESpELobM0y9AHrYlN0+hgACAAU\/c20Lcr5wjE5JYKvJct9qbua6og="} 00978{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1561455731356183,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_usec":1561455731356183,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxjdoAAEARZVHAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="} 00974{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1561455731356928,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_usec":1561455731356928,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFveLUAAEARenjAqAIBwKgC\/0RcRFwBW7HJeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsxMTgyMzk1NTczLCAxNDIxMTE0Mzk5LCAxODA4MDQ3NjgwLCAxMzcyMDkyNjA5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNTI1ODAwNzEyMCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNDUxNDcyNjU4LCA0MTc0NjUwODgwLCAyODUyMTYwNywgMTQxNTYyMDM1MF19"} 02352{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":487,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455731523132,"flow_dst_last_pkt_time":1561455731536124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":1833,"midstream":0,"thread_ts_usec":1561455731536124,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":1588209.8,"max":12196243,"stddev":3050402.8,"var":9304956469248.0,"ent":3.2,"data": [61,13448,128,12194152,12196243,104402,58,105108,1,108628,104619,3043264,3048902,3100925,3096031,3015294,3016553,2001940,2156,107078,164036,190107,88523,28769,198646,133957,3008088,90958,35571,314,36546]},"pktlen": {"min":30,"avg":110.0,"max":306,"stddev":87.2,"var":7598.9,"ent":4.6,"data": [154,154,72,72,34,30,154,154,72,72,34,30,34,30,34,30,34,30,74,54,232,261,240,150,306,234,302,34,30,154,154,72]},"bins": {"c_to_s": [6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1],"entropies": [6.541143417,6.523254871,5.258596897,5.258596897,4.628356934,4.453236580,6.497281075,6.520071030,5.203041553,5.130857468,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,5.668909073,5.185353279,6.995151520,7.135284424,7.074851990,6.635347366,7.304471493,6.999480724,7.242955685,4.628356934,4.453236580,6.523254871,6.523254871,5.230819225]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731665769,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731665769,"pkt":"xiwDYGpkkLkxKPrKCABFAABId7IAAEAR8MLAqAIMATxOQNwI+xoANL93AAEAGCESpEJNNg9OA5IbZKhKGmoACAAUkUJIDnID0ka3i4LpQfhGRUa3K\/w="} -01267{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731665769,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01204{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731665769,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731697327,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/gUAADERNLxb\/DgzwKgCDH\/A3AgANISZAAEAGCESpEKSaahiiU3KFyQDpDgACAAUPvQQqrwwB3kMX1876e4ssz8N17Y="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455731699179,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731699179,"pkt":"xiwDYGpkkLkxKPrKCABFAABIalYAAEARuWvAqAIMW\/w4M9wIf8AANHvGAQEAGCESpEKSaahiiU3KFyQDpDgACAAU78j6HBgMgp4J7E4uRUxed5inmwU="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455731771636,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731771636,"pkt":"xiwDYGpkkLkxKPrKCABFAABIuQIAAEARar\/AqAIMW\/w4M9wIf8AANBvxAAEAGCESpEInL2dPpxxCLUQhtkgACAAUq0S1cqGjKGibQ8Ad3a7kThUOm\/s="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1561455732298035,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455732298035,"pkt":"xiwDYGpkkLkxKPrKCABFAABIre0AAEARuofAqAIMATxOQNwI+xoANHLOAAEAGCESpEIrgAUzrwTeBSrSSH8ACAAUv8Ev3sei+dcRfEZy9ei0mRui3Zw="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1561455732919461,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455732919461,"pkt":"xiwDYGpkkLkxKPrKCABFAABIV+kAAEAREIzAqAIMATxOQNwI+xoANBvDAAEAGCESpELCs7YUVt8QVzF73yEACAAUMmINwHB46SKyj3xrODHnuD6GHSA="} -02478{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455733316995,"flow_dst_last_pkt_time":1561455733325980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":1873,"flow_dst_tot_l4_payload_len":1869,"midstream":0,"thread_ts_usec":1561455733325980,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":182324.6,"max":1203723,"stddev":228895.9,"var":52393320448.0,"ent":4.2,"data": [578236,623635,1203723,72457,167216,11596,115693,158378,2,172820,173607,169808,156213,136586,155315,179817,99336,157427,38286,163380,181314,166574,142422,2967,25967,115313,6126,171847,106305,56249,143448]},"pktlen": {"min":54,"avg":144.9,"max":301,"stddev":51.7,"var":2672.5,"ent":4.9,"data": [72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179]},"bins": {"c_to_s": [1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1],"entropies": [5.523683071,5.551460743,5.523683071,5.586590290,5.513198376,5.558812618,6.900094032,7.080634594,6.725411892,6.561889648,7.326864719,6.497554302,6.712717533,6.644547939,6.493841648,6.572838783,6.470429420,6.565414429,6.709655762,6.771090984,6.675994873,6.701801777,6.747565746,6.673988342,6.480553150,5.199332237,6.648680687,6.585022449,6.694502831,6.592251301,6.568360806,6.807644844]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02486{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455733316995,"flow_dst_last_pkt_time":1561455733325980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":1873,"flow_dst_tot_l4_payload_len":1869,"midstream":0,"thread_ts_usec":1561455733325980,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":182324.6,"max":1203723,"stddev":228895.9,"var":52393320448.0,"ent":4.2,"data": [578236,623635,1203723,72457,167216,11596,115693,158378,2,172820,173607,169808,156213,136586,155315,179817,99336,157427,38286,163380,181314,166574,142422,2967,25967,115313,6126,171847,106305,56249,143448]},"pktlen": {"min":54,"avg":144.9,"max":301,"stddev":51.7,"var":2672.5,"ent":4.9,"data": [72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179]},"bins": {"c_to_s": [1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1],"entropies": [5.523683071,5.551460743,5.523683071,5.586590290,5.513198376,5.558812618,6.900094032,7.080634594,6.725411892,6.561889648,7.326864719,6.497554302,6.712717533,6.644547939,6.493841648,6.572838783,6.470429420,6.565414429,6.709655762,6.771090984,6.675994873,6.701801777,6.747565746,6.673988342,6.480553150,5.199332237,6.648680687,6.585022449,6.694502831,6.592251301,6.568360806,6.807644844]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1561455733543524,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455733543524,"pkt":"xiwDYGpkkLkxKPrKCABFAABIhgkAAEAR4mvAqAIMATxOQNwI+xoANNyjAAEAGCESpEKaqxAMcXf5HhivnksACAAUXrUv35eEVCK3ZPufCanP8gSQnE8="} 00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1561455734169795,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455734169795,"pkt":"xiwDYGpkkLkxKPrKCABFAABIQ+QAAEARJJHAqAIMATxOQNwI+xoANLvkAAEAGCESpEJdvqBh2rbkNqYRchoACAAUXsrok\/u8nTRHu7GOUWRyNlbwy2Q="} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1561455737893179,"flow_dst_last_pkt_time":1561455705874172,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_usec":1561455737893179,"pkt":"AQBeAAD7kLkxKPrKCABFAACmf9YAAP8Rl8DAqAIM4AAA+xTpFOkAklETAAAAAAAFAAEAAAAACF9ob21la2l0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAEMX3NsZWVwLXByb3h5BF91ZHDAGgAMAAEFX3Jhb3DAFQAMAAEIX2FpcnBsYXnAFQAMAAHAJQAMAAEAAA2VABANTHVjYeKAmXMgaU1hY8Al"} @@ -180,7 +180,7 @@ 00782{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455738163757,"flow_src_last_pkt_time":1561455738163757,"flow_dst_last_pkt_time":1561455738163886,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00988{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":44,"flow_first_seen":1561455707474558,"flow_src_last_pkt_time":1561455707887523,"flow_dst_last_pkt_time":1561455707886473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":987,"flow_dst_tot_l4_payload_len":40959,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","proto_id":"91.142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1561455721320417,"flow_src_last_pkt_time":1561455738622273,"flow_dst_last_pkt_time":1561455721320417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1500,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01235{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":87,"flow_dst_packets_processed":77,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455742404517,"flow_dst_last_pkt_time":1561455741413630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":276,"flow_dst_max_l4_payload_len":289,"flow_src_tot_l4_payload_len":10944,"flow_dst_tot_l4_payload_len":14102,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01243{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":87,"flow_dst_packets_processed":77,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455742404517,"flow_dst_last_pkt_time":1561455741413630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":276,"flow_dst_max_l4_payload_len":289,"flow_src_tot_l4_payload_len":10944,"flow_dst_tot_l4_payload_len":14102,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741432427,"flow_src_last_pkt_time":1561455741432427,"flow_dst_last_pkt_time":1561455741432427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455689728258,"flow_src_last_pkt_time":1561455689728258,"flow_dst_last_pkt_time":1561455689761023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsAppFiles","proto_id":"5.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1561455705874523,"flow_src_last_pkt_time":1561455737895397,"flow_dst_last_pkt_time":1561455705874523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -192,7 +192,7 @@ 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455741419902,"flow_dst_last_pkt_time":1561455719244228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1561455705874172,"flow_src_last_pkt_time":1561455737893179,"flow_dst_last_pkt_time":1561455705874172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455688445940,"flow_src_last_pkt_time":1561455726442435,"flow_dst_last_pkt_time":1561455688445940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} -01223{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455741046982,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":704,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01231{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455741046982,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":704,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741430274,"flow_src_last_pkt_time":1561455741430274,"flow_dst_last_pkt_time":1561455741430274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":25,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455690240149,"flow_dst_last_pkt_time":1561455690302153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1331,"flow_dst_tot_l4_payload_len":20101,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1561455706979952,"flow_src_last_pkt_time":1561455716020462,"flow_dst_last_pkt_time":1561455706979952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":503,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -204,7 +204,7 @@ 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455687991884,"flow_src_last_pkt_time":1561455687991884,"flow_dst_last_pkt_time":1561455688018542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":71,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455741419546,"flow_dst_last_pkt_time":1561455719248009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01116{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":28,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455741419206,"flow_dst_last_pkt_time":1561455740537152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":284,"flow_src_tot_l4_payload_len":1467,"flow_dst_tot_l4_payload_len":2492,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":736,"packets-processed":734,"total-skipped-flows":0,"total-l4-payload-len":128892,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":8,"total-updates":4,"current-active-flows":0,"total-active-flows":28,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":207,"global_ts_usec":1561455743434771} +00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":736,"source":"cfgs\/default\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":736,"packets-processed":734,"total-skipped-flows":0,"total-l4-payload-len":128892,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":8,"total-updates":4,"current-active-flows":0,"total-active-flows":28,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":207,"global_ts_usec":1561455743434771} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 736/734 ~~ skipped flows.............: 0 @@ -213,9 +213,9 @@ ~~ total active/idle flows...: 28/28 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7860243 bytes -~~ total memory freed........: 7860243 bytes -~~ total allocations/frees...: 147403/147403 +~~ total memory allocated....: 11568430 bytes +~~ total memory freed........: 11568430 bytes +~~ total allocations/frees...: 217657/217657 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 524 chars ~~ json string max len.......: 2501 chars diff --git a/test/results/default/waze.pcap.out b/test/results/default/waze.pcap.out index 26fbcec19..1baf2850c 100644 --- a/test/results/default/waze.pcap.out +++ b/test/results/default/waze.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1435587866603221} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1435587866603221} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1435587866603221,"flow_src_last_pkt_time":1435587866603221,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587866603221,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1435587866603221,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1435587866603221,"pkt":"ABoRAAACABoRAAABCABFAABNMsFAAEAGQsYKECWdriXnUaUQFGaA18okWhY9doAYAVcoQwAAAQEICgAIazhBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1435587867103902,"flow_dst_last_pkt_time":1435587866603221,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_usec":1435587867103902,"pkt":"ABoRAAACABoRAAABCABFAABNMsJAAEAGQsUKECWdriXnUaUQFGaA18okWhY9doAYAVcoEAAAAQEICgAIa2tBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} @@ -281,7 +281,7 @@ 00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1435587880581548,"flow_src_last_pkt_time":1435587880589942,"flow_dst_last_pkt_time":1435587880582653,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00864{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":2,"flow_first_seen":1435587866603221,"flow_src_last_pkt_time":1435587898628291,"flow_dst_last_pkt_time":1435587898628143,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00776{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":2,"flow_first_seen":1435587866603221,"flow_src_last_pkt_time":1435587898628291,"flow_dst_last_pkt_time":1435587898628143,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":150,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1435587907392933,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":597,"packets-processed":597,"total-skipped-flows":0,"total-l4-payload-len":326183,"total-not-detected-flows":1,"total-guessed-flows":9,"total-detected-flows":23,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":284,"global_ts_usec":1435587907392933} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/waze.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":597,"packets-processed":597,"total-skipped-flows":0,"total-l4-payload-len":326183,"total-not-detected-flows":1,"total-guessed-flows":9,"total-detected-flows":23,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":284,"global_ts_usec":1435587907392933} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 597/597 ~~ skipped flows.............: 0 @@ -290,9 +290,9 @@ ~~ total active/idle flows...: 33/33 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8145232 bytes -~~ total memory freed........: 8145232 bytes -~~ total allocations/frees...: 147465/147465 +~~ total memory allocated....: 11853339 bytes +~~ total memory freed........: 11853339 bytes +~~ total allocations/frees...: 217719/217719 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 528 chars ~~ json string max len.......: 2461 chars diff --git a/test/results/default/webex.pcap.out b/test/results/default/webex.pcap.out index fd9c9f154..9bc7be1e1 100644 --- a/test/results/default/webex.pcap.out +++ b/test/results/default/webex.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1444570624853841} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1444570624853841} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1444570624853841,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624853841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570624853841,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624853841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1444570624853841,"pkt":"ABoRAAACABoRAAABCABFAAA8OXNAAEAGTZUKCAABQERpZ6GCAbtPGIcMAAAAAKACOQgjFwAAAgQFtAQCCAoATL5\/AAAAAAEDAwY="} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1444570624853841,"flow_dst_last_pkt_time":1444570624860347,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1444570624860347,"pkt":"ABoRAAACABoRAAABCABFAAAoAQ5AABAGtg5ARGlnCggAAQG7oYKw53jzTxiHDVAS\/\/9Y4AAA"} @@ -496,7 +496,7 @@ 00781{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1444570636387910,"flow_src_last_pkt_time":1444570640346348,"flow_dst_last_pkt_time":1444570639263789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":911,"flow_dst_tot_l4_payload_len":6552,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00773{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1444570640319795,"flow_src_last_pkt_time":1444570652359038,"flow_dst_last_pkt_time":1444570652361105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":63,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":63,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00781{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1444570672215106,"flow_src_last_pkt_time":1444570673280105,"flow_dst_last_pkt_time":1444570673246494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":522,"flow_dst_max_l4_payload_len":3939,"flow_src_tot_l4_payload_len":911,"flow_dst_tot_l4_payload_len":6552,"midstream":0,"thread_ts_usec":1444570742172121,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1110,"packets-processed":1110,"total-skipped-flows":0,"total-l4-payload-len":494354,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":38,"total-updates":2,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":499,"global_ts_usec":1444570742172121} +00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1110,"source":"cfgs\/default\/pcap\/webex.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1110,"packets-processed":1110,"total-skipped-flows":0,"total-l4-payload-len":494354,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":53,"total-detection-updates":38,"total-updates":2,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":499,"global_ts_usec":1444570742172121} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1110/1110 ~~ skipped flows.............: 0 @@ -505,9 +505,9 @@ ~~ total active/idle flows...: 57/57 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8297123 bytes -~~ total memory freed........: 8297123 bytes -~~ total allocations/frees...: 148441/148441 +~~ total memory allocated....: 12004846 bytes +~~ total memory freed........: 12004846 bytes +~~ total allocations/frees...: 218695/218695 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 526 chars ~~ json string max len.......: 2462 chars diff --git a/test/results/default/websocket.pcap.out b/test/results/default/websocket.pcap.out index b8c551d6b..7f639aec9 100644 --- a/test/results/default/websocket.pcap.out +++ b/test/results/default/websocket.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1475155931028697} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1475155931028697} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1475155931028697,"flow_src_last_pkt_time":1475155931028697,"flow_dst_last_pkt_time":1475155931028697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1475155931028697,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1475155931028697,"flow_dst_last_pkt_time":1475155931028697,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_usec":1475155931028697,"pkt":"AFBWwAAIAAwpij2nCABFAABB27JAAEAGhyvAqCuHwKgrATA5xzc8ilRnydSxV1AYAO1IlQAAgRdXZWxjb21lLCAxOTIuMTY4LjQzLjEgIQ=="} 01056{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1475155931028697,"flow_src_last_pkt_time":1475155931028697,"flow_dst_last_pkt_time":1475155931028697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":25,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":25,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1475155931028697,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WebSocket","proto_id":"251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -8,7 +8,7 @@ 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1475155946903705,"flow_dst_last_pkt_time":1475156008638608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1475156008638608,"pkt":"AAwpij2nAFBWwAAICABFAAA9BeZAAEAGXPzAqCsBwKgrh8c3MDnJ1LFpPIpUtFAYP+K7sAAAgY+3zv1X36uRO9juijLVvZI03KuJ"} 00604{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1475156008657690,"flow_dst_last_pkt_time":1475156008638608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":109,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":109,"pkt_l4_len":75,"thread_ts_usec":1475156008657690,"pkt":"AFBWwAAIAAwpij2nCABFAABf27ZAAEAGhwnAqCuHwKgrATA5xzc8ilS0ydSxflAYAO0H8wAAgTUyMTozNDo1MyAoJzE5Mi4xNjguNDMuMScsIDUwOTk5KSBzYXk6IGhlbGxvIHdlYnNvY2tldA=="} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1475155931028697,"flow_src_last_pkt_time":1475156008657690,"flow_dst_last_pkt_time":1475156008638608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":55,"flow_dst_max_l4_payload_len":21,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":39,"midstream":1,"thread_ts_usec":1475156008657690,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WebSocket","proto_id":"251","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} -00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1475156008657690} +00633{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/websocket.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-payload-len":171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1475156008657690} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7768946 bytes -~~ total memory freed........: 7768946 bytes -~~ total allocations/frees...: 146377/146377 +~~ total memory allocated....: 11477565 bytes +~~ total memory freed........: 11477565 bytes +~~ total allocations/frees...: 216631/216631 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 556 chars ~~ json string max len.......: 1103 chars diff --git a/test/results/default/wechat.pcap.out b/test/results/default/wechat.pcap.out index 169e3901c..018f9d277 100644 --- a/test/results/default/wechat.pcap.out +++ b/test/results/default/wechat.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1492167337792745} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1492167337792745} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167337792745,"flow_src_last_pkt_time":1492167337792745,"flow_dst_last_pkt_time":1492167337792745,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":604,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":604,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":604,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492167337792745,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01357{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1492167337792745,"flow_dst_last_pkt_time":1492167337792745,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":670,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":670,"pkt_l4_len":636,"thread_ts_usec":1492167337792745,"pkt":"eJKcD6iO8IQvSpdgCABFoAKQLFpAACwG+e7LzZeiwKgBZwG700RsJQvmFiW5B4AYAQBhCAAAAQEICkXRlQMAMKrIjxNPGb1b2gIOFmmrodrIUGWpRD8pBe\/eyANOuHxnf1oEiCDKQxkU6yvgqiltC85O1YOlf4+boaZn\/v7U0TkR+lQ9a8XEdMtbUDNvRkN1lpLANNJe9T6WEXQRZhhQATyvHXIsPxznFQlv1ayF4fN0Lp1Tv+DnMtPovG4l64Fdnf94BKNh3wpUis\/1aaAJUl4N4QYAa2BN+MLHUIjBfzQomk58kbDVZlQvabo4eeiFrJQbG0CRtmIDLIV4UlMABwm2B+L0SD\/lX+vPdRjlbT0hOePKWkrPVp4oa0GnGMtovp\/3dKKj2adHC1yCvZqzc+T4heafDFJJDxNGnnTZtJeXWQW2\/Wn0xAXZa5xeVmiob7mVi7gQwqB4EyVdzoi+MdLqv1I0FdZ7WKuu9o+r6i7T5KxQ7NhUIRC9KEInuscbFfTp5tcTpkg81VRtJhveR07GYTrLSFchnUCEzbFpCOPEOlfHshGkgemcZqUW0JSeBZoVIhGHuP8IElk+zTdckKSFR7XZosRv+JZpXULghhsYEQIcWSnXEwiNwHqD7SkijDTYTSRARplFy3lQ+I9PYai9e3wxDdj38dt3ZjnYHW+Jgcvyxa81TfaFhCzMBo8JWYVcQLLQCzJJ7po8hcjxwSKSvs1BzLjoAmGIOQCY3cD2niwBo4mLwkfrwM7iYYbbTgCByxdl2XUzXKGTmMiV+yqiF1sadTUF0KDk8zQPlxqASeejWTULCaKDKO7zq0WMvrWWgtPS5+WycvqXy24tfwXRN6su4lzlC8cmzA\/wzbACdxOu6m0puRk6CDMzrA=="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1492167337792745,"flow_dst_last_pkt_time":1492167337792797,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167337792797,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0B7NAAEAGDZLAqAFny82XotNEAbsWJbkHbCUOQoAQAk6qQAAAAQEICgAwqxZF0ZUD"} @@ -44,7 +44,7 @@ 01085{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1492167350333752,"flow_src_last_pkt_time":1492167350333752,"flow_dst_last_pkt_time":1492167350372335,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1492167350372335,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":46078,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ssl.gstatic.com","dns": {"num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.67"}}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167350385726,"flow_src_last_pkt_time":1492167350385726,"flow_dst_last_pkt_time":1492167350385726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167350385726,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1492167350385726,"flow_dst_last_pkt_time":1492167350385726,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1492167350385726,"pkt":"8IQvSpdgeJKcD6iOCABFAAVivyhAAEAR8DbAqAFnrNkXQ8kzAbsFThBpDTHWY7YNkySLUTAzNQEAZRP82mbzhTNOuyagAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zc2wuZ3N0YXRpYy5jb23DJ9pgKUoswhKlaAfLoi3sQZPhfUFgtpep51u0rkbBgx\/nebVFToqDPqkbsFtGn3MXCPqLWhc6j\/ixUTAzNQHogWCSkhrofu2AhqIVgpFY8Kq2MDAwMDAwMDC6zWefDMewsHm6e\/MeaJgBlt0fDWQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAAtqrwWAAAAAA5eOlJA3D70ONW2AJf\/ogbdqDz00OrZf\/OgXQcK6rvrAta8o74ustrYp5ItVHeFC1VJKErdNkin676crWgBJJhZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmuees3ygAAW65hsjHRUCwmcSnHJYniTszHhABKgaojbj7US89crmIZu34dDjUIs9wDqj3f87VRLZoVe0zMx1t+ZFc1SOwYij5LWSM1YcolsQBx9V4iuTevcGsCo1kr3VNCHdz7PtfP9d6GZNrg2+YgXWbXAAnfNe23tKnBUPczWdseoa1PkV+7toc2QUBJDmQV3Doscx5oizBP3jmujZdyIIvaDPKntnnsjC8AAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167350385726,"flow_src_last_pkt_time":1492167350385726,"flow_dst_last_pkt_time":1492167350385726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167350385726,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ssl.gstatic.com","quic": {"user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}}} +01175{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167350385726,"flow_src_last_pkt_time":1492167350385726,"flow_dst_last_pkt_time":1492167350385726,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167350385726,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":51507,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ssl.gstatic.com","quic": {"user_agent":"Chrome\/57.0.2987.133 Linux x86_64","quic_version":"Q035"}}} 00994{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1492167350386186,"flow_dst_last_pkt_time":1492167350385726,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_usec":1492167350386186,"pkt":"8IQvSpdgeJKcD6iOCABFAAGCvylAAEAR9BXAqAFnrNkXQ8kzAbsBbud7DTHWY7YNkySLUTAzNQLvwr0xyGRZ7meDZlovLzVjAbbzC3jR2f2rSyaEQR29GdHUR3g0xdsFTdTip7X1Nnsf4tYU5MBGkSRYowzYqBAgeAEueiV49O5ngVqvp6AacuKzAzgJV3z622EcXJUEyhTJ+nOIANjFkaDTQTI+jdNEu4FfF\/TnyxM++AGJ3to5M6SWYBz2BeCP\/OGMSC7yUukPIe4sRQeIQcXq+IYSj3PAlHKxZT8HDRP7kjwgghqQy0grhbmgn+9HaZmoQLo9gu4ijkDWy6wUW+W8oMWbJ3Ky6wEFXzApvzV\/FZNjJh6PDtkHubM5JHhhh00iIakeLzopZrU7PnZst39suCb9JKpUYtFvmoJnG3+X2ld76667v+kx3ZpHcdgXPlvpm8rm+2k6Em\/vgF23i7kHM9aRW5K+1InNa4QsADwuokzDCUylLbXZYixDaZtGruoPUyaIkf6OjyLbS2SNBQ=="} 02320{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1492167350462573,"flow_dst_last_pkt_time":1492167350385726,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1492167350462573,"pkt":"8IQvSpdgeJKcD6iOCABFAAVivzBAAEAR8C7AqAFnrNkXQ8kzAbsFTm8mDTHWY7YNkySLUTAzNQMCK\/NUmHquSjxA+X2gAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zc2wuZ3N0YXRpYy5jb23DJ9pgKUoswhKlaAfLoi3sQZPhfUFgtpep51u0rkbBgx\/nebVFToqDPqkbsFtGn3MXCPqLWhc6j\/ixUTAzNQHogWCSkhrofu2AhqIVgpFY8Kq2MDAwMDAwMDC6zWefDMewsHm6e\/MeaJgBlt0fDWQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAAtqrwWAAAAAA5eOlJA3D70ONW2AJf\/ogbdqDz00OrZf\/OgXQcK6rvrAta8o74ustrYp5ItVHeFC1VJKErdNkin676crWgBJJhZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmuees3ygAAW65hsjHRUCwmcSnHJYniTszHhABKgaojbj7US89crmIZu34dDjUIs9wDqj3f87VRLZoVe0zMx1t+ZFc1SOwYij5LWSM1YcolsQBx9V4iuTevcGsCo1kr3VNCHdz7PtfP9d6GZNrg2+YgXWbXAAnfNe23tKnBUPczWdseoa1PkV+7toc2QUBJDmQV3Doscx5oizBP3jmujZdyIIvaDPKntnnsjC8AAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1492167350462573,"flow_dst_last_pkt_time":1492167350488480,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1492167350488480,"pkt":"eJKcD6iO8IQvSpdgCABFoAViAABAADcRt7+s2RdDwKgBZwG7yTMFTuPKBNtpRNeisKdzzqqB80k\/RvEcLV+eNstooOP26jQwiV8kAUkwPIMgeBmjqFkk1eZa85ntkHHKG5sLS2nvF5TmkUr+if921Zg1I0\/4gCajXiftZ1cQ7HzDlknoAxBMi+AaCHBUPnPHivZkyl4iSGvXlnHgng3\/7naBjCDqlDK6F+CuxkK8R8D3zCSfpOaKQGBLlchz5S+hCTIwqEd99ts2qf\/5eNYdL5VkMpB5nPqZijuHeZKsbAA\/ctrAa2iT4JB48UuOXvpg5wOCy\/anBkev1fI+1TTLsBMyhp3HjpYh2aKJvkMCmiRctHYEQnmaEMBwOlLcCDMzXUr6cVbELb2ipeNilNIPUR6fbRTICFCh\/dLk8Z8s4+2+q+YRvL47cij8qjU\/MSP\/JdAcQdXgf4J1moMV\/HD76jtK\/q6K2AELbJTL7zlTXQDvl7lhybUqmS8n2wO6ChZ8mkKRPXTTl52a1+v\/t94S8AMxF3uAvJ9f0fJ\/ZMEI3IZ6O7qMEGehlJFUg6ku3WOM+3kE9ZCniZ1GxLmVMmc7+ELA+4BU071ElcmB0cNHc3igocgwlfnuRZX3+k22dSiwenP+A9\/TUyzBAHrcaRXwxtrkUB5nhrAwxJ7sXU8h0m3RmPoZeSXzzc9FxpQ5MJBVfPZ2nvgM8SZWj76Mbmfae4W0Y5pSAxeitiyz6e\/pvVhOlpfDYK7FaYxKn1bgfQne5NYXwxOjjO8qXjZbyhi6U1yf0AFPol4fV4k6ffTGHaG+993EhQAEInqFjs5KLpUuYY0UmCTl9cNR7U0ln37rA4ek3m2s0HjMh2LjsowbaeOmpJRUN6KZp0r5FoNKL2Rbyy6azhyGhinEk2F7Nx7T7OFc8qzh5U88cLdGwsiClMeV++e44EyVBwnyLUnGa79agiHRfcH8uQeFO2JdRvD8m0OGuY\/X4Xq2M9cudkHEZSL9Cvaxgr19m\/Ehm6WWrLrr5ou2qkcyHZ3odgdmbvlBOkYXAqUw1OB0DtQD3U6wTXoHGqO0PM1\/UtTkXAr1qpn86JcvZn\/ynpf2O5qdTtcOKebDq3DgNLkK0T9cm1y1rD4T88uFzlXeHlJh99mdpFsPJ+vFVCQJPwP7vqfT71mINa6\/Pb0Q7bplVWYi1b+UplNOm7yEjJaBRU8Bhv5Pxyh091JSaVecSM2kcDi5U\/hakzgazrriEloDM0v4i1dEuq0I7ZBLcjJFITvSi14YlRX8vKn4kLmPQ3\/oteLhKPRWjTUKm67b08p+Rv8wo6\/ZnvVJVK\/7YJnm2usF3Wz7NfPzR6ckRZ7uYkJZmfPh8\/VTMnabtN3diLkyqGe2ks0kfaaMAlrrWQhbKh5F1K\/LsLNpBub30iqBt5MUt5aEFkSBabvJWtjubQn6QyW8GVs2dFwnL\/CjJFVDk8+kRhzcqwTcIkUO4tw7WxxCUf0F3PNbBjXIBOJrChJ1p3uBHljOGy2Dh0DxDK+EyF7GTnybbIRpeK2oedkfCEnpPpUi7IlpneqyneEiPOyp2oNCjVACBgL5+pYyFsR5gW6VnysncwXQfH26UNpBXtf5HwJr+NOuLicMNTiFrLT4hNvlLhb3HdSm4\/kbBpXefbUT++QhHN5PIPKN2F75i0fG4B9SKWDSWSc\/XO7Nr\/jOHdYwW3e+5zfODYV5lIC5IJtaSio5iRwf\/LvS2RbglFn3Jj94DvsSRYClnbw0fes8mzb2I5dE9C5wElePnvErieuDHTJLAwGVHurqwdlhGSdQnFmnpIjvps8w458iyTv63wjC\/7VPejnxfmCEmz3XcXd1WkP82S2K"} @@ -56,7 +56,7 @@ 01090{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1492167351026518,"flow_src_last_pkt_time":1492167351026518,"flow_dst_last_pkt_time":1492167351061131,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":185,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":185,"midstream":0,"thread_ts_usec":1492167351061131,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":55862,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.GoogleDocs","proto_id":"5.241","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"docs.google.com","dns": {"num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"216.58.198.46"}}} 00783{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167351067458,"flow_src_last_pkt_time":1492167351067458,"flow_dst_last_pkt_time":1492167351067458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167351067458,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02324{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1492167351067458,"flow_dst_last_pkt_time":1492167351067458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1492167351067458,"pkt":"8IQvSpdgeJKcD6iOCABFAAVibQVAAEARaA3AqAFn2DrGLuD3AbsFTsxKDU3ZCrKMtFhpUTAzNQFnbJE8FVI6Xr9TUAWgAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1kb2NzLmdvb2dsZS5jb21yl6H2wP73bUTm\/HO\/L6W7bp3Xhczs9ysCSmeki\/j96A7sEoRFEAE+SB65YLwp5s+42jMDuJu4lkMvUTAzNQHogWCSkhrofu2AhqIVgpFY8Kq3MDAwMDAwMDCSV1vE+gNbm7+W8XblWvpmJ\/49qGQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAAt6rwWAAAAADtcasM4uYqOdGcPkgWTuPinp6tSgmHbpcCw+LDtPZmZuBaJu0QIw4bgS6gnY4km2fVf4E4bxQZEQJVfGW2\/zkLZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmueetXmAEAL+XPr519ndPJ3mPFBWs\/DigCPL0uG+UOo9PlVynP5lP7SYDz1bkGMXY1YNt3+9e\/xaovsHZwZUHeJNaLtZCflec\/IAM0fVlrvjwb6nbNCsXZz6\/cPg4kuVRS2mBg046WN6uU3IIy4QYEX9WeFcdSLySSFcZAp9Y92PScUgAJmXEYeE91IXZUb3jX3RMxTRdpIGidUSIrQaDk8neMszYOzIv3i7wAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167351067458,"flow_src_last_pkt_time":1492167351067458,"flow_dst_last_pkt_time":1492167351067458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167351067458,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleDocs","proto_id":"188.241","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"docs.google.com","quic": {"user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}}} +01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167351067458,"flow_src_last_pkt_time":1492167351067458,"flow_dst_last_pkt_time":1492167351067458,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167351067458,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.198.46","src_port":57591,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.GoogleDocs","proto_id":"188.241","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":15,"category":"Collaborative","hostname":"docs.google.com","quic": {"user_agent":"Chrome\/57.0.2987.133 Linux x86_64","quic_version":"Q035"}}} 01769{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1492167351067660,"flow_dst_last_pkt_time":1492167351067458,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":969,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":969,"pkt_l4_len":935,"thread_ts_usec":1492167351067660,"pkt":"8IQvSpdgeJKcD6iOCABFAAO7bQZAAEARabPAqAFn2DrGLuD3AbsDp2YqDU3ZCrKMtFhpUTAzNQJxZNfHCC8u2f35luXQX7wk8+5+gy499Uo4Fg20rRdDDy5CsdXoRXrF+phU81nis1nRDRx09GXiKDxOppPR5wHoCPv6GGJ1a2aSeKMbWb+zwKTlNc+IgrbKFFqH047ViEQZsFLjifeqmjWw3kLjF9wuTO5xmTDc8NygVX92ZUjcWiRsZklVVPx3NbEThZxDUrne5HeS9hEKQhiWqsRNFsJ5ZewxcV+5cYvvBeYiQR+kS3f\/LZqZAjI6Q5gDCFVg4IVHBTbsdm3CNW6MkXX6Z21DpqBMIia1Z2wV8I9lmIjOLOKjoJcu+pem0sj3G6u1FBaJ6UzuToaeQVFoQV1B7THlLpcbWhfyxWuv5Vq5Nhbvz\/hy9e3GvHaPkX2Ap3unG8P22QcYcGd\/BWZtvoWlpacJDV2epOkkS7tt5wlFKOWfO8\/5Yu\/gJ5xuBFw7XGdmQknr+9LaS3e8wZiMR1ZfimH2Wrss8HcQEl9TcUi0OPt7hg4vPxA1umUMgAjxmP3GICQIJ8v3MSyfSe36zfbmMnzMFR+cZ4RVKOKFuZsig3U7Qla3oB3K2bziFfb7gRL+hERHc4YgKgGNFngj+oqw2jdkj\/RqXvOIZPBl74wKoDpJdAAu0pwpTpg0OYCvwu\/ep3j0WkfwnzYcwnEEOfrkyBT8sslKLByrPD6217xh62Bp0UxecAcjRSXYnXrLG4gF\/OklBRUl9MWf17862YoGJ6mbQ8Q1BCG\/ur1PzAt2\/FqJ05MHkwrkRVSHl4pDeBaR66Du4ZmV0GBx989HTukTQy\/3OGUKXjAXhJdjcsLd1jo\/K0yDhk26WE7HHoqWgHvMgQjGE2RFzuX36OVzPCIEOwd9oe0YVvAfM\/rVc9genM5Hy7Sv8mutamuMH7bROMktPGAdZ\/IFx5w4VWad64HIS2eSUBLGRLvosHNSRrNdfupAMBGIyjJeytCFI+Ljtgl1sqegx6JwAaGxpjS+ZJjXdtHKXMd1GSxa\/aZjv\/gLSgGEeQHgpM0w997OPOSc\/oXhrMG2H9dPnVY0gxfZjD+EVSDAUqgCePMf4Xk+wruAsQ37\/lHXudBmH90ljRj8ye51wbrJXjVUKo39iLcU6hZ05\/StCBdO\/xPb895mMSP5JnWfCWFSaYGQN4FQQYatRm1PasNLHcHWO0PLezKCDM2gsmrDE3X\/KwGBhJhce2KxIu1Tjfe9ZeVoyy0Oxy0Bb7O\/93ta"} 02346{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1492167351067660,"flow_dst_last_pkt_time":1492167351121999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1492167351121999,"pkt":"eJKcD6iO8IQvSpdgCABFoAViAABAADcR3XLYOsYuwKgBZwG74PcFTmzaBOou0Nigzud3ZaOudETm8GBczN7q3HxIUIOzVIoPsD73AQkDw5o48VPCPgxwE9bagOsfguW4BXFTqIT1IIV5ThjijbPacPMIeuYY+tLcR\/SESotUnfD6k31MBpngxATfGEoS3TSTc9aVt2BKPUkJNXTxIqajXh4z+2CjCT16kZiox8Qmel6o7NAeDdJDfOL+51L\/G92mnF40IupMo8kyn6Yeya9Ad1Q2D\/p2FAN4KbvETwnyCCrN\/3BzK6jhLgRMRUMpD76aZzYbZwTnnjn5cPWJgIaiNlEoyxA7CP6REtuotFUshn\/4\/Je7Jbm8GzbVpuThmCVdHsCKO9eQafmXETXyGPOX37U\/+RYvpidmrbPADR3IJ0YyPcE55eQPeQ3SLMLpJR+N0H26d91w3L3p89mtepH0NeIecXxbZcygXiO3ouImKiBH5Sols1nP6qAehqtyidEipR4ZPAV4Xw0h5rAYVjkhxL41hJnSJmoocaWAxV46W2QvJzsrabDi5M9SzvhRJAsPZZY4K6G5dvQpS2uzTzQOzxWkGBlQl7RRRgKZIcNK4yIcQD0yIGCwwoktA2Ld1Idk2Cu5os+Y7KXAeUWL4EghycwrRGckuLuUQjKt2wiWE8fO7O4\/Lv2VZCpq74PXu3G5CCkcU65VQJeeZrPt8UoeqowDQ+esOAIZ137WnNojv8+UsGDeg+xMKBRUrYaoT8ER8YifN6riDqUjipfNYkbEn8ucoDGqAIlyleAS5\/XHM13il1iRyxEOLilein7LTbUQNfwFOf8EzXgCnR+IpNR4wHUKNWXhmNPOYokIP23Sl\/FaC5yeTIvYRTQb\/x8mhYj\/WIs05PouLe9Pt+TRR3N2YyYcD4kqZDJk1bVFKuF7bqCGCM51z3lvURyUWHByifpl1Q0srxqBnb92qDujj+Ug5Hs9Ty\/kFB8qHvx1Dfq78jAeHz0fzz7AMlq+79RPkRIGLCbIkRGUTiiYKOqV8DW1cQsg\/KZWg+kdRSdfwb30mOCaUqILvOyhuHsdt\/VlQOncdoNcoPzCka952teJvpu3kHP0JF00GT6\/QgvMxqqvMT68gpqKr7VNH2JM4rMWfmQe7d70oO4rLXnu5+c5UkqU4+\/yoY+zdy1UMw3UYnE\/RB4x5v7QiQt4jRnCl6tLIdDw9lQg9IzEnVZzw2lt7lY+\/FC4dmux3GBahkU7C9wFjO9v95glXVXJsAYEhvS3wJvsdmH9ydK\/F3zD4bHe6QH8wln\/KtF+\/2hcmCsTO+QWhFCYnQytBu\/Dd7UqbnYMeu6CvYKHngUiBNqyzWOGJEUUIwiWru1HLQ+oi18IFAgJS2Pl99aG5LYQ83XtdOxJ4pO0nKlJ0xc1wx6vqc9D94XgPsJhPmRnKuyWzZTwOjFjJ4fG3PqBIeO52giJ97T6kI1ufnseC2DoOQ7mgmmkhk1xFPh\/iCEO2sH8\/yvC3ciJ3q1jHvS6trEx0psWwZhrcKMoj6uJQAqWOx\/4VMZblPtRO0JRK2sKrnR0AuXFvTgyJJXrSQnKCt4f0Ie08Z0FhokeNmZugGY11eoMg2b0Ohw1Gcl+Nco\/Mm0dOR0d0ZzowYYFQVn8Z1G5U0v2I0P+bjqBg\/Oft0VL\/uESmpcBS8+q9YYq03mdZfyrm0Wll6v2MrVZ+luVDiDPf+2zCNGMeJyqwXqCBY\/GUBtV\/ORVHwTg4O9+bDUiGoGMfoIrfv0WX52viV1sxsvodgKw\/K7R89paaPWnO6gRTKekrbX0nVKtcWseMnbmEds6efJmpuqUD3hZqUyUuRhdxz6a7pUXagTh"} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1492167351122989,"flow_dst_last_pkt_time":1492167351121999,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1492167351122989,"pkt":"8IQvSpdgeJKcD6iOCABFAABFbRRAAEARbRvAqAFn2DrGLuD3AbsAMQ6vDE3ZCrKMtFhpA7Y9jgNT0qCEjni6SuPZWM+AykfeqYgCOx\/sRFcfvEI="} @@ -370,13 +370,13 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":941,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1492167648277830,"flow_dst_last_pkt_time":1492167648582668,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167648582668,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0AABAADEGHSXLzZ4iwKgBZwG7q0qHWOtEHGGgq4ASOQgtSgAAAgQFtAEBBAIBAwMH"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":942,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":3,"flow_src_last_pkt_time":1492167648582745,"flow_dst_last_pkt_time":1492167648582668,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1492167648582745,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoeuJAAEAGk+7AqAFny82eIqtKAbscYaCrh1jrRVAQAOWmPwAA"} 01225{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":943,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":4,"flow_src_last_pkt_time":1492167648583174,"flow_dst_last_pkt_time":1492167648582668,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":571,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":571,"pkt_l4_len":537,"thread_ts_usec":1492167648583174,"pkt":"8IQvSpdgeJKcD6iOCABFAAIteuNAAEAGkejAqAFny82eIqtKAbscYaCrh1jrRVAYAOXThgAAFgMBAgABAAH8AwOCKLlYqqAvHPbStkNWfjviIJbNG8Opd41AdjWFUM5PDSCzw4Dj+1hijcfqB70gmV5q3+xDc\/7ZaGy4swNwVbbuBgAgiorMqcyozBTME8ArwC\/ALMAwwBPAFACcAJ0ALwA1AAoBAAGTuroAAP8BAAEAAAAAEgAQAAANcmVzLnd4LnFxLmNvbQAXAAAAIwDA2rkP6N2F29W8IwDuml2ZBBexYWjz5d457nDC1tP3qzS2OGOajXlg7G9AUXA4imekq\/giRMEwa6iYhFjFjW4HKVdggoetJsKG1EFlq7Nse5+E1dc7PIUx4S\/ZrSiowXWl3yiYnLRXfAjDAJmKDd8SHhSHQTacbrGt8DQhtrFK0Cnfg4052zdZqAPMursq2AeUYh3+Ngc6z81+fZTHJbme2+rUNgUjlpPVl20yUvASxiP0qdMrlctOXqH2ToAmQQaKAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAAUABQEAAAAAABIAAAAQAA4ADAJoMghodHRwLzEuMXVQAAAACwACAQAACgAKAAgqKgAdABcAGFpaAAEAABUAVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} -01120{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":943,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167648277830,"flow_src_last_pkt_time":1492167648583174,"flow_dst_last_pkt_time":1492167648582668,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167648583174,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.QQ","proto_id":"91.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"res.wx.qq.com","tls": {"version":"TLSv1.2","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}} +01118{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":943,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1492167648277830,"flow_src_last_pkt_time":1492167648583174,"flow_dst_last_pkt_time":1492167648582668,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167648583174,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.QQ","proto_id":"91.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"res.wx.qq.com","tls": {"version":"TLSv1.2","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":945,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1492167648494081,"flow_dst_last_pkt_time":1492167648873395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1492167648873395,"pkt":"eJKcD6iO8IQvSpdgCABFoAA0AABAADEGHSXLzZ4iwKgBZwG7q0tO\/rLJEoYlf4ASOQgjJgAAAgQFtAEBBAIBAwMH"} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":946,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_src_last_pkt_time":1492167648873492,"flow_dst_last_pkt_time":1492167648873395,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1492167648873492,"pkt":"8IQvSpdgeJKcD6iOCABFAAAoAABAAEAGDtHAqAFny82eIqtLAbsShiV\/Tv6yylAQAOWcGwAA"} 02220{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":947,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1492167639887918,"flow_src_last_pkt_time":1492167648260043,"flow_dst_last_pkt_time":1492167648882009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1240,"flow_dst_max_l4_payload_len":1428,"flow_src_tot_l4_payload_len":6405,"flow_dst_tot_l4_payload_len":7218,"midstream":0,"thread_ts_usec":1492167648882009,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54113,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":441,"avg":560200.5,"max":6615415,"stddev":1552002.6,"var":2408711979008.0,"ent":2.6,"data": [315233,315308,441,318358,1918,319817,471,453,1116,1109,2559,316619,315146,4640,327259,29671,2699,353912,21653,4624,349989,32226,392645,18020,3295,380639,36894,359501,6259002,6615415,265584]},"pktlen": {"min":52,"avg":478.2,"max":1480,"stddev":547.1,"var":299293.4,"ent":4.1,"data": [60,60,52,290,52,1480,52,1480,52,312,52,178,103,1292,527,52,1480,112,52,1225,429,52,250,52,1292,527,52,989,52,1113,52,1480]},"bins": {"c_to_s": [8,0,0,1,0,0,0,1,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0],"s_to_c": [6,2,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,0,1,1,0,0,1,1],"entropies": [4.726680279,5.174957275,5.014835358,5.912752151,5.171406746,6.803393364,5.091758728,7.515910149,5.101990700,7.309720993,5.063529491,6.343719959,6.031068325,7.837167740,7.550827026,5.056021690,7.882212639,6.268015385,4.972088814,7.844335079,7.397187710,5.132945061,7.032490730,4.986606121,7.848376274,7.566510677,5.171406746,7.791433334,5.101990700,7.786844254,5.101990700,7.872010231]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WeChat","proto_id":"91.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat"}} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":967,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":5,"flow_src_last_pkt_time":1492167648583174,"flow_dst_last_pkt_time":1492167648901608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1492167648901608,"pkt":"eJKcD6iO8IQvSpdgCABFoAAouBhAADEGZRjLzZ4iwKgBZwG7q0qHWOtFHGGisFAQAHukpAAA"} -01322{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":968,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167648277830,"flow_src_last_pkt_time":1492167648583174,"flow_dst_last_pkt_time":1492167648902355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1492167648902355,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.QQ","proto_id":"91.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"res.wx.qq.com","tls": {"version":"TLSv1.2","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1"}}} -01886{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":970,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167648277830,"flow_src_last_pkt_time":1492167648902391,"flow_dst_last_pkt_time":1492167648903691,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3430,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4890,"midstream":0,"thread_ts_usec":1492167648903691,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.QQ","proto_id":"91.48","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"res.wx.qq.com","tls": {"version":"TLSv1.2","server_names":"wx1.qq.com,webpush.wx.qq.com,webpush1.weixin.qq.com,loginpoll.weixin.qq.com,login.wx.qq.com,file.wx2.qq.com,wx2.qq.com,login.wx2.qq.com,wxitil.qq.com,file.wx.qq.com,login.weixin.qq.com,webpush2.weixin.qq.com,webpush.wx2.qq.com,webpush.weixin.qq.com,web.weixin.qq.com,res.wx.qq.com,wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=wx.qq.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"67:53:57:7F:22:BB:D0:A6:D4:5F:A6:D4:B3:0A:13:73:29:23:D0:C9"}}} +01320{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":968,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167648277830,"flow_src_last_pkt_time":1492167648583174,"flow_dst_last_pkt_time":1492167648902355,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1492167648902355,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.QQ","proto_id":"91.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"res.wx.qq.com","tls": {"version":"TLSv1.2","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1"}}} +01884{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":970,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1492167648277830,"flow_src_last_pkt_time":1492167648902391,"flow_dst_last_pkt_time":1492167648903691,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":3430,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4890,"midstream":0,"thread_ts_usec":1492167648903691,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43850,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":150,"client":135,"server":15}}},"confidence": {"6":"DPI"},"proto":"TLS.QQ","proto_id":"91.48","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":9,"category":"Chat","hostname":"res.wx.qq.com","tls": {"version":"TLSv1.2","server_names":"wx1.qq.com,webpush.wx.qq.com,webpush1.weixin.qq.com,loginpoll.weixin.qq.com,login.wx.qq.com,file.wx2.qq.com,wx2.qq.com,login.wx2.qq.com,wxitil.qq.com,file.wx.qq.com,login.weixin.qq.com,webpush2.weixin.qq.com,webpush.wx2.qq.com,webpush.weixin.qq.com,web.weixin.qq.com,res.wx.qq.com,wx.qq.com","ja3":"550dce18de1bb143e69d6dd9413b8355","ja3s":"290adf098a54ade688d1df074dbecbf2","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=wx.qq.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","fingerprint":"67:53:57:7F:22:BB:D0:A6:D4:5F:A6:D4:B3:0A:13:73:29:23:D0:C9"}}} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":997,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167650311981,"flow_src_last_pkt_time":1492167650311981,"flow_dst_last_pkt_time":1492167650311981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167650311981,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":997,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1492167650311981,"flow_dst_last_pkt_time":1492167650311981,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1492167650311981,"pkt":"8IQvSpdgeJKcD6iOCABFAAA916xAAEAR3k3AqAFnwKgB\/uySADUAKTCBKzkBAAABAAAAAAAAA3NzbAdnc3RhdGljA2NvbQAAAQAB"} 01194{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":997,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167650311981,"flow_src_last_pkt_time":1492167650311981,"flow_dst_last_pkt_time":1492167650311981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167650311981,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ssl.gstatic.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -384,7 +384,7 @@ 01087{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":998,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1492167650311981,"flow_src_last_pkt_time":1492167650311981,"flow_dst_last_pkt_time":1492167650345975,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":192,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":192,"midstream":0,"thread_ts_usec":1492167650345975,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60562,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"ssl.gstatic.com","dns": {"num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"172.217.23.67"}}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":999,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167650348036,"flow_src_last_pkt_time":1492167650348036,"flow_dst_last_pkt_time":1492167650348036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167650348036,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02322{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":999,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1492167650348036,"flow_dst_last_pkt_time":1492167650348036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1492167650348036,"pkt":"8IQvSpdgeJKcD6iOCABFAAVibiVAAEARQTrAqAFnrNkXQ4sRAbsFTiZlDSoBZwIONIO7UTAzNQGbgwNlLywtCSgLtCegAQAEQ0hMTx0AAABQQUQAIgEAAFNOSQAxAQAAU1RLAGsBAABWRVIAbwEAAENDUwB\/AQAATk9OQ58BAABNU1BDowEAAEFFQUSnAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zc2wuZ3N0YXRpYy5jb227JKt8ARxJVGRWJtplczZ+Y0Ub6N9qmKgMLrSZKyo986eVN4hLCQ8XNjFEbipb4AqXbG2doRLcUxXPUTAzNQHogWCSkhrofu2AhqIVgpFY8KviMDAwMDAwMDA5UDTgFLbVCW\/cQ8zfwllNkC+Y3GQAAABDQzIwQ2hyb21lLzU3LjAuMjk4Ny4xMzMgTGludXggeDg2XzY0Jc6XFWD7G7yXYXhVaoxdywAAAABYNTA5AAAQAAEAAAAeAAAA4qvwWAAAAABQ8MfjcV\/rNPz9nE7SSiHC6cDht5RKlsv0JChHgsKm0olGM4pgTHU2HYUvFhtNkOqQx\/75FAQP87Et+xOmGXIhZAAAAAEAAABDMjU1wgnkHLidnM3CCeQcuJ2czT2t9HxBefiRQAt7kKmuees8hQEA9eDJxrTnigGUXAfpWeAkSroNTkBs4scsx1Ra2LSNreNDFvpSDuqq6UeKpHg6NTM40g2RnXl5QzirTperKCTKzWwn+4\/bmuO2uGlriSPr4ExcTigYtlruN8fxdgnsCAuRhi2\/JFjFnbJqpKvDwpzJerd7H8C9zsxPzgMehsK4\/vItkCcZuwJmgaicPHLBf9M3RGKygCyV25zBdoSYTv7XUf5XBhgAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01155{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167650348036,"flow_src_last_pkt_time":1492167650348036,"flow_dst_last_pkt_time":1492167650348036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167650348036,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ssl.gstatic.com","quic": {"user_agent":"Chrome\/57.0.2987.133 Linux x86_64"}}} +01177{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":999,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167650348036,"flow_src_last_pkt_time":1492167650348036,"flow_dst_last_pkt_time":1492167650348036,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167650348036,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"ssl.gstatic.com","quic": {"user_agent":"Chrome\/57.0.2987.133 Linux x86_64","quic_version":"Q035"}}} 00998{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1000,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1492167650348333,"flow_dst_last_pkt_time":1492167650348036,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":400,"pkt_l4_len":366,"thread_ts_usec":1492167650348333,"pkt":"8IQvSpdgeJKcD6iOCABFAAGCbiZAAEARRRnAqAFnrNkXQ4sRAbsBbnP9DSoBZwIONIO7UTAzNQLoUPe6\/kTOTlflPotTtybyc+JAmHNEvZwUaT+Y9MqSJDNXVlUHwBVN0wAQzobHU4rvOkVihYNG2ScjXRicw6QFTtMMe25DwzQ7F0UKP\/Y\/8HMbQmw9b+v7cjBNs8yLamuYyeUaQ6lA73AshAIuQPhL6IslIuIHWs+l0MLo2wd57CZSUFbeEQQGDWtD8b5mwEuaZ88hm8yA3WeZQ9Zu4UUro5Belh+M9DB8RCMbVDEQZk6oJR+FSwF3TriZCorpIzSRESc2crvu7FP1Tb9g0NyoL87e9cFlDFVypNQfdhNO+iEyVuMUtOGb6OQn1vrWvB\/icrLc4DopKhApNyBIG\/+MQmYuPalP+mCA4FXxaPeMi1RdjyuuqxJb39HK+6wmJsCzWDR6cvDTk6ywHmETP0AOjEu+QTifJk6chcMbgKmp0ErfBPvocLYD7Yj8Qw2lL48a1tEWZIz4lw=="} 02340{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1001,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_src_last_pkt_time":1492167650348333,"flow_dst_last_pkt_time":1492167650401660,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1492167650401660,"pkt":"eJKcD6iO8IQvSpdgCABFoAViAABAADcRt7+s2RdDwKgBZwG7ixEFTkCsBPCmO80d\/CW5IJoqjbn6lzjr5TC1v3d2foeU3jLNcA4IAV35th92JTinR3E92La4uW3lsByHG3R1axVDDHGrIc2Dhs2S+7aBzkyVbwcuUK77hYdmfJ4TJuEFhTaYjceo9r51oYeJqOHOCc1BBmB5E+A58P\/H55fRg4dxRA9v1f2aVQ6I67HK4M7mS7147fzZ170E12rNhRLBsPAWwZ8U93ZWKjAcVK9waq7ihKZ\/GTyfNPuOCQnhcxCFRMVEx2xx65NSFauaw3a1qVgRV428j6Bchcyom0cvPgxBbWJUmObxkeqmQAFmTPCN6igcJnamWF5CRIXtlRtvIVi8G3Rds0EdWXNYvxaTSkwCziFaIH6mAaz9hCwjxATLUAdqd1Yo+wN5ikpGmpiBzh3Coj125lb7YXMKgdIF\/8K12iKaeICQ1ArpMEt9vvWxk35P363XmPN9SjUjvFqh8rl+ETiuGHzQwTYDZUwFRT8Tnc90FuuWkSHrjLuI78eE0u2MPArYDWbkXnAkM9f\/B1mpEGpwrQCQA0PHuwaHNDaEcqfk+htDhYfF2k76y25VNuFHeOfHnAe8W\/L6MSq0NvvJdxpclRqAM5S2hcBrDwho6FgiBa0XuPrQx61q\/3nmcTSWb0DXXos+FWaLGj1Jg4cyk4xSeKoZfxTTY8qOxPxWcSNcXXGMVMwz3NtJzwB28A6uPq8NBF+APnNiUzkLELf20sskbghw4Wvw2P5GvZ6Z0iUqrAzGSGc0IroovL34w3TMmjBnTPzAWKnwYJxIrcFH65r\/43AXULA7mwVKw7TuryWaAn8PVofDMn5VL+m8Bc4anaE3270Gx7DXXa3CWGylYl6IhspD51Ji7UqD6pJpDanmkxF7QRS0mZz7M+VCAuE5+TvKpba5WKwmCrXKMkHXnBfHSx4yC\/BngUmyj5AqU\/35FBtHK2MhZhT3uv3ixGib\/DhROgxNj\/fCIDmyLmZy6LuI15IWBQr2uiGWD15jLW9srpQ3r\/cpXrjFWrIOILP7BDqFX16AVMtIyhn8QUmpyMBzWR3rPBVnAwwCQUSi7lOuHYSBa2JAApapl8ibPeq+IESORJ2WC1jpiGlKVsyKHvCUxM4DB9CDGl+VMCLfBwTUsv9jC9A0oISxfI+skno\/pMiMhfE+1+tVpq0kVbytQk5I14sgZgoXLliJYkFCOr3ikDyMImPkBDegikF\/nhKUricS6KkRKOBVEDYofUgm6hebzs7TAwbIX0LHGrieMSNYdiZ\/RaP9BKZ7WUS7z8Jvlw3DtdXYHHGY\/9m62j8jgUA89FYp2sdoaRFheoQUmxEE6EpSZHWMo5+AT1rvxDTcNLYyAF\/NKlyP79gaAWae04vlwFQ4Bupkoby3AV8qNrlb42pc54gLBwr2\/V8SfP1Jf8GHKLnbnMMGzz8c8g08IQe\/1e7EH9oyogw0WeUU2ddyxaRPwa4eLAdObHTP\/jn7fsHAYVorRI56TLQ62d12KS2GZw3\/dElBm43NGOyNU1Hp381LUrTlDOWD2CkkP1QCRN+zezQnIAdftR9GtZfdliGgi4n+DRQuugUUjAENUiyLbjua9o3CfXKyGh5RlHt3r219Xp7bzpU2Sa3x2tOlotON5hkk2pmORaeO3NrbIHwpGOzFl20\/4Mhk6xhdUZeHJoEN7V1+kqNLH9CANDu7wpMSMlhqJfpnckBvaCh9BXX3VOJErUyDwJ\/yEG1ZNKGdvcDhAfCDrZsIbxElU8wBdoFg5g3GjSgWUZyHIUdESjz3nA05zyGh0UQ5UNTBZNmAzAGEZvPJPDUf"} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1002,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":4,"flow_src_last_pkt_time":1492167650402045,"flow_dst_last_pkt_time":1492167650401660,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1492167650402045,"pkt":"8IQvSpdgeJKcD6iOCABFAABFbjFAAEARRkvAqAFnrNkXQ4sRAbsAMdx0DCoBZwIONIO7A\/2cOIqV1ZCK4h2eK05EMevTWpEuYxJ\/wRQedJtK4Zk="} @@ -551,7 +551,7 @@ 01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1383,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1492167650348036,"flow_src_last_pkt_time":1492167650446122,"flow_dst_last_pkt_time":1492167650467068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":1825,"flow_dst_tot_l4_payload_len":1727,"midstream":0,"thread_ts_usec":1492167796728951,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"172.217.23.67","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1395,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1492167815567817,"flow_dst_last_pkt_time":1492167440370306,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":50,"pkt_l4_len":12,"thread_ts_usec":1492167815567817,"pkt":"AQBeAAAB8IQvSpdgCABGoAAkj9sAAAEC8bDAqAH+4AAAAZQEAAARZOybAAAAAAIAAAA="} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1398,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1492167820408257,"flow_dst_last_pkt_time":1492167449288224,"flow_idle_time":620000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":54,"pkt_l4_len":16,"thread_ts_usec":1492167820408257,"pkt":"AQBeAAAWeJKcD6iOCABGwAAoAABAAAECQerAqAFn4AAAFpQEAAAiAPsCAAAAAQIAAADgAAD7"} -00926{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1401,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1492167648494081,"flow_src_last_pkt_time":1492167695538744,"flow_dst_last_pkt_time":1492167695538677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167822531112,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Tencent","proto_by_ip_id":285,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00924{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1401,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1492167648494081,"flow_src_last_pkt_time":1492167695538744,"flow_dst_last_pkt_time":1492167695538677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167822531112,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00778{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1401,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1492167648494081,"flow_src_last_pkt_time":1492167695538744,"flow_dst_last_pkt_time":1492167695538677,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167822531112,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.158.34","src_port":43851,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00925{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1401,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1492167640138557,"flow_src_last_pkt_time":1492167695237043,"flow_dst_last_pkt_time":1492167695550159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167822531112,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00779{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1401,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1492167640138557,"flow_src_last_pkt_time":1492167695237043,"flow_dst_last_pkt_time":1492167695550159,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167822531112,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54114,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -648,7 +648,7 @@ 00935{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492167851203580,"flow_src_last_pkt_time":1492167851203580,"flow_dst_last_pkt_time":1492167851203580,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167918120269,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ff86:6c5b","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00974{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1492167765155968,"flow_src_last_pkt_time":1492167765155968,"flow_dst_last_pkt_time":1492167765432548,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":349,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":349,"midstream":0,"thread_ts_usec":1492167918120269,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"192.168.1.254","src_port":60356,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WeChat","proto_id":"5.197","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00946{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1492167849769805,"flow_src_last_pkt_time":1492167851204799,"flow_dst_last_pkt_time":1492167849769805,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":24,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1492167918120269,"l3_proto":"ip6","src_ip":"fe80::842:a3f3:a286:6c5b","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1553,"packets-processed":1552,"total-skipped-flows":0,"total-l4-payload-len":556502,"total-not-detected-flows":0,"total-guessed-flows":11,"total-detected-flows":60,"total-detection-updates":63,"total-updates":72,"current-active-flows":30,"total-active-flows":75,"total-idle-flows":45,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":651,"global_ts_usec":1492171154216266} +00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1553,"packets-processed":1552,"total-skipped-flows":0,"total-l4-payload-len":556502,"total-not-detected-flows":0,"total-guessed-flows":11,"total-detected-flows":60,"total-detection-updates":63,"total-updates":72,"current-active-flows":30,"total-active-flows":75,"total-idle-flows":45,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":651,"global_ts_usec":1492171154216266} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171154216266,"flow_src_last_pkt_time":1492171154216266,"flow_dst_last_pkt_time":1492171154216266,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171154216266,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02162{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1492171154216266,"flow_dst_last_pkt_time":1492171154216266,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"thread_ts_usec":1492171154216266,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpoxAAEAGahTAqAFny82XotOnAbtQhl2xjWp\/PoAYBaSJeAAAAQEICgA\/OhBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"} 01050{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1553,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1492171154216266,"flow_src_last_pkt_time":1492171154216266,"flow_dst_last_pkt_time":1492171154216266,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1188,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171154216266,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -882,7 +882,7 @@ 00775{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1492171168104237,"flow_src_last_pkt_time":1492171267294579,"flow_dst_last_pkt_time":1492171168104237,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00925{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167377896227,"flow_src_last_pkt_time":1492167468008215,"flow_dst_last_pkt_time":1492167468048114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1492167377896227,"flow_src_last_pkt_time":1492167468008215,"flow_dst_last_pkt_time":1492167468048114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1492171291761740,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1672,"packets-processed":1672,"total-skipped-flows":0,"total-l4-payload-len":561272,"total-not-detected-flows":0,"total-guessed-flows":25,"total-detected-flows":84,"total-detection-updates":66,"total-updates":77,"current-active-flows":0,"total-active-flows":109,"total-idle-flows":109,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":885,"global_ts_usec":1492171291761740} +00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1672,"source":"cfgs\/default\/pcap\/wechat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1672,"packets-processed":1672,"total-skipped-flows":0,"total-l4-payload-len":561272,"total-not-detected-flows":0,"total-guessed-flows":25,"total-detected-flows":84,"total-detection-updates":66,"total-updates":77,"current-active-flows":0,"total-active-flows":109,"total-idle-flows":109,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":885,"global_ts_usec":1492171291761740} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1672/1672 ~~ skipped flows.............: 0 @@ -891,9 +891,9 @@ ~~ total active/idle flows...: 109/109 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8504996 bytes -~~ total memory freed........: 8504996 bytes -~~ total allocations/frees...: 149850/149850 +~~ total memory allocated....: 12211887 bytes +~~ total memory freed........: 12211887 bytes +~~ total allocations/frees...: 220104/220104 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 526 chars ~~ json string max len.......: 2351 chars diff --git a/test/results/default/weibo.pcap.out b/test/results/default/weibo.pcap.out index d9a5a9d8b..3caf7bff8 100644 --- a/test/results/default/weibo.pcap.out +++ b/test/results/default/weibo.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1463089067804779} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1463089067804779} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089067804779,"flow_src_last_pkt_time":1463089067804779,"flow_dst_last_pkt_time":1463089067804779,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089067804779,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1463089067804779,"flow_dst_last_pkt_time":1463089067804779,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_usec":1463089067804779,"pkt":"eJKcD6iOkDVu60UQCABFAAClAABAADMR2u3YOtIOwKgBaQG7wNEAkSEpAAl3y2T5ujTCSSEU5zJMPfXh7u\/a3oWq2yhhK1m4ny+qR4W2lfILr6Ils4h\/iqKUCkI0zipqePuQ8qDP3gfa2UEwOgxjQY6zEBJhdLLCAKezbAF+wpbNcZnrqI9Vp3iRS5CpzEuDxhuTRv5J009cEtkCA6nVS0D6WXhVs+S9\/EHIHeXl6YD1cbA="} 00930{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1463089067804822,"flow_dst_last_pkt_time":1463089067804779,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_usec":1463089067804822,"pkt":"eJKcD6iOkDVu60UQCABFAAFTAABAADMR2j\/YOtIOwKgBaQG7wNEBPzHaAAoUu93Ovdfsj+VZ99cgMeSVKfCKokSNRuOMv1PGF2DIkukcXrUmGkv\/ArCiq\/KK23NXKqXH3z8FxKfa8OQtN5x73GaADweitAmqYsU072yu9KsRUtnFIEIB5Y5LqWVX6vqXepSvfYCEhodq+tUiz0aSzdffkeHhLztt20iOOpChbjrtXhyjh2xOYPCWGl\/75gN\/zEEb2R9h09zfr5IUCExPcV8JWIdoh2fXU4mq9qytwCU0GOdjsWy12v2HhTBnSYnXaFz8kW\/ToyswW6z6hT26xiqWB5RJW9cvGUU8G6jKCXTHHR5WczEJ7NLt9QErBQKutf8Nh4rVBXW1avPgj1A0tNYSKXAcYt1eYGsw4tjOzS7DHafUDgikSZ+H9BNuGGXb1gwh45909vW3665ubMpNt9lmWoI="} @@ -43,15 +43,15 @@ 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1463089071196181,"flow_dst_last_pkt_time":1463089071543591,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1463089071543591,"pkt":"eJKcD6iOkDVu60UQCABFAAAoBcgAACkGBs9yhlCiwKgBaQBQ5u8JOZF5vUUD0VAQAHvnFgAA"} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089071551377,"flow_src_last_pkt_time":1463089071551377,"flow_dst_last_pkt_time":1463089071551377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089071551377,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1463089071551377,"flow_dst_last_pkt_time":1463089071551377,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1463089071551377,"pkt":"kDVu60UQeJKcD6iOCABFAAA7Jz9AAEARj7jAqAFpwKgBARvsADUAJ8YJ26oBAAABAAAAAAAAA3d3dwV3ZWlibwNjb20AAAEAAQ=="} -01185{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089071551377,"flow_src_last_pkt_time":1463089071551377,"flow_dst_last_pkt_time":1463089071551377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089071551377,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.weibo.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01183{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089071551377,"flow_src_last_pkt_time":1463089071551377,"flow_dst_last_pkt_time":1463089071551377,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089071551377,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.SinaWeibo","proto_id":"5.356","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.weibo.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00646{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1463089071551377,"flow_dst_last_pkt_time":1463089071612902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1463089071612902,"pkt":"eJKcD6iOkDVu60UQCABFAACAAABAAEARtrLAqAEBwKgBaQA1G+wAbIVL26qBgAABAAMAAAAAA3d3dwV3ZWlibwNjb20AAAEAAcAMAAUAAQAAACUAGQN3d3cFd2VpYm8DY29tBWNkbmdjA25ldADAKwABAAEAAAAHAARdvIaJwCsAAQABAAAABwAEXbyGhw=="} -01079{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071551377,"flow_src_last_pkt_time":1463089071551377,"flow_dst_last_pkt_time":1463089071612902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1463089071612902,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.weibo.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.137"}}} +01077{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071551377,"flow_src_last_pkt_time":1463089071551377,"flow_dst_last_pkt_time":1463089071612902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1463089071612902,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.SinaWeibo","proto_id":"5.356","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"www.weibo.com","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.137"}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089071613246,"flow_src_last_pkt_time":1463089071613246,"flow_dst_last_pkt_time":1463089071613246,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089071613246,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1463089071613246,"flow_dst_last_pkt_time":1463089071613246,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1463089071613246,"pkt":"kDVu60UQeJKcD6iOCABFAAA84VFAAEAGsxPAqAFpXbyGicnyAFB0WekZAAAAAKACchD\/WQAAAgQFtAQCCAoAQQhIAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1463089071613246,"flow_dst_last_pkt_time":1463089071642417,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1463089071642417,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGnGVdvIaJwKgBaQBQyfKlqmMtdFnpGqAS\/\/8RHAAAAgQFqAQCCAr5u121AEEISAEDAwc="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_src_last_pkt_time":1463089071642473,"flow_dst_last_pkt_time":1463089071642417,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089071642473,"pkt":"kDVu60UQeJKcD6iOCABFAAA04VJAAEAGsxrAqAFpXbyGicnyAFB0WekapapjLoAQAOU+7wAAAQEICgBBCFD5u121"} 01144{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1463089071642772,"flow_dst_last_pkt_time":1463089071642417,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":516,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":516,"pkt_l4_len":482,"thread_ts_usec":1463089071642772,"pkt":"kDVu60UQeJKcD6iOCABFAAH24VNAAEAGsVfAqAFpXbyGicnyAFB0WekapapjLoAYAOW9fgAAAQEICgBBCFD5u121R0VUIC9sb2dpbi5waHA\/bGFuZz1lbi11cyBIVFRQLzEuMQ0KSG9zdDogd3d3LndlaWJvLmNvbQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0OiB0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9uL3htbDtxPTAuOSxpbWFnZS93ZWJwLCovKjtxPTAuOA0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNTAuMC4yNjYxLjEwMiBTYWZhcmkvNTM3LjM2DQpSZWZlcmVyOiBodHRwczovL3d3dy5nb29nbGUuaXQvDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUsIHNkY2gNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjgsaXQtSVQ7cT0wLjYsaXQ7cT0wLjQscnU7cT0wLjINCg0K"} -01202{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089071613246,"flow_src_last_pkt_time":1463089071642772,"flow_dst_last_pkt_time":1463089071642417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089071642772,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.weibo.com","http": {"url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36","detected_os":"Linux x86_64"}}} +01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089071613246,"flow_src_last_pkt_time":1463089071642772,"flow_dst_last_pkt_time":1463089071642417,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089071642772,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.SinaWeibo","proto_id":"7.356","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.weibo.com","http": {"url":"www.weibo.com\/login.php?lang=en-us","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36","detected_os":"Linux x86_64"}}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1463089071642772,"flow_dst_last_pkt_time":1463089071670625,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089071670625,"pkt":"eJKcD6iOkDVu60UQCABFAAA0PuBAADgGXY1dvIaJwKgBaQBQyfKlqmMudFnq3IAQAqQ7UwAAAQEICvm7XdAAQQhQ"} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089071730101,"flow_src_last_pkt_time":1463089071730101,"flow_dst_last_pkt_time":1463089071730101,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089071730101,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1463089071730101,"flow_dst_last_pkt_time":1463089071730101,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089071730101,"pkt":"kDVu60UQeJKcD6iOCABFAAA08m9AAEAG2cLAqAFp2DrURZOqAbsjKGR2xs8noYAQA+RthAAAAQEICgBBCGYlk10U"} @@ -62,12 +62,12 @@ 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1463089072046092,"flow_dst_last_pkt_time":1463089072046092,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089072046092,"pkt":"kDVu60UQeJKcD6iOCABFAAA0dEpAAEAGV+zAqAFp2DrUQYeLAbv4qaw1BowayYAQAO03NAAAAQEICgBBCLUlGFKF"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1463089072046092,"flow_dst_last_pkt_time":1463089072070732,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089072070732,"pkt":"eJKcD6iOkDVu60UQCABFAAA0NhEAADYG4CXYOtRBwKgBaQG7h4sGjBrJ+KmsNoAQAV6y1gAAAQEICiUZAmMAQNzC"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1463089071994093,"flow_dst_last_pkt_time":1463089072138578,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089072138578,"pkt":"eJKcD6iOkDVu60UQCABFAAA0XohAABsGZHc24aPSwKgBaQG7nfhaPbwDA69SioAQAIjCywAAAQEICgEjLGEAQNyy"} -02163{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1463089071613246,"flow_src_last_pkt_time":1463089072230888,"flow_dst_last_pkt_time":1463089072285673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":2872,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":12066,"midstream":0,"thread_ts_usec":1463089072285673,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":21,"avg":41615.1,"max":482409,"stddev":113790.6,"var":12948298752.0,"ent":2.5,"data": [29171,29227,299,28208,454492,482409,111,67,13207,13244,85,48,39,29,8363,8394,90,62,24,21,24,24,26,28,15403,15440,68319,68302,68,48,54797]},"pktlen": {"min":52,"avg":448.1,"max":2924,"stddev":693.4,"var":480801.9,"ent":3.7,"data": [60,60,52,502,52,57,64,1488,64,1488,64,54,72,1064,64,58,64,2924,64,280,72,54,72,1488,64,805,52,58,52,1488,52,1488]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,1]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.650921822,5.164738178,4.955154419,5.863212585,5.062724113,5.110764980,5.095714092,7.852671146,5.095714092,7.868416309,5.090925217,5.103754044,5.134892464,7.806054115,5.090925217,5.161320686,5.102720261,7.921360016,5.071470261,7.246528625,5.126376152,5.103754044,5.164638519,7.842597485,5.090925217,5.819731712,5.091758728,5.208817959,5.022342682,7.853945732,4.945419312,7.862434864]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +02161{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1463089071613246,"flow_src_last_pkt_time":1463089072230888,"flow_dst_last_pkt_time":1463089072285673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":2872,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":12066,"midstream":0,"thread_ts_usec":1463089072285673,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":21,"avg":41615.1,"max":482409,"stddev":113790.6,"var":12948298752.0,"ent":2.5,"data": [29171,29227,299,28208,454492,482409,111,67,13207,13244,85,48,39,29,8363,8394,90,62,24,21,24,24,26,28,15403,15440,68319,68302,68,48,54797]},"pktlen": {"min":52,"avg":448.1,"max":2924,"stddev":693.4,"var":480801.9,"ent":3.7,"data": [60,60,52,502,52,57,64,1488,64,1488,64,54,72,1064,64,58,64,2924,64,280,72,54,72,1488,64,805,52,58,52,1488,52,1488]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,1]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.650921822,5.164738178,4.955154419,5.863212585,5.062724113,5.110764980,5.095714092,7.852671146,5.095714092,7.868416309,5.090925217,5.103754044,5.134892464,7.806054115,5.090925217,5.161320686,5.102720261,7.921360016,5.071470261,7.246528625,5.126376152,5.103754044,5.164638519,7.842597485,5.090925217,5.819731712,5.091758728,5.208817959,5.022342682,7.853945732,4.945419312,7.862434864]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.SinaWeibo","proto_id":"7.356","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089072333305,"flow_src_last_pkt_time":1463089072333305,"flow_dst_last_pkt_time":1463089072333305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089072333305,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1463089072333305,"flow_dst_last_pkt_time":1463089072333305,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1463089072333305,"pkt":"kDVu60UQeJKcD6iOCABFAAA9J7BAAEARj0XAqAFpwKgBAdEnADUAKd+0rc0BAAABAAAAAAAAA2ltZwF0BnNpbmFqcwJjbgAAAQAB"} -01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089072333305,"flow_src_last_pkt_time":1463089072333305,"flow_dst_last_pkt_time":1463089072333305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089072333305,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"img.t.sinajs.cn","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01182{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089072333305,"flow_src_last_pkt_time":1463089072333305,"flow_dst_last_pkt_time":1463089072333305,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089072333305,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Sina","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"img.t.sinajs.cn","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1463089072333305,"flow_dst_last_pkt_time":1463089072444805,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_usec":1463089072444805,"pkt":"eJKcD6iOkDVu60UQCABFAACxAABAAEARtoHAqAEBwKgBaQA10ScAnYbirc2BgAABAAUAAAAAA2ltZwF0BnNpbmFqcwJjbgAAAQABwAwABQABAAAAAAAHBHdjZG7AEsAtAAUAAQAAACoAFQZzaW5hanMFY3NnbGIFdHhjZG7AGcBAAAUAAQAABBMAFAhuNGNzd2hrMwVnY2NkbgNuZXQAwGEAAQABAAAABAAEXbyG9sBhAAEAAQAAAAQABF28hvE="} -01199{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089072333305,"flow_src_last_pkt_time":1463089072333305,"flow_dst_last_pkt_time":1463089072444805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1463089072444805,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"img.t.sinajs.cn","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}}} +01192{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089072333305,"flow_src_last_pkt_time":1463089072333305,"flow_dst_last_pkt_time":1463089072444805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1463089072444805,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS.Sina","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"img.t.sinajs.cn","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089072445019,"flow_src_last_pkt_time":1463089072445019,"flow_dst_last_pkt_time":1463089072445019,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089072445019,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1463089072445019,"flow_dst_last_pkt_time":1463089072445019,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1463089072445019,"pkt":"kDVu60UQeJKcD6iOCABFAAA8AXdAAEAGkoHAqAFpXbyG9ovbAFCLeghvAAAAAKACchAFvgAAAgQFtAQCCAoAQQkYAAAAAAEDAwc="} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089072445053,"flow_src_last_pkt_time":1463089072445053,"flow_dst_last_pkt_time":1463089072445053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089072445053,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -81,22 +81,22 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1463089072445071,"flow_dst_last_pkt_time":1463089072471843,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1463089072471843,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi90SpJVX19aTZ6AS\/\/\/r1QAAAgQFqAQCCAoDdgksAEEJGAEDAwc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":144,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_src_last_pkt_time":1463089072471854,"flow_dst_last_pkt_time":1463089072471843,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089072471854,"pkt":"kDVu60UQeJKcD6iOCABFAAA0mn9AAEAG+YDAqAFpXbyG9ovdAFDX1pNnEqSVWIAQAOUZqgAAAQEICgBBCR8Ddgks"} 01104{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1463089072471951,"flow_dst_last_pkt_time":1463089072471768,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":486,"pkt_l4_len":452,"thread_ts_usec":1463089072471951,"pkt":"kDVu60UQeJKcD6iOCABFAAHYAXlAAEAGkOPAqAFpXbyG9ovbAFCLeghwRn4ptYAYAOWFQQAAAQEICgBBCR8DdgkqR0VUIC90Ni9zdHlsZS9jc3MvbW9kdWxlL2Jhc2UvZnJhbWUuY3NzP3ZlcnNpb249MjAxNjA1MTMwNTM3IEhUVFAvMS4xDQpIb3N0OiBpbWcudC5zaW5hanMuY24NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdDogdGV4dC9jc3MsKi8qO3E9MC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS81MC4wLjI2NjEuMTAyIFNhZmFyaS81MzcuMzYNClJlZmVyZXI6IGh0dHA6Ly93d3cud2VpYm8uY29tL2xvZ2luLnBocD9sYW5nPWVuLXVzDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUsIHNkY2gNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjgsaXQtSVQ7cT0wLjYsaXQ7cT0wLjQscnU7cT0wLjINCg0K"} -01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089072445019,"flow_src_last_pkt_time":1463089072471951,"flow_dst_last_pkt_time":1463089072471768,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":420,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089072471951,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"img.t.sinajs.cn","http": {"url":"img.t.sinajs.cn\/t6\/style\/css\/module\/base\/frame.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36","detected_os":"Linux x86_64"}}} +01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089072445019,"flow_src_last_pkt_time":1463089072471951,"flow_dst_last_pkt_time":1463089072471768,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":420,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089072471951,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"img.t.sinajs.cn","http": {"url":"img.t.sinajs.cn\/t6\/style\/css\/module\/base\/frame.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36","detected_os":"Linux x86_64"}}} 01120{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":4,"flow_src_last_pkt_time":1463089072472038,"flow_dst_last_pkt_time":1463089072471818,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":498,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":498,"pkt_l4_len":464,"thread_ts_usec":1463089072472038,"pkt":"kDVu60UQeJKcD6iOCABFAAHkfCtAAEAGFiXAqAFpXbyG9ovcAFB8ZHUyz0aFDoAYAOXPzQAAAQEICgBBCR8DdgkrR0VUIC90Ni9zdHlsZS9jc3MvbW9kdWxlL2NvbWJpbmF0aW9uL2NvbWJfbG9naW4uY3NzP3ZlcnNpb249MjAxNjA1MTMwNTM3IEhUVFAvMS4xDQpIb3N0OiBpbWcudC5zaW5hanMuY24NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdDogdGV4dC9jc3MsKi8qO3E9MC4xDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS81MC4wLjI2NjEuMTAyIFNhZmFyaS81MzcuMzYNClJlZmVyZXI6IGh0dHA6Ly93d3cud2VpYm8uY29tL2xvZ2luLnBocD9sYW5nPWVuLXVzDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUsIHNkY2gNCkFjY2VwdC1MYW5ndWFnZTogZW4tVVMsZW47cT0wLjgsaXQtSVQ7cT0wLjYsaXQ7cT0wLjQscnU7cT0wLjINCg0K"} -01259{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089072445053,"flow_src_last_pkt_time":1463089072472038,"flow_dst_last_pkt_time":1463089072471818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089072472038,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"img.t.sinajs.cn","http": {"url":"img.t.sinajs.cn\/t6\/style\/css\/module\/combination\/comb_login.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36","detected_os":"Linux x86_64"}}} +01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089072445053,"flow_src_last_pkt_time":1463089072472038,"flow_dst_last_pkt_time":1463089072471818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":432,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089072472038,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"img.t.sinajs.cn","http": {"url":"img.t.sinajs.cn\/t6\/style\/css\/module\/combination\/comb_login.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36","detected_os":"Linux x86_64"}}} 01093{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":4,"flow_src_last_pkt_time":1463089072472113,"flow_dst_last_pkt_time":1463089072471843,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":476,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":476,"pkt_l4_len":442,"thread_ts_usec":1463089072472113,"pkt":"kDVu60UQeJKcD6iOCABFAAHOmoBAAEAG9+XAqAFpXbyG9ovdAFDX1pNnEqSVWIAYAOW3oQAAAQEICgBBCR8DdgksR0VUIC90Ni9za2luL2RlZmF1bHQvc2tpbi5jc3M\/dmVyc2lvbj0yMDE2MDUxMzA1MzcgSFRUUC8xLjENCkhvc3Q6IGltZy50LnNpbmFqcy5jbg0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0OiB0ZXh0L2NzcywqLyo7cT0wLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzUwLjAuMjY2MS4xMDIgU2FmYXJpLzUzNy4zNg0KUmVmZXJlcjogaHR0cDovL3d3dy53ZWliby5jb20vbG9naW4ucGhwP2xhbmc9ZW4tdXMNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgc2RjaA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOCxpdC1JVDtxPTAuNixpdDtxPTAuNCxydTtxPTAuMg0KDQo="} -01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089072445071,"flow_src_last_pkt_time":1463089072472113,"flow_dst_last_pkt_time":1463089072471843,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":410,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":410,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089072472113,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"img.t.sinajs.cn","http": {"url":"img.t.sinajs.cn\/t6\/skin\/default\/skin.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36","detected_os":"Linux x86_64"}}} +01228{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089072445071,"flow_src_last_pkt_time":1463089072472113,"flow_dst_last_pkt_time":1463089072471843,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":410,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":410,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089072472113,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"img.t.sinajs.cn","http": {"url":"img.t.sinajs.cn\/t6\/skin\/default\/skin.css?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36","detected_os":"Linux x86_64"}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1463089072471951,"flow_dst_last_pkt_time":1463089072500000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089072500000,"pkt":"eJKcD6iOkDVu60UQCABFAAA0IPZAADgGewpdvIb2wKgBaQBQi9tGfim1i3oKFIAQAqQlTAAAAQEICgN2CUYAQQkf"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1463089072472038,"flow_dst_last_pkt_time":1463089072503183,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089072503183,"pkt":"eJKcD6iOkDVu60UQCABFAAA0jEpAADgGD7ZdvIb2wKgBaQBQi9zPRoUOfGR24oAQAqTjbgAAAQEICgN2CUgAQQkf"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1463089072472113,"flow_dst_last_pkt_time":1463089072503227,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089072503227,"pkt":"eJKcD6iOkDVu60UQCABFAAA0nB1AADgG\/+JdvIb2wKgBaQBQi90SpJVY19aVAYAQAqQWNAAAAQEICgN2CUkAQQkf"} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089072885992,"flow_src_last_pkt_time":1463089072885992,"flow_dst_last_pkt_time":1463089072885992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089072885992,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1463089072885992,"flow_dst_last_pkt_time":1463089072885992,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1463089072885992,"pkt":"kDVu60UQeJKcD6iOCABFAAA8J\/lAAEARjv3AqAFpwKgBAaGIADUAKAcnK+gBAAABAAAAAAAAAmpzAXQGc2luYWpzAmNuAAABAAE="} -01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089072885992,"flow_src_last_pkt_time":1463089072885992,"flow_dst_last_pkt_time":1463089072885992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089072885992,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"js.t.sinajs.cn","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} -02203{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1463089072445053,"flow_src_last_pkt_time":1463089073026834,"flow_dst_last_pkt_time":1463089073029617,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":2872,"flow_src_tot_l4_payload_len":432,"flow_dst_tot_l4_payload_len":20099,"midstream":0,"thread_ts_usec":1463089073029617,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":38,"avg":37624.0,"max":314329,"stddev":71528.6,"var":5116344832.0,"ent":3.5,"data": [26765,26778,207,31365,283150,314329,2585,2590,16662,16689,12849,12816,59,38,45726,45760,5061,5035,70980,70980,5479,5518,32285,32296,43007,42980,3236,3222,2548,2543,2807]},"pktlen": {"min":52,"avg":696.7,"max":2924,"stddev":831.3,"var":691142.8,"ent":4.0,"data": [60,60,52,484,52,566,52,1488,52,2924,52,1488,52,1064,64,1488,52,879,52,566,64,2924,64,1488,64,1488,64,1488,64,1488,64,1488]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,2]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.617588520,5.152156830,5.032077789,5.890464306,5.154164791,5.706288815,4.916693211,7.828411579,4.937911987,7.932244301,5.014835358,7.871539593,4.923395157,7.816699505,4.954130173,7.861829758,4.937912464,7.715563297,5.014835358,5.713728428,5.028425217,7.912923336,4.977720261,7.829431534,5.059675217,7.853170395,5.059675217,7.876567841,5.090925217,7.873678684,5.028425217,7.863162994]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -02206{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1463089072445019,"flow_src_last_pkt_time":1463089073075846,"flow_dst_last_pkt_time":1463089073079547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":420,"flow_dst_max_l4_payload_len":4308,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":24521,"midstream":0,"thread_ts_usec":1463089073079547,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":151,"avg":40817.9,"max":400547,"stddev":92805.4,"var":8612838400.0,"ent":3.2,"data": [26749,26781,151,28232,372448,400547,6653,6652,6583,6577,15474,15480,6563,6553,9179,9174,23391,23365,49260,49303,71669,71670,3337,3323,2937,2940,2804,2796,5515,5515,3734]},"pktlen": {"min":52,"avg":833.8,"max":4360,"stddev":1162.9,"var":1352437.0,"ent":3.8,"data": [60,60,52,472,52,567,52,1488,52,4360,52,1488,52,4360,52,2924,52,567,64,567,64,1488,52,1488,52,1488,64,1488,64,1488,64,1488]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,3]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.571673870,5.052156448,4.931210041,5.882226944,4.985801697,5.695990562,4.801308155,7.757262230,4.853979111,7.951329231,4.892440796,7.858428955,4.808815479,7.951515198,4.892440796,7.937272549,4.892440796,5.696815968,5.006755829,5.720534801,5.006755829,7.871479034,4.906957626,7.880197525,4.945419312,7.866903305,5.026210785,7.865207672,4.994960785,7.858891964,4.994960785,7.845516682]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +01181{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":175,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089072885992,"flow_src_last_pkt_time":1463089072885992,"flow_dst_last_pkt_time":1463089072885992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089072885992,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Sina","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"js.t.sinajs.cn","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +02196{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1463089072445053,"flow_src_last_pkt_time":1463089073026834,"flow_dst_last_pkt_time":1463089073029617,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":2872,"flow_src_tot_l4_payload_len":432,"flow_dst_tot_l4_payload_len":20099,"midstream":0,"thread_ts_usec":1463089073029617,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":38,"avg":37624.0,"max":314329,"stddev":71528.6,"var":5116344832.0,"ent":3.5,"data": [26765,26778,207,31365,283150,314329,2585,2590,16662,16689,12849,12816,59,38,45726,45760,5061,5035,70980,70980,5479,5518,32285,32296,43007,42980,3236,3222,2548,2543,2807]},"pktlen": {"min":52,"avg":696.7,"max":2924,"stddev":831.3,"var":691142.8,"ent":4.0,"data": [60,60,52,484,52,566,52,1488,52,2924,52,1488,52,1064,64,1488,52,879,52,566,64,2924,64,1488,64,1488,64,1488,64,1488,64,1488]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,2]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.617588520,5.152156830,5.032077789,5.890464306,5.154164791,5.706288815,4.916693211,7.828411579,4.937911987,7.932244301,5.014835358,7.871539593,4.923395157,7.816699505,4.954130173,7.861829758,4.937912464,7.715563297,5.014835358,5.713728428,5.028425217,7.912923336,4.977720261,7.829431534,5.059675217,7.853170395,5.059675217,7.876567841,5.090925217,7.873678684,5.028425217,7.863162994]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +02199{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1463089072445019,"flow_src_last_pkt_time":1463089073075846,"flow_dst_last_pkt_time":1463089073079547,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":420,"flow_dst_max_l4_payload_len":4308,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":24521,"midstream":0,"thread_ts_usec":1463089073079547,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":151,"avg":40817.9,"max":400547,"stddev":92805.4,"var":8612838400.0,"ent":3.2,"data": [26749,26781,151,28232,372448,400547,6653,6652,6583,6577,15474,15480,6563,6553,9179,9174,23391,23365,49260,49303,71669,71670,3337,3323,2937,2940,2804,2796,5515,5515,3734]},"pktlen": {"min":52,"avg":833.8,"max":4360,"stddev":1162.9,"var":1352437.0,"ent":3.8,"data": [60,60,52,472,52,567,52,1488,52,4360,52,1488,52,4360,52,2924,52,567,64,567,64,1488,52,1488,52,1488,64,1488,64,1488,64,1488]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,3]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.571673870,5.052156448,4.931210041,5.882226944,4.985801697,5.695990562,4.801308155,7.757262230,4.853979111,7.951329231,4.892440796,7.858428955,4.808815479,7.951515198,4.892440796,7.937272549,4.892440796,5.696815968,5.006755829,5.720534801,5.006755829,7.871479034,4.906957626,7.880197525,4.945419312,7.866903305,5.026210785,7.865207672,4.994960785,7.858891964,4.994960785,7.845516682]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073286278,"flow_src_last_pkt_time":1463089073286278,"flow_dst_last_pkt_time":1463089073286278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073286278,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1463089073286278,"flow_dst_last_pkt_time":1463089073286278,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1463089073286278,"pkt":"kDVu60UQeJKcD6iOCABFAABDKCFAAEARjs7AqAFpwKgBAUZzADUAL2deWFEBAAABAAAAAAAAAnUxA2ltZwZtb2JpbGUEc2luYQJjbgAAAQAB"} -01195{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073286278,"flow_src_last_pkt_time":1463089073286278,"flow_dst_last_pkt_time":1463089073286278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073286278,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"u1.img.mobile.sina.cn","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073286278,"flow_src_last_pkt_time":1463089073286278,"flow_dst_last_pkt_time":1463089073286278,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073286278,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Sina","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"u1.img.mobile.sina.cn","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073287324,"flow_src_last_pkt_time":1463089073287324,"flow_dst_last_pkt_time":1463089073287324,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073287324,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1463089073287324,"flow_dst_last_pkt_time":1463089073287324,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1463089073287324,"pkt":"kDVu60UQeJKcD6iOCABFAAA\/KCJAAEARjtHAqAFpwKgBAcXQADUAK4SVO9YBAAABAAAAAAAABmFjanN0YgZhbGl5dW4DY29tAAABAAE="} 01290{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":253,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073287324,"flow_src_last_pkt_time":1463089073287324,"flow_dst_last_pkt_time":1463089073287324,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073287324,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"acjstb.aliyun.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -120,36 +120,36 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1463089073319753,"flow_dst_last_pkt_time":1463089073382415,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1463089073382415,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi944y47WgmYWPKAS\/\/+aeQAAAgQFqAQCCAoDdgyiAEEJ8wEDAwc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1463089073382462,"flow_dst_last_pkt_time":1463089073382415,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089073382462,"pkt":"kDVu60UQeJKcD6iOCABFAAA0H8lAAEAGdDfAqAFpXbyG9oveAFCCZhY8OMuO14AQAOXIRAAAAQEICgBBCgMDdgyi"} 01165{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1463089073382597,"flow_dst_last_pkt_time":1463089073382415,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":530,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":530,"pkt_l4_len":496,"thread_ts_usec":1463089073382597,"pkt":"kDVu60UQeJKcD6iOCABFAAIEH8pAAEAGcmbAqAFpXbyG9oveAFCCZhY8OMuO14AYAOXSsAAAAQEICgBBCgMDdgyiR0VUIC90Ni9zdHlsZS9pbWFnZXMvZ2xvYmFsX25hdi9XQl9sb2dvX2IucG5nIEhUVFAvMS4xDQpIb3N0OiBpbWcudC5zaW5hanMuY24NCkNvbm5lY3Rpb246IGtlZXAtYWxpdmUNCkFjY2VwdDogaW1hZ2Uvd2VicCxpbWFnZS8qLCovKjtxPTAuOA0KVXNlci1BZ2VudDogTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNTAuMC4yNjYxLjEwMiBTYWZhcmkvNTM3LjM2DQpSZWZlcmVyOiBodHRwOi8vaW1nLnQuc2luYWpzLmNuL3Q2L3N0eWxlL2Nzcy9tb2R1bGUvY29tYmluYXRpb24vY29tYl9sb2dpbi5jc3M\/dmVyc2lvbj0yMDE2MDUxMzA1MzcNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgc2RjaA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOCxpdC1JVDtxPTAuNixpdDtxPTAuNCxydTtxPTAuMg0KDQo="} -01231{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089073319753,"flow_src_last_pkt_time":1463089073382597,"flow_dst_last_pkt_time":1463089073382415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073382597,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"img.t.sinajs.cn","http": {"url":"img.t.sinajs.cn\/t6\/style\/images\/global_nav\/WB_logo_b.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36","detected_os":"Linux x86_64"}}} +01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089073319753,"flow_src_last_pkt_time":1463089073382597,"flow_dst_last_pkt_time":1463089073382415,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073382597,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"img.t.sinajs.cn","http": {"url":"img.t.sinajs.cn\/t6\/style\/images\/global_nav\/WB_logo_b.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36","detected_os":"Linux x86_64"}}} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1463089073321163,"flow_dst_last_pkt_time":1463089073383314,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1463089073383314,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi9\/6KbWaZXHbTaAS\/\/8KOQAAAgQFqAQCCAoDdgyiAEEJ8wEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":287,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_src_last_pkt_time":1463089073383342,"flow_dst_last_pkt_time":1463089073383314,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089073383342,"pkt":"kDVu60UQeJKcD6iOCABFAAA00sBAAEAGwT\/AqAFpXbyG9ovfAFBlcdtN+im1m4AQAOU4BAAAAQEICgBBCgMDdgyi"} 01193{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1463089073383484,"flow_dst_last_pkt_time":1463089073383314,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":550,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":550,"pkt_l4_len":516,"thread_ts_usec":1463089073383484,"pkt":"kDVu60UQeJKcD6iOCABFAAIY0sFAAEAGv1rAqAFpXbyG9ovfAFBlcdtN+im1m4AYAOXBUAAAAQEICgBBCgMDdgyiR0VUIC90Ni9zdHlsZS9pbWFnZXMvZ3Jvd3RoL2xvZ2luL3Nwcml0ZV9sb2dpbi5wbmc\/MTM0MzQyMTAzODQzODkgSFRUUC8xLjENCkhvc3Q6IGltZy50LnNpbmFqcy5jbg0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0OiBpbWFnZS93ZWJwLGltYWdlLyosKi8qO3E9MC44DQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS81MC4wLjI2NjEuMTAyIFNhZmFyaS81MzcuMzYNClJlZmVyZXI6IGh0dHA6Ly9pbWcudC5zaW5hanMuY24vdDYvc3R5bGUvY3NzL21vZHVsZS9jb21iaW5hdGlvbi9jb21iX2xvZ2luLmNzcz92ZXJzaW9uPTIwMTYwNTEzMDUzNw0KQWNjZXB0LUVuY29kaW5nOiBnemlwLCBkZWZsYXRlLCBzZGNoDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC44LGl0LUlUO3E9MC42LGl0O3E9MC40LHJ1O3E9MC4yDQoNCg=="} -01252{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089073321163,"flow_src_last_pkt_time":1463089073383484,"flow_dst_last_pkt_time":1463089073383314,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":484,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":484,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073383484,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"img.t.sinajs.cn","http": {"url":"img.t.sinajs.cn\/t6\/style\/images\/growth\/login\/sprite_login.png?13434210384389","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36","detected_os":"Linux x86_64"}}} +01245{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":288,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089073321163,"flow_src_last_pkt_time":1463089073383484,"flow_dst_last_pkt_time":1463089073383314,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":484,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":484,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073383484,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"img.t.sinajs.cn","http": {"url":"img.t.sinajs.cn\/t6\/style\/images\/growth\/login\/sprite_login.png?13434210384389","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36","detected_os":"Linux x86_64"}}} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1463089073322446,"flow_dst_last_pkt_time":1463089073383869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1463089073383869,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi+DI1jKOKC1SpaAS\/\/+EggAAAgQFqAQCCAoDdgyjAEEJ9AEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":3,"flow_src_last_pkt_time":1463089073383893,"flow_dst_last_pkt_time":1463089073383869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089073383893,"pkt":"kDVu60UQeJKcD6iOCABFAAA0W1FAAEAGOK\/AqAFpXbyG9ovgAFAoLVKlyNYyj4AQAOWyTgAAAQEICgBBCgMDdgyj"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1463089073334322,"flow_dst_last_pkt_time":1463089073384495,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1463089073384495,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi+Gi04d5CaQaRKAS\/\/+sgAAAAgQFqAQCCAoDdgyjAEEJ9wEDAwc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":292,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1463089073384519,"flow_dst_last_pkt_time":1463089073384495,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089073384519,"pkt":"kDVu60UQeJKcD6iOCABFAAA0E7VAAEAGgEvAqAFpXbyG9ovhAFAJpBpEotOHeoAQAOXaTwAAAQEICgBBCgMDdgyj"} 01177{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1463089073384656,"flow_dst_last_pkt_time":1463089073384495,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":539,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":539,"pkt_l4_len":505,"thread_ts_usec":1463089073384656,"pkt":"kDVu60UQeJKcD6iOCABFAAINE7ZAAEAGfnHAqAFpXbyG9ovhAFAJpBpEotOHeoAYAOVvCQAAAQEICgBBCgMDdgyjR0VUIC90Ni9zdHlsZS9pbWFnZXMvY29tbW9uL2ZvbnQvd2JmaWNvbi53b2ZmP2lkPTIwMTYwNTExMTc0NiBIVFRQLzEuMQ0KSG9zdDogaW1nLnQuc2luYWpzLmNuDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS81MC4wLjI2NjEuMTAyIFNhZmFyaS81MzcuMzYNCk9yaWdpbjogaHR0cDovL3d3dy53ZWliby5jb20NCkFjY2VwdDogKi8qDQpSZWZlcmVyOiBodHRwOi8vaW1nLnQuc2luYWpzLmNuL3Q2L3N0eWxlL2Nzcy9tb2R1bGUvYmFzZS9mcmFtZS5jc3M\/dmVyc2lvbj0yMDE2MDUxMzA1MzcNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgc2RjaA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOCxpdC1JVDtxPTAuNixpdDtxPTAuNCxydTtxPTAuMg0KDQo="} -01248{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089073334322,"flow_src_last_pkt_time":1463089073384656,"flow_dst_last_pkt_time":1463089073384495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":473,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":473,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073384656,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"img.t.sinajs.cn","http": {"url":"img.t.sinajs.cn\/t6\/style\/images\/common\/font\/wbficon.woff?id=201605111746","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36","detected_os":"Linux x86_64"}}} +01241{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089073334322,"flow_src_last_pkt_time":1463089073384656,"flow_dst_last_pkt_time":1463089073384495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":473,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":473,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073384656,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"img.t.sinajs.cn","http": {"url":"img.t.sinajs.cn\/t6\/style\/images\/common\/font\/wbficon.woff?id=201605111746","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36","detected_os":"Linux x86_64"}}} 00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1463089073286278,"flow_dst_last_pkt_time":1463089073393823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_usec":1463089073393823,"pkt":"eJKcD6iOkDVu60UQCABFAACRAABAAEARtqHAqAEBwKgBaQA1RnMAfV+\/WFGBgAABAAMAAAAAAnUxA2ltZwZtb2JpbGUEc2luYQJjbgAAAQABwAwABQABAAAACQAZBWFkaW1nBGdzbGIIc2luYWVkZ2UDY29tAMAzAAUAAQAAAAoADQV3ZWlibwRncmlkwD7AWAABAAEAAAAvAATeSRxg"} -01087{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089073286278,"flow_src_last_pkt_time":1463089073286278,"flow_dst_last_pkt_time":1463089073393823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1463089073393823,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"u1.img.mobile.sina.cn","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.28.96"}}} +01080{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089073286278,"flow_src_last_pkt_time":1463089073286278,"flow_dst_last_pkt_time":1463089073393823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1463089073393823,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"u1.img.mobile.sina.cn","dns": {"num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"222.73.28.96"}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073394448,"flow_src_last_pkt_time":1463089073394448,"flow_dst_last_pkt_time":1463089073394448,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073394448,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1463089073394448,"flow_dst_last_pkt_time":1463089073394448,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1463089073394448,"pkt":"kDVu60UQeJKcD6iOCABFAAA\/KDNAAEARjsDAqAFpwKgBAS4WADUAK\/dEyn0BAAABAAAAAAAAB2FjY291bnQFd2VpYm8DY29tAAABAAE="} -01191{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073394448,"flow_src_last_pkt_time":1463089073394448,"flow_dst_last_pkt_time":1463089073394448,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073394448,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"account.weibo.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073394448,"flow_src_last_pkt_time":1463089073394448,"flow_dst_last_pkt_time":1463089073394448,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073394448,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.SinaWeibo","proto_id":"5.356","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"account.weibo.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073394759,"flow_src_last_pkt_time":1463089073394759,"flow_dst_last_pkt_time":1463089073394759,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073394759,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":300,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1463089073394759,"flow_dst_last_pkt_time":1463089073394759,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1463089073394759,"pkt":"kDVu60UQeJKcD6iOCABFAAA8VdhAAEAGKCnAqAFp3kkcYKUjAFC1h1\/eAAAAAKACchBUFAAAAgQFtAQCCAoAQQoGAAAAAAEDAwc="} 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1463089072885992,"flow_dst_last_pkt_time":1463089073423772,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_usec":1463089073423772,"pkt":"eJKcD6iOkDVu60UQCABFAACwAABAAEARtoLAqAEBwKgBaQA1oYgAnCOtK+iBgAABAAUAAAAAAmpzAXQGc2luYWpzAmNuAAABAAHADAAFAAEAAAA8AAcEd2NkbsARwCwABQABAAAAKQAVBnNpbmFqcwVjc2dsYgV0eGNkbsAYwD8ABQABAAAEEgAUCG40Y3N3aGszBWdjY2RuA25ldADAYAABAAEAAAADAARdvIb2wGAAAQABAAAAAwAEXbyG8Q=="} -01082{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089072885992,"flow_src_last_pkt_time":1463089072885992,"flow_dst_last_pkt_time":1463089073423772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":148,"midstream":0,"thread_ts_usec":1463089073423772,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"js.t.sinajs.cn","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}}} +01075{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":303,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089072885992,"flow_src_last_pkt_time":1463089072885992,"flow_dst_last_pkt_time":1463089073423772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":148,"midstream":0,"thread_ts_usec":1463089073423772,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"js.t.sinajs.cn","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"93.188.134.246"}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073424254,"flow_src_last_pkt_time":1463089073424254,"flow_dst_last_pkt_time":1463089073424254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073424254,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1463089073424254,"flow_dst_last_pkt_time":1463089073424254,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1463089073424254,"pkt":"kDVu60UQeJKcD6iOCABFAAA4KDhAAEARjsLAqAFpwKgBAUGkADUAJAai81YBAAABAAAAAAAAAWMFd2VpYm8CY24AAAEAAQ=="} -01184{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073424254,"flow_src_last_pkt_time":1463089073424254,"flow_dst_last_pkt_time":1463089073424254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073424254,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"c.weibo.cn","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01182{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":304,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073424254,"flow_src_last_pkt_time":1463089073424254,"flow_dst_last_pkt_time":1463089073424254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073424254,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.SinaWeibo","proto_id":"5.356","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"c.weibo.cn","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073424339,"flow_src_last_pkt_time":1463089073424339,"flow_dst_last_pkt_time":1463089073424339,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073424339,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1463089073424339,"flow_dst_last_pkt_time":1463089073424339,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1463089073424339,"pkt":"kDVu60UQeJKcD6iOCABFAAA8dN1AAEAGHxvAqAFpXbyG9ovjAFD5+n7QAAAAAKACchAf3wAAAgQFtAQCCAoAQQoNAAAAAAEDAwc="} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1463089073287582,"flow_dst_last_pkt_time":1463089073478883,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1463089073478883,"pkt":"eJKcD6iOkDVu60UQCABFAACdAABAAEARtpXAqAEBwKgBaQA1yPAAiVtu8RCBgAABAAUAAAAAAWcGYWxpY2RuA2NvbQAAAQABwAwABQABAADy0wAXAWcGYWxpY2RuA2NvbQdkYW51b3lpwA7AKgABAAEAAAGzAAQvWUHlwCoAAQABAAABswAEL1lBx8AqAAEAAQAAAbMABC9ZQcbAKgABAAEAAAGzAAQvWUHk"} 01081{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":306,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089073287582,"flow_src_last_pkt_time":1463089073287582,"flow_dst_last_pkt_time":1463089073478883,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":129,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":129,"midstream":0,"thread_ts_usec":1463089073478883,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":51440,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Alibaba","proto_id":"5.274","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"g.alicdn.com","dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"47.89.65.229"}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073479208,"flow_src_last_pkt_time":1463089073479208,"flow_dst_last_pkt_time":1463089073479208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073479208,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1463089073479208,"flow_dst_last_pkt_time":1463089073479208,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1463089073479208,"pkt":"kDVu60UQeJKcD6iOCABFAAA8KD5AAEARjrjAqAFpwKgBAcVlADUAKPnf1EwBAAABAAAAAAAABGRhdGEFd2VpYm8DY29tAAABAAE="} -01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073479208,"flow_src_last_pkt_time":1463089073479208,"flow_dst_last_pkt_time":1463089073479208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073479208,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"data.weibo.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} +01186{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073479208,"flow_src_last_pkt_time":1463089073479208,"flow_dst_last_pkt_time":1463089073479208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073479208,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.SinaWeibo","proto_id":"5.356","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network","hostname":"data.weibo.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073479289,"flow_src_last_pkt_time":1463089073479289,"flow_dst_last_pkt_time":1463089073479289,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073479289,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"47.89.65.229","src_port":50827,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1463089073479289,"flow_dst_last_pkt_time":1463089073479289,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1463089073479289,"pkt":"kDVu60UQeJKcD6iOCABFAAA8PQxAAEAGymDAqAFpL1lB5caLAbuG5TcXAAAAAKACchASAQAAAgQFtAQCCAoAQQobAAAAAAEDAwc="} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1463089073287796,"flow_dst_last_pkt_time":1463089073488461,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_usec":1463089073488461,"pkt":"eJKcD6iOkDVu60UQCABFAABiAABAAEARttDAqAEBwKgBaQA10NoATp++kZuBgAABAAIAAAAAA2xvZwZtbXN0YXQDY29tAAABAAHADAAFAAEAAAIfAAoDbG9nA2dkc8AQwCwAAQABAAAAIwAEjM2uAQ=="} @@ -170,7 +170,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1463089073424339,"flow_dst_last_pkt_time":1463089073616097,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1463089073616097,"pkt":"eJKcD6iOkDVu60UQCABFAAA8AABAADgGm\/hdvIb2wKgBaQBQi+OyanX1+fp+0aAS\/\/9YyQAAAgQFqAQCCAoDdg1LAEEKDQEDAwc="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":3,"flow_src_last_pkt_time":1463089073616160,"flow_dst_last_pkt_time":1463089073616097,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089073616160,"pkt":"kDVu60UQeJKcD6iOCABFAAA0dN5AAEAGHyLAqAFpXbyG9ovjAFD5+n7Rsmp19oAQAOWGdAAAAQEICgBBCj0Ddg1L"} 01076{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":4,"flow_src_last_pkt_time":1463089073616324,"flow_dst_last_pkt_time":1463089073616097,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":464,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":464,"pkt_l4_len":430,"thread_ts_usec":1463089073616324,"pkt":"kDVu60UQeJKcD6iOCABFAAHCdN9AAEAGHZPAqAFpXbyG9ovjAFD5+n7Rsmp19oAYAOUzpwAAAQEICgBBCj0Ddg1LR0VUIC90NS9yZWdpc3Rlci9qcy92Ni9wbC9iYXNlLmpzP3ZlcnNpb249MjAxNjA1MTMwNTM3IEhUVFAvMS4xDQpIb3N0OiBqcy50LnNpbmFqcy5jbg0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KQWNjZXB0OiAqLyoNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzUwLjAuMjY2MS4xMDIgU2FmYXJpLzUzNy4zNg0KUmVmZXJlcjogaHR0cDovL3d3dy53ZWliby5jb20vbG9naW4ucGhwP2xhbmc9ZW4tdXMNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgc2RjaA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOCxpdC1JVDtxPTAuNixpdDtxPTAuNCxydTtxPTAuMg0KDQo="} -01239{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089073424339,"flow_src_last_pkt_time":1463089073616324,"flow_dst_last_pkt_time":1463089073616097,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":398,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":398,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073616324,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"js.t.sinajs.cn","http": {"url":"js.t.sinajs.cn\/t5\/register\/js\/v6\/pl\/base.js?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36","detected_os":"Linux x86_64"}}} +01232{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089073424339,"flow_src_last_pkt_time":1463089073616324,"flow_dst_last_pkt_time":1463089073616097,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":398,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":398,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073616324,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"js.t.sinajs.cn","http": {"url":"js.t.sinajs.cn\/t5\/register\/js\/v6\/pl\/base.js?version=201605130537","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36","detected_os":"Linux x86_64"}}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":384,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1463089073479289,"flow_dst_last_pkt_time":1463089073635672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089073635672,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGFnUvWUHlwKgBaQG7xos8arg3huU3GIASOQiHzQAAAgQFqAEBBAIBAwMJ"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1463089073635736,"flow_dst_last_pkt_time":1463089073635672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1463089073635736,"pkt":"kDVu60UQeJKcD6iOCABFAAAoPQ1AAEAGynPAqAFpL1lB5caLAbuG5TcYPGq4OFAQAOUAuQAA"} 00801{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":386,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":4,"flow_src_last_pkt_time":1463089073635941,"flow_dst_last_pkt_time":1463089073635672,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":254,"pkt_l4_len":220,"thread_ts_usec":1463089073635941,"pkt":"kDVu60UQeJKcD6iOCABFAADwPQ5AAEAGyarAqAFpL1lB5caLAbuG5TcYPGq4OFAYAOU\/oAAAFgMBAMMBAAC\/AwOXT1\/apC0sseL9tClTjO1tCqBgMoC4vQJs2bkXrM\/zTQAAHMypzKjMFMwTwCvAL8AKwBTACcATAJwANQAvAAoBAAB6\/wEAAQAAAAARAA8AAAxnLmFsaWNkbi5jb20AFwAAACMAAAANABIAEAYBBgMFAQUDBAEEAwIBAgMABQAFAQAAAAAzdAAAABIAAAAQABcAFQJoMghzcGR5LzMuMQhodHRwLzEuMXVQAAAACwACAQAACgAIAAYAHQAXABg="} @@ -190,30 +190,30 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":435,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1463089073394759,"flow_dst_last_pkt_time":1463089073773608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089073773608,"pkt":"eJKcD6iOkDVu60UQCABFAAA0AABAADEGjQneSRxgwKgBaQBQpSMt08jatYdf34ASOQjHwAAAAgQFqAEBBAIBAwMI"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":436,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":3,"flow_src_last_pkt_time":1463089073773636,"flow_dst_last_pkt_time":1463089073773608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1463089073773636,"pkt":"kDVu60UQeJKcD6iOCABFAAAoVdlAAEAGKDzAqAFp3kkcYKUjAFC1h1\/fLdPI21AQAOVAqwAA"} 01102{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":4,"flow_src_last_pkt_time":1463089073773797,"flow_dst_last_pkt_time":1463089073773608,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":482,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":482,"pkt_l4_len":448,"thread_ts_usec":1463089073773797,"pkt":"kDVu60UQeJKcD6iOCABFAAHUVdpAAEAGJo\/AqAFp3kkcYKUjAFC1h1\/fLdPI21AYAOWIKwAAR0VUIC9wdWJsaWMvZmlsZXMvaW1hZ2UvNjIweDMwMF9pbWc1NjUzZDU3YzZkYWIyLnBuZyBIVFRQLzEuMQ0KSG9zdDogdTEuaW1nLm1vYmlsZS5zaW5hLmNuDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpBY2NlcHQ6IGltYWdlL3dlYnAsaW1hZ2UvKiwqLyo7cT0wLjgNClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzUwLjAuMjY2MS4xMDIgU2FmYXJpLzUzNy4zNg0KUmVmZXJlcjogaHR0cDovL3d3dy53ZWliby5jb20vbG9naW4ucGhwP2xhbmc9ZW4tdXMNCkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZSwgc2RjaA0KQWNjZXB0LUxhbmd1YWdlOiBlbi1VUyxlbjtxPTAuOCxpdC1JVDtxPTAuNixpdDtxPTAuNCxydTtxPTAuMg0KDQo="} -01247{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089073394759,"flow_src_last_pkt_time":1463089073773797,"flow_dst_last_pkt_time":1463089073773608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":428,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":428,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073773797,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"u1.img.mobile.sina.cn","http": {"url":"u1.img.mobile.sina.cn\/public\/files\/image\/620x300_img5653d57c6dab2.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36","detected_os":"Linux x86_64"}}} +01240{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":437,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089073394759,"flow_src_last_pkt_time":1463089073773797,"flow_dst_last_pkt_time":1463089073773608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":428,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":428,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073773797,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"u1.img.mobile.sina.cn","http": {"url":"u1.img.mobile.sina.cn\/public\/files\/image\/620x300_img5653d57c6dab2.png","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/50.0.2661.102 Safari\/537.36","detected_os":"Linux x86_64"}}} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073788865,"flow_src_last_pkt_time":1463089073788865,"flow_dst_last_pkt_time":1463089073788865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073788865,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_src_last_pkt_time":1463089073788865,"flow_dst_last_pkt_time":1463089073788865,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1463089073788865,"pkt":"kDVu60UQeJKcD6iOCABFAAA8M4FAAEAGYnrAqAFpKpy4E8wyAbubxznpAAAAAKACchCC5wAAAgQFtAQCCAoAQQpoAAAAAAEDAwc="} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073789999,"flow_src_last_pkt_time":1463089073789999,"flow_dst_last_pkt_time":1463089073789999,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073789999,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.170.63","src_port":47723,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":441,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1463089073789999,"flow_dst_last_pkt_time":1463089073789999,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1463089073789999,"pkt":"kDVu60UQeJKcD6iOCABFAAA8F+ZAAEAGKbjAqAFpjM2qP7prAbvY7h2OAAAAAKACchAfhQAAAgQFtAQCCAoAQQpoAAAAAAEDAwc="} -02217{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1463089072445071,"flow_src_last_pkt_time":1463089073791996,"flow_dst_last_pkt_time":1463089073794639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":459,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":869,"flow_dst_tot_l4_payload_len":13850,"midstream":0,"thread_ts_usec":1463089073794639,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":259,"avg":86983.6,"max":438815,"stddev":119331.4,"var":14239989760.0,"ent":3.8,"data": [26772,26783,259,31384,276129,307295,6901,6886,153887,153903,2935,2946,375915,438815,4367,67220,2924,2959,31457,31439,138473,138467,6109,6114,4495,4505,193484,193526,28775,28708,2661]},"pktlen": {"min":52,"avg":514.0,"max":1488,"stddev":578.7,"var":334896.4,"ent":4.1,"data": [60,60,52,462,52,563,52,1012,52,563,64,1012,64,511,52,480,52,1488,52,480,64,1488,52,1488,52,1488,52,1488,64,1488,52,1488]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.717588902,5.118823528,5.032077789,5.908517361,5.014835358,5.756928444,5.008133411,7.799871445,4.969672203,5.727755070,5.022979259,7.804618359,4.991729736,5.911708832,5.115703106,5.816450596,5.000318527,6.365411758,5.053297043,5.822424412,5.122175217,7.722197533,5.053297043,7.724967480,5.091758728,7.731284142,5.053297043,7.722201347,5.153425217,7.742957592,5.053297043,7.725163937]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -02206{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1463089073321163,"flow_src_last_pkt_time":1463089073801051,"flow_dst_last_pkt_time":1463089073804152,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":484,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":484,"flow_dst_tot_l4_payload_len":18086,"midstream":0,"thread_ts_usec":1463089073804152,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":142,"avg":31060.5,"max":183686,"stddev":54622.5,"var":2983621632.0,"ent":3.4,"data": [62151,62179,142,161101,22711,183686,5733,5740,2565,2546,10538,10551,5220,5299,3225,3182,2451,2404,5526,5539,2866,2854,2576,2563,4789,4821,162100,162064,26294,26318,3143]},"pktlen": {"min":52,"avg":633.2,"max":1488,"stddev":674.0,"var":454231.7,"ent":4.1,"data": [60,60,52,536,52,479,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,479,64,1488,52,1488]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.684255600,5.152156830,4.993616104,5.845283031,5.077241421,5.771981716,5.032077789,7.798841476,5.014835358,7.818611622,5.091758728,7.745497227,5.091758728,7.718579292,5.091758728,7.835317612,5.014835358,7.586729527,5.091758728,7.852894306,5.053297043,7.826751709,5.091758728,7.851661682,4.969671726,7.833436489,5.053297043,5.785848141,5.090925217,7.852241993,5.014835835,7.846589088]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +02210{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":444,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1463089072445071,"flow_src_last_pkt_time":1463089073791996,"flow_dst_last_pkt_time":1463089073794639,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":459,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":869,"flow_dst_tot_l4_payload_len":13850,"midstream":0,"thread_ts_usec":1463089073794639,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":259,"avg":86983.6,"max":438815,"stddev":119331.4,"var":14239989760.0,"ent":3.8,"data": [26772,26783,259,31384,276129,307295,6901,6886,153887,153903,2935,2946,375915,438815,4367,67220,2924,2959,31457,31439,138473,138467,6109,6114,4495,4505,193484,193526,28775,28708,2661]},"pktlen": {"min":52,"avg":514.0,"max":1488,"stddev":578.7,"var":334896.4,"ent":4.1,"data": [60,60,52,462,52,563,52,1012,52,563,64,1012,64,511,52,480,52,1488,52,480,64,1488,52,1488,52,1488,52,1488,64,1488,52,1488]},"bins": {"c_to_s": [14,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.717588902,5.118823528,5.032077789,5.908517361,5.014835358,5.756928444,5.008133411,7.799871445,4.969672203,5.727755070,5.022979259,7.804618359,4.991729736,5.911708832,5.115703106,5.816450596,5.000318527,6.365411758,5.053297043,5.822424412,5.122175217,7.722197533,5.053297043,7.724967480,5.091758728,7.731284142,5.053297043,7.722201347,5.153425217,7.742957592,5.053297043,7.725163937]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +02199{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":450,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1463089073321163,"flow_src_last_pkt_time":1463089073801051,"flow_dst_last_pkt_time":1463089073804152,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":484,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":484,"flow_dst_tot_l4_payload_len":18086,"midstream":0,"thread_ts_usec":1463089073804152,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":142,"avg":31060.5,"max":183686,"stddev":54622.5,"var":2983621632.0,"ent":3.4,"data": [62151,62179,142,161101,22711,183686,5733,5740,2565,2546,10538,10551,5220,5299,3225,3182,2451,2404,5526,5539,2866,2854,2576,2563,4789,4821,162100,162064,26294,26318,3143]},"pktlen": {"min":52,"avg":633.2,"max":1488,"stddev":674.0,"var":454231.7,"ent":4.1,"data": [60,60,52,536,52,479,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,479,64,1488,52,1488]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.684255600,5.152156830,4.993616104,5.845283031,5.077241421,5.771981716,5.032077789,7.798841476,5.014835358,7.818611622,5.091758728,7.745497227,5.091758728,7.718579292,5.091758728,7.835317612,5.014835358,7.586729527,5.091758728,7.852894306,5.053297043,7.826751709,5.091758728,7.851661682,4.969671726,7.833436489,5.053297043,5.785848141,5.090925217,7.852241993,5.014835835,7.846589088]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":5,"flow_src_last_pkt_time":1463089073616324,"flow_dst_last_pkt_time":1463089073885851,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1463089073885851,"pkt":"eJKcD6iOkDVu60UQCABFAAA0e6lAADgGIFddvIb2wKgBaQBQi+OyanX2+fqAX4AQAqSCEQAAAQEICgN2DmEAQQo9"} -02208{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1463089073334322,"flow_src_last_pkt_time":1463089073888564,"flow_dst_last_pkt_time":1463089073891278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":473,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":473,"flow_dst_tot_l4_payload_len":18114,"midstream":0,"thread_ts_usec":1463089073891278,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":137,"avg":35845.1,"max":252228,"stddev":55584.3,"var":3089619200.0,"ent":3.8,"data": [50173,50197,137,181460,70884,252228,2685,2690,2552,2523,4210,4257,31840,31804,8134,8135,11411,11401,8727,8746,2645,2641,7148,7148,13606,13617,66334,66313,92394,92405,2753]},"pktlen": {"min":52,"avg":633.7,"max":1488,"stddev":673.8,"var":454044.4,"ent":4.1,"data": [60,60,52,525,52,493,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,493,64,1488,52,1488]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.650922298,5.152156830,4.993616104,5.858173847,5.077241421,5.751578331,5.032077789,7.309309959,5.014835358,7.854790211,5.053297043,7.861942291,4.976373672,7.880206108,5.014835358,7.834024906,4.976373672,7.858521461,5.000318050,7.864043236,5.053297043,7.880113125,4.937911987,7.884674549,4.923395157,7.850847721,5.014835358,5.755910873,5.090925217,7.855472088,5.053297043,7.856210232]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +02201{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":495,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1463089073334322,"flow_src_last_pkt_time":1463089073888564,"flow_dst_last_pkt_time":1463089073891278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":473,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":473,"flow_dst_tot_l4_payload_len":18114,"midstream":0,"thread_ts_usec":1463089073891278,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":137,"avg":35845.1,"max":252228,"stddev":55584.3,"var":3089619200.0,"ent":3.8,"data": [50173,50197,137,181460,70884,252228,2685,2690,2552,2523,4210,4257,31840,31804,8134,8135,11411,11401,8727,8746,2645,2641,7148,7148,13606,13617,66334,66313,92394,92405,2753]},"pktlen": {"min":52,"avg":633.7,"max":1488,"stddev":673.8,"var":454044.4,"ent":4.1,"data": [60,60,52,525,52,493,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,493,64,1488,52,1488]},"bins": {"c_to_s": [15,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [4.650922298,5.152156830,4.993616104,5.858173847,5.077241421,5.751578331,5.032077789,7.309309959,5.014835358,7.854790211,5.053297043,7.861942291,4.976373672,7.880206108,5.014835358,7.834024906,4.976373672,7.858521461,5.000318050,7.864043236,5.053297043,7.880113125,4.937911987,7.884674549,4.923395157,7.850847721,5.014835358,5.755910873,5.090925217,7.855472088,5.053297043,7.856210232]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00778{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1463089073394759,"flow_src_last_pkt_time":1463089073773797,"flow_dst_last_pkt_time":1463089073773608,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":428,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":428,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42275,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01075{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073537120,"flow_src_last_pkt_time":1463089073537120,"flow_dst_last_pkt_time":1463089073537120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} 00774{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073537120,"flow_src_last_pkt_time":1463089073537120,"flow_dst_last_pkt_time":1463089073537120,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"222.73.28.96","src_port":42280,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089073286278,"flow_src_last_pkt_time":1463089073286278,"flow_dst_last_pkt_time":1463089073393823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} +00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089073286278,"flow_src_last_pkt_time":1463089073286278,"flow_dst_last_pkt_time":1463089073393823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":18035,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00961{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089070757761,"flow_src_last_pkt_time":1463089070757761,"flow_dst_last_pkt_time":1463089070841770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":43,"flow_src_tot_l4_payload_len":27,"flow_dst_tot_l4_payload_len":43,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":54988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00922{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071730101,"flow_src_last_pkt_time":1463089071730101,"flow_dst_last_pkt_time":1463089071755114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071730101,"flow_src_last_pkt_time":1463089071730101,"flow_dst_last_pkt_time":1463089071755114,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.69","src_port":37802,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":52,"flow_dst_packets_processed":54,"flow_first_seen":1463089072445019,"flow_src_last_pkt_time":1463089073885499,"flow_dst_last_pkt_time":1463089073885457,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":4308,"flow_src_tot_l4_payload_len":1759,"flow_dst_tot_l4_payload_len":67964,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":40,"flow_first_seen":1463089072445053,"flow_src_last_pkt_time":1463089073773216,"flow_dst_last_pkt_time":1463089073773129,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":483,"flow_dst_max_l4_payload_len":2872,"flow_src_tot_l4_payload_len":1372,"flow_dst_tot_l4_payload_len":48009,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":20,"flow_first_seen":1463089072445071,"flow_src_last_pkt_time":1463089073819572,"flow_dst_last_pkt_time":1463089073819538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":459,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":869,"flow_dst_tot_l4_payload_len":19594,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1463089073319753,"flow_src_last_pkt_time":1463089073551805,"flow_dst_last_pkt_time":1463089073551775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":3351,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":26,"flow_first_seen":1463089073321163,"flow_src_last_pkt_time":1463089073852917,"flow_dst_last_pkt_time":1463089073852895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":484,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":484,"flow_dst_tot_l4_payload_len":32446,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":52,"flow_dst_packets_processed":54,"flow_first_seen":1463089072445019,"flow_src_last_pkt_time":1463089073885499,"flow_dst_last_pkt_time":1463089073885457,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":467,"flow_dst_max_l4_payload_len":4308,"flow_src_tot_l4_payload_len":1759,"flow_dst_tot_l4_payload_len":67964,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35803,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":40,"flow_first_seen":1463089072445053,"flow_src_last_pkt_time":1463089073773216,"flow_dst_last_pkt_time":1463089073773129,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":483,"flow_dst_max_l4_payload_len":2872,"flow_src_tot_l4_payload_len":1372,"flow_dst_tot_l4_payload_len":48009,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":20,"flow_first_seen":1463089072445071,"flow_src_last_pkt_time":1463089073819572,"flow_dst_last_pkt_time":1463089073819538,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":459,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":869,"flow_dst_tot_l4_payload_len":19594,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35805,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1463089073319753,"flow_src_last_pkt_time":1463089073551805,"flow_dst_last_pkt_time":1463089073551775,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":464,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":464,"flow_dst_tot_l4_payload_len":3351,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35806,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":26,"flow_first_seen":1463089073321163,"flow_src_last_pkt_time":1463089073852917,"flow_dst_last_pkt_time":1463089073852895,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":484,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":484,"flow_dst_tot_l4_payload_len":32446,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35807,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00952{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1463089073322446,"flow_src_last_pkt_time":1463089073383893,"flow_dst_last_pkt_time":1463089073383869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1463089073322446,"flow_src_last_pkt_time":1463089073383893,"flow_dst_last_pkt_time":1463089073383869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35808,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1463089073334322,"flow_src_last_pkt_time":1463089073893914,"flow_dst_last_pkt_time":1463089073893878,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":473,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":473,"flow_dst_tot_l4_payload_len":19550,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +00982{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":17,"flow_first_seen":1463089073334322,"flow_src_last_pkt_time":1463089073893914,"flow_dst_last_pkt_time":1463089073893878,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":473,"flow_dst_max_l4_payload_len":1436,"flow_src_tot_l4_payload_len":473,"flow_dst_tot_l4_payload_len":19550,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35809,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1463089073424339,"flow_src_last_pkt_time":1463089073616324,"flow_dst_last_pkt_time":1463089073885851,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":398,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":398,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.246","src_port":35811,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00926{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071994093,"flow_src_last_pkt_time":1463089071994093,"flow_dst_last_pkt_time":1463089072138578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071994093,"flow_src_last_pkt_time":1463089071994093,"flow_dst_last_pkt_time":1463089072138578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"54.225.163.210","src_port":40440,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -236,8 +236,8 @@ 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073760724,"flow_src_last_pkt_time":1463089073760724,"flow_dst_last_pkt_time":1463089073760724,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52272,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01048{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073788865,"flow_src_last_pkt_time":1463089073788865,"flow_dst_last_pkt_time":1463089073788865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073788865,"flow_src_last_pkt_time":1463089073788865,"flow_dst_last_pkt_time":1463089073788865,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"42.156.184.19","src_port":52274,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01089{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089072333305,"flow_src_last_pkt_time":1463089072333305,"flow_dst_last_pkt_time":1463089072444805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} -00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089072885992,"flow_src_last_pkt_time":1463089072885992,"flow_dst_last_pkt_time":1463089073423772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":148,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} +01082{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089072333305,"flow_src_last_pkt_time":1463089072333305,"flow_dst_last_pkt_time":1463089072444805,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":149,"flow_src_tot_l4_payload_len":33,"flow_dst_tot_l4_payload_len":149,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":53543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"49": {"risk":"Minor Issues","severity":"Low","risk_score": {"total":210,"client":105,"server":105}}},"confidence": {"6":"DPI"},"proto":"DNS.Sina","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} +00966{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089072885992,"flow_src_last_pkt_time":1463089072885992,"flow_dst_last_pkt_time":1463089073423772,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":148,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":41352,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073424254,"flow_src_last_pkt_time":1463089073424254,"flow_dst_last_pkt_time":1463089073424254,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":16804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00922{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089072046092,"flow_src_last_pkt_time":1463089072046092,"flow_dst_last_pkt_time":1463089072070732,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089072046092,"flow_src_last_pkt_time":1463089072046092,"flow_dst_last_pkt_time":1463089072070732,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.212.65","src_port":34699,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -247,9 +247,9 @@ 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073488783,"flow_src_last_pkt_time":1463089073488783,"flow_dst_last_pkt_time":1463089073488783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48353,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01048{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073537924,"flow_src_last_pkt_time":1463089073537924,"flow_dst_last_pkt_time":1463089073537924,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073537924,"flow_src_last_pkt_time":1463089073537924,"flow_dst_last_pkt_time":1463089073537924,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"140.205.174.1","src_port":48356,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071551377,"flow_src_last_pkt_time":1463089071551377,"flow_dst_last_pkt_time":1463089071612902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Sina(Weibo)","proto_id":"5.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} +00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071551377,"flow_src_last_pkt_time":1463089071551377,"flow_dst_last_pkt_time":1463089071612902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":31,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":7148,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.SinaWeibo","proto_id":"5.356","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089073289058,"flow_src_last_pkt_time":1463089073289058,"flow_dst_last_pkt_time":1463089073763925,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":124,"flow_src_tot_l4_payload_len":34,"flow_dst_tot_l4_payload_len":124,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":33822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00948{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1463089067804779,"flow_src_last_pkt_time":1463089068490775,"flow_dst_last_pkt_time":1463089068491086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":618,"flow_src_tot_l4_payload_len":753,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +00979{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1463089067804779,"flow_src_last_pkt_time":1463089068490775,"flow_dst_last_pkt_time":1463089068491086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":618,"flow_src_tot_l4_payload_len":753,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1463089067804779,"flow_src_last_pkt_time":1463089068490775,"flow_dst_last_pkt_time":1463089068491086,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":311,"flow_dst_max_l4_payload_len":618,"flow_src_tot_l4_payload_len":753,"flow_dst_tot_l4_payload_len":813,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00963{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1463089070841932,"flow_src_last_pkt_time":1463089071547268,"flow_dst_last_pkt_time":1463089071891757,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":635,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":635,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59119,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00951{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1463089070841976,"flow_src_last_pkt_time":1463089071198637,"flow_dst_last_pkt_time":1463089071198585,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59120,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} @@ -258,13 +258,13 @@ 00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1463089071008468,"flow_src_last_pkt_time":1463089071348686,"flow_dst_last_pkt_time":1463089071348610,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"114.134.80.162","src_port":59121,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00922{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071046082,"flow_src_last_pkt_time":1463089071046082,"flow_dst_last_pkt_time":1463089071094149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089071046082,"flow_src_last_pkt_time":1463089071046082,"flow_dst_last_pkt_time":1463089071094149,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.206","src_port":35154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00949{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1463089070755684,"flow_src_last_pkt_time":1463089072356956,"flow_dst_last_pkt_time":1463089072331449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":965,"flow_dst_tot_l4_payload_len":621,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {}}} +00980{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1463089070755684,"flow_src_last_pkt_time":1463089072356956,"flow_dst_last_pkt_time":1463089072331449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":965,"flow_dst_tot_l4_payload_len":621,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","quic": {"quic_version":"Unknown (0000)"}}} 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1463089070755684,"flow_src_last_pkt_time":1463089072356956,"flow_dst_last_pkt_time":1463089072331449,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":25,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":364,"flow_dst_max_l4_payload_len":391,"flow_src_tot_l4_payload_len":965,"flow_dst_tot_l4_payload_len":621,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.227","src_port":53656,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073479208,"flow_src_last_pkt_time":1463089073479208,"flow_dst_last_pkt_time":1463089073479208,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50533,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":39,"flow_first_seen":1463089071613246,"flow_src_last_pkt_time":1463089072438109,"flow_dst_last_pkt_time":1463089072438075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":2872,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":31448,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Sina(Weibo)","proto_id":"7.200","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":39,"flow_first_seen":1463089071613246,"flow_src_last_pkt_time":1463089072438109,"flow_dst_last_pkt_time":1463089072438075,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":450,"flow_dst_max_l4_payload_len":2872,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":31448,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.SinaWeibo","proto_id":"7.356","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} 01196{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1463089073287324,"flow_src_last_pkt_time":1463089073287324,"flow_dst_last_pkt_time":1463089073760507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":115,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":115,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"16": {"risk":"Susp DGA Domain name","severity":"High","risk_score": {"total":150,"client":75,"server":75}},"27": {"risk":"Risky Domain Name","severity":"Medium","risk_score": {"total":460,"client":350,"server":110}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1463089073394448,"flow_src_last_pkt_time":1463089073394448,"flow_dst_last_pkt_time":1463089073394448,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":35,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1463089073893914,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":498,"packets-processed":498,"total-skipped-flows":0,"total-l4-payload-len":234875,"total-not-detected-flows":0,"total-guessed-flows":21,"total-detected-flows":23,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":44,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":267,"global_ts_usec":1463089073893914} +00643{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/weibo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":498,"packets-processed":498,"total-skipped-flows":0,"total-l4-payload-len":234875,"total-not-detected-flows":0,"total-guessed-flows":21,"total-detected-flows":23,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":44,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":267,"global_ts_usec":1463089073893914} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 498/498 ~~ skipped flows.............: 0 @@ -273,10 +273,10 @@ ~~ total active/idle flows...: 44/44 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7877889 bytes -~~ total memory freed........: 7877889 bytes -~~ total allocations/frees...: 147406/147406 +~~ total memory allocated....: 11585820 bytes +~~ total memory freed........: 11585820 bytes +~~ total allocations/frees...: 217660/217660 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 528 chars -~~ json string max len.......: 2222 chars -~~ json string avg len.......: 1375 chars +~~ json string max len.......: 2215 chars +~~ json string avg len.......: 1371 chars diff --git a/test/results/default/whatsapp.pcap.out b/test/results/default/whatsapp.pcap.out index cf2bed19b..5038fa935 100644 --- a/test/results/default/whatsapp.pcap.out +++ b/test/results/default/whatsapp.pcap.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655030801747000} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655030801747000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655030801747000,"flow_src_last_pkt_time":1655030801747000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655030801747000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655030801747000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655030801747000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ABpAAD8GAijAqAJkszzDMa8EFGbkDT9OAAAAAKAC\/\/\/IawAAAgQFtAQCCArFapnmAAAAAAEDAwk="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655030801776000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655030801776000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ABtAAD8GAi\/AqAJkszzDMa8EFGbkDT9PTyfQe4AQAKy6dAAAAQEICsVqmgM2ROYE"} @@ -7,7 +7,7 @@ 00929{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1655030801890000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":350,"pkt_l4_len":316,"thread_ts_usec":1655030801890000,"pkt":"eJS0JASgYDjgxTWgCABFAAFQAB1AAD8GARHAqAJkszzDMa8EFGbkDT9TTyfQe4AYAKyJ+wAAAQEICsVqmnU2ROZ3AAAECAkIAldBBQIAAQ4SiwIKIDj7+pXlvAgmViwpUlFGYvO7\/yYma2eom\/G2OTNSuB9CEjDDX+ArZolS0PQnuB247fnbmCRsbrfgMrMGVJKMEE0t2\/JRP8Web3dbO7XmVIhSAMUatAGDAKIxOIhCtS95+1nqKJyrSC2PmyXih4qhdJJJio4iS3y2E7TtcgDKuHyZ\/UvYMWM1fN9zY73yjAQyazTEx2GF7o2qsRZh+ii4dJBC1jpfEIfBRkuogNaLxnCXPsblfV1VotCn1Pe51mjYXnk7cnPMyVrGE9EczxjQfevJacaaYgo8HcbO\/l9KLqGgkMzIQe5860q0eu8zygvB+CnrGia9AmXhxwG9DXMaMKJhPVwRBswrmz0="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655030801747000,"flow_src_last_pkt_time":1655030801890000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655030801890000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1655030802021000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655030802021000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0AB5AAD8GAizAqAJkszzDMa8EFGbkDUBvTyfQtIAQAKy3MAAAAQEICsVqmvg2ROb6"} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1655031983762000} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":10,"packets-processed":9,"total-skipped-flows":0,"total-l4-payload-len":1537,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1655031983762000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655031983762000,"flow_src_last_pkt_time":1655031983762000,"flow_dst_last_pkt_time":1655031983762000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655031983762000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40084,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1655031983762000,"flow_dst_last_pkt_time":1655031983762000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655031983762000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8wNRAAD8GQW3AqAJkszzDMZyUFGb3fC5VAAAAAKAC\/\/8sUAAAAgQFtAQCCAo3N9QvAAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1655031983792000,"flow_dst_last_pkt_time":1655031983762000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655031983792000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0wNVAAD8GQXTAqAJkszzDMZyUFGb3fC5W\/Bdho4AQAIAA5AAAAQEICjc31GXWXSVb"} @@ -22,7 +22,7 @@ 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1655032257115000,"flow_dst_last_pkt_time":1655032256845000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1655032257115000,"pkt":"eJS0JASgYDjgxTWgCABFAAA\/\/WVAAD8GBNnAqAJkszzDMaUgFGax9BltNUwtP4AYAVcS1AAAAQEICkZl\/WKo3wJ9AAAECAkIAldBBQI="} 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655032256845000,"flow_src_last_pkt_time":1655032257115000,"flow_dst_last_pkt_time":1655032256845000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":11,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655032257115000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42272,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1655032257144000,"flow_dst_last_pkt_time":1655032256845000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"thread_ts_usec":1655032257144000,"pkt":"eJS0JASgYDjgxTWgCABFAAE6\/WZAAD8GA93AqAJkszzDMaUgFGax9Bl4NUwtP4AYAVeyGgAAAQEICkZl\/X+o3wKaAAEDEoACCiAZZWNRxkRzymWLkvWv1TnfFzp\/HkwlWZjEklDe99VAfhIwme3J57adounR96qJXaoGJ9\/P\/qwfwkKChs9JuHY8Xv1MEqhXwWeQFybfIOgJQA\/aGqkBC5bxG\/SW8DPfHniUt1jbZ2dRLdxurPEJvB\/Or4kxrapciCjPoSjKvgXme6PN\/oOHzq0gKZq9SGSx6FhHIihHWnH8eK0VSUc53EWTGnhN\/30gQHZh9un0MZ0+ia7xXgMk385gTrfAQvxkkWPB7B4ett3W7NEuQnJkmSj1NTGse5fecHmRPAfc6h2TEgsk+0mvyE6X9Ilvw4d9UKzTB5jTpCZ3DqZZbwdPng=="} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":2151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1655032857220000} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":26,"packets-processed":25,"total-skipped-flows":0,"total-l4-payload-len":2151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_usec":1655032857220000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655032857220000,"flow_src_last_pkt_time":1655032857220000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655032857220000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1655032857220000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655032857220000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8wH9AAD8GQcLAqAJkszzDMaXEFGbLQu4oAAAAAKAC\/\/8vAgAAAgQFtAQCCApGbyV9AAAAAAEDAwg="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1655032857250000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655032857250000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0wIBAAD8GQcnAqAJkszzDMaXEFGbLQu4pkG\/w9oAQAVfp3wAAAQEICkZvJafXThmp"} @@ -30,7 +30,7 @@ 00913{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1655032857857000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655032857857000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFwIJAAD8GQLbAqAJkszzDMaXEFGbLQu4tkG\/w9oAYAVdjHAAAAQEICkZvKAfXThwIAAAECAkIAldBBQIAAQMSgAIKIK1KJx1PnKk1pL6t1MbgR11TASauAEZZazQ8SNc\/svphEjD1vsMAWwdxY7rp\/NBRE9fSJSDyQi2+YPf8MDFZb9yUAo8hEfqWNj2VoAZlwbyUx7UaqQG3zFrlHQDyS4ZUUK3HVSlPbCD0Wgk3Ie2BeEz\/OeAu15sD6W1uI3uFpQv1KsNJoxw5uFL0w0Bf3eU0e0j49oXwcNam2mnkVU9nxM8q4z6rlcyPmMv7rJ1Ofv1AYGAKVUn75C3mXm3ER4vAezfKAKZaBPXqtk9FYf8ZZEhUBMSwluTw1l4fXnb52oHkYSgIZir3UMauZ9RA5GDs1Tvk37bRwa3Xi+YrHTKb"} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655032857220000,"flow_src_last_pkt_time":1655032857857000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655032857857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1655032858009000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655032858009000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0wINAAD8GQcbAqAJkszzDMaXEFGbLQu8+kG\/xL4AQAVfioQAAAQEICkZvKJ\/XThyh"} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":34,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":2468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1655033482376000} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":34,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":2468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1655033482376000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655033482376000,"flow_src_last_pkt_time":1655033482376000,"flow_dst_last_pkt_time":1655033482376000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655033482376000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40178,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1655033482376000,"flow_dst_last_pkt_time":1655033482376000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655033482376000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8gelAAD8GgFjAqAJkszzDMZzyFGaeLx0YAAAAAKAC\/\/83kgAAAgQFtAQCCAo3PDMVAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1655033482414000,"flow_dst_last_pkt_time":1655033482376000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655033482414000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0gepAAD8GgF\/AqAJkszzDMZzyFGaeLx0Zpn\/BEoAQAIBtAgAAAQEICjc8MzXDJ83z"} @@ -52,7 +52,7 @@ 00941{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1655033850680000,"flow_dst_last_pkt_time":1655033850395000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":1655033850680000,"pkt":"eJS0JASgYDjgxTWgCABFAAFW8OZAAD8GEEHAqAJkszzDMZ0MFGa\/1NfHoiLOPYAYAIDqqQAAAQEICjc9xrppw+BLAAAECAsICVdBBQIAARQSkQIKIIWiVZcpSaSpS0wa6A1pLwk8Zk1\/z9qJ1T6f4Z\/2lZVXEjDQa\/Mzv1Xbe6yEXg1RMK7xAVWS5\/gg0yRaYkQ\/jmAXm8ZLLIy2AJqWxAZXLpRaD1QaugF+sjMVYJRs7OSYVpKL05qk8NYHnUetCeAnd6JfcTDEz+ZetSOCyq08mxgiwl8Af\/7SbFLFgX2H8i8LiJr0ImpshHYvlAL+KzUXxI7jj2H41W4vlUGdwN6mhJKreWveUBLOkSgxvVZcNAq4rxdBzulcV262lISooGtBZtHXy9rzLxZq0hu6\/gqiUgRR1zMURpouCFSl2EsY6RluLOlw2t8mrRqh8qCUrKg6h4K23MHuam9NZfZMLtWpZOw="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655033850395000,"flow_src_last_pkt_time":1655033850680000,"flow_dst_last_pkt_time":1655033850395000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655033850680000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40204,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1655033850885000,"flow_dst_last_pkt_time":1655033850395000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655033850885000,"pkt":"eJS0JASgYDjgxTWgCABFAAA08OdAAD8GEWLAqAJkszzDMZ0MFGa\/1NjpoiLOdoAQAIA39AAAAQEICjc9x41pw+F1"} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":3413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1655034332550000} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-payload-len":3413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1655034332550000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655034332550000,"flow_src_last_pkt_time":1655034332550000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655034332550000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1655034332550000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655034332550000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8s3tAAD8GTsbAqAJkszzDMbNsFGaY2PgHAAAAAKAC\/\/+CVAAAAgQFtAQCCArFiW3yAAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1655034332580000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655034332580000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0s3xAAD8GTs3AqAJkszzDMbNsFGaY2PgILoO694AQAKylowAAAQEICsWJbhFxU6\/V"} @@ -60,7 +60,7 @@ 00930{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1655034332681000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":350,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":350,"pkt_l4_len":316,"thread_ts_usec":1655034332681000,"pkt":"eJS0JASgYDjgxTWgCABFAAFQs35AAD8GTa\/AqAJkszzDMbNsFGaY2PgMLoO694AYAKyIQwAAAQEICsWJbnVxU7A5AAAECAkIAldBBQIAAQ4SiwIKIKHufl5sXussMAhh0p2\/ov1K8qbgZUmwKi9OWg6ykiwzEjA0l5XOlCDi1Vokb77mNfeOWPrLzKrl4cBvJSnz6b6OpllKXqNELvV9TjDMNg9m2NsatAGEAtqJL0uvfBOEv9jC9l6jTRNc\/NKsEOvisYVSReExtAE04Pzl+dAtiLjrZ6MqtBqeDLLi4SlEeeSkOLjMHl\/ISCl0Dm\/xeIkCziwQn25As52c8XcuNRHVxMJak4sKuuCm4KKx09ssdIeVR2SXPMdDxTXZpZZTV92cShnAxFetZFuoG2g6Jlthv1eik9as3VMscANTNS4dKc0FH1iioHEVa9f2dyF04y5o88Mw6CjlmL7HByE="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655034332550000,"flow_src_last_pkt_time":1655034332681000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":288,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655034332681000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1655034332808000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655034332808000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0s39AAD8GTsrAqAJkszzDMbNsFGaY2PkoLoO7MIAQAKyihAAAAQEICsWJbvRxU7C4"} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":66,"packets-processed":65,"total-skipped-flows":0,"total-l4-payload-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1655036863658000} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":66,"packets-processed":65,"total-skipped-flows":0,"total-l4-payload-len":3741,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":8,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_usec":1655036863658000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655036863658000,"flow_src_last_pkt_time":1655036863658000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655036863658000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1655036863658000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655036863658000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8VU1AAD8GrPTAqAJkszzDMZ\/6FGZJAAaOAAAAAKAC\/\/\/gngAAAgQFtAQCCAo3avKLAAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1655036863694000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655036863694000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0VU5AAD8GrPvAqAJkszzDMZ\/6FGZJAAaPQBkrQIAQAIAuZAAAAQEICjdq8tim3M31"} @@ -68,7 +68,7 @@ 00938{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1655036863823000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":1655036863823000,"pkt":"eJS0JASgYDjgxTWgCABFAAFWVVBAAD8Gq9fAqAJkszzDMZ\/6FGZJAAaTQBkrQIAYAIAw3wAAAQEICjdq81mm3M5rAAAECAsICVdBBQIAARQSkQIKIAI3u8Y0o0ZFT\/OtJzcX3UaQ\/IWQGdbv0wEMHTK1l6woEjDMb3ve3Vlqa1zLSyWsq7HX19F5FqxgNDPVPZovnbkaWWTiEYUfyj9dhIYbLUbhjpoaugEYt5e54yUK0Dz2mXgmLjkLbqfw43funUzgI06KJeAdOTz48asdCtBqKsa57JzlcA8hKYLsAYAMXhENhJAMeKh+7iZsKK6QLl2OW+eCsVwf0sdlSSfzN0BeoIQW9Wt0qe8vcVYbW8VUzvTywUdhc5Eibzu+tOU31RbI\/1Q822GOha0izKT6E5UicKg7VroJrRkc6v4BGSSjH+7x5dR4DHzXhQPdVB2E0D9ObRCPXt2S8u\/UAiy1f3hsiJw="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655036863658000,"flow_src_last_pkt_time":1655036863823000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655036863823000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":5,"flow_src_last_pkt_time":1655036863976000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655036863976000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0VVFAAD8GrPjAqAJkszzDMZ\/6FGZJAAe1QBkreYAQAIAq0wAAAQEICjdq8\/Km3M8N"} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":4075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":9,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_usec":1655037784969000} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-payload-len":4075,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":9,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":71,"global_ts_usec":1655037784969000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655037784969000,"flow_src_last_pkt_time":1655037784969000,"flow_dst_last_pkt_time":1655037784969000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655037784969000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41214,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1655037784969000,"flow_dst_last_pkt_time":1655037784969000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655037784969000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8eZJAAD8GiK\/AqAJkszzDMaD+FGaPGwMEAAAAAKAC\/\/\/PkAAAAgQFtAQCCAo3eL\/2AAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1655037785024000,"flow_dst_last_pkt_time":1655037784969000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655037785024000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0eZNAAD8GiLbAqAJkszzDMaD+FGaPGwMFTC+Ch4AQAIA0RwAAAQEICjd4wGKeH1xF"} @@ -83,7 +83,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_src_last_pkt_time":1655037943383000,"flow_dst_last_pkt_time":1655037943346000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655037943383000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7ZINAAD8Gnc\/AqAJkszzDIb+CFGZJeEXBlbThyYAYAKzl3AAAAQEIClkJjtmTiu6cAAAECAkIBQ=="} 01057{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655037943346000,"flow_src_last_pkt_time":1655037943383000,"flow_dst_last_pkt_time":1655037943346000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655037943383000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":49026,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":5,"flow_src_last_pkt_time":1655037943384000,"flow_dst_last_pkt_time":1655037943346000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655037943384000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4ZIRAAD8GndHAqAJkszzDIb+CFGZJeEXIlbThyYAYAKybpQAAAQEIClkJjtmTiu6cV0EFAg=="} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":6885,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":11,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":86,"global_ts_usec":1655038737650000} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-payload-len":6885,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":11,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":86,"global_ts_usec":1655038737650000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655038737650000,"flow_src_last_pkt_time":1655038737650000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655038737650000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1655038737650000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655038737650000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8+jpAAD8GCAfAqAJkszzDMaFIFGaFGhCGAAAAAKAC\/\/9PGwAAAgQFtAQCCAo3gTyYAAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1655038737824000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655038737824000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0+jtAAD8GCA7AqAJkszzDMaFIFGaFGhCH4E9fBoAQAIAQ0gAAAQEICjeBPUjxtjrK"} @@ -92,7 +92,7 @@ 01060{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655038737650000,"flow_src_last_pkt_time":1655038738036000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655038738036000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1655038738226000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655038738226000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0+j5AAD8GCAvAqAJkszzDMaFIFGaFGhGt4E9fP4AQAIAL\/wAAAQEICjeBPsPxtjzD"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1655030801747000,"flow_src_last_pkt_time":1655030802079000,"flow_dst_last_pkt_time":1655030801747000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1537,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655038738381000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":44804,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":98,"packets-processed":97,"total-skipped-flows":0,"total-l4-payload-len":7219,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":12,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":95,"global_ts_usec":1655041569928000} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":98,"packets-processed":97,"total-skipped-flows":0,"total-l4-payload-len":7219,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":12,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":95,"global_ts_usec":1655041569928000} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655041569928000,"flow_src_last_pkt_time":1655041569928000,"flow_dst_last_pkt_time":1655041569928000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655041569928000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1655041569928000,"flow_dst_last_pkt_time":1655041569928000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655041569928000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8yNhAAD8GOWnAqAJkszzDMaKKFGb8FC6CAAAAAKAC\/\/\/RUwAAAgQFtAQCCAo3qCQAAAAAAAEDAwk="} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1655041569964000,"flow_dst_last_pkt_time":1655041569928000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655041569964000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0yNlAAD8GOXDAqAJkszzDMaKKFGb8FC6DekSzAYAQAIDQKAAAAQEICjeoJCQj994H"} @@ -106,7 +106,7 @@ 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655033850395000,"flow_src_last_pkt_time":1655033851037000,"flow_dst_last_pkt_time":1655033850395000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655041570363000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40204,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655032256845000,"flow_src_last_pkt_time":1655032257332000,"flow_dst_last_pkt_time":1655032256845000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655041570363000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42272,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655032857220000,"flow_src_last_pkt_time":1655032858052000,"flow_dst_last_pkt_time":1655032857220000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655041570363000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":42436,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":7516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":13,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":109,"global_ts_usec":1655042688447000} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-payload-len":7516,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":13,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":109,"global_ts_usec":1655042688447000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655042688447000,"flow_src_last_pkt_time":1655042688447000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655042688447000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41808,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1655042688447000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655042688447000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8k4BAAD8GbsHAqAJkszzDMaNQFGac145xAAAAAKAC\/\/+5KwAAAgQFtAQCCAo3tzqhAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1655042688525000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655042688525000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0k4FAAD8GbsjAqAJkszzDMaNQFGac145yikooJoAQAIAprAAAAQEICje3OwWKYYCH"} @@ -115,7 +115,7 @@ 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655042688447000,"flow_src_last_pkt_time":1655042689683000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":11,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655042689683000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41808,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":5,"flow_src_last_pkt_time":1655042689901000,"flow_dst_last_pkt_time":1655042688447000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_usec":1655042689901000,"pkt":"eJS0JASgYDjgxTWgCABFAAA3k4RAAD8GbsLAqAJkszzDMaNQFGac146BikooJoAYAIALawAAAQEICje3QFiKYYVaAAEU"} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655034332550000,"flow_src_last_pkt_time":1655034332854000,"flow_dst_last_pkt_time":1655034332550000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":284,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":328,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655042690163000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45932,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":114,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":7810,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":118,"global_ts_usec":1655043596112000} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":114,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":7810,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":14,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":118,"global_ts_usec":1655043596112000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655043596112000,"flow_src_last_pkt_time":1655043596112000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043596112000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1655043596112000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655043596112000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8sPxAAD8GUVXAqAJkszzDIZJqFGboXByKAAAAAKAC\/\/9iMwAAAgQFtAQCCAoEt\/vxAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":115,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1655043596145000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655043596145000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0sP1AAD8GUVzAqAJkszzDIZJqFGboXByLxoplnYAQAKyC0AAAAQEICgS3\/BKyfC6v"} @@ -123,7 +123,7 @@ 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":4,"flow_src_last_pkt_time":1655043596146000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655043596146000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7sP9AAD8GUVPAqAJkszzDIZJqFGboXByPxoplnYAYAKxwrAAAAQEICgS3\/BOyfC6vAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655043596112000,"flow_src_last_pkt_time":1655043596146000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655043596146000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":5,"flow_src_last_pkt_time":1655043596147000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655043596147000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4sQBAAD8GUVXAqAJkszzDIZJqFGboXByWxoplnYAYAKwmdAAAAQEICgS3\/BSyfC6vV0EFAg=="} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":122,"packets-processed":121,"total-skipped-flows":0,"total-l4-payload-len":9083,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":15,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":126,"global_ts_usec":1655044288744000} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":122,"packets-processed":121,"total-skipped-flows":0,"total-l4-payload-len":9083,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":15,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":126,"global_ts_usec":1655044288744000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655044288744000,"flow_src_last_pkt_time":1655044288744000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044288744000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1655044288744000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655044288744000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8Rj1AAD8GvBTAqAJkszzDIZLOFGbS4v0+AAAAAKAC\/\/8FAwAAAgQFtAQCCAoEwo14AAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1655044288776000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655044288776000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Rj5AAD8GvBvAqAJkszzDIZLOFGbS4v0\/XwbxEoAQAKw+pwAAAQEICgTCjaZrpjiA"} @@ -131,7 +131,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":4,"flow_src_last_pkt_time":1655044288777000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655044288777000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7RkBAAD8GvBLAqAJkszzDIZLOFGbS4v1DXwbxEoAYAKwsgwAAAQEICgTCjadrpjiAAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":125,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655044288744000,"flow_src_last_pkt_time":1655044288777000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044288777000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":126,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":5,"flow_src_last_pkt_time":1655044288780000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655044288780000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4RkFAAD8GvBTAqAJkszzDIZLOFGbS4v1KXwbxEoAYAKziSgAAAQEICgTCjahrpjiAV0EFAg=="} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":130,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":10356,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":16,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":134,"global_ts_usec":1655044965142000} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":130,"packets-processed":129,"total-skipped-flows":0,"total-l4-payload-len":10356,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":16,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":134,"global_ts_usec":1655044965142000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655044965142000,"flow_src_last_pkt_time":1655044965142000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044965142000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1655044965142000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655044965142000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8At1AAD8G\/2TAqAJkszzDMbK6FGZec+QxAAAAAKAC\/\/+2PgAAAgQFtAQCCApG+geGAAAAAAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1655044965172000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655044965172000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0At5AAD8G\/2vAqAJkszzDMbK6FGZec+QyZebbNIAQAVdZxAAAAQEICkb6B6qVR7NZ"} @@ -140,7 +140,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655044965142000,"flow_src_last_pkt_time":1655044965221000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044965221000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":5,"flow_src_last_pkt_time":1655044965369000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655044965369000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0AuFAAD8G\/2jAqAJkszzDMbK6FGZec+VHZebbbYAQAVdW7QAAAQEICkb6CG+VR7Qd"} 01099{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655036863658000,"flow_src_last_pkt_time":1655036864020000,"flow_dst_last_pkt_time":1655036863658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655044965409000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":138,"packets-processed":137,"total-skipped-flows":0,"total-l4-payload-len":10673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":17,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":143,"global_ts_usec":1655045751925000} +00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":138,"packets-processed":137,"total-skipped-flows":0,"total-l4-payload-len":10673,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":17,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":17,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":143,"global_ts_usec":1655045751925000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655045751925000,"flow_src_last_pkt_time":1655045751925000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655045751925000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45824,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1655045751925000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655045751925000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8tn9AAD8GS8LAqAJkszzDMbMAFGajVEhsAAAAAKAC\/\/+wTwAAAgQFtAQCCApG\/mQPAAAAAAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1655045751957000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655045751957000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0toBAAD8GS8nAqAJkszzDMbMAFGajVEhtoOKxA4AQAVeXTwAAAQEICkb+ZC\/0vP+i"} @@ -150,7 +150,7 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":5,"flow_src_last_pkt_time":1655045752137000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655045752137000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0toNAAD8GS8bAqAJkszzDMbMAFGajVEmCoOKxPIAQAVeUmAAAAQEICkb+ZOP0vQBX"} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655037943346000,"flow_src_last_pkt_time":1655037943539000,"flow_dst_last_pkt_time":1655037943346000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1249,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2513,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655045752178000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":49026,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655037784969000,"flow_src_last_pkt_time":1655037785423000,"flow_dst_last_pkt_time":1655037784969000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655045752178000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41214,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":10990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":18,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":153,"global_ts_usec":1655049443230000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":146,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":10990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":18,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":153,"global_ts_usec":1655049443230000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655049443230000,"flow_src_last_pkt_time":1655049443230000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655049443230000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46406,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1655049443230000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655049443230000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8KCVAAD8G2hzAqAJkszzDMbVGFGZeo\/3WAAAAAKAC\/\/\/eUwAAAgQFtAQCCApHIcLoAAAAAAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1655049443263000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655049443263000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0KCZAAD8G2iPAqAJkszzDMbVGFGZeo\/3XmmmBIoAQAVfWlwAAAQEICkchwwlHYNIU"} @@ -160,7 +160,7 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":5,"flow_src_last_pkt_time":1655049443533000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655049443533000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0KClAAD8G2iDAqAJkszzDMbVGFGZeo\/7smmmBW4AQAVfTLgAAAQEICkchxBdHYNMh"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655038737650000,"flow_src_last_pkt_time":1655038738381000,"flow_dst_last_pkt_time":1655038737650000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655049443593000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41288,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655041569928000,"flow_src_last_pkt_time":1655041570363000,"flow_dst_last_pkt_time":1655041569928000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655049443593000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":41610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":154,"packets-processed":153,"total-skipped-flows":0,"total-l4-payload-len":11307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":19,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":163,"global_ts_usec":1655050704430000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":154,"packets-processed":153,"total-skipped-flows":0,"total-l4-payload-len":11307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":19,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":163,"global_ts_usec":1655050704430000} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655050704430000,"flow_src_last_pkt_time":1655050704430000,"flow_dst_last_pkt_time":1655050704430000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655050704430000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.83.49","src_port":40224,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1655050704430000,"flow_dst_last_pkt_time":1655050704430000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655050704430000,"pkt":"eJS0JASgYDjgxTWgCABFAAA84MFAAD8GJbDAqAJkHw1TMZ0gFGZ02VSkAAAAAKAC\/\/8otQAAAgQFtAQCCAoO3mAcAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":2,"flow_src_last_pkt_time":1655050704485000,"flow_dst_last_pkt_time":1655050704430000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655050704485000,"pkt":"eJS0JASgYDjgxTWgCABFAAA04MJAAD8GJbfAqAJkHw1TMZ0gFGZ02VSlljrOS4AQAKxhJgAAAQEICg7eYFQ9kVNR"} @@ -177,7 +177,7 @@ 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655051220512000,"flow_src_last_pkt_time":1655051220578000,"flow_dst_last_pkt_time":1655051220512000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051220578000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45470,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":5,"flow_src_last_pkt_time":1655051220580000,"flow_dst_last_pkt_time":1655051220512000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655051220580000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4rVRAAD8GVQHAqAJkszzDIbGeFGYTOuP28T6CsoAYAKzQiQAAAQEICgUsUt67e8sgV0EFAg=="} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655043596112000,"flow_src_last_pkt_time":1655043596381000,"flow_dst_last_pkt_time":1655043596112000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051220729000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37482,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":13293,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":21,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":180,"global_ts_usec":1655051492307000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":170,"packets-processed":169,"total-skipped-flows":0,"total-l4-payload-len":13293,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":21,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":180,"global_ts_usec":1655051492307000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655051492307000,"flow_src_last_pkt_time":1655051492307000,"flow_dst_last_pkt_time":1655051492307000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051492307000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43084,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_src_last_pkt_time":1655051492307000,"flow_dst_last_pkt_time":1655051492307000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655051492307000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8gfhAAD8GgEnAqAJkszzDMahMFGbuqHaiAAAAAKAC\/\/+qzgAAAgQFtAQCCAo39wnAAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":171,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1655051492339000,"flow_dst_last_pkt_time":1655051492307000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655051492339000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0gflAAD8GgFDAqAJkszzDMahMFGbuqHajLwsyzYAQAIACagAAAQEICjf3Cd8Kl2oU"} @@ -193,7 +193,7 @@ 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":180,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655051794002000,"flow_src_last_pkt_time":1655051794037000,"flow_dst_last_pkt_time":1655051794002000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051794037000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45602,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":181,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1655051794039000,"flow_dst_last_pkt_time":1655051794002000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655051794039000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4OxFAAD8Gx0TAqAJkszzDIbIiFGatOxW\/\/J8dd4AYAKy6IgAAAQEICgU1Eu0r+T5\/V0EFAg=="} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655044288744000,"flow_src_last_pkt_time":1655044288931000,"flow_dst_last_pkt_time":1655044288744000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655051794206000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":37582,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":185,"packets-processed":184,"total-skipped-flows":0,"total-l4-payload-len":14860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":23,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":196,"global_ts_usec":1655052148615000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":185,"packets-processed":184,"total-skipped-flows":0,"total-l4-payload-len":14860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":23,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":23,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":196,"global_ts_usec":1655052148615000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655052148615000,"flow_src_last_pkt_time":1655052148615000,"flow_dst_last_pkt_time":1655052148615000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052148615000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1655052148615000,"flow_dst_last_pkt_time":1655052148615000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655052148615000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8kfpAAD8GcEfAqAJkszzDMaiQFGZmurw1AAAAAKAC\/\/+h\/wAAAgQFtAQCCAo3+VSkAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":186,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1655052148658000,"flow_dst_last_pkt_time":1655052148615000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655052148658000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kftAAD8GcE7AqAJkszzDMaiQFGZmurw2KlSpWIAQAIA0yQAAAQEICjf5VPJAoYbY"} @@ -209,7 +209,7 @@ 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":196,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655052438619000,"flow_src_last_pkt_time":1655052438654000,"flow_dst_last_pkt_time":1655052438619000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052438654000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46042,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":5,"flow_src_last_pkt_time":1655052438655000,"flow_dst_last_pkt_time":1655052438619000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655052438655000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4kq9AAD8Gb6bAqAJkszzDIbPaFGZdYrgzyEw0oYAYAKzY6QAAAQEICgU+6PTmsVfEV0EFAg=="} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655044965142000,"flow_src_last_pkt_time":1655044965409000,"flow_dst_last_pkt_time":1655044965142000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052438807000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45754,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":201,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":16467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":25,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":25,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":212,"global_ts_usec":1655052853504000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":201,"packets-processed":200,"total-skipped-flows":0,"total-l4-payload-len":16467,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":25,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":25,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":212,"global_ts_usec":1655052853504000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655052853504000,"flow_src_last_pkt_time":1655052853504000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052853504000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1655052853504000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655052853504000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8WWJAAD8GqN\/AqAJkszzDMajGFGY2dfJkAAAAAKAC\/\/87qwAAAgQFtAQCCAo3+7TWAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1655052853586000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655052853586000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0WWNAAD8GqObAqAJkszzDMajGFGY2dfJl9PmkqoAQAICs4QAAAQEICjf7tS9HlNt1"} @@ -217,7 +217,7 @@ 00941{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":4,"flow_src_last_pkt_time":1655052853647000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":1655052853647000,"pkt":"eJS0JASgYDjgxTWgCABFAAFWWWVAAD8Gp8LAqAJkszzDMajGFGY2dfJp9PmkqoAYAIC\/dgAAAQEICjf7tWxHlNveAAAECAsICVdBBQIAARQSkQIKIA3YWjJeBPhhoYOLdXhImll2N3KB40xe5nXzVGKqi8lQEjB05YuN1sXT57G3SBCHnJEdXNBkV371\/xsNWC+B2W2c9R3PBaYxYkKqi91RPjTM0AAaugEXP+3uWGvoVm871kn2wjtmhgKuIJkNizNK\/9coL6rphC9vh6dV2jEyqfOFbZgWf8o\/EQFKWMBHIh7wJxYJvwjapQxRD1filQ5M12e0QPKj6ordybKIELcsCt7hErPy6sAkIPGcz3XyhYz\/Lb7ROlM7yct5Zfi3MPdNu9Wu4\/cE+HnYCNJgp1xz6RWgg5HS126k8knfuWBZUdlK+HGAXOiiBP94NYsZKb1yA+Td5aUETEJNN76KzEDIwLE="} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":204,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655052853504000,"flow_src_last_pkt_time":1655052853647000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655052853647000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":205,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":5,"flow_src_last_pkt_time":1655052853815000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655052853815000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0WWZAAD8GqOPAqAJkszzDMajGFGY2dfOL9Pmk44AQAICplQAAAQEICjf7thRHlNx9"} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":209,"packets-processed":208,"total-skipped-flows":0,"total-l4-payload-len":16801,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":26,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":220,"global_ts_usec":1655053633670000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":209,"packets-processed":208,"total-skipped-flows":0,"total-l4-payload-len":16801,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":26,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":220,"global_ts_usec":1655053633670000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655053633670000,"flow_src_last_pkt_time":1655053633670000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053633670000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43230,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1655053633670000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655053633670000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8mVhAAD8GaOnAqAJkszzDMajeFGZP5tJgAAAAAKAC\/\/\/ryAAAAgQFtAQCCAo3\/AszAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":210,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1655053633701000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655053633701000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0mVlAAD8GaPDAqAJkszzDMajeFGZP5tJhk8uMoIAQAIDJOAAAAQEICjf8C1OqRoX7"} @@ -226,7 +226,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":212,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655053633670000,"flow_src_last_pkt_time":1655053633738000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053633738000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43230,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":5,"flow_src_last_pkt_time":1655053633894000,"flow_dst_last_pkt_time":1655053633670000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655053633894000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0mVxAAD8GaO3AqAJkszzDMajeFGZP5tOHk8uM2YAQAIDGYQAAAQEICjf8DBOqRoaz"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655045751925000,"flow_src_last_pkt_time":1655045752178000,"flow_dst_last_pkt_time":1655045751925000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655053633932000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45824,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-payload-len":17135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":27,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":229,"global_ts_usec":1655054457330000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-payload-len":17135,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":27,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":229,"global_ts_usec":1655054457330000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655054457330000,"flow_src_last_pkt_time":1655054457330000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655054457330000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1655054457330000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655054457330000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8VnBAAD8Gq+HAqAJkszzDIbWEFGa\/BmevAAAAAKAC\/\/\/mlQAAAgQFtAQCCAoFUzIKAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1655054457362000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655054457362000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0VnFAAD8Gq+jAqAJkszzDIbWEFGa\/Bmewdx424oAQAKySKwAAAQEICgVTMiqQiUPS"} @@ -234,7 +234,7 @@ 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1655054457365000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655054457365000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7VnNAAD8Gq9\/AqAJkszzDIbWEFGa\/Bme0dx424oAYAKyABgAAAQEICgVTMiyQiUPSAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655054457330000,"flow_src_last_pkt_time":1655054457365000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655054457365000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1655054457365000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655054457365000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4VnRAAD8Gq+HAqAJkszzDIbWEFGa\/Bme7dx424oAYAKw1zgAAAQEICgVTMi2QiUPSV0EFAg=="} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":225,"packets-processed":224,"total-skipped-flows":0,"total-l4-payload-len":18408,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":28,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":28,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":237,"global_ts_usec":1655056441533000} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":225,"packets-processed":224,"total-skipped-flows":0,"total-l4-payload-len":18408,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":28,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":28,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":237,"global_ts_usec":1655056441533000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655056441533000,"flow_src_last_pkt_time":1655056441533000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655056441533000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1655056441533000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655056441533000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8SQJAAD8GuU\/AqAJkszzDIbkAFGYVt3HxAAAAAKAC\/\/87QgAAAgQFtAQCCAoFcXjRAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1655056441563000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655056441563000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0SQNAAD8GuVbAqAJkszzDIbkAFGYVt3Hym+tfO4AQAKzuQwAAAQEICgVxePCucNFZ"} @@ -242,7 +242,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":4,"flow_src_last_pkt_time":1655056441565000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655056441565000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7SQVAAD8GuU3AqAJkszzDIbkAFGYVt3H2m+tfO4AYAKzcHwAAAQEICgVxePGucNFZAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655056441533000,"flow_src_last_pkt_time":1655056441565000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655056441565000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1655056441565000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655056441565000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4SQZAAD8GuU\/AqAJkszzDIbkAFGYVt3H9m+tfO4AYAKyR5wAAAQEICgVxePKucNFZV0EFAg=="} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":233,"packets-processed":232,"total-skipped-flows":0,"total-l4-payload-len":19681,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":29,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":245,"global_ts_usec":1655059510580000} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":233,"packets-processed":232,"total-skipped-flows":0,"total-l4-payload-len":19681,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":29,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":29,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":245,"global_ts_usec":1655059510580000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655059510580000,"flow_src_last_pkt_time":1655059510580000,"flow_dst_last_pkt_time":1655059510580000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655059510580000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":39828,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1655059510580000,"flow_dst_last_pkt_time":1655059510580000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655059510580000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8GcJAAD8G6I\/AqAJkszzDIZuUFGY95P\/EAAAAAKAC\/\/\/fxAAAAgQFtAQCCAoFoDuLAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1655059510610000,"flow_dst_last_pkt_time":1655059510580000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655059510610000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0GcNAAD8G6JbAqAJkszzDIZuUFGY95P\/FCFqhLIAQAKyMSwAAAQEICgWgO6lMbYt5"} @@ -255,7 +255,7 @@ 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655051794002000,"flow_src_last_pkt_time":1655051794206000,"flow_dst_last_pkt_time":1655051794002000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655059510757000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45602,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655049443230000,"flow_src_last_pkt_time":1655049443593000,"flow_dst_last_pkt_time":1655049443230000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655059510757000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46406,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655050704430000,"flow_src_last_pkt_time":1655050704962000,"flow_dst_last_pkt_time":1655050704430000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":427,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":713,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655059510757000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.83.49","src_port":40224,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":241,"packets-processed":240,"total-skipped-flows":0,"total-l4-payload-len":20954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":30,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":258,"global_ts_usec":1655060495977000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":241,"packets-processed":240,"total-skipped-flows":0,"total-l4-payload-len":20954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":30,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":30,"total-idle-flows":23,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":258,"global_ts_usec":1655060495977000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655060495977000,"flow_src_last_pkt_time":1655060495977000,"flow_dst_last_pkt_time":1655060495977000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655060495977000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40108,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":241,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_src_last_pkt_time":1655060495977000,"flow_dst_last_pkt_time":1655060495977000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655060495977000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8YJ5AAD8GobPAqAJkszzDIZysFGYCJGGJAAAAAKAC\/\/+p9wAAAgQFtAQCCAoFq0oxAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":242,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_src_last_pkt_time":1655060496008000,"flow_dst_last_pkt_time":1655060495977000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655060496008000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0YJ9AAD8GobrAqAJkszzDIZysFGYCJGGK2sw1x4AQAKwONAAAAQEICgWrSlDEovR\/"} @@ -266,7 +266,7 @@ 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655052148615000,"flow_src_last_pkt_time":1655052148966000,"flow_dst_last_pkt_time":1655052148615000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655060496256000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655052853504000,"flow_src_last_pkt_time":1655052853872000,"flow_dst_last_pkt_time":1655052853504000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655060496256000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43206,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655052438619000,"flow_src_last_pkt_time":1655052438807000,"flow_dst_last_pkt_time":1655052438619000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655060496256000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46042,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":250,"packets-processed":249,"total-skipped-flows":0,"total-l4-payload-len":22271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":269,"global_ts_usec":1655061657436000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":250,"packets-processed":249,"total-skipped-flows":0,"total-l4-payload-len":22271,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":269,"global_ts_usec":1655061657436000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655061657436000,"flow_src_last_pkt_time":1655061657436000,"flow_dst_last_pkt_time":1655061657436000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655061657436000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_src_last_pkt_time":1655061657436000,"flow_dst_last_pkt_time":1655061657436000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655061657436000,"pkt":"eJS0JASgYDjgxTWgCABFAAA88nlAAD8GD8jAqAJkszzDMauyFGbsqzKiAAAAAKAC\/\/9iSAAAAgQFtAQCCAo4IpSyAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":251,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1655061657568000,"flow_dst_last_pkt_time":1655061657436000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655061657568000,"pkt":"eJS0JASgYDjgxTWgCABFAAA08npAAD8GD8\/AqAJkszzDMauyFGbsqzKjnK08DIAQAIBE+AAAAQEICjgilXAR0WBF"} @@ -282,7 +282,7 @@ 00925{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":4,"flow_src_last_pkt_time":1655061873368000,"flow_dst_last_pkt_time":1655061873005000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_usec":1655061873368000,"pkt":"eJS0JASgYDjgxTWgCABFAAFKrKVAAD8GTrnAqAJkHw1dNr\/IFGZDXSW7fPQug4AYAIAPIwAAAQEICiQe2Mk8ThxmAAAECAsIDFdBBQIAAQgShQIKIOtKWvwh5\/ppyWV2\/78chw3eIBPlsh8jrfmHIruLZFUBEjC8WKWRQo+Toueq8YzobY4B8yj8PYgyc5mZhB9VKcjqzcB8IoQ1aRkf5QNWNURnuAcargE6xFUNq2D4uR+PXdAcvbjNXFB5HDx1ZVwyvCTiNXVhCL6BhskFeQ\/B2Nx6pN9cBoWD9XwKx9sQ\/HDlQBa7N83O5tyYcWmNAZ9ncVm1XLv2ZOlh1AA4iL2jTKOdgiv3hRlObMCcpNmk43fS1h8PPV9yFeoFc+Gfn40oM54oUWEVIUaJmiVnzB0xDdMDFSfDPeextxbIqFwAo0oeVBPt\/dZa4kxfLjr6sam3BkXtoCE="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655061873005000,"flow_src_last_pkt_time":1655061873368000,"flow_dst_last_pkt_time":1655061873005000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655061873368000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.93.54","src_port":49096,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":262,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":5,"flow_src_last_pkt_time":1655061873760000,"flow_dst_last_pkt_time":1655061873005000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655061873760000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0rKZAAD8GT87AqAJkHw1dNr\/IFGZDXSbRfPQuvIAQAID0DgAAAQEICiQe2lA8Th4U"} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":266,"packets-processed":265,"total-skipped-flows":0,"total-l4-payload-len":23230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":33,"total-idle-flows":27,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":285,"global_ts_usec":1655062569330000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":266,"packets-processed":265,"total-skipped-flows":0,"total-l4-payload-len":23230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":33,"total-idle-flows":27,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":285,"global_ts_usec":1655062569330000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655062569330000,"flow_src_last_pkt_time":1655062569330000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655062569330000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43978,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1655062569330000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655062569330000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MZZAAD8G0KvAqAJkszzDMavKFGbYH58HAAAAAKAC\/\/9yPQAAAgQFtAQCCAo4IyzLAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":267,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":2,"flow_src_last_pkt_time":1655062569374000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655062569374000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0MZdAAD8G0LLAqAJkszzDMavKFGbYH58IMQLbuIAQAIC6CgAAAQEICjgjLRYTN8Yz"} @@ -291,7 +291,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":269,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655062569330000,"flow_src_last_pkt_time":1655062569427000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655062569427000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43978,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":270,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":5,"flow_src_last_pkt_time":1655062569631000,"flow_dst_last_pkt_time":1655062569330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655062569631000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0MZpAAD8G0K\/AqAJkszzDMavKFGbYH6AuMQLb8YAQAIC23AAAAQEICjgjLgwTN8cM"} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655054457330000,"flow_src_last_pkt_time":1655054457533000,"flow_dst_last_pkt_time":1655054457330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655062569674000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46468,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":274,"packets-processed":273,"total-skipped-flows":0,"total-l4-payload-len":23564,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":34,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":294,"global_ts_usec":1655063661893000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":274,"packets-processed":273,"total-skipped-flows":0,"total-l4-payload-len":23564,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":34,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":294,"global_ts_usec":1655063661893000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655063661893000,"flow_src_last_pkt_time":1655063661893000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655063661893000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40990,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_src_last_pkt_time":1655063661893000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655063661893000,"pkt":"eJS0JASgYDjgxTWgCABFAAA86plAAD8GF7jAqAJkszzDIaAeFGY4VRBmAAAAAKAC\/\/\/+RwAAAgQFtAQCCAoF0w05AAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":2,"flow_src_last_pkt_time":1655063661925000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655063661925000,"pkt":"eJS0JASgYDjgxTWgCABFAAA06ppAAD8GF7\/AqAJkszzDIaAeFGY4VRBnHmH5pIAQAKyJNgAAAQEICgXTDVr1t5VE"} @@ -299,7 +299,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":4,"flow_src_last_pkt_time":1655063661927000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655063661927000,"pkt":"eJS0JASgYDjgxTWgCABFAAA76pxAAD8GF7bAqAJkszzDIaAeFGY4VRBrHmH5pIAYAKx3EgAAAQEICgXTDVv1t5VEAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":277,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655063661893000,"flow_src_last_pkt_time":1655063661927000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655063661927000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40990,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":5,"flow_src_last_pkt_time":1655063661932000,"flow_dst_last_pkt_time":1655063661893000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655063661932000,"pkt":"eJS0JASgYDjgxTWgCABFAAA46p1AAD8GF7jAqAJkszzDIaAeFGY4VRByHmH5pIAYAKws1wAAAQEICgXTDV\/1t5VEV0EFAg=="} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":282,"packets-processed":281,"total-skipped-flows":0,"total-l4-payload-len":24837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":35,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":35,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":302,"global_ts_usec":1655064434682000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":282,"packets-processed":281,"total-skipped-flows":0,"total-l4-payload-len":24837,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":35,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":35,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":302,"global_ts_usec":1655064434682000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655064434682000,"flow_src_last_pkt_time":1655064434682000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655064434682000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45290,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_src_last_pkt_time":1655064434682000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655064434682000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8Z49AAD8GmrLAqAJkszzDMbDqFGZ3oUxiAAAAAKAC\/\/\/KHwAAAgQFtAQCCArGt\/RXAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":283,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_src_last_pkt_time":1655064434714000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655064434714000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Z5BAAD8GmrnAqAJkszzDMbDqFGZ3oUxjZjrG2IAQAKzrtwAAAQEICsa39HeqpjSg"} @@ -308,7 +308,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":285,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655064434682000,"flow_src_last_pkt_time":1655064434792000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655064434792000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45290,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":286,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":5,"flow_src_last_pkt_time":1655064434967000,"flow_dst_last_pkt_time":1655064434682000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655064434967000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Z5NAAD8GmrbAqAJkszzDMbDqFGZ3oU1+ZjrHEYAQAKzoaQAAAQEICsa39XSqpjWd"} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655056441533000,"flow_src_last_pkt_time":1655056441715000,"flow_dst_last_pkt_time":1655056441533000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655064435041000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47360,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":290,"packets-processed":289,"total-skipped-flows":0,"total-l4-payload-len":25160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":36,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":311,"global_ts_usec":1655065264797000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":290,"packets-processed":289,"total-skipped-flows":0,"total-l4-payload-len":25160,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":36,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":36,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":311,"global_ts_usec":1655065264797000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655065264797000,"flow_src_last_pkt_time":1655065264797000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655065264797000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":290,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_src_last_pkt_time":1655065264797000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655065264797000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ttVAAD8GS2zAqAJkszzDMclYFGbchY4CAAAAAKAC\/\/8wGwAAAgQFtAQCCApH\/04jAAAAAAEDAwg="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_src_last_pkt_time":1655065264828000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655065264828000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ttZAAD8GS3PAqAJkszzDMclYFGbchY4DukzwuYAQAVeNLQAAAQEICkf\/TkbK+lov"} @@ -316,7 +316,7 @@ 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":4,"flow_src_last_pkt_time":1655065265128000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1655065265128000,"pkt":"eJS0JASgYDjgxTWgCABFAAA\/tthAAD8GS2bAqAJkszzDMclYFGbchY4HukzwuYAYAVc4UgAAAQEICkf\/T3LK+ltbAAAECAkIAldBBQI="} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":293,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655065264797000,"flow_src_last_pkt_time":1655065265128000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":11,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655065265128000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00907{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":294,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":5,"flow_src_last_pkt_time":1655065265158000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":328,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":328,"pkt_l4_len":294,"thread_ts_usec":1655065265158000,"pkt":"eJS0JASgYDjgxTWgCABFAAE6ttlAAD8GSmrAqAJkszzDMclYFGbchY4SukzwuYAYAVdbewAAAQEICkf\/T5DK+lt5AAEDEoACCiDyxnqELyO9DiOmj4gPsgZm81Sa79ftPFhljmr6qd1oQRIwPThdAFhj1B8I6QIvLX+j77uZklWR949rKuYWFBAMzbAuiseHDvS\/rZsok+lxvjUTGqkBsBREb\/7qCModtRpyj2H2YRH1M5ApgLzF7ttqBftUW3wdYyrLJuoEonja\/7H4LpxRuY+gcYnHQGtxrAaPdQEncGi6Fk6waqXV3d2Zg4ZB5+6FPI97xoGCuvCea81xyBWQqQijjE9PkudLXzutMO28tR6YGthlDu\/\/9D0TWhgA6hCecNjNt2dwbiW\/Kz1bV72uX\/ixxRHupAn2SMzdRJZRySzwM0s4RUGpjA=="} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":298,"packets-processed":297,"total-skipped-flows":0,"total-l4-payload-len":25440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":37,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":319,"global_ts_usec":1655065885451000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":298,"packets-processed":297,"total-skipped-flows":0,"total-l4-payload-len":25440,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":37,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":319,"global_ts_usec":1655065885451000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655065885451000,"flow_src_last_pkt_time":1655065885451000,"flow_dst_last_pkt_time":1655065885451000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655065885451000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47948,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":298,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1655065885451000,"flow_dst_last_pkt_time":1655065885451000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655065885451000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8arBAAD8Gl5HAqAJkszzDMbtMFGZqrJ7gAAAAAKAC\/\/9fsQAAAgQFtAQCCApxKmRoAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1655065885484000,"flow_dst_last_pkt_time":1655065885451000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655065885484000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0arFAAD8Gl5jAqAJkszzDMbtMFGZqrJ7h+p4p8oAQAIDu2wAAAQEICnEqZIk6KEA5"} @@ -331,7 +331,7 @@ 00914{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885823000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655065885823000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFghRAAD8GfyTAqAJkszzDMcoMFGZjsgDNIofjooAYAVe7cwAAAQEICkgIdo+T2De6AAAECAkIAldBBQIAAQMSgAIKIGY3KWvn5J6GZpS11PnywxLfIHHXDvcK7V62IsunAMEDEjADq3ZZlzgjaZEqlCz6O08aSPjXHdQ0IuiHcCaxzQveaZZMxvOrsWM5F7XCzC96RfsaqQGd81nmQhfDXeVMMDOoaD0Mgro6ELu5D0o9ieeCZCxmbzoxR3\/0Ndq1VZ0SdnBJJzqydQm98nXNDwEK0L2+hugBWxHMNDGEHMZjb2pDknP978ZhmTmGaO1i6twTH1OWKZNtvyC6EvqH52quDrZGzGV4HfLpNGMi9QWTbCtOzGI9sDclk3GlCbjtQiwuR\/6h2b9ZEypfpXelvdwljtC7gAj9v8XNTwoIW\/R7"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":308,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655065885823000,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885823000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655065885823000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51724,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":5,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885823000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655065885823000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ghVAAD8GgDTAqAJkszzDMcoMFGZjsgHeIofj24AQAVdmEgAAAQEICkgIdzST2Dhe"} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":313,"packets-processed":312,"total-skipped-flows":0,"total-l4-payload-len":26320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":39,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":334,"global_ts_usec":1655067574156000} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":313,"packets-processed":312,"total-skipped-flows":0,"total-l4-payload-len":26320,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":39,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":334,"global_ts_usec":1655067574156000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655067574156000,"flow_src_last_pkt_time":1655067574156000,"flow_dst_last_pkt_time":1655067574156000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655067574156000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":313,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1655067574156000,"flow_dst_last_pkt_time":1655067574156000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655067574156000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8ZktAAD8Gm\/bAqAJkszzDMbEWFGZP\/CSfAAAAAKAC\/\/80aAAAAgQFtAQCCArGuNlKAAAAAAEDAwk="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_src_last_pkt_time":1655067574187000,"flow_dst_last_pkt_time":1655067574156000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655067574187000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0ZkxAAD8Gm\/3AqAJkszzDMbEWFGZP\/CSg\/FJ4JoAQAKwGCgAAAQEICsa42a+DX2Qy"} @@ -348,7 +348,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":324,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655068071917000,"flow_src_last_pkt_time":1655068072120000,"flow_dst_last_pkt_time":1655068071917000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655068072120000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52152,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":325,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1655068072276000,"flow_dst_last_pkt_time":1655068071917000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655068072276000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0f0tAAD8Ggv7AqAJkszzDMcu4FGbUWpKBCrZXSYAQAVd6sgAAAQEICkgqJNyouQJ\/"} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1655060495977000,"flow_src_last_pkt_time":1655060496256000,"flow_dst_last_pkt_time":1655060495977000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655068072357000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":40108,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":329,"packets-processed":328,"total-skipped-flows":0,"total-l4-payload-len":26960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":41,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":41,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":351,"global_ts_usec":1655068204945000} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":329,"packets-processed":328,"total-skipped-flows":0,"total-l4-payload-len":26960,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":41,"total-detection-updates":0,"total-updates":0,"current-active-flows":10,"total-active-flows":41,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":351,"global_ts_usec":1655068204945000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655068204945000,"flow_src_last_pkt_time":1655068204945000,"flow_dst_last_pkt_time":1655068204945000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655068204945000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41664,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":329,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_src_last_pkt_time":1655068204945000,"flow_dst_last_pkt_time":1655068204945000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655068204945000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8eR1AAD8GiTTAqAJkszzDIaLAFGY48OrHAAAAAKAC\/\/8oAgAAAgQFtAQCCAoF9wW8AAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":2,"flow_src_last_pkt_time":1655068204976000,"flow_dst_last_pkt_time":1655068204945000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655068204976000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0eR5AAD8GiTvAqAJkszzDIaLAFGY48OrIWCi8FIAQAKyAowAAAQEICgX3Bdt\/K0Hp"} @@ -363,7 +363,7 @@ 00917{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":4,"flow_src_last_pkt_time":1655068672682000,"flow_dst_last_pkt_time":1655068672605000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655068672682000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFf7ZAAD8GgYLAqAJkszzDMcxGFGbT7keADNw8XIAYAVehngAAAQEICkgzTjPXLOIKAAAECAkIAldBBQIAAQMSgAIKIDTcgksnXRnebbwmEuP9yUM\/1VSf4uQ1RouMKF0wgxIMEjDa551egy9lP6Mucm2Ek37zsxPaQNIuZdlwglvM7Ytx\/e\/0R7Hg0Cxszw\/udO9P+ywaqQFAJTfp0KeYzwP5Pp2S\/FItGxL0ldUZvokSzO91CpfFFmo1bQGwmlLrmfIQd0nrsAxpua75td5KHth\/zvTo8QNnFP2+4zM8kAPUilZu6WgbaJyBs002FLq+y9i+ZBrz8i1XeheToEo3s5FsZkg+ZXnMqQdYF3uhDmsLzyoSu1QZNNflxKN+d2Q9g5a8QiVKOvvBqrmJnIWY8dUBesFIclYgR9PjxVB8M+Dh"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":340,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655068672605000,"flow_src_last_pkt_time":1655068672682000,"flow_dst_last_pkt_time":1655068672605000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655068672682000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52294,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":5,"flow_src_last_pkt_time":1655068672825000,"flow_dst_last_pkt_time":1655068672605000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655068672825000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0f7dAAD8GgpLAqAJkszzDMcxGFGbT7kiRDNw8lYAQAVekkQAAAQEICkgzTsLXLOKZ"} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":345,"packets-processed":344,"total-skipped-flows":0,"total-l4-payload-len":28550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":43,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":43,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":366,"global_ts_usec":1655069476999000} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":345,"packets-processed":344,"total-skipped-flows":0,"total-l4-payload-len":28550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":43,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":43,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":366,"global_ts_usec":1655069476999000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655069476999000,"flow_src_last_pkt_time":1655069476999000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655069476999000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41722,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_src_last_pkt_time":1655069476999000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655069476999000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8v0dAAD8GQwrAqAJkszzDIaL6FGZl3G3iAAAAAKAC\/\/\/JXwAAAgQFtAQCCAoF+bQbAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":2,"flow_src_last_pkt_time":1655069477033000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655069477033000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0v0hAAD8GQxHAqAJkszzDIaL6FGZl3G3jvQquJIAQAKzBYgAAAQEICgX5tE0ysJf9"} @@ -373,7 +373,7 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":349,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":5,"flow_src_last_pkt_time":1655069477208000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655069477208000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0v0tAAD8GQw7AqAJkszzDIaL6FGZl3HLcvQquXYAQAKy60QAAAQEICgX5tP4ysJir"} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655061873005000,"flow_src_last_pkt_time":1655061873914000,"flow_dst_last_pkt_time":1655061873005000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":340,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":625,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655069477452000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.93.54","src_port":49096,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655061657436000,"flow_src_last_pkt_time":1655061657966000,"flow_dst_last_pkt_time":1655061657436000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655069477452000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":43954,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":353,"packets-processed":352,"total-skipped-flows":0,"total-l4-payload-len":29867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":44,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":44,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":376,"global_ts_usec":1655071168997000} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":353,"packets-processed":352,"total-skipped-flows":0,"total-l4-payload-len":29867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":44,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":44,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":376,"global_ts_usec":1655071168997000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655071168997000,"flow_src_last_pkt_time":1655071168997000,"flow_dst_last_pkt_time":1655071168997000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655071168997000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_src_last_pkt_time":1655071168997000,"flow_dst_last_pkt_time":1655071168997000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655071168997000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8\/oFAAD8GA8DAqAJkszzDMbxqFGaCVc7FAAAAAKAC\/\/8bsQAAAgQFtAQCCApxNV+xAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":45,"flow_packet_id":2,"flow_src_last_pkt_time":1655071169028000,"flow_dst_last_pkt_time":1655071168997000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655071169028000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0\/oJAAD8GA8fAqAJkszzDMbxqFGaCVc7GXkxmWYAQAIBN7gAAAQEICnE1X+Ud8hk1"} @@ -397,7 +397,7 @@ 00918{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1655071204870000,"flow_dst_last_pkt_time":1655071204543000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655071204870000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFpTFAAD8GbTbAqAJkHw1GMti0FGbC7URUktIbLIAYAVehCAAAAQEICpXhmHfVew4yAAAECAkIAldBBQIAAQMSgAIKIMbXMYxfoYkD5uM34AbTFmSF9c2ZsAJyUzuaseKfJmIFEjAXEG2A5EfAZg6UlPBuMtMJJKAJT8gydNa5jpvKH90uzjr5LMC\/040NXR\/W3njCrMsaqQFSGe3aY2dBEaAQ3stGpVcWbKKtk4lzLmY8GArNOt\/RBEztMz\/hQ3kJcymnjCbJHmMnazpuUL7GvLdfvpsygQKvMSNl0py\/U+76puYv1+op3fPZuCmPiO+ruxnr4GlVsYBr2TgzB7BDaidsEhkz2D0D6dVePn1xxMVdny6QIrYH1yF\/ZIWkgNBfOJda5dxU1rZB\/veq5rmWOQmOyg95qD1XFbzv0fbSPCRt"} 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":369,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655071204543000,"flow_src_last_pkt_time":1655071204870000,"flow_dst_last_pkt_time":1655071204543000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655071204870000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"31.13.70.50","src_port":55476,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":370,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":5,"flow_src_last_pkt_time":1655071205707000,"flow_dst_last_pkt_time":1655071204543000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655071205707000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0pTJAAD8GbkbAqAJkHw1GMti0FGbC7UVlktIbZYAQAVeSqQAAAQEICpXhm7zVew+y"} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":374,"packets-processed":373,"total-skipped-flows":0,"total-l4-payload-len":30706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":47,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":47,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":400,"global_ts_usec":1655073402411000} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":374,"packets-processed":373,"total-skipped-flows":0,"total-l4-payload-len":30706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":47,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":47,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":400,"global_ts_usec":1655073402411000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655073402411000,"flow_src_last_pkt_time":1655073402411000,"flow_dst_last_pkt_time":1655073402411000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655073402411000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48538,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1655073402411000,"flow_dst_last_pkt_time":1655073402411000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655073402411000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8dBJAAD8Gji\/AqAJkszzDMb2aFGahzCxlAAAAAKAC\/\/+a8AAAAgQFtAQCCApxUGIQAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":375,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1655073402445000,"flow_dst_last_pkt_time":1655073402411000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655073402445000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0dBNAAD8GjjbAqAJkszzDMb2aFGahzCxmjLLTN4AQAICpvAAAAQEICnFQYjPQSe8a"} @@ -409,7 +409,7 @@ 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655065264797000,"flow_src_last_pkt_time":1655065265368000,"flow_dst_last_pkt_time":1655065264797000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":262,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":280,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655073402833000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51544,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655065885823000,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885823000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655073402833000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":51724,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1655065885451000,"flow_src_last_pkt_time":1655065885823000,"flow_dst_last_pkt_time":1655065885451000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":563,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655073402833000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47948,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":382,"packets-processed":381,"total-skipped-flows":0,"total-l4-payload-len":30991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":48,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":48,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":412,"global_ts_usec":1655074111508000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":382,"packets-processed":381,"total-skipped-flows":0,"total-l4-payload-len":30991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":48,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":48,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":412,"global_ts_usec":1655074111508000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655074111508000,"flow_src_last_pkt_time":1655074111508000,"flow_dst_last_pkt_time":1655074111508000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655074111508000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45850,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":382,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1655074111508000,"flow_dst_last_pkt_time":1655074111508000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655074111508000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8DYdAAD8G9LrAqAJkszzDMbMaFGYrB92KAAAAAKAC\/\/+Y9QAAAgQFtAQCCAo4NG1HAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":383,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1655074111556000,"flow_dst_last_pkt_time":1655074111508000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655074111556000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DYhAAD8G9MHAqAJkszzDMbMaFGYrB92LuiGK2IAQAIABZwAAAQEICjg0bW5hoB8L"} @@ -431,7 +431,7 @@ 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":4,"flow_src_last_pkt_time":1655074681541000,"flow_dst_last_pkt_time":1655074681295000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655074681541000,"pkt":"eJS0JASgYDjgxTWgCABFAAFF1rlAAD8GKn\/AqAJkszzDMeNWFGYDhPIY+mPdyoAYAVc8EAAAAQEICkiO\/lDslGphAAAECAkIAldBBQIAAQMSgAIKIONURYOzj5yFvitPyR1HlvZLz09wP1MKDXCGkntEHmUvEjCKWDm8Di8PELTWn1odPuYtpyyU06Gop72zRsjsSLbPffjhK\/lnsN1jYnZu6Oxd\/ysaqQH2fWZCzpkathuNxNe2o891SYzt+fHmwNCOOayFx52MuNgH\/6lBAtCikLFZnJ+Q7b2fxit4hePoiVFtWTOWcwOPkLzeesGAWy5rmf9nmAlD1SUcWLqPTfL7n3Dlp34MQEWG3E1vWJy3jDC63Wq1LUdyerPkcja3pXFI72YGGR1xdH\/biDZZ3k3eGIz8i6CDkPQiKXU9alyM0\/qxxUtX\/hQqzil2ObNwVoEU"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":401,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655074681295000,"flow_src_last_pkt_time":1655074681541000,"flow_dst_last_pkt_time":1655074681295000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655074681541000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58198,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":402,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1655074681699000,"flow_dst_last_pkt_time":1655074681295000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655074681699000,"pkt":"eJS0JASgYDjgxTWgCABFAAA01rpAAD8GK4\/AqAJkszzDMeNWFGYDhPMp+mPeA4AQAVfWCAAAAQEICkiO\/u3slGr\/"} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":406,"packets-processed":405,"total-skipped-flows":0,"total-l4-payload-len":32915,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":51,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":51,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":434,"global_ts_usec":1655075014427000} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":406,"packets-processed":405,"total-skipped-flows":0,"total-l4-payload-len":32915,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":51,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":51,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":434,"global_ts_usec":1655075014427000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655075014427000,"flow_src_last_pkt_time":1655075014427000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075014427000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42796,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1655075014427000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655075014427000,"pkt":"eJS0JASgYDjgxTWgCABFAAA84Y1AAD8GIMTAqAJkszzDIacsFGb7al66AAAAAKAC\/\/87hQAAAgQFtAQCCAoGKrcsAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":407,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1655075014457000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655075014457000,"pkt":"eJS0JASgYDjgxTWgCABFAAA04Y5AAD8GIMvAqAJkszzDIacsFGb7al674\/2+D4AQAKzv2QAAAQEICgYqt1ks76qT"} @@ -440,7 +440,7 @@ 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655075014427000,"flow_src_last_pkt_time":1655075014459000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075014459000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":42796,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":410,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1655075014461000,"flow_dst_last_pkt_time":1655075014427000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655075014461000,"pkt":"eJS0JASgYDjgxTWgCABFAAA44ZFAAD8GIMTAqAJkszzDIacsFGb7al7G4\/2+D4AYAKyTegAAAQEICgYqt14s76qTV0EFAg=="} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655067574156000,"flow_src_last_pkt_time":1655067574418000,"flow_dst_last_pkt_time":1655067574156000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075014609000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":34188,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":52,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":52,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":443,"global_ts_usec":1655075686356000} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-payload-len":34188,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":52,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":52,"total-idle-flows":40,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":443,"global_ts_usec":1655075686356000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655075686356000,"flow_src_last_pkt_time":1655075686356000,"flow_dst_last_pkt_time":1655075686356000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075686356000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":43152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1655075686356000,"flow_dst_last_pkt_time":1655075686356000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655075686356000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8QvtAAD8Gv1bAqAJkszzDIaiQFGbxmYdKAAAAAKAC\/\/\/ajwAAAgQFtAQCCAoGNPf0AAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1655075686389000,"flow_dst_last_pkt_time":1655075686356000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655075686389000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0QvxAAD8Gv13AqAJkszzDIaiQFGbxmYdLWdXXDoAQAKw7swAAAQEICgY0+BVuVC2V"} @@ -450,7 +450,7 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":418,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1655075686392000,"flow_dst_last_pkt_time":1655075686356000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655075686392000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4Qv9AAD8Gv1bAqAJkszzDIaiQFGbxmYdWWdXXDoAYAKzfVAAAAQEICgY0+BluVC2VV0EFAg=="} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655068204945000,"flow_src_last_pkt_time":1655068205140000,"flow_dst_last_pkt_time":1655068204945000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075686549000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41664,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655068071917000,"flow_src_last_pkt_time":1655068072357000,"flow_dst_last_pkt_time":1655068071917000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655075686549000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52152,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":422,"packets-processed":421,"total-skipped-flows":0,"total-l4-payload-len":35461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":53,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":53,"total-idle-flows":42,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":453,"global_ts_usec":1655078415178000} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":422,"packets-processed":421,"total-skipped-flows":0,"total-l4-payload-len":35461,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":53,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":53,"total-idle-flows":42,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":453,"global_ts_usec":1655078415178000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655078415178000,"flow_src_last_pkt_time":1655078415178000,"flow_dst_last_pkt_time":1655078415178000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655078415178000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46732,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1655078415178000,"flow_dst_last_pkt_time":1655078415178000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655078415178000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8CblAAD8G+IjAqAJkszzDMbaMFGYZMLRzAAAAAKAC\/\/8IFAAAAgQFtAQCCArHDabLAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":423,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1655078415208000,"flow_dst_last_pkt_time":1655078415178000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655078415208000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0CbpAAD8G+I\/AqAJkszzDMbaMFGYZMLR0Md5NzYAQAKysVQAAAQEICscNpurDrEZZ"} @@ -474,7 +474,7 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":5,"flow_src_last_pkt_time":1655078418150000,"flow_dst_last_pkt_time":1655078418150000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655078418150000,"pkt":"eJS0JASgYDjgxTWgCABFAAA06u5AAD8GF1vAqAJkszzDMbYGFGbAe09aKCJ2ZYAQAIBysQAAAQEICjg3\/F+LqpEF"} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655069476999000,"flow_src_last_pkt_time":1655069477452000,"flow_dst_last_pkt_time":1655069476999000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1269,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655078418150000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":41722,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655068672605000,"flow_src_last_pkt_time":1655068672866000,"flow_dst_last_pkt_time":1655068672605000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655078418150000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":52294,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":442,"packets-processed":441,"total-skipped-flows":0,"total-l4-payload-len":36355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":56,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":477,"global_ts_usec":1655079015860000} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":442,"packets-processed":441,"total-skipped-flows":0,"total-l4-payload-len":36355,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":56,"total-detection-updates":0,"total-updates":0,"current-active-flows":12,"total-active-flows":56,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":477,"global_ts_usec":1655079015860000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655079015860000,"flow_src_last_pkt_time":1655079015860000,"flow_dst_last_pkt_time":1655079015860000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655079015860000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46768,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_src_last_pkt_time":1655079015860000,"flow_dst_last_pkt_time":1655079015860000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655079015860000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8+71AAD8GBoTAqAJkszzDMbawFGbU0lPTAAAAAKAC\/\/+CegAAAgQFtAQCCArHFtE1AAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":443,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_src_last_pkt_time":1655079015890000,"flow_dst_last_pkt_time":1655079015860000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655079015890000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0+75AAD8GBovAqAJkszzDMbawFGbU0lPU4I1M54AQAKyMuwAAAQEICscW0VNPFaco"} @@ -492,7 +492,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":4,"flow_src_last_pkt_time":1655079242760000,"flow_dst_last_pkt_time":1655079242727000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655079242760000,"pkt":"eJS0JASgYDjgxTWgCABFAAA71X5AAD8GLNTAqAJkszzDIbBKFGYSKeei9mtN3YAYAKy21AAAAQEICgZrPCN7C7NTAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":453,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655079242727000,"flow_src_last_pkt_time":1655079242760000,"flow_dst_last_pkt_time":1655079242727000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655079242760000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45130,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":454,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":5,"flow_src_last_pkt_time":1655079242764000,"flow_dst_last_pkt_time":1655079242727000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655079242764000,"pkt":"eJS0JASgYDjgxTWgCABFAAA41X9AAD8GLNbAqAJkszzDIbBKFGYSKeep9mtN3YAYAKxsmQAAAQEICgZrPCd7C7NTV0EFAg=="} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":458,"packets-processed":457,"total-skipped-flows":0,"total-l4-payload-len":37951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":58,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":495,"global_ts_usec":1655085444940000} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":458,"packets-processed":457,"total-skipped-flows":0,"total-l4-payload-len":37951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":58,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":495,"global_ts_usec":1655085444940000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655085444940000,"flow_src_last_pkt_time":1655085444940000,"flow_dst_last_pkt_time":1655085444940000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655085444940000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":60328,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":458,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_src_last_pkt_time":1655085444940000,"flow_dst_last_pkt_time":1655085444940000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655085444940000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8OS9AAD8GyRLAqAJkszzDMeuoFGZwsQ0oAAAAAKAC\/\/8MiAAAAgQFtAQCCApJMzrhAAAAAAEDAwg="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":459,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_src_last_pkt_time":1655085444971000,"flow_dst_last_pkt_time":1655085444940000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655085444971000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0OTBAAD8GyRnAqAJkszzDMeuoFGZwsQ0pZQWH8YAQAVeTjwAAAQEICkkzOwA0eITQ"} @@ -506,7 +506,7 @@ 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655074111508000,"flow_src_last_pkt_time":1655074111844000,"flow_dst_last_pkt_time":1655074111508000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655085445318000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":45850,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655074681295000,"flow_src_last_pkt_time":1655074681757000,"flow_dst_last_pkt_time":1655074681295000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655085445318000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58198,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655073402411000,"flow_src_last_pkt_time":1655073402833000,"flow_dst_last_pkt_time":1655073402411000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":285,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655085445318000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":48538,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":466,"packets-processed":465,"total-skipped-flows":0,"total-l4-payload-len":38268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":59,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":59,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":509,"global_ts_usec":1655089030478000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":466,"packets-processed":465,"total-skipped-flows":0,"total-l4-payload-len":38268,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":59,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":59,"total-idle-flows":53,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":509,"global_ts_usec":1655089030478000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655089030478000,"flow_src_last_pkt_time":1655089030478000,"flow_dst_last_pkt_time":1655089030478000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655089030478000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":32798,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":466,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_src_last_pkt_time":1655089030478000,"flow_dst_last_pkt_time":1655089030478000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655089030478000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8PU5AAD8GxPPAqAJkszzDMYAeFGbXqdzGAAAAAKAC\/\/+LPgAAAgQFtAQCCApJafDnAAAAAAEDAwg="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":467,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_src_last_pkt_time":1655089030510000,"flow_dst_last_pkt_time":1655089030478000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655089030510000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0PU9AAD8GxPrAqAJkszzDMYAeFGbXqdzHU7KHPoAQAVeFmQAAAQEICklp8QcyIyXX"} @@ -519,7 +519,7 @@ 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655079242727000,"flow_src_last_pkt_time":1655079242898000,"flow_dst_last_pkt_time":1655079242727000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655089030857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":45130,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1655078417966000,"flow_src_last_pkt_time":1655078418150000,"flow_dst_last_pkt_time":1655078417966000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655089030857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":58882,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1655078418150000,"flow_src_last_pkt_time":1655078418150000,"flow_dst_last_pkt_time":1655078418150000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655089030857000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":46598,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":474,"packets-processed":473,"total-skipped-flows":0,"total-l4-payload-len":38585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":60,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":60,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":522,"global_ts_usec":1655090233457000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":474,"packets-processed":473,"total-skipped-flows":0,"total-l4-payload-len":38585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":60,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":60,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":522,"global_ts_usec":1655090233457000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655090233457000,"flow_src_last_pkt_time":1655090233457000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655090233457000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_src_last_pkt_time":1655090233457000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655090233457000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8YMVAAD8GoXzAqAJkszzDMbfuFGYjjxw1AAAAAKAC\/\/8ccQAAAgQFtAQCCArHvx46AAAAAAEDAwk="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":475,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_src_last_pkt_time":1655090233489000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655090233489000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0YMZAAD8GoYPAqAJkszzDMbfuFGYjjxw2tsj\/nIAQAKzs8QAAAQEICse\/HlqH9x8U"} @@ -527,7 +527,7 @@ 00922{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":4,"flow_src_last_pkt_time":1655090233603000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655090233603000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLYMhAAD8GoGrAqAJkszzDMbfuFGYjjxw6tsj\/nIAYAKz7xQAAAQEICse\/Hs2H9x+GAAAECAsICFdBBQIAAQkShgIKICL7PW3574TmjsxPc4PYUXbgLIRzLkSpjJUfuyP8EXoDEjA0da9FQiqfAjoDY1tgcac3k4SJDhZNONhNsG1AZJ\/17mrPMmmgD6MKyeBp3wpknAIarwGwqVXGYklD4UfBqBVJD9VnQBIilSLyYkgW3toqqTTHVSDoC6so2E3kEfo0wq++wjBSsFcLfr2IxsnMq4cQxzqBe++jQFco3BYlyDRDLgZUbb3v6DLKAs1w6wmVY6RASK1s5i8C5yY++EYNwiRIiZ3NII1bO2RyKk+UsW+nC04+8RSYt2Tz4DlvaaiYNIvCFVL8G7tCaAQcQ3YI55VUM58sZvBsx4nTgWfg94upnXSA"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655090233457000,"flow_src_last_pkt_time":1655090233603000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655090233603000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":5,"flow_src_last_pkt_time":1655090233759000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655090233759000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0YMlAAD8GoYDAqAJkszzDMbfuFGYjjx1Rtsj\/1YAQAKzpgAAAAQEICse\/H2mH9yAi"} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":482,"packets-processed":481,"total-skipped-flows":0,"total-l4-payload-len":38908,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":61,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":530,"global_ts_usec":1655091294583000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":482,"packets-processed":481,"total-skipped-flows":0,"total-l4-payload-len":38908,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":61,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":530,"global_ts_usec":1655091294583000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655091294583000,"flow_src_last_pkt_time":1655091294583000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655091294583000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":482,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_src_last_pkt_time":1655091294583000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655091294583000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8\/r9AAD8GA4LAqAJkszzDMcAeFGacobJEAAAAAKAC\/\/\/yvwAAAgQFtAQCCApxiYbPAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":483,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_src_last_pkt_time":1655091294836000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655091294836000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0\/sBAAD8GA4nAqAJkszzDMcAeFGacobJFhNtvm4AQAIBe2QAAAQEICnGJh9AM9r+2"} @@ -535,7 +535,7 @@ 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":4,"flow_src_last_pkt_time":1655091294939000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_usec":1655091294939000,"pkt":"eJS0JASgYDjgxTWgCABFAAFK\/sJAAD8GAnHAqAJkszzDMcAeFGacobJJhNtvm4AYAIDmTwAAAQEICnGJiDYM9sCzAAAECAsIDFdBBQIAAQgShQIKIA4Pg8SPfXudDGrgRbkYSf\/nv1vxylfpNaOYoMHWS2kZEjDPRReg0qr7n7oGXz7TcUJSphq9mywRyfMmZmWOBNOCY3vXOosliHPK2OoOP1MV0WQargFIBGi0484zpCr8IUSfMcE7LQgkmNYpS1HBR2jdlWgnSdJAxUWfuDQ9UoK+rLfd7DCXAOKIs7E4dlxpvP3Yty0Mf\/tNV6cW1LRpBjZL0gpc6cRIhq8uF2fmp\/3AuGRGjfheB9M3vEdgAqxiyaevcQzvCXQCbY9Xm9Q7CjXiF8fXBRLkbx4OZpsRSIyEI14JpKzhHJegbZVz8XMCb9ubAsE7B9+xWOY56isNa4CLSt0="} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":485,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655091294583000,"flow_src_last_pkt_time":1655091294939000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655091294939000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":5,"flow_src_last_pkt_time":1655091295131000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655091295131000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0\/sNAAD8GA4bAqAJkszzDMcAeFGacobNfhNtwDYAQAIBaGAAAAQEICnGJiQoM9sGx"} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":489,"packets-processed":488,"total-skipped-flows":0,"total-l4-payload-len":39230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":62,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":62,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":538,"global_ts_usec":1655096063383000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":489,"packets-processed":488,"total-skipped-flows":0,"total-l4-payload-len":39230,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":62,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":62,"total-idle-flows":58,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":538,"global_ts_usec":1655096063383000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655096063383000,"flow_src_last_pkt_time":1655096063383000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655096063383000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":489,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_src_last_pkt_time":1655096063383000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655096063383000,"pkt":"eJS0JASgYDjgxTWgCABFAAA80GdAAD8GMdrAqAJkszzDMcBQFGYzpQPcAAAAAKAC\/\/+30QAAAgQFtAQCCApxjNjtAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":2,"flow_src_last_pkt_time":1655096063418000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655096063418000,"pkt":"eJS0JASgYDjgxTWgCABFAAA00GhAAD8GMeHAqAJkszzDMcBQFGYzpQPdMmkwzoAQAIAjpQAAAQEICnGM2RDAwp5N"} @@ -544,7 +544,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":492,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655096063383000,"flow_src_last_pkt_time":1655096063459000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655096063459000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":5,"flow_src_last_pkt_time":1655096063826000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655096063826000,"pkt":"eJS0JASgYDjgxTWgCABFAAA00GtAAD8GMd7AqAJkszzDMcBQFGYzpQT3MmkxB4AQAIAf4AAAAQEICnGM2qjAwp8n"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655085444940000,"flow_src_last_pkt_time":1655085445318000,"flow_dst_last_pkt_time":1655085444940000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655096063826000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":60328,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":497,"packets-processed":496,"total-skipped-flows":0,"total-l4-payload-len":39512,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":63,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":63,"total-idle-flows":59,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":547,"global_ts_usec":1655097851208000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":497,"packets-processed":496,"total-skipped-flows":0,"total-l4-payload-len":39512,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":63,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":63,"total-idle-flows":59,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":547,"global_ts_usec":1655097851208000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655097851208000,"flow_src_last_pkt_time":1655097851208000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655097851208000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47350,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":497,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_src_last_pkt_time":1655097851208000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655097851208000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8hVJAAD8GfO\/AqAJkszzDMbj2FGbdMghiAAAAAKAC\/\/9ZggAAAgQFtAQCCAo4P8nQAAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":498,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_src_last_pkt_time":1655097851243000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655097851243000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0hVNAAD8GfPbAqAJkszzDMbj2FGbdMghj2gcbf4AQAIDKFgAAAQEICjg\/yfKnyyA1"} @@ -554,7 +554,7 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":5,"flow_src_last_pkt_time":1655097851776000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655097851776000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0hVZAAD8GfPPAqAJkszzDMbj2FGbdMgmJ2gcbuIAQAIDFJwAAAQEICjg\/zAinyyGv"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655090233457000,"flow_src_last_pkt_time":1655090233805000,"flow_dst_last_pkt_time":1655090233457000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655097851805000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47086,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655089030478000,"flow_src_last_pkt_time":1655089030857000,"flow_dst_last_pkt_time":1655089030478000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":317,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655097851805000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":32798,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":505,"packets-processed":504,"total-skipped-flows":0,"total-l4-payload-len":39806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":557,"global_ts_usec":1655099328045000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":505,"packets-processed":504,"total-skipped-flows":0,"total-l4-payload-len":39806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":557,"global_ts_usec":1655099328045000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655099328045000,"flow_src_last_pkt_time":1655099328045000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655099328045000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49238,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_src_last_pkt_time":1655099328045000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655099328045000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8L\/pAAD8G0kfAqAJkszzDMcBWFGYVxjf+AAAAAKAC\/\/\/UVQAAAgQFtAQCCApxjaYfAAAAAAEDAwk="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":2,"flow_src_last_pkt_time":1655099328158000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655099328158000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0L\/tAAD8G0k7AqAJkszzDMcBWFGYVxjf\/2SNcwIAQAIBe7wAAAQEICnGNpo+IgeTO"} @@ -563,7 +563,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":508,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655099328045000,"flow_src_last_pkt_time":1655099328197000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655099328197000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49238,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":509,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":5,"flow_src_last_pkt_time":1655099328567000,"flow_dst_last_pkt_time":1655099328045000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655099328567000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0L\/5AAD8G0kvAqAJkszzDMcBWFGYVxjkZ2SNc+YAQAIBa0gAAAQEICnGNqCqIgeX9"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1655091294583000,"flow_src_last_pkt_time":1655091295192000,"flow_dst_last_pkt_time":1655091294583000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":322,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655099328610000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49182,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":513,"packets-processed":512,"total-skipped-flows":0,"total-l4-payload-len":40128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":65,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":566,"global_ts_usec":1655100445438000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":513,"packets-processed":512,"total-skipped-flows":0,"total-l4-payload-len":40128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":65,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":566,"global_ts_usec":1655100445438000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655100445438000,"flow_src_last_pkt_time":1655100445438000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655100445438000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49250,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":513,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_src_last_pkt_time":1655100445438000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655100445438000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8dbNAAD8GjI7AqAJkszzDMcBiFGbUEWBGAAAAAKAC\/\/9\/mgAAAgQFtAQCCApxjhQ6AAAAAAEDAwk="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_src_last_pkt_time":1655100445526000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655100445526000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0dbRAAD8GjJXAqAJkszzDMcBiFGbUEWBH1mTBCIAQAIABwwAAAQEICnGOFJasjGe\/"} @@ -571,7 +571,7 @@ 00926{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":4,"flow_src_last_pkt_time":1655100445594000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":344,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":344,"pkt_l4_len":310,"thread_ts_usec":1655100445594000,"pkt":"eJS0JASgYDjgxTWgCABFAAFKdbZAAD8Gi33AqAJkszzDMcBiFGbUEWBL1mTBCIAYAIBMJAAAAQEICnGOFNmsjGg5AAAECAsIDFdBBQIAAQgShQIKIHj+X\/9Fl\/4t1nk3tiDKlT2kCmgsMRIwrZqTx6jmPT0wEjAbPfaNCrf9+apgcMO2IjeLYErAu\/\/B7qzkdN2M0urQtQq0nmg6ZWW8ONDvTa1W1bMargFs2lWSZuN3XOx4hK\/+JMknJ2b6UgVpwGRlgoGot2ojnzKHp4LvYYPcs4PZgwJlxhuVjwSQwxt3iTkBD9JnQY\/M0ilvugt0xw03w1z4Nvbd31IUUKOp8DEX6CtyXzHRASFRFA432Munimlz+4XjTslMU2Q9ILfOt6D\/pcSRIR4pgWhoyM7Z1C26lg3TOGQfeuCXYRmGERlEAdurxaMet+fwCPKGh6ZkxYGCHtLcVkA="} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655100445438000,"flow_src_last_pkt_time":1655100445594000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655100445594000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49250,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":517,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":5,"flow_src_last_pkt_time":1655100445964000,"flow_dst_last_pkt_time":1655100445438000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655100445964000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0dbdAAD8GjJLAqAJkszzDMcBiFGbUEWFh1mTBQYAQAID9iwAAAQEICnGOFkqsjGjv"} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":521,"packets-processed":520,"total-skipped-flows":0,"total-l4-payload-len":40413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":66,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":574,"global_ts_usec":1655101503188000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":521,"packets-processed":520,"total-skipped-flows":0,"total-l4-payload-len":40413,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":66,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":574,"global_ts_usec":1655101503188000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655101503188000,"flow_src_last_pkt_time":1655101503188000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655101503188000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_src_last_pkt_time":1655101503188000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655101503188000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8uEdAAD8GSfrAqAJkszzDMbjAFGZ59kNkAAAAAKAC\/\/+x6gAAAgQFtAQCCArH7AorAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":2,"flow_src_last_pkt_time":1655101503221000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655101503221000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0uEhAAD8GSgHAqAJkszzDMbjAFGZ59kNlF+8VdoAQAKz2ngAAAQEICsfsCkuDiThP"} @@ -579,7 +579,7 @@ 00927{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":4,"flow_src_last_pkt_time":1655101503267000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655101503267000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLuEpAAD8GSOjAqAJkszzDMbjAFGZ59kNpF+8VdoAYAKxbNQAAAQEICsfsCnmDiTh8AAAECAsICFdBBQIAAQkShgIKIAZUmmLyHPfKQnosmA\/ZcvDvtXLg5S93ZMd+AgnOfFhzEjC20yIdEGkkBO6fPumrM10uER2PxE\/aLgIDquC87Lo\/vd\/Ly30Pa4DV2T+sKc37c64arwF\/a\/pIAVsGbEtZMyNoRQ++yeOpqeyHKF7CDAXlxe4CgrVxOuIUu7w4afuQCnv8BdE\/4MwTakO9saxnL9D93QKRObRQuca3Pma3Nz6bE4LY9nL0IgPDFWsUg+ZoBKQEPYz3g9rPhkchNH38VUtSBcZ05C2RJnlzczoSyCQaiV76W1aC2\/vQ87D4Ir2wOBQ7pwJNFzn9+GHYSnHJugHvlZFLss3jeHakn0n3aw9hXuXN"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":524,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655101503188000,"flow_src_last_pkt_time":1655101503267000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655101503267000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":525,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":5,"flow_src_last_pkt_time":1655101503428000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655101503428000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0uEtAAD8GSf7AqAJkszzDMbjAFGZ59kSAF+8V6IAQAKzzcAAAAQEICsfsCxuDiTkg"} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":529,"packets-processed":528,"total-skipped-flows":0,"total-l4-payload-len":40736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":67,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":67,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":582,"global_ts_usec":1655104186658000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":529,"packets-processed":528,"total-skipped-flows":0,"total-l4-payload-len":40736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":67,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":67,"total-idle-flows":62,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":582,"global_ts_usec":1655104186658000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655104186658000,"flow_src_last_pkt_time":1655104186658000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655104186658000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47900,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_src_last_pkt_time":1655104186658000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655104186658000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8z9lAAD8GMmjAqAJkszzDMbscFGbxjY\/TAAAAAKAC\/\/\/9wgAAAgQFtAQCCAo4WoeCAAAAAAEDAwk="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_src_last_pkt_time":1655104186714000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655104186714000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0z9pAAD8GMm\/AqAJkszzDMbscFGbxjY\/UkjD8dIAQAIBW5gAAAQEICjhah\/LAS4W5"} @@ -588,7 +588,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":532,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655104186658000,"flow_src_last_pkt_time":1655104186938000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655104186938000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47900,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":533,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":5,"flow_src_last_pkt_time":1655104187147000,"flow_dst_last_pkt_time":1655104186658000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655104187147000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0z91AAD8GMmzAqAJkszzDMbscFGbxjZD6kjD8rYAQAIBSSAAAAQEICjhaiabAS4dE"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655096063383000,"flow_src_last_pkt_time":1655096063826000,"flow_dst_last_pkt_time":1655096063383000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":282,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655104187274000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49232,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":537,"packets-processed":536,"total-skipped-flows":0,"total-l4-payload-len":41070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":68,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":68,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":591,"global_ts_usec":1655105188559000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":537,"packets-processed":536,"total-skipped-flows":0,"total-l4-payload-len":41070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":68,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":68,"total-idle-flows":63,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":591,"global_ts_usec":1655105188559000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655105188559000,"flow_src_last_pkt_time":1655105188559000,"flow_dst_last_pkt_time":1655105188559000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105188559000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47590,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":537,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_src_last_pkt_time":1655105188559000,"flow_dst_last_pkt_time":1655105188559000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655105188559000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8S7JAAD8Gto\/AqAJkszzDMbnmFGYb9oTUAAAAAKAC\/\/+DSwAAAgQFtAQCCArH\/lQiAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_src_last_pkt_time":1655105188592000,"flow_dst_last_pkt_time":1655105188559000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655105188592000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0S7NAAD8GtpbAqAJkszzDMbnmFGYb9oTVXDwEToAQAKxqDAAAAQEICsf+VEPB4STE"} @@ -604,7 +604,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":548,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655105755895000,"flow_src_last_pkt_time":1655105756007000,"flow_dst_last_pkt_time":1655105755895000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105756007000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49428,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":5,"flow_src_last_pkt_time":1655105756193000,"flow_dst_last_pkt_time":1655105755895000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655105756193000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kA1AAD8GcjzAqAJkszzDMcEUFGaXC5ee7mWk64AQAIBipAAAAQEICjhyeqEzIlxy"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655097851208000,"flow_src_last_pkt_time":1655097851805000,"flow_dst_last_pkt_time":1655097851208000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105756270000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47350,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":553,"packets-processed":552,"total-skipped-flows":0,"total-l4-payload-len":41992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":70,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":607,"global_ts_usec":1655105790019000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":553,"packets-processed":552,"total-skipped-flows":0,"total-l4-payload-len":41992,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":70,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":607,"global_ts_usec":1655105790019000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655105790019000,"flow_src_last_pkt_time":1655105790019000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105790019000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_src_last_pkt_time":1655105790019000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655105790019000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8DWBAAD8G9OHAqAJkszzDMboSFGb46AYSAAAAAKAC\/\/\/MkwAAAgQFtAQCCArIAKx7AAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":554,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_src_last_pkt_time":1655105790049000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655105790049000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DWFAAD8G9OjAqAJkszzDMboSFGb46AYTXUqYTIAQAKwfkAAAAQEICsgArJpsf3jg"} @@ -612,7 +612,7 @@ 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":4,"flow_src_last_pkt_time":1655105790086000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655105790086000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLDWNAAD8G88\/AqAJkszzDMboSFGb46AYXXUqYTIAYAKwCvAAAAQEICsgArL9sf3kEAAAECAsICFdBBQIAAQkShgIKIKhBdjc2VPy8DR5rvHtno\/OCv0FzCxecldwoE0c0L4JHEjAk9D\/ZsxpIppNjRmSJJg3UjEzOPx84Wd7QQQQPBFbbHeahXxiBBwcGREcwaPBMXpIarwHexXT4AoY347kTk+5GKG\/TMtP1A3stxDLHBOYWDncAtU3x4qMUkZrLR7K+dUgdVZlOsTgRWO2CUaAluzf0j2Fzb7R+5hlR39l1\/ZaRg7f8jzTNBB7KEyhhlyVGvUUb9D2IbA+kci9HDk1Awcp6+eNy41CccaN6zt8m2Upix9rgC1aKZXJtjWqo6o8qfwZgqjycUVKJgFBByrw2KpKm9Ui19xk9NXKRclBEEjkbd5Nb"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":556,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655105790019000,"flow_src_last_pkt_time":1655105790086000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655105790086000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":557,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":5,"flow_src_last_pkt_time":1655105790243000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655105790243000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0DWRAAD8G9OXAqAJkszzDMboSFGb46AcuXUqYhYAQAKwcvAAAAQEICsgArVtsf3mf"} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":561,"packets-processed":560,"total-skipped-flows":0,"total-l4-payload-len":42315,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":71,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":615,"global_ts_usec":1655108001441000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":561,"packets-processed":560,"total-skipped-flows":0,"total-l4-payload-len":42315,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":71,"total-idle-flows":64,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":615,"global_ts_usec":1655108001441000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655108001441000,"flow_src_last_pkt_time":1655108001441000,"flow_dst_last_pkt_time":1655108001441000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108001441000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":561,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_src_last_pkt_time":1655108001441000,"flow_dst_last_pkt_time":1655108001441000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655108001441000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8CbZAAD8G+IvAqAJkszzDMcHKFGbmPQGiAAAAAKAC\/\/9GsQAAAgQFtAQCCApxlpgrAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":562,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":2,"flow_src_last_pkt_time":1655108001604000,"flow_dst_last_pkt_time":1655108001441000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655108001604000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0CbdAAD8G+JLAqAJkszzDMcHKFGbmPQGj6JAdY4AQAICr2gAAAQEICnGWmOHkUd4Y"} @@ -636,7 +636,7 @@ 00923{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":4,"flow_src_last_pkt_time":1655108453728000,"flow_dst_last_pkt_time":1655108453657000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655108453728000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLGEFAAD8G6PHAqAJkszzDMbp6FGaSP+CHCev7oYAYAKw4MQAAAQEICsgJ8ShJX8CRAAAECAsICFdBBQIAAQkShgIKIL4GNcYClGlnFtJLkAUkKwU0YIGOT1ari6I5ZZVmYZwEEjBM3cfaRk3NmpoqvEvIf\/plMcusmIxjZe+WNB5b3H9ZpAhyJr2ElSPTLvDTfBGDNXoarwFChKWOq45ClrR\/bKwxPt5WVALJ3p7gHJ3PeE5+4BSmqLvkqcXJSeBPukO\/3KeOa2xctKFPg8UQqu5430KrKc2rc8yz2wDaJbuHmUsqifuZOrOa9d7do8CB3NpqbcaBbwJO6IF+is8R53KmqzFzfirW+0az\/B2tEXxK9xumCMYP0Ea1nVt3bNSdFMCLUA3jls00aVfrTWWQ76aWPps6NeLEiNQre2sG18sdjW5i+Svf"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":580,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655108453657000,"flow_src_last_pkt_time":1655108453728000,"flow_dst_last_pkt_time":1655108453657000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108453728000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47738,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":581,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":5,"flow_src_last_pkt_time":1655108453883000,"flow_dst_last_pkt_time":1655108453657000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655108453883000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0GEJAAD8G6gfAqAJkszzDMbp6FGaSP+GeCev72oAQAKwvuQAAAQEICsgJ8cJJX8Es"} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":585,"packets-processed":584,"total-skipped-flows":0,"total-l4-payload-len":43736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":74,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":74,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":639,"global_ts_usec":1655108977493000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":585,"packets-processed":584,"total-skipped-flows":0,"total-l4-payload-len":43736,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":74,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":74,"total-idle-flows":66,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":639,"global_ts_usec":1655108977493000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655108977493000,"flow_src_last_pkt_time":1655108977493000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108977493000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37404,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":585,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_src_last_pkt_time":1655108977493000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655108977493000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8FDpAAD8G7gfAqAJkszzDMZIcFGYxkZdqAAAAAKAC\/\/+qXQAAAgQFtAQCCAo4hrwhAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":586,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":2,"flow_src_last_pkt_time":1655108977535000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655108977535000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0FDtAAD8G7g7AqAJkszzDMZIcFGYxkZdrFO3l4YAQAIAhNgAAAQEICjiGvEzZk+LX"} @@ -645,7 +645,7 @@ 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":588,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655108977493000,"flow_src_last_pkt_time":1655108977793000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":294,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108977793000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37404,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":589,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":5,"flow_src_last_pkt_time":1655108978003000,"flow_dst_last_pkt_time":1655108977493000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655108978003000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0FD5AAD8G7gvAqAJkszzDMZIcFGYxkZiRFO3mGoAQAIAcXwAAAQEICjiGvh\/Zk+R8"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655101503188000,"flow_src_last_pkt_time":1655101503710000,"flow_dst_last_pkt_time":1655101503188000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655108978075000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47296,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":593,"packets-processed":592,"total-skipped-flows":0,"total-l4-payload-len":44070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":75,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":75,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":648,"global_ts_usec":1655109656108000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":593,"packets-processed":592,"total-skipped-flows":0,"total-l4-payload-len":44070,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":75,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":75,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":648,"global_ts_usec":1655109656108000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655109656108000,"flow_src_last_pkt_time":1655109656108000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655109656108000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47776,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_src_last_pkt_time":1655109656108000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655109656108000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8kRFAAD8GcTDAqAJkszzDMbqgFGZw+MTeAAAAAKAC\/\/+uLgAAAgQFtAQCCArIDZNpAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":594,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_src_last_pkt_time":1655109656138000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655109656138000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kRJAAD8GcTfAqAJkszzDMbqgFGZw+MTfqcWd3IAQAKwWxQAAAQEICsgNk4cgPV1+"} @@ -653,7 +653,7 @@ 00927{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":4,"flow_src_last_pkt_time":1655109656174000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655109656174000,"pkt":"eJS0JASgYDjgxTWgCABFAAFLkRRAAD8GcB7AqAJkszzDMbqgFGZw+MTjqcWd3IAYAKyltAAAAQEICsgNk6wgPV2jAAAECAsICFdBBQIAAQkShgIKIEJnBc1C4LBUWYfVbR0MBs9Vedh2qDkdgnthFMah69sKEjBbeqUlhFEGlyZlGLbvtxNl\/jG22mlNm7QBJQkWKNjzIn\/01On7w2ne\/8HGawLaqpkarwEicy2ftvBeqkkjE79mspVBiH7RCSjPWzB6FmmUK5adnY4tSCupr4L8zEulLShlb42L2ygwAJWPT\/rKs0UFx7KndVJpDEadUP6eTjbAebv+s3CAz8N0PgdAKd4fdxZKDAmXjLytK+7C\/GlCD7+MjsRV\/YR1nCCWemBWD39Ghixh3pdU1PeBRsTMgwSjnxYX6cAr\/SyebNkgj3aPLvg9zeigfUqchhJ5kTR0D9TdtI\/M"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":596,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655109656108000,"flow_src_last_pkt_time":1655109656174000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":283,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655109656174000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47776,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":5,"flow_src_last_pkt_time":1655109656661000,"flow_dst_last_pkt_time":1655109656108000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655109656661000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0kRVAAD8GcTTAqAJkszzDMbqgFGZw+MX6qcWeFYAQAKwTEAAAAQEICsgNlMggPV6e"} -00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":601,"packets-processed":600,"total-skipped-flows":0,"total-l4-payload-len":44353,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":76,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":76,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":656,"global_ts_usec":1655110961423000} +00642{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":601,"packets-processed":600,"total-skipped-flows":0,"total-l4-payload-len":44353,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":76,"total-detection-updates":0,"total-updates":0,"current-active-flows":9,"total-active-flows":76,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":656,"global_ts_usec":1655110961423000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655110961423000,"flow_src_last_pkt_time":1655110961423000,"flow_dst_last_pkt_time":1655110961423000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655110961423000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37766,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":601,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_src_last_pkt_time":1655110961423000,"flow_dst_last_pkt_time":1655110961423000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655110961423000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8fpBAAD8Gg7HAqAJkszzDMZOGFGbaRgeTAAAAAKAC\/\/9KQgAAAgQFtAQCCAo4pQHWAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":602,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_src_last_pkt_time":1655110961452000,"flow_dst_last_pkt_time":1655110961423000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655110961452000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0fpFAAD8Gg7jAqAJkszzDMZOGFGbaRgeUJF2xy4AQAIA9NgAAAQEICjilAfPDMqHR"} @@ -668,7 +668,7 @@ 00919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":4,"flow_src_last_pkt_time":1655111269298000,"flow_dst_last_pkt_time":1655111268965000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":339,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":339,"pkt_l4_len":305,"thread_ts_usec":1655111269298000,"pkt":"eJS0JASgYDjgxTWgCABFAAFFEa5AAD8G74rAqAJkszzDMZMqFGZD+lK+LP1J\/oAYAVfosgAAAQEICkpzeEH1Cal8AAAECAkIAldBBQIAAQMSgAIKIP05yfQLJ1k4YN75b0bGs4Ylgfmfi\/IFvLiPro6jlGQtEjCmbiVahf1VncWlfaTW+\/WbaSRS6QjS2Nsx9o5oyyNwCpGWS5inFdgz\/63J5F44t2MaqQE4ehodUlmNxZZkAWB\/iaJy2eF3safRoUpltQuob\/02ypH9\/ICdJd2p2TWDHcxzcX66mvMqGSN7Wb7mMYyTgz4r47n2GtS2axys7Ye7ZeiVO3xW7+KyiB\/rYsIxQGuPcE4aCqDM4RDuTwrDeCdFnZSRZRWwcY+eNMdvHg+NXYk3ucRHAxE2dnxF6LET0mzlPVCJrUd+kcZ1qwDG6+QiSEpHfASwoatuph7m"} 01061{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":612,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655111268965000,"flow_src_last_pkt_time":1655111269298000,"flow_dst_last_pkt_time":1655111268965000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":273,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":277,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655111269298000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37674,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":613,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":78,"flow_packet_id":5,"flow_src_last_pkt_time":1655111269446000,"flow_dst_last_pkt_time":1655111268965000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655111269446000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Ea9AAD8G8JrAqAJkszzDMZMqFGZD+lPPLP1KN4AQAVci+gAAAQEICkpzeNX1CaoQ"} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":617,"packets-processed":616,"total-skipped-flows":0,"total-l4-payload-len":44964,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":78,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":78,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":671,"global_ts_usec":1655111789393000} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":617,"packets-processed":616,"total-skipped-flows":0,"total-l4-payload-len":44964,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":78,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":78,"total-idle-flows":67,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":671,"global_ts_usec":1655111789393000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655111789393000,"flow_src_last_pkt_time":1655111789393000,"flow_dst_last_pkt_time":1655111789393000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655111789393000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47810,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":617,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_src_last_pkt_time":1655111789393000,"flow_dst_last_pkt_time":1655111789393000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655111789393000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8zPVAAD8GNUzAqAJkszzDMbrCFGZ1lRVTAAAAAKAC\/\/8y6QAAAgQFtAQCCArIErl2AAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":2,"flow_src_last_pkt_time":1655111789426000,"flow_dst_last_pkt_time":1655111789393000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655111789426000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0zPZAAD8GNVPAqAJkszzDMbrCFGZ1lRVUyQX5N4AQAKyN9wAAAQEICsgSuZfNwELk"} @@ -698,7 +698,7 @@ 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":643,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":4,"flow_src_last_pkt_time":1655111980926000,"flow_dst_last_pkt_time":1655111980926000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1655111980926000,"pkt":"eJS0JASgYDjgxTWgCABFAAA7nT5AAD8GZRTAqAJkszzDIbXwFGY7fhdvAsizuoAYAKwsNgAAAQEICgaMpcv4l4WbAAAECAkIBQ=="} 01058{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":643,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655111980926000,"flow_src_last_pkt_time":1655111980926000,"flow_dst_last_pkt_time":1655111980926000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":11,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655111980926000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46576,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":5,"flow_src_last_pkt_time":1655111980926000,"flow_dst_last_pkt_time":1655111980926000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655111980926000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4nT9AAD8GZRbAqAJkszzDIbXwFGY7fhd2AsizuoAYAKzh\/QAAAQEICgaMpcz4l4WbV0EFAg=="} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":648,"packets-processed":647,"total-skipped-flows":0,"total-l4-payload-len":48127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":82,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":82,"total-idle-flows":68,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":701,"global_ts_usec":1655113084330000} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":648,"packets-processed":647,"total-skipped-flows":0,"total-l4-payload-len":48127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":82,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":82,"total-idle-flows":68,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":701,"global_ts_usec":1655113084330000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655113084330000,"flow_src_last_pkt_time":1655113084330000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655113084330000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":38234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":648,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_src_last_pkt_time":1655113084330000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655113084330000,"pkt":"eJS0JASgYDjgxTWgCABFAAA81OlAAD8GLVjAqAJkszzDMZVaFGZIDGKXAAAAAKAC\/\/9f+wAAAgQFtAQCCAo4tSFvAAAAAAEDAwk="} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":649,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":2,"flow_src_last_pkt_time":1655113084383000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655113084383000,"pkt":"eJS0JASgYDjgxTWgCABFAAA01OpAAD8GLV\/AqAJkszzDMZVaFGZIDGKYqtuzMYAQAID\/YQAAAQEICji1IaRj8syi"} @@ -707,7 +707,7 @@ 01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":651,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1655113084330000,"flow_src_last_pkt_time":1655113084612000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":11,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":15,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655113084612000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":38234,"dst_port":5222,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":5,"flow_src_last_pkt_time":1655113084695000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":345,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":345,"pkt_l4_len":311,"thread_ts_usec":1655113084695000,"pkt":"eJS0JASgYDjgxTWgCABFAAFL1O1AAD8GLEXAqAJkszzDMZVaFGZIDGKnqtuzMYAYAICmWQAAAQEICji1Ittj8s28AAEUEpECCiDQISpTuXT+fM1sVkgw9WSLhrRW\/MBiu5786BpIyh5jNBIwxj9Q9UJOznhSMHnK6hbgij+Wn2mU2B0vnbqpx84LX7F2R0vRlMyngyZbJGEpS6eJGroBDO+WJEaCNNBpJpkKqD5ipZMWusBkF0O4ja17SAtzM8tcqpQHA1Ryn4IXnff6jdyTgrVnQ9p0q0zO8Z2L7OrR\/VxGLNyah9h+Dts\/xWbiwFwGdkGxB86jTRrNuzzS5ZqpLR8z+aMqtTHgeMMHJ8NjzeY1grhJv2Jkud6\/sCK3wgpP8qkvIm\/N9uMKCMUrETtZtKz7NH9R2gQC5GKMOSMAzJLwfMCDS3Dqwe3W3A2iV7eapzM+FP+FTQbd"} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655105188559000,"flow_src_last_pkt_time":1655105188835000,"flow_dst_last_pkt_time":1655105188559000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":302,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":588,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655113084909000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47590,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":656,"packets-processed":655,"total-skipped-flows":0,"total-l4-payload-len":48424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":83,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":83,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":710,"global_ts_usec":1655114622076000} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":656,"packets-processed":655,"total-skipped-flows":0,"total-l4-payload-len":48424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":83,"total-detection-updates":0,"total-updates":0,"current-active-flows":14,"total-active-flows":83,"total-idle-flows":69,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":710,"global_ts_usec":1655114622076000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655114622076000,"flow_src_last_pkt_time":1655114622076000,"flow_dst_last_pkt_time":1655114622076000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655114622076000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":47284,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00559{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":656,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":1,"flow_src_last_pkt_time":1655114622076000,"flow_dst_last_pkt_time":1655114622076000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655114622076000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8E3JAAD8G7t\/AqAJkszzDIbi0FGYRoZALAAAAAKAC\/\/83+QAAAgQFtAQCCAoGqmEpAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":657,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":2,"flow_src_last_pkt_time":1655114622106000,"flow_dst_last_pkt_time":1655114622076000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655114622106000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0E3NAAD8G7ubAqAJkszzDIbi0FGYRoZAMgQqHroAQAKz9CwAAAQEICgaqYVZ8b+Op"} @@ -717,7 +717,7 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":660,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":84,"flow_packet_id":5,"flow_src_last_pkt_time":1655114622115000,"flow_dst_last_pkt_time":1655114622076000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1655114622115000,"pkt":"eJS0JASgYDjgxTWgCABFAAA4E3ZAAD8G7t\/AqAJkszzDIbi0FGYRoZAXgQqHroAYAKygqAAAAQEICgaqYV98b+OpV0EFAg=="} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655105755895000,"flow_src_last_pkt_time":1655105756270000,"flow_dst_last_pkt_time":1655105755895000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655114622275000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49428,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655105790019000,"flow_src_last_pkt_time":1655105790289000,"flow_dst_last_pkt_time":1655105790019000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":323,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655114622275000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47634,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":664,"packets-processed":663,"total-skipped-flows":0,"total-l4-payload-len":49697,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":84,"total-detection-updates":0,"total-updates":0,"current-active-flows":13,"total-active-flows":84,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":720,"global_ts_usec":1655116217773000} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":664,"packets-processed":663,"total-skipped-flows":0,"total-l4-payload-len":49697,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":84,"total-detection-updates":0,"total-updates":0,"current-active-flows":13,"total-active-flows":84,"total-idle-flows":71,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":720,"global_ts_usec":1655116217773000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655116217773000,"flow_src_last_pkt_time":1655116217773000,"flow_dst_last_pkt_time":1655116217773000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116217773000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":39334,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":664,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":1,"flow_src_last_pkt_time":1655116217773000,"flow_dst_last_pkt_time":1655116217773000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655116217773000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8AehAAD8GAFrAqAJkszzDMZmmFGbbOiylAAAAAKAC\/\/9QjQAAAgQFtAQCCApyEZX4AAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":85,"flow_packet_id":2,"flow_src_last_pkt_time":1655116217805000,"flow_dst_last_pkt_time":1655116217773000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655116217805000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0AelAAD8GAGHAqAJkszzDMZmmFGbbOiymFXtouYAQAIBHtQAAAQEICnIRlijWRuJq"} @@ -728,7 +728,7 @@ 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655108001441000,"flow_src_last_pkt_time":1655108001999000,"flow_dst_last_pkt_time":1655108001441000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":518,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116218131000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":49610,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655108385462000,"flow_src_last_pkt_time":1655108385787000,"flow_dst_last_pkt_time":1655108385462000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":290,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116218131000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":37378,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655108453657000,"flow_src_last_pkt_time":1655108453928000,"flow_dst_last_pkt_time":1655108453657000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":320,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":606,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116218131000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":47738,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":672,"packets-processed":671,"total-skipped-flows":0,"total-l4-payload-len":50313,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":85,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":85,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":731,"global_ts_usec":1655116940904000} +00643{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":672,"packets-processed":671,"total-skipped-flows":0,"total-l4-payload-len":50313,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":85,"total-detection-updates":0,"total-updates":0,"current-active-flows":11,"total-active-flows":85,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":731,"global_ts_usec":1655116940904000} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655116940904000,"flow_src_last_pkt_time":1655116940904000,"flow_dst_last_pkt_time":1655116940904000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116940904000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":40006,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":672,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":1,"flow_src_last_pkt_time":1655116940904000,"flow_dst_last_pkt_time":1655116940904000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655116940904000,"pkt":"eJS0JASgYDjgxTWgCABFAAA890NAAD8GCv7AqAJkszzDMZxGFGZlwIwQAAAAAKAC\/\/9j2AAAAgQFtAQCCApyHJYRAAAAAAEDAwk="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":86,"flow_packet_id":2,"flow_src_last_pkt_time":1655116940935000,"flow_dst_last_pkt_time":1655116940904000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1655116940935000,"pkt":"eJS0JASgYDjgxTWgCABFAAA090RAAD8GCwXAqAJkszzDMZxGFGZlwIwR5J7sZYAQAIAZ6gAAAQEICnIclkN2QDC1"} @@ -748,7 +748,7 @@ 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655111826253000,"flow_src_last_pkt_time":1655111826511000,"flow_dst_last_pkt_time":1655111826253000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116941291000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46394,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01100{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655113084330000,"flow_src_last_pkt_time":1655113084909000,"flow_dst_last_pkt_time":1655113084330000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":279,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":297,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116941291000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.49","src_port":38234,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01102{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1655111980926000,"flow_src_last_pkt_time":1655111980926000,"flow_dst_last_pkt_time":1655111980926000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1258,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1273,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655116941291000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"179.60.195.33","src_port":46576,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":679,"packets-processed":679,"total-skipped-flows":0,"total-l4-payload-len":50635,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":86,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":86,"total-idle-flows":86,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":751,"global_ts_usec":1655116941291000} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":679,"source":"cfgs\/default\/pcap\/whatsapp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":679,"packets-processed":679,"total-skipped-flows":0,"total-l4-payload-len":50635,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":86,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":86,"total-idle-flows":86,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":751,"global_ts_usec":1655116941291000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 679/679 ~~ skipped flows.............: 0 @@ -757,9 +757,9 @@ ~~ total active/idle flows...: 86/86 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8145152 bytes -~~ total memory freed........: 8145152 bytes -~~ total allocations/frees...: 148071/148071 +~~ total memory allocated....: 11852411 bytes +~~ total memory freed........: 11852411 bytes +~~ total allocations/frees...: 218325/218325 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 546 chars ~~ json string max len.......: 2263 chars diff --git a/test/results/default/whatsapp_login_call.pcap.out b/test/results/default/whatsapp_login_call.pcap.out index a040302b3..a5a321833 100644 --- a/test/results/default/whatsapp_login_call.pcap.out +++ b/test/results/default/whatsapp_login_call.pcap.out @@ -1,5 +1,5 @@ -00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1432582222253233} +00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1432582222253233} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582222253233,"flow_src_last_pkt_time":1432582222253233,"flow_dst_last_pkt_time":1432582222253233,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582222253233,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1432582222253233,"flow_dst_last_pkt_time":1432582222253233,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1432582222253233,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0DNdAAEAG9U7AqAIEEaxkRsAvA+GIPSCcUlOPyIAQH\/poTQAAAQEICi36Gt0QlQ1l"} 00787{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1432582222267722,"flow_dst_last_pkt_time":1432582222253233,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_usec":1432582222267722,"pkt":"xiwDYGpkAPS5Jrv0CABFAADeU1tAAEAGriDAqAIEEaxkRsAvA+GIPSCcUlOPyIAYIAB\/kgAAAQEICi36GusQlQ1lFwMBACCNqYpymgjJuQNgLA+QJekfsmHWqykdlwnJ8t48lRIpCxcDAQCAv+6eyOO6KHhFdGRnKCRyPqihrwnYLrpV5EXpUrXv8Q2ow7fiZ\/ErfHE9ZAprbeZEb1cjDczzZ9GWtg7wUDK1rjYT+gKbhCMZiNQZ3QlWly2tQPPw5M7rqWdzOWy2ATMXqxCkXOBCTdOBYD70ikDCSIjo2fZ8\/cJDhiGvSnc\/9Rw="} @@ -118,35 +118,35 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":3,"flow_src_last_pkt_time":1432582236282161,"flow_dst_last_pkt_time":1432582236144785,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432582236282161,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAoODNAAEAGygnAqAIEEaxkO8AcAbueodpRe0gK3lAQ\/\/+2TwAA"} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238790823,"flow_src_last_pkt_time":1432582238790823,"flow_dst_last_pkt_time":1432582238790823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238790823,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1432582238790823,"flow_dst_last_pkt_time":1432582238790823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238790823,"pkt":"xiwDYGpkAPS5Jrv0CABFwACarW0AAEARhl7AqAIEHw1kDsk+DZYAhpcUAAMAaiESpEIAAHUQ+ENDH9BeI3lAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238790823,"flow_src_last_pkt_time":1432582238790823,"flow_dst_last_pkt_time":1432582238790823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238790823,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +01096{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238790823,"flow_src_last_pkt_time":1432582238790823,"flow_dst_last_pkt_time":1432582238790823,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238790823,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.100.14","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1432582238790889,"flow_dst_last_pkt_time":1432582238790823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238790889,"pkt":"xiwDYGpkAPS5Jrv0CABFwACat4MAAEARfEjAqAIEHw1kDsk+DZYAhpcUAAMAaiESpEIAAHUQ+ENDH9BeI3lAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791013,"flow_src_last_pkt_time":1432582238791013,"flow_dst_last_pkt_time":1432582238791013,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791013,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1432582238791013,"flow_dst_last_pkt_time":1432582238791013,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238791013,"pkt":"xiwDYGpkAPS5Jrv0CABFwACayJAAAEARiRnAqAIEHw1GMMk+DZYAho7CAAMAaiESpEIAACUBlIyWX5N55xRAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791013,"flow_src_last_pkt_time":1432582238791013,"flow_dst_last_pkt_time":1432582238791013,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791013,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791013,"flow_src_last_pkt_time":1432582238791013,"flow_dst_last_pkt_time":1432582238791013,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791013,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.70.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1432582238791094,"flow_dst_last_pkt_time":1432582238791013,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238791094,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaw2YAAEARjkPAqAIEHw1GMMk+DZYAho7CAAMAaiESpEIAACUBlIyWX5N55xRAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791235,"flow_src_last_pkt_time":1432582238791235,"flow_dst_last_pkt_time":1432582238791235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791235,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_src_last_pkt_time":1432582238791235,"flow_dst_last_pkt_time":1432582238791235,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238791235,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa2EoAAEARf1\/AqAIEHw1AMMk+DZYAhnzzAAMAaiESpEIAAN5oNK0Wc\/NrxVVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791235,"flow_src_last_pkt_time":1432582238791235,"flow_dst_last_pkt_time":1432582238791235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791235,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791235,"flow_src_last_pkt_time":1432582238791235,"flow_dst_last_pkt_time":1432582238791235,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791235,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.64.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":2,"flow_src_last_pkt_time":1432582238791350,"flow_dst_last_pkt_time":1432582238791235,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238791350,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa9a4AAEARYfvAqAIEHw1AMMk+DZYAhnzzAAMAaiESpEIAAN5oNK0Wc\/NrxVVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791504,"flow_src_last_pkt_time":1432582238791504,"flow_dst_last_pkt_time":1432582238791504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791504,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_src_last_pkt_time":1432582238791504,"flow_dst_last_pkt_time":1432582238791504,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238791504,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa8J4AAEARUgvAqAIEHw1VMMk+DZYAhiWBAAMAaiESpEIAADIU0Oi5cQTqY2RAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791504,"flow_src_last_pkt_time":1432582238791504,"flow_dst_last_pkt_time":1432582238791504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791504,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":225,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791504,"flow_src_last_pkt_time":1432582238791504,"flow_dst_last_pkt_time":1432582238791504,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791504,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.85.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_src_last_pkt_time":1432582238791682,"flow_dst_last_pkt_time":1432582238791504,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238791682,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaLVIAAEARFVjAqAIEHw1VMMk+DZYAhiWBAAMAaiESpEIAADIU0Oi5cQTqY2RAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791744,"flow_src_last_pkt_time":1432582238791744,"flow_dst_last_pkt_time":1432582238791744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791744,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_src_last_pkt_time":1432582238791744,"flow_dst_last_pkt_time":1432582238791744,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238791744,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaNZEAAEARBxnAqAIEHw1bMMk+DZYAhs2+AAMAaiESpEIAAJhbSrigEVALo05AAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791744,"flow_src_last_pkt_time":1432582238791744,"flow_dst_last_pkt_time":1432582238791744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791744,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791744,"flow_src_last_pkt_time":1432582238791744,"flow_dst_last_pkt_time":1432582238791744,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791744,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.91.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":228,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_src_last_pkt_time":1432582238791932,"flow_dst_last_pkt_time":1432582238791744,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238791932,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa90wAAEARRV3AqAIEHw1bMMk+DZYAhs2+AAMAaiESpEIAAJhbSrigEVALo05AAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791993,"flow_src_last_pkt_time":1432582238791993,"flow_dst_last_pkt_time":1432582238791993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791993,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_src_last_pkt_time":1432582238791993,"flow_dst_last_pkt_time":1432582238791993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238791993,"pkt":"xiwDYGpkAPS5Jrv0CABFwACahRkAAEARwwDAqAIEHw1PwMk+DZYAhkfEAAMAaiESpEIAADsyhsRFd5d2aQVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791993,"flow_src_last_pkt_time":1432582238791993,"flow_dst_last_pkt_time":1432582238791993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791993,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01096{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":229,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238791993,"flow_src_last_pkt_time":1432582238791993,"flow_dst_last_pkt_time":1432582238791993,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238791993,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":230,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":2,"flow_src_last_pkt_time":1432582238792200,"flow_dst_last_pkt_time":1432582238791993,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238792200,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaCdEAAEARPknAqAIEHw1PwMk+DZYAhkfEAAMAaiESpEIAADsyhsRFd5d2aQVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238792300,"flow_src_last_pkt_time":1432582238792300,"flow_dst_last_pkt_time":1432582238792300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238792300,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_src_last_pkt_time":1432582238792300,"flow_dst_last_pkt_time":1432582238792300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238792300,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaWjwAAEAR4G3AqAIEHw1dMMk+DZYAhleUAAMAaiESpEIAAOhOyhcXEAbXGlxAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238792300,"flow_src_last_pkt_time":1432582238792300,"flow_dst_last_pkt_time":1432582238792300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238792300,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":231,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238792300,"flow_src_last_pkt_time":1432582238792300,"flow_dst_last_pkt_time":1432582238792300,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238792300,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":232,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":2,"flow_src_last_pkt_time":1432582238792451,"flow_dst_last_pkt_time":1432582238792300,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238792451,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaWaMAAEAR4QbAqAIEHw1dMMk+DZYAhleUAAMAaiESpEIAAOhOyhcXEAbXGlxAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238792569,"flow_src_last_pkt_time":1432582238792569,"flow_dst_last_pkt_time":1432582238792569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238792569,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_src_last_pkt_time":1432582238792569,"flow_dst_last_pkt_time":1432582238792569,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238792569,"pkt":"xiwDYGpkAPS5Jrv0CABFwACagnUAAEARzDTAqAIEHw1JMMk+DZYAhhoqAAMAaiESpEIAABpmz0oddRqYGlZAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238792569,"flow_src_last_pkt_time":1432582238792569,"flow_dst_last_pkt_time":1432582238792569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238792569,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":233,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582238792569,"flow_src_last_pkt_time":1432582238792569,"flow_dst_last_pkt_time":1432582238792569,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582238792569,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":2,"flow_src_last_pkt_time":1432582238792699,"flow_dst_last_pkt_time":1432582238792569,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582238792699,"pkt":"xiwDYGpkAPS5Jrv0CABFwACakcIAAEARvOfAqAIEHw1JMMk+DZYAhhoqAAMAaiESpEIAABpmz0oddRqYGlZAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":3,"flow_src_last_pkt_time":1432582238791350,"flow_dst_last_pkt_time":1432582238857632,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582238857632,"pkt":"APS5Jrv0xiwDYGpkCABFAABI28gAAFURZ\/MfDUAwwKgCBA2WyT4ANKxZAQMAGCESpEIAAN5oNK0Wc\/NrxVUAIAAIAAGRdm4xsYdAAgAIAAABTYyOMnU="} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":4,"flow_src_last_pkt_time":1432582238791350,"flow_dst_last_pkt_time":1432582238857679,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582238857679,"pkt":"APS5Jrv0xiwDYGpkCABFAABI28kAAFURZ\/IfDUAwwKgCBA2WyT4ANKxXAQMAGCESpEIAAN5oNK0Wc\/NrxVUAIAAIAAGRdm4xsYdAAgAIAAABTYyOMnc="} @@ -193,10 +193,10 @@ 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":310,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":5,"flow_src_last_pkt_time":1432582238792451,"flow_dst_last_pkt_time":1432582257197582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_usec":1432582257197582,"pkt":"APS5Jrv0xiwDYGpkCABFAAByH68AAFYRBeMfDV0wwKgCBA2WyT4AXrjagckACUwonm2wHgwTDvqn09dI5Tl\/4L+Lv6PBoXbsprKS9SgxRhWHjq5qsMlCLel9YINSbVW1kyOkA+bDEjDWVO8fpWX9e7C0gAAAAVvv5xPqYsEj4ls="} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582258587552,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582258587552,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_src_last_pkt_time":1432582258587552,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582258587552,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIJ6AAAEARMxjAqAIEAcJav8k+65gANBimAAEAGCESpEI2xNtJG9sue8sIM0EACAAU5G1owzzn9g07DgjX0q3CWkGBWA0="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582258587552,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582258587552,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":334,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582258587552,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582258587552,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582258730153,"flow_dst_last_pkt_time":1432582258730153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582258730153,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_src_last_pkt_time":1432582258730153,"flow_dst_last_pkt_time":1432582258730153,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582258730153,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIG0oAAEARj7DAqAIEW\/2wQck+JIAANKXrAAEAGCESpELdaIZ9jcVOA62tiygACAAUhE7qa\/gs1xldMnASKkUclFJWums="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582258730153,"flow_dst_last_pkt_time":1432582258730153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582258730153,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":338,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582258730153,"flow_dst_last_pkt_time":1432582258730153,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582258730153,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":341,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":2,"flow_src_last_pkt_time":1432582258730153,"flow_dst_last_pkt_time":1432582258815685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582258815685,"pkt":"APS5Jrv0xiwDYGpkCABFAABI4nIAAC8R2kdb\/bBBwKgCBCSAyT4ANOAtAQEAGCESpELdaIZ9jcVOA62tiygACAAUsHui2xBS6T5qw9kAv9V6SryCnE8="} 00932{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":3,"flow_src_last_pkt_time":1432582258825375,"flow_dst_last_pkt_time":1432582258815685,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1432582258825375,"pkt":"xiwDYGpkAPS5Jrv0CABFwAFIgM0AAEARKS3AqAIEW\/2wQck+JIABNDV+gPhBLgAAPABUWSgkrOczzTmmNaWeHGyeFn5K8vlkangPxwACY7IwMpCpL5qUBEDYknjmXwiwt1Sg\/GoDEpuWps7K3BPScguv1CoIPKC+VL4kk69VBQy2eU1f6p0OhYSXKAcM\/9HmK5KZeJJnhjzxZ+J\/AtWZs+X8uDaujdvMYKyUONaU\/07PQLiEd81h3NGLNxCpTNYPkmMGXMy1y+UaiUzN89zB2\/RkHbLVqN6e+nvnnRR2frMRlVsFWAJQmXtD929e1+a2u\/RdJfu15HCbSLl3jTXDbl84mpeVYYxkc3LSpxB7HrCYZEpYcCniVsfACmA6zpHVbv1BlaoQu+KuUWJT2eQ73+Vh12sP5aPix21kFcGvLfE3UalmxPkTCEhiCOUQRQbTvOcEo103"} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":4,"flow_src_last_pkt_time":1432582258825375,"flow_dst_last_pkt_time":1432582258881819,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582258881819,"pkt":"APS5Jrv0xiwDYGpkCABFAABIE\/gAAC8RqMJb\/bBBwKgCBCSAyT4ANMrWAAEAGCESpEKeaboEfgZsasdwHloACAAUqRSMFuqpInS4y87I6AOf8O\/PSC8="} @@ -204,7 +204,7 @@ 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":2,"flow_src_last_pkt_time":1432582259254832,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582259254832,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIbNAAAEAR7efAqAIEAcJav8k+65gANKlVAAEAGCESpEKmTTdqxAPLVFlkZFwACAAUe9SyVdo3\/CPkaMOU00d3jUs\/Tzg="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":3,"flow_src_last_pkt_time":1432582259886962,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582259886962,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI77MAAEARawTAqAIEAcJav8k+65gANKqSAAEAGCESpEK30Ms3\/7rzJdDOeSQACAAUjiMqFpbreAaLOXedI1Eon++y9eE="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":374,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":4,"flow_src_last_pkt_time":1432582260514270,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582260514270,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI+cUAAEARYPLAqAIEAcJav8k+65gANJE\/AAEAGCESpEJlzPg4GxgzVtPAczQACAAUByzPknXSQgU3SCNOJEjP0trCKUQ="} -02484{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582260754649,"flow_dst_last_pkt_time":1432582260775626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":289,"flow_src_tot_l4_payload_len":3471,"flow_dst_tot_l4_payload_len":2001,"midstream":0,"thread_ts_usec":1432582260775626,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":44,"avg":131289.3,"max":352421,"stddev":70223.6,"var":4931354624.0,"ent":4.7,"data": [85532,95222,66134,60379,102693,208383,184141,159624,139073,188537,352421,23426,152856,55080,31139,91630,61,141160,44,163250,159227,188593,161930,163639,162107,156758,164890,143228,181638,163297,123877]},"pktlen": {"min":50,"avg":199.0,"max":337,"stddev":98.8,"var":9763.6,"ent":4.8,"data": [72,72,328,72,72,301,211,297,234,301,206,134,50,235,185,134,123,54,246,54,260,120,337,103,301,103,305,229,306,317,315,291]},"bins": {"c_to_s": [1,2,1,1,0,1,1,1,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,3,1,1,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.642145634,5.662571430,7.306882858,5.607016087,5.619208336,7.276579380,6.918804169,7.219153404,7.014481544,7.348511696,6.906354427,6.461464405,5.083854198,6.954874992,6.766034603,6.415629864,6.367953777,5.205786228,7.119737148,5.148316383,7.136041164,6.350277901,7.294374466,6.069901943,7.367813587,6.103599548,7.328564644,7.015753746,7.285601139,7.344736099,7.265763760,7.231878281]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02492{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":378,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582260754649,"flow_dst_last_pkt_time":1432582260775626,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":309,"flow_dst_max_l4_payload_len":289,"flow_src_tot_l4_payload_len":3471,"flow_dst_tot_l4_payload_len":2001,"midstream":0,"thread_ts_usec":1432582260775626,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":44,"avg":131289.3,"max":352421,"stddev":70223.6,"var":4931354624.0,"ent":4.7,"data": [85532,95222,66134,60379,102693,208383,184141,159624,139073,188537,352421,23426,152856,55080,31139,91630,61,141160,44,163250,159227,188593,161930,163639,162107,156758,164890,143228,181638,163297,123877]},"pktlen": {"min":50,"avg":199.0,"max":337,"stddev":98.8,"var":9763.6,"ent":4.8,"data": [72,72,328,72,72,301,211,297,234,301,206,134,50,235,185,134,123,54,246,54,260,120,337,103,301,103,305,229,306,317,315,291]},"bins": {"c_to_s": [1,2,1,1,0,1,1,1,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,3,1,1,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1],"entropies": [5.642145634,5.662571430,7.306882858,5.607016087,5.619208336,7.276579380,6.918804169,7.219153404,7.014481544,7.348511696,6.906354427,6.461464405,5.083854198,6.954874992,6.766034603,6.415629864,6.367953777,5.205786228,7.119737148,5.148316383,7.136041164,6.350277901,7.294374466,6.069901943,7.367813587,6.103599548,7.328564644,7.015753746,7.285601139,7.344736099,7.265763760,7.231878281]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":385,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":5,"flow_src_last_pkt_time":1432582261145565,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582261145565,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIYAcAAEAR+rDAqAIEAcJav8k+65gANF9sAAEAGCESpEJrlvABy0sjWqgqRUMACAAUZ+Ym0GC+WjRbPeLsPQxQ+KfJET0="} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":817,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1432582267969615,"flow_dst_last_pkt_time":1432582238888265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582267969615,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaQoIAAEAR8UnAqAIEHw1kDsk+DZYAho8WCAAAaiESpEIAAHUQ+ENDH9BeI3pAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} 00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":818,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1432582267970545,"flow_dst_last_pkt_time":1432582239035335,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582267970545,"pkt":"xiwDYGpkAPS5Jrv0CABFwACadjsAAEAR227AqAIEHw1GMMk+DZYAhobECAAAaiESpEIAACUBlIyWX5N55xVAAABmAQCp9g36qkiVOtLQr3ViX6FsbDYXjEJ9QGAivtjborGILbaLFUctqtKwjyuh8hQDpfay6HpQUwtK9uAMfRAxRJKoeR4kQioyDnAbRIAxuEByQdpCzZp5JzNQR7k0c+gy5xI4fd1T"} @@ -261,35 +261,35 @@ 00940{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":868,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":5,"flow_src_last_pkt_time":1432582288984274,"flow_dst_last_pkt_time":1432582271840128,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1432582288984274,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIRFAAAP8RdlUAAAAA\/\/\/\/\/wBEAEMBNOdPAQEGALYzLg0AEQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwkBAwYPd1\/8LC45AgXcPQcB2DBiVgAcMwQAdqcADApMdWNhcy1pTWFj\/wAAAAAAAAAAAAAAAAAA"} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":871,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296337662,"flow_src_last_pkt_time":1432582296337662,"flow_dst_last_pkt_time":1432582296337662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296337662,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":871,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_src_last_pkt_time":1432582296337662,"flow_dst_last_pkt_time":1432582296337662,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296337662,"pkt":"xiwDYGpkAPS5Jrv0CABFwACalSUAAEARuYTAqAIEHw1JMM46DZYAhue1AAMAaiESpEIAAPA16Ue1KOAmhBVAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296337662,"flow_src_last_pkt_time":1432582296337662,"flow_dst_last_pkt_time":1432582296337662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296337662,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":871,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296337662,"flow_src_last_pkt_time":1432582296337662,"flow_dst_last_pkt_time":1432582296337662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296337662,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.73.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":872,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_src_last_pkt_time":1432582296337727,"flow_dst_last_pkt_time":1432582296337662,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296337727,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaZm0AAEAR6DzAqAIEHw1JMM46DZYAhue1AAMAaiESpEIAAPA16Ue1KOAmhBVAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":873,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296337848,"flow_src_last_pkt_time":1432582296337848,"flow_dst_last_pkt_time":1432582296337848,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296337848,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":873,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_src_last_pkt_time":1432582296337848,"flow_dst_last_pkt_time":1432582296337848,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296337848,"pkt":"xiwDYGpkAPS5Jrv0CABFwACajDIAAEARrnfAqAIEHw1dMM46DZYAhkaaAAMAaiESpEIAABQXleBLNAVxhWFAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":873,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296337848,"flow_src_last_pkt_time":1432582296337848,"flow_dst_last_pkt_time":1432582296337848,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296337848,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":873,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296337848,"flow_src_last_pkt_time":1432582296337848,"flow_dst_last_pkt_time":1432582296337848,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296337848,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":874,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_src_last_pkt_time":1432582296337941,"flow_dst_last_pkt_time":1432582296337848,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296337941,"pkt":"xiwDYGpkAPS5Jrv0CABFwACalgkAAEARpKDAqAIEHw1dMM46DZYAhkaaAAMAaiESpEIAABQXleBLNAVxhWFAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00792{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":875,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338078,"flow_src_last_pkt_time":1432582296338078,"flow_dst_last_pkt_time":1432582296338078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338078,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":875,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_src_last_pkt_time":1432582296338078,"flow_dst_last_pkt_time":1432582296338078,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296338078,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaRlMAAEARAcfAqAIEHw1PwM46DZYAhjlFAAMAaiESpEIAAL9\/1m08YXkuT0ZAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -01167{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338078,"flow_src_last_pkt_time":1432582296338078,"flow_dst_last_pkt_time":1432582296338078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338078,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01096{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":875,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338078,"flow_src_last_pkt_time":1432582296338078,"flow_dst_last_pkt_time":1432582296338078,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338078,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":876,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":2,"flow_src_last_pkt_time":1432582296338210,"flow_dst_last_pkt_time":1432582296338078,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296338210,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa1Y0AAEARcozAqAIEHw1PwM46DZYAhjlFAAMAaiESpEIAAL9\/1m08YXkuT0ZAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":877,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338341,"flow_src_last_pkt_time":1432582296338341,"flow_dst_last_pkt_time":1432582296338341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338341,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":877,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_src_last_pkt_time":1432582296338341,"flow_dst_last_pkt_time":1432582296338341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296338341,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaIqQAAEARINbAqAIEszzAMM46DZYAhuAOAAMAaiESpEIAAHR4erx3E5L39hlAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338341,"flow_src_last_pkt_time":1432582296338341,"flow_dst_last_pkt_time":1432582296338341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338341,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01097{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":877,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338341,"flow_src_last_pkt_time":1432582296338341,"flow_dst_last_pkt_time":1432582296338341,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338341,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"179.60.192.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":878,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":2,"flow_src_last_pkt_time":1432582296338539,"flow_dst_last_pkt_time":1432582296338341,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296338539,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaNRkAAEARDmHAqAIEszzAMM46DZYAhuAOAAMAaiESpEIAAHR4erx3E5L39hlAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":879,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338593,"flow_src_last_pkt_time":1432582296338593,"flow_dst_last_pkt_time":1432582296338593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338593,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":879,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_src_last_pkt_time":1432582296338593,"flow_dst_last_pkt_time":1432582296338593,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296338593,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa4C0AAEARtrvAqAIErfxyAc46DZYAhqERAAMAaiESpEIAAPckPngMfZVuqj1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338593,"flow_src_last_pkt_time":1432582296338593,"flow_dst_last_pkt_time":1432582296338593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338593,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01097{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":879,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338593,"flow_src_last_pkt_time":1432582296338593,"flow_dst_last_pkt_time":1432582296338593,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338593,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"173.252.114.1","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":880,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_src_last_pkt_time":1432582296338735,"flow_dst_last_pkt_time":1432582296338593,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296338735,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaP+kAAEARVwDAqAIErfxyAc46DZYAhqERAAMAaiESpEIAAPckPngMfZVuqj1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":881,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338853,"flow_src_last_pkt_time":1432582296338853,"flow_dst_last_pkt_time":1432582296338853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338853,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":881,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":1,"flow_src_last_pkt_time":1432582296338853,"flow_dst_last_pkt_time":1432582296338853,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296338853,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaOAUAAEARBaXAqAIEHw1aMM46DZYAhuQ6AAMAaiESpEIAAEIAbV8qcywo32JAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":881,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338853,"flow_src_last_pkt_time":1432582296338853,"flow_dst_last_pkt_time":1432582296338853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338853,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":881,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296338853,"flow_src_last_pkt_time":1432582296338853,"flow_dst_last_pkt_time":1432582296338853,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296338853,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.90.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":882,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":2,"flow_src_last_pkt_time":1432582296339205,"flow_dst_last_pkt_time":1432582296338853,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296339205,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaLOMAAEAREMfAqAIEHw1aMM46DZYAhuQ6AAMAaiESpEIAAEIAbV8qcywo32JAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":883,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296339330,"flow_src_last_pkt_time":1432582296339330,"flow_dst_last_pkt_time":1432582296339330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296339330,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":883,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_src_last_pkt_time":1432582296339330,"flow_dst_last_pkt_time":1432582296339330,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296339330,"pkt":"xiwDYGpkAPS5Jrv0CABFwACafE8AAEAR0VrAqAIEHw1KMM46DZYAhr8lAAMAaiESpEIAAMYoECn4BPzbT0BAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":883,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296339330,"flow_src_last_pkt_time":1432582296339330,"flow_dst_last_pkt_time":1432582296339330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296339330,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":883,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296339330,"flow_src_last_pkt_time":1432582296339330,"flow_dst_last_pkt_time":1432582296339330,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296339330,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":884,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_src_last_pkt_time":1432582296339473,"flow_dst_last_pkt_time":1432582296339330,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296339473,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa1VQAAEAReFXAqAIEHw1KMM46DZYAhr8lAAMAaiESpEIAAMYoECn4BPzbT0BAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":885,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296339591,"flow_src_last_pkt_time":1432582296339591,"flow_dst_last_pkt_time":1432582296339591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296339591,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":885,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_src_last_pkt_time":1432582296339591,"flow_dst_last_pkt_time":1432582296339591,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296339591,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaPWIAAEARBkjAqAIEHw1UMM46DZYAhgQrAAMAaiESpEIAAPM63M4iUJ72Oh1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -01166{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296339591,"flow_src_last_pkt_time":1432582296339591,"flow_dst_last_pkt_time":1432582296339591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296339591,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01095{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":885,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582296339591,"flow_src_last_pkt_time":1432582296339591,"flow_dst_last_pkt_time":1432582296339591,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582296339591,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":886,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_src_last_pkt_time":1432582296339722,"flow_dst_last_pkt_time":1432582296339591,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582296339722,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa4JwAAEARYw3AqAIEHw1UMM46DZYAhgQrAAMAaiESpEIAAPM63M4iUJ72Oh1AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":887,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":3,"flow_src_last_pkt_time":1432582296337941,"flow_dst_last_pkt_time":1432582296389707,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582296389707,"pkt":"APS5Jrv0xiwDYGpkCABFAABItbcAAFYRcAQfDV0wwKgCBA2WzjoANObxAQMAGCESpEIAABQXleBLNAVxhWEAIAAIAAG2aW4xsYdAAgAIAAABTYyPEzk="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":888,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":4,"flow_src_last_pkt_time":1432582296337941,"flow_dst_last_pkt_time":1432582296391231,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582296391231,"pkt":"APS5Jrv0xiwDYGpkCABFAABItbgAAFYRcAMfDV0wwKgCBA2WzjoANObvAQMAGCESpEIAABQXleBLNAVxhWEAIAAIAAG2aW4xsYdAAgAIAAABTYyPEzs="} @@ -312,10 +312,10 @@ 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":936,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":5,"flow_src_last_pkt_time":1432582302350249,"flow_dst_last_pkt_time":1432582296443204,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_usec":1432582302350249,"pkt":"xiwDYGpkAPS5Jrv0CABFwABy39QAAEARY\/3AqAIEHw1UMM46DZYAXmPlgckACQoVDhA\/cDmPP2GH+dw+eSd5Ut6D6R34wbCvsCoYFHs8lda5k2P52vD1dbELS8rcXVWf0VY2IFXDP5up5wUe\/tYGcpldgAAAAb5uMWFJKkRckYE="} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582303186638,"flow_src_last_pkt_time":1432582303186638,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582303186638,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00585{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_src_last_pkt_time":1432582303186638,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582303186638,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI\/ugAAEARW8\/AqAIEAcJav846yg8ANOnpAAEAGCESpEL3EVgs34UDSm8ZSi0ACAAUBo8N2M5l\/vTJutWmGJeHW1ycL5M="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582303186638,"flow_src_last_pkt_time":1432582303186638,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582303186638,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":944,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582303186638,"flow_src_last_pkt_time":1432582303186638,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582303186638,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00790{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":951,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582303300524,"flow_dst_last_pkt_time":1432582303300524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582303300524,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":951,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1432582303300524,"flow_dst_last_pkt_time":1432582303300524,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582303300524,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIibwAAEARIT7AqAIEW\/2wQc46JcEANNm\/AAEAGCESpEJqJ0QlQ7N3HdICmh0ACAAUdy+mbVoXRYBrOj7VSucZjRXX5oc="} -01279{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":951,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582303300524,"flow_dst_last_pkt_time":1432582303300524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582303300524,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01216{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":951,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582303300524,"flow_dst_last_pkt_time":1432582303300524,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582303300524,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":964,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1432582303300524,"flow_dst_last_pkt_time":1432582303604793,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582303604793,"pkt":"APS5Jrv0xiwDYGpkCABFAABI2uIAAC8R4ddb\/bBBwKgCBCXBzjoANGAJAAEAGCESpEIU61RZ3ZsVVlL2qyQACAAUqmIWy0WW07d7nJ5APIsHCVUVL7g="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":965,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_src_last_pkt_time":1432582303607918,"flow_dst_last_pkt_time":1432582303604793,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582303607918,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIbOUAAEARPhXAqAIEW\/2wQc46JcEANIk8AQEAGCESpEIU61RZ3ZsVVlL2qyQACAAU6CFWVCyx0lHi4kItE160ER18SxI="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":966,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":4,"flow_src_last_pkt_time":1432582303616302,"flow_dst_last_pkt_time":1432582303604793,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582303616302,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIgjEAAEARKMnAqAIEW\/2wQc46JcEANMh1AAEAGCESpEIsOC9qKgcRQkh47WsACAAU2ZdPl1kHfCpml7O+IRdvILydfEM="} @@ -323,7 +323,7 @@ 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":972,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":2,"flow_src_last_pkt_time":1432582303831637,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582303831637,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIdWcAAEAR5VDAqAIEAcJav846yg8ANHIiAAEAGCESpEJT9nMzid0wAn5OIFYACAAUj7UY3ZixJKF1uir6vHE5QBib28w="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":985,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":3,"flow_src_last_pkt_time":1432582304464260,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582304464260,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIRQUAAEARFbPAqAIEAcJav846yg8ANIW7AAEAGCESpEIZoNpuKgJFUxs+kVcACAAURUHG5kUyySWGpYslvS2cuO+ddv8="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":998,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":4,"flow_src_last_pkt_time":1432582305100006,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582305100006,"pkt":"xiwDYGpkAPS5Jrv0CABFwABI+yoAAEARX43AqAIEAcJav846yg8ANESCAAEAGCESpEKHi4QAVEzkfV5fTxcACAAUSe5EBzgFfmq12TvpmvAMFQPSazU="} -02474{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":999,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582305119064,"flow_dst_last_pkt_time":1432582305008654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":200,"flow_src_tot_l4_payload_len":1888,"flow_dst_tot_l4_payload_len":1727,"midstream":0,"thread_ts_usec":1432582305119064,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":40,"avg":113763.5,"max":307394,"stddev":86013.0,"var":7398240768.0,"ent":4.5,"data": [304269,307394,8384,89918,31917,6521,226162,154173,40,188009,271,163937,163420,160100,21775,153703,73,168136,122602,138908,158523,186698,16232,65895,114250,83709,193240,164541,1311,77123,55436]},"pktlen": {"min":54,"avg":141.0,"max":306,"stddev":58.8,"var":3453.3,"ent":4.9,"data": [72,72,72,72,72,134,124,306,167,54,232,134,228,212,103,134,151,54,172,156,161,172,156,134,114,140,205,140,209,54,134,171]},"bins": {"c_to_s": [1,3,0,6,3,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,2,3,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,0,1,0,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,0],"entropies": [5.586590290,5.634793758,5.591430664,5.548327923,5.614367962,6.343744755,6.353155136,7.262660980,6.708292484,5.199332714,6.977910042,6.582841873,7.061330318,6.964643955,6.193738461,6.469698906,6.640622616,5.205786228,6.713893890,6.594544411,6.678621769,6.732760429,6.737264633,6.418371201,6.335039139,6.527385712,6.871919632,6.504805565,6.851323605,5.199332714,6.565941334,6.741304874]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02482{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":999,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582305119064,"flow_dst_last_pkt_time":1432582305008654,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":278,"flow_dst_max_l4_payload_len":200,"flow_src_tot_l4_payload_len":1888,"flow_dst_tot_l4_payload_len":1727,"midstream":0,"thread_ts_usec":1432582305119064,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":40,"avg":113763.5,"max":307394,"stddev":86013.0,"var":7398240768.0,"ent":4.5,"data": [304269,307394,8384,89918,31917,6521,226162,154173,40,188009,271,163937,163420,160100,21775,153703,73,168136,122602,138908,158523,186698,16232,65895,114250,83709,193240,164541,1311,77123,55436]},"pktlen": {"min":54,"avg":141.0,"max":306,"stddev":58.8,"var":3453.3,"ent":4.9,"data": [72,72,72,72,72,134,124,306,167,54,232,134,228,212,103,134,151,54,172,156,161,172,156,134,114,140,205,140,209,54,134,171]},"bins": {"c_to_s": [1,3,0,6,3,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,2,3,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,0,1,0,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,0],"entropies": [5.586590290,5.634793758,5.591430664,5.548327923,5.614367962,6.343744755,6.353155136,7.262660980,6.708292484,5.199332714,6.977910042,6.582841873,7.061330318,6.964643955,6.193738461,6.469698906,6.640622616,5.205786228,6.713893890,6.594544411,6.678621769,6.732760429,6.737264633,6.418371201,6.335039139,6.527385712,6.871919632,6.504805565,6.851323605,5.199332714,6.565941334,6.741304874]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1010,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":5,"flow_src_last_pkt_time":1432582305729284,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582305729284,"pkt":"xiwDYGpkAPS5Jrv0CABFwABIr1YAAEARq2HAqAIEAcJav846yg8ANKgQAAEAGCESpELZAvkIKfkpFBb9pE8ACAAUpwxPL3W2phMpSSxWPm\/EvQ75gEI="} 01208{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1022,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_src_last_pkt_time":1432582306376756,"flow_dst_last_pkt_time":1432582246280217,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":544,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":544,"pkt_l4_len":510,"thread_ts_usec":1432582306376756,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIS5VYAAEARDTTAqAIBwKgC\/0RcRFwB\/jsJeyJob3N0X2ludCI6IDMzNzUzNTk1OTMsICJ2ZXJzaW9uIjogWzEsIDhdLCAiZGlzcGxheW5hbWUiOiAiIiwgInBvcnQiOiAxNzUwMCwgIm5hbWVzcGFjZXMiOiBbMTQ4MTkzMzcsIDE3NjA5OTYzLCAyMDY0OTM0OSwgMjg1MjE2MDcsIDU4MzQ0OTk2LCA2MDU5NDk4MywgNjQ0MzYwOTksIDk2ODUzMjI0LCA5OTQ2OTc3MywgMTAxMDQ3OTk2LCAxMDgxNTkxMDIsIDEyNTU0MDU2NiwgMTc2OTY0MzA3LCAyNDM2ODI5ODYsIDI0NzkyNTA4NSwgMjYwNDY1MjYxLCAyNzA0MDQ3NDIsIDI4Mzg2MTQ1NywgNDI0NTQwMTk3LCA0NDgzOTczOTMsIDQ1MTQ3MjY1OCwgNTExNzA2NjQyLCA1NjgzOTU4MzMsIDU5NDI0Njk1NCwgNTk4MDYxMDY2LCA2MTU5ODMzNzksIDcyMDA1ODM2MSwgNzM1MDUxODMwLCA3MzYzNDE1MjgsIDc0MTI1NTYxMywgNzc2MDg3MjQ3LCA3ODA4NzA1ODEsIDc4Mjk4MTk0OSwgNzg1MjY2MTc3LCA4MTg3NTI3MTAsIDg1NTY4MjM5MCwgODg0MTIwMTMyLCA5MDg5MTQ4NjhdfQ=="} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1178,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":5,"flow_src_last_pkt_time":1432582310664256,"flow_dst_last_pkt_time":1432582296490101,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582310664256,"pkt":"xiwDYGpkAPS5Jrv0CABFwACas04AAEARm1vAqAIEHw1JMM46DZYAht+3CAAAaiESpEIAAPA16Ue1KOAmhBZAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} @@ -333,9 +333,9 @@ 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1182,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":5,"flow_src_last_pkt_time":1432582310666615,"flow_dst_last_pkt_time":1432582296551704,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582310666615,"pkt":"xiwDYGpkAPS5Jrv0CABFwACa4soAAEARtB7AqAIErfxyAc46DZYAhpkTCAAAaiESpEIAAPckPngMfZVuqj5AAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00696{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1183,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":51,"flow_packet_id":5,"flow_src_last_pkt_time":1432582310667258,"flow_dst_last_pkt_time":1432582296465530,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582310667258,"pkt":"xiwDYGpkAPS5Jrv0CABFwACaDrsAAEARLu\/AqAIEHw1aMM46DZYAhtw8CAAAaiESpEIAAEIAbV8qcywo32NAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} 00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1184,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":5,"flow_src_last_pkt_time":1432582310667847,"flow_dst_last_pkt_time":1432582296517176,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432582310667847,"pkt":"xiwDYGpkAPS5Jrv0CABFwACacW8AAEAR3DrAqAIEHw1KMM46DZYAhrcnCAAAaiESpEIAAMYoECn4BPzbT0FAAQBmAQAMg3Xe01iNThr0oMxz4g8yD3fN+Bpz1wfmSsMwaadvnUwroGLz0VM5S4DttzrmDPMSBOgeXpPF04uIBCkoaMH+hW2Svovhs3GWh\/N1CnZ6UVrnXy6FvDLog+b+F7o9EvQF2yeF"} -01250{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1188,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":278,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582267934161,"flow_dst_last_pkt_time":1432582268457283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":483,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":19213,"flow_dst_tot_l4_payload_len":14219,"midstream":0,"thread_ts_usec":1432582311138615,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01258{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1188,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":278,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582267934161,"flow_dst_last_pkt_time":1432582268457283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":483,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":19213,"flow_dst_tot_l4_payload_len":14219,"midstream":0,"thread_ts_usec":1432582311138615,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01076{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1188,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1432582267983119,"flow_src_last_pkt_time":1432582311138615,"flow_dst_last_pkt_time":1432582267983119,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582311138615,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01238{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1188,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582267438091,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582311138615,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01246{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1188,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582267438091,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582311138615,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1197,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":3,"flow_src_last_pkt_time":1432582324191957,"flow_dst_last_pkt_time":1432582247125660,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582324191957,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABIJmQAAEARzfDAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1198,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582331561251,"flow_src_last_pkt_time":1432582331561251,"flow_dst_last_pkt_time":1432582331561251,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582331561251,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.39","src_port":49197,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1198,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1432582331561251,"flow_dst_last_pkt_time":1432582331561251,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432582331561251,"pkt":"xiwDYGpkAPS5Jrv0CABFAAAowcFAAEAGFpTAqAIEEaeOJ8AtAbtkgHfvejCYYFAR\/\/+cbwAA"} @@ -399,13 +399,13 @@ 01125{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432582296339330,"flow_src_last_pkt_time":1432582310667847,"flow_dst_last_pkt_time":1432582296517176,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.74.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01127{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1432582296339591,"flow_src_last_pkt_time":1432582310668457,"flow_dst_last_pkt_time":1432582303581499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":86,"flow_src_tot_l4_payload_len":1464,"flow_dst_tot_l4_payload_len":689,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.84.48","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01126{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432582296338078,"flow_src_last_pkt_time":1432582310665524,"flow_dst_last_pkt_time":1432582296567432,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.79.192","src_port":52794,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01249{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":141,"flow_dst_packets_processed":57,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582310601384,"flow_dst_last_pkt_time":1432582311036474,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":510,"flow_src_tot_l4_payload_len":11608,"flow_dst_tot_l4_payload_len":10494,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01257{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":141,"flow_dst_packets_processed":57,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582310601384,"flow_dst_last_pkt_time":1432582311036474,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":510,"flow_src_tot_l4_payload_len":11608,"flow_dst_tot_l4_payload_len":10494,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00988{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432582246280217,"flow_src_last_pkt_time":1432582336425202,"flow_dst_last_pkt_time":1432582246280217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":502,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":502,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2008,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} -01238{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1432582303186638,"flow_src_last_pkt_time":1432582310134411,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":528,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01246{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1432582303186638,"flow_src_last_pkt_time":1432582310134411,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":528,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1432582247125660,"flow_src_last_pkt_time":1432582324191957,"flow_dst_last_pkt_time":1432582247125660,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} -01250{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":278,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582267934161,"flow_dst_last_pkt_time":1432582268457283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":483,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":19213,"flow_dst_tot_l4_payload_len":14219,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01258{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":278,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582267934161,"flow_dst_last_pkt_time":1432582268457283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":483,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":19213,"flow_dst_tot_l4_payload_len":14219,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01076{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1432582267983119,"flow_src_last_pkt_time":1432582311138615,"flow_dst_last_pkt_time":1432582267983119,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01238{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582267438091,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01246{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1249,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582267438091,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582356195572,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":0,"flow_first_seen":1432582271840128,"flow_src_last_pkt_time":1432582331780851,"flow_dst_last_pkt_time":1432582271840128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3000,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00974{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":8,"flow_first_seen":1432582222253233,"flow_src_last_pkt_time":1432582223191773,"flow_dst_last_pkt_time":1432582223190009,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":85,"flow_src_tot_l4_payload_len":536,"flow_dst_tot_l4_payload_len":340,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"IMAPS","proto_id":"51","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582249235256,"flow_src_last_pkt_time":1432582249292701,"flow_dst_last_pkt_time":1432582249291378,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"93.62.150.157","src_port":49194,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} @@ -427,15 +427,15 @@ 00788{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582249235474,"flow_src_last_pkt_time":1432582249492305,"flow_dst_last_pkt_time":1432582249385278,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49198,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582250339527,"flow_src_last_pkt_time":1432582250618616,"flow_dst_last_pkt_time":1432582250476958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00788{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582250339527,"flow_src_last_pkt_time":1432582250618616,"flow_dst_last_pkt_time":1432582250476958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.167.142.13","src_port":49200,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01247{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":141,"flow_dst_packets_processed":57,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582310601384,"flow_dst_last_pkt_time":1432582311036474,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":510,"flow_src_tot_l4_payload_len":11608,"flow_dst_tot_l4_payload_len":10494,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01255{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"finished","flow_src_packets_processed":141,"flow_dst_packets_processed":57,"flow_first_seen":1432582303300524,"flow_src_last_pkt_time":1432582310601384,"flow_dst_last_pkt_time":1432582311036474,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":442,"flow_dst_max_l4_payload_len":510,"flow_src_tot_l4_payload_len":11608,"flow_dst_tot_l4_payload_len":10494,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":52794,"dst_port":9665,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1432582246280217,"flow_src_last_pkt_time":1432582336425202,"flow_dst_last_pkt_time":1432582246280217,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":502,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":502,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2008,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00987{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582284806157,"flow_src_last_pkt_time":1432582285047789,"flow_dst_last_pkt_time":1432582284806157,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":134,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip6","src_ip":"fe80::c42c:3ff:fe60:6a64","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":100,"flow_dst_packets_processed":80,"flow_first_seen":1432582227643274,"flow_src_last_pkt_time":1432582361929399,"flow_dst_last_pkt_time":1432582361879794,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":688,"flow_src_tot_l4_payload_len":8099,"flow_dst_tot_l4_payload_len":4875,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"184.173.179.37","src_port":49202,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -01236{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1432582303186638,"flow_src_last_pkt_time":1432582310134411,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":528,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01244{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":0,"flow_first_seen":1432582303186638,"flow_src_last_pkt_time":1432582310134411,"flow_dst_last_pkt_time":1432582303186638,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":528,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":52794,"dst_port":51727,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01118{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1432582228503997,"flow_src_last_pkt_time":1432582353694076,"flow_dst_last_pkt_time":1432582353955055,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":234,"flow_src_tot_l4_payload_len":4006,"flow_dst_tot_l4_payload_len":468,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.110.229.14","src_port":49193,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ApplePush","proto_id":"238","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582284806066,"flow_src_last_pkt_time":1432582285047655,"flow_dst_last_pkt_time":1432582284806066,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":134,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00976{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1432582247125660,"flow_src_last_pkt_time":1432582324191957,"flow_dst_last_pkt_time":1432582247125660,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} -01248{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":278,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582267934161,"flow_dst_last_pkt_time":1432582268457283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":483,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":19213,"flow_dst_tot_l4_payload_len":14219,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01256{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":278,"flow_first_seen":1432582258730153,"flow_src_last_pkt_time":1432582267934161,"flow_dst_last_pkt_time":1432582268457283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":483,"flow_dst_max_l4_payload_len":446,"flow_src_tot_l4_payload_len":19213,"flow_dst_tot_l4_payload_len":14219,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"91.253.176.65","src_port":51518,"dst_port":9344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1432582227526441,"flow_src_last_pkt_time":1432582227526441,"flow_dst_last_pkt_time":1432582227594651,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":37,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":209,"flow_src_tot_l4_payload_len":37,"flow_dst_tot_l4_payload_len":209,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"192.168.2.1","src_port":51897,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Apple","proto_id":"5.140","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 01123{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":17,"flow_first_seen":1432582227604482,"flow_src_last_pkt_time":1432582260448775,"flow_dst_last_pkt_time":1432582260403082,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":6486,"flow_dst_tot_l4_payload_len":8646,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.178.104.12","src_port":49201,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":12,"flow_first_seen":1432582238792300,"flow_src_last_pkt_time":1432582267974507,"flow_dst_last_pkt_time":1432582258924995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":316,"flow_src_tot_l4_payload_len":1837,"flow_dst_tot_l4_payload_len":1980,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"31.13.93.48","src_port":51518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -455,10 +455,10 @@ 00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582235998968,"flow_src_last_pkt_time":1432582236282078,"flow_dst_last_pkt_time":1432582236140915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00788{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1432582235998968,"flow_src_last_pkt_time":1432582236282078,"flow_dst_last_pkt_time":1432582236140915,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.37","src_port":49181,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1432582284805992,"flow_src_last_pkt_time":1432582285047820,"flow_dst_last_pkt_time":1432582284805992,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":134,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip6","src_ip":"fe80::da30:62ff:fe56:1c","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"MDNS","proto_id":"8","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01236{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582267438091,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01244{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":0,"flow_first_seen":1432582258587552,"flow_src_last_pkt_time":1432582267438091,"flow_dst_last_pkt_time":1432582258587552,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01140{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":24,"flow_first_seen":1432582230648273,"flow_src_last_pkt_time":1432582264928868,"flow_dst_last_pkt_time":1432582264924464,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":10180,"flow_dst_tot_l4_payload_len":5304,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} 01140{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1432582355253275,"flow_src_last_pkt_time":1432582356195572,"flow_dst_last_pkt_time":1432582356100109,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":5224,"flow_dst_tot_l4_payload_len":2717,"midstream":0,"thread_ts_usec":1432582361929399,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.AppleStore","proto_id":"91.224","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":19,"category":"SoftwareUpdate"}} -00662{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1253,"packets-processed":1251,"total-skipped-flows":0,"total-l4-payload-len":132660,"total-not-detected-flows":0,"total-guessed-flows":20,"total-detected-flows":37,"total-detection-updates":10,"total-updates":45,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":461,"global_ts_usec":1432582361929399} +00662{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1253,"source":"cfgs\/default\/pcap\/whatsapp_login_call.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1253,"packets-processed":1251,"total-skipped-flows":0,"total-l4-payload-len":132660,"total-not-detected-flows":0,"total-guessed-flows":20,"total-detected-flows":37,"total-detection-updates":10,"total-updates":45,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":461,"global_ts_usec":1432582361929399} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1253/1251 ~~ skipped flows.............: 0 @@ -467,9 +467,9 @@ ~~ total active/idle flows...: 57/57 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7958030 bytes -~~ total memory freed........: 7958030 bytes -~~ total allocations/frees...: 148253/148253 +~~ total memory allocated....: 11665753 bytes +~~ total memory freed........: 11665753 bytes +~~ total allocations/frees...: 218507/218507 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 542 chars ~~ json string max len.......: 2513 chars diff --git a/test/results/default/whatsapp_login_chat.pcap.out b/test/results/default/whatsapp_login_chat.pcap.out index 1f99ba9ba..d9b91c1f8 100644 --- a/test/results/default/whatsapp_login_chat.pcap.out +++ b/test/results/default/whatsapp_login_chat.pcap.out @@ -1,5 +1,5 @@ -00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1432582377898864} +00575{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00638{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1432582377898864} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582377898864,"flow_src_last_pkt_time":1432582377898864,"flow_dst_last_pkt_time":1432582377898864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582377898864,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1432582377898864,"flow_dst_last_pkt_time":1432582377898864,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432582377898864,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI56kAAEARDKvAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="} 00932{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582377898864,"flow_src_last_pkt_time":1432582377898864,"flow_dst_last_pkt_time":1432582377898864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582377898864,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} @@ -56,7 +56,7 @@ 00786{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582402666171,"flow_src_last_pkt_time":1432582402666171,"flow_dst_last_pkt_time":1432582402666171,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":49,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432582377898864,"flow_src_last_pkt_time":1432582377898864,"flow_dst_last_pkt_time":1432582377898864,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":20,"flow_first_seen":1432582381179399,"flow_src_last_pkt_time":1432582385071316,"flow_dst_last_pkt_time":1432582385037978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":948,"flow_src_tot_l4_payload_len":13821,"flow_dst_tot_l4_payload_len":5174,"midstream":1,"thread_ts_usec":1432582431565397,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Apple","proto_by_ip_id":140,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":93,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":24799,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1432582431565397} +00648{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"cfgs\/default\/pcap\/whatsapp_login_chat.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":93,"packets-processed":93,"total-skipped-flows":0,"total-l4-payload-len":24799,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1432582431565397} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 93/93 ~~ skipped flows.............: 0 @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7794686 bytes -~~ total memory freed........: 7794686 bytes -~~ total allocations/frees...: 146551/146551 +~~ total memory allocated....: 11503177 bytes +~~ total memory freed........: 11503177 bytes +~~ total allocations/frees...: 216805/216805 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 542 chars ~~ json string max len.......: 2496 chars diff --git a/test/results/default/whatsapp_voice_and_message.pcap.out b/test/results/default/whatsapp_voice_and_message.pcap.out index a68dd8f4a..d64f69ba0 100644 --- a/test/results/default/whatsapp_voice_and_message.pcap.out +++ b/test/results/default/whatsapp_voice_and_message.pcap.out @@ -1,5 +1,5 @@ -00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1432820558921094} +00582{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00645{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1432820558921094} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820558921094,"flow_src_last_pkt_time":1432820558921094,"flow_dst_last_pkt_time":1432820558921094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820558921094,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1432820558921094,"flow_dst_last_pkt_time":1432820558921094,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1432820558921094,"pkt":"ABoRAAACABoRAAABCABFAAA89o5AAEAGzkgKCAABuK2zLoqYAbsGFK3rAAAAAKACOQj9WQAAAgQFtAQCCAoABFtlAAAAAAEDAwQ="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1432820558921094,"flow_dst_last_pkt_time":1432820558982129,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432820558982129,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAG9Om4rbMuCggAAQG7ipj561IUBhSt7FAS\/\/+tmQAA"} @@ -9,49 +9,49 @@ 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1432820559129925,"flow_dst_last_pkt_time":1432820559130047,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1432820559130047,"pkt":"ABoRAAACABoRAAABCABFAAAoAANAABAG9Oi4rbMuCggAAQG7ipj561IVBhSunVAQ\/\/+s6QAA"} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820567259228,"flow_src_last_pkt_time":1432820567259228,"flow_dst_last_pkt_time":1432820567259228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820567259228,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1432820567259228,"flow_dst_last_pkt_time":1432820567259228,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820567259228,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvE0KCAABHw1UMNF0DZYAhk4lAAMAaiESpEIAANFg4Ox4XqyZamxAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820567259228,"flow_src_last_pkt_time":1432820567259228,"flow_dst_last_pkt_time":1432820567259228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820567259228,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +01097{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820567259228,"flow_src_last_pkt_time":1432820567259228,"flow_dst_last_pkt_time":1432820567259228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820567259228,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1432820567259228,"flow_dst_last_pkt_time":1432820567597088,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820567597088,"pkt":"ABoRAAACABoRAAABCABFAABIAA5AABAR7VEfDVQwCggAAQ2W0XQANI6xAQMAGCESpEIAANFg4Ox4XqyZamwAIAAIAAHzk56wzx5AAgAIAAABTZrCzrs="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1432820567597180,"flow_dst_last_pkt_time":1432820567597088,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820567597180,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvE0KCAABHw1UMNF0DZYAhk4lAAMAaiESpEIAANFg4Ox4XqyZamxAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1432820567597180,"flow_dst_last_pkt_time":1432820567917126,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820567917126,"pkt":"ABoRAAACABoRAAABCABFAABIAA9AABAR7VAfDVQwCggAAQ2W0XQANNaZAQMAGCESpEIAANFg4Ox4XqyZamwAIAAIAAGqbZ6wzx5AAgAIAAABTZrCz\/k="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820567917248,"flow_src_last_pkt_time":1432820567917248,"flow_dst_last_pkt_time":1432820567917248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820567917248,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1432820567917248,"flow_dst_last_pkt_time":1432820567917248,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820567917248,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARxk0KCAABHw1KMNF0DZYAhknAAAMAaiESpEIAABwXmwtuMPN7N0hAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820567917248,"flow_src_last_pkt_time":1432820567917248,"flow_dst_last_pkt_time":1432820567917248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820567917248,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01097{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820567917248,"flow_src_last_pkt_time":1432820567917248,"flow_dst_last_pkt_time":1432820567917248,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820567917248,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1432820567917248,"flow_dst_last_pkt_time":1432820568117413,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820568117413,"pkt":"ABoRAAACABoRAAABCABFAABIABBAABAR908fDUowCggAAQ2W0XQANMmPAQMAGCESpEIAABwXmwtuMPN7N0gAIAAIAAGyFZ6wzx5AAgAIAAABTZrC0PY="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1432820568118085,"flow_dst_last_pkt_time":1432820568117413,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820568118085,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARxk0KCAABHw1KMNF0DZYAhknAAAMAaiESpEIAABwXmwtuMPN7N0hAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1432820568118085,"flow_dst_last_pkt_time":1432820568346844,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820568346844,"pkt":"ABoRAAACABoRAAABCABFAABIABFAABAR904fDUowCggAAQ2W0XQANO2fAQMAGCESpEIAABwXmwtuMPN7N0gAIAAIAAGNHp6wzx5AAgAIAAABTZrC0d0="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820568346936,"flow_src_last_pkt_time":1432820568346936,"flow_dst_last_pkt_time":1432820568346936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820568346936,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1432820568346936,"flow_dst_last_pkt_time":1432820568346936,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820568346936,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEAR0E0KCAABHw1AMNF0DZYAhjyrAAMAaiESpEIAAKkWq28lYULzqlFAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820568346936,"flow_src_last_pkt_time":1432820568346936,"flow_dst_last_pkt_time":1432820568346936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820568346936,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01097{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820568346936,"flow_src_last_pkt_time":1432820568346936,"flow_dst_last_pkt_time":1432820568346936,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820568346936,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.64.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1432820568346936,"flow_dst_last_pkt_time":1432820568646771,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820568646771,"pkt":"ABoRAAACABoRAAABCABFAABIABJAABARAU4fDUAwCggAAQ2W0XQANK\/IAQMAGCESpEIAAKkWq28lYULzqlEAIAAIAAG83p6wzx5AAgAIAAABTZrC0t8="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1432820568646863,"flow_dst_last_pkt_time":1432820568646771,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820568646863,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEAR0E0KCAABHw1AMNF0DZYAhjyrAAMAaiESpEIAAKkWq28lYULzqlFAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1432820568646863,"flow_dst_last_pkt_time":1432820568946667,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820568946667,"pkt":"ABoRAAACABoRAAABCABFAABIABNAABARAU0fDUAwCggAAQ2W0XQANMbTAQMAGCESpEIAAKkWq28lYULzqlEAIAAIAAGkqZ6wzx5AAgAIAAABTZrC1Ak="} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820568947491,"flow_src_last_pkt_time":1432820568947491,"flow_dst_last_pkt_time":1432820568947491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820568947491,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1432820568947491,"flow_dst_last_pkt_time":1432820568947491,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820568947491,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARCI0KCAABrfx5AdF0DZYAhjqZAAMAaiESpEIAAJtQaIETIh2AbQlAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820568947491,"flow_src_last_pkt_time":1432820568947491,"flow_dst_last_pkt_time":1432820568947491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820568947491,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820568947491,"flow_src_last_pkt_time":1432820568947491,"flow_dst_last_pkt_time":1432820568947491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820568947491,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.252.121.1","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1432820568947491,"flow_dst_last_pkt_time":1432820569197308,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820569197308,"pkt":"ABoRAAACABoRAAABCABFAABIABRAABAROYut\/HkBCggAAQ2W0XQANOG6AQMAGCESpEIAAJtQaIETIh2AbQkAIAAIAAGGsp6wzx5AAgAIAAABTZrC1Qc="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1432820569197369,"flow_dst_last_pkt_time":1432820569197308,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820569197369,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARCI0KCAABrfx5AdF0DZYAhjqZAAMAaiESpEIAAJtQaIETIh2AbQlAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1432820569197369,"flow_dst_last_pkt_time":1432820569427136,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820569427136,"pkt":"ABoRAAACABoRAAABCABFAABIABVAABAROYqt\/HkBCggAAQ2W0XQANNKXAQMAGCESpEIAAJtQaIETIh2AbQkAIAAIAAGU1Z6wzx5AAgAIAAABTZrC1gc="} 00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820569427258,"flow_src_last_pkt_time":1432820569427258,"flow_dst_last_pkt_time":1432820569427258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820569427258,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1432820569427258,"flow_dst_last_pkt_time":1432820569427258,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820569427258,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvB0KCAABszzAMNF0DZYAhkLTAAMAaiESpEIAALo2Lkt1PTwMswhAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820569427258,"flow_src_last_pkt_time":1432820569427258,"flow_dst_last_pkt_time":1432820569427258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820569427258,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01099{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820569427258,"flow_src_last_pkt_time":1432820569427258,"flow_dst_last_pkt_time":1432820569427258,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820569427258,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"179.60.192.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1432820569427258,"flow_dst_last_pkt_time":1432820569716748,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820569716748,"pkt":"ABoRAAACABoRAAABCABFAABIABZAABAR7RmzPMAwCggAAQ2W0XQANM1bAQMAGCESpEIAALo2Lkt1PTwMswgAIAAIAAGhQp6wzx5AAgAIAAABTZrC1xA="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_src_last_pkt_time":1432820569716839,"flow_dst_last_pkt_time":1432820569716748,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820569716839,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARvB0KCAABszzAMNF0DZYAhkLTAAMAaiESpEIAALo2Lkt1PTwMswhAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1432820569716839,"flow_dst_last_pkt_time":1432820570006695,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820570006695,"pkt":"ABoRAAACABoRAAABCABFAABIABdAABAR7RizPMAwCggAAQ2W0XQANLmCAQMAGCESpEIAALo2Lkt1PTwMswgAIAAIAAGz+p6wzx5AAgAIAAABTZrC2DE="} 00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820570006787,"flow_src_last_pkt_time":1432820570006787,"flow_dst_last_pkt_time":1432820570006787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820570006787,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1432820570006787,"flow_dst_last_pkt_time":1432820570006787,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820570006787,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARwL0KCAABHw1PwNF0DZYAhsORAAMAaiESpEIAAFk9lyNgFikbVyNAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -01169{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820570006787,"flow_src_last_pkt_time":1432820570006787,"flow_dst_last_pkt_time":1432820570006787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820570006787,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01098{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820570006787,"flow_src_last_pkt_time":1432820570006787,"flow_dst_last_pkt_time":1432820570006787,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820570006787,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.79.192","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1432820570006787,"flow_dst_last_pkt_time":1432820570428723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820570428723,"pkt":"ABoRAAACABoRAAABCABFAABIABhAABAR8bcfDU\/ACggAAQ2W0XQANGvgAQMAGCESpEIAAFk9lyNgFikbVyMAIAAIAAGA\/J6wzx5AAgAIAAABTZrC2ZA="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1432820570428815,"flow_dst_last_pkt_time":1432820570428723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820570428815,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARwL0KCAABHw1PwNF0DZYAhsORAAMAaiESpEIAAFk9lyNgFikbVyNAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00588{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1432820570428815,"flow_dst_last_pkt_time":1432820570876782,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820570876782,"pkt":"ABoRAAACABoRAAABCABFAABIABlAABAR8bYfDU\/ACggAAQ2W0XQANGAYAQMAGCESpEIAAFk9lyNgFikbVyMAIAAIAAGLCJ6wzx5AAgAIAAABTZrC20w="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820570876843,"flow_src_last_pkt_time":1432820570876843,"flow_dst_last_pkt_time":1432820570876843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820570876843,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1432820570876843,"flow_dst_last_pkt_time":1432820570876843,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820570876843,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARs00KCAABHw1dMNF0DZYAhn\/sAAMAaiESpEIAABBswYmYde0br2NAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820570876843,"flow_src_last_pkt_time":1432820570876843,"flow_dst_last_pkt_time":1432820570876843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820570876843,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01097{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820570876843,"flow_src_last_pkt_time":1432820570876843,"flow_dst_last_pkt_time":1432820570876843,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820570876843,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.93.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_src_last_pkt_time":1432820570876843,"flow_dst_last_pkt_time":1432820571176892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820571176892,"pkt":"ABoRAAACABoRAAABCABFAABIABpAABAR5EUfDV0wCggAAQ2W0XQANAkRAQMAGCESpEIAABBswYmYde0br2MAIAAIAAGc8p6wzx5AAgAIAAABTZrC3MQ="} 00701{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1432820571176953,"flow_dst_last_pkt_time":1432820571176892,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820571176953,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARs00KCAABHw1dMNF0DZYAhn\/sAAMAaiESpEIAABBswYmYde0br2NAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1432820571176953,"flow_dst_last_pkt_time":1432820571488171,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820571488171,"pkt":"ABoRAAACABoRAAABCABFAABIABtAABAR5EQfDV0wCggAAQ2W0XQANLfgAQMAGCESpEIAABBswYmYde0br2MAIAAIAAHs556wzx5AAgAIAAABTZrC3f8="} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820571488232,"flow_src_last_pkt_time":1432820571488232,"flow_dst_last_pkt_time":1432820571488232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820571488232,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1432820571488232,"flow_dst_last_pkt_time":1432820571488232,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820571488232,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARx00KCAABHw1JMNF0DZYAhta5AAMAaiESpEIAAOlKSWdSWOu7U1dAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} -01168{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820571488232,"flow_src_last_pkt_time":1432820571488232,"flow_dst_last_pkt_time":1432820571488232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820571488232,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01097{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1432820571488232,"flow_src_last_pkt_time":1432820571488232,"flow_dst_last_pkt_time":1432820571488232,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1432820571488232,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.73.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_src_last_pkt_time":1432820571488232,"flow_dst_last_pkt_time":1432820571716839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820571716839,"pkt":"ABoRAAACABoRAAABCABFAABIABxAABAR+EMfDUkwCggAAQ2W0XQANGvUAQMAGCESpEIAAOlKSWdSWOu7U1cAIAAIAAGOsJ6wzx5AAgAIAAABTZrC3xA="} 00700{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_src_last_pkt_time":1432820571716900,"flow_dst_last_pkt_time":1432820571716839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1432820571716900,"pkt":"ABoRAAACABoRAAABCABFwACaAABAAEARx00KCAABHw1JMNF0DZYAhta5AAMAaiESpEIAAOlKSWdSWOu7U1dAAABmAQCy86Qxc0\/TrfZVVa\/eTEZDohPoeRLoRZc1aFVhrGc1f8RW2vMjT5P8rAsiwZ+p9NloXItIT0xPBspixBWhh83rOo673FqXfKhsmqCbgcYysEXxS1G0BQlmTNaw3EzKh7wFRa3N"} 00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":4,"flow_src_last_pkt_time":1432820571716900,"flow_dst_last_pkt_time":1432820571916791,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1432820571916791,"pkt":"ABoRAAACABoRAAABCABFAABIAB1AABAR+EIfDUkwCggAAQ2W0XQANFhcAQMAGCESpEIAAOlKSWdSWOu7U1cAIAAIAAGhVZ6wzx5AAgAIAAABTZrC3+M="} @@ -123,7 +123,7 @@ 01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820567917248,"flow_src_last_pkt_time":1432820626171765,"flow_dst_last_pkt_time":1432820568346844,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1432820567259228,"flow_src_last_pkt_time":1432820625171734,"flow_dst_last_pkt_time":1432820567917126,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":378,"flow_dst_tot_l4_payload_len":88,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00990{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":26,"flow_dst_packets_processed":26,"flow_first_seen":1432820681899121,"flow_src_last_pkt_time":1432820691973004,"flow_dst_last_pkt_time":1432820691967480,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":245,"flow_dst_max_l4_payload_len":254,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":896,"midstream":0,"thread_ts_usec":1432820695137128,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WhatsApp","proto_id":"142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -00663{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":261,"packets-processed":261,"total-skipped-flows":0,"total-l4-payload-len":14389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":16,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":126,"global_ts_usec":1432820695137128} +00663{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/whatsapp_voice_and_message.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":261,"packets-processed":261,"total-skipped-flows":0,"total-l4-payload-len":14389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":16,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":126,"global_ts_usec":1432820695137128} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 261/261 ~~ skipped flows.............: 0 @@ -132,9 +132,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7810338 bytes -~~ total memory freed........: 7810338 bytes -~~ total allocations/frees...: 146769/146769 +~~ total memory allocated....: 11518765 bytes +~~ total memory freed........: 11518765 bytes +~~ total allocations/frees...: 217023/217023 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 548 chars ~~ json string max len.......: 2215 chars diff --git a/test/results/default/whatsappfiles.pcap.out b/test/results/default/whatsappfiles.pcap.out index 83cc927fc..906346f03 100644 --- a/test/results/default/whatsappfiles.pcap.out +++ b/test/results/default/whatsappfiles.pcap.out @@ -1,5 +1,5 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1519924083411187} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1519924083411187} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1519924083411187,"flow_src_last_pkt_time":1519924083411187,"flow_dst_last_pkt_time":1519924083411187,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1519924083411187,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1519924083411187,"flow_dst_last_pkt_time":1519924083411187,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1519924083411187,"pkt":"XEl5dU5qkLkxKPrKCABFAABAAABAAEAG5oDAqAIduTzYNcIKAbs8JoRvAAAAALDC\/\/8eywAAAgQFtAEDAwYBAQgKKOUV+QAAAAAEAgAA"} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1519924083411187,"flow_dst_last_pkt_time":1519924083501147,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1519924083501147,"pkt":"kLkxKPrKXEl5dU5qCABFAAA8AABAAFUG0YS5PNg1wKgCHQG7wgonNGFZPCaEcKASbTj4zgAAAgQFggQCCAoJITj5KOUV+QEDAwg="} @@ -21,7 +21,7 @@ 02186{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":342,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1519924240121220,"flow_src_last_pkt_time":1519924240317078,"flow_dst_last_pkt_time":1519924240518900,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":975,"flow_dst_tot_l4_payload_len":12875,"midstream":0,"thread_ts_usec":1519924240518900,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":19146.4,"max":107518,"stddev":30886.0,"var":953946176.0,"ent":3.3,"data": [56726,60954,999,65972,116,64953,998,4998,4,994,4,59896,50958,5,7285,18,4137,107,10987,4,86355,107518,6,1398,909,1355,1209,1240,1010,1222,1201]},"pktlen": {"min":52,"avg":485.4,"max":1450,"stddev":599.2,"var":359069.1,"ent":4.0,"data": [64,60,52,569,52,198,52,103,105,102,94,276,133,52,90,52,90,52,94,52,52,52,1450,220,1450,1268,1450,1450,1450,1450,1450,1450]},"bins": {"c_to_s": [6,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [5,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,8,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1],"entropies": [4.484427452,5.220872402,5.062724590,6.536932945,5.310736179,6.547456264,5.115703106,5.511427402,5.798887253,5.734943390,5.532109261,7.100424290,6.478804111,5.091758728,5.529591560,5.233812809,6.065113068,5.272274971,6.031597137,5.091758728,5.070539474,5.272274971,7.882384777,7.084619522,7.865714073,7.857034683,7.885036469,7.857791901,7.873408318,7.856501579,7.894844532,7.850902557]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} 01006{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":161,"flow_dst_packets_processed":149,"flow_first_seen":1519924083411187,"flow_src_last_pkt_time":1519924193366820,"flow_dst_last_pkt_time":1519924193429446,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":178544,"flow_dst_tot_l4_payload_len":4980,"midstream":0,"thread_ts_usec":1519924247388841,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} 01006{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":132,"flow_dst_packets_processed":178,"flow_first_seen":1519924240121220,"flow_src_last_pkt_time":1519924247388841,"flow_dst_last_pkt_time":1519924247384385,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":1170,"flow_dst_tot_l4_payload_len":225649,"midstream":0,"thread_ts_usec":1519924247388841,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} -00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":620,"packets-processed":620,"total-skipped-flows":0,"total-l4-payload-len":410343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1519924247388841} +00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":620,"source":"cfgs\/default\/pcap\/whatsappfiles.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":620,"packets-processed":620,"total-skipped-flows":0,"total-l4-payload-len":410343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1519924247388841} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 620/620 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7801528 bytes -~~ total memory freed........: 7801528 bytes -~~ total allocations/frees...: 147020/147020 +~~ total memory allocated....: 11510131 bytes +~~ total memory freed........: 11510131 bytes +~~ total allocations/frees...: 217274/217274 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 551 chars ~~ json string max len.......: 2206 chars diff --git a/test/results/default/whois.pcapng.out b/test/results/default/whois.pcapng.out index 0a5f52e98..8a8235b99 100644 --- a/test/results/default/whois.pcapng.out +++ b/test/results/default/whois.pcapng.out @@ -1,5 +1,5 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1507397119066212} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1507397119066212} 00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1507397119066212,"flow_src_last_pkt_time":1507397119066212,"flow_dst_last_pkt_time":1507397119066212,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507397119066212,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1507397119066212,"flow_dst_last_pkt_time":1507397119066212,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1507397119066212,"pkt":"UlQAEjUCCAAnPqwxCABFAAA8folAAEAGwOgKAAIPwAAvO6ycACuFe1kCAAAAAKACchD7eAAAAgQFtAQCCAqvatNhAAAAAAEDAwY="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1507397119066212,"flow_dst_last_pkt_time":1507397119183017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1507397119183017,"pkt":"CAAnPqwxUlQAEjUCCABFAAAsSF0AAEAGNyXAAC87CgACDwArrJwAl14BhXtZA2AS\/\/+y7QAAAgQFtAAA"} @@ -7,17 +7,17 @@ 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1507397119183714,"flow_dst_last_pkt_time":1507397119183017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1507397119183714,"pkt":"UlQAEjUCCAAnPqwxCABFAAA1fotAAEAGwO0KAAIPwAAvO6ycACuFe1kDAJdeAlAYchD7cQAAZXhhbXBsZS5jb20NCg=="} 00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1507397119066212,"flow_src_last_pkt_time":1507397119183714,"flow_dst_last_pkt_time":1507397119183017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507397119183714,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"example.com"}} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1507397119183714,"flow_dst_last_pkt_time":1507397119183935,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1507397119183935,"pkt":"CAAnPqwxUlQAEjUCCABFAAAoSF4AAEAGNyjAAC87CgACDwArrJwAl14ChXtZEFAQ\/\/\/KnQAAAAAAAAAA"} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":246,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1604305198454924} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":246,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1604305198454924} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198454924,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604305198454924,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1604305198454924,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_usec":1604305198454924,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB5BrfTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1604305198454980,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_usec":1604305198454980,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB4BrjTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1604305198454980,"flow_dst_last_pkt_time":1604305198460416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1604305198460416,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAANARIQAB9Bo\/HChEzCAoRIosQ9\/oQPm9gn\/84RoeAEiAA9XQAAAIEBbQBAwMIAQEEAg=="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1604305198454980,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1604305198460454,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAANARIQAB8BpDHChEzCAoRIosQ9\/oQPm9gn\/84RoeAEiAA9XQAAAIEBbQBAwMIAQEEAg=="} 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1604305198677924,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":228,"pkt_l4_len":190,"thread_ts_usec":1604305198677924,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAA0uAtQAB5BrdDChEiiwoRMwj6EBD3\/zhGhz5vYKBQGAICz4oAABYDAwClAQAAoQMDX5\/BMV1rPKhByzNRK4rcAwy\/wMJWuP4Xh6PiU3vD\/KoAACbALMArwDDAL8AkwCPAKMAnwArACcAUwBMAnQCcAD0APAA1AC8ACgEAAFIABQAFAQAAAAAACgAIAAYAHQAXABgACwACAQAADQAUABIEAQUBAgEEAwUDAgMCAgYBBgMAIwAAABAADgAMAmgyCGh0dHAvMS4xABcAAP8BAAEA"} -01337{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677924,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604305198677924,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}} -01543{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677955,"flow_dst_last_pkt_time":1604305198690105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":1604305198690105,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"649d6810e8392f63dc311eecb6b7098b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","issuerDN":"CN=10.17.51.7","subjectDN":"CN=10.17.51.7, CN=10.17.51.7","advertised_alpns":"h2,http\/1.1","fingerprint":"DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5"}}} +01447{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677924,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604305198677924,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1"}}} +01653{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677955,"flow_dst_last_pkt_time":1604305198690105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":1604305198690105,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"649d6810e8392f63dc311eecb6b7098b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","issuerDN":"CN=10.17.51.7","subjectDN":"CN=10.17.51.7, CN=10.17.51.7","advertised_alpns":"h2,http\/1.1","fingerprint":"DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5"}}} 00967{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1507397119066212,"flow_src_last_pkt_time":1507397119368026,"flow_dst_last_pkt_time":1507397119369277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":233,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":233,"midstream":0,"thread_ts_usec":1604305198690105,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":1806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1623517268690274} +00633{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":1806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1623517268690274} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517268690274,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517268690274,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1623517268690274,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":62,"pkt_l4_len":24,"thread_ts_usec":1623517268690274,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAALKUxAAAtBrE+wB4tHgqgP4AAK8\/hR0rdvNStq\/tgEgW05awAAAIEBVA="} 02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1623517269021725,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"thread_ts_usec":1623517269021725,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2B35AAAtBjPLwB4tHgqgP4AAK8\/hR0rdvdStrBVQGAW0T9cAACAgIERvbWFpbiBOYW1lOiBDWUJFUlBBVFJPTEJELkNPTQ0KICAgUmVnaXN0cnkgRG9tYWluIElEOiAyMTUzNDAwMTAwX0RPTUFJTl9DT00tVlJTTg0KICAgUmVnaXN0cmFyIFdIT0lTIFNlcnZlcjogd2hvaXMuUHVibGljRG9tYWluUmVnaXN0cnkuY29tDQogICBSZWdpc3RyYXIgVVJMOiBodHRwOi8vd3d3LnB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgVXBkYXRlZCBEYXRlOiAyMDIwLTA4LTI5VDA3OjQxOjUyWg0KICAgQ3JlYXRpb24gRGF0ZTogMjAxNy0wOC0xNFQxNjoxMDo1MVoNCiAgIFJlZ2lzdHJ5IEV4cGlyeSBEYXRlOiAyMDIxLTA4LTE0VDE2OjEwOjUxWg0KICAgUmVnaXN0cmFyOiBQRFIgTHRkLiBkL2IvYSBQdWJsaWNEb21haW5SZWdpc3RyeS5jb20NCiAgIFJlZ2lzdHJhciBJQU5BIElEOiAzMDMNCiAgIFJlZ2lzdHJhciBBYnVzZSBDb250YWN0IEVtYWlsOiBhYnVzZS1jb250YWN0QHB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgUmVnaXN0cmFyIEFidXNlIENvbnRhY3QgUGhvbmU6ICsxLjIwMTM3NzU5NTINCiAgIERvbWFpbiBTdGF0dXM6IGNsaWVudFRyYW5zZmVyUHJvaGliaXRlZCBodHRwczovL2ljYW5uLm9yZy9lcHAjY2xpZW50VHJhbnNmZXJQcm9oaWJpdGVkDQogICBOYW1lIFNlcnZlcjogTlMyNS5FSUNSQS5ORVQNCiAgIE5hbWUgU2VydmVyOiBOUzI2LkVJQ1JBLk5FVA0KICAgRE5TU0VDOiB1bnNpZ25lZA0KICAgVVJMIG9mIHRoZSBJQ0FOTiBXaG9pcyBJbmFjY3VyYWN5IENvbXBsYWludCBGb3JtOiBodHRwczovL3d3dy5pY2Fubi5vcmcvd2ljZi8NCj4+PiBMYXN0IHVwZGF0ZSBvZiB3aG9pcyBkYXRhYmFzZTogMjAyMS0wNi0xMlQxNjowMDo1NlogPDw8DQoNCkZvciBtb3JlIGluZm9ybWF0aW9uIG9uIFdob2lzIHN0YXR1cyBjb2RlcywgcGxlYXNlIHZpc2l0IGh0dHBzOi8vaWNhbm4ub3JnL2VwcA0KDQpOT1RJQ0U6IFRoZSBleHBpcmF0aW9uIGRhdGUgZGlzcGxheWVkIGluIHRoaXMgcmVjb3JkIGlzIHRoZSBkYXRlIHRoZQ0KcmVnaXN0cmFyJ3Mgc3BvbnNvcnNoaXAgb2YgdGhlIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiBpbiB0aGUgcmVnaXN0cnkgaXMNCmN1cnJlbnRseSBzZXQgdG8gZXhwaXJlLiBUaGlzIGRhdGUgZG9lcyBub3QgbmVjZXNzYXJpbHkgcmVmbGVjdCB0aGUgZXhwaXJhdGlvbg0KZGF0ZSBvZiB0aGUgZG9tYWluIG5hbWUgcmVnaXN0cmFudCdzIGFncg=="} @@ -27,7 +27,7 @@ 00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677955,"flow_dst_last_pkt_time":1604305198690105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":1623517269021781,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01082{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3114,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517269021781,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00779{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3114,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517269021781,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":4920,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1623517269021781} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":4920,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1623517269021781} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 23/23 ~~ skipped flows.............: 0 @@ -36,10 +36,10 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777964 bytes -~~ total memory freed........: 7777964 bytes -~~ total allocations/frees...: 146424/146424 +~~ total memory allocated....: 11486551 bytes +~~ total memory freed........: 11486551 bytes +~~ total allocations/frees...: 216678/216678 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 529 chars ~~ json string max len.......: 2145 chars -~~ json string avg len.......: 1335 chars +~~ json string avg len.......: 1336 chars diff --git a/test/results/default/windowsupdate_over_http.pcap.out b/test/results/default/windowsupdate_over_http.pcap.out index d251a9b2c..cc3bd1fbd 100644 --- a/test/results/default/windowsupdate_over_http.pcap.out +++ b/test/results/default/windowsupdate_over_http.pcap.out @@ -1,4 +1,4 @@ -00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00579{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":94209879,"flow_src_last_pkt_time":94209879,"flow_dst_last_pkt_time":94209879,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":94209879,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":94209879,"flow_dst_last_pkt_time":94209879,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":94209879,"pkt":"UlQAEjUCCAAn5uVZCABFAAA0zkVAAIAGQI8KAAIPl2NIfcKXAFAVLcI9AAAAAIAC+vDt3QAAAgQFtAEDAwgBAQQC"} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":94209879,"flow_dst_last_pkt_time":94216419,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":94216419,"pkt":"CAAn5uVZUlQAEjUCCABFAAAs7dwAAEAGoQCXY0h9CgACDwBQwpcBAsoBFS3CPmAS\/\/9G0AAAAgQFtA=="} @@ -8,7 +8,7 @@ 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":94216792,"flow_dst_last_pkt_time":94216898,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":94216898,"pkt":"CAAn5uVZUlQAEjUCCABFAAAo7d0AAEAGoQOXY0h9CgACDwBQwpcBAsoCFS3EHVAQ\/\/9crgAA"} 01612{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":94209879,"flow_src_last_pkt_time":94216792,"flow_dst_last_pkt_time":94225646,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":479,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":94225646,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WindowsUpdate","proto_id":"7.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"151.99.72.125","http": {"url":"151.99.72.125\/data\/0783dedfb62fa709\/msedge.b.tlu.dl.delivery.mp.microsoft.com\/filestreamingservice\/files\/d1d060c0-7ece-4b96-9558-4bd0f2326040?P1=1652084683&P2=404&P3=2&P4=GtXnDMvssaTVZE%2bliGRNZPdTCGZcdK3lsfQhBycGI5on2dyQK7mRzg%2fAP%2fOuVTebtfWU%2bfL%2bVpkQ9bwhNwUDPA%3d%3d","code":206,"content_type":"application\/octet-stream","user_agent":"Microsoft-Delivery-Optimization\/10.0"}}} 01214{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":12,"flow_first_seen":94209879,"flow_src_last_pkt_time":94227136,"flow_dst_last_pkt_time":94226926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":479,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":479,"flow_dst_tot_l4_payload_len":14400,"midstream":0,"thread_ts_usec":94227136,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"151.99.72.125","src_port":49815,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.WindowsUpdate","proto_id":"7.147","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download"}} -00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":14879,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":94227136} +00644{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/windowsupdate_over_http.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":14879,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":94227136} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7768232 bytes -~~ total memory freed........: 7768232 bytes -~~ total allocations/frees...: 146407/146407 +~~ total memory allocated....: 11476851 bytes +~~ total memory freed........: 11476851 bytes +~~ total allocations/frees...: 216661/216661 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 521 chars ~~ json string max len.......: 1617 chars diff --git a/test/results/default/wireguard.pcap.out b/test/results/default/wireguard.pcap.out index 885a4a424..1caae8f47 100644 --- a/test/results/default/wireguard.pcap.out +++ b/test/results/default/wireguard.pcap.out @@ -1,5 +1,5 @@ -00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1532126321356858} +00565{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00628{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1532126321356858} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":148,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1532126321356858,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321356858,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":190,"pkt_l4_len":156,"thread_ts_usec":1532126321356858,"pkt":"ouY0lLWDOjblv1r4CABFiACwAksAAEARY1YKCQABCgkAAqnGymwAnBTCAQAAANg30DBfzsfI5cji4\/eYnu9gwijYIynWArax4rudBo+Jz51NRTJ4D20nJk97mHAf3Cek7ACutr7NvvIzLxtAhMrbk4I5NcASriVeeyXv8TlAwyH6a9ZqKoewYdsUMBc+k39Wk0neKFbcXyYWdj7ur8BTOwHdll5+x2l24o9oPWcSAAAAAAAAAAAAAAAAAAAAAA=="} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1532126321356858,"flow_dst_last_pkt_time":1532126321359376,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_usec":1532126321359376,"pkt":"Ojblv1r4ouY0lLWDCABFiAB4KjkAAEARO6AKCQACCgkAAcpsqcYAZBSKAgAAAAb0favYN9AwsY1VUL1AQqN6RoI6wI2x7GaDm8DKLWS8Fc2AIytmIy+uwkr4kY3hBg\/1yY6GXV818nIhTFJgEQ3Exh4yzdhUIQAAAAAAAAAAAAAAAAAAAAA="} @@ -8,7 +8,7 @@ 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1532126321359708,"flow_dst_last_pkt_time":1532126321359929,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1532126321359929,"pkt":"Ojblv1r4ouY0lLWDCABFAACcKjoAAEARPAMKCQACCgkAAcpsqcYAiBSuBAAAANg30DAAAAAAAAAAAG9PCA6fUmkbvpSFNfecE+1o8JFF1SPu2whyZfloCC9wc1cpJj7aYnx2g83AuAozVtlTbJ8OKHJ5e1yBcguguOpyM8bev58PvujxDsGJhbgkvzUPi4GA0Ipk5r6YEAiaw9E2PtXhKcoeBCXPfpSWVlk="} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1532126322363971,"flow_dst_last_pkt_time":1532126321359929,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_usec":1532126322363971,"pkt":"ouY0lLWDOjblv1r4CABFAACcApAAAEARY60KCQABCgkAAqnGymwAiBSuBAAAAAb0fasBAAAAAAAAAHzNKCSiKfzNFoU7Hv+UasxWNazSNhCJwxaXBs4Pz2LNqySyHtibW+QDk8FpLPp6KYHljK6RU0il+fyDPap6kagbUeVbtzLq3DhtalfmJbCSy1upQ\/apOsaaBwHpnmAipi8Gbzy2IjKAkdrVnfE\/bjM="} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126461633953,"flow_dst_last_pkt_time":1532126461588236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":2596,"flow_dst_tot_l4_payload_len":1224,"midstream":0,"thread_ts_usec":1532126461633953,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":23,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":3820,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1563973554628757} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":23,"packets-processed":22,"total-skipped-flows":0,"total-l4-payload-len":3820,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1563973554628757} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1563973554628757,"flow_src_last_pkt_time":1563973554628757,"flow_dst_last_pkt_time":1563973554628757,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":800,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":800,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1563973554628757,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01605{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1563973554628757,"flow_dst_last_pkt_time":1563973554628757,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_usec":1563973554628757,"pkt":"OCxKuzMdABAY3q0FCABFAAM8FXkAADURYEKLosCdwKgADspsjRQDKLH1BAAAAL5AaY1rAAAAAAAAANUJ2VrXQI01RZfJr8PEwgZEhNNcu6x03VWSZ67dhAHHTWKcRpBFkk8NVHd\/C4D4pz\/puWqoUUxKuxxH6YlcxuxAvZFB0Na5O4CW6jEyMIx3UMKSHboRTInUKfs0ifRWz\/ah3LYVezBxxWAse8HA4hp9J+12MZT8TmyygIwyCCaeEvoUQjFc6leSZrAZpKnPNseLUtXq9seSkA+QHufBd5P\/nAxkid4Fwq057VLJqJcJvFJRIdSNrsUBNHlMd2O226LQDMo6+sXnZNRhM\/0lY6T99lZ2rtutA5g+LROCm\/BZLu+Ww0aOhZ9T5CPKvl1MXzbqDpHjEWohQohUG62HCabsLz2Pl6HJpafmxv\/xXmUvqTxvWO5iYVSI4YH0rzZVN3aVdPUxgXYG+W8rSU+st0bg\/OnAMZWFzotivj2mfqRsGMWV3egRFwhvlfe7Fuv0OvGM3s9ZvinFAlmQZqUDOt74G5zoedU\/69v6LWqjWqMgwmKLQ\/lMwt2MnS6hiTwk\/iqPpTIM8RYnxG13RvjKDr4JXT\/U7OnZL63BA8kKbkL5zeTL+gL4bvPs8T4bLqWJpX+KPgKK5qcCbrRIXtRaFjvffCmBHmxiams\/n7B6m2DssFWcjX1Ev1oBu1UMKN6t2aeneW6ZYl4Q+afpKmmTZbh75sYoA8rPXxM4Q6E\/CvQ8xKFJuG12US4vfj96Tg+HLqjTKQn0aT3tP\/WRrjoWHz5nOKAwY2ssdZ\/sOQ7Z4I975oMYqMkolPHC\/IQyZ00spefKrUv00QdKXcsmU90gzx2i\/XncJUiW6+cRr5y\/xIasdRDvxOeWrnEuyr4eneiO5Pi37MXP8f2E65R6K8EWKkhOt2QxypTL9OYJAB3d80dQUxikTgyJwcF9uQEqgJNA\/GZhO2rBxL\/P3ze0It5qd4umjz9rSz1Tj4x9V7iRrPWik7ncKTUF\/OLBOu3ao3EyUG8u2N+GMLh6DNMnc3AMj260R63yyZIj87BZpn+95duhzSfs8I4u6YbCy54JPpusEK7oluD\/Hy2\/DI77VPA2QYc="} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1563973554628780,"flow_dst_last_pkt_time":1563973554628757,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1563973554628780,"pkt":"OCxKuzMdABAY3q0FCABFAACsFXoAADURYtGLosCdwKgADspsjRQAmIUlBAAAAL5AaY1sAAAAAAAAAApaAsrtXpH1hJEWMIaMon2Jp07DYKtFnos9KJ2dxNXsnPOlMw8teGIqqtQyAhfCvZKfSoj8FKmPC1PCtu8qqniK567s\/wF6cALr5IJXHXdFnmr1I94kKjzDU62XCT24xGedWrUZRek84+e2Fsx1lJJ6NR9cFgw9VnO9J77GX8hL"} @@ -18,7 +18,7 @@ 00643{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1563973554711201,"flow_dst_last_pkt_time":1563973554642219,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1563973554711201,"pkt":"OCxKuzMdABAY3q0FCABFAAB8FcIAADURYrmLosCdwKgADspsjRQAaAbHBAAAAL5AaY1tAAAAAAAAAPpGK9K5H5VHV22UlCuzckhifHXG0mCPbNY7tJ3Ehp5q9DbTenVPM\/dETy5WTx4iR6yiQjK\/qZpSgBD1KbJ+XOoBt2B9Juw3RjALxSawFkyQ"} 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":12,"flow_first_seen":1563973554628757,"flow_src_last_pkt_time":1563973564026333,"flow_dst_last_pkt_time":1563973563910592,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":272,"flow_src_tot_l4_payload_len":4672,"flow_dst_tot_l4_payload_len":2064,"midstream":0,"thread_ts_usec":1563973564026333,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":10,"flow_first_seen":1532126321356858,"flow_src_last_pkt_time":1532126461633953,"flow_dst_last_pkt_time":1532126461588236,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":2596,"flow_dst_tot_l4_payload_len":1224,"midstream":0,"thread_ts_usec":1563973564026333,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":43462,"dst_port":51820,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":52,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":10556,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1563973564026333} +00638{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/wireguard.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":52,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":10556,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1563973564026333} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 52/52 ~~ skipped flows.............: 0 @@ -27,9 +27,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7770409 bytes -~~ total memory freed........: 7770409 bytes -~~ total allocations/frees...: 146434/146434 +~~ total memory allocated....: 11479012 bytes +~~ total memory freed........: 11479012 bytes +~~ total allocations/frees...: 216688/216688 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 570 chars ~~ json string max len.......: 1610 chars diff --git a/test/results/default/wow.pcap.out b/test/results/default/wow.pcap.out index 07fbe5b1d..df86dd2a1 100644 --- a/test/results/default/wow.pcap.out +++ b/test/results/default/wow.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1437858769436349} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1437858769436349} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437858769436349,"flow_src_last_pkt_time":1437858769436349,"flow_dst_last_pkt_time":1437858769436349,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437858769436349,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.222.53","src_port":39309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1437858769436349,"flow_dst_last_pkt_time":1437858769436349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1437858769436349,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GJNAAIAGhLXAqLIUDIHeNZmNAFBo+hN9AAAAAKACIADawAAAAgQFtAEDAwIEAggKACnZUgAAAAA="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1437858769437258,"flow_dst_last_pkt_time":1437858769436349,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1437858769437258,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8GJNAAIAGhLXAqLIUDIHeNZmNAFBo+hN9AAAAAKACIADawAAAAgQFtAEDAwIEAggKACnZUgAAAAA="} @@ -28,7 +28,7 @@ 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1437858849702632,"flow_dst_last_pkt_time":1437858849702534,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1437858849702632,"pkt":"JGUR0Ik6JGURQGHhCABFAAA0GWZAAIAGfYbAqLIUDIHkmZnEDowRX7J8ZKojs4AQEGhlVQAAAQEICgAp+K1Cum0N"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1437858849702756,"flow_dst_last_pkt_time":1437858849702534,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1437858849702756,"pkt":"JGUR0Ik6JGURQGHhCABFAAA0GWZAAIAGfYbAqLIUDIHkmZnEDowRX7J8ZKojs4AQEGhlVQAAAQEICgAp+K1Cum0N"} 00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1437858849489494,"flow_src_last_pkt_time":1437858849702756,"flow_dst_last_pkt_time":1437858849924849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":50,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":50,"midstream":0,"thread_ts_usec":1437858849924849,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.153","src_port":39364,"dst_port":3724,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"WorldOfWarcraft","proto_id":"76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":83,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":4309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1437859397750241} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":83,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":4309,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_usec":1437859397750241} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1437859397750241,"flow_src_last_pkt_time":1437859397750241,"flow_dst_last_pkt_time":1437859397750241,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1437859397750241,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1437859397750241,"flow_dst_last_pkt_time":1437859397750241,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1437859397750241,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8KdNAAIAGbRLAqLIUDIHkmJqpDoyvdi+RAAAAAKACIABtBAAAAgQFtAEDAwIEAggKACrOwgAAAAA="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1437859397750308,"flow_dst_last_pkt_time":1437859397750241,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1437859397750308,"pkt":"JGUR0Ik6JGURQGHhCABFAAA8KdNAAIAGbRLAqLIUDIHkmJqpDoyvdi+RAAAAAKACIABtBAAAAgQFtAEDAwIEAggKACrOwgAAAAA="} @@ -41,7 +41,7 @@ 00967{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1437859397750241,"flow_src_last_pkt_time":1437859398404065,"flow_dst_last_pkt_time":1437859398661830,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":50,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":93,"midstream":0,"thread_ts_usec":1437859398661830,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.228.152","src_port":39593,"dst_port":3724,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"WorldOfWarcraft","proto_id":"76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01208{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":6,"flow_first_seen":1437858769436349,"flow_src_last_pkt_time":1437858780442418,"flow_dst_last_pkt_time":1437858780442307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":85,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":546,"midstream":0,"thread_ts_usec":1437859398661830,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"12.129.222.53","src_port":39309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","proto_id":"7.76","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} 01100{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":6,"flow_first_seen":1437858769451846,"flow_src_last_pkt_time":1437858780577538,"flow_dst_last_pkt_time":1437858780577426,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":544,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":544,"midstream":0,"thread_ts_usec":1437859398661830,"l3_proto":"ip4","src_ip":"192.168.178.20","dst_ip":"24.105.29.21","src_port":39312,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.WorldOfWarcraft","proto_id":"7.76","proto_by_ip":"Starcraft","proto_by_ip_id":213,"encrypted":0,"breed":"Fun","category_id":8,"category":"Game"}} -00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":95,"packets-processed":95,"total-skipped-flows":0,"total-l4-payload-len":4586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1437859398661830} +00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"cfgs\/default\/pcap\/wow.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":95,"packets-processed":95,"total-skipped-flows":0,"total-l4-payload-len":4586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1437859398661830} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 95/95 ~~ skipped flows.............: 0 @@ -50,9 +50,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7784603 bytes -~~ total memory freed........: 7784603 bytes -~~ total allocations/frees...: 146527/146527 +~~ total memory allocated....: 11493158 bytes +~~ total memory freed........: 11493158 bytes +~~ total allocations/frees...: 216781/216781 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 526 chars ~~ json string max len.......: 1213 chars diff --git a/test/results/default/xdmcp.pcap.out b/test/results/default/xdmcp.pcap.out index 48e3a4245..9cb0e62e8 100644 --- a/test/results/default/xdmcp.pcap.out +++ b/test/results/default/xdmcp.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1538467333581076} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1538467333581076} 00761{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1538467333581076,"flow_src_last_pkt_time":1538467333581076,"flow_dst_last_pkt_time":1538467333581076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1538467333581076,"l3_proto":"ip4","src_ip":"10.1.2.2","dst_ip":"10.1.2.4","src_port":61426,"dst_port":177,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1538467333581076,"flow_dst_last_pkt_time":1538467333581076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":15,"thread_ts_usec":1538467333581076,"pkt":"CAAngNsFUlQAEjUACABFAAAjIEIAAP8Rg4AKAQICCgECBO\/yALEAD\/cgAAEAAgABAAAAAAAAAAAAAAAA"} 01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1538467333581076,"flow_src_last_pkt_time":1538467333581076,"flow_dst_last_pkt_time":1538467333581076,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":7,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1538467333581076,"l3_proto":"ip4","src_ip":"10.1.2.2","dst_ip":"10.1.2.4","src_port":61426,"dst_port":177,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"XDMCP","proto_id":"15","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} @@ -8,7 +8,7 @@ 00578{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1538467333586740,"flow_dst_last_pkt_time":1538467333731484,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1538467333731484,"pkt":"UlQAEjUACAAngNsFCABFAABQuVJAAEARaUMKAQIECgECAgCx7\/IAPBhVAAEACAAuDIAyAwAAAAAAEk1JVC1NQUdJQy1DT09LSUUtMQAQTPvoMVb5+UR+Qxed0+SWjg=="} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1538467334608643,"flow_dst_last_pkt_time":1538467333731484,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":71,"pkt_l4_len":37,"thread_ts_usec":1538467334608643,"pkt":"CAAngNsFUlQAEjUACABFAAA5IEQAAP8Rg2gKAQICCgECBO\/yALEAJZG\/AAEACgAXDIAyAwAAAA9NSVQtdW5zcGVjaWZpZWQ="} 01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":2,"flow_first_seen":1538467333581076,"flow_src_last_pkt_time":1538467336601228,"flow_dst_last_pkt_time":1538467333731484,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":7,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":52,"flow_src_tot_l4_payload_len":254,"flow_dst_tot_l4_payload_len":81,"midstream":0,"thread_ts_usec":1538467336601228,"l3_proto":"ip4","src_ip":"10.1.2.2","dst_ip":"10.1.2.4","src_port":61426,"dst_port":177,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"XDMCP","proto_id":"15","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}} -00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":335,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1538467336601228} +00629{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/xdmcp.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":335,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1538467336601228} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -17,9 +17,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766927 bytes -~~ total memory freed........: 7766927 bytes -~~ total allocations/frees...: 146377/146377 +~~ total memory allocated....: 11475546 bytes +~~ total memory freed........: 11475546 bytes +~~ total allocations/frees...: 216631/216631 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 536 chars ~~ json string max len.......: 1091 chars diff --git a/test/results/default/xiaomi.pcap.out b/test/results/default/xiaomi.pcap.out index ffcb5b2c0..efde9283a 100644 --- a/test/results/default/xiaomi.pcap.out +++ b/test/results/default/xiaomi.pcap.out @@ -1,9 +1,9 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639054136437359} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639054136437359} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054136437359,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054136437359,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":136,"pkt_l4_len":98,"thread_ts_usec":1639054136437359,"pkt":"AAAAAAAAAAIAAAAIgQAA0AgARRQAdj14QAAuBjXZL\/EHWAo0l6AUZpkMYD5IiLldMd2AGAA1w4IAAAEBCAqKynYNev32UML+AAUAAAA2AAIAFgAAABgIABoKeGlhb21pLmNvbSoEQ09OTkgACgo1Mzg2MzcwNzY5EgQ3ZjA0GgIIACIAfagLdw=="} 01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054136437359,"flow_src_last_pkt_time":1639054136437359,"flow_dst_last_pkt_time":1639054136437359,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":66,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":66,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054136437359,"l3_proto":"ip4","src_ip":"47.241.7.88","dst_ip":"10.52.151.160","src_port":5222,"dst_port":39180,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":""}} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":66,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1643625846975752} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-payload-len":66,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_usec":1643625846975752} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643625846975752,"flow_src_last_pkt_time":1643625846975752,"flow_dst_last_pkt_time":1643625846975752,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643625846975752,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.244.219","src_port":5222,"dst_port":45904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1643625846975752,"flow_dst_last_pkt_time":1643625846975752,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643625846975752,"pkt":"AAAAAAAAAA0AYH2pCABFFAA8AABAAC4G2JdzpErowKj02xRms1CUmJB5c0FIJ6ASaVAVsQAAAgQFUAQCCAri0mMlEWpVrAEDAwk="} 00790{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1643625846975752,"flow_dst_last_pkt_time":1643625847008745,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":250,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":250,"pkt_l4_len":216,"thread_ts_usec":1643625847008745,"pkt":"AAAAAAAAAAoAtbdgCABFAADsPqBAAEAGh1vAqPTbc6RK6LNQFGZzQUgnlJiQeoAYAKxOqAAAAQEIChFqVg7i0mMlwv4ABQAAAKwAAgAWAAAAjggAGgp4aWFvbWkuY29tKgRDT05OSAAIahINUmVkbWkgTm90ZSA5UxoRVjEyLjUuMi4wLlJKV01JWE0iKmEtRDdBNUQ4QTlCNTM3NTI5Rjk2NkU0MjlEMDU4ODYyMDMyNEY2QzVFMigqMg9tb2JpbGUtbHRlLXRhaWY6ETQ3LjI0MS4zNS43Mzo1MjIyQhBhcl9FR18jdS1udS1sYXRuSgIYAFAebjssqA=="} @@ -26,7 +26,7 @@ 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1643625858251774,"flow_dst_last_pkt_time":1643625858163146,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_usec":1643625858251774,"pkt":"AAAAAAAAAAUARa2GCABFFAB2BwBAAC0GT7dhJ3eswKhdOxRmySBqbHLjb20PkIAYADWSLgAAAQEIChVvdCQWrKzjwv4ABQAAADYAAgAWAAAAGAgAGgp4aWFvbWkuY29tKgRDT05OSAAKCjkyODQzNjUzNzESBGQzOGMaAggAIgB+7gui"} 01830{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1643625858251774,"flow_dst_last_pkt_time":1643625858290111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1013,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1013,"pkt_l4_len":979,"thread_ts_usec":1643625858290111,"pkt":"AAAAAAAAAAUARa2GCABFAAPnXtVAAEAG4YTAqF07YSd3rMkgFGZvbQ+QamxzJYAYAVdAegAAAQEIChasrWIVb3Qkwv4ABQAAA6ePAlQXgwcDpjrqoyKdw4IwnSS1iwp7K8C\/a\/DO3BfsxHjpq97Q8+JQdr+1Sx7ZzediATucm0ln6n2ECEvLfwgzevfD1u\/CWmlaUPaZueHN8B9ew4RhxHiqHdSsBkyR3\/8cXiDijQq6T8Ek7smY\/RX\/5leFfWyTeoTllIzIUkB55Pa1o+qg3e53JuNFDNQfWiRPHBesCrCXsbija8s1EZqinSwpndgCEBFquauEl0+Ragp0lMAm7RxiyEIiOyxii5gY6FbeEsulHj5K+xrSQspZJtPdEOSpF1rz3Gyo9NjcCfsHV9R4Qi2\/9SJtd09CAVq8p243RiYrBSFNXlnTx1d+gDkjIIWEnSHiWm6wI3RKFPkfupRRU42022iQm6gc+ln75Gn85HTw+NXyOi7hiRF7DRS7G7djKIAszOszTFHRkkpjyJOeBTxqe0\/cP7iVPR4k8S8Yt2IIyGHi9Ev4Zlb4gChCAaSmqzYYUrN1LvdTCbvsqCb4+X\/nhcnmWWblseOpPYxDs0BNszHZKDXWo+ranx19e5G\/9xXDFrAxfcMfNuriGBbbVAXe7462XSH\/+tpcjQk24myuI7hOvnD750dNp\/HrqJWAHUQZ74X6JknAabe7d8J0L2HrM9CKftKHNEwNVBo2W7hYmWR4sIdVm9PC1yhLua4+FQb6gD7CfCitUins9w35O879aJ6hQ6ifA72fy1CW8kYwHTRt1PYIpZxMYXrmTgEWSWA9qM82PLbe5eiXV7BJfNYZoJLzdYqhwGnnsmohpFVuKyUorBJD7vvuQD3SNaJCkOcjkonUC7w1Aoq\/LEleMvZMCV5xjp40ct2wu2xQKSVdZolpUZwqutt8Gf9sRoGhgdIPb9EK542l8\/A7tHHzrmc8IOcyiGpNJ\/EuwyWs7gFpgVLTXSPqTbe1qzkw0S2Y2nPo+6Ky42BpsyBzk4qUs6ydaYyDy4szOeNYiIojVSTrTxAv81CONJ2+ehjOWR8xPviE1S1QIXaYB4Gqs\/lZigZFQG\/oXglQxrWoVdulOJx7hBr6CvDnOH8iaYOEAE+dhE0\/fUwSxsmmO3nkoBZimUpkdwux5rIZFUx9dApAbOxa7+aCnM4QzRm98LOIHsLSXbGeit3y2PpoHyZPuSe4WpTir5GONnCdFxFykyAYWy1Q4zL\/K\/oFI9aozHoou7\/tqoKcgsNRo43pfiO7Jzlwy0YGnBZXXeyDs7q5ihlPt6rz9zQzrxMSuy3zrUgN1tIfI5+V1VE="} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1643625858384595,"flow_dst_last_pkt_time":1643625858290111,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_usec":1643625858384595,"pkt":"AAAAAAAAAAUARa2GCABFFACdBwFAAC4GTo9hJ3eswKhdOxRmySBqbHMlb20TQ4AYADRRBgAAAQEIChVvdKgWrK1iwv4ABQAAAF2PAlQXgwcA7DrqoyKdw4IwnSS1iwp7K8C\/a\/DO3BfsxHjpq97Q8+JQdr+1Sx7ZzediATucm0ln4nmG0Vi+OwwzW+foz4TyXEsJXPSpg\/XoqwJuhd4u9kuYCJ6VJSia4DKX"} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":3907,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1649839944752000} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":3907,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_usec":1649839944752000} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649839944752000,"flow_src_last_pkt_time":1649839944752000,"flow_dst_last_pkt_time":1649839944752000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649839944752000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"3.127.176.74","src_port":37708,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1649839944752000,"flow_dst_last_pkt_time":1649839944752000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649839944752000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MLBAAD8GlDbAqAJkA3+wSpNMFGaY8mRiAAAAAKAC\/\/+SoQAAAgQFtAQCCAodPXxCAAAAAAEDAwk="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1649839944752000,"flow_dst_last_pkt_time":1649839944776000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649839944776000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAPMGEOYDf7BKwKgCZBRmk0xMrReHmPJkY6ASaN+IpwAAAgQFrAQCCAr78kDrHT18QgEDAwg="} @@ -37,7 +37,7 @@ 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1643625846975752,"flow_src_last_pkt_time":1643625847231770,"flow_dst_last_pkt_time":1643625847145760,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":928,"flow_src_tot_l4_payload_len":172,"flow_dst_tot_l4_payload_len":1112,"midstream":0,"thread_ts_usec":1649839946492000,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.244.219","src_port":5222,"dst_port":45904,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1643625858130651,"flow_src_last_pkt_time":1643625858384595,"flow_dst_last_pkt_time":1643625858290111,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":105,"flow_dst_max_l4_payload_len":947,"flow_src_tot_l4_payload_len":171,"flow_dst_tot_l4_payload_len":1117,"midstream":0,"thread_ts_usec":1649839946492000,"l3_proto":"ip4","src_ip":"97.39.119.172","dst_ip":"192.168.93.59","src_port":5222,"dst_port":51488,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} 00972{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1643625848421465,"flow_src_last_pkt_time":1643625997739244,"flow_dst_last_pkt_time":1643625997646742,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":106,"flow_dst_max_l4_payload_len":914,"flow_src_tot_l4_payload_len":184,"flow_dst_tot_l4_payload_len":1085,"midstream":0,"thread_ts_usec":1649839946492000,"l3_proto":"ip4","src_ip":"115.164.74.232","dst_ip":"192.168.247.13","src_port":5222,"dst_port":38018,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":34,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":5525,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1649853179269000} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":34,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":5525,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_usec":1649853179269000} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1649853179269000,"flow_src_last_pkt_time":1649853179269000,"flow_dst_last_pkt_time":1649853179269000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649853179269000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1649853179269000,"flow_dst_last_pkt_time":1649853179269000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649853179269000,"pkt":"eJS0JASgYDjgxTWgCABFAAA82XxAAD8GovfAqAJkEsHperAyFGbKjahPAAAAAKAC\/\/8SCgAAAgQFtAQCCAp5z8VmAAAAAAEDAwk="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1649853179269000,"flow_dst_last_pkt_time":1649853179291000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1649853179291000,"pkt":"YDjgxTWgeJS0JASgCABFAAA8AABAAPUGxnMSwel6wKgCZBRmsDIvdwKjyo2oUKASaN9j8wAAAgQFrAQCCAqcy3ZJec\/FZgEDAwg="} @@ -46,7 +46,7 @@ 01017{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1649853179269000,"flow_src_last_pkt_time":1649853179315000,"flow_dst_last_pkt_time":1649853179291000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":217,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1649853179315000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fr-app-chat-global-xiaomi-net2-2117517874.eu-central-1.elb.amazonaws.com"}} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1649853179315000,"flow_dst_last_pkt_time":1649853179337000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1649853179337000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0Y2JAAPUGYxkSwel6wKgCZBRmsDIvdwKkyo2pKYAQAG758wAAAQEICpzLdnh5z8WU"} 00973{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1649839944752000,"flow_src_last_pkt_time":1649840399878000,"flow_dst_last_pkt_time":1649840399901000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":933,"flow_dst_max_l4_payload_len":105,"flow_src_tot_l4_payload_len":1447,"flow_dst_tot_l4_payload_len":171,"midstream":0,"thread_ts_usec":1649853179854000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"3.127.176.74","src_port":37708,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":49,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":7643,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":49,"global_ts_usec":1650283578710000} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":49,"packets-processed":48,"total-skipped-flows":0,"total-l4-payload-len":7643,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":49,"global_ts_usec":1650283578710000} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650283578710000,"flow_src_last_pkt_time":1650283578710000,"flow_dst_last_pkt_time":1650283578710000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650283578710000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"203.107.1.65","src_port":48698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1650283578710000,"flow_dst_last_pkt_time":1650283578710000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1650283578710000,"pkt":"eJS0JASgYDjgxTWgCABFAAA8DvVAAD8GnQ7AqAJky2sBQb46AFChwP+pAAAAAKAC\/\/8meQAAAgQFtAQCCArLcGZmAAAAAAEDAwk="} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1650283578710000,"flow_dst_last_pkt_time":1650283579013000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650283579013000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAACkGwgvLawFBwKgCZABQvjrJa8kHocD\/qoASchB61gAAAgQFrAEBBAIBAwMH"} @@ -55,7 +55,7 @@ 01426{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650283578710000,"flow_src_last_pkt_time":1650283579202000,"flow_dst_last_pkt_time":1650283579013000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650283579202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"203.107.1.65","src_port":48698,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.Xiaomi","proto_id":"7.287","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"203.107.1.65","http": {"url":"203.107.1.65\/164566\/sign_d?host=appmarket.micloud.xiaomi.net&sdk=android_1.3.3&t=1650284179&s=762f2c07cf9262c61753f45b4117c232&sid=jccM7PF4XY0T&net=wifi&bssid=02%3A00%3A00%3A00%3A00%3A00","code":0,"content_type":"","user_agent":"Dalvik\/2.1.0 (Linux; U; Android 10; Redmi Note 9 Pro MIUI\/V12.0.3.0.QJZMIXM)"}}} 00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1650283578710000,"flow_src_last_pkt_time":1650283579202000,"flow_dst_last_pkt_time":1650283579013000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":348,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650283579202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"203.107.1.65","src_port":48698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00975{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":7,"flow_first_seen":1649853179269000,"flow_src_last_pkt_time":1649853538407000,"flow_dst_last_pkt_time":1649853179817000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":948,"flow_dst_max_l4_payload_len":422,"flow_src_tot_l4_payload_len":1525,"flow_dst_tot_l4_payload_len":593,"midstream":0,"thread_ts_usec":1650283579202000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"18.193.233.122","src_port":45106,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Xiaomi","proto_id":"287","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}} -00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":52,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":7991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_usec":1650283579202000} +00634{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/xiaomi.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":52,"packets-processed":52,"total-skipped-flows":0,"total-l4-payload-len":7991,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_usec":1650283579202000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 52/52 ~~ skipped flows.............: 0 @@ -64,9 +64,9 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7794084 bytes -~~ total memory freed........: 7794084 bytes -~~ total allocations/frees...: 146511/146511 +~~ total memory allocated....: 11502607 bytes +~~ total memory freed........: 11502607 bytes +~~ total allocations/frees...: 216765/216765 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 529 chars ~~ json string max len.......: 1835 chars diff --git a/test/results/default/xss.pcap.out b/test/results/default/xss.pcap.out index 965f5ffe0..7da68c945 100644 --- a/test/results/default/xss.pcap.out +++ b/test/results/default/xss.pcap.out @@ -1,5 +1,5 @@ -00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655243489609806} +00559{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00622{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1655243489609806} 00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1655243489609806,"flow_src_last_pkt_time":1655243489609806,"flow_dst_last_pkt_time":1655243489609806,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655243489609806,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1655243489609806,"flow_dst_last_pkt_time":1655243489609806,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655243489609806,"pkt":"FE+Kc3lP4CvpcxhCCABFAAA8+yJAAEAGt3DAqANtwKgDa9EKAFDSR62xAAAAAKAC+vBHrAAAAgQFtAQCCAqQR5ueAAAAAAEDAwc="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1655243489609806,"flow_dst_last_pkt_time":1655243489609822,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1655243489609822,"pkt":"4CvpcxhCFE+Kc3lPCABFAAA8AABAAEAGspPAqANrwKgDbQBQ0QpkRtWU0ketsqAS\/og+LAAAAgQFtAQCCAqztRhGkEebngEDAwc="} @@ -14,7 +14,7 @@ 01198{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1655243489609806,"flow_src_last_pkt_time":1655243489620426,"flow_dst_last_pkt_time":1655243489615942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":608,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":608,"flow_dst_tot_l4_payload_len":1843,"midstream":0,"thread_ts_usec":1655243489620426,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"1": {"risk":"XSS Attack","severity":"Severe","risk_score": {"total":10,"client":5,"server":5}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} 00947{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1655243489609847,"flow_src_last_pkt_time":1655243489614470,"flow_dst_last_pkt_time":1655243489609849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655243489620426,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53516,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} 00771{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1655243489609847,"flow_src_last_pkt_time":1655243489614470,"flow_dst_last_pkt_time":1655243489609849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1655243489620426,"l3_proto":"ip4","src_ip":"192.168.3.109","dst_ip":"192.168.3.107","src_port":53516,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":2451,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1655243489620426} +00631{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/xss.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-payload-len":2451,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_usec":1655243489620426} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 ~~ skipped flows.............: 0 @@ -23,9 +23,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7769581 bytes -~~ total memory freed........: 7769581 bytes -~~ total allocations/frees...: 146401/146401 +~~ total memory allocated....: 11478184 bytes +~~ total memory freed........: 11478184 bytes +~~ total allocations/frees...: 216655/216655 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 541 chars ~~ json string max len.......: 1386 chars diff --git a/test/results/default/yandex.pcapng.out b/test/results/default/yandex.pcapng.out index 2af470cd8..da6ef0eea 100644 --- a/test/results/default/yandex.pcapng.out +++ b/test/results/default/yandex.pcapng.out @@ -1,5 +1,5 @@ -00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675629757956767} +00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00627{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1675629757956767} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757956767,"flow_dst_last_pkt_time":1675629757956767,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675629757956767,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1675629757956767,"flow_dst_last_pkt_time":1675629757956767,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675629757956767,"pkt":"dNqIE5X\/CI6QkAulCABFAAA87YBAAEAG6CrAqAH51bTMup0aAbsZxJRyAAAAAKAC+vDi+wAAAgQFtAQCCApF2HIeAAAAAAEDAwc="} 00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1675629757956767,"flow_dst_last_pkt_time":1675629757971675,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675629757971675,"pkt":"CI6QkAuldNqIE5X\/CABFAAA8AABAADcG3qvVtMy6wKgB+QG7nRotDdTkGcSUc6ASqUoQtAAAAgQFggQCCApPBdMWRdhyHgEDAwg="} @@ -9,7 +9,7 @@ 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1675629757972020,"flow_dst_last_pkt_time":1675629757997818,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675629757997818,"pkt":"CI6QkAuldNqIE5X\/CABFAAA03SdAADcGAYzVtMy6wKgB+QG7nRotDdTlGcSWeIAQAKjlzQAAAQEICk8F0yZF2HIt"} 01271{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757972020,"flow_dst_last_pkt_time":1675629757997818,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1398,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1398,"midstream":0,"thread_ts_usec":1675629757997818,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMusic","proto_id":"91.34","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"music.yandex.kz","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} 01661{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1675629757956767,"flow_src_last_pkt_time":1675629757997886,"flow_dst_last_pkt_time":1675629758006704,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1644,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4440,"midstream":0,"thread_ts_usec":1675629758006704,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"213.180.204.186","src_port":40218,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexMusic","proto_id":"91.34","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music","hostname":"music.yandex.kz","tls": {"version":"TLSv1.2","server_names":"*.music.yandex.ru,music-partner.yandex.ru,music.yandex,music.yandex.by,music.yandex.uz,music.ya.ru,music.yandex.kz,music.yandex.com,music.yandex.ru","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"4ef1b297bb817d8212165a86308bac5f","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018","subjectDN":"C=RU, ST=Moscow, L=Moscow, O=Yandex LLC, CN=*.music.yandex.ru","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2","fingerprint":"84:6E:A1:68:E5:3B:10:C1:87:75:43:D8:F2:39:C3:4D:E9:9F:DC:88"}}} -00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":7039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1675632200347508} +00634{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-payload-len":7039,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1675632200347508} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675632200347508,"flow_src_last_pkt_time":1675632200347508,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632200347508,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"178.154.131.216","src_port":57126,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1675632200347508,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675632200347508,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8p+RAAEAGmcPAqAH5spqD2N8mAbsQs3pEAAAAAKAC+vC2kwAAAgQFtAQCCAoxyf\/EAAAAAAEDAwc="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1675632200354042,"flow_dst_last_pkt_time":1675632200347508,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632200354042,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0p+VAAEAGmcrAqAH5spqD2N8mAbsQs3pFVOenIIAQAfYqYQAAAQEICjHJ\/8uE0TMJ"} @@ -39,7 +39,7 @@ 01182{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1675632771618343,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771649047,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675632771649412,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.108","src_port":57322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexCloud","proto_id":"91.62","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"cloud.yandex.ru","tls": {"version":"TLSv1.2","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771661361,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675632771661361,"pkt":"CI6QkAuldNqIE5X\/CABFAAA0o39AADcGizxX+vpswKgB+QG73+pH994DthYOFIAQAKjWtwAAAQEICjlcYGHJQVuK"} 01227{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1675632771618343,"flow_src_last_pkt_time":1675632771649412,"flow_dst_last_pkt_time":1675632771666494,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":2796,"midstream":0,"thread_ts_usec":1675632771666494,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.108","src_port":57322,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YandexCloud","proto_id":"91.62","proto_by_ip":"Yandex","proto_by_ip_id":25,"encrypted":1,"breed":"Safe","category_id":13,"category":"Cloud","hostname":"cloud.yandex.ru","tls": {"version":"TLSv1.3","ja3":"cd08e31494f9531f560d64c695473da9","ja3s":"15af977ce25de452b96affa2addb1036","unsafe_cipher":0,"cipher":"TLS_AES_256_GCM_SHA384","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2"}}} -00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":68,"packets-processed":67,"total-skipped-flows":0,"total-l4-payload-len":22672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1675633561788867} +00635{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":68,"packets-processed":67,"total-skipped-flows":0,"total-l4-payload-len":22672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1675633561788867} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675633561788867,"flow_src_last_pkt_time":1675633561788867,"flow_dst_last_pkt_time":1675633561788867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561788867,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.134","src_port":58832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_src_last_pkt_time":1675633561788867,"flow_dst_last_pkt_time":1675633561788867,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561788867,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8OJ1AAEAG7PzAqAH5V\/r6huXQAbth\/x6mAAAAAKAC+vAp1QAAAgQFtAQCCAqt2\/gKAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_src_last_pkt_time":1675633561788867,"flow_dst_last_pkt_time":1675633561796212,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675633561796212,"pkt":"CI6QkAuldNqIE5X\/CABFAAA8AABAADcGLppX+vqGwKgB+QG75dDNImeHYf8ep6ASqUqZLQAAAgQFggQCCAroj8Uzrdv4CgEDAwg="} @@ -81,7 +81,7 @@ 00785{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1675632541901678,"flow_src_last_pkt_time":1675632541955636,"flow_dst_last_pkt_time":1675632541901678,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3154,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.22","src_port":40870,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1675632771618343,"flow_src_last_pkt_time":1675632771825396,"flow_dst_last_pkt_time":1675632771825396,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1072,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":1669,"flow_dst_tot_l4_payload_len":8437,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.250.108","src_port":57322,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00791{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1675633561819787,"flow_src_last_pkt_time":1675633561819787,"flow_dst_last_pkt_time":1675633561819787,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":2796,"flow_src_tot_l4_payload_len":2703,"flow_dst_tot_l4_payload_len":5466,"midstream":0,"thread_ts_usec":1675633561819787,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.250.251.77","src_port":51462,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":130,"packets-processed":130,"total-skipped-flows":0,"total-l4-payload-len":48891,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":84,"global_ts_usec":1675633561819787} +00640{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":130,"source":"cfgs\/default\/pcap\/yandex.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":130,"packets-processed":130,"total-skipped-flows":0,"total-l4-payload-len":48891,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":84,"global_ts_usec":1675633561819787} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 130/130 ~~ skipped flows.............: 0 @@ -90,9 +90,9 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7881893 bytes -~~ total memory freed........: 7881893 bytes -~~ total allocations/frees...: 146687/146687 +~~ total memory allocated....: 11590384 bytes +~~ total memory freed........: 11590384 bytes +~~ total allocations/frees...: 216941/216941 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 547 chars ~~ json string max len.......: 2738 chars diff --git a/test/results/default/youtube_quic.pcap.out b/test/results/default/youtube_quic.pcap.out index b07450b7d..13ca4b1e2 100644 --- a/test/results/default/youtube_quic.pcap.out +++ b/test/results/default/youtube_quic.pcap.out @@ -1,15 +1,15 @@ -00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1489363823466752} +00568{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1489363823466752} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363823466752,"flow_src_last_pkt_time":1489363823466752,"flow_dst_last_pkt_time":1489363823466752,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363823466752,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02330{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1489363823466752,"flow_dst_last_pkt_time":1489363823466752,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363823466752,"pkt":"gCqojWksxCwDBkn+CABFAAViKp8AAEARAADAqAEH2DrNQtbVAbsFTmyMDZNw4V58RG0IUTAzNQHEx\/Yat8K2lJx\/xfCgAQAEQ0hMTx0AAABQQUQABgEAAFNOSQAjAQAAU1RLAF0BAABWRVIAYQEAAENDUwBxAQAATk9OQ5EBAABNU1BDlQEAAEFFQUSZAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tfyKC9MwN17piZVNU\/QkmmE3zDBRwXexEviTXtQHZlZT\/o0M3FJ3WOBZp5lL5RXIaTAX\/iszgW7Ui51EwMzUB6IFgkpIa6H7tgIaiFYKRWMXjbzAwMDAwMDAwAGp0dp4RQa9ev39thoVizX7vQxRkAAAAQ0MyMGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8za3Zj9RsCsgRL78LWSY4+jwAAAABYNTA5AAAQAAEAAAAeAAAAb+PFWAAAAABoJX9SS1LMMIZlh9cGt32w74KlkbfLCJvYbB6phUnjYtV\/J7+3T+WICkKGmxl0apInEplRSWcqg\/3qI+CqJwNXZAAAAAEAAABDMjU1HvdI4XZwU8Me90jhdnBTwz2t9HxBefiRQAt7kKmuees2jgEAnGVpdpNkhQuOQ0r1tyTPo1k8IEM71wOV+MDwud\/WmN8O\/bZt8M5S76zS6GQgUAsZfJUzhYMLh2DzCj0s2UxZDpdWlDQ\/KBiEO80tVmE+bGp5czdFQGnhi\/134fgolaoUotcrvEChNXZdSQ7ze+ZsVxVgDQIPLJn5KItVO0bNTbdFJlK9ck\/6gUes9AlK+Lowm7raNBTPfJpo34tpsNA3toSRqnAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01196{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363823466752,"flow_src_last_pkt_time":1489363823466752,"flow_dst_last_pkt_time":1489363823466752,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363823466752,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","quic": {"user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363823466752,"flow_src_last_pkt_time":1489363823466752,"flow_dst_last_pkt_time":1489363823466752,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363823466752,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"pagead2.googlesyndication.com","quic": {"user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3","quic_version":"Q035"}}} 01040{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1489363823467160,"flow_dst_last_pkt_time":1489363823466752,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":427,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":427,"pkt_l4_len":393,"thread_ts_usec":1489363823467160,"pkt":"gCqojWksxCwDBkn+CABFAAGdQ1YAAEARAADAqAEH2DrNQtbVAbsBiWjHDZNw4V58RG0IUTAzNQIjOTX0HE3l5Scr7Fgx2f\/r+qyKcH\/8LtiyPftQGYB9rCN29+bVRC8cQk9\/xGvEd6aBS8oqh8NZIxXxQWKlTa8RiJV0BMsIA0J2xai1sihftSstpiUm4Hfb5ePoNWBO9sfumkF4vn\/9w\/9icDJdGccA4OzurorhUAKZSZXQ2C+f4aKf6nX2PELscDc2K8rYtLquJGdtKf4c79ur+nT\/zIZbwAI5FHcm2kTejfWn+vqhJAD0GuZjr1fez\/qk2C34VbRcKzU+r3sMaPUtMdGtgzscnCkXVApYI9m9bd3dzj+CzxW8qOJ7mCU2emBxJ\/DIq4W6MZVOQ8P1s290Mflqj2Ld8WgZbVsDG+nGkhewE4Z8dkUPa+UkVgjTddS58Gokmrg9Z3Adl+QFItNyGTCZv48hVxEemek454JnWb6oZl4ujKpXhQA0CaX5LNroX5y5o\/Wny9SJ17j8aIxrDR0s65vzthwadNOZLJ62NA+MTWY0IQjOuA=="} 02344{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1489363823467160,"flow_dst_last_pkt_time":1489363823527694,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363823527694,"pkt":"xCwDBkn+gCqojWksCABFAAViAABAADcR117YOs1CwKgBBwG71tUFTuocBCh3B7XiTuKXN4LFlWznTXqPOMTIP1YB45lXi+l5CF8JASyEKKaDONFN5YR3rA\/p9CKVXhUMWNxz3dKUg1yQftOAuLAuCFZHEo433jmLn2X4f\/Owuck2m9UesvdXoxzwq4xDpUXHvNH9PzNMS1XtEZ0KDZ904pHEN+ZkjUiA2jK\/AWrBBVjEsqHcAMngSVXjIyTLuIfTfT50KGoQr9mSm5SWUDtU4w+2DwTLde4slXrVb5tsrZJ9hx6FXeBCOwNcjEoeHA7do276\/9KH1k58X3zu+PQcEwnHQBIs5Nvjxz0m7lZ\/e4WfsWAx90HOH6likwa4aRKygVjLaiXObj1BRuaQFXdbITUHeb\/v1Bb0ex9qIwx0kcogAUVq6KGcRlImR2VCET7Q2UPfBF1HkA3bAqvJ6t1BP07HS8IKIEm70QgionKkRzGiFzdUhT09R6zdeXllUpiA63fBrBRfZD4ih6nX4zo\/yc\/lz+z\/tYWWCPtitjIx3R+MsYy6evVwKHmKh4xLbNgtf6Bu5FREacax96iyQP2\/vuAdKPy+I6gMbTz04jy4zg2nTKOKHNa3aAGNL9B3Uh5t6mqJXuzsLfLLTPDw3wrJPan+M\/0XoefuuxvaucM7CeSe1bcynXGH+VeCKK3X6BEjxAIAyaIH3WN4GasKfIjmi2abIP71bMldE4Rrc0QpuysWWFnpQQt9pN2sP40R1CWaJEjWn2UIOe0P10GgnLa0xDEY45T4mm1G5cRaybTY1lDhwEfyXyWZ9AZfiHELWMCRxQrjRsfwPjDlL6jHi\/zHIUWOI\/T4jgDqU2KclKtGJHvbzyipTcTSry1Z9gmEkVPVvz\/8EjMnwGHjnltQ6Dn6FOkOgVFgA2iD5qiIgNLtjkUfH1GBvC5KbT9MfqpK2j2k4rSt9zbnBWSsgHnKyvlhVlk4OSMFjMkESHpv2MoP7kPpHn9hYZR+DGSK3WZiE2JTywLeaTFpsQZ3daTQq1Vr04zxtlC9vRWSZgVtzp+73FUoayEpGTdeO3UERRAep7Gz6OHwglh0vTs4C4cI3glPhuREbf69JIx21MPWU3j5sPCPzg7nPp1rI9ewTvRn38IUIjcvV1KuUH4IRVmz5W6wsHwHFtnkwFNuxtYxLxpK0EDIngGp5d6ht7210ydmiQr6O0ON8qJtc3t5+jXn6ntXD+RhEqv4GCaMWHbVrUNZALDxj9JvSEzyroxEuoApEO8TL\/ZdVC\/slwR1pM3JdbAsWN2rxIFLM5krFwOakRgi754xhdBEry7MgvTwiHsgDJ3Rg3jSdB9jubcVT3HICTRmj1vR\/GLDAyPIFAzuuaVmpolrsQwDxFuyNGOcjHVBUbeP6bnCaCs1JfK35oan09836\/37ZWojhkKHAUoDUCP0eOYnRmUhbwOggCe7+p8hW83\/lILFNK1NDMAm7qAsqoccxqNT61ke0qmot69NhPXpwpGUt\/gK3nyvFne4lsK7S7r1eMvI29rlDBY0L\/e2MX+l+NFFonVbYbxqlVZxk5h57Py0nXsSE5q43RZq\/Ab5Ljnrfv\/qOWasfLkVsR95Ih7otWzubnTYoOB5dgkPlalnkY+ZT0ynhrpD6iNCVYd4popCzZS+uE59ZqtbLuU6i6Oh3yTkUuBN6l4rJS\/6y1YL+YBtywlzVVi2gqoBTO6RyHcXMeDc6anBpSJn+Y11FC9lfnd1ZBuVxPW\/4cBKWMy9IKMGLXE8iIH1zC\/mEqW8ZtRWLvviks2j2E9BFu9ovslgURdyPBgw2o0Whiqb07OoUWWMBoSXHynCDs+gbza+6qUl"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1489363823467160,"flow_dst_last_pkt_time":1489363823527699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_usec":1489363823527699,"pkt":"xCwDBkn+gCqojWksCABFAAA7AABAADcR3IXYOs1CwKgBBwG71tUAJ1gdAAJToMXcTxyWQBEndSjIH+c74XrspwzymN45kSe5Xg=="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1489363823528185,"flow_dst_last_pkt_time":1489363823527699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_usec":1489363823528185,"pkt":"gCqojWksxCwDBkn+CABFAABFmZwAAEARAADAqAEH2DrNQtbVAbsAMWdvDJNw4V58RG0IA4pBZ++jAYkOLlkHlCitPHPsL9hXYhophG9IU8XMssI="} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363823738796,"flow_src_last_pkt_time":1489363823738796,"flow_dst_last_pkt_time":1489363823738796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363823738796,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02321{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1489363823738796,"flow_dst_last_pkt_time":1489363823738796,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363823738796,"pkt":"gCqojWksxCwDBkn+CABFAAVi1UgAAEARAADAqAEH2DrGIdsKAbsFTmVrDWI\/o1o3gkQjUTAzNQG3J1X3HMsKZ2COv5qgARQFQ0hMTxMAAABQQUQA1AMAAFNOSQDhAwAAVkVSAOUDAABDQ1MA9QMAAE1TUEP5AwAAVUFJRCgEAABUQ0lELAQAAFBETUQwBAAAU1JCRjQEAABTTUhMOAQAAElDU0w8BAAAQ1RJTUQEAABOT05QZAQAAE1JRFNoBAAAU0NMU2wEAABDU0NUbAQAAENPUFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0teXQzLmdncGh0LmNvbVEwMzUB6IFgkpIa6H7tgIaiFYKRZAAAAGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8zAAAAAFg1MDkAABAAAQAAAB4AAABv48VYAAAAADHS1o9J\/TTNQYjpQh1bWy1pxKNWlJuoLy5bOHLwnEpeZAAAAAEAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01165{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363823738796,"flow_src_last_pkt_time":1489363823738796,"flow_dst_last_pkt_time":1489363823738796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363823738796,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","quic": {"user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}}} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363823738796,"flow_src_last_pkt_time":1489363823738796,"flow_dst_last_pkt_time":1489363823738796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363823738796,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"yt3.ggpht.com","quic": {"user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3","quic_version":"Q035"}}} 02335{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1489363823738796,"flow_dst_last_pkt_time":1489363823782478,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363823782478,"pkt":"xCwDBkn+gCqojWksCABFAAViAABAADUR4H\/YOsYhwKgBBwG72woFTqYeCGI\/o1o3gkQjAfrje9Hje5P995YFE4ABUkVKAAgAAABTVEsAPAAAAFNOTwB0AAAAUFJPRroAAABTQ0ZHWQEAAFJSRUpdAQAAU1RUTGUBAABDU0NUVwIAAENSVP\/\/BQAA+LXECKXyXyaGkNvk1LnkKe2HcwZSdJKMjSZdwRtRvlgkC7wrIojsxa12VSbQ+UqytsSw5ZWrAguctbN84e+itVKKdDan60SbCn6HO8EhAZXhZCoi6zTXVPfruFP+xbK0jobs4P1ETvvj7642AaRXoyX3AiUwRAIga0VZvCZ3TBiWNQTgv6KY8y2d9RkggowYQwi1RHlUtm4CIDUxV08RC49VVgJORrtGSNh+UsyMA8+5V0kTzoS1\/6EyU0NGRwgAAABBRUFECAAAAFNDSUQYAAAAUERNRBwAAABUQktQIAAAAFBVQlNDAAAAS0VYU0cAAABPQklUTwAAAEVYUFlXAAAAQUVTR0NDMjBrdmP1GwKyBEvvwtZJjj6PQ0hJRFRCMTAgAAC7MI00KZ1MP25xAs8ApFxY\/QSpEMcZP7AIDZmbDnFGD0MyNTUwMDAwMDAwMEDbx1gAAAAADAAAAND3AQAAAAAAAPAAdQDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAVplaZe7AAAEAwBGMEQCIFrxuSR6yQfoERjhpyCo\/HC4DbnJyy5PDUNSQYvoLd7WAiA1du1k\/DfC+hSnbCFZ+CiZL\/WBsCA2tHRh+V5os9e8wAB3AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0RxM227L7MAAABWmVpmAsAAAQDAEgwRgIhAK1Z+StuHvhEQzbhrizA0oP28zksTi\/aWkPYynKMWI7wAiEAoZsd0Sdt7uEo3XB3wMmgRGZNny2cfedCYnG3zpLag4YBA37tgIaiFYKRAgAAAAMB6IFgkpIa6AAAAAAAKgcAAHi7gTUtv1NjZwCWXOxKBk1sXJA2HIf55ae2MzL3PkFvyFGxkQUqDMwNjIyMgPkFmJfA7TkDUyC2MDUHdaIKsVrFwcPlDEw3aflFeZmJsATJzsPrm1+aVwJKXWGZqeVwd\/EguwvUlgC5i0dcCximIGFgJilKBqbG1Dxw1BtEGgizsQO9e84W2BLhADOYGdmZnRhYMt6FvD+wnV996Zw\/hsoKnDX1AkfE3LjmrmD0Xbj\/45IfeVee\/OywebVOPSnedOpTyamR\/2zN7jmfePP5sO3s0PyvawoWN7GsN2hiWU2oLGtizgMpEGRpYk4FchKbcLm1SUZLL7GgoBiHrApEtiAfzNUrBqaYxPRUqGJgYi4Gq+LT0kvKyU+HKWsSBPILUIWUtEBUbn4eMKcm4jBGE6QGbLcuVIVuSn55Xk5+Ygq6UnVMpaUF2BQqYChEVwEMgJT80qSc1OSczORs9ADgBoZbekEG3F8QzSnAIioVLAQP1+LKvBRo5QWWEIFJlKcm5WSmQ02Q19IrTkxLzSstwBHgYAV5KUn5FTgUKGrpEQoceYQS7IEioYUrJhFa9YpTgUFSgq6AByVW+dGjWYFgJEvhCWxORFDzowe0KPbgEMISyNrFJcB4SNYrSMwDOiE3Mx9f2hXDIS6LPxz4S\/PSMnOA5VFqil5eankxUtuLvcEgA6kEjwGWQdpIZbM8tLgsyM6EGgoukd09Hd2NwIWvNlJxD1MMDC6gj4sNkXWAqgCk9qDW3+B7S2xzw150iDxJLJ4oWT2f5yFamwi5WMfaiVKENDKAtRxaz4WDjS29kQdYohsYQFpFmgbqBqoLlBco"} 02330{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1489363823738796,"flow_dst_last_pkt_time":1489363823783077,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363823783077,"pkt":"xCwDBkn+gCqojWksCABFAAViAABAADUR4H\/YOsYhwKgBBwG72woFTtjVCGI\/o1o3gkQjAl1iY1+IPhyu0ittLaQBLgUZARLyTw62Xo9mQ7Tn55dir+alTNnl+EuTXetgrtU\/li3WZUF3t3EtPfqBg1nJrPp7bar7qdPHbjH8jwhk+pimkWuq6rVs4cviafuTL\/pWbDvkJD1zwixjdUFbM0aGipe63\/v0luly7P6xK4d1\/V35zVlHfZnq9OpLDbRdp3F95Wn77GK+6cqsr8cEfY77RjhzSh7Unhdryl2mU\/IhTPRZgsMXhZ65ayI6rm07a3GnaGsF6wp\/3rLVzcqh63smBXkUr5RrfvOpMsbbX\/13ZPXcymfXdeZ+LWmcELGYmfOd+prGpXeZdtiyB0ssnuZwNOYGp72hD8PxC2ds8mZMXnnvqd7Gb2w82Yw3Hn\/6nvVjXthRi\/UnDQF+1X0RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02326{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1489363823786198,"flow_dst_last_pkt_time":1489363823783077,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363823786198,"pkt":"gCqojWksxCwDBkn+CABFAAViJ80AAEARAADAqAEH2DrGIdsKAbsFTmVrDGI\/o1o3gkQjAiGIK5vcpGTBZSvo8kAB8A0BAQCmqwAABgGkARQFAARDSExPHQAAAFBBRADgAAAAU05JAO0AAABTVEsAKQEAAFNOTwBhAQAAVkVSAGUBAABDQ1MAdQEAAE5PTkOVAQAATVNQQ5kBAABBRUFEnQEAAFVBSUTMAQAAU0NJRNwBAABUQ0lE4AEAAFBETUTkAQAAU1JCRugBAABTTUhM7AEAAElDU0zwAQAAQ1RJTfgBAABOT05QGAIAAFBVQlM4AgAATUlEUzwCAABTQ0xTQAIAAEtFWFNEAgAAWExDVEwCAABDU0NUTAIAAENPUFRMAgAAQ0NSVGQCAABDRVRWCAMAAENGQ1cMAwAAU0ZDVxADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXl0My5nZ3BodC5jb234tcQIpfJfJoaQ2+TUueQp7YdzBlJ0koyNJl3BG1G+WCQLvCsiiOzFrXZVJtD5SrK2xLDllasCC5y1s3zh76K1Uop0NqfrRJsKfoc7wSEBleFkKiLrNNdU9+u4U\/7FsrSOhuzg\/URO++PvrjYBpFejJfcCJVEwMzUB6IFgkpIa6H7tgIaiFYKRWMXjbzAwMDAwMDAwgSzFPd1PF3axaL5AyOwihDE6fodkAAAAQ0MyMGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8za3Zj9RsCsgRL78LWSY4+jwAAAABYNTA5AAAQAAEAAAAeAAAAb+PFWAAAAAAD8vOozazLmpoBftyzTtCx5YKTvR4nOBeG4\/kV1kARA+4k\/WgyE0qpyY6\/Vmf8Zw2NuauSPM16NLrixbiDiic5ZAAAAAEAAABDMjU1HvdI4XZwU8Me90jhdnBTwz2t9HxBefiRQAt7kKmueeuz4LezLgHTiAD9ingf73at+XMxbEjkphGxSG8164iKphvSEu+eXttq72TUCPMa+W1RiMCzpfKfm\/QWCvfl5WFPUyFUVqXZsQ32ccFhA5pOW3TPaEQPm24aQNsEU5bODTt4ZVJl7cXlqmDTH9smgAaCJ4WDS4jTYXgfvLQFOwGDw10cs8nRU23ebDlhF0iw1LHIUiuHpoUraaxsVdUNL4ZG678u9gAA8AAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} @@ -17,7 +17,7 @@ 02312{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1489363823738796,"flow_src_last_pkt_time":1489363823844687,"flow_dst_last_pkt_time":1489363823852784,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3698,"flow_dst_tot_l4_payload_len":22654,"midstream":0,"thread_ts_usec":1489363823852784,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":6,"avg":7092.9,"max":47402,"stddev":13323.0,"var":177502752.0,"ent":3.3,"data": [43682,599,47402,292,154,45,22593,22345,6,41882,73,4311,1249,5208,1009,1199,2078,995,1205,2173,1079,939,1972,1276,1007,2312,930,1274,2300,574,7716]},"pktlen": {"min":59,"avg":851.5,"max":1378,"stddev":620.1,"var":384534.2,"ent":4.5,"data": [1378,1378,1378,1378,445,163,164,63,1378,59,69,69,1378,1378,66,1378,1378,66,1378,1378,66,1378,1378,66,1378,1378,66,1378,1378,66,1016,1378]},"bins": {"c_to_s": [0,8,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0]},"directions": [0,1,1,0,0,0,0,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1],"entropies": [2.490298986,7.548896313,2.557327986,5.454246521,7.513552189,6.657486916,6.667313099,5.203137398,7.879892826,5.320584774,5.540966511,5.620818138,7.837260723,7.846781731,5.625435352,7.860443115,7.869290352,5.595131874,7.865964890,7.867100716,5.462482452,7.871220112,7.858954430,5.583694935,7.863245964,7.872319698,5.564828873,7.868106365,7.885589600,5.529245377,7.780364990,7.853522778]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363824401150,"flow_src_last_pkt_time":1489363824401150,"flow_dst_last_pkt_time":1489363824401150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363824401150,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02329{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1489363824401150,"flow_dst_last_pkt_time":1489363824401150,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363824401150,"pkt":"gCqojWksxCwDBkn+CABFAAVisIYAAEARAADAqAEH2DrNQtJjAbsFTmyMDXhX73QJ\/9nIUTAzNQGC9mpeAxq6QsMNjNmgAQAEQ0hMTx0AAABQQUQACAEAAFNOSQAjAQAAU1RLAF0BAABWRVIAYQEAAENDUwBxAQAATk9OQ5EBAABNU1BDlQEAAEFFQUSZAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tZ29vZ2xlYWRzLmcuZG91YmxlY2xpY2submV0gCa63gfstks25NXDBda+jRe1AwMuFIPOgLr8Vdt88WUvAddL7KVg5kyrPLEzz5PxZEMuEuhwybaZ0VEwMzUB6IFgkpIa6H7tgIaiFYKRWMXjcDAwMDAwMDAwQoHc+xZQMEvJrifGGZTcfUn5aXxkAAAAQ0MyMGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8za3Zj9RsCsgRL78LWSY4+jwAAAABYNTA5AAAQAAEAAAAeAAAAcOPFWAAAAACN\/AA7IChJw\/uFk6rkJtT8KHam\/zP1YJxL1R6PGerdhviM0jsqfVXK1sMGRgIfu1Gw5yjD\/\/Q\/fKW3aZLxbK0ZZAAAAAEAAABDMjU1qvorPqjeOwuq+is+qN47Cz2t9HxBefiRQAt7kKmueet+NAEAgygqfGXu0L2syT5vA8mDxoSqG087cDiVovZ6s0ywmTUWtgw5lXy+Ac4T6qWEMJOPvUqVQrabfhIiKh6bU4h\/Diu+B3D3YFOkHFOA3JEmhpJ\/3PZn9DncBSC36LdWvsJ8Uwgl2IG2lc1SfhMotW8c5gE3wCT8YVfQJL1vCNMKzgZWBrzkDiYZ7cTxYUMsLfK1F7K2mD1WVm4PU008ujahjZ6t1bAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01196{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363824401150,"flow_src_last_pkt_time":1489363824401150,"flow_dst_last_pkt_time":1489363824401150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363824401150,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","quic": {"user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}}} +01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":134,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1489363824401150,"flow_src_last_pkt_time":1489363824401150,"flow_dst_last_pkt_time":1489363824401150,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1489363824401150,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement","hostname":"googleads.g.doubleclick.net","quic": {"user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3","quic_version":"Q035"}}} 02344{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":135,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1489363824401989,"flow_dst_last_pkt_time":1489363824401150,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363824401989,"pkt":"gCqojWksxCwDBkn+CABFAAViiX4AAEARAADAqAEH2DrNQtJjAbsFTmyMDXhX73QJ\/9nIUTAzNQL3N20WC4prgrlnEEXpdg0UiWbXJhn9rrqPsD7nypSAi6kAnw8WQDgk9WvHBUMq3ztLT3UfD0gz+me7oBLVs9bjXCdM3vfRP04sqX92qJrBMWJiq3+eKjCNhyA3dhTNbGSGyKI7\/jcHFMipWf2f2NsuOihlYKhTPSCEE\/3dxQ5VpSOD4BfoNhUiG4SLXDgBvtHLX5RXQiz6BGmJPkfw0Dv35AvtRBL6UAIgkl\/K+oTxY08q1VHTawdG6K3aOXtZN79Qa45uh7pT1oVWMplxpgw8JT2Arpn6WXMTVuz7IIjcMmVGkmTbz31c16ROCt97FgLzWLKXSjlRTCuInYAnb8OLy7A3ZgiVpjlf24uxYYBETmSsYE22pkbiA3KDPQJQySgTeBTaSmM7bUYZKVC0sqnRUOvf3ZY91A7qJZn\/ba900D1Z+aCkzIM+N0cL4OdjAPHVbjoNNBPob96VT7KYOqrcxvdgiQK4z8YyO7qPdy3wkVPEp8S1cfxO0GcnNc57dkkmdplcftLswiLsyuSbEUEIvemACkZhnlX++EeQWxNqo5pgetjas2fIO3OoczlGrqEelJ1yoqALFrNOoHHqiCTaPzG9Vq6SC5ccc+y0eJXHfhIMNqRedbbXK4yLYwqtZ9myh7TSQTMNDNtNNcokuMoYRffKy+Hilx9blgPA+kxeACnNv8k+XoHbLejLn53fsVGrfJ27oHLpBxd0gpX8C1SWMyy3mXnpEVSzUrkvObuxIcI1iIIRkXe4ha0xa6JvFSR1XvxPQ5uBs1VZvBiRzdozCrjMOEc9HhPIaepumDcavW6RkKdtpFOTOABhKPB+xTF+tw5twgZvOB6spOi3XFDCLlgZYRUP2AglByKCpQdxHum5b0xn6Bxg+gulV7DAa4F6bq\/phQubcSVFzDkjjddAVTq8Ke7Bcb2PIaw4POMGF8i+3Ejx3gConV0\/n9f+1mrX6y1TPQ+529up7M7aIJBqu\/KbECK4GCmg+69dFQcqMdvDDodT0LicyE6jgNHVr3Xxl9T9WRp\/ZEkID0WaSc8lamVKWuAoEej6VLe9Xsojacxjt0L1ZkVNCdZBeOWPV\/2r27Cc0KxFG00xU+mkL6oc\/P+4mp1vjwqej4OpJO4H7X\/bD1uR+eKFP96VSf8gVXiQ3DmEGxcfGruXncj9yz32x4yvvKzg03pwZiXXTtpaX0N3ObUthGwiiBr3OqJCsJVke4\/DSc35dh+HTeY+td+Oc4jCcwuV2lOoS0dT73DkKXYTbuBravYDZhjPNKQNF+6bWKCm8kZsYuCZUcPzccjiAYkhk0zhBSnaWNqdI6hOWVUghH2pIeRl1S8CHH23kuVsWd8GixiV6+GG7ClvWoVE8MrCJVfuDBih03bB7tpS\/HVKC2E9e6YR1Im8\/dzl\/GrYBeLaQJMx6dvF2cWrBFw9TxwkKIBGesF7P4zSSZnZmPB\/8T0n45nH26wWJrG9slMatMUMQF1ah+pPdZ8x+tlROoO4fF2yjn4px+eRlie\/MHUCbhkcAUhlXdTBiPNIvr7yc+xKglTelzU+igEYMaYRT7qb8rNLbLWFex\/imDEBTq6nYSPvkTgwNxYJA65n\/p6p8VPjqErPaqpEUd07O9wbQiW9G2X\/qbV3yLCPMbA96flDvOZN+LC6\/DnJyMwZn5lo+SBoTbwt518b7bgUS1UA82oVmCGe8vFKQu9\/05aE1OZbqUSUoFxZX0RxFiFxGsclnNnAvgLNexJFieDNVkLIeVZwsdn1VKuKE5NTKqEm\/iO1n+rmnQA3"} 00944{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1489363824402026,"flow_dst_last_pkt_time":1489363824401150,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":356,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":356,"pkt_l4_len":322,"thread_ts_usec":1489363824402026,"pkt":"gCqojWksxCwDBkn+CABFAAFWgV8AAEARAADAqAEH2DrNQtJjAbsBQmiADXhX73QJ\/9nIUTAzNQNN4EYmtc8pzVIIOlw5wUUTViVod6Y0+1HgA3vBxmFBB9XdzPolT4EuSqVTYDWG+BQf0+uutBG1cIb1StnXne22+Sa3VBkmnkxHzdhhHTq5RFHE1DzOC1OWyujit50aD9fovXbwARSedQlPJ7gjdJSVfTm6O3nF2k42pradZvrpU1ech4qBDDCfAnmOfCXqI5NXsD3jyb4bcNfoTf5ko+c96L+Kv0ngIjlmGgFFf6vJ8QwUVroovQmrUV9bPxW9NYlbZzDQO3\/aocbUP2HxCiVbIwPbD2Jd4G+p\/+kRB\/3zN\/cBW\/zgsZhwNASU8TEuM0gATTjCn+DvX6KA+8RurPRChvD1WnZ\/ZRI9q2M84tMzgiUjvDAoLSC7i0dr41HUDnzmJH+mr0XOTEoxFNo="} 02345{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1489363824402026,"flow_dst_last_pkt_time":1489363824514002,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1489363824514002,"pkt":"xCwDBkn+gCqojWksCABFAAViAABAADcR117YOs1CwKgBBwG70mMFTvESBCvtW+gxVkE6hk54oTddBgdr86L3SyOjvMXEQqPmvkBuAaRNa6ZCVY4F4aeZ\/bjVKIBAGz+eSKeCquWfodKaC7xRPAq3rLOEQqnljpR0JWshHnnqwhS1Yjep2YOpeC3fb3CYkH4FaQOWKQEvD8gout64p2+hePX1+sAk6iXLStjU2uuDlmVIc3PpAB1wzCM5dWWCE3aIKRaMRGfZxpLv7sGZRaoFrtl0JSaeaB9jn8MIsXZBOVcRtPaJLDQuUU620tGy069cqwEfvKMOXUSj7tTPTWy0x0QxdOrlpxBRCMMZN\/BdP1\/UaMrUBPhVe8sDv+ch6XsuW5JOQ04Whk2+M5NgFwohM27Rki9\/ssGbnQrtDt1Gl0sj6QLMJ+0gOf3ENnzWJ23kiz6bc9fVfcMDSkS7OsNHbFr2pF4Hzi7aZWcoNV3Guo3Q8Fbya7stdMjWQTT2rpMvZfHm5PhvQNxOPT8\/jqU95zkLWJ8ghGBXVOKXJyiX7IALIyBuVLAsLkeKu6jOvhwnew5mnLWC\/c+5xNqYdkuwMduDi8iF1mXKLPscsnMOlDuqwAJhrQGXBFqOaZxXSObFnuFPtOInLDT8PlhhEEayPmx4+D879MyfnhcQ4nwPVpeP\/8mmGfleQsFzHYn+l0ZN7i4WTlhiKG\/C\/mtO\/nMGOTLBsvlssjvQzTb\/OoY4tvps4OyqH7t81\/DXd5s7I4ykh7dOFuM+EchHgHnrTKjfFBC3gg8sQ35yDx3VlyF5NWnQkSesIqMj4\/VjshLaCD6snidaO6Bvg5o5c1MMOisPf4KkqlZh5Yfr9NBx3JsfnMz6M5lBLPtdaRaePspaWNka4lD3JgOkcztB46Qm\/qE3gMJDSW9nuM+9BBvaAne+Ty\/3\/LQiW40aeLeNHn8s6s4e+2bBuyNKqruC8eYkQI315sqCNN5TJnBat\/EuFiFQ\/z0SlrPUXxxkoKFFaCrF3K9gCpeNWKbIezHQlS5aNLE2xewI0rup2+Tyk+voOlo3fVmL+w0J+QFSF3ctNgOURJhBxxnbQijP6l+g8ngzpgYiAECyc0HKDQ+G21Q9piUF1NkcM+tXa+IJNUhtzdeNT4Hu26y6vRKT+umb1vyRD7yawpmBR7LRWxKeIx+XFz3hQ63\/5Nax5FE4KqRv+PKIAW9sOgagWyHHv3ownXp8vR3LszhQgQ5aVyZfCu2s+WEqE2jF\/APd2a9UVJ3vCEQGoYgXdCcib4KuCMh4bsaPKDIMRvj8k487Vv3jp9XbY4X66etKFH12Sj8mn851aGpMwTZvEVveXOvQt0xJIzcdRDFRan8qkMCgcVy1S9G0rNhMAh6IdBk4GdDPWjB\/igrD5zXBaNBYrlnDrytUy1eljMlTExzVwndd7J4NREyWH7MbhQsPRMsahE3FcHNC6mENLK0zOVoXNyKhAlNCDvomkRPsdm2vcsxZqfBocGLOcuVyViU7AK6qMbviYxcVLP7w90PFWUSkFjGMdxUoEbkvo9y57znWRPo3\/PslxdNLRDfLTSCbOccNJ0uYLMuB23e9PXHKfogva3uQ6Jest\/Jd6aKe0PNYNZ\/7hn4L76yiuQqsuqKH8JvtZYaHBXT2qp1Wm5J4vzxsStLdsVxgUVQgCOMZVBbhkLOHzIRhwisH5t6jUXi+i1ROO2c3iOqxc4tYaptEykWfrfVKtUKibUiKnGx7qaN9txVqcq5GSAZu\/DmIG6vegxGbNdAK3ZvtLMwjcxkEsFOcs7f+odlh1TBLgaIgMhVI9ekiVe7CXOwWghfAwrCBftd93Q8i3XywDuUBcgiu"} @@ -25,7 +25,7 @@ 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":113,"flow_dst_packets_processed":145,"flow_first_seen":1489363823738796,"flow_src_last_pkt_time":1489363826862170,"flow_dst_last_pkt_time":1489363826861980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":11365,"flow_dst_tot_l4_payload_len":156294,"midstream":0,"thread_ts_usec":1489363826862170,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTube","proto_id":"188.124","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":6,"flow_first_seen":1489363823466752,"flow_src_last_pkt_time":1489363824024913,"flow_dst_last_pkt_time":1489363823999542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":2018,"flow_dst_tot_l4_payload_len":1915,"midstream":0,"thread_ts_usec":1489363826862170,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} 01124{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":9,"flow_first_seen":1489363824401150,"flow_src_last_pkt_time":1489363824712581,"flow_dst_last_pkt_time":1489363824840806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":38,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":3551,"flow_dst_tot_l4_payload_len":4358,"midstream":0,"thread_ts_usec":1489363826862170,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Google","proto_id":"188.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":101,"category":"Advertisement"}} -00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":289,"packets-processed":289,"total-skipped-flows":0,"total-l4-payload-len":179501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1489363826862170} +00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":289,"source":"cfgs\/default\/pcap\/youtube_quic.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":289,"packets-processed":289,"total-skipped-flows":0,"total-l4-payload-len":179501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_usec":1489363826862170} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 289/289 ~~ skipped flows.............: 0 @@ -34,9 +34,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7779574 bytes -~~ total memory freed........: 7779574 bytes -~~ total allocations/frees...: 146685/146685 +~~ total memory allocated....: 11488161 bytes +~~ total memory freed........: 11488161 bytes +~~ total allocations/frees...: 216939/216939 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 561 chars ~~ json string max len.......: 2350 chars diff --git a/test/results/default/youtubeupload.pcap.out b/test/results/default/youtubeupload.pcap.out index 52e89561e..870bcb8ac 100644 --- a/test/results/default/youtubeupload.pcap.out +++ b/test/results/default/youtubeupload.pcap.out @@ -1,8 +1,8 @@ -00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1511102576794424} +00569{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1511102576794424} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1511102576794424,"flow_src_last_pkt_time":1511102576794424,"flow_dst_last_pkt_time":1511102576794424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102576794424,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02322{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1511102576794424,"flow_dst_last_pkt_time":1511102576794424,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1511102576794424,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAT5AAIARbUHAqAIbrNkXb8rVAbsFThECDZHSvk7nMdgaUTAzOQFHnN3hyT1jd4lP+l6gAQUUQ0hMTxMAAABQQUQAywMAAFNOSQDdAwAAVkVSAOEDAABDQ1MA8QMAAE1TUEP1AwAAVUFJRCQEAABUQ0lEKAQAAFBETUQsBAAAU01ITDAEAABJQ1NMNAQAAENUSU08BAAATk9OUFwEAABNSURTYAQAAFNDTFNkBAAAQ1NDVGQEAABDT1BUaAQAAElSVFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29tUTAzOQHogWCSkhrofu2AhqIVgpFkAAAAQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQAAAAAWDUwOQEAAAAeAAAAc5gRWgAAAABmJfKEu+Ky\/D790R+7T+2\/0X2\/pJXF+QSwhgBhJRTmB2QAAAABAAAANVJUT5jAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01178{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1511102576794424,"flow_src_last_pkt_time":1511102576794424,"flow_dst_last_pkt_time":1511102576794424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102576794424,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","quic": {"user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64"}}} +01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1511102576794424,"flow_src_last_pkt_time":1511102576794424,"flow_dst_last_pkt_time":1511102576794424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102576794424,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","quic": {"user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64","quic_version":"Q039"}}} 00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1511102576835328,"flow_src_last_pkt_time":1511102576835328,"flow_dst_last_pkt_time":1511102576835328,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102576835328,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00546{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1511102576835328,"flow_dst_last_pkt_time":1511102576835328,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1511102576835328,"pkt":"XEl5dU5q2MuK4S0uCABFAAA0AURAAIAGcnTAqAIbrNkXb+BsAbtWAw9KAAAAAIAC+vClngAAAgQFtAEDAwgBAQQC"} 02334{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1511102576794424,"flow_dst_last_pkt_time":1511102576850542,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1511102576850542,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADkRtX+s2RdvwKgCGwG7ytUFTpL9CJHSvk7nMdgaAY7UOy2eqBjwqYbdQEABH3gBAQD\/\/\/\/6BgCAAVJFSgAIAAAAU1RLADgAAABTTk8AbAAAAFBST0a0AAAAU0NGR1MBAABSUkVKVwEAAFNUVExfAQAAQ1NDVFECAABDUlT\/XwkAAEbxGDSLTF1Q0EvnndIQSTAo6qDgodwKRUkl\/wgXSXZEn9QM2BlHJ5TGchczmqfpPPkVE8tMlsFMfVeayelDb2fy4YzLDv2N+n2kP+GPU+AvJ+LZZRk0N6KyGXGuCIybXc0DgBajeTEN+eTXljBGAiEAu2XBBVnB4JB\/pAM2aIMKtRsM68whkJeFp\/sUQ4KWuigCIQClJ1nIthgBruSaqgIGHfDqWyoEY6pcU10gsmGqIhMu0lNDRkcIAAAAQUVBRAgAAABTQ0lEGAAAAFBETUQcAAAAVEJLUCAAAABQVUJTQwAAAEtFWFNHAAAAT0JJVE8AAABFWFBZVwAAAEFFU0dDQzIw9lqyAICUa+kwugeWBsbKvkNISURUQjEwIAAAhphHmLi5BO0Bd0EZ92vmXccblzalgzbYj90Qfoq9ozBDMjU1MDAwMDAwMDBAFRRaAAAAAAwAAADPfAIAAAAAAADwAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFfeBYhgQAABAMARjBEAiBdvW4RdrxYmmjeJbc+3jgs5l6RJLipl3aPIQhj9TtUVgIgA9hjkGDtPgI+WyeFtwtRP0uw9dCVeIWw5SDGQbdmUYsAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAV94FiCrAAAEAwBIMEYCIQCUIhZCh2zhmqj0uNpoeUCnAI4TO75j9mv1oMYRKX9EbwIhAIVqH7drJ4DDuKcAhaeeCXOoj8EoQkKnHGLbzkyKPDlhAQEDAeiBYJKSGugAAAAAALsLAAB4u4FGwB+tWGtQE1cUJpBXY6I8VdDyFNEgYZOQAr7wiYpWBawlaIsJ2cBCSCJJwEgVWK3A4KNOsVAVxfdjqlClUhXRURAFClYRHasEpKBgRdBILVjtzS6ETSYz9oczmdmc777Onnvu9527WTQrwFy0TRBKTcQLKrp9dm9xz+ylJ4l0NALQ0SJTNhpMGAZIGIUiTgYb8pXrDXnhuTHeCAI35bB6mBzcF\/AwMggEG8\/l8gN4AQK8oOLyArh8PlZQSS0uRWcy5oK8kSqS5YhoKCFpTNbnCo1cbciulQicavSLSfTLCXLA\/GIy2SCmBhjbXCGAaeAd62cA1adjf2xINJs5VuSOLXMcnO6g0xtjxu1zfIrK71z\/\/lBHSmjev8J8r4IzjW36x8zZNOc0+uStj3j5jQFTCvdXObyJDvLf4usWsNFD234IpYyDUMoYbF1AYEyIMUxgprRFy4BQm1YDYkdGbe4DoxE1cRNlsTkiuSRZgUgwczQwlUpYHofIYWI3ezYnVqbQSIiYI5sjEQfx+cECvhGWo1QwPWhGR4JnLMjJFDVvaGa8k59ILpJp1UisCsNHDLsjIhoybIah1TiI3NROUJramkR0FPHFOKJkc0BjBojNewCvTYGkdWaA2nxIipzgswQmGLCKYEiTCUa8hmAgaoIhlxEMpYmhNmwBbogkgDbw4BmdwRG5YU9wALQmwaAKwbrZDaEpiARWYJAhC1RqQKaxhmEsggUaGWzDvnEJ\/3lDO54Eq5NBL2JvMBWod+IRjNRQW4MlI+YJ2HmtQqPWiGE\/uSJWoUhEjKk3iJt1gyUaXPYxnAZwNUeMxRakTVIchroY"} @@ -18,7 +18,7 @@ 01748{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1511102576835328,"flow_src_last_pkt_time":1511102576864014,"flow_dst_last_pkt_time":1511102576921788,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1430,"flow_src_tot_l4_payload_len":202,"flow_dst_tot_l4_payload_len":4056,"midstream":0,"thread_ts_usec":1511102576921788,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.YouTubeUpload","proto_id":"91.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","tls": {"version":"TLSv1.2","server_names":"upload.video.google.com,*.clients.google.com,*.docs.google.com,*.drive.google.com,*.gdata.youtube.com,*.googleapis.com,*.photos.google.com,*.upload.google.com,*.upload.youtube.com,*.youtube-3rd-party.com,upload.google.com,upload.youtube.com,uploads.stage.gdata.youtube.com","ja3":"bc6c386f480ee97b9d9e52d472b772d8","ja3s":"b26c652e0a402a24b5ca2a660e84f9d5","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Inc, CN=Google Internet Authority G2","subjectDN":"C=US, ST=California, L=Mountain View, O=Google Inc, CN=upload.video.google.com","advertised_alpns":"h2,http\/1.1","negotiated_alpn":"h2","fingerprint":"EE:3E:32:FB:B1:2E:82:EE:DF:FF:C0:1B:27:CD:BF:D8:8A:CB:BD:63"}}} 00789{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1511102578051971,"flow_src_last_pkt_time":1511102578051971,"flow_dst_last_pkt_time":1511102578051971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102578051971,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02321{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1511102578051971,"flow_dst_last_pkt_time":1511102578051971,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1511102578051971,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAV5AAIARbSHAqAIbrNkXb\/MYAbsFTi5hDQjRAddSQpCnUTAzOQGXrkR+sB0UFtwM1LigAQUUQ0hMTxMAAABQQUQAywMAAFNOSQDdAwAAVkVSAOEDAABDQ1MA8QMAAE1TUEP1AwAAVUFJRCQEAABUQ0lEKAQAAFBETUQsBAAAU01ITDAEAABJQ1NMNAQAAENUSU08BAAATk9OUFwEAABNSURTYAQAAFNDTFNkBAAAQ1NDVGQEAABDT1BUaAQAAElSVFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29tUTAzOQHogWCSkhrofu2AhqIVgpFkAAAAQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQAAAAAWDUwOQEAAAAeAAAAdZgRWgAAAAA2Qv7BjobCVSSNm3vqxisDs2cBNiW7yusCpyOOCMJF82QAAAABAAAANVJUT5jAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} -01179{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1511102578051971,"flow_src_last_pkt_time":1511102578051971,"flow_dst_last_pkt_time":1511102578051971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102578051971,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","quic": {"user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64"}}} +01201{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1511102578051971,"flow_src_last_pkt_time":1511102578051971,"flow_dst_last_pkt_time":1511102578051971,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1350,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1350,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1511102578051971,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media","hostname":"upload.youtube.com","quic": {"user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64","quic_version":"Q039"}}} 02335{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1511102578051971,"flow_dst_last_pkt_time":1511102578108526,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1511102578108526,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADgRtn+s2RdvwKgCGwG78xgFTs8jCAjRAddSQpCnAZLrpBY0DjIhd5jwe0ABH5UBAQD\/\/\/\/1BgCAAVJFSgAIAAAAU1RLADgAAABTTk8AbAAAAFBST0a0AAAAU0NGR1MBAABSUkVKVwEAAFNUVExfAQAAQ1NDVFECAABDUlT\/XwkAAOdd9OCaMJjZHEuQSnBheExXijy9L8yxcLxijUGUgt7VeQLmXHCE0dSCjTwUu4DOXBlw0HTG62CtZtu2a6Ru1X+sH1IA2FJqDRpGVA5MHyMKc7vKtJZUWy6Wq\/FvJH3N94ZirXYSBfeq9Qo8ATBGAiEAppVGAzltTsobgX744i5bBeIqIDO\/YtwFhdblUPMaf9ECIQDgN5eoKUWZEY4A\/yjD3jA5j4ZdDcRSfqhMU1oZUTGdIVNDRkcIAAAAQUVBRAgAAABTQ0lEGAAAAFBETUQcAAAAVEJLUCAAAABQVUJTQwAAAEtFWFNHAAAAT0JJVE8AAABFWFBZVwAAAEFFU0dDQzIw9lqyAICUa+kwugeWBsbKvkNISURUQjEwIAAAhphHmLi5BO0Bd0EZ92vmXccblzalgzbYj90Qfoq9ozBDMjU1MDAwMDAwMDBAFRRaAAAAAAwAAADNfAIAAAAAAADwAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFfeBYhgQAABAMARjBEAiBdvW4RdrxYmmjeJbc+3jgs5l6RJLipl3aPIQhj9TtUVgIgA9hjkGDtPgI+WyeFtwtRP0uw9dCVeIWw5SDGQbdmUYsAdwDd6x0reg1PpiCLga2BaHB+Lo6dAdVciI09EcTNtuy+zAAAAV94FiCrAAAEAwBIMEYCIQCUIhZCh2zhmqj0uNpoeUCnAI4TO75j9mv1oMYRKX9EbwIhAIVqH7drJ4DDuKcAhaeeCXOoj8EoQkKnHGLbzkyKPDlhAQEDAeiBYJKSGugAAAAAALsLAAB4u4FGwB+tWGtQE1cUJpBXY6I8VdDyFNEgYZOQAr7wiYpWBawlaIsJ2cBCSCJJwEgVWK3A4KNOsVAVxfdjqlClUhXRURAFClYRHasEpKBgRdBILVjtzS6ETSYz9oczmdmc777Onnvu9527WTQrwFy0TRBKTcQLKrp9dm9xz+ylJ4l0NALQ0SJTNhpMGAZIGIUiTgYb8pXrDXnhuTHeCAI35bB6mBzcF\/AwMggEG8\/l8gN4AQK8oOLyArh8PlZQSS0uRWcy5oK8kSqS5YhoKCFpTNbnCo1cbciulQicavSLSfTLCXLA\/GIy2SCmBhjbXCGAaeAd62cA1adjf2xINJs5VuSOLXMcnO6g0xtjxu1zfIrK71z\/\/lBHSmjev8J8r4IzjW36x8zZNOc0+uStj3j5jQFTCvdXObyJDvLf4usWsNFD234IpYyDUMoYbF1AYEyIMUxgprRFy4BQm1YDYkdGbe4DoxE1cRNlsTkiuSRZgUgwczQwlUpYHofIYWI3ezYnVqbQSIiYI5sjEQfx+cECvhGWo1QwPWhGR4JnLMjJFDVvaGa8k59ILpJp1UisCsNHDLsjIhoybIah1TiI3NROUJramkR0FPHFOKJkc0BjBojNewCvTYGkdWaA2nxIipzgswQmGLCKYEiTCUa8hmAgaoIhlxEMpYmhNmwBbogkgDbw4BmdwRG5YU9wALQmwaAKwbrZDaEpiARWYJAhC1RqQKaxhmEsggUaGWzDvnEJ\/3lDO54Eq5NBL2JvMBWod+IRjNRQW4MlI+YJ2HmtQqPWiGE\/uSJWoUhEjKk3iJt1gyUaXPYxnAZwNUeMxRakTVIchroY"} 02350{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1511102578051971,"flow_dst_last_pkt_time":1511102578109522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1511102578109522,"pkt":"2MuK4S0uXEl5dU5qCABFAAViAABAADgRtn+s2RdvwKgCGwG78xgFTrFpCAjRAddSQpCnArwHRDvEv6bzYWaHzaQBBSEEhrNWhsBytYq44AhiRo+TwCmwTKGEk42JPpys442NKgutZCyRqQAAtRXqaDF9GcRDYiH0Y\/Fi0MLsDELQGJhY4OvQsShgL0wMj6PF4FCw0EDxBIlYDUjOl0D+boN8rExECEHyX7Bo9gIexu6+BD0Z6jwYVS5xhEFjCAVnb9OEZ+1zI6xu60jhXe7FYiEjXGJWdBF1I+wRdfS48r74X1JeZ567KHa5EJ3pD3ngVQyQUTCSgZUFTVprCgmiU6lxmUwgGRCEl12TIR\/Iu8iryOND7yMz0xaswN6jCztbGOmK9M1HAtnb0p6qNH6hov6O7rqWzJfC2lmeHtZeU6WbjsS8u3ntcJQzOr2oWOwTXcLWes24V6eOPFWo8+TNul2fEFLQ78eM1PXs2XQnqjfDqk3auk2v6+r9pEcxm7ylpmzrihbHoOb9i7fucvoKaS0tCfOsbMqMP3nB9ezFL69FLLtTF+p+dsZl1fPc\/DBpqVvY0e9eHrAZ+VA9+k3JGb\/9upojFbdLGEEHzpW4tGy79WmG8IZ+5InTV7teNKN9mWsYUcLOpqcV59uW1kr1OramoTHz1vv11JzRr2tDd4S\/WkfbF2P7ZGza6rI\/j9Us8WXle5QG\/b6jzfNgyphjqo6oKWSDFJMnAQGwxaXYlmTl4Z1d0i88lvqCkib10ZlL8sf48IBpMSTg8YAY8\/iBmBZzeXzwEwQLgqM\/pux\/6Oa0l01OXX1\/+c6p1ENoy\/3lC8tzQnqdlS7ZoRtbdlT15tR7dEe\/E7HKePNyitQjIpd9cbgeFe\/qfiaMud5KybCv\/DovpHzVwiB95N8TOgZ2djpVNugjWfqwt\/tXNG+oKEpUZF25tdxtEmQz6wFdFS5Lfz91+rFA6vZLi+3IzzZMaO745y137UDe3TWvOGHFc27XdlUmuJypi3zktDjX7YazyO23wuMzY303CxB48w3nqlDPN5G7Ktoywmyvs\/+6kO9uVx38oy25qEe0fpf31qURmsfnntNrHN\/WeyacXdoQapOfb7Pxys\/NacXz+Q0XZq4ta9Z7e19lCXIKCwdG2mlzXAOrircnI\/g3DpRkByLCMjmYFj9jDB9zi+fW\/KMGh8A\/npA75EqgFPvB8xrHUWmTYjFShuyNNEGHqOBhDa5jAvygcyBwwyoCN6wtE0wGiocL7zg1ftXFTvv\/oJAPXPQs8EXNovaf7kkkqasq1vY36F29qncjsStini1pcp7kJZFuH1+dlSGJIedOLC7QMZTl5c4zutP4J9Iv6SmNyouUidqu3dUF52nOcEDd9M6QKlK\/grnxj\/XK1Uve+Vn11FT4bS89njFAcsiu3RvSfjG1ZmrcZ6\/q7\/pYJ88tuiS37l1AWTuTJOy02+fyavOojKMH1wn8z1UfTB\/zTWvuytPdcdnhPtCaI+KIa4F3p3V9yyYFZR1sUJ46vP5m5ZOaqgflXryX78ZeTWvRTfNvvGXb8cOSgXllHhLWeas8yH5iVlRBMCVoVB26EFSw0u7LpTGV75XHW9Nztb6\/wrxD58u4nYzXfW68h\/8B+TYP2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02325{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1511102578117740,"flow_dst_last_pkt_time":1511102578109522,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_usec":1511102578117740,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAV9AAIARbSDAqAIbrNkXb\/MYAbsFTgWcDAjRAddSQpCnAsbNRhPFJhDd2f0pyEACFIECAgEAAOY2AAOIBgCkAQUUBABDSExPHQAAAFBBRADfAAAAU05JAPEAAABTVEsAKQEAAFNOTwBdAQAAVkVSAGEBAABDQ1MAcQEAAE5PTkORAQAATVNQQ5UBAABBRUFEmQEAAFVBSUTIAQAAU0NJRNgBAABUQ0lE3AEAAFBETUTgAQAAU01ITOQBAABJQ1NM6AEAAENUSU3wAQAATk9OUBACAABQVUJTMAIAAE1JRFM0AgAAU0NMUzgCAABLRVhTPAIAAFhMQ1REAgAAQ1NDVEQCAABDT1BUSAIAAENDUlRgAgAASVJUVGQCAABDRVRWCAMAAENGQ1cMAwAAU0ZDVxADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29t51304JowmNkcS5BKcGF4TFeKPL0vzLFwvGKNQZSC3tV5AuZccITR1IKNPBS7gM5cGXDQdMbrYK1m27ZrpG7Vf6wfUgDYUmoNGkZUDkwfIwpzu8q0llRbLpar8W8kfc33hmKtdhIF96r1CjwBUTAzOQHogWCSkhrofu2AhqIVgpFaEZh1MDAwMDAwMDBZwphmdL7Yts0y+qUR1kfRSDFXSWQAAABBRVNHQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjT2WrIAgJRr6TC6B5YGxsq+AAAAAFg1MDkBAAAAHgAAAHWYEVoAAAAAY86fJYRsWvt+n8SMuRjDn5CDfPNuMMHuyZztFKKwgWq63bH0pGsbpiKJlwdORVq++wXvbyC+Jog1Q4kiEaUUI2QAAAABAAAAQzI1NZwUB\/4nw78HNVJUT5wUB\/4nw78HmpHtbxwAgQ5AC3uQqa5565jAAAAE39g8QbpBjsXpZJ0k2Opa1yiXuoap6rNlFyRG3VaiUwwUTIXHR7HUE8tH+qMCGSkVfFDe9ZwBj5iFLt6nb9dICVRJNIeq99y3gDocOmnE3lMaHWOMgX5wcE5URr2JRfmKpGOgc7tXbRVfGIzEEC8Zcrx\/h1b4mHL5eogupc3r3xXMzTaDPU27bKw026+kjZ5+CM9l3v8W6hXwvRN\/+i6loGkEhQAA8AAAAGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} @@ -27,7 +27,7 @@ 00793{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":7,"flow_first_seen":1511102576835328,"flow_src_last_pkt_time":1511102576954116,"flow_dst_last_pkt_time":1511102576952686,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":202,"flow_dst_max_l4_payload_len":1430,"flow_src_tot_l4_payload_len":295,"flow_dst_tot_l4_payload_len":4409,"midstream":0,"thread_ts_usec":1511102594936951,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01120{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":80,"flow_dst_packets_processed":20,"flow_first_seen":1511102576794424,"flow_src_last_pkt_time":1511102580286427,"flow_dst_last_pkt_time":1511102580285015,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":35,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":97113,"flow_dst_tot_l4_payload_len":5163,"midstream":0,"thread_ts_usec":1511102594936951,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} 01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":11,"flow_first_seen":1511102578051971,"flow_src_last_pkt_time":1511102594783349,"flow_dst_last_pkt_time":1511102594936951,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1350,"flow_dst_max_l4_payload_len":1350,"flow_src_tot_l4_payload_len":8105,"flow_dst_tot_l4_payload_len":6001,"midstream":0,"thread_ts_usec":1511102594936951,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.YouTubeUpload","proto_id":"188.136","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Fun","category_id":1,"category":"Media"}} -00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":137,"packets-processed":137,"total-skipped-flows":0,"total-l4-payload-len":121086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1511102594936951} +00646{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":137,"source":"cfgs\/default\/pcap\/youtubeupload.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":137,"packets-processed":137,"total-skipped-flows":0,"total-l4-payload-len":121086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1511102594936951} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 137/137 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7787481 bytes -~~ total memory freed........: 7787481 bytes -~~ total allocations/frees...: 146553/146553 +~~ total memory allocated....: 11496068 bytes +~~ total memory freed........: 11496068 bytes +~~ total allocations/frees...: 216807/216807 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 537 chars ~~ json string max len.......: 2355 chars diff --git a/test/results/default/z3950.pcapng.out b/test/results/default/z3950.pcapng.out index 316622924..fecc78bfe 100644 --- a/test/results/default/z3950.pcapng.out +++ b/test/results/default/z3950.pcapng.out @@ -1,12 +1,12 @@ -00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623680697296098} +00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623680697296098} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623680697296098,"flow_src_last_pkt_time":1623680697296098,"flow_dst_last_pkt_time":1623680697296098,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623680697296098,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623680697296098,"flow_dst_last_pkt_time":1623680697296098,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623680697296098,"pkt":"eJS0JASgYDjgxTWgCABFAAA07vtAAH8Gl6\/AqAJkwa7wXeYpANJ85vsBAAAAAIAC+vCgIgAAAgQFtAEDAwgBAQQC"} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623680697296098,"flow_dst_last_pkt_time":1623680697327356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623680697327356,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADYGz6vBrvBdwKgCZADS5indlQhqfOb7AoAS+vC6GgAAAgQFrAEBBAIBAwMH"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1623680697329724,"flow_dst_last_pkt_time":1623680697327356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1623680697329724,"pkt":"eJS0JASgYDjgxTWgCABFAAAo7vxAAH8Gl7rAqAJkwa7wXeYpANJ85vsC3ZUIa1AQAgTz0QAA"} 00648{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1623680697330632,"flow_dst_last_pkt_time":1623680697327356,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":144,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":144,"pkt_l4_len":110,"thread_ts_usec":1623680697330632,"pkt":"eJS0JASgYDjgxTWgCABFAACC7v1AAH8Gl1\/AqAJkwa7wXeYpANJ85vsC3ZUIa1AYAgRPTgAAtFiDAgDghAMAwaKFBAQAAACGBAQAAACfbgI4MZ9vClpPT00tQy9ZQVqfcC41LjQuMSAxMmI5NmNlNzE1NjBhNTY2ZGZmZjU5MDFlMmIxYWFhOWQyZGM5NGNj"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623680697330632,"flow_dst_last_pkt_time":1623680697354970,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623680697354970,"pkt":"YDjgxTWgeJS0JASgCABFAAAoHB9AADYGs5jBrvBdwKgCZADS5indlQhrfOb7XFAQAfbzhQAAAAAAAAAA"} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":4151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1625070123680497} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":4151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1625070123680497} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1625070123680497,"flow_src_last_pkt_time":1625070123680497,"flow_dst_last_pkt_time":1625070123680497,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1625070123680497,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1625070123680497,"flow_dst_last_pkt_time":1625070123680497,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1625070123680497,"pkt":"YDjgxTWgABjzZLGICABFAAA0k\/xAAJAGiSTAqAAUgbuLK7W8JweM39PGAAAAAIAC+vDNyQAAAgQFtAEBBAIBAwMH"} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1625070123680497,"flow_dst_last_pkt_time":1625070123709562,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1625070123709562,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0AABAADUGeCGBu4srwKgAFCcHtbz4JgxZjN\/Tx4ASchDtagAAAgQFrAEBBAIBAwMH"} @@ -17,7 +17,7 @@ 00786{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1623680697296098,"flow_src_last_pkt_time":1623680698821983,"flow_dst_last_pkt_time":1623680698846157,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":233,"flow_dst_tot_l4_payload_len":3918,"midstream":0,"thread_ts_usec":1625070132777881,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01066{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1625070123680497,"flow_src_last_pkt_time":1625070196998319,"flow_dst_last_pkt_time":1625070132777866,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":113,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1625070196998319,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Z3950","proto_id":"260","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01105{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":6,"flow_first_seen":1625070123680497,"flow_src_last_pkt_time":1625070200217383,"flow_dst_last_pkt_time":1625070200217346,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":113,"flow_src_tot_l4_payload_len":212,"flow_dst_tot_l4_payload_len":199,"midstream":0,"thread_ts_usec":1625070200217383,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"Z3950","proto_id":"260","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":31,"packets-processed":31,"total-skipped-flows":0,"total-l4-payload-len":4562,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1625070200217383} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/z3950.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":31,"packets-processed":31,"total-skipped-flows":0,"total-l4-payload-len":4562,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1625070200217383} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 31/31 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7773896 bytes -~~ total memory freed........: 7773896 bytes -~~ total allocations/frees...: 146415/146415 +~~ total memory allocated....: 11482499 bytes +~~ total memory freed........: 11482499 bytes +~~ total allocations/frees...: 216669/216669 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 529 chars ~~ json string max len.......: 1110 chars diff --git a/test/results/default/zabbix.pcap.out b/test/results/default/zabbix.pcap.out index e4b0b1ef7..fdeb26fea 100644 --- a/test/results/default/zabbix.pcap.out +++ b/test/results/default/zabbix.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1572254070608539} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1572254070608539} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1572254070608539,"flow_src_last_pkt_time":1572254070608539,"flow_dst_last_pkt_time":1572254070608539,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1572254070608539,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1572254070608539,"flow_dst_last_pkt_time":1572254070608539,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1572254070608539,"pkt":"RoQclwmZOjUSPEK7CABFAAA85AdAAEAGTujAqENiwKhDGd9KJ0JwAdHUAAAAAKACchAH+wAAAgQFtAQCCAorwjXTAAAAAAEDAwc="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1572254070608539,"flow_dst_last_pkt_time":1572254070608854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1572254070608854,"pkt":"OjUSPEK7RoQclwmZCABFAAA8AABAAEAGMvDAqEMZwKhDYidC30pw8XhkcAHR1aAScSDKPwAAAgQFtAQCCAorfUX3K8I10wEDAwc="} @@ -7,7 +7,7 @@ 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1572254070608917,"flow_dst_last_pkt_time":1572254070608854,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1572254070608917,"pkt":"RoQclwmZOjUSPEK7CABFAABL5AlAAEAGTtfAqENiwKhDGd9KJ0JwAdHVcPF4ZYAYAOUICgAAAQEICivCNdQrfUX3WkJYRAEKAAAAAAAAAHByb2MubnVtW10="} 00929{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1572254070608539,"flow_src_last_pkt_time":1572254070608917,"flow_dst_last_pkt_time":1572254070608854,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1572254070608917,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1572254070608917,"flow_dst_last_pkt_time":1572254070609214,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1572254070609214,"pkt":"OjUSPEK7RoQclwmZCABFAAA0t4ZAAEAGe3HAqEMZwKhDYidC30pw8XhlcAHR7IAQAONpMQAAAQEICit9RfcrwjXU"} -00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":39,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1657872825792772} +00630{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-payload-len":39,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1657872825792772} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1657872825792772,"flow_src_last_pkt_time":1657872825792772,"flow_dst_last_pkt_time":1657872825792772,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1657872825792772,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":36699,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1657872825792772,"flow_dst_last_pkt_time":1657872825792772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872825792772,"pkt":"AAwphPY8AAwpXdTzCABFAAA86nZAAEAGwNPAqAcQwKgHEY9bJ0PFmT3IAAAAAKAC+vDyGgAAAgQFtAQCCArVxDu9AAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1657872825792772,"flow_dst_last_pkt_time":1657872825792809,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1657872825792809,"pkt":"AAwpXdTzAAwphPY8CABFAAA8AABAAEAGq0rAqAcRwKgHECdDj1uwlSH0xZk9yaAS\/ohzWgAAAgQFtAQCCAqaoA3u1cQ7vQEDAwc="} @@ -193,7 +193,7 @@ 00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872870792611,"flow_src_last_pkt_time":1657872870794489,"flow_dst_last_pkt_time":1657872870794496,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":213,"flow_dst_max_l4_payload_len":97,"flow_src_tot_l4_payload_len":213,"flow_dst_tot_l4_payload_len":97,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":40553,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872952792575,"flow_src_last_pkt_time":1657872952793338,"flow_dst_last_pkt_time":1657872952793345,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":97,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":97,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":52901,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00972{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1657872892792572,"flow_src_last_pkt_time":1657872892794079,"flow_dst_last_pkt_time":1657872892794088,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":281,"flow_dst_max_l4_payload_len":97,"flow_src_tot_l4_payload_len":281,"flow_dst_tot_l4_payload_len":97,"midstream":0,"thread_ts_usec":1657872986793226,"l3_proto":"ip4","src_ip":"192.168.7.16","dst_ip":"192.168.7.17","src_port":36623,"dst_port":10051,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Zabbix","proto_id":"248","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":236,"packets-processed":236,"total-skipped-flows":0,"total-l4-payload-len":8611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":196,"global_ts_usec":1657872986793226} +00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":236,"source":"cfgs\/default\/pcap\/zabbix.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":236,"packets-processed":236,"total-skipped-flows":0,"total-l4-payload-len":8611,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":196,"global_ts_usec":1657872986793226} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 236/236 ~~ skipped flows.............: 0 @@ -202,9 +202,9 @@ ~~ total active/idle flows...: 24/24 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7823001 bytes -~~ total memory freed........: 7823001 bytes -~~ total allocations/frees...: 146860/146860 +~~ total memory allocated....: 11531252 bytes +~~ total memory freed........: 11531252 bytes +~~ total allocations/frees...: 217114/217114 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 544 chars ~~ json string max len.......: 1004 chars diff --git a/test/results/default/zattoo.pcap.out b/test/results/default/zattoo.pcap.out index 832640597..acda6c869 100644 --- a/test/results/default/zattoo.pcap.out +++ b/test/results/default/zattoo.pcap.out @@ -1,5 +1,5 @@ -00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614851148233981} +00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614851148233981} 00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614851148233981,"flow_src_last_pkt_time":1614851148233981,"flow_dst_last_pkt_time":1614851148233981,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614851148233981,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614851148233981,"flow_dst_last_pkt_time":1614851148233981,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614851148233981,"pkt":"5kBKB+riApXG95NLCABFAAAw4ZkAAIAGAAAKZQACCmYAAgtyAbsk8\/zrAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1614851148233981,"flow_dst_last_pkt_time":1614851148234305,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1614851148234305,"pkt":"ApXG95NL5kBKB+riCABFAAAw4ZMAAH8GRWYKZgACCmUAAgG7C3Ik9AFrJPP87HASgAGZ0wAAAgQFtAMDAQA="} @@ -17,7 +17,7 @@ 01069{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1614851148248533,"flow_dst_last_pkt_time":1614851148248907,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":458,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":458,"pkt_l4_len":424,"thread_ts_usec":1614851148248907,"pkt":"ApXG95NL5kBKB+riCABFAAG84bgAAH8GQ7UKZgACCmUAAgBQC3gk9N+zJPTdL1AYgAGT3gAASFRUUC8xLjAgMjAwIE9LDQpYLU1VLVNlc3Npb24tSUQ6IDY5MzQ0MjM5NA0KQ29udGVudC1UeXBlOiB0ZXh0L2h0bWwNCkNvbnRlbnQtTGVuZ3RoOiAyNTANCkRhdGU6IFNhdCwgMjAgQXVnIDIwMTEgMjM6MzQ6NTkgR01UDQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQoNCjw\/eG1sIHZlcnNpb249IjEuMCI\/PjwhRE9DVFlQRSBjcm9zcy1kb21haW4tcG9saWN5IFNZU1RFTSAiaHR0cDovL3d3dy5tYWNyb21lZGlhLmNvbS94bWwvZHRkcy9jcm9zcy1kb21haW4tcG9saWN5LmR0ZCI+PGNyb3NzLWRvbWFpbi1wb2xpY3k+PGFsbG93LWFjY2Vzcy1mcm9tIGRvbWFpbj0iKiIvPjxhbGxvdy1odHRwLXJlcXVlc3QtaGVhZGVycy1mcm9tIGRvbWFpbj0iKiIgaGVhZGVycz0iKiIvPjwvY3Jvc3MtZG9tYWluLXBvbGljeT4="} 00779{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1614851148233981,"flow_src_last_pkt_time":1614851148237771,"flow_dst_last_pkt_time":1614851148238027,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1165,"flow_dst_max_l4_payload_len":1072,"flow_src_tot_l4_payload_len":1596,"flow_dst_tot_l4_payload_len":2030,"midstream":0,"thread_ts_usec":1614851148254534,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00965{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":10,"flow_first_seen":1614851148248095,"flow_src_last_pkt_time":1614851148254413,"flow_dst_last_pkt_time":1614851148254534,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":961,"flow_dst_max_l4_payload_len":404,"flow_src_tot_l4_payload_len":5785,"flow_dst_tot_l4_payload_len":2260,"midstream":0,"thread_ts_usec":1614851148254534,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.Zattoo","proto_id":"7.55","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":26,"category":"Video"}} -00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":11671,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1614851148254534} +00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zattoo.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-payload-len":11671,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_usec":1614851148254534} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 ~~ skipped flows.............: 0 @@ -26,9 +26,9 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7774318 bytes -~~ total memory freed........: 7774318 bytes -~~ total allocations/frees...: 146425/146425 +~~ total memory allocated....: 11482921 bytes +~~ total memory freed........: 11482921 bytes +~~ total allocations/frees...: 216679/216679 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 537 chars ~~ json string max len.......: 1982 chars diff --git a/test/results/default/zcash.pcap.out b/test/results/default/zcash.pcap.out index a3c205b6d..f456c1a6c 100644 --- a/test/results/default/zcash.pcap.out +++ b/test/results/default/zcash.pcap.out @@ -1,16 +1,16 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1514196094240063} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1514196094240063} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094240063,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196094240063,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094240063,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196094240063,"pkt":"fmgbW\/gUcIXCQA64CABFAAA8ux1AAEAGRaDAqAJcsiDE2deWI1qAnf85AAAAAKACchAV6gAAAgQFtAQCCApPjruwAAAAAAEDAwc="} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1514196094240063,"flow_dst_last_pkt_time":1514196094322725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196094322725,"pkt":"cIXCQA64fmgbW\/gUCABFAAA8AABAADMGDb6yIMTZwKgCXCNa15Yj5r0mgJ3\/OqAScSDZNwAAAgQFtAQCCArshW\/8T467sAEDAwk="} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1514196094322778,"flow_dst_last_pkt_time":1514196094322725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1514196094322778,"pkt":"fmgbW\/gUcIXCQA64CABFAAA0ux5AAEAGRafAqAJcsiDE2deWI1qAnf86I+a9J4AQAOV4LAAAAQEICk+Ou8XshW\/8"} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1514196094322947,"flow_dst_last_pkt_time":1514196094322725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"thread_ts_usec":1514196094322947,"pkt":"fmgbW\/gUcIXCQA64CABFAAE4ux9AAEAGRKLAqAJcsiDE2deWI1qAnf86I+a9J4AYAOWIhgAAAQEICk+Ou8XshW\/8eyJtZXRob2QiOiJsb2dpbiIsInBhcmFtcyI6eyJsb2dpbiI6IjRCQ2VFUGhvZGdQTWJQV0ZOMWRQd2hXWGRSWDhxNG1oaGRaZEExZHRTTUxUTENFWXZBajlRWGpYQWZGN0N1Z0VibWZCaGdrcUhiZGdLOWIyd0tBNm5xUlpRQ2d2Q0RtLmNiMmI3MzQxNWM0ZmFmMjE0MDM1YTczYjlkOTQ3YzIwMjM0MmYzYmYzYmRmNjMyMTMyYmQ2ZDdhZjk4Y2IyNTcucnl6ZW4iLCJwYXNzIjoieCIsImFnZW50IjoieG1yLXN0YWstY3B1LzEuMy4wLTEuNS4wIn0sImlkIjoxfQo="} -01159{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514196094322947,"flow_dst_last_pkt_time":1514196094322725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196094322947,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +01042{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514196094322947,"flow_dst_last_pkt_time":1514196094322725,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":260,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196094322947,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1514196094322947,"flow_dst_last_pkt_time":1514196094405351,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1514196094405351,"pkt":"cIXCQA64fmgbW\/gUCABFAAA0zTZAADMGQI+yIMTZwKgCXCNa15Yj5r0ngJ4APoAQADl3vwAAAQEICuyFcBFPjrvF"} -02467{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514196187394861,"flow_dst_last_pkt_time":1514196187518495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":1724,"flow_dst_tot_l4_payload_len":1124,"midstream":0,"thread_ts_usec":1514196187518495,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":24,"avg":6013975.0,"max":50191373,"stddev":12033642.0,"var":144808530149376.0,"ent":3.2,"data": [82662,82715,169,82626,1477,83954,12149836,12261597,111733,2618837,2732392,113543,6931182,7043979,112799,7848884,7848880,48786215,308388,319989,608003,50191373,143,24,41664,210617,4833234,4833228,8034710,8116947,41430]},"pktlen": {"min":52,"avg":142.6,"max":355,"stddev":98.9,"var":9779.1,"ent":4.7,"data": [60,60,52,312,52,355,52,235,115,52,235,115,52,235,115,52,305,52,235,235,235,235,64,64,64,115,52,305,52,235,52,115]},"bins": {"c_to_s": [9,0,0,0,0,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,5,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1],"entropies": [4.771797657,5.333454132,5.171406746,6.152554512,5.168681622,5.319005013,5.053297043,5.511947632,5.527595043,5.053297043,5.498871803,5.546218395,5.156889915,5.566714287,5.501477242,5.094483376,5.293007374,4.926119804,5.440917015,5.447358608,5.455869675,5.449427605,5.128524780,5.159774780,5.159774780,5.546219349,5.041504383,5.292303562,5.209868431,5.539683342,5.248330116,5.587565422]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":88,"packets-processed":87,"total-skipped-flows":0,"total-l4-payload-len":6805,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1514196730496095} -01208{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":83,"flow_dst_packets_processed":62,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514197248783309,"flow_dst_last_pkt_time":1514197248783271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":6299,"flow_dst_tot_l4_payload_len":4723,"midstream":0,"thread_ts_usec":1514197248783309,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} -00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":145,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":11022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1514197248783309} +02350{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514196187394861,"flow_dst_last_pkt_time":1514196187518495,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":1724,"flow_dst_tot_l4_payload_len":1124,"midstream":0,"thread_ts_usec":1514196187518495,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":24,"avg":6013975.0,"max":50191373,"stddev":12033642.0,"var":144808530149376.0,"ent":3.2,"data": [82662,82715,169,82626,1477,83954,12149836,12261597,111733,2618837,2732392,113543,6931182,7043979,112799,7848884,7848880,48786215,308388,319989,608003,50191373,143,24,41664,210617,4833234,4833228,8034710,8116947,41430]},"pktlen": {"min":52,"avg":142.6,"max":355,"stddev":98.9,"var":9779.1,"ent":4.7,"data": [60,60,52,312,52,355,52,235,115,52,235,115,52,235,115,52,305,52,235,235,235,235,64,64,64,115,52,305,52,235,52,115]},"bins": {"c_to_s": [9,0,0,0,0,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,5,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1],"entropies": [4.771797657,5.333454132,5.171406746,6.152554512,5.168681622,5.319005013,5.053297043,5.511947632,5.527595043,5.053297043,5.498871803,5.546218395,5.156889915,5.566714287,5.501477242,5.094483376,5.293007374,4.926119804,5.440917015,5.447358608,5.455869675,5.449427605,5.128524780,5.159774780,5.159774780,5.546219349,5.041504383,5.292303562,5.209868431,5.539683342,5.248330116,5.587565422]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00631{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":88,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":88,"packets-processed":87,"total-skipped-flows":0,"total-l4-payload-len":6805,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1514196730496095} +01091{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":83,"flow_dst_packets_processed":62,"flow_first_seen":1514196094240063,"flow_src_last_pkt_time":1514197248783309,"flow_dst_last_pkt_time":1514197248783271,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":260,"flow_dst_max_l4_payload_len":303,"flow_src_tot_l4_payload_len":6299,"flow_dst_tot_l4_payload_len":4723,"midstream":0,"thread_ts_usec":1514197248783309,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}} +00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/zcash.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":145,"packets-processed":145,"total-skipped-flows":0,"total-l4-payload-len":11022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1514197248783309} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 145/145 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7773006 bytes -~~ total memory freed........: 7773006 bytes -~~ total allocations/frees...: 146517/146517 +~~ total memory allocated....: 11481625 bytes +~~ total memory freed........: 11481625 bytes +~~ total allocations/frees...: 216771/216771 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 544 chars -~~ json string max len.......: 2472 chars -~~ json string avg len.......: 1464 chars +~~ json string max len.......: 2355 chars +~~ json string avg len.......: 1406 chars diff --git a/test/results/default/zoom.pcap.out b/test/results/default/zoom.pcap.out index b4b0f2121..906fa012d 100644 --- a/test/results/default/zoom.pcap.out +++ b/test/results/default/zoom.pcap.out @@ -1,5 +1,5 @@ -00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569520466080774} +00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00623{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1569520466080774} 00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520466080774,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00811{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_usec":1569520466080774,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjbcQAAAQEICiWcznNwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} 01420{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520466080774,"flow_src_last_pkt_time":1569520466080774,"flow_dst_last_pkt_time":1569520466080774,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":199,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":199,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":199,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520466080774,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.GoogleServices","proto_id":"91.239","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.googletagmanager.com","tls": {"version":"TLSv1","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}} @@ -52,7 +52,7 @@ 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469081864,"flow_dst_last_pkt_time":1569520469116573,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520469116573,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAoaEVAAO8G\/tUN4VS2wKgBdQG71g5UB27VAAAAAFAEAADwhQAAAAAAAAAA"} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469189810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469189810,"pkt":"EBMx8Tl2KDc3AG3ICABFAABICu4AAEAR5YzAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469189810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":0}}} +01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469189810,"flow_src_last_pkt_time":1569520469189810,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469189810,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.37.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":""}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":5,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469198772,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1569520469198772,"pkt":"KDc3AG3IEBMx8Tl2CABFAAAomZxAAO4GvV00yj7uwKgBdQG71lCVbT6Vn9byIVAQAAc78QAAAAAAAAAA"} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469200030,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469200030,"pkt":"EBMx8Tl2KDc3AG3ICABFAABISukAAEARpZHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 01179{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1569520468959185,"flow_src_last_pkt_time":1569520469090576,"flow_dst_last_pkt_time":1569520469200490,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1569520469200490,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"52.202.62.238","src_port":54864,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"log.zoom.us","tls": {"version":"TLSv1.2","ja3":"535aca3d99fc247509cd50933cd71d37","ja3s":"3c30f2c064a3aed8cd95de8d68c726a6","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"http\/1.1"}}} @@ -60,12 +60,12 @@ 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1569520469210161,"flow_dst_last_pkt_time":1569520469189810,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469210161,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIjkkAAEARYjHAqAF1ov8lDl1fDZYANPtTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469221116,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469221116,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469221116,"pkt":"EBMx8Tl2KDc3AG3ICABFAABI9l0AAEAR+RzAqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -01141{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469221116,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469221116,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469221116,"flow_src_last_pkt_time":1569520469221116,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469221116,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":""}} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469231500,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469231500,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIQ9kAAEARq6HAqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_src_last_pkt_time":1569520469242043,"flow_dst_last_pkt_time":1569520469221116,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469242043,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIKAsAAEARx2\/AqAF1ov8mDl1fDZYANPpTAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469253995,"flow_src_last_pkt_time":1569520469253995,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469253995,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1569520469253995,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469253995,"pkt":"EBMx8Tl2KDc3AG3ICABFAABI+hMAAEAR9WbAqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -01258{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469253995,"flow_src_last_pkt_time":1569520469253995,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469253995,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469253995,"flow_src_last_pkt_time":1569520469253995,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1569520469253995,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","src_port":23903,"dst_port":3479,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":""}} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1569520469264582,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469264582,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIADMAAEAR70fAqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1569520469274880,"flow_dst_last_pkt_time":1569520469253995,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1569520469274880,"pkt":"EBMx8Tl2KDc3AG3ICABFAABIzF0AAEARIx3AqAF1ov8mDl1fDZcANPpSAAEAGMFdrmNYXRQ5LlgsJgQDvzABAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} 00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1569520469340783,"flow_src_last_pkt_time":1569520469340783,"flow_dst_last_pkt_time":1569520469340783,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":263,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":263,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":263,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1569520469340783,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"104.199.65.42","src_port":53867,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} @@ -247,7 +247,7 @@ 00968{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":8,"flow_first_seen":1569520469341987,"flow_src_last_pkt_time":1569520469402528,"flow_dst_last_pkt_time":1569520469413824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1368,"flow_dst_max_l4_payload_len":1418,"flow_src_tot_l4_payload_len":1489,"flow_dst_tot_l4_payload_len":4294,"midstream":1,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01121{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_src_packets_processed":127,"flow_dst_packets_processed":83,"flow_first_seen":1569520471189039,"flow_src_last_pkt_time":1569520473190218,"flow_dst_last_pkt_time":1569520473152463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":45724,"flow_dst_tot_l4_payload_len":12028,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00970{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1569520469984408,"flow_src_last_pkt_time":1569520469984408,"flow_dst_last_pkt_time":1569520470021639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":46,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":46,"midstream":0,"thread_ts_usec":1569520473198709,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Zoom","proto_id":"5.189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":700,"packets-processed":697,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":31,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":250,"global_ts_usec":1569520473198709} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":700,"source":"cfgs\/default\/pcap\/zoom.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":700,"packets-processed":697,"total-skipped-flows":0,"total-l4-payload-len":329478,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":31,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":250,"global_ts_usec":1569520473198709} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 700/697 ~~ skipped flows.............: 0 @@ -256,9 +256,9 @@ ~~ total active/idle flows...: 33/33 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8090979 bytes -~~ total memory freed........: 8090979 bytes -~~ total allocations/frees...: 147517/147517 +~~ total memory allocated....: 11799086 bytes +~~ total memory freed........: 11799086 bytes +~~ total allocations/frees...: 217771/217771 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 298 chars ~~ json string max len.......: 2404 chars diff --git a/test/results/default/zoom2.pcap.out b/test/results/default/zoom2.pcap.out index 05bf254b6..39ab99ba9 100644 --- a/test/results/default/zoom2.pcap.out +++ b/test/results/default/zoom2.pcap.out @@ -1,5 +1,5 @@ -00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1642965458402978} +00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00624{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1642965458402978} 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458402978,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965458402978,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458402978,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1642965458402978,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngDAqAGykMNJmsOcAbton\/9jAAAAALAC\/\/+GrAAAAgQFtAEDAwUBAQgKBNjhZQAAAAAEAgAA"} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1642965458402978,"flow_dst_last_pkt_time":1642965458577638,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1642965458577638,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGrQSQw0mawKgBsgG7w5wp5A9SaJ\/\/ZKASqbBcNQAAAgQFrAQCCApc+vuKBNjhZQEDAww="} @@ -45,7 +45,7 @@ 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2514,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1283,"flow_dst_packets_processed":947,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965500042137,"flow_dst_last_pkt_time":1642965500203618,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":334,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":248698,"flow_dst_tot_l4_payload_len":119844,"midstream":0,"thread_ts_usec":1642965500203663,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SRTP.Zoom","proto_id":"338.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2514,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":43,"flow_dst_packets_processed":128,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965460910859,"flow_dst_last_pkt_time":1642965460909060,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1036,"flow_dst_max_l4_payload_len":1237,"flow_src_tot_l4_payload_len":39998,"flow_dst_tot_l4_payload_len":124385,"midstream":0,"thread_ts_usec":1642965500203663,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SRTP.Zoom","proto_id":"338.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 01060{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2514,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1642965500049643,"flow_src_last_pkt_time":1642965500203663,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":216,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965500203663,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2514,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2514,"packets-processed":2514,"total-skipped-flows":0,"total-l4-payload-len":546451,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1642965500203663} +00641{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2514,"source":"cfgs\/default\/pcap\/zoom2.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2514,"packets-processed":2514,"total-skipped-flows":0,"total-l4-payload-len":546451,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_usec":1642965500203663} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2514/2514 ~~ skipped flows.............: 0 @@ -54,9 +54,9 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7859380 bytes -~~ total memory freed........: 7859380 bytes -~~ total allocations/frees...: 148938/148938 +~~ total memory allocated....: 11567935 bytes +~~ total memory freed........: 11567935 bytes +~~ total allocations/frees...: 219192/219192 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 535 chars ~~ json string max len.......: 2217 chars diff --git a/test/results/default/zoom_p2p.pcapng.out b/test/results/default/zoom_p2p.pcapng.out index c268524db..20bb3a12c 100644 --- a/test/results/default/zoom_p2p.pcapng.out +++ b/test/results/default/zoom_p2p.pcapng.out @@ -1,5 +1,5 @@ -00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666892468833699} +00566{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00629{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1666892468833699} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00698{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":174,"pkt_l4_len":140,"thread_ts_usec":1666892468833699,"pkt":"\/\/\/\/\/\/\/\/CL6sCxduCABFAACgYTNAAEARPsnAqAwBwKgM\/0RcRFwAjEIMeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMjY2OTI4NTUzNTE0MjEyNTAyMDcwOTgyNTg4NDgzOTQ4ODczODcsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFs5MjQ0NjQxN119"} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892468833699,"flow_src_last_pkt_time":1666892468833699,"flow_dst_last_pkt_time":1666892468833699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":132,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892468833699,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} @@ -16,10 +16,10 @@ 00782{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892508718573,"flow_src_last_pkt_time":1666892508718573,"flow_dst_last_pkt_time":1666892508718573,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":141,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892618882757,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633743872,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892633743872,"pkt":"CL6sCxduJjb1W8R1CABFAABIOSEAAEARTXPAqAyczvdX1ZiZDZYANLFQAAEAGPylwjKz2lsgZSGfQY6bPhoBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -01147{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633743872,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":0}}} +01076{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892633743872,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633743872,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":""}} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633744357,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892633744357,"pkt":"CL6sCxduJjb1W8R1CABFAABIOSIAAEARTXLAqAyczvdX1ZY1DZYANGmLAAEAGNROrGuDSSg3DJfkQhb6tQYBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -01147{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633744357,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01076{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633744357,"flow_src_last_pkt_time":1666892633744357,"flow_dst_last_pkt_time":1666892633744357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633744357,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":38453,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":""}} 00751{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892633842799,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633842799,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1666892633842799,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892633842799,"pkt":"Jjb1W8R1CL6sCxduCABFAABkWM0AACoBQ7vO91fVwKgMnAMK8UwAAAAARQAASDkhAAAvEV5zwKgMnM73V9WYmQ2WADSxUAABABj8pcIys9pbIGUhn0GOmz4aAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"} 01043{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892633842799,"flow_src_last_pkt_time":1666892633842799,"flow_dst_last_pkt_time":1666892633842799,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892633842799,"l3_proto":"ip4","src_ip":"206.247.87.213","dst_ip":"192.168.12.156","l4_proto":"icmp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.315078}} @@ -80,10 +80,10 @@ 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892633743872,"flow_src_last_pkt_time":1666892672044867,"flow_dst_last_pkt_time":1666892633743872,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892858965490,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.87.213","src_port":39065,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892883463041,"pkt":"CL6sCxduJjb1W8R1CABFAABInAUAAEARN2fAqAyczvcK\/cGrDZYAND6kAAEAGHYXPCtl23wOrVMBeFlUmRIBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","stun": {"num_pkts":1,"num_binding_requests":1,"num_processed_pkts":0}}} +01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":397,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892883463041,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463041,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":""}} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463255,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463255,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":42208,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1666892883463255,"pkt":"CL6sCxduJjb1W8R1CABFAABInAYAAEARN2bAqAyczvcK\/aTgDZYANPrWAAEAGLBQbSBUGckYObqWWsHyyUwBAQAUMTIzNDU2Nzg5MDEyMzQ1Njc4OQA="} -01149{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463255,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463255,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":42208,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463255,"flow_src_last_pkt_time":1666892883463255,"flow_dst_last_pkt_time":1666892883463255,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883463255,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":42208,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video","hostname":""}} 00753{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883560468,"flow_src_last_pkt_time":1666892883560468,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883560468,"l3_proto":"ip4","src_ip":"206.247.10.253","dst_ip":"192.168.12.156","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_src_last_pkt_time":1666892883560468,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_usec":1666892883560468,"pkt":"Jjb1W8R1CL6sCxduCABFAABkE1oAACoB1gbO9wr9wKgMnAMKpHQAAAAARQAASJwFAAAvEUhnwKgMnM73Cv3Bqw2WADQ+pAABABh2FzwrZdt8Dq1TAXhZVJkSAQEAFDEyMzQ1Njc4OTAxMjM0NTY3ODkA"} 01045{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1666892883560468,"flow_src_last_pkt_time":1666892883560468,"flow_dst_last_pkt_time":1666892883560468,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":80,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892883560468,"l3_proto":"ip4","src_ip":"206.247.10.253","dst_ip":"192.168.12.156","l4_proto":"icmp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","entropy":5.318754}} @@ -128,7 +128,7 @@ 01077{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":130,"flow_dst_packets_processed":0,"flow_first_seen":1666892923321165,"flow_src_last_pkt_time":1666892925565422,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10920,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":42208,"dst_port":47312,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"4":"DPI (partial cache)"},"proto":"Zoom","proto_id":"189","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 00790{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":130,"flow_dst_packets_processed":0,"flow_first_seen":1666892923321165,"flow_src_last_pkt_time":1666892925565422,"flow_dst_last_pkt_time":1666892923321165,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":84,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":84,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10920,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"10.78.14.178","src_port":42208,"dst_port":47312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01105{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":0,"flow_first_seen":1666892883463041,"flow_src_last_pkt_time":1666892921699571,"flow_dst_last_pkt_time":1666892883463041,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":880,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1666892928125663,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"206.247.10.253","src_port":49579,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.Zoom","proto_id":"78.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":26,"category":"Video"}} -00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":763,"packets-processed":763,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":9,"total-detection-updates":0,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":131,"global_ts_usec":1666892928125663} +00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":763,"source":"cfgs\/default\/pcap\/zoom_p2p.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":763,"packets-processed":763,"total-skipped-flows":0,"total-l4-payload-len":240182,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":9,"total-detection-updates":0,"total-updates":27,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":131,"global_ts_usec":1666892928125663} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 763/763 ~~ skipped flows.............: 0 @@ -137,9 +137,9 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7814572 bytes -~~ total memory freed........: 7814572 bytes -~~ total allocations/frees...: 147263/147263 +~~ total memory allocated....: 11522999 bytes +~~ total memory freed........: 11522999 bytes +~~ total allocations/frees...: 217517/217517 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 571 chars ~~ json string max len.......: 2296 chars diff --git a/test/results/disable_aggressiveness/ookla.pcap.out b/test/results/disable_aggressiveness/ookla.pcap.out index 68f4c3e9f..94a377513 100644 --- a/test/results/disable_aggressiveness/ookla.pcap.out +++ b/test/results/disable_aggressiveness/ookla.pcap.out @@ -1,4 +1,4 @@ -00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00576{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00758{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":52760463,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":52760463,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52760463,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52760463,"pkt":"pJGxgjQ5CAAns+YuCABFAAA88ZNAAEAG5yvAqAHAuZ3l9pOeH5CL5\/\/AAAAAAKAC+vCdxwAAAgQFtAQCCArwSR4qAAAAAAEDAwc="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":52760463,"flow_dst_last_pkt_time":52767367,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":52767367,"pkt":"CAAns+YupJGxgjQ5CABFAAA8AABAADkG37+5neX2wKgBwB+Qk54VD1Tvi+f\/waAS9KzB8AAAAgQFtAQCCArQXqes8EkeKgEDAwc="} @@ -12,7 +12,7 @@ 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":52803123,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52803123,"pkt":"pJGxgjQ5CAAns+YuCABFAAA07SxAAEAGxSTAqAHAWWBsqsfUH5CQmgkYQm9JZYAQAfaCuwAAAQEICkrfmqSA8vY2"} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52802860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":143,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":143,"pkt_l4_len":109,"thread_ts_usec":52803891,"pkt":"pJGxgjQ5CAAns+YuCABFAACB7S1AAEAGxNbAqAHAWWBsqsfUH5CQmgkYQm9JZYAYAfa1WgAAAQEICkrfmqSA8vY2EMGp+9vLnmHw2ahVPr\/DnjqEBMpv3qQx14PKFUDQ+Xiem1oDpE25ebBB0o3w7\/CD7T9\/W+RFeHExRQnSnZNpGp1400Jci657f6wCIgo="} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":52803891,"flow_dst_last_pkt_time":52813624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":52813624,"pkt":"CAAns+YupJGxgjQ5CABFAAA0vyZAADkG+ipZYGyqwKgBwB+Qx9RCb0llkJoJZYAQAOODdAAAAQEICoDy9kNK35qk"} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":1794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_usec":1491069108756336} 00785{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1491069108756336,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1491069108756336,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108756336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1491069108756336,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1491069108756336,"flow_dst_last_pkt_time":1491069108793565,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1491069108793565,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="} @@ -30,7 +30,7 @@ 00934{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI (partial cache)"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} 00775{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52788003,"flow_src_last_pkt_time":52834008,"flow_dst_last_pkt_time":52833933,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":77,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":187,"flow_dst_tot_l4_payload_len":1512,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"89.96.108.170","src_port":51156,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00955{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":52760463,"flow_src_last_pkt_time":52824399,"flow_dst_last_pkt_time":52783053,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":42,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":45,"midstream":0,"thread_ts_usec":1491069115908957,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"185.157.229.246","src_port":37790,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Ookla","proto_id":"191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Safe","category_id":14,"category":"Network"}} -00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1679653269892307} +00646{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":5115,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":4,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1679653269892307} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1679653269892307,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269892307,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269892307,"pkt":"ILAB4IZiPKn0qB\/sCABFAAA8d9tAAEAGx5vAqAGAaBDRDL7WAbvTK4fdAAAAAKAC+vCixQAAAgQFtAQCCAqNuQWwAAAAAAEDAwc="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_src_last_pkt_time":1679653269892307,"flow_dst_last_pkt_time":1679653269908336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1679653269908336,"pkt":"PKn0qB\/sILAB4IZiCABFAAA8AABAADkGRndoENEMwKgBgAG7vtZrVEBX0yuH3qAS\/ohAMAAAAgQFeAQCCApAz3KnjbkFsAEDAw0="} @@ -52,7 +52,7 @@ 01253{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":100,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":7,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307021150,"flow_dst_last_pkt_time":1679653307026312,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":628,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":2446,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307026312,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","ndpi": {"confidence": {"8":"DPI (aggressive)"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"spd-pub-mi-01-01.fastwebnet.it","tls": {"version":"TLSv1.3","ja3":"c279b0189edb9269da7bc43dea5e0c36","ja3s":"fcb2d4d0991292272fcb1e464eedfd43","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}} 00801{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":6,"flow_first_seen":1679653269892307,"flow_src_last_pkt_time":1679653269935522,"flow_dst_last_pkt_time":1679653269948533,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":1084,"flow_dst_tot_l4_payload_len":3414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"104.16.209.12","src_port":48854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01002{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":113,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":8,"flow_first_seen":1679653306712675,"flow_src_last_pkt_time":1679653307034874,"flow_dst_last_pkt_time":1679653307034855,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":321,"flow_src_tot_l4_payload_len":19822,"flow_dst_tot_l4_payload_len":1414,"midstream":0,"thread_ts_usec":1679653307034874,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"89.96.108.170","src_port":35830,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"8":"DPI (aggressive)"},"proto":"TLS.Ookla","proto_id":"91.191","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":113,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} +00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":113,"source":"cfgs\/disable_aggressiveness\/pcap\/ookla.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":113,"packets-processed":113,"total-skipped-flows":0,"total-l4-payload-len":30849,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_usec":1679653307034874} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 113/113 ~~ skipped flows.............: 0 @@ -61,9 +61,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7798209 bytes -~~ total memory freed........: 7798209 bytes -~~ total allocations/frees...: 146558/146558 +~~ total memory allocated....: 11506748 bytes +~~ total memory freed........: 11506748 bytes +~~ total allocations/frees...: 216812/216812 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 535 chars ~~ json string max len.......: 1414 chars diff --git a/test/results/disable_protocols/dns_long_domainname.pcap.out b/test/results/disable_protocols/dns_long_domainname.pcap.out index 0fccb63de..404d82772 100644 --- a/test/results/disable_protocols/dns_long_domainname.pcap.out +++ b/test/results/disable_protocols/dns_long_domainname.pcap.out @@ -1,12 +1,12 @@ -00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1599686652555538} +00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00648{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1599686652555538} 00791{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1599686652555538,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_usec":1599686652555538,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZsREAAEAR9yLAqAGoCAgICP8fADUARcOpi1QBAAABAAAAAAAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAQ=="} 01226{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652555538,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1599686652555538,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_usec":1599686652578187,"pkt":"KDc3AG3IEBMx8Tl2CABFAACR3WoAAHYRlJEICAgIwKgBqAA1\/x8AfQAAi1SBgwABAAAAAQAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAcAsAAYAAQAABcMALAJucwVpY2FubgNvcmcAA25vYwNkbnPATHhn+r4AABwgAAAOEAASdQAAAA4Q"} 01226{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1599686652578187,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","dns": {"num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} 01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1599686652555538,"flow_src_last_pkt_time":1599686652555538,"flow_dst_last_pkt_time":1599686652578187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":61,"flow_dst_max_l4_payload_len":117,"flow_src_tot_l4_payload_len":61,"flow_dst_tot_l4_payload_len":117,"midstream":0,"thread_ts_usec":1599686652578187,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"43": {"risk":"Error Code","severity":"Low","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"DNS","proto_id":"5","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1599686652578187} +00652{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/dns_long_domainname.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-payload-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_usec":1599686652578187} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -15,9 +15,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7766835 bytes -~~ total memory freed........: 7766835 bytes -~~ total allocations/frees...: 146374/146374 +~~ total memory allocated....: 11475454 bytes +~~ total memory freed........: 11475454 bytes +~~ total allocations/frees...: 216628/216628 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 590 chars ~~ json string max len.......: 1231 chars diff --git a/test/results/disable_protocols/pluralsight.pcap.out b/test/results/disable_protocols/pluralsight.pcap.out index 152183ddc..5f083877a 100644 --- a/test/results/disable_protocols/pluralsight.pcap.out +++ b/test/results/disable_protocols/pluralsight.pcap.out @@ -1,5 +1,5 @@ -00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648373355763733} +00577{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1648373355763733} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648373355763733,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355763733,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355763733,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8t1dAAEAGzuTAqAGANkW8EqaSAbs5mmmUAAAAAKAC+vDIPgAAAgQFtAQCCAqK+PnbAAAAAAEDAwc="} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1648373355763733,"flow_dst_last_pkt_time":1648373355952180,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1648373355952180,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAAOAG5js2RbwSwKgBgAG7ppJ9QO7SOZpplaASaN998gAAAgQFtAQCCApSMR4Hivj52wEDAwg="} @@ -56,7 +56,7 @@ 00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357854664,"flow_src_last_pkt_time":1648373357890274,"flow_dst_last_pkt_time":1648373357906518,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42782,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00800{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373357861427,"flow_src_last_pkt_time":1648373357907751,"flow_dst_last_pkt_time":1648373357922416,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1340,"flow_src_tot_l4_payload_len":610,"flow_dst_tot_l4_payload_len":5003,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"146.75.62.208","src_port":42790,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":6,"flow_first_seen":1648373355763733,"flow_src_last_pkt_time":1648373356146750,"flow_dst_last_pkt_time":1648373356334094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":643,"flow_dst_tot_l4_payload_len":5848,"midstream":0,"thread_ts_usec":1648373359681609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"54.69.188.18","src_port":42642,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1648373359681609} +00651{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":44,"source":"cfgs\/disable_protocols\/pcap\/pluralsight.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":44,"packets-processed":44,"total-skipped-flows":0,"total-l4-payload-len":26716,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_usec":1648373359681609} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 44/44 ~~ skipped flows.............: 0 @@ -65,9 +65,9 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7837115 bytes -~~ total memory freed........: 7837115 bytes -~~ total allocations/frees...: 146526/146526 +~~ total memory allocated....: 11545654 bytes +~~ total memory freed........: 11545654 bytes +~~ total allocations/frees...: 216780/216780 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 563 chars ~~ json string max len.......: 2533 chars diff --git a/test/results/disable_protocols/quic-mvfst-27.pcapng.out b/test/results/disable_protocols/quic-mvfst-27.pcapng.out index 15dce6ad9..26005c74b 100644 --- a/test/results/disable_protocols/quic-mvfst-27.pcapng.out +++ b/test/results/disable_protocols/quic-mvfst-27.pcapng.out @@ -1,13 +1,13 @@ -00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 02250{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1326,"pkt_l4_len":1240,"thread_ts_usec":41432902,"pkt":"UlQAEjUCCAAnANMtCABFAATsAABAAEAR6jcKAAIPRav6D4x1AbsE2OWQzPrOsAIIrbuyBEpv1K8AAES+140kYx8r1I1jytRmSbOd1I6+euAu\/WCog0hZ7CK2vbiQaDsUNhduZ4TaOU+YwMwzr4tFRPY4WVcwFZYxf3JpeyRLGb56IxYnrJ+wVEN3bI7bVdKHF8LObpsuaNgGvwptfsH+rDACd3BONx\/QShlSNEGgtojOTAb3IBxaMPoBBrqk2vcqdCneK9x+zToW6kQDTdEd1IieGWgR+hdSwpMJLkz6epIDIJvr2+7hnKY8vsay1GJiKAlvxUurjQpspuMDfgvdh0iM6M1FrTv7rKzGyRXK46jvoMQof1iOAPHATgwqM4ZuYMuNvt\/y0p1tz148IXIa\/fLbIf\/jtx8RB3egC2zhGA2mbRbaurTTw48eZ\/8+UmFX\/pGgD39VTuQ0iy3fwQ4KqkHSAZwYDfMrqtGQuy3zdVoOJcB1EfGcQ\/j15ErCmDlRT7vkVVWnNzp5ac2qQ30IkEy79yMP2uQl+qcNCK7LBv3ES0ZAYMoMzeMHxcHojmxmY7m9pU8\/6TN1mmhBOL55YskIGgF5b9dubHYOHRFbIoVzLmlUMAC3n\/J8icXYhMzF+2LMmkFk5V6Ftpg6RFwazyDsV1VvAG0px\/ZReUsDZc2BpKOvPXUMcmmbi7J+4xk79GjDWU7qn9No\/9OgaUBSqlTMXjLKVw1AQS9DQbbP6Ljm2tjkBmxsNgiaX3ZHZdlEZ39g+pfa+C3d0\/Me91SnnyzofgyFHFf\/FZrz8kZlG+cPy3y6jToJU9oYVkDn4scTl9+EJRhVW2fiSh2BpNrkr1jxBS6nl0AbZVVuTjZo1emeItVe2pTwk9uLFdXZ\/CsWVBwjAwBQ8vxgzBGFWe9Cz3WpWkEzkAzQeOKzfLIFJb1PdMquNCwMajA4Jx\/Cl8vTf2306+VAoELddtYLnop0Ayp+TxS0Rn4I5pIhgtvtCnBaEOMmPLVrk2Tj6N4i6o4MT6NN2UsGMhl2jrLGVEchP8VeBBOrUPQTIvY+Xm1UQd6ud\/GSXz1lmW9JWN\/jvl2VrC\/dEdNNNDsuFT5DVQqiDS81yxHlMqpnUJtGOqdXBxl\/ipvbbIFVJMAxqaqhOIq9lLXVi0WRSrle2jY8C6byBzVmaXR9ob+Wj5JgOJ4dl6+zmTJfROyutrX06SLZW3iXBCGlGsJZa3VoAGsKr8R2PPaQW1IM5QBB1\/g3l2+\/8cMTpVbSj+AToLePRXNLpaht6\/i0lf5tmm5WeIZEw\/kp8XgE1IVG1OwCHdXi3LW8Ju6ZT6+NSDZYRl5iCIMOLeH+Uqa7zxr6BPSdijI5fZHwJ7CyzIIsLtNldUOOeWaUdszlpTm5UglrnEBk\/8+KIWEVomulKHSD78LbyMa2ZwRhHyUIoQUx3u628eG5WvmgiPmoWBpQq0SAcNJkibSZlfyukZBXk6ytoD7RL+6u7B+gDbgoIKW3EI2Vygx0786PDvzKNz\/jICcqh071958oOMWvZwK4wNNnPl+hmatacx8NLqlbU4\/qy23i+aLaPb\/wBxpmPXyakND4mOvFt3dmh\/yOVbINbAdZZ958R4K\/VXTGhgBSkxwXbKGKq+I\/xQwGAiri3PaDQBO6NYoKc0jqzc3rTGw44eUPJeiqQ8qEhbvrsfPi3A+VS5FRGlwZaAkkAdoB2gRkAwEAAAAAAAAAAAAAABYAAQACACEB2gAAAAAAAAAAAAAAAAAAAAANY6kd"} -01309{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","quic": {"tls": {"version":"TLSv1.3","ja3":"61d8a93ff379660087082a82411f19a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}}} +01335{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":41432902,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41432902,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":41432902,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"graph.facebook.com","quic": {"quic_version":"MVFST-27","tls": {"version":"TLSv1.3","ja3":"61d8a93ff379660087082a82411f19a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-fb-05","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}}}} 02276{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464206,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464206,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHoAAEARKapFq\/oPCgACDwG7jHUE7DGTx\/rOsAIACGUZSqSBwJ2mAETSQ4uzcebnNMDWiCLwgEqse1zwFbQeUwCYbirASYBY9Wqb\/AVucNo+1QzVbJaW9TpMoqvmNgwqhyeKJHn4nzURskXOXtyoQu1UCn4VWBURvJjr0Pri5khEPw4xAwDV7X2Rmmpwaw6btUsOaonrqKF\/SrLeyArFzwB+JFVws5mjdog13nZj3AyrnfXROIcoKcafi5iIMUPL8fCRhq9X7vo879HkMFFe\/UL0Z6KfMxRHk\/gm5EOke7DkOtpvDqjM8A17vn\/YA\/LmKAMC318G22YHyWoexSGb3BcRVBGh\/JnZslVfKZDHgCPKBJ6TZoECS2S1Lkq5nHD0FrjB28JkpPGddocsvTJ4gXR11CtFRogKRhcL6ToomCWSsXQm4N4h+xa8EUgP+Qp0EvdNEgFlkK7QzIbTOeUkbO0qojWV6pfET3Iov+\/apIMX2oqertd1yP5huAQbmPBJDrUV5aSXJ2n4942yy8nej3YOzA3244Ppj3KJ1FI9fYQWy94tzkcAq0MyyNAtAzVQrMQHV9+ftrN2eaUEuTAr5G712uv1AnCx12zkzS\/bPkH5HakesCqHiBdPHaH4mxGfceFuvWrXvk9k8noKiLgriTnvQwp\/saWNDkm8kvfm9PpqQm+XgxMCJ0tq2pG80BHbTgRQV8MdZ11XnvblfPEVlDFLqayo6KQYDuE9pUfQ+9AqEaxGVZRMSVRaIpJDPVqd0UHWM8ATc92GN71YPW\/frstXWA7sGYASVobLo1b3c8kYQSBM7dcU\/iqAkl+FksHEaC1aLZjGfaRKtnrpTDuyyUXcztv9cqa5wo9RQzervEK0UxM3gVjtBBX1mCaBfaZIZdXvbDZThkMu9RGphMLYrx9SqWAcKRkM9YhQ4qnUOJEDTD2qoX8miGa+JoKbQ6qKnL2RRJM\/0dLcmr8S6LVgNf3TuED+N3hbsZ9OBQ7xHjHnYpm\/+OxE3iCQ7O\/MjCEYbY876HUh2UXvGhRXGh19ilKbwQQLH+dz5uix38Q4qECRqV09vmTz3Swbe+BtJ26CqtxI2DYiDUkT56hG4GnrWss\/5mqds3b7uwxVTv8iRTcgWALX6YR8I8LcEwnW6P35r6yzQ8NmLvjaaqZkC\/6YKBBhBFJ4gpdUENYZBLszMz\/0jCicUWKWyfwMDGVvAlcFM7uVWLy8jO0qLX37EScSwg3DeIeQr72\/VcJHLle0Tm+dHFDyuGwxcML\/AaZe6mgicoiyETeB09Smyq9Y78I5wTornR4T1K0JN64JfYcnJe1\/YmYcW1VlHkcIRW6sSa0q5r9kPM+iCHOL7wY9T6OnVogbkFJzee5fZ+Oq9S8PvlK+4jsPkUzDv6d3+PRuP5JWYWDpXd8Qhym58OswJSKelR1rmXKN2C\/uxVLv3kgZxbiHXFdSArCkFj5BWP4WtRYPeuQ5VALz9l8XUPpyq\/09yKtHs\/TW2KvPCNoNxInVtL\/9V7UyFB2cFMukn2UUKBEJJUOWG0p+3sALv+tMcZpDx9cDnCtfccjlF6qNg6Io5OabNDbmM3UDOyuHva8jvqAsKtELxYaeOp5rbZaQ+wK7lDWDooe0BUvE8YL9NWtHK\/I2zrwe4HzXFx1p5ULH4KoSajttOnTnVRnoaPTH5vR+8nV092hE6ZD\/6m9zExloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAACg8yWg="} 02276{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464217,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464217,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHsAAEARKalFq\/oPCgACDwG7jHUE7Icwx\/rOsAIACGUZSqSBwJ2mAETStSk6pRwdyId1aH4WX4pVsk+hVtbLW4hKoqKIUKSo9tdUjjTVL5Yto7M3DICwaAoLYXCD+5dqw0TmZSrfqNiW2qJkNrsg0k\/kAdqV7j6+J9emg0iopVNY8z94Dkdknf05ci\/NoDXo7jX0aTp1J6GxxB8erH\/0SWZ+DyrbIMZ0xZ5SuS1DqMnN61NBKxN4\/jPv9ciPfLFFXyU0okn\/oJgJdQ4WrwMnOPK0yukS3dDQKMu5v+5h3OqBwQW1oLHmZA6rMWwlnpuiFU739YXcxuHETmzC2NOSBa0FZ1xSGByNv0mIS\/veQS6ztyCKi6cmIt52Goz5V26xn8ITbWRMKyzCQ9ygzGjFLSLB+V+ogEf08ganfO6W0dHJdPTEHqx274QToI6nzYBz8eQeCAoVd4nrh3slWslWTkHeQVW8sENY6mHlCHceqCHC8YwsKeoSN\/4JG6l1w4zyPArMZGkKB7jSxPuUQCGzOht7pw5Gk5Gp83Di44gZYUIyNVymDB16sT39aoraDeo5r5qBdNZ91SsMzaUcukPc+uOFPSAz0EuZbTe9n8OtdEkkzeGl9cG18rBcD7tfjxG18gi\/aTc\/Qsb2KdP82bZ\/OipJydJdUpM++DNflKBUq6VmZNq\/mEwBZaf36uML1LJOAoceV1rx2cgE7b5Wa2y583PSIvc0y8yCVCHd7UpFmIJOJrYMAiOgNdkL9i8G7a60vJ0BffKaiILbh52Cd\/gZSExquDEnfPS9pscJ3chfy\/\/FZGZ2CQbE65G5r2LgRj1a0KrZ\/O4ML+0k9MQaf9He5c\/jILvUKyvJwLUWG3lSoXOphrxABdatvx5PAii2lwtYhrYvxbQdkmGsIRtsvgWyth\/48R3yefn+bIHFq+Ln\/mQ4+8W6h+y9VYGjLy+j1gNFUujglm08r+aneixuCDo8NVE+WAW9F9bx6GkTQPaTP2\/obE0Ej5h95N8FRRXbNl8Q32+hc1BcPW7PYZhe4s7f99gVOs1PvusSkQjfl9x1h6vbtCoGsaxvv+KkMXJr040is81X8KUUNFqu8hZlZbEQdDUlK04iWVHyjfijDT4J15Tv7e9ZlWiE8P4TthJEkS\/V\/B6UFWx7NxNha5AI5q7ShAs7c3HMWi7ShahE0cUHWo1N0zwF8\/WnAGHEQUC8y4BhBQ7EaKwJ5nulzruzqp+D0MI00rZhOKTfBp6FWu0gmkwjBtMV14lN3KiO+Fugvl0PPD7usXWaKzR2dw4JslfP5IRxZB5PlrUhggAF+4XvJxhjRYhltzgO0VmcidYbokhyBxc5p8EN7Brdd5jbC5KWU5ziyf1Xh75DhXXM9GVyTUDxQyOG\/19oznEsnm6HNfViWsEBqqhaXc1PD0G1Ath517JUA\/pAp9aK6ha0kEfZOISLrdAh\/wfyRh1qF0vTiaYWT3z2kewwb2CKR6DkEQkLWuW6ksgBnomifnuXO\/A4qhCgYZUw8feNCqTOFonKJtx2NUnViJDtqHr07cnNA2vZFiN+8SsLW130LG60Uj0wsHpIPMQDNy88BvEV2fH8Yk1GkJTndWveloeKe4e8X8FUWonC0LnETHyEJoR6mY698HICIqyNVbCWwwIZl3RhkLsYcNRGWOHE1xH8nz2KWwIwVPQWegjsOIMvejTuWRloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAB\/S7Lg="} 02278{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464239,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464239,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHwAAEARKahFq\/oPCgACDwG7jHUE7Pun4vrOsAIACGUZSqSBwJ2mRNPUKyAFTiIR2D9LmWONp\/pKu58K8xL2QH3MMLvlIm5wZVpJfJuwyJ\/1M3tSAzTO7kjPI3eHBb9IFzJ5EM102smu6+dh1QdA\/XWl13B5U7mJXfZdgiMmoH6TMFeO9l59NUWVB3FrB1D+83n8F9jw5BVmkY2OPbmS9uXhO3oLJjNvzhgiz9LiL0Peg4iBHPZ3bnefg84NyqMA6bGiBHjw8O\/pggXBHbm0y039at\/mEzBf62LN0g+jv6L2c7tRnEpUns4cJX54tQ1bXJ5Hhxh3rT54lw4rrebaQCbwFhibEvqZWGljIGdjbOpa6liHVVmRN2tu\/GBhyOGb0StB\/jpkBjcqcM94pTjas7+bYnRrk8ZSgYviOw8nDLpc2na4yCaDVIVl\/pzppcM74NTbQKve3Nar7W9KbDiDSaMAENX7mwhYQ18bwd3uHY8CUMOGjo\/8euzZjkZ0fqCDRE3vdm4KLl5+4\/UkQuBZWoFk\/P2Heh0\/lgddV3IePrdA6fNLSr8BKSgLGA1ZasEncG2JczdCSpW32pij29+anl+pMYgG1xzrztWUD1ETcf6lrUI11Nrj+82\/V73yznpeq7b9VscUvGV9OZECREHrcvb+pZDpYZL6JhF9swDp8CcOJJW+kip95Ov52baFifgdWzSPIduRrqIdERwwU6uq\/xmextGbx1KqKtby8DZc51UT3zzVMYep8bkl6y02VlktPuEK9u+QMd79lD6CIjW6qp5UxTZUtg8jrVUa2qNaqIekUrye4Bzl97pIPdBT4PssDCFsKgu31Bpm8CKL+2xWNmPLUcDOBBgIHzzDBuznQ7cBUCzjZlif+hxsEmJy3g5g3\/xJNTjxK+car7ACp7B+H1R5WQpkSDWn\/gKlYeGIPW5T8mOqp4WAHeTZest5awJfealSj\/CfwMs\/1Df7bfDUHTG14VDKd\/hRegDw1cfzcn3rS+uwWfXIm+mNshIKscMmPDsExmAokd+CvN0JuzdGOibtj3vbwDU4vsLbdbgOXENLxvYoEKqOPmpluuCqkWSQX\/UTadmXu44AWmWGdRQUpe32qb\/M0fPPEznTo\/4YrREjJ5jLnXRjbVI3HR4NPEZW1W\/9+X5lPYycQDN0lnl1dTk4utJeAg2p\/gP3JOV+wA1ygYJ5wU1GjgsOdz+EiDWtAQ93xX+7PqU0RTfcJAMwYHLO8gHD8UmTyvey2jiJJMc\/NrEBM1a76byOqZW2ZpMIDjRCtGhGFGhw4tu7OsejTzxA6T4fkSVAM0RcHzuFFeX1yZp3G8u6suFgzreLYuvmcBrNhHUTfsEKl4+aUnvPAuGzXCYIejrOiP9DSMGN8i\/AdhOoP+4i52mM3bH5MLyVmx9EYwfM0+yRTPLIifi4gzjoQl39CwhJ5abQwEmy5yGBYVxIliLKOrnnK4U00GmZhnCirgfPFCTOe\/qKCIPE7b86iKQ6zDr+wGAH8x1\/Vr6JDpHoyfytADR6TA1MJzboAI\/u+WxBW60Mr8wra7Ky8MTEMtqEAV4MNy3QwSj+5Boi9v6UaR+XFmEdKxTqXYP3bAo1k89toaHV8RAROwWdWZYQWji2vw49SgOlspTK5LeZbdfL6JCEHPDOXosDytI1rgaUPivx6K5pOY3FnYb2NgiqwzaVvc4sqLOH\/hloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAImdn5Q="} 02280{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":41432902,"flow_dst_last_pkt_time":41464304,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_usec":41464304,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAH0AAEARKadFq\/oPCgACDwG7jHUE7NYs4\/rOsAIACGUZSqSBwJ2mRNOp9fQvn1f7lG72Bw+E6NBO8LR8mD6RkYoGJj7YIoOLkr2BWwfK0spPYy+zYGWX+a+c9rHGaE\/8AFsGVmGd26vTDA2yukmOJUfOmTtJz95HrnPFSG+\/TXHqQjk5klIE16FLBeiNi6m\/ct8wPGJ9RUbZqJaLVts+GZFzeMSRX+eYZERYnLYtPQPOywMGAZR5dzRsdw3jDQYkcN53aPm0lceepojo42lKerw8v6LOu22kD+71z4QDa4KbQzfUDp3LH6BpZQ6IsP9xHtu8kvC1sMujkXVqWo4PwU1vr8utquEF9g6Edj1O8CnayP2acmvLS9hrhF7CGL\/\/\/DnocizH0vNxW1ov+oyWwjbcB4cKqjTFeavm8o80oXs5etE\/0w5eFp+lmQaKzY0Y3yFmQ4u8brDlmcVIExhEgggZeFVC9lL9oOJw+T9YQyahiK65vbSi1+dot2yavrzsTWJiTor0nyNgEiCiviGKK3Ugt6GYCifHXPC+ko\/\/b1QvveO8QmYiv8AP2V\/SWNC14hUcS+VAN8JRlCbBPMNZf5CGc1GwEg+7a4289LEunmnUX2jPN9vYfHH58+XntmHmuXoNXd+GAXGmBpL3pm9he0pLxavwsdTVC6qK8sKWNygxAdWjfNWfqF5l0iTI6JYa4\/y33xaYPcLxg2NKR5k5UeV+DbMoZh5oLZlH+HG0w8grzsBY0UqgdK4AyP+poGSbQAEMRSIkOomtrtelNM\/CJ7PizVrNKpGbp+EpEXMTlKKu9mAH5wfJW5yjomiaaWvGIaq7gLWY9llWYvKDLPe+Ot\/Zlo70lUm2Wen8purBfU4\/v6CMzqcAGFEkRA8xMmhdxqR55Nj0wKZs+RQeJinGAS0a8g3PGJbOybsinObB6I0QXHDA\/BCZjPyuqT029QJULHNw4IqshshnGFg3nbzChRrWQc0AiB5OcsWclYM82EXN8ST8RvLF1WKcSxiSUqZRBPt4kZeVgU6dUletzdTTtDjmZcMX6Dpoo8d0S1zQL01nH0uioe7eYaw9k\/Piatckxd0yCv9fyOSwNFhCKxpC1GXBWqlnzr5Xkx8pHwnfnGUKyYsQ42dNNkbszwP1I6YjcrEdp4kQ3sTLrEmlVAvA4aTA0MKDmYMzxz3zBJIZV6dv1qjp7tD0dSAly35BlkwSJjGxKF9J5GgFKfSnvAs\/OiBf9hVa+A6yxuM4HtZTS\/zRldyW57HwUxn5Qy4K6cscwe\/7EfDGt+KoQI83PH5+fargDPhSWZK8UtA+jWy2oF5ALL8zgGosqXNMsOm5dKcPAdecM\/pz1MIewkul7sxt\/JgvAFL67lq7QvvnpQzr8lJgqwZzwBrBvGj9NKkaDXeHsynidTbkbLez1tjvdUEDeISKE7lW\/ojOz\/Lqe\/T7KSL5gyQyjF97d9xNrPNTeh\/HfJdKZ\/zWpQOiu67yweKqxgA9dorbSGAD+RdOGT7rQYJQusp\/jzG9SNrMyUzV7HK3K\/pEUqwZWMz+QAHUA3RloM07jN1F3nkICmQ4z3jHqqH2nY3JfZ5N0+1Qbuerb\/7N+BqOS9LICONl+GduIvQlJ6k18z\/aBuv25LlGUp9XFoS9b0Hk1oEaH7ReOgL6Cc+6IEzZSF3euyrFMEVMA\/mrlSkSX25Uc7jz7gii7RloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAPxWaP0="} 01098{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":13,"flow_first_seen":41432902,"flow_src_last_pkt_time":50364890,"flow_dst_last_pkt_time":50392661,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":2538,"flow_dst_tot_l4_payload_len":6981,"midstream":0,"thread_ts_usec":50392661,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC.Facebook","proto_id":"188.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} -00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":50392661} +00645{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/quic-mvfst-27.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":50392661} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -16,9 +16,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7777444 bytes -~~ total memory freed........: 7777444 bytes -~~ total allocations/frees...: 146412/146412 +~~ total memory allocated....: 11486063 bytes +~~ total memory freed........: 11486063 bytes +~~ total allocations/frees...: 216666/216666 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 586 chars ~~ json string max len.......: 2285 chars diff --git a/test/results/disable_protocols/soap.pcap.out b/test/results/disable_protocols/soap.pcap.out index fa472b3a6..014a62d93 100644 --- a/test/results/disable_protocols/soap.pcap.out +++ b/test/results/disable_protocols/soap.pcap.out @@ -1,5 +1,5 @@ -00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946731321416000} +00570{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00632{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":946731321416000} 00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321416000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":946731321416000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321416000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731321416000,"pkt":"eJS0JASgYDjgxTWgCABFAAA0Js1AAH8GJUPAqAJkFwLVpcO0AFABqrpoAAAAAIAC+vBEVAAAAgQFtAEDAwgBAQQC"} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":946731321416000,"flow_dst_last_pkt_time":946731321441000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":946731321441000,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADwGjxAXAtWlwKgCZABQw7Tpz83XAaq6aYAS+vCMpAAAAgQFrAEBBAIBAwMH"} @@ -9,7 +9,7 @@ 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 02474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_usec":946731326059000,"pkt":"eJS0JASgYDjgxTWgCABFAAXUJtNAAH8GH53AqAJkFwLVpcO0EFABqrpp6c\/N2FAQAQTI+AAAUE9TVCAvZndsaW5rLz9MaW5rSUQ9MjUyNjY5JmNsY2lkPTB4NDA5IEhUVFAvMS4xDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpDb250ZW50LVR5cGU6IHRleHQveG1sOyBjaGFyc2V0PSJVVEYtMTZMRSINClVzZXItQWdlbnQ6IE1JQ1JPU09GVF9ERVZJQ0VfTUVUQURBVEFfUkVUUklFVkFMX0NMSUVOVA0KU09BUEFjdGlvbjogImh0dHA6Ly9zY2hlbWFzLm1pY3Jvc29mdC5jb20vd2luZG93c21ldGFkYXRhL3NlcnZpY2VzLzIwMDcvMDkvMTgvZG1zL0RldmljZU1ldGFkYXRhU2VydmljZS9HZXREZXZpY2VNZXRhZGF0YSINCkNvbnRlbnQtTGVuZ3RoOiAzNjEyDQpIb3N0OiBnby5taWNyb3NvZnQuY29tDQoNCv\/+PAA\/AHgAbQBsACAAdgBlAHIAcwBpAG8AbgA9ACIAMQAuADAAIgAgAGUAbgBjAG8AZABpAG4AZwA9ACIAVQBUAEYALQAxADYAIgA\/AD4APABzADoARQBuAHYAZQBsAG8AcABlACAAeABtAGwAbgBzADoAcwA9ACIAaAB0AHQAcAA6AC8ALwBzAGMAaABlAG0AYQBzAC4AeABtAGwAcwBvAGEAcAAuAG8AcgBnAC8AcwBvAGEAcAAvAGUAbgB2AGUAbABvAHAAZQAvACIAPgA8AHMAOgBIAGUAYQBkAGUAcgA+ADwAaAA6AGMAZAAgAHgAbQBsAG4AcwA6AGgAPQAiAGgAdAB0AHAAOgAvAC8AcwBjAGgAZQBtAGEAcwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwB3AGkAbgBkAG8AdwBzAG0AZQB0AGEAZABhAHQAYQAvAHMAZQByAHYAaQBjAGUAcwAvADIAMAAwADcALwAwADkALwAxADgALwBkAG0AcwAiAD4APABoADoAYwB2AD4AMQAwAC4AMAAuADEAOQAwADQAMwA8AC8AaAA6AGMAdgA+ADwAaAA6AGMAYwA+AEQARQBVADwALwBoADoAYwBjAD4APAAvAGgAOgBjAGQAPgA8AC8AcwA6AEgAZQBhAGQAZQByAD4APABzADoAQgBvAGQAeQA+ADwARABlAHYAaQBjAGUATQBlAHQAYQBkAGEAdABhAEIAYQB0AGMAaABSAGUAcQB1AGUAcwB0ACAAeABtAGwAbgBzAD0AIgBoAHQAdABwADoALwAvAHMAYwBoAGUAbQBhAHMALgBtAGkAYwByAG8AcwBvAGYAdAAuAGMAbwBtAC8AdwBpAG4AZABvAHcAcwBtAGUAdABhAGQAYQB0AGEALwBzAGUAcgB2AGkAYwBlAHMALwAyADAAMAA3AC8AMAA5AC8AMQA4AC8AZABtAHMAIgA+ADwATABvAGMATABpAHMAdAA+ADwAbABvAGMAPgBNAHUAbAB0AGkATABvAGMAPAAvAGwAbwBjAD4APABsAG8AYwA+AGQAZQAtAEQARQA8AC8AbABvAGMAPgA8AGwAbwBjAD4AZABlADwALwBsAG8AYwA+ADwALwBMAG8AYwBMAGkAcwB0AD4APABNAEkARABSAGUAcQB1AGUAcwB0AHMAPgA8AGcAZABtAGQAbQBpAGQAPgA8AHIAaQBkAD4ANwA8AC8AcgBpAGQAPgA8AG0AaQBkAD4AQQBGAEYANABCAEQAMgAxAC0ARgBGADIANgAtADUAMQBGADYALQA4ADMANgA1AC0AMQA3ADgAOAA1AEYAMwA4ADYAQwA3AEQAPAAvAG0AaQBkAD4APAAvAGcAZABtAGQAbQBpAGQAPgA8AC8ATQBJAEQAUgBlAHEAdQBlAHMAdABzAD4APABIAFcASQBEAFIAZQBxAHUAZQBzAHQA"} 01404{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":946731326059000,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.SOAP","proto_id":"7.253","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud","hostname":"go.microsoft.com","http": {"url":"go.microsoft.com\/fwlink\/?LinkID=252669&clcid=0x409","code":0,"content_type":"","user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","request_content_type":"text\/xml"}}} -00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1639054092487860} +00640{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-payload-len":6104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1639054092487860} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639054092487860,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639054092487860,"l3_proto":"ip4","src_ip":"185.32.192.30","dst_ip":"85.154.114.113","src_port":80,"dst_port":56028,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092487860,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1639054092487860,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAANKG0QADxBqbEuSDAHlWacnEAUNrcPMefU5W6cMWAEjhAOLcAAAIEBbQBAwMABAIAAA=="} 02184{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1639054092487860,"flow_dst_last_pkt_time":1639054092538042,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1285,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1285,"pkt_l4_len":1247,"thread_ts_usec":1639054092538042,"pkt":"AAAAAAAAAAgAAAAIgQADKAgARQAE88IlQAB\/BvOUVZpycbkgwB7a3ABQlbpwxTzHn1RQGAIF1wgAADw\/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04Ij8+DQo8Wk1lc3NhZ2UgdGFyZ2V0PSJaQkJQLjEuUmVzb2x2ZUtJRCIgbWlub3I9IjM1IiBwYXJhbWhlYWRlcmxlbmd0aD0iMTE0IiBzaWduYXR1cmU9IkxXa1YzenFpNWFtVUUxUlVvTmtRT3cwdVhZNHczc0dXQncyMkdxYnRqZkFyS0VjanVjS2Z6ZUcydkNybjluZUIzNXlzc2xFZytJcUlDZkRHdk9qRkxJcDlBcHB2ZXJZNTBNS09WZHM4L1BGU2dwRG5oNE91UTg3Q3pKRXZUUkJZMldGakpOaS85NmY1ZktmSklqczQ5bElzcFpyZVRGWVNxYWZ4VDRPNCszbnd2MFpQYUtJNzI4akE3RWNUTUxwelZtc0RJaTBJU2srR21nOW85d3V0UXg2NEprdjdGdlFkQU1nYlVnWDhVaU1MTnRHQWVqSHBLTG1rdWo3TSsxSTNib0IraVg3MTAxaytIZGpaVmQrSjhaS0VNSkJnYTBJNjRLdmZPK2tNb1UzRVNSSm5wbWdVVmZVblVZckl4dDFHZFFMckhsa2hhZVZicUdaMzB2V2E4Zz09IiBzaWduZXI9InlNMmYzbGMzSjZSbTR3ODlmRGhlYm5RMXNxY3NBV2N0eFJiM3BDSFloTktUTnZiazlNM1pLRk9xYjIveE5hN3NaR1I4bm10c0U4T2lnaStLR2xrbndSNWx0SW9CODc1Tk8rRitWTCszYVdySlN2Zm5MQ2dCSlRMV1BwKyt1SUlqZUlCanYrTXB1S0xRM2NTMDMwQlRnUEk1dWlrS0l6Q1A0eEZucUFVampoWE9RVTR3WDMrRG1PczdEbm5QczhhZTk2UkNzWmVmZ0xpMzAyL281ZDVMRDJ1SnBEMUlmSnQ1Y1U1Y3V5UW5jYTRhd2M4bGhTcmFQbDlNNEpja29sQWt5cVlCNzg0UitKVVhYTExpKytjbHEzR1l4U2NJNjRyZHRKZWNWVENZRVcvUTJGU2VXV1c2UE9RdlBRNGZ3aFVPZEM0L05MSVJKdU9lTVAyVG9Ed3NNUT09IiBrZXk9ImduR1dLWGJFVzQwbHZHV1FxbkVKZWdtcXJCSXdBRVZtUmQwRzlJaDMzVCsycnBtRTY5WUQybHhNNHpzNy9weDVFOFRaSjdvYnV5ZVNpNTIvazZMeGp2ZWtkNTdVeTR5QSttaEZ5c1o5UGFXdHVobzRac2oyQ0NaenBjcXhRSW5pL1E4UDY4QkJSeWhKd0hVZHNmMjUxS3RLdmwzdWZFN0VpK254Rnk2bUlVZUptckpjT3U5L1dsNndUTkwxRUVrQmJzL0NIT2pQSlFpUi84UlFOdVN4aDRWYVRnNlFKM0VhVUFhYzFkV2REQmx5dmpUYzZHTnczbFUrdUtDQitpR05xeFNwSlIxMHlQS3VRR1h4S1N3ZTVOVGNuQnFmQncwZC9FMVZ6dWdmVEtqUXFDbmt4TjVEUnlWWEJwTkFyVnNjek4xMlZwdkJpdENUa25ObEhWOHMzdz09IiBpbml0dmVjdG9yPSJkWWhYYVRRWmVUaGZsTUc2VGJCdzN3PT0iPg0KPC9aTWVzc2FnZT4NCg=="} @@ -21,7 +21,7 @@ 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":946731326059000,"flow_src_last_pkt_time":946731326059000,"flow_dst_last_pkt_time":946731326059000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1452,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1452,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":4176,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00964{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} 00787{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":946731321416000,"flow_src_last_pkt_time":946731326407000,"flow_dst_last_pkt_time":946731326431000,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1452,"flow_dst_max_l4_payload_len":296,"flow_src_tot_l4_payload_len":4356,"flow_dst_tot_l4_payload_len":296,"midstream":0,"thread_ts_usec":1639054092826381,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"23.2.213.165","src_port":50100,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9746,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1639054092826381} +00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"cfgs\/disable_protocols\/pcap\/soap.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-payload-len":9746,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1639054092826381} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -30,9 +30,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7775867 bytes -~~ total memory freed........: 7775867 bytes -~~ total allocations/frees...: 146421/146421 +~~ total memory allocated....: 11484454 bytes +~~ total memory freed........: 11484454 bytes +~~ total allocations/frees...: 216675/216675 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 549 chars ~~ json string max len.......: 2479 chars diff --git a/test/results/disable_stun_monitoring/lru_ipv6_caches.pcapng.out b/test/results/disable_stun_monitoring/lru_ipv6_caches.pcapng.out index cfae08474..a51b75fc0 100644 --- a/test/results/disable_stun_monitoring/lru_ipv6_caches.pcapng.out +++ b/test/results/disable_stun_monitoring/lru_ipv6_caches.pcapng.out @@ -1,12 +1,12 @@ -00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00652{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639052947835473} +00589{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00652{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639052947835473} 00851{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":22,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052947835473,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052947835473,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":84,"pkt_l4_len":30,"thread_ts_usec":1639052947835473,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAAB4RNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgAeVVyAyQABc057KIAAAAURUN3Xuv65y9fO"} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639052947835473,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948008616,"pkt":"AAAAAAAAAAUAny4Oht1gCOxqADoRPyDtRw9vc85gYL6LT983sIAy+\/lnaB7pa\/rOsAwAAHT9sloNlgA6KoqAyQABWl1ZNGNoadjLndjyhIQdR3eb9BFhVVqa3fOaaflunNCAAAAByaRnP87SPV4aWA=="} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1639052948274471,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948274471,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAADoRNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgA67jSAyQABc057KPtqh0GuGNqHQpVdUH9DbV7N1xxXOtXJtJqdGPOAAAAGtXeTrpTWaBsieQ=="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1639052948289476,"flow_dst_last_pkt_time":1639052948008616,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":84,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":84,"pkt_l4_len":30,"thread_ts_usec":1639052948289476,"pkt":"AAAAAAAAAAIAiPwTht1gAAAAAB4RNTL7+WdoHulr+s6wDAAAdP0g7UcPb3POYGC+i0\/fN7CADZayWgAecUyAyQABc057KIAAAAeHMLnCpIkbax7n"} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639052948289476,"flow_dst_last_pkt_time":1639052948301493,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":112,"pkt_l4_len":58,"thread_ts_usec":1639052948301493,"pkt":"AAAAAAAAAAUAny4Oht1gCOxqADoRPyDtRw9vc85gYL6LT983sIAy+\/lnaB7pa\/rOsAwAAHT9sloNlgA6RJGAyQABkTlfEc51q66FXyPDwam3nbBa6WicqgKI89C6hGhWlhyAAAAFFpuu1SLHCT7WvA=="} -01092{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":6,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052948665588,"flow_dst_last_pkt_time":1639052948452760,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":144,"flow_src_tot_l4_payload_len":268,"flow_dst_tot_l4_payload_len":356,"midstream":0,"thread_ts_usec":1639052948665588,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"num_pkts":3,"num_binding_requests":2,"num_processed_pkts":3}}} +01017{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":8,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052948289476,"flow_dst_last_pkt_time":1639052948310769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":68,"flow_src_tot_l4_payload_len":94,"flow_dst_tot_l4_payload_len":212,"midstream":0,"thread_ts_usec":1639052948310769,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} 00855{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052948897167,"flow_src_last_pkt_time":1639052948897167,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052948897167,"l3_proto":"ip6","src_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","dst_ip":"3024:e5ee:ac2f:cd76:5dd6:a7a1:f17f:5c27","src_port":6881,"dst_port":60506,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1639052948897167,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052948897167,"pkt":"AAAAAAAAAAgAVrKUht1gDMK7ABwRPzmRBy0zbmXsxb+l+oOtI94wJOXurC\/Ndl3Wp6Hxf1wnGuHsWgAcMekhAKzS+CpD0rrw8PwAEAAA1ElsQg=="} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1639052948898635,"flow_dst_last_pkt_time":1639052948897167,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052948898635,"pkt":"AAAAAAAAAAgAVrKUht1gDMK7ABwRPzmRBy0zbmXsxb+l+oOtI94wJOXurC\/Ndl3Wp6Hxf1wnGuHsWgAcMDchAKzS+CpIPbrw7kIAEAAA1ElsQw=="} @@ -33,7 +33,7 @@ 00709{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1639052959035612,"flow_dst_last_pkt_time":1639052950545675,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":166,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":166,"pkt_l4_len":112,"thread_ts_usec":1639052959035612,"pkt":"AAAAAAAAAAgAVrKUht1gCe0yAHARPzmRBy0zbmXsxb+l+oOtI94v2h+KwQeIpOUJ0uFEX\/NMGuEa4QBw7ZJkMTphZDI6aWQyMDrlXFuiZTjDuuw6Y5fpKld4tI\/Cxjk6aW5mb19oYXNoMjA65VxdggPDJDvaNdNt\/L2j+bkuqMllMTpxOTpnZXRfcGVlcnMxOnQyOiVoMTp2NDpMVAECMTp5MTpxZQ=="} 00852{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":55,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052961890141,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="} -01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":55,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052961890141,"flow_src_last_pkt_time":1639052961890141,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052961890141,"l3_proto":"ip6","src_ip":"2118:ec33:112b:7908:2c80:27ff:fef7:d71f","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":48415,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_src_last_pkt_time":1639052961892484,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052961892484,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="} 00775{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_src_last_pkt_time":1639052962142439,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052962142439,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgAKARPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgCgpJ0AAwCEIRKkQlM3RnRRL3Y2ay9PMkAAAGYJEFPqNE7VJH5jscfXNsYhb98E3U++3ioUwgZB8WeSBCDE8Hv0qlQ7VYtVkKskkvqRH1iLwzoIGi7Dz\/tzqvCpnwhdkVyqhKbzd8NfXZRNbjB3f0ByPdFFironKHaSXUOOxWFCn10AAAAIABS86wFVtBJv5aANWhLlzvJVsxeNfg=="} 00595{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":4,"flow_src_last_pkt_time":1639052962191138,"flow_dst_last_pkt_time":1639052961890141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052962191138,"pkt":"AAAAAAAAAAMAU5f1ht1gBTxgABwRPyEY7DMRK3kILIAn\/\/731x8y+\/lnaB7pa\/rOsAwAAHT9vR8NlgAcBsoIAQAAIRKkQkNDRkplV05Uc1dQcw=="} @@ -59,11 +59,11 @@ 01630{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":75,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1639052974554138,"flow_src_last_pkt_time":1639052974704415,"flow_dst_last_pkt_time":1639052974554138,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1360,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2720,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052974704415,"l3_proto":"ip6","src_ip":"2001:db8:200::1","dst_ip":"2001:db8:1::1","src_port":443,"dst_port":44192,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TLS.Cloudflare","proto_id":"91.220","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.bikroy.com,sni.cloudflaressl.com,bikroy.com","notafter":"2022-06-28 23:59:59","ja3":"","ja3s":"9ebc57def2efb523f25c77af13aa6d48","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3","subjectDN":"C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com","negotiated_alpn":"h2","fingerprint":"FA:93:76:9C:39:4D:08:97:FA:8F:CE:80:E4:7A:8F:8E:CF:71:30:A0"}}} 00852{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052978452441,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvABwRPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgAcl50IAQAAIRKkQlo5L3NwNkJKYzZoYw=="} -01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052978452441,"flow_src_last_pkt_time":1639052978452441,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052978452441,"l3_proto":"ip6","src_ip":"3297:a1af:5121:cfc:360b:2e07:872f:1ea0","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":43865,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1639052978709090,"flow_dst_last_pkt_time":1639052978452441,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052978709090,"pkt":"AAAAAAAAAAcAaiX8ht1gC8SvAKARPzKXoa9RIQz8NgsuB4cvHqAy+\/lnaB7pa\/rOsAwAAHT9q1kNlgCgYyEAAwCEIRKkQk1ENkhOcE43bVdyN0AAAGYJEB5qy\/i6apiRZvn3XMXkctbCLKVSgdE+etIaSO7JbOt8VgBwQ6PpOhc8GnE1mfqvDmlkq2e8sWOF\/9QSZ9+\/3ZsaHutXU4\/yA\/LvUyR73PqXq7vvVwk5ZocXkuyrjHvs93CEXbgAAAAIABTHiAxW9AnRlqecEToF0hfWjRUykA=="} 00852{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1639052979210381,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yABwRPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgAc0j0IAQAAIRKkQk5zWlZOMGtRWWlzeg=="} -01224{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01153{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":78,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052979210381,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052979210381,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00776{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_src_last_pkt_time":1639052979210765,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":214,"pkt_l4_len":160,"thread_ts_usec":1639052979210765,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAKARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCgt74AAwCEIRKkQkhCZVJqYUhKN2FOWUAAAGYJEMzluAd5ZUXHIG6GisEWroK42o70dYdL4WqSdPq9VYO3OjGxFI7w7pBgN3c6YR8KjSMY+2Ef8toiPPzGNZ6A1i89fknsYqJ9SYub5TFTaEnS4NE02DKCNshJ0L2AWj8kO7uEBsUAAAAIABTng0rXsLYilkJ4duCqCg2pGBOUjQ=="} 00755{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_src_last_pkt_time":1639052979218699,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979218699,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQ\/5MAAQB0IRKkQkJ5RTBTMEFLcS8yZQAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABTKxPaKL217enpIf2AGYjmMTGV454AoAATAmK\/f"} 00754{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":4,"flow_src_last_pkt_time":1639052979381748,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":198,"pkt_l4_len":144,"thread_ts_usec":1639052979381748,"pkt":"AAAAAAAAAAQAY\/4nht1gAT9yAJARPzBpxiQdQpRpmLFn\/\/5DAyUy+\/lnaB7pa\/rOsAwAAHT920MNlgCQrREAAQB0IRKkQjY4V3ltQWRhSzZoTAAGADFFREdFUkFZX0RFRkFVTFRfVVNFUk5BTUU6RURHRVJBWV9ERUZBVUxUX1VTRVJOQU1FAAAAwFcABAAEAAqAKgAI69zqOpyEPKUAJAAEbn8o\/wAIABQoQCd0hET\/ud5uUOzbGiF4yVYzZoAoAASXw0bX"} @@ -80,7 +80,7 @@ 01048{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":16,"flow_first_seen":1639052947835473,"flow_src_last_pkt_time":1639052950067975,"flow_dst_last_pkt_time":1639052950546662,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":144,"flow_src_tot_l4_payload_len":744,"flow_dst_tot_l4_payload_len":846,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"32fb:f967:681e:e96b:face:b00c::74fd","dst_ip":"20ed:470f:6f73:ce60:60be:8b4f:df37:b080","src_port":3478,"dst_port":45658,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01182{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":0,"flow_first_seen":1639052979210381,"flow_src_last_pkt_time":1639052981556623,"flow_dst_last_pkt_time":1639052979210381,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1276,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"3069:c624:1d42:9469:98b1:67ff:fe43:325","dst_ip":"32fb:f967:681e:e96b:face:b00c::74fd","src_port":56131,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01301{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":88,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":0,"flow_first_seen":1639052950309556,"flow_src_last_pkt_time":1639052960302401,"flow_dst_last_pkt_time":1639052950309556,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":548,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1839,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639052981556623,"l3_proto":"ip6","src_ip":"2a2f:8509:1cb2:466d:ecbf:69d6:109c:608","dst_ip":"3991:72d:336e:65ec:c5bf:a5fa:83ad:23de","src_port":62229,"dst_port":6881,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"BitTorrent","proto_id":"37","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download"}} -00665{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":88,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_usec":1639052981556623} +00665{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":88,"source":"cfgs\/disable_stun_monitoring\/pcap\/lru_ipv6_caches.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":88,"packets-processed":88,"total-skipped-flows":0,"total-l4-payload-len":15254,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":83,"global_ts_usec":1639052981556623} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 88/88 ~~ skipped flows.............: 0 @@ -89,9 +89,9 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7807684 bytes -~~ total memory freed........: 7807684 bytes -~~ total allocations/frees...: 146604/146604 +~~ total memory allocated....: 11516127 bytes +~~ total memory freed........: 11516127 bytes +~~ total allocations/frees...: 216858/216858 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 594 chars ~~ json string max len.......: 2417 chars diff --git a/test/results/enable_doh_heuristic/doh.pcapng.out b/test/results/enable_doh_heuristic/doh.pcapng.out index 8f4c8df40..be365cb03 100644 --- a/test/results/enable_doh_heuristic/doh.pcapng.out +++ b/test/results/enable_doh_heuristic/doh.pcapng.out @@ -1,16 +1,16 @@ -00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623220847881632} +00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1623220847881632} 00779{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847881632,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847881632,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1623220847881632,"pkt":"pJGxgjQ53KYyW3JVCABFAAA8GoVAAEAGW5DAqAH9AQEBAYycAbvJgv8BAAAAAKAC+vDR+gAAAgQFtAQCCAq18KmgAAAAAAEDAwc="} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1623220847881632,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1623220847893990,"pkt":"3KYyW3JVpJGxgjQ5CABFAAA0AABAADgGfh0BAQEBwKgB\/QG7jJzQgMYoyYL\/AoAS\/\/+80AAAAgQFtAEBBAIBAwMK"} 00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1623220847894289,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623220847894289,"pkt":"pJGxgjQ53KYyW3JVCABFAAAoGoZAAEAGW6PAqAH9AQEBAYycAbvJgv8C0IDGKVAQAfb7rwAAAAAAAAAA"} 00888{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":315,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":315,"pkt_l4_len":281,"thread_ts_usec":1623220847903684,"pkt":"pJGxgjQ53KYyW3JVCABFAAEtGodAAEAGWp3AqAH9AQEBAYycAbvJgv8C0IDGKVAYAfbHEwAAFgMBAQABAAD8AwPoLOpgwE25psercF8dtgS9urXcGuIXWON7hv8MEOxxwCBmK04kA9gzmAQCdEKOzz6ZUSvZIzIKAJ4xNU24mlRHDQAmzKjMqcAvwDDAK8AswBPACcAUwAoAnACdAC8ANcASAAoTAxMBEwIBAACNAAUABQEAAAAAAAoACgAIAB0AFwAYABkACwACAQAADQAaABgIBAQDCAcIBQgGBAEFAQYBBQMGAwIBAgP\/AQABAAAQAA4ADAJoMghodHRwLzEuMQASAAAAKwAJCAMEAwMDAgMBADMAJgAkAB0AIBKfRS3py5Rs1YQ6EAtEgG+yypeHCfHggy9eoe\/nh6Bu"} -01284{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847903684,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"7c1e207beb00684bbbe144f1b0abe1d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +01394{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847893990,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623220847903684,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"7c1e207beb00684bbbe144f1b0abe1d5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847916856,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623220847916856,"pkt":"3KYyW3JVpJGxgjQ5CABFAAAoTTlAADgGMPABAQEBwKgB\/QG7jJzQgMYpyYMAB1AQAEL8XgAAAAAAAAAA"} -01335{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847919967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623220847919967,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"7c1e207beb00684bbbe144f1b0abe1d5","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} -02288{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220894239868,"flow_dst_last_pkt_time":1623220878891197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":606,"flow_dst_tot_l4_payload_len":3569,"midstream":0,"thread_ts_usec":1623220894239868,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":2495735.5,"max":15359810,"stddev":5583085.5,"var":31170844688384.0,"ent":2.4,"data": [12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810]},"pktlen": {"min":46,"avg":174.8,"max":1500,"stddev":350.9,"var":123099.2,"ent":3.6,"data": [60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0],"entropies": [4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -01096{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":61,"flow_dst_packets_processed":59,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220970655801,"flow_dst_last_pkt_time":1623220970669537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1881,"flow_dst_tot_l4_payload_len":5821,"midstream":0,"thread_ts_usec":1623220970669537,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":120,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":7702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1623220970669537} +01445{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220847903684,"flow_dst_last_pkt_time":1623220847919967,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":261,"flow_dst_tot_l4_payload_len":1460,"midstream":0,"thread_ts_usec":1623220847919967,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"7c1e207beb00684bbbe144f1b0abe1d5","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}} +02398{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220894239868,"flow_dst_last_pkt_time":1623220878891197,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":606,"flow_dst_tot_l4_payload_len":3569,"midstream":0,"thread_ts_usec":1623220894239868,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":2495735.5,"max":15359810,"stddev":5583085.5,"var":31170844688384.0,"ent":2.4,"data": [12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810]},"pktlen": {"min":46,"avg":174.8,"max":1500,"stddev":350.9,"var":123099.2,"ent":3.6,"data": [60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46]},"bins": {"c_to_s": [12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0]},"directions": [0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0],"entropies": [4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245]},"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01206{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":120,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":61,"flow_dst_packets_processed":59,"flow_first_seen":1623220847881632,"flow_src_last_pkt_time":1623220970655801,"flow_dst_last_pkt_time":1623220970669537,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":261,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":1881,"flow_dst_tot_l4_payload_len":5821,"midstream":0,"thread_ts_usec":1623220970669537,"l3_proto":"ip4","src_ip":"192.168.1.253","dst_ip":"1.1.1.1","src_port":35996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +00649{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":120,"source":"cfgs\/enable_doh_heuristic\/pcap\/doh.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":120,"packets-processed":120,"total-skipped-flows":0,"total-l4-payload-len":7702,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1623220970669537} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 120/120 ~~ skipped flows.............: 0 @@ -19,10 +19,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7780163 bytes -~~ total memory freed........: 7780163 bytes -~~ total allocations/frees...: 146497/146497 +~~ total memory allocated....: 11488782 bytes +~~ total memory freed........: 11488782 bytes +~~ total allocations/frees...: 216751/216751 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 548 chars -~~ json string max len.......: 2293 chars -~~ json string avg len.......: 1355 chars +~~ json string max len.......: 2403 chars +~~ json string avg len.......: 1409 chars diff --git a/test/results/enable_payload_stat/1kxun.pcap.out b/test/results/enable_payload_stat/1kxun.pcap.out index 219492d34..b40c14c2f 100644 --- a/test/results/enable_payload_stat/1kxun.pcap.out +++ b/test/results/enable_payload_stat/1kxun.pcap.out @@ -1,5 +1,5 @@ -00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} +00573{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1470104373025824} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_usec":1470104373025824,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} 00935{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373025824,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":26,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104373025824,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -75,10 +75,10 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_src_last_pkt_time":1470104378045058,"flow_dst_last_pkt_time":1470104377634537,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104378045058,"pkt":"AQBeAAD8zD2CHu7jCABFAAA0LRgAAAER5c3AqAUv4AAA\/PCjFOsAIMFmoAAAAAABAAAAAAAABlJPX1gxQwAA\/wAB"} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104378045695,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD5ZsU6wAmcsn2BAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} -01081{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01089{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378045695,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045695,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378045747,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045747,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378045747,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1470104378045747,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxQAAAER6ZvAqANf4AAA\/OWbFOsAJvTF9gQAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} -01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378045747,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045747,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378045747,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045747,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":45,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045830,"flow_src_last_pkt_time":1470104378045830,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045830,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00708{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_src_last_pkt_time":1470104378045830,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1470104378045830,"pkt":"AQBef\/\/6\/PiuMpcsCABFAAChLEEAAAER2QnAqANf7\/\/\/+uhMB2wAjbUvTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="} 00975{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":45,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045830,"flow_src_last_pkt_time":1470104378045830,"flow_dst_last_pkt_time":1470104378045830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104378045830,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"239.255.255.250","src_port":59468,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}} @@ -133,10 +133,10 @@ 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_src_last_pkt_time":1470104379119373,"flow_dst_last_pkt_time":1470104379119336,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379119373,"pkt":"TF4M6gNlABxCjnAxCABFAAA0UdlAAIAG5ojAqHMIarsj9sHEAFAS7Ia1AAAAAIACIAAxwAAAAgQE7AEDAwgBAQQC"} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":84,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379169121,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379169121,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379169121,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104379169121,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQAD1mgU6wAmi+DsIAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} -01081{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379169121,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379169121,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01089{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":84,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379169121,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379169121,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169283,"flow_src_last_pkt_time":1470104379169283,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379169283,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_src_last_pkt_time":1470104379169283,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1470104379169283,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KxkAAAER6ZbAqANf4AAA\/NZoFOsAJg3d7CAAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} -01070{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169283,"flow_src_last_pkt_time":1470104379169283,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379169283,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01078{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":85,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169283,"flow_src_last_pkt_time":1470104379169283,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104379169283,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":3,"flow_src_last_pkt_time":1470104379117826,"flow_dst_last_pkt_time":1470104379169717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104379169717,"pkt":"ABxCjnAxTF4M6gNlCABFAAA0AABAADYGgmJquyP2wKhzCABQwcB6nEL4Juf0WoASchCfpwAAAgQFtAEBBAIBAwMH"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":4,"flow_src_last_pkt_time":1470104379169902,"flow_dst_last_pkt_time":1470104379169717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379169902,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUdpAAIAG5pPAqHMIarsj9sHAAFAm5\/RaepxC+VAQAQRRhgAA"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":88,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":5,"flow_src_last_pkt_time":1470104379169934,"flow_dst_last_pkt_time":1470104379169717,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1470104379169934,"pkt":"TF4M6gNlABxCjnAxCABFAAAoUdpAAIAG5pPAqHMIarsj9sHAAFAm5\/RaepxC+VAQAQRRhgAA"} @@ -479,10 +479,10 @@ 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":779,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":2,"flow_src_last_pkt_time":1470104407686919,"flow_dst_last_pkt_time":1470104389597943,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1470104407686919,"pkt":"TF4M6gNlYMVHBbyMCABFAAA0WZNAAEAG2QnAqAUQROn9hdFtAFBAFGHVDj7nf4AREAGvkQAAAQEIChoPf3zPHNz0"} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049680,"flow_src_last_pkt_time":1470104408049680,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104408049680,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_src_last_pkt_time":1470104408049680,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104408049680,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQADyPsU6wAmMfpTdAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} -01082{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":780,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049680,"flow_src_last_pkt_time":1470104408049680,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104408049680,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01090{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":780,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049680,"flow_src_last_pkt_time":1470104408049680,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104408049680,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":781,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049734,"flow_src_last_pkt_time":1470104408049734,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104408049734,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":1,"flow_src_last_pkt_time":1470104408049734,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1470104408049734,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KyAAAAER6Y\/AqANf4AAA\/Mj7FOsAJrP2U3QAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} -01071{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":781,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049734,"flow_src_last_pkt_time":1470104408049734,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104408049734,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01079{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":781,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049734,"flow_src_last_pkt_time":1470104408049734,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":30,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104408049734,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":787,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_packet_id":2,"flow_src_last_pkt_time":1470104408457883,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":92,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":92,"pkt_l4_len":38,"thread_ts_usec":1470104408457883,"pkt":"MzMAAQAD\/PiuMpcsht1gAAAAACYRAf6AAAAAAAAA6Y+64hn3aw\/\/AgAAAAAAAAAAAAAAAQADyPsU6wAmMfpTdAAAAAEAAAAAAAAM5bCP5L2b5bCI5qmfAAD\/AAE="} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":788,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_src_last_pkt_time":1470104408458018,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1470104408458018,"pkt":"AQBeAAD8\/PiuMpcsCABFAAA6KyIAAAER6Y3AqANf4AAA\/Mj7FOsAJrP2U3QAAAABAAAAAAAADOWwj+S9m+WwiOapnwAA\/wAB"} 00967{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":792,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":2,"flow_src_last_pkt_time":1470104408662594,"flow_dst_last_pkt_time":1470104378557102,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":359,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":359,"pkt_l4_len":325,"thread_ts_usec":1470104408662594,"pkt":"\/\/\/\/\/\/\/\/wKC7c+tHCABFAAFZOwBAAEARwM3AqH0e\/\/\/\/\/\/YA9gABRUfM\/\/+TXaAAwKC7c+tHwKh9HgAAAgAnAURHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABTd2l0Y2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADMuMTAuMDEzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKC7c+tHQjEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABRUDBSMUQ5MDAwMDI1AAAAAAAAAAAAAAAAAAAAAAAAAERHUy0xMjEwLTEwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqH0e\/\/8AAFBvcnQgMTAAIAGwMAIUAQDCoLv\/\/nPrR0A="} @@ -603,11 +603,11 @@ 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1470104373232309,"flow_src_last_pkt_time":1470104412246763,"flow_dst_last_pkt_time":1470104373232309,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1729,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":55809,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1470104378021294,"flow_src_last_pkt_time":1470104379520951,"flow_dst_last_pkt_time":1470104378021294,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"192.168.255.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00984{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634699,"flow_src_last_pkt_time":1470104415729545,"flow_dst_last_pkt_time":1470104377634699,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1096,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"239.255.255.250","src_port":60267,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} -01112{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378454823,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01120{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378454823,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00982{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":0,"flow_first_seen":1470104376017777,"flow_src_last_pkt_time":1470104405998978,"flow_dst_last_pkt_time":1470104376017777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":959,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"239.255.255.250","src_port":64674,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00800{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378557102,"flow_src_last_pkt_time":1470104408662594,"flow_dst_last_pkt_time":1470104378557102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":634,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00987{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104376816620,"flow_src_last_pkt_time":1470104392380425,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01123{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01131{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00978{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104378901305,"flow_src_last_pkt_time":1470104378901349,"flow_dst_last_pkt_time":1470104378905035,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"168.95.1.1","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00976{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104377901018,"flow_src_last_pkt_time":1470104377901065,"flow_dst_last_pkt_time":1470104378954523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":34,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":34,"flow_dst_max_l4_payload_len":66,"flow_src_tot_l4_payload_len":68,"flow_dst_tot_l4_payload_len":66,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":52723,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":965,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634537,"flow_src_last_pkt_time":1470104378045058,"flow_dst_last_pkt_time":1470104377634537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104424049934,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -675,13 +675,13 @@ 00979{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104381935396,"flow_src_last_pkt_time":1470104382038651,"flow_dst_last_pkt_time":1470104381935396,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.9","dst_ip":"224.0.0.252","src_port":58456,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00802{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104380909602,"flow_src_last_pkt_time":1470104420950055,"flow_dst_last_pkt_time":1470104380909602,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1585,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.10.110","dst_ip":"255.255.255.255","src_port":60480,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00797{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104385827777,"flow_src_last_pkt_time":1470104420541205,"flow_dst_last_pkt_time":1470104385827777,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":40,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":80,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"59.120.208.218","dst_ip":"255.255.255.255","src_port":50151,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01113{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169283,"flow_src_last_pkt_time":1470104379271492,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01121{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169283,"flow_src_last_pkt_time":1470104379271492,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00973{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104380737950,"flow_src_last_pkt_time":1470104380737994,"flow_dst_last_pkt_time":1470104380772526,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":74,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":74,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":54420,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.QQ","proto_id":"5.48","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00977{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104379066410,"flow_src_last_pkt_time":1470104379066467,"flow_dst_last_pkt_time":1470104379115963,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":31,"flow_dst_max_l4_payload_len":95,"flow_src_tot_l4_payload_len":62,"flow_dst_tot_l4_payload_len":95,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"8.8.8.8","src_port":60724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.1kxun","proto_id":"5.295","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Fun","category_id":14,"category":"Network"}} 00990{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00980{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448739,"flow_src_last_pkt_time":1470104382858294,"flow_dst_last_pkt_time":1470104382448739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01124{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00660{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1033,"packets-processed":1032,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":11,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":684,"global_ts_usec":1654385119050609} +01132{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1470104433649184,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00660{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1033,"packets-processed":1032,"total-skipped-flows":0,"total-l4-payload-len":395167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":109,"total-detection-updates":11,"total-updates":38,"current-active-flows":129,"total-active-flows":129,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":684,"global_ts_usec":1654385119050609} 00796{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01279{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":604,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":604,"pkt_l4_len":570,"thread_ts_usec":1654385119050609,"pkt":"tKXvZygQnLbQ0+MzCABFAAJOAZpAAEAGaiXAqAJ+rGhdXO4iBNJ6yTZonxdjWoAYAfbPKwAAAQEICmbWNa+8oaeIR0VUIC8\/X2JyYW5kPUdvb2dsZSZfbW9kZWw9c2RrX2dwaG9uZV94ODYmX292PUFuZHJvaWQxMSZfY3B1PWk2ODYmX3Jlc29sdXRpb249MTA4MCUyQzE3OTQmX3BhY2thZ2U9Y29tLnNjZW5ld2F5LmthbmthbiZfdj0yLjguMi4xJl9jaGFubmVsPTFreHVuJl9jYXJyaWVyPTMxMDI2MCZfYW5kcm9pZF9pZD1iOWUyODc3NjM1NGQyNTllJl9uZXR3b3JrPXdpZmkmX2FpZD01YWM2YTBmZi04ZDE4LTQ3YmMtYTkwMi0yODEyY2YwYzI1MWUmJl9jb3VudHJ5PVVTJl9sb2NhbGU9ZW4mXz0xNjU0Mzg1MTE3IEhUVFAvMS4xDQphdXRob3JpemF0aW9uX2NvZGU6IDg5QTBGQ0UzOTE2OEM5RTIxOTM1N0IzRjJEMzA4RDIwDQpVcGdyYWRlOiB3ZWJzb2NrZXQNCkNvbm5lY3Rpb246IFVwZ3JhZGUNClNlYy1XZWJTb2NrZXQtS2V5OiBMVFJDT1VPdEIwdHRrSnJIdUhaRHRnPT0NClNlYy1XZWJTb2NrZXQtVmVyc2lvbjogMTMNCkhvc3Q6IHdzLjFreHVuLm1vYmk6MTIzNA0KQWNjZXB0LUVuY29kaW5nOiBnemlwDQpVc2VyLUFnZW50OiBva2h0dHAvMy4xMC4wDQoNCg=="} 01591{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1033,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1654385119050609,"flow_src_last_pkt_time":1654385119050609,"flow_dst_last_pkt_time":1654385119050609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":538,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":538,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":538,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385119050609,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"172.104.93.92","src_port":60962,"dst_port":1234,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming","hostname":"ws.1kxun.mobi","http": {"url":"ws.1kxun.mobi:1234\/?_brand=Google&_model=sdk_gphone_x86&_ov=Android11&_cpu=i686&_resolution=1080%2C1794&_package=com.sceneway.kankan&_v=2.8.2.1&_channel=1kxun&_carrier=310260&_android_id=b9e28776354d259e&_network=wifi&_aid=5ac6a0ff-8d18-47bc-a902-2812cf0c251e&&_country=US&_locale=en&_=1654385117","code":0,"content_type":"","user_agent":"okhttp\/3.10.0"}}} @@ -741,7 +741,7 @@ 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":96,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104406717280,"flow_src_last_pkt_time":1470104407128422,"flow_dst_last_pkt_time":1470104406717280,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104409586427,"flow_src_last_pkt_time":1470104409685499,"flow_dst_last_pkt_time":1470104409586427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":56043,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":95,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104406717230,"flow_src_last_pkt_time":1470104407128408,"flow_dst_last_pkt_time":1470104406717230,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":53962,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049680,"flow_src_last_pkt_time":1470104408457883,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":97,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049680,"flow_src_last_pkt_time":1470104408457883,"flow_dst_last_pkt_time":1470104408049680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00884{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104405794164,"flow_src_last_pkt_time":1470104405794164,"flow_dst_last_pkt_time":1470104405794164,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":121,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":121,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":121,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.2","dst_ip":"255.255.255.255","src_port":43786,"dst_port":5678,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":85,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104401187549,"flow_src_last_pkt_time":1470104401187549,"flow_dst_last_pkt_time":1470104401187549,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.50","dst_ip":"224.0.0.252","src_port":50030,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -787,7 +787,7 @@ 00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":111,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104416855491,"flow_src_last_pkt_time":1470104416958909,"flow_dst_last_pkt_time":1470104416855491,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.101.33","dst_ip":"224.0.0.252","src_port":62822,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00966{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","http": {}}} 00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1470104391199899,"flow_src_last_pkt_time":1470104391199954,"flow_dst_last_pkt_time":1470104391208758,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"64.233.189.128","src_port":49581,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378454823,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045747,"flow_src_last_pkt_time":1470104378454823,"flow_dst_last_pkt_time":1470104378045747,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104377754759,"flow_src_last_pkt_time":1470104422868933,"flow_dst_last_pkt_time":1470104422913733,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":414,"flow_dst_max_l4_payload_len":1218,"flow_src_tot_l4_payload_len":830,"flow_dst_tot_l4_payload_len":1218,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49597,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 01114{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":5,"flow_first_seen":1470104379903616,"flow_src_last_pkt_time":1470104379989707,"flow_dst_last_pkt_time":1470104379989529,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":336,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":672,"flow_dst_tot_l4_payload_len":1993,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 01117{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":28,"flow_first_seen":1470104379916887,"flow_src_last_pkt_time":1470104380338807,"flow_dst_last_pkt_time":1470104380144205,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":357,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":714,"flow_dst_tot_l4_payload_len":32291,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"106.185.35.110","src_port":49606,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} @@ -805,7 +805,7 @@ 00797{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104395656981,"flow_src_last_pkt_time":1470104425762971,"flow_dst_last_pkt_time":1470104395656981,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":634,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.10.7","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00886{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378557102,"flow_src_last_pkt_time":1470104408662594,"flow_dst_last_pkt_time":1470104378557102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":634,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} 00799{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378557102,"flow_src_last_pkt_time":1470104408662594,"flow_dst_last_pkt_time":1470104378557102,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":317,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":317,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":634,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.125.30","dst_ip":"255.255.255.255","src_port":62976,"dst_port":62976,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169283,"flow_src_last_pkt_time":1470104379271492,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169283,"flow_src_last_pkt_time":1470104379271492,"flow_dst_last_pkt_time":1470104379169283,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104430064732,"flow_src_last_pkt_time":1470104430064732,"flow_dst_last_pkt_time":1470104430064732,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":29,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":29,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e034:7be:d8f9:6197","dst_ip":"ff02::1:3","src_port":57143,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104399958731,"flow_src_last_pkt_time":1470104400059244,"flow_dst_last_pkt_time":1470104399958731,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"224.0.0.252","src_port":65150,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00884{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1470104402518151,"flow_src_last_pkt_time":1470104402518151,"flow_dst_last_pkt_time":1470104402518151,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":135,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":135,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":135,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.119.1","dst_ip":"255.255.255.255","src_port":56861,"dst_port":5678,"l4_proto":"udp","ndpi": {"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}} @@ -829,7 +829,7 @@ 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1470104376816620,"flow_src_last_pkt_time":1470104392380425,"flow_dst_last_pkt_time":1470104376816620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":180,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::406:55a8:6453:25dd","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448550,"flow_src_last_pkt_time":1470104382857884,"flow_dst_last_pkt_time":1470104382448550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::1:3","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00980{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104432630917,"flow_src_last_pkt_time":1470104432728660,"flow_dst_last_pkt_time":1470104432630917,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":65496,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104378045695,"flow_src_last_pkt_time":1470104378454680,"flow_dst_last_pkt_time":1470104378045695,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":58779,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00946{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","proto_id":"91","proto_by_ip":"Line","proto_by_ip_id":315,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00802{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_src_packets_processed":13,"flow_dst_packets_processed":10,"flow_first_seen":1470104410885006,"flow_src_last_pkt_time":1470104428908615,"flow_dst_last_pkt_time":1470104428908687,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":332,"flow_src_tot_l4_payload_len":5537,"flow_dst_tot_l4_payload_len":595,"midstream":1,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"119.235.235.84","dst_ip":"192.168.5.16","src_port":443,"dst_port":53406,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01227{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":46,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":4,"flow_first_seen":1470104381895304,"flow_src_last_pkt_time":1470104382125381,"flow_dst_last_pkt_time":1470104382124370,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":432,"flow_dst_max_l4_payload_len":633,"flow_src_tot_l4_payload_len":864,"flow_dst_tot_l4_payload_len":633,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"183.131.48.145","src_port":49612,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web"}} @@ -846,10 +846,10 @@ 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104382448739,"flow_src_last_pkt_time":1470104382858294,"flow_dst_last_pkt_time":1470104382448739,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":33,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":66,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"224.0.0.252","src_port":61548,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":93,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104404055376,"flow_src_last_pkt_time":1470104418595853,"flow_dst_last_pkt_time":1470104404055376,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::beee:7bff:fe0c:b3de","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCPV6","proto_id":"103","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634537,"flow_src_last_pkt_time":1470104378045058,"flow_dst_last_pkt_time":1470104377634537,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.47","dst_ip":"224.0.0.252","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01122{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104379169121,"flow_src_last_pkt_time":1470104379271484,"flow_dst_last_pkt_time":1470104379169121,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::e98f:bae2:19f7:6b0f","dst_ip":"ff02::1:3","src_port":54888,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00977{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104373025824,"flow_src_last_pkt_time":1470104373127416,"flow_dst_last_pkt_time":1470104373025824,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":52,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104377634231,"flow_src_last_pkt_time":1470104378045036,"flow_dst_last_pkt_time":1470104377634231,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::edf5:240a:c8c0:8312","dst_ip":"ff02::1:3","src_port":61603,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01111{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049734,"flow_src_last_pkt_time":1470104408458018,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Text With Non-Printable Chars","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01119{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":98,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104408049734,"flow_src_last_pkt_time":1470104408458018,"flow_dst_last_pkt_time":1470104408049734,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":30,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":60,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.3.95","dst_ip":"224.0.0.252","src_port":51451,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"39": {"risk":"Non-Printable\/Invalid Chars Detected","severity":"High","risk_score": {"total":360,"client":300,"server":60}}},"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1470104400162264,"flow_src_last_pkt_time":1470104408559145,"flow_dst_last_pkt_time":1470104400162264,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":440,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":520,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":7801,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.5.49","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00979{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1470104377720702,"flow_src_last_pkt_time":1470104377820998,"flow_dst_last_pkt_time":1470104377720702,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":22,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":22,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"224.0.0.252","src_port":51458,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1045,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":128,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1470104432630916,"flow_src_last_pkt_time":1470104432728657,"flow_dst_last_pkt_time":1470104432630916,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":27,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":54,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1654385128878298,"l3_proto":"ip6","src_ip":"fe80::5d92:62a8:ebde:1319","dst_ip":"ff02::1:3","src_port":58468,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"LLMNR","proto_id":"154","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -1281,7 +1281,7 @@ 00992{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385129449830,"flow_src_last_pkt_time":1654385129449830,"flow_dst_last_pkt_time":1654385129804228,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":916,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":265,"flow_src_tot_l4_payload_len":916,"flow_dst_tot_l4_payload_len":265,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":47272,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"finished","flow_src_packets_processed":7,"flow_dst_packets_processed":73,"flow_first_seen":1654385140171515,"flow_src_last_pkt_time":1654385145095894,"flow_dst_last_pkt_time":1654385145302253,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":424,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":765,"flow_dst_max_l4_payload_len":8640,"flow_src_tot_l4_payload_len":4383,"flow_dst_tot_l4_payload_len":173462,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"161.117.13.29","src_port":45380,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Alibaba","proto_by_ip_id":274,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} 00989{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1654385139579809,"flow_src_last_pkt_time":1654385139579809,"flow_dst_last_pkt_time":1654385139941321,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":887,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":887,"flow_dst_max_l4_payload_len":497,"flow_src_tot_l4_payload_len":887,"flow_dst_tot_l4_payload_len":497,"midstream":1,"thread_ts_usec":1654385236487007,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"103.29.71.30","src_port":35200,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP.1kxun","proto_id":"7.295","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Fun","category_id":17,"category":"Streaming"}} -00665{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1723,"packets-processed":1723,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":14,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1284,"global_ts_usec":1654385236487007} +00665{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1723,"source":"cfgs\/enable_payload_stat\/pcap\/1kxun.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1723,"packets-processed":1723,"total-skipped-flows":0,"total-l4-payload-len":2427316,"total-not-detected-flows":14,"total-guessed-flows":6,"total-detected-flows":177,"total-detection-updates":14,"total-updates":38,"current-active-flows":0,"total-active-flows":197,"total-idle-flows":197,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1284,"global_ts_usec":1654385236487007} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1723/1723 ~~ skipped flows.............: 0 @@ -1290,9 +1290,9 @@ ~~ total active/idle flows...: 197/197 ~~ total timeout flows.......: 20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 8318144 bytes -~~ total memory freed........: 8318144 bytes -~~ total allocations/frees...: 151015/151015 +~~ total memory allocated....: 12023627 bytes +~~ total memory freed........: 12023627 bytes +~~ total allocations/frees...: 221269/221269 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 541 chars ~~ json string max len.......: 11864 chars diff --git a/test/results/enable_stun_monitoring_with_subproto/wa_voice.pcap.out b/test/results/enable_stun_monitoring_with_subproto/wa_voice.pcap.out index d48522d16..4e947ae57 100644 --- a/test/results/enable_stun_monitoring_with_subproto/wa_voice.pcap.out +++ b/test/results/enable_stun_monitoring_with_subproto/wa_voice.pcap.out @@ -1,5 +1,5 @@ -00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00656{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1561455687942546} +00593{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00656{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1561455687942546} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687942546,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1561455687942546,"pkt":"xiwDYGpkkLkxKPrKCABFAAA8VCwAAP8R4ibAqAIMwKgCAcjnADUAKL4MZG8BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} 01218{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455687942546,"flow_src_last_pkt_time":1561455687942546,"flow_dst_last_pkt_time":1561455687942546,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455687942546,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DNS.Google","proto_id":"5.126","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"www.google.com","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}} @@ -69,23 +69,23 @@ 00638{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":211,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706881597,"flow_dst_last_pkt_time":1561455705874523,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":111,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":111,"pkt_l4_len":57,"thread_ts_usec":1561455706881597,"pkt":"MzMAAAD7kLkxKPrKht1gDagnADkR\/\/6AAAAAAAAABBRAnYr9nwX\/AgAAAAAAAAAAAAAAAAD7FOkU6QA5e0MAAAAAAAIAAAAAAAAFX3Jhb3AEX3RjcAVsb2NhbAAADAABCF9haXJwbGF5wBIADAAB"} 00810{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":215,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912375,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":215,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912375,"pkt":"xiwDYGpkkLkxKPrKCABFAACav+gAAEARgnnAqAIMHw1WMNwIDZYAhhEmAAMAaiESpEKmZ0918K0sABMVszZAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01185{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912375,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":1,"num_binding_requests":0,"num_processed_pkts":0}}} +01114{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":215,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455706912375,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912375,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":216,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706912375,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912436,"pkt":"xiwDYGpkkLkxKPrKCABFAACaKEAAAEARGiLAqAIMHw1WMNwIDZYAhhElAAMAaiESpEKmZ0918K0sABMVszdAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00812{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912561,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912561,"pkt":"xiwDYGpkkLkxKPrKCABFAACa\/egAAEARKEbAqAIMuTzYM9wIDZYAhvTwAAMAaiESpEKmZ0918K0sABMVszhAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912561,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":217,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455706912561,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706912561,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706912682,"flow_dst_last_pkt_time":1561455706912561,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706912682,"pkt":"xiwDYGpkkLkxKPrKCABFAACaQnoAAEAR47TAqAIMuTzYM9wIDZYAhvTvAAMAaiESpEKmZ0918K0sABMVszlAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":219,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913062,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913062,"pkt":"xiwDYGpkkLkxKPrKCABFAACaTo8AAEARCe\/AqAIMnfDBMNwIDZYAhic+AAMAaiESpEKmZ0918K0sABMVszpAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913062,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":219,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455706913062,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913062,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":220,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706913136,"flow_dst_last_pkt_time":1561455706913062,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913136,"pkt":"xiwDYGpkkLkxKPrKCABFAACapTEAAEARs0zAqAIMnfDBMNwIDZYAhic9AAMAaiESpEKmZ0918K0sABMVsztAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00812{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":221,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913639,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":221,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913639,"pkt":"xiwDYGpkkLkxKPrKCABFAACa5uYAAEARXUvAqAIMszzAMNwIDZYAhhLwAAMAaiESpEKmZ0918K0sABMVszxAAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01187{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913639,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01116{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":221,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706913639,"flow_src_last_pkt_time":1561455706913639,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706913639,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"179.60.192.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00712{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":222,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706913891,"flow_dst_last_pkt_time":1561455706913639,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706913891,"pkt":"xiwDYGpkkLkxKPrKCABFAACaa6sAAEAR2IbAqAIMszzAMNwIDZYAhhLvAAMAaiESpEKmZ0918K0sABMVsz1AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00813{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":223,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706914378,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":223,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706914378,"pkt":"xiwDYGpkkLkxKPrKCABFAACa6jAAAEARaz\/AqAIMnfDEPtwIDZYAhiQsAAMAaiESpEKmZ0918K0sABMVsz5AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} -01188{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706914378,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01117{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":223,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455706914378,"flow_src_last_pkt_time":1561455706914378,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":126,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455706914378,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.196.62","src_port":56328,"dst_port":3478,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00713{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":224,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_src_last_pkt_time":1561455706914597,"flow_dst_last_pkt_time":1561455706914378,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_usec":1561455706914597,"pkt":"xiwDYGpkkLkxKPrKCABFAACa\/isAAEARV0TAqAIMnfDEPtwIDZYAhiQrAAMAaiESpEKmZ0918K0sABMVsz9AAABmBQMIJtiE6i6kxJRLo58phnvyQbwdH1IoGV\/3YC8zAuYePvTeDeuXmJ+hMpM+Z145gcRU0WpajKrpUh0EIdumCzsyn4WKcuXddBNppoCNhIFnLa3lhKJz05n+MdP5HkVFVJtym9c0"} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":225,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706925823,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455706925823,"pkt":"kLkxKPrKxiwDYGpkCABFAABIJPUAAFQRCb8fDVYwwKgCDA2W3AgANMY6AQMAGCESpEKmZ0918K0sABMVszYAIAAIAAHthnGmBnJAAgAIAAABa44DQzM="} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":226,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":4,"flow_src_last_pkt_time":1561455706912436,"flow_dst_last_pkt_time":1561455706925951,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455706925951,"pkt":"kLkxKPrKxiwDYGpkCABFAABIJPYAAFQRCb4fDVYwwKgCDA2W3AgANMY5AQMAGCESpEKmZ0918K0sABMVszcAIAAIAAHthnGmBnJAAgAIAAABa44DQzM="} @@ -135,20 +135,20 @@ 00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":463,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":4,"flow_src_last_pkt_time":1561455729803232,"flow_dst_last_pkt_time":1561455721320417,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_usec":1561455729803232,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFInqcAAP8RG\/4AAAAA\/\/\/\/\/wBEAEMBNNt7AQEGAH5K8tcACAAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00809{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":465,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455730495456,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00602{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":465,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455730495456,"pkt":"kLkxKPrKxiwDYGpkCABFAABI7nAAADERRFFb\/DgzwKgCDH\/A3AgANOnLAAEAGCESpEJZi1FU1SmRVkxGZgQACAAUYCmYSN+rkyNYVIx9I16CdotJWKc="} -01298{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455730495456,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":465,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455730495456,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455730495456,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_src_last_pkt_time":1561455731073692,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731073692,"pkt":"kLkxKPrKxiwDYGpkCABFAABIAlEAADERMHFb\/DgzwKgCDH\/A3AgANGApAAEAGCESpELobM0y9AHrYlN0+hgACAAU\/c20Lcr5wjE5JYKvJct9qbua6og="} 01007{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_src_last_pkt_time":1561455731356183,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_usec":1561455731356183,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFxjdoAAEARZVHAqAIBwKgC\/0RcRFwBXbU+eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODA5NDIwMDQ4LCA1MTE3MDY2NDIsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA0ODEwNTkxNzYwLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAzMDc1NTIxNjk2LCA0MDU2NDYyNTkyLCAyOTYzNjgyMDk2LCAxNTIyMTc3NTg3XX0="} 01003{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":478,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":4,"flow_src_last_pkt_time":1561455731356928,"flow_dst_last_pkt_time":1561455701309996,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":381,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":381,"pkt_l4_len":347,"thread_ts_usec":1561455731356928,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAFveLUAAEARenjAqAIBwKgC\/0RcRFwBW7HJeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxNzQ1NjcxOTM5MjIwMTQ2OTg4Njg4NzAzNTEyMjAyNTg3OTI0NDMsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsxMTgyMzk1NTczLCAxNDIxMTE0Mzk5LCAxODA4MDQ3NjgwLCAxMzcyMDkyNjA5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNTI1ODAwNzEyMCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNDUxNDcyNjU4LCA0MTc0NjUwODgwLCAyODUyMTYwNywgMTQxNTYyMDM1MF19"} 02381{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":487,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455731523132,"flow_dst_last_pkt_time":1561455731536124,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":278,"flow_src_tot_l4_payload_len":792,"flow_dst_tot_l4_payload_len":1833,"midstream":0,"thread_ts_usec":1561455731536124,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":1588209.8,"max":12196243,"stddev":3050402.8,"var":9304956469248.0,"ent":3.2,"data": [61,13448,128,12194152,12196243,104402,58,105108,1,108628,104619,3043264,3048902,3100925,3096031,3015294,3016553,2001940,2156,107078,164036,190107,88523,28769,198646,133957,3008088,90958,35571,314,36546]},"pktlen": {"min":30,"avg":110.0,"max":306,"stddev":87.2,"var":7598.9,"ent":4.6,"data": [154,154,72,72,34,30,154,154,72,72,34,30,34,30,34,30,34,30,74,54,232,261,240,150,306,234,302,34,30,154,154,72]},"bins": {"c_to_s": [6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1],"entropies": [6.541143417,6.523254871,5.258596897,5.258596897,4.628356934,4.453236580,6.497281075,6.520071030,5.203041553,5.130857468,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,5.668909073,5.185353279,6.995151520,7.135284424,7.074851990,6.635347366,7.304471493,6.999480724,7.242955685,4.628356934,4.453236580,6.523254871,6.523254871,5.230819225]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00807{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":501,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731665769,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731665769,"pkt":"xiwDYGpkkLkxKPrKCABFAABId7IAAEAR8MLAqAIMATxOQNwI+xoANL93AAEAGCESpEJNNg9OA5IbZKhKGmoACAAUkUJIDnID0ka3i4LpQfhGRUa3K\/w="} -01296{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731665769,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {"num_pkts":0,"num_binding_requests":0,"num_processed_pkts":0}}} +01233{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":501,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455731665769,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":44,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455731665769,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":""}} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":503,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455730495456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731697327,"pkt":"kLkxKPrKxiwDYGpkCABFAABI\/gUAADERNLxb\/DgzwKgCDH\/A3AgANISZAAEAGCESpEKSaahiiU3KFyQDpDgACAAUPvQQqrwwB3kMX1876e4ssz8N17Y="} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":4,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455731699179,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731699179,"pkt":"xiwDYGpkkLkxKPrKCABFAABIalYAAEARuWvAqAIMW\/w4M9wIf8AANHvGAQEAGCESpEKSaahiiU3KFyQDpDgACAAU78j6HBgMgp4J7E4uRUxed5inmwU="} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":5,"flow_src_last_pkt_time":1561455731697327,"flow_dst_last_pkt_time":1561455731771636,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455731771636,"pkt":"xiwDYGpkkLkxKPrKCABFAABIuQIAAEARar\/AqAIMW\/w4M9wIf8AANBvxAAEAGCESpEInL2dPpxxCLUQhtkgACAAUq0S1cqGjKGibQ8Ad3a7kThUOm\/s="} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":2,"flow_src_last_pkt_time":1561455732298035,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455732298035,"pkt":"xiwDYGpkkLkxKPrKCABFAABIre0AAEARuofAqAIMATxOQNwI+xoANHLOAAEAGCESpEIrgAUzrwTeBSrSSH8ACAAUv8Ev3sei+dcRfEZy9ei0mRui3Zw="} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":528,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":3,"flow_src_last_pkt_time":1561455732919461,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455732919461,"pkt":"xiwDYGpkkLkxKPrKCABFAABIV+kAAEAREIzAqAIMATxOQNwI+xoANBvDAAEAGCESpELCs7YUVt8QVzF73yEACAAUMmINwHB46SKyj3xrODHnuD6GHSA="} -02507{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":538,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455733316995,"flow_dst_last_pkt_time":1561455733325980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":1873,"flow_dst_tot_l4_payload_len":1869,"midstream":0,"thread_ts_usec":1561455733325980,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":182324.6,"max":1203723,"stddev":228895.9,"var":52393320448.0,"ent":4.2,"data": [578236,623635,1203723,72457,167216,11596,115693,158378,2,172820,173607,169808,156213,136586,155315,179817,99336,157427,38286,163380,181314,166574,142422,2967,25967,115313,6126,171847,106305,56249,143448]},"pktlen": {"min":54,"avg":144.9,"max":301,"stddev":51.7,"var":2672.5,"ent":4.9,"data": [72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179]},"bins": {"c_to_s": [1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1],"entropies": [5.523683071,5.551460743,5.523683071,5.586590290,5.513198376,5.558812618,6.900094032,7.080634594,6.725411892,6.561889648,7.326864719,6.497554302,6.712717533,6.644547939,6.493841648,6.572838783,6.470429420,6.565414429,6.709655762,6.771090984,6.675994873,6.701801777,6.747565746,6.673988342,6.480553150,5.199332237,6.648680687,6.585022449,6.694502831,6.592251301,6.568360806,6.807644844]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +02515{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":538,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455733316995,"flow_dst_last_pkt_time":1561455733325980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":171,"flow_dst_max_l4_payload_len":273,"flow_src_tot_l4_payload_len":1873,"flow_dst_tot_l4_payload_len":1869,"midstream":0,"thread_ts_usec":1561455733325980,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":182324.6,"max":1203723,"stddev":228895.9,"var":52393320448.0,"ent":4.2,"data": [578236,623635,1203723,72457,167216,11596,115693,158378,2,172820,173607,169808,156213,136586,155315,179817,99336,157427,38286,163380,181314,166574,142422,2967,25967,115313,6126,171847,106305,56249,143448]},"pktlen": {"min":54,"avg":144.9,"max":301,"stddev":51.7,"var":2672.5,"ent":4.9,"data": [72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179]},"bins": {"c_to_s": [1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1],"entropies": [5.523683071,5.551460743,5.523683071,5.586590290,5.513198376,5.558812618,6.900094032,7.080634594,6.725411892,6.561889648,7.326864719,6.497554302,6.712717533,6.644547939,6.493841648,6.572838783,6.470429420,6.565414429,6.709655762,6.771090984,6.675994873,6.701801777,6.747565746,6.673988342,6.480553150,5.199332237,6.648680687,6.585022449,6.694502831,6.592251301,6.568360806,6.807644844]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":541,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":4,"flow_src_last_pkt_time":1561455733543524,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455733543524,"pkt":"xiwDYGpkkLkxKPrKCABFAABIhgkAAEAR4mvAqAIMATxOQNwI+xoANNyjAAEAGCESpEKaqxAMcXf5HhivnksACAAUXrUv35eEVCK3ZPufCanP8gSQnE8="} 00601{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":5,"flow_src_last_pkt_time":1561455734169795,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1561455734169795,"pkt":"xiwDYGpkkLkxKPrKCABFAABIQ+QAAEARJJHAqAIMATxOQNwI+xoANLvkAAEAGCESpEJdvqBh2rbkNqYRchoACAAUXsrok\/u8nTRHu7GOUWRyNlbwy2Q="} 00727{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":5,"flow_src_last_pkt_time":1561455737893179,"flow_dst_last_pkt_time":1561455705874172,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":180,"pkt_l4_len":146,"thread_ts_usec":1561455737893179,"pkt":"AQBeAAD7kLkxKPrKCABFAACmf9YAAP8Rl8DAqAIM4AAA+xTpFOkAklETAAAAAAAFAAEAAAAACF9ob21la2l0BF90Y3AFbG9jYWwAAAwAAQ9fY29tcGFuaW9uLWxpbmvAFQAMAAEMX3NsZWVwLXByb3h5BF91ZHDAGgAMAAEFX3Jhb3DAFQAMAAEIX2FpcnBsYXnAFQAMAAHAJQAMAAEAAA2VABANTHVjYeKAmXMgaU1hY8Al"} @@ -180,7 +180,7 @@ 00811{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455738163757,"flow_src_last_pkt_time":1561455738163757,"flow_dst_last_pkt_time":1561455738163886,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"169.254.162.244","src_port":49352,"dst_port":49159,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01017{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_src_packets_processed":41,"flow_dst_packets_processed":44,"flow_first_seen":1561455707474558,"flow_src_last_pkt_time":1561455707887523,"flow_dst_last_pkt_time":1561455707886473,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":987,"flow_dst_tot_l4_payload_len":40959,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.52","src_port":50504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsApp","proto_id":"91.142","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 00993{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1561455721320417,"flow_src_last_pkt_time":1561455738622273,"flow_dst_last_pkt_time":1561455721320417,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":300,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":300,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1500,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DHCP","proto_id":"18","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01264{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":87,"flow_dst_packets_processed":77,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455742404517,"flow_dst_last_pkt_time":1561455741413630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":276,"flow_dst_max_l4_payload_len":289,"flow_src_tot_l4_payload_len":10944,"flow_dst_tot_l4_payload_len":14102,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01272{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":87,"flow_dst_packets_processed":77,"flow_first_seen":1561455730495456,"flow_src_last_pkt_time":1561455742404517,"flow_dst_last_pkt_time":1561455741413630,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":26,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":276,"flow_dst_max_l4_payload_len":289,"flow_src_tot_l4_payload_len":10944,"flow_dst_tot_l4_payload_len":14102,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"91.252.56.51","dst_ip":"192.168.2.12","src_port":32704,"dst_port":56328,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741432427,"flow_src_last_pkt_time":1561455741432427,"flow_dst_last_pkt_time":1561455741432427,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":57546,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01010{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455689728258,"flow_src_last_pkt_time":1561455689728258,"flow_dst_last_pkt_time":1561455689761023,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":63,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":55296,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsAppFiles","proto_id":"5.242","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00818{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1561455705874523,"flow_src_last_pkt_time":1561455737895397,"flow_dst_last_pkt_time":1561455705874523,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip6","src_ip":"fe80::414:409d:8afd:9f05","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} @@ -192,7 +192,7 @@ 01145{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1561455706913062,"flow_src_last_pkt_time":1561455741419902,"flow_dst_last_pkt_time":1561455719244228,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.193.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 00809{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1561455705874172,"flow_src_last_pkt_time":1561455737893179,"flow_dst_last_pkt_time":1561455705874172,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":138,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":334,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1561455688445940,"flow_src_last_pkt_time":1561455726442435,"flow_dst_last_pkt_time":1561455688445940,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Spotify","proto_id":"156","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Fun","category_id":25,"category":"Music"}} -01252{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455741046982,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":704,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01260{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":0,"flow_first_seen":1561455731665769,"flow_src_last_pkt_time":1561455741046982,"flow_dst_last_pkt_time":1561455731665769,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":44,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":704,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":56328,"dst_port":64282,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1561455741430274,"flow_src_last_pkt_time":1561455741430274,"flow_dst_last_pkt_time":1561455741430274,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":137,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":137,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":50191,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 01025{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":25,"flow_first_seen":1561455689909150,"flow_src_last_pkt_time":1561455690240149,"flow_dst_last_pkt_time":1561455690302153,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1331,"flow_dst_tot_l4_payload_len":20101,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.51","src_port":50503,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.WhatsAppFiles","proto_id":"91.242","proto_by_ip":"WhatsApp","proto_by_ip_id":142,"encrypted":1,"breed":"Acceptable","category_id":7,"category":"Download"}} 01001{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1561455706979952,"flow_src_last_pkt_time":1561455716020462,"flow_dst_last_pkt_time":1561455706979952,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":101,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":137,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":503,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"239.255.255.250","src_port":64716,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} @@ -204,7 +204,7 @@ 01005{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1561455687991884,"flow_src_last_pkt_time":1561455687991884,"flow_dst_last_pkt_time":1561455688018542,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":32,"flow_dst_max_l4_payload_len":71,"flow_src_tot_l4_payload_len":32,"flow_dst_tot_l4_payload_len":71,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.WhatsApp","proto_id":"5.142","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01144{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1561455706912561,"flow_src_last_pkt_time":1561455741419546,"flow_dst_last_pkt_time":1561455719248009,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":126,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":126,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":132,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01145{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":28,"flow_first_seen":1561455706912375,"flow_src_last_pkt_time":1561455741419206,"flow_dst_last_pkt_time":1561455740537152,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":6,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":207,"flow_dst_max_l4_payload_len":284,"flow_src_tot_l4_payload_len":1467,"flow_dst_tot_l4_payload_len":2492,"midstream":0,"thread_ts_usec":1561455743434771,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN.WhatsAppCall","proto_id":"78.45","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -00674{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.7.0-4260-1f693c3f","packets-captured":736,"packets-processed":734,"total-skipped-flows":0,"total-l4-payload-len":128892,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":8,"total-updates":4,"current-active-flows":0,"total-active-flows":28,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":207,"global_ts_usec":1561455743434771} +00674{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":736,"source":"cfgs\/enable_stun_monitoring_with_subproto\/pcap\/wa_voice.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":736,"packets-processed":734,"total-skipped-flows":0,"total-l4-payload-len":128892,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":8,"total-updates":4,"current-active-flows":0,"total-active-flows":28,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":207,"global_ts_usec":1561455743434771} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 736/734 ~~ skipped flows.............: 0 @@ -213,9 +213,9 @@ ~~ total active/idle flows...: 28/28 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7860243 bytes -~~ total memory freed........: 7860243 bytes -~~ total allocations/frees...: 147403/147403 +~~ total memory allocated....: 11568430 bytes +~~ total memory freed........: 11568430 bytes +~~ total allocations/frees...: 217657/217657 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 553 chars ~~ json string max len.......: 2530 chars diff --git a/test/results/flow-analyse/default/bad-dns-traffic.pcap.out b/test/results/flow-analyse/default/bad-dns-traffic.pcap.out index 774561d8b..299b8a38c 100644 --- a/test/results/flow-analyse/default/bad-dns-traffic.pcap.out +++ b/test/results/flow-analyse/default/bad-dns-traffic.pcap.out @@ -1,2 +1,2 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,192.168.43.91,4.2.2.4,udp,56354,53,finished,19,13,1486012635073060,1486012651592518,1486012651846910,53,0,248,281,1392,1397,0,63089,1073977.6,4101854,689094.3,474850951168.0,4.7,"1006460,1005839,1008074,1008541,4101854,73173,63089,1023925,1006666,2080907,1018755,962463,1014062,1012614,1013561,1040293,1038247,1060225,1011738,991100,1041523,1066575,1017786,982256,1029549,1026193,1027755,1007446,2080430,166358,305851",81,115.2,309,50.6,2560.6,4.9,"119,119,119,119,119,150,81,116,81,81,112,81,114,81,116,81,114,81,114,81,112,81,114,81,116,81,114,81,81,160,276,309","0,13,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1","4.888009548,4.952452183,4.965347767,4.979370117,4.967788696,4.929614544,5.009302616,4.960116863,5.043313503,5.058685303,5.000692368,5.003250122,5.011343002,4.956934929,5.038347244,4.966254234,5.016212940,4.953866959,4.986301899,5.024673939,4.983958244,4.935227871,4.998669147,4.940047741,4.970242500,4.999982357,4.987974167,4.999982834,5.024673939,4.881881237,4.176499844,4.325556755",DNS,5,0,Acceptable,Network,6,DPI,"16,27" +1,ip4,192.168.43.91,4.2.2.4,udp,56354,53,finished,19,13,1486012635073060,1486012651592518,1486012651846910,53,0,248,281,1392,1397,0,63089,1073977.6,4101854,689094.3,474850951168.0,4.7,"1006460,1005839,1008074,1008541,4101854,73173,63089,1023925,1006666,2080907,1018755,962463,1014062,1012614,1013561,1040293,1038247,1060225,1011738,991100,1041523,1066575,1017786,982256,1029549,1026193,1027755,1007446,2080430,166358,305851",81,115.2,309,50.6,2560.6,4.9,"119,119,119,119,119,150,81,116,81,81,112,81,114,81,116,81,114,81,114,81,112,81,114,81,116,81,114,81,81,160,276,309","0,13,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1","4.888009548,4.952452183,4.965347767,4.979370117,4.967788696,4.929614544,5.009302616,4.960116863,5.043313503,5.058685303,5.000692368,5.003250122,5.011343002,4.956934929,5.038347244,4.966254234,5.016212940,4.953866959,4.986301899,5.024673939,4.983958244,4.935227871,4.998669147,4.940047741,4.970242500,4.999982357,4.987974167,4.999982834,5.024673939,4.881881237,4.176499844,4.325556755",DNS,5,0,Acceptable,Network,6,DPI,"16,23,27" diff --git a/test/results/flow-analyse/default/bets.pcapng.out b/test/results/flow-analyse/default/bets.pcapng.out new file mode 100644 index 000000000..1ff27cfff --- /dev/null +++ b/test/results/flow-analyse/default/bets.pcapng.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +12,ip4,192.168.10.2,13.224.103.22,tcp,60099,443,info,16,16,1693252376328241,1693252376473051,1693252376516940,0,0,328,1368,573,6919,0,1,10758.4,46532,18210.4,331618016.0,3.2,"45063,45086,716,45768,1485,46532,228,223,359,358,497,1,497,2530,35,126,50,44471,1044,896,1,81,43759,187,180,74,3041,2969,1675,39830,5747",52,286.8,1420,477.2,227739.3,3.6,"64,60,52,380,52,1420,52,1420,52,1420,52,1420,93,52,58,110,138,116,52,52,52,52,198,52,123,52,83,1241,52,52,52,52","12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,0,1,0,0,1,1","4.359427452,5.254205704,5.077241421,6.193246841,5.115703106,7.830681801,5.024262905,7.844112873,5.154164791,7.881240845,5.115703106,7.848938465,5.975646019,5.115703106,4.911536217,6.119595051,6.468632221,6.137733459,5.192626476,5.154164791,5.154164791,5.192626476,6.778203011,5.077241421,6.239024639,5.154164791,5.561018467,7.842863560,5.115703106,4.979099274,5.154164791,5.154164791",,,,,,,,"" diff --git a/test/results/flow-analyse/default/mgcp.pcapng.out b/test/results/flow-analyse/default/can.pcap.out index bab73746f..bab73746f 100644 --- a/test/results/flow-analyse/default/mgcp.pcapng.out +++ b/test/results/flow-analyse/default/can.pcap.out diff --git a/test/results/flow-analyse/default/custom_categories.pcapng.out b/test/results/flow-analyse/default/custom_categories.pcapng.out new file mode 100644 index 000000000..81017dea6 --- /dev/null +++ b/test/results/flow-analyse/default/custom_categories.pcapng.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip6,2001:db8:1::1,2001:db8:200::1,tcp,64720,20868,finished,16,16,921159918266121,921159920416135,921159920477444,0,0,164,568,687,1335,0,56989,140688.3,385938,76774.1,5894261248.0,4.8,"56989,57531,79880,80387,89216,138763,253258,182381,385938,91317,93080,94647,191269,165005,76892,108844,123707,109411,199372,90998,94037,69367,74265,78602,142565,139480,141464,314131,235639,200458,202444",72,135.7,640,113.0,12766.0,4.7,"80,80,72,87,87,348,228,72,84,92,84,236,220,72,84,212,212,72,100,116,72,84,212,84,84,84,84,640,72,100,72,116","12,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,2,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1","3.368683577,4.029293060,3.817690372,4.358336926,4.312359810,6.673550606,6.224353790,3.789912701,4.102612972,4.484647751,4.159218788,6.579281807,6.467639446,3.817690372,4.106600761,6.354053020,6.361316204,3.779428005,4.600508690,5.055481434,3.751650333,4.102612972,6.370564461,4.049995422,4.126422405,4.126422405,4.078803539,7.576204777,3.789912701,4.708058834,3.789912701,5.130954742",SSH,92,1,Acceptable,RemoteAccess,6,DPI,"5" diff --git a/test/results/flow-analyse/default/custom_risk_mask.pcapng.out b/test/results/flow-analyse/default/custom_risk_mask.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/custom_risk_mask.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/default/custom_rules_ipv6.pcapng.out b/test/results/flow-analyse/default/custom_rules_ipv6.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/custom_rules_ipv6.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/default/dns-exf.pcap.out b/test/results/flow-analyse/default/dns-exf.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/dns-exf.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/default/dns2tcp_tunnel.pcap.out b/test/results/flow-analyse/default/dns2tcp_tunnel.pcap.out new file mode 100644 index 000000000..ac22ef7f6 --- /dev/null +++ b/test/results/flow-analyse/default/dns2tcp_tunnel.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +113,ip4,192.168.20.211,1.1.1.1,tcp,44404,443,finished,15,17,1585754662417775,1585754667234417,1585754667234382,0,0,261,1588,832,4006,0,10,310750.0,3088155,822603.9,676677156864.0,2.2,"15183,15220,354,15270,1846,16739,62,53,90384,91,71,105281,44,81,14863,21,60,6014,10,5995,405,8870,6443,1568614,19,1583566,686,15609,3073223,17,3088155",40,193.5,1628,364.6,132965.6,3.7,"60,52,40,301,46,1500,40,1628,40,104,126,164,46,46,111,40,46,71,311,71,40,144,46,46,259,71,40,202,46,344,71,40","9,0,2,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,0,1,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1","0,1,0,0,1,1,0,1,0,0,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,1,0,0,1,1,1,0","4.667386532,4.668681622,4.543943405,5.982677937,4.205535889,7.833335876,4.543943405,7.877990246,4.493943214,6.023458481,6.306409836,6.668928623,4.205535889,4.138445377,6.120807171,4.543943405,4.249013901,5.515665054,7.178042412,5.484094143,4.446440220,6.385652542,4.249013901,4.205535889,7.207519531,5.404759407,4.543943405,6.804022312,4.205535412,7.318181038,5.501630783,4.543943405",TLS,91,1,Safe,Web,6,DPI,"24,52" diff --git a/test/results/flow-analyse/default/doh.pcapng.out b/test/results/flow-analyse/default/doh.pcapng.out index 48f4ac4eb..d45155b9b 100644 --- a/test/results/flow-analyse/default/doh.pcapng.out +++ b/test/results/flow-analyse/default/doh.pcapng.out @@ -1,2 +1,2 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,192.168.1.253,1.1.1.1,tcp,35996,443,finished,17,15,1623220847881632,1623220894239868,1623220878891197,0,0,261,1460,606,3569,0,0,2495735.5,15359810,5583085.5,31170844688384.0,2.4,"12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810",46,174.8,1500,350.9,123099.2,3.6,"60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46","12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0","4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245",TLS,91,1,Safe,Web,6,DPI,"24" +1,ip4,192.168.1.253,1.1.1.1,tcp,35996,443,finished,17,15,1623220847881632,1623220894239868,1623220878891197,0,0,261,1460,606,3569,0,0,2495735.5,15359810,5583085.5,31170844688384.0,2.4,"12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810",46,174.8,1500,350.9,123099.2,3.6,"60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46","12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0","4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245",TLS,91,1,Safe,Web,6,DPI,"24,52" diff --git a/test/results/flow-analyse/default/ethereum.pcap.out b/test/results/flow-analyse/default/ethereum.pcap.out index 76b8a2c8c..5b0951d6a 100644 --- a/test/results/flow-analyse/default/ethereum.pcap.out +++ b/test/results/flow-analyse/default/ethereum.pcap.out @@ -1,34 +1,34 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,192.168.1.184,35.158.244.151,tcp,56615,30303,finished,21,11,1578508364522958,1578508364631940,1578508364658815,0,0,495,448,735,512,0,3,7898.0,63466,18325.6,335828128.0,2.4,"42899,42982,2208,63466,818,46,62123,6,373,313,356,354,126,10,127,6,123,159,339,3,86,17,41,85,11,59,21,32,10,27626,14",46,91.2,547,114.1,13011.4,4.4,"64,60,52,547,52,500,84,52,52,53,52,54,52,65,68,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.453177452,5.333454132,5.000318527,7.620707512,5.195351601,7.612061024,5.903985500,5.077241421,5.077241421,5.270098686,5.077241421,5.305542469,5.077241421,5.535423279,5.653491497,5.077241421,5.077241421,5.233812809,5.077241421,5.807060242,5.154217243,6.729629993,5.192151070,5.452736855,5.949917316,5.154217243,5.191807747,5.493040085,5.493248940,5.077241421,3.725504398,3.725504398",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,178.128.195.220,tcp,56626,30303,finished,20,12,1578508364523356,1578508364663606,1578508364664348,0,0,546,404,1106,612,0,1,9072.3,62996,18852.3,355411104.0,2.7,"42941,42985,1880,62851,2026,2,12,7,1,62996,2,23,5,115,83,3,1324,29,68,8,50,438,29,39,9,101,32217,29,13,30178,778",52,107.8,598,122.8,15078.8,4.4,"64,60,52,598,52,456,84,53,208,55,52,52,52,52,68,52,52,84,53,176,55,68,84,53,100,67,68,64,64,64,324,64","14,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1","4.408572197,5.379368782,5.077241421,7.669267178,5.156889439,7.526873589,5.951604366,5.156891346,6.891885281,5.267454624,5.077241421,5.038779736,5.000318050,5.038779736,5.524744987,5.038779736,5.000318050,5.872653008,5.041009903,6.756078243,5.155787468,5.423323631,5.920271873,5.041009903,6.031247139,5.403306961,5.416114807,5.165874004,5.197124004,5.228374004,7.334465981,5.165874004",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,34.255.23.113,tcp,56627,30303,finished,21,11,1578508364523418,1578508364659019,1578508364721593,0,0,512,402,752,466,0,2,10767.0,70198,24163.0,583848512.0,2.4,"70028,70198,1425,62112,2103,2,2,32,23,22,62731,3,15,11,2,8,85,118,636,45,106,25,18,64,32,95,10,50,9,63729,37",46,90.3,564,111.3,12394.7,4.4,"64,60,52,564,52,454,84,53,54,65,68,52,52,52,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.441382408,5.346035480,5.024262905,7.573521614,5.233813286,7.579136848,5.880175591,5.270098686,5.268505573,5.525989532,5.642391205,5.062724590,5.024262905,5.024262905,5.024262905,5.062724590,5.062724590,5.272274494,5.062724590,5.967890739,5.154217243,6.729060650,5.228514671,5.477021694,5.839856625,5.078744888,5.191807270,5.462270737,5.610895157,5.115703106,3.600984097,3.600984097",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,51.38.60.79,tcp,56629,30303,finished,19,13,1578508364632239,1578508364714483,1578508364786943,0,0,421,340,661,404,0,1,7643.5,72892,17918.8,321082976.0,2.4,"36441,36500,1495,43967,497,46,63,13,18,43065,4,1,1,17,703,21,64,47,32,88,50,77,17,30,32,72892,13,7,734,1,12",46,85.0,473,93.3,8701.2,4.5,"64,60,52,473,52,392,84,53,54,81,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46","15,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1","4.421927452,5.379368782,5.115703106,7.505434513,5.310736179,7.434167385,5.999223709,5.232362747,5.342579842,5.892141342,5.115703106,5.115703106,5.115703106,5.024262905,5.115703106,5.869502068,5.116480827,6.709120274,5.214789391,5.552071571,5.902298450,5.154217243,5.228844643,5.462270737,5.552072525,5.115703106,5.310736179,3.969498873,3.926020622,3.969498873,3.969498873,3.969498873",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,51.38.81.180,tcp,56632,30303,finished,21,11,1578508364682687,1578508364832409,1578508364898847,0,0,479,439,719,503,0,1,11802.6,78584,26563.9,705640768.0,2.4,"68454,68561,1411,78125,1877,68,78584,38,219,12,4,177,15,1,106,11,115,2,426,13,74,15,66,39,30,87,16,26,26,67245,39",46,90.4,531,111.1,12335.6,4.4,"64,60,52,531,52,491,84,52,52,53,54,65,52,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.397368431,5.306893826,4.993616104,7.595185280,5.233812809,7.573578358,5.960590839,5.154164791,5.077241421,5.270098686,5.268505573,5.587528229,5.115703106,5.115703106,5.115703106,5.554157257,5.310736179,5.115703106,5.115703106,5.935094357,5.154217243,6.817276955,5.264878273,5.581483841,5.878489017,5.078744411,5.228844166,5.493040085,5.610895157,5.115703106,3.909610271,3.866132259",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,82.145.220.249,tcp,56633,30303,finished,17,15,1578508364714836,1578508364867557,1578508364919424,0,0,442,422,682,486,0,2,11526.1,77251,26248.2,688970368.0,2.4,"74179,74294,1198,77251,76054,663,12,594,2,179,16,57,19,60,67,15,72,28,42,24,51962,31,247,15,13,11,81,2,10,6,105",46,87.1,494,105.3,11090.0,4.4,"64,60,52,494,474,52,84,84,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46,46,46,46","13,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1","4.441382408,5.381731033,5.115703106,7.596201897,7.501367569,5.115703106,5.935592651,5.974224567,5.115703106,5.115703106,5.982713223,5.154216766,6.770318985,5.264878273,5.610895157,5.743154526,5.041008472,5.154769897,5.523809433,5.581483841,5.115703106,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,3.209.45.79,tcp,56628,30303,finished,21,11,1578508364523420,1578508364824407,1578508364936429,0,0,395,470,635,534,0,2,23032.1,164457,52707.1,2778034688.0,2.4,"134408,134510,2041,164457,730,163149,164,16,91,13,125,16,10,133,2,2,198,213,439,13,62,28,71,55,19,91,9,24,22,112857,28",46,89.0,522,105.0,11031.5,4.5,"64,60,52,447,52,522,52,84,53,52,52,54,65,68,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46","17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.441382408,5.266787052,4.985801220,7.462465286,5.103911400,7.567200184,4.947339535,5.975413799,5.232362270,4.985801220,4.985801220,5.268505096,5.587528229,5.642391205,4.985801220,4.985801220,4.947339535,5.118428230,4.985801220,5.926107883,5.116480827,6.775084019,5.192151546,5.511558533,5.887475491,5.078744888,5.094675064,5.481426716,5.452735901,5.000318050,5.118428230,3.682026386",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,209.250.240.205,tcp,56638,30303,finished,20,12,1578508364924936,1578508365038162,1578508365038195,0,0,415,494,975,686,0,3,7306.0,43142,14269.1,203606176.0,2.8,"32588,32677,1133,41248,3045,43142,1077,15,57,29,33,2220,3,33,1051,3,12,110,51,429,10,11,17,141,33844,34,22,20,33327,11,92",52,106.0,546,112.4,12624.2,4.5,"64,60,52,467,52,546,52,84,53,176,55,68,84,53,195,52,52,52,68,52,84,53,100,67,68,64,64,64,64,212,164,52","13,3,0,2,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,1,1,1,1,0,0,1","4.515677452,5.379368782,5.115703106,7.628110409,5.233812809,7.621943474,5.000318050,5.854679585,5.026765347,6.739012241,5.155788422,5.511559486,6.055828571,5.194625378,6.831315041,5.038779736,5.077241421,5.077241421,5.642391205,5.077241421,5.911284924,5.154216290,6.092246532,5.582411766,5.463837624,5.146419048,5.146419048,5.177669048,5.146419048,6.910353184,6.676519394,5.156889439",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,40.67.144.128,tcp,56630,30303,finished,18,14,1578508364659294,1578508364932664,1578508365043187,0,0,431,423,671,487,0,1,21202.0,158141,48725.8,2374199552.0,2.4,"158073,158141,1927,112688,964,45,111769,2,97,24,66,10,893,34,92,13,26,143,3,148,30,48,25,111098,32,825,2,26,2,1,16",46,87.3,483,103.8,10779.3,4.4,"64,60,52,483,52,475,84,52,52,68,68,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46","14,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1","4.484427452,5.346035480,5.077241421,7.564687252,5.233812809,7.546903610,5.936781406,5.115703106,5.154164791,5.653491974,5.612979889,5.077241421,5.154164314,5.811898232,5.109905720,6.736226082,5.149451256,5.359375000,5.770115376,5.072169781,5.074242115,5.414525986,5.488122940,5.032077789,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,104.42.217.25,tcp,56611,30303,finished,21,11,1578508364522827,1578508364921758,1578508365096545,0,0,490,467,730,531,0,2,31375.8,202293,71334.6,5088628224.0,2.4,"194951,195066,1242,202293,279,25,201303,2,92,53,99,12,102,9,99,103,126,125,566,17,55,13,75,43,16,62,14,42,23,175388,354",46,91.8,542,115.5,13350.2,4.4,"64,60,52,542,52,519,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.421927452,5.333454132,5.038780212,7.555685520,5.246409416,7.620338917,5.920769691,5.115702629,5.154164314,5.282457829,5.154164314,5.280635834,5.493683815,5.154164314,5.154164314,5.622612953,5.154164314,5.246409416,5.154164314,5.716195107,5.109905720,6.683475971,5.149451256,5.517535210,5.772800446,5.034432888,5.111279488,5.487678528,5.447609901,5.070538998,5.207947731,3.725504398",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,159.203.84.31,tcp,56634,30303,finished,21,11,1578508364824682,1578508365044863,1578508365151822,0,0,571,513,811,577,0,2,17655.5,109385,39696.4,1575808128.0,2.4,"107626,107678,1475,109033,1825,109385,687,13,52,13,68,1028,198,109,79,136,133,112,7,116,2,80,130,42,5,71,30,33,21,107121,13",46,95.6,623,130.9,17130.1,4.3,"64,60,52,623,52,565,52,84,53,176,55,68,84,52,53,52,54,52,65,68,52,52,84,52,53,52,54,65,68,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,0,1,1","4.484427452,5.379368782,5.115703583,7.654181480,5.195351601,7.665644169,5.154164791,5.911284924,5.191953182,6.883150101,5.155787945,5.581483364,5.880175591,5.115703106,5.194626331,5.115703106,5.305542946,5.115703106,5.587528229,5.730626106,5.101186275,5.091758728,5.816046715,5.156889915,5.154217243,5.062724590,5.052737236,5.322218418,5.581483364,5.139647484,3.969499111,4.012977600",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,178.62.29.183,tcp,56643,30303,finished,20,12,1578508365029590,1578508365168387,1578508365168448,0,0,469,318,757,531,0,2,8956.6,48881,17793.5,316609056.0,2.7,"44428,44545,1146,47405,2629,34,48881,2,106,60,120,15,121,3,107,116,574,31,61,16,57,386,11,31,13,50,43304,549,42693,151,10",52,92.9,521,97.8,9570.5,4.5,"64,60,52,521,52,370,84,52,52,53,52,177,54,52,52,68,52,84,53,176,55,68,84,53,100,67,68,52,84,52,53,56","15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1","4.453177452,5.412702084,5.077241421,7.576026917,5.094483852,7.477237225,5.936781406,5.038779736,5.038779736,5.194627285,5.077241421,6.737099171,5.342579842,5.038780212,5.038780212,5.701214790,5.077241421,5.863666058,5.154217243,6.725339890,5.192151546,5.463837624,5.839856625,5.116481781,6.092247009,5.492858887,5.610895157,5.142373085,5.945767879,5.038779736,5.232362270,5.409769058",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,185.219.133.62,tcp,56645,30303,finished,20,12,1578508365045064,1578508365193903,1578508365193933,0,0,410,382,698,623,0,1,9603.5,51634,18821.1,354234048.0,2.8,"47219,47359,1594,49528,3728,51634,828,16,1020,92,14,1,37,127,71,134,135,105,102,138,138,353,12,12,16,83,45623,1100,32,46342,115",52,93.9,462,97.7,9536.3,4.5,"64,60,52,462,52,434,52,84,53,84,176,52,55,68,53,52,208,52,55,52,68,52,84,53,100,67,68,52,52,84,52,53","15,3,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,1,0,0,0,0,1,0,1,0,1,0,1,0,0,0,0,0,0,1,1,1,0,1","4.453177452,5.346035004,5.115703106,7.515024185,5.233812809,7.417223930,4.993616104,5.784938335,5.072169304,5.912971973,6.701569080,5.101185799,5.178425789,5.447610855,5.218119621,5.101185799,6.890011311,5.062724113,5.253729820,5.062724113,5.434425354,5.062724113,5.620957375,5.057926178,6.028760910,5.398105145,5.477022171,5.180834770,5.180834770,5.823570728,5.062724113,5.218119144",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,52.231.165.108,tcp,56618,30303,finished,21,11,1578508364523039,1578508365008936,1578508365219392,0,0,450,453,690,517,0,3,38137.1,261804,87113.6,7588779008.0,2.3,"261712,261804,1508,222767,73,3,23,221290,9,6,194,11,189,20,102,10,88,9,563,27,71,35,50,54,29,73,9,29,34,211443,15",46,90.2,505,109.1,11904.3,4.4,"64,60,52,502,52,505,84,53,52,52,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.472632408,5.279368401,4.971284389,7.593235970,5.176993370,7.560348034,5.783750057,5.246605873,5.115703106,5.115703106,5.077241421,5.287864685,5.597605228,5.115703106,5.077241421,5.652023315,5.209868431,5.115703106,5.115703106,5.731483459,5.109905720,6.885459900,5.149450779,5.450927734,5.835707664,5.147641182,5.185353279,5.518447876,5.509750366,5.032077789,5.246409416,3.768982887",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,191.234.162.198,tcp,56620,30303,finished,21,11,1578508364523109,1578508365009640,1578508365221428,0,0,512,459,752,523,0,2,38221.0,263164,87319.6,7624720896.0,2.3,"263094,263164,1256,221848,245,3,9,220800,8,13,125,15,115,10,130,9,138,8,711,8,50,43,2,70,7,75,9,33,11,212620,221",46,92.1,564,117.4,13788.7,4.4,"64,60,52,564,52,511,84,53,52,52,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.421927452,5.346035480,4.947339535,7.600792408,5.169486523,7.523147583,5.992197990,5.169249058,5.077241421,5.077241421,5.077241421,5.243598461,5.597605228,5.077241421,5.077241421,5.582098961,5.169486046,5.077241421,5.077241421,5.874339581,4.996697903,6.697847366,5.062998295,5.410989761,5.779101849,5.034433842,5.037205219,5.383756638,5.546946526,4.955154419,3.682026148,3.682026148",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,138.201.12.87,tcp,56651,30303,finished,18,14,1578508365154075,1578508365225822,1578508365257069,0,0,417,327,657,391,0,2,5636.8,36541,12197.5,148778048.0,2.6,"32598,32641,1212,33881,3882,36541,367,364,134,135,131,136,417,10,43,12,102,2,13,40,18,46,15,31120,114,13,120,11,562,50,11",46,84.1,469,91.5,8376.2,4.5,"64,60,52,469,52,379,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46","14,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1","4.515677452,5.379368782,5.077241421,7.567195415,5.310736179,7.401209831,5.115703106,5.951604366,5.115703106,5.671802521,5.154164791,5.701214790,5.115703583,5.958903790,5.229689121,6.830620766,5.251152992,5.581483841,5.896461964,5.191953182,5.265881062,5.554578781,5.581483841,5.192626476,5.310736179,3.682026148,3.682026148,3.682026148,3.682026148,3.682026148,3.682026148,3.682026148",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,172.105.94.62,tcp,56646,30303,finished,20,12,1578508365079165,1578508365271500,1578508365271455,0,0,474,332,810,780,0,5,12407.3,116020,26211.9,687065472.0,2.9,"25501,25603,1194,25860,91412,116020,834,13,59,13,31,24470,23554,429,12,15,16,655,121,709,21,11,5,23284,18,24097,248,344,46,20,10",52,102.3,526,108.5,11769.5,4.5,"64,60,52,526,52,384,52,84,53,176,55,68,292,52,84,53,100,67,52,68,52,52,52,52,260,52,52,84,52,53,55,64","14,4,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,1,1,1,1,1,0,0,1,0,0,0","4.441382408,5.289900780,4.976373672,7.566489220,5.131024361,7.376211166,5.053297043,5.896462440,5.130724430,6.832929611,5.096785545,5.533761978,7.210265636,5.053297043,5.805871487,5.055253029,5.924697399,5.492858887,5.246409416,5.480678558,5.246409416,5.169486046,5.246409416,5.246409416,7.089441776,5.193430901,4.976373672,5.702836037,5.193430901,5.130724430,5.205876350,5.255445480",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,176.9.136.209,tcp,56652,30303,finished,18,14,1578508365169225,1578508365239481,1578508365271811,0,0,531,428,771,492,0,1,5575.5,34994,12229.4,149558160.0,2.5,"32769,32829,1344,33937,2357,34994,270,193,122,12,123,10,417,12,70,10,89,1,14,53,11,44,42,32625,14,112,124,133,12,7,92",46,90.6,583,116.9,13676.1,4.4,"64,60,52,583,52,480,52,84,52,68,68,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46","14,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1","4.453177452,5.379369259,5.115703106,7.627379894,5.272274971,7.546579361,5.077241421,5.936781406,5.077241421,5.701214314,5.701214314,5.115703106,5.115703106,5.911284924,5.154217243,6.794458389,5.228514671,5.699130058,5.935094357,5.191953182,5.228844166,5.493040085,5.581483841,5.154164791,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,162.228.29.160,tcp,56635,30303,finished,21,11,1578508364832618,1578508365154217,1578508365304459,0,0,413,405,653,469,0,1,25594.8,159357,56992.8,3248178688.0,2.5,"157669,157791,1578,152892,8130,159357,1177,13,61,20,78,1877,13,527,1,123,12,130,3,101,114,166,3,78,34,46,32,749,390,149661,614",46,87.5,465,99.1,9815.1,4.5,"64,60,52,465,52,457,52,84,53,176,55,68,84,53,52,52,54,65,52,52,68,52,84,53,54,65,68,52,52,52,52,46","17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,1,0,0,1,0,0,0,0,0,0,0,1,0,1,1","4.421927452,5.346035480,5.077241421,7.486079693,5.156889439,7.536809444,5.038779736,5.887475491,5.154217243,6.869001865,5.192151070,5.540970802,5.945767879,5.232362270,5.038779736,5.077241421,5.268505096,5.556758881,5.077241421,5.038780212,5.612979889,5.038780212,5.673190117,5.078745365,5.080696106,5.322218418,5.522660255,5.077241421,5.156889915,5.077241421,5.233813286,3.768982887",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,18.219.167.159,tcp,56639,30303,finished,20,12,1578508364932939,1578508365188877,1578508365309479,0,0,521,490,761,554,0,7,20402.5,130950,46194.5,2133934848.0,2.4,"130846,130950,1277,122765,1253,122671,155,10,149,9,88,86,123,126,124,123,256,9,49,17,28,59,7,51,29,22,20,121098,33,23,22",46,93.0,573,122.2,14931.5,4.3,"64,60,52,573,52,542,52,84,53,52,52,67,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46","16,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1","4.484427452,5.300120831,5.038779736,7.626091480,5.156889439,7.533421516,5.077241898,5.942617416,5.156890869,5.038780212,5.038780212,5.524824619,5.077241898,5.583567619,5.077241898,5.156889439,5.038780212,5.902298450,5.116480827,6.768815994,5.105699062,5.552071571,5.744618893,5.116480827,5.117732525,5.395370483,5.552071571,5.077241421,3.926020861,3.969499111,3.969499111,3.969499111",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,35.228.250.140,tcp,56650,30303,finished,20,12,1578508365153718,1578508365327684,1578508365329449,0,0,462,442,750,778,0,2,11280.5,57129,22219.5,493705824.0,2.8,"56823,56925,1602,56390,2342,57129,531,462,124,8,117,8,162,10,51,23,20,1132,926,430,2,33,26,92,56511,32,22,55939,9,1784,32",52,100.4,514,109.7,12030.8,4.5,"64,60,52,514,52,494,52,84,52,195,53,52,52,84,53,176,55,68,68,52,84,53,100,67,68,52,84,134,52,52,82,52","15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,1,1","4.515677452,5.240226269,5.115703106,7.534019470,5.233812809,7.516967297,5.154164791,5.847379684,5.115703106,6.830158234,5.194627285,5.024262905,5.038780212,5.926107883,5.078744888,6.739013672,5.192151070,5.482147217,5.671802521,5.115703106,5.887475491,5.191953182,6.048761845,5.522709846,5.522660255,5.233812809,5.894998550,6.621984482,5.115703106,5.062724590,5.776439667,5.272274494",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,18.138.108.67,tcp,56622,30303,finished,21,11,1578508364523182,1578508365078877,1578508365330913,0,0,531,318,771,382,0,7,43981.5,300415,100376.1,10075352064.0,2.3,"300373,300415,1705,253379,743,11,252408,10,126,124,122,12,120,7,112,11,115,13,362,33,90,11,17,64,29,59,24,45,44,252812,30",46,88.3,583,106.2,11275.5,4.4,"64,60,52,583,52,370,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.428027153,5.279368877,5.038780212,7.657849789,5.131024361,7.439465523,5.864164352,5.000318527,5.000318050,5.244720936,5.038779736,5.317672253,5.536067009,5.000318050,5.000318050,5.563788414,5.169486046,5.000318050,5.000318050,5.759441853,4.989030361,6.735422134,5.192151546,5.357292175,5.816047192,5.041008472,5.154769897,5.339193821,5.410754204,5.038779736,3.682026386,3.682026386",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,18.138.81.28,tcp,56623,30303,finished,21,11,1578508364523185,1578508365096272,1578508365350710,0,0,471,422,711,486,0,8,45181.0,308079,102626.0,10532101120.0,2.4,"308002,308079,2079,260252,1619,259755,495,482,122,10,122,8,118,9,119,17,140,15,66,21,45,75,23,49,39,20,18,2347,1915,254515,36",46,89.8,523,108.1,11684.8,4.4,"64,60,52,523,52,474,52,84,52,53,54,52,52,65,68,52,52,84,53,176,55,68,84,53,54,65,68,52,52,52,52,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,1","4.515677452,5.379368782,5.115703106,7.587895393,5.233812809,7.532115936,5.077241421,5.898149014,5.038779736,5.232362747,5.231468678,5.000318050,5.038779736,5.618297577,5.642390728,5.038779736,5.000318050,5.825033665,5.041009426,6.724864960,5.192151070,5.429300308,5.854679585,5.078745842,5.117733479,5.462270737,5.482147217,5.038779736,5.195351601,5.077241421,5.195351601,3.768982887",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,165.22.107.33,tcp,56610,30303,finished,21,11,1578508364522826,1578508365153717,1578508365439333,0,0,574,396,814,460,0,2,49916.1,339297,113624.6,12910541824.0,2.4,"339196,339297,1296,287250,2535,288430,1006,11,1005,14,2,8,122,6,111,4,2,12,35,118,61,115,34,101,31,26,56,616,251,285614,33",46,92.1,626,119.2,14212.1,4.4,"64,60,52,626,52,448,52,84,53,52,52,84,53,54,65,176,52,55,52,68,68,52,84,53,54,65,68,52,52,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,1,1","4.453177452,5.379368782,5.038780212,7.608707905,5.000318050,7.463840485,5.077241421,5.793924809,5.119154453,5.000318050,5.038779736,5.816047192,5.041009426,5.103753567,5.464450836,6.749572277,5.000318050,5.155787945,5.000318050,5.441635132,5.524744034,5.038779736,5.878488541,5.041008949,5.117733002,5.431501389,5.552072525,5.115703106,5.156889439,5.115703106,3.725504398,3.725504398",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,52.187.207.27,tcp,56621,30303,finished,21,11,1578508364523145,1578508365197191,1578508365510722,0,0,525,451,765,515,0,7,53600.7,354597,122026.8,14890529792.0,2.4,"354503,354597,1517,316901,1340,316735,173,101,119,114,122,127,128,12,120,9,115,122,283,10,68,11,22,44,44,48,7,18,49,313859,305",46,92.4,577,118.1,13953.7,4.4,"64,60,52,577,52,503,52,84,52,53,52,54,52,65,68,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.515677452,5.379368782,5.077241898,7.643549442,5.207947731,7.572619438,5.077241898,5.878986835,5.077241421,5.282456875,5.077241421,5.280635357,5.077241421,5.480534077,5.670333862,5.038779736,5.077241421,5.131024361,5.038779736,5.665890694,5.034432411,6.857876301,5.113088131,5.388787270,5.793924809,5.034432888,5.037204742,5.395370483,5.418199539,4.955154419,5.131024361,3.682026386",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,51.161.23.12,tcp,56660,30303,finished,20,12,1578508365271977,1578508365699150,1578508365699343,0,0,573,421,861,662,0,2,27565.8,147323,54220.4,2939852800.0,2.8,"139345,139431,1667,141731,7248,147323,778,15,57,13,65,6714,5782,300,242,748,13,7,750,26,2,438,13,27,43,49,129951,188,824,130452,297",52,100.2,625,122.1,14898.1,4.4,"64,60,52,625,52,473,52,84,53,176,55,68,84,52,53,52,202,61,68,52,52,52,84,53,100,67,68,52,52,84,52,53","15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1","4.453177452,5.273559570,4.976373672,7.683106422,5.094483852,7.563943863,5.053297043,5.816047192,5.055253029,6.738208294,5.205876350,5.563172817,5.912971973,5.115703106,5.307834625,5.115703106,6.880195141,5.500168800,5.701214790,5.077241421,5.077241421,5.038779736,5.830870152,5.003273487,6.124698639,5.451741219,5.522660255,5.094483376,5.132945061,5.969577789,5.000318527,5.246605873",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,86.107.243.62,tcp,56671,30303,finished,24,8,1578508365592330,1578508365741203,1578508365740945,0,0,540,364,929,812,0,6,9596.4,39189,16023.4,256750832.0,3.1,"39074,39189,1465,38437,362,37288,763,13,47,10,88,39176,38284,307,256,561,11,34,20,89,30734,30582,269,187,28,20,37,34,54,6,63",52,107.0,592,118.7,14100.3,4.4,"64,60,52,592,52,416,52,84,53,176,55,68,292,52,52,52,84,53,100,67,68,260,52,52,84,53,55,64,68,84,53,56","17,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0","4.484427452,5.346035480,5.077241421,7.656184673,5.233812809,7.517492771,5.077241898,5.839856625,5.102238178,6.715719223,5.192151070,5.552071571,7.256381512,5.038780212,5.118427753,5.195351124,5.807060242,5.116481304,6.072246075,5.481591702,5.581483841,7.116200924,5.038780212,5.233812809,5.744618893,5.154217243,5.228514671,5.419355392,5.552072048,5.863666058,5.154217243,5.264381886",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,157.230.152.87,tcp,56658,30303,finished,20,12,1578508365239758,1578508365782730,1578508365782698,0,0,583,391,871,648,0,8,35029.4,184362,71024.3,5044451840.0,2.6,"179302,179369,1797,184362,177,182759,106,62,111,97,367,12,367,8,114,117,157,11,64,17,19,306,10,10,14,156,176481,904,995,9,177632",52,100.1,635,121.0,14650.9,4.4,"64,60,52,635,52,443,52,84,52,53,52,213,66,52,52,68,52,84,53,176,55,68,84,53,111,56,68,52,52,84,53,52","15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0","4.515677452,5.346035480,5.038780212,7.678948879,5.233812809,7.426693916,5.115703106,5.903985023,5.115703106,5.307834625,5.115703106,7.013820648,5.585841656,5.077241421,5.077241421,5.642391205,5.038780212,5.798073769,5.116480827,6.750286102,5.119424820,5.423324585,5.821883202,5.116480827,6.247833252,5.085811138,5.423323631,5.142372608,5.156889439,5.894998550,5.270098209,5.038779736",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,139.162.255.210,tcp,56672,30303,finished,18,14,1578508365701530,1578508365787932,1578508365828317,0,0,386,356,626,420,0,8,6877.1,42383,15108.4,228262896.0,2.6,"41413,41460,1312,42383,1046,42119,204,192,363,356,369,368,205,23,58,13,64,62,24,80,8,25,33,39148,1363,11,132,116,14,104,121",46,84.0,438,90.7,8221.2,4.5,"64,60,52,438,52,408,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46","14,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1","4.472632408,5.366787434,5.077241898,7.477252960,5.094483376,7.506056309,5.032077789,5.945768356,5.032077789,5.682903290,5.032077789,5.594669342,5.032077789,5.686549187,5.109905720,6.751657963,5.222177982,5.381002426,5.835707664,5.072169304,5.148315907,5.414526463,5.517535210,5.070539474,5.209868431,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,52.9.128.68,tcp,56661,30303,finished,20,12,1578508365279592,1578508365851788,1578508365851734,0,0,472,428,760,764,0,9,36914.1,194120,74421.4,5538540544.0,2.7,"179215,179258,1530,193512,372,17,192344,9,225,230,714,12,52,18,61,2845,2062,406,9,21,19,104,193755,151,777,194120,128,66,1119,26,1161",52,100.2,524,109.0,11872.9,4.5,"64,60,52,524,52,480,84,52,52,184,52,84,53,176,55,68,80,52,84,53,100,67,68,52,52,84,52,133,52,83,52,52","15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,1,0,1,1,0","4.453177452,5.348397732,4.961856365,7.599962234,4.933627129,7.510960579,5.832557201,4.932822704,4.932822704,6.835141659,4.894361019,5.783250809,5.064501762,6.716285229,5.069335938,5.335089684,5.759187222,4.947339535,5.789087296,5.078744888,6.152247906,5.259534836,5.434425354,4.972088337,5.025067329,5.878987312,5.038779736,6.474194050,4.961856842,5.903718472,5.154969215,4.961856842",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,94.68.55.162,tcp,56674,30303,finished,20,12,1578508365741903,1578508365961141,1578508365961206,0,0,547,504,835,840,0,7,14146.5,75129,28349.9,803714368.0,2.7,"71269,71376,1312,75129,983,32,74778,28,135,90,486,477,192,27,65,15,66,252,9,12,16,87,69614,777,19,69699,729,15,730,7,115",52,105.0,599,126.8,16079.3,4.4,"64,60,52,599,52,556,84,52,52,195,52,69,52,84,53,176,55,68,84,53,100,67,68,52,52,84,52,134,82,52,52,52","15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,2,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1","4.428027153,5.333454132,5.014835358,7.631373405,5.195351601,7.586966038,5.775951385,5.038780212,5.000318050,6.896724224,5.000318527,5.543021202,5.038780212,5.697000027,5.116480827,6.792954922,5.069334984,5.517535210,5.883326530,5.154216766,6.099795818,5.552560806,5.458711624,5.156889439,5.195351124,5.775951862,5.038780212,6.440905094,5.855588436,5.038779736,5.038779736,5.118428230",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,138.75.171.190,tcp,56657,30303,finished,17,15,1578508365226088,1578508365751522,1578508366012044,0,0,539,459,779,523,0,8,42302.9,263115,95827.5,9182917632.0,2.4,"259670,259779,1313,261414,3049,263115,462,422,253,247,161,10,63,22,41,100,13,84,18,22,24,260103,45,20,93,122,13,668,28,8,8",46,91.4,591,121.5,14755.2,4.3,"64,60,52,591,52,511,52,84,52,84,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46,46,46","13,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1","4.484427452,5.266787052,5.014835358,7.622575283,5.176993370,7.537411690,4.937911987,5.836015701,4.937911987,5.821192741,4.937912464,5.839856625,5.055252075,6.730566502,5.133149624,5.533761024,5.816047192,4.979780197,5.094675064,5.473884583,5.364500046,5.014835358,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398",Mining,42,0,Unsafe,Mining,6,DPI,"22" -1,ip4,192.168.1.184,78.47.147.155,tcp,56673,30303,finished,23,9,1578508365712625,1578508366123630,1578508366123331,0,0,567,347,951,859,0,12,26506.8,285939,65286.3,4262303488.0,2.6,"40373,40438,1542,40906,246535,285939,40615,40605,699,30,144,12,23,360,16,18,29,110,39411,235,883,650,39691,157,36,21,17,63,1098,839,216",52,109.6,619,120.4,14503.6,4.5,"64,60,52,619,52,292,64,399,52,84,53,176,55,68,84,53,100,67,68,52,52,52,116,52,84,53,55,64,68,260,52,84","16,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,1,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,0","4.453177452,5.346035480,5.077241421,7.661995411,5.233812809,7.235357285,5.194910049,7.441572666,5.062724113,5.854679585,5.191952705,6.817754745,5.228514671,5.610895157,5.854679585,5.229689121,6.152247906,5.547358990,5.581482887,5.272274494,5.272274494,5.272274494,6.375947475,5.115703106,5.887475491,5.154217243,5.264878273,5.481855392,5.592584610,7.149727345,5.077241421,5.878489017",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,35.158.244.151,tcp,56615,30303,finished,21,11,1578508364522958,1578508364631940,1578508364658815,0,0,495,448,735,512,0,3,7898.0,63466,18325.6,335828128.0,2.4,"42899,42982,2208,63466,818,46,62123,6,373,313,356,354,126,10,127,6,123,159,339,3,86,17,41,85,11,59,21,32,10,27626,14",46,91.2,547,114.1,13011.4,4.4,"64,60,52,547,52,500,84,52,52,53,52,54,52,65,68,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.453177452,5.333454132,5.000318527,7.620707512,5.195351601,7.612061024,5.903985500,5.077241421,5.077241421,5.270098686,5.077241421,5.305542469,5.077241421,5.535423279,5.653491497,5.077241421,5.077241421,5.233812809,5.077241421,5.807060242,5.154217243,6.729629993,5.192151070,5.452736855,5.949917316,5.154217243,5.191807747,5.493040085,5.493248940,5.077241421,3.725504398,3.725504398",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,178.128.195.220,tcp,56626,30303,finished,20,12,1578508364523356,1578508364663606,1578508364664348,0,0,546,404,1106,612,0,1,9072.3,62996,18852.3,355411104.0,2.7,"42941,42985,1880,62851,2026,2,12,7,1,62996,2,23,5,115,83,3,1324,29,68,8,50,438,29,39,9,101,32217,29,13,30178,778",52,107.8,598,122.8,15078.8,4.4,"64,60,52,598,52,456,84,53,208,55,52,52,52,52,68,52,52,84,53,176,55,68,84,53,100,67,68,64,64,64,324,64","14,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1","4.408572197,5.379368782,5.077241421,7.669267178,5.156889439,7.526873589,5.951604366,5.156891346,6.891885281,5.267454624,5.077241421,5.038779736,5.000318050,5.038779736,5.524744987,5.038779736,5.000318050,5.872653008,5.041009903,6.756078243,5.155787468,5.423323631,5.920271873,5.041009903,6.031247139,5.403306961,5.416114807,5.165874004,5.197124004,5.228374004,7.334465981,5.165874004",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,34.255.23.113,tcp,56627,30303,finished,21,11,1578508364523418,1578508364659019,1578508364721593,0,0,512,402,752,466,0,2,10767.0,70198,24163.0,583848512.0,2.4,"70028,70198,1425,62112,2103,2,2,32,23,22,62731,3,15,11,2,8,85,118,636,45,106,25,18,64,32,95,10,50,9,63729,37",46,90.3,564,111.3,12394.7,4.4,"64,60,52,564,52,454,84,53,54,65,68,52,52,52,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.441382408,5.346035480,5.024262905,7.573521614,5.233813286,7.579136848,5.880175591,5.270098686,5.268505573,5.525989532,5.642391205,5.062724590,5.024262905,5.024262905,5.024262905,5.062724590,5.062724590,5.272274494,5.062724590,5.967890739,5.154217243,6.729060650,5.228514671,5.477021694,5.839856625,5.078744888,5.191807270,5.462270737,5.610895157,5.115703106,3.600984097,3.600984097",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,51.38.60.79,tcp,56629,30303,finished,19,13,1578508364632239,1578508364714483,1578508364786943,0,0,421,340,661,404,0,1,7643.5,72892,17918.8,321082976.0,2.4,"36441,36500,1495,43967,497,46,63,13,18,43065,4,1,1,17,703,21,64,47,32,88,50,77,17,30,32,72892,13,7,734,1,12",46,85.0,473,93.3,8701.2,4.5,"64,60,52,473,52,392,84,53,54,81,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46","15,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1","4.421927452,5.379368782,5.115703106,7.505434513,5.310736179,7.434167385,5.999223709,5.232362747,5.342579842,5.892141342,5.115703106,5.115703106,5.115703106,5.024262905,5.115703106,5.869502068,5.116480827,6.709120274,5.214789391,5.552071571,5.902298450,5.154217243,5.228844643,5.462270737,5.552072525,5.115703106,5.310736179,3.969498873,3.926020622,3.969498873,3.969498873,3.969498873",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,51.38.81.180,tcp,56632,30303,finished,21,11,1578508364682687,1578508364832409,1578508364898847,0,0,479,439,719,503,0,1,11802.6,78584,26563.9,705640768.0,2.4,"68454,68561,1411,78125,1877,68,78584,38,219,12,4,177,15,1,106,11,115,2,426,13,74,15,66,39,30,87,16,26,26,67245,39",46,90.4,531,111.1,12335.6,4.4,"64,60,52,531,52,491,84,52,52,53,54,65,52,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.397368431,5.306893826,4.993616104,7.595185280,5.233812809,7.573578358,5.960590839,5.154164791,5.077241421,5.270098686,5.268505573,5.587528229,5.115703106,5.115703106,5.115703106,5.554157257,5.310736179,5.115703106,5.115703106,5.935094357,5.154217243,6.817276955,5.264878273,5.581483841,5.878489017,5.078744411,5.228844166,5.493040085,5.610895157,5.115703106,3.909610271,3.866132259",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,82.145.220.249,tcp,56633,30303,finished,17,15,1578508364714836,1578508364867557,1578508364919424,0,0,442,422,682,486,0,2,11526.1,77251,26248.2,688970368.0,2.4,"74179,74294,1198,77251,76054,663,12,594,2,179,16,57,19,60,67,15,72,28,42,24,51962,31,247,15,13,11,81,2,10,6,105",46,87.1,494,105.3,11090.0,4.4,"64,60,52,494,474,52,84,84,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46,46,46,46","13,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1","4.441382408,5.381731033,5.115703106,7.596201897,7.501367569,5.115703106,5.935592651,5.974224567,5.115703106,5.115703106,5.982713223,5.154216766,6.770318985,5.264878273,5.610895157,5.743154526,5.041008472,5.154769897,5.523809433,5.581483841,5.115703106,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,3.209.45.79,tcp,56628,30303,finished,21,11,1578508364523420,1578508364824407,1578508364936429,0,0,395,470,635,534,0,2,23032.1,164457,52707.1,2778034688.0,2.4,"134408,134510,2041,164457,730,163149,164,16,91,13,125,16,10,133,2,2,198,213,439,13,62,28,71,55,19,91,9,24,22,112857,28",46,89.0,522,105.0,11031.5,4.5,"64,60,52,447,52,522,52,84,53,52,52,54,65,68,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46","17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.441382408,5.266787052,4.985801220,7.462465286,5.103911400,7.567200184,4.947339535,5.975413799,5.232362270,4.985801220,4.985801220,5.268505096,5.587528229,5.642391205,4.985801220,4.985801220,4.947339535,5.118428230,4.985801220,5.926107883,5.116480827,6.775084019,5.192151546,5.511558533,5.887475491,5.078744888,5.094675064,5.481426716,5.452735901,5.000318050,5.118428230,3.682026386",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,209.250.240.205,tcp,56638,30303,finished,20,12,1578508364924936,1578508365038162,1578508365038195,0,0,415,494,975,686,0,3,7306.0,43142,14269.1,203606176.0,2.8,"32588,32677,1133,41248,3045,43142,1077,15,57,29,33,2220,3,33,1051,3,12,110,51,429,10,11,17,141,33844,34,22,20,33327,11,92",52,106.0,546,112.4,12624.2,4.5,"64,60,52,467,52,546,52,84,53,176,55,68,84,53,195,52,52,52,68,52,84,53,100,67,68,64,64,64,64,212,164,52","13,3,0,2,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,1,1,1,1,0,0,1","4.515677452,5.379368782,5.115703106,7.628110409,5.233812809,7.621943474,5.000318050,5.854679585,5.026765347,6.739012241,5.155788422,5.511559486,6.055828571,5.194625378,6.831315041,5.038779736,5.077241421,5.077241421,5.642391205,5.077241421,5.911284924,5.154216290,6.092246532,5.582411766,5.463837624,5.146419048,5.146419048,5.177669048,5.146419048,6.910353184,6.676519394,5.156889439",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,40.67.144.128,tcp,56630,30303,finished,18,14,1578508364659294,1578508364932664,1578508365043187,0,0,431,423,671,487,0,1,21202.0,158141,48725.8,2374199552.0,2.4,"158073,158141,1927,112688,964,45,111769,2,97,24,66,10,893,34,92,13,26,143,3,148,30,48,25,111098,32,825,2,26,2,1,16",46,87.3,483,103.8,10779.3,4.4,"64,60,52,483,52,475,84,52,52,68,68,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46","14,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1","4.484427452,5.346035480,5.077241421,7.564687252,5.233812809,7.546903610,5.936781406,5.115703106,5.154164791,5.653491974,5.612979889,5.077241421,5.154164314,5.811898232,5.109905720,6.736226082,5.149451256,5.359375000,5.770115376,5.072169781,5.074242115,5.414525986,5.488122940,5.032077789,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,104.42.217.25,tcp,56611,30303,finished,21,11,1578508364522827,1578508364921758,1578508365096545,0,0,490,467,730,531,0,2,31375.8,202293,71334.6,5088628224.0,2.4,"194951,195066,1242,202293,279,25,201303,2,92,53,99,12,102,9,99,103,126,125,566,17,55,13,75,43,16,62,14,42,23,175388,354",46,91.8,542,115.5,13350.2,4.4,"64,60,52,542,52,519,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.421927452,5.333454132,5.038780212,7.555685520,5.246409416,7.620338917,5.920769691,5.115702629,5.154164314,5.282457829,5.154164314,5.280635834,5.493683815,5.154164314,5.154164314,5.622612953,5.154164314,5.246409416,5.154164314,5.716195107,5.109905720,6.683475971,5.149451256,5.517535210,5.772800446,5.034432888,5.111279488,5.487678528,5.447609901,5.070538998,5.207947731,3.725504398",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,159.203.84.31,tcp,56634,30303,finished,21,11,1578508364824682,1578508365044863,1578508365151822,0,0,571,513,811,577,0,2,17655.5,109385,39696.4,1575808128.0,2.4,"107626,107678,1475,109033,1825,109385,687,13,52,13,68,1028,198,109,79,136,133,112,7,116,2,80,130,42,5,71,30,33,21,107121,13",46,95.6,623,130.9,17130.1,4.3,"64,60,52,623,52,565,52,84,53,176,55,68,84,52,53,52,54,52,65,68,52,52,84,52,53,52,54,65,68,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,0,1,1","4.484427452,5.379368782,5.115703583,7.654181480,5.195351601,7.665644169,5.154164791,5.911284924,5.191953182,6.883150101,5.155787945,5.581483364,5.880175591,5.115703106,5.194626331,5.115703106,5.305542946,5.115703106,5.587528229,5.730626106,5.101186275,5.091758728,5.816046715,5.156889915,5.154217243,5.062724590,5.052737236,5.322218418,5.581483364,5.139647484,3.969499111,4.012977600",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,178.62.29.183,tcp,56643,30303,finished,20,12,1578508365029590,1578508365168387,1578508365168448,0,0,469,318,757,531,0,2,8956.6,48881,17793.5,316609056.0,2.7,"44428,44545,1146,47405,2629,34,48881,2,106,60,120,15,121,3,107,116,574,31,61,16,57,386,11,31,13,50,43304,549,42693,151,10",52,92.9,521,97.8,9570.5,4.5,"64,60,52,521,52,370,84,52,52,53,52,177,54,52,52,68,52,84,53,176,55,68,84,53,100,67,68,52,84,52,53,56","15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1","4.453177452,5.412702084,5.077241421,7.576026917,5.094483852,7.477237225,5.936781406,5.038779736,5.038779736,5.194627285,5.077241421,6.737099171,5.342579842,5.038780212,5.038780212,5.701214790,5.077241421,5.863666058,5.154217243,6.725339890,5.192151546,5.463837624,5.839856625,5.116481781,6.092247009,5.492858887,5.610895157,5.142373085,5.945767879,5.038779736,5.232362270,5.409769058",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,185.219.133.62,tcp,56645,30303,finished,20,12,1578508365045064,1578508365193903,1578508365193933,0,0,410,382,698,623,0,1,9603.5,51634,18821.1,354234048.0,2.8,"47219,47359,1594,49528,3728,51634,828,16,1020,92,14,1,37,127,71,134,135,105,102,138,138,353,12,12,16,83,45623,1100,32,46342,115",52,93.9,462,97.7,9536.3,4.5,"64,60,52,462,52,434,52,84,53,84,176,52,55,68,53,52,208,52,55,52,68,52,84,53,100,67,68,52,52,84,52,53","15,3,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,1,0,0,0,0,1,0,1,0,1,0,1,0,0,0,0,0,0,1,1,1,0,1","4.453177452,5.346035004,5.115703106,7.515024185,5.233812809,7.417223930,4.993616104,5.784938335,5.072169304,5.912971973,6.701569080,5.101185799,5.178425789,5.447610855,5.218119621,5.101185799,6.890011311,5.062724113,5.253729820,5.062724113,5.434425354,5.062724113,5.620957375,5.057926178,6.028760910,5.398105145,5.477022171,5.180834770,5.180834770,5.823570728,5.062724113,5.218119144",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,52.231.165.108,tcp,56618,30303,finished,21,11,1578508364523039,1578508365008936,1578508365219392,0,0,450,453,690,517,0,3,38137.1,261804,87113.6,7588779008.0,2.3,"261712,261804,1508,222767,73,3,23,221290,9,6,194,11,189,20,102,10,88,9,563,27,71,35,50,54,29,73,9,29,34,211443,15",46,90.2,505,109.1,11904.3,4.4,"64,60,52,502,52,505,84,53,52,52,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.472632408,5.279368401,4.971284389,7.593235970,5.176993370,7.560348034,5.783750057,5.246605873,5.115703106,5.115703106,5.077241421,5.287864685,5.597605228,5.115703106,5.077241421,5.652023315,5.209868431,5.115703106,5.115703106,5.731483459,5.109905720,6.885459900,5.149450779,5.450927734,5.835707664,5.147641182,5.185353279,5.518447876,5.509750366,5.032077789,5.246409416,3.768982887",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,191.234.162.198,tcp,56620,30303,finished,21,11,1578508364523109,1578508365009640,1578508365221428,0,0,512,459,752,523,0,2,38221.0,263164,87319.6,7624720896.0,2.3,"263094,263164,1256,221848,245,3,9,220800,8,13,125,15,115,10,130,9,138,8,711,8,50,43,2,70,7,75,9,33,11,212620,221",46,92.1,564,117.4,13788.7,4.4,"64,60,52,564,52,511,84,53,52,52,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.421927452,5.346035480,4.947339535,7.600792408,5.169486523,7.523147583,5.992197990,5.169249058,5.077241421,5.077241421,5.077241421,5.243598461,5.597605228,5.077241421,5.077241421,5.582098961,5.169486046,5.077241421,5.077241421,5.874339581,4.996697903,6.697847366,5.062998295,5.410989761,5.779101849,5.034433842,5.037205219,5.383756638,5.546946526,4.955154419,3.682026148,3.682026148",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,138.201.12.87,tcp,56651,30303,finished,18,14,1578508365154075,1578508365225822,1578508365257069,0,0,417,327,657,391,0,2,5636.8,36541,12197.5,148778048.0,2.6,"32598,32641,1212,33881,3882,36541,367,364,134,135,131,136,417,10,43,12,102,2,13,40,18,46,15,31120,114,13,120,11,562,50,11",46,84.1,469,91.5,8376.2,4.5,"64,60,52,469,52,379,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46","14,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1","4.515677452,5.379368782,5.077241421,7.567195415,5.310736179,7.401209831,5.115703106,5.951604366,5.115703106,5.671802521,5.154164791,5.701214790,5.115703583,5.958903790,5.229689121,6.830620766,5.251152992,5.581483841,5.896461964,5.191953182,5.265881062,5.554578781,5.581483841,5.192626476,5.310736179,3.682026148,3.682026148,3.682026148,3.682026148,3.682026148,3.682026148,3.682026148",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,172.105.94.62,tcp,56646,30303,finished,20,12,1578508365079165,1578508365271500,1578508365271455,0,0,474,332,810,780,0,5,12407.3,116020,26211.9,687065472.0,2.9,"25501,25603,1194,25860,91412,116020,834,13,59,13,31,24470,23554,429,12,15,16,655,121,709,21,11,5,23284,18,24097,248,344,46,20,10",52,102.3,526,108.5,11769.5,4.5,"64,60,52,526,52,384,52,84,53,176,55,68,292,52,84,53,100,67,52,68,52,52,52,52,260,52,52,84,52,53,55,64","14,4,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,1,1,1,1,1,0,0,1,0,0,0","4.441382408,5.289900780,4.976373672,7.566489220,5.131024361,7.376211166,5.053297043,5.896462440,5.130724430,6.832929611,5.096785545,5.533761978,7.210265636,5.053297043,5.805871487,5.055253029,5.924697399,5.492858887,5.246409416,5.480678558,5.246409416,5.169486046,5.246409416,5.246409416,7.089441776,5.193430901,4.976373672,5.702836037,5.193430901,5.130724430,5.205876350,5.255445480",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,176.9.136.209,tcp,56652,30303,finished,18,14,1578508365169225,1578508365239481,1578508365271811,0,0,531,428,771,492,0,1,5575.5,34994,12229.4,149558160.0,2.5,"32769,32829,1344,33937,2357,34994,270,193,122,12,123,10,417,12,70,10,89,1,14,53,11,44,42,32625,14,112,124,133,12,7,92",46,90.6,583,116.9,13676.1,4.4,"64,60,52,583,52,480,52,84,52,68,68,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46","14,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1","4.453177452,5.379369259,5.115703106,7.627379894,5.272274971,7.546579361,5.077241421,5.936781406,5.077241421,5.701214314,5.701214314,5.115703106,5.115703106,5.911284924,5.154217243,6.794458389,5.228514671,5.699130058,5.935094357,5.191953182,5.228844166,5.493040085,5.581483841,5.154164791,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,162.228.29.160,tcp,56635,30303,finished,21,11,1578508364832618,1578508365154217,1578508365304459,0,0,413,405,653,469,0,1,25594.8,159357,56992.8,3248178688.0,2.5,"157669,157791,1578,152892,8130,159357,1177,13,61,20,78,1877,13,527,1,123,12,130,3,101,114,166,3,78,34,46,32,749,390,149661,614",46,87.5,465,99.1,9815.1,4.5,"64,60,52,465,52,457,52,84,53,176,55,68,84,53,52,52,54,65,52,52,68,52,84,53,54,65,68,52,52,52,52,46","17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,1,0,0,1,0,0,0,0,0,0,0,1,0,1,1","4.421927452,5.346035480,5.077241421,7.486079693,5.156889439,7.536809444,5.038779736,5.887475491,5.154217243,6.869001865,5.192151070,5.540970802,5.945767879,5.232362270,5.038779736,5.077241421,5.268505096,5.556758881,5.077241421,5.038780212,5.612979889,5.038780212,5.673190117,5.078745365,5.080696106,5.322218418,5.522660255,5.077241421,5.156889915,5.077241421,5.233813286,3.768982887",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,18.219.167.159,tcp,56639,30303,finished,20,12,1578508364932939,1578508365188877,1578508365309479,0,0,521,490,761,554,0,7,20402.5,130950,46194.5,2133934848.0,2.4,"130846,130950,1277,122765,1253,122671,155,10,149,9,88,86,123,126,124,123,256,9,49,17,28,59,7,51,29,22,20,121098,33,23,22",46,93.0,573,122.2,14931.5,4.3,"64,60,52,573,52,542,52,84,53,52,52,67,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46","16,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1","4.484427452,5.300120831,5.038779736,7.626091480,5.156889439,7.533421516,5.077241898,5.942617416,5.156890869,5.038780212,5.038780212,5.524824619,5.077241898,5.583567619,5.077241898,5.156889439,5.038780212,5.902298450,5.116480827,6.768815994,5.105699062,5.552071571,5.744618893,5.116480827,5.117732525,5.395370483,5.552071571,5.077241421,3.926020861,3.969499111,3.969499111,3.969499111",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,35.228.250.140,tcp,56650,30303,finished,20,12,1578508365153718,1578508365327684,1578508365329449,0,0,462,442,750,778,0,2,11280.5,57129,22219.5,493705824.0,2.8,"56823,56925,1602,56390,2342,57129,531,462,124,8,117,8,162,10,51,23,20,1132,926,430,2,33,26,92,56511,32,22,55939,9,1784,32",52,100.4,514,109.7,12030.8,4.5,"64,60,52,514,52,494,52,84,52,195,53,52,52,84,53,176,55,68,68,52,84,53,100,67,68,52,84,134,52,52,82,52","15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,1,1","4.515677452,5.240226269,5.115703106,7.534019470,5.233812809,7.516967297,5.154164791,5.847379684,5.115703106,6.830158234,5.194627285,5.024262905,5.038780212,5.926107883,5.078744888,6.739013672,5.192151070,5.482147217,5.671802521,5.115703106,5.887475491,5.191953182,6.048761845,5.522709846,5.522660255,5.233812809,5.894998550,6.621984482,5.115703106,5.062724590,5.776439667,5.272274494",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,18.138.108.67,tcp,56622,30303,finished,21,11,1578508364523182,1578508365078877,1578508365330913,0,0,531,318,771,382,0,7,43981.5,300415,100376.1,10075352064.0,2.3,"300373,300415,1705,253379,743,11,252408,10,126,124,122,12,120,7,112,11,115,13,362,33,90,11,17,64,29,59,24,45,44,252812,30",46,88.3,583,106.2,11275.5,4.4,"64,60,52,583,52,370,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.428027153,5.279368877,5.038780212,7.657849789,5.131024361,7.439465523,5.864164352,5.000318527,5.000318050,5.244720936,5.038779736,5.317672253,5.536067009,5.000318050,5.000318050,5.563788414,5.169486046,5.000318050,5.000318050,5.759441853,4.989030361,6.735422134,5.192151546,5.357292175,5.816047192,5.041008472,5.154769897,5.339193821,5.410754204,5.038779736,3.682026386,3.682026386",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,18.138.81.28,tcp,56623,30303,finished,21,11,1578508364523185,1578508365096272,1578508365350710,0,0,471,422,711,486,0,8,45181.0,308079,102626.0,10532101120.0,2.4,"308002,308079,2079,260252,1619,259755,495,482,122,10,122,8,118,9,119,17,140,15,66,21,45,75,23,49,39,20,18,2347,1915,254515,36",46,89.8,523,108.1,11684.8,4.4,"64,60,52,523,52,474,52,84,52,53,54,52,52,65,68,52,52,84,53,176,55,68,84,53,54,65,68,52,52,52,52,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,1","4.515677452,5.379368782,5.115703106,7.587895393,5.233812809,7.532115936,5.077241421,5.898149014,5.038779736,5.232362747,5.231468678,5.000318050,5.038779736,5.618297577,5.642390728,5.038779736,5.000318050,5.825033665,5.041009426,6.724864960,5.192151070,5.429300308,5.854679585,5.078745842,5.117733479,5.462270737,5.482147217,5.038779736,5.195351601,5.077241421,5.195351601,3.768982887",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,165.22.107.33,tcp,56610,30303,finished,21,11,1578508364522826,1578508365153717,1578508365439333,0,0,574,396,814,460,0,2,49916.1,339297,113624.6,12910541824.0,2.4,"339196,339297,1296,287250,2535,288430,1006,11,1005,14,2,8,122,6,111,4,2,12,35,118,61,115,34,101,31,26,56,616,251,285614,33",46,92.1,626,119.2,14212.1,4.4,"64,60,52,626,52,448,52,84,53,52,52,84,53,54,65,176,52,55,52,68,68,52,84,53,54,65,68,52,52,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,1,1","4.453177452,5.379368782,5.038780212,7.608707905,5.000318050,7.463840485,5.077241421,5.793924809,5.119154453,5.000318050,5.038779736,5.816047192,5.041009426,5.103753567,5.464450836,6.749572277,5.000318050,5.155787945,5.000318050,5.441635132,5.524744034,5.038779736,5.878488541,5.041008949,5.117733002,5.431501389,5.552072525,5.115703106,5.156889439,5.115703106,3.725504398,3.725504398",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,52.187.207.27,tcp,56621,30303,finished,21,11,1578508364523145,1578508365197191,1578508365510722,0,0,525,451,765,515,0,7,53600.7,354597,122026.8,14890529792.0,2.4,"354503,354597,1517,316901,1340,316735,173,101,119,114,122,127,128,12,120,9,115,122,283,10,68,11,22,44,44,48,7,18,49,313859,305",46,92.4,577,118.1,13953.7,4.4,"64,60,52,577,52,503,52,84,52,53,52,54,52,65,68,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.515677452,5.379368782,5.077241898,7.643549442,5.207947731,7.572619438,5.077241898,5.878986835,5.077241421,5.282456875,5.077241421,5.280635357,5.077241421,5.480534077,5.670333862,5.038779736,5.077241421,5.131024361,5.038779736,5.665890694,5.034432411,6.857876301,5.113088131,5.388787270,5.793924809,5.034432888,5.037204742,5.395370483,5.418199539,4.955154419,5.131024361,3.682026386",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,51.161.23.12,tcp,56660,30303,finished,20,12,1578508365271977,1578508365699150,1578508365699343,0,0,573,421,861,662,0,2,27565.8,147323,54220.4,2939852800.0,2.8,"139345,139431,1667,141731,7248,147323,778,15,57,13,65,6714,5782,300,242,748,13,7,750,26,2,438,13,27,43,49,129951,188,824,130452,297",52,100.2,625,122.1,14898.1,4.4,"64,60,52,625,52,473,52,84,53,176,55,68,84,52,53,52,202,61,68,52,52,52,84,53,100,67,68,52,52,84,52,53","15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1","4.453177452,5.273559570,4.976373672,7.683106422,5.094483852,7.563943863,5.053297043,5.816047192,5.055253029,6.738208294,5.205876350,5.563172817,5.912971973,5.115703106,5.307834625,5.115703106,6.880195141,5.500168800,5.701214790,5.077241421,5.077241421,5.038779736,5.830870152,5.003273487,6.124698639,5.451741219,5.522660255,5.094483376,5.132945061,5.969577789,5.000318527,5.246605873",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,86.107.243.62,tcp,56671,30303,finished,24,8,1578508365592330,1578508365741203,1578508365740945,0,0,540,364,929,812,0,6,9596.4,39189,16023.4,256750832.0,3.1,"39074,39189,1465,38437,362,37288,763,13,47,10,88,39176,38284,307,256,561,11,34,20,89,30734,30582,269,187,28,20,37,34,54,6,63",52,107.0,592,118.7,14100.3,4.4,"64,60,52,592,52,416,52,84,53,176,55,68,292,52,52,52,84,53,100,67,68,260,52,52,84,53,55,64,68,84,53,56","17,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0","4.484427452,5.346035480,5.077241421,7.656184673,5.233812809,7.517492771,5.077241898,5.839856625,5.102238178,6.715719223,5.192151070,5.552071571,7.256381512,5.038780212,5.118427753,5.195351124,5.807060242,5.116481304,6.072246075,5.481591702,5.581483841,7.116200924,5.038780212,5.233812809,5.744618893,5.154217243,5.228514671,5.419355392,5.552072048,5.863666058,5.154217243,5.264381886",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,157.230.152.87,tcp,56658,30303,finished,20,12,1578508365239758,1578508365782730,1578508365782698,0,0,583,391,871,648,0,8,35029.4,184362,71024.3,5044451840.0,2.6,"179302,179369,1797,184362,177,182759,106,62,111,97,367,12,367,8,114,117,157,11,64,17,19,306,10,10,14,156,176481,904,995,9,177632",52,100.1,635,121.0,14650.9,4.4,"64,60,52,635,52,443,52,84,52,53,52,213,66,52,52,68,52,84,53,176,55,68,84,53,111,56,68,52,52,84,53,52","15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0","4.515677452,5.346035480,5.038780212,7.678948879,5.233812809,7.426693916,5.115703106,5.903985023,5.115703106,5.307834625,5.115703106,7.013820648,5.585841656,5.077241421,5.077241421,5.642391205,5.038780212,5.798073769,5.116480827,6.750286102,5.119424820,5.423324585,5.821883202,5.116480827,6.247833252,5.085811138,5.423323631,5.142372608,5.156889439,5.894998550,5.270098209,5.038779736",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,139.162.255.210,tcp,56672,30303,finished,18,14,1578508365701530,1578508365787932,1578508365828317,0,0,386,356,626,420,0,8,6877.1,42383,15108.4,228262896.0,2.6,"41413,41460,1312,42383,1046,42119,204,192,363,356,369,368,205,23,58,13,64,62,24,80,8,25,33,39148,1363,11,132,116,14,104,121",46,84.0,438,90.7,8221.2,4.5,"64,60,52,438,52,408,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46","14,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1","4.472632408,5.366787434,5.077241898,7.477252960,5.094483376,7.506056309,5.032077789,5.945768356,5.032077789,5.682903290,5.032077789,5.594669342,5.032077789,5.686549187,5.109905720,6.751657963,5.222177982,5.381002426,5.835707664,5.072169304,5.148315907,5.414526463,5.517535210,5.070539474,5.209868431,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,52.9.128.68,tcp,56661,30303,finished,20,12,1578508365279592,1578508365851788,1578508365851734,0,0,472,428,760,764,0,9,36914.1,194120,74421.4,5538540544.0,2.7,"179215,179258,1530,193512,372,17,192344,9,225,230,714,12,52,18,61,2845,2062,406,9,21,19,104,193755,151,777,194120,128,66,1119,26,1161",52,100.2,524,109.0,11872.9,4.5,"64,60,52,524,52,480,84,52,52,184,52,84,53,176,55,68,80,52,84,53,100,67,68,52,52,84,52,133,52,83,52,52","15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,1,0,1,1,0","4.453177452,5.348397732,4.961856365,7.599962234,4.933627129,7.510960579,5.832557201,4.932822704,4.932822704,6.835141659,4.894361019,5.783250809,5.064501762,6.716285229,5.069335938,5.335089684,5.759187222,4.947339535,5.789087296,5.078744888,6.152247906,5.259534836,5.434425354,4.972088337,5.025067329,5.878987312,5.038779736,6.474194050,4.961856842,5.903718472,5.154969215,4.961856842",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,94.68.55.162,tcp,56674,30303,finished,20,12,1578508365741903,1578508365961141,1578508365961206,0,0,547,504,835,840,0,7,14146.5,75129,28349.9,803714368.0,2.7,"71269,71376,1312,75129,983,32,74778,28,135,90,486,477,192,27,65,15,66,252,9,12,16,87,69614,777,19,69699,729,15,730,7,115",52,105.0,599,126.8,16079.3,4.4,"64,60,52,599,52,556,84,52,52,195,52,69,52,84,53,176,55,68,84,53,100,67,68,52,52,84,52,134,82,52,52,52","15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,2,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1","4.428027153,5.333454132,5.014835358,7.631373405,5.195351601,7.586966038,5.775951385,5.038780212,5.000318050,6.896724224,5.000318527,5.543021202,5.038780212,5.697000027,5.116480827,6.792954922,5.069334984,5.517535210,5.883326530,5.154216766,6.099795818,5.552560806,5.458711624,5.156889439,5.195351124,5.775951862,5.038780212,6.440905094,5.855588436,5.038779736,5.038779736,5.118428230",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,138.75.171.190,tcp,56657,30303,finished,17,15,1578508365226088,1578508365751522,1578508366012044,0,0,539,459,779,523,0,8,42302.9,263115,95827.5,9182917632.0,2.4,"259670,259779,1313,261414,3049,263115,462,422,253,247,161,10,63,22,41,100,13,84,18,22,24,260103,45,20,93,122,13,668,28,8,8",46,91.4,591,121.5,14755.2,4.3,"64,60,52,591,52,511,52,84,52,84,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46,46,46","13,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1","4.484427452,5.266787052,5.014835358,7.622575283,5.176993370,7.537411690,4.937911987,5.836015701,4.937911987,5.821192741,4.937912464,5.839856625,5.055252075,6.730566502,5.133149624,5.533761024,5.816047192,4.979780197,5.094675064,5.473884583,5.364500046,5.014835358,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" +1,ip4,192.168.1.184,78.47.147.155,tcp,56673,30303,finished,23,9,1578508365712625,1578508366123630,1578508366123331,0,0,567,347,951,859,0,12,26506.8,285939,65286.3,4262303488.0,2.6,"40373,40438,1542,40906,246535,285939,40615,40605,699,30,144,12,23,360,16,18,29,110,39411,235,883,650,39691,157,36,21,17,63,1098,839,216",52,109.6,619,120.4,14503.6,4.5,"64,60,52,619,52,292,64,399,52,84,53,176,55,68,84,53,100,67,68,52,52,52,116,52,84,53,55,64,68,260,52,84","16,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,1,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,0","4.453177452,5.346035480,5.077241421,7.661995411,5.233812809,7.235357285,5.194910049,7.441572666,5.062724113,5.854679585,5.191952705,6.817754745,5.228514671,5.610895157,5.854679585,5.229689121,6.152247906,5.547358990,5.581482887,5.272274494,5.272274494,5.272274494,6.375947475,5.115703106,5.887475491,5.154217243,5.264878273,5.481855392,5.592584610,7.149727345,5.077241421,5.878489017",ETHEREUM,354,0,Acceptable,Crypto_Currency,6,DPI,"" diff --git a/test/results/flow-analyse/default/geforcenow.pcapng.out b/test/results/flow-analyse/default/geforcenow.pcapng.out index f03b48652..511428ad5 100644 --- a/test/results/flow-analyse/default/geforcenow.pcapng.out +++ b/test/results/flow-analyse/default/geforcenow.pcapng.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.1.245,80.84.167.206,tcp,57490,49100,info,15,17,1684671871380890,1684671871611894,1684671871611894,0,0,669,2896,1367,31825,0,0,14903.5,47333,17676.6,312463360.0,3.9,"41203,41243,226,42731,42519,54,16,5947,47333,41968,42407,0,41955,155,4158,2454,15862,0,0,41,9328,25186,0,25245,4217,4258,11750,11667,45,20,20",52,1089.8,2948,1283.5,1647314.5,4.0,"60,60,52,569,2948,52,575,52,145,326,721,324,235,52,217,96,96,2948,2948,2948,1500,52,2948,2948,52,2948,52,2948,52,2948,52,2948","10,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,2,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,10","0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,1,1,1,0,1,1,0,1,0,1,0,1,0,1","4.825882912,5.279368877,5.207947731,4.797474861,7.333730698,5.169486046,7.591311932,5.169486046,6.138707161,7.168643475,7.677440643,7.274022579,6.973204136,5.207947731,6.943279743,5.763498783,5.664438248,7.941471577,7.933756351,7.935662746,7.862148762,5.207947731,7.936669827,7.942846298,5.207947731,7.941987514,5.169486046,7.928585052,5.270353794,7.943464279,5.217375278,7.941396713",,,,,,,,"" -1,ip4,192.168.1.245,80.84.167.206,udp,52441,18452,finished,16,16,1684671871710618,1684671872714424,1684671872714517,45,0,540,661,2076,2033,0,0,64764.7,689508,136017.0,18500616192.0,3.2,"66053,63330,171747,44041,99894,183824,360133,689508,48469,47134,1,0,0,0,4464,1537,52687,37,46039,42295,446,303,157,40,93,42070,315,149,228,42450,261",53,156.4,689,133.9,17933.5,4.7,"124,124,124,92,185,185,185,185,689,568,119,358,164,107,53,95,101,101,141,137,105,109,73,113,113,113,73,85,89,105,85,105","0,2,5,4,4,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,3,8,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,0,0,0,0,1,0,1,1,1,1,1,1,1,0,0,1,0,1,0,0,0,0,1,1,1,1,0,1","5.798890114,5.760544300,5.760543823,5.699924469,4.958880424,4.982108116,4.979167461,4.994058609,6.462553024,6.717261314,4.840689182,6.641223907,6.248939514,4.353680611,3.764864683,5.258242130,6.006977558,5.841088772,6.408538342,6.349637032,5.904027939,6.047730923,5.421965599,6.049623013,6.169179440,6.109401703,5.448651314,5.635576248,5.804111004,6.095016956,5.717526436,6.095016956",STUN,78,0,Acceptable,Network,6,DPI,"5" +1,ip4,192.168.1.245,80.84.167.206,udp,52441,18452,finished,16,16,1684671871710618,1684671872714424,1684671872714517,45,0,540,661,2076,2033,0,0,64764.7,689508,136017.0,18500616192.0,3.2,"66053,63330,171747,44041,99894,183824,360133,689508,48469,47134,1,0,0,0,4464,1537,52687,37,46039,42295,446,303,157,40,93,42070,315,149,228,42450,261",53,156.4,689,133.9,17933.5,4.7,"124,124,124,92,185,185,185,185,689,568,119,358,164,107,53,95,101,101,141,137,105,109,73,113,113,113,73,85,89,105,85,105","0,2,5,4,4,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,3,8,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,0,0,0,0,1,0,1,1,1,1,1,1,1,0,0,1,0,1,0,0,0,0,1,1,1,1,0,1","5.798890114,5.760544300,5.760543823,5.699924469,4.958880424,4.982108116,4.979167461,4.994058609,6.462553024,6.717261314,4.840689182,6.641223907,6.248939514,4.353680611,3.764864683,5.258242130,6.006977558,5.841088772,6.408538342,6.349637032,5.904027939,6.047730923,5.421965599,6.049623013,6.169179440,6.109401703,5.448651314,5.635576248,5.804111004,6.095016956,5.717526436,6.095016956",DTLS.GeForceNow,30.341,1,Fun,Game,6,DPI,"5,6,15,24,32" diff --git a/test/results/flow-analyse/default/haproxy.pcap.out b/test/results/flow-analyse/default/haproxy.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/haproxy.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/default/http2.pcapng.out b/test/results/flow-analyse/default/http2.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/http2.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/default/malware.pcap.out b/test/results/flow-analyse/default/malware.pcap.out index bab73746f..fd9459192 100644 --- a/test/results/flow-analyse/default/malware.pcap.out +++ b/test/results/flow-analyse/default/malware.pcap.out @@ -1 +1,2 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.0.20,193.109.85.123,tcp,41240,443,finished,12,20,1698873191201916,1698873191527805,1698873191527955,0,0,652,1452,1216,15979,0,0,21029.9,110516,35172.1,1237078016.0,3.2,"66319,66394,7784,74731,3179,70080,59,0,52,87,88,2895,69320,66866,105647,5079,239,110516,108,104,86,291,185,72,128,388,325,210,535,106,55",40,579.6,1492,653.5,427088.1,4.0,"52,52,40,692,46,1492,40,46,121,52,1492,40,133,314,511,46,1492,1492,40,46,1367,1492,40,1492,46,1269,40,1492,1492,40,46,1492","9,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,9,0,0","0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1,1,1,0,1,1,1,0,1,1,0,1,1","4.739399433,4.931210041,4.784183979,7.178894043,4.434307575,7.386115074,4.884183884,4.434307098,6.317144871,4.988526344,7.610246658,4.884183884,5.998999596,7.235376835,7.554747581,4.434307098,7.863018513,7.867267132,4.834183693,4.434307575,7.860304356,7.871340752,4.884183884,7.867784977,4.434307098,7.823972225,4.884183884,7.868661404,7.861267567,4.834183693,4.477785587,7.882142067",TLS,91,1,Safe,Web,6,DPI,"" diff --git a/test/results/flow-analyse/default/mgcp.pcap.out b/test/results/flow-analyse/default/mgcp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/mgcp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/default/monero.pcap.out b/test/results/flow-analyse/default/monero.pcap.out index 0c30263f1..d0a2884cf 100644 --- a/test/results/flow-analyse/default/monero.pcap.out +++ b/test/results/flow-analyse/default/monero.pcap.out @@ -1,3 +1,3 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,192.168.2.148,94.23.199.191,tcp,46838,3333,finished,17,15,1514196188350524,1514196304559034,1514196304640605,0,0,1448,310,8887,914,0,13,7499954.5,71693099,18613570.0,346464978993152.0,2.4,"80304,80325,101,83178,13,83088,126,80997,13,80884,278,117985,882322,1042483,71569648,189,71693099,19,725,81617,32242169,176,32323370,1466,82454,7432953,7432942,3511834,196,3592651,986",52,358.8,1500,549.1,301531.9,3.7,"60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77","8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0","10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1","4.738464355,5.302482605,5.065449715,5.825911522,5.284871101,5.736679077,5.286791801,6.057295799,5.694644451,5.918534279,5.132945061,5.778033257,5.323332787,4.963134289,5.171406746,4.527909756,4.270138264,5.323332787,5.262846947,5.685556889,5.209868431,4.535019398,4.275704384,5.378232002,5.701727867,5.248330116,4.888409138,5.209868431,4.529169559,4.269546032,5.378231525,5.685557365",Mining,42,0,Unsafe,Mining,6,DPI,"5,22" -1,ip4,192.168.2.148,116.211.167.195,tcp,53846,3333,finished,17,15,1514196196437568,1514196705571136,1514196705879789,0,0,1444,310,3127,2699,0,11,32857284.0,170525395,51784400.0,2681624034541568.0,3.4,"308120,308161,177,308150,13,308019,704,308743,11,308008,83,346736,653907,1043085,114411206,114368750,308565,308538,36863210,36863172,20419867,20419875,170525387,170525395,113243496,113243486,35871285,35871309,15564630,176,15873525",40,223.6,1484,347.6,120860.4,3.9,"60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46","12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0","4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1","4.792549610,4.894361019,4.784183979,5.672497272,4.457919598,5.436998844,4.834184170,5.898036003,5.357152462,5.674209595,4.784183979,5.535918236,4.457919598,4.810117245,4.834183693,4.788737297,4.784183979,4.732345104,4.834184170,4.767374516,4.831687450,4.791436195,4.931686878,4.784672737,4.931686878,4.672215462,4.881687164,4.744033337,4.812814713,4.485110283,4.206100941,4.457919598",Mining,42,0,Unsafe,Mining,6,DPI,"5,22" +1,ip4,192.168.2.148,94.23.199.191,tcp,46838,3333,finished,17,15,1514196188350524,1514196304559034,1514196304640605,0,0,1448,310,8887,914,0,13,7499954.5,71693099,18613570.0,346464978993152.0,2.4,"80304,80325,101,83178,13,83088,126,80997,13,80884,278,117985,882322,1042483,71569648,189,71693099,19,725,81617,32242169,176,32323370,1466,82454,7432953,7432942,3511834,196,3592651,986",52,358.8,1500,549.1,301531.9,3.7,"60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77","8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0","10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1","4.738464355,5.302482605,5.065449715,5.825911522,5.284871101,5.736679077,5.286791801,6.057295799,5.694644451,5.918534279,5.132945061,5.778033257,5.323332787,4.963134289,5.171406746,4.527909756,4.270138264,5.323332787,5.262846947,5.685556889,5.209868431,4.535019398,4.275704384,5.378232002,5.701727867,5.248330116,4.888409138,5.209868431,4.529169559,4.269546032,5.378231525,5.685557365",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.2.148,116.211.167.195,tcp,53846,3333,finished,17,15,1514196196437568,1514196705571136,1514196705879789,0,0,1444,310,3127,2699,0,11,32857284.0,170525395,51784400.0,2681624034541568.0,3.4,"308120,308161,177,308150,13,308019,704,308743,11,308008,83,346736,653907,1043085,114411206,114368750,308565,308538,36863210,36863172,20419867,20419875,170525387,170525395,113243496,113243486,35871285,35871309,15564630,176,15873525",40,223.6,1484,347.6,120860.4,3.9,"60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46","12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0","4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1","4.792549610,4.894361019,4.784183979,5.672497272,4.457919598,5.436998844,4.834184170,5.898036003,5.357152462,5.674209595,4.784183979,5.535918236,4.457919598,4.810117245,4.834183693,4.788737297,4.784183979,4.732345104,4.834184170,4.767374516,4.831687450,4.791436195,4.931686878,4.784672737,4.931686878,4.672215462,4.881687164,4.744033337,4.812814713,4.485110283,4.206100941,4.457919598",Mining,42,0,Unsafe,Mining,6,DPI,"22" diff --git a/test/results/flow-analyse/default/opera-vpn.pcapng.out b/test/results/flow-analyse/default/opera-vpn.pcapng.out new file mode 100644 index 000000000..6a7c3ecee --- /dev/null +++ b/test/results/flow-analyse/default/opera-vpn.pcapng.out @@ -0,0 +1,61 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.29,77.111.247.69,tcp,51398,443,finished,15,17,1694275752994885,1694275753121216,1694275753121178,0,0,1435,1440,2555,9721,0,0,8149.2,34618,12737.5,162242736.0,3.3,"28191,28256,283,30285,1416,31381,64,120,948,119,28177,1,7508,34618,94,21,126,0,26424,2466,28884,208,153,177,2,183,1142,1139,116,1,121",52,436.2,1492,558.2,311541.9,3.9,"64,60,52,569,52,1492,52,1129,52,116,1487,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1492,704,52,1492,52,1492,88,52","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0","4.178360939,5.246035099,4.774691582,4.415835857,5.101991177,7.845096111,4.813152790,7.816174030,4.813152790,5.959872246,7.864091396,5.063529491,5.101990700,5.947135925,4.774691582,5.903012753,5.583068848,4.736229897,7.593397617,5.063529015,7.799862385,4.813152790,7.782990932,4.813152790,7.842496395,7.670236111,4.813152790,7.890326023,4.813152790,7.859270096,5.992159843,4.813152790",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51408,443,finished,16,16,1694275753009698,1694275753134178,1694275753134052,0,0,1415,1440,2535,8771,0,0,8026.9,34034,12706.7,161459696.0,3.3,"34007,34034,120,26845,346,27090,181,236,237,0,25956,954,6635,33230,67,118,1011,961,118,26387,361,26641,249,1,247,838,838,491,25,487,123",52,405.9,1492,517.2,267501.9,3.9,"64,60,52,569,52,1492,52,1127,52,116,1467,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,1308,52,1098,764,52,52","12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,0","4.178360939,5.100120068,4.630272388,4.446496964,5.025067329,7.849304199,4.721712589,7.817786694,4.683250904,5.830391407,7.874171257,4.868495941,4.986605644,5.938840389,4.683250904,5.952818394,4.683250904,5.583068848,4.683250904,7.597726345,4.986605644,7.836946011,4.721712589,7.867290497,7.710337639,4.683250904,7.851277351,4.721712589,7.801111221,7.717481613,4.683250904,4.721712589",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51412,443,finished,15,17,1694275753010307,1694275753138329,1694275753138409,0,0,1431,1440,2551,8409,0,0,8262.1,37189,13372.1,178813616.0,3.3,"37131,37189,120,28770,545,29160,956,1038,124,0,26740,1657,3275,31465,58,61,121,120,26978,870,27738,217,211,38,75,126,42,122,581,488,108",52,395.1,1492,500.8,250764.7,4.0,"64,60,52,569,52,1492,52,1128,52,116,1483,52,52,91,52,93,76,52,591,52,1098,52,1492,52,704,1098,52,262,52,1098,52,401","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1","4.120111465,5.252541542,4.661227226,4.441981792,4.948143959,7.847444057,4.683250904,7.789011955,4.644789219,5.829818249,7.858657837,4.895165443,4.986605644,5.925158024,4.774691105,5.883030891,5.556753159,4.774691105,7.602227688,4.972088814,7.810331345,4.697768211,7.874945164,4.774691105,7.745232582,7.827443600,4.697768211,7.147191525,4.774691105,7.818018913,4.736229420,7.413194656",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51415,443,finished,16,16,1694275753010697,1694275753141835,1694275753141802,0,0,1431,1440,2551,7566,0,0,8459.5,37402,13521.3,182824576.0,3.3,"37366,37402,117,28146,1663,29721,111,122,119,118,27804,404,4631,32553,112,121,47,128,0,26100,3386,29397,42,119,612,539,200,202,480,1,480",52,368.8,1492,501.9,251883.6,3.9,"64,60,52,569,52,1492,52,1129,52,116,1483,52,52,91,52,93,52,76,52,591,52,1098,52,258,52,1098,52,1098,52,1492,213,52","12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0","4.178360939,5.179368496,4.697768211,4.427728176,5.063529015,7.851000309,4.813152790,7.845917702,4.813152790,5.983621120,7.867543221,5.101990700,5.063529491,5.947135925,4.813152790,6.003946304,4.813152790,5.601069927,4.813152790,7.593391895,5.101990700,7.833882809,4.813152790,7.234455585,4.813152790,7.825290203,4.813152790,7.825061321,4.813152790,7.862779140,6.971473694,4.813152790",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51399,443,finished,16,16,1694275753007782,1694275753142905,1694275753142461,0,0,1415,1440,2621,9162,0,0,8703.3,45949,13302.1,176947024.0,3.4,"28085,28201,384,27317,1599,28469,1125,1106,357,0,25792,1376,19099,44,45949,800,799,122,26622,2279,28787,165,155,47,119,188,122,139,2,151,402",52,420.8,1492,536.5,287782.9,3.9,"64,60,52,569,52,1492,52,1127,52,116,1467,52,52,91,93,52,76,52,591,52,1098,52,1492,52,704,52,1492,52,1318,751,52,138","11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0","4.178360939,5.179368496,4.697768211,4.465671062,5.101990700,7.854944706,4.697768211,7.809875011,4.697768211,5.873664379,7.864662647,4.986606121,5.025067806,5.925158024,6.076579094,4.736229897,5.645633221,4.736229897,7.572972775,5.101990700,7.820736408,4.697768211,7.844255924,4.774691582,7.700018883,4.774691582,7.863183498,4.774691582,7.845855713,7.759230137,4.736229897,6.349943638",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51400,443,finished,15,17,1694275753008024,1694275753144458,1694275753144423,0,0,1419,1440,2539,8881,0,0,8801.1,47938,13711.5,188006496.0,3.3,"29228,29329,496,27532,1366,28331,220,238,238,0,26638,1246,20216,47938,148,128,210,130,125,27634,166,27681,1407,1417,201,1,197,181,1,4,186",52,409.5,1492,521.5,271995.4,4.0,"64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,704,52,1492,272,469,52","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,1,1,0","4.096405983,5.212701797,4.644789696,4.448392391,4.948143959,7.855043888,4.659306526,7.778649330,4.659306526,5.925388336,7.864681721,4.986606121,4.986606121,5.916862488,4.721712589,5.903012753,4.721712589,5.593001842,4.721712589,7.630004406,4.972088814,7.828086376,4.661227226,7.798528194,4.736229897,7.867074966,7.685452938,4.736229897,7.846663475,7.118988514,7.517958641,4.736229897",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51417,443,finished,16,16,1694275753010935,1694275753146122,1694275753146003,0,0,1433,1440,2553,7460,0,1,8717.9,38748,14019.5,196545520.0,3.3,"38671,38748,126,30360,462,30642,89,118,233,1,27599,252,6053,33665,105,127,447,509,1,27532,2440,29902,175,1,181,283,257,543,552,56,125",52,365.5,1492,491.4,241507.3,3.9,"64,60,52,569,52,1492,52,1128,52,116,1485,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,626,52,1098,52,134,52","12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0","4.147110939,5.212701797,4.644789219,4.419518471,5.010550022,7.853214264,4.774691105,7.858500004,4.721712589,5.816802502,7.850301266,5.025067329,4.945418835,5.753163815,4.699688435,5.800758362,4.699688435,5.445039272,4.661226749,7.578277588,5.025067329,7.822142601,4.774691105,7.862545013,7.686777592,4.774691105,7.647759438,4.697767735,7.804819107,4.774691105,6.356986523,4.774691105",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51414,443,finished,15,17,1694275753010578,1694275753151836,1694275753151965,0,0,1415,1440,2535,8275,0,0,9117.6,45816,14297.3,204412768.0,3.3,"37162,37280,0,27012,1251,28169,142,144,236,0,24468,55,1310,20125,101,45816,3,283,299,125,27321,439,27637,64,125,1224,1180,265,244,162,3",52,390.4,1492,502.9,252956.0,3.9,"64,60,52,569,52,1492,52,1127,52,116,1467,52,52,52,91,93,52,52,76,52,591,52,1098,52,478,52,1098,52,1098,52,1492,704","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","7,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1","4.127655983,5.133453369,4.644789219,4.442614079,5.010550022,7.867527962,4.721712589,7.795043945,4.721712589,5.873665333,7.874347687,5.025067329,5.063529015,4.972088814,5.857666969,5.888303280,4.736229897,4.736229897,5.530437469,4.774691582,7.632213593,5.063529015,7.815135002,4.813152790,7.516163349,4.774691582,7.824700832,4.774691582,7.838304520,4.813152790,7.871241570,7.673780441",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51401,443,finished,16,16,1694275753008266,1694275753154865,1694275753154833,0,0,1425,1440,2545,8486,0,0,9457.0,57833,15109.6,228298688.0,3.3,"30059,30139,121,26458,1560,27891,273,238,151,119,26523,1202,30388,57833,85,122,81,120,0,27714,879,28536,122,121,521,511,442,436,259,1,261",52,397.3,1492,525.3,275956.2,3.9,"64,60,52,569,52,1492,52,1128,52,116,1477,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,52,704,52,1492,294,52","12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0","4.178360939,5.279368877,4.774691582,4.459428787,5.101990700,7.858173370,4.813153267,7.814331532,4.813153267,5.795908928,7.870773792,5.101990700,5.101990700,5.819097996,4.736229897,5.874914646,4.736229897,5.671948910,4.736229897,7.660532475,5.140452385,7.835998535,4.721712589,7.805009365,4.721712589,7.869886875,4.760174274,7.682819366,4.721712589,7.854982853,7.199785709,4.721712589",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51406,443,finished,15,17,1694275753009419,1694275753158311,1694275753158853,0,0,1423,1440,2629,5409,0,1,9623.4,32850,13236.8,175211552.0,3.5,"32822,32850,120,27662,376,27946,271,248,235,1,26293,93,195,4698,40,31099,4,93,128,330,26028,1860,27534,192,2,191,460,26582,1656,27746,571",52,303.8,1492,468.3,219308.0,3.8,"64,60,52,569,52,1492,52,1128,52,116,1475,52,52,52,91,93,52,52,76,52,591,52,1098,52,1492,58,52,138,52,253,52,148","10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","9,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,0,1,1,0,1","4.127655983,5.133453369,4.683250904,4.385419369,4.830034256,7.850477219,4.608248234,7.807518482,4.608248234,5.853418827,7.877923965,4.834680080,4.796218395,4.906957626,5.894884586,5.904536724,4.721712589,4.721712589,5.593001842,4.668734074,7.673239231,4.986606121,7.827546597,4.721712589,7.875779629,5.149026394,4.721712589,6.340921402,4.948144436,7.214760303,4.721712589,6.508280754",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51413,443,finished,15,17,1694275753010458,1694275753160166,1694275753160196,0,0,1417,1440,2537,8486,0,0,9659.5,47892,14864.2,220945344.0,3.4,"37443,37520,0,31039,230,31281,756,693,168,119,26825,1309,20041,47892,47,125,1434,1377,127,27044,1932,28829,219,1,220,947,1,949,415,408,55",52,397.1,1492,521.5,271947.3,3.9,"64,60,52,569,52,1492,52,1128,52,116,1469,52,52,91,52,93,52,76,52,591,52,1098,52,1492,84,52,1492,488,52,1098,52,478","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,3,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1","4.166565895,5.266787052,4.683250904,4.450848103,5.049012184,7.868894100,4.760174274,7.809042931,4.760174274,6.025981426,7.854910374,5.010550499,5.049012184,5.960818291,4.721712589,5.823785782,4.721712589,5.583068848,4.721712589,7.577066422,5.010550499,7.844899654,4.721712589,7.868763924,5.716469765,4.683250904,7.879194260,7.500804424,4.668734074,7.816272259,4.668734074,7.492917061",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51423,443,finished,16,16,1694275753011411,1694275753160289,1694275753159777,0,0,1415,1440,2637,7805,0,1,9588.5,42500,14819.9,219628112.0,3.4,"42463,42500,119,29463,602,29958,1392,1439,247,122,27883,1112,12444,41014,45,92,125,125,28056,1293,29226,41,114,120,122,207,1,146,3152,3211,410",52,378.9,1492,495.6,245645.3,3.9,"64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,52,93,76,52,591,52,1098,52,498,52,1098,52,1492,280,52,1031,52,154","11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,1,0,0","4.209610939,5.246035099,4.721712589,4.433995724,4.986605644,7.852614403,4.774691582,7.817167759,4.813152790,5.929040432,7.881704807,5.063529015,5.101990700,5.894884586,4.813152790,5.896419048,5.617452621,4.813152790,7.620222092,5.063529015,7.845986366,4.683250904,7.566019058,4.774691582,7.827028751,4.644789696,7.851744652,7.184281826,4.774691582,7.812285900,4.813152790,6.413293362",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51404,443,finished,16,16,1694275753008879,1694275753162369,1694275753162335,0,0,1419,1440,2625,5446,0,61,9901.5,35392,13373.8,178858320.0,3.6,"31870,31918,121,27308,360,27608,216,135,344,119,27071,91,8695,35392,71,129,454,392,117,26214,2368,73,28538,61,120,366,26467,1676,27723,461,468",52,304.8,1492,439.8,193461.1,3.9,"64,60,52,569,52,1492,52,1127,52,116,1471,52,52,91,52,93,52,76,52,591,52,1098,1098,52,475,52,138,52,256,52,160,52","11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","7,2,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,0,0,1,1,0,1,0","4.178360939,5.179368496,4.697768211,4.427928448,4.986605644,7.845541954,4.774691105,7.849080086,4.774691105,6.028837204,7.873513699,4.950065136,5.063529015,5.925158024,4.774691582,5.873390675,4.736229897,5.523987770,4.697768211,7.661135674,4.948144436,7.806570530,7.811303139,4.813152790,7.582667351,4.813152790,6.279094696,5.063529015,7.051534653,4.774691105,6.624751091,4.684499741",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51422,443,finished,15,17,1694275753011292,1694275753166316,1694275753166678,0,0,1421,1440,2541,9163,0,2,10013.2,48988,15986.5,255567600.0,3.3,"44061,44102,239,30018,264,30040,207,250,123,121,30414,88,18728,75,48988,80,122,121,27969,1800,29639,117,121,365,353,460,455,344,2,350,394",52,418.4,1492,525.0,275583.3,4.0,"64,60,52,569,52,1492,52,1128,52,116,1473,52,52,91,93,52,76,52,591,52,1098,52,1098,52,1492,52,704,52,1492,272,52,751","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1","4.178360939,5.246035099,4.697768211,4.444307327,4.986605644,7.858404160,4.683250904,7.859000683,4.683251381,5.785824299,7.825480938,5.010550499,4.972088814,5.791733265,5.917924881,4.668733597,5.504121304,4.668733597,7.698892593,4.972088337,7.790446758,4.774691105,7.834311962,4.736229420,7.876884937,4.736229420,7.700201511,4.774691105,7.851491928,7.204756260,4.774691105,7.708614826",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51420,443,finished,16,16,1694275753011171,1694275753167066,1694275753166584,0,0,1429,1440,2635,8408,0,2,10042.2,50801,15725.4,247287696.0,3.3,"41016,41057,121,31033,504,31399,60,120,121,121,29284,90,21659,50801,97,54,122,123,27483,995,28323,1260,2,1294,176,145,1654,1649,46,119,380",52,397.7,1492,512.5,262691.9,3.9,"64,60,52,569,52,1492,52,1127,52,116,1481,52,52,91,52,93,76,52,591,52,1098,52,1492,704,52,1308,52,1098,52,401,52,138","11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,0","4.178360939,5.246035099,4.697768211,4.439740181,5.025067806,7.849346638,4.813152790,7.832521439,4.813152790,6.046078682,7.858734608,5.063529015,4.972088814,5.947135448,4.774691105,5.959411621,5.609384537,4.774691582,7.659573078,5.063529015,7.800069332,4.813152790,7.867509365,7.726592064,4.813152790,7.833529949,4.813152790,7.841988087,4.774691105,7.470952988,4.774691105,6.384398460",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51403,443,finished,16,16,1694275753008755,1694275753168577,1694275753168228,0,0,1425,1440,2693,6724,0,45,10299.8,54249,15529.8,241174704.0,3.4,"30732,30788,121,27186,1010,28059,320,308,250,119,26416,1146,47,27001,54249,45,82,125,126,27432,16741,44044,620,622,141,245,218,124,336,322,320",52,346.9,1492,471.5,222289.8,3.9,"64,60,52,569,52,1492,52,1127,52,116,1477,52,52,52,91,52,93,76,52,591,52,1098,52,1098,52,922,52,1098,52,149,52,200","11,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","7,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,0","4.209610939,5.212701797,4.697768211,4.393926620,4.911602974,7.839852333,4.774691105,7.844349861,4.774691105,5.884398460,7.869220257,5.025067329,4.972088814,4.950064659,5.741038799,4.736229420,5.917925358,5.466558933,4.774691105,7.588748932,4.986605644,7.821203709,4.721712589,7.844308853,4.721712589,7.750556469,4.683250904,7.837769032,4.774691582,6.556000710,4.774691105,6.785351276",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51411,443,finished,16,16,1694275753010306,1694275753140859,1694275753169011,0,0,1431,1440,2647,8540,0,0,9330.9,35953,13596.4,184862544.0,3.5,"35471,35507,119,26076,1579,27544,91,119,131,118,25702,1279,9274,35953,78,119,62,122,0,26721,2955,29610,279,257,260,7,269,85,120,565,28786",52,402.2,1492,504.9,254904.0,4.0,"64,60,52,569,52,1492,52,1128,52,116,1483,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,704,52,790,52,148,1050","11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1","4.209610939,5.279368877,4.736229897,4.435394764,5.025067806,7.849986076,4.774691582,7.816172600,4.774691582,5.942630291,7.852092266,5.101990700,5.101990700,5.837246418,4.774691582,5.982440948,4.774691582,5.576618671,4.736229897,7.621116638,5.010550499,7.824245453,4.774691582,7.795956612,4.774691582,7.864316463,7.690004826,4.774691582,7.748708725,4.736229897,6.344797611,7.815868378",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51416,443,finished,14,18,1694275753010817,1694275753177076,1694275753177040,0,0,1425,1440,2705,8575,0,1,10725.2,40210,14136.1,199829872.0,3.7,"40155,40210,118,29546,1484,32,30956,130,118,29821,29534,73,5139,1,43,5341,249,21300,7591,1187,29771,1326,1,1305,322,1,339,513,26647,1554,27675",52,405.9,1492,519.4,269778.8,4.0,"64,60,52,569,52,1492,1128,52,116,1477,64,116,52,91,93,76,52,591,64,52,1098,52,1492,704,52,1492,437,52,148,52,1044,52","8,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,0,0,1,0,1,1,1,1,0,0,1,1,1,0,1,1,0,1,1,0,0,1,1,0","4.178360939,5.246035576,4.736229897,4.451525211,5.025067806,7.851028919,7.841320515,4.683251381,5.845689774,7.851963997,5.095714092,5.862931252,5.063529491,5.828950882,5.853408813,5.564821243,4.774691582,7.624622345,5.013759136,5.025067806,7.806596279,4.736229897,7.888963223,7.655417442,4.736229897,7.887620449,7.459178448,4.736229897,6.419945717,4.948144436,7.802871704,4.697768211",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51419,443,finished,15,17,1694275753011053,1694275753181968,1694275753181931,0,0,1423,1440,2629,6694,0,0,11025.6,42176,14970.6,224118160.0,3.6,"40200,40333,0,29265,250,29416,955,942,236,0,27565,267,14559,42176,48,64,120,122,27961,1022,28875,175,1,143,1506,56,1572,296,25767,1217,26684",52,344.0,1492,469.5,220464.4,3.9,"64,60,52,569,52,1492,52,1128,52,116,1475,52,52,91,52,93,76,52,591,52,1098,52,1304,258,52,1098,408,52,138,52,220,52","10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","7,2,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,0,0,1,1,0","4.178360939,5.212701797,4.736229897,4.457423210,5.101990700,7.859472275,4.813152790,7.821522236,4.774691105,5.908147335,7.865066528,5.101990700,5.063529015,5.960818291,4.760174274,5.969052792,5.655566216,4.760174274,7.669263363,5.025067806,7.837982178,4.736229897,7.822892189,7.107737064,4.697768211,7.815825462,7.463544846,4.774691105,6.328453064,5.063529015,6.893532276,4.760174274",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51402,443,finished,16,16,1694275753008511,1694275753183247,1694275753183183,0,0,1417,1440,2623,6562,0,0,11271.2,37291,15316.9,234607568.0,3.6,"35067,35101,121,31243,2598,33715,62,123,121,122,30764,1478,5295,37291,91,17,119,0,31795,2206,33934,52,121,454,401,354,339,394,31850,1346,32834",52,339.7,1492,452.7,204941.1,3.9,"64,60,52,569,52,1492,52,1129,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,478,52,1098,52,831,52,138,52,696,52","11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","7,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,0","4.209610939,5.179368496,4.721712589,4.376677036,4.986605644,7.859937668,4.721712589,7.809227943,4.721712589,5.884397507,7.882050514,5.025067329,5.025067329,5.969113827,4.760174274,5.896419525,5.601069927,4.760174274,7.617297173,5.063529015,7.812593937,4.721712589,7.472612858,4.760174274,7.815999031,4.760174274,7.750735760,4.760174274,6.306466579,5.063529015,7.681465626,4.760174274",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51409,443,finished,15,17,1694275753009947,1694275753190642,1694275753190604,0,0,1417,1440,2652,7050,0,0,11656.5,42830,15509.2,240534432.0,3.6,"37641,37669,122,30932,30809,365,359,234,0,1081,28219,125,13538,90,42830,82,126,127,30589,8705,39120,209,1,217,210,2,212,369,27476,1392,28501",52,355.8,1492,507.1,257111.1,3.8,"64,60,52,569,1492,52,1129,52,116,1469,52,52,52,91,93,52,76,52,591,52,1098,52,1492,104,52,1492,191,52,167,52,364,52","10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","7,3,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,1,1,0,1,1,0,0,1,1,0","4.178360939,5.212701797,4.659306526,4.447139740,7.836527824,4.736229420,7.767614841,4.736229420,5.894271851,7.877666473,5.025067329,5.025067329,5.063529015,5.769754887,5.939430714,4.736229420,5.566686153,4.697768211,7.623016357,5.025067329,7.805258274,4.697768211,7.847285748,6.048765182,4.736229420,7.855422497,6.871173859,4.736229420,6.530988693,5.063529015,7.389711380,4.697768211",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51407,443,finished,16,16,1694275753009538,1694275753193215,1694275753193132,0,0,1415,1440,2621,5447,0,0,11847.5,41728,16572.4,274645792.0,3.5,"41598,41728,0,34707,399,35026,175,154,163,121,34762,0,3302,37788,86,63,118,122,1,32235,2268,34416,220,2,211,493,31249,2458,33213,70,123",52,304.8,1492,467.2,218265.1,3.8,"64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,52,93,76,52,52,591,52,1098,52,1492,81,52,138,52,256,52,160,52","11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","8,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,0","4.147110939,5.179368019,4.607576370,4.429833412,4.935547352,7.821596622,4.644789219,7.819688320,4.697767735,5.881542683,7.877672672,4.933627129,4.933627129,5.719061375,4.659306526,5.757747173,5.619317532,4.659306526,4.659306526,7.664516449,4.842186451,7.786534309,4.697768211,7.867120743,5.724120617,4.697768211,6.207040787,4.972088814,7.139867306,4.697768211,6.557415485,4.697768211",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51425,443,finished,16,16,1694275753060213,1694275753198352,1694275753197430,0,0,1419,1440,2745,9164,0,0,8882.5,50345,14003.5,196096992.0,3.3,"27157,27206,123,29037,427,29330,231,232,241,0,27359,222,22931,1,97,50345,121,124,27189,1143,28117,156,2,162,1144,1136,71,50,124,747,131",52,424.8,1492,534.6,285801.5,4.0,"64,60,52,569,52,1492,52,1129,52,116,1471,52,52,91,93,76,52,52,591,52,1098,52,1492,704,52,1492,52,1318,751,52,138,172","10,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,1,0,1,0,1,1,0,0,0","4.209610939,5.212701797,4.697768211,4.430381775,4.972088814,7.831830978,4.774691582,7.834631920,4.736229897,6.007369518,7.874694824,4.972088814,4.972089291,5.916862488,5.917925358,5.581203938,4.630272388,4.683250904,7.641548634,5.010550499,7.824396610,4.697768211,7.855073452,7.695503235,4.736229897,7.858574867,4.722961426,7.844436646,7.722222328,4.813152790,6.238277912,6.529501915",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51421,443,finished,15,17,1694275753011291,1694275753180675,1694275753221816,0,0,1435,1440,2767,6420,0,0,12255.1,44216,15125.0,228764112.0,3.7,"40299,40343,124,30186,431,30472,64,119,121,0,28424,28256,43,24580,44,24672,139,123,118,1066,25809,17441,44216,241,1,244,69,124,452,25369,16319",52,340.5,1492,468.2,219238.8,3.9,"64,60,52,569,52,1492,52,1129,52,116,1487,64,116,52,91,93,52,76,52,591,64,52,1098,52,1492,528,52,627,52,200,52,314","9,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","8,2,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,0,1,1,1,0,1,0,0,1,1,1,0,1,1,0,1,0,0,1,1","4.209610939,5.212701797,4.774691582,4.489540100,5.063529015,7.845232010,4.774691105,7.804675102,4.736229897,5.959010601,7.859256268,5.003524780,5.924528122,5.063529015,5.834337711,5.851885319,4.697768211,5.540369987,4.697768211,7.556878090,5.064464092,5.063529491,7.803599358,4.813152790,7.886528015,7.601737499,4.813152790,7.681864262,4.774691105,6.865619183,5.140452385,7.274557590",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51426,443,finished,17,15,1694275753075692,1694275753225736,1694275753225564,0,0,1405,1440,4223,3280,0,0,9674.7,39115,12958.0,167909664.0,3.6,"27291,27445,242,27062,915,27635,268,269,243,1,25746,2753,10885,39115,124,1,128,123,26644,50,26584,1506,127,0,26847,154,147,25515,985,987,124",52,287.1,1492,439.4,193071.9,3.8,"64,60,52,569,52,1492,52,1127,52,116,1457,52,52,91,52,93,76,52,638,52,322,52,138,172,1444,52,52,329,52,166,52,105","9,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0","8,2,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,0,0,0,1,1,1,0,1,0,0","4.178360939,5.179368496,4.736229897,4.451442719,5.101990700,7.855612755,4.774691582,7.821052074,4.774691582,5.928754330,7.865749836,5.049012184,4.986606121,5.872906685,4.736229420,5.939430237,5.629250526,4.774691105,7.645300865,5.022342205,7.275319099,4.646709919,6.334646702,6.685357571,7.844326973,5.025067329,4.909682274,7.333026409,4.697768211,6.563022614,4.736229897,5.884029388",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51427,443,finished,14,18,1694275753095564,1694275753215265,1694275753244261,0,0,1407,1440,3200,6066,0,1,8658.0,32709,12376.3,153173968.0,3.5,"27405,27455,123,27343,2180,29389,115,120,240,126,26858,95,500,5575,91,32709,16,126,1,26132,265,26337,1265,2,41,1309,1639,127,27052,2,3760",52,342.2,1492,472.2,222950.1,3.9,"64,60,52,569,52,1492,52,1127,52,116,1459,52,52,52,91,93,52,76,52,591,52,1098,52,1492,84,759,52,154,623,52,52,274","8,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0","9,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,1,1,1,0,0,0,1,1,1","4.166565418,5.212701321,4.736229897,4.447693825,5.063529015,7.850970268,4.644789219,7.831824303,4.774691105,5.828448296,7.865114689,5.025067329,5.025067329,5.063529015,5.947135925,5.904537201,4.736229420,5.645633221,4.736229420,7.688971996,5.025067329,7.810829163,4.736229420,7.880811214,5.807558537,7.653332710,4.646038055,6.559681416,7.595835686,4.950064659,4.950064659,7.108043671",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51428,443,finished,14,18,1694275753113486,1694275753247747,1694275753248774,0,0,1413,1440,2533,8800,0,0,8695.1,46206,13620.0,185505120.0,3.3,"29189,29298,0,28419,474,28809,47,121,261,1,26368,45,20060,46206,97,42,126,127,26036,2857,28740,228,125,317,128,167,2,127,1084,47,1",52,406.8,1492,492.9,242924.9,4.0,"64,60,52,569,52,1492,52,1128,52,116,1465,52,52,91,52,93,76,52,591,52,1098,52,478,1098,52,52,1492,488,52,1098,478,366","10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,0,0,0,1,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,0,1,1,0,1,1,1","4.135315895,5.133453369,4.736229897,4.413607597,4.948144436,7.837077618,4.736229420,7.809660912,4.644789219,5.945995808,7.872262478,4.972088337,4.895165443,5.776699543,4.683250904,5.823787212,5.514054298,4.683250904,7.623888969,4.948144436,7.840501308,4.774691105,7.500792027,7.821016312,4.774691105,4.774691105,7.866648197,7.538662910,4.774691105,7.828972340,7.548777103,7.435549259",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51418,443,finished,16,16,1694275753011053,1694275753303434,1694275753329187,0,0,1419,1440,2751,5916,0,0,19694.0,107916,28481.2,811176192.0,3.5,"40372,40455,0,31025,504,31473,64,120,123,121,29003,46,28780,26348,55847,82165,54,124,222,149,126,26281,81732,107916,74,66,120,53,121,588,26443",52,324.2,1492,448.2,200860.4,3.9,"64,60,52,569,52,1492,52,1128,52,116,1471,64,52,116,64,91,52,93,52,76,52,591,52,1098,52,498,1098,52,810,52,200,52","10,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","8,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1","4.178360939,5.246035099,4.736229897,4.451611042,5.063529015,7.858956337,4.721712589,7.794020176,4.774691582,5.846198559,7.861629963,5.088054180,5.025067806,5.788827896,5.119304180,5.893327236,4.774691582,5.874913692,4.774691582,5.517536640,4.774691582,7.634633541,5.025067806,7.812478542,4.774691582,7.541460991,7.811731815,4.736229897,7.709799290,4.774691582,6.858570576,5.025067806",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51429,443,finished,16,16,1694275753219923,1694275753359055,1694275753358210,0,0,1272,1440,2678,9521,0,2,8949.0,36574,13973.5,195257968.0,3.4,"31138,31254,257,30953,1386,32001,76,122,2814,124,33216,1227,5063,38,3,36574,123,31144,2873,33906,253,2,224,204,200,196,193,515,523,580,237",52,433.8,1492,539.4,290977.1,4.0,"64,60,52,569,52,1492,52,1113,52,116,1324,52,52,91,93,76,52,591,52,1098,52,1492,704,52,1492,52,1492,52,950,52,138,252","10,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0","6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,0,0","4.147110939,5.246035099,4.736229897,4.159043312,5.025067329,7.830972195,4.774691105,7.815896988,4.774691105,5.994354248,7.858992100,5.063529015,5.025067329,5.872906685,5.982440948,5.514054298,4.697767735,7.582472324,4.986605644,7.813449383,4.697767735,7.878967285,7.719236851,4.644789219,7.881211758,4.530653477,7.866177559,4.569114685,7.756382465,4.569115162,6.282574654,6.984082222",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"15" +1,ip4,192.168.1.29,77.111.247.69,tcp,51430,443,finished,15,17,1694275753284172,1694275753403236,1694275753403327,0,0,1413,1440,2533,8778,0,1,7684.5,30516,12314.1,151637984.0,3.3,"28116,28209,121,28420,1445,29693,83,119,119,121,26978,42,1,3719,23,47,30516,125,126,27397,1558,28748,106,127,112,124,266,202,721,714,121",52,406.1,1492,507.8,257847.6,4.0,"64,60,52,569,52,1492,52,1128,52,116,1465,52,52,52,91,93,76,52,52,591,52,1098,52,1098,52,1098,52,1308,52,1098,52,770","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1","4.148671150,5.252541542,4.699688911,4.452308655,4.900255203,7.863777637,4.658501625,7.817848682,4.658502102,5.889846802,7.854816914,5.022342205,5.060803890,4.983880520,5.919770718,5.835650444,5.512189865,4.738150120,4.738150120,7.652456760,4.985801220,7.818130970,4.738150120,7.801731110,4.738150120,7.818451881,4.738150120,7.852583885,4.738150120,7.834556580,4.738150120,7.715612888",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51424,443,finished,15,17,1694275753047174,1694275753460341,1694275753460301,0,0,1419,1440,2577,10202,0,1,26654.6,180430,53880.0,2903055104.0,2.9,"27817,27853,120,27505,485,27870,364,362,389,121,26699,1946,152292,180430,83,1,121,136,27341,146601,173862,1373,2,1303,114,121,157,5,141,342,338",52,452.0,1492,548.4,300791.0,4.0,"64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,52,93,76,52,629,52,1098,52,1492,704,52,1098,52,1492,704,52,1358,52","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,1,0,0,0,0,3,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0","4.209610939,5.246035099,4.774691582,4.406749725,5.063529015,7.869228363,4.774691105,7.824818134,4.813152790,5.949138165,7.883416653,5.025067329,5.101990700,5.776699543,4.774691105,5.990557671,5.627385616,4.774691105,7.667889118,5.063529015,7.841457844,4.813152790,7.862190723,7.708991528,4.813152790,7.806630135,4.774691105,7.855051994,7.713768005,4.813152790,7.857409000,4.684499741",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51410,443,finished,16,16,1694275753010186,1694275754138286,1694275754165611,0,0,1407,1440,2642,6894,0,3,73662.1,1028278,247407.8,61210599424.0,1.8,"1000737,1028278,27681,324,28645,567,28844,691,697,1111,253,27150,1201,8852,39,35837,4,101,123,600,27345,2874,29634,1307,3,1324,123,129,802,27302,947",52,351.0,1492,482.3,232616.9,3.9,"64,64,60,52,569,52,1492,52,1129,52,116,1459,52,52,91,93,52,52,76,52,591,52,1098,52,1492,528,52,1067,52,167,52,348","11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0","7,2,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,1,0,0,1,1","4.088861465,4.209610939,5.212701797,4.774691582,4.424145699,5.101990700,7.850503922,4.813152790,7.848980427,4.736229420,5.914655209,7.855607510,5.063529015,5.010550022,5.849371433,5.990558147,4.697768211,4.697767735,5.653701305,4.699688435,7.598402977,4.947340012,7.796793461,4.813152790,7.865888596,7.585998535,4.813152790,7.790732861,4.684499741,6.595388412,5.101990700,7.308109760",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51433,443,finished,15,17,1694275754109202,1694275754222775,1694275754222809,0,0,1415,1440,2535,8486,0,53,7328.4,29008,11707.9,137075808.0,3.3,"26766,26953,120,27281,562,27629,813,839,433,121,25853,1242,2546,29008,63,61,121,118,26073,1611,53,27591,133,175,125,306,255,75,54,127,73",52,397.0,1492,481.5,231822.5,4.0,"64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,52,93,76,52,591,52,1098,478,52,52,1098,52,1098,52,882,1098,52,478","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1,0,0,1,0,1,0,1,1,0,1","4.178360939,5.212701797,4.683251381,4.451683044,5.026988029,7.857296467,4.697768211,7.828640461,4.774691582,5.911512852,7.851897717,5.065449715,5.065449715,5.871349335,4.813152790,5.937906265,5.653701305,4.813152790,7.646155357,5.026988029,7.825329781,7.531569481,4.736229897,4.736229897,7.828527451,4.736229897,7.810995102,4.736229897,7.729085922,7.824745655,4.736229897,7.451065063",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51432,443,finished,16,16,1694275754087463,1694275754234003,1694275754234527,0,0,1425,1440,2545,8833,0,50,9471.1,57872,15017.5,225526784.0,3.3,"27112,27224,970,28628,1486,29076,93,121,228,122,26977,75,31206,57872,54,125,1121,1044,121,26899,2278,29074,159,50,173,133,201,126,164,131,561",52,408.2,1492,535.4,286624.8,3.9,"64,60,52,569,52,1492,52,1127,52,116,1477,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,52,1492,52,1318,52,422","12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1","4.209610939,5.279368401,4.774691582,4.405547142,5.101990700,7.842993259,4.813152790,7.800993443,4.774691582,5.883537769,7.866736889,5.101990700,5.101990700,5.842633247,4.813152790,5.929789066,4.774691582,5.655566216,4.813152790,7.597860336,5.140452385,7.840083122,4.774691105,7.865912437,7.702890873,4.813152790,4.813152790,7.872797966,4.738150120,7.842354298,4.813152790,7.483771801",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51435,443,finished,15,17,1694275754128769,1694275754253928,1694275754254386,0,0,1417,1440,2537,8915,0,2,8089.5,39082,12490.1,156003200.0,3.4,"27390,27480,249,27182,1356,28286,92,124,218,120,25685,1244,12558,39082,57,53,128,120,26494,1303,27676,948,933,253,252,356,358,124,2,133,520",52,410.5,1492,518.8,269178.6,4.0,"64,60,52,569,52,1492,52,1129,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,478,52,1098,52,1492,52,1492,520,52,480","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1","4.209610939,5.279368401,4.774691582,4.462305069,5.063529491,7.853986740,4.774691105,7.855288506,4.774691105,5.946134090,7.851401806,5.025067329,5.063529015,5.938840866,4.813152790,5.967528820,5.698264599,4.813152790,7.638842583,5.063529015,7.796915054,4.813152790,7.480909824,4.813152790,7.834682941,4.813152790,7.873820305,4.813152790,7.873530388,7.590673923,4.813152790,7.535659313",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51436,443,finished,14,18,1694275754173951,1694275754292941,1694275754328160,0,0,1405,1440,2611,7674,0,1,8812.9,31849,12624.9,159387984.0,3.5,"28090,28154,122,27396,1531,28788,99,125,193,123,28156,1244,2735,31849,112,25,122,123,27184,1733,28734,219,1,215,186,2,1,198,244,27002,8493",52,374.0,1492,504.4,254392.6,3.9,"64,60,52,569,52,1492,52,1129,52,116,1457,52,52,91,52,93,76,52,591,52,1098,52,1492,104,52,1492,280,367,52,138,52,584","9,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0","7,3,0,0,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,1,0,0,1,1","4.209610939,5.246035099,4.697768211,4.397861958,4.933627129,7.849544525,4.736229897,7.854951859,4.697768211,5.908147812,7.836333752,4.986606121,4.895165920,5.871349335,4.736229897,5.888302803,5.497672081,4.721712589,7.584928513,5.010550499,7.818240643,4.813152790,7.867399693,6.028574944,4.813152790,7.871778011,7.226988792,7.308317184,4.813152790,6.285698891,4.986605644,7.638573647",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51440,443,finished,16,16,1694275754263304,1694275754389266,1694275754415554,0,0,1423,1440,3051,5838,0,1,8974.6,35635,12697.2,161217744.0,3.5,"27830,27885,121,27102,546,27529,840,830,274,126,26171,1039,8743,35,35635,102,131,1,26009,5343,31325,209,25,1,154,122,1581,125,123,26933,1322",52,330.4,1492,469.3,220240.5,3.9,"64,60,52,569,52,1492,52,1128,52,116,1475,52,52,91,93,52,76,52,591,52,1098,52,1492,704,132,52,52,154,172,338,52,52","9,0,1,2,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","8,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,1,1","4.209610939,5.146035194,4.697768211,4.450056553,5.025067806,7.871761799,4.774691105,7.827337265,4.774691105,5.826527119,7.855667114,4.986606121,5.063529015,5.820655346,5.916401386,4.774691105,5.655566216,4.774691105,7.614426613,4.986605644,7.813764095,4.736229897,7.864622593,7.699440479,6.489213943,4.736229420,4.774691105,6.518905640,6.645439148,7.327331066,4.986606121,5.025067806",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51438,443,finished,14,18,1694275754188438,1694275754475502,1694275754475507,0,0,1413,1440,2533,8279,0,0,18520.4,122292,34250.8,1173117056.0,3.1,"27370,27440,124,26251,1467,27581,100,125,157,123,25729,67,66,96709,2,0,122292,121,27232,81194,37,108357,4,312,254,158,1,174,324,312,50",52,390.5,1492,496.9,246958.9,4.0,"64,60,52,569,52,1492,52,1128,52,116,1465,52,52,52,91,93,76,52,591,52,1098,478,52,52,1098,52,1492,488,52,1098,52,271","10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","7,2,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0,0,1,0,1,1,0,1,0,1","4.117421150,5.152541161,4.608248711,4.401409626,4.983880997,7.842836380,4.699688911,7.824921131,4.581578732,5.856733322,7.868278027,4.823332310,4.784870625,4.900255680,5.703821182,5.805127621,5.574754238,4.736229897,7.640416622,5.025067806,7.817220211,7.464954376,4.774691582,4.774691582,7.829095840,4.774691582,7.861445904,7.528592587,4.774691582,7.822453022,4.774691582,7.145882607",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51437,443,finished,16,16,1694275754185416,1694275754496344,1694275754497122,0,0,1440,1440,2563,8121,0,0,20085.0,125695,35873.1,1286878848.0,3.2,"31799,31867,126,30965,1628,32465,1019,1033,262,1,0,31031,1096,93829,43,125695,4,89,120,120,31052,87826,46,118780,6,267,258,180,3,191,833",52,386.5,1492,502.3,252311.9,3.9,"64,60,52,569,52,1492,52,1129,52,116,1492,55,52,52,91,93,52,52,76,52,591,52,1098,498,52,52,1098,52,1492,528,52,1098","12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","6,2,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,0,1,1,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1,1,0,1","4.178360939,5.246035099,4.736229897,4.456433773,5.025067806,7.868185997,4.736229897,7.769486904,4.774691105,6.000862122,7.872904778,4.784469604,4.986606121,5.025067806,5.938840389,5.931313515,4.774691105,4.774691105,5.645633221,4.774691105,7.597790718,5.025067329,7.806124210,7.590561867,4.774691105,4.774691105,7.804361820,4.736229420,7.860854626,7.518534660,4.774691105,7.830554485",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51441,443,finished,15,17,1694275754588065,1694275754887605,1694275754887567,0,0,1413,1440,2533,8280,0,1,19323.9,124559,35992.1,1295428992.0,3.1,"26956,27056,156,27122,459,99,27426,137,584,128,26592,49,98688,124559,1229,1205,60,121,122,26221,91359,117424,203,146,254,2,1,259,207,1,217",52,390.5,1492,500.1,250056.1,4.0,"64,60,52,569,52,1492,1129,52,52,116,1465,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,704,262,52,1098,271,52","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,0,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,1,0,1,1,0","4.123520851,5.154205322,4.683250904,4.412162781,5.010550022,7.834381104,7.791237831,4.721712589,4.721712589,5.949137688,7.879240513,4.948143959,4.909682274,5.859224319,4.721712589,5.771135330,4.721712589,5.514053822,4.721712589,7.619722366,4.972088814,7.835969448,4.760174274,7.801455021,4.760174274,7.874300480,7.673749924,7.163529873,4.721712589,7.815165997,7.164249420,4.721712589",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51443,443,finished,15,17,1694275755218416,1694275755349874,1694275755349765,0,0,1417,1440,2606,9313,0,1,8477.6,41933,13035.7,169929040.0,3.4,"28733,28810,124,27432,568,27899,751,720,296,128,25888,48,1133,15243,41,41933,6,108,146,127,27209,2863,29923,284,1,245,248,248,797,2,853",52,425.1,1492,548.5,300824.4,3.9,"64,60,52,569,52,1492,52,1129,52,116,1469,52,52,52,91,93,52,52,76,52,660,52,1098,52,1492,704,52,1492,52,1492,726,52","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,1,0,1,1,0","4.209610939,5.179368496,4.774691582,4.431435585,5.063529015,7.849660397,4.774691105,7.813685417,4.736229420,5.936122894,7.856051445,5.025067329,5.025067329,5.025067329,5.982796192,5.960935116,4.813152790,4.813152790,5.708197594,4.760174274,7.601703644,5.025067329,7.811446667,4.774691105,7.878164768,7.722664356,4.813152790,7.861680031,4.813152790,7.862159729,7.756608009,4.813152790",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51444,443,finished,16,16,1694275755218537,1694275755474480,1694275755477173,0,0,1409,1440,3336,4222,0,1,16599.3,98727,25221.2,636110208.0,3.6,"29831,29896,122,27579,1327,48,28784,126,253,1,26948,50,14095,65,40762,94,124,130,27112,1236,28283,675,27392,96809,124,98727,36,1194,29729,125,2902",52,288.8,1492,419.8,176233.3,3.9,"64,60,52,569,52,1492,1128,52,52,116,1461,52,52,91,93,52,76,52,608,52,527,52,138,52,172,583,52,52,133,52,105,1098","8,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","9,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,0,0,1,0,0,1,1,1,0,0,1","4.147110939,5.179368496,4.736229897,4.460231304,5.025067329,7.857233524,7.810930252,4.736229897,4.646038055,5.957015991,7.839579105,4.911603451,4.950064659,5.831859112,5.853408813,4.774691105,5.645633221,4.774691105,7.545179844,5.063529015,7.596055508,4.774691105,6.332621574,4.972088814,6.592332363,7.682801247,5.025067806,5.063529015,6.338855743,4.736229420,5.810498714,7.810382843",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51442,443,finished,15,17,1694275755172671,1694275755613943,1694275755614159,0,0,1419,1440,2539,10775,0,0,28476.1,207447,57513.3,3307776000.0,2.9,"26902,26963,121,29900,1481,31249,81,125,248,1,25748,1209,169429,1,1,207447,0,42810,141766,173253,84,120,1278,1193,231,237,210,196,90,119,267",52,468.7,1492,574.1,329541.2,4.0,"64,60,52,569,52,1492,52,1127,52,116,1471,52,52,91,93,76,52,591,52,1098,52,498,52,1098,52,1492,52,1492,52,1492,52,1350","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,1,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1","4.209610939,5.246035576,4.736229897,4.445782185,5.101990700,7.858139992,4.813153267,7.810012341,4.774691582,5.942630291,7.861597538,5.063529015,5.101990700,5.967556477,5.777929783,5.602934837,4.813152790,7.591184616,5.140452385,7.832652569,4.774691105,7.585302353,4.813152790,7.814891338,4.774691105,7.866682053,4.813152790,7.861637592,4.813152790,7.840278625,4.813152790,7.855187416",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51449,443,finished,16,16,1694275755591179,1694275755734383,1694275755734310,0,0,1407,1440,3172,6067,0,0,9236.6,31972,12441.7,154796832.0,3.6,"26358,26403,119,26978,535,27389,852,861,254,0,25874,1241,5086,31972,77,55,125,128,26000,1592,27438,118,120,294,291,271,123,25492,1251,1328,27710",52,341.3,1492,465.2,216385.7,3.9,"64,60,52,569,52,1492,52,1128,52,116,1459,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1185,52,154,595,52,52,274,52","10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0","8,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,0,0,1,1,1,0","4.178360939,5.246035099,4.736229897,4.450769901,5.010550499,7.831455231,4.774691582,7.821967602,4.736229897,5.812989712,7.870883465,4.948144436,4.909682751,5.871349335,4.774691105,5.904536724,5.655566216,4.774691582,7.625833035,4.948144436,7.843266964,4.697768211,7.834841251,4.697768211,7.848744392,4.697768211,6.287255287,7.592099667,4.986606121,5.063529491,7.216260910,4.774691582",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51450,443,finished,16,16,1694275755597605,1694275755713599,1694275755739336,0,0,1409,1440,3510,3095,0,0,8313.7,34384,12122.2,146947904.0,3.4,"26120,26167,118,25711,1570,27175,107,127,259,0,25689,37,1216,7698,47,34384,92,136,131,25849,1397,27101,130,125,1,139,1,24899,84,1176,39",52,259.0,1492,395.4,156313.4,3.9,"64,60,52,569,52,1492,52,1128,52,116,1461,52,52,52,91,93,52,76,52,608,52,527,52,138,172,603,155,156,52,52,52,52","7,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","11,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1","4.178360939,5.133453369,4.659306526,4.424107075,4.933627605,7.842966080,4.659306526,7.815097809,4.697768211,5.880172253,7.882228851,5.025067329,4.986605644,5.063529015,5.903180122,5.794164658,4.736229897,5.497671604,4.736229897,7.663942814,5.063529015,7.601342678,4.736229897,6.248495102,6.650170803,7.628144741,6.482193947,6.486794472,4.986605644,4.909682274,4.986605644,4.948143959",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51452,443,finished,17,15,1694275755624913,1694275755770788,1694275755770628,0,0,1417,1440,3302,3177,0,43,9406.1,33781,12793.0,163659648.0,3.6,"27382,27448,122,27293,478,27639,107,126,188,128,26067,466,7577,48,33781,141,1198,1103,126,27510,414,27780,313,119,120,26168,43,846,118,26619,122",52,255.1,1492,395.4,156328.1,3.8,"64,60,52,569,52,1492,52,1129,52,116,1469,52,52,91,93,52,52,76,52,612,52,527,52,138,172,537,52,52,52,133,52,105","9,1,2,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","9,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,1,0,0,1,1,0,0,0,0,1,1,1,1,0,0","4.209610939,5.279368401,4.774691582,4.425284386,5.025067329,7.843840599,4.774691105,7.790525913,4.813152790,5.903921127,7.861433029,5.063529491,5.049012184,6.057025433,5.917924881,4.736229897,4.736229897,5.619317532,4.774691582,7.620691299,5.063529491,7.641309261,4.813152790,6.272734165,6.614942074,7.499053478,5.063529491,5.025067329,5.063529015,6.509944439,4.774691582,5.864982128",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51451,443,finished,16,16,1694275755603186,1694275756014048,1694275756014007,0,0,1419,1440,2539,9684,0,2,26505.9,177926,53972.7,2913053696.0,2.9,"26759,26795,118,27001,1551,46,28496,132,175,128,25738,41,152514,31,61,177926,5,125,123,26062,149084,174977,1329,1279,230,2,212,261,250,111,121",52,434.6,1492,557.9,311277.2,3.9,"64,60,52,569,52,1492,1128,52,52,116,1471,52,52,91,93,76,52,52,52,591,52,1098,52,1098,52,1492,704,52,1492,52,1492,52","12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0","4.147110939,5.212701797,4.659306526,4.448028564,4.911602974,7.852905273,7.816896915,4.584303856,4.584303856,5.874025345,7.854696274,5.063529015,5.025067329,5.806972980,5.845292091,5.602934361,4.697768211,4.697768211,4.697768211,7.632014751,5.101990700,7.819012642,4.736229420,7.817387581,4.697767735,7.876556396,7.676926613,4.683250904,7.875154495,4.736229420,7.877687454,4.736229420",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51405,443,finished,16,16,1694275753009120,1694275756164761,1694275756191079,0,0,1425,1440,2631,5434,0,0,204438.7,3028448,738279.9,545057275904.0,1.4,"32964,32996,273,26592,1082,27406,144,136,285,120,25958,1124,8873,77,35629,68,119,0,26186,2068,28216,70,1,121,490,28240,27689,64,125,3002036,3028448",52,304.7,1492,439.9,193493.4,3.9,"64,60,52,569,52,1492,52,1128,52,116,1477,52,52,91,93,52,76,52,591,52,1098,52,1098,453,52,138,253,52,148,52,52,76","11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","7,2,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,0,1","4.209610939,5.246035099,4.774691582,4.420200825,5.025067806,7.829051495,4.774691582,7.819931984,4.774691582,5.987846851,7.875611782,4.983880997,4.908878326,5.871349335,5.923196793,4.774691105,5.708197594,4.774691105,7.636032581,4.986606121,7.818279266,4.736229420,7.801599503,7.569772243,4.736229897,6.311936855,7.068438053,4.774691582,6.574057102,4.721713066,4.554598331,5.645633221",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51456,443,finished,16,16,1694275756081462,1694275756197896,1694275756197489,0,0,1415,1440,2757,7806,0,1,7498.7,29172,11790.7,139021392.0,3.3,"27042,27135,253,28130,308,28116,318,342,332,119,25709,1248,2682,29172,43,72,124,122,26046,2216,12,28139,226,234,133,1,118,1841,1868,239,121",52,382.7,1492,493.6,243675.8,4.0,"64,60,52,569,52,1492,52,1129,52,116,1467,52,52,91,52,93,76,52,591,52,1098,498,52,1098,52,1492,280,52,1031,52,154,172","10,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,1,0,0,0","4.057611465,5.140226364,4.569115162,4.404561043,4.950064659,7.834033489,4.646038055,7.817556381,4.684499741,5.905292034,7.874547005,4.988526344,4.950064659,5.827393532,4.646038055,5.989033699,5.601069927,4.646038055,7.663946152,4.950064659,7.823734760,7.493938446,4.646038055,7.819445610,4.684499741,7.867714405,7.130248070,4.684499741,7.799648762,4.646038055,6.450882912,6.556802750",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51454,443,finished,15,17,1694275755774249,1694275756207687,1694275756207582,0,0,1415,1440,2535,9100,0,1,27960.4,189078,55173.8,3044153088.0,3.0,"31653,31774,245,31171,1405,32268,101,124,448,124,30661,1238,157604,35,61,189078,8,296,34803,142830,177289,211,153,1171,1,1182,327,2,319,59,130",52,416.2,1492,521.0,271438.6,4.0,"64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,93,76,52,52,591,52,1098,52,1098,52,1492,528,52,1492,704,52,432,52","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,0,1,0","4.209610939,5.246035099,4.774691582,4.416579723,5.140452385,7.839653492,4.813152790,7.785371780,4.760174274,5.936122894,7.846436977,5.063529015,5.063529015,5.879644871,5.969053268,5.602934837,4.736229897,4.697768211,7.620181084,5.101990700,7.843691349,4.813152790,7.822920799,4.813152790,7.851342678,7.594365120,4.774691105,7.855309486,7.713972569,4.813152790,7.540598392,4.774691105",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51455,443,finished,17,15,1694275756080159,1694275756218848,1694275756245531,0,0,1427,1440,3189,5886,0,5,9808.4,40366,13809.4,190699552.0,3.5,"28531,28570,250,28629,1185,29555,134,124,267,118,26941,101,1109,12512,89,40366,5,43,124,125,28603,7847,36269,163,146,214,213,1933,252,372,29271",52,336.2,1492,468.3,219266.8,3.9,"64,60,52,569,52,1492,52,1127,52,116,1479,52,52,52,91,93,52,52,76,52,591,52,1098,52,1098,52,1227,52,154,172,472,52","10,0,1,2,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,0,1,0,0,0,0,1","4.166565418,5.279368877,4.774691582,4.430949211,5.101990700,7.842145920,4.774691105,7.799477100,4.813152790,5.983621120,7.876667023,5.025067806,5.063529015,5.063529015,5.960818291,5.831904411,4.774691105,4.813152790,5.708197594,4.813152790,7.600764751,5.025067329,7.816476822,4.721712589,7.827829361,4.774691105,7.836764812,4.736229420,6.433209896,6.698522568,7.518699646,5.063529015",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51458,443,finished,15,17,1694275756187552,1694275756577868,1694275756577990,0,0,1419,1440,2577,9683,0,4,25185.6,168868,50651.2,2565544448.0,2.9,"27094,27219,140,27599,403,50,27790,124,210,124,27860,31,1170,140065,28,97,168868,8,128,152,26059,139165,165009,162,127,199,4,132,297,285,155",52,435.8,1492,558.3,311649.1,3.9,"64,60,52,569,52,1492,1127,52,52,116,1471,52,52,52,91,93,76,52,52,52,629,52,1098,52,1098,52,1492,704,52,1492,52,1492","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,0,1,0,1","4.158905983,5.166786671,4.697768211,4.399245262,4.909682274,7.840191841,7.837791443,4.774691105,4.774691105,5.907286644,7.869675636,5.025067329,5.025067329,4.986605644,5.819097996,5.982440948,5.566686153,4.774691105,4.774691105,4.736229420,7.644417763,4.972088814,7.819730759,4.736229897,7.832448483,4.697768211,7.850809574,7.662927151,4.697767735,7.873144627,4.736229897,7.877857685",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51459,443,finished,15,17,1694275756191905,1694275756606219,1694275756606317,0,0,1419,1440,2539,10554,0,0,26733.1,179170,54307.3,2949282048.0,2.9,"27690,27728,175,27442,1464,28727,129,124,359,0,26913,42,152474,93,179170,44,121,134,26069,150399,176325,210,1,149,254,243,674,685,383,374,131",52,461.8,1492,572.2,327423.8,4.0,"64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,93,52,76,52,591,52,1098,52,1492,528,52,1492,52,704,52,1492,52,1492","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,5,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,1","4.115860939,5.187539101,4.774691582,4.327563286,5.101990700,7.840719700,4.813152790,7.804496288,4.774691582,5.815793037,7.862992764,5.025067806,5.025067806,5.864611149,5.947547913,4.659306526,5.576618671,4.697768211,7.529841423,4.972088337,7.829462051,4.736229897,7.845654964,7.517898083,4.736229897,7.877416134,4.736229897,7.672642231,4.697768211,7.880493164,4.736229897,7.866563320",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51453,443,finished,15,17,1694275755644863,1694275756803516,1694275756803699,0,0,1417,1440,2537,8089,0,5,74757.7,603769,151196.5,22860367872.0,3.1,"28567,28642,129,27301,1502,62,28686,142,190,134,27027,9,1142,153835,37,181617,5,73,125,121,27364,146477,39,173708,128,603728,16,603769,141336,141257,321",52,384.7,1492,500.5,250468.6,3.9,"64,60,52,569,52,1492,1127,52,52,116,1469,52,52,52,91,93,52,52,76,52,591,52,1098,498,52,52,1098,498,52,1098,52,1492","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","7,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,1,0,0,1,1,0,1,0,1","4.178360939,5.312702179,4.774691582,4.445541382,5.101990700,7.861453056,7.846636772,4.813152790,4.774691582,5.959870815,7.889067650,5.063529015,5.063529015,5.101990700,5.864611149,5.931313515,4.721712589,4.774691582,5.602934361,4.774691582,7.639420509,5.063529015,7.797530651,7.576140404,4.774691105,4.774691105,7.824387074,7.597716331,4.736229897,7.815874100,4.736229897,7.871171951",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51460,443,finished,17,15,1694275757175284,1694275757492754,1694275757486971,0,0,1411,1440,2617,7118,0,6,20295.4,188406,45762.7,2094228736.0,2.9,"27254,27387,129,27032,566,27436,735,685,380,130,25909,1236,11364,39,38078,94,6,123,122,26035,2846,28696,200,49,199,114,132,128,188214,188406,5433",52,356.8,1492,487.6,237730.2,3.9,"64,60,52,569,52,1492,52,1128,52,116,1463,52,52,91,93,52,76,52,52,591,52,1098,52,1492,704,52,1098,52,52,366,52,138","12,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,0,1,1,0,1,1,0,1,0,0,1,0,0","4.077066422,5.160978794,4.646038532,4.421825409,5.026988029,7.840250015,4.684499741,7.833176136,4.684499741,5.919390202,7.872871399,4.873141289,4.988526344,5.885031700,5.697600365,4.646038055,5.627385616,4.646038055,4.646038055,7.556904316,5.026988029,7.815989971,4.684499741,7.887370586,7.723536015,4.607576847,7.814508438,4.646038055,4.684499741,7.322398663,4.646038532,6.244566441",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51461,443,finished,15,17,1694275758612709,1694275758738453,1694275758738392,0,0,1407,1440,2527,8501,0,2,8110.5,34325,12021.4,144513856.0,3.5,"26989,27103,476,27304,1502,28303,101,128,1167,252,26989,1174,7556,104,2,34325,132,503,26102,2855,93,28446,7,100,127,213,3,165,4504,92,4610",52,397.2,1492,485.1,235309.8,4.0,"64,60,52,569,52,1492,52,1127,52,116,1459,52,52,91,93,76,52,52,591,52,1098,1098,52,52,922,52,1098,250,52,1098,682,52","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0","6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1,0,1,1,0","4.178360939,5.133453369,4.736229897,4.428386688,5.025067806,7.849509239,4.813152790,7.802417278,4.813152790,6.007369995,7.864824772,5.063529491,5.101990700,5.901622772,6.003946304,5.734513283,4.813152790,4.774691105,7.663514614,5.010550499,7.834642410,7.832502365,4.774691582,4.774691582,7.779919624,4.646038532,7.825356483,7.156414032,4.774691582,7.856326580,7.713139534,4.774691582",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51462,443,finished,16,16,1694275759126273,1694275759247598,1694275759246301,0,0,1439,1440,2655,7569,0,3,7785.6,32741,12080.7,145943504.0,3.4,"27158,27260,264,27336,1474,28531,98,125,379,124,27001,35,6211,88,32741,44,126,128,26061,2835,28773,1190,1136,275,289,191,3,28,204,127,1118",52,372.1,1492,488.6,238772.9,3.9,"64,60,52,569,52,1492,52,1129,52,116,1491,52,52,91,93,52,76,52,591,52,1098,52,258,52,1098,52,1492,704,610,52,52,148","11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,1,1,0,0,0","4.158905983,5.212701797,4.606328011,4.444310665,4.933627605,7.829864025,4.683251381,7.824939728,4.683251381,5.818936348,7.869243145,4.933627605,4.873141766,5.864611149,5.939429760,4.721712589,5.629250050,4.683250904,7.585559368,4.870416641,7.823579788,4.668734074,7.166376114,4.721712589,7.832537174,4.721712589,7.894383907,7.689051628,7.673301697,4.721712589,4.683250904,6.386294842",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51463,443,finished,17,15,1694275760146551,1694275760266903,1694275760266114,0,0,1417,1440,3230,7417,0,2,7739.2,34150,11949.0,142778768.0,3.4,"26860,26961,125,26085,1491,27383,122,123,242,127,25664,1246,7571,34150,91,48,121,120,26079,2785,28777,348,308,864,864,307,2,302,498,123,128",52,385.3,1492,506.9,256960.2,3.9,"64,60,52,569,52,1492,52,1128,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,1492,52,704,52,1492,271,52,138,172,539","10,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0","4.209610939,5.179368496,4.644789696,4.375918865,4.909683228,7.825483322,4.736229897,7.837041378,4.736229897,5.880172253,7.862580299,5.025067329,5.025067329,6.035048008,4.774691582,5.939430237,5.550303459,4.774691582,7.634554863,4.895165443,7.804163456,4.646038532,7.867358208,4.646038532,7.727935791,4.646038532,7.871103287,7.172240257,4.646038532,6.254072189,6.532965183,7.611578465",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51464,443,finished,15,17,1694275760159362,1694275760281658,1694275760309664,0,0,1425,1440,2641,8573,0,2,8793.5,31869,12758.7,162784304.0,3.5,"27814,27894,493,28703,585,28762,647,649,242,123,27168,43,5005,31869,89,47,126,129,27303,4099,31345,165,134,214,2,194,86,122,214,26695,1637",52,403.1,1492,505.2,255231.4,4.0,"64,60,52,569,52,1492,52,1127,52,116,1477,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1492,704,52,830,52,148,52,1044","10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1","4.147110939,5.166787148,4.606328011,4.419630051,4.933627129,7.819243431,4.659306526,7.802917004,4.659306526,5.959871769,7.870406628,4.986605644,4.948144436,5.947135925,4.697768211,5.982440948,5.655566216,4.697768211,7.635627747,5.025067329,7.836093426,4.697768211,7.836949825,4.736229897,7.868122101,7.667487621,4.697768211,7.753278255,4.736229897,6.269422054,5.025067329,7.793452740",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" +1,ip4,192.168.1.29,77.111.247.69,tcp,51465,443,finished,16,16,1694275760188445,1694275760330661,1694275760330585,0,0,1407,1440,3236,6065,0,50,9172.8,31292,12464.9,155373488.0,3.6,"26508,26656,121,27208,469,27459,90,122,166,118,25308,1248,5045,31292,95,50,135,141,26082,1531,27473,147,145,226,218,285,128,25620,80,2433,27757",52,343.3,1492,466.3,217422.7,3.9,"64,60,52,569,52,1492,52,1127,52,116,1459,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1184,52,154,659,52,52,274,52","10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0","8,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,0,0,1,1,1,0","4.209610939,5.279368401,4.736229897,4.419954300,5.101990700,7.829117298,4.813152790,7.823664188,4.813152790,6.035345554,7.863707542,5.140452385,5.101990700,5.872906685,4.813152790,5.931313038,5.576619148,4.813152790,7.646970272,5.101990700,7.820407391,4.813152790,7.792932510,4.813152790,7.834312439,4.813152790,6.429463387,7.615536690,4.948144436,5.025067806,7.217590809,4.736229897",TLS.OperaVPN,91.339,1,Acceptable,VPN,6,DPI,"" diff --git a/test/results/flow-analyse/default/protobuf.pcap.out b/test/results/flow-analyse/default/protobuf.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/protobuf.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/default/rmcp.pcap.out b/test/results/flow-analyse/default/rmcp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/rmcp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/default/stun.pcap.out b/test/results/flow-analyse/default/stun.pcap.out index 46dcce188..b98ee4aad 100644 --- a/test/results/flow-analyse/default/stun.pcap.out +++ b/test/results/flow-analyse/default/stun.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip6,3516:bf0b:fc53:75e7:70af:f67f:8e49:f603,2a38:e156:8167:a333:face:b00c::24d9,udp,56880,3478,finished,16,16,1614938022295727,1614938163424247,1614938163431063,20,0,20,44,320,704,0,2867,9105286.0,10358549,2980037.5,8880623976448.0,4.8,"6861,10132226,10132257,10358549,2935,10358540,2867,10055433,10055494,10056921,10056927,10057230,10057183,10053930,10053957,10069481,10069496,10027109,10027105,10027261,10027286,10063952,10063896,10098322,10098363,10035461,10035403,10061356,10061442,10028354,10028259",68,80.0,92,12.0,144.0,5.0,"68,92,68,92,68,68,92,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","5.422471046,5.541838169,5.422470093,5.514770508,5.451882362,5.451882362,5.536509514,5.536509514,5.481293678,5.593521595,5.451882362,5.558248997,5.393059731,5.558248997,5.510704994,5.571783066,5.352545738,5.460210800,5.451882362,5.514770508,5.422471046,5.550043106,5.422470093,5.541838169,5.451882362,5.550043583,5.451882362,5.593522072,5.451882362,5.541838169,5.393058777,5.528304577",STUN,78,0,Acceptable,Network,6,DPI,"" 1,ip4,192.168.12.169,31.13.86.54,udp,38123,40003,finished,17,15,1629291451242856,1629291458067482,1629291458262623,28,0,140,132,2076,1496,0,34,446593.3,6004359,1462539.6,2139022032896.0,1.9,"11521,15638,15947,6004359,4743,5997443,4483,7520,7140,108439,344493,499169,68464,195,19689,29038,92171,23636,96419,1566,50324,48303,277,50092,3265,34,52919,437,9663,44853,232153",56,139.6,168,32.1,1033.4,5.0,"56,132,164,104,168,168,140,168,140,72,164,164,160,168,128,72,164,128,160,128,164,160,128,164,128,160,128,168,128,72,160,160","1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1","4.949250221,5.629978180,5.902420998,5.787013531,5.926646233,5.987994671,5.561037540,5.822503567,5.524854183,5.646986008,5.864535809,5.979504585,5.991234303,5.944041729,5.750370979,5.532198906,5.952124596,5.921264172,5.968927860,5.858764172,5.939929485,5.964835167,5.834393978,6.016089916,5.896893978,6.048427582,5.933710575,5.919234276,5.831344128,5.608724117,6.145952225,6.009518147",STUN.FacebookVoip,78.268,0,Acceptable,VoIP,6,DPI,"5" -1,ip4,192.168.12.169,142.250.82.99,udp,49153,3478,finished,17,15,1647958145472010,1647958147569135,1647958147445904,65,0,546,1198,2034,2806,0,10,131323.2,835905,227053.5,51553292288.0,3.4,"22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681",62,179.2,1226,221.3,48965.1,4.4,"136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95","0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0","5.892770290,5.917269707,5.007872105,5.887039185,7.338845253,6.721559048,5.830899239,5.701940536,7.409162045,5.674040794,6.041372776,6.178256989,6.436406612,5.927646160,6.099106312,5.359262466,5.425189495,5.590319157,5.866630077,5.268241882,5.246464729,5.907410622,5.825631142,5.235982895,6.120714188,5.927108288,5.950603008,6.068934917,6.005105495,5.939156055,6.060311317,5.943433762",DTLS.GoogleHangoutDuo,30.201,1,Acceptable,VoIP,6,DPI,"6,15,24" +1,ip4,192.168.12.169,142.250.82.99,udp,49153,3478,finished,17,15,1647958145472010,1647958147569135,1647958147445904,65,0,546,1198,2034,2806,0,10,131323.2,835905,227053.5,51553292288.0,3.4,"22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681",62,179.2,1226,221.3,48965.1,4.4,"136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95","0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0","5.892770290,5.917269707,5.007872105,5.887039185,7.338845253,6.721559048,5.830899239,5.701940536,7.409162045,5.674040794,6.041372776,6.178256989,6.436406612,5.927646160,6.099106312,5.359262466,5.425189495,5.590319157,5.866630077,5.268241882,5.246464729,5.907410622,5.825631142,5.235982895,6.120714188,5.927108288,5.950603008,6.068934917,6.005105495,5.939156055,6.060311317,5.943433762",STUN.GoogleHangoutDuo,78.201,0,Acceptable,VoIP,6,DPI,"46" diff --git a/test/results/flow-analyse/default/stun_dtls_unidirectional_client.pcap.out b/test/results/flow-analyse/default/stun_dtls_unidirectional_client.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/stun_dtls_unidirectional_client.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/default/stun_dtls_unidirectional_server.pcap.out b/test/results/flow-analyse/default/stun_dtls_unidirectional_server.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/stun_dtls_unidirectional_server.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/default/stun_google_meet.pcapng.out b/test/results/flow-analyse/default/stun_google_meet.pcapng.out index 7ba69a78d..96a8052e8 100644 --- a/test/results/flow-analyse/default/stun_google_meet.pcapng.out +++ b/test/results/flow-analyse/default/stun_google_meet.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,192.168.12.156,142.250.82.76,udp,38152,19305,finished,5,27,1687685003685843,1687685003919073,1687685003929116,81,0,545,1203,1027,7356,0,4,15371.1,164341,39368.1,1549851008.0,2.4,"27716,164341,5265,154432,6654,36352,35377,88,7,4,14,5,6,4,5,33,4,8,4,4,4,4,27272,18857,13,4,4,9,4,5,4",65,290.0,1231,203.2,41279.0,4.7,"152,92,148,185,92,1231,573,598,65,288,288,288,288,288,288,288,288,288,288,288,288,288,109,109,288,288,288,165,288,288,288,288","0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,3,0,1,0,0,0,20,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1","5.938431740,5.693446159,5.907145500,4.997817039,5.679912090,7.332775593,6.760993004,7.409891605,4.603593349,7.060424328,7.083664894,7.159259796,7.130215645,7.048931122,7.046199322,7.094227314,7.077503204,7.049725533,7.095977306,7.143758297,7.077943802,7.098464012,5.672235966,5.727212906,7.040598869,7.076782703,7.038190842,6.382246494,7.161954880,7.089690685,7.073032856,7.083381176",STUN.GoogleHangoutDuo,78.201,0,Acceptable,VoIP,6,DPI,"5" +1,ip4,192.168.12.156,142.250.82.76,udp,38152,19305,finished,5,27,1687685003685843,1687685003919073,1687685003929116,81,0,545,1203,1027,7356,0,4,15371.1,164341,39368.1,1549851008.0,2.4,"27716,164341,5265,154432,6654,36352,35377,88,7,4,14,5,6,4,5,33,4,8,4,4,4,4,27272,18857,13,4,4,9,4,5,4",65,290.0,1231,203.2,41279.0,4.7,"152,92,148,185,92,1231,573,598,65,288,288,288,288,288,288,288,288,288,288,288,288,288,109,109,288,288,288,165,288,288,288,288","0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,3,0,1,0,0,0,20,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1","5.938431740,5.693446159,5.907145500,4.997817039,5.679912090,7.332775593,6.760993004,7.409891605,4.603593349,7.060424328,7.083664894,7.159259796,7.130215645,7.048931122,7.046199322,7.094227314,7.077503204,7.049725533,7.095977306,7.143758297,7.077943802,7.098464012,5.672235966,5.727212906,7.040598869,7.076782703,7.038190842,6.382246494,7.161954880,7.089690685,7.073032856,7.083381176",STUN.GoogleHangoutDuo,78.201,0,Acceptable,VoIP,6,DPI,"5,46" 1,ip4,192.168.12.156,142.250.82.76,udp,38152,3478,finished,23,9,1687685004552860,1687685007476840,1687685007173710,45,0,124,537,1668,977,0,286,178865.5,1000041,232359.1,53990768640.0,4.0,"28728,31564,20654,57272,57107,114859,326724,7631,286,359302,399475,20851,399538,20813,60291,761585,238269,310501,33128,16660,106522,1355,298484,11725,401011,18917,1000041,80368,40305,278612,42252",68,110.7,565,85.7,7337.9,4.8,"152,92,148,92,148,92,565,91,73,93,68,107,73,91,73,148,92,68,80,91,73,80,80,107,73,91,73,68,148,92,128,91","0,14,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0","6.010119915,5.593475819,5.960068226,5.666897774,6.019278049,5.652763844,7.600190163,5.996479034,5.525039673,5.555425644,5.480339050,5.729862213,5.662026882,5.878293514,5.487302303,5.954136372,5.579943180,5.333281517,5.766850948,6.062412739,5.607231617,5.697978497,5.816851616,5.767245293,5.504358292,5.886589527,5.579834938,5.333281517,5.923795223,5.623420238,6.336440086,5.996479034",STUN.GoogleHangoutDuo,78.201,0,Acceptable,VoIP,6,DPI,"46" -1,ip4,192.168.12.156,142.250.82.76,udp,45400,3478,finished,16,16,1687685005044008,1687685041837696,1687685041855156,116,0,124,64,1864,1024,0,30238,2374349.5,8437597,2513707.0,6318722646016.0,4.3,"30238,90776,78178,1745669,1745625,749698,749771,2799723,2799844,3108626,3108432,997539,997498,1610326,1610265,582546,582775,6554830,6554484,8437477,8437597,882386,882517,6551657,6551432,792405,792639,992950,992997,897080,896856",92,118.2,152,26.3,690.9,5.0,"152,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92","0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","6.041833401,5.593477249,6.058853149,5.579942226,5.987570286,5.506519794,6.008540154,5.558203220,6.054466248,5.666898727,5.907513618,5.762059689,6.055450439,5.636953354,6.025833607,5.636953354,6.114410400,5.631624699,5.992813587,5.636953831,6.027671337,5.623420238,5.998055458,5.639230251,6.058160305,5.571735382,6.015348434,5.740320206,6.043981075,5.718581200,5.986004829,5.718581676",STUN.GoogleHangoutDuo,78.201,0,Acceptable,VoIP,6,DPI,"" +1,ip4,192.168.12.156,142.250.82.76,udp,45400,3478,finished,16,16,1687685005044008,1687685041837696,1687685041855156,116,0,124,64,1864,1024,0,30238,2374349.5,8437597,2513707.0,6318722646016.0,4.3,"30238,90776,78178,1745669,1745625,749698,749771,2799723,2799844,3108626,3108432,997539,997498,1610326,1610265,582546,582775,6554830,6554484,8437477,8437597,882386,882517,6551657,6551432,792405,792639,992950,992997,897080,896856",92,118.2,152,26.3,690.9,5.0,"152,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92","0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","6.041833401,5.593477249,6.058853149,5.579942226,5.987570286,5.506519794,6.008540154,5.558203220,6.054466248,5.666898727,5.907513618,5.762059689,6.055450439,5.636953354,6.025833607,5.636953354,6.114410400,5.631624699,5.992813587,5.636953831,6.027671337,5.623420238,5.998055458,5.639230251,6.058160305,5.571735382,6.015348434,5.740320206,6.043981075,5.718581200,5.986004829,5.718581676",STUN.GoogleHangoutDuo,78.201,0,Acceptable,VoIP,6,DPI,"46" diff --git a/test/results/flow-analyse/default/stun_signal.pcapng.out b/test/results/flow-analyse/default/stun_signal.pcapng.out index e73c7e752..b09dcf560 100644 --- a/test/results/flow-analyse/default/stun_signal.pcapng.out +++ b/test/results/flow-analyse/default/stun_signal.pcapng.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.12.169,18.195.131.143,udp,43068,61156,finished,16,16,1636901958294242,1636901960601813,1636901960620966,28,0,104,96,1032,1012,0,25,149493.4,679364,200828.1,40331911168.0,3.9,"83894,37,92476,7793,46066,91419,25,37867,39955,9097,41868,367689,125,441001,43,600796,610250,117949,49918,49758,64212,212886,679364,8747,45,503798,102888,200994,101814,9344,62177",56,91.9,132,24.9,621.5,4.9,"124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,84,84,124,92,56,84,56,56,56,124,92,84,56,84","4,3,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,0,1,1,0,0,1,1,1,0,0,1,0,0,1","5.768973827,5.811776161,5.931350708,5.819116592,5.739065170,5.636717796,5.871664047,5.907987118,5.819117546,5.781831741,5.903046608,5.775639534,5.668575764,5.083614826,5.811898232,5.271638393,5.861793995,5.810910702,5.781786919,5.698687553,5.893005371,5.819117069,5.083614826,5.770115376,5.235924244,5.200210571,5.083615780,5.835623741,5.811777115,5.606133938,5.119328976,5.779102325",STUN,78,0,Acceptable,Network,6,DPI,"5" 1,ip4,35.158.183.167,192.168.12.169,icmp,,,finished,30,2,1636901936083692,1636901980739508,1636901940925734,56,0,64,104,1760,208,0,15,1596705.0,17079364,3547473.5,12584568750080.0,2.8,"4084,63003,42,180775,3510,1499231,2002773,15,4841966,76,17079364,30045,28084,9989,178591,30710,1472432,2000483,30998,3968781,29896,37348,7808,7927339,28492,35381,6539,7931223,29238,34577,5065",76,81.5,124,11.6,133.8,5.0,"76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84","0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.045846939,5.151109695,5.089153290,5.017724991,5.072162628,5.124794006,5.045846939,5.035913944,5.088545322,5.533661366,5.689179420,4.953483582,4.999665260,4.975942135,4.999751568,4.937100887,4.999665260,5.025980949,5.025980949,4.999665260,4.989732265,4.983282089,4.999751568,4.975942135,5.025980949,5.062229633,5.056357384,5.008738518,4.999665260,5.035913944,5.008738041,5.056357384",ICMP,81,0,Acceptable,Network,6,DPI,"46" -1,ip4,192.168.12.169,18.195.131.143,udp,47767,61498,finished,16,16,1636902000073738,1636902002442030,1636902002440493,28,0,104,96,1068,1052,0,43,152743.5,665020,189167.3,35784253440.0,4.0,"68482,50,70303,29273,44732,113365,45,43187,26522,8477,31033,313588,306,410657,43,665020,630540,122450,190474,61616,378076,7868,325508,42160,76005,424878,96788,5410,434339,47676,66176",56,94.2,132,24.6,605.9,4.9,"124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92","3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0","5.861794472,5.759229183,5.867881298,5.702216148,5.875429153,5.754216671,5.819118500,5.958508492,5.832649708,5.805582047,5.875729084,5.797377586,5.796609879,5.155043602,5.748991013,5.105850220,5.758409977,5.819116116,5.891858101,5.702215672,5.716967583,5.862202168,5.155044079,5.141563416,5.119328976,5.772800446,5.887964725,5.772800446,5.119329453,5.783843040,5.817300797,5.830357552",STUN.SignalVoip,78.269,0,Acceptable,VoIP,6,DPI,"5,46" +1,ip4,192.168.12.169,18.195.131.143,udp,47767,61498,finished,16,16,1636902000073738,1636902002442030,1636902002440493,28,0,104,96,1068,1052,0,43,152743.5,665020,189167.3,35784253440.0,4.0,"68482,50,70303,29273,44732,113365,45,43187,26522,8477,31033,313588,306,410657,43,665020,630540,122450,190474,61616,378076,7868,325508,42160,76005,424878,96788,5410,434339,47676,66176",56,94.2,132,24.6,605.9,4.9,"124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92","3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0","5.861794472,5.759229183,5.867881298,5.702216148,5.875429153,5.754216671,5.819118500,5.958508492,5.832649708,5.805582047,5.875729084,5.797377586,5.796609879,5.155043602,5.748991013,5.105850220,5.758409977,5.819116116,5.891858101,5.702215672,5.716967583,5.862202168,5.155044079,5.141563416,5.119328976,5.772800446,5.887964725,5.772800446,5.119329453,5.783843040,5.817300797,5.830357552",STUN.SignalVoip,78.269,0,Acceptable,VoIP,5,DPI (cache),"5,46" diff --git a/test/results/flow-analyse/default/stun_tcp_multiple_msgs_same_pkt.pcap.out b/test/results/flow-analyse/default/stun_tcp_multiple_msgs_same_pkt.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/default/stun_tcp_multiple_msgs_same_pkt.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/default/stun_zoom.pcapng.out b/test/results/flow-analyse/default/stun_zoom.pcapng.out new file mode 100644 index 000000000..72489d08b --- /dev/null +++ b/test/results/flow-analyse/default/stun_zoom.pcapng.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.43.169,134.224.90.111,udp,53065,8801,finished,17,15,1661169535618755,1661169536326542,1661169536383924,50,0,189,1052,2576,5172,0,5,47514.7,193831,51140.5,2615352320.0,4.1,"20238,79929,20296,193831,73632,247,50353,49657,26391,24351,170235,80565,10991,149570,50735,24,93581,6,7,6,7,5,8274,29660,4814,50217,80837,100195,42158,3678,58466",42,270.1,1080,313.1,98043.5,4.3,"184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42","0,1,1,0,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1","5.849215031,5.820121765,5.845112324,5.820121765,5.609286785,5.848187923,5.155805588,5.151053905,5.856935501,5.837758064,5.169487476,5.679913521,5.609286785,5.658175468,5.856935501,5.312055111,4.055345058,5.723389149,7.020439625,7.330272198,7.262623310,7.369262695,7.183655262,6.090222359,5.701650143,5.679913521,6.082654476,5.723389149,6.098002911,5.370398521,6.009067535,4.320421696",STUN,78,0,Acceptable,Network,6,DPI,"5" diff --git a/test/results/flow-analyse/default/telegram_videocall.pcapng.out b/test/results/flow-analyse/default/telegram_videocall.pcapng.out new file mode 100644 index 000000000..c0d289156 --- /dev/null +++ b/test/results/flow-analyse/default/telegram_videocall.pcapng.out @@ -0,0 +1,5 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.169,149.154.167.91,tcp,37950,443,info,13,19,1648032336009996,1648032336391148,1648032336391586,0,0,884,1228,2636,13025,0,12,24604.6,126888,31047.4,963939136.0,3.9,"30731,31937,288,33006,35575,10197,44497,8215,4395,4095,48658,1376,3118,6445,36520,17815,50889,88402,126888,78673,32858,54,22,21,65506,275,2211,37,14,12,12",52,541.9,1280,516.1,266324.8,4.3,"60,60,52,333,157,52,936,825,672,141,141,52,767,189,301,52,349,317,52,157,52,1280,1280,1280,1280,52,52,1280,1280,1280,1280,1280","6,0,0,1,1,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,2,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,1,1,1,0,0,1,1,1,1,1","4.759215832,5.200119972,5.156889439,7.326955795,6.678098679,5.118428230,7.754227638,7.716340542,7.727574825,6.586546898,6.619811058,5.118428230,7.671398640,6.924524307,7.207767487,5.154968739,7.392677784,7.317721844,5.308815479,6.654307365,5.270353794,7.858087063,7.839837551,7.851624012,7.845353127,5.195351601,5.195351601,7.846577168,7.826389313,7.858784676,7.859879017,7.849138260",,,,,,,,"" +1,ip4,192.168.12.169,149.154.167.222,tcp,40830,443,info,13,19,1648032336638090,1648032336766698,1648032336786651,0,0,578,1228,1261,17676,0,13,8940.9,46767,14845.6,220392240.0,3.2,"30076,31371,312,583,31529,37,19,34994,157,6898,41656,13027,44,22,16,15,16,23,15,20,46767,55,14,127,880,6450,31944,44,19,13,26",52,644.3,1280,571.9,327061.8,4.3,"60,60,52,630,221,52,157,262,52,52,333,221,1280,1280,1280,1280,1280,1280,1280,1280,1280,52,52,52,52,52,285,1280,1280,1280,1280,1280","9,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0","0,1,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1","4.759216309,5.233454227,5.156889915,7.660384178,6.987750053,5.217375278,6.765834332,7.120079041,5.195351601,5.156889915,7.396682262,7.101703167,7.850454330,7.853686333,7.825681210,7.871449947,7.830209732,7.847279072,7.843949795,7.808338642,7.841329575,5.118428230,5.156889915,5.118428230,5.118428230,5.156889915,7.139685631,7.851319790,7.844550133,7.850350380,7.835945606,7.848772049",,,,,,,,"" +1,ip4,192.168.12.169,93.36.13.115,udp,42405,35393,finished,21,11,1648032354077734,1648032354886306,1648032354873460,23,0,237,96,1854,649,0,49,51751.5,474673,95446.3,9109989376.0,3.6,"75722,88020,12807,2328,9002,48923,21674,183,117533,50,18901,57450,295,20709,49,35124,54640,306358,41620,24769,9929,17729,18103,17365,474673,50,42102,15504,14083,40108,18495",49,106.2,265,48.9,2396.0,4.9,"128,92,51,124,92,128,128,65,71,92,92,124,54,92,64,49,124,92,265,119,119,119,119,119,265,53,64,59,119,119,79,119","3,2,11,3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0","5.404182434,5.729283333,5.265467167,5.614555359,5.634122849,5.456954956,5.404182434,5.653138161,5.772913456,5.756935120,5.745695591,5.598426342,5.458592415,5.767434120,5.687500000,5.328994274,5.576209545,5.797379017,7.103881836,6.518718719,6.438805580,6.381202221,6.471578598,6.393888950,7.201899052,5.463770390,5.656250000,5.577555180,6.334901810,6.354772091,5.879608154,6.455611706",STUN.TelegramVoip,78.355,0,Acceptable,VoIP,5,DPI (cache),"5,46" +1,ip4,192.168.12.169,149.154.167.222,tcp,40832,443,info,17,15,1648032336639074,1648032364799931,1648032364830191,0,0,578,1228,1060,12707,0,8,1817805.6,25078496,6146606.0,37780767899648.0,1.5,"29139,30566,480,31562,35447,6512,41656,9889,49,31,23,46927,8,41719,2909634,2997736,16,16,15,2357,76,56,44252,15,34,56,139,73,125,25044870,25078496",52,482.7,1280,530.0,280877.2,4.1,"60,60,52,630,262,52,205,221,1280,1280,1280,700,52,52,52,381,1280,1280,1280,1280,1280,1280,680,52,52,52,52,52,52,52,52,52","14,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1","4.859216213,5.266787529,5.156889439,7.555443287,7.119448662,5.118427753,6.908961773,6.987295628,7.824494839,7.835509300,7.843729496,7.724673271,5.195351124,5.094483852,5.115703106,7.462384224,7.834102154,7.851257801,7.840057850,7.862158298,7.844310284,7.831385612,7.709258080,5.156889439,5.041504860,5.079966545,5.118427753,5.156889439,5.156889439,5.115703106,5.077241421,5.156889439",,,,,,,,"" diff --git a/test/results/flow-analyse/default/ultrasurf.pcap.out b/test/results/flow-analyse/default/ultrasurf.pcap.out index d4ac2ae9e..88f572a3e 100644 --- a/test/results/flow-analyse/default/ultrasurf.pcap.out +++ b/test/results/flow-analyse/default/ultrasurf.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,65.49.68.25,10.132.0.23,tcp,50053,37898,finished,22,10,1656652731609846,1656652731961797,1656652731903862,1280,0,2576,0,41208,0,1,2,20837.6,150485,35657.5,1271454592.0,3.6,"7,21335,5,10969,29128,61453,2,10832,4,9189,30801,10791,6,19965,5,29291,5,3,3,9324,30618,150485,11,11883,141836,4,17858,20033,9,20018,10094",80,1348.5,2628,1007.2,1014474.8,4.5,"2628,2628,1340,1340,2628,2628,80,80,1340,1340,2628,80,1340,1340,1332,2628,80,80,80,80,1340,80,1340,1340,2628,80,80,2628,1340,1340,2628,2628","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,10","10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,1,1,1,1,0,1,0,0,0,1,1,0,0,0,0,0","7.935860634,7.912645817,7.844571114,7.831790447,7.918263912,7.928714752,5.522979259,5.447978497,7.859277725,7.870418549,7.933502197,5.497979641,7.862855911,7.853259087,7.847196579,7.913461208,5.472979069,5.319669724,5.429106236,5.429106236,7.836807251,5.479106426,7.821085453,7.859042645,7.931487560,5.538542747,5.538542747,7.931249619,7.868795395,7.859850407,7.922960758,7.932232857",UltraSurf,304,1,Acceptable,VPN,6,DPI,"46" -1,ip4,10.132.0.23,65.49.68.25,tcp,38120,50053,finished,15,17,1656652778161151,1656652779042511,1656652779222772,0,0,1348,1288,5006,4491,0,2,62676.8,270784,99488.0,9897854976.0,3.4,"211168,260384,4,269572,5,10096,9894,260379,4,20013,20030,10943,4,270784,9694,4,10276,229481,5,19977,40078,29866,14,10092,29929,210869,5,2,9,9396,4",52,349.3,1400,449.6,202163.0,4.0,"60,60,52,569,52,1340,1340,1256,52,52,52,116,138,690,107,87,83,108,83,52,94,1400,86,1148,680,650,52,87,244,187,87,113","7,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0","4,8,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,0,0,0,1,1,1,1,1,1","4.726680756,5.240227222,5.272274494,6.111527920,5.130220413,7.844857216,7.849434853,7.833609104,5.233813286,5.156889915,5.233813286,6.138292789,6.368075848,7.651264191,6.278759480,5.928515911,5.691242695,6.148318291,5.806828022,5.233812809,5.950813293,7.875130177,5.929117203,7.818894386,7.718791008,7.725904465,5.168681622,5.919838905,6.926432133,6.780454636,5.896851063,6.240451336",TLS,91,1,Safe,Web,6,DPI,"5,24" -1,ip4,10.132.0.23,65.49.68.25,tcp,38152,50053,finished,16,16,1656652831434184,1656652832235258,1656652832454997,0,0,1348,1288,4808,5851,0,2,58770.5,269120,100848.2,10170350592.0,3.1,"209494,239714,10,251051,6,11439,12,260675,5,9589,20029,20030,269120,19987,5,231024,5,19971,10,4,3,3,2,249606,8,2,3,3,10064,10,3",52,385.6,1400,479.7,230117.0,4.1,"60,60,52,569,52,1340,1340,1256,52,52,52,116,368,107,87,139,52,83,1400,428,1400,480,250,234,52,87,113,200,244,87,187,1340","7,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0","3,5,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1","4.680766106,5.194312096,5.041505337,6.080573082,5.168682098,7.827150345,7.863349915,7.855801105,5.156889915,5.156889915,5.118428230,6.048384190,7.387241364,5.998385429,5.810531616,6.322457314,5.118428230,5.674062252,7.876391411,7.449967384,7.849254131,7.577188969,7.053901672,7.035159111,5.130220413,5.850873470,6.129572392,6.822973251,6.886046886,5.873862267,6.798689365,7.860256195",TLS,91,1,Safe,Web,6,DPI,"5,24" +1,ip4,10.132.0.23,65.49.68.25,tcp,38120,50053,finished,15,17,1656652778161151,1656652779042511,1656652779222772,0,0,1348,1288,5006,4491,0,2,62676.8,270784,99488.0,9897854976.0,3.4,"211168,260384,4,269572,5,10096,9894,260379,4,20013,20030,10943,4,270784,9694,4,10276,229481,5,19977,40078,29866,14,10092,29929,210869,5,2,9,9396,4",52,349.3,1400,449.6,202163.0,4.0,"60,60,52,569,52,1340,1340,1256,52,52,52,116,138,690,107,87,83,108,83,52,94,1400,86,1148,680,650,52,87,244,187,87,113","7,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0","4,8,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,0,0,0,1,1,1,1,1,1","4.726680756,5.240227222,5.272274494,6.111527920,5.130220413,7.844857216,7.849434853,7.833609104,5.233813286,5.156889915,5.233813286,6.138292789,6.368075848,7.651264191,6.278759480,5.928515911,5.691242695,6.148318291,5.806828022,5.233812809,5.950813293,7.875130177,5.929117203,7.818894386,7.718791008,7.725904465,5.168681622,5.919838905,6.926432133,6.780454636,5.896851063,6.240451336",TLS,91,1,Safe,Web,6,DPI,"5,24,52" +1,ip4,10.132.0.23,65.49.68.25,tcp,38152,50053,finished,16,16,1656652831434184,1656652832235258,1656652832454997,0,0,1348,1288,4808,5851,0,2,58770.5,269120,100848.2,10170350592.0,3.1,"209494,239714,10,251051,6,11439,12,260675,5,9589,20029,20030,269120,19987,5,231024,5,19971,10,4,3,3,2,249606,8,2,3,3,10064,10,3",52,385.6,1400,479.7,230117.0,4.1,"60,60,52,569,52,1340,1340,1256,52,52,52,116,368,107,87,139,52,83,1400,428,1400,480,250,234,52,87,113,200,244,87,187,1340","7,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0","3,5,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1","4.680766106,5.194312096,5.041505337,6.080573082,5.168682098,7.827150345,7.863349915,7.855801105,5.156889915,5.156889915,5.118428230,6.048384190,7.387241364,5.998385429,5.810531616,6.322457314,5.118428230,5.674062252,7.876391411,7.449967384,7.849254131,7.577188969,7.053901672,7.035159111,5.130220413,5.850873470,6.129572392,6.822973251,6.886046886,5.873862267,6.798689365,7.860256195",TLS,91,1,Safe,Web,6,DPI,"5,24,52" diff --git a/test/results/flow-analyse/default/wa_video.pcap.out b/test/results/flow-analyse/default/wa_video.pcap.out index b44c8574f..b2c07558c 100644 --- a/test/results/flow-analyse/default/wa_video.pcap.out +++ b/test/results/flow-analyse/default/wa_video.pcap.out @@ -1,4 +1,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks 1,ip4,192.168.2.12,157.240.20.53,tcp,49355,5222,info,19,13,1561455767339689,1561455770332620,1561455769794560,0,0,548,1388,1640,5261,1,0,175735.5,2404473,473951.1,224629620736.0,2.4,"51726,176830,2,0,439642,1227815,753,306057,108901,2404473,241,10,252,9,41,323,133116,635,40681,277,7651,7949,1743,1602,528764,1087,660,696,654,2651,2561",52,268.4,1440,335.2,112371.9,4.2,"600,52,1440,155,508,508,332,189,225,1440,52,52,64,52,52,52,64,228,228,52,52,228,52,404,52,214,212,206,206,206,206,206","11,0,0,0,5,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,1,1,4,0,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0","0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0","7.608484745,5.077241421,7.865381718,6.691146851,7.578685284,7.572544098,7.307354450,6.700509548,7.001189232,7.865732670,4.976373672,5.053297043,5.138105392,5.091758728,5.053297043,5.091758728,5.157560349,6.986247063,7.012214661,5.053297043,5.053297043,6.984363556,5.053297043,7.459637642,5.053297043,6.913162708,6.866742134,6.851969242,6.911801815,6.922309875,6.837723732,6.965609550",,,,,,,,"" 1,ip4,192.168.2.12,31.13.86.48,udp,53688,3478,finished,23,9,1561455769789452,1561455770782169,1561455770781798,6,0,472,472,8102,1614,0,95,64034.3,550126,135549.6,18373693440.0,3.1,"95,13142,1109,548212,794,550126,16210,117,20333,106,23568,573,14505,979,116,79305,29641,99,23164,167,19951,342,24390,3500,104447,150456,15882,197610,75380,2499,68245",30,331.6,500,205.8,42355.1,4.7,"154,154,72,72,154,500,72,500,500,500,500,500,500,34,500,500,30,500,500,500,500,500,500,500,154,72,48,500,48,500,500,48","3,0,0,4,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,4,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0","6.493677139,6.519650936,5.235420704,5.263198376,6.488775253,7.446858406,5.290976048,7.477643013,7.460317135,7.514078140,7.471118450,7.444753170,7.528831959,4.569532394,7.478866100,7.484198570,4.453236580,7.470160961,7.456147671,7.450516224,7.440128803,7.495639801,7.433229923,7.431243420,6.496860504,5.263197899,3.812905788,7.345452785,3.812905550,7.413387775,7.430417538,4.208755493",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"46" -1,ip4,192.168.2.12,91.252.56.51,udp,53688,32641,finished,26,6,1561455781352254,1561455783672290,1561455783683909,44,0,1118,182,15240,615,0,139,150054.5,1979427,383224.6,146861080576.0,2.7,"707140,619781,619147,1979427,36290,69699,132037,26361,100137,1489,36501,24632,139,224,338,341,10692,26140,102372,15137,296,563,516,886,169,757,7597,915,148,631,131189",72,523.5,1146,432.0,186635.8,4.5,"72,72,72,72,72,72,72,156,72,165,150,130,899,899,899,898,1146,194,143,198,1022,1022,1022,1022,1022,1020,150,920,920,920,1048,210","0,6,0,2,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,1,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1","5.551460743,5.652086735,5.531393051,5.607016087,5.440350056,5.499580860,5.568753719,6.624680996,5.697700977,6.683998108,6.496982574,6.426134586,7.747357368,7.800405025,7.780704021,7.774211884,7.821574688,6.735989094,6.400922298,6.908179283,7.822691441,7.800770760,7.811967850,7.818122864,7.793910027,7.785738468,6.611948967,7.770941734,7.800857544,7.760899067,7.788744450,6.986406326",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"5,46" +1,ip4,192.168.2.12,91.252.56.51,udp,53688,32641,finished,26,6,1561455781352254,1561455783672290,1561455783683909,44,0,1118,182,15240,615,0,139,150054.5,1979427,383224.6,146861080576.0,2.7,"707140,619781,619147,1979427,36290,69699,132037,26361,100137,1489,36501,24632,139,224,338,341,10692,26140,102372,15137,296,563,516,886,169,757,7597,915,148,631,131189",72,523.5,1146,432.0,186635.8,4.5,"72,72,72,72,72,72,72,156,72,165,150,130,899,899,899,898,1146,194,143,198,1022,1022,1022,1022,1022,1020,150,920,920,920,1048,210","0,6,0,2,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,1,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1","5.551460743,5.652086735,5.531393051,5.607016087,5.440350056,5.499580860,5.568753719,6.624680996,5.697700977,6.683998108,6.496982574,6.426134586,7.747357368,7.800405025,7.780704021,7.774211884,7.821574688,6.735989094,6.400922298,6.908179283,7.822691441,7.800770760,7.811967850,7.818122864,7.793910027,7.785738468,6.611948967,7.770941734,7.800857544,7.760899067,7.788744450,6.986406326",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,5,DPI (cache),"5,46" diff --git a/test/results/flow-analyse/default/wa_voice.pcap.out b/test/results/flow-analyse/default/wa_voice.pcap.out index 0c4453df9..6e261855a 100644 --- a/test/results/flow-analyse/default/wa_voice.pcap.out +++ b/test/results/flow-analyse/default/wa_voice.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.12,31.13.86.51,tcp,50503,443,finished,17,15,1561455689909150,1561455690224696,1561455690224643,0,0,517,1388,1331,7979,0,0,20356.1,163286,46938.1,2203181824.0,2.5,"19749,127653,2783,126251,2925,28,22,21046,163,145211,12,6,5,40,5,163286,2,38,0,250,1,16,17472,279,12,8,2386,284,150,389,567",52,343.6,1440,489.7,239839.3,3.9,"64,60,52,569,52,1440,1440,335,52,52,116,98,95,87,388,311,52,223,126,83,52,100,484,52,52,52,52,1440,52,1440,1440,83","10,3,1,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0","4.453177452,5.156567574,5.038779736,4.954115391,5.062724590,7.845219135,7.875988007,7.363695621,5.038779736,5.077241421,6.006405830,6.022478580,5.964075089,5.738524437,7.327147007,7.233700752,5.115703106,6.979569435,6.337362766,5.826725960,5.032077789,6.041212559,7.548195839,4.923395157,4.961856842,5.000318050,4.947339535,7.873440742,5.038779736,7.854992867,7.876389503,5.699865818",TLS.WhatsAppFiles,91.242,1,Acceptable,Download,6,DPI,"" 1,ip4,192.168.2.12,157.240.20.52,tcp,50504,443,finished,16,16,1561455707474558,1561455707778028,1561455707778471,0,0,517,1388,928,9370,0,5,19593.0,129132,30818.3,949767616.0,3.5,"37234,38970,11147,51469,985,103,11,42805,136,34645,3771,380,216,299,76165,5,34895,421,279,3605,27,2938,1342,3436,77447,53735,129132,1406,40,219,120",52,374.4,1440,526.3,277041.4,3.9,"64,60,52,569,52,1440,1440,333,52,52,116,98,95,87,244,223,126,52,52,83,52,83,52,87,52,52,502,52,1440,1440,1440,1440","10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,1,1","4.421927452,5.127645493,4.947339535,4.844649315,5.024262905,7.828526497,7.880538940,7.342582226,4.947340012,4.947340012,6.096442223,5.933140755,5.903703690,5.761512756,7.014289856,6.959705353,6.368111134,4.923395157,4.923395157,5.597574711,5.062724590,5.763532162,4.985801220,5.859550953,4.947339535,4.985801220,7.559065819,4.947340012,7.871157646,7.859573364,7.846300602,7.844365597",TLS.WhatsApp,91.142,1,Acceptable,Chat,6,DPI,"" 1,ip4,192.168.2.12,31.13.86.48,udp,56328,3478,finished,12,20,1561455706912375,1561455731523132,1561455731536124,6,0,126,278,792,1833,0,1,1588209.8,12196243,3050402.8,9304956469248.0,3.2,"61,13448,128,12194152,12196243,104402,58,105108,1,108628,104619,3043264,3048902,3100925,3096031,3015294,3016553,2001940,2156,107078,164036,190107,88523,28769,198646,133957,3008088,90958,35571,314,36546",30,110.0,306,87.2,7598.9,4.6,"154,154,72,72,34,30,154,154,72,72,34,30,34,30,34,30,34,30,74,54,232,261,240,150,306,234,302,34,30,154,154,72","6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1","6.541143417,6.523254871,5.258596897,5.258596897,4.628356934,4.453236580,6.497281075,6.520071030,5.203041553,5.130857468,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,5.668909073,5.185353279,6.995151520,7.135284424,7.074851990,6.635347366,7.304471493,6.999480724,7.242955685,4.628356934,4.453236580,6.523254871,6.523254871,5.230819225",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"46" -1,ip4,91.252.56.51,192.168.2.12,udp,32704,56328,finished,18,14,1561455730495456,1561455733316995,1561455733325980,26,0,171,273,1873,1869,0,2,182324.6,1203723,228895.9,52393320448.0,4.2,"578236,623635,1203723,72457,167216,11596,115693,158378,2,172820,173607,169808,156213,136586,155315,179817,99336,157427,38286,163380,181314,166574,142422,2967,25967,115313,6126,171847,106305,56249,143448",54,144.9,301,51.7,2672.5,4.9,"72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179","1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1","5.523683071,5.551460743,5.523683071,5.586590290,5.513198376,5.558812618,6.900094032,7.080634594,6.725411892,6.561889648,7.326864719,6.497554302,6.712717533,6.644547939,6.493841648,6.572838783,6.470429420,6.565414429,6.709655762,6.771090984,6.675994873,6.701801777,6.747565746,6.673988342,6.480553150,5.199332237,6.648680687,6.585022449,6.694502831,6.592251301,6.568360806,6.807644844",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"5,46" +1,ip4,91.252.56.51,192.168.2.12,udp,32704,56328,finished,18,14,1561455730495456,1561455733316995,1561455733325980,26,0,171,273,1873,1869,0,2,182324.6,1203723,228895.9,52393320448.0,4.2,"578236,623635,1203723,72457,167216,11596,115693,158378,2,172820,173607,169808,156213,136586,155315,179817,99336,157427,38286,163380,181314,166574,142422,2967,25967,115313,6126,171847,106305,56249,143448",54,144.9,301,51.7,2672.5,4.9,"72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179","1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1","5.523683071,5.551460743,5.523683071,5.586590290,5.513198376,5.558812618,6.900094032,7.080634594,6.725411892,6.561889648,7.326864719,6.497554302,6.712717533,6.644547939,6.493841648,6.572838783,6.470429420,6.565414429,6.709655762,6.771090984,6.675994873,6.701801777,6.747565746,6.673988342,6.480553150,5.199332237,6.648680687,6.585022449,6.694502831,6.592251301,6.568360806,6.807644844",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,5,DPI (cache),"5,46" diff --git a/test/results/flow-analyse/default/weibo.pcap.out b/test/results/flow-analyse/default/weibo.pcap.out index 6430977b6..f46cafe5e 100644 --- a/test/results/flow-analyse/default/weibo.pcap.out +++ b/test/results/flow-analyse/default/weibo.pcap.out @@ -1,7 +1,7 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,192.168.1.105,93.188.134.137,tcp,51698,80,finished,16,16,1463089071613246,1463089072230888,1463089072285673,0,0,450,2872,450,12066,0,21,41615.1,482409,113790.6,12948298752.0,2.5,"29171,29227,299,28208,454492,482409,111,67,13207,13244,85,48,39,29,8363,8394,90,62,24,21,24,24,26,28,15403,15440,68319,68302,68,48,54797",52,448.1,2924,693.4,480801.9,3.7,"60,60,52,502,52,57,64,1488,64,1488,64,54,72,1064,64,58,64,2924,64,280,72,54,72,1488,64,805,52,58,52,1488,52,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,1","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.650921822,5.164738178,4.955154419,5.863212585,5.062724113,5.110764980,5.095714092,7.852671146,5.095714092,7.868416309,5.090925217,5.103754044,5.134892464,7.806054115,5.090925217,5.161320686,5.102720261,7.921360016,5.071470261,7.246528625,5.126376152,5.103754044,5.164638519,7.842597485,5.090925217,5.819731712,5.091758728,5.208817959,5.022342682,7.853945732,4.945419312,7.862434864",HTTP.Sina(Weibo),7.200,0,Fun,SocialNetwork,6,DPI,"" -1,ip4,192.168.1.105,93.188.134.246,tcp,35804,80,finished,16,16,1463089072445053,1463089073026834,1463089073029617,0,0,432,2872,432,20099,0,38,37624.0,314329,71528.6,5116344832.0,3.5,"26765,26778,207,31365,283150,314329,2585,2590,16662,16689,12849,12816,59,38,45726,45760,5061,5035,70980,70980,5479,5518,32285,32296,43007,42980,3236,3222,2548,2543,2807",52,696.7,2924,831.3,691142.8,4.0,"60,60,52,484,52,566,52,1488,52,2924,52,1488,52,1064,64,1488,52,879,52,566,64,2924,64,1488,64,1488,64,1488,64,1488,64,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,2","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.617588520,5.152156830,5.032077789,5.890464306,5.154164791,5.706288815,4.916693211,7.828411579,4.937911987,7.932244301,5.014835358,7.871539593,4.923395157,7.816699505,4.954130173,7.861829758,4.937912464,7.715563297,5.014835358,5.713728428,5.028425217,7.912923336,4.977720261,7.829431534,5.059675217,7.853170395,5.059675217,7.876567841,5.090925217,7.873678684,5.028425217,7.863162994",HTTP.Sina(Weibo),7.200,0,Fun,SocialNetwork,6,DPI,"" -1,ip4,192.168.1.105,93.188.134.246,tcp,35803,80,finished,16,16,1463089072445019,1463089073075846,1463089073079547,0,0,420,4308,420,24521,0,151,40817.9,400547,92805.4,8612838400.0,3.2,"26749,26781,151,28232,372448,400547,6653,6652,6583,6577,15474,15480,6563,6553,9179,9174,23391,23365,49260,49303,71669,71670,3337,3323,2937,2940,2804,2796,5515,5515,3734",52,833.8,4360,1162.9,1352437.0,3.8,"60,60,52,472,52,567,52,1488,52,4360,52,1488,52,4360,52,2924,52,567,64,567,64,1488,52,1488,52,1488,64,1488,64,1488,64,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,3","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.571673870,5.052156448,4.931210041,5.882226944,4.985801697,5.695990562,4.801308155,7.757262230,4.853979111,7.951329231,4.892440796,7.858428955,4.808815479,7.951515198,4.892440796,7.937272549,4.892440796,5.696815968,5.006755829,5.720534801,5.006755829,7.871479034,4.906957626,7.880197525,4.945419312,7.866903305,5.026210785,7.865207672,4.994960785,7.858891964,4.994960785,7.845516682",HTTP.Sina(Weibo),7.200,0,Fun,SocialNetwork,6,DPI,"" -1,ip4,192.168.1.105,93.188.134.246,tcp,35805,80,finished,16,16,1463089072445071,1463089073791996,1463089073794639,0,0,459,1436,869,13850,0,259,86983.6,438815,119331.4,14239989760.0,3.8,"26772,26783,259,31384,276129,307295,6901,6886,153887,153903,2935,2946,375915,438815,4367,67220,2924,2959,31457,31439,138473,138467,6109,6114,4495,4505,193484,193526,28775,28708,2661",52,514.0,1488,578.7,334896.4,4.1,"60,60,52,462,52,563,52,1012,52,563,64,1012,64,511,52,480,52,1488,52,480,64,1488,52,1488,52,1488,52,1488,64,1488,52,1488","14,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.717588902,5.118823528,5.032077789,5.908517361,5.014835358,5.756928444,5.008133411,7.799871445,4.969672203,5.727755070,5.022979259,7.804618359,4.991729736,5.911708832,5.115703106,5.816450596,5.000318527,6.365411758,5.053297043,5.822424412,5.122175217,7.722197533,5.053297043,7.724967480,5.091758728,7.731284142,5.053297043,7.722201347,5.153425217,7.742957592,5.053297043,7.725163937",HTTP.Sina(Weibo),7.200,0,Fun,SocialNetwork,6,DPI,"" -1,ip4,192.168.1.105,93.188.134.246,tcp,35807,80,finished,16,16,1463089073321163,1463089073801051,1463089073804152,0,0,484,1436,484,18086,0,142,31060.5,183686,54622.5,2983621632.0,3.4,"62151,62179,142,161101,22711,183686,5733,5740,2565,2546,10538,10551,5220,5299,3225,3182,2451,2404,5526,5539,2866,2854,2576,2563,4789,4821,162100,162064,26294,26318,3143",52,633.2,1488,674.0,454231.7,4.1,"60,60,52,536,52,479,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,479,64,1488,52,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.684255600,5.152156830,4.993616104,5.845283031,5.077241421,5.771981716,5.032077789,7.798841476,5.014835358,7.818611622,5.091758728,7.745497227,5.091758728,7.718579292,5.091758728,7.835317612,5.014835358,7.586729527,5.091758728,7.852894306,5.053297043,7.826751709,5.091758728,7.851661682,4.969671726,7.833436489,5.053297043,5.785848141,5.090925217,7.852241993,5.014835835,7.846589088",HTTP.Sina(Weibo),7.200,0,Fun,SocialNetwork,6,DPI,"" -1,ip4,192.168.1.105,93.188.134.246,tcp,35809,80,finished,16,16,1463089073334322,1463089073888564,1463089073891278,0,0,473,1436,473,18114,0,137,35845.1,252228,55584.3,3089619200.0,3.8,"50173,50197,137,181460,70884,252228,2685,2690,2552,2523,4210,4257,31840,31804,8134,8135,11411,11401,8727,8746,2645,2641,7148,7148,13606,13617,66334,66313,92394,92405,2753",52,633.7,1488,673.8,454044.4,4.1,"60,60,52,525,52,493,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,493,64,1488,52,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.650922298,5.152156830,4.993616104,5.858173847,5.077241421,5.751578331,5.032077789,7.309309959,5.014835358,7.854790211,5.053297043,7.861942291,4.976373672,7.880206108,5.014835358,7.834024906,4.976373672,7.858521461,5.000318050,7.864043236,5.053297043,7.880113125,4.937911987,7.884674549,4.923395157,7.850847721,5.014835358,5.755910873,5.090925217,7.855472088,5.053297043,7.856210232",HTTP.Sina(Weibo),7.200,0,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.1.105,93.188.134.137,tcp,51698,80,finished,16,16,1463089071613246,1463089072230888,1463089072285673,0,0,450,2872,450,12066,0,21,41615.1,482409,113790.6,12948298752.0,2.5,"29171,29227,299,28208,454492,482409,111,67,13207,13244,85,48,39,29,8363,8394,90,62,24,21,24,24,26,28,15403,15440,68319,68302,68,48,54797",52,448.1,2924,693.4,480801.9,3.7,"60,60,52,502,52,57,64,1488,64,1488,64,54,72,1064,64,58,64,2924,64,280,72,54,72,1488,64,805,52,58,52,1488,52,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,1","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.650921822,5.164738178,4.955154419,5.863212585,5.062724113,5.110764980,5.095714092,7.852671146,5.095714092,7.868416309,5.090925217,5.103754044,5.134892464,7.806054115,5.090925217,5.161320686,5.102720261,7.921360016,5.071470261,7.246528625,5.126376152,5.103754044,5.164638519,7.842597485,5.090925217,5.819731712,5.091758728,5.208817959,5.022342682,7.853945732,4.945419312,7.862434864",HTTP.SinaWeibo,7.356,0,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.1.105,93.188.134.246,tcp,35804,80,finished,16,16,1463089072445053,1463089073026834,1463089073029617,0,0,432,2872,432,20099,0,38,37624.0,314329,71528.6,5116344832.0,3.5,"26765,26778,207,31365,283150,314329,2585,2590,16662,16689,12849,12816,59,38,45726,45760,5061,5035,70980,70980,5479,5518,32285,32296,43007,42980,3236,3222,2548,2543,2807",52,696.7,2924,831.3,691142.8,4.0,"60,60,52,484,52,566,52,1488,52,2924,52,1488,52,1064,64,1488,52,879,52,566,64,2924,64,1488,64,1488,64,1488,64,1488,64,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,2","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.617588520,5.152156830,5.032077789,5.890464306,5.154164791,5.706288815,4.916693211,7.828411579,4.937911987,7.932244301,5.014835358,7.871539593,4.923395157,7.816699505,4.954130173,7.861829758,4.937912464,7.715563297,5.014835358,5.713728428,5.028425217,7.912923336,4.977720261,7.829431534,5.059675217,7.853170395,5.059675217,7.876567841,5.090925217,7.873678684,5.028425217,7.863162994",HTTP.Sina,7.200,0,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.1.105,93.188.134.246,tcp,35803,80,finished,16,16,1463089072445019,1463089073075846,1463089073079547,0,0,420,4308,420,24521,0,151,40817.9,400547,92805.4,8612838400.0,3.2,"26749,26781,151,28232,372448,400547,6653,6652,6583,6577,15474,15480,6563,6553,9179,9174,23391,23365,49260,49303,71669,71670,3337,3323,2937,2940,2804,2796,5515,5515,3734",52,833.8,4360,1162.9,1352437.0,3.8,"60,60,52,472,52,567,52,1488,52,4360,52,1488,52,4360,52,2924,52,567,64,567,64,1488,52,1488,52,1488,64,1488,64,1488,64,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,3","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.571673870,5.052156448,4.931210041,5.882226944,4.985801697,5.695990562,4.801308155,7.757262230,4.853979111,7.951329231,4.892440796,7.858428955,4.808815479,7.951515198,4.892440796,7.937272549,4.892440796,5.696815968,5.006755829,5.720534801,5.006755829,7.871479034,4.906957626,7.880197525,4.945419312,7.866903305,5.026210785,7.865207672,4.994960785,7.858891964,4.994960785,7.845516682",HTTP.Sina,7.200,0,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.1.105,93.188.134.246,tcp,35805,80,finished,16,16,1463089072445071,1463089073791996,1463089073794639,0,0,459,1436,869,13850,0,259,86983.6,438815,119331.4,14239989760.0,3.8,"26772,26783,259,31384,276129,307295,6901,6886,153887,153903,2935,2946,375915,438815,4367,67220,2924,2959,31457,31439,138473,138467,6109,6114,4495,4505,193484,193526,28775,28708,2661",52,514.0,1488,578.7,334896.4,4.1,"60,60,52,462,52,563,52,1012,52,563,64,1012,64,511,52,480,52,1488,52,480,64,1488,52,1488,52,1488,52,1488,64,1488,52,1488","14,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.717588902,5.118823528,5.032077789,5.908517361,5.014835358,5.756928444,5.008133411,7.799871445,4.969672203,5.727755070,5.022979259,7.804618359,4.991729736,5.911708832,5.115703106,5.816450596,5.000318527,6.365411758,5.053297043,5.822424412,5.122175217,7.722197533,5.053297043,7.724967480,5.091758728,7.731284142,5.053297043,7.722201347,5.153425217,7.742957592,5.053297043,7.725163937",HTTP.Sina,7.200,0,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.1.105,93.188.134.246,tcp,35807,80,finished,16,16,1463089073321163,1463089073801051,1463089073804152,0,0,484,1436,484,18086,0,142,31060.5,183686,54622.5,2983621632.0,3.4,"62151,62179,142,161101,22711,183686,5733,5740,2565,2546,10538,10551,5220,5299,3225,3182,2451,2404,5526,5539,2866,2854,2576,2563,4789,4821,162100,162064,26294,26318,3143",52,633.2,1488,674.0,454231.7,4.1,"60,60,52,536,52,479,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,479,64,1488,52,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.684255600,5.152156830,4.993616104,5.845283031,5.077241421,5.771981716,5.032077789,7.798841476,5.014835358,7.818611622,5.091758728,7.745497227,5.091758728,7.718579292,5.091758728,7.835317612,5.014835358,7.586729527,5.091758728,7.852894306,5.053297043,7.826751709,5.091758728,7.851661682,4.969671726,7.833436489,5.053297043,5.785848141,5.090925217,7.852241993,5.014835835,7.846589088",HTTP.Sina,7.200,0,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.1.105,93.188.134.246,tcp,35809,80,finished,16,16,1463089073334322,1463089073888564,1463089073891278,0,0,473,1436,473,18114,0,137,35845.1,252228,55584.3,3089619200.0,3.8,"50173,50197,137,181460,70884,252228,2685,2690,2552,2523,4210,4257,31840,31804,8134,8135,11411,11401,8727,8746,2645,2641,7148,7148,13606,13617,66334,66313,92394,92405,2753",52,633.7,1488,673.8,454044.4,4.1,"60,60,52,525,52,493,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,493,64,1488,52,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.650922298,5.152156830,4.993616104,5.858173847,5.077241421,5.751578331,5.032077789,7.309309959,5.014835358,7.854790211,5.053297043,7.861942291,4.976373672,7.880206108,5.014835358,7.834024906,4.976373672,7.858521461,5.000318050,7.864043236,5.053297043,7.880113125,4.937911987,7.884674549,4.923395157,7.850847721,5.014835358,5.755910873,5.090925217,7.855472088,5.053297043,7.856210232",HTTP.Sina,7.200,0,Fun,SocialNetwork,6,DPI,"" diff --git a/test/results/flow-analyse/default/whatsapp_login_call.pcap.out b/test/results/flow-analyse/default/whatsapp_login_call.pcap.out index 79419c435..35741e5e7 100644 --- a/test/results/flow-analyse/default/whatsapp_login_call.pcap.out +++ b/test/results/flow-analyse/default/whatsapp_login_call.pcap.out @@ -2,6 +2,6 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.4,17.178.104.12,tcp,49201,443,info,18,14,1432582227604482,1432582229309355,1432582229616362,0,0,1440,1440,6486,6050,0,9,119895.3,712466,179472.3,32210292736.0,3.4,"281831,283163,8705,294373,1121,35,286034,828,475,587,39758,240,307,326381,1436,373,2981,289942,5828,471,9,317531,1875,68938,587,382640,405162,707,17,712466,1952",40,432.9,1480,595.1,354099.2,3.8,"64,52,40,230,1480,1480,571,40,40,40,40,307,46,77,40,40,40,83,40,1480,1480,153,40,40,1480,1196,40,1480,1480,153,40,40","9,1,0,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1","4.541277409,4.887659073,4.715312004,5.559735775,7.184122086,7.417570591,6.899518967,4.931687355,4.881687641,4.931686878,4.765311718,7.230942249,4.759187222,5.742031574,4.834183693,4.834183693,4.834183693,5.811724186,4.931686878,7.864183426,7.878191471,6.699968815,4.684184074,4.684184074,7.862710953,7.817599297,4.931687355,7.865705967,7.847981453,6.673823357,4.784183979,4.834183693",,,,,,,,"" 1,ip4,192.168.2.4,184.173.179.37,tcp,49202,5222,finished,17,15,1432582227643274,1432582230649748,1432582230614203,0,0,201,78,1159,445,0,0,192819.5,709350,172077.7,29610717184.0,4.4,"153871,242175,244771,708056,709350,35643,213202,306,145666,324955,262756,250323,148242,98446,249378,163432,164508,351063,174021,177975,4,178327,331,171720,16,302683,276,301856,4,0,204047",52,102.8,253,60.8,3698.6,4.8,"64,60,52,52,218,130,73,52,52,253,84,71,73,52,227,84,52,118,84,184,84,84,186,52,85,85,252,52,85,85,85,118","9,0,2,0,2,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,1,0,0,0,1,0,1,0,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,1,0","4.535581589,5.323234558,5.284870625,5.118428230,6.648615837,6.247110844,5.434191704,5.231892109,5.169486046,7.074976444,5.807060719,5.762281895,5.680767059,5.207947731,7.065171242,5.820694447,5.246409416,6.336829185,5.802911282,6.766283989,5.781786919,5.740469933,6.833239079,5.270353794,5.863435745,5.886964798,7.017980099,5.284870625,5.854554653,5.807495594,5.816376686,6.257439613",WhatsApp,142,1,Acceptable,Chat,6,DPI,"" 1,ip4,192.168.2.4,17.173.66.102,tcp,49204,443,finished,17,15,1432582230648273,1432582231572130,1432582231504448,0,0,1440,948,5225,2717,0,15,57420.4,246332,88943.3,7910914560.0,3.4,"139279,206534,8183,215650,62,2706,195534,776,251,20,1876,267,2144,191589,2382,13135,3735,6431,14684,18,200945,301,63298,290,2226,246332,5270,14887,15,241033,179",40,289.3,1480,408.5,166890.9,3.9,"64,52,40,267,40,132,77,40,40,46,77,1480,517,596,40,40,40,40,40,988,386,40,40,1480,526,596,40,40,988,386,40,40","9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0","4.510027409,4.810735703,4.684184074,5.952049732,4.734184265,5.970739841,5.673912525,4.881687164,4.931687355,4.715708733,5.638134956,7.848487854,7.566340446,7.617396355,4.784183979,4.784183979,4.715312004,4.784183979,4.684184551,7.790213585,7.442604542,4.812815189,4.762814999,7.877933502,7.577860355,7.608998775,4.634183884,4.734184265,7.790307522,7.455507755,4.831687450,4.831687450",TLS.AppleStore,91.224,1,Safe,SoftwareUpdate,6,DPI,"15" -1,ip4,192.168.2.4,91.253.176.65,udp,51518,9344,finished,17,15,1432582258730153,1432582260754649,1432582260775626,26,0,309,289,3471,2001,0,44,131289.3,352421,70223.6,4931354624.0,4.7,"85532,95222,66134,60379,102693,208383,184141,159624,139073,188537,352421,23426,152856,55080,31139,91630,61,141160,44,163250,159227,188593,161930,163639,162107,156758,164890,143228,181638,163297,123877",50,199.0,337,98.8,9763.6,4.8,"72,72,328,72,72,301,211,297,234,301,206,134,50,235,185,134,123,54,246,54,260,120,337,103,301,103,305,229,306,317,315,291","1,2,1,1,0,1,1,1,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,2,3,1,1,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1","5.642145634,5.662571430,7.306882858,5.607016087,5.619208336,7.276579380,6.918804169,7.219153404,7.014481544,7.348511696,6.906354427,6.461464405,5.083854198,6.954874992,6.766034603,6.415629864,6.367953777,5.205786228,7.119737148,5.148316383,7.136041164,6.350277901,7.294374466,6.069901943,7.367813587,6.103599548,7.328564644,7.015753746,7.285601139,7.344736099,7.265763760,7.231878281",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"5,46" -1,ip4,192.168.2.4,91.253.176.65,udp,52794,9665,finished,16,16,1432582303300524,1432582305119064,1432582305008654,26,0,278,200,1888,1727,0,40,113763.5,307394,86013.0,7398240768.0,4.5,"304269,307394,8384,89918,31917,6521,226162,154173,40,188009,271,163937,163420,160100,21775,153703,73,168136,122602,138908,158523,186698,16232,65895,114250,83709,193240,164541,1311,77123,55436",54,141.0,306,58.8,3453.3,4.9,"72,72,72,72,72,134,124,306,167,54,232,134,228,212,103,134,151,54,172,156,161,172,156,134,114,140,205,140,209,54,134,171","1,3,0,6,3,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,2,2,3,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,1,1,0,0,1,0,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,0","5.586590290,5.634793758,5.591430664,5.548327923,5.614367962,6.343744755,6.353155136,7.262660980,6.708292484,5.199332714,6.977910042,6.582841873,7.061330318,6.964643955,6.193738461,6.469698906,6.640622616,5.205786228,6.713893890,6.594544411,6.678621769,6.732760429,6.737264633,6.418371201,6.335039139,6.527385712,6.871919632,6.504805565,6.851323605,5.199332714,6.565941334,6.741304874",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"5,46" +1,ip4,192.168.2.4,91.253.176.65,udp,51518,9344,finished,17,15,1432582258730153,1432582260754649,1432582260775626,26,0,309,289,3471,2001,0,44,131289.3,352421,70223.6,4931354624.0,4.7,"85532,95222,66134,60379,102693,208383,184141,159624,139073,188537,352421,23426,152856,55080,31139,91630,61,141160,44,163250,159227,188593,161930,163639,162107,156758,164890,143228,181638,163297,123877",50,199.0,337,98.8,9763.6,4.8,"72,72,328,72,72,301,211,297,234,301,206,134,50,235,185,134,123,54,246,54,260,120,337,103,301,103,305,229,306,317,315,291","1,2,1,1,0,1,1,1,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,2,3,1,1,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1","5.642145634,5.662571430,7.306882858,5.607016087,5.619208336,7.276579380,6.918804169,7.219153404,7.014481544,7.348511696,6.906354427,6.461464405,5.083854198,6.954874992,6.766034603,6.415629864,6.367953777,5.205786228,7.119737148,5.148316383,7.136041164,6.350277901,7.294374466,6.069901943,7.367813587,6.103599548,7.328564644,7.015753746,7.285601139,7.344736099,7.265763760,7.231878281",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,5,DPI (cache),"5,46" +1,ip4,192.168.2.4,91.253.176.65,udp,52794,9665,finished,16,16,1432582303300524,1432582305119064,1432582305008654,26,0,278,200,1888,1727,0,40,113763.5,307394,86013.0,7398240768.0,4.5,"304269,307394,8384,89918,31917,6521,226162,154173,40,188009,271,163937,163420,160100,21775,153703,73,168136,122602,138908,158523,186698,16232,65895,114250,83709,193240,164541,1311,77123,55436",54,141.0,306,58.8,3453.3,4.9,"72,72,72,72,72,134,124,306,167,54,232,134,228,212,103,134,151,54,172,156,161,172,156,134,114,140,205,140,209,54,134,171","1,3,0,6,3,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,2,2,3,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,1,1,0,0,1,0,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,0","5.586590290,5.634793758,5.591430664,5.548327923,5.614367962,6.343744755,6.353155136,7.262660980,6.708292484,5.199332714,6.977910042,6.582841873,7.061330318,6.964643955,6.193738461,6.469698906,6.640622616,5.205786228,6.713893890,6.594544411,6.678621769,6.732760429,6.737264633,6.418371201,6.335039139,6.527385712,6.871919632,6.504805565,6.851323605,5.199332714,6.565941334,6.741304874",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,5,DPI (cache),"5,46" 1,ip4,192.168.2.4,17.173.66.102,tcp,49205,443,finished,17,15,1432582355253275,1432582356195572,1432582356100109,0,0,1440,948,5224,2717,0,11,57713.9,271808,91895.6,8444797952.0,3.3,"139873,225073,4218,228888,70,2672,200693,278,1388,194,2268,310,435,198176,1008,14244,4721,5042,13250,23,199875,308,34695,427,52,217025,5837,15994,11,271808,275",40,289.3,1480,408.5,166876.7,3.9,"64,52,40,267,40,132,77,40,40,46,77,1480,516,596,40,40,40,40,40,988,386,40,40,1480,526,596,40,40,988,386,40,40","9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0","4.478777409,4.849197388,4.715312004,5.931038380,4.784183979,6.049894810,5.799257278,4.881687164,4.881687164,4.802665710,5.737505436,7.869925976,7.601890564,7.659376144,4.834184170,4.884183884,4.884183884,4.834183693,4.834183693,7.790913582,7.529675484,4.881687164,4.931687355,7.881880760,7.552830696,7.654625893,4.834183693,4.884183884,7.775795460,7.413623333,4.931687355,4.881687164",TLS.AppleStore,91.224,1,Safe,SoftwareUpdate,6,DPI,"15" diff --git a/test/results/flow-analyse/default/zcash.pcap.out b/test/results/flow-analyse/default/zcash.pcap.out index 1eac87589..a8b98b9d4 100644 --- a/test/results/flow-analyse/default/zcash.pcap.out +++ b/test/results/flow-analyse/default/zcash.pcap.out @@ -1,2 +1,2 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,192.168.2.92,178.32.196.217,tcp,55190,9050,finished,18,14,1514196094240063,1514196187394861,1514196187518495,0,0,260,303,1724,1124,0,24,6013975.0,50191373,12033642.0,144808530149376.0,3.2,"82662,82715,169,82626,1477,83954,12149836,12261597,111733,2618837,2732392,113543,6931182,7043979,112799,7848884,7848880,48786215,308388,319989,608003,50191373,143,24,41664,210617,4833234,4833228,8034710,8116947,41430",52,142.6,355,98.9,9779.1,4.7,"60,60,52,312,52,355,52,235,115,52,235,115,52,235,115,52,305,52,235,235,235,235,64,64,64,115,52,305,52,235,52,115","9,0,0,0,0,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,5,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1","4.771797657,5.333454132,5.171406746,6.152554512,5.168681622,5.319005013,5.053297043,5.511947632,5.527595043,5.053297043,5.498871803,5.546218395,5.156889915,5.566714287,5.501477242,5.094483376,5.293007374,4.926119804,5.440917015,5.447358608,5.455869675,5.449427605,5.128524780,5.159774780,5.159774780,5.546219349,5.041504383,5.292303562,5.209868431,5.539683342,5.248330116,5.587565422",Mining,42,0,Unsafe,Mining,6,DPI,"5,22" +1,ip4,192.168.2.92,178.32.196.217,tcp,55190,9050,finished,18,14,1514196094240063,1514196187394861,1514196187518495,0,0,260,303,1724,1124,0,24,6013975.0,50191373,12033642.0,144808530149376.0,3.2,"82662,82715,169,82626,1477,83954,12149836,12261597,111733,2618837,2732392,113543,6931182,7043979,112799,7848884,7848880,48786215,308388,319989,608003,50191373,143,24,41664,210617,4833234,4833228,8034710,8116947,41430",52,142.6,355,98.9,9779.1,4.7,"60,60,52,312,52,355,52,235,115,52,235,115,52,235,115,52,305,52,235,235,235,235,64,64,64,115,52,305,52,235,52,115","9,0,0,0,0,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,5,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1","4.771797657,5.333454132,5.171406746,6.152554512,5.168681622,5.319005013,5.053297043,5.511947632,5.527595043,5.053297043,5.498871803,5.546218395,5.156889915,5.566714287,5.501477242,5.094483376,5.293007374,4.926119804,5.440917015,5.447358608,5.455869675,5.449427605,5.128524780,5.159774780,5.159774780,5.546219349,5.041504383,5.292303562,5.209868431,5.539683342,5.248330116,5.587565422",Mining,42,0,Unsafe,Mining,6,DPI,"22" diff --git a/test/results/flow-analyse/enable_doh_heuristic/doh.pcapng.out b/test/results/flow-analyse/enable_doh_heuristic/doh.pcapng.out index 48f4ac4eb..d45155b9b 100644 --- a/test/results/flow-analyse/enable_doh_heuristic/doh.pcapng.out +++ b/test/results/flow-analyse/enable_doh_heuristic/doh.pcapng.out @@ -1,2 +1,2 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks -1,ip4,192.168.1.253,1.1.1.1,tcp,35996,443,finished,17,15,1623220847881632,1623220894239868,1623220878891197,0,0,261,1460,606,3569,0,0,2495735.5,15359810,5583085.5,31170844688384.0,2.4,"12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810",46,174.8,1500,350.9,123099.2,3.6,"60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46","12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0","4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245",TLS,91,1,Safe,Web,6,DPI,"24" +1,ip4,192.168.1.253,1.1.1.1,tcp,35996,443,finished,17,15,1623220847881632,1623220894239868,1623220878891197,0,0,261,1460,606,3569,0,0,2495735.5,15359810,5583085.5,31170844688384.0,2.4,"12358,12657,9395,22866,3111,16283,0,0,492,492,548541,0,471,0,559446,0,429,10863,0,436,0,2867,0,3303,0,50308,15056860,15017798,15339561,15339454,15359810",46,174.8,1500,350.9,123099.2,3.6,"60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46","12,0,3,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0","4.425882339,4.437160492,4.225621700,5.947368622,4.140616417,7.830754280,4.117669106,7.879162312,4.117669106,7.097528458,4.117669106,5.884155750,6.247783184,6.373653889,6.047423363,4.140616417,4.140616417,6.197440624,4.131088734,5.480591297,4.053659439,4.117669106,7.372667789,5.483504295,4.087610722,4.087610245,4.161148071,4.087610245,4.117669582,4.087610245,4.161148071,4.087610245",TLS,91,1,Safe,Web,6,DPI,"24,52" diff --git a/test/results/flow-analyse/enable_stun_monitoring_with_subproto/wa_voice.pcap.out b/test/results/flow-analyse/enable_stun_monitoring_with_subproto/wa_voice.pcap.out index 0c4453df9..6e261855a 100644 --- a/test/results/flow-analyse/enable_stun_monitoring_with_subproto/wa_voice.pcap.out +++ b/test/results/flow-analyse/enable_stun_monitoring_with_subproto/wa_voice.pcap.out @@ -3,4 +3,4 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_ 1,ip4,192.168.2.12,31.13.86.51,tcp,50503,443,finished,17,15,1561455689909150,1561455690224696,1561455690224643,0,0,517,1388,1331,7979,0,0,20356.1,163286,46938.1,2203181824.0,2.5,"19749,127653,2783,126251,2925,28,22,21046,163,145211,12,6,5,40,5,163286,2,38,0,250,1,16,17472,279,12,8,2386,284,150,389,567",52,343.6,1440,489.7,239839.3,3.9,"64,60,52,569,52,1440,1440,335,52,52,116,98,95,87,388,311,52,223,126,83,52,100,484,52,52,52,52,1440,52,1440,1440,83","10,3,1,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0","4.453177452,5.156567574,5.038779736,4.954115391,5.062724590,7.845219135,7.875988007,7.363695621,5.038779736,5.077241421,6.006405830,6.022478580,5.964075089,5.738524437,7.327147007,7.233700752,5.115703106,6.979569435,6.337362766,5.826725960,5.032077789,6.041212559,7.548195839,4.923395157,4.961856842,5.000318050,4.947339535,7.873440742,5.038779736,7.854992867,7.876389503,5.699865818",TLS.WhatsAppFiles,91.242,1,Acceptable,Download,6,DPI,"" 1,ip4,192.168.2.12,157.240.20.52,tcp,50504,443,finished,16,16,1561455707474558,1561455707778028,1561455707778471,0,0,517,1388,928,9370,0,5,19593.0,129132,30818.3,949767616.0,3.5,"37234,38970,11147,51469,985,103,11,42805,136,34645,3771,380,216,299,76165,5,34895,421,279,3605,27,2938,1342,3436,77447,53735,129132,1406,40,219,120",52,374.4,1440,526.3,277041.4,3.9,"64,60,52,569,52,1440,1440,333,52,52,116,98,95,87,244,223,126,52,52,83,52,83,52,87,52,52,502,52,1440,1440,1440,1440","10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,1,1","4.421927452,5.127645493,4.947339535,4.844649315,5.024262905,7.828526497,7.880538940,7.342582226,4.947340012,4.947340012,6.096442223,5.933140755,5.903703690,5.761512756,7.014289856,6.959705353,6.368111134,4.923395157,4.923395157,5.597574711,5.062724590,5.763532162,4.985801220,5.859550953,4.947339535,4.985801220,7.559065819,4.947340012,7.871157646,7.859573364,7.846300602,7.844365597",TLS.WhatsApp,91.142,1,Acceptable,Chat,6,DPI,"" 1,ip4,192.168.2.12,31.13.86.48,udp,56328,3478,finished,12,20,1561455706912375,1561455731523132,1561455731536124,6,0,126,278,792,1833,0,1,1588209.8,12196243,3050402.8,9304956469248.0,3.2,"61,13448,128,12194152,12196243,104402,58,105108,1,108628,104619,3043264,3048902,3100925,3096031,3015294,3016553,2001940,2156,107078,164036,190107,88523,28769,198646,133957,3008088,90958,35571,314,36546",30,110.0,306,87.2,7598.9,4.6,"154,154,72,72,34,30,154,154,72,72,34,30,34,30,34,30,34,30,74,54,232,261,240,150,306,234,302,34,30,154,154,72","6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1","6.541143417,6.523254871,5.258596897,5.258596897,4.628356934,4.453236580,6.497281075,6.520071030,5.203041553,5.130857468,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,5.668909073,5.185353279,6.995151520,7.135284424,7.074851990,6.635347366,7.304471493,6.999480724,7.242955685,4.628356934,4.453236580,6.523254871,6.523254871,5.230819225",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"46" -1,ip4,91.252.56.51,192.168.2.12,udp,32704,56328,finished,18,14,1561455730495456,1561455733316995,1561455733325980,26,0,171,273,1873,1869,0,2,182324.6,1203723,228895.9,52393320448.0,4.2,"578236,623635,1203723,72457,167216,11596,115693,158378,2,172820,173607,169808,156213,136586,155315,179817,99336,157427,38286,163380,181314,166574,142422,2967,25967,115313,6126,171847,106305,56249,143448",54,144.9,301,51.7,2672.5,4.9,"72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179","1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1","5.523683071,5.551460743,5.523683071,5.586590290,5.513198376,5.558812618,6.900094032,7.080634594,6.725411892,6.561889648,7.326864719,6.497554302,6.712717533,6.644547939,6.493841648,6.572838783,6.470429420,6.565414429,6.709655762,6.771090984,6.675994873,6.701801777,6.747565746,6.673988342,6.480553150,5.199332237,6.648680687,6.585022449,6.694502831,6.592251301,6.568360806,6.807644844",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"5,46" +1,ip4,91.252.56.51,192.168.2.12,udp,32704,56328,finished,18,14,1561455730495456,1561455733316995,1561455733325980,26,0,171,273,1873,1869,0,2,182324.6,1203723,228895.9,52393320448.0,4.2,"578236,623635,1203723,72457,167216,11596,115693,158378,2,172820,173607,169808,156213,136586,155315,179817,99336,157427,38286,163380,181314,166574,142422,2967,25967,115313,6126,171847,106305,56249,143448",54,144.9,301,51.7,2672.5,4.9,"72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179","1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1","5.523683071,5.551460743,5.523683071,5.586590290,5.513198376,5.558812618,6.900094032,7.080634594,6.725411892,6.561889648,7.326864719,6.497554302,6.712717533,6.644547939,6.493841648,6.572838783,6.470429420,6.565414429,6.709655762,6.771090984,6.675994873,6.701801777,6.747565746,6.673988342,6.480553150,5.199332237,6.648680687,6.585022449,6.694502831,6.592251301,6.568360806,6.807644844",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,5,DPI (cache),"5,46" diff --git a/test/results/flow-info/default/1kxun.pcap.out b/test/results/flow-info/default/1kxun.pcap.out index 7c228723e..452bca122 100644 --- a/test/results/flow-info/default/1kxun.pcap.out +++ b/test/results/flow-info/default/1kxun.pcap.out @@ -40,10 +40,10 @@ detected: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][wpad] new: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] detected: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] detected: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] detected: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] new: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] @@ -67,10 +67,10 @@ new: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] new: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] detected: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] detected: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected detected: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] detected: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] detected: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] @@ -277,10 +277,10 @@ detected: [....96] [ip4][..udp] [...192.168.5.47][53962] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] detected: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] detected: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....99] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][53938] -> [..............................ff02::1:3][.5355] detected: [....99] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][53938] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] new: [...100] [ip4][..udp] [..192.168.3.236][56043] -> [....224.0.0.252][.5355] @@ -339,12 +339,12 @@ update: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable] update: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] update: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] update: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] update: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] update: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun] update: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun] update: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] @@ -400,13 +400,13 @@ update: [....42] [ip4][..udp] [.192.168.10.110][60480] -> [255.255.255.255][62976] update: [....56] [ip4][..udp] [.59.120.208.218][50151] -> [255.255.255.255][.1947] update: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun] update: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun] update: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] update: [....53] [ip4][..udp] [...192.168.5.49][61548] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] update: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected DAEMON-EVENT: [Processed: 1032 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 129 / 129|skipped: 0|!detected: 0|guessed: 0|detection-updates: 11|updates: 38] new: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [MIDSTREAM] @@ -465,7 +465,7 @@ idle: [...100] [ip4][..udp] [..192.168.3.236][56043] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected not-detected: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] idle: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] idle: [....85] [ip4][..udp] [...192.168.5.50][50030] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] @@ -520,7 +520,7 @@ guessed: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [HTTP][Google][Web][Acceptable][] idle: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] idle: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [....15] [ip4][..tcp] [..192.168.115.8][49597] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun] idle: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun] RISK: HTTP Susp User-Agent @@ -545,7 +545,7 @@ not-detected: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] [Unknown][Unknown][Unrated] idle: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] idle: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [...123] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][57143] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....80] [ip4][..udp] [...192.168.5.57][65150] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] not-detected: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] @@ -570,7 +570,7 @@ idle: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [...129] [ip4][..udp] [..192.168.3.236][65496] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected guessed: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [TLS][Line][Web][Safe] idle: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] end: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable] @@ -591,11 +591,11 @@ idle: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] idle: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [.....1] [ip4][..udp] [...192.168.5.44][59571] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [....83] [ip4][..udp] [...192.168.5.49][.1900] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] idle: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [...128] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][58468] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] diff --git a/test/results/flow-info/default/adult_content.pcap.out b/test/results/flow-info/default/adult_content.pcap.out index 6be4bf51d..6cd27ac93 100644 --- a/test/results/flow-info/default/adult_content.pcap.out +++ b/test/results/flow-info/default/adult_content.pcap.out @@ -2,7 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..192.168.1.199][42759] -> [...31.220.27.69][...80] - detected: [.....1] [ip4][..udp] [..192.168.1.199][42759] -> [...31.220.27.69][...80] [STUN.AdultContent][Unknown][AdultContent][Acceptable][b-eu14.stripcdn.com] + detected: [.....1] [ip4][..udp] [..192.168.1.199][42759] -> [...31.220.27.69][...80] [STUN][Unknown][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [..192.168.1.199][42759] -> [...31.220.27.69][...80] [STUN.AdultContent][Unknown][AdultContent][Acceptable][b-eu14.stripcdn.com] RISK: Known Proto on Non Std Port idle: [.....1] [ip4][..udp] [..192.168.1.199][42759] -> [...31.220.27.69][...80] [STUN.AdultContent][Unknown][AdultContent][Acceptable] RISK: Known Proto on Non Std Port diff --git a/test/results/flow-info/default/anyconnect-vpn.pcap.out b/test/results/flow-info/default/anyconnect-vpn.pcap.out index 048596c86..5c44ce98e 100644 --- a/test/results/flow-info/default/anyconnect-vpn.pcap.out +++ b/test/results/flow-info/default/anyconnect-vpn.pcap.out @@ -30,11 +30,11 @@ detection-update: [....11] [ip4][..udp] [.....10.0.0.227][62322] -> [....75.75.76.76][...53] [DNS][Unknown][Network][Acceptable][vco.pandion.viasat.com] new: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] detected: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][] - RISK: Weak TLS Cipher, Missing SNI TLS Extn + RISK: Weak TLS Cipher, Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][] - RISK: Weak TLS Cipher, Missing SNI TLS Extn + RISK: Weak TLS Cipher, Missing SNI TLS Extn, ALPN/SNI Mismatch new: [....13] [ip4][..tcp] [.....10.0.0.227][56915] -> [..52.37.243.173][..443] [MIDSTREAM] detected: [....13] [ip4][..tcp] [.....10.0.0.227][56915] -> [..52.37.243.173][..443] [TLS][AmazonAWS][Web][Safe] RISK: Unidirectional Traffic @@ -43,11 +43,11 @@ RISK: Unidirectional Traffic new: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] detected: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][] - RISK: Weak TLS Cipher, Missing SNI TLS Extn + RISK: Weak TLS Cipher, Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][] - RISK: Weak TLS Cipher, Missing SNI TLS Extn + RISK: Weak TLS Cipher, Missing SNI TLS Extn, ALPN/SNI Mismatch analyse: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.072| 0.021| 0.022| 465.190| 4.000] @@ -59,7 +59,7 @@ [PKTLENS.....: 64,56,52,219,52,1500,52,1500,1500,52,52,1500,1167,52,52,1500,1500,1319,52,52,663,52,127,52,1161,52,345,697,105,52,52,52] [ENTROPIES...: 4.3,5.1,4.8,5.5,4.8,7.3,4.8,7.1,7.2,4.9,4.8,7.4,5.9,4.8,4.8,6.8,7.2,7.5,4.7,4.8,7.6,4.7,6.2,4.8,7.8,4.9,7.3,7.7,5.8,4.9,4.8,4.8] detection-update: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe][] - RISK: Weak TLS Cipher, Missing SNI TLS Extn + RISK: Weak TLS Cipher, Missing SNI TLS Extn, ALPN/SNI Mismatch new: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] detected: [....16] [ip4][..udp] [.....10.0.0.227][63107] -> [....75.75.76.76][...53] [DNS][Unknown][Network][Acceptable][local] RISK: Unidirectional Traffic @@ -259,7 +259,9 @@ new: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] detected: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlezone._tcp.local] detection-update: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][79d88e83-725c-b71b-bad0-5862d5b22386._googlezone._tcp.local] + RISK: Susp DNS Traffic detection-update: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_googlezone._tcp.local] + RISK: Susp DNS Traffic new: [....69] [ip4][.icmp] [.......10.0.0.1] -> [......224.0.0.1] detected: [....69] [ip4][.icmp] [.......10.0.0.1] -> [......224.0.0.1] [ICMP][Unknown][Network][Acceptable] idle: [....57] [ip4][..udp] [.....10.0.0.227][57547] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] @@ -295,6 +297,7 @@ RISK: Error Code idle: [.....5] [ip6][icmp6] [..............fe80::2e7e:81ff:feb0:4aa1] -> [................................ff02::1] [ICMPV6][Unknown][Network][Acceptable] idle: [....68] [ip4][..udp] [.....10.0.0.149][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] + RISK: Susp DNS Traffic idle: [....18] [ip4][..udp] [.....10.0.0.213][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable] idle: [....35] [ip4][..udp] [.....10.0.0.227][59222] -> [....75.75.75.75][...53] [DNS][Unknown][Network][Acceptable] RISK: Error Code @@ -324,7 +327,7 @@ RISK: Unidirectional Traffic end: [....12] [ip4][..tcp] [.....10.0.0.227][56918] -> [....8.37.102.91][..443] end: [....15] [ip4][..tcp] [.....10.0.0.227][56919] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe] - RISK: Weak TLS Cipher, Missing SNI TLS Extn + RISK: Weak TLS Cipher, Missing SNI TLS Extn, ALPN/SNI Mismatch idle: [....38] [ip4][..tcp] [.....10.0.0.227][56929] -> [....8.37.102.91][..443] [TLS][Unknown][Web][Safe] RISK: Weak TLS Cipher, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn guessed: [....53] [ip4][..tcp] [.....10.0.0.227][56874] -> [.74.125.197.188][..443] [TLS][Google][Web][Safe] diff --git a/test/results/flow-info/default/bad-dns-traffic.pcap.out b/test/results/flow-info/default/bad-dns-traffic.pcap.out index 03459e53e..a33483876 100644 --- a/test/results/flow-info/default/bad-dns-traffic.pcap.out +++ b/test/results/flow-info/default/bad-dns-traffic.pcap.out @@ -3,24 +3,24 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] detected: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Unidirectional Traffic + RISK: Susp DGA Domain name, Susp DNS Traffic, Unidirectional Traffic detection-update: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Unidirectional Traffic + RISK: Susp DGA Domain name, Susp DNS Traffic, Unidirectional Traffic detection-update: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][958700a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Risky Domain Name + RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name new: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] detected: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][244300fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Unidirectional Traffic + RISK: Susp DGA Domain name, Susp DNS Traffic, Unidirectional Traffic detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][6b5000fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Unidirectional Traffic + RISK: Susp DGA Domain name, Susp DNS Traffic, Unidirectional Traffic detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][e18f00fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Unidirectional Traffic + RISK: Susp DGA Domain name, Susp DNS Traffic, Unidirectional Traffic detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][46b100fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Unidirectional Traffic + RISK: Susp DGA Domain name, Susp DNS Traffic, Unidirectional Traffic detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Unidirectional Traffic + RISK: Susp DGA Domain name, Susp DNS Traffic, Unidirectional Traffic detection-update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][c75900fdf525320021636f6d6d616e64202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Risky Domain Name + RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name analyse: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.063| 4.102| 1.074| 0.689| 474850.951| 4.700] @@ -32,20 +32,20 @@ [PKTLENS.....: 119,119,119,119,119,150,81,116,81,81,112,81,114,81,116,81,114,81,114,81,112,81,114,81,116,81,114,81,81,160,276,309] [ENTROPIES...: 4.9,5.0,5.0,5.0,5.0,4.9,5.0,5.0,5.0,5.1,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,4.9,5.0,4.9,5.0,5.0,5.0,5.0,5.0,4.9,4.2,4.3] update: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable] - RISK: Susp DGA Domain name, Risky Domain Name + RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name update: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable] - RISK: Susp DGA Domain name, Risky Domain Name + RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name update: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable] - RISK: Susp DGA Domain name, Risky Domain Name + RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name new: [.....3] [ip4][..udp] [..192.168.43.91][46961] -> [........4.2.2.4][...53] detected: [.....3] [ip4][..udp] [..192.168.43.91][46961] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Unidirectional Traffic + RISK: Susp DGA Domain name, Susp DNS Traffic, Unidirectional Traffic detection-update: [.....3] [ip4][..udp] [..192.168.43.91][46961] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable][a05700e6da83510001636f6e736f6c65202873697276696d65732900.skullseclabs.org] - RISK: Susp DGA Domain name, Risky Domain Name + RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name idle: [.....3] [ip4][..udp] [..192.168.43.91][46961] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable] - RISK: Susp DGA Domain name, Risky Domain Name + RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name idle: [.....2] [ip4][..udp] [..192.168.43.91][56354] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable] - RISK: Susp DGA Domain name, Risky Domain Name + RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name idle: [.....1] [ip4][..udp] [..192.168.43.91][35966] -> [........4.2.2.4][...53] [DNS][Unknown][Network][Acceptable] - RISK: Susp DGA Domain name, Risky Domain Name + RISK: Susp DGA Domain name, Susp DNS Traffic, Risky Domain Name DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/bets.pcapng.out b/test/results/flow-info/default/bets.pcapng.out new file mode 100644 index 000000000..4a7c2817c --- /dev/null +++ b/test/results/flow-info/default/bets.pcapng.out @@ -0,0 +1,19 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] + detected: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe][www.1084bets10.com] + detection-update: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe][www.1084bets10.com] + analyse: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.047| 0.011| 0.018| 331.618| 3.200] + [PKTLEN......: 52.000| 1420.000| 286.800| 477.200| 227739.300| 3.600] + [BINS(c->s)..: 12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 8,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,0,1,0,0,1,1] + [IATS(ms)....: 45.1,45.1,0.7,45.8,1.5,46.5,0.2,0.2,0.4,0.4,0.5,0.0,0.5,2.5,0.0,0.1,0.1,44.5,1.0,0.9,0.0,0.1,43.8,0.2,0.2,0.1,3.0,3.0,1.7,39.8,5.7] + [PKTLENS.....: 64,60,52,380,52,1420,52,1420,52,1420,52,1420,93,52,58,110,138,116,52,52,52,52,198,52,123,52,83,1241,52,52,52,52] + [ENTROPIES...: 4.4,5.3,5.1,6.2,5.1,7.8,5.0,7.8,5.2,7.9,5.1,7.8,6.0,5.1,4.9,6.1,6.5,6.1,5.2,5.2,5.2,5.2,6.8,5.1,6.2,5.2,5.6,7.8,5.1,5.0,5.2,5.2] + detection-update: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe][www.1084bets10.com] + end: [.....1] [ip4][..tcp] [...192.168.10.2][60099] -> [..13.224.103.22][..443] [TLS][AmazonAWS][Web][Safe] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/can.pcap.out b/test/results/flow-info/default/can.pcap.out new file mode 100644 index 000000000..6d1c3ee6a --- /dev/null +++ b/test/results/flow-info/default/can.pcap.out @@ -0,0 +1,46 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..207.134.64.89][36251] -> [..48.220.224.78][11898] + detected: [.....1] [ip4][..udp] [..207.134.64.89][36251] -> [..48.220.224.78][11898] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + new: [.....2] [ip4][..udp] [....55.97.32.36][56551] -> [....61.40.63.42][25353] + detected: [.....2] [ip4][..udp] [....55.97.32.36][56551] -> [....61.40.63.42][25353] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + update: [.....1] [ip4][..udp] [..207.134.64.89][36251] -> [..48.220.224.78][11898] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + new: [.....3] [ip4][..udp] [..128.244.36.46][34952] -> [.196.77.109.252][11898] + detected: [.....3] [ip4][..udp] [..128.244.36.46][34952] -> [.196.77.109.252][11898] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + new: [.....4] [ip4][..udp] [103.183.191.240][46565] -> [..73.121.85.123][63575] + detected: [.....4] [ip4][..udp] [103.183.191.240][46565] -> [..73.121.85.123][63575] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + new: [.....5] [ip4][..udp] [..247.111.83.65][53276] -> [..172.44.102.53][11898] + detected: [.....5] [ip4][..udp] [..247.111.83.65][53276] -> [..172.44.102.53][11898] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + new: [.....6] [ip4][..udp] [.248.12.123.236][39411] -> [..69.120.47.124][..540] + detected: [.....6] [ip4][..udp] [.248.12.123.236][39411] -> [..69.120.47.124][..540] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + new: [.....7] [ip4][..udp] [156.187.243.113][52611] -> [.211.116.172.72][11898] + detected: [.....7] [ip4][..udp] [156.187.243.113][52611] -> [.211.116.172.72][11898] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + new: [.....8] [ip4][..udp] [..140.194.231.1][58665] -> [....89.92.174.8][32367] + detected: [.....8] [ip4][..udp] [..140.194.231.1][58665] -> [....89.92.174.8][32367] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....3] [ip4][..udp] [..128.244.36.46][34952] -> [.196.77.109.252][11898] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....6] [ip4][..udp] [.248.12.123.236][39411] -> [..69.120.47.124][..540] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....2] [ip4][..udp] [....55.97.32.36][56551] -> [....61.40.63.42][25353] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....8] [ip4][..udp] [..140.194.231.1][58665] -> [....89.92.174.8][32367] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....5] [ip4][..udp] [..247.111.83.65][53276] -> [..172.44.102.53][11898] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....7] [ip4][..udp] [156.187.243.113][52611] -> [.211.116.172.72][11898] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....4] [ip4][..udp] [103.183.191.240][46565] -> [..73.121.85.123][63575] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....1] [ip4][..udp] [..207.134.64.89][36251] -> [..48.220.224.78][11898] [Controller_Area_Network][Unknown][System][Safe] + RISK: Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/crynet.pcap.out b/test/results/flow-info/default/crynet.pcap.out index 28e0863bc..fb93f9d11 100644 --- a/test/results/flow-info/default/crynet.pcap.out +++ b/test/results/flow-info/default/crynet.pcap.out @@ -23,8 +23,27 @@ new: [.....4] [ip4][..udp] [..192.168.2.100][55645] -> [...78.159.98.94][28375] detected: [.....4] [ip4][..udp] [..192.168.2.100][55645] -> [...78.159.98.94][28375] [CryNetwork][Unknown][Game][Fun] RISK: Unidirectional Traffic + idle: [.....3] [ip4][..udp] [..192.168.2.100][56970] -> [..84.16.230.222][28665] [CryNetwork][Unknown][Game][Fun] + RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 60 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....5] [ip4][..udp] [..192.168.2.100][60751] -> [..84.16.248.143][30098] + detected: [.....5] [ip4][..udp] [..192.168.2.100][60751] -> [..84.16.248.143][30098] [CryNetwork][Unknown][Game][Fun] + RISK: Unidirectional Traffic idle: [.....4] [ip4][..udp] [..192.168.2.100][55645] -> [...78.159.98.94][28375] [CryNetwork][Unknown][Game][Fun] RISK: Unidirectional Traffic - idle: [.....3] [ip4][..udp] [..192.168.2.100][56970] -> [..84.16.230.222][28665] [CryNetwork][Unknown][Game][Fun] + new: [.....6] [ip4][..udp] [..192.168.2.100][60224] -> [.78.159.106.139][28343] + detected: [.....6] [ip4][..udp] [..192.168.2.100][60224] -> [.78.159.106.139][28343] [CryNetwork][Unknown][Game][Fun] + RISK: Unidirectional Traffic + idle: [.....5] [ip4][..udp] [..192.168.2.100][60751] -> [..84.16.248.143][30098] [CryNetwork][Unknown][Game][Fun] + RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 90 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....7] [ip4][..udp] [..192.168.2.100][55460] -> [.78.159.118.143][21931] + detected: [.....7] [ip4][..udp] [..192.168.2.100][55460] -> [.78.159.118.143][21931] [CryNetwork][Unknown][Game][Fun] + RISK: Unidirectional Traffic + idle: [.....6] [ip4][..udp] [..192.168.2.100][60224] -> [.78.159.106.139][28343] [CryNetwork][Unknown][Game][Fun] + RISK: Unidirectional Traffic + idle: [.....7] [ip4][..udp] [..192.168.2.100][55460] -> [.78.159.118.143][21931] [CryNetwork][Unknown][Game][Fun] RISK: Unidirectional Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/custom_categories.pcapng.out b/test/results/flow-info/default/custom_categories.pcapng.out new file mode 100644 index 000000000..a10d5e7be --- /dev/null +++ b/test/results/flow-info/default/custom_categories.pcapng.out @@ -0,0 +1,41 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] + detected: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: Known Proto on Non Std Port + detection-update: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: Known Proto on Non Std Port + detection-update: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: Known Proto on Non Std Port + analyse: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.057| 0.386| 0.141| 0.077| 5894.261| 4.800] + [PKTLEN......: 72.000| 640.000| 135.700| 113.000| 12766.000| 4.700] + [BINS(c->s)..: 12,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 10,2,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1] + [IATS(ms)....: 57.0,57.5,79.9,80.4,89.2,138.8,253.3,182.4,385.9,91.3,93.1,94.6,191.3,165.0,76.9,108.8,123.7,109.4,199.4,91.0,94.0,69.4,74.3,78.6,142.6,139.5,141.5,314.1,235.6,200.5,202.4] + [PKTLENS.....: 80,80,72,87,87,348,228,72,84,92,84,236,220,72,84,212,212,72,100,116,72,84,212,84,84,84,84,640,72,100,72,116] + [ENTROPIES...: 3.4,4.0,3.8,4.4,4.3,6.7,6.2,3.8,4.1,4.5,4.2,6.6,6.5,3.8,4.1,6.4,6.4,3.8,4.6,5.1,3.8,4.1,6.4,4.0,4.1,4.1,4.1,7.6,3.8,4.7,3.8,5.1] + DAEMON-EVENT: [Processed: 62 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 0] + new: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] + detected: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: SSH Obsolete Cli Vers/Cipher + detection-update: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: SSH Obsolete Cli Vers/Cipher + detection-update: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: SSH Obsolete Cli Vers/Cipher, SSH Obsolete Ser Vers/Cipher + detection-update: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: SSH Obsolete Cli Vers/Cipher, SSH Obsolete Ser Vers/Cipher + detection-update: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: SSH Obsolete Cli Vers/Cipher, SSH Obsolete Ser Vers/Cipher + end: [.....1] [ip6][..tcp] [..........................2001:db8:1::1][64720] -> [........................2001:db8:200::1][20868] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: [Processed: 84 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 6|updates: 0] + ERROR-EVENT: Unknown packet type [1/16] + idle: [.....2] [ip4][..tcp] [..172.26.219.44][58639] -> [..172.30.69.103][...22] [SSH][Unknown][RemoteAccess][Acceptable] + RISK: SSH Obsolete Cli Vers/Cipher, SSH Obsolete Ser Vers/Cipher + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/custom_risk_mask.pcapng.out b/test/results/flow-info/default/custom_risk_mask.pcapng.out new file mode 100644 index 000000000..3c72ec460 --- /dev/null +++ b/test/results/flow-info/default/custom_risk_mask.pcapng.out @@ -0,0 +1,14 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip6][..udp] [...............fe80::7c0:e74e:87c3:5d93][.6741] -> [..............................ff02::1:3][.5355] + detected: [.....1] [ip6][..udp] [...............fe80::7c0:e74e:87c3:5d93][.6741] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + new: [.....2] [ip6][..udp] [..............fe80::356b:e047:3695:f741][16765] -> [..............................ff02::1:3][.5355] + detected: [.....2] [ip6][..udp] [..............fe80::356b:e047:3695:f741][16765] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + idle: [.....1] [ip6][..udp] [...............fe80::7c0:e74e:87c3:5d93][.6741] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + idle: [.....2] [ip6][..udp] [..............fe80::356b:e047:3695:f741][16765] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/custom_rules_ipv6.pcapng.out b/test/results/flow-info/default/custom_rules_ipv6.pcapng.out new file mode 100644 index 000000000..2617333bf --- /dev/null +++ b/test/results/flow-info/default/custom_rules_ipv6.pcapng.out @@ -0,0 +1,27 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip6][..udp] [.........3ffe:507::1:200:86ff:fe05:80da][21554] -> [......................3ffe:501:4819::42][.5333] + DAEMON-EVENT: [Processed: 2 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip6][..udp] [247f:855b:5e16:3caf:3f2c:4134:9592:661b][..100] -> [.21bc:b273:7f68:88d7:77a8:585:3990:927b][.1991] + detected: [.....2] [ip6][..udp] [247f:855b:5e16:3caf:3f2c:4134:9592:661b][..100] -> [.21bc:b273:7f68:88d7:77a8:585:3990:927b][.1991] [DTLS][Unknown][Web][Safe] + RISK: Unidirectional Traffic + new: [.....3] [ip6][..udp] [247f:855b:5e16:3caf:3f2c:4134:9592:661b][36098] -> [.21bc:b273:7f68:88d7:77a8:585:3990:927b][50621] + detected: [.....3] [ip6][..udp] [247f:855b:5e16:3caf:3f2c:4134:9592:661b][36098] -> [.21bc:b273:7f68:88d7:77a8:585:3990:927b][50621] [DTLS][Unknown][Web][Safe] + RISK: Unidirectional Traffic + not-detected: [.....1] [ip6][..udp] [.........3ffe:507::1:200:86ff:fe05:80da][21554] -> [......................3ffe:501:4819::42][.5333] [Unknown][Unknown][Unrated] + idle: [.....1] [ip6][..udp] [.........3ffe:507::1:200:86ff:fe05:80da][21554] -> [......................3ffe:501:4819::42][.5333] + DAEMON-EVENT: [Processed: 4 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 1|guessed: 0|detection-updates: 0|updates: 0] + new: [.....4] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12718] -> [................................ff02::1][26993] + new: [.....5] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12717] -> [................................ff02::1][64315] + idle: [.....2] [ip6][..udp] [247f:855b:5e16:3caf:3f2c:4134:9592:661b][..100] -> [.21bc:b273:7f68:88d7:77a8:585:3990:927b][.1991] [DTLS][Unknown][Web][Safe] + RISK: Unidirectional Traffic + idle: [.....3] [ip6][..udp] [247f:855b:5e16:3caf:3f2c:4134:9592:661b][36098] -> [.21bc:b273:7f68:88d7:77a8:585:3990:927b][50621] [DTLS][Unknown][Web][Safe] + RISK: Unidirectional Traffic + not-detected: [.....4] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12718] -> [................................ff02::1][26993] [Unknown][Unknown][Unrated] + idle: [.....4] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12718] -> [................................ff02::1][26993] + not-detected: [.....5] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12717] -> [................................ff02::1][64315] [Unknown][Unknown][Unrated] + idle: [.....5] [ip6][..udp] [..............fe80::76ac:b9ff:fe6c:c124][12717] -> [................................ff02::1][64315] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dns-exf.pcap.out b/test/results/flow-info/default/dns-exf.pcap.out new file mode 100644 index 000000000..2eb4561df --- /dev/null +++ b/test/results/flow-info/default/dns-exf.pcap.out @@ -0,0 +1,11 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..192.168.2.225][45290] -> [..192.168.2.134][...53] + detected: [.....1] [ip4][..udp] [..192.168.2.225][45290] -> [..192.168.2.134][...53] [DNS][Unknown][Network][Acceptable][4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt] + RISK: Susp DNS Traffic, Non-Printable/Invalid Chars Detected, Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [..192.168.2.225][45290] -> [..192.168.2.134][...53] [DNS][Unknown][Network][Acceptable][4sicn03_2qaa3rlc3qudhh0aavjycxwakjehelu5klueow0zjxulgage-.4s2fgaaaa__-.test.txt] + RISK: Susp DNS Traffic, Non-Printable/Invalid Chars Detected, Minor Issues + idle: [.....1] [ip4][..udp] [..192.168.2.225][45290] -> [..192.168.2.134][...53] [DNS][Unknown][Network][Acceptable] + RISK: Susp DNS Traffic, Non-Printable/Invalid Chars Detected, Minor Issues + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dns-google-nsid.pcapng.out b/test/results/flow-info/default/dns-google-nsid.pcapng.out index 36db0919e..2af3c6708 100644 --- a/test/results/flow-info/default/dns-google-nsid.pcapng.out +++ b/test/results/flow-info/default/dns-google-nsid.pcapng.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip6][..udp] [...2001:b07:a3d:c112:b332:20d:89ab:105e][41624] -> [...................2001:4860:4860::8844][...53] - detected: [.....1] [ip6][..udp] [...2001:b07:a3d:c112:b332:20d:89ab:105e][41624] -> [...................2001:4860:4860::8844][...53] [DNS][Unknown][Network][Acceptable][] + detected: [.....1] [ip6][..udp] [...2001:b07:a3d:c112:b332:20d:89ab:105e][41624] -> [...................2001:4860:4860::8844][...53] [DNS][Google][Network][Acceptable][] RISK: Unidirectional Traffic - detection-update: [.....1] [ip6][..udp] [...2001:b07:a3d:c112:b332:20d:89ab:105e][41624] -> [...................2001:4860:4860::8844][...53] [DNS][Unknown][Network][Acceptable][] + detection-update: [.....1] [ip6][..udp] [...2001:b07:a3d:c112:b332:20d:89ab:105e][41624] -> [...................2001:4860:4860::8844][...53] [DNS][Google][Network][Acceptable][] DAEMON-EVENT: [Processed: 2 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] new: [.....2] [ip4][..udp] [...192.168.1.29][58580] -> [........8.8.4.4][...53] @@ -19,23 +19,23 @@ detected: [.....4] [ip4][..udp] [...192.168.1.29][51166] -> [........8.8.4.4][...53] [DNS][Google][Network][Acceptable][www.wireshark.org] RISK: Unidirectional Traffic detection-update: [.....4] [ip4][..udp] [...192.168.1.29][51166] -> [........8.8.4.4][...53] [DNS][Google][Network][Acceptable][www.wireshark.org] - idle: [.....1] [ip6][..udp] [...2001:b07:a3d:c112:b332:20d:89ab:105e][41624] -> [...................2001:4860:4860::8844][...53] [DNS][Unknown][Network][Acceptable] + idle: [.....1] [ip6][..udp] [...2001:b07:a3d:c112:b332:20d:89ab:105e][41624] -> [...................2001:4860:4860::8844][...53] [DNS][Google][Network][Acceptable] new: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] - detected: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] [DNS.ntop][Unknown][Network][Safe][www.ntop.org] + detected: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] [DNS.ntop][Google][Network][Safe][www.ntop.org] RISK: Unidirectional Traffic - detection-update: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] [DNS.ntop][Unknown][Network][Safe][www.ntop.org] + detection-update: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] [DNS.ntop][Google][Network][Safe][www.ntop.org] new: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] - detected: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] [DNS.Wikipedia][Unknown][Network][Safe][www.wikipedia.it] + detected: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] [DNS.Wikipedia][Google][Network][Safe][www.wikipedia.it] RISK: Unidirectional Traffic - detection-update: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] [DNS.Wikipedia][Unknown][Network][Safe][www.wikipedia.it] + detection-update: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] [DNS.Wikipedia][Google][Network][Safe][www.wikipedia.it] new: [.....7] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][43660] -> [...................2001:4860:4860::8888][...53] - detected: [.....7] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][43660] -> [...................2001:4860:4860::8888][...53] [DNS][Unknown][Network][Acceptable][www.wireshark.org] + detected: [.....7] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][43660] -> [...................2001:4860:4860::8888][...53] [DNS][Google][Network][Acceptable][www.wireshark.org] RISK: Unidirectional Traffic - detection-update: [.....7] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][43660] -> [...................2001:4860:4860::8888][...53] [DNS][Unknown][Network][Acceptable][www.wireshark.org] + detection-update: [.....7] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][43660] -> [...................2001:4860:4860::8888][...53] [DNS][Google][Network][Acceptable][www.wireshark.org] idle: [.....4] [ip4][..udp] [...192.168.1.29][51166] -> [........8.8.4.4][...53] [DNS][Google][Network][Acceptable] - idle: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] [DNS.ntop][Unknown][Network][Safe] - idle: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] [DNS.Wikipedia][Unknown][Network][Safe] + idle: [.....5] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][46618] -> [...................2001:4860:4860::8888][...53] [DNS.ntop][Google][Network][Safe] + idle: [.....6] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][44924] -> [...................2001:4860:4860::8888][...53] [DNS.Wikipedia][Google][Network][Safe] idle: [.....3] [ip4][..udp] [...192.168.1.29][62500] -> [........8.8.4.4][...53] [DNS.Wikipedia][Google][Network][Safe] idle: [.....2] [ip4][..udp] [...192.168.1.29][58580] -> [........8.8.4.4][...53] [DNS.ntop][Google][Network][Safe] - idle: [.....7] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][43660] -> [...................2001:4860:4860::8888][...53] [DNS][Unknown][Network][Acceptable] + idle: [.....7] [ip6][..udp] [...............2a03:b0c0:2:d0::360:4001][43660] -> [...................2001:4860:4860::8888][...53] [DNS][Google][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dns-invalid-chars.pcap.out b/test/results/flow-info/default/dns-invalid-chars.pcap.out index 9316b3e24..63860ff9f 100644 --- a/test/results/flow-info/default/dns-invalid-chars.pcap.out +++ b/test/results/flow-info/default/dns-invalid-chars.pcap.out @@ -3,9 +3,9 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [......127.0.0.1][35980] -> [......127.0.0.1][...53] detected: [.....1] [ip4][..udp] [......127.0.0.1][35980] -> [......127.0.0.1][...53] [DNS][Unknown][Network][Acceptable][www.allyourba???arebelongto.cn] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [.....1] [ip4][..udp] [......127.0.0.1][35980] -> [......127.0.0.1][...53] [DNS][Unknown][Network][Acceptable][www.allyourbasesare???ongto.cn] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [.....1] [ip4][..udp] [......127.0.0.1][35980] -> [......127.0.0.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dns2tcp_tunnel.pcap.out b/test/results/flow-info/default/dns2tcp_tunnel.pcap.out new file mode 100644 index 000000000..a6d3ee657 --- /dev/null +++ b/test/results/flow-info/default/dns2tcp_tunnel.pcap.out @@ -0,0 +1,21 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [.192.168.20.211][44404] -> [........1.1.1.1][..443] + detected: [.....1] [ip4][..tcp] [.192.168.20.211][44404] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][] + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch + detection-update: [.....1] [ip4][..tcp] [.192.168.20.211][44404] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][] + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch + analyse: [.....1] [ip4][..tcp] [.192.168.20.211][44404] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.088| 0.311| 0.823| 676677.157| 2.200] + [PKTLEN......: 40.000| 1628.000| 193.500| 364.600| 132965.600| 3.700] + [BINS(c->s)..: 9,0,2,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 11,0,1,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,1,0,0,1,1,1,0] + [IATS(ms)....: 15.2,15.2,0.4,15.3,1.8,16.7,0.1,0.1,90.4,0.1,0.1,105.3,0.0,0.1,14.9,0.0,0.1,6.0,0.0,6.0,0.4,8.9,6.4,1568.6,0.0,1583.6,0.7,15.6,3073.2,0.0,3088.2] + [PKTLENS.....: 60,52,40,301,46,1500,40,1628,40,104,126,164,46,46,111,40,46,71,311,71,40,144,46,46,259,71,40,202,46,344,71,40] + [ENTROPIES...: 4.7,4.7,4.5,6.0,4.2,7.8,4.5,7.9,4.5,6.0,6.3,6.7,4.2,4.1,6.1,4.5,4.2,5.5,7.2,5.5,4.4,6.4,4.2,4.2,7.2,5.4,4.5,6.8,4.2,7.3,5.5,4.5] + idle: [.....1] [ip4][..tcp] [.192.168.20.211][44404] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe] + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dns_ambiguous_names.pcap.out b/test/results/flow-info/default/dns_ambiguous_names.pcap.out index f647da8c5..c29e44189 100644 --- a/test/results/flow-info/default/dns_ambiguous_names.pcap.out +++ b/test/results/flow-info/default/dns_ambiguous_names.pcap.out @@ -23,9 +23,9 @@ detection-update: [.....5] [ip4][..udp] [....10.200.2.11][57632] -> [........8.8.8.8][...53] [DNS.PlayStore][Google][Network][Safe][android.clients.google.com] new: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] detected: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] [DNS.Teams][Google][Network][Safe][_.teams.microsoft.com] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] [DNS.Teams][Google][Network][Safe][_.teams.microsoft.com] - RISK: Error Code + RISK: Non-Printable/Invalid Chars Detected, Error Code new: [.....7] [ip4][..udp] [....10.200.2.11][44198] -> [........8.8.8.8][...53] detected: [.....7] [ip4][..udp] [....10.200.2.11][44198] -> [........8.8.8.8][...53] [DNS.Google][Google][Network][Acceptable][wide-youtube.l.google.com] RISK: Unidirectional Traffic @@ -51,6 +51,6 @@ idle: [.....8] [ip4][..udp] [....10.200.2.11][52541] -> [........8.8.8.8][...53] [DNS.AppleSiri][Google][Network][Acceptable] idle: [.....3] [ip4][..udp] [....10.200.2.11][57051] -> [........8.8.8.8][...53] [DNS.Teams][Google][Network][Safe] idle: [.....6] [ip4][..udp] [....10.200.2.11][42790] -> [........8.8.8.8][...53] [DNS.Teams][Google][Network][Safe] - RISK: Error Code + RISK: Non-Printable/Invalid Chars Detected, Error Code idle: [....10] [ip4][..udp] [....10.200.2.11][44883] -> [........8.8.8.8][...53] [DNS.Instagram][Google][Network][Fun] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/dns_fragmented.pcap.out b/test/results/flow-info/default/dns_fragmented.pcap.out index 9fc59a981..14bae7c26 100644 --- a/test/results/flow-info/default/dns_fragmented.pcap.out +++ b/test/results/flow-info/default/dns_fragmented.pcap.out @@ -8,15 +8,15 @@ RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] new: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] - detected: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][pa.weberlab.de] + detected: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][pa.weberlab.de] RISK: Unidirectional Traffic - detection-update: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][pa.weberlab.de] + detection-update: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][pa.weberlab.de] RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message ERROR-EVENT: nDPI IPv6/L4 payload detection failed [2/16] new: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] - detected: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][fg2.weberlab.de] + detected: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de] RISK: Unidirectional Traffic - detection-update: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][fg2.weberlab.de] + detection-update: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de] RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message ERROR-EVENT: nDPI IPv6/L4 payload detection failed [3/16] new: [.....4] [ip4][..udp] [173.194.169.104][59464] -> [.193.24.227.238][...53] @@ -26,9 +26,9 @@ RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message ERROR-EVENT: nDPI IPv4/L4 payload detection failed [4/16] new: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] - detected: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][fg2.weberlab.de] + detected: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de] RISK: Unidirectional Traffic - detection-update: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][fg2.weberlab.de] + detection-update: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de] RISK: Large DNS Packet (512+ bytes) new: [.....6] [ip4][..udp] [..74.125.47.136][59330] -> [.193.24.227.238][...53] detected: [.....6] [ip4][..udp] [..74.125.47.136][59330] -> [.193.24.227.238][...53] [DNS][Google][Network][Acceptable][weberlab.de] @@ -37,9 +37,9 @@ RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message ERROR-EVENT: nDPI IPv4/L4 payload detection failed [5/16] new: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] - detected: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][fg2.weberlab.de] + detected: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de] RISK: Unidirectional Traffic - detection-update: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][fg2.weberlab.de] + detection-update: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable][fg2.weberlab.de] RISK: Large DNS Packet (512+ bytes) DAEMON-EVENT: [Processed: 14 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 7 / 7|skipped: 0|!detected: 0|guessed: 0|detection-updates: 7|updates: 0] @@ -61,28 +61,28 @@ detection-update: [....11] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][46440] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable][fg2-mgmt.weberlab.de] idle: [.....1] [ip4][..udp] [..172.217.40.76][56680] -> [.193.24.227.238][...53] [DNS][Google][Network][Acceptable] RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message - idle: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable] + idle: [.....3] [ip6][..udp] [................2a00:1450:4013:c06::105][63369] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable] RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message - idle: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable] + idle: [.....7] [ip6][..udp] [................2a00:1450:4013:c05::10e][34944] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable] RISK: Large DNS Packet (512+ bytes) idle: [.....4] [ip4][..udp] [173.194.169.104][59464] -> [.193.24.227.238][...53] [DNS][Google][Network][Acceptable] RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message idle: [.....6] [ip4][..udp] [..74.125.47.136][59330] -> [.193.24.227.238][...53] [DNS][Google][Network][Acceptable] RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message - idle: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable] + idle: [.....5] [ip6][..udp] [................2a00:1450:400c:c00::106][54430] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable] RISK: Large DNS Packet (512+ bytes) - idle: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable] + idle: [.....2] [ip6][..udp] [................2a00:1450:4013:c03::10a][46433] -> [..................2001:470:765b::a25:53][...53] [DNS][Google][Network][Acceptable] RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message DAEMON-EVENT: [Processed: 22 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 11|skipped: 0|!detected: 0|guessed: 0|detection-updates: 11|updates: 0] new: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] - detected: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable][sigok.verteiltesysteme.net] + detected: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable][sigok.verteiltesysteme.net] RISK: Unidirectional Traffic - detection-update: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable][sigok.verteiltesysteme.net] + detection-update: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable][sigok.verteiltesysteme.net] new: [....13] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][52814] -> [...................2606:4700:4700::1111][...53] - detected: [....13] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][52814] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable][sigfail.verteiltesysteme.net] + detected: [....13] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][52814] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable][sigfail.verteiltesysteme.net] RISK: Unidirectional Traffic - detection-update: [....13] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][52814] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable][sigfail.verteiltesysteme.net] + detection-update: [....13] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][52814] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable][sigfail.verteiltesysteme.net] RISK: Error Code new: [....14] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][42344] -> [............................2620:fe::fe][...53] detected: [....14] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][42344] -> [............................2620:fe::fe][...53] [DNS][Unknown][Network][Acceptable][formel1.de] @@ -109,26 +109,26 @@ RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16] new: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] - detected: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable][ns2.weberdns.de] + detected: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable][ns2.weberdns.de] RISK: Unidirectional Traffic - detection-update: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable][ns2.weberdns.de] + detection-update: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable][ns2.weberdns.de] new: [....19] [ip6][..tcp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][57089] -> [.............2001:470:1f0b:16b0::a26:53][...53] detected: [....19] [ip6][..tcp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][57089] -> [.............2001:470:1f0b:16b0::a26:53][...53] [DNS][Unknown][Network][Acceptable][weberlab.de] detection-update: [....19] [ip6][..tcp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][57089] -> [.............2001:470:1f0b:16b0::a26:53][...53] [DNS][Unknown][Network][Acceptable][weberlab.de] new: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] - detected: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable][ns2.weberdns.de] + detected: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable][ns2.weberdns.de] RISK: Unidirectional Traffic - detection-update: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable][ns2.weberdns.de] + detection-update: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable][ns2.weberdns.de] new: [....21] [ip4][..tcp] [....194.247.5.6][39005] -> [...194.247.5.14][...53] detected: [....21] [ip4][..tcp] [....194.247.5.6][39005] -> [...194.247.5.14][...53] [DNS][Unknown][Network][Acceptable][weberlab.de] detection-update: [....21] [ip4][..tcp] [....194.247.5.6][39005] -> [...194.247.5.14][...53] [DNS][Unknown][Network][Acceptable][weberlab.de] - idle: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable] + idle: [....18] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][60550] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable] end: [....21] [ip4][..tcp] [....194.247.5.6][39005] -> [...194.247.5.14][...53] [DNS][Unknown][Network][Acceptable] idle: [....16] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][55729] -> [..................2001:470:765b::a25:53][...53] [DNS][Unknown][Network][Acceptable] RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message - idle: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable] + idle: [....20] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][54590] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable] idle: [....13] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][52814] -> [...................2606:4700:4700::1111][...53] - idle: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] [DNS][Unknown][Network][Acceptable] + idle: [....12] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][48758] -> [...................2606:4700:4700::1111][...53] [DNS][Cloudflare][Network][Acceptable] idle: [....14] [ip6][..udp] [..2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb][42344] -> [............................2620:fe::fe][...53] [DNS][Unknown][Network][Acceptable] idle: [....17] [ip4][..udp] [....194.247.5.6][51791] -> [.193.24.227.238][...53] [DNS][Unknown][Network][Acceptable] RISK: Large DNS Packet (512+ bytes), Fragmented DNS Message diff --git a/test/results/flow-info/default/doh.pcapng.out b/test/results/flow-info/default/doh.pcapng.out index bbcd31915..09ea6804f 100644 --- a/test/results/flow-info/default/doh.pcapng.out +++ b/test/results/flow-info/default/doh.pcapng.out @@ -3,9 +3,9 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] detected: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch analyse: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 15.360| 2.496| 5.583| 31170844.688| 2.400] @@ -17,5 +17,5 @@ [PKTLENS.....: 60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46] [ENTROPIES...: 4.4,4.4,4.2,5.9,4.1,7.8,4.1,7.9,4.1,7.1,4.1,5.9,6.2,6.4,6.0,4.1,4.1,6.2,4.1,5.5,4.1,4.1,7.4,5.5,4.1,4.1,4.2,4.1,4.1,4.1,4.2,4.1] idle: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/ethereum.pcap.out b/test/results/flow-info/default/ethereum.pcap.out index 768434d96..d099bf8ad 100644 --- a/test/results/flow-info/default/ethereum.pcap.out +++ b/test/results/flow-info/default/ethereum.pcap.out @@ -2,29 +2,29 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...87.14.222.25][56693] -> [..192.168.1.184][30303] - detected: [.....1] [ip4][..udp] [...87.14.222.25][56693] -> [..192.168.1.184][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [.....1] [ip4][..udp] [...87.14.222.25][56693] -> [..192.168.1.184][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [.....2] [ip4][..udp] [...60.191.32.71][30303] -> [..192.168.1.184][30303] - detected: [.....2] [ip4][..udp] [...60.191.32.71][30303] -> [..192.168.1.184][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [.....2] [ip4][..udp] [...60.191.32.71][30303] -> [..192.168.1.184][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [.....3] [ip4][..udp] [...3.112.138.57][25516] -> [..192.168.1.184][30303] - detected: [.....3] [ip4][..udp] [...3.112.138.57][25516] -> [..192.168.1.184][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [.....3] [ip4][..udp] [...3.112.138.57][25516] -> [..192.168.1.184][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [.....4] [ip4][..udp] [..192.168.1.184][30303] -> [....3.209.45.79][30303] - detected: [.....4] [ip4][..udp] [..192.168.1.184][30303] -> [....3.209.45.79][30303] [Mining][Mining][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [.....4] [ip4][..udp] [..192.168.1.184][30303] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [.....5] [ip4][..udp] [..192.168.1.184][30303] -> [.52.231.165.108][30303] - detected: [.....5] [ip4][..udp] [..192.168.1.184][30303] -> [.52.231.165.108][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [.....5] [ip4][..udp] [..192.168.1.184][30303] -> [.52.231.165.108][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [.....6] [ip4][..udp] [..192.168.1.184][30303] -> [..18.138.108.67][30303] - detected: [.....6] [ip4][..udp] [..192.168.1.184][30303] -> [..18.138.108.67][30303] [Mining][Mining][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [.....6] [ip4][..udp] [..192.168.1.184][30303] -> [..18.138.108.67][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [.....7] [ip4][..udp] [..192.168.1.184][30303] -> [...34.97.172.22][30303] - detected: [.....7] [ip4][..udp] [..192.168.1.184][30303] -> [...34.97.172.22][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [.....7] [ip4][..udp] [..192.168.1.184][30303] -> [...34.97.172.22][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [.....8] [ip4][..udp] [..192.168.1.184][30303] -> [...66.42.82.246][30303] - detected: [.....8] [ip4][..udp] [..192.168.1.184][30303] -> [...66.42.82.246][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [.....8] [ip4][..udp] [..192.168.1.184][30303] -> [...66.42.82.246][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [.....9] [ip4][..tcp] [..192.168.1.184][56612] -> [...66.42.82.246][30303] new: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] new: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] @@ -41,21 +41,16 @@ new: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] new: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] new: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] - detected: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....20] [ip4][..tcp] [..192.168.1.184][56624] -> [....89.38.99.34][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + detected: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....20] [ip4][..tcp] [..192.168.1.184][56624] -> [....89.38.99.34][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] new: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] - detected: [....12] [ip4][..tcp] [..192.168.1.184][56613] -> [.162.243.160.83][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....12] [ip4][..tcp] [..192.168.1.184][56613] -> [.162.243.160.83][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] - detected: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - analyse: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [Mining][AmazonAWS][Mining][Unsafe] + detected: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + analyse: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.063| 0.008| 0.018| 335.828| 2.400] [PKTLEN......: 46.000| 547.000| 91.200| 114.100| 13011.400| 4.400] @@ -66,9 +61,8 @@ [PKTLENS.....: 64,60,52,547,52,500,84,52,52,53,52,54,52,65,68,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46] [ENTROPIES...: 4.5,5.3,5.0,7.6,5.2,7.6,5.9,5.1,5.1,5.3,5.1,5.3,5.1,5.5,5.7,5.1,5.1,5.2,5.1,5.8,5.2,6.7,5.2,5.5,5.9,5.2,5.2,5.5,5.5,5.1,3.7,3.7] new: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] - detected: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [Mining][Mining][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] + analyse: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.063| 0.009| 0.019| 355.411| 2.700] [PKTLEN......: 52.000| 598.000| 107.800| 122.800| 15078.800| 4.400] @@ -78,18 +72,15 @@ [IATS(ms)....: 42.9,43.0,1.9,62.9,2.0,0.0,0.0,0.0,0.0,63.0,0.0,0.0,0.0,0.1,0.1,0.0,1.3,0.0,0.1,0.0,0.1,0.4,0.0,0.0,0.0,0.1,32.2,0.0,0.0,30.2,0.8] [PKTLENS.....: 64,60,52,598,52,456,84,53,208,55,52,52,52,52,68,52,52,84,53,176,55,68,84,53,100,67,68,64,64,64,324,64] [ENTROPIES...: 4.4,5.4,5.1,7.7,5.2,7.5,6.0,5.2,6.9,5.3,5.1,5.0,5.0,5.0,5.5,5.0,5.0,5.9,5.0,6.8,5.2,5.4,5.9,5.0,6.0,5.4,5.4,5.2,5.2,5.2,7.3,5.2] - detected: [.....9] [ip4][..tcp] [..192.168.1.184][56612] -> [...66.42.82.246][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [.....9] [ip4][..tcp] [..192.168.1.184][56612] -> [...66.42.82.246][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] new: [....29] [ip4][..udp] [..192.168.1.184][30303] -> [..54.36.160.211][30303] - detected: [....29] [ip4][..udp] [..192.168.1.184][30303] -> [..54.36.160.211][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [....29] [ip4][..udp] [..192.168.1.184][30303] -> [..54.36.160.211][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] - detected: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [Mining][AmazonAWS][Mining][Unsafe] + detected: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + analyse: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.070| 0.011| 0.024| 583.849| 2.400] [PKTLEN......: 46.000| 564.000| 90.300| 111.300| 12394.700| 4.400] @@ -100,16 +91,14 @@ [PKTLENS.....: 64,60,52,564,52,454,84,53,54,65,68,52,52,52,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46] [ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,5.9,5.3,5.3,5.5,5.6,5.1,5.0,5.0,5.0,5.1,5.1,5.3,5.1,6.0,5.2,6.7,5.2,5.5,5.8,5.1,5.2,5.5,5.6,5.1,3.6,3.6] new: [....31] [ip4][..udp] [..192.168.1.184][30303] -> [..111.229.0.180][20182] - detected: [....31] [ip4][..udp] [..192.168.1.184][30303] -> [..111.229.0.180][20182] [Mining][Tencent][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - detected: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....31] [ip4][..udp] [..192.168.1.184][30303] -> [..111.229.0.180][20182] [ETHEREUM][Tencent][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + detected: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....32] [ip4][..udp] [..192.168.1.184][30303] -> [...209.97.143.1][50000] - detected: [....32] [ip4][..udp] [..192.168.1.184][30303] -> [...209.97.143.1][50000] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - detected: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....32] [ip4][..udp] [..192.168.1.184][30303] -> [...209.97.143.1][50000] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + detected: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + analyse: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.073| 0.008| 0.018| 321.083| 2.400] [PKTLEN......: 46.000| 473.000| 85.000| 93.300| 8701.200| 4.500] @@ -119,25 +108,17 @@ [IATS(ms)....: 36.4,36.5,1.5,44.0,0.5,0.0,0.1,0.0,0.0,43.1,0.0,0.0,0.0,0.0,0.7,0.0,0.1,0.0,0.0,0.1,0.1,0.1,0.0,0.0,0.0,72.9,0.0,0.0,0.7,0.0,0.0] [PKTLENS.....: 64,60,52,473,52,392,84,53,54,81,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46] [ENTROPIES...: 4.4,5.4,5.1,7.5,5.3,7.4,6.0,5.2,5.3,5.9,5.1,5.1,5.1,5.0,5.1,5.9,5.1,6.7,5.2,5.6,5.9,5.2,5.2,5.5,5.6,5.1,5.3,4.0,3.9,4.0,4.0,4.0] - detected: [....16] [ip4][..tcp] [..192.168.1.184][56620] -> [191.234.162.198][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....16] [ip4][..tcp] [..192.168.1.184][56620] -> [191.234.162.198][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + detected: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] new: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] - detected: [....18] [ip4][..tcp] [..192.168.1.184][56622] -> [..18.138.108.67][30303] [Mining][Mining][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....18] [ip4][..tcp] [..192.168.1.184][56622] -> [..18.138.108.67][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] new: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] - detected: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....14] [ip4][..tcp] [..192.168.1.184][56617] -> [...34.97.172.22][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + detected: [....14] [ip4][..tcp] [..192.168.1.184][56617] -> [...34.97.172.22][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + detected: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + analyse: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.079| 0.012| 0.027| 705.641| 2.400] [PKTLEN......: 46.000| 531.000| 90.400| 111.100| 12335.600| 4.400] @@ -147,7 +128,7 @@ [IATS(ms)....: 68.5,68.6,1.4,78.1,1.9,0.1,78.6,0.0,0.2,0.0,0.0,0.2,0.0,0.0,0.1,0.0,0.1,0.0,0.4,0.0,0.1,0.0,0.1,0.0,0.0,0.1,0.0,0.0,0.0,67.2,0.0] [PKTLENS.....: 64,60,52,531,52,491,84,52,52,53,54,65,52,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46] [ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,6.0,5.2,5.1,5.3,5.3,5.6,5.1,5.1,5.1,5.6,5.3,5.1,5.1,5.9,5.2,6.8,5.3,5.6,5.9,5.1,5.2,5.5,5.6,5.1,3.9,3.9] - analyse: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.077| 0.012| 0.026| 688.970| 2.400] [PKTLEN......: 46.000| 494.000| 87.100| 105.300| 11090.000| 4.400] @@ -160,12 +141,11 @@ new: [....35] [ip4][..tcp] [..192.168.1.184][56637] -> [.35.233.197.131][30303] new: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] new: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] - detected: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] - detected: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [Mining][Mining][Mining][Unsafe] + detected: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.164| 0.023| 0.053| 2778.035| 2.400] [PKTLEN......: 46.000| 522.000| 89.000| 105.000| 11031.500| 4.500] @@ -175,14 +155,12 @@ [IATS(ms)....: 134.4,134.5,2.0,164.5,0.7,163.1,0.2,0.0,0.1,0.0,0.1,0.0,0.0,0.1,0.0,0.0,0.2,0.2,0.4,0.0,0.1,0.0,0.1,0.1,0.0,0.1,0.0,0.0,0.0,112.9,0.0] [PKTLENS.....: 64,60,52,447,52,522,52,84,53,52,52,54,65,68,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46] [ENTROPIES...: 4.4,5.3,5.0,7.5,5.1,7.6,4.9,6.0,5.2,5.0,5.0,5.3,5.6,5.6,5.0,5.0,4.9,5.1,5.0,5.9,5.1,6.8,5.2,5.5,5.9,5.1,5.1,5.5,5.5,5.0,5.1,3.7] - detected: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....39] [ip4][..tcp] [..192.168.1.184][56641] -> [.144.91.120.135][30303] new: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303] new: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] - analyse: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.043| 0.007| 0.014| 203.606| 2.800] [PKTLEN......: 52.000| 546.000| 106.000| 112.400| 12624.200| 4.500] @@ -193,9 +171,8 @@ [PKTLENS.....: 64,60,52,467,52,546,52,84,53,176,55,68,84,53,195,52,52,52,68,52,84,53,100,67,68,64,64,64,64,212,164,52] [ENTROPIES...: 4.5,5.4,5.1,7.6,5.2,7.6,5.0,5.9,5.0,6.7,5.2,5.5,6.1,5.2,6.8,5.0,5.1,5.1,5.6,5.1,5.9,5.2,6.1,5.6,5.5,5.1,5.1,5.2,5.1,6.9,6.7,5.2] new: [....42] [ip4][..tcp] [..192.168.1.184][56644] -> [..13.230.108.42][30303] - detected: [....39] [ip4][..tcp] [..192.168.1.184][56641] -> [.144.91.120.135][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] [Mining][Azure][Mining][Unsafe] + detected: [....39] [ip4][..tcp] [..192.168.1.184][56641] -> [.144.91.120.135][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.158| 0.021| 0.049| 2374.200| 2.400] [PKTLEN......: 46.000| 483.000| 87.300| 103.800| 10779.300| 4.400] @@ -206,17 +183,13 @@ [PKTLENS.....: 64,60,52,483,52,475,84,52,52,68,68,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46] [ENTROPIES...: 4.5,5.3,5.1,7.6,5.2,7.5,5.9,5.1,5.2,5.7,5.6,5.1,5.2,5.8,5.1,6.7,5.1,5.4,5.8,5.1,5.1,5.4,5.5,5.0,3.6,3.6,3.6,3.6,3.6,3.6,3.6,3.6] new: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] - detected: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + detected: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] - detected: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303] - analyse: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [Mining][Azure][Mining][Unsafe] + analyse: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.202| 0.031| 0.071| 5088.628| 2.400] [PKTLEN......: 46.000| 542.000| 91.800| 115.500| 13350.200| 4.400] @@ -226,9 +199,8 @@ [IATS(ms)....: 195.0,195.1,1.2,202.3,0.3,0.0,201.3,0.0,0.1,0.1,0.1,0.0,0.1,0.0,0.1,0.1,0.1,0.1,0.6,0.0,0.1,0.0,0.1,0.0,0.0,0.1,0.0,0.0,0.0,175.4,0.4] [PKTLENS.....: 64,60,52,542,52,519,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46] [ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,5.9,5.1,5.2,5.3,5.2,5.3,5.5,5.2,5.2,5.6,5.2,5.2,5.2,5.7,5.1,6.7,5.1,5.5,5.8,5.0,5.1,5.5,5.4,5.1,5.2,3.7] - detected: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.109| 0.018| 0.040| 1575.808| 2.400] [PKTLEN......: 46.000| 623.000| 95.600| 130.900| 17130.100| 4.300] @@ -240,7 +212,7 @@ [ENTROPIES...: 4.5,5.4,5.1,7.7,5.2,7.7,5.2,5.9,5.2,6.9,5.2,5.6,5.9,5.1,5.2,5.1,5.3,5.1,5.6,5.7,5.1,5.1,5.8,5.2,5.2,5.1,5.1,5.3,5.6,5.1,4.0,4.0] new: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] new: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] - analyse: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.049| 0.009| 0.018| 316.609| 2.700] [PKTLEN......: 52.000| 521.000| 92.900| 97.800| 9570.500| 4.500] @@ -251,13 +223,12 @@ [PKTLENS.....: 64,60,52,521,52,370,84,52,52,53,52,177,54,52,52,68,52,84,53,176,55,68,84,53,100,67,68,52,84,52,53,56] [ENTROPIES...: 4.5,5.4,5.1,7.6,5.1,7.5,5.9,5.0,5.0,5.2,5.1,6.7,5.3,5.0,5.0,5.7,5.1,5.9,5.2,6.7,5.2,5.5,5.8,5.1,6.1,5.5,5.6,5.1,5.9,5.0,5.2,5.4] new: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] - detected: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....49] [ip4][..tcp] [..192.168.1.184][56654] -> [..85.214.108.52][30303] new: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] - detected: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - analyse: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + analyse: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.052| 0.010| 0.019| 354.234| 2.800] [PKTLEN......: 52.000| 462.000| 93.900| 97.700| 9536.300| 4.500] @@ -268,11 +239,9 @@ [PKTLENS.....: 64,60,52,462,52,434,52,84,53,84,176,52,55,68,53,52,208,52,55,52,68,52,84,53,100,67,68,52,52,84,52,53] [ENTROPIES...: 4.5,5.3,5.1,7.5,5.2,7.4,5.0,5.8,5.1,5.9,6.7,5.1,5.2,5.4,5.2,5.1,6.9,5.1,5.3,5.1,5.4,5.1,5.6,5.1,6.0,5.4,5.5,5.2,5.2,5.8,5.1,5.2] new: [....51] [ip4][..tcp] [..192.168.1.184][56655] -> [.202.112.28.106][30303] - detected: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [Mining][Azure][Mining][Unsafe] + detected: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + analyse: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.262| 0.038| 0.087| 7588.779| 2.300] [PKTLEN......: 46.000| 505.000| 90.200| 109.100| 11904.300| 4.400] @@ -282,7 +251,7 @@ [IATS(ms)....: 261.7,261.8,1.5,222.8,0.1,0.0,0.0,221.3,0.0,0.0,0.2,0.0,0.2,0.0,0.1,0.0,0.1,0.0,0.6,0.0,0.1,0.0,0.1,0.1,0.0,0.1,0.0,0.0,0.0,211.4,0.0] [PKTLENS.....: 64,60,52,502,52,505,84,53,52,52,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46] [ENTROPIES...: 4.5,5.3,5.0,7.6,5.2,7.6,5.8,5.2,5.1,5.1,5.1,5.3,5.6,5.1,5.1,5.7,5.2,5.1,5.1,5.7,5.1,6.9,5.1,5.5,5.8,5.1,5.2,5.5,5.5,5.0,5.2,3.8] - analyse: [....16] [ip4][..tcp] [..192.168.1.184][56620] -> [191.234.162.198][30303] [Mining][Azure][Mining][Unsafe] + analyse: [....16] [ip4][..tcp] [..192.168.1.184][56620] -> [191.234.162.198][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.263| 0.038| 0.087| 7624.721| 2.300] [PKTLEN......: 46.000| 564.000| 92.100| 117.400| 13788.700| 4.400] @@ -292,11 +261,10 @@ [IATS(ms)....: 263.1,263.2,1.3,221.8,0.2,0.0,0.0,220.8,0.0,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.7,0.0,0.1,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,212.6,0.2] [PKTLENS.....: 64,60,52,564,52,511,84,53,52,52,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46] [ENTROPIES...: 4.4,5.3,4.9,7.6,5.2,7.5,6.0,5.2,5.1,5.1,5.1,5.2,5.6,5.1,5.1,5.6,5.2,5.1,5.1,5.9,5.0,6.7,5.1,5.4,5.8,5.0,5.0,5.4,5.5,5.0,3.7,3.7] - detected: [....49] [ip4][..tcp] [..192.168.1.184][56654] -> [..85.214.108.52][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....49] [ip4][..tcp] [..192.168.1.184][56654] -> [..85.214.108.52][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] new: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] - analyse: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.037| 0.006| 0.012| 148.778| 2.600] [PKTLEN......: 46.000| 469.000| 84.100| 91.500| 8376.200| 4.500] @@ -306,7 +274,7 @@ [IATS(ms)....: 32.6,32.6,1.2,33.9,3.9,36.5,0.4,0.4,0.1,0.1,0.1,0.1,0.4,0.0,0.0,0.0,0.1,0.0,0.0,0.0,0.0,0.0,0.0,31.1,0.1,0.0,0.1,0.0,0.6,0.1,0.0] [PKTLENS.....: 64,60,52,469,52,379,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46] [ENTROPIES...: 4.5,5.4,5.1,7.6,5.3,7.4,5.1,6.0,5.1,5.7,5.2,5.7,5.1,6.0,5.2,6.8,5.3,5.6,5.9,5.2,5.3,5.6,5.6,5.2,5.3,3.7,3.7,3.7,3.7,3.7,3.7,3.7] - analyse: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.116| 0.012| 0.026| 687.065| 2.900] [PKTLEN......: 52.000| 526.000| 102.300| 108.500| 11769.500| 4.500] @@ -316,7 +284,7 @@ [IATS(ms)....: 25.5,25.6,1.2,25.9,91.4,116.0,0.8,0.0,0.1,0.0,0.0,24.5,23.6,0.4,0.0,0.0,0.0,0.7,0.1,0.7,0.0,0.0,0.0,23.3,0.0,24.1,0.2,0.3,0.0,0.0,0.0] [PKTLENS.....: 64,60,52,526,52,384,52,84,53,176,55,68,292,52,84,53,100,67,52,68,52,52,52,52,260,52,52,84,52,53,55,64] [ENTROPIES...: 4.4,5.3,5.0,7.6,5.1,7.4,5.1,5.9,5.1,6.8,5.1,5.5,7.2,5.1,5.8,5.1,5.9,5.5,5.2,5.5,5.2,5.2,5.2,5.2,7.1,5.2,5.0,5.7,5.2,5.1,5.2,5.3] - analyse: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.035| 0.006| 0.012| 149.558| 2.500] [PKTLEN......: 46.000| 583.000| 90.600| 116.900| 13676.100| 4.400] @@ -330,7 +298,7 @@ new: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] new: [....56] [ip4][..tcp] [..192.168.1.184][56662] -> [..35.229.232.19][30303] new: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303] - analyse: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.159| 0.026| 0.057| 3248.179| 2.500] [PKTLEN......: 46.000| 465.000| 87.500| 99.100| 9815.100| 4.500] @@ -340,7 +308,7 @@ [IATS(ms)....: 157.7,157.8,1.6,152.9,8.1,159.4,1.2,0.0,0.1,0.0,0.1,1.9,0.0,0.5,0.0,0.1,0.0,0.1,0.0,0.1,0.1,0.2,0.0,0.1,0.0,0.0,0.0,0.7,0.4,149.7,0.6] [PKTLENS.....: 64,60,52,465,52,457,52,84,53,176,55,68,84,53,52,52,54,65,52,52,68,52,84,53,54,65,68,52,52,52,52,46] [ENTROPIES...: 4.4,5.3,5.1,7.5,5.2,7.5,5.0,5.9,5.2,6.9,5.2,5.5,5.9,5.2,5.0,5.1,5.3,5.6,5.1,5.0,5.6,5.0,5.7,5.1,5.1,5.3,5.5,5.1,5.2,5.1,5.2,3.8] - analyse: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [Mining][AmazonAWS][Mining][Unsafe] + analyse: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.131| 0.020| 0.046| 2133.935| 2.400] [PKTLEN......: 46.000| 573.000| 93.000| 122.200| 14931.500| 4.300] @@ -350,7 +318,7 @@ [IATS(ms)....: 130.8,130.9,1.3,122.8,1.3,122.7,0.2,0.0,0.1,0.0,0.1,0.1,0.1,0.1,0.1,0.1,0.3,0.0,0.0,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,121.1,0.0,0.0,0.0] [PKTLENS.....: 64,60,52,573,52,542,52,84,53,52,52,67,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46] [ENTROPIES...: 4.5,5.3,5.0,7.6,5.2,7.5,5.1,5.9,5.2,5.0,5.0,5.5,5.1,5.6,5.1,5.2,5.0,5.9,5.1,6.8,5.1,5.6,5.7,5.1,5.1,5.4,5.6,5.1,3.9,4.0,4.0,4.0] - analyse: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [Mining][GoogleCloud][Mining][Unsafe] + analyse: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.057| 0.011| 0.022| 493.706| 2.800] [PKTLEN......: 52.000| 514.000| 100.400| 109.700| 12030.800| 4.500] @@ -360,7 +328,7 @@ [IATS(ms)....: 56.8,56.9,1.6,56.4,2.3,57.1,0.5,0.5,0.1,0.0,0.1,0.0,0.2,0.0,0.1,0.0,0.0,1.1,0.9,0.4,0.0,0.0,0.0,0.1,56.5,0.0,0.0,55.9,0.0,1.8,0.0] [PKTLENS.....: 64,60,52,514,52,494,52,84,52,195,53,52,52,84,53,176,55,68,68,52,84,53,100,67,68,52,84,134,52,52,82,52] [ENTROPIES...: 4.5,5.2,5.1,7.5,5.2,7.5,5.2,5.8,5.1,6.8,5.2,5.0,5.0,5.9,5.1,6.7,5.2,5.5,5.7,5.1,5.9,5.2,6.0,5.5,5.5,5.2,5.9,6.6,5.1,5.1,5.8,5.3] - analyse: [....18] [ip4][..tcp] [..192.168.1.184][56622] -> [..18.138.108.67][30303] [Mining][Mining][Mining][Unsafe] + analyse: [....18] [ip4][..tcp] [..192.168.1.184][56622] -> [..18.138.108.67][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.300| 0.044| 0.100| 10075.352| 2.300] [PKTLEN......: 46.000| 583.000| 88.300| 106.200| 11275.500| 4.400] @@ -370,7 +338,7 @@ [IATS(ms)....: 300.4,300.4,1.7,253.4,0.7,0.0,252.4,0.0,0.1,0.1,0.1,0.0,0.1,0.0,0.1,0.0,0.1,0.0,0.4,0.0,0.1,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,252.8,0.0] [PKTLENS.....: 64,60,52,583,52,370,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46] [ENTROPIES...: 4.4,5.3,5.0,7.7,5.1,7.4,5.9,5.0,5.0,5.2,5.0,5.3,5.5,5.0,5.0,5.6,5.2,5.0,5.0,5.8,5.0,6.7,5.2,5.4,5.8,5.0,5.2,5.3,5.4,5.0,3.7,3.7] - analyse: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [Mining][AmazonAWS][Mining][Unsafe] + analyse: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.308| 0.045| 0.103| 10532.101| 2.400] [PKTLEN......: 46.000| 523.000| 89.800| 108.100| 11684.800| 4.400] @@ -381,13 +349,11 @@ [PKTLENS.....: 64,60,52,523,52,474,52,84,52,53,54,52,52,65,68,52,52,84,53,176,55,68,84,53,54,65,68,52,52,52,52,46] [ENTROPIES...: 4.5,5.4,5.1,7.6,5.2,7.5,5.1,5.9,5.0,5.2,5.2,5.0,5.0,5.6,5.6,5.0,5.0,5.8,5.0,6.7,5.2,5.4,5.9,5.1,5.1,5.5,5.5,5.0,5.2,5.1,5.2,3.8] new: [....58] [ip4][..udp] [183.129.242.164][.1024] -> [..192.168.1.184][30303] - detected: [....58] [ip4][..udp] [183.129.242.164][.1024] -> [..192.168.1.184][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - detected: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....58] [ip4][..udp] [183.129.242.164][.1024] -> [..192.168.1.184][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + detected: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.339| 0.050| 0.114| 12910.542| 2.400] [PKTLEN......: 46.000| 626.000| 92.100| 119.200| 14212.100| 4.400] @@ -397,16 +363,13 @@ [IATS(ms)....: 339.2,339.3,1.3,287.2,2.5,288.4,1.0,0.0,1.0,0.0,0.0,0.0,0.1,0.0,0.1,0.0,0.0,0.0,0.0,0.1,0.1,0.1,0.0,0.1,0.0,0.0,0.1,0.6,0.3,285.6,0.0] [PKTLENS.....: 64,60,52,626,52,448,52,84,53,52,52,84,53,54,65,176,52,55,52,68,68,52,84,53,54,65,68,52,52,52,46,46] [ENTROPIES...: 4.5,5.4,5.0,7.6,5.0,7.5,5.1,5.8,5.1,5.0,5.0,5.8,5.0,5.1,5.5,6.7,5.0,5.2,5.0,5.4,5.5,5.0,5.9,5.0,5.1,5.4,5.6,5.1,5.2,5.1,3.7,3.7] - detected: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] new: [....59] [ip4][..udp] [..192.168.1.184][30303] -> [.202.112.28.106][30303] - detected: [....59] [ip4][..udp] [..192.168.1.184][30303] -> [.202.112.28.106][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - detected: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [Mining][Azure][Mining][Unsafe] + detected: [....59] [ip4][..udp] [..192.168.1.184][30303] -> [.202.112.28.106][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + detected: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.355| 0.054| 0.122| 14890.530| 2.400] [PKTLEN......: 46.000| 577.000| 92.400| 118.100| 13953.700| 4.400] @@ -417,21 +380,16 @@ [PKTLENS.....: 64,60,52,577,52,503,52,84,52,53,52,54,52,65,68,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46] [ENTROPIES...: 4.5,5.4,5.1,7.6,5.2,7.6,5.1,5.9,5.1,5.3,5.1,5.3,5.1,5.5,5.7,5.0,5.1,5.1,5.0,5.7,5.0,6.9,5.1,5.4,5.8,5.0,5.0,5.4,5.4,5.0,5.1,3.7] new: [....60] [ip4][..udp] [..192.168.1.184][30303] -> [..106.12.39.168][30333] - detected: [....60] [ip4][..udp] [..192.168.1.184][30303] -> [..106.12.39.168][30333] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + detected: [....60] [ip4][..udp] [..192.168.1.184][30303] -> [..106.12.39.168][30333] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic new: [....61] [ip4][..tcp] [..192.168.1.184][56670] -> [..167.86.122.50][30303] new: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] - detected: [....56] [ip4][..tcp] [..192.168.1.184][56662] -> [..35.229.232.19][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....51] [ip4][..tcp] [..192.168.1.184][56655] -> [.202.112.28.106][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....61] [ip4][..tcp] [..192.168.1.184][56670] -> [..167.86.122.50][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....56] [ip4][..tcp] [..192.168.1.184][56662] -> [..35.229.232.19][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + detected: [....51] [ip4][..tcp] [..192.168.1.184][56655] -> [.202.112.28.106][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....61] [ip4][..tcp] [..192.168.1.184][56670] -> [..167.86.122.50][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.147| 0.028| 0.054| 2939.853| 2.800] [PKTLEN......: 52.000| 625.000| 100.200| 122.100| 14898.100| 4.400] @@ -443,7 +401,7 @@ [ENTROPIES...: 4.5,5.3,5.0,7.7,5.1,7.6,5.1,5.8,5.1,6.7,5.2,5.6,5.9,5.1,5.3,5.1,6.9,5.5,5.7,5.1,5.1,5.0,5.8,5.0,6.1,5.5,5.5,5.1,5.1,6.0,5.0,5.2] new: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] new: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] - analyse: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.039| 0.010| 0.016| 256.751| 3.100] [PKTLEN......: 52.000| 592.000| 107.000| 118.700| 14100.300| 4.400] @@ -454,14 +412,11 @@ [PKTLENS.....: 64,60,52,592,52,416,52,84,53,176,55,68,292,52,52,52,84,53,100,67,68,260,52,52,84,53,55,64,68,84,53,56] [ENTROPIES...: 4.5,5.3,5.1,7.7,5.2,7.5,5.1,5.8,5.1,6.7,5.2,5.6,7.3,5.0,5.1,5.2,5.8,5.1,6.1,5.5,5.6,7.1,5.0,5.2,5.7,5.2,5.2,5.4,5.6,5.9,5.2,5.3] new: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] - detected: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....66] [ip4][..tcp] [..192.168.1.184][56675] -> [..35.235.37.216][30303] - detected: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....66] [ip4][..tcp] [..192.168.1.184][56675] -> [..35.235.37.216][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....66] [ip4][..tcp] [..192.168.1.184][56675] -> [..35.235.37.216][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + analyse: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.184| 0.035| 0.071| 5044.452| 2.600] [PKTLEN......: 52.000| 635.000| 100.100| 121.000| 14650.900| 4.400] @@ -471,10 +426,9 @@ [IATS(ms)....: 179.3,179.4,1.8,184.4,0.2,182.8,0.1,0.1,0.1,0.1,0.4,0.0,0.4,0.0,0.1,0.1,0.2,0.0,0.1,0.0,0.0,0.3,0.0,0.0,0.0,0.2,176.5,0.9,1.0,0.0,177.6] [PKTLENS.....: 64,60,52,635,52,443,52,84,52,53,52,213,66,52,52,68,52,84,53,176,55,68,84,53,111,56,68,52,52,84,53,52] [ENTROPIES...: 4.5,5.3,5.0,7.7,5.2,7.4,5.1,5.9,5.1,5.3,5.1,7.0,5.6,5.1,5.1,5.6,5.0,5.8,5.1,6.8,5.1,5.4,5.8,5.1,6.2,5.1,5.4,5.1,5.2,5.9,5.3,5.0] - detected: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] - analyse: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.042| 0.007| 0.015| 228.263| 2.600] [PKTLEN......: 46.000| 438.000| 84.000| 90.700| 8221.200| 4.500] @@ -485,7 +439,7 @@ [PKTLENS.....: 64,60,52,438,52,408,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46] [ENTROPIES...: 4.5,5.4,5.1,7.5,5.1,7.5,5.0,5.9,5.0,5.7,5.0,5.6,5.0,5.7,5.1,6.8,5.2,5.4,5.8,5.1,5.1,5.4,5.5,5.1,5.2,3.7,3.7,3.7,3.7,3.7,3.7,3.7] new: [....68] [ip4][..tcp] [..192.168.1.184][56679] -> [..35.228.158.52][30303] - analyse: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [Mining][AmazonAWS][Mining][Unsafe] + analyse: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.194| 0.037| 0.074| 5538.541| 2.700] [PKTLEN......: 52.000| 524.000| 100.200| 109.000| 11872.900| 4.500] @@ -497,14 +451,12 @@ [ENTROPIES...: 4.5,5.3,5.0,7.6,4.9,7.5,5.8,4.9,4.9,6.8,4.9,5.8,5.1,6.7,5.1,5.3,5.8,4.9,5.8,5.1,6.2,5.3,5.4,5.0,5.0,5.9,5.0,6.5,5.0,5.9,5.2,5.0] new: [....69] [ip4][..tcp] [..192.168.1.184][56680] -> [...138.59.17.58][30303] new: [....70] [ip4][..tcp] [..192.168.1.184][56681] -> [207.180.206.216][30303] - detected: [....68] [ip4][..tcp] [..192.168.1.184][56679] -> [..35.228.158.52][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....68] [ip4][..tcp] [..192.168.1.184][56679] -> [..35.228.158.52][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] new: [....71] [ip4][..udp] [..192.168.1.184][30303] -> [..167.86.122.50][30303] - detected: [....71] [ip4][..udp] [..192.168.1.184][30303] -> [..167.86.122.50][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - detected: [....70] [ip4][..tcp] [..192.168.1.184][56681] -> [207.180.206.216][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....71] [ip4][..udp] [..192.168.1.184][30303] -> [..167.86.122.50][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + detected: [....70] [ip4][..tcp] [..192.168.1.184][56681] -> [207.180.206.216][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.075| 0.014| 0.028| 803.714| 2.700] [PKTLEN......: 52.000| 599.000| 105.000| 126.800| 16079.300| 4.400] @@ -515,7 +467,7 @@ [PKTLENS.....: 64,60,52,599,52,556,84,52,52,195,52,69,52,84,53,176,55,68,84,53,100,67,68,52,52,84,52,134,82,52,52,52] [ENTROPIES...: 4.4,5.3,5.0,7.6,5.2,7.6,5.8,5.0,5.0,6.9,5.0,5.5,5.0,5.7,5.1,6.8,5.1,5.5,5.9,5.2,6.1,5.6,5.5,5.2,5.2,5.8,5.0,6.4,5.9,5.0,5.0,5.1] new: [....72] [ip4][..tcp] [..192.168.1.184][56684] -> [...51.83.237.44][30303] - analyse: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [Mining][Unknown][Mining][Unsafe] + analyse: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.263| 0.042| 0.096| 9182.918| 2.400] [PKTLEN......: 46.000| 591.000| 91.400| 121.500| 14755.200| 4.300] @@ -526,18 +478,13 @@ [PKTLENS.....: 64,60,52,591,52,511,52,84,52,84,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46,46,46] [ENTROPIES...: 4.5,5.3,5.0,7.6,5.2,7.5,4.9,5.8,4.9,5.8,4.9,5.8,5.1,6.7,5.1,5.5,5.8,5.0,5.1,5.5,5.4,5.0,3.7,3.7,3.7,3.7,3.7,3.7,3.7,3.7,3.7,3.7] new: [....73] [ip4][..tcp] [..192.168.1.184][56685] -> [...88.99.93.219][30303] - detected: [....72] [ip4][..tcp] [..192.168.1.184][56684] -> [...51.83.237.44][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....69] [ip4][..tcp] [..192.168.1.184][56680] -> [...138.59.17.58][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....73] [ip4][..tcp] [..192.168.1.184][56685] -> [...88.99.93.219][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + detected: [....72] [ip4][..tcp] [..192.168.1.184][56684] -> [...51.83.237.44][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....69] [ip4][..tcp] [..192.168.1.184][56680] -> [...138.59.17.58][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + detected: [....73] [ip4][..tcp] [..192.168.1.184][56685] -> [...88.99.93.219][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] new: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] - detected: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - detected: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - analyse: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [Mining][Unknown][Mining][Unsafe] + detected: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + detected: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + analyse: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.286| 0.027| 0.065| 4262.303| 2.600] [PKTLEN......: 52.000| 619.000| 109.600| 120.400| 14503.600| 4.500] @@ -547,155 +494,102 @@ [IATS(ms)....: 40.4,40.4,1.5,40.9,246.5,285.9,40.6,40.6,0.7,0.0,0.1,0.0,0.0,0.4,0.0,0.0,0.0,0.1,39.4,0.2,0.9,0.7,39.7,0.2,0.0,0.0,0.0,0.1,1.1,0.8,0.2] [PKTLENS.....: 64,60,52,619,52,292,64,399,52,84,53,176,55,68,84,53,100,67,68,52,52,52,116,52,84,53,55,64,68,260,52,84] [ENTROPIES...: 4.5,5.3,5.1,7.7,5.2,7.2,5.2,7.4,5.1,5.9,5.2,6.8,5.2,5.6,5.9,5.2,6.2,5.5,5.6,5.3,5.3,5.3,6.4,5.1,5.9,5.2,5.3,5.5,5.6,7.1,5.1,5.9] - end: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....69] [ip4][..tcp] [..192.168.1.184][56680] -> [...138.59.17.58][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....68] [ip4][..tcp] [..192.168.1.184][56679] -> [..35.228.158.52][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....70] [ip4][..tcp] [..192.168.1.184][56681] -> [207.180.206.216][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....56] [ip4][..tcp] [..192.168.1.184][56662] -> [..35.229.232.19][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - idle: [....29] [ip4][..udp] [..192.168.1.184][30303] -> [..54.36.160.211][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - idle: [....60] [ip4][..udp] [..192.168.1.184][30303] -> [..106.12.39.168][30333] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - idle: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - guessed: [....42] [ip4][..tcp] [..192.168.1.184][56644] -> [..13.230.108.42][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + end: [....52] [ip4][..tcp] [..192.168.1.184][56657] -> [.138.75.171.190][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [....69] [ip4][..tcp] [..192.168.1.184][56680] -> [...138.59.17.58][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....43] [ip4][..tcp] [..192.168.1.184][56645] -> [.185.219.133.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....46] [ip4][..tcp] [..192.168.1.184][56650] -> [.35.228.250.140][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + idle: [....50] [ip4][..udp] [..192.168.1.184][30303] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....68] [ip4][..tcp] [..192.168.1.184][56679] -> [..35.228.158.52][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + end: [....65] [ip4][..tcp] [..192.168.1.184][56674] -> [...94.68.55.162][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....34] [ip4][..tcp] [..192.168.1.184][56635] -> [.162.228.29.160][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....70] [ip4][..tcp] [..192.168.1.184][56681] -> [207.180.206.216][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....56] [ip4][..tcp] [..192.168.1.184][56662] -> [..35.229.232.19][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + idle: [....37] [ip4][..udp] [..192.168.1.184][30303] -> [.35.180.246.169][30301] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + idle: [....29] [ip4][..udp] [..192.168.1.184][30303] -> [..54.36.160.211][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + idle: [....60] [ip4][..udp] [..192.168.1.184][30303] -> [..106.12.39.168][30333] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + idle: [....74] [ip4][..tcp] [..192.168.1.184][56686] -> [.206.189.107.35][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....13] [ip4][..tcp] [..192.168.1.184][56615] -> [.35.158.244.151][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + guessed: [....42] [ip4][..tcp] [..192.168.1.184][56644] -> [..13.230.108.42][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic idle: [....42] [ip4][..tcp] [..192.168.1.184][56644] -> [..13.230.108.42][30303] - end: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....20] [ip4][..tcp] [..192.168.1.184][56624] -> [....89.38.99.34][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....49] [ip4][..tcp] [..192.168.1.184][56654] -> [..85.214.108.52][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [.....3] [ip4][..udp] [...3.112.138.57][25516] -> [..192.168.1.184][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [.....1] [ip4][..udp] [...87.14.222.25][56693] -> [..192.168.1.184][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....61] [ip4][..tcp] [..192.168.1.184][56670] -> [..167.86.122.50][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....31] [ip4][..udp] [..192.168.1.184][30303] -> [..111.229.0.180][20182] [Mining][Tencent][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....71] [ip4][..udp] [..192.168.1.184][30303] -> [..167.86.122.50][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - idle: [....32] [ip4][..udp] [..192.168.1.184][30303] -> [...209.97.143.1][50000] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - idle: [.....5] [ip4][..udp] [..192.168.1.184][30303] -> [.52.231.165.108][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - idle: [.....2] [ip4][..udp] [...60.191.32.71][30303] -> [..192.168.1.184][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - idle: [....58] [ip4][..udp] [183.129.242.164][.1024] -> [..192.168.1.184][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....51] [ip4][..tcp] [..192.168.1.184][56655] -> [.202.112.28.106][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - guessed: [....21] [ip4][..tcp] [..192.168.1.184][56625] -> [.....5.1.83.226][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + end: [....25] [ip4][..tcp] [..192.168.1.184][56629] -> [....51.38.60.79][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....28] [ip4][..tcp] [..192.168.1.184][56632] -> [...51.38.81.180][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....20] [ip4][..tcp] [..192.168.1.184][56624] -> [....89.38.99.34][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....49] [ip4][..tcp] [..192.168.1.184][56654] -> [..85.214.108.52][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [.....3] [ip4][..udp] [...3.112.138.57][25516] -> [..192.168.1.184][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....10] [ip4][..tcp] [..192.168.1.184][56610] -> [..165.22.107.33][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [.....1] [ip4][..udp] [...87.14.222.25][56693] -> [..192.168.1.184][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....53] [ip4][..tcp] [..192.168.1.184][56658] -> [.157.230.152.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....40] [ip4][..tcp] [..192.168.1.184][56642] -> [..178.62.10.218][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....41] [ip4][..tcp] [..192.168.1.184][56643] -> [..178.62.29.183][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....61] [ip4][..tcp] [..192.168.1.184][56670] -> [..167.86.122.50][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [....31] [ip4][..udp] [..192.168.1.184][30303] -> [..111.229.0.180][20182] [ETHEREUM][Tencent][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....23] [ip4][..tcp] [..192.168.1.184][56627] -> [..34.255.23.113][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + end: [....15] [ip4][..tcp] [..192.168.1.184][56618] -> [.52.231.165.108][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + end: [....64] [ip4][..tcp] [..192.168.1.184][56673] -> [..78.47.147.155][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [....71] [ip4][..udp] [..192.168.1.184][30303] -> [..167.86.122.50][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + idle: [....32] [ip4][..udp] [..192.168.1.184][30303] -> [...209.97.143.1][50000] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + idle: [.....5] [ip4][..udp] [..192.168.1.184][30303] -> [.52.231.165.108][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + idle: [.....2] [ip4][..udp] [...60.191.32.71][30303] -> [..192.168.1.184][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + idle: [....58] [ip4][..udp] [183.129.242.164][.1024] -> [..192.168.1.184][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....22] [ip4][..tcp] [..192.168.1.184][56626] -> [178.128.195.220][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [....51] [ip4][..tcp] [..192.168.1.184][56655] -> [.202.112.28.106][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + guessed: [....21] [ip4][..tcp] [..192.168.1.184][56625] -> [.....5.1.83.226][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic idle: [....21] [ip4][..tcp] [..192.168.1.184][56625] -> [.....5.1.83.226][30303] - end: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [Mining][Mining][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....14] [ip4][..tcp] [..192.168.1.184][56617] -> [...34.97.172.22][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol - guessed: [....35] [ip4][..tcp] [..192.168.1.184][56637] -> [.35.233.197.131][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic + end: [....24] [ip4][..tcp] [..192.168.1.184][56628] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] + end: [....14] [ip4][..tcp] [..192.168.1.184][56617] -> [...34.97.172.22][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + guessed: [....35] [ip4][..tcp] [..192.168.1.184][56637] -> [.35.233.197.131][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic idle: [....35] [ip4][..tcp] [..192.168.1.184][56637] -> [.35.233.197.131][30303] - end: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....59] [ip4][..udp] [..192.168.1.184][30303] -> [.202.112.28.106][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....18] [ip4][..tcp] [..192.168.1.184][56622] -> [..18.138.108.67][30303] [Mining][Mining][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [.....9] [ip4][..tcp] [..192.168.1.184][56612] -> [...66.42.82.246][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [.....4] [ip4][..udp] [..192.168.1.184][30303] -> [....3.209.45.79][30303] [Mining][Mining][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [.....7] [ip4][..udp] [..192.168.1.184][30303] -> [...34.97.172.22][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....16] [ip4][..tcp] [..192.168.1.184][56620] -> [191.234.162.198][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [Mining][Azure][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] [Mining][AmazonAWS][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [.....6] [ip4][..udp] [..192.168.1.184][30303] -> [..18.138.108.67][30303] [Mining][Mining][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....66] [ip4][..tcp] [..192.168.1.184][56675] -> [..35.235.37.216][30303] [Mining][GoogleCloud][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....72] [ip4][..tcp] [..192.168.1.184][56684] -> [...51.83.237.44][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [.....8] [ip4][..udp] [..192.168.1.184][30303] -> [...66.42.82.246][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - end: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - idle: [....73] [ip4][..tcp] [..192.168.1.184][56685] -> [...88.99.93.219][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....12] [ip4][..tcp] [..192.168.1.184][56613] -> [.162.243.160.83][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....39] [ip4][..tcp] [..192.168.1.184][56641] -> [.144.91.120.135][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol - end: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [Mining][Unknown][Mining][Unsafe] - RISK: Unsafe Protocol + end: [....54] [ip4][..tcp] [..192.168.1.184][56660] -> [...51.161.23.12][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....55] [ip4][..tcp] [..192.168.1.184][56661] -> [....52.9.128.68][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + end: [....30] [ip4][..tcp] [..192.168.1.184][56633] -> [.82.145.220.249][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....57] [ip4][..tcp] [..192.168.1.184][56663] -> [124.217.235.180][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....47] [ip4][..tcp] [..192.168.1.184][56651] -> [..138.201.12.87][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [....26] [ip4][..udp] [..192.168.1.184][30303] -> [...128.0.51.140][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....44] [ip4][..tcp] [..192.168.1.184][56646] -> [..172.105.94.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....48] [ip4][..tcp] [..192.168.1.184][56652] -> [..176.9.136.209][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [....59] [ip4][..udp] [..192.168.1.184][30303] -> [.202.112.28.106][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....18] [ip4][..tcp] [..192.168.1.184][56622] -> [..18.138.108.67][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] + end: [....19] [ip4][..tcp] [..192.168.1.184][56623] -> [...18.138.81.28][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + idle: [.....9] [ip4][..tcp] [..192.168.1.184][56612] -> [...66.42.82.246][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [.....4] [ip4][..udp] [..192.168.1.184][30303] -> [....3.209.45.79][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....11] [ip4][..tcp] [..192.168.1.184][56611] -> [..104.42.217.25][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + idle: [.....7] [ip4][..udp] [..192.168.1.184][30303] -> [...34.97.172.22][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....63] [ip4][..tcp] [..192.168.1.184][56672] -> [139.162.255.210][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....16] [ip4][..tcp] [..192.168.1.184][56620] -> [191.234.162.198][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + end: [....45] [ip4][..tcp] [..192.168.1.184][56647] -> [.182.162.161.61][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....36] [ip4][..tcp] [..192.168.1.184][56638] -> [209.250.240.205][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....38] [ip4][..tcp] [..192.168.1.184][56639] -> [.18.219.167.159][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + end: [....27] [ip4][..tcp] [..192.168.1.184][56630] -> [..40.67.144.128][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + end: [....17] [ip4][..tcp] [..192.168.1.184][56621] -> [..52.187.207.27][30303] [ETHEREUM][Azure][Crypto_Currency][Acceptable] + idle: [....67] [ip4][..tcp] [..192.168.1.184][56678] -> [..13.251.14.199][30303] [ETHEREUM][AmazonAWS][Crypto_Currency][Acceptable] + idle: [.....6] [ip4][..udp] [..192.168.1.184][30303] -> [..18.138.108.67][30303] [ETHEREUM][ETHEREUM][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....66] [ip4][..tcp] [..192.168.1.184][56675] -> [..35.235.37.216][30303] [ETHEREUM][GoogleCloud][Crypto_Currency][Acceptable] + end: [....72] [ip4][..tcp] [..192.168.1.184][56684] -> [...51.83.237.44][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [.....8] [ip4][..udp] [..192.168.1.184][30303] -> [...66.42.82.246][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + RISK: Unidirectional Traffic + end: [....62] [ip4][..tcp] [..192.168.1.184][56671] -> [..86.107.243.62][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + idle: [....73] [ip4][..tcp] [..192.168.1.184][56685] -> [...88.99.93.219][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....12] [ip4][..tcp] [..192.168.1.184][56613] -> [.162.243.160.83][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....39] [ip4][..tcp] [..192.168.1.184][56641] -> [.144.91.120.135][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] + end: [....33] [ip4][..tcp] [..192.168.1.184][56634] -> [..159.203.84.31][30303] [ETHEREUM][Unknown][Crypto_Currency][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out index fee5b0fcf..47ac560f0 100644 --- a/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/flow-info/default/fuzz-2006-06-26-2594.pcap.out @@ -40,7 +40,7 @@ RISK: Unidirectional Traffic ERROR-EVENT: Unknown packet type [1/16] detection-update: [....13] [ip4][..udp] [....192.168.1.2][.2715] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cyber?ity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16] new: [....14] [ip4][..udp] [....192.168.1.2][.2716] -> [....192.168.1.1][...53] detected: [....14] [ip4][..udp] [....192.168.1.2][.2716] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] @@ -74,7 +74,7 @@ update: [.....5] [ip4][..udp] [....192.168.1.2][.2712] -> [....192.168.1.1][49973] new: [....21] [ip4][..udp] [....192.114.1.2][.2719] -> [....192.168.1.1][...53] detected: [....21] [ip4][..udp] [....192.114.1.2][.2719] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ftp.ecite?e.com] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [....22] [ip4][..udp] [....192.168.1.2][.2719] -> [....192.168.1.1][...53] detected: [....22] [ip4][..udp] [....192.168.1.2][.2719] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][ftp.ecitele.com] RISK: Unidirectional Traffic @@ -92,6 +92,8 @@ new: [....30] [ip4][..tcp] [..147.234.1.249][.2069] -> [....192.168.1.2][.2720] [MIDSTREAM] new: [....31] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.168.1.2][.2208] [MIDSTREAM] new: [....32] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.168.1.2][.2732] [MIDSTREAM] + detected: [....32] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.168.1.2][.2732] [Protobuf][Unknown][Network][Safe] + RISK: Unidirectional Traffic new: [....33] [ip4][..tcp] [..147.234.1.253][.1045] -> [....192.168.1.2][.2720] [MIDSTREAM] new: [....34] [ip4][..tcp] [..147.234.1.253][...21] -> [...192.168.65.2][.2720] [MIDSTREAM] ERROR-EVENT: Unknown L3 protocol [3/16] @@ -144,9 +146,9 @@ new: [....47] [ip4][..udp] [....192.168.1.2][.2724] -> [....192.168.1.1][.9587] new: [....48] [ip4][..udp] [....192.168.1.2][.2724] -> [....192.168.1.1][...53] detected: [....48] [ip4][..udp] [....192.168.1.2][.2724] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp._s?.cybercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [....48] [ip4][..udp] [....192.168.1.2][.2724] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [....49] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][25481] new: [....50] [ip4][..udp] [....192.168.1.2][.2724] -> [...192.168.17.1][...53] detected: [....50] [ip4][..udp] [....192.168.1.2][.2724] -> [...192.168.17.1][...53] [DNS][Unknown][Network][Acceptable][_zip._udp.sip.cybercity.dk] @@ -354,12 +356,12 @@ detection-update: [....72] [ip4][..udp] [....192.168.1.2][.2739] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] new: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] detected: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cyberci_s] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: Unknown packet type [1/16] detection-update: [....73] [ip4][..udp] [....192.168.1.2][.2740] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Malformed Packet, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [....74] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][.8329] new: [....75] [ip4][..udp] [....192.168.1.2][.2741] -> [....192.168.1.1][...53] detected: [....75] [ip4][..udp] [....192.168.1.2][.2741] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] @@ -435,7 +437,7 @@ new: [....85] [ip4][..240] [....192.168.1.2] -> [....192.168.1.1] new: [....86] [ip4][..udp] [...192.168.1.34][.2746] -> [....192.168.1.1][...53] detected: [....86] [ip4][..udp] [...192.168.1.34][.2746] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp._s?p.brvjula.net] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic idle: [....60] [ip4][..udp] [....172.168.1.2][.2734] -> [....192.168.1.1][...53] idle: [....57] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2733] [DNS][Unknown][Network][Acceptable] RISK: Unidirectional Traffic @@ -476,7 +478,7 @@ detection-update: [....90] [ip4][..udp] [....192.168.1.2][.2748] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Unidirectional Traffic detection-update: [....90] [ip4][..udp] [....192.168.1.2][.2748] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic guessed: [....63] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..169] [NetBIOS][Unknown][System][Acceptable][] idle: [....63] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..169] idle: [....61] [ip4][..udp] [....200.168.1.2][.2735] -> [....192.168.1.1][...53] @@ -501,7 +503,7 @@ detection-update: [....94] [ip4][..udp] [....192.168.1.2][.2750] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.voip.brujula.net] RISK: Malformed Packet, Unidirectional Traffic detection-update: [....94] [ip4][..udp] [....192.168.1.2][.2750] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.vo_s] - RISK: Malformed Packet, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic update: [....81] [ip4][..udp] [....192.168.1.2][...88] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] update: [....74] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][.8329] update: [....65] [ip4][..udp] [....192.168.1.2][.2684] -> [....192.168.1.1][...53] @@ -516,7 +518,7 @@ RISK: Malformed Packet, Unidirectional Traffic new: [....97] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2751] detected: [....97] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2751] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [....98] [ip4][..udp] [....192.168.1.2][.2752] -> [....192.168.1.1][...53] detected: [....98] [ip4][..udp] [....192.168.1.2][.2752] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Unidirectional Traffic @@ -603,7 +605,7 @@ idle: [....70] [ip4][..udp] [....192.168.1.2][.2738] -> [....192.168.1.1][...53] update: [....96] [ip4][..udp] [...192.168.1.18][.2751] -> [....192.168.1.1][...53] update: [....97] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2751] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic update: [....98] [ip4][..udp] [....192.168.1.2][.2752] -> [....192.168.1.1][...53] DAEMON-EVENT: [Processed: 241 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 63 / 109|skipped: 0|!detected: 6|guessed: 4|detection-updates: 26|updates: 178] @@ -611,9 +613,9 @@ detected: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Unidirectional Traffic detection-update: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_?ip._udp.sip.cybercit?.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic guessed: [....74] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][.8329] [NetBIOS][Unknown][System][Acceptable][] idle: [....74] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][.8329] idle: [....72] [ip4][..udp] [....192.168.1.2][.2739] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] @@ -651,7 +653,7 @@ detected: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.v.0.127.in-addr.arpa] RISK: Unidirectional Traffic detection-update: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected analyse: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.742| 47.495| 20.018| 22.628| 512023754.441| 3.900] @@ -675,7 +677,7 @@ update: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] new: [...112] [ip4][..udp] [....192.168.1.2][.2640] -> [....192.168.1.1][...53] detected: [...112] [ip4][..udp] [....192.168.1.2][.2640] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...113] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] detected: [...113] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._tdp.sip.cybercity.dk] RISK: Unidirectional Traffic @@ -694,7 +696,7 @@ update: [....80] [ip4][..udp] [....192.168.1.2][.2744] -> [....192.168.1.1][...53] update: [....96] [ip4][..udp] [...192.168.1.18][.2751] -> [....192.168.1.1][...53] update: [....97] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2751] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic update: [....98] [ip4][..udp] [....192.168.1.2][.2752] -> [....192.168.1.1][...53] update: [...109] [ip4][..udp] [....192.168.1.2][.2755] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] new: [...116] [ip4][..udp] [....192.168.1.2][.2759] -> [....192.168.1.1][...53] @@ -742,7 +744,7 @@ update: [...104] [ip4][..udp] [....192.168.1.2][.2753] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] update: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] update: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected update: [....89] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.4932] [SIP][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic update: [....91] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable] @@ -781,9 +783,9 @@ ERROR-EVENT: Unknown packet type [5/16] new: [...124] [ip4][..udp] [....192.168.1.2][43690] -> [170.170.170.170][43690] detection-update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.s?p.cibercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Error Code, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Error Code, Unidirectional Traffic idle: [....87] [ip4][..udp] [....192.168.1.2][.2747] -> [.....67.168.1.1][...53] idle: [....84] [ip4][..udp] [....192.168.1.2][.2746] -> [....192.168.1.1][...53] idle: [....88] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2747] [DNS][Unknown][Network][Acceptable] @@ -794,7 +796,7 @@ update: [...108] [ip4][..udp] [.....14.168.1.2][.2754] -> [....192.168.1.1][...53] update: [....96] [ip4][..udp] [...192.168.1.18][.2751] -> [....192.168.1.1][...53] update: [....97] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2751] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic update: [....98] [ip4][..udp] [....192.168.1.2][.2752] -> [....192.168.1.1][...53] update: [...109] [ip4][..udp] [....192.168.1.2][.2755] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] update: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] @@ -836,7 +838,7 @@ update: [...104] [ip4][..udp] [....192.168.1.2][.2753] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] update: [...106] [ip4][..udp] [....192.168.1.2][.2754] -> [....192.168.1.1][...53] update: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected update: [...119] [ip4][..udp] [....192.168.1.2][.2760] -> [....192.168.1.1][...53] update: [....91] [ip4][..udp] [....192.168.1.2][.5060] -> [..200.68.120.81][.5060] [SIP][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic @@ -863,7 +865,7 @@ RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [...101] [ip4][..udp] [....192.168.1.2][.2752] -> [....102.168.1.1][...53] idle: [....97] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2751] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic idle: [....96] [ip4][..udp] [...192.168.1.18][.2751] -> [....192.168.1.1][...53] idle: [....98] [ip4][..udp] [....192.168.1.2][.2752] -> [....192.168.1.1][...53] idle: [...102] [ip4][..udp] [.....192.98.1.2][.2752] -> [.....25.168.1.1][...53] @@ -887,7 +889,7 @@ update: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763] [DNS][Unknown][Network][Acceptable] RISK: Malformed Packet, Unidirectional Traffic update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars, Error Code, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Error Code, Unidirectional Traffic ERROR-EVENT: Unknown packet type [1/16] ERROR-EVENT: Unknown packet type [2/16] new: [...136] [ip4][..127] [....192.168.1.2] -> [....192.168.1.1] @@ -912,7 +914,7 @@ update: [...109] [ip4][..udp] [....192.168.1.2][.2755] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] update: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] update: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected update: [...115] [ip4][..udp] [....192.168.1.2][.2758] -> [....192.168.1.1][...53] update: [...116] [ip4][..udp] [....192.168.1.2][.2759] -> [....192.168.1.1][...53] update: [...119] [ip4][..udp] [....192.168.1.2][.2760] -> [....192.168.1.1][...53] @@ -938,16 +940,16 @@ update: [...131] [ip4][..udp] [....192.168.1.2][.2768] -> [....192.168.1.1][...53] new: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] detected: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...143] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.184.1.1][...53] detected: [...143] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.184.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Unidirectional Traffic detection-update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic idle: [...110] [ip4][..udp] [....192.168.1.2][.2756] -> [....192.168.1.1][...53] update: [...124] [ip4][..udp] [....192.168.1.2][43690] -> [170.170.170.170][43690] update: [...133] [ip4][..udp] [.....94.168.1.2][.2768] -> [....192.168.1.1][....4] @@ -958,7 +960,7 @@ update: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763] [DNS][Unknown][Network][Acceptable] RISK: Malformed Packet, Unidirectional Traffic update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars, Error Code, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Error Code, Unidirectional Traffic update: [...132] [ip4][..udp] [....192.168.1.2][35536] -> [....192.168.1.1][...53] update: [...134] [ip4][..udp] [....192.168.1.2][.2769] -> [....192.168.1.1][...53] update: [...113] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] @@ -969,7 +971,7 @@ ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] idle: [...112] [ip4][..udp] [....192.168.1.2][.2640] -> [....192.168.1.1][...53] idle: [...111] [ip4][..udp] [....192.168.1.2][.2757] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected idle: [...113] [ip4][..udp] [....192.168.1.2][.2785] -> [....192.168.1.1][...53] update: [...117] [ip4][...37] [....192.168.1.1] -> [....192.168.1.2] update: [...138] [ip4][..udp] [....192.168.1.2][..137] -> [..120.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] @@ -994,12 +996,12 @@ detection-update: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Malformed Packet, Unidirectional Traffic detection-update: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...146] [ip4][..udp] [....192.168.9.2][.2774] -> [....192.168.1.1][...53] detected: [...146] [ip4][..udp] [....192.168.9.2][.2774] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Unidirectional Traffic detection-update: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic guessed: [...114] [ip4][..udp] [.192.168.37.115][.2758] -> [....128.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] RISK: Malformed Packet, Unidirectional Traffic idle: [...114] [ip4][..udp] [.192.168.37.115][.2758] -> [....128.168.1.1][...53] @@ -1013,19 +1015,19 @@ RISK: Unidirectional Traffic new: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] detected: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-aqd?.arpa] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [...116] [ip4][..udp] [....192.168.1.2][.2759] -> [....192.168.1.1][...53] update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] new: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] detected: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] RISK: Unidirectional Traffic detection-update: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: Unknown packet type [1/16] detection-update: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic guessed: [...118] [ip4][..udp] [.....192.22.1.2][.2760] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] RISK: Malformed Packet, Unidirectional Traffic idle: [...118] [ip4][..udp] [.....192.22.1.2][.2760] -> [....192.168.1.1][...53] @@ -1037,7 +1039,7 @@ update: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763] [DNS][Unknown][Network][Acceptable] RISK: Malformed Packet, Unidirectional Traffic update: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars, Error Code, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Error Code, Unidirectional Traffic update: [...132] [ip4][..udp] [....192.168.1.2][35536] -> [....192.168.1.1][...53] update: [...134] [ip4][..udp] [....192.168.1.2][.2769] -> [....192.168.1.1][...53] update: [...143] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.184.1.1][...53] @@ -1083,7 +1085,7 @@ idle: [...122] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2763] [DNS][Unknown][Network][Acceptable] RISK: Malformed Packet, Unidirectional Traffic idle: [...123] [ip4][..udp] [....192.168.1.2][.2764] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars, Error Code, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Error Code, Unidirectional Traffic update: [...141] [ip4][..udp] [....192.168.1.2][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous] RISK: Unsafe Protocol update: [...130] [ip4][..udp] [....192.168.1.2][.2767] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] @@ -1094,7 +1096,7 @@ update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] update: [...146] [ip4][..udp] [....192.168.9.2][.2774] -> [....192.168.1.1][...53] update: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [...155] [ip4][..udp] [....192.168.1.2][.2784] -> [....192.168.1.1][...53] detected: [...155] [ip4][..udp] [....192.168.1.2][.2784] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] RISK: Malformed Packet, Unidirectional Traffic @@ -1140,7 +1142,7 @@ RISK: Unidirectional Traffic new: [...161] [ip4][..udp] [....192.168.1.2][.2786] -> [....192.168.1.3][...53] detected: [...161] [ip4][..udp] [....192.168.1.2][.2786] -> [....192.168.1.3][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-ad?r.arpa] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] new: [...162] [ip4][..udp] [..212.242.33.35][.9587] -> [....192.168.1.2][..196] new: [...163] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.3.1][...53] @@ -1148,11 +1150,11 @@ RISK: Unidirectional Traffic new: [...164] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.1.1][...53] detected: [...164] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...164] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.?ip.kybermity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...164] [ip4][..udp] [....192.168.1.2][.2787] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic not-detected: [...133] [ip4][..udp] [.....94.168.1.2][.2768] -> [....192.168.1.1][....4] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...133] [ip4][..udp] [.....94.168.1.2][.2768] -> [....192.168.1.1][....4] @@ -1199,7 +1201,7 @@ update: [...142] [ip4][..udp] [....192.168.1.2][.2772] -> [....192.168.1.1][...53] update: [...146] [ip4][..udp] [....192.168.9.2][.2774] -> [....192.168.1.1][...53] update: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [...155] [ip4][..udp] [....192.168.1.2][.2784] -> [....192.168.1.1][...53] update: [...156] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.5.2][.2784] [DNS][Unknown][Network][Acceptable] RISK: Unidirectional Traffic @@ -1245,13 +1247,13 @@ update: [...159] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][35721] new: [...175] [ip4][..udp] [....192.168.1.2][.2791] -> [...192.168.67.1][...53] detected: [...175] [ip4][..udp] [....192.168.1.2][.2791] -> [...192.168.67.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] detected: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] RISK: Unidirectional Traffic new: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] detected: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-a?dr.arpa] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] update: [...117] [ip4][...37] [....192.168.1.1] -> [....192.168.1.2] update: [...162] [ip4][..udp] [..212.242.33.35][.9587] -> [....192.168.1.2][..196] @@ -1272,7 +1274,7 @@ update: [...154] [ip4][..udp] [......0.168.1.2][.2783] -> [....192.168.1.1][...53] update: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] update: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] update: [...172] [ip4][..udp] [....192.168.1.2][..137] -> [..192.194.1.255][..137] [NetBIOS][Unknown][System][Acceptable] update: [...150] [ip4][..udp] [...192.168.33.2][.2782] -> [....192.168.1.1][...53] @@ -1301,7 +1303,7 @@ idle: [...152] [ip4][..udp] [....192.168.1.6][.5060] -> [..212.242.33.35][.5060] idle: [...145] [ip4][..udp] [....192.168.1.2][.2774] -> [....192.168.1.1][...53] idle: [...147] [ip4][..udp] [....192.168.1.2][.2775] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [...148] [ip4][..udp] [....192.168.1.2][.2776] -> [....192.168.1.1][...53] idle: [...151] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2782] [DNS][Unknown][Network][Acceptable] RISK: Unidirectional Traffic @@ -1333,7 +1335,7 @@ update: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] update: [...158] [ip4][..udp] [....200.168.1.2][.2785] -> [....192.168.1.1][...53] update: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected update: [...159] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][35721] update: [...107] [ip4][..118] [....192.168.1.2] -> [..200.68.120.81] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] @@ -1376,7 +1378,7 @@ update: [...171] [ip4][..udp] [...192.168.1.53][.2791] -> [....192.168.1.1][...53] update: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] update: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected update: [....37] [ip4][..170] [170.170.170.170] -> [170.170.170.170] new: [...180] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..138] detected: [...180] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..138] [NetBIOS.SMBv1][Unknown][System][Dangerous][lab111] @@ -1418,7 +1420,7 @@ RISK: Unidirectional Traffic update: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] update: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected new: [...188] [ip4][..udp] [....192.168.1.2][...68] -> [....192.168.1.1][...67] detected: [...188] [ip4][..udp] [....192.168.1.2][...68] -> [....192.168.1.1][...67] [DHCP][Unknown][Network][Acceptable][d002465] RISK: Unidirectional Traffic @@ -1427,7 +1429,7 @@ RISK: Unidirectional Traffic idle: [...176] [ip4][..udp] [....192.168.1.2][.2792] -> [....192.168.1.1][...53] idle: [...177] [ip4][..udp] [....192.168.1.1][...53] -> [....240.168.1.2][.2792] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected not-detected: [...107] [ip4][..118] [....192.168.1.2] -> [..200.68.120.81] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...107] [ip4][..118] [....192.168.1.2] -> [..200.68.120.81] @@ -1451,10 +1453,10 @@ detected: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][re-.sippstar.com] RISK: Unidirectional Traffic detection-update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][reg.sip?star.com] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] detection-update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][reg.sippstar.com] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53] detected: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53] [DNS][Unknown][Network][Acceptable][sip.cybercity.dk] RISK: Unidirectional Traffic @@ -1486,10 +1488,10 @@ detected: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.ak] RISK: Unidirectional Traffic detection-update: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...195] [ip4][..udp] [192.168.170.170][43690] -> [170.170.170.170][43690] detection-update: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16] update: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] update: [...187] [ip4][..udp] [....192.168.1.2][..137] -> [..200.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] @@ -1499,8 +1501,9 @@ RISK: Malformed Packet, Unidirectional Traffic new: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] detected: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arp_] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] + RISK: Non-Printable/Invalid Chars Detected new: [...198] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] detected: [...198] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic @@ -1521,9 +1524,9 @@ RISK: Unidirectional Traffic new: [...202] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...53] detected: [...202] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_s?p._udp.sip.cybercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...202] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...203] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...21] ERROR-EVENT: Unknown packet type [1/16] update: [...117] [ip4][...37] [....192.168.1.1] -> [....192.168.1.2] @@ -1539,13 +1542,13 @@ RISK: Unsafe Protocol update: [...189] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..394] update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53] new: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] detected: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] RISK: Unidirectional Traffic detection-update: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected new: [...205] [ip4][....0] [....192.168.1.2] -> [..212.242.33.35] new: [...206] [ip4][..udp] [....192.168.1.2][.2568] -> [....192.168.1.1][...53] detected: [...206] [ip4][..udp] [....192.168.1.2][.2568] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] @@ -1573,7 +1576,7 @@ RISK: Unidirectional Traffic ERROR-EVENT: Unknown L3 protocol [1/16] detection-update: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cyberc?ty.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic idle: [...183] [ip4][..udp] [...192.168.1.41][..137] -> [..107.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] idle: [...184] [ip4][..udp] [.....115.0.1.41][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] idle: [...181] [ip4][..udp] [.192.184.189.41][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] @@ -1582,9 +1585,10 @@ update: [...198] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic update: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected update: [...199] [ip4][..udp] [....192.168.1.2][.2798] -> [....192.168.1.1][...53] detection-update: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: Unknown packet type [2/16] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16] idle: [...185] [ip4][..udp] [...192.168.1.41][..137] -> [.192.168.37.115][..137] [NetBIOS][Unknown][System][Acceptable] @@ -1595,15 +1599,15 @@ RISK: Unidirectional Traffic new: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] detected: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sim._udp.sip.c_ber_itm.dk] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.c4bercity.dk] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cxbercity.dk] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.qk] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic idle: [...182] [ip4][..udp] [...192.168.1.41][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] idle: [...187] [ip4][..udp] [....192.168.1.2][..137] -> [..200.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] not-detected: [...186] [ip4][..udp] [....192.168.1.2][43690] -> [192.168.170.170][43690] [Unknown][Unknown][Unrated] @@ -1614,7 +1618,7 @@ update: [...189] [ip4][..udp] [...192.168.1.41][..138] -> [..192.168.1.255][..394] update: [...203] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...21] update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53] update: [...200] [ip4][..udp] [....192.168.1.2][.2799] -> [....192.168.1.1][...53] update: [...201] [ip4][..udp] [....192.168.1.1][...53] -> [..192.168.119.2][.2799] [DNS][Unknown][Network][Acceptable] @@ -1623,7 +1627,7 @@ ERROR-EVENT: Unknown packet type [1/16] new: [...214] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2807] detected: [...214] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2807] [DNS][Unknown][Network][Acceptable][] - RISK: Malformed Packet, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...215] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][38709] new: [...216] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][...53] detected: [...216] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] @@ -1639,7 +1643,7 @@ update: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53] update: [...196] [ip4][..udp] [....192.168.1.2][.2796] -> [..192.168.1.129][...53] update: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected update: [...207] [ip4][..udp] [....192.168.1.2][.2802] -> [....192.168.1.1][...53] ERROR-EVENT: Unknown packet type [2/16] new: [...217] [ip4][..udp] [....192.168.1.2][19192] -> [....192.168.1.1][...53] @@ -1671,6 +1675,7 @@ update: [...198] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic update: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected update: [...199] [ip4][..udp] [....192.168.1.2][.2798] -> [....192.168.1.1][...53] update: [...209] [ip4][..udp] [....192.168.1.2][.2803] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] update: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] @@ -1686,7 +1691,7 @@ update: [...149] [ip4][....0] [....192.168.1.2] -> [..192.168.1.255] update: [...203] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...21] update: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53] update: [...200] [ip4][..udp] [....192.168.1.2][.2799] -> [....192.168.1.1][...53] update: [...201] [ip4][..udp] [....192.168.1.1][...53] -> [..192.168.119.2][.2799] [DNS][Unknown][Network][Acceptable] @@ -1703,7 +1708,7 @@ RISK: Unidirectional Traffic ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] idle: [...190] [ip4][..udp] [....192.168.1.2][.2793] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [...191] [ip4][..udp] [....192.168.1.2][.2794] -> [..192.168.108.1][...53] update: [...208] [ip4][..udp] [....192.168.1.2][18162] -> [....192.168.1.1][...53] update: [...195] [ip4][..udp] [192.168.170.170][43690] -> [170.170.170.170][43690] @@ -1720,14 +1725,15 @@ update: [...194] [ip4][..udp] [....192.168.1.2][.2796] -> [....192.168.1.1][...53] update: [...196] [ip4][..udp] [....192.168.1.2][.2796] -> [..192.168.1.129][...53] update: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected update: [...199] [ip4][..udp] [....192.168.1.2][.2798] -> [....192.168.1.1][...53] update: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected update: [...207] [ip4][..udp] [....192.168.1.2][.2802] -> [....192.168.1.1][...53] update: [...209] [ip4][..udp] [....192.168.1.2][.2803] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] update: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] update: [...214] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2807] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic update: [...216] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][...53] update: [...217] [ip4][..udp] [....192.168.1.2][19192] -> [....192.168.1.1][...53] update: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] @@ -1737,7 +1743,7 @@ update: [...220] [ip4][..udp] [....192.170.1.2][.2810] -> [....192.168.1.1][...53] new: [...227] [ip4][..udp] [....192.168.1.2][.2813] -> [....192.168.1.1][...53] detected: [...227] [ip4][..udp] [....192.168.1.2][.2813] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127?in-ad_r?arpa???] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16] new: [...228] [ip4][..udp] [....192.168.1.2][.2814] -> [....192.168.1.1][...53] @@ -1779,12 +1785,12 @@ ERROR-EVENT: nDPI IPv4/L4 payload detection failed [1/16] new: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] detected: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][?sip._udp.shp.cybercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...232] [ip4][..udp] [....192.168.1.2][.5060] -> [.212.242.33.201][.5060] detected: [...232] [ip4][..udp] [....192.168.1.2][.5060] -> [.212.242.33.201][.5060] [SIP][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic detection-update: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udq.sip.cybercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...233] [ip4][..udp] [....192.168.1.3][30000] -> [..212.242.33.36][40392] new: [...234] [ip4][..udp] [....192.168.1.2][30000] -> [....37.115.0.36][40392] new: [...235] [ip4][..udp] [....192.168.1.2][30000] -> [..212.242.33.36][40392] @@ -1793,14 +1799,15 @@ new: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392] ERROR-EVENT: Unknown packet type [2/16] detection-update: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: nDPI IPv4/L4 payload detection failed [3/16] idle: [...197] [ip4][..udp] [....192.168.1.2][.2797] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] + RISK: Non-Printable/Invalid Chars Detected idle: [...199] [ip4][..udp] [....192.168.1.2][.2798] -> [....192.168.1.1][...53] update: [...205] [ip4][....0] [....192.168.1.2] -> [..212.242.33.35] new: [...238] [ip4][..udp] [....192.168.1.2][.2822] -> [....192.168.1.1][...53] detected: [...238] [ip4][..udp] [....192.168.1.2][.2822] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.1?7.in-addr.arpa] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic new: [...239] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.234.33.35][.5060] detected: [...239] [ip4][..udp] [....192.168.1.2][.5060] -> [..212.234.33.35][.5060] [SIP][Unknown][VoIP][Acceptable] RISK: Unidirectional Traffic @@ -1810,9 +1817,9 @@ RISK: Unidirectional Traffic ERROR-EVENT: nDPI IPv4/L4 payload detection failed [2/16] detection-update: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...240] [ip4][..udp] [....192.168.1.2][.2823] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic not-detected: [...149] [ip4][....0] [....192.168.1.2] -> [..192.168.1.255] [Unknown][Unknown][Unrated] idle: [...149] [ip4][....0] [....192.168.1.2] -> [..192.168.1.255] not-detected: [...203] [ip4][..udp] [....192.168.1.2][.2800] -> [....192.168.1.1][...21] [Unknown][Unknown][Unrated] @@ -1830,12 +1837,12 @@ update: [...206] [ip4][..udp] [....192.168.1.2][.2568] -> [....192.168.1.1][...53] update: [...222] [ip4][..udp] [....128.168.1.2][.2810] -> [....192.168.1.1][...53] update: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected update: [...207] [ip4][..udp] [....192.168.1.2][.2802] -> [....192.168.1.1][...53] update: [...209] [ip4][..udp] [....192.168.1.2][.2803] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] update: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] update: [...214] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2807] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic update: [...216] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][...53] update: [...217] [ip4][..udp] [....192.168.1.2][19192] -> [....192.168.1.1][...53] update: [...218] [ip4][..udp] [....192.168.1.2][.2809] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] @@ -1854,11 +1861,11 @@ detection-update: [...242] [ip4][..udp] [....192.168.1.2][.2825] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][] RISK: Malformed Packet, Unidirectional Traffic detection-update: [...242] [ip4][..udp] [....192.168.1.2][.2825] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercity.dk] - RISK: Malformed Packet, Text With Non-Printable Chars, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic idle: [...208] [ip4][..udp] [....192.168.1.2][18162] -> [....192.168.1.1][...53] idle: [...206] [ip4][..udp] [....192.168.1.2][.2568] -> [....192.168.1.1][...53] idle: [...204] [ip4][..udp] [....192.168.1.2][.2801] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Text With Non-Printable Chars + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected idle: [...207] [ip4][..udp] [....192.168.1.2][.2802] -> [....192.168.1.1][...53] update: [...211] [ip4][..udp] [....192.168.1.2][.2805] -> [....192.168.1.1][...51] update: [...212] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2805] [DNS][Unknown][Network][Acceptable] @@ -1877,9 +1884,9 @@ RISK: Unsafe Protocol new: [...244] [ip4][..udp] [....192.168.1.2][.2826] -> [....192.168.1.1][...53] detected: [...244] [ip4][..udp] [....192.168.1.2][.2826] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.?.0.127.in-addr.arpa] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic detection-update: [...244] [ip4][..udp] [....192.168.1.2][.2826] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][1.0.0.127.in-addr.arpa] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [...209] [ip4][..udp] [....192.168.1.2][.2803] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] idle: [...210] [ip4][..udp] [....192.168.1.2][.2804] -> [....192.168.1.1][...53] update: [...232] [ip4][..udp] [....192.168.1.2][.5060] -> [.212.242.33.201][.5060] [SIP][Unknown][VoIP][Acceptable] @@ -1897,11 +1904,11 @@ RISK: Unidirectional Traffic new: [...246] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.168.1.1][...53] detected: [...246] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cybercimy.v?] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: Unknown packet type [1/16] new: [...247] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.170.1.1][...53] detected: [...247] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.170.1.1][...53] [DNS][Unknown][Network][Acceptable][_sip._udp.sip.cyberc?ty.dk] - RISK: Text With Non-Printable Chars, Unidirectional Traffic + RISK: Non-Printable/Invalid Chars Detected, Unidirectional Traffic ERROR-EVENT: Unknown L3 protocol [2/16] not-detected: [...157] [ip4][...19] [....192.168.1.2] -> [....192.168.1.1] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic @@ -1932,7 +1939,7 @@ idle: [...215] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][38709] idle: [...213] [ip4][..udp] [....192.168.1.2][.2806] -> [....192.168.1.1][...53] idle: [...214] [ip4][..udp] [....192.168.1.1][...53] -> [....192.168.1.2][.2807] [DNS][Unknown][Network][Acceptable] - RISK: Malformed Packet, Unidirectional Traffic + RISK: Malformed Packet, Non-Printable/Invalid Chars Detected, Unidirectional Traffic idle: [...216] [ip4][..udp] [....192.168.1.2][.2808] -> [....192.168.1.1][...53] update: [.....1] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..137] [NetBIOS][Unknown][System][Acceptable] update: [...198] [ip4][..udp] [..212.242.33.35][.5060] -> [....192.168.1.2][.5060] [SIP][Unknown][VoIP][Acceptable] @@ -1984,7 +1991,7 @@ RISK: Malformed Packet, Error Code, Unidirectional Traffic update: [...231] [ip4][..udp] [....192.168.1.2][.2816] -> [....192.168.1.1][...53] update: [...244] [ip4][..udp] [....192.168.1.2][.2826] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [...229] [ip4][..udp] [....192.168.1.2][29440] -> [...192.168.1.37][..137] [NetBIOS][Unknown][System][Acceptable] RISK: Unidirectional Traffic update: [...225] [ip4][..udp] [....192.168.1.2][..137] -> [..192.168.1.255][..905] @@ -2062,7 +2069,7 @@ idle: [...241] [ip4][..udp] [....192.168.1.2][.2824] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] idle: [...242] [ip4][..udp] [....192.168.1.2][.2825] -> [....192.168.1.1][...53] idle: [...244] [ip4][..udp] [....192.168.1.2][.2826] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [...246] [ip4][..udp] [....192.168.1.2][.2827] -> [....192.168.1.1][...53] idle: [...245] [ip4][..udp] [....192.168.1.2][.2827] -> [..192.168.1.114][...53] idle: [...248] [ip4][..udp] [....192.168.1.2][.2828] -> [....192.168.1.1][...53] @@ -2105,9 +2112,8 @@ guessed: [....34] [ip4][..tcp] [..147.234.1.253][...21] -> [...192.168.65.2][.2720] [FTP_CONTROL][Unknown][Download][Unsafe] RISK: Unsafe Protocol, Unidirectional Traffic idle: [....34] [ip4][..tcp] [..147.234.1.253][...21] -> [...192.168.65.2][.2720] - guessed: [....32] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.168.1.2][.2732] [FTP_CONTROL][Unknown][Download][Unsafe] - RISK: Unsafe Protocol, Unidirectional Traffic - idle: [....32] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.168.1.2][.2732] + idle: [....32] [ip4][..tcp] [..147.234.1.253][...21] -> [....192.168.1.2][.2732] [Protobuf][Unknown][Network][Safe] + RISK: Unidirectional Traffic not-detected: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...237] [ip4][..udp] [.....81.168.1.2][30000] -> [..212.242.33.36][40392] diff --git a/test/results/flow-info/default/geforcenow.pcapng.out b/test/results/flow-info/default/geforcenow.pcapng.out index 2a0bc4a92..25006c459 100644 --- a/test/results/flow-info/default/geforcenow.pcapng.out +++ b/test/results/flow-info/default/geforcenow.pcapng.out @@ -23,7 +23,11 @@ new: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] detected: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [STUN][Nvidia][Network][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic - analyse: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [STUN][Nvidia][Network][Acceptable] + detection-update: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [DTLS][Nvidia][Safe] + RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn + detection-update: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [DTLS.GeForceNow][Nvidia][Game][Fun] + RISK: Known Proto on Non Std Port, Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, TLS Cert Validity Too Long + analyse: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [DTLS.GeForceNow][Nvidia][Game][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.690| 0.065| 0.136| 18500.616| 3.200] [PKTLEN......: 53.000| 689.000| 156.400| 133.900| 17933.500| 4.700] @@ -33,8 +37,8 @@ [IATS(ms)....: 66.1,63.3,171.7,44.0,99.9,183.8,360.1,689.5,48.5,47.1,0.0,0.0,0.0,0.0,4.5,1.5,52.7,0.0,46.0,42.3,0.4,0.3,0.2,0.0,0.1,42.1,0.3,0.1,0.2,42.5,0.3] [PKTLENS.....: 124,124,124,92,185,185,185,185,689,568,119,358,164,107,53,95,101,101,141,137,105,109,73,113,113,113,73,85,89,105,85,105] [ENTROPIES...: 5.8,5.8,5.8,5.7,5.0,5.0,5.0,5.0,6.5,6.7,4.8,6.6,6.2,4.4,3.8,5.3,6.0,5.8,6.4,6.3,5.9,6.0,5.4,6.0,6.2,6.1,5.4,5.6,5.8,6.1,5.7,6.1] - idle: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [STUN][Nvidia][Network][Acceptable] - RISK: Known Proto on Non Std Port + idle: [.....2] [ip4][..udp] [..192.168.1.245][52441] -> [..80.84.167.206][18452] [DTLS.GeForceNow][Nvidia][Game][Fun] + RISK: Known Proto on Non Std Port, Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, TLS Cert Validity Too Long idle: [.....1] [ip4][..tcp] [..192.168.1.245][57490] -> [..80.84.167.206][49100] [TLS.GeForceNow][Nvidia][Game][Fun] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/gnutella.pcap.out b/test/results/flow-info/default/gnutella.pcap.out index 63e7eebba..0bea7fdb8 100644 --- a/test/results/flow-info/default/gnutella.pcap.out +++ b/test/results/flow-info/default/gnutella.pcap.out @@ -5633,8 +5633,8 @@ not-detected: [...441] [ip4][..udp] [......10.0.2.15][28681] -> [.36.237.199.108][56040] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [...441] [ip4][..udp] [......10.0.2.15][28681] -> [.36.237.199.108][56040] - guessed: [...700] [ip4][..udp] [......10.0.2.15][28681] -> [...91.206.27.26][.6578] [Tor][Tor][VPN][Potentially Dangerous] - RISK: Unsafe Protocol, Unidirectional Traffic + not-detected: [...700] [ip4][..udp] [......10.0.2.15][28681] -> [...91.206.27.26][.6578] [Unknown][Unknown][Unrated] + RISK: Unidirectional Traffic idle: [...700] [ip4][..udp] [......10.0.2.15][28681] -> [...91.206.27.26][.6578] idle: [...511] [ip4][..udp] [......10.0.2.15][28681] -> [...68.47.223.27][.6346] [Gnutella][Unknown][Download][Potentially Dangerous] RISK: Unsafe Protocol, Unidirectional Traffic @@ -7035,7 +7035,7 @@ new: [...801] [ip6][icmp6] [..............fe80::c50d:519f:96a4:e108] -> [...............................ff02::16] detected: [...801] [ip6][icmp6] [..............fe80::c50d:519f:96a4:e108] -> [...............................ff02::16] [ICMPV6][Unknown][Network][Acceptable] DAEMON-EVENT: [Processed: 3882 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 169 / 801|skipped: 0|!detected: 310|guessed: 2|detection-updates: 5|updates: 2519] + DAEMON-EVENT: [Flows][active: 169 / 801|skipped: 0|!detected: 311|guessed: 1|detection-updates: 5|updates: 2519] not-detected: [....52] [ip4][..tcp] [......10.0.2.15][50212] -> [...95.17.124.40][.6776] [Unknown][Unknown][Unrated] RISK: Unidirectional Traffic idle: [....52] [ip4][..tcp] [......10.0.2.15][50212] -> [...95.17.124.40][.6776] diff --git a/test/results/flow-info/default/haproxy.pcap.out b/test/results/flow-info/default/haproxy.pcap.out new file mode 100644 index 000000000..595488b23 --- /dev/null +++ b/test/results/flow-info/default/haproxy.pcap.out @@ -0,0 +1,9 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [........1.1.1.1][48502] -> [........2.2.2.2][..443] [MIDSTREAM] + detected: [.....1] [ip4][..tcp] [........1.1.1.1][48502] -> [........2.2.2.2][..443] [HAProxy][Unknown][Web][Safe] + RISK: Unidirectional Traffic + idle: [.....1] [ip4][..tcp] [........1.1.1.1][48502] -> [........2.2.2.2][..443] [HAProxy][Unknown][Web][Safe] + RISK: Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/http2.pcapng.out b/test/results/flow-info/default/http2.pcapng.out new file mode 100644 index 000000000..8acabfdaa --- /dev/null +++ b/test/results/flow-info/default/http2.pcapng.out @@ -0,0 +1,9 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [......127.0.0.1][37824] -> [......127.0.0.1][29518] [MIDSTREAM] + detected: [.....1] [ip4][..tcp] [......127.0.0.1][37824] -> [......127.0.0.1][29518] [HTTP2][Unknown][Web][Safe] + RISK: Unidirectional Traffic + idle: [.....1] [ip4][..tcp] [......127.0.0.1][37824] -> [......127.0.0.1][29518] [HTTP2][Unknown][Web][Safe] + RISK: Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/http_ipv6.pcap.out b/test/results/flow-info/default/http_ipv6.pcap.out index bcf466945..1b3d38d13 100644 --- a/test/results/flow-info/default/http_ipv6.pcap.out +++ b/test/results/flow-info/default/http_ipv6.pcap.out @@ -3,14 +3,14 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40526] -> [...............2a00:1450:4006:804::200e][..443] [MIDSTREAM] new: [.....2] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][41776] -> [...............2a00:1450:4001:803::1017][..443] [MIDSTREAM] - detected: [.....2] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][41776] -> [...............2a00:1450:4001:803::1017][..443] [TLS][Unknown][Web][Safe] + detected: [.....2] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][41776] -> [...............2a00:1450:4001:803::1017][..443] [TLS][Google][Web][Safe] RISK: Unidirectional Traffic new: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] - detected: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Unknown][Web][Acceptable][www.google.it] + detected: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Google][Web][Acceptable][www.google.it] RISK: Unidirectional Traffic new: [.....4] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][58660] -> [...............2a00:1450:4006:803::2008][..443] [MIDSTREAM] new: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443] - analyse: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Unknown][Web][Acceptable] + analyse: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.002| 6.009| 0.604| 1.486| 2208638.173| 2.800] [PKTLEN......: 77.000| 1398.000| 326.600| 376.200| 141514.900| 4.300] @@ -54,25 +54,25 @@ idle: [....14] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53132] -> [..................2a02:26f0:ad:197::236][..443] idle: [....15] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][53134] -> [..................2a02:26f0:ad:197::236][..443] idle: [.....2] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][41776] -> [...............2a00:1450:4001:803::1017][..443] - idle: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Unknown][Web][Acceptable] + idle: [.....3] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][45931] -> [...............2a00:1450:4001:803::1017][..443] [QUIC.Google][Google][Web][Acceptable] RISK: Unidirectional Traffic guessed: [.....9] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][60124] -> [..................2a02:26f0:ad:1a1::eed][..443] [TLS][Unknown][Web][Safe] idle: [.....9] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][60124] -> [..................2a02:26f0:ad:1a1::eed][..443] - guessed: [.....4] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][58660] -> [...............2a00:1450:4006:803::2008][..443] [TLS][Unknown][Web][Safe] + guessed: [.....4] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][58660] -> [...............2a00:1450:4006:803::2008][..443] [TLS][Google][Web][Safe] idle: [.....4] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][58660] -> [...............2a00:1450:4006:803::2008][..443] end: [.....6] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37486] -> [................2a03:b0c0:3:d0::70:1001][..443] end: [.....7] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37488] -> [................2a03:b0c0:3:d0::70:1001][..443] end: [.....8] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37494] -> [................2a03:b0c0:3:d0::70:1001][..443] idle: [....12] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][37506] -> [................2a03:b0c0:3:d0::70:1001][..443] [TLS.ntop][Unknown][Network][Safe] RISK: TLS Cert Mismatch - guessed: [.....1] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40526] -> [...............2a00:1450:4006:804::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [.....1] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40526] -> [...............2a00:1450:4006:804::200e][..443] [TLS][Google][Web][Safe] idle: [.....1] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40526] -> [...............2a00:1450:4006:804::200e][..443] - guessed: [....10] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40308] -> [....2a03:2880:1010:3f20:face:b00c::25de][..443] [TLS][Unknown][Web][Safe] + guessed: [....10] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40308] -> [....2a03:2880:1010:3f20:face:b00c::25de][..443] [TLS][Facebook][Web][Safe] idle: [....10] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][40308] -> [....2a03:2880:1010:3f20:face:b00c::25de][..443] - guessed: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443] [QUIC][Unknown][Web][Acceptable] + guessed: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443] [QUIC][Google][Web][Acceptable] idle: [.....5] [ip6][..udp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][55145] -> [.................2a00:1450:400b:c02::5f][..443] - guessed: [....11] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][33062] -> [.................2a00:1450:400b:c02::9a][..443] [TLS][Unknown][Web][Safe] + guessed: [....11] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][33062] -> [.................2a00:1450:400b:c02::9a][..443] [TLS][Google][Web][Safe] idle: [....11] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][33062] -> [.................2a00:1450:400b:c02::9a][..443] - guessed: [....13] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][59690] -> [...............2a00:1450:4001:803::1012][..443] [TLS][Unknown][Web][Safe] + guessed: [....13] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][59690] -> [...............2a00:1450:4001:803::1012][..443] [TLS][Google][Web][Safe] idle: [....13] [ip6][..tcp] [........2a00:d40:1:3:7aac:c0ff:fea7:d4c][59690] -> [...............2a00:1450:4001:803::1012][..443] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/malware.pcap.out b/test/results/flow-info/default/malware.pcap.out index ef6c8aded..9b1b715f7 100644 --- a/test/results/flow-info/default/malware.pcap.out +++ b/test/results/flow-info/default/malware.pcap.out @@ -22,9 +22,25 @@ guessed: [.....3] [ip4][..tcp] [....192.168.7.7][33706] -> [144.139.247.220][...80] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic idle: [.....3] [ip4][..tcp] [....192.168.7.7][33706] -> [144.139.247.220][...80] - end: [.....5] [ip4][..tcp] [....192.168.7.7][35236] -> [..67.215.92.210][..443] idle: [.....2] [ip4][.icmp] [....192.168.7.7] -> [144.139.247.220] [ICMP][Unknown][Network][Acceptable] RISK: Unidirectional Traffic - idle: [.....4] [ip4][..tcp] [....192.168.7.7][48394] -> [..67.215.92.210][...80] idle: [.....1] [ip4][..udp] [....192.168.7.7][42370] -> [........1.1.1.1][...53] [DNS][Unknown][Network][Acceptable] + DAEMON-EVENT: [Processed: 26 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 5|skipped: 0|!detected: 0|guessed: 1|detection-updates: 3|updates: 0] + new: [.....6] [ip4][..tcp] [...192.168.0.20][41240] -> [.193.109.85.123][..443] + detected: [.....6] [ip4][..tcp] [...192.168.0.20][41240] -> [.193.109.85.123][..443] [TLS][Unknown][Web][Safe][hobbeach.com] + detection-update: [.....6] [ip4][..tcp] [...192.168.0.20][41240] -> [.193.109.85.123][..443] [TLS][Unknown][Web][Safe][hobbeach.com] + analyse: [.....6] [ip4][..tcp] [...192.168.0.20][41240] -> [.193.109.85.123][..443] [TLS][Unknown][Web][Safe] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.111| 0.021| 0.035| 1237.078| 3.200] + [PKTLEN......: 40.000| 1492.000| 579.600| 653.500| 427088.100| 4.000] + [BINS(c->s)..: 9,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,9,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1,1,1,0,1,1,1,0,1,1,0,1,1] + [IATS(ms)....: 66.3,66.4,7.8,74.7,3.2,70.1,0.1,0.0,0.1,0.1,0.1,2.9,69.3,66.9,105.6,5.1,0.2,110.5,0.1,0.1,0.1,0.3,0.2,0.1,0.1,0.4,0.3,0.2,0.5,0.1,0.1] + [PKTLENS.....: 52,52,40,692,46,1492,40,46,121,52,1492,40,133,314,511,46,1492,1492,40,46,1367,1492,40,1492,46,1269,40,1492,1492,40,46,1492] + [ENTROPIES...: 4.7,4.9,4.8,7.2,4.4,7.4,4.9,4.4,6.3,5.0,7.6,4.9,6.0,7.2,7.6,4.4,7.9,7.9,4.8,4.4,7.9,7.9,4.9,7.9,4.4,7.8,4.9,7.9,7.9,4.8,4.5,7.9] + idle: [.....6] [ip4][..tcp] [...192.168.0.20][41240] -> [.193.109.85.123][..443] [TLS][Unknown][Web][Safe] + end: [.....5] [ip4][..tcp] [....192.168.7.7][35236] -> [..67.215.92.210][..443] + idle: [.....4] [ip4][..tcp] [....192.168.7.7][48394] -> [..67.215.92.210][...80] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/mgcp.pcap.out b/test/results/flow-info/default/mgcp.pcap.out new file mode 100644 index 000000000..3ff9607b9 --- /dev/null +++ b/test/results/flow-info/default/mgcp.pcap.out @@ -0,0 +1,39 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [...172.16.1.116][.2427] -> [...172.16.1.119][.2427] + detected: [.....1] [ip4][..udp] [...172.16.1.116][.2427] -> [...172.16.1.119][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + update: [.....1] [ip4][..udp] [...172.16.1.116][.2427] -> [...172.16.1.119][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 8 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 1] + new: [.....2] [ip4][..udp] [...10.10.228.72][.2427] -> [....10.10.244.2][.2427] + detected: [.....2] [ip4][..udp] [...10.10.228.72][.2427] -> [....10.10.244.2][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....1] [ip4][..udp] [...172.16.1.116][.2427] -> [...172.16.1.119][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 20 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 1] + new: [.....3] [ip4][..udp] [..187.43.37.188][40798] -> [.196.167.59.124][.2427] + detected: [.....3] [ip4][..udp] [..187.43.37.188][40798] -> [.196.167.59.124][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....2] [ip4][..udp] [...10.10.228.72][.2427] -> [....10.10.244.2][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 21 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 1] + new: [.....4] [ip4][..udp] [.67.232.180.250][38238] -> [186.112.128.179][.2427] + detected: [.....4] [ip4][..udp] [.67.232.180.250][38238] -> [186.112.128.179][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....3] [ip4][..udp] [..187.43.37.188][40798] -> [.196.167.59.124][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 22 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 1] + new: [.....5] [ip4][..udp] [.92.173.166.213][51954] -> [..83.250.239.33][.2427] + detected: [.....5] [ip4][..udp] [.92.173.166.213][51954] -> [..83.250.239.33][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....5] [ip4][..udp] [.92.173.166.213][51954] -> [..83.250.239.33][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....4] [ip4][..udp] [.67.232.180.250][38238] -> [186.112.128.179][.2427] [MGCP][Unknown][VoIP][Acceptable] + RISK: Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/mgcp.pcapng.out b/test/results/flow-info/default/mgcp.pcapng.out deleted file mode 100644 index 014319700..000000000 --- a/test/results/flow-info/default/mgcp.pcapng.out +++ /dev/null @@ -1,18 +0,0 @@ - DAEMON-EVENT: init - DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1] [ip4][..udp] [...172.16.1.116][.2427] -> [...172.16.1.119][.2427] - detected: [.....1] [ip4][..udp] [...172.16.1.116][.2427] -> [...172.16.1.119][.2427] [MGCP][Unknown][VoIP][Acceptable] - RISK: Unidirectional Traffic - update: [.....1] [ip4][..udp] [...172.16.1.116][.2427] -> [...172.16.1.119][.2427] [MGCP][Unknown][VoIP][Acceptable] - RISK: Unidirectional Traffic - DAEMON-EVENT: [Processed: 8 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 1] - new: [.....2] [ip4][..udp] [...10.10.228.72][.2427] -> [....10.10.244.2][.2427] - detected: [.....2] [ip4][..udp] [...10.10.228.72][.2427] -> [....10.10.244.2][.2427] [MGCP][Unknown][VoIP][Acceptable] - RISK: Unidirectional Traffic - idle: [.....1] [ip4][..udp] [...172.16.1.116][.2427] -> [...172.16.1.119][.2427] [MGCP][Unknown][VoIP][Acceptable] - RISK: Unidirectional Traffic - idle: [.....2] [ip4][..udp] [...10.10.228.72][.2427] -> [....10.10.244.2][.2427] [MGCP][Unknown][VoIP][Acceptable] - RISK: Unidirectional Traffic - DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/monero.pcap.out b/test/results/flow-info/default/monero.pcap.out index 35971e74e..eae5e213b 100644 --- a/test/results/flow-info/default/monero.pcap.out +++ b/test/results/flow-info/default/monero.pcap.out @@ -3,10 +3,10 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] detected: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe] - RISK: Known Proto on Non Std Port, Unsafe Protocol + RISK: Unsafe Protocol new: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] detected: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe] - RISK: Known Proto on Non Std Port, Unsafe Protocol + RISK: Unsafe Protocol analyse: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 71.693| 7.500| 18.614| 346464978.993| 2.400] @@ -30,7 +30,7 @@ DAEMON-EVENT: [Processed: 198 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 2 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] idle: [.....2] [ip4][..tcp] [..192.168.2.148][53846] -> [116.211.167.195][.3333] [Mining][Unknown][Mining][Unsafe] - RISK: Known Proto on Non Std Port, Unsafe Protocol + RISK: Unsafe Protocol idle: [.....1] [ip4][..tcp] [..192.168.2.148][46838] -> [..94.23.199.191][.3333] [Mining][Unknown][Mining][Unsafe] - RISK: Known Proto on Non Std Port, Unsafe Protocol + RISK: Unsafe Protocol DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/opera-vpn.pcapng.out b/test/results/flow-info/default/opera-vpn.pcapng.out new file mode 100644 index 000000000..c5724d434 --- /dev/null +++ b/test/results/flow-info/default/opera-vpn.pcapng.out @@ -0,0 +1,855 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [...192.168.1.29][51398] -> [..77.111.247.69][..443] + new: [.....2] [ip4][..tcp] [...192.168.1.29][51399] -> [..77.111.247.69][..443] + new: [.....3] [ip4][..tcp] [...192.168.1.29][51400] -> [..77.111.247.69][..443] + new: [.....4] [ip4][..tcp] [...192.168.1.29][51401] -> [..77.111.247.69][..443] + new: [.....5] [ip4][..tcp] [...192.168.1.29][51402] -> [..77.111.247.69][..443] + new: [.....6] [ip4][..tcp] [...192.168.1.29][51403] -> [..77.111.247.69][..443] + new: [.....7] [ip4][..tcp] [...192.168.1.29][51404] -> [..77.111.247.69][..443] + new: [.....8] [ip4][..tcp] [...192.168.1.29][51405] -> [..77.111.247.69][..443] + new: [.....9] [ip4][..tcp] [...192.168.1.29][51406] -> [..77.111.247.69][..443] + new: [....10] [ip4][..tcp] [...192.168.1.29][51407] -> [..77.111.247.69][..443] + new: [....11] [ip4][..tcp] [...192.168.1.29][51408] -> [..77.111.247.69][..443] + new: [....12] [ip4][..tcp] [...192.168.1.29][51409] -> [..77.111.247.69][..443] + new: [....13] [ip4][..tcp] [...192.168.1.29][51410] -> [..77.111.247.69][..443] + new: [....14] [ip4][..tcp] [...192.168.1.29][51411] -> [..77.111.247.69][..443] + new: [....15] [ip4][..tcp] [...192.168.1.29][51412] -> [..77.111.247.69][..443] + new: [....16] [ip4][..tcp] [...192.168.1.29][51413] -> [..77.111.247.69][..443] + new: [....17] [ip4][..tcp] [...192.168.1.29][51414] -> [..77.111.247.69][..443] + new: [....18] [ip4][..tcp] [...192.168.1.29][51415] -> [..77.111.247.69][..443] + new: [....19] [ip4][..tcp] [...192.168.1.29][51416] -> [..77.111.247.69][..443] + new: [....20] [ip4][..tcp] [...192.168.1.29][51417] -> [..77.111.247.69][..443] + new: [....21] [ip4][..tcp] [...192.168.1.29][51418] -> [..77.111.247.69][..443] + new: [....22] [ip4][..tcp] [...192.168.1.29][51419] -> [..77.111.247.69][..443] + new: [....23] [ip4][..tcp] [...192.168.1.29][51420] -> [..77.111.247.69][..443] + new: [....24] [ip4][..tcp] [...192.168.1.29][51421] -> [..77.111.247.69][..443] + new: [....25] [ip4][..tcp] [...192.168.1.29][51422] -> [..77.111.247.69][..443] + new: [....26] [ip4][..tcp] [...192.168.1.29][51423] -> [..77.111.247.69][..443] + detected: [.....1] [ip4][..tcp] [...192.168.1.29][51398] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [.....2] [ip4][..tcp] [...192.168.1.29][51399] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [.....3] [ip4][..tcp] [...192.168.1.29][51400] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [.....4] [ip4][..tcp] [...192.168.1.29][51401] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [.....6] [ip4][..tcp] [...192.168.1.29][51403] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [.....7] [ip4][..tcp] [...192.168.1.29][51404] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [.....8] [ip4][..tcp] [...192.168.1.29][51405] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [.....9] [ip4][..tcp] [...192.168.1.29][51406] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [.....5] [ip4][..tcp] [...192.168.1.29][51402] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....11] [ip4][..tcp] [...192.168.1.29][51408] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....14] [ip4][..tcp] [...192.168.1.29][51411] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....27] [ip4][..tcp] [...192.168.1.29][51424] -> [..77.111.247.69][..443] + detected: [....15] [ip4][..tcp] [...192.168.1.29][51412] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....12] [ip4][..tcp] [...192.168.1.29][51409] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....17] [ip4][..tcp] [...192.168.1.29][51414] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....16] [ip4][..tcp] [...192.168.1.29][51413] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....18] [ip4][..tcp] [...192.168.1.29][51415] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....20] [ip4][..tcp] [...192.168.1.29][51417] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....19] [ip4][..tcp] [...192.168.1.29][51416] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....10] [ip4][..tcp] [...192.168.1.29][51407] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....22] [ip4][..tcp] [...192.168.1.29][51419] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....21] [ip4][..tcp] [...192.168.1.29][51418] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....24] [ip4][..tcp] [...192.168.1.29][51421] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....23] [ip4][..tcp] [...192.168.1.29][51420] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....26] [ip4][..tcp] [...192.168.1.29][51423] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [.....1] [ip4][..tcp] [...192.168.1.29][51398] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....25] [ip4][..tcp] [...192.168.1.29][51422] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....28] [ip4][..tcp] [...192.168.1.29][51425] -> [..77.111.247.69][..443] + detection-update: [.....2] [ip4][..tcp] [...192.168.1.29][51399] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [.....3] [ip4][..tcp] [...192.168.1.29][51400] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [.....4] [ip4][..tcp] [...192.168.1.29][51401] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [.....6] [ip4][..tcp] [...192.168.1.29][51403] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [.....7] [ip4][..tcp] [...192.168.1.29][51404] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [.....8] [ip4][..tcp] [...192.168.1.29][51405] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [.....9] [ip4][..tcp] [...192.168.1.29][51406] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....11] [ip4][..tcp] [...192.168.1.29][51408] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....14] [ip4][..tcp] [...192.168.1.29][51411] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....27] [ip4][..tcp] [...192.168.1.29][51424] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....29] [ip4][..tcp] [...192.168.1.29][51426] -> [..77.111.247.69][..443] + detection-update: [....17] [ip4][..tcp] [...192.168.1.29][51414] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....15] [ip4][..tcp] [...192.168.1.29][51412] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [.....5] [ip4][..tcp] [...192.168.1.29][51402] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....18] [ip4][..tcp] [...192.168.1.29][51415] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....12] [ip4][..tcp] [...192.168.1.29][51409] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....16] [ip4][..tcp] [...192.168.1.29][51413] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....20] [ip4][..tcp] [...192.168.1.29][51417] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....22] [ip4][..tcp] [...192.168.1.29][51419] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....19] [ip4][..tcp] [...192.168.1.29][51416] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....24] [ip4][..tcp] [...192.168.1.29][51421] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....21] [ip4][..tcp] [...192.168.1.29][51418] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....23] [ip4][..tcp] [...192.168.1.29][51420] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....26] [ip4][..tcp] [...192.168.1.29][51423] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....25] [ip4][..tcp] [...192.168.1.29][51422] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....10] [ip4][..tcp] [...192.168.1.29][51407] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....28] [ip4][..tcp] [...192.168.1.29][51425] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....30] [ip4][..tcp] [...192.168.1.29][51427] -> [..77.111.247.69][..443] + detection-update: [....27] [ip4][..tcp] [...192.168.1.29][51424] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....29] [ip4][..tcp] [...192.168.1.29][51426] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....31] [ip4][..tcp] [...192.168.1.29][51428] -> [..77.111.247.69][..443] + detection-update: [....28] [ip4][..tcp] [...192.168.1.29][51425] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [.....1] [ip4][..tcp] [...192.168.1.29][51398] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.035| 0.008| 0.013| 162.243| 3.300] + [PKTLEN......: 52.000| 1492.000| 436.200| 558.200| 311541.900| 3.900] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0] + [IATS(ms)....: 28.2,28.3,0.3,30.3,1.4,31.4,0.1,0.1,0.9,0.1,28.2,0.0,7.5,34.6,0.1,0.0,0.1,0.0,26.4,2.5,28.9,0.2,0.2,0.2,0.0,0.2,1.1,1.1,0.1,0.0,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1487,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1492,704,52,1492,52,1492,88,52] + [ENTROPIES...: 4.2,5.2,4.8,4.4,5.1,7.8,4.8,7.8,4.8,6.0,7.9,5.1,5.1,5.9,4.8,5.9,5.6,4.7,7.6,5.1,7.8,4.8,7.8,4.8,7.8,7.7,4.8,7.9,4.8,7.9,6.0,4.8] + detected: [....30] [ip4][..tcp] [...192.168.1.29][51427] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....29] [ip4][..tcp] [...192.168.1.29][51426] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....11] [ip4][..tcp] [...192.168.1.29][51408] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.034| 0.008| 0.013| 161.460| 3.300] + [PKTLEN......: 52.000| 1492.000| 405.900| 517.200| 267501.900| 3.900] + [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,0] + [IATS(ms)....: 34.0,34.0,0.1,26.8,0.3,27.1,0.2,0.2,0.2,0.0,26.0,1.0,6.6,33.2,0.1,0.1,1.0,1.0,0.1,26.4,0.4,26.6,0.2,0.0,0.2,0.8,0.8,0.5,0.0,0.5,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1467,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,1308,52,1098,764,52,52] + [ENTROPIES...: 4.2,5.1,4.6,4.4,5.0,7.8,4.7,7.8,4.7,5.8,7.9,4.9,5.0,5.9,4.7,6.0,4.7,5.6,4.7,7.6,5.0,7.8,4.7,7.9,7.7,4.7,7.9,4.7,7.8,7.7,4.7,4.7] + analyse: [....15] [ip4][..tcp] [...192.168.1.29][51412] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.037| 0.008| 0.013| 178.814| 3.300] + [PKTLEN......: 52.000| 1492.000| 395.100| 500.800| 250764.700| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1] + [IATS(ms)....: 37.1,37.2,0.1,28.8,0.5,29.2,1.0,1.0,0.1,0.0,26.7,1.7,3.3,31.5,0.1,0.1,0.1,0.1,27.0,0.9,27.7,0.2,0.2,0.0,0.1,0.1,0.0,0.1,0.6,0.5,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1483,52,52,91,52,93,76,52,591,52,1098,52,1492,52,704,1098,52,262,52,1098,52,401] + [ENTROPIES...: 4.1,5.3,4.7,4.4,4.9,7.8,4.7,7.8,4.6,5.8,7.9,4.9,5.0,5.9,4.8,5.9,5.6,4.8,7.6,5.0,7.8,4.7,7.9,4.8,7.7,7.8,4.7,7.1,4.8,7.8,4.7,7.4] + analyse: [....18] [ip4][..tcp] [...192.168.1.29][51415] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.037| 0.008| 0.014| 182.825| 3.300] + [PKTLEN......: 52.000| 1492.000| 368.800| 501.900| 251883.600| 3.900] + [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0] + [IATS(ms)....: 37.4,37.4,0.1,28.1,1.7,29.7,0.1,0.1,0.1,0.1,27.8,0.4,4.6,32.6,0.1,0.1,0.0,0.1,0.0,26.1,3.4,29.4,0.0,0.1,0.6,0.5,0.2,0.2,0.5,0.0,0.5] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1483,52,52,91,52,93,52,76,52,591,52,1098,52,258,52,1098,52,1098,52,1492,213,52] + [ENTROPIES...: 4.2,5.2,4.7,4.4,5.1,7.9,4.8,7.8,4.8,6.0,7.9,5.1,5.1,5.9,4.8,6.0,4.8,5.6,4.8,7.6,5.1,7.8,4.8,7.2,4.8,7.8,4.8,7.8,4.8,7.9,7.0,4.8] + detected: [....31] [ip4][..tcp] [...192.168.1.29][51428] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [.....2] [ip4][..tcp] [...192.168.1.29][51399] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.046| 0.009| 0.013| 176.947| 3.400] + [PKTLEN......: 52.000| 1492.000| 420.800| 536.500| 287782.900| 3.900] + [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0] + [IATS(ms)....: 28.1,28.2,0.4,27.3,1.6,28.5,1.1,1.1,0.4,0.0,25.8,1.4,19.1,0.0,45.9,0.8,0.8,0.1,26.6,2.3,28.8,0.2,0.2,0.0,0.1,0.2,0.1,0.1,0.0,0.2,0.4] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1467,52,52,91,93,52,76,52,591,52,1098,52,1492,52,704,52,1492,52,1318,751,52,138] + [ENTROPIES...: 4.2,5.2,4.7,4.5,5.1,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.0,5.9,6.1,4.7,5.6,4.7,7.6,5.1,7.8,4.7,7.8,4.8,7.7,4.8,7.9,4.8,7.8,7.8,4.7,6.3] + analyse: [.....3] [ip4][..tcp] [...192.168.1.29][51400] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.048| 0.009| 0.014| 188.006| 3.300] + [PKTLEN......: 52.000| 1492.000| 409.500| 521.500| 271995.400| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,1,1,0] + [IATS(ms)....: 29.2,29.3,0.5,27.5,1.4,28.3,0.2,0.2,0.2,0.0,26.6,1.2,20.2,47.9,0.1,0.1,0.2,0.1,0.1,27.6,0.2,27.7,1.4,1.4,0.2,0.0,0.2,0.2,0.0,0.0,0.2] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,704,52,1492,272,469,52] + [ENTROPIES...: 4.1,5.2,4.6,4.4,4.9,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.0,5.9,4.7,5.9,4.7,5.6,4.7,7.6,5.0,7.8,4.7,7.8,4.7,7.9,7.7,4.7,7.8,7.1,7.5,4.7] + analyse: [....20] [ip4][..tcp] [...192.168.1.29][51417] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.039| 0.009| 0.014| 196.546| 3.300] + [PKTLEN......: 52.000| 1492.000| 365.500| 491.400| 241507.300| 3.900] + [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0] + [IATS(ms)....: 38.7,38.7,0.1,30.4,0.5,30.6,0.1,0.1,0.2,0.0,27.6,0.3,6.1,33.7,0.1,0.1,0.4,0.5,0.0,27.5,2.4,29.9,0.2,0.0,0.2,0.3,0.3,0.5,0.6,0.1,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1485,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,626,52,1098,52,134,52] + [ENTROPIES...: 4.1,5.2,4.6,4.4,5.0,7.9,4.8,7.9,4.7,5.8,7.9,5.0,4.9,5.8,4.7,5.8,4.7,5.4,4.7,7.6,5.0,7.8,4.8,7.9,7.7,4.8,7.6,4.7,7.8,4.8,6.4,4.8] + analyse: [....17] [ip4][..tcp] [...192.168.1.29][51414] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.046| 0.009| 0.014| 204.413| 3.300] + [PKTLEN......: 52.000| 1492.000| 390.400| 502.900| 252956.000| 3.900] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1] + [IATS(ms)....: 37.2,37.3,0.0,27.0,1.3,28.2,0.1,0.1,0.2,0.0,24.5,0.1,1.3,20.1,0.1,45.8,0.0,0.3,0.3,0.1,27.3,0.4,27.6,0.1,0.1,1.2,1.2,0.3,0.2,0.2,0.0] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1467,52,52,52,91,93,52,52,76,52,591,52,1098,52,478,52,1098,52,1098,52,1492,704] + [ENTROPIES...: 4.1,5.1,4.6,4.4,5.0,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.1,5.0,5.9,5.9,4.7,4.7,5.5,4.8,7.6,5.1,7.8,4.8,7.5,4.8,7.8,4.8,7.8,4.8,7.9,7.7] + detection-update: [....30] [ip4][..tcp] [...192.168.1.29][51427] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [.....4] [ip4][..tcp] [...192.168.1.29][51401] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.058| 0.009| 0.015| 228.299| 3.300] + [PKTLEN......: 52.000| 1492.000| 397.300| 525.300| 275956.200| 3.900] + [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0] + [IATS(ms)....: 30.1,30.1,0.1,26.5,1.6,27.9,0.3,0.2,0.2,0.1,26.5,1.2,30.4,57.8,0.1,0.1,0.1,0.1,0.0,27.7,0.9,28.5,0.1,0.1,0.5,0.5,0.4,0.4,0.3,0.0,0.3] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1477,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,52,704,52,1492,294,52] + [ENTROPIES...: 4.2,5.3,4.8,4.5,5.1,7.9,4.8,7.8,4.8,5.8,7.9,5.1,5.1,5.8,4.7,5.9,4.7,5.7,4.7,7.7,5.1,7.8,4.7,7.8,4.7,7.9,4.8,7.7,4.7,7.9,7.2,4.7] + analyse: [.....9] [ip4][..tcp] [...192.168.1.29][51406] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.033| 0.010| 0.013| 175.212| 3.500] + [PKTLEN......: 52.000| 1492.000| 303.800| 468.300| 219308.000| 3.800] + [BINS(c->s)..: 10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 9,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,0,1,1,0,1] + [IATS(ms)....: 32.8,32.9,0.1,27.7,0.4,27.9,0.3,0.2,0.2,0.0,26.3,0.1,0.2,4.7,0.0,31.1,0.0,0.1,0.1,0.3,26.0,1.9,27.5,0.2,0.0,0.2,0.5,26.6,1.7,27.7,0.6] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1475,52,52,52,91,93,52,52,76,52,591,52,1098,52,1492,58,52,138,52,253,52,148] + [ENTROPIES...: 4.1,5.1,4.7,4.4,4.8,7.9,4.6,7.8,4.6,5.9,7.9,4.8,4.8,4.9,5.9,5.9,4.7,4.7,5.6,4.7,7.7,5.0,7.8,4.7,7.9,5.1,4.7,6.3,4.9,7.2,4.7,6.5] + analyse: [....16] [ip4][..tcp] [...192.168.1.29][51413] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.048| 0.010| 0.015| 220.945| 3.400] + [PKTLEN......: 52.000| 1492.000| 397.100| 521.500| 271947.300| 3.900] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,3,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1] + [IATS(ms)....: 37.4,37.5,0.0,31.0,0.2,31.3,0.8,0.7,0.2,0.1,26.8,1.3,20.0,47.9,0.0,0.1,1.4,1.4,0.1,27.0,1.9,28.8,0.2,0.0,0.2,0.9,0.0,0.9,0.4,0.4,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1469,52,52,91,52,93,52,76,52,591,52,1098,52,1492,84,52,1492,488,52,1098,52,478] + [ENTROPIES...: 4.2,5.3,4.7,4.5,5.0,7.9,4.8,7.8,4.8,6.0,7.9,5.0,5.0,6.0,4.7,5.8,4.7,5.6,4.7,7.6,5.0,7.8,4.7,7.9,5.7,4.7,7.9,7.5,4.7,7.8,4.7,7.5] + analyse: [....26] [ip4][..tcp] [...192.168.1.29][51423] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.043| 0.010| 0.015| 219.628| 3.400] + [PKTLEN......: 52.000| 1492.000| 378.900| 495.600| 245645.300| 3.900] + [BINS(c->s)..: 11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,1,0,0] + [IATS(ms)....: 42.5,42.5,0.1,29.5,0.6,30.0,1.4,1.4,0.2,0.1,27.9,1.1,12.4,41.0,0.0,0.1,0.1,0.1,28.1,1.3,29.2,0.0,0.1,0.1,0.1,0.2,0.0,0.1,3.2,3.2,0.4] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,52,93,76,52,591,52,1098,52,498,52,1098,52,1492,280,52,1031,52,154] + [ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.9,4.8,7.8,4.8,5.9,7.9,5.1,5.1,5.9,4.8,5.9,5.6,4.8,7.6,5.1,7.8,4.7,7.6,4.8,7.8,4.6,7.9,7.2,4.8,7.8,4.8,6.4] + analyse: [.....7] [ip4][..tcp] [...192.168.1.29][51404] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.035| 0.010| 0.013| 178.858| 3.600] + [PKTLEN......: 52.000| 1492.000| 304.800| 439.800| 193461.100| 3.900] + [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,0,0,1,1,0,1,0] + [IATS(ms)....: 31.9,31.9,0.1,27.3,0.4,27.6,0.2,0.1,0.3,0.1,27.1,0.1,8.7,35.4,0.1,0.1,0.5,0.4,0.1,26.2,2.4,0.1,28.5,0.1,0.1,0.4,26.5,1.7,27.7,0.5,0.5] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1471,52,52,91,52,93,52,76,52,591,52,1098,1098,52,475,52,138,52,256,52,160,52] + [ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.8,4.8,7.8,4.8,6.0,7.9,5.0,5.1,5.9,4.8,5.9,4.7,5.5,4.7,7.7,4.9,7.8,7.8,4.8,7.6,4.8,6.3,5.1,7.1,4.8,6.6,4.7] + analyse: [....25] [ip4][..tcp] [...192.168.1.29][51422] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.049| 0.010| 0.016| 255.568| 3.300] + [PKTLEN......: 52.000| 1492.000| 418.400| 525.000| 275583.300| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1] + [IATS(ms)....: 44.1,44.1,0.2,30.0,0.3,30.0,0.2,0.2,0.1,0.1,30.4,0.1,18.7,0.1,49.0,0.1,0.1,0.1,28.0,1.8,29.6,0.1,0.1,0.4,0.4,0.5,0.5,0.3,0.0,0.3,0.4] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1473,52,52,91,93,52,76,52,591,52,1098,52,1098,52,1492,52,704,52,1492,272,52,751] + [ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.9,4.7,7.9,4.7,5.8,7.8,5.0,5.0,5.8,5.9,4.7,5.5,4.7,7.7,5.0,7.8,4.8,7.8,4.7,7.9,4.7,7.7,4.8,7.9,7.2,4.8,7.7] + analyse: [....23] [ip4][..tcp] [...192.168.1.29][51420] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.051| 0.010| 0.016| 247.288| 3.300] + [PKTLEN......: 52.000| 1492.000| 397.700| 512.500| 262691.900| 3.900] + [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,0] + [IATS(ms)....: 41.0,41.1,0.1,31.0,0.5,31.4,0.1,0.1,0.1,0.1,29.3,0.1,21.7,50.8,0.1,0.1,0.1,0.1,27.5,1.0,28.3,1.3,0.0,1.3,0.2,0.1,1.7,1.6,0.0,0.1,0.4] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1481,52,52,91,52,93,76,52,591,52,1098,52,1492,704,52,1308,52,1098,52,401,52,138] + [ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.8,4.8,7.8,4.8,6.0,7.9,5.1,5.0,5.9,4.8,6.0,5.6,4.8,7.7,5.1,7.8,4.8,7.9,7.7,4.8,7.8,4.8,7.8,4.8,7.5,4.8,6.4] + analyse: [.....6] [ip4][..tcp] [...192.168.1.29][51403] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.054| 0.010| 0.016| 241.175| 3.400] + [PKTLEN......: 52.000| 1492.000| 346.900| 471.500| 222289.800| 3.900] + [BINS(c->s)..: 11,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,0] + [IATS(ms)....: 30.7,30.8,0.1,27.2,1.0,28.1,0.3,0.3,0.2,0.1,26.4,1.1,0.0,27.0,54.2,0.0,0.1,0.1,0.1,27.4,16.7,44.0,0.6,0.6,0.1,0.2,0.2,0.1,0.3,0.3,0.3] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1477,52,52,52,91,52,93,76,52,591,52,1098,52,1098,52,922,52,1098,52,149,52,200] + [ENTROPIES...: 4.2,5.2,4.7,4.4,4.9,7.8,4.8,7.8,4.8,5.9,7.9,5.0,5.0,5.0,5.7,4.7,5.9,5.5,4.8,7.6,5.0,7.8,4.7,7.8,4.7,7.8,4.7,7.8,4.8,6.6,4.8,6.8] + analyse: [....14] [ip4][..tcp] [...192.168.1.29][51411] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.036| 0.009| 0.014| 184.863| 3.500] + [PKTLEN......: 52.000| 1492.000| 402.200| 504.900| 254904.000| 4.000] + [BINS(c->s)..: 11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1] + [IATS(ms)....: 35.5,35.5,0.1,26.1,1.6,27.5,0.1,0.1,0.1,0.1,25.7,1.3,9.3,36.0,0.1,0.1,0.1,0.1,0.0,26.7,3.0,29.6,0.3,0.3,0.3,0.0,0.3,0.1,0.1,0.6,28.8] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1483,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,704,52,790,52,148,1050] + [ENTROPIES...: 4.2,5.3,4.7,4.4,5.0,7.8,4.8,7.8,4.8,5.9,7.9,5.1,5.1,5.8,4.8,6.0,4.8,5.6,4.7,7.6,5.0,7.8,4.8,7.8,4.8,7.9,7.7,4.8,7.7,4.7,6.3,7.8] + detection-update: [....31] [ip4][..tcp] [...192.168.1.29][51428] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....19] [ip4][..tcp] [...192.168.1.29][51416] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.040| 0.011| 0.014| 199.830| 3.700] + [PKTLEN......: 52.000| 1492.000| 405.900| 519.400| 269778.800| 4.000] + [BINS(c->s)..: 8,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,1,0,1,1,1,1,0,0,1,1,1,0,1,1,0,1,1,0,0,1,1,0] + [IATS(ms)....: 40.2,40.2,0.1,29.5,1.5,0.0,31.0,0.1,0.1,29.8,29.5,0.1,5.1,0.0,0.0,5.3,0.2,21.3,7.6,1.2,29.8,1.3,0.0,1.3,0.3,0.0,0.3,0.5,26.6,1.6,27.7] + [PKTLENS.....: 64,60,52,569,52,1492,1128,52,116,1477,64,116,52,91,93,76,52,591,64,52,1098,52,1492,704,52,1492,437,52,148,52,1044,52] + [ENTROPIES...: 4.2,5.2,4.7,4.5,5.0,7.9,7.8,4.7,5.8,7.9,5.1,5.9,5.1,5.8,5.9,5.6,4.8,7.6,5.0,5.0,7.8,4.7,7.9,7.7,4.7,7.9,7.5,4.7,6.4,4.9,7.8,4.7] + analyse: [....22] [ip4][..tcp] [...192.168.1.29][51419] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.042| 0.011| 0.015| 224.118| 3.600] + [PKTLEN......: 52.000| 1492.000| 344.000| 469.500| 220464.400| 3.900] + [BINS(c->s)..: 10,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,0,0,1,1,0] + [IATS(ms)....: 40.2,40.3,0.0,29.3,0.2,29.4,1.0,0.9,0.2,0.0,27.6,0.3,14.6,42.2,0.0,0.1,0.1,0.1,28.0,1.0,28.9,0.2,0.0,0.1,1.5,0.1,1.6,0.3,25.8,1.2,26.7] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1475,52,52,91,52,93,76,52,591,52,1098,52,1304,258,52,1098,408,52,138,52,220,52] + [ENTROPIES...: 4.2,5.2,4.7,4.5,5.1,7.9,4.8,7.8,4.8,5.9,7.9,5.1,5.1,6.0,4.8,6.0,5.7,4.8,7.7,5.0,7.8,4.7,7.8,7.1,4.7,7.8,7.5,4.8,6.3,5.1,6.9,4.8] + analyse: [.....5] [ip4][..tcp] [...192.168.1.29][51402] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.037| 0.011| 0.015| 234.608| 3.600] + [PKTLEN......: 52.000| 1492.000| 339.700| 452.700| 204941.100| 3.900] + [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,0] + [IATS(ms)....: 35.1,35.1,0.1,31.2,2.6,33.7,0.1,0.1,0.1,0.1,30.8,1.5,5.3,37.3,0.1,0.0,0.1,0.0,31.8,2.2,33.9,0.1,0.1,0.5,0.4,0.4,0.3,0.4,31.9,1.3,32.8] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,478,52,1098,52,831,52,138,52,696,52] + [ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.0,6.0,4.8,5.9,5.6,4.8,7.6,5.1,7.8,4.7,7.5,4.8,7.8,4.8,7.8,4.8,6.3,5.1,7.7,4.8] + analyse: [....12] [ip4][..tcp] [...192.168.1.29][51409] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.043| 0.012| 0.016| 240.534| 3.600] + [PKTLEN......: 52.000| 1492.000| 355.800| 507.100| 257111.100| 3.800] + [BINS(c->s)..: 10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,3,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,1,1,0,1,1,0,0,1,1,0] + [IATS(ms)....: 37.6,37.7,0.1,30.9,30.8,0.4,0.4,0.2,0.0,1.1,28.2,0.1,13.5,0.1,42.8,0.1,0.1,0.1,30.6,8.7,39.1,0.2,0.0,0.2,0.2,0.0,0.2,0.4,27.5,1.4,28.5] + [PKTLENS.....: 64,60,52,569,1492,52,1129,52,116,1469,52,52,52,91,93,52,76,52,591,52,1098,52,1492,104,52,1492,191,52,167,52,364,52] + [ENTROPIES...: 4.2,5.2,4.7,4.4,7.8,4.7,7.8,4.7,5.9,7.9,5.0,5.0,5.1,5.8,5.9,4.7,5.6,4.7,7.6,5.0,7.8,4.7,7.8,6.0,4.7,7.9,6.9,4.7,6.5,5.1,7.4,4.7] + analyse: [....10] [ip4][..tcp] [...192.168.1.29][51407] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.042| 0.012| 0.017| 274.646| 3.500] + [PKTLEN......: 52.000| 1492.000| 304.800| 467.200| 218265.100| 3.800] + [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 8,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,0] + [IATS(ms)....: 41.6,41.7,0.0,34.7,0.4,35.0,0.2,0.2,0.2,0.1,34.8,0.0,3.3,37.8,0.1,0.1,0.1,0.1,0.0,32.2,2.3,34.4,0.2,0.0,0.2,0.5,31.2,2.5,33.2,0.1,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,52,93,76,52,52,591,52,1098,52,1492,81,52,138,52,256,52,160,52] + [ENTROPIES...: 4.1,5.2,4.6,4.4,4.9,7.8,4.6,7.8,4.7,5.9,7.9,4.9,4.9,5.7,4.7,5.8,5.6,4.7,4.7,7.7,4.8,7.8,4.7,7.9,5.7,4.7,6.2,5.0,7.1,4.7,6.6,4.7] + analyse: [....28] [ip4][..tcp] [...192.168.1.29][51425] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.050| 0.009| 0.014| 196.097| 3.300] + [PKTLEN......: 52.000| 1492.000| 424.800| 534.600| 285801.500| 4.000] + [BINS(c->s)..: 10,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,1,0,1,0,1,1,0,0,0] + [IATS(ms)....: 27.2,27.2,0.1,29.0,0.4,29.3,0.2,0.2,0.2,0.0,27.4,0.2,22.9,0.0,0.1,50.3,0.1,0.1,27.2,1.1,28.1,0.2,0.0,0.2,1.1,1.1,0.1,0.1,0.1,0.7,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1471,52,52,91,93,76,52,52,591,52,1098,52,1492,704,52,1492,52,1318,751,52,138,172] + [ENTROPIES...: 4.2,5.2,4.7,4.4,5.0,7.8,4.8,7.8,4.7,6.0,7.9,5.0,5.0,5.9,5.9,5.6,4.6,4.7,7.6,5.0,7.8,4.7,7.9,7.7,4.7,7.9,4.7,7.8,7.7,4.8,6.2,6.5] + new: [....32] [ip4][..tcp] [...192.168.1.29][51429] -> [..77.111.247.69][..443] + analyse: [....24] [ip4][..tcp] [...192.168.1.29][51421] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.044| 0.012| 0.015| 228.764| 3.700] + [PKTLEN......: 52.000| 1492.000| 340.500| 468.200| 219238.800| 3.900] + [BINS(c->s)..: 9,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 8,2,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,0,1,1,1,0,1,0,0,1,1,1,0,1,1,0,1,0,0,1,1] + [IATS(ms)....: 40.3,40.3,0.1,30.2,0.4,30.5,0.1,0.1,0.1,0.0,28.4,28.3,0.0,24.6,0.0,24.7,0.1,0.1,0.1,1.1,25.8,17.4,44.2,0.2,0.0,0.2,0.1,0.1,0.5,25.4,16.3] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1487,64,116,52,91,93,52,76,52,591,64,52,1098,52,1492,528,52,627,52,200,52,314] + [ENTROPIES...: 4.2,5.2,4.8,4.5,5.1,7.8,4.8,7.8,4.7,6.0,7.9,5.0,5.9,5.1,5.8,5.9,4.7,5.5,4.7,7.6,5.1,5.1,7.8,4.8,7.9,7.6,4.8,7.7,4.8,6.9,5.1,7.3] + analyse: [....29] [ip4][..tcp] [...192.168.1.29][51426] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.039| 0.010| 0.013| 167.910| 3.600] + [PKTLEN......: 52.000| 1492.000| 287.100| 439.400| 193071.900| 3.800] + [BINS(c->s)..: 9,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0] + [BINS(s->c)..: 8,2,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,0,0,0,1,1,1,0,1,0,0] + [IATS(ms)....: 27.3,27.4,0.2,27.1,0.9,27.6,0.3,0.3,0.2,0.0,25.7,2.8,10.9,39.1,0.1,0.0,0.1,0.1,26.6,0.1,26.6,1.5,0.1,0.0,26.8,0.2,0.1,25.5,1.0,1.0,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1457,52,52,91,52,93,76,52,638,52,322,52,138,172,1444,52,52,329,52,166,52,105] + [ENTROPIES...: 4.2,5.2,4.7,4.5,5.1,7.9,4.8,7.8,4.8,5.9,7.9,5.0,5.0,5.9,4.7,5.9,5.6,4.8,7.6,5.0,7.3,4.6,6.3,6.7,7.8,5.0,4.9,7.3,4.7,6.6,4.7,5.9] + analyse: [....30] [ip4][..tcp] [...192.168.1.29][51427] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.033| 0.009| 0.012| 153.174| 3.500] + [PKTLEN......: 52.000| 1492.000| 342.200| 472.200| 222950.100| 3.900] + [BINS(c->s)..: 8,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0] + [BINS(s->c)..: 9,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,1,1,1,0,0,0,1,1,1] + [IATS(ms)....: 27.4,27.5,0.1,27.3,2.2,29.4,0.1,0.1,0.2,0.1,26.9,0.1,0.5,5.6,0.1,32.7,0.0,0.1,0.0,26.1,0.3,26.3,1.3,0.0,0.0,1.3,1.6,0.1,27.1,0.0,3.8] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1459,52,52,52,91,93,52,76,52,591,52,1098,52,1492,84,759,52,154,623,52,52,274] + [ENTROPIES...: 4.2,5.2,4.7,4.4,5.1,7.9,4.6,7.8,4.8,5.8,7.9,5.0,5.0,5.1,5.9,5.9,4.7,5.6,4.7,7.7,5.0,7.8,4.7,7.9,5.8,7.7,4.6,6.6,7.6,5.0,5.0,7.1] + analyse: [....31] [ip4][..tcp] [...192.168.1.29][51428] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.046| 0.009| 0.014| 185.505| 3.300] + [PKTLEN......: 52.000| 1492.000| 406.800| 492.900| 242924.900| 4.000] + [BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,1,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,0,1,1,0,1,1,1] + [IATS(ms)....: 29.2,29.3,0.0,28.4,0.5,28.8,0.0,0.1,0.3,0.0,26.4,0.0,20.1,46.2,0.1,0.0,0.1,0.1,26.0,2.9,28.7,0.2,0.1,0.3,0.1,0.2,0.0,0.1,1.1,0.0,0.0] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1465,52,52,91,52,93,76,52,591,52,1098,52,478,1098,52,52,1492,488,52,1098,478,366] + [ENTROPIES...: 4.1,5.1,4.7,4.4,4.9,7.8,4.7,7.8,4.6,5.9,7.9,5.0,4.9,5.8,4.7,5.8,5.5,4.7,7.6,4.9,7.8,4.8,7.5,7.8,4.8,4.8,7.9,7.5,4.8,7.8,7.5,7.4] + detected: [....32] [ip4][..tcp] [...192.168.1.29][51429] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + RISK: TLS (probably) Not Carrying HTTPS + detection-update: [....32] [ip4][..tcp] [...192.168.1.29][51429] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + RISK: TLS (probably) Not Carrying HTTPS + new: [....33] [ip4][..tcp] [...192.168.1.29][51430] -> [..77.111.247.69][..443] + detected: [....33] [ip4][..tcp] [...192.168.1.29][51430] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....21] [ip4][..tcp] [...192.168.1.29][51418] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.108| 0.020| 0.028| 811.176| 3.500] + [PKTLEN......: 52.000| 1492.000| 324.200| 448.200| 200860.400| 3.900] + [BINS(c->s)..: 10,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1,0,0,1] + [IATS(ms)....: 40.4,40.5,0.0,31.0,0.5,31.5,0.1,0.1,0.1,0.1,29.0,0.0,28.8,26.3,55.8,82.2,0.1,0.1,0.2,0.1,0.1,26.3,81.7,107.9,0.1,0.1,0.1,0.1,0.1,0.6,26.4] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1471,64,52,116,64,91,52,93,52,76,52,591,52,1098,52,498,1098,52,810,52,200,52] + [ENTROPIES...: 4.2,5.2,4.7,4.5,5.1,7.9,4.7,7.8,4.8,5.8,7.9,5.1,5.0,5.8,5.1,5.9,4.8,5.9,4.8,5.5,4.8,7.6,5.0,7.8,4.8,7.5,7.8,4.7,7.7,4.8,6.9,5.0] + detection-update: [....33] [ip4][..tcp] [...192.168.1.29][51430] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....32] [ip4][..tcp] [...192.168.1.29][51429] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.037| 0.009| 0.014| 195.258| 3.400] + [PKTLEN......: 52.000| 1492.000| 433.800| 539.400| 290977.100| 4.000] + [BINS(c->s)..: 10,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,0,0] + [IATS(ms)....: 31.1,31.3,0.3,31.0,1.4,32.0,0.1,0.1,2.8,0.1,33.2,1.2,5.1,0.0,0.0,36.6,0.1,31.1,2.9,33.9,0.3,0.0,0.2,0.2,0.2,0.2,0.2,0.5,0.5,0.6,0.2] + [PKTLENS.....: 64,60,52,569,52,1492,52,1113,52,116,1324,52,52,91,93,76,52,591,52,1098,52,1492,704,52,1492,52,1492,52,950,52,138,252] + [ENTROPIES...: 4.1,5.2,4.7,4.2,5.0,7.8,4.8,7.8,4.8,6.0,7.9,5.1,5.0,5.9,6.0,5.5,4.7,7.6,5.0,7.8,4.7,7.9,7.7,4.6,7.9,4.5,7.9,4.6,7.8,4.6,6.3,7.0] + analyse: [....33] [ip4][..tcp] [...192.168.1.29][51430] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.031| 0.008| 0.012| 151.638| 3.300] + [PKTLEN......: 52.000| 1492.000| 406.100| 507.800| 257847.600| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1] + [IATS(ms)....: 28.1,28.2,0.1,28.4,1.4,29.7,0.1,0.1,0.1,0.1,27.0,0.0,0.0,3.7,0.0,0.0,30.5,0.1,0.1,27.4,1.6,28.7,0.1,0.1,0.1,0.1,0.3,0.2,0.7,0.7,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1465,52,52,52,91,93,76,52,52,591,52,1098,52,1098,52,1098,52,1308,52,1098,52,770] + [ENTROPIES...: 4.1,5.3,4.7,4.5,4.9,7.9,4.7,7.8,4.7,5.9,7.9,5.0,5.1,5.0,5.9,5.8,5.5,4.7,4.7,7.7,5.0,7.8,4.7,7.8,4.7,7.8,4.7,7.9,4.7,7.8,4.7,7.7] + analyse: [....27] [ip4][..tcp] [...192.168.1.29][51424] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.180| 0.027| 0.054| 2903.055| 2.900] + [PKTLEN......: 52.000| 1492.000| 452.000| 548.400| 300791.000| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,1,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0] + [IATS(ms)....: 27.8,27.9,0.1,27.5,0.5,27.9,0.4,0.4,0.4,0.1,26.7,1.9,152.3,180.4,0.1,0.0,0.1,0.1,27.3,146.6,173.9,1.4,0.0,1.3,0.1,0.1,0.2,0.0,0.1,0.3,0.3] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,52,93,76,52,629,52,1098,52,1492,704,52,1098,52,1492,704,52,1358,52] + [ENTROPIES...: 4.2,5.2,4.8,4.4,5.1,7.9,4.8,7.8,4.8,5.9,7.9,5.0,5.1,5.8,4.8,6.0,5.6,4.8,7.7,5.1,7.8,4.8,7.9,7.7,4.8,7.8,4.8,7.9,7.7,4.8,7.9,4.7] + detected: [....13] [ip4][..tcp] [...192.168.1.29][51410] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....13] [ip4][..tcp] [...192.168.1.29][51410] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....34] [ip4][..tcp] [...192.168.1.29][51432] -> [..77.111.247.69][..443] + new: [....35] [ip4][..tcp] [...192.168.1.29][51433] -> [..77.111.247.69][..443] + detected: [....34] [ip4][..tcp] [...192.168.1.29][51432] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....36] [ip4][..tcp] [...192.168.1.29][51435] -> [..77.111.247.69][..443] + detected: [....35] [ip4][..tcp] [...192.168.1.29][51433] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....34] [ip4][..tcp] [...192.168.1.29][51432] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....36] [ip4][..tcp] [...192.168.1.29][51435] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....35] [ip4][..tcp] [...192.168.1.29][51433] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....13] [ip4][..tcp] [...192.168.1.29][51410] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 1.028| 0.074| 0.247| 61210.599| 1.800] + [PKTLEN......: 52.000| 1492.000| 351.000| 482.300| 232616.900| 3.900] + [BINS(c->s)..: 11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,1,0,0,1,1] + [IATS(ms)....: 1000.7,1028.3,27.7,0.3,28.6,0.6,28.8,0.7,0.7,1.1,0.3,27.1,1.2,8.9,0.0,35.8,0.0,0.1,0.1,0.6,27.3,2.9,29.6,1.3,0.0,1.3,0.1,0.1,0.8,27.3,0.9] + [PKTLENS.....: 64,64,60,52,569,52,1492,52,1129,52,116,1459,52,52,91,93,52,52,76,52,591,52,1098,52,1492,528,52,1067,52,167,52,348] + [ENTROPIES...: 4.1,4.2,5.2,4.8,4.4,5.1,7.9,4.8,7.8,4.7,5.9,7.9,5.1,5.0,5.8,6.0,4.7,4.7,5.7,4.7,7.6,4.9,7.8,4.8,7.9,7.6,4.8,7.8,4.7,6.6,5.1,7.3] + new: [....37] [ip4][..tcp] [...192.168.1.29][51436] -> [..77.111.247.69][..443] + detection-update: [....36] [ip4][..tcp] [...192.168.1.29][51435] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....38] [ip4][..tcp] [...192.168.1.29][51437] -> [..77.111.247.69][..443] + new: [....39] [ip4][..tcp] [...192.168.1.29][51438] -> [..77.111.247.69][..443] + detected: [....37] [ip4][..tcp] [...192.168.1.29][51436] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....39] [ip4][..tcp] [...192.168.1.29][51438] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....38] [ip4][..tcp] [...192.168.1.29][51437] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....35] [ip4][..tcp] [...192.168.1.29][51433] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.029| 0.007| 0.012| 137.076| 3.300] + [PKTLEN......: 52.000| 1492.000| 397.000| 481.500| 231822.500| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1,0,0,1,0,1,0,1,1,0,1] + [IATS(ms)....: 26.8,27.0,0.1,27.3,0.6,27.6,0.8,0.8,0.4,0.1,25.9,1.2,2.5,29.0,0.1,0.1,0.1,0.1,26.1,1.6,0.1,27.6,0.1,0.2,0.1,0.3,0.3,0.1,0.1,0.1,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,52,93,76,52,591,52,1098,478,52,52,1098,52,1098,52,882,1098,52,478] + [ENTROPIES...: 4.2,5.2,4.7,4.5,5.0,7.9,4.7,7.8,4.8,5.9,7.9,5.1,5.1,5.9,4.8,5.9,5.7,4.8,7.6,5.0,7.8,7.5,4.7,4.7,7.8,4.7,7.8,4.7,7.7,7.8,4.7,7.5] + detection-update: [....37] [ip4][..tcp] [...192.168.1.29][51436] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....34] [ip4][..tcp] [...192.168.1.29][51432] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.058| 0.009| 0.015| 225.527| 3.300] + [PKTLEN......: 52.000| 1492.000| 408.200| 535.400| 286624.800| 3.900] + [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1] + [IATS(ms)....: 27.1,27.2,1.0,28.6,1.5,29.1,0.1,0.1,0.2,0.1,27.0,0.1,31.2,57.9,0.1,0.1,1.1,1.0,0.1,26.9,2.3,29.1,0.2,0.1,0.2,0.1,0.2,0.1,0.2,0.1,0.6] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1477,52,52,91,52,93,52,76,52,591,52,1098,52,1492,704,52,52,1492,52,1318,52,422] + [ENTROPIES...: 4.2,5.3,4.8,4.4,5.1,7.8,4.8,7.8,4.8,5.9,7.9,5.1,5.1,5.8,4.8,5.9,4.8,5.7,4.8,7.6,5.1,7.8,4.8,7.9,7.7,4.8,4.8,7.9,4.7,7.8,4.8,7.5] + detection-update: [....39] [ip4][..tcp] [...192.168.1.29][51438] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....38] [ip4][..tcp] [...192.168.1.29][51437] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....36] [ip4][..tcp] [...192.168.1.29][51435] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.039| 0.008| 0.012| 156.003| 3.400] + [PKTLEN......: 52.000| 1492.000| 410.500| 518.800| 269178.600| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1] + [IATS(ms)....: 27.4,27.5,0.2,27.2,1.4,28.3,0.1,0.1,0.2,0.1,25.7,1.2,12.6,39.1,0.1,0.1,0.1,0.1,26.5,1.3,27.7,0.9,0.9,0.3,0.3,0.4,0.4,0.1,0.0,0.1,0.5] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,478,52,1098,52,1492,52,1492,520,52,480] + [ENTROPIES...: 4.2,5.3,4.8,4.5,5.1,7.9,4.8,7.9,4.8,5.9,7.9,5.0,5.1,5.9,4.8,6.0,5.7,4.8,7.6,5.1,7.8,4.8,7.5,4.8,7.8,4.8,7.9,4.8,7.9,7.6,4.8,7.5] + new: [....40] [ip4][..tcp] [...192.168.1.29][51440] -> [..77.111.247.69][..443] + detected: [....40] [ip4][..tcp] [...192.168.1.29][51440] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....40] [ip4][..tcp] [...192.168.1.29][51440] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....37] [ip4][..tcp] [...192.168.1.29][51436] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.032| 0.009| 0.013| 159.388| 3.500] + [PKTLEN......: 52.000| 1492.000| 374.000| 504.400| 254392.600| 3.900] + [BINS(c->s)..: 9,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0] + [BINS(s->c)..: 7,3,0,0,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,1,0,0,1,1] + [IATS(ms)....: 28.1,28.2,0.1,27.4,1.5,28.8,0.1,0.1,0.2,0.1,28.2,1.2,2.7,31.8,0.1,0.0,0.1,0.1,27.2,1.7,28.7,0.2,0.0,0.2,0.2,0.0,0.0,0.2,0.2,27.0,8.5] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1457,52,52,91,52,93,76,52,591,52,1098,52,1492,104,52,1492,280,367,52,138,52,584] + [ENTROPIES...: 4.2,5.2,4.7,4.4,4.9,7.8,4.7,7.9,4.7,5.9,7.8,5.0,4.9,5.9,4.7,5.9,5.5,4.7,7.6,5.0,7.8,4.8,7.9,6.0,4.8,7.9,7.2,7.3,4.8,6.3,5.0,7.6] + analyse: [....40] [ip4][..tcp] [...192.168.1.29][51440] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.036| 0.009| 0.013| 161.218| 3.500] + [PKTLEN......: 52.000| 1492.000| 330.400| 469.300| 220240.500| 3.900] + [BINS(c->s)..: 9,0,1,2,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 8,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,1,1] + [IATS(ms)....: 27.8,27.9,0.1,27.1,0.5,27.5,0.8,0.8,0.3,0.1,26.2,1.0,8.7,0.0,35.6,0.1,0.1,0.0,26.0,5.3,31.3,0.2,0.0,0.0,0.2,0.1,1.6,0.1,0.1,26.9,1.3] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1475,52,52,91,93,52,76,52,591,52,1098,52,1492,704,132,52,52,154,172,338,52,52] + [ENTROPIES...: 4.2,5.1,4.7,4.5,5.0,7.9,4.8,7.8,4.8,5.8,7.9,5.0,5.1,5.8,5.9,4.8,5.7,4.8,7.6,5.0,7.8,4.7,7.9,7.7,6.5,4.7,4.8,6.5,6.6,7.3,5.0,5.0] + analyse: [....39] [ip4][..tcp] [...192.168.1.29][51438] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.122| 0.019| 0.034| 1173.117| 3.100] + [PKTLEN......: 52.000| 1492.000| 390.500| 496.900| 246958.900| 4.000] + [BINS(c->s)..: 10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0,0,1,0,1,1,0,1,0,1] + [IATS(ms)....: 27.4,27.4,0.1,26.3,1.5,27.6,0.1,0.1,0.2,0.1,25.7,0.1,0.1,96.7,0.0,0.0,122.3,0.1,27.2,81.2,0.0,108.4,0.0,0.3,0.3,0.2,0.0,0.2,0.3,0.3,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1465,52,52,52,91,93,76,52,591,52,1098,478,52,52,1098,52,1492,488,52,1098,52,271] + [ENTROPIES...: 4.1,5.2,4.6,4.4,5.0,7.8,4.7,7.8,4.6,5.9,7.9,4.8,4.8,4.9,5.7,5.8,5.6,4.7,7.6,5.0,7.8,7.5,4.8,4.8,7.8,4.8,7.9,7.5,4.8,7.8,4.8,7.1] + analyse: [....38] [ip4][..tcp] [...192.168.1.29][51437] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.126| 0.020| 0.036| 1286.879| 3.200] + [PKTLEN......: 52.000| 1492.000| 386.500| 502.300| 252311.900| 3.900] + [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,0,1,1,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1,1,0,1] + [IATS(ms)....: 31.8,31.9,0.1,31.0,1.6,32.5,1.0,1.0,0.3,0.0,0.0,31.0,1.1,93.8,0.0,125.7,0.0,0.1,0.1,0.1,31.1,87.8,0.0,118.8,0.0,0.3,0.3,0.2,0.0,0.2,0.8] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1492,55,52,52,91,93,52,52,76,52,591,52,1098,498,52,52,1098,52,1492,528,52,1098] + [ENTROPIES...: 4.2,5.2,4.7,4.5,5.0,7.9,4.7,7.8,4.8,6.0,7.9,4.8,5.0,5.0,5.9,5.9,4.8,4.8,5.6,4.8,7.6,5.0,7.8,7.6,4.8,4.8,7.8,4.7,7.9,7.5,4.8,7.8] + new: [....41] [ip4][..tcp] [...192.168.1.29][51441] -> [..77.111.247.69][..443] + detected: [....41] [ip4][..tcp] [...192.168.1.29][51441] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....41] [ip4][..tcp] [...192.168.1.29][51441] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....41] [ip4][..tcp] [...192.168.1.29][51441] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.125| 0.019| 0.036| 1295.429| 3.100] + [PKTLEN......: 52.000| 1492.000| 390.500| 500.100| 250056.100| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,0,1,0,1,0,0,1,1,0,1,0,1,1,1,0,1,1,0] + [IATS(ms)....: 27.0,27.1,0.2,27.1,0.5,0.1,27.4,0.1,0.6,0.1,26.6,0.0,98.7,124.6,1.2,1.2,0.1,0.1,0.1,26.2,91.4,117.4,0.2,0.1,0.3,0.0,0.0,0.3,0.2,0.0,0.2] + [PKTLENS.....: 64,60,52,569,52,1492,1129,52,52,116,1465,52,52,91,52,93,52,76,52,591,52,1098,52,1098,52,1492,704,262,52,1098,271,52] + [ENTROPIES...: 4.1,5.2,4.7,4.4,5.0,7.8,7.8,4.7,4.7,5.9,7.9,4.9,4.9,5.9,4.7,5.8,4.7,5.5,4.7,7.6,5.0,7.8,4.8,7.8,4.8,7.9,7.7,7.2,4.7,7.8,7.2,4.7] + new: [....42] [ip4][..tcp] [...192.168.1.29][51442] -> [..77.111.247.69][..443] + detected: [....42] [ip4][..tcp] [...192.168.1.29][51442] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....43] [ip4][..tcp] [...192.168.1.29][51443] -> [..77.111.247.69][..443] + new: [....44] [ip4][..tcp] [...192.168.1.29][51444] -> [..77.111.247.69][..443] + detection-update: [....42] [ip4][..tcp] [...192.168.1.29][51442] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....43] [ip4][..tcp] [...192.168.1.29][51443] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....44] [ip4][..tcp] [...192.168.1.29][51444] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....43] [ip4][..tcp] [...192.168.1.29][51443] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....44] [ip4][..tcp] [...192.168.1.29][51444] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....43] [ip4][..tcp] [...192.168.1.29][51443] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.042| 0.008| 0.013| 169.929| 3.400] + [PKTLEN......: 52.000| 1492.000| 425.100| 548.500| 300824.400| 3.900] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,1,0,1,0,1,1,0] + [IATS(ms)....: 28.7,28.8,0.1,27.4,0.6,27.9,0.8,0.7,0.3,0.1,25.9,0.0,1.1,15.2,0.0,41.9,0.0,0.1,0.1,0.1,27.2,2.9,29.9,0.3,0.0,0.2,0.2,0.2,0.8,0.0,0.9] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1469,52,52,52,91,93,52,52,76,52,660,52,1098,52,1492,704,52,1492,52,1492,726,52] + [ENTROPIES...: 4.2,5.2,4.8,4.4,5.1,7.8,4.8,7.8,4.7,5.9,7.9,5.0,5.0,5.0,6.0,6.0,4.8,4.8,5.7,4.8,7.6,5.0,7.8,4.8,7.9,7.7,4.8,7.9,4.8,7.9,7.8,4.8] + analyse: [....44] [ip4][..tcp] [...192.168.1.29][51444] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.099| 0.017| 0.025| 636.110| 3.600] + [PKTLEN......: 52.000| 1492.000| 288.800| 419.800| 176233.300| 3.900] + [BINS(c->s)..: 8,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 9,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,0,0,1,0,0,1,1,1,0,0,1] + [IATS(ms)....: 29.8,29.9,0.1,27.6,1.3,0.0,28.8,0.1,0.3,0.0,26.9,0.1,14.1,0.1,40.8,0.1,0.1,0.1,27.1,1.2,28.3,0.7,27.4,96.8,0.1,98.7,0.0,1.2,29.7,0.1,2.9] + [PKTLENS.....: 64,60,52,569,52,1492,1128,52,52,116,1461,52,52,91,93,52,76,52,608,52,527,52,138,52,172,583,52,52,133,52,105,1098] + [ENTROPIES...: 4.1,5.2,4.7,4.5,5.0,7.9,7.8,4.7,4.6,6.0,7.8,4.9,5.0,5.8,5.9,4.8,5.6,4.8,7.5,5.1,7.6,4.8,6.3,5.0,6.6,7.7,5.0,5.1,6.3,4.7,5.8,7.8] + new: [....45] [ip4][..tcp] [...192.168.1.29][51449] -> [..77.111.247.69][..443] + new: [....46] [ip4][..tcp] [...192.168.1.29][51450] -> [..77.111.247.69][..443] + new: [....47] [ip4][..tcp] [...192.168.1.29][51451] -> [..77.111.247.69][..443] + analyse: [....42] [ip4][..tcp] [...192.168.1.29][51442] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.207| 0.028| 0.058| 3307.776| 2.900] + [PKTLEN......: 52.000| 1492.000| 468.700| 574.100| 329541.200| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,1,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1] + [IATS(ms)....: 26.9,27.0,0.1,29.9,1.5,31.2,0.1,0.1,0.2,0.0,25.7,1.2,169.4,0.0,0.0,207.4,0.0,42.8,141.8,173.3,0.1,0.1,1.3,1.2,0.2,0.2,0.2,0.2,0.1,0.1,0.3] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1471,52,52,91,93,76,52,591,52,1098,52,498,52,1098,52,1492,52,1492,52,1492,52,1350] + [ENTROPIES...: 4.2,5.2,4.7,4.4,5.1,7.9,4.8,7.8,4.8,5.9,7.9,5.1,5.1,6.0,5.8,5.6,4.8,7.6,5.1,7.8,4.8,7.6,4.8,7.8,4.8,7.9,4.8,7.9,4.8,7.8,4.8,7.9] + detected: [....45] [ip4][..tcp] [...192.168.1.29][51449] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....46] [ip4][..tcp] [...192.168.1.29][51450] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....48] [ip4][..tcp] [...192.168.1.29][51452] -> [..77.111.247.69][..443] + detected: [....47] [ip4][..tcp] [...192.168.1.29][51451] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....49] [ip4][..tcp] [...192.168.1.29][51453] -> [..77.111.247.69][..443] + detection-update: [....45] [ip4][..tcp] [...192.168.1.29][51449] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....46] [ip4][..tcp] [...192.168.1.29][51450] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....48] [ip4][..tcp] [...192.168.1.29][51452] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....47] [ip4][..tcp] [...192.168.1.29][51451] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....49] [ip4][..tcp] [...192.168.1.29][51453] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....48] [ip4][..tcp] [...192.168.1.29][51452] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....49] [ip4][..tcp] [...192.168.1.29][51453] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....45] [ip4][..tcp] [...192.168.1.29][51449] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.032| 0.009| 0.012| 154.797| 3.600] + [PKTLEN......: 52.000| 1492.000| 341.300| 465.200| 216385.700| 3.900] + [BINS(c->s)..: 10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0] + [BINS(s->c)..: 8,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,0,0,1,1,1,0] + [IATS(ms)....: 26.4,26.4,0.1,27.0,0.5,27.4,0.9,0.9,0.3,0.0,25.9,1.2,5.1,32.0,0.1,0.1,0.1,0.1,26.0,1.6,27.4,0.1,0.1,0.3,0.3,0.3,0.1,25.5,1.3,1.3,27.7] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1459,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1185,52,154,595,52,52,274,52] + [ENTROPIES...: 4.2,5.2,4.7,4.5,5.0,7.8,4.8,7.8,4.7,5.8,7.9,4.9,4.9,5.9,4.8,5.9,5.7,4.8,7.6,4.9,7.8,4.7,7.8,4.7,7.8,4.7,6.3,7.6,5.0,5.1,7.2,4.8] + analyse: [....46] [ip4][..tcp] [...192.168.1.29][51450] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.034| 0.008| 0.012| 146.948| 3.400] + [PKTLEN......: 52.000| 1492.000| 259.000| 395.400| 156313.400| 3.900] + [BINS(c->s)..: 7,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 11,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1] + [IATS(ms)....: 26.1,26.2,0.1,25.7,1.6,27.2,0.1,0.1,0.3,0.0,25.7,0.0,1.2,7.7,0.0,34.4,0.1,0.1,0.1,25.8,1.4,27.1,0.1,0.1,0.0,0.1,0.0,24.9,0.1,1.2,0.0] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1461,52,52,52,91,93,52,76,52,608,52,527,52,138,172,603,155,156,52,52,52,52] + [ENTROPIES...: 4.2,5.1,4.7,4.4,4.9,7.8,4.7,7.8,4.7,5.9,7.9,5.0,5.0,5.1,5.9,5.8,4.7,5.5,4.7,7.7,5.1,7.6,4.7,6.2,6.7,7.6,6.5,6.5,5.0,4.9,5.0,4.9] + analyse: [....48] [ip4][..tcp] [...192.168.1.29][51452] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.034| 0.009| 0.013| 163.660| 3.600] + [PKTLEN......: 52.000| 1492.000| 255.100| 395.400| 156328.100| 3.800] + [BINS(c->s)..: 9,1,2,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 9,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,1,0,0,1,1,0,0,0,0,1,1,1,1,0,0] + [IATS(ms)....: 27.4,27.4,0.1,27.3,0.5,27.6,0.1,0.1,0.2,0.1,26.1,0.5,7.6,0.0,33.8,0.1,1.2,1.1,0.1,27.5,0.4,27.8,0.3,0.1,0.1,26.2,0.0,0.8,0.1,26.6,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1469,52,52,91,93,52,52,76,52,612,52,527,52,138,172,537,52,52,52,133,52,105] + [ENTROPIES...: 4.2,5.3,4.8,4.4,5.0,7.8,4.8,7.8,4.8,5.9,7.9,5.1,5.0,6.1,5.9,4.7,4.7,5.6,4.8,7.6,5.1,7.6,4.8,6.3,6.6,7.5,5.1,5.0,5.1,6.5,4.8,5.9] + new: [....50] [ip4][..tcp] [...192.168.1.29][51454] -> [..77.111.247.69][..443] + detected: [....50] [ip4][..tcp] [...192.168.1.29][51454] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....50] [ip4][..tcp] [...192.168.1.29][51454] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....47] [ip4][..tcp] [...192.168.1.29][51451] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.178| 0.027| 0.054| 2913.054| 2.900] + [PKTLEN......: 52.000| 1492.000| 434.600| 557.900| 311277.200| 3.900] + [BINS(c->s)..: 12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0] + [IATS(ms)....: 26.8,26.8,0.1,27.0,1.6,0.0,28.5,0.1,0.2,0.1,25.7,0.0,152.5,0.0,0.1,177.9,0.0,0.1,0.1,26.1,149.1,175.0,1.3,1.3,0.2,0.0,0.2,0.3,0.2,0.1,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,1128,52,52,116,1471,52,52,91,93,76,52,52,52,591,52,1098,52,1098,52,1492,704,52,1492,52,1492,52] + [ENTROPIES...: 4.1,5.2,4.7,4.4,4.9,7.9,7.8,4.6,4.6,5.9,7.9,5.1,5.0,5.8,5.8,5.6,4.7,4.7,4.7,7.6,5.1,7.8,4.7,7.8,4.7,7.9,7.7,4.7,7.9,4.7,7.9,4.7] + new: [....51] [ip4][..tcp] [...192.168.1.29][51455] -> [..77.111.247.69][..443] + new: [....52] [ip4][..tcp] [...192.168.1.29][51456] -> [..77.111.247.69][..443] + detected: [....52] [ip4][..tcp] [...192.168.1.29][51456] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....51] [ip4][..tcp] [...192.168.1.29][51455] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....52] [ip4][..tcp] [...192.168.1.29][51456] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....51] [ip4][..tcp] [...192.168.1.29][51455] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....53] [ip4][..tcp] [...192.168.1.29][51457] -> [..77.111.247.69][..443] + new: [....54] [ip4][..tcp] [...192.168.1.29][51458] -> [..77.111.247.69][..443] + analyse: [.....8] [ip4][..tcp] [...192.168.1.29][51405] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 3.028| 0.204| 0.738| 545057.276| 1.400] + [PKTLEN......: 52.000| 1492.000| 304.700| 439.900| 193493.400| 3.900] + [BINS(c->s)..: 11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,0,1] + [IATS(ms)....: 33.0,33.0,0.3,26.6,1.1,27.4,0.1,0.1,0.3,0.1,26.0,1.1,8.9,0.1,35.6,0.1,0.1,0.0,26.2,2.1,28.2,0.1,0.0,0.1,0.5,28.2,27.7,0.1,0.1,3002.0,3028.4] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1477,52,52,91,93,52,76,52,591,52,1098,52,1098,453,52,138,253,52,148,52,52,76] + [ENTROPIES...: 4.2,5.2,4.8,4.4,5.0,7.8,4.8,7.8,4.8,6.0,7.9,5.0,4.9,5.9,5.9,4.8,5.7,4.8,7.6,5.0,7.8,4.7,7.8,7.6,4.7,6.3,7.1,4.8,6.6,4.7,4.6,5.6] + new: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443] + analyse: [....52] [ip4][..tcp] [...192.168.1.29][51456] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.029| 0.007| 0.012| 139.021| 3.300] + [PKTLEN......: 52.000| 1492.000| 382.700| 493.600| 243675.800| 4.000] + [BINS(c->s)..: 10,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,1,0,0,0] + [IATS(ms)....: 27.0,27.1,0.3,28.1,0.3,28.1,0.3,0.3,0.3,0.1,25.7,1.2,2.7,29.2,0.0,0.1,0.1,0.1,26.0,2.2,0.0,28.1,0.2,0.2,0.1,0.0,0.1,1.8,1.9,0.2,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1467,52,52,91,52,93,76,52,591,52,1098,498,52,1098,52,1492,280,52,1031,52,154,172] + [ENTROPIES...: 4.1,5.1,4.6,4.4,5.0,7.8,4.6,7.8,4.7,5.9,7.9,5.0,5.0,5.8,4.6,6.0,5.6,4.6,7.7,5.0,7.8,7.5,4.6,7.8,4.7,7.9,7.1,4.7,7.8,4.6,6.5,6.6] + analyse: [....50] [ip4][..tcp] [...192.168.1.29][51454] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.189| 0.028| 0.055| 3044.153| 3.000] + [PKTLEN......: 52.000| 1492.000| 416.200| 521.000| 271438.600| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,0,1,0] + [IATS(ms)....: 31.7,31.8,0.2,31.2,1.4,32.3,0.1,0.1,0.4,0.1,30.7,1.2,157.6,0.0,0.1,189.1,0.0,0.3,34.8,142.8,177.3,0.2,0.2,1.2,0.0,1.2,0.3,0.0,0.3,0.1,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1467,52,52,91,93,76,52,52,591,52,1098,52,1098,52,1492,528,52,1492,704,52,432,52] + [ENTROPIES...: 4.2,5.2,4.8,4.4,5.1,7.8,4.8,7.8,4.8,5.9,7.8,5.1,5.1,5.9,6.0,5.6,4.7,4.7,7.6,5.1,7.8,4.8,7.8,4.8,7.9,7.6,4.8,7.9,7.7,4.8,7.5,4.8] + detected: [....54] [ip4][..tcp] [...192.168.1.29][51458] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....54] [ip4][..tcp] [...192.168.1.29][51458] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....51] [ip4][..tcp] [...192.168.1.29][51455] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.040| 0.010| 0.014| 190.700| 3.500] + [PKTLEN......: 52.000| 1492.000| 336.200| 468.300| 219266.800| 3.900] + [BINS(c->s)..: 10,0,1,2,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,0,1,0,1,0,0,0,0,1] + [IATS(ms)....: 28.5,28.6,0.2,28.6,1.2,29.6,0.1,0.1,0.3,0.1,26.9,0.1,1.1,12.5,0.1,40.4,0.0,0.0,0.1,0.1,28.6,7.8,36.3,0.2,0.1,0.2,0.2,1.9,0.3,0.4,29.3] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1479,52,52,52,91,93,52,52,76,52,591,52,1098,52,1098,52,1227,52,154,172,472,52] + [ENTROPIES...: 4.2,5.3,4.8,4.4,5.1,7.8,4.8,7.8,4.8,6.0,7.9,5.0,5.1,5.1,6.0,5.8,4.8,4.8,5.7,4.8,7.6,5.0,7.8,4.7,7.8,4.8,7.8,4.7,6.4,6.7,7.5,5.1] + detection-update: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....54] [ip4][..tcp] [...192.168.1.29][51458] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.169| 0.025| 0.051| 2565.544| 2.900] + [PKTLEN......: 52.000| 1492.000| 435.800| 558.300| 311649.100| 3.900] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,0,1,0,1] + [IATS(ms)....: 27.1,27.2,0.1,27.6,0.4,0.1,27.8,0.1,0.2,0.1,27.9,0.0,1.2,140.1,0.0,0.1,168.9,0.0,0.1,0.2,26.1,139.2,165.0,0.2,0.1,0.2,0.0,0.1,0.3,0.3,0.2] + [PKTLENS.....: 64,60,52,569,52,1492,1127,52,52,116,1471,52,52,52,91,93,76,52,52,52,629,52,1098,52,1098,52,1492,704,52,1492,52,1492] + [ENTROPIES...: 4.2,5.2,4.7,4.4,4.9,7.8,7.8,4.8,4.8,5.9,7.9,5.0,5.0,5.0,5.8,6.0,5.6,4.8,4.8,4.7,7.6,5.0,7.8,4.7,7.8,4.7,7.9,7.7,4.7,7.9,4.7,7.9] + analyse: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.179| 0.027| 0.054| 2949.282| 2.900] + [PKTLEN......: 52.000| 1492.000| 461.800| 572.200| 327423.800| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,5,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,1] + [IATS(ms)....: 27.7,27.7,0.2,27.4,1.5,28.7,0.1,0.1,0.4,0.0,26.9,0.0,152.5,0.1,179.2,0.0,0.1,0.1,26.1,150.4,176.3,0.2,0.0,0.1,0.3,0.2,0.7,0.7,0.4,0.4,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1471,52,52,91,93,52,76,52,591,52,1098,52,1492,528,52,1492,52,704,52,1492,52,1492] + [ENTROPIES...: 4.1,5.2,4.8,4.3,5.1,7.8,4.8,7.8,4.8,5.8,7.9,5.0,5.0,5.9,5.9,4.7,5.6,4.7,7.5,5.0,7.8,4.7,7.8,7.5,4.7,7.9,4.7,7.7,4.7,7.9,4.7,7.9] + analyse: [....49] [ip4][..tcp] [...192.168.1.29][51453] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.604| 0.075| 0.151| 22860.368| 3.100] + [PKTLEN......: 52.000| 1492.000| 384.700| 500.500| 250468.600| 3.900] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,1,0,0,0,0,1,1,1,1,1,0,0,1,0,0,1,1,1,0,0,1,1,0,1,0,1] + [IATS(ms)....: 28.6,28.6,0.1,27.3,1.5,0.1,28.7,0.1,0.2,0.1,27.0,0.0,1.1,153.8,0.0,181.6,0.0,0.1,0.1,0.1,27.4,146.5,0.0,173.7,0.1,603.7,0.0,603.8,141.3,141.3,0.3] + [PKTLENS.....: 64,60,52,569,52,1492,1127,52,52,116,1469,52,52,52,91,93,52,52,76,52,591,52,1098,498,52,52,1098,498,52,1098,52,1492] + [ENTROPIES...: 4.2,5.3,4.8,4.4,5.1,7.9,7.8,4.8,4.8,6.0,7.9,5.1,5.1,5.1,5.9,5.9,4.7,4.8,5.6,4.8,7.6,5.1,7.8,7.6,4.8,4.8,7.8,7.6,4.7,7.8,4.7,7.9] + new: [....56] [ip4][..tcp] [...192.168.1.29][51460] -> [..77.111.247.69][..443] + detected: [....56] [ip4][..tcp] [...192.168.1.29][51460] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....56] [ip4][..tcp] [...192.168.1.29][51460] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....56] [ip4][..tcp] [...192.168.1.29][51460] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.188| 0.020| 0.046| 2094.229| 2.900] + [PKTLEN......: 52.000| 1492.000| 356.800| 487.600| 237730.200| 3.900] + [BINS(c->s)..: 12,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,0,1,1,0,1,1,0,1,0,0,1,0,0] + [IATS(ms)....: 27.3,27.4,0.1,27.0,0.6,27.4,0.7,0.7,0.4,0.1,25.9,1.2,11.4,0.0,38.1,0.1,0.0,0.1,0.1,26.0,2.8,28.7,0.2,0.0,0.2,0.1,0.1,0.1,188.2,188.4,5.4] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1463,52,52,91,93,52,76,52,52,591,52,1098,52,1492,704,52,1098,52,52,366,52,138] + [ENTROPIES...: 4.1,5.2,4.6,4.4,5.0,7.8,4.7,7.8,4.7,5.9,7.9,4.9,5.0,5.9,5.7,4.6,5.6,4.6,4.6,7.6,5.0,7.8,4.7,7.9,7.7,4.6,7.8,4.6,4.7,7.3,4.6,6.2] + new: [....57] [ip4][..tcp] [...192.168.1.29][51461] -> [..77.111.247.69][..443] + detected: [....57] [ip4][..tcp] [...192.168.1.29][51461] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....57] [ip4][..tcp] [...192.168.1.29][51461] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....57] [ip4][..tcp] [...192.168.1.29][51461] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.034| 0.008| 0.012| 144.514| 3.500] + [PKTLEN......: 52.000| 1492.000| 397.200| 485.100| 235309.800| 4.000] + [BINS(c->s)..: 11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1,0,1,1,0] + [IATS(ms)....: 27.0,27.1,0.5,27.3,1.5,28.3,0.1,0.1,1.2,0.3,27.0,1.2,7.6,0.1,0.0,34.3,0.1,0.5,26.1,2.9,0.1,28.4,0.0,0.1,0.1,0.2,0.0,0.2,4.5,0.1,4.6] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1459,52,52,91,93,76,52,52,591,52,1098,1098,52,52,922,52,1098,250,52,1098,682,52] + [ENTROPIES...: 4.2,5.1,4.7,4.4,5.0,7.8,4.8,7.8,4.8,6.0,7.9,5.1,5.1,5.9,6.0,5.7,4.8,4.8,7.7,5.0,7.8,7.8,4.8,4.8,7.8,4.6,7.8,7.2,4.8,7.9,7.7,4.8] + new: [....58] [ip4][..tcp] [...192.168.1.29][51462] -> [..77.111.247.69][..443] + detected: [....58] [ip4][..tcp] [...192.168.1.29][51462] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....58] [ip4][..tcp] [...192.168.1.29][51462] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....58] [ip4][..tcp] [...192.168.1.29][51462] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.033| 0.008| 0.012| 145.944| 3.400] + [PKTLEN......: 52.000| 1492.000| 372.100| 488.600| 238772.900| 3.900] + [BINS(c->s)..: 11,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,0,1,1,1,0,0,0] + [IATS(ms)....: 27.2,27.3,0.3,27.3,1.5,28.5,0.1,0.1,0.4,0.1,27.0,0.0,6.2,0.1,32.7,0.0,0.1,0.1,26.1,2.8,28.8,1.2,1.1,0.3,0.3,0.2,0.0,0.0,0.2,0.1,1.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1129,52,116,1491,52,52,91,93,52,76,52,591,52,1098,52,258,52,1098,52,1492,704,610,52,52,148] + [ENTROPIES...: 4.2,5.2,4.6,4.4,4.9,7.8,4.7,7.8,4.7,5.8,7.9,4.9,4.9,5.9,5.9,4.7,5.6,4.7,7.6,4.9,7.8,4.7,7.2,4.7,7.8,4.7,7.9,7.7,7.7,4.7,4.7,6.4] + new: [....59] [ip4][..tcp] [...192.168.1.29][51463] -> [..77.111.247.69][..443] + new: [....60] [ip4][..tcp] [...192.168.1.29][51464] -> [..77.111.247.69][..443] + detected: [....59] [ip4][..tcp] [...192.168.1.29][51463] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....60] [ip4][..tcp] [...192.168.1.29][51464] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + new: [....61] [ip4][..tcp] [...192.168.1.29][51465] -> [..77.111.247.69][..443] + detection-update: [....59] [ip4][..tcp] [...192.168.1.29][51463] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detected: [....61] [ip4][..tcp] [...192.168.1.29][51465] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....60] [ip4][..tcp] [...192.168.1.29][51464] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....61] [ip4][..tcp] [...192.168.1.29][51465] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + analyse: [....59] [ip4][..tcp] [...192.168.1.29][51463] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.034| 0.008| 0.012| 142.779| 3.400] + [PKTLEN......: 52.000| 1492.000| 385.300| 506.900| 256960.200| 3.900] + [BINS(c->s)..: 10,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 6,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,0,0] + [IATS(ms)....: 26.9,27.0,0.1,26.1,1.5,27.4,0.1,0.1,0.2,0.1,25.7,1.2,7.6,34.1,0.1,0.0,0.1,0.1,26.1,2.8,28.8,0.3,0.3,0.9,0.9,0.3,0.0,0.3,0.5,0.1,0.1] + [PKTLENS.....: 64,60,52,569,52,1492,52,1128,52,116,1469,52,52,91,52,93,76,52,591,52,1098,52,1492,52,704,52,1492,271,52,138,172,539] + [ENTROPIES...: 4.2,5.2,4.6,4.4,4.9,7.8,4.7,7.8,4.7,5.9,7.9,5.0,5.0,6.0,4.8,5.9,5.6,4.8,7.6,4.9,7.8,4.6,7.9,4.6,7.7,4.6,7.9,7.2,4.6,6.3,6.5,7.6] + analyse: [....60] [ip4][..tcp] [...192.168.1.29][51464] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.032| 0.009| 0.013| 162.784| 3.500] + [PKTLEN......: 52.000| 1492.000| 403.100| 505.200| 255231.400| 4.000] + [BINS(c->s)..: 10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0] + [BINS(s->c)..: 7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1] + [IATS(ms)....: 27.8,27.9,0.5,28.7,0.6,28.8,0.6,0.6,0.2,0.1,27.2,0.0,5.0,31.9,0.1,0.0,0.1,0.1,27.3,4.1,31.3,0.2,0.1,0.2,0.0,0.2,0.1,0.1,0.2,26.7,1.6] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1477,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1492,704,52,830,52,148,52,1044] + [ENTROPIES...: 4.1,5.2,4.6,4.4,4.9,7.8,4.7,7.8,4.7,6.0,7.9,5.0,4.9,5.9,4.7,6.0,5.7,4.7,7.6,5.0,7.8,4.7,7.8,4.7,7.9,7.7,4.7,7.8,4.7,6.3,5.0,7.8] + analyse: [....61] [ip4][..tcp] [...192.168.1.29][51465] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.031| 0.009| 0.012| 155.373| 3.600] + [PKTLEN......: 52.000| 1492.000| 343.300| 466.300| 217422.700| 3.900] + [BINS(c->s)..: 10,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0] + [BINS(s->c)..: 8,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,1,0,0,0,0,0,0,0,0,0,1,0,0] + [DIRECTIONS..: 0,1,0,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,0,1,1,0,1,0,1,0,0,0,1,1,1,0] + [IATS(ms)....: 26.5,26.7,0.1,27.2,0.5,27.5,0.1,0.1,0.2,0.1,25.3,1.2,5.0,31.3,0.1,0.1,0.1,0.1,26.1,1.5,27.5,0.1,0.1,0.2,0.2,0.3,0.1,25.6,0.1,2.4,27.8] + [PKTLENS.....: 64,60,52,569,52,1492,52,1127,52,116,1459,52,52,91,52,93,76,52,591,52,1098,52,1098,52,1184,52,154,659,52,52,274,52] + [ENTROPIES...: 4.2,5.3,4.7,4.4,5.1,7.8,4.8,7.8,4.8,6.0,7.9,5.1,5.1,5.9,4.8,5.9,5.6,4.8,7.6,5.1,7.8,4.8,7.8,4.8,7.8,4.8,6.4,7.6,4.9,5.0,7.2,4.7] + new: [....62] [ip4][..tcp] [...192.168.1.29][51466] -> [..77.111.247.69][..443] + detected: [....62] [ip4][..tcp] [...192.168.1.29][51466] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + detection-update: [....62] [ip4][..tcp] [...192.168.1.29][51466] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable][eu0.sec-tunnel.com] + idle: [.....1] [ip4][..tcp] [...192.168.1.29][51398] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [.....2] [ip4][..tcp] [...192.168.1.29][51399] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [.....3] [ip4][..tcp] [...192.168.1.29][51400] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [.....4] [ip4][..tcp] [...192.168.1.29][51401] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [.....5] [ip4][..tcp] [...192.168.1.29][51402] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [.....6] [ip4][..tcp] [...192.168.1.29][51403] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [.....7] [ip4][..tcp] [...192.168.1.29][51404] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [.....8] [ip4][..tcp] [...192.168.1.29][51405] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [.....9] [ip4][..tcp] [...192.168.1.29][51406] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....10] [ip4][..tcp] [...192.168.1.29][51407] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....11] [ip4][..tcp] [...192.168.1.29][51408] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....12] [ip4][..tcp] [...192.168.1.29][51409] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....13] [ip4][..tcp] [...192.168.1.29][51410] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....14] [ip4][..tcp] [...192.168.1.29][51411] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....15] [ip4][..tcp] [...192.168.1.29][51412] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....16] [ip4][..tcp] [...192.168.1.29][51413] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....17] [ip4][..tcp] [...192.168.1.29][51414] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....18] [ip4][..tcp] [...192.168.1.29][51415] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....19] [ip4][..tcp] [...192.168.1.29][51416] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....20] [ip4][..tcp] [...192.168.1.29][51417] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....21] [ip4][..tcp] [...192.168.1.29][51418] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....22] [ip4][..tcp] [...192.168.1.29][51419] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....23] [ip4][..tcp] [...192.168.1.29][51420] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....24] [ip4][..tcp] [...192.168.1.29][51421] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....25] [ip4][..tcp] [...192.168.1.29][51422] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....26] [ip4][..tcp] [...192.168.1.29][51423] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....27] [ip4][..tcp] [...192.168.1.29][51424] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....28] [ip4][..tcp] [...192.168.1.29][51425] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....29] [ip4][..tcp] [...192.168.1.29][51426] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....30] [ip4][..tcp] [...192.168.1.29][51427] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....31] [ip4][..tcp] [...192.168.1.29][51428] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....32] [ip4][..tcp] [...192.168.1.29][51429] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + RISK: TLS (probably) Not Carrying HTTPS + idle: [....33] [ip4][..tcp] [...192.168.1.29][51430] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....34] [ip4][..tcp] [...192.168.1.29][51432] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....35] [ip4][..tcp] [...192.168.1.29][51433] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....36] [ip4][..tcp] [...192.168.1.29][51435] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....37] [ip4][..tcp] [...192.168.1.29][51436] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....38] [ip4][..tcp] [...192.168.1.29][51437] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....39] [ip4][..tcp] [...192.168.1.29][51438] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....40] [ip4][..tcp] [...192.168.1.29][51440] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....41] [ip4][..tcp] [...192.168.1.29][51441] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....42] [ip4][..tcp] [...192.168.1.29][51442] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....43] [ip4][..tcp] [...192.168.1.29][51443] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....44] [ip4][..tcp] [...192.168.1.29][51444] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....45] [ip4][..tcp] [...192.168.1.29][51449] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....46] [ip4][..tcp] [...192.168.1.29][51450] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....47] [ip4][..tcp] [...192.168.1.29][51451] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....48] [ip4][..tcp] [...192.168.1.29][51452] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....49] [ip4][..tcp] [...192.168.1.29][51453] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....50] [ip4][..tcp] [...192.168.1.29][51454] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....51] [ip4][..tcp] [...192.168.1.29][51455] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....52] [ip4][..tcp] [...192.168.1.29][51456] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + guessed: [....53] [ip4][..tcp] [...192.168.1.29][51457] -> [..77.111.247.69][..443] [TLS][Unknown][Web][Safe] + RISK: TCP Connection Issues + end: [....53] [ip4][..tcp] [...192.168.1.29][51457] -> [..77.111.247.69][..443] + end: [....54] [ip4][..tcp] [...192.168.1.29][51458] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....55] [ip4][..tcp] [...192.168.1.29][51459] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....56] [ip4][..tcp] [...192.168.1.29][51460] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....57] [ip4][..tcp] [...192.168.1.29][51461] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....58] [ip4][..tcp] [...192.168.1.29][51462] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....59] [ip4][..tcp] [...192.168.1.29][51463] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....60] [ip4][..tcp] [...192.168.1.29][51464] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + end: [....61] [ip4][..tcp] [...192.168.1.29][51465] -> [..77.111.247.69][..443] [TLS.OperaVPN][Unknown][VPN][Acceptable] + idle: [....62] [ip4][..tcp] [...192.168.1.29][51466] -> [..77.111.247.69][..443] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/os_detected.pcapng.out b/test/results/flow-info/default/os_detected.pcapng.out index d39a14187..1325d597b 100644 --- a/test/results/flow-info/default/os_detected.pcapng.out +++ b/test/results/flow-info/default/os_detected.pcapng.out @@ -3,7 +3,7 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..192.168.1.128][39821] -> [........8.8.8.8][..443] detected: [.....1] [ip4][..udp] [..192.168.1.128][39821] -> [........8.8.8.8][..443] [QUIC][Google][Web][Acceptable][] - RISK: Missing SNI TLS Extn, Unidirectional Traffic + RISK: Missing SNI TLS Extn, Unidirectional Traffic, ALPN/SNI Mismatch idle: [.....1] [ip4][..udp] [..192.168.1.128][39821] -> [........8.8.8.8][..443] [QUIC][Google][Web][Acceptable] - RISK: Missing SNI TLS Extn, Unidirectional Traffic + RISK: Missing SNI TLS Extn, Unidirectional Traffic, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/ossfuzz_seed_fake_traces_1.pcapng.out b/test/results/flow-info/default/ossfuzz_seed_fake_traces_1.pcapng.out index b2a3cdccd..163b6a36a 100644 --- a/test/results/flow-info/default/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/test/results/flow-info/default/ossfuzz_seed_fake_traces_1.pcapng.out @@ -8,21 +8,22 @@ new: [.....2] [ip4][..udp] [......127.0.0.1][.1119] -> [......127.0.0.1][.1120] idle: [.....1] [ip4][..udp] [......127.0.0.1][....1] -> [......127.0.0.1][....2] [HalfLife2][Unknown][Game][Fun] update: [.....2] [ip4][..udp] [......127.0.0.1][.1119] -> [......127.0.0.1][.1120] - update: [.....2] [ip4][..udp] [......127.0.0.1][.1119] -> [......127.0.0.1][.1120] - detected: [.....2] [ip4][..udp] [......127.0.0.1][.1119] -> [......127.0.0.1][.1120] [Starcraft][Unknown][Game][Fun] + detected: [.....2] [ip4][..udp] [......127.0.0.1][.1119] -> [......127.0.0.1][.1120] [Protobuf][Unknown][Network][Safe] + RISK: Unidirectional Traffic + update: [.....2] [ip4][..udp] [......127.0.0.1][.1119] -> [......127.0.0.1][.1120] [Protobuf][Unknown][Network][Safe] RISK: Unidirectional Traffic DAEMON-EVENT: [Processed: 10 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 2] new: [.....3] [ip4][..tcp] [..192.168.1.128][....1] -> [.12.129.206.130][.1119] [MIDSTREAM] detected: [.....3] [ip4][..tcp] [..192.168.1.128][....1] -> [.12.129.206.130][.1119] [Starcraft][Unknown][Game][Fun] RISK: Unidirectional Traffic, TCP Connection Issues - idle: [.....2] [ip4][..udp] [......127.0.0.1][.1119] -> [......127.0.0.1][.1120] [Starcraft][Unknown][Game][Fun] + idle: [.....2] [ip4][..udp] [......127.0.0.1][.1119] -> [......127.0.0.1][.1120] [Protobuf][Unknown][Network][Safe] RISK: Unidirectional Traffic new: [.....4] [ip4][..tcp] [..192.168.1.128][....1] -> [121.254.200.130][.1119] [MIDSTREAM] detected: [.....4] [ip4][..tcp] [..192.168.1.128][....1] -> [121.254.200.130][.1119] [Starcraft][Unknown][Game][Fun] RISK: Unidirectional Traffic, TCP Connection Issues new: [.....5] [ip4][..tcp] [..192.168.1.128][....1] -> [....202.9.66.76][.1119] [MIDSTREAM] - detected: [.....5] [ip4][..tcp] [..192.168.1.128][....1] -> [....202.9.66.76][.1119] [Starcraft][Unknown][Game][Fun] + detected: [.....5] [ip4][..tcp] [..192.168.1.128][....1] -> [....202.9.66.76][.1119] [Starcraft][Starcraft][Game][Fun] RISK: Unidirectional Traffic, TCP Connection Issues new: [.....6] [ip4][..tcp] [..192.168.1.128][....1] -> [.12.129.236.254][.1119] [MIDSTREAM] detected: [.....6] [ip4][..tcp] [..192.168.1.128][....1] -> [.12.129.236.254][.1119] [Starcraft][Unknown][Game][Fun] @@ -44,7 +45,7 @@ RISK: Unidirectional Traffic, TCP Connection Issues idle: [.....3] [ip4][..tcp] [..192.168.1.128][....1] -> [.12.129.206.130][.1119] [Starcraft][Unknown][Game][Fun] RISK: Unidirectional Traffic, TCP Connection Issues - idle: [.....5] [ip4][..tcp] [..192.168.1.128][....1] -> [....202.9.66.76][.1119] [Starcraft][Unknown][Game][Fun] + idle: [.....5] [ip4][..tcp] [..192.168.1.128][....1] -> [....202.9.66.76][.1119] [Starcraft][Starcraft][Game][Fun] RISK: Unidirectional Traffic, TCP Connection Issues DAEMON-EVENT: [Processed: 17 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 8|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] diff --git a/test/results/flow-info/default/pinterest.pcap.out b/test/results/flow-info/default/pinterest.pcap.out index 207665063..5cdad211f 100644 --- a/test/results/flow-info/default/pinterest.pcap.out +++ b/test/results/flow-info/default/pinterest.pcap.out @@ -56,14 +56,14 @@ [PKTLENS.....: 80,80,72,589,72,1460,1460,1460,1230,72,72,72,72,165,171,363,383,350,1026,328,72,72,72,330,72,138,72,72,72,110,1460,72] [ENTROPIES...: 4.6,5.1,5.1,4.4,4.9,6.4,5.2,7.3,7.6,5.1,5.0,5.1,5.1,6.0,6.2,7.2,7.1,6.9,7.4,6.9,4.9,4.9,4.9,7.1,5.1,6.1,4.9,5.0,5.1,5.6,7.9,5.1] new: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] - detected: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][Unknown][Web][Safe][sessions.bugsnag.com] + detected: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][GoogleCloud][Web][Safe][sessions.bugsnag.com] new: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] - detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][Unknown][Web][Safe][sessions.bugsnag.com] - detected: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Unknown][Web][Acceptable][www.google.com] + detection-update: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][GoogleCloud][Web][Safe][sessions.bugsnag.com] + detected: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Google][Web][Acceptable][www.google.com] new: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] - detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Unknown][Web][Acceptable][www.google.com] + detection-update: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Google][Web][Acceptable][www.google.com] detected: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][accounts.pinterest.com] - analyse: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Unknown][Web][Acceptable] + analyse: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.044| 0.009| 0.014| 192.210| 3.400] [PKTLEN......: 72.000| 1280.000| 251.000| 327.800| 107441.100| 4.100] @@ -76,7 +76,7 @@ detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][accounts.pinterest.com] detection-update: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][accounts.pinterest.com] new: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] - analyse: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][Unknown][Web][Safe] + analyse: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][GoogleCloud][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.133| 0.015| 0.030| 874.849| 3.100] [PKTLEN......: 72.000| 1280.000| 309.400| 401.100| 160869.700| 4.100] @@ -112,15 +112,15 @@ [ENTROPIES...: 4.7,5.1,5.1,4.5,5.0,6.7,4.9,5.1,5.1,7.4,5.1,7.3,7.6,5.1,5.2,5.9,6.3,7.4,5.0,5.0,5.0,7.1,6.2,5.2,5.1,7.9,7.9,7.9,5.1,5.1,5.1,7.8] detection-update: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Unknown][Media][Safe][images.unsplash.com] new: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] - detected: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Unknown][Web][Acceptable][www.gstatic.com] + detected: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Google][Web][Acceptable][www.gstatic.com] new: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] - detected: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Unknown][Web][Acceptable][apis.google.com] + detected: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Google][Web][Acceptable][apis.google.com] new: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] - detection-update: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Unknown][Web][Acceptable][www.gstatic.com] - detected: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][connect.facebook.net] - detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Unknown][Web][Acceptable][apis.google.com] - detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][connect.facebook.net] - analyse: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun] + detection-update: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] [TLS.Google][Google][Web][Acceptable][www.gstatic.com] + detected: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][connect.facebook.net] + detection-update: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] [TLS.Google][Google][Web][Acceptable][apis.google.com] + detection-update: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][connect.facebook.net] + analyse: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.093| 0.011| 0.022| 473.126| 3.000] [PKTLEN......: 72.000| 1452.000| 271.000| 368.400| 135732.300| 4.100] @@ -131,15 +131,15 @@ [PKTLENS.....: 80,80,72,589,72,1452,979,72,72,136,164,330,330,72,72,72,251,152,116,653,72,72,72,72,483,1452,114,72,72,72,103,199] [ENTROPIES...: 5.1,5.4,5.4,4.6,5.3,7.8,7.8,5.5,5.5,6.2,6.5,7.3,7.3,5.3,5.2,5.3,7.0,6.4,5.9,7.6,5.4,5.4,5.4,5.4,7.5,7.9,6.1,5.4,5.4,5.4,5.9,6.7] new: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] - detected: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][www.facebook.com] + detected: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com] new: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] - detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun][www.facebook.com] - detected: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][content-autofill.googleapis.com] - detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][content-autofill.googleapis.com] + detection-update: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun][www.facebook.com] + detected: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][content-autofill.googleapis.com] + detection-update: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][content-autofill.googleapis.com] new: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [MIDSTREAM] - detected: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Unknown][Web][Safe] + detected: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Google][Web][Safe] RISK: Unidirectional Traffic - analyse: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Unknown][Web][Safe] + analyse: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Google][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.029| 0.002| 0.006| 41.161| 1.800] [PKTLEN......: 72.000| 1280.000| 738.800| 578.200| 334348.700| 4.500] @@ -150,9 +150,9 @@ [PKTLENS.....: 230,195,72,72,263,1280,72,1280,1280,1280,1280,72,72,1280,1280,72,1280,1280,1280,1280,72,72,1280,1280,237,111,199,72,1280,1280,1280,1280] [ENTROPIES...: 6.9,6.7,5.1,5.1,7.0,7.9,5.2,7.8,7.8,7.8,7.8,5.1,5.1,7.8,7.8,5.2,7.9,7.8,7.8,7.9,5.2,5.2,7.8,7.8,6.9,5.8,6.7,5.1,7.8,7.8,7.8,7.8] new: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] - detected: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Unknown][Web][Acceptable][accounts.google.com] - detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Unknown][Web][Acceptable][accounts.google.com] - analyse: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] + detected: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com] + detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Google][Web][Acceptable][accounts.google.com] + analyse: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.486| 0.062| 0.261| 67965.321| 1.600] [PKTLEN......: 72.000| 1280.000| 238.100| 317.700| 100919.600| 4.100] @@ -162,7 +162,7 @@ [IATS(ms)....: 55.5,55.6,2.6,45.1,17.8,0.0,60.2,0.0,0.3,0.3,9.4,2.5,0.6,42.9,0.0,0.2,0.0,30.6,0.2,14.9,14.7,23.0,0.0,23.0,0.0,0.1,0.0,0.1,1.6,29.4,1485.9] [PKTLENS.....: 80,80,72,589,72,1280,1280,72,72,573,72,136,164,444,72,72,72,652,72,103,103,72,462,135,72,72,111,72,72,111,72,237] [ENTROPIES...: 4.8,5.2,5.1,4.7,5.0,7.8,7.8,5.2,5.2,7.6,5.2,6.1,6.5,7.5,5.1,5.1,5.1,7.6,5.2,5.8,5.7,5.2,7.5,6.2,5.2,5.2,5.9,5.1,5.2,6.0,5.1,6.9] - analyse: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Unknown][Web][Acceptable] + analyse: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.043| 0.009| 0.013| 168.080| 3.500] [PKTLEN......: 72.000| 1280.000| 418.800| 492.400| 242485.900| 4.100] @@ -186,11 +186,11 @@ new: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] new: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] detected: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][assets.pinterest.com] - detected: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Unknown][Advertisement][Acceptable][www.google-analytics.com] + detected: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Google][Advertisement][Acceptable][www.google-analytics.com] detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][assets.pinterest.com] detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun][assets.pinterest.com] - detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Unknown][Advertisement][Acceptable][www.google-analytics.com] - analyse: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Unknown][Advertisement][Acceptable] + detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Google][Advertisement][Acceptable][www.google-analytics.com] + analyse: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Google][Advertisement][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.157| 0.016| 0.035| 1243.837| 2.700] [PKTLEN......: 72.000| 1280.000| 413.000| 486.700| 236885.800| 4.100] @@ -226,25 +226,25 @@ [PKTLENS.....: 80,80,72,589,72,1120,1120,72,72,1120,1120,1120,1120,72,72,72,72,113,72,165,171,342,72,72,330,138,72,72,110,72,1120,1120] [ENTROPIES...: 4.8,5.1,5.2,4.5,5.1,6.9,5.1,5.2,5.2,6.7,7.2,7.3,7.6,5.2,5.1,5.2,5.2,5.6,5.2,6.0,6.4,7.1,5.1,5.1,7.0,6.2,5.2,5.2,5.7,5.0,7.8,7.8] detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][js-agent.newrelic.com] - guessed: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40876] -> [...............2a00:1450:4007:807::200a][..443] [TLS][Unknown][Web][Safe] + guessed: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40876] -> [...............2a00:1450:4007:807::200a][..443] [TLS][Google][Web][Safe] idle: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40876] -> [...............2a00:1450:4007:807::200a][..443] - idle: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][Unknown][Web][Safe] - idle: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Unknown][Web][Acceptable] - idle: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Unknown][Advertisement][Acceptable] + idle: [....13] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47032] -> [......................2600:1901::7a0b::][..443] [TLS][GoogleCloud][Web][Safe] + idle: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40894] -> [...............2a00:1450:4007:816::200d][..443] [TLS.Google][Google][Web][Acceptable] + idle: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45126] -> [...............2a00:1450:4007:80a::200e][..443] [TLS.Google][Google][Advertisement][Acceptable] idle: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40114] -> [.....................64:ff9b::9765:7a6e][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads] - guessed: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51446] -> [...............2a00:1450:4007:816::2003][..443] [TLS][Unknown][Web][Safe] + guessed: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51446] -> [...............2a00:1450:4007:816::2003][..443] [TLS][Google][Web][Safe] idle: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51446] -> [...............2a00:1450:4007:816::2003][..443] - guessed: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51472] -> [...............2a00:1450:4007:816::2003][..443] [TLS][Unknown][Web][Safe] + guessed: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51472] -> [...............2a00:1450:4007:816::2003][..443] [TLS][Google][Web][Safe] idle: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51472] -> [...............2a00:1450:4007:816::2003][..443] idle: [....17] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51582] -> [...............2a00:1450:4007:816::2003][..443] guessed: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38402] -> [.......................2a04:4e42:1d::84][..443] [TLS][Unknown][Web][Safe] idle: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38402] -> [.......................2a04:4e42:1d::84][..443] guessed: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38406] -> [.......................2a04:4e42:1d::84][..443] [TLS][Unknown][Web][Safe] idle: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38406] -> [.......................2a04:4e42:1d::84][..443] - idle: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Unknown][Web][Safe] - guessed: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47682] -> [...............2a00:1450:4007:816::200a][..443] [TLS][Unknown][Web][Safe] + idle: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43562] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Google][Web][Safe] + guessed: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47682] -> [...............2a00:1450:4007:816::200a][..443] [TLS][Google][Web][Safe] idle: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47682] -> [...............2a00:1450:4007:816::200a][..443] - idle: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Unknown][SocialNetwork][Fun] + idle: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51292] -> [.........2a03:2880:f030:13:face:b00c::3][..443] [TLS.Facebook][Facebook][SocialNetwork][Fun] guessed: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56940] -> [......................2a04:4e42:1d::720][..443] [TLS][Unknown][Web][Safe] idle: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56940] -> [......................2a04:4e42:1d::720][..443] idle: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38512] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun] @@ -254,29 +254,29 @@ end: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38520] -> [.......................2a04:4e42:1d::84][..443] end: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38522] -> [.......................2a04:4e42:1d::84][..443] idle: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38546] -> [.......................2a04:4e42:1d::84][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun] - idle: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] + idle: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47790] -> [...............2a00:1450:4007:816::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable] idle: [....16] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57050] -> [......................2a04:4e42:1d::720][..443] [TLS][Unknown][Media][Safe] guessed: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][34626] -> [.....................64:ff9b::acd9:13e2][..443] [TLS][Unknown][Web][Safe] idle: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][34626] -> [.....................64:ff9b::acd9:13e2][..443] - guessed: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54308] -> [...............2a00:1450:4007:806::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54308] -> [...............2a00:1450:4007:806::200e][..443] [TLS][Google][Web][Safe] idle: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54308] -> [...............2a00:1450:4007:806::200e][..443] idle: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54416] -> [...............2a00:1450:4007:806::200e][..443] guessed: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33156] -> [.....................64:ff9b::9765:7854][..443] [TLS][Unknown][Web][Safe] idle: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33156] -> [.....................64:ff9b::9765:7854][..443] guessed: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33164] -> [.....................64:ff9b::9765:7854][..443] [TLS][Unknown][Web][Safe] idle: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33164] -> [.....................64:ff9b::9765:7854][..443] - guessed: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58726] -> [...............2a00:1450:4007:80b::2002][..443] [TLS][Unknown][Web][Safe] + guessed: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58726] -> [...............2a00:1450:4007:80b::2002][..443] [TLS][Google][Web][Safe] idle: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58726] -> [...............2a00:1450:4007:80b::2002][..443] idle: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][60340] -> [......2a03:2880:f11f:83:face:b00c::25de][..443] idle: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33262] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun] idle: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][33280] -> [.....................64:ff9b::9765:7854][..443] [TLS.Pinterest][Unknown][SocialNetwork][Fun] - guessed: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40560] -> [...............2a00:1450:4007:816::2004][..443] [TLS][Unknown][Web][Safe] + guessed: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40560] -> [...............2a00:1450:4007:816::2004][..443] [TLS][Google][Web][Safe] idle: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40560] -> [...............2a00:1450:4007:816::2004][..443] - idle: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Unknown][Web][Acceptable] - guessed: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48890] -> [...............2a00:1450:4007:815::2003][..443] [TLS][Unknown][Web][Safe] + idle: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40694] -> [...............2a00:1450:4007:816::2004][..443] [TLS.Google][Google][Web][Acceptable] + guessed: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48890] -> [...............2a00:1450:4007:815::2003][..443] [TLS][Google][Web][Safe] idle: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48890] -> [...............2a00:1450:4007:815::2003][..443] - guessed: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57130] -> [...............2a00:1450:4007:80c::200a][..443] [TLS][Unknown][Web][Safe] + guessed: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57130] -> [...............2a00:1450:4007:80c::200a][..443] [TLS][Google][Web][Safe] idle: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57130] -> [...............2a00:1450:4007:80c::200a][..443] - guessed: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46918] -> [......................2600:1901::7a0b::][..443] [TLS][Unknown][Web][Safe] + guessed: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46918] -> [......................2600:1901::7a0b::][..443] [TLS][GoogleCloud][Web][Safe] idle: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46918] -> [......................2600:1901::7a0b::][..443] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/protobuf.pcap.out b/test/results/flow-info/default/protobuf.pcap.out new file mode 100644 index 000000000..82561fbe3 --- /dev/null +++ b/test/results/flow-info/default/protobuf.pcap.out @@ -0,0 +1,27 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [......127.0.0.1][52392] -> [......127.0.0.1][12345] + detected: [.....1] [ip4][..tcp] [......127.0.0.1][52392] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + DAEMON-EVENT: [Processed: 20 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip4][..tcp] [......127.0.0.1][51680] -> [......127.0.0.1][12345] + end: [.....1] [ip4][..tcp] [......127.0.0.1][52392] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + detected: [.....2] [ip4][..tcp] [......127.0.0.1][51680] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + DAEMON-EVENT: [Processed: 36 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....3] [ip4][..tcp] [......127.0.0.1][39786] -> [......127.0.0.1][12345] + detected: [.....3] [ip4][..tcp] [......127.0.0.1][39786] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + end: [.....2] [ip4][..tcp] [......127.0.0.1][51680] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + DAEMON-EVENT: [Processed: 44 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....4] [ip4][..tcp] [......127.0.0.1][42358] -> [......127.0.0.1][12345] + detected: [.....4] [ip4][..tcp] [......127.0.0.1][42358] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + end: [.....3] [ip4][..tcp] [......127.0.0.1][39786] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + DAEMON-EVENT: [Processed: 52 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....5] [ip4][..tcp] [......127.0.0.1][59030] -> [......127.0.0.1][12345] + detected: [.....5] [ip4][..tcp] [......127.0.0.1][59030] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + end: [.....4] [ip4][..tcp] [......127.0.0.1][42358] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + end: [.....5] [ip4][..tcp] [......127.0.0.1][59030] -> [......127.0.0.1][12345] [Protobuf][Unknown][Network][Safe] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/psiphon3.pcap.out b/test/results/flow-info/default/psiphon3.pcap.out index ca4d3a03d..474dd927d 100644 --- a/test/results/flow-info/default/psiphon3.pcap.out +++ b/test/results/flow-info/default/psiphon3.pcap.out @@ -3,11 +3,11 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] detected: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS][Cloudflare][Web][Safe][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS][Cloudflare][Web][Safe][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][Cloudflare][VPN][Acceptable][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch analyse: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.046| 0.007| 0.011| 114.161| 3.600] @@ -19,7 +19,7 @@ [PKTLENS.....: 60,60,52,52,40,208,40,208,40,40,1500,1002,1500,1002,40,40,40,40,133,133,40,40,298,109,298,109,40,40,133,417,78,1048] [ENTROPIES...: 4.6,4.6,4.8,4.8,4.8,5.4,4.8,5.4,4.8,4.8,7.0,7.2,7.0,7.2,4.8,4.8,4.8,4.8,5.9,5.9,4.8,4.8,7.0,6.0,7.0,6.0,4.7,4.7,6.3,7.3,5.4,7.8] detection-update: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][Cloudflare][VPN][Acceptable][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch end: [.....1] [ip4][..tcp] [..192.168.0.103][40557] -> [.104.18.151.190][..443] [TLS.Psiphon][Cloudflare][VPN][Acceptable] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/quic-33.pcapng.out b/test/results/flow-info/default/quic-33.pcapng.out index 2233edebe..bd825925f 100644 --- a/test/results/flow-info/default/quic-33.pcapng.out +++ b/test/results/flow-info/default/quic-33.pcapng.out @@ -3,7 +3,7 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] detected: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] [QUIC][Unknown][Web][Acceptable][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic, ALPN/SNI Mismatch idle: [.....1] [ip6][..udp] [....................................::1][51430] -> [....................................::1][.4443] [QUIC][Unknown][Web][Acceptable] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/quic-34.pcap.out b/test/results/flow-info/default/quic-34.pcap.out index 1be4c0b0e..317da963e 100644 --- a/test/results/flow-info/default/quic-34.pcap.out +++ b/test/results/flow-info/default/quic-34.pcap.out @@ -3,7 +3,7 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [...192.168.56.1][55880] -> [.192.168.56.198][.4443] detected: [.....1] [ip4][..udp] [...192.168.56.1][55880] -> [.192.168.56.198][.4443] [QUIC][Unknown][Web][Acceptable][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic, ALPN/SNI Mismatch idle: [.....1] [ip4][..udp] [...192.168.56.1][55880] -> [.192.168.56.198][.4443] [QUIC][Unknown][Web][Acceptable] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/quic-forcing-vn-with-data.pcapng.out b/test/results/flow-info/default/quic-forcing-vn-with-data.pcapng.out index 8cf6aa8cf..0884030eb 100644 --- a/test/results/flow-info/default/quic-forcing-vn-with-data.pcapng.out +++ b/test/results/flow-info/default/quic-forcing-vn-with-data.pcapng.out @@ -5,7 +5,7 @@ detected: [.....1] [ip4][..udp] [.192.168.56.103][55523] -> [.192.168.56.104][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic detection-update: [.....1] [ip4][..udp] [.192.168.56.103][55523] -> [.192.168.56.104][.4433] [QUIC][Unknown][Web][Acceptable][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch idle: [.....1] [ip4][..udp] [.192.168.56.103][55523] -> [.192.168.56.104][.4433] [QUIC][Unknown][Web][Acceptable] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/flow-info/default/quic_frags_ch_in_multiple_packets.pcapng.out index d4855095c..8b574be99 100644 --- a/test/results/flow-info/default/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/test/results/flow-info/default/quic_frags_ch_in_multiple_packets.pcapng.out @@ -5,7 +5,7 @@ detected: [.....1] [ip6][..udp] [....................................::1][58822] -> [....................................::1][.4443] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic detection-update: [.....1] [ip6][..udp] [....................................::1][58822] -> [....................................::1][.4443] [QUIC][Unknown][Web][Acceptable][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic, ALPN/SNI Mismatch idle: [.....1] [ip6][..udp] [....................................::1][58822] -> [....................................::1][.4443] [QUIC][Unknown][Web][Acceptable] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, Unidirectional Traffic, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/flow-info/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index 2fa4dbf64..976cff19c 100644 --- a/test/results/flow-info/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/flow-info/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -196,7 +196,7 @@ DAEMON-EVENT: [Processed: 38 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 27|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 32] new: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] - detected: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] [QUIC.Google][Google][Web][Acceptable][beacons4.gvt2.com] + detected: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] [QUIC.Google][Unknown][Web][Acceptable][beacons4.gvt2.com] RISK: Unidirectional Traffic update: [....25] [ip4][..udp] [...168.144.64.5][63736] -> [.213.188.47.247][..443] [QUIC.YouTube][Unknown][Media][Fun] RISK: Unidirectional Traffic @@ -210,7 +210,7 @@ RISK: Unidirectional Traffic idle: [....25] [ip4][..udp] [...168.144.64.5][63736] -> [.213.188.47.247][..443] [QUIC.YouTube][Unknown][Media][Fun] RISK: Unidirectional Traffic - idle: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] [QUIC.Google][Google][Web][Acceptable] + idle: [....28] [ip4][..udp] [...168.144.64.5][62047] -> [..136.125.67.96][..443] [QUIC.Google][Unknown][Web][Acceptable] RISK: Unidirectional Traffic idle: [....27] [ip4][..udp] [...168.144.64.5][49324] -> [..35.194.157.47][..443] [QUIC.GoogleCloud][GoogleCloud][Advertisement][Acceptable] RISK: Unidirectional Traffic diff --git a/test/results/flow-info/default/quic_interop_V.pcapng.out b/test/results/flow-info/default/quic_interop_V.pcapng.out index 53f83884a..9f0437d99 100644 --- a/test/results/flow-info/default/quic_interop_V.pcapng.out +++ b/test/results/flow-info/default/quic_interop_V.pcapng.out @@ -8,7 +8,7 @@ detected: [.....2] [ip4][..udp] [..192.168.1.128][37643] -> [..71.202.41.169][..443] [QUIC][Unknown][Web][Acceptable] RISK: Unidirectional Traffic new: [.....3] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][37876] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][..443] - detected: [.....3] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][37876] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][..443] [QUIC][Unknown][Web][Acceptable] + detected: [.....3] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][37876] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][..443] [QUIC][AmazonAWS][Web][Acceptable] RISK: Unidirectional Traffic new: [.....4] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][34442] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][..443] detected: [.....4] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][34442] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][..443] [QUIC][Unknown][Web][Acceptable] @@ -35,7 +35,7 @@ detected: [....11] [ip4][.icmp] [...3.121.242.54] -> [..192.168.1.128] [ICMP][AmazonAWS][Network][Acceptable] RISK: Susp Entropy, Unidirectional Traffic new: [....12] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][32957] -> [.................2606:4700:10::6816:826][.4433] - detected: [....12] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][32957] -> [.................2606:4700:10::6816:826][.4433] [QUIC][Unknown][Web][Acceptable] + detected: [....12] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][32957] -> [.................2606:4700:10::6816:826][.4433] [QUIC][Cloudflare][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....13] [ip4][..udp] [..192.168.1.128][60784] -> [...3.121.242.54][.4433] detected: [....13] [ip4][..udp] [..192.168.1.128][60784] -> [...3.121.242.54][.4433] [QUIC][AmazonAWS][Web][Acceptable] @@ -56,7 +56,7 @@ detected: [....18] [ip4][..udp] [..192.168.1.128][49151] -> [133.242.206.244][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....19] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39945] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4433] - detected: [....19] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39945] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4433] [QUIC][Unknown][Web][Acceptable] + detected: [....19] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39945] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4433] [QUIC][AmazonAWS][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....20] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39624] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][..443] detected: [....20] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][39624] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][..443] [QUIC][Unknown][Web][Acceptable] @@ -71,7 +71,7 @@ detected: [....23] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56213] -> [.........2400:8902::f03c:91ff:fe69:a454][.4433] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....24] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52080] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4434] - detected: [....24] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52080] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4434] [QUIC][Unknown][Web][Acceptable] + detected: [....24] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52080] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4434] [QUIC][AmazonAWS][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....25] [ip4][..udp] [..192.168.1.128][37661] -> [..71.202.41.169][.4433] detected: [....25] [ip4][..udp] [..192.168.1.128][37661] -> [..71.202.41.169][.4433] [QUIC][Unknown][Web][Acceptable] @@ -128,7 +128,7 @@ detected: [....42] [ip4][..udp] [..192.168.1.128][45855] -> [133.242.206.244][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....43] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46353] -> [.................2606:4700:10::6816:826][..443] - detected: [....43] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46353] -> [.................2606:4700:10::6816:826][..443] [QUIC][Unknown][Web][Acceptable] + detected: [....43] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46353] -> [.................2606:4700:10::6816:826][..443] [QUIC][Cloudflare][Web][Acceptable] RISK: Unidirectional Traffic new: [....44] [ip4][..udp] [..192.168.1.128][53791] -> [..40.112.191.60][.4434] detected: [....44] [ip4][..udp] [..192.168.1.128][53791] -> [..40.112.191.60][.4434] [QUIC][Azure][Web][Acceptable] @@ -140,7 +140,7 @@ detected: [....46] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][49788] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] - detected: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] [QUIC][Unknown][Web][Acceptable] + detected: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] [QUIC][AmazonAWS][Web][Acceptable] RISK: Unidirectional Traffic new: [....48] [ip4][..udp] [..192.168.1.128][44619] -> [..140.227.52.92][.4433] detected: [....48] [ip4][..udp] [..192.168.1.128][44619] -> [..140.227.52.92][.4433] [QUIC][Unknown][Web][Acceptable] @@ -149,7 +149,7 @@ detected: [....49] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44243] -> [......................2001:19f0:4:34::1][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....50] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38394] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4433] - detected: [....50] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38394] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4433] [QUIC][Unknown][Web][Acceptable] + detected: [....50] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38394] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4433] [QUIC][AmazonAWS][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....51] [ip6][icmp6] [.....2001:19f0:5:c21:5400:1ff:fe33:3b96] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] detected: [....51] [ip6][icmp6] [.....2001:19f0:5:c21:5400:1ff:fe33:3b96] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][Unknown][Network][Acceptable] @@ -173,7 +173,7 @@ detected: [....57] [ip4][..udp] [..192.168.1.128][50705] -> [.138.91.188.147][.4434] [QUIC][Azure][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....58] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][41857] -> [.................2606:4700:10::6816:826][.4434] - detected: [....58] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][41857] -> [.................2606:4700:10::6816:826][.4434] [QUIC][Unknown][Web][Acceptable] + detected: [....58] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][41857] -> [.................2606:4700:10::6816:826][.4434] [QUIC][Cloudflare][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....59] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56073] -> [............2604:a880:800:a1::1279:3001][..443] detected: [....59] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][56073] -> [............2604:a880:800:a1::1279:3001][..443] [QUIC][Unknown][Web][Acceptable] @@ -209,7 +209,7 @@ detected: [....69] [ip4][..udp] [..192.168.1.128][43735] -> [..51.158.105.98][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....70] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44605] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4434] - detected: [....70] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44605] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4434] [QUIC][Unknown][Web][Acceptable] + detected: [....70] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][44605] -> [.2a05:d018:ce9:8100:cd2a:e2fd:b3be:c5ab][.4434] [QUIC][AmazonAWS][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....71] [ip4][.icmp] [.202.238.220.92] -> [..192.168.1.128] detected: [....71] [ip4][.icmp] [.202.238.220.92] -> [..192.168.1.128] [ICMP][Unknown][Network][Acceptable] @@ -314,7 +314,7 @@ RISK: Unidirectional Traffic idle: [.....4] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][34442] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][..443] idle: [.....6] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][48707] -> [..2a00:ac00:4000:400:2e0:4cff:fe68:199d][..443] - idle: [....12] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][32957] -> [.................2606:4700:10::6816:826][.4433] [QUIC][Unknown][Web][Acceptable] + idle: [....12] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][32957] -> [.................2606:4700:10::6816:826][.4433] [QUIC][Cloudflare][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....24] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][52080] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][.4434] idle: [....65] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][53140] -> [.2001:4800:7817:101:be76:4eff:fe04:631d][.4433] @@ -325,7 +325,7 @@ RISK: Unidirectional Traffic idle: [....51] [ip6][icmp6] [.....2001:19f0:5:c21:5400:1ff:fe33:3b96] -> [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d] [ICMPV6][Unknown][Network][Acceptable] RISK: Unidirectional Traffic - idle: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] [QUIC][Unknown][Web][Acceptable] + idle: [....47] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][46242] -> [2600:1f18:2310:d230:5103:7d9e:7d75:374f][..443] [QUIC][AmazonAWS][Web][Acceptable] RISK: Unidirectional Traffic idle: [....63] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][38689] -> [.....2001:19f0:5:c21:5400:1ff:fe33:3b96][.4434] idle: [....10] [ip4][..udp] [..192.168.1.128][38366] -> [.202.238.220.92][.4433] [QUIC][Unknown][Web][Acceptable] @@ -346,7 +346,7 @@ idle: [....39] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][49270] -> [..................2001:bc8:47a4:1c25::1][.4434] idle: [....42] [ip4][..udp] [..192.168.1.128][45855] -> [133.242.206.244][.4434] [QUIC][Unknown][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....58] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][41857] -> [.................2606:4700:10::6816:826][.4434] [QUIC][Unknown][Web][Acceptable] + idle: [....58] [ip6][..udp] [..2001:b07:ac9:d5ae:a4d3:fe47:691e:807d][41857] -> [.................2606:4700:10::6816:826][.4434] [QUIC][Cloudflare][Web][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [.....2] [ip4][..udp] [..192.168.1.128][37643] -> [..71.202.41.169][..443] [QUIC][Unknown][Web][Acceptable] RISK: Unidirectional Traffic diff --git a/test/results/flow-info/default/reddit.pcap.out b/test/results/flow-info/default/reddit.pcap.out index 90cdeeb31..8412fa4bb 100644 --- a/test/results/flow-info/default/reddit.pcap.out +++ b/test/results/flow-info/default/reddit.pcap.out @@ -4,18 +4,18 @@ new: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] new: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40030] -> [...............2a00:1450:4007:80a::200a][..443] new: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] - detected: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][safebrowsing.googleapis.com] + detected: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][safebrowsing.googleapis.com] new: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] - detected: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40030] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][safebrowsing.googleapis.com] + detected: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40030] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][safebrowsing.googleapis.com] detected: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][www.reddit.com] - detection-update: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][safebrowsing.googleapis.com] + detection-update: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][safebrowsing.googleapis.com] detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][www.reddit.com] detection-update: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56558] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][www.reddit.com] - detection-update: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40030] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][safebrowsing.googleapis.com] + detection-update: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40030] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][safebrowsing.googleapis.com] detected: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][www.reddit.com] detection-update: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][www.reddit.com] detection-update: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56560] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][www.reddit.com] - analyse: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] + analyse: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.076| 0.013| 0.023| 533.820| 3.200] [PKTLEN......: 72.000| 1280.000| 281.100| 342.100| 117045.100| 4.200] @@ -118,13 +118,13 @@ new: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] new: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] new: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] - detected: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][www.googletagservices.com] + detected: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] detected: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] [TLS][Unknown][Web][Safe][c.aaxads.com] detected: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Unknown][Web][Acceptable][c.amazon-adsystem.com] - detection-update: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][www.googletagservices.com] + detection-update: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Google][Web][Acceptable][www.googletagservices.com] detection-update: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Unknown][Web][Acceptable][c.amazon-adsystem.com] detection-update: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] [TLS][Unknown][Web][Safe][c.aaxads.com] - analyse: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] + analyse: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.044| 0.008| 0.014| 200.596| 3.100] [PKTLEN......: 72.000| 1280.000| 422.500| 490.000| 240053.700| 4.100] @@ -153,10 +153,10 @@ detection-update: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun][platform.twitter.com] detection-update: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun][platform.twitter.com] new: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] - detected: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][www.googletagmanager.com] - detection-update: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][www.googletagmanager.com] + detected: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Google][Web][Acceptable][www.googletagmanager.com] + detection-update: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Google][Web][Acceptable][www.googletagmanager.com] new: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][32970] -> [.....................64:ff9b::6853:b3d1][..443] - analyse: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] + analyse: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.044| 0.008| 0.014| 205.550| 3.200] [PKTLEN......: 72.000| 1280.000| 415.800| 486.500| 236643.500| 4.100] @@ -175,11 +175,11 @@ detected: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39626] -> [.....................64:ff9b::2278:cf94][..443] [TLS][Unknown][Web][Safe][id.rlcdn.com] new: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] new: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44264] -> [.....................64:ff9b::1736:86f1][..443] - detected: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] [TLS.YouTube][Unknown][Media][Fun][www.youtube.com] + detected: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] [TLS.YouTube][Google][Media][Fun][www.youtube.com] detected: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Unknown][Web][Safe][secure.quantserve.com] detected: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44264] -> [.....................64:ff9b::1736:86f1][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][sb.scorecardresearch.com] detection-update: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39626] -> [.....................64:ff9b::2278:cf94][..443] [TLS][Unknown][Web][Safe][id.rlcdn.com] - detection-update: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] [TLS.YouTube][Unknown][Media][Fun][www.youtube.com] + detection-update: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] [TLS.YouTube][Google][Media][Fun][www.youtube.com] detection-update: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44264] -> [.....................64:ff9b::1736:86f1][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][sb.scorecardresearch.com] detection-update: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Unknown][Web][Safe][secure.quantserve.com] detection-update: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Unknown][Web][Safe][secure.quantserve.com] @@ -201,10 +201,10 @@ new: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] detected: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Acceptable][ad.doubleclick.net] detected: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Acceptable][ad.doubleclick.net] - detected: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][Unknown][Web][Safe][rules.quantcount.com] + detected: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][AmazonAWS][Web][Safe][rules.quantcount.com] detection-update: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Acceptable][ad.doubleclick.net] detection-update: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Acceptable][ad.doubleclick.net] - detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][Unknown][Web][Safe][rules.quantcount.com] + detection-update: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] [TLS][AmazonAWS][Web][Safe][rules.quantcount.com] analyse: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.043| 0.011| 0.015| 223.794| 3.600] @@ -227,13 +227,13 @@ [ENTROPIES...: 4.8,5.2,5.2,4.6,5.1,6.8,5.2,7.4,7.6,5.2,5.2,6.4,6.3,7.1,7.1,5.1,5.1,5.1,6.4,5.1,7.0,5.2,5.9,5.2,5.6,5.9,5.2,5.1,5.1,7.5,5.2,7.3] detection-update: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun][syndication.twitter.com] new: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] - detected: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun][cdn.syndication.twimg.com] - detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun][cdn.syndication.twimg.com] + detected: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Edgecast][SocialNetwork][Fun][cdn.syndication.twimg.com] + detection-update: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Edgecast][SocialNetwork][Fun][cdn.syndication.twimg.com] new: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] new: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] - detected: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Unknown][Advertisement][Acceptable][static.doubleclick.net] - detected: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Unknown][Web][Acceptable][www.google.com] - analyse: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun] + detected: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Google][Advertisement][Acceptable][static.doubleclick.net] + detected: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Google][Web][Acceptable][www.google.com] + analyse: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Edgecast][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.051| 0.012| 0.018| 319.203| 3.500] [PKTLEN......: 72.000| 1280.000| 307.800| 396.400| 157103.100| 4.100] @@ -243,16 +243,16 @@ [IATS(ms)....: 43.0,43.1,0.3,41.3,10.2,51.1,0.4,38.4,3.5,41.5,0.5,0.0,0.5,0.0,0.1,0.1,2.3,0.2,0.1,38.5,0.0,0.0,0.0,36.0,0.0,0.0,0.1,5.2,2.2,17.6,0.2] [PKTLENS.....: 80,80,72,589,72,171,72,595,72,1280,72,1280,1280,72,72,409,72,146,164,459,72,327,327,168,72,72,72,103,72,72,103,1280] [ENTROPIES...: 5.2,5.5,5.4,4.7,5.3,6.2,5.3,5.1,5.3,7.8,5.5,7.8,7.9,5.4,5.4,7.4,5.5,6.4,6.6,7.5,5.4,7.3,7.3,6.5,5.4,5.5,5.4,6.0,5.4,5.4,5.9,7.8] - detection-update: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Unknown][Advertisement][Acceptable][static.doubleclick.net] + detection-update: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Google][Advertisement][Acceptable][static.doubleclick.net] new: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] new: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] new: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] new: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] - detection-update: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Unknown][Web][Acceptable][www.google.com] - detected: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Unknown][Web][Acceptable][fonts.gstatic.com] - detected: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Unknown][Web][Acceptable][fonts.gstatic.com] - detected: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Unknown][Media][Fun][yt3.ggpht.com] - analyse: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Unknown][Web][Acceptable] + detection-update: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Google][Web][Acceptable][www.google.com] + detected: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Google][Web][Acceptable][fonts.gstatic.com] + detected: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Google][Web][Acceptable][fonts.gstatic.com] + detected: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Google][Media][Fun][yt3.ggpht.com] + analyse: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.062| 0.009| 0.018| 308.294| 3.000] [PKTLEN......: 72.000| 1280.000| 412.800| 483.300| 233579.900| 4.100] @@ -262,12 +262,12 @@ [IATS(ms)....: 37.4,37.4,0.2,47.4,15.0,0.0,62.3,0.0,0.4,0.3,2.5,0.2,0.3,39.9,0.1,0.0,2.3,39.3,0.2,2.9,2.6,0.8,0.8,0.3,0.0,0.0,0.3,0.0,0.0,0.1,0.0] [PKTLENS.....: 80,80,72,589,72,1280,1280,72,72,289,72,136,164,358,72,72,72,652,72,103,497,72,1280,72,1280,1280,1280,72,72,72,1280,292] [ENTROPIES...: 4.7,5.3,5.2,4.4,5.1,7.8,7.8,5.2,5.2,7.2,5.2,6.1,6.5,7.3,5.1,5.1,5.1,7.7,5.1,5.8,7.5,5.2,7.8,5.2,7.8,7.9,7.8,5.1,5.2,5.1,7.8,7.2] - detected: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] [TLS.YouTube][Unknown][Media][Fun][i.ytimg.com] - detection-update: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Unknown][Media][Fun][yt3.ggpht.com] - detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] [TLS.YouTube][Unknown][Media][Fun][i.ytimg.com] - detection-update: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Unknown][Web][Acceptable][fonts.gstatic.com] - detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Unknown][Web][Acceptable][fonts.gstatic.com] - analyse: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Unknown][Media][Fun] + detected: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] [TLS.YouTube][Google][Media][Fun][i.ytimg.com] + detection-update: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Google][Media][Fun][yt3.ggpht.com] + detection-update: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] [TLS.YouTube][Google][Media][Fun][i.ytimg.com] + detection-update: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47302] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Google][Web][Acceptable][fonts.gstatic.com] + detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47304] -> [...............2a00:1450:4007:80c::2003][..443] [TLS.Google][Google][Web][Acceptable][fonts.gstatic.com] + analyse: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Google][Media][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.069| 0.011| 0.023| 518.376| 2.800] [PKTLEN......: 72.000| 1280.000| 385.700| 459.200| 210886.500| 4.100] @@ -294,18 +294,18 @@ detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun][gateway.reddit.com] new: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] new: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] - detected: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] [TLS.Google][Unknown][Web][Acceptable][adservice.google.fr] - detected: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Unknown][Web][Acceptable][adservice.google.com] + detected: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] [TLS.Google][Google][Web][Acceptable][adservice.google.fr] + detected: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Google][Web][Acceptable][adservice.google.com] new: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] new: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] detected: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS.Amazon][Unknown][Web][Acceptable][aax-eu.amazon-adsystem.com] - detection-update: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] [TLS.Google][Unknown][Web][Acceptable][adservice.google.fr] - detection-update: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Unknown][Web][Acceptable][adservice.google.com] - detected: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com] - detection-update: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com] + detection-update: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] [TLS.Google][Google][Web][Acceptable][adservice.google.fr] + detection-update: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Google][Web][Acceptable][adservice.google.com] + detected: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com] + detection-update: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][8a755a3fef0b189d8ab5b0d10758f68a.safeframe.googlesyndication.com] detection-update: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS.Amazon][Unknown][Web][Acceptable][aax-eu.amazon-adsystem.com] detection-update: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] [TLS.Amazon][Unknown][Web][Acceptable][aax-eu.amazon-adsystem.com] - analyse: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Unknown][Web][Acceptable] + analyse: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.046| 0.008| 0.012| 155.374| 3.400] [PKTLEN......: 72.000| 1280.000| 280.100| 371.700| 138197.800| 4.100] @@ -315,7 +315,7 @@ [IATS(ms)....: 18.5,18.6,0.4,37.2,9.0,0.0,0.0,0.0,45.9,0.0,0.0,0.0,8.7,0.4,0.3,33.6,0.0,0.1,1.2,0.0,25.4,0.0,0.5,7.3,0.0,0.0,6.8,0.0,0.0,3.7,20.5] [PKTLENS.....: 80,80,72,589,72,1280,1280,1280,273,72,72,72,72,136,164,349,72,72,72,652,103,72,72,103,775,516,111,72,72,72,111,72] [ENTROPIES...: 4.8,5.3,5.2,4.6,5.1,7.8,7.8,7.8,7.0,5.2,5.2,5.2,5.2,6.3,6.6,7.3,5.1,5.1,5.1,7.6,5.7,5.3,5.3,5.9,7.7,7.6,5.9,5.2,5.2,5.2,6.0,5.0] - analyse: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable] + analyse: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Google][Advertisement][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.034| 0.007| 0.011| 127.134| 3.400] [PKTLEN......: 72.000| 1280.000| 323.800| 408.200| 166632.700| 4.100] @@ -335,28 +335,28 @@ new: [....56] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36966] -> [...............2a00:1450:4007:80f::2001][..443] new: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] new: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] - detected: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] - detected: [....50] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46808] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] - detected: [....51] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46810] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] - detected: [....52] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46812] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] - detected: [....53] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46814] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] - detected: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][fonts.googleapis.com] - detected: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][tpc.googlesyndication.com] - detected: [....56] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36966] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][tpc.googlesyndication.com] - detected: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][tpc.googlesyndication.com] - detected: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][tpc.googlesyndication.com] - detection-update: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] + detected: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] + detected: [....50] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46808] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] + detected: [....51] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46810] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] + detected: [....52] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46812] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] + detected: [....53] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46814] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] + detected: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][fonts.googleapis.com] + detected: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detected: [....56] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36966] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detected: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detected: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detection-update: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] new: [....59] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36972] -> [...............2a00:1450:4007:80f::2001][..443] - detection-update: [....50] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46808] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] - detection-update: [....51] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46810] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] - detection-update: [....52] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46812] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] - detection-update: [....53] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46814] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable][cdn.ampproject.org] - detection-update: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][fonts.googleapis.com] - detection-update: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][tpc.googlesyndication.com] - detection-update: [....56] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36966] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][tpc.googlesyndication.com] - detection-update: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][tpc.googlesyndication.com] - detection-update: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable][tpc.googlesyndication.com] - analyse: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable] + detection-update: [....50] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46808] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] + detection-update: [....51] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46810] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] + detection-update: [....52] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46812] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] + detection-update: [....53] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46814] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable][cdn.ampproject.org] + detection-update: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][fonts.googleapis.com] + detection-update: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detection-update: [....56] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36966] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detection-update: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][tpc.googlesyndication.com] + detection-update: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable][tpc.googlesyndication.com] + analyse: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.046| 0.009| 0.014| 200.064| 3.400] [PKTLEN......: 72.000| 1280.000| 320.900| 398.400| 158685.900| 4.100] @@ -366,7 +366,7 @@ [IATS(ms)....: 29.5,29.5,0.1,39.8,6.2,0.0,0.0,45.9,0.0,0.0,16.6,7.4,0.9,0.2,45.4,0.2,20.4,0.5,14.7,1.9,0.0,0.0,16.1,2.9,0.0,0.0,3.0,0.0,0.0,1.6,0.0] [PKTLENS.....: 80,80,72,589,72,1280,1280,311,72,72,72,136,164,391,375,72,652,72,103,72,103,72,72,72,551,398,207,72,72,72,1280,1280] [ENTROPIES...: 4.9,5.3,5.2,4.6,5.1,7.8,7.9,7.2,5.2,5.2,5.1,6.1,6.5,7.4,7.3,5.0,7.7,5.2,5.8,5.1,5.8,5.0,5.0,5.1,7.6,7.4,6.7,5.2,5.2,5.1,7.8,7.8] - analyse: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] + analyse: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.044| 0.010| 0.013| 181.589| 3.600] [PKTLEN......: 72.000| 1280.000| 270.100| 336.600| 113301.500| 4.200] @@ -380,14 +380,14 @@ detected: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] [TLS][Unknown][Web][Safe][d9.flashtalking.com] detection-update: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] [TLS][Unknown][Web][Safe][d9.flashtalking.com] detection-update: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] [TLS][Unknown][Web][Safe][d9.flashtalking.com] - idle: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Unknown][Web][Acceptable] - idle: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Unknown][Web][Acceptable] + idle: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57282] -> [...............2a00:1450:4007:805::2004][..443] [TLS.Google][Google][Web][Acceptable] + idle: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59336] -> [...............2a00:1450:4007:80b::2002][..443] [TLS.Google][Google][Web][Acceptable] idle: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] - idle: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable] + idle: [....55] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36964] -> [...............2a00:1450:4007:80f::2001][..443] [TLS.Google][Google][Advertisement][Acceptable] end: [....56] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36966] -> [...............2a00:1450:4007:80f::2001][..443] end: [....57] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36968] -> [...............2a00:1450:4007:80f::2001][..443] end: [....58] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36970] -> [...............2a00:1450:4007:80f::2001][..443] - guessed: [....59] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36972] -> [...............2a00:1450:4007:80f::2001][..443] [TLS][Unknown][Web][Safe] + guessed: [....59] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36972] -> [...............2a00:1450:4007:80f::2001][..443] [TLS][Google][Web][Safe] RISK: TCP Connection Issues end: [....59] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][36972] -> [...............2a00:1450:4007:80f::2001][..443] idle: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44264] -> [.....................64:ff9b::1736:86f1][..443] @@ -411,35 +411,35 @@ end: [....18] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56588] -> [.....................64:ff9b::9765:798c][..443] end: [....19] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56590] -> [.....................64:ff9b::9765:798c][..443] idle: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56592] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun] - idle: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Unknown][Advertisement][Acceptable] + idle: [....48] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][59624] -> [...............2a00:1450:4007:80b::2001][..443] [TLS.Google][Google][Advertisement][Acceptable] idle: [....21] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56594] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun] idle: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS.Reddit][Unknown][SocialNetwork][Fun] idle: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56186] -> [...2600:9000:219c:ee00:6:44e3:f8c0:93a1][..443] idle: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38320] -> [.....................64:ff9b::6853:b3b6][..443] idle: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun] idle: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46646] -> [.....................64:ff9b::345f:7ca5][..443] - idle: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Unknown][SocialNetwork][Fun] - idle: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] - idle: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Unknown][Media][Fun] + idle: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39736] -> [.....2606:2800:134:1a0d:1429:742:782:b6][..443] [TLS.Twitter][Edgecast][SocialNetwork][Fun] + idle: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39520] -> [...............2a00:1450:4007:816::2008][..443] [TLS.GoogleServices][Google][Web][Acceptable] + idle: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58122] -> [...............2a00:1450:4007:805::2001][..443] [TLS.YouTube][Google][Media][Fun] idle: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51026] -> [.....................64:ff9b::acd9:12c2][..443] idle: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51100] -> [.....................64:ff9b::d83a:d1e6][..443] [TLS.Google][Unknown][Advertisement][Acceptable] idle: [....60] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][47006] -> [.....................64:ff9b::34d3:acec][..443] end: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51102] -> [.....................64:ff9b::d83a:d1e6][..443] idle: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][52296] -> [...............2a00:1450:4007:815::2016][..443] - idle: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] + idle: [.....1] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40028] -> [...............2a00:1450:4007:80a::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable] end: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40030] -> [...............2a00:1450:4007:80a::200a][..443] idle: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][32970] -> [.....................64:ff9b::6853:b3d1][..443] idle: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48648] -> [...2620:116:800d:21:f916:5049:f87f:108e][..443] [TLS][Unknown][Web][Safe] - idle: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] + idle: [....54] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38166] -> [...............2a00:1450:4007:811::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable] idle: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43492] -> [......................64:ff9b::df9:21c6][..443] [TLS.Amazon][Unknown][Web][Acceptable] - idle: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Unknown][Advertisement][Acceptable] + idle: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54726] -> [...............2a00:1450:4007:808::2006][..443] [TLS.Google][Google][Advertisement][Acceptable] idle: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][54862] -> [...............2a00:1450:4007:806::200e][..443] idle: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39626] -> [.....................64:ff9b::2278:cf94][..443] [TLS][Unknown][Web][Safe] - idle: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Unknown][Web][Acceptable] + idle: [....49] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46806] -> [...............2a00:1450:4007:808::2001][..443] [TLS.Google][Google][Web][Acceptable] end: [....50] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46808] -> [...............2a00:1450:4007:808::2001][..443] end: [....51] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46810] -> [...............2a00:1450:4007:808::2001][..443] end: [....52] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46812] -> [...............2a00:1450:4007:808::2001][..443] end: [....53] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][46814] -> [...............2a00:1450:4007:808::2001][..443] - idle: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] - idle: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] [TLS.Google][Unknown][Web][Acceptable] + idle: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS.GoogleServices][Google][Web][Acceptable] + idle: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51006] -> [...............2a00:1450:4007:805::2002][..443] [TLS.Google][Google][Web][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/rmcp.pcap.out b/test/results/flow-info/default/rmcp.pcap.out new file mode 100644 index 000000000..33864283d --- /dev/null +++ b/test/results/flow-info/default/rmcp.pcap.out @@ -0,0 +1,38 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.123.212.25.229][49531] -> [..171.47.173.23][..623] + detected: [.....1] [ip4][..udp] [.123.212.25.229][49531] -> [..171.47.173.23][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 1 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....2] [ip4][..udp] [.54.229.154.152][59937] -> [...14.85.79.172][..623] + detected: [.....2] [ip4][..udp] [.54.229.154.152][59937] -> [...14.85.79.172][..623] [RMCP][AmazonAWS][System][Safe] + RISK: Unidirectional Traffic + new: [.....3] [ip4][..udp] [..137.141.61.18][59937] -> [...82.132.4.178][..623] + detected: [.....3] [ip4][..udp] [..137.141.61.18][59937] -> [...82.132.4.178][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....1] [ip4][..udp] [.123.212.25.229][49531] -> [..171.47.173.23][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 3 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 2 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....4] [ip4][..udp] [.129.222.153.30][58065] -> [190.219.142.148][..623] + detected: [.....4] [ip4][..udp] [.129.222.153.30][58065] -> [190.219.142.148][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....3] [ip4][..udp] [..137.141.61.18][59937] -> [...82.132.4.178][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....2] [ip4][..udp] [.54.229.154.152][59937] -> [...14.85.79.172][..623] [RMCP][AmazonAWS][System][Safe] + RISK: Unidirectional Traffic + new: [.....5] [ip4][..udp] [..64.240.55.240][57984] -> [...30.144.16.67][..623] + detected: [.....5] [ip4][..udp] [..64.240.55.240][57984] -> [...30.144.16.67][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + new: [.....6] [ip4][..udp] [..127.36.88.103][34698] -> [.164.114.97.252][..623] + detected: [.....6] [ip4][..udp] [..127.36.88.103][34698] -> [.164.114.97.252][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....6] [ip4][..udp] [..127.36.88.103][34698] -> [.164.114.97.252][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....5] [ip4][..udp] [..64.240.55.240][57984] -> [...30.144.16.67][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + idle: [.....4] [ip4][..udp] [.129.222.153.30][58065] -> [190.219.142.148][..623] [RMCP][Unknown][System][Safe] + RISK: Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/srvloc.pcap.out b/test/results/flow-info/default/srvloc.pcap.out index 6874d7152..9edf91c2a 100644 --- a/test/results/flow-info/default/srvloc.pcap.out +++ b/test/results/flow-info/default/srvloc.pcap.out @@ -2300,7 +2300,7 @@ DAEMON-EVENT: [Processed: 352 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 346|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 57] new: [...347] [ip4][..udp] [.172.206.191.39][55684] -> [..165.144.84.62][..427] - detected: [...347] [ip4][..udp] [.172.206.191.39][55684] -> [..165.144.84.62][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] + detected: [...347] [ip4][..udp] [.172.206.191.39][55684] -> [..165.144.84.62][..427] [Service_Location_Protocol][Azure][RPC][Acceptable] RISK: Unidirectional Traffic idle: [...346] [ip4][..udp] [206.240.152.225][52955] -> [..90.145.180.58][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] RISK: Unidirectional Traffic @@ -2309,7 +2309,7 @@ new: [...348] [ip4][..udp] [..175.206.31.84][52553] -> [..69.109.187.54][..427] detected: [...348] [ip4][..udp] [..175.206.31.84][52553] -> [..69.109.187.54][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] RISK: Unidirectional Traffic - idle: [...347] [ip4][..udp] [.172.206.191.39][55684] -> [..165.144.84.62][..427] [Service_Location_Protocol][Unknown][RPC][Acceptable] + idle: [...347] [ip4][..udp] [.172.206.191.39][55684] -> [..165.144.84.62][..427] [Service_Location_Protocol][Azure][RPC][Acceptable] RISK: Unidirectional Traffic DAEMON-EVENT: [Processed: 354 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 348|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 57] diff --git a/test/results/flow-info/default/starcraft_battle.pcap.out b/test/results/flow-info/default/starcraft_battle.pcap.out index c17d67b50..6d65bb66c 100644 --- a/test/results/flow-info/default/starcraft_battle.pcap.out +++ b/test/results/flow-info/default/starcraft_battle.pcap.out @@ -205,7 +205,7 @@ end: [....43] [ip4][..tcp] [..192.168.1.100][.3526] -> [..80.239.186.40][...80] [HTTP][Unknown][Web][Acceptable] guessed: [.....6] [ip4][..udp] [..173.194.40.22][..443] -> [..192.168.1.100][53568] [QUIC][Google][Web][Acceptable] idle: [.....6] [ip4][..udp] [..173.194.40.22][..443] -> [..192.168.1.100][53568] - guessed: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119] [Starcraft][Starcraft][Game][Fun] + guessed: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119] [Starcraft][Unknown][Game][Fun] idle: [....34] [ip4][..udp] [..192.168.1.100][53146] -> [...5.42.180.154][.1119] guessed: [....25] [ip4][..tcp] [..192.168.1.100][.3486] -> [.199.38.164.156][..443] [TLS][Unknown][Web][Safe] end: [....25] [ip4][..tcp] [..192.168.1.100][.3486] -> [.199.38.164.156][..443] diff --git a/test/results/flow-info/default/steam.pcap.out b/test/results/flow-info/default/steam.pcap.out index 549cf1db9..6062f97f6 100644 --- a/test/results/flow-info/default/steam.pcap.out +++ b/test/results/flow-info/default/steam.pcap.out @@ -166,6 +166,11 @@ new: [....55] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.176][27017] detected: [....55] [ip4][..udp] [192.168.188.149][45665] -> [..72.165.61.176][27017] [Steam][Unknown][Game][Fun] RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 104 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 55 / 55|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [....56] [ip4][..udp] [...118.105.60.5][14963] -> [....2.95.26.169][27036] + detected: [....56] [ip4][..udp] [...118.105.60.5][14963] -> [....2.95.26.169][27036] [Steam][Unknown][Game][Fun] + RISK: Unidirectional Traffic idle: [....37] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.7][27017] [Steam][Unknown][Game][Fun] RISK: Unidirectional Traffic idle: [.....6] [ip4][..udp] [192.168.188.149][45665] -> [...81.171.115.8][27017] [Steam][Unknown][Game][Fun] @@ -276,4 +281,20 @@ RISK: Unidirectional Traffic idle: [.....2] [ip4][..udp] [192.168.188.149][45665] -> [..146.66.152.12][27019] [Steam][Steam][Game][Fun] RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 105 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 56|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [....57] [ip4][..udp] [245.111.219.147][27380] -> [104.191.198.151][27036] + detected: [....57] [ip4][..udp] [245.111.219.147][27380] -> [104.191.198.151][27036] [Steam][Unknown][Game][Fun] + RISK: Unidirectional Traffic + idle: [....56] [ip4][..udp] [...118.105.60.5][14963] -> [....2.95.26.169][27036] [Steam][Unknown][Game][Fun] + RISK: Unidirectional Traffic + DAEMON-EVENT: [Processed: 106 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 1 / 57|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [....58] [ip4][..udp] [...98.10.157.76][10595] -> [164.144.140.184][27036] + detected: [....58] [ip4][..udp] [...98.10.157.76][10595] -> [164.144.140.184][27036] [Steam][Unknown][Game][Fun] + RISK: Unidirectional Traffic + idle: [....57] [ip4][..udp] [245.111.219.147][27380] -> [104.191.198.151][27036] [Steam][Unknown][Game][Fun] + RISK: Unidirectional Traffic + idle: [....58] [ip4][..udp] [...98.10.157.76][10595] -> [164.144.140.184][27036] [Steam][Unknown][Game][Fun] + RISK: Unidirectional Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun.pcap.out b/test/results/flow-info/default/stun.pcap.out index 47265b1c3..0de2b76b4 100644 --- a/test/results/flow-info/default/stun.pcap.out +++ b/test/results/flow-info/default/stun.pcap.out @@ -6,8 +6,9 @@ DAEMON-EVENT: [Processed: 15 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] - end: [.....1] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] detected: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable][] + RISK: Unidirectional Traffic + end: [.....1] [ip4][..tcp] [...10.77.110.51][41588] -> [..10.206.50.239][42000] [STUN.Skype_TeamsCall][Unknown][VoIP][Acceptable] update: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] update: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] analyse: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] @@ -24,7 +25,9 @@ DAEMON-EVENT: [Processed: 57 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] new: [.....3] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] - detected: [.....3] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][Facebook][VoIP][Acceptable][turner.facebook] + detected: [.....3] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN][Facebook][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....3] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][Facebook][VoIP][Acceptable][turner.facebook] RISK: Known Proto on Non Std Port analyse: [.....3] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][Facebook][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -38,19 +41,18 @@ [ENTROPIES...: 4.9,5.6,5.9,5.8,5.9,6.0,5.6,5.8,5.5,5.6,5.9,6.0,6.0,5.9,5.8,5.5,6.0,5.9,6.0,5.9,5.9,6.0,5.8,6.0,5.9,6.0,5.9,5.9,5.8,5.6,6.1,6.0] idle: [.....2] [ip6][..udp] [3516:bf0b:fc53:75e7:70af:f67f:8e49:f603][56880] -> [....2a38:e156:8167:a333:face:b00c::24d9][.3478] [STUN][Unknown][Network][Acceptable] DAEMON-EVENT: [Processed: 132 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] + DAEMON-EVENT: [Flows][active: 1 / 3|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 3] new: [.....4] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] - detected: [.....4] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable][apps-host.com] + detected: [.....4] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable][] + detection-update: [.....4] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable][apps-host.com] idle: [.....3] [ip4][..udp] [.192.168.12.169][38123] -> [....31.13.86.54][40003] [STUN.FacebookVoip][Facebook][VoIP][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: [Processed: 152 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 3] + DAEMON-EVENT: [Flows][active: 1 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 2|updates: 3] new: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] - detected: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [DTLS][Google][Web][Safe] - RISK: TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - detection-update: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [DTLS.GoogleHangoutDuo][Google][VoIP][Acceptable] - RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn - analyse: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [DTLS.GoogleHangoutDuo][Google][VoIP][Acceptable] + detected: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + RISK: Unidirectional Traffic + analyse: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.836| 0.131| 0.227| 51553.292| 3.400] [PKTLEN......: 62.000| 1226.000| 179.200| 221.300| 48965.100| 4.400] @@ -60,7 +62,7 @@ [IATS(ms)....: 22.9,25.6,18.8,27.0,9.0,16.5,8.2,0.0,96.0,9.4,96.1,13.9,9.7,14.0,0.0,0.0,28.4,12.0,233.2,17.4,835.9,625.3,352.7,699.8,203.7,550.7,72.1,9.0,20.6,28.1,14.7] [PKTLENS.....: 136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95] [ENTROPIES...: 5.9,5.9,5.0,5.9,7.3,6.7,5.8,5.7,7.4,5.7,6.0,6.2,6.4,5.9,6.1,5.4,5.4,5.6,5.9,5.3,5.2,5.9,5.8,5.2,6.1,5.9,6.0,6.1,6.0,5.9,6.1,5.9] - idle: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [DTLS.GoogleHangoutDuo][Google][VoIP][Acceptable] - RISK: Self-signed Cert, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn + idle: [.....5] [ip4][..udp] [.192.168.12.169][49153] -> [..142.250.82.99][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + RISK: Unidirectional Traffic idle: [.....4] [ip4][..tcp] [...87.47.100.17][.3478] -> [....54.1.57.155][37257] [STUN][Unknown][Network][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_classic.pcap.out b/test/results/flow-info/default/stun_classic.pcap.out index 14053455b..8bf7926a9 100644 --- a/test/results/flow-info/default/stun_classic.pcap.out +++ b/test/results/flow-info/default/stun_classic.pcap.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..172.16.63.224][55050] -> [...172.16.63.21][13958] - detected: [.....1] [ip4][..udp] [..172.16.63.224][55050] -> [...172.16.63.21][13958] [STUN.RTP][Unknown][Media][Acceptable][] - RISK: Known Proto on Non Std Port - idle: [.....1] [ip4][..udp] [..172.16.63.224][55050] -> [...172.16.63.21][13958] [STUN.RTP][Unknown][Media][Acceptable] + detected: [.....1] [ip4][..udp] [..172.16.63.224][55050] -> [...172.16.63.21][13958] [STUN][Unknown][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [.....1] [ip4][..udp] [..172.16.63.224][55050] -> [...172.16.63.21][13958] [STUN.RTP][Unknown][Network][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_dtls_unidirectional_client.pcap.out b/test/results/flow-info/default/stun_dtls_unidirectional_client.pcap.out new file mode 100644 index 000000000..b08d5c8f1 --- /dev/null +++ b/test/results/flow-info/default/stun_dtls_unidirectional_client.pcap.out @@ -0,0 +1,11 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.....26.83.9.81][57567] -> [..33.35.223.103][..540] + detected: [.....1] [ip4][..udp] [.....26.83.9.81][57567] -> [..33.35.223.103][..540] [STUN][Unknown][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [.....26.83.9.81][57567] -> [..33.35.223.103][..540] [DTLS][Unknown][Safe] + RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Unidirectional Traffic + idle: [.....1] [ip4][..udp] [.....26.83.9.81][57567] -> [..33.35.223.103][..540] [DTLS][Unknown][Safe] + RISK: Known Proto on Non Std Port, TLS (probably) Not Carrying HTTPS, Missing SNI TLS Extn, Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_dtls_unidirectional_server.pcap.out b/test/results/flow-info/default/stun_dtls_unidirectional_server.pcap.out new file mode 100644 index 000000000..995e4ad60 --- /dev/null +++ b/test/results/flow-info/default/stun_dtls_unidirectional_server.pcap.out @@ -0,0 +1,11 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [..33.35.223.103][..540] -> [.....26.83.9.81][57567] + detected: [.....1] [ip4][..udp] [..33.35.223.103][..540] -> [.....26.83.9.81][57567] [STUN][Unknown][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [..33.35.223.103][..540] -> [.....26.83.9.81][57567] [DTLS][Unknown][Safe] + RISK: Known Proto on Non Std Port, Self-signed Cert, Unidirectional Traffic + idle: [.....1] [ip4][..udp] [..33.35.223.103][..540] -> [.....26.83.9.81][57567] [DTLS][Unknown][Safe] + RISK: Known Proto on Non Std Port, Self-signed Cert, Unidirectional Traffic + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_google_meet.pcapng.out b/test/results/flow-info/default/stun_google_meet.pcapng.out index 44cf02787..7e0434b56 100644 --- a/test/results/flow-info/default/stun_google_meet.pcapng.out +++ b/test/results/flow-info/default/stun_google_meet.pcapng.out @@ -2,13 +2,17 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] + detected: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN][Google][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] + detected: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN][Google][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] - new: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] detected: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] - RISK: Known Proto on Non Std Port + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] detected: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] - RISK: Known Proto on Non Std Port + RISK: Known Proto on Non Std Port, Unidirectional Traffic analyse: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.164| 0.015| 0.039| 1549.851| 2.400] @@ -24,6 +28,7 @@ RISK: Unidirectional Traffic new: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] detected: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + RISK: Unidirectional Traffic analyse: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 1.000| 0.179| 0.232| 53990.769| 4.000] @@ -34,9 +39,9 @@ [IATS(ms)....: 28.7,31.6,20.7,57.3,57.1,114.9,326.7,7.6,0.3,359.3,399.5,20.9,399.5,20.8,60.3,761.6,238.3,310.5,33.1,16.7,106.5,1.4,298.5,11.7,401.0,18.9,1000.0,80.4,40.3,278.6,42.3] [PKTLENS.....: 152,92,148,92,148,92,565,91,73,93,68,107,73,91,73,148,92,68,80,91,73,80,80,107,73,91,73,68,148,92,128,91] [ENTROPIES...: 6.0,5.6,6.0,5.7,6.0,5.7,7.6,6.0,5.5,5.6,5.5,5.7,5.7,5.9,5.5,6.0,5.6,5.3,5.8,6.1,5.6,5.7,5.8,5.8,5.5,5.9,5.6,5.3,5.9,5.6,6.3,6.0] - detected: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + detection-update: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][Network][Acceptable][] RISK: Known Proto on Non Std Port - detected: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable][] + detection-update: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][Network][Acceptable][] RISK: Known Proto on Non Std Port analyse: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] min| max| avg| stddev| variance| entropy @@ -49,14 +54,15 @@ [PKTLENS.....: 152,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92,144,92] [ENTROPIES...: 6.0,5.6,6.1,5.6,6.0,5.5,6.0,5.6,6.1,5.7,5.9,5.8,6.1,5.6,6.0,5.6,6.1,5.6,6.0,5.6,6.0,5.6,6.0,5.6,6.1,5.6,6.0,5.7,6.0,5.7,6.0,5.7] idle: [.....4] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] - RISK: Known Proto on Non Std Port + RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [.....6] [ip4][..udp] [.192.168.12.156][45400] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] - idle: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + RISK: Unidirectional Traffic + idle: [.....2] [ip4][..udp] [.192.168.12.156][45400] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][Network][Acceptable] RISK: Known Proto on Non Std Port idle: [.....3] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][19305] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] - RISK: Known Proto on Non Std Port + RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [.....5] [ip4][..udp] [.192.168.12.156][38152] -> [..142.250.82.76][.3478] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] RISK: Unidirectional Traffic - idle: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][VoIP][Acceptable] + idle: [.....1] [ip4][..udp] [.192.168.12.156][38152] -> [.74.125.128.127][19302] [STUN.GoogleHangoutDuo][Google][Network][Acceptable] RISK: Known Proto on Non Std Port DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_msteams_unidir.pcapng.out b/test/results/flow-info/default/stun_msteams_unidir.pcapng.out index 6bb84de57..1cff431c9 100644 --- a/test/results/flow-info/default/stun_msteams_unidir.pcapng.out +++ b/test/results/flow-info/default/stun_msteams_unidir.pcapng.out @@ -2,8 +2,8 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] - detected: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] [STUN.Skype_Teams][Azure][VoIP][Acceptable][] + detected: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] [STUN.Skype_Teams][Azure][VoIP][Acceptable] + idle: [.....1] [ip4][..udp] [..52.115.136.55][.3479] -> [.......10.0.0.1][50006] [STUN.Skype_TeamsCall][Azure][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_signal.pcapng.out b/test/results/flow-info/default/stun_signal.pcapng.out index 5049eddd3..6fa1870b2 100644 --- a/test/results/flow-info/default/stun_signal.pcapng.out +++ b/test/results/flow-info/default/stun_signal.pcapng.out @@ -2,39 +2,57 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] + detected: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] + detected: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] + detected: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] + detected: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN][AmazonAWS][Network][Acceptable][] + RISK: Unidirectional Traffic new: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] + detected: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN][AmazonAWS][Network][Acceptable][] + RISK: Unidirectional Traffic new: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] + detected: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] detected: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] RISK: Unidirectional Traffic - detected: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - detected: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] - detected: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] + detection-update: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] + detection-update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][Network][Acceptable][] + detection-update: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][Network][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic - detected: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + detection-update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][Network][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic - detected: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable][] + detection-update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][Network][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] detected: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] RISK: Unidirectional Traffic new: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] + detected: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] + detected: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] + detected: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] + detected: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] detected: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] RISK: Unidirectional Traffic - detected: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable][] - RISK: Known Proto on Non Std Port, Unidirectional Traffic - detected: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable][] - RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] detected: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN][AmazonAWS][Network][Acceptable][] - RISK: Known Proto on Non Std Port + RISK: Known Proto on Non Std Port, Unidirectional Traffic analyse: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN][AmazonAWS][Network][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.679| 0.149| 0.201| 40331.911| 3.900] @@ -47,10 +65,6 @@ [ENTROPIES...: 5.8,5.8,5.9,5.8,5.7,5.6,5.9,5.9,5.8,5.8,5.9,5.8,5.7,5.1,5.8,5.3,5.9,5.8,5.8,5.7,5.9,5.8,5.1,5.8,5.2,5.2,5.1,5.8,5.8,5.6,5.1,5.8] update: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] RISK: Unidirectional Traffic - detected: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable][] - RISK: Known Proto on Non Std Port - detected: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable][] - RISK: Known Proto on Non Std Port analyse: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 17.079| 1.597| 3.547| 12584568.750| 2.800] @@ -61,32 +75,37 @@ [IATS(ms)....: 4.1,63.0,0.0,180.8,3.5,1499.2,2002.8,0.0,4842.0,0.1,17079.4,30.0,28.1,10.0,178.6,30.7,1472.4,2000.5,31.0,3968.8,29.9,37.3,7.8,7927.3,28.5,35.4,6.5,7931.2,29.2,34.6,5.1] [PKTLENS.....: 76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84] [ENTROPIES...: 5.0,5.2,5.1,5.0,5.1,5.1,5.0,5.0,5.1,5.5,5.7,5.0,5.0,5.0,5.0,4.9,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.0,5.1,5.1,5.0,5.0,5.0,5.0,5.1] - update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable] + update: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][Network][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] - update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + update: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][Network][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - update: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] + update: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][Network][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + update: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][Network][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + update: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][Network][Acceptable] update: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] new: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] + detected: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] + detected: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] + detected: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] + detected: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] + detected: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + RISK: Unidirectional Traffic new: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] + detected: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] + RISK: Unidirectional Traffic new: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] detected: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] RISK: Unidirectional Traffic - detected: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][signal.org] - detected: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] - detected: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable][] - RISK: Known Proto on Non Std Port, Unidirectional Traffic - detected: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] - RISK: Known Proto on Non Std Port, Unidirectional Traffic - detected: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN][AmazonAWS][Network][Acceptable][] - RISK: Known Proto on Non Std Port, Unidirectional Traffic new: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] detected: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable][] RISK: Known Proto on Non Std Port, Unidirectional Traffic @@ -105,56 +124,55 @@ [ENTROPIES...: 5.9,5.8,5.9,5.7,5.9,5.8,5.8,6.0,5.8,5.8,5.9,5.8,5.8,5.2,5.7,5.1,5.8,5.8,5.9,5.7,5.7,5.9,5.2,5.1,5.1,5.8,5.9,5.8,5.1,5.8,5.8,5.8] update: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Unidirectional Traffic - update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable] + update: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + update: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - update: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable] - RISK: Known Proto on Non Std Port update: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN][AmazonAWS][Network][Acceptable] RISK: Known Proto on Non Std Port - update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable] + update: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic update: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Unidirectional Traffic - update: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable] - RISK: Known Proto on Non Std Port + update: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic update: [.....7] [ip4][.icmp] [.35.158.183.167] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] RISK: Unidirectional Traffic - detected: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable][] - RISK: Known Proto on Non Std Port idle: [....13] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Unidirectional Traffic idle: [....20] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] - idle: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable] + RISK: Unidirectional Traffic + idle: [.....9] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable] + idle: [.....3] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][Network][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....22] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][54054] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable] - RISK: Known Proto on Non Std Port - guessed: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable][] - idle: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] + idle: [....10] [ip4][..udp] [.192.168.12.169][43068] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [.....2] [ip4][..udp] [.192.168.12.169][47204] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][Network][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....14] [ip4][..udp] [.192.168.12.169][43068] -> [.18.195.131.143][61156] [STUN][AmazonAWS][Network][Acceptable] RISK: Known Proto on Non Std Port - idle: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + idle: [.....6] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][Network][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....17] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] + idle: [.....1] [ip4][..udp] [.192.168.12.169][39518] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][Network][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....15] [ip4][..udp] [.192.168.12.169][47767] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN][AmazonAWS][Network][Acceptable] + idle: [....12] [ip4][..udp] [.192.168.12.169][39950] -> [.35.158.183.167][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [.....8] [ip4][..udp] [.192.168.12.169][43068] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Unidirectional Traffic - idle: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] - idle: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN][AmazonAWS][Network][Acceptable] + idle: [.....4] [ip4][..udp] [.192.168.12.169][47204] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][Network][Acceptable] + idle: [....18] [ip4][..udp] [.192.168.12.169][37970] -> [.35.158.122.211][..443] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN.SignalVoip][Google][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic - idle: [....11] [ip4][..udp] [.192.168.12.169][39950] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable] - RISK: Known Proto on Non Std Port - idle: [....16] [ip4][..udp] [.192.168.12.169][37970] -> [172.253.121.127][19302] [STUN][Google][Network][Acceptable] - RISK: Known Proto on Non Std Port idle: [....23] [ip4][..udp] [.192.168.12.169][47767] -> [.18.195.131.143][61498] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] RISK: Known Proto on Non Std Port, Unidirectional Traffic idle: [....21] [ip4][.icmp] [.35.158.122.211] -> [.192.168.12.169] [ICMP][AmazonAWS][Network][Acceptable] @@ -163,4 +181,5 @@ RISK: Unidirectional Traffic idle: [.....5] [ip4][..udp] [.192.168.12.169][39518] -> [.35.158.183.167][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] idle: [....19] [ip4][..udp] [.192.168.12.169][47767] -> [.35.158.122.211][.3478] [STUN.SignalVoip][AmazonAWS][VoIP][Acceptable] + RISK: Unidirectional Traffic DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_tcp_multiple_msgs_same_pkt.pcap.out b/test/results/flow-info/default/stun_tcp_multiple_msgs_same_pkt.pcap.out new file mode 100644 index 000000000..bff999994 --- /dev/null +++ b/test/results/flow-info/default/stun_tcp_multiple_msgs_same_pkt.pcap.out @@ -0,0 +1,7 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..tcp] [166.172.142.131][.3479] -> [..23.183.197.71][42849] + detected: [.....1] [ip4][..tcp] [166.172.142.131][.3479] -> [..23.183.197.71][42849] [STUN][Unknown][Network][Acceptable][] + end: [.....1] [ip4][..tcp] [166.172.142.131][.3479] -> [..23.183.197.71][42849] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/stun_zoom.pcapng.out b/test/results/flow-info/default/stun_zoom.pcapng.out new file mode 100644 index 000000000..47ab35d5a --- /dev/null +++ b/test/results/flow-info/default/stun_zoom.pcapng.out @@ -0,0 +1,30 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] + detected: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Safe] + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + new: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] + detected: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS][Zoom][Safe] + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + detection-update: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS.Zoom][Zoom][Video][Acceptable] + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + analyse: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.194| 0.048| 0.051| 2615.352| 4.100] + [PKTLEN......: 42.000| 1080.000| 270.100| 313.100| 98043.500| 4.300] + [BINS(c->s)..: 0,1,1,0,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 1,0,9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1] + [IATS(ms)....: 20.2,79.9,20.3,193.8,73.6,0.2,50.4,49.7,26.4,24.4,170.2,80.6,11.0,149.6,50.7,0.0,93.6,0.0,0.0,0.0,0.0,0.0,8.3,29.7,4.8,50.2,80.8,100.2,42.2,3.7,58.5] + [PKTLENS.....: 184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42] + [ENTROPIES...: 5.8,5.8,5.8,5.8,5.6,5.8,5.2,5.2,5.9,5.8,5.2,5.7,5.6,5.7,5.9,5.3,4.1,5.7,7.0,7.3,7.3,7.4,7.2,6.1,5.7,5.7,6.1,5.7,6.1,5.4,6.0,4.3] + idle: [.....1] [ip4][..udp] [.192.168.43.169][48854] -> [.134.224.90.111][.8801] [DTLS.Zoom][Zoom][Video][Acceptable] + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + idle: [.....2] [ip4][..udp] [.192.168.43.169][53065] -> [.134.224.90.111][.8801] [STUN][Zoom][Network][Acceptable] + RISK: Known Proto on Non Std Port + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/telegram_videocall.pcapng.out b/test/results/flow-info/default/telegram_videocall.pcapng.out new file mode 100644 index 000000000..5298fef61 --- /dev/null +++ b/test/results/flow-info/default/telegram_videocall.pcapng.out @@ -0,0 +1,210 @@ + DAEMON-EVENT: init + DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] + DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + new: [.....1] [ip6][icmp6] [..............fe80::98df:58ff:fefa:ebdc] -> [................................ff02::2] + detected: [.....1] [ip6][icmp6] [..............fe80::98df:58ff:fefa:ebdc] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] + new: [.....2] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] + detected: [.....2] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + new: [.....3] [ip4][..tcp] [.192.168.12.169][37948] -> [.149.154.167.91][..443] + new: [.....4] [ip4][..tcp] [.192.168.12.169][37950] -> [.149.154.167.91][..443] + new: [.....5] [ip4][..tcp] [.192.168.12.169][46862] -> [.149.154.167.51][..443] + new: [.....6] [ip4][..tcp] [.192.168.12.169][46866] -> [.149.154.167.51][..443] + analyse: [.....4] [ip4][..tcp] [.192.168.12.169][37950] -> [.149.154.167.91][..443] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.127| 0.025| 0.031| 963.939| 3.900] + [PKTLEN......: 52.000| 1280.000| 541.900| 516.100| 266324.800| 4.300] + [BINS(c->s)..: 6,0,0,1,1,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 4,0,2,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,1,0,1,1,1,1,1,0,0,1,1,1,1,1] + [IATS(ms)....: 30.7,31.9,0.3,33.0,35.6,10.2,44.5,8.2,4.4,4.1,48.7,1.4,3.1,6.4,36.5,17.8,50.9,88.4,126.9,78.7,32.9,0.1,0.0,0.0,65.5,0.3,2.2,0.0,0.0,0.0,0.0] + [PKTLENS.....: 60,60,52,333,157,52,936,825,672,141,141,52,767,189,301,52,349,317,52,157,52,1280,1280,1280,1280,52,52,1280,1280,1280,1280,1280] + [ENTROPIES...: 4.8,5.2,5.2,7.3,6.7,5.1,7.8,7.7,7.7,6.6,6.6,5.1,7.7,6.9,7.2,5.2,7.4,7.3,5.3,6.7,5.3,7.9,7.8,7.9,7.8,5.2,5.2,7.8,7.8,7.9,7.9,7.8] + new: [.....7] [ip4][..tcp] [.192.168.12.169][40830] -> [149.154.167.222][..443] + new: [.....8] [ip4][..tcp] [.192.168.12.169][40832] -> [149.154.167.222][..443] + new: [.....9] [ip4][..tcp] [.192.168.12.169][40834] -> [149.154.167.222][..443] + analyse: [.....7] [ip4][..tcp] [.192.168.12.169][40830] -> [149.154.167.222][..443] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.047| 0.009| 0.015| 220.392| 3.200] + [PKTLEN......: 52.000| 1280.000| 644.300| 571.900| 327061.800| 4.300] + [BINS(c->s)..: 9,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1] + [IATS(ms)....: 30.1,31.4,0.3,0.6,31.5,0.0,0.0,35.0,0.2,6.9,41.7,13.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,46.8,0.1,0.0,0.1,0.9,6.5,31.9,0.0,0.0,0.0,0.0] + [PKTLENS.....: 60,60,52,630,221,52,157,262,52,52,333,221,1280,1280,1280,1280,1280,1280,1280,1280,1280,52,52,52,52,52,285,1280,1280,1280,1280,1280] + [ENTROPIES...: 4.8,5.2,5.2,7.7,7.0,5.2,6.8,7.1,5.2,5.2,7.4,7.1,7.9,7.9,7.8,7.9,7.8,7.8,7.8,7.8,7.8,5.1,5.2,5.1,5.1,5.2,7.1,7.9,7.8,7.9,7.8,7.8] + new: [....10] [ip4][..tcp] [.192.168.12.169][37966] -> [.149.154.167.91][..443] + new: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] + detected: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local] + new: [....12] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.9.35][.1400] + detected: [....12] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.9.35][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....13] [ip4][..udp] [.192.168.12.169][40906] -> [...91.108.13.23][.1400] + detected: [....13] [ip4][..udp] [.192.168.12.169][40906] -> [...91.108.13.23][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....14] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.17.2][.1400] + detected: [....14] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.17.2][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....15] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.9.35][.1400] + detected: [....15] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.9.35][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....16] [ip4][..udp] [.192.168.12.169][42197] -> [...91.108.13.23][.1400] + detected: [....16] [ip4][..udp] [.192.168.12.169][42197] -> [...91.108.13.23][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....17] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.17.2][.1400] + detected: [....17] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.17.2][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....18] [ip4][..udp] [.192.168.12.169][40643] -> [....91.108.9.35][.1400] + detected: [....18] [ip4][..udp] [.192.168.12.169][40643] -> [....91.108.9.35][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....19] [ip4][..udp] [.192.168.12.169][49667] -> [...91.108.13.23][.1400] + detected: [....19] [ip4][..udp] [.192.168.12.169][49667] -> [...91.108.13.23][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....20] [ip4][..udp] [.192.168.12.169][49780] -> [....91.108.17.2][.1400] + detected: [....20] [ip4][..udp] [.192.168.12.169][49780] -> [....91.108.17.2][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....21] [ip4][..udp] [.192.168.12.169][37849] -> [....91.108.9.35][.1400] + detected: [....21] [ip4][..udp] [.192.168.12.169][37849] -> [....91.108.9.35][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....22] [ip4][..udp] [.192.168.12.169][37530] -> [...91.108.13.23][.1400] + detected: [....22] [ip4][..udp] [.192.168.12.169][37530] -> [...91.108.13.23][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....23] [ip4][..udp] [.192.168.12.169][37444] -> [....91.108.17.2][.1400] + detected: [....23] [ip4][..udp] [.192.168.12.169][37444] -> [....91.108.17.2][.1400] [STUN][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + detection-update: [....21] [ip4][..udp] [.192.168.12.169][37849] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + detection-update: [....18] [ip4][..udp] [.192.168.12.169][40643] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + detection-update: [....19] [ip4][..udp] [.192.168.12.169][49667] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + detection-update: [....22] [ip4][..udp] [.192.168.12.169][37530] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + detection-update: [....20] [ip4][..udp] [.192.168.12.169][49780] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + detection-update: [....23] [ip4][..udp] [.192.168.12.169][37444] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable][telegram.org] + RISK: Known Proto on Non Std Port + new: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] + detected: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] + detected: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] + detected: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393] + detected: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable][] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + new: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2] + detected: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] + analyse: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.475| 0.052| 0.095| 9109.989| 3.600] + [PKTLEN......: 49.000| 265.000| 106.200| 48.900| 2396.000| 4.900] + [BINS(c->s)..: 3,2,11,3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,3,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,0,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0] + [IATS(ms)....: 75.7,88.0,12.8,2.3,9.0,48.9,21.7,0.2,117.5,0.1,18.9,57.5,0.3,20.7,0.0,35.1,54.6,306.4,41.6,24.8,9.9,17.7,18.1,17.4,474.7,0.1,42.1,15.5,14.1,40.1,18.5] + [PKTLENS.....: 128,92,51,124,92,128,128,65,71,92,92,124,54,92,64,49,124,92,265,119,119,119,119,119,265,53,64,59,119,119,79,119] + [ENTROPIES...: 5.4,5.7,5.3,5.6,5.6,5.5,5.4,5.7,5.8,5.8,5.7,5.6,5.5,5.8,5.7,5.3,5.6,5.8,7.1,6.5,6.4,6.4,6.5,6.4,7.2,5.5,5.7,5.6,6.3,6.4,5.9,6.5] + new: [....29] [ip6][..udp] [...............fe80::abe:acff:fe0b:176e][.5353] -> [...............................ff02::fb][.5353] + detected: [....29] [ip6][..udp] [...............fe80::abe:acff:fe0b:176e][.5353] -> [...............................ff02::fb][.5353] [MDNS][Unknown][Network][Acceptable][_ipps._tcp.local] + new: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] [MIDSTREAM] + detection-update: [....12] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + detection-update: [....15] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + detection-update: [....16] [ip4][..udp] [.192.168.12.169][42197] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + detection-update: [....13] [ip4][..udp] [.192.168.12.169][40906] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + detection-update: [....14] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + detection-update: [....17] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][Network][Acceptable][] + RISK: Known Proto on Non Std Port + update: [.....1] [ip6][icmp6] [..............fe80::98df:58ff:fefa:ebdc] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] + analyse: [.....8] [ip4][..tcp] [.192.168.12.169][40832] -> [149.154.167.222][..443] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 25.078| 1.818| 6.147| 37780767.900| 1.500] + [PKTLEN......: 52.000| 1280.000| 482.700| 530.000| 280877.200| 4.100] + [BINS(c->s)..: 14,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [BINS(s->c)..: 2,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1] + [IATS(ms)....: 29.1,30.6,0.5,31.6,35.4,6.5,41.7,9.9,0.0,0.0,0.0,46.9,0.0,41.7,2909.6,2997.7,0.0,0.0,0.0,2.4,0.1,0.1,44.3,0.0,0.0,0.1,0.1,0.1,0.1,25044.9,25078.5] + [PKTLENS.....: 60,60,52,630,262,52,205,221,1280,1280,1280,700,52,52,52,381,1280,1280,1280,1280,1280,1280,680,52,52,52,52,52,52,52,52,52] + [ENTROPIES...: 4.9,5.3,5.2,7.6,7.1,5.1,6.9,7.0,7.8,7.8,7.8,7.7,5.2,5.1,5.1,7.5,7.8,7.9,7.8,7.9,7.8,7.8,7.7,5.2,5.0,5.1,5.1,5.2,5.2,5.1,5.1,5.2] + new: [....31] [ip4][.icmp] [.192.168.12.169] -> [....91.108.9.35] + detected: [....31] [ip4][.icmp] [.192.168.12.169] -> [....91.108.9.35] [ICMP][Telegram][Network][Acceptable] + RISK: Unidirectional Traffic + new: [....32] [ip4][.icmp] [.192.168.12.169] -> [...91.108.13.23] + detected: [....32] [ip4][.icmp] [.192.168.12.169] -> [...91.108.13.23] [ICMP][Telegram][Network][Acceptable] + RISK: Unidirectional Traffic + new: [....33] [ip4][.icmp] [.192.168.12.169] -> [....91.108.17.2] + detected: [....33] [ip4][.icmp] [.192.168.12.169] -> [....91.108.17.2] [ICMP][Telegram][Network][Acceptable] + RISK: Unidirectional Traffic + new: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [MIDSTREAM] + detected: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [TLS][AmazonAWS][Web][Safe] + RISK: Unidirectional Traffic + guessed: [.....3] [ip4][..tcp] [.192.168.12.169][37948] -> [.149.154.167.91][..443] [TLS][Telegram][Web][Safe] + RISK: TCP Connection Issues + end: [.....3] [ip4][..tcp] [.192.168.12.169][37948] -> [.149.154.167.91][..443] + guessed: [.....4] [ip4][..tcp] [.192.168.12.169][37950] -> [.149.154.167.91][..443] [TLS][Telegram][Web][Safe] + RISK: Fully encrypted flow + idle: [.....4] [ip4][..tcp] [.192.168.12.169][37950] -> [.149.154.167.91][..443] + guessed: [....10] [ip4][..tcp] [.192.168.12.169][37966] -> [.149.154.167.91][..443] [TLS][Telegram][Web][Safe] + RISK: Fully encrypted flow + idle: [....10] [ip4][..tcp] [.192.168.12.169][37966] -> [.149.154.167.91][..443] + idle: [....18] [ip4][..udp] [.192.168.12.169][40643] -> [....91.108.9.35][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....28] [ip6][icmp6] [...............fe80::abe:acff:fe0b:176e] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] + idle: [.....2] [ip4][..udp] [...192.168.12.1][17500] -> [.192.168.12.255][17500] [Dropbox][Unknown][Cloud][Acceptable] + idle: [....14] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.17.2][.1400] + idle: [....13] [ip4][..udp] [.192.168.12.169][40906] -> [...91.108.13.23][.1400] + idle: [....12] [ip4][..udp] [.192.168.12.169][40906] -> [....91.108.9.35][.1400] + idle: [....24] [ip4][..udp] [.192.168.12.169][42405] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [....11] [ip4][..udp] [...192.168.12.1][.5353] -> [....224.0.0.251][.5353] + idle: [.....1] [ip6][icmp6] [..............fe80::98df:58ff:fefa:ebdc] -> [................................ff02::2] [ICMPV6][Unknown][Network][Acceptable] + idle: [....29] [ip6][..udp] [...............fe80::abe:acff:fe0b:176e][.5353] -> [...............................ff02::fb][.5353] + guessed: [.....5] [ip4][..tcp] [.192.168.12.169][46862] -> [.149.154.167.51][..443] [TLS][Telegram][Web][Safe] + RISK: Fully encrypted flow + end: [.....5] [ip4][..tcp] [.192.168.12.169][46862] -> [.149.154.167.51][..443] + guessed: [.....6] [ip4][..tcp] [.192.168.12.169][46866] -> [.149.154.167.51][..443] [TLS][Telegram][Web][Safe] + RISK: Fully encrypted flow + end: [.....6] [ip4][..tcp] [.192.168.12.169][46866] -> [.149.154.167.51][..443] + guessed: [.....7] [ip4][..tcp] [.192.168.12.169][40830] -> [149.154.167.222][..443] [TLS][Telegram][Web][Safe] + RISK: Fully encrypted flow + end: [.....7] [ip4][..tcp] [.192.168.12.169][40830] -> [149.154.167.222][..443] + guessed: [.....8] [ip4][..tcp] [.192.168.12.169][40832] -> [149.154.167.222][..443] [TLS][Telegram][Web][Safe] + RISK: Fully encrypted flow + end: [.....8] [ip4][..tcp] [.192.168.12.169][40832] -> [149.154.167.222][..443] + guessed: [.....9] [ip4][..tcp] [.192.168.12.169][40834] -> [149.154.167.222][..443] [TLS][Telegram][Web][Safe] + RISK: Fully encrypted flow + idle: [.....9] [ip4][..tcp] [.192.168.12.169][40834] -> [149.154.167.222][..443] + idle: [....19] [ip4][..udp] [.192.168.12.169][49667] -> [...91.108.13.23][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....25] [ip4][..udp] [.192.168.12.169][40906] -> [..10.46.103.200][42554] [STUN.TelegramVoip][Unknown][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [....23] [ip4][..udp] [.192.168.12.169][37444] -> [....91.108.17.2][.1400] + idle: [....26] [ip4][..udp] [.192.168.12.169][42405] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [....20] [ip4][..udp] [.192.168.12.169][49780] -> [....91.108.17.2][.1400] [STUN.TelegramVoip][Telegram][VoIP][Acceptable] + RISK: Known Proto on Non Std Port + idle: [....33] [ip4][.icmp] [.192.168.12.169] -> [....91.108.17.2] [ICMP][Telegram][Network][Acceptable] + RISK: Unidirectional Traffic + idle: [....32] [ip4][.icmp] [.192.168.12.169] -> [...91.108.13.23] [ICMP][Telegram][Network][Acceptable] + RISK: Unidirectional Traffic + idle: [....31] [ip4][.icmp] [.192.168.12.169] -> [....91.108.9.35] [ICMP][Telegram][Network][Acceptable] + RISK: Unidirectional Traffic + idle: [....22] [ip4][..udp] [.192.168.12.169][37530] -> [...91.108.13.23][.1400] + end: [....34] [ip4][..tcp] [..18.195.162.93][..443] -> [.192.168.12.169][38956] [TLS][AmazonAWS][Web][Safe] + RISK: Unidirectional Traffic + guessed: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] [AmazonAWS][AmazonAWS][Cloud][Acceptable] + idle: [....30] [ip4][..tcp] [.192.168.12.169][40710] -> [....52.58.18.25][.5222] + idle: [....21] [ip4][..udp] [.192.168.12.169][37849] -> [....91.108.9.35][.1400] + idle: [....27] [ip4][..udp] [.192.168.12.169][40906] -> [...93.36.13.115][35393] [STUN.TelegramVoip][Unknown][VoIP][Acceptable] + RISK: Known Proto on Non Std Port, Unidirectional Traffic + idle: [....17] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.17.2][.1400] + idle: [....16] [ip4][..udp] [.192.168.12.169][42197] -> [...91.108.13.23][.1400] + idle: [....15] [ip4][..udp] [.192.168.12.169][42197] -> [....91.108.9.35][.1400] + DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/tftp.pcap.out b/test/results/flow-info/default/tftp.pcap.out index 49e75b730..2ef4f5eac 100644 --- a/test/results/flow-info/default/tftp.pcap.out +++ b/test/results/flow-info/default/tftp.pcap.out @@ -2,11 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..udp] [....172.28.4.53][54626] -> [...172.16.5.170][...69] - detected: [.....1] [ip4][..udp] [....172.28.4.53][54626] -> [...172.16.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] - RISK: Malformed Packet, Unidirectional Traffic new: [.....2] [ip4][..udp] [....172.28.4.53][54632] -> [...172.16.5.170][...69] - detected: [.....2] [ip4][..udp] [....172.28.4.53][54632] -> [...172.16.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] - RISK: Malformed Packet, Unidirectional Traffic new: [.....3] [ip4][..udp] [..192.168.0.253][50618] -> [...192.168.0.10][...69] detected: [.....3] [ip4][..udp] [..192.168.0.253][50618] -> [...192.168.0.10][...69] [TFTP][Unknown][DataTransfer][Acceptable] RISK: Unidirectional Traffic @@ -28,16 +24,18 @@ new: [.....5] [ip4][..udp] [....172.28.4.53][54627] -> [...172.16.5.170][...69] detected: [.....5] [ip4][..udp] [....172.28.4.53][54627] -> [...172.16.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] RISK: Unidirectional Traffic - idle: [.....1] [ip4][..udp] [....172.28.4.53][54626] -> [...172.16.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] - RISK: Malformed Packet, Unidirectional Traffic - idle: [.....2] [ip4][..udp] [....172.28.4.53][54632] -> [...172.16.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] - RISK: Malformed Packet, Unidirectional Traffic + guessed: [.....1] [ip4][..udp] [....172.28.4.53][54626] -> [...172.16.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] + RISK: Unidirectional Traffic + idle: [.....1] [ip4][..udp] [....172.28.4.53][54626] -> [...172.16.5.170][...69] + guessed: [.....2] [ip4][..udp] [....172.28.4.53][54632] -> [...172.16.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] + RISK: Unidirectional Traffic + idle: [.....2] [ip4][..udp] [....172.28.4.53][54632] -> [...172.16.5.170][...69] idle: [.....4] [ip4][..udp] [...192.168.0.10][.3445] -> [..192.168.0.253][50618] [TFTP][Unknown][DataTransfer][Acceptable] RISK: Known Proto on Non Std Port idle: [.....3] [ip4][..udp] [..192.168.0.253][50618] -> [...192.168.0.10][...69] [TFTP][Unknown][DataTransfer][Acceptable] RISK: Unidirectional Traffic DAEMON-EVENT: [Processed: 102 pkts][ZLib][compressions: 0|diff: 0 / 0] - DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] + DAEMON-EVENT: [Flows][active: 1 / 5|skipped: 0|!detected: 0|guessed: 2|detection-updates: 0|updates: 0] new: [.....6] [ip4][..udp] [....172.28.5.91][44618] -> [...172.28.5.170][...69] detected: [.....6] [ip4][..udp] [....172.28.5.91][44618] -> [...172.28.5.170][...69] [TFTP][Unknown][DataTransfer][Acceptable] RISK: Unidirectional Traffic diff --git a/test/results/flow-info/default/tls-esni-fuzzed.pcap.out b/test/results/flow-info/default/tls-esni-fuzzed.pcap.out index 46e642751..9bd4bd450 100644 --- a/test/results/flow-info/default/tls-esni-fuzzed.pcap.out +++ b/test/results/flow-info/default/tls-esni-fuzzed.pcap.out @@ -9,7 +9,7 @@ RISK: Unidirectional Traffic new: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] [MIDSTREAM] detected: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] [TLS][Cloudflare][Web][Safe][] - RISK: Missing SNI TLS Extn, Unidirectional Traffic + RISK: Missing SNI TLS Extn, Unidirectional Traffic, ALPN/SNI Mismatch idle: [.....1] [ip4][..tcp] [...192.168.1.12][49886] -> [..104.27.129.77][..443] idle: [.....3] [ip4][..tcp] [...192.168.1.12][49897] -> [..104.22.71.197][..443] idle: [.....2] [ip4][..tcp] [...192.168.1.12][49887] -> [.104.16.125.175][..443] diff --git a/test/results/flow-info/default/tls_ech.pcapng.out b/test/results/flow-info/default/tls_ech.pcapng.out index bcb51fd39..72702c407 100644 --- a/test/results/flow-info/default/tls_ech.pcapng.out +++ b/test/results/flow-info/default/tls_ech.pcapng.out @@ -2,7 +2,7 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:ce16:b409:3d0a:9177][47460] -> [...................2606:4700::6812:1e4e][..443] - detected: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:ce16:b409:3d0a:9177][47460] -> [...................2606:4700::6812:1e4e][..443] [TLS.Cloudflare][Unknown][Web][Acceptable][performance.radar.cloudflare.com] - detection-update: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:ce16:b409:3d0a:9177][47460] -> [...................2606:4700::6812:1e4e][..443] [TLS.Cloudflare][Unknown][Web][Acceptable][performance.radar.cloudflare.com] + detected: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:ce16:b409:3d0a:9177][47460] -> [...................2606:4700::6812:1e4e][..443] [TLS.Cloudflare][Cloudflare][Web][Acceptable][performance.radar.cloudflare.com] + detection-update: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:ce16:b409:3d0a:9177][47460] -> [...................2606:4700::6812:1e4e][..443] [TLS.Cloudflare][Cloudflare][Web][Acceptable][performance.radar.cloudflare.com] idle: [.....1] [ip6][..tcp] [..2001:b07:a3d:c112:ce16:b409:3d0a:9177][47460] -> [...................2606:4700::6812:1e4e][..443] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/tls_verylong_certificate.pcap.out b/test/results/flow-info/default/tls_verylong_certificate.pcap.out index 2b5e71b30..4995043bd 100644 --- a/test/results/flow-info/default/tls_verylong_certificate.pcap.out +++ b/test/results/flow-info/default/tls_verylong_certificate.pcap.out @@ -2,9 +2,9 @@ DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] - detected: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Unknown][Web][Safe][feodotracker.abuse.ch] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Unknown][Web][Safe][feodotracker.abuse.ch] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Unknown][Media][Safe][feodotracker.abuse.ch] + detected: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] analyse: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.022| 0.005| 0.007| 43.853| 3.500] @@ -15,6 +15,6 @@ [IATS(ms)....: 11.6,11.7,5.7,17.7,3.1,0.2,15.2,0.1,0.1,0.1,0.0,0.1,10.6,21.7,11.2,0.3,14.9,0.0,0.0,14.6,0.0,0.0,0.3,0.3,0.0,0.6,0.0,0.5,0.5,0.1,0.0] [PKTLENS.....: 64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104] [ENTROPIES...: 4.4,5.1,4.9,4.4,5.0,6.8,4.9,5.0,6.6,4.9,7.4,7.0,5.0,6.3,6.0,5.0,6.9,7.9,7.9,6.1,4.9,4.8,4.7,7.9,7.9,6.0,4.9,4.9,7.9,4.8,7.9,6.2] - detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Unknown][Media][Safe][feodotracker.abuse.ch] - end: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS][Unknown][Media][Safe] + detection-update: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe][feodotracker.abuse.ch] + end: [.....1] [ip4][..tcp] [..192.168.1.160][54804] -> [..151.101.66.49][..443] [TLS.Cybersec][Unknown][Cybersecurity][Safe] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/tumblr.pcap.out b/test/results/flow-info/default/tumblr.pcap.out index f7e670e87..157025c13 100644 --- a/test/results/flow-info/default/tumblr.pcap.out +++ b/test/results/flow-info/default/tumblr.pcap.out @@ -31,7 +31,7 @@ detected: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43434] -> [.....................64:ff9b::c000:4d28][..443] [TLS][Unknown][Web][Safe] RISK: Unidirectional Traffic new: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] - detected: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Unknown][Web][Safe][consent.cmp.oath.com] + detected: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Edgecast][Web][Safe][consent.cmp.oath.com] analyse: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43434] -> [.....................64:ff9b::c000:4d28][..443] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.045| 0.004| 0.009| 88.667| 2.800] @@ -44,10 +44,10 @@ [ENTROPIES...: 6.6,5.9,6.6,6.5,5.0,5.0,4.9,5.0,7.9,5.1,7.9,5.1,7.9,7.8,5.1,5.1,7.9,7.8,5.1,5.1,7.9,7.9,5.1,5.1,7.9,7.8,5.1,5.1,7.9,7.9,5.1,5.1] detection-update: [.....9] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43434] -> [.....................64:ff9b::c000:4d28][..443] [TLS][Unknown][Web][Safe] new: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] - detection-update: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Unknown][Web][Safe][consent.cmp.oath.com] - detected: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Unknown][Web][Safe][consent.cmp.oath.com] - detection-update: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Unknown][Web][Safe][consent.cmp.oath.com] - analyse: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Unknown][Web][Safe] + detection-update: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Edgecast][Web][Safe][consent.cmp.oath.com] + detected: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Edgecast][Web][Safe][consent.cmp.oath.com] + detection-update: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Edgecast][Web][Safe][consent.cmp.oath.com] + analyse: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Edgecast][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.048| 0.010| 0.016| 259.261| 3.200] [PKTLEN......: 72.000| 1280.000| 300.700| 381.900| 145812.800| 4.100] @@ -126,7 +126,7 @@ new: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] detected: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS][Unknown][Web][Safe] RISK: Unidirectional Traffic - detected: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Unknown][Web][Acceptable][apis.google.com] + detected: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Google][Web][Acceptable][apis.google.com] new: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] analyse: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] min| max| avg| stddev| variance| entropy @@ -139,10 +139,10 @@ [PKTLENS.....: 72,158,118,72,1120,72,1120,1120,72,72,1120,72,1120,72,1120,1120,1120,1120,1120,1120,1120,72,72,72,72,72,72,72,1120,1120,1120,1120] [ENTROPIES...: 5.3,6.2,5.8,5.1,7.8,5.2,7.8,7.8,5.2,5.2,7.8,5.2,7.8,5.3,7.8,7.8,7.8,7.8,7.8,7.8,7.8,5.3,5.2,5.3,5.3,5.2,5.2,5.3,7.8,7.8,7.8,7.8] detection-update: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS][Unknown][Web][Safe] - detected: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][ajax.googleapis.com] - detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Unknown][Web][Acceptable][apis.google.com] - detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable][ajax.googleapis.com] - analyse: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] + detected: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][ajax.googleapis.com] + detection-update: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Google][Web][Acceptable][apis.google.com] + detection-update: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable][ajax.googleapis.com] + analyse: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.067| 0.011| 0.020| 396.007| 3.200] [PKTLEN......: 72.000| 1280.000| 378.400| 464.300| 215557.600| 4.100] @@ -152,7 +152,7 @@ [IATS(ms)....: 67.4,67.5,0.3,44.1,5.3,0.0,49.1,0.0,0.1,0.1,18.6,10.2,0.7,42.4,0.0,12.9,0.2,14.3,2.0,0.0,16.1,2.6,0.0,2.6,0.0,0.1,0.0,0.0,0.0,0.0,0.0] [PKTLENS.....: 80,80,72,589,72,1280,1280,72,72,572,72,136,164,350,72,652,72,103,72,103,72,72,521,1280,72,72,1280,1280,1280,72,72,72] [ENTROPIES...: 4.9,5.3,5.2,4.5,5.1,7.8,7.8,5.3,5.2,7.5,5.2,6.2,6.5,7.3,5.0,7.7,5.2,5.9,5.0,5.8,5.1,5.2,7.5,7.8,5.1,5.1,7.8,7.8,7.8,5.2,5.1,5.2] - analyse: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Unknown][Web][Acceptable] + analyse: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Google][Web][Acceptable] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.083| 0.014| 0.021| 424.643| 3.600] [PKTLEN......: 72.000| 1280.000| 384.200| 474.800| 225406.500| 4.100] @@ -162,7 +162,7 @@ [IATS(ms)....: 30.3,30.3,0.2,70.7,12.6,0.0,0.0,83.0,0.1,0.0,0.9,32.4,0.0,31.5,5.9,16.3,0.1,34.6,1.9,14.2,7.2,10.7,16.9,0.0,0.0,0.0,34.7,0.0,0.0,0.0,0.9] [PKTLENS.....: 80,80,72,589,72,1280,1280,311,72,72,72,136,72,652,72,164,103,330,72,103,72,72,72,985,1280,1280,1280,72,72,72,72,1280] [ENTROPIES...: 4.8,5.3,5.2,4.5,5.1,7.8,7.8,7.2,5.2,5.2,5.2,6.2,5.2,7.6,5.2,6.5,5.8,7.2,5.1,5.7,5.2,5.1,5.2,7.8,7.8,7.8,7.8,5.2,5.2,5.2,5.2,7.8] - detected: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][55560] -> [...............2a00:1450:4007:817::200a][..443] [TLS][Unknown][Web][Safe] + detected: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][55560] -> [...............2a00:1450:4007:817::200a][..443] [TLS][Google][Web][Safe] detected: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] [TLS][Unknown][Web][Safe] new: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39164] -> [......................64:ff9b::6006:749][..443] detected: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39164] -> [......................64:ff9b::6006:749][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads][sb.scorecardresearch.com] @@ -179,9 +179,9 @@ [PKTLENS.....: 80,80,72,692,72,342,72,152,489,72,72,359,72,1259,72,824,72,855,72,836,72,342,72,500,72,1351,72,644,72,672,72,656] [ENTROPIES...: 4.8,5.2,5.2,7.0,5.0,6.8,5.1,6.3,7.5,5.1,5.1,7.3,5.2,7.8,5.2,7.7,5.0,7.7,5.1,7.7,5.0,7.3,5.2,7.6,5.0,7.9,5.2,7.7,5.0,7.6,5.1,7.6] new: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40190] -> [...............2a00:1450:4007:80a::200a][..443] [MIDSTREAM] - guessed: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48988] -> [...............2a00:1450:4007:811::2004][..443] [TLS][Unknown][Web][Safe] + guessed: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48988] -> [...............2a00:1450:4007:811::2004][..443] [TLS][Google][Web][Safe] idle: [....36] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48988] -> [...............2a00:1450:4007:811::2004][..443] - guessed: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49002] -> [...............2a00:1450:4007:811::2004][..443] [TLS][Unknown][Web][Safe] + guessed: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49002] -> [...............2a00:1450:4007:811::2004][..443] [TLS][Google][Web][Safe] idle: [....40] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49002] -> [...............2a00:1450:4007:811::2004][..443] idle: [.....4] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][41266] -> [....2620:116:800d:21:8c6e:cf2c:8d6:9fb5][..443] idle: [.....2] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][48240] -> [.....................64:ff9b::9765:789d][..443] [TLS][Unknown][Web][Safe] @@ -201,47 +201,47 @@ idle: [....42] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][55560] -> [...............2a00:1450:4007:817::200a][..443] guessed: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] [TLS][Unknown][Web][Safe] idle: [.....3] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56640] -> [.....................64:ff9b::9765:798c][..443] - guessed: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49462] -> [...............2a00:1450:4007:809::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49462] -> [...............2a00:1450:4007:809::200e][..443] [TLS][Google][Web][Safe] idle: [....28] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49462] -> [...............2a00:1450:4007:809::200e][..443] - guessed: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49464] -> [...............2a00:1450:4007:809::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49464] -> [...............2a00:1450:4007:809::200e][..443] [TLS][Google][Web][Safe] idle: [....27] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49464] -> [...............2a00:1450:4007:809::200e][..443] - guessed: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49496] -> [...............2a00:1450:4007:815::2003][..443] [TLS][Unknown][Web][Safe] + guessed: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49496] -> [...............2a00:1450:4007:815::2003][..443] [TLS][Google][Web][Safe] idle: [....23] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49496] -> [...............2a00:1450:4007:815::2003][..443] - guessed: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49546] -> [...............2a00:1450:4007:815::2003][..443] [TLS][Unknown][Web][Safe] + guessed: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49546] -> [...............2a00:1450:4007:815::2003][..443] [TLS][Google][Web][Safe] idle: [....30] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49546] -> [...............2a00:1450:4007:815::2003][..443] - idle: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Unknown][Web][Acceptable] + idle: [....43] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][49548] -> [...............2a00:1450:4007:809::200e][..443] [TLS.Google][Google][Web][Acceptable] idle: [.....7] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56782] -> [.....................64:ff9b::68f4:2ac8][..443] - guessed: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57770] -> [...............2a00:1450:4007:80b::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57770] -> [...............2a00:1450:4007:80b::200e][..443] [TLS][Google][Web][Safe] idle: [....37] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57770] -> [...............2a00:1450:4007:80b::200e][..443] idle: [....14] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56794] -> [.....................64:ff9b::c000:4d03][..443] [TLS][Unknown][Web][Safe] - guessed: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57788] -> [...............2a00:1450:4007:80b::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57788] -> [...............2a00:1450:4007:80b::200e][..443] [TLS][Google][Web][Safe] idle: [....29] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57788] -> [...............2a00:1450:4007:80b::200e][..443] idle: [....20] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][56842] -> [.....................64:ff9b::c000:4d03][..443] guessed: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][42674] -> [.....................64:ff9b::4a72:9a15][..443] [TLS][Unknown][Web][Safe] idle: [....46] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][42674] -> [.....................64:ff9b::4a72:9a15][..443] - guessed: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45706] -> [...............2a00:1450:4007:80a::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45706] -> [...............2a00:1450:4007:80a::200e][..443] [TLS][Google][Web][Safe] idle: [....26] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][45706] -> [...............2a00:1450:4007:80a::200e][..443] - guessed: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58004] -> [...............2a00:1450:4007:808::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58004] -> [...............2a00:1450:4007:808::200e][..443] [TLS][Google][Web][Safe] idle: [....38] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58004] -> [...............2a00:1450:4007:808::200e][..443] guessed: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50906] -> [.....................64:ff9b::d83a:d582][..443] [TLS][Unknown][Web][Safe] idle: [....35] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50906] -> [.....................64:ff9b::d83a:d582][..443] idle: [.....6] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][42908] -> [.....................64:ff9b::98c7:1593][..443] [TLS][Unknown][Web][Safe] idle: [.....5] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][57286] -> [.....................64:ff9b::8fcc:d927][..443] - idle: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Unknown][Web][Safe] + idle: [....10] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58380] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] [TLS][Edgecast][Web][Safe] end: [....11] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58382] -> [..2606:2800:135:155a:23ba:b2a:25ff:122d][..443] - guessed: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][35892] -> [...............2a00:1450:4007:815::2002][..443] [TLS][Unknown][Web][Safe] + guessed: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][35892] -> [...............2a00:1450:4007:815::2002][..443] [TLS][Google][Web][Safe] idle: [....25] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][35892] -> [...............2a00:1450:4007:815::2002][..443] - guessed: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44164] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Unknown][Web][Safe] + guessed: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44164] -> [...............2a00:1450:4007:805::2003][..443] [TLS][Google][Web][Safe] idle: [....31] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][44164] -> [...............2a00:1450:4007:805::2003][..443] idle: [....12] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39152] -> [......................64:ff9b::6006:749][..443] [TLS.ADS_Analytic_Track][Unknown][Advertisement][Tracker/Ads] idle: [....45] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][39164] -> [......................64:ff9b::6006:749][..443] - guessed: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58614] -> [...............2a00:1450:4007:805::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58614] -> [...............2a00:1450:4007:805::200e][..443] [TLS][Google][Web][Safe] idle: [....34] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58614] -> [...............2a00:1450:4007:805::200e][..443] - guessed: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58616] -> [...............2a00:1450:4007:805::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58616] -> [...............2a00:1450:4007:805::200e][..443] [TLS][Google][Web][Safe] idle: [....33] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58616] -> [...............2a00:1450:4007:805::200e][..443] - guessed: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58618] -> [...............2a00:1450:4007:805::200e][..443] [TLS][Unknown][Web][Safe] + guessed: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58618] -> [...............2a00:1450:4007:805::200e][..443] [TLS][Google][Web][Safe] idle: [....32] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][58618] -> [...............2a00:1450:4007:805::200e][..443] - guessed: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40190] -> [...............2a00:1450:4007:80a::200a][..443] [TLS][Unknown][Web][Safe] + guessed: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40190] -> [...............2a00:1450:4007:80a::200a][..443] [TLS][Google][Web][Safe] idle: [....47] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][40190] -> [...............2a00:1450:4007:80a::200a][..443] idle: [....41] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43328] -> [.....................64:ff9b::4a72:9a16][..443] [TLS.Tumblr][Unknown][SocialNetwork][Fun] idle: [.....8] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43420] -> [.....................64:ff9b::c000:4d28][..443] @@ -249,9 +249,9 @@ guessed: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43602] -> [......................64:ff9b::df9:21c6][..443] [TLS][Unknown][Web][Safe] idle: [....24] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][43602] -> [......................64:ff9b::df9:21c6][..443] idle: [....15] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][51874] -> [.....................64:ff9b::c000:4c03][..443] [TLS][Unknown][Web][Safe] - idle: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Unknown][Web][Acceptable] - guessed: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][55014] -> [...............2a00:1450:4007:806::200e][..443] [TLS][Unknown][Web][Safe] + idle: [....44] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][38608] -> [...............2a00:1450:4007:80b::200a][..443] [TLS.GoogleServices][Google][Web][Acceptable] + guessed: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][55014] -> [...............2a00:1450:4007:806::200e][..443] [TLS][Google][Web][Safe] idle: [....39] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][55014] -> [...............2a00:1450:4007:806::200e][..443] - guessed: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS][Unknown][Web][Safe] + guessed: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] [TLS][Google][Web][Safe] idle: [....22] [ip6][..tcp] [2a01:cb01:2049:8b07:991d:ec85:28df:f629][50960] -> [...............2a00:1450:4007:805::2002][..443] DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/ultrasurf.pcap.out b/test/results/flow-info/default/ultrasurf.pcap.out index 6495f3ac1..f1d19792b 100644 --- a/test/results/flow-info/default/ultrasurf.pcap.out +++ b/test/results/flow-info/default/ultrasurf.pcap.out @@ -16,9 +16,9 @@ [ENTROPIES...: 7.9,7.9,7.8,7.8,7.9,7.9,5.5,5.4,7.9,7.9,7.9,5.5,7.9,7.9,7.8,7.9,5.5,5.3,5.4,5.4,7.8,5.5,7.8,7.9,7.9,5.5,5.5,7.9,7.9,7.9,7.9,7.9] new: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] detected: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch analyse: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.271| 0.063| 0.099| 9897.855| 3.400] @@ -31,9 +31,9 @@ [ENTROPIES...: 4.7,5.2,5.3,6.1,5.1,7.8,7.8,7.8,5.2,5.2,5.2,6.1,6.4,7.7,6.3,5.9,5.7,6.1,5.8,5.2,6.0,7.9,5.9,7.8,7.7,7.7,5.2,5.9,6.9,6.8,5.9,6.2] new: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] detected: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch analyse: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.269| 0.059| 0.101| 10170.351| 3.100] @@ -47,7 +47,7 @@ idle: [.....1] [ip4][..tcp] [....65.49.68.25][50053] -> [....10.132.0.23][37898] [UltraSurf][Unknown][VPN][Acceptable] RISK: Unidirectional Traffic idle: [.....2] [ip4][..tcp] [....10.132.0.23][38120] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch idle: [.....3] [ip4][..tcp] [....10.132.0.23][38152] -> [....65.49.68.25][50053] [TLS][Unknown][Web][Safe] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/default/wechat.pcap.out b/test/results/flow-info/default/wechat.pcap.out index 5ca3cd489..155e5e666 100644 --- a/test/results/flow-info/default/wechat.pcap.out +++ b/test/results/flow-info/default/wechat.pcap.out @@ -283,7 +283,7 @@ detection-update: [....44] [ip4][..udp] [..192.168.1.103][19041] -> [..192.168.1.254][...53] [DNS.QQ][Unknown][Network][Fun][res.wx.qq.com] new: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] new: [....46] [ip4][..tcp] [..192.168.1.103][43851] -> [.203.205.158.34][..443] - detected: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Tencent][Chat][Fun][res.wx.qq.com] + detected: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Unknown][Chat][Fun][res.wx.qq.com] analyse: [....42] [ip4][..tcp] [..192.168.1.103][54113] -> [203.205.151.162][..443] [TLS.WeChat][Unknown][Chat][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 6.615| 0.560| 1.552| 2408711.979| 2.600] @@ -294,9 +294,9 @@ [IATS(ms)....: 315.2,315.3,0.4,318.4,1.9,319.8,0.5,0.5,1.1,1.1,2.6,316.6,315.1,4.6,327.3,29.7,2.7,353.9,21.7,4.6,350.0,32.2,392.6,18.0,3.3,380.6,36.9,359.5,6259.0,6615.4,265.6] [PKTLENS.....: 60,60,52,290,52,1480,52,1480,52,312,52,178,103,1292,527,52,1480,112,52,1225,429,52,250,52,1292,527,52,989,52,1113,52,1480] [ENTROPIES...: 4.7,5.2,5.0,5.9,5.2,6.8,5.1,7.5,5.1,7.3,5.1,6.3,6.0,7.8,7.6,5.1,7.9,6.3,5.0,7.8,7.4,5.1,7.0,5.0,7.8,7.6,5.2,7.8,5.1,7.8,5.1,7.9] - detection-update: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Tencent][Chat][Fun][res.wx.qq.com] + detection-update: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Unknown][Chat][Fun][res.wx.qq.com] RISK: Weak TLS Cipher - detection-update: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Tencent][Chat][Fun][res.wx.qq.com] + detection-update: [....45] [ip4][..tcp] [..192.168.1.103][43850] -> [.203.205.158.34][..443] [TLS.QQ][Unknown][Chat][Fun][res.wx.qq.com] RISK: Weak TLS Cipher new: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] detected: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable][ssl.gstatic.com] @@ -442,7 +442,7 @@ update: [....47] [ip4][..udp] [..192.168.1.103][60562] -> [..192.168.1.254][...53] [DNS.Google][Unknown][Network][Acceptable] update: [....48] [ip4][..udp] [..192.168.1.103][35601] -> [..172.217.23.67][..443] [QUIC.Google][Google][Web][Acceptable] RISK: Unidirectional Traffic - guessed: [....46] [ip4][..tcp] [..192.168.1.103][43851] -> [.203.205.158.34][..443] [TLS][Tencent][Web][Safe] + guessed: [....46] [ip4][..tcp] [..192.168.1.103][43851] -> [.203.205.158.34][..443] [TLS][Unknown][Web][Safe] end: [....46] [ip4][..tcp] [..192.168.1.103][43851] -> [.203.205.158.34][..443] guessed: [....43] [ip4][..tcp] [..192.168.1.103][54114] -> [203.205.151.162][..443] [TLS][Unknown][Web][Safe] end: [....43] [ip4][..tcp] [..192.168.1.103][54114] -> [203.205.151.162][..443] diff --git a/test/results/flow-info/default/weibo.pcap.out b/test/results/flow-info/default/weibo.pcap.out index 02ba168ee..ef01a067a 100644 --- a/test/results/flow-info/default/weibo.pcap.out +++ b/test/results/flow-info/default/weibo.pcap.out @@ -15,15 +15,15 @@ new: [.....9] [ip4][..tcp] [..192.168.1.105][35154] -> [.216.58.210.206][..443] [MIDSTREAM] detected: [.....6] [ip4][..tcp] [..192.168.1.105][59119] -> [.114.134.80.162][...80] [HTTP][Unknown][Web][Acceptable][weibo.com] new: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] - detected: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][www.weibo.com] + detected: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][www.weibo.com] RISK: Unidirectional Traffic - detection-update: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][www.weibo.com] + detection-update: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][www.weibo.com] new: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] - detected: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun][www.weibo.com] + detected: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.SinaWeibo][Unknown][SocialNetwork][Fun][www.weibo.com] new: [....12] [ip4][..tcp] [..192.168.1.105][37802] -> [..216.58.212.69][..443] [MIDSTREAM] new: [....13] [ip4][..tcp] [..192.168.1.105][40440] -> [.54.225.163.210][..443] [MIDSTREAM] new: [....14] [ip4][..tcp] [..192.168.1.105][34699] -> [..216.58.212.65][..443] [MIDSTREAM] - analyse: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] + analyse: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.SinaWeibo][Unknown][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.482| 0.042| 0.114| 12948.299| 2.500] [PKTLEN......: 52.000| 2924.000| 448.100| 693.400| 480801.900| 3.700] @@ -34,20 +34,20 @@ [PKTLENS.....: 60,60,52,502,52,57,64,1488,64,1488,64,54,72,1064,64,58,64,2924,64,280,72,54,72,1488,64,805,52,58,52,1488,52,1488] [ENTROPIES...: 4.7,5.2,5.0,5.9,5.1,5.1,5.1,7.9,5.1,7.9,5.1,5.1,5.1,7.8,5.1,5.2,5.1,7.9,5.1,7.2,5.1,5.1,5.2,7.8,5.1,5.8,5.1,5.2,5.0,7.9,4.9,7.9] new: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] - detected: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][img.t.sinajs.cn] + detected: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][img.t.sinajs.cn] RISK: Unidirectional Traffic - detection-update: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][img.t.sinajs.cn] + detection-update: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][img.t.sinajs.cn] RISK: Minor Issues new: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] new: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] new: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] - detected: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] - detected: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] - detected: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] + detected: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] + detected: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] + detected: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] new: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] - detected: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][js.t.sinajs.cn] + detected: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][js.t.sinajs.cn] RISK: Unidirectional Traffic - analyse: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] + analyse: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.314| 0.038| 0.072| 5116.345| 3.500] [PKTLEN......: 52.000| 2924.000| 696.700| 831.300| 691142.800| 4.000] @@ -57,7 +57,7 @@ [IATS(ms)....: 26.8,26.8,0.2,31.4,283.1,314.3,2.6,2.6,16.7,16.7,12.8,12.8,0.1,0.0,45.7,45.8,5.1,5.0,71.0,71.0,5.5,5.5,32.3,32.3,43.0,43.0,3.2,3.2,2.5,2.5,2.8] [PKTLENS.....: 60,60,52,484,52,566,52,1488,52,2924,52,1488,52,1064,64,1488,52,879,52,566,64,2924,64,1488,64,1488,64,1488,64,1488,64,1488] [ENTROPIES...: 4.6,5.2,5.0,5.9,5.2,5.7,4.9,7.8,4.9,7.9,5.0,7.9,4.9,7.8,5.0,7.9,4.9,7.7,5.0,5.7,5.0,7.9,5.0,7.8,5.1,7.9,5.1,7.9,5.1,7.9,5.0,7.9] - analyse: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] + analyse: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.401| 0.041| 0.093| 8612.838| 3.200] [PKTLEN......: 52.000| 4360.000| 833.800| 1162.900| 1352437.000| 3.800] @@ -68,7 +68,7 @@ [PKTLENS.....: 60,60,52,472,52,567,52,1488,52,4360,52,1488,52,4360,52,2924,52,567,64,567,64,1488,52,1488,52,1488,64,1488,64,1488,64,1488] [ENTROPIES...: 4.6,5.1,4.9,5.9,5.0,5.7,4.8,7.8,4.9,8.0,4.9,7.9,4.8,8.0,4.9,7.9,4.9,5.7,5.0,5.7,5.0,7.9,4.9,7.9,4.9,7.9,5.0,7.9,5.0,7.9,5.0,7.8] new: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] - detected: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][u1.img.mobile.sina.cn] + detected: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][u1.img.mobile.sina.cn] RISK: Unidirectional Traffic new: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] detected: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][acjstb.aliyun.com] @@ -86,22 +86,22 @@ new: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] new: [....27] [ip4][..tcp] [..192.168.1.105][35808] -> [.93.188.134.246][...80] new: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] - detected: [....25] [ip4][..tcp] [..192.168.1.105][35806] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] - detected: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] - detected: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] - detection-update: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][u1.img.mobile.sina.cn] + detected: [....25] [ip4][..tcp] [..192.168.1.105][35806] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] + detected: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] + detected: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][img.t.sinajs.cn] + detection-update: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][u1.img.mobile.sina.cn] new: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53] - detected: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][account.weibo.com] + detected: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][account.weibo.com] RISK: Unidirectional Traffic new: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80] - detection-update: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][js.t.sinajs.cn] + detection-update: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun][js.t.sinajs.cn] new: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] - detected: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][c.weibo.cn] + detected: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][c.weibo.cn] RISK: Unidirectional Traffic new: [....32] [ip4][..tcp] [..192.168.1.105][35811] -> [.93.188.134.246][...80] detection-update: [....22] [ip4][..udp] [..192.168.1.105][51440] -> [....192.168.1.1][...53] [DNS.Alibaba][Unknown][Network][Acceptable][g.alicdn.com] new: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] - detected: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun][data.weibo.com] + detected: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun][data.weibo.com] RISK: Unidirectional Traffic new: [....34] [ip4][..tcp] [..192.168.1.105][50827] -> [...47.89.65.229][..443] detection-update: [....23] [ip4][..udp] [..192.168.1.105][53466] -> [....192.168.1.1][...53] [DNS.Alibaba][Unknown][Network][Acceptable][log.mmstat.com] @@ -110,7 +110,7 @@ new: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80] new: [....38] [ip4][..tcp] [..192.168.1.105][50831] -> [...47.89.65.229][..443] new: [....39] [ip4][..tcp] [..192.168.1.105][48356] -> [..140.205.174.1][..443] - detected: [....32] [ip4][..tcp] [..192.168.1.105][35811] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun][js.t.sinajs.cn] + detected: [....32] [ip4][..tcp] [..192.168.1.105][35811] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][js.t.sinajs.cn] detected: [....34] [ip4][..tcp] [..192.168.1.105][50827] -> [...47.89.65.229][..443] [TLS.Alibaba][Unknown][Web][Acceptable][g.alicdn.com] detection-update: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][acjstb.aliyun.com] RISK: Susp DGA Domain name, Risky Domain Name @@ -118,10 +118,10 @@ new: [....41] [ip4][..tcp] [..192.168.1.105][52272] -> [..42.156.184.19][..443] detection-update: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable][login.taobao.com] new: [....42] [ip4][..tcp] [..192.168.1.105][47721] -> [.140.205.170.63][..443] - detected: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun][u1.img.mobile.sina.cn] + detected: [....30] [ip4][..tcp] [..192.168.1.105][42275] -> [...222.73.28.96][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun][u1.img.mobile.sina.cn] new: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443] new: [....44] [ip4][..tcp] [..192.168.1.105][47723] -> [.140.205.170.63][..443] - analyse: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] + analyse: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.439| 0.087| 0.119| 14239.990| 3.800] [PKTLEN......: 52.000| 1488.000| 514.000| 578.700| 334896.400| 4.100] @@ -131,7 +131,7 @@ [IATS(ms)....: 26.8,26.8,0.3,31.4,276.1,307.3,6.9,6.9,153.9,153.9,2.9,2.9,375.9,438.8,4.4,67.2,2.9,3.0,31.5,31.4,138.5,138.5,6.1,6.1,4.5,4.5,193.5,193.5,28.8,28.7,2.7] [PKTLENS.....: 60,60,52,462,52,563,52,1012,52,563,64,1012,64,511,52,480,52,1488,52,480,64,1488,52,1488,52,1488,52,1488,64,1488,52,1488] [ENTROPIES...: 4.7,5.1,5.0,5.9,5.0,5.8,5.0,7.8,5.0,5.7,5.0,7.8,5.0,5.9,5.1,5.8,5.0,6.4,5.1,5.8,5.1,7.7,5.1,7.7,5.1,7.7,5.1,7.7,5.2,7.7,5.1,7.7] - analyse: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] + analyse: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.184| 0.031| 0.055| 2983.622| 3.400] [PKTLEN......: 52.000| 1488.000| 633.200| 674.000| 454231.700| 4.100] @@ -141,7 +141,7 @@ [IATS(ms)....: 62.2,62.2,0.1,161.1,22.7,183.7,5.7,5.7,2.6,2.5,10.5,10.6,5.2,5.3,3.2,3.2,2.5,2.4,5.5,5.5,2.9,2.9,2.6,2.6,4.8,4.8,162.1,162.1,26.3,26.3,3.1] [PKTLENS.....: 60,60,52,536,52,479,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,479,64,1488,52,1488] [ENTROPIES...: 4.7,5.2,5.0,5.8,5.1,5.8,5.0,7.8,5.0,7.8,5.1,7.7,5.1,7.7,5.1,7.8,5.0,7.6,5.1,7.9,5.1,7.8,5.1,7.9,5.0,7.8,5.1,5.8,5.1,7.9,5.0,7.8] - analyse: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] + analyse: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 0.252| 0.036| 0.056| 3089.619| 3.800] [PKTLEN......: 52.000| 1488.000| 633.700| 673.800| 454044.400| 4.100] @@ -155,18 +155,18 @@ guessed: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80] [HTTP][Unknown][Web][Acceptable][] RISK: Unidirectional Traffic idle: [....37] [ip4][..tcp] [..192.168.1.105][42280] -> [...222.73.28.96][...80] - idle: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun] + idle: [....20] [ip4][..udp] [..192.168.1.105][18035] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun] idle: [.....5] [ip4][..udp] [..192.168.1.105][54988] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] guessed: [....12] [ip4][..tcp] [..192.168.1.105][37802] -> [..216.58.212.69][..443] [TLS][Google][Web][Safe] idle: [....12] [ip4][..tcp] [..192.168.1.105][37802] -> [..216.58.212.69][..443] - idle: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] - idle: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] - idle: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] - idle: [....25] [ip4][..tcp] [..192.168.1.105][35806] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] - idle: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] + idle: [....16] [ip4][..tcp] [..192.168.1.105][35803] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] + idle: [....17] [ip4][..tcp] [..192.168.1.105][35804] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] + idle: [....18] [ip4][..tcp] [..192.168.1.105][35805] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] + idle: [....25] [ip4][..tcp] [..192.168.1.105][35806] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] + idle: [....26] [ip4][..tcp] [..192.168.1.105][35807] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] guessed: [....27] [ip4][..tcp] [..192.168.1.105][35808] -> [.93.188.134.246][...80] [HTTP][Unknown][Web][Acceptable][] idle: [....27] [ip4][..tcp] [..192.168.1.105][35808] -> [.93.188.134.246][...80] - idle: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] + idle: [....28] [ip4][..tcp] [..192.168.1.105][35809] -> [.93.188.134.246][...80] [HTTP.Sina][Unknown][SocialNetwork][Fun] idle: [....32] [ip4][..tcp] [..192.168.1.105][35811] -> [.93.188.134.246][...80] guessed: [....13] [ip4][..tcp] [..192.168.1.105][40440] -> [.54.225.163.210][..443] [TLS][AmazonAWS][Web][Safe] idle: [....13] [ip4][..tcp] [..192.168.1.105][40440] -> [.54.225.163.210][..443] @@ -194,9 +194,9 @@ guessed: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443] [TLS][Alibaba][Web][Safe] RISK: Unidirectional Traffic idle: [....43] [ip4][..tcp] [..192.168.1.105][52274] -> [..42.156.184.19][..443] - idle: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun] + idle: [....15] [ip4][..udp] [..192.168.1.105][53543] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun] RISK: Minor Issues - idle: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun] + idle: [....19] [ip4][..udp] [..192.168.1.105][41352] -> [....192.168.1.1][...53] [DNS.Sina][Unknown][Network][Fun] idle: [....31] [ip4][..udp] [..192.168.1.105][16804] -> [....192.168.1.1][...53] guessed: [....14] [ip4][..tcp] [..192.168.1.105][34699] -> [..216.58.212.65][..443] [TLS][Google][Web][Safe] idle: [....14] [ip4][..tcp] [..192.168.1.105][34699] -> [..216.58.212.65][..443] @@ -209,7 +209,7 @@ guessed: [....39] [ip4][..tcp] [..192.168.1.105][48356] -> [..140.205.174.1][..443] [TLS][Alibaba][Web][Safe] RISK: Unidirectional Traffic idle: [....39] [ip4][..tcp] [..192.168.1.105][48356] -> [..140.205.174.1][..443] - idle: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.Sina(Weibo)][Unknown][Network][Fun] + idle: [....10] [ip4][..udp] [..192.168.1.105][.7148] -> [....192.168.1.1][...53] [DNS.SinaWeibo][Unknown][Network][Fun] idle: [....24] [ip4][..udp] [..192.168.1.105][33822] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] guessed: [.....1] [ip4][..udp] [..216.58.210.14][..443] -> [..192.168.1.105][49361] [QUIC][Google][Web][Acceptable] idle: [.....1] [ip4][..udp] [..216.58.210.14][..443] -> [..192.168.1.105][49361] @@ -223,7 +223,7 @@ guessed: [.....4] [ip4][..udp] [..192.168.1.105][53656] -> [.216.58.210.227][..443] [QUIC][Google][Web][Acceptable] idle: [.....4] [ip4][..udp] [..192.168.1.105][53656] -> [.216.58.210.227][..443] idle: [....33] [ip4][..udp] [..192.168.1.105][50533] -> [....192.168.1.1][...53] - idle: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.Sina(Weibo)][Unknown][SocialNetwork][Fun] + idle: [....11] [ip4][..tcp] [..192.168.1.105][51698] -> [.93.188.134.137][...80] [HTTP.SinaWeibo][Unknown][SocialNetwork][Fun] idle: [....21] [ip4][..udp] [..192.168.1.105][50640] -> [....192.168.1.1][...53] [DNS][Unknown][Network][Acceptable] RISK: Susp DGA Domain name, Risky Domain Name idle: [....29] [ip4][..udp] [..192.168.1.105][11798] -> [....192.168.1.1][...53] diff --git a/test/results/flow-info/default/whois.pcapng.out b/test/results/flow-info/default/whois.pcapng.out index b6c013b79..f9be7a375 100644 --- a/test/results/flow-info/default/whois.pcapng.out +++ b/test/results/flow-info/default/whois.pcapng.out @@ -7,9 +7,9 @@ DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] detected: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Unknown][Web][Safe][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [.....2] [ip4][..tcp] [...10.17.34.139][64016] -> [.....10.17.51.8][.4343] [TLS][Unknown][Web][Safe][] - RISK: Known Proto on Non Std Port, Missing SNI TLS Extn + RISK: Known Proto on Non Std Port, Missing SNI TLS Extn, ALPN/SNI Mismatch end: [.....1] [ip4][..tcp] [......10.0.2.15][44188] -> [....192.0.47.59][...43] [Whois-DAS][Unknown][Network][Acceptable] DAEMON-EVENT: [Processed: 18 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 2|skipped: 0|!detected: 0|guessed: 0|detection-updates: 1|updates: 0] diff --git a/test/results/flow-info/default/zcash.pcap.out b/test/results/flow-info/default/zcash.pcap.out index 0c24246ae..3367a3be8 100644 --- a/test/results/flow-info/default/zcash.pcap.out +++ b/test/results/flow-info/default/zcash.pcap.out @@ -3,7 +3,7 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] detected: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe] - RISK: Known Proto on Non Std Port, Unsafe Protocol + RISK: Unsafe Protocol analyse: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 50.191| 6.014| 12.034| 144808530.149| 3.200] @@ -17,5 +17,5 @@ DAEMON-EVENT: [Processed: 87 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 1 / 1|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] idle: [.....1] [ip4][..tcp] [...192.168.2.92][55190] -> [.178.32.196.217][.9050] [Mining][Unknown][Mining][Unsafe] - RISK: Known Proto on Non Std Port, Unsafe Protocol + RISK: Unsafe Protocol DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/enable_doh_heuristic/doh.pcapng.out b/test/results/flow-info/enable_doh_heuristic/doh.pcapng.out index bbcd31915..09ea6804f 100644 --- a/test/results/flow-info/enable_doh_heuristic/doh.pcapng.out +++ b/test/results/flow-info/enable_doh_heuristic/doh.pcapng.out @@ -3,9 +3,9 @@ DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] detected: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch detection-update: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe][] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch analyse: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe] min| max| avg| stddev| variance| entropy [IAT.........: 0.000| 15.360| 2.496| 5.583| 31170844.688| 2.400] @@ -17,5 +17,5 @@ [PKTLENS.....: 60,52,46,301,46,1500,46,1500,46,256,46,104,126,136,108,46,46,111,46,71,46,46,371,71,46,46,46,46,46,46,46,46] [ENTROPIES...: 4.4,4.4,4.2,5.9,4.1,7.8,4.1,7.9,4.1,7.1,4.1,5.9,6.2,6.4,6.0,4.1,4.1,6.2,4.1,5.5,4.1,4.1,7.4,5.5,4.1,4.1,4.2,4.1,4.1,4.1,4.2,4.1] idle: [.....1] [ip4][..tcp] [..192.168.1.253][35996] -> [........1.1.1.1][..443] [TLS][Unknown][Web][Safe] - RISK: Missing SNI TLS Extn + RISK: Missing SNI TLS Extn, ALPN/SNI Mismatch DAEMON-EVENT: shutdown diff --git a/test/results/flow-info/enable_payload_stat/1kxun.pcap.out b/test/results/flow-info/enable_payload_stat/1kxun.pcap.out index 7c228723e..452bca122 100644 --- a/test/results/flow-info/enable_payload_stat/1kxun.pcap.out +++ b/test/results/flow-info/enable_payload_stat/1kxun.pcap.out @@ -40,10 +40,10 @@ detected: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable][wpad] new: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] detected: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] detected: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] detected: [....21] [ip4][..udp] [...192.168.3.95][59468] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable][239.255.255.250:1900] new: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] @@ -67,10 +67,10 @@ new: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] new: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] detected: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] detected: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected detected: [....28] [ip4][..tcp] [..192.168.115.8][49600] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] detected: [....27] [ip4][..tcp] [..192.168.115.8][49599] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] detected: [....32] [ip4][..tcp] [..192.168.115.8][49604] -> [.106.187.35.246][...80] [HTTP.1kxun][Unknown][Streaming][Fun][pic.1kxun.com] @@ -277,10 +277,10 @@ detected: [....96] [ip4][..udp] [...192.168.5.47][53962] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] new: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] detected: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] detected: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected new: [....99] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][53938] -> [..............................ff02::1:3][.5355] detected: [....99] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][53938] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] new: [...100] [ip4][..udp] [..192.168.3.236][56043] -> [....224.0.0.252][.5355] @@ -339,12 +339,12 @@ update: [....18] [ip4][..udp] [..192.168.115.8][..137] -> [192.168.255.255][..137] [NetBIOS][Unknown][System][Acceptable] update: [....12] [ip4][..udp] [...192.168.5.47][60267] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] update: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [.....6] [ip4][..udp] [...192.168.5.50][64674] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] update: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] update: [.....9] [ip6][..udp] [...............fe80::406:55a8:6453:25dd][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] update: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [....24] [ip4][..udp] [..192.168.115.8][52723] -> [.....168.95.1.1][...53] [DNS.1kxun][Unknown][Network][Fun] update: [....16] [ip4][..udp] [..192.168.115.8][52723] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun] update: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] @@ -400,13 +400,13 @@ update: [....42] [ip4][..udp] [.192.168.10.110][60480] -> [255.255.255.255][62976] update: [....56] [ip4][..udp] [.59.120.208.218][50151] -> [255.255.255.255][.1947] update: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected update: [....39] [ip4][..udp] [..192.168.115.8][54420] -> [........8.8.8.8][...53] [DNS.QQ][Google][Network][Fun] update: [....26] [ip4][..udp] [..192.168.115.8][60724] -> [........8.8.8.8][...53] [DNS.1kxun][Google][Network][Fun] update: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] update: [....53] [ip4][..udp] [...192.168.5.49][61548] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] update: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected DAEMON-EVENT: [Processed: 1032 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 129 / 129|skipped: 0|!detected: 0|guessed: 0|detection-updates: 11|updates: 38] new: [...130] [ip4][..tcp] [..192.168.2.126][60962] -> [..172.104.93.92][.1234] [MIDSTREAM] @@ -465,7 +465,7 @@ idle: [...100] [ip4][..udp] [..192.168.3.236][56043] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....95] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][53962] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....97] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][51451] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected not-detected: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] idle: [....94] [ip4][..udp] [..192.168.119.2][43786] -> [255.255.255.255][.5678] idle: [....85] [ip4][..udp] [...192.168.5.50][50030] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] @@ -520,7 +520,7 @@ guessed: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] [HTTP][Google][Web][Acceptable][] idle: [....61] [ip4][..tcp] [..192.168.115.8][49581] -> [.64.233.189.128][...80] idle: [....20] [ip4][..udp] [...192.168.3.95][58779] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [....15] [ip4][..tcp] [..192.168.115.8][49597] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun] idle: [....36] [ip4][..tcp] [..192.168.115.8][49605] -> [.106.185.35.110][...80] [HTTP.1kxun][Unknown][Streaming][Fun] RISK: HTTP Susp User-Agent @@ -545,7 +545,7 @@ not-detected: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] [Unknown][Unknown][Unrated] idle: [....22] [ip4][..udp] [.192.168.125.30][62976] -> [255.255.255.255][62976] idle: [....34] [ip4][..udp] [...192.168.3.95][54888] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [...123] [ip6][..udp] [...............fe80::e034:7be:d8f9:6197][57143] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....80] [ip4][..udp] [...192.168.5.57][65150] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] not-detected: [....88] [ip4][..udp] [..192.168.119.1][56861] -> [255.255.255.255][.5678] [Unknown][Unknown][Unrated] @@ -570,7 +570,7 @@ idle: [....52] [ip6][..udp] [...............fe80::9bd:81dd:2fdc:5750][61548] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [...129] [ip4][..udp] [..192.168.3.236][65496] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....19] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][58779] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected guessed: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] [TLS][Line][Web][Safe] idle: [...101] [ip4][..tcp] [.119.235.235.84][..443] -> [...192.168.5.16][53406] end: [....46] [ip4][..tcp] [..192.168.115.8][49612] -> [.183.131.48.145][...80] [HTTP][Unknown][Web][Acceptable] @@ -591,11 +591,11 @@ idle: [....93] [ip6][..udp] [..............fe80::beee:7bff:fe0c:b3de][..546] -> [..............................ff02::1:2][..547] [DHCPV6][Unknown][Network][Acceptable] idle: [....11] [ip4][..udp] [...192.168.5.47][61603] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....33] [ip6][..udp] [..............fe80::e98f:bae2:19f7:6b0f][54888] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [.....1] [ip4][..udp] [...192.168.5.44][59571] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....10] [ip6][..udp] [..............fe80::edf5:240a:c8c0:8312][61603] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [....98] [ip4][..udp] [...192.168.3.95][51451] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] - RISK: Text With Non-Printable Chars + RISK: Non-Printable/Invalid Chars Detected idle: [....83] [ip4][..udp] [...192.168.5.49][.1900] -> [239.255.255.250][.1900] [SSDP][Unknown][System][Acceptable] idle: [....13] [ip4][..udp] [..192.168.115.8][51458] -> [....224.0.0.252][.5355] [LLMNR][Unknown][Network][Acceptable] idle: [...128] [ip6][..udp] [..............fe80::5d92:62a8:ebde:1319][58468] -> [..............................ff02::1:3][.5355] [LLMNR][Unknown][Network][Acceptable] diff --git a/test/results/stats/caches_cfg/ookla.pcap.out b/test/results/stats/caches_cfg/ookla.pcap.out index e52ef9cef..fa7e4bf5d 100644 --- a/test/results/stats/caches_cfg/ookla.pcap.out +++ b/test/results/stats/caches_cfg/ookla.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/caches_cfg/teams.pcap.out b/test/results/stats/caches_cfg/teams.pcap.out index 9ad02e4a5..a7f97ebeb 100644 --- a/test/results/stats/caches_cfg/teams.pcap.out +++ b/test/results/stats/caches_cfg/teams.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:680 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:649648 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:648796 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:83 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:17 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:66 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/1kxun.pcap.out b/test/results/stats/default/1kxun.pcap.out index 3dea4f9a4..2a03502b1 100644 --- a/test/results/stats/default/1kxun.pcap.out +++ b/test/results/stats/default/1kxun.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:1284 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:1528605 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:1528733 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:197 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:188 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/443-chrome.pcap.out b/test/results/stats/default/443-chrome.pcap.out index 85fa067d4..4fb6e71a1 100644 --- a/test/results/stats/default/443-chrome.pcap.out +++ b/test/results/stats/default/443-chrome.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/443-curl.pcap.out b/test/results/stats/default/443-curl.pcap.out index 96c9d8a56..ab3ce412a 100644 --- a/test/results/stats/default/443-curl.pcap.out +++ b/test/results/stats/default/443-curl.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/443-firefox.pcap.out b/test/results/stats/default/443-firefox.pcap.out index 37700e6e4..14aefe50a 100644 --- a/test/results/stats/default/443-firefox.pcap.out +++ b/test/results/stats/default/443-firefox.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/443-git.pcap.out b/test/results/stats/default/443-git.pcap.out index ae2ebe5f0..c784dde5e 100644 --- a/test/results/stats/default/443-git.pcap.out +++ b/test/results/stats/default/443-git.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/443-opvn.pcap.out b/test/results/stats/default/443-opvn.pcap.out index e767a24cb..63c26f829 100644 --- a/test/results/stats/default/443-opvn.pcap.out +++ b/test/results/stats/default/443-opvn.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/443-safari.pcap.out b/test/results/stats/default/443-safari.pcap.out index 9fd18c1b5..1b0b83712 100644 --- a/test/results/stats/default/443-safari.pcap.out +++ b/test/results/stats/default/443-safari.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/4in4tunnel.pcap.out b/test/results/stats/default/4in4tunnel.pcap.out index e5aa071fc..598341bfd 100644 --- a/test/results/stats/default/4in4tunnel.pcap.out +++ b/test/results/stats/default/4in4tunnel.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/4in6tunnel.pcap.out b/test/results/stats/default/4in6tunnel.pcap.out index 49c515c38..a4a10c17c 100644 --- a/test/results/stats/default/4in6tunnel.pcap.out +++ b/test/results/stats/default/4in6tunnel.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/6in4tunnel.pcap.out b/test/results/stats/default/6in4tunnel.pcap.out index b53101b03..b64e6984c 100644 --- a/test/results/stats/default/6in4tunnel.pcap.out +++ b/test/results/stats/default/6in4tunnel.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/6in6tunnel.pcap.out b/test/results/stats/default/6in6tunnel.pcap.out index a8bbb6ade..9e72e7c89 100644 --- a/test/results/stats/default/6in6tunnel.pcap.out +++ b/test/results/stats/default/6in6tunnel.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/stats/default/BGP_Cisco_hdlc_slarp.pcap.out index c139d68c9..fdca9e07b 100644 --- a/test/results/stats/default/BGP_Cisco_hdlc_slarp.pcap.out +++ b/test/results/stats/default/BGP_Cisco_hdlc_slarp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/BGP_redist.pcap.out b/test/results/stats/default/BGP_redist.pcap.out index e06ef6468..cf1aec00e 100644 --- a/test/results/stats/default/BGP_redist.pcap.out +++ b/test/results/stats/default/BGP_redist.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/EAQ.pcap.out b/test/results/stats/default/EAQ.pcap.out index 3e71f2526..62bb2b355 100644 --- a/test/results/stats/default/EAQ.pcap.out +++ b/test/results/stats/default/EAQ.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/stats/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out index 997c1fa8b..3703a97f0 100644 --- a/test/results/stats/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out +++ b/test/results/stats/default/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/IEC104.pcap.out b/test/results/stats/default/IEC104.pcap.out index d6f498714..64fa29f31 100644 --- a/test/results/stats/default/IEC104.pcap.out +++ b/test/results/stats/default/IEC104.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/KakaoTalk_chat.pcap.out b/test/results/stats/default/KakaoTalk_chat.pcap.out index a0d9148e4..709a9e42a 100644 --- a/test/results/stats/default/KakaoTalk_chat.pcap.out +++ b/test/results/stats/default/KakaoTalk_chat.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/KakaoTalk_talk.pcap.out b/test/results/stats/default/KakaoTalk_talk.pcap.out index e63c8e70c..7db93e2cb 100644 --- a/test/results/stats/default/KakaoTalk_talk.pcap.out +++ b/test/results/stats/default/KakaoTalk_talk.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/NTPv2.pcap.out b/test/results/stats/default/NTPv2.pcap.out index 1872c0e78..2bfaa8063 100644 --- a/test/results/stats/default/NTPv2.pcap.out +++ b/test/results/stats/default/NTPv2.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/NTPv3.pcap.out b/test/results/stats/default/NTPv3.pcap.out index 9fcb66cb7..57f9cd598 100644 --- a/test/results/stats/default/NTPv3.pcap.out +++ b/test/results/stats/default/NTPv3.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/NTPv4.pcap.out b/test/results/stats/default/NTPv4.pcap.out index 9fcb66cb7..57f9cd598 100644 --- a/test/results/stats/default/NTPv4.pcap.out +++ b/test/results/stats/default/NTPv4.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/Oscar.pcap.out b/test/results/stats/default/Oscar.pcap.out index e05bc0e0f..578aaf6ad 100644 --- a/test/results/stats/default/Oscar.pcap.out +++ b/test/results/stats/default/Oscar.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/TivoDVR.pcap.out b/test/results/stats/default/TivoDVR.pcap.out index 63b664dfb..ad241aa6f 100644 --- a/test/results/stats/default/TivoDVR.pcap.out +++ b/test/results/stats/default/TivoDVR.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/WebattackRCE.pcap.out b/test/results/stats/default/WebattackRCE.pcap.out index 1a962ad5c..922ed5228 100644 --- a/test/results/stats/default/WebattackRCE.pcap.out +++ b/test/results/stats/default/WebattackRCE.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/WebattackSQLinj.pcap.out b/test/results/stats/default/WebattackSQLinj.pcap.out index 62a1d903b..73be35107 100644 --- a/test/results/stats/default/WebattackSQLinj.pcap.out +++ b/test/results/stats/default/WebattackSQLinj.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/WebattackXSS.pcap.out b/test/results/stats/default/WebattackXSS.pcap.out index 328b04f80..9d57b16f9 100644 --- a/test/results/stats/default/WebattackXSS.pcap.out +++ b/test/results/stats/default/WebattackXSS.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/activision.pcap.out b/test/results/stats/default/activision.pcap.out index ed2c5472c..34aa80463 100644 --- a/test/results/stats/default/activision.pcap.out +++ b/test/results/stats/default/activision.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/adult_content.pcap.out b/test/results/stats/default/adult_content.pcap.out index 5f35ab09a..26236cc2d 100644 --- a/test/results/stats/default/adult_content.pcap.out +++ b/test/results/stats/default/adult_content.pcap.out @@ -1,5 +1,5 @@ -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:8077 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:12 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:9209 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -7,7 +7,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:3131 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:3791 @@ -19,7 +19,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -40,7 +40,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 @@ -91,7 +91,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 @@ -132,9 +132,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/afp.pcap.out b/test/results/stats/default/afp.pcap.out index 40d24483a..016fe0079 100644 --- a/test/results/stats/default/afp.pcap.out +++ b/test/results/stats/default/afp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/agora-sd-rtn.pcap.out b/test/results/stats/default/agora-sd-rtn.pcap.out index fe1063f12..91a96904f 100644 --- a/test/results/stats/default/agora-sd-rtn.pcap.out +++ b/test/results/stats/default/agora-sd-rtn.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ah.pcapng.out b/test/results/stats/default/ah.pcapng.out index 122c85ee1..d0f0cf648 100644 --- a/test/results/stats/default/ah.pcapng.out +++ b/test/results/stats/default/ah.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ajp.pcap.out b/test/results/stats/default/ajp.pcap.out index 4d254a1d0..c777774a8 100644 --- a/test/results/stats/default/ajp.pcap.out +++ b/test/results/stats/default/ajp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/alexa-app.pcapng.out b/test/results/stats/default/alexa-app.pcapng.out index 49492d907..da57b5e4d 100644 --- a/test/results/stats/default/alexa-app.pcapng.out +++ b/test/results/stats/default/alexa-app.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/alicloud.pcap.out b/test/results/stats/default/alicloud.pcap.out index 9f59b97ac..8bcbe5da6 100644 --- a/test/results/stats/default/alicloud.pcap.out +++ b/test/results/stats/default/alicloud.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/among_us.pcap.out b/test/results/stats/default/among_us.pcap.out index 7491a5637..3363d87b4 100644 --- a/test/results/stats/default/among_us.pcap.out +++ b/test/results/stats/default/among_us.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/amqp.pcap.out b/test/results/stats/default/amqp.pcap.out index 97a0d01eb..283a325b8 100644 --- a/test/results/stats/default/amqp.pcap.out +++ b/test/results/stats/default/amqp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/android.pcap.out b/test/results/stats/default/android.pcap.out index 48d32c522..a41eb8f5d 100644 --- a/test/results/stats/default/android.pcap.out +++ b/test/results/stats/default/android.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/anyconnect-vpn.pcap.out b/test/results/stats/default/anyconnect-vpn.pcap.out index d4dbdd69d..4e6455ff6 100644 --- a/test/results/stats/default/anyconnect-vpn.pcap.out +++ b/test/results/stats/default/anyconnect-vpn.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:459 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:390689 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:391932 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:69 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:59 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:38688 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:56727 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:43 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:44 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:207 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 @@ -109,7 +109,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:13 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/anydesk.pcapng.out b/test/results/stats/default/anydesk.pcapng.out index 76fd1f06e..526e60fd2 100644 --- a/test/results/stats/default/anydesk.pcapng.out +++ b/test/results/stats/default/anydesk.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/avast.pcap.out b/test/results/stats/default/avast.pcap.out index ff950479f..a7619334d 100644 --- a/test/results/stats/default/avast.pcap.out +++ b/test/results/stats/default/avast.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/avast_securedns.pcapng.out b/test/results/stats/default/avast_securedns.pcapng.out index 1abad3afc..4d0e10b2a 100644 --- a/test/results/stats/default/avast_securedns.pcapng.out +++ b/test/results/stats/default/avast_securedns.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/bacnet.pcap.out b/test/results/stats/default/bacnet.pcap.out index ef891f25b..9492a0c6b 100644 --- a/test/results/stats/default/bacnet.pcap.out +++ b/test/results/stats/default/bacnet.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/bad-dns-traffic.pcap.out b/test/results/stats/default/bad-dns-traffic.pcap.out index 875744218..b44097519 100644 --- a/test/results/stats/default/bad-dns-traffic.pcap.out +++ b/test/results/stats/default/bad-dns-traffic.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:39 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:38813 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:40721 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:3 @@ -109,7 +109,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:14 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/badpackets.pcap.out b/test/results/stats/default/badpackets.pcap.out index a649a3ea7..47e66896e 100644 --- a/test/results/stats/default/badpackets.pcap.out +++ b/test/results/stats/default/badpackets.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/bets.pcapng.out b/test/results/stats/default/bets.pcapng.out new file mode 100644 index 000000000..cfafa7def --- /dev/null +++ b/test/results/stats/default/bets.pcapng.out @@ -0,0 +1,142 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:14 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:12353 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:573 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:6919 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/bitcoin.pcap.out b/test/results/stats/default/bitcoin.pcap.out index 13ff172c7..6dc98a310 100644 --- a/test/results/stats/default/bitcoin.pcap.out +++ b/test/results/stats/default/bitcoin.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/bittorrent.pcap.out b/test/results/stats/default/bittorrent.pcap.out index fcb3551ab..b0ac33f6d 100644 --- a/test/results/stats/default/bittorrent.pcap.out +++ b/test/results/stats/default/bittorrent.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/bittorrent_tcp_miss.pcapng.out b/test/results/stats/default/bittorrent_tcp_miss.pcapng.out index c6a6ae7f5..3ad47631e 100644 --- a/test/results/stats/default/bittorrent_tcp_miss.pcapng.out +++ b/test/results/stats/default/bittorrent_tcp_miss.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/bittorrent_utp.pcap.out b/test/results/stats/default/bittorrent_utp.pcap.out index 56e9b319f..1977e1c82 100644 --- a/test/results/stats/default/bittorrent_utp.pcap.out +++ b/test/results/stats/default/bittorrent_utp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/bjnp.pcap.out b/test/results/stats/default/bjnp.pcap.out index c1336f75a..06537c813 100644 --- a/test/results/stats/default/bjnp.pcap.out +++ b/test/results/stats/default/bjnp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/bot.pcap.out b/test/results/stats/default/bot.pcap.out index efa47def6..93557717b 100644 --- a/test/results/stats/default/bot.pcap.out +++ b/test/results/stats/default/bot.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/bt-dns.pcap.out b/test/results/stats/default/bt-dns.pcap.out index bd798202a..024701353 100644 --- a/test/results/stats/default/bt-dns.pcap.out +++ b/test/results/stats/default/bt-dns.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/bt-http.pcapng.out b/test/results/stats/default/bt-http.pcapng.out index 9fc1bec1e..cc85b3883 100644 --- a/test/results/stats/default/bt-http.pcapng.out +++ b/test/results/stats/default/bt-http.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/bt_search.pcap.out b/test/results/stats/default/bt_search.pcap.out index fa3291735..28e1831b4 100644 --- a/test/results/stats/default/bt_search.pcap.out +++ b/test/results/stats/default/bt_search.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/cachefly.pcapng.out b/test/results/stats/default/cachefly.pcapng.out index 53ced9b51..b7b89ba14 100644 --- a/test/results/stats/default/cachefly.pcapng.out +++ b/test/results/stats/default/cachefly.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/can.pcap.out b/test/results/stats/default/can.pcap.out new file mode 100644 index 000000000..f9f60cadf --- /dev/null +++ b/test/results/stats/default/can.pcap.out @@ -0,0 +1,142 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:36 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:31336 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:360 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/capwap.pcap.out b/test/results/stats/default/capwap.pcap.out index f95ac754a..9c9cd80ad 100644 --- a/test/results/stats/default/capwap.pcap.out +++ b/test/results/stats/default/capwap.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/capwap_data.pcapng.out b/test/results/stats/default/capwap_data.pcapng.out index fd4338137..1212c55f3 100644 --- a/test/results/stats/default/capwap_data.pcapng.out +++ b/test/results/stats/default/capwap_data.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/cassandra.pcap.out b/test/results/stats/default/cassandra.pcap.out index ba337df93..a75391539 100644 --- a/test/results/stats/default/cassandra.pcap.out +++ b/test/results/stats/default/cassandra.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/check_mk_new.pcap.out b/test/results/stats/default/check_mk_new.pcap.out index 7f572204c..196a5005c 100644 --- a/test/results/stats/default/check_mk_new.pcap.out +++ b/test/results/stats/default/check_mk_new.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/chrome.pcap.out b/test/results/stats/default/chrome.pcap.out index c2bb0bf27..e2f8c7a38 100644 --- a/test/results/stats/default/chrome.pcap.out +++ b/test/results/stats/default/chrome.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/citrix.pcap.out b/test/results/stats/default/citrix.pcap.out index 1b663f5b6..e23f39a1d 100644 --- a/test/results/stats/default/citrix.pcap.out +++ b/test/results/stats/default/citrix.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/cloudflare-warp.pcap.out b/test/results/stats/default/cloudflare-warp.pcap.out index 4f81ed92a..19209645c 100644 --- a/test/results/stats/default/cloudflare-warp.pcap.out +++ b/test/results/stats/default/cloudflare-warp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/coap_mqtt.pcap.out b/test/results/stats/default/coap_mqtt.pcap.out index 74275ae54..6ef6824a5 100644 --- a/test/results/stats/default/coap_mqtt.pcap.out +++ b/test/results/stats/default/coap_mqtt.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/collectd.pcap.out b/test/results/stats/default/collectd.pcap.out index 9cfa9f59a..01b534755 100644 --- a/test/results/stats/default/collectd.pcap.out +++ b/test/results/stats/default/collectd.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/corba.pcap.out b/test/results/stats/default/corba.pcap.out index 55058c821..6ae7d957e 100644 --- a/test/results/stats/default/corba.pcap.out +++ b/test/results/stats/default/corba.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/cpha.pcap.out b/test/results/stats/default/cpha.pcap.out index 95667de8a..9e47296d8 100644 --- a/test/results/stats/default/cpha.pcap.out +++ b/test/results/stats/default/cpha.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/crawler_false_positive.pcapng.out b/test/results/stats/default/crawler_false_positive.pcapng.out index 1aebec292..948bca7d2 100644 --- a/test/results/stats/default/crawler_false_positive.pcapng.out +++ b/test/results/stats/default/crawler_false_positive.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/crynet.pcap.out b/test/results/stats/default/crynet.pcap.out index 89dc55099..f5c257fe7 100644 --- a/test/results/stats/default/crynet.pcap.out +++ b/test/results/stats/default/crynet.pcap.out @@ -1,26 +1,26 @@ -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:38 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:28995 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:64 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:49290 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:4860 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:665 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:8204 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:1463 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:20 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:35 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 @@ -34,7 +34,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interva PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 @@ -60,11 +60,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 @@ -132,9 +132,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/custom_categories.pcapng.out b/test/results/stats/default/custom_categories.pcapng.out new file mode 100644 index 000000000..6bfc5788c --- /dev/null +++ b/test/results/stats/default/custom_categories.pcapng.out @@ -0,0 +1,142 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:30 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:26661 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:2156 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:5216 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/mgcp.pcapng.out b/test/results/stats/default/custom_risk_mask.pcapng.out index b28008a38..c995352ad 100644 --- a/test/results/stats/default/mgcp.pcapng.out +++ b/test/results/stats/default/custom_risk_mask.pcapng.out @@ -1,25 +1,25 @@ -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:21 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:15240 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:9159 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:2 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:1196 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:393 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:60 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -36,11 +36,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interv PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 @@ -60,8 +60,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:2 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:2 @@ -125,16 +125,18 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/custom_rules_ipv6.pcapng.out b/test/results/stats/default/custom_rules_ipv6.pcapng.out new file mode 100644 index 000000000..bce6ad036 --- /dev/null +++ b/test/results/stats/default/custom_rules_ipv6.pcapng.out @@ -0,0 +1,142 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:26 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:25054 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:3018 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:896 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/custom_rules_same-ip_multiple_ports.pcapng.out b/test/results/stats/default/custom_rules_same-ip_multiple_ports.pcapng.out index f45241acb..7822f78a7 100644 --- a/test/results/stats/default/custom_rules_same-ip_multiple_ports.pcapng.out +++ b/test/results/stats/default/custom_rules_same-ip_multiple_ports.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dazn.pcapng.out b/test/results/stats/default/dazn.pcapng.out index 6dbeb812a..d04f1d7c5 100644 --- a/test/results/stats/default/dazn.pcapng.out +++ b/test/results/stats/default/dazn.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dcerpc.pcap.out b/test/results/stats/default/dcerpc.pcap.out index fdfdb8ccc..4c43f56a1 100644 --- a/test/results/stats/default/dcerpc.pcap.out +++ b/test/results/stats/default/dcerpc.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dhcp-fuzz.pcapng.out b/test/results/stats/default/dhcp-fuzz.pcapng.out index f0dfbb2b3..d606a7cd1 100644 --- a/test/results/stats/default/dhcp-fuzz.pcapng.out +++ b/test/results/stats/default/dhcp-fuzz.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/diameter.pcap.out b/test/results/stats/default/diameter.pcap.out index 91927a29e..8a94fdd94 100644 --- a/test/results/stats/default/diameter.pcap.out +++ b/test/results/stats/default/diameter.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/discord.pcap.out b/test/results/stats/default/discord.pcap.out index f55d865ac..c6ec9615d 100644 --- a/test/results/stats/default/discord.pcap.out +++ b/test/results/stats/default/discord.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/discord_mid_flow.pcap.out b/test/results/stats/default/discord_mid_flow.pcap.out index 92d2a1983..49fefec7c 100644 --- a/test/results/stats/default/discord_mid_flow.pcap.out +++ b/test/results/stats/default/discord_mid_flow.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dlt_ppp.pcap.out b/test/results/stats/default/dlt_ppp.pcap.out index d54102cfa..359ec151e 100644 --- a/test/results/stats/default/dlt_ppp.pcap.out +++ b/test/results/stats/default/dlt_ppp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dnp3.pcap.out b/test/results/stats/default/dnp3.pcap.out index 9d8a77d5a..40f81f2c1 100644 --- a/test/results/stats/default/dnp3.pcap.out +++ b/test/results/stats/default/dnp3.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dns-exf.pcap.out b/test/results/stats/default/dns-exf.pcap.out new file mode 100644 index 000000000..801459420 --- /dev/null +++ b/test/results/stats/default/dns-exf.pcap.out @@ -0,0 +1,142 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:8337 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:121 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:137 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dns-google-nsid.pcapng.out b/test/results/stats/default/dns-google-nsid.pcapng.out index 782dcf201..2bd7e2a54 100644 --- a/test/results/stats/default/dns-google-nsid.pcapng.out +++ b/test/results/stats/default/dns-google-nsid.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:46 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:40913 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:40925 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:7 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dns-invalid-chars.pcap.out b/test/results/stats/default/dns-invalid-chars.pcap.out index 26ba37feb..90dc47e9e 100644 --- a/test/results/stats/default/dns-invalid-chars.pcap.out +++ b/test/results/stats/default/dns-invalid-chars.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:9 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7519 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7543 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dns-tunnel-iodine.pcap.out b/test/results/stats/default/dns-tunnel-iodine.pcap.out index 15732b338..7dea6ad3f 100644 --- a/test/results/stats/default/dns-tunnel-iodine.pcap.out +++ b/test/results/stats/default/dns-tunnel-iodine.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dns2tcp_tunnel.pcap.out b/test/results/stats/default/dns2tcp_tunnel.pcap.out new file mode 100644 index 000000000..4ec36f274 --- /dev/null +++ b/test/results/stats/default/dns2tcp_tunnel.pcap.out @@ -0,0 +1,142 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:13 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:12243 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:1343 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:4713 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dns_ambiguous_names.pcap.out b/test/results/stats/default/dns_ambiguous_names.pcap.out index 83d6ab2d7..d37c5c72b 100644 --- a/test/results/stats/default/dns_ambiguous_names.pcap.out +++ b/test/results/stats/default/dns_ambiguous_names.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:63 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:56309 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:56687 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:10 @@ -125,7 +125,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dns_doh.pcap.out b/test/results/stats/default/dns_doh.pcap.out index cd0a94786..5a9bf7914 100644 --- a/test/results/stats/default/dns_doh.pcap.out +++ b/test/results/stats/default/dns_doh.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dns_dot.pcap.out b/test/results/stats/default/dns_dot.pcap.out index f0438c07a..4f8983c6e 100644 --- a/test/results/stats/default/dns_dot.pcap.out +++ b/test/results/stats/default/dns_dot.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dns_exfiltration.pcap.out b/test/results/stats/default/dns_exfiltration.pcap.out index bfd6a54b9..93bccaedb 100644 --- a/test/results/stats/default/dns_exfiltration.pcap.out +++ b/test/results/stats/default/dns_exfiltration.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dns_fragmented.pcap.out b/test/results/stats/default/dns_fragmented.pcap.out index cb38e54d8..fd5a8bcbc 100644 --- a/test/results/stats/default/dns_fragmented.pcap.out +++ b/test/results/stats/default/dns_fragmented.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:152 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:147302 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:147369 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:21 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:19 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dns_invert_query.pcapng.out b/test/results/stats/default/dns_invert_query.pcapng.out index d233381e1..7ec615b02 100644 --- a/test/results/stats/default/dns_invert_query.pcapng.out +++ b/test/results/stats/default/dns_invert_query.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dns_long_domainname.pcap.out b/test/results/stats/default/dns_long_domainname.pcap.out index 8d29c106c..bbe7989e8 100644 --- a/test/results/stats/default/dns_long_domainname.pcap.out +++ b/test/results/stats/default/dns_long_domainname.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/stats/default/dnscrypt-v1-and-resolver-pings.pcap.out index e9457931f..aaf6d597f 100644 --- a/test/results/stats/default/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/test/results/stats/default/dnscrypt-v1-and-resolver-pings.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dnscrypt-v2-doh.pcap.out b/test/results/stats/default/dnscrypt-v2-doh.pcap.out index 2228403e7..4af9fabcf 100644 --- a/test/results/stats/default/dnscrypt-v2-doh.pcap.out +++ b/test/results/stats/default/dnscrypt-v2-doh.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dnscrypt-v2.pcap.out b/test/results/stats/default/dnscrypt-v2.pcap.out index 82f0071a4..e378fcc66 100644 --- a/test/results/stats/default/dnscrypt-v2.pcap.out +++ b/test/results/stats/default/dnscrypt-v2.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dnscrypt_skype_false_positive.pcapng.out b/test/results/stats/default/dnscrypt_skype_false_positive.pcapng.out index 61d551b16..24b4fbdc3 100644 --- a/test/results/stats/default/dnscrypt_skype_false_positive.pcapng.out +++ b/test/results/stats/default/dnscrypt_skype_false_positive.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/doh.pcapng.out b/test/results/stats/default/doh.pcapng.out index 0c01dd7b9..ead54fbcf 100644 --- a/test/results/stats/default/doh.pcapng.out +++ b/test/results/stats/default/doh.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:11696 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:12136 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/doq.pcapng.out b/test/results/stats/default/doq.pcapng.out index 3f92237be..ba3044e2f 100644 --- a/test/results/stats/default/doq.pcapng.out +++ b/test/results/stats/default/doq.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:19 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:18813 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:18839 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:2 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/doq_adguard.pcapng.out b/test/results/stats/default/doq_adguard.pcapng.out index 6342b726a..cb332f27f 100644 --- a/test/results/stats/default/doq_adguard.pcapng.out +++ b/test/results/stats/default/doq_adguard.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:17038 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:17064 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dos_win98_smb_netbeui.pcap.out b/test/results/stats/default/dos_win98_smb_netbeui.pcap.out index c0ae15c02..50f5f7595 100644 --- a/test/results/stats/default/dos_win98_smb_netbeui.pcap.out +++ b/test/results/stats/default/dos_win98_smb_netbeui.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/drda_db2.pcap.out b/test/results/stats/default/drda_db2.pcap.out index b369d85c3..bf926db38 100644 --- a/test/results/stats/default/drda_db2.pcap.out +++ b/test/results/stats/default/drda_db2.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dropbox.pcap.out b/test/results/stats/default/dropbox.pcap.out index d1b6272a2..880250268 100644 --- a/test/results/stats/default/dropbox.pcap.out +++ b/test/results/stats/default/dropbox.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dtls.pcap.out b/test/results/stats/default/dtls.pcap.out index c4d94ae0c..225dd9653 100644 --- a/test/results/stats/default/dtls.pcap.out +++ b/test/results/stats/default/dtls.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dtls2.pcap.out b/test/results/stats/default/dtls2.pcap.out index 4275fd86c..34238ea19 100644 --- a/test/results/stats/default/dtls2.pcap.out +++ b/test/results/stats/default/dtls2.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dtls_certificate.pcapng.out b/test/results/stats/default/dtls_certificate.pcapng.out index 48863a17d..bd406dd95 100644 --- a/test/results/stats/default/dtls_certificate.pcapng.out +++ b/test/results/stats/default/dtls_certificate.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dtls_certificate_fragments.pcap.out b/test/results/stats/default/dtls_certificate_fragments.pcap.out index 7c201115d..d1ab74cf7 100644 --- a/test/results/stats/default/dtls_certificate_fragments.pcap.out +++ b/test/results/stats/default/dtls_certificate_fragments.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dtls_mid_sessions.pcapng.out b/test/results/stats/default/dtls_mid_sessions.pcapng.out index d589f5829..fab9f10c5 100644 --- a/test/results/stats/default/dtls_mid_sessions.pcapng.out +++ b/test/results/stats/default/dtls_mid_sessions.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dtls_old_version.pcapng.out b/test/results/stats/default/dtls_old_version.pcapng.out index fb9bba711..3373e9a90 100644 --- a/test/results/stats/default/dtls_old_version.pcapng.out +++ b/test/results/stats/default/dtls_old_version.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/dtls_session_id_and_coockie_both.pcap.out b/test/results/stats/default/dtls_session_id_and_coockie_both.pcap.out index cccb61d5a..bae8d238e 100644 --- a/test/results/stats/default/dtls_session_id_and_coockie_both.pcap.out +++ b/test/results/stats/default/dtls_session_id_and_coockie_both.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/edonkey.pcap.out b/test/results/stats/default/edonkey.pcap.out index 2515bbe36..ce6f7e8a2 100644 --- a/test/results/stats/default/edonkey.pcap.out +++ b/test/results/stats/default/edonkey.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/elasticsearch.pcap.out b/test/results/stats/default/elasticsearch.pcap.out index a85b9cce7..e261b59e9 100644 --- a/test/results/stats/default/elasticsearch.pcap.out +++ b/test/results/stats/default/elasticsearch.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/emotet.pcap.out b/test/results/stats/default/emotet.pcap.out index e8179bdc1..93f98caed 100644 --- a/test/results/stats/default/emotet.pcap.out +++ b/test/results/stats/default/emotet.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/encrypted_sni.pcap.out b/test/results/stats/default/encrypted_sni.pcap.out index 7d61f0196..20bf159a2 100644 --- a/test/results/stats/default/encrypted_sni.pcap.out +++ b/test/results/stats/default/encrypted_sni.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/epicgames.pcapng.out b/test/results/stats/default/epicgames.pcapng.out index 9f515e119..e1f76d8e8 100644 --- a/test/results/stats/default/epicgames.pcapng.out +++ b/test/results/stats/default/epicgames.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/esp.pcapng.out b/test/results/stats/default/esp.pcapng.out index 63475a99b..4a66fd68f 100644 --- a/test/results/stats/default/esp.pcapng.out +++ b/test/results/stats/default/esp.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ethereum.pcap.out b/test/results/stats/default/ethereum.pcap.out index d8af299db..307c771dc 100644 --- a/test/results/stats/default/ethereum.pcap.out +++ b/test/results/stats/default/ethereum.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:573 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:531269 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:513728 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:74 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:47 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:27 @@ -11,7 +11,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:43570 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:43398 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:71 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:18 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:315 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 @@ -19,9 +19,9 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:71 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:71 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 @@ -51,14 +51,14 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:71 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:71 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:74 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 @@ -108,7 +108,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:71 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ethernetIP.pcap.out b/test/results/stats/default/ethernetIP.pcap.out index 6cf64cf97..88a69f1a6 100644 --- a/test/results/stats/default/ethernetIP.pcap.out +++ b/test/results/stats/default/ethernetIP.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/exe_download.pcap.out b/test/results/stats/default/exe_download.pcap.out index 31a9161ed..c83ee7ebc 100644 --- a/test/results/stats/default/exe_download.pcap.out +++ b/test/results/stats/default/exe_download.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/exe_download_as_png.pcap.out b/test/results/stats/default/exe_download_as_png.pcap.out index aae78732c..e12d2fdb0 100644 --- a/test/results/stats/default/exe_download_as_png.pcap.out +++ b/test/results/stats/default/exe_download_as_png.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/facebook.pcap.out b/test/results/stats/default/facebook.pcap.out index ff89cefb7..58acd5c78 100644 --- a/test/results/stats/default/facebook.pcap.out +++ b/test/results/stats/default/facebook.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/fastcgi.pcap.out b/test/results/stats/default/fastcgi.pcap.out index b398113c7..c8c022008 100644 --- a/test/results/stats/default/fastcgi.pcap.out +++ b/test/results/stats/default/fastcgi.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/firefox.pcap.out b/test/results/stats/default/firefox.pcap.out index 78aacffc0..4fd63b35e 100644 --- a/test/results/stats/default/firefox.pcap.out +++ b/test/results/stats/default/firefox.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/fix.pcap.out b/test/results/stats/default/fix.pcap.out index a5e3695a2..6020d8153 100644 --- a/test/results/stats/default/fix.pcap.out +++ b/test/results/stats/default/fix.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/fix2.pcap.out b/test/results/stats/default/fix2.pcap.out index 273573fe5..f5ad02a57 100644 --- a/test/results/stats/default/fix2.pcap.out +++ b/test/results/stats/default/fix2.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/forticlient.pcap.out b/test/results/stats/default/forticlient.pcap.out index 1e47d5cbe..de06292fb 100644 --- a/test/results/stats/default/forticlient.pcap.out +++ b/test/results/stats/default/forticlient.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ftp-start-tls.pcap.out b/test/results/stats/default/ftp-start-tls.pcap.out index 96b04fc97..362e365e9 100644 --- a/test/results/stats/default/ftp-start-tls.pcap.out +++ b/test/results/stats/default/ftp-start-tls.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ftp.pcap.out b/test/results/stats/default/ftp.pcap.out index ff6c85129..53e09911b 100644 --- a/test/results/stats/default/ftp.pcap.out +++ b/test/results/stats/default/ftp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ftp_failed.pcap.out b/test/results/stats/default/ftp_failed.pcap.out index fd623e97d..e066bac6e 100644 --- a/test/results/stats/default/ftp_failed.pcap.out +++ b/test/results/stats/default/ftp_failed.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/fuzz-2006-06-26-2594.pcap.out b/test/results/stats/default/fuzz-2006-06-26-2594.pcap.out index fd5f95f35..9389d85a0 100644 --- a/test/results/stats/default/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/stats/default/fuzz-2006-06-26-2594.pcap.out @@ -1,24 +1,24 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:2117 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:1800151 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:1804467 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:257 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:255 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:666 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:2 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:28 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:190 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:27 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:191 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:88 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:39 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:44852 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:16036 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:173 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:174 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:79 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:427 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:3 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:520 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 @@ -40,7 +40,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:69 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:366 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:367 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 @@ -125,16 +125,18 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:64 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:89 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:360 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:361 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/fuzz-2006-09-29-28586.pcap.out b/test/results/stats/default/fuzz-2006-09-29-28586.pcap.out index 54fa8a145..cd01b0923 100644 --- a/test/results/stats/default/fuzz-2006-09-29-28586.pcap.out +++ b/test/results/stats/default/fuzz-2006-09-29-28586.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/fuzz-2020-02-16-11740.pcap.out b/test/results/stats/default/fuzz-2020-02-16-11740.pcap.out index 48a1b48de..f46c6f74f 100644 --- a/test/results/stats/default/fuzz-2020-02-16-11740.pcap.out +++ b/test/results/stats/default/fuzz-2020-02-16-11740.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/stats/default/fuzz-2021-06-07-c6c72a0a56.pcap.out index c923346e0..1e2300542 100644 --- a/test/results/stats/default/fuzz-2021-06-07-c6c72a0a56.pcap.out +++ b/test/results/stats/default/fuzz-2021-06-07-c6c72a0a56.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/fuzz-2021-10-13.pcap.out b/test/results/stats/default/fuzz-2021-10-13.pcap.out index b5ae631ae..6d2fe4f59 100644 --- a/test/results/stats/default/fuzz-2021-10-13.pcap.out +++ b/test/results/stats/default/fuzz-2021-10-13.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/geforcenow.pcapng.out b/test/results/stats/default/geforcenow.pcapng.out index a82fb3b83..2b3b353fc 100644 --- a/test/results/stats/default/geforcenow.pcapng.out +++ b/test/results/stats/default/geforcenow.pcapng.out @@ -1,5 +1,5 @@ -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:24 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:28290 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:26 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:32416 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:2 @@ -7,7 +7,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:2 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:9542 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:53610 @@ -18,9 +18,9 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 @@ -34,7 +34,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interva PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 @@ -91,8 +91,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:5 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 @@ -101,7 +101,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 @@ -110,7 +110,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 @@ -118,7 +118,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/genshin-impact.pcap.out b/test/results/stats/default/genshin-impact.pcap.out index 142619c2e..a8465e09b 100644 --- a/test/results/stats/default/genshin-impact.pcap.out +++ b/test/results/stats/default/genshin-impact.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/git.pcap.out b/test/results/stats/default/git.pcap.out index 5d31e0ce1..bb5f48046 100644 --- a/test/results/stats/default/git.pcap.out +++ b/test/results/stats/default/git.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/gnutella.pcap.out b/test/results/stats/default/gnutella.pcap.out index 2e42743c5..45f9aeb3c 100644 --- a/test/results/stats/default/gnutella.pcap.out +++ b/test/results/stats/default/gnutella.pcap.out @@ -1,14 +1,14 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:6866 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:5968766 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:5968590 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:801 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:66 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:735 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:2519 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:6 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:401 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:5 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:398 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:399 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:149308 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:234286 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:369 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/google_ssl.pcap.out b/test/results/stats/default/google_ssl.pcap.out index 0fb499e59..51f82d7c5 100644 --- a/test/results/stats/default/google_ssl.pcap.out +++ b/test/results/stats/default/google_ssl.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/googledns_android10.pcap.out b/test/results/stats/default/googledns_android10.pcap.out index 313dc708d..b11e9baeb 100644 --- a/test/results/stats/default/googledns_android10.pcap.out +++ b/test/results/stats/default/googledns_android10.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/gquic.pcap.out b/test/results/stats/default/gquic.pcap.out index 9ea777871..32d82b0e1 100644 --- a/test/results/stats/default/gquic.pcap.out +++ b/test/results/stats/default/gquic.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:7 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7273 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7295 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/gtp_c.pcap.out b/test/results/stats/default/gtp_c.pcap.out index e3c944c26..b1ed0e845 100644 --- a/test/results/stats/default/gtp_c.pcap.out +++ b/test/results/stats/default/gtp_c.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/gtp_false_positive.pcapng.out b/test/results/stats/default/gtp_false_positive.pcapng.out index 86e381b1f..b2be3dd70 100644 --- a/test/results/stats/default/gtp_false_positive.pcapng.out +++ b/test/results/stats/default/gtp_false_positive.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/gtp_prime.pcapng.out b/test/results/stats/default/gtp_prime.pcapng.out index 2223af5d0..935d08168 100644 --- a/test/results/stats/default/gtp_prime.pcapng.out +++ b/test/results/stats/default/gtp_prime.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/h323-overflow.pcap.out b/test/results/stats/default/h323-overflow.pcap.out index 81137b078..b57bcde2a 100644 --- a/test/results/stats/default/h323-overflow.pcap.out +++ b/test/results/stats/default/h323-overflow.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/h323.pcap.out b/test/results/stats/default/h323.pcap.out index e4ee5a726..1ba23575f 100644 --- a/test/results/stats/default/h323.pcap.out +++ b/test/results/stats/default/h323.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/haproxy.pcap.out b/test/results/stats/default/haproxy.pcap.out new file mode 100644 index 000000000..8df966ff5 --- /dev/null +++ b/test/results/stats/default/haproxy.pcap.out @@ -0,0 +1,142 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:5728 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:309 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/heuristic_tcp_ack_payload.pcap.out b/test/results/stats/default/heuristic_tcp_ack_payload.pcap.out index 2cd7d8741..26b410553 100644 --- a/test/results/stats/default/heuristic_tcp_ack_payload.pcap.out +++ b/test/results/stats/default/heuristic_tcp_ack_payload.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/hots.pcapng.out b/test/results/stats/default/hots.pcapng.out index e8305a939..87d28eb2e 100644 --- a/test/results/stats/default/hots.pcapng.out +++ b/test/results/stats/default/hots.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/hpvirtgrp.pcap.out b/test/results/stats/default/hpvirtgrp.pcap.out index 1968c6c05..6a9554bd7 100644 --- a/test/results/stats/default/hpvirtgrp.pcap.out +++ b/test/results/stats/default/hpvirtgrp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/hsrp0.pcap.out b/test/results/stats/default/hsrp0.pcap.out index 5e0fb0d67..e9c30bf08 100644 --- a/test/results/stats/default/hsrp0.pcap.out +++ b/test/results/stats/default/hsrp0.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/hsrp2.pcap.out b/test/results/stats/default/hsrp2.pcap.out index 61e2ec2ee..e7dbf1207 100644 --- a/test/results/stats/default/hsrp2.pcap.out +++ b/test/results/stats/default/hsrp2.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/hsrp2_ipv6.pcapng.out b/test/results/stats/default/hsrp2_ipv6.pcapng.out index 2971a0071..2da0be6b3 100644 --- a/test/results/stats/default/hsrp2_ipv6.pcapng.out +++ b/test/results/stats/default/hsrp2_ipv6.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/http-crash-content-disposition.pcap.out b/test/results/stats/default/http-crash-content-disposition.pcap.out index cd329fd97..21bcf473a 100644 --- a/test/results/stats/default/http-crash-content-disposition.pcap.out +++ b/test/results/stats/default/http-crash-content-disposition.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/http-lines-split.pcap.out b/test/results/stats/default/http-lines-split.pcap.out index 902803655..517825e15 100644 --- a/test/results/stats/default/http-lines-split.pcap.out +++ b/test/results/stats/default/http-lines-split.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/http-manipulated.pcap.out b/test/results/stats/default/http-manipulated.pcap.out index b16b79e45..bc0bcfc1e 100644 --- a/test/results/stats/default/http-manipulated.pcap.out +++ b/test/results/stats/default/http-manipulated.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/http-proxy.pcapng.out b/test/results/stats/default/http-proxy.pcapng.out index c2f7e996f..ff1e8011a 100644 --- a/test/results/stats/default/http-proxy.pcapng.out +++ b/test/results/stats/default/http-proxy.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/http2.pcapng.out b/test/results/stats/default/http2.pcapng.out new file mode 100644 index 000000000..19bd9c0e9 --- /dev/null +++ b/test/results/stats/default/http2.pcapng.out @@ -0,0 +1,142 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:8064 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:319 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:272 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/http_asymmetric.pcapng.out b/test/results/stats/default/http_asymmetric.pcapng.out index b15aab329..d664c5eff 100644 --- a/test/results/stats/default/http_asymmetric.pcapng.out +++ b/test/results/stats/default/http_asymmetric.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/http_auth.pcap.out b/test/results/stats/default/http_auth.pcap.out index 4bdc045b9..234930b06 100644 --- a/test/results/stats/default/http_auth.pcap.out +++ b/test/results/stats/default/http_auth.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/http_connect.pcap.out b/test/results/stats/default/http_connect.pcap.out index 81ec50161..125bee114 100644 --- a/test/results/stats/default/http_connect.pcap.out +++ b/test/results/stats/default/http_connect.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/http_guessed_host_and_guessed.pcapng.out b/test/results/stats/default/http_guessed_host_and_guessed.pcapng.out index a432bd7a4..6ff5c4dc1 100644 --- a/test/results/stats/default/http_guessed_host_and_guessed.pcapng.out +++ b/test/results/stats/default/http_guessed_host_and_guessed.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/http_invalid_server.pcap.out b/test/results/stats/default/http_invalid_server.pcap.out index b635e2547..239dd2b49 100644 --- a/test/results/stats/default/http_invalid_server.pcap.out +++ b/test/results/stats/default/http_invalid_server.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/http_ipv6.pcap.out b/test/results/stats/default/http_ipv6.pcap.out index fa77bfbb1..e77afbc3c 100644 --- a/test/results/stats/default/http_ipv6.pcap.out +++ b/test/results/stats/default/http_ipv6.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:115 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:102030 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:102095 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:15 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:12 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/http_on_sip_port.pcap.out b/test/results/stats/default/http_on_sip_port.pcap.out index 5c6597264..27f5a16bd 100644 --- a/test/results/stats/default/http_on_sip_port.pcap.out +++ b/test/results/stats/default/http_on_sip_port.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/http_origin_different_than_host.pcap.out b/test/results/stats/default/http_origin_different_than_host.pcap.out index 7cea2d48b..2deaec80a 100644 --- a/test/results/stats/default/http_origin_different_than_host.pcap.out +++ b/test/results/stats/default/http_origin_different_than_host.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/http_starting_with_reply.pcapng.out b/test/results/stats/default/http_starting_with_reply.pcapng.out index f76b43009..88130b6b8 100644 --- a/test/results/stats/default/http_starting_with_reply.pcapng.out +++ b/test/results/stats/default/http_starting_with_reply.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/http_ua_splitted_in_two_pkts.pcapng.out b/test/results/stats/default/http_ua_splitted_in_two_pkts.pcapng.out index 36bcf8c08..049cbaebc 100644 --- a/test/results/stats/default/http_ua_splitted_in_two_pkts.pcapng.out +++ b/test/results/stats/default/http_ua_splitted_in_two_pkts.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/i3d.pcap.out b/test/results/stats/default/i3d.pcap.out index 0d83275f1..45d13139f 100644 --- a/test/results/stats/default/i3d.pcap.out +++ b/test/results/stats/default/i3d.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/iax.pcap.out b/test/results/stats/default/iax.pcap.out index 0848a630f..9a8b71636 100644 --- a/test/results/stats/default/iax.pcap.out +++ b/test/results/stats/default/iax.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/icmp-tunnel.pcap.out b/test/results/stats/default/icmp-tunnel.pcap.out index 0f1535043..1db7741b4 100644 --- a/test/results/stats/default/icmp-tunnel.pcap.out +++ b/test/results/stats/default/icmp-tunnel.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/iec60780-5-104.pcap.out b/test/results/stats/default/iec60780-5-104.pcap.out index c8605462d..007ffe09c 100644 --- a/test/results/stats/default/iec60780-5-104.pcap.out +++ b/test/results/stats/default/iec60780-5-104.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/imap-starttls.pcap.out b/test/results/stats/default/imap-starttls.pcap.out index 4dbb37d82..5c528583d 100644 --- a/test/results/stats/default/imap-starttls.pcap.out +++ b/test/results/stats/default/imap-starttls.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/imap.pcap.out b/test/results/stats/default/imap.pcap.out index abee1baab..c9fe84f25 100644 --- a/test/results/stats/default/imap.pcap.out +++ b/test/results/stats/default/imap.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/imaps.pcap.out b/test/results/stats/default/imaps.pcap.out index d567a0063..e04d844ac 100644 --- a/test/results/stats/default/imaps.pcap.out +++ b/test/results/stats/default/imaps.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/imo.pcap.out b/test/results/stats/default/imo.pcap.out index 8c5e35102..16021d695 100644 --- a/test/results/stats/default/imo.pcap.out +++ b/test/results/stats/default/imo.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/instagram.pcap.out b/test/results/stats/default/instagram.pcap.out index dc609f5cb..2af007aef 100644 --- a/test/results/stats/default/instagram.pcap.out +++ b/test/results/stats/default/instagram.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ip_fragmented_garbage.pcap.out b/test/results/stats/default/ip_fragmented_garbage.pcap.out index 2ee432b7e..d310fc496 100644 --- a/test/results/stats/default/ip_fragmented_garbage.pcap.out +++ b/test/results/stats/default/ip_fragmented_garbage.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/iphone.pcap.out b/test/results/stats/default/iphone.pcap.out index d7f84d212..a4cb593e8 100644 --- a/test/results/stats/default/iphone.pcap.out +++ b/test/results/stats/default/iphone.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ipp.pcap.out b/test/results/stats/default/ipp.pcap.out index b31dc0a05..67ab0efc4 100644 --- a/test/results/stats/default/ipp.pcap.out +++ b/test/results/stats/default/ipp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ipsec_isakmp_esp.pcap.out b/test/results/stats/default/ipsec_isakmp_esp.pcap.out index 0773ec66c..a6ca08b9c 100644 --- a/test/results/stats/default/ipsec_isakmp_esp.pcap.out +++ b/test/results/stats/default/ipsec_isakmp_esp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ipv6_in_gtp.pcap.out b/test/results/stats/default/ipv6_in_gtp.pcap.out index d7c4ea92f..d0cb9fe77 100644 --- a/test/results/stats/default/ipv6_in_gtp.pcap.out +++ b/test/results/stats/default/ipv6_in_gtp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/irc.pcap.out b/test/results/stats/default/irc.pcap.out index 30199f3fd..4a60bb710 100644 --- a/test/results/stats/default/irc.pcap.out +++ b/test/results/stats/default/irc.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ja3_lots_of_cipher_suites.pcap.out b/test/results/stats/default/ja3_lots_of_cipher_suites.pcap.out index 742e70438..18a216620 100644 --- a/test/results/stats/default/ja3_lots_of_cipher_suites.pcap.out +++ b/test/results/stats/default/ja3_lots_of_cipher_suites.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/stats/default/ja3_lots_of_cipher_suites_2_anon.pcap.out index 54a5b098a..8d0ee3057 100644 --- a/test/results/stats/default/ja3_lots_of_cipher_suites_2_anon.pcap.out +++ b/test/results/stats/default/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/jabber.pcap.out b/test/results/stats/default/jabber.pcap.out index 35ef81863..b9a99cb8a 100644 --- a/test/results/stats/default/jabber.pcap.out +++ b/test/results/stats/default/jabber.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/kerberos-error.pcap.out b/test/results/stats/default/kerberos-error.pcap.out index b45c6e393..40460e8c0 100644 --- a/test/results/stats/default/kerberos-error.pcap.out +++ b/test/results/stats/default/kerberos-error.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/kerberos-login.pcap.out b/test/results/stats/default/kerberos-login.pcap.out index ceee4d7e7..7b0a26daa 100644 --- a/test/results/stats/default/kerberos-login.pcap.out +++ b/test/results/stats/default/kerberos-login.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/kerberos.pcap.out b/test/results/stats/default/kerberos.pcap.out index 76726bc3b..e1ee4dcbb 100644 --- a/test/results/stats/default/kerberos.pcap.out +++ b/test/results/stats/default/kerberos.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/kerberos_fuzz.pcapng.out b/test/results/stats/default/kerberos_fuzz.pcapng.out index bd77ab33a..5035eb14d 100644 --- a/test/results/stats/default/kerberos_fuzz.pcapng.out +++ b/test/results/stats/default/kerberos_fuzz.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/kismet.pcap.out b/test/results/stats/default/kismet.pcap.out index a3b0eb3e2..0771372bb 100644 --- a/test/results/stats/default/kismet.pcap.out +++ b/test/results/stats/default/kismet.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/kontiki.pcap.out b/test/results/stats/default/kontiki.pcap.out index d6015b4d0..3a61fc6c9 100644 --- a/test/results/stats/default/kontiki.pcap.out +++ b/test/results/stats/default/kontiki.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/line.pcap.out b/test/results/stats/default/line.pcap.out index fc56be486..13460abe8 100644 --- a/test/results/stats/default/line.pcap.out +++ b/test/results/stats/default/line.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/linecall_falsepositve.pcap.out b/test/results/stats/default/linecall_falsepositve.pcap.out index 3d831fe78..1056b7e2c 100644 --- a/test/results/stats/default/linecall_falsepositve.pcap.out +++ b/test/results/stats/default/linecall_falsepositve.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/lisp_registration.pcap.out b/test/results/stats/default/lisp_registration.pcap.out index d23b41a07..476176fdb 100644 --- a/test/results/stats/default/lisp_registration.pcap.out +++ b/test/results/stats/default/lisp_registration.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/log4j-webapp-exploit.pcap.out b/test/results/stats/default/log4j-webapp-exploit.pcap.out index 29e554326..3fcfcb607 100644 --- a/test/results/stats/default/log4j-webapp-exploit.pcap.out +++ b/test/results/stats/default/log4j-webapp-exploit.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/long_tls_certificate.pcap.out b/test/results/stats/default/long_tls_certificate.pcap.out index 1499c9ffb..6b59a6d8b 100644 --- a/test/results/stats/default/long_tls_certificate.pcap.out +++ b/test/results/stats/default/long_tls_certificate.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/lru_ipv6_caches.pcapng.out b/test/results/stats/default/lru_ipv6_caches.pcapng.out index 4e418ccc3..8715ae7ad 100644 --- a/test/results/stats/default/lru_ipv6_caches.pcapng.out +++ b/test/results/stats/default/lru_ipv6_caches.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:83 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:83065 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:82777 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:12 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:12 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/malformed_dns.pcap.out b/test/results/stats/default/malformed_dns.pcap.out index d3b11851a..c1bdd461c 100644 --- a/test/results/stats/default/malformed_dns.pcap.out +++ b/test/results/stats/default/malformed_dns.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/malformed_icmp.pcap.out b/test/results/stats/default/malformed_icmp.pcap.out index b762d4f0e..3c5f16d79 100644 --- a/test/results/stats/default/malformed_icmp.pcap.out +++ b/test/results/stats/default/malformed_icmp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/malware.pcap.out b/test/results/stats/default/malware.pcap.out index 76aef984f..4aef15073 100644 --- a/test/results/stats/default/malware.pcap.out +++ b/test/results/stats/default/malware.pcap.out @@ -1,24 +1,24 @@ -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:33 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:29001 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:44 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:39587 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:4 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:1131 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:5456 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:5602 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:521068 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:11 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:16 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:2 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 @@ -31,7 +31,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 @@ -60,10 +60,10 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/memcached.cap.out b/test/results/stats/default/memcached.cap.out index 18370cd82..250e82b32 100644 --- a/test/results/stats/default/memcached.cap.out +++ b/test/results/stats/default/memcached.cap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/merakicloud.pcapng.out b/test/results/stats/default/merakicloud.pcapng.out index 588c88988..dfc283424 100644 --- a/test/results/stats/default/merakicloud.pcapng.out +++ b/test/results/stats/default/merakicloud.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/mgcp.pcap.out b/test/results/stats/default/mgcp.pcap.out new file mode 100644 index 000000000..b2763bc3e --- /dev/null +++ b/test/results/stats/default/mgcp.pcap.out @@ -0,0 +1,142 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:36 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:27718 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:1364 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:393 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:13 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/modbus.pcap.out b/test/results/stats/default/modbus.pcap.out index 4693fd0a7..61db8506a 100644 --- a/test/results/stats/default/modbus.pcap.out +++ b/test/results/stats/default/modbus.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/monero.pcap.out b/test/results/stats/default/monero.pcap.out index ccb8c18eb..063be8019 100644 --- a/test/results/stats/default/monero.pcap.out +++ b/test/results/stats/default/monero.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:22 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:19590 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:18888 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:2 @@ -91,7 +91,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/mongo_false_positive.pcapng.out b/test/results/stats/default/mongo_false_positive.pcapng.out index e5d34f3e5..c72c261f8 100644 --- a/test/results/stats/default/mongo_false_positive.pcapng.out +++ b/test/results/stats/default/mongo_false_positive.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/mongodb.pcap.out b/test/results/stats/default/mongodb.pcap.out index a26a13811..e98de0331 100644 --- a/test/results/stats/default/mongodb.pcap.out +++ b/test/results/stats/default/mongodb.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/mpeg-dash.pcap.out b/test/results/stats/default/mpeg-dash.pcap.out index 98d632dad..60838915c 100644 --- a/test/results/stats/default/mpeg-dash.pcap.out +++ b/test/results/stats/default/mpeg-dash.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/mpeg.pcap.out b/test/results/stats/default/mpeg.pcap.out index d85a18301..39473f82b 100644 --- a/test/results/stats/default/mpeg.pcap.out +++ b/test/results/stats/default/mpeg.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/mpegts.pcap.out b/test/results/stats/default/mpegts.pcap.out index fb18bd8f9..9a85b35ea 100644 --- a/test/results/stats/default/mpegts.pcap.out +++ b/test/results/stats/default/mpegts.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/mqtt.pcap.out b/test/results/stats/default/mqtt.pcap.out index 599e68e63..45e97fe1d 100644 --- a/test/results/stats/default/mqtt.pcap.out +++ b/test/results/stats/default/mqtt.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/mssql_tds.pcap.out b/test/results/stats/default/mssql_tds.pcap.out index 90707c689..2231b38a4 100644 --- a/test/results/stats/default/mssql_tds.pcap.out +++ b/test/results/stats/default/mssql_tds.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/mullvad_dns.pcap.out b/test/results/stats/default/mullvad_dns.pcap.out index ac6a6a1d4..5cd9c6d40 100644 --- a/test/results/stats/default/mullvad_dns.pcap.out +++ b/test/results/stats/default/mullvad_dns.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/mullvad_wireguard.pcap.out b/test/results/stats/default/mullvad_wireguard.pcap.out index a1a8aee83..8e5f1e911 100644 --- a/test/results/stats/default/mullvad_wireguard.pcap.out +++ b/test/results/stats/default/mullvad_wireguard.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/munin.pcap.out b/test/results/stats/default/munin.pcap.out index ac16c9274..f21b62e68 100644 --- a/test/results/stats/default/munin.pcap.out +++ b/test/results/stats/default/munin.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/mysql-8.pcap.out b/test/results/stats/default/mysql-8.pcap.out index 972e42227..0eda65a56 100644 --- a/test/results/stats/default/mysql-8.pcap.out +++ b/test/results/stats/default/mysql-8.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/natpmp.pcap.out b/test/results/stats/default/natpmp.pcap.out index b49d3d633..dec4a71c5 100644 --- a/test/results/stats/default/natpmp.pcap.out +++ b/test/results/stats/default/natpmp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/nats.pcap.out b/test/results/stats/default/nats.pcap.out index 83bf904aa..58596108c 100644 --- a/test/results/stats/default/nats.pcap.out +++ b/test/results/stats/default/nats.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/stats/default/ndpi_match_string_subprotocol__error.pcapng.out index 411dd618c..0a24a2786 100644 --- a/test/results/stats/default/ndpi_match_string_subprotocol__error.pcapng.out +++ b/test/results/stats/default/ndpi_match_string_subprotocol__error.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/nest_log_sink.pcap.out b/test/results/stats/default/nest_log_sink.pcap.out index 0d6cfb17d..6f967b497 100644 --- a/test/results/stats/default/nest_log_sink.pcap.out +++ b/test/results/stats/default/nest_log_sink.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/netbios.pcap.out b/test/results/stats/default/netbios.pcap.out index 3066f4c2d..5bfbc18c9 100644 --- a/test/results/stats/default/netbios.pcap.out +++ b/test/results/stats/default/netbios.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/netbios_wildcard_dns_query.pcap.out b/test/results/stats/default/netbios_wildcard_dns_query.pcap.out index 1531acf0f..48394993e 100644 --- a/test/results/stats/default/netbios_wildcard_dns_query.pcap.out +++ b/test/results/stats/default/netbios_wildcard_dns_query.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/netflix.pcap.out b/test/results/stats/default/netflix.pcap.out index 0cedb7f18..2e916918b 100644 --- a/test/results/stats/default/netflix.pcap.out +++ b/test/results/stats/default/netflix.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/netflow-fritz.pcap.out b/test/results/stats/default/netflow-fritz.pcap.out index 349f08d15..ac391509a 100644 --- a/test/results/stats/default/netflow-fritz.pcap.out +++ b/test/results/stats/default/netflow-fritz.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/netflowv9.pcap.out b/test/results/stats/default/netflowv9.pcap.out index 21b7e0267..5627e853f 100644 --- a/test/results/stats/default/netflowv9.pcap.out +++ b/test/results/stats/default/netflowv9.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/nfsv2.pcap.out b/test/results/stats/default/nfsv2.pcap.out index 8dce9355a..2f6cdec89 100644 --- a/test/results/stats/default/nfsv2.pcap.out +++ b/test/results/stats/default/nfsv2.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/nfsv3.pcap.out b/test/results/stats/default/nfsv3.pcap.out index a5ac6971e..7fac5b762 100644 --- a/test/results/stats/default/nfsv3.pcap.out +++ b/test/results/stats/default/nfsv3.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/nintendo.pcap.out b/test/results/stats/default/nintendo.pcap.out index 472860ddc..d47ec33df 100644 --- a/test/results/stats/default/nintendo.pcap.out +++ b/test/results/stats/default/nintendo.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/nntp.pcap.out b/test/results/stats/default/nntp.pcap.out index 577235b24..289b4855d 100644 --- a/test/results/stats/default/nntp.pcap.out +++ b/test/results/stats/default/nntp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/no_sni.pcap.out b/test/results/stats/default/no_sni.pcap.out index 5aab61ea6..2620034f7 100644 --- a/test/results/stats/default/no_sni.pcap.out +++ b/test/results/stats/default/no_sni.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ocs.pcap.out b/test/results/stats/default/ocs.pcap.out index 69f04a83b..5fa635053 100644 --- a/test/results/stats/default/ocs.pcap.out +++ b/test/results/stats/default/ocs.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ocsp.pcapng.out b/test/results/stats/default/ocsp.pcapng.out index 47b83b3a4..d6389917a 100644 --- a/test/results/stats/default/ocsp.pcapng.out +++ b/test/results/stats/default/ocsp.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/oicq.pcap.out b/test/results/stats/default/oicq.pcap.out index 3b8a288c0..9f48ef456 100644 --- a/test/results/stats/default/oicq.pcap.out +++ b/test/results/stats/default/oicq.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ookla.pcap.out b/test/results/stats/default/ookla.pcap.out index b138442ae..6ded53aad 100644 --- a/test/results/stats/default/ookla.pcap.out +++ b/test/results/stats/default/ookla.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/openvpn.pcap.out b/test/results/stats/default/openvpn.pcap.out index b5fbfcb10..fb36ce49b 100644 --- a/test/results/stats/default/openvpn.pcap.out +++ b/test/results/stats/default/openvpn.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/opera-vpn.pcapng.out b/test/results/stats/default/opera-vpn.pcapng.out new file mode 100644 index 000000000..6db310c17 --- /dev/null +++ b/test/results/stats/default/opera-vpn.pcapng.out @@ -0,0 +1,142 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:618 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:611848 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:62 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:28 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:34 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:60 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:61 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:61 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:206752 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:980038 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:308 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:122 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:122 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:62 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:62 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/oracle12.pcapng.out b/test/results/stats/default/oracle12.pcapng.out index 8d5f74591..ccc3d0b7b 100644 --- a/test/results/stats/default/oracle12.pcapng.out +++ b/test/results/stats/default/oracle12.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/os_detected.pcapng.out b/test/results/stats/default/os_detected.pcapng.out index 92bcc304c..39d5fc639 100644 --- a/test/results/stats/default/os_detected.pcapng.out +++ b/test/results/stats/default/os_detected.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:7 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7626 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7872 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ospfv2_add_new_prefix.pcap.out b/test/results/stats/default/ospfv2_add_new_prefix.pcap.out index 8b19691d8..44dc283af 100644 --- a/test/results/stats/default/ospfv2_add_new_prefix.pcap.out +++ b/test/results/stats/default/ospfv2_add_new_prefix.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ossfuzz_seed_fake_traces_1.pcapng.out b/test/results/stats/default/ossfuzz_seed_fake_traces_1.pcapng.out index f76adec97..c976c7cae 100644 --- a/test/results/stats/default/ossfuzz_seed_fake_traces_1.pcapng.out +++ b/test/results/stats/default/ossfuzz_seed_fake_traces_1.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:59 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:49992 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:50316 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:10 @@ -18,9 +18,9 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:6 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 @@ -34,13 +34,13 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interva PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:1 @@ -132,9 +132,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ossfuzz_seed_fake_traces_2.pcapng.out b/test/results/stats/default/ossfuzz_seed_fake_traces_2.pcapng.out index 48e104f1e..e24e30a1d 100644 --- a/test/results/stats/default/ossfuzz_seed_fake_traces_2.pcapng.out +++ b/test/results/stats/default/ossfuzz_seed_fake_traces_2.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ossfuzz_seed_fake_traces_3.pcapng.out b/test/results/stats/default/ossfuzz_seed_fake_traces_3.pcapng.out index b9e63a711..539785572 100644 --- a/test/results/stats/default/ossfuzz_seed_fake_traces_3.pcapng.out +++ b/test/results/stats/default/ossfuzz_seed_fake_traces_3.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ossfuzz_seed_fake_traces_4.pcapng.out b/test/results/stats/default/ossfuzz_seed_fake_traces_4.pcapng.out index 20891bbf0..4ee5e9d79 100644 --- a/test/results/stats/default/ossfuzz_seed_fake_traces_4.pcapng.out +++ b/test/results/stats/default/ossfuzz_seed_fake_traces_4.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/pgm.pcap.out b/test/results/stats/default/pgm.pcap.out index ab993803a..17f55cafb 100644 --- a/test/results/stats/default/pgm.pcap.out +++ b/test/results/stats/default/pgm.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/pgsql.pcap.out b/test/results/stats/default/pgsql.pcap.out index 398d4f697..7cf67bd99 100644 --- a/test/results/stats/default/pgsql.pcap.out +++ b/test/results/stats/default/pgsql.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/pim.pcap.out b/test/results/stats/default/pim.pcap.out index f65d44558..049bba3b3 100644 --- a/test/results/stats/default/pim.pcap.out +++ b/test/results/stats/default/pim.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/pinterest.pcap.out b/test/results/stats/default/pinterest.pcap.out index 20bae536f..c6566d757 100644 --- a/test/results/stats/default/pinterest.pcap.out +++ b/test/results/stats/default/pinterest.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:300 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:306614 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:306694 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:37 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:32 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/pluralsight.pcap.out b/test/results/stats/default/pluralsight.pcap.out index d3b5f432f..84da210dc 100644 --- a/test/results/stats/default/pluralsight.pcap.out +++ b/test/results/stats/default/pluralsight.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/pop3.pcap.out b/test/results/stats/default/pop3.pcap.out index 76741c545..950cdc09d 100644 --- a/test/results/stats/default/pop3.pcap.out +++ b/test/results/stats/default/pop3.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/pop3_stls.pcap.out b/test/results/stats/default/pop3_stls.pcap.out index af33c3117..33603d5c3 100644 --- a/test/results/stats/default/pop3_stls.pcap.out +++ b/test/results/stats/default/pop3_stls.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/pops.pcapng.out b/test/results/stats/default/pops.pcapng.out index c014f6290..b25cbc710 100644 --- a/test/results/stats/default/pops.pcapng.out +++ b/test/results/stats/default/pops.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/pps.pcap.out b/test/results/stats/default/pps.pcap.out index c05c7b62c..b33e7ce3f 100644 --- a/test/results/stats/default/pps.pcap.out +++ b/test/results/stats/default/pps.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/pptp.pcap.out b/test/results/stats/default/pptp.pcap.out index 45c06ed10..00eeb43c3 100644 --- a/test/results/stats/default/pptp.pcap.out +++ b/test/results/stats/default/pptp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/protobuf.pcap.out b/test/results/stats/default/protobuf.pcap.out new file mode 100644 index 000000000..484b942a6 --- /dev/null +++ b/test/results/stats/default/protobuf.pcap.out @@ -0,0 +1,142 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:47 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:32569 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:1086 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:25 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/protonvpn.pcap.out b/test/results/stats/default/protonvpn.pcap.out index c12d463d4..88a3c9368 100644 --- a/test/results/stats/default/protonvpn.pcap.out +++ b/test/results/stats/default/protonvpn.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/psiphon3.pcap.out b/test/results/stats/default/psiphon3.pcap.out index 758fd8543..bad722a1c 100644 --- a/test/results/stats/default/psiphon3.pcap.out +++ b/test/results/stats/default/psiphon3.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:15 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:14271 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:14821 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:0 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/punycode-idn.pcap.out b/test/results/stats/default/punycode-idn.pcap.out index 59c1229bb..ed36d2b84 100644 --- a/test/results/stats/default/punycode-idn.pcap.out +++ b/test/results/stats/default/punycode-idn.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic-23.pcap.out b/test/results/stats/default/quic-23.pcap.out index fd743cbd2..452b861ec 100644 --- a/test/results/stats/default/quic-23.pcap.out +++ b/test/results/stats/default/quic-23.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:13344 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:13370 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic-24.pcap.out b/test/results/stats/default/quic-24.pcap.out index 74920dbf2..4ca1143f8 100644 --- a/test/results/stats/default/quic-24.pcap.out +++ b/test/results/stats/default/quic-24.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:13052 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:13078 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic-27.pcap.out b/test/results/stats/default/quic-27.pcap.out index c2afa141f..8fd87912e 100644 --- a/test/results/stats/default/quic-27.pcap.out +++ b/test/results/stats/default/quic-27.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:17018 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:17044 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic-28.pcap.out b/test/results/stats/default/quic-28.pcap.out index 0abc81781..7617d243e 100644 --- a/test/results/stats/default/quic-28.pcap.out +++ b/test/results/stats/default/quic-28.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:13571 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:13597 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic-29.pcap.out b/test/results/stats/default/quic-29.pcap.out index c83b29d62..0439a8513 100644 --- a/test/results/stats/default/quic-29.pcap.out +++ b/test/results/stats/default/quic-29.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:13045 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:13071 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic-33.pcapng.out b/test/results/stats/default/quic-33.pcapng.out index faa1946ea..fccac552b 100644 --- a/test/results/stats/default/quic-33.pcapng.out +++ b/test/results/stats/default/quic-33.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:14678 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:14919 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic-34.pcap.out b/test/results/stats/default/quic-34.pcap.out index 9403ed496..f27da350d 100644 --- a/test/results/stats/default/quic-34.pcap.out +++ b/test/results/stats/default/quic-34.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:10 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:14051 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:14297 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic-forcing-vn-with-data.pcapng.out b/test/results/stats/default/quic-forcing-vn-with-data.pcapng.out index 27e7a1acf..ca681c04b 100644 --- a/test/results/stats/default/quic-forcing-vn-with-data.pcapng.out +++ b/test/results/stats/default/quic-forcing-vn-with-data.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:14430 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:14703 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic-fuzz-overflow.pcapng.out b/test/results/stats/default/quic-fuzz-overflow.pcapng.out index fb7be19a8..93fbd717e 100644 --- a/test/results/stats/default/quic-fuzz-overflow.pcapng.out +++ b/test/results/stats/default/quic-fuzz-overflow.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:7 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:8242 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:8263 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic-mvfst-22.pcap.out b/test/results/stats/default/quic-mvfst-22.pcap.out index 5ef2dc0db..94b8fed9d 100644 --- a/test/results/stats/default/quic-mvfst-22.pcap.out +++ b/test/results/stats/default/quic-mvfst-22.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:15712 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:15738 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic-mvfst-22_decryption_error.pcap.out b/test/results/stats/default/quic-mvfst-22_decryption_error.pcap.out index abb60b7bd..2b89aabf8 100644 --- a/test/results/stats/default/quic-mvfst-22_decryption_error.pcap.out +++ b/test/results/stats/default/quic-mvfst-22_decryption_error.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:10488 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:10513 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic-mvfst-27.pcapng.out b/test/results/stats/default/quic-mvfst-27.pcapng.out index 064efd34a..005e64f3b 100644 --- a/test/results/stats/default/quic-mvfst-27.pcapng.out +++ b/test/results/stats/default/quic-mvfst-27.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:10 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:15757 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:15783 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic-mvfst-exp.pcap.out b/test/results/stats/default/quic-mvfst-exp.pcap.out index 21b725738..3a4813dda 100644 --- a/test/results/stats/default/quic-mvfst-exp.pcap.out +++ b/test/results/stats/default/quic-mvfst-exp.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:15530 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:15557 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic-v2.pcapng.out b/test/results/stats/default/quic-v2.pcapng.out index ba17c5853..185062cc8 100644 --- a/test/results/stats/default/quic-v2.pcapng.out +++ b/test/results/stats/default/quic-v2.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:14689 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:14710 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic.pcap.out b/test/results/stats/default/quic.pcap.out index bc9620f0b..3667f3a03 100644 --- a/test/results/stats/default/quic.pcap.out +++ b/test/results/stats/default/quic.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:80 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:117836 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:118064 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:10 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic046.pcap.out b/test/results/stats/default/quic046.pcap.out index c80b448c6..606f8af87 100644 --- a/test/results/stats/default/quic046.pcap.out +++ b/test/results/stats/default/quic046.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:12925 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:12947 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic_0RTT.pcap.out b/test/results/stats/default/quic_0RTT.pcap.out index caf7f9d56..c6bd0784f 100644 --- a/test/results/stats/default/quic_0RTT.pcap.out +++ b/test/results/stats/default/quic_0RTT.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:17 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:20218 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:20265 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:2 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic_cc_ack.pcapng.out b/test/results/stats/default/quic_cc_ack.pcapng.out index 90ee007b5..62d037e24 100644 --- a/test/results/stats/default/quic_cc_ack.pcapng.out +++ b/test/results/stats/default/quic_cc_ack.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:12557 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:12607 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:2 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic_crypto_aes_auth_size.pcap.out b/test/results/stats/default/quic_crypto_aes_auth_size.pcap.out index d71b25d3f..74b3e4455 100644 --- a/test/results/stats/default/quic_crypto_aes_auth_size.pcap.out +++ b/test/results/stats/default/quic_crypto_aes_auth_size.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:13205 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:13247 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:2 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/stats/default/quic_frags_ch_in_multiple_packets.pcapng.out index 0764cb7e5..a82ccbf30 100644 --- a/test/results/stats/default/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/test/results/stats/default/quic_frags_ch_in_multiple_packets.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:14377 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:14638 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/stats/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index 4f77f3412..ad7dd40ba 100644 --- a/test/results/stats/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/stats/default/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:667 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:976005 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:978941 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:113 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:113 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic_interop_V.pcapng.out b/test/results/stats/default/quic_interop_V.pcapng.out index c5ba85983..5cb2de4de 100644 --- a/test/results/stats/default/quic_interop_V.pcapng.out +++ b/test/results/stats/default/quic_interop_V.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:441 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:594659 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:596728 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:77 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:77 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic_q39.pcap.out b/test/results/stats/default/quic_q39.pcap.out index 7f5e38be0..0a2df1599 100644 --- a/test/results/stats/default/quic_q39.pcap.out +++ b/test/results/stats/default/quic_q39.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:15176 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:15198 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic_q43.pcap.out b/test/results/stats/default/quic_q43.pcap.out index 3e7427f4a..5d5443a77 100644 --- a/test/results/stats/default/quic_q43.pcap.out +++ b/test/results/stats/default/quic_q43.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:8 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7773 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7794 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic_q46.pcap.out b/test/results/stats/default/quic_q46.pcap.out index d1db156c9..4c21c3ca3 100644 --- a/test/results/stats/default/quic_q46.pcap.out +++ b/test/results/stats/default/quic_q46.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:14898 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:14920 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic_q46_b.pcap.out b/test/results/stats/default/quic_q46_b.pcap.out index b56db7295..f6d25bc20 100644 --- a/test/results/stats/default/quic_q46_b.pcap.out +++ b/test/results/stats/default/quic_q46_b.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:11706 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:11728 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic_q50.pcap.out b/test/results/stats/default/quic_q50.pcap.out index 96bf19533..f90f93874 100644 --- a/test/results/stats/default/quic_q50.pcap.out +++ b/test/results/stats/default/quic_q50.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:13186 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:13208 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic_t50.pcap.out b/test/results/stats/default/quic_t50.pcap.out index 76c77bc23..7f996279a 100644 --- a/test/results/stats/default/quic_t50.pcap.out +++ b/test/results/stats/default/quic_t50.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:15557 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:15579 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quic_t51.pcap.out b/test/results/stats/default/quic_t51.pcap.out index 88cec7e52..e480691ad 100644 --- a/test/results/stats/default/quic_t51.pcap.out +++ b/test/results/stats/default/quic_t51.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:16908 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:16930 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/quickplay.pcap.out b/test/results/stats/default/quickplay.pcap.out index 46e662cd2..b28c71720 100644 --- a/test/results/stats/default/quickplay.pcap.out +++ b/test/results/stats/default/quickplay.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/radius_false_positive.pcapng.out b/test/results/stats/default/radius_false_positive.pcapng.out index 7f0065b7c..1510689dd 100644 --- a/test/results/stats/default/radius_false_positive.pcapng.out +++ b/test/results/stats/default/radius_false_positive.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:11510 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:11541 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/raknet.pcap.out b/test/results/stats/default/raknet.pcap.out index 1f23d8178..4411449b6 100644 --- a/test/results/stats/default/raknet.pcap.out +++ b/test/results/stats/default/raknet.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/rdp.pcap.out b/test/results/stats/default/rdp.pcap.out index aea87c3a3..7ec83305b 100644 --- a/test/results/stats/default/rdp.pcap.out +++ b/test/results/stats/default/rdp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/rdp2.pcap.out b/test/results/stats/default/rdp2.pcap.out index 0aeb90c86..fe789a7af 100644 --- a/test/results/stats/default/rdp2.pcap.out +++ b/test/results/stats/default/rdp2.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/reasm_crash_anon.pcapng.out b/test/results/stats/default/reasm_crash_anon.pcapng.out index 8aa6181e8..adf486713 100644 --- a/test/results/stats/default/reasm_crash_anon.pcapng.out +++ b/test/results/stats/default/reasm_crash_anon.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/reasm_segv_anon.pcapng.out b/test/results/stats/default/reasm_segv_anon.pcapng.out index 69bdcc746..35ca9524f 100644 --- a/test/results/stats/default/reasm_segv_anon.pcapng.out +++ b/test/results/stats/default/reasm_segv_anon.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/reddit.pcap.out b/test/results/stats/default/reddit.pcap.out index d087d9142..28f9a66ff 100644 --- a/test/results/stats/default/reddit.pcap.out +++ b/test/results/stats/default/reddit.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:588 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:559068 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:559158 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:60 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:23 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:37 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/riot.pcapng.out b/test/results/stats/default/riot.pcapng.out index 28126d5cc..83bef3299 100644 --- a/test/results/stats/default/riot.pcapng.out +++ b/test/results/stats/default/riot.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/riotgames.pcap.out b/test/results/stats/default/riotgames.pcap.out index a708d4792..32972c62b 100644 --- a/test/results/stats/default/riotgames.pcap.out +++ b/test/results/stats/default/riotgames.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/rmcp.pcap.out b/test/results/stats/default/rmcp.pcap.out new file mode 100644 index 000000000..dfdac0bc1 --- /dev/null +++ b/test/results/stats/default/rmcp.pcap.out @@ -0,0 +1,142 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:29 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:23940 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:116 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/roblox.pcapng.out b/test/results/stats/default/roblox.pcapng.out index ed4572642..7cfcfd587 100644 --- a/test/results/stats/default/roblox.pcapng.out +++ b/test/results/stats/default/roblox.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/rsh-syslog-false-positive.pcap.out b/test/results/stats/default/rsh-syslog-false-positive.pcap.out index 0b805aea9..142bb0686 100644 --- a/test/results/stats/default/rsh-syslog-false-positive.pcap.out +++ b/test/results/stats/default/rsh-syslog-false-positive.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/rsh.pcap.out b/test/results/stats/default/rsh.pcap.out index a66b1859f..b84635a39 100644 --- a/test/results/stats/default/rsh.pcap.out +++ b/test/results/stats/default/rsh.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/rsync.pcap.out b/test/results/stats/default/rsync.pcap.out index d717a33c6..acfc93e73 100644 --- a/test/results/stats/default/rsync.pcap.out +++ b/test/results/stats/default/rsync.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out b/test/results/stats/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out index e51351ca6..6f2e2ccb8 100644 --- a/test/results/stats/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out +++ b/test/results/stats/default/rtcp_multiple_pkts_in_the_same_datagram.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/rtmp.pcap.out b/test/results/stats/default/rtmp.pcap.out index 222b92c9d..cc3b59c7c 100644 --- a/test/results/stats/default/rtmp.pcap.out +++ b/test/results/stats/default/rtmp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/rtp.pcapng.out b/test/results/stats/default/rtp.pcapng.out index 41746e00b..dc5e8a4d9 100644 --- a/test/results/stats/default/rtp.pcapng.out +++ b/test/results/stats/default/rtp.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/rtsp.pcap.out b/test/results/stats/default/rtsp.pcap.out index d3800a198..f7fe58aad 100644 --- a/test/results/stats/default/rtsp.pcap.out +++ b/test/results/stats/default/rtsp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/rtsp_setup_http.pcapng.out b/test/results/stats/default/rtsp_setup_http.pcapng.out index bbf2c3a66..72d33613a 100644 --- a/test/results/stats/default/rtsp_setup_http.pcapng.out +++ b/test/results/stats/default/rtsp_setup_http.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/rx.pcap.out b/test/results/stats/default/rx.pcap.out index 9134953c2..45fbd6c26 100644 --- a/test/results/stats/default/rx.pcap.out +++ b/test/results/stats/default/rx.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/s7comm.pcap.out b/test/results/stats/default/s7comm.pcap.out index 7794351e6..3f49fe026 100644 --- a/test/results/stats/default/s7comm.pcap.out +++ b/test/results/stats/default/s7comm.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/safari.pcap.out b/test/results/stats/default/safari.pcap.out index 76c228439..279b74015 100644 --- a/test/results/stats/default/safari.pcap.out +++ b/test/results/stats/default/safari.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/salesforce.pcap.out b/test/results/stats/default/salesforce.pcap.out index aad5bc48d..2ec3239cf 100644 --- a/test/results/stats/default/salesforce.pcap.out +++ b/test/results/stats/default/salesforce.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/sccp_hw_conf_register.pcapng.out b/test/results/stats/default/sccp_hw_conf_register.pcapng.out index ce9b109e3..d1a967e58 100644 --- a/test/results/stats/default/sccp_hw_conf_register.pcapng.out +++ b/test/results/stats/default/sccp_hw_conf_register.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/sctp.cap.out b/test/results/stats/default/sctp.cap.out index 3f5fa51d1..f3f795c1b 100644 --- a/test/results/stats/default/sctp.cap.out +++ b/test/results/stats/default/sctp.cap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/selfsigned.pcap.out b/test/results/stats/default/selfsigned.pcap.out index 495c0f5c6..80c521c2b 100644 --- a/test/results/stats/default/selfsigned.pcap.out +++ b/test/results/stats/default/selfsigned.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/sflow.pcap.out b/test/results/stats/default/sflow.pcap.out index 384de5e63..223650a44 100644 --- a/test/results/stats/default/sflow.pcap.out +++ b/test/results/stats/default/sflow.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/shadowsocks.pcap.out b/test/results/stats/default/shadowsocks.pcap.out index 8d379fcb4..763a48c3c 100644 --- a/test/results/stats/default/shadowsocks.pcap.out +++ b/test/results/stats/default/shadowsocks.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/signal.pcap.out b/test/results/stats/default/signal.pcap.out index a277a9d25..8ec859bf9 100644 --- a/test/results/stats/default/signal.pcap.out +++ b/test/results/stats/default/signal.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/simple-dnscrypt.pcap.out b/test/results/stats/default/simple-dnscrypt.pcap.out index 07a5da3c6..5df4fbd97 100644 --- a/test/results/stats/default/simple-dnscrypt.pcap.out +++ b/test/results/stats/default/simple-dnscrypt.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/sip.pcap.out b/test/results/stats/default/sip.pcap.out index b427cbfb8..e69fb6128 100644 --- a/test/results/stats/default/sip.pcap.out +++ b/test/results/stats/default/sip.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/sip_hello.pcapng.out b/test/results/stats/default/sip_hello.pcapng.out index 069bd27b7..ca01f0f9a 100644 --- a/test/results/stats/default/sip_hello.pcapng.out +++ b/test/results/stats/default/sip_hello.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/sites.pcapng.out b/test/results/stats/default/sites.pcapng.out index 8bcb4173a..804603a77 100644 --- a/test/results/stats/default/sites.pcapng.out +++ b/test/results/stats/default/sites.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:404 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:447728 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:447791 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:47 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:40 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/skinny.pcap.out b/test/results/stats/default/skinny.pcap.out index d653649e7..b6852814f 100644 --- a/test/results/stats/default/skinny.pcap.out +++ b/test/results/stats/default/skinny.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/skype-conference-call.pcap.out b/test/results/stats/default/skype-conference-call.pcap.out index a766cd5c4..6886e849d 100644 --- a/test/results/stats/default/skype-conference-call.pcap.out +++ b/test/results/stats/default/skype-conference-call.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:10993 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:10922 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/skype.pcap.out b/test/results/stats/default/skype.pcap.out index aac425693..d0a6c91f9 100644 --- a/test/results/stats/default/skype.pcap.out +++ b/test/results/stats/default/skype.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/skype_no_unknown.pcap.out b/test/results/stats/default/skype_no_unknown.pcap.out index 3da44b73c..df963f1fd 100644 --- a/test/results/stats/default/skype_no_unknown.pcap.out +++ b/test/results/stats/default/skype_no_unknown.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/skype_udp.pcap.out b/test/results/stats/default/skype_udp.pcap.out index 1ab9c3dfa..4022f7c27 100644 --- a/test/results/stats/default/skype_udp.pcap.out +++ b/test/results/stats/default/skype_udp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/smb_deletefile.pcap.out b/test/results/stats/default/smb_deletefile.pcap.out index 75096ce96..153086c81 100644 --- a/test/results/stats/default/smb_deletefile.pcap.out +++ b/test/results/stats/default/smb_deletefile.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/smb_frags.pcap.out b/test/results/stats/default/smb_frags.pcap.out index df931821a..b4796dfee 100644 --- a/test/results/stats/default/smb_frags.pcap.out +++ b/test/results/stats/default/smb_frags.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/smbv1.pcap.out b/test/results/stats/default/smbv1.pcap.out index 2d3812a9f..51ce5c6f5 100644 --- a/test/results/stats/default/smbv1.pcap.out +++ b/test/results/stats/default/smbv1.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/smpp_in_general.pcap.out b/test/results/stats/default/smpp_in_general.pcap.out index 46389b1a7..aa1123764 100644 --- a/test/results/stats/default/smpp_in_general.pcap.out +++ b/test/results/stats/default/smpp_in_general.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/smtp-starttls.pcap.out b/test/results/stats/default/smtp-starttls.pcap.out index 0524a6246..ea48dd309 100644 --- a/test/results/stats/default/smtp-starttls.pcap.out +++ b/test/results/stats/default/smtp-starttls.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/smtp.pcap.out b/test/results/stats/default/smtp.pcap.out index 0c4ef4234..47a108e12 100644 --- a/test/results/stats/default/smtp.pcap.out +++ b/test/results/stats/default/smtp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/smtps.pcapng.out b/test/results/stats/default/smtps.pcapng.out index 4601f704c..5c0e1df27 100644 --- a/test/results/stats/default/smtps.pcapng.out +++ b/test/results/stats/default/smtps.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/snapchat.pcap.out b/test/results/stats/default/snapchat.pcap.out index 33c2f723d..9aeeae594 100644 --- a/test/results/stats/default/snapchat.pcap.out +++ b/test/results/stats/default/snapchat.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/snapchat_call.pcapng.out b/test/results/stats/default/snapchat_call.pcapng.out index 32b5b813e..e463f2107 100644 --- a/test/results/stats/default/snapchat_call.pcapng.out +++ b/test/results/stats/default/snapchat_call.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:19188 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:19230 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/snapchat_call_v1.pcapng.out b/test/results/stats/default/snapchat_call_v1.pcapng.out index a16e9953b..342b7b9f8 100644 --- a/test/results/stats/default/snapchat_call_v1.pcapng.out +++ b/test/results/stats/default/snapchat_call_v1.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:18256 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:18298 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/snmp.pcap.out b/test/results/stats/default/snmp.pcap.out index e16cef80b..253c5eb6a 100644 --- a/test/results/stats/default/snmp.pcap.out +++ b/test/results/stats/default/snmp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/soap.pcap.out b/test/results/stats/default/soap.pcap.out index a9f6c7c4c..cee7a5d4a 100644 --- a/test/results/stats/default/soap.pcap.out +++ b/test/results/stats/default/soap.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/socks.pcap.out b/test/results/stats/default/socks.pcap.out index 2ec8e8418..82699182d 100644 --- a/test/results/stats/default/socks.pcap.out +++ b/test/results/stats/default/socks.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/softether.pcap.out b/test/results/stats/default/softether.pcap.out index 86ca943bf..75ce25d3b 100644 --- a/test/results/stats/default/softether.pcap.out +++ b/test/results/stats/default/softether.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/someip-tp.pcap.out b/test/results/stats/default/someip-tp.pcap.out index 42b384baf..f3c1915f0 100644 --- a/test/results/stats/default/someip-tp.pcap.out +++ b/test/results/stats/default/someip-tp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/someip-udp-method-call.pcapng.out b/test/results/stats/default/someip-udp-method-call.pcapng.out index 75247b8d3..fb792e480 100644 --- a/test/results/stats/default/someip-udp-method-call.pcapng.out +++ b/test/results/stats/default/someip-udp-method-call.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/someip_sd_sample.pcap.out b/test/results/stats/default/someip_sd_sample.pcap.out index 6ca95e2f4..6f8eaf502 100644 --- a/test/results/stats/default/someip_sd_sample.pcap.out +++ b/test/results/stats/default/someip_sd_sample.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/source_engine.pcap.out b/test/results/stats/default/source_engine.pcap.out index 1dfd470fa..fe03ca058 100644 --- a/test/results/stats/default/source_engine.pcap.out +++ b/test/results/stats/default/source_engine.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/sql_injection.pcap.out b/test/results/stats/default/sql_injection.pcap.out index 33ea4fc40..1cdcc6585 100644 --- a/test/results/stats/default/sql_injection.pcap.out +++ b/test/results/stats/default/sql_injection.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/srvloc-v1.pcapng.out b/test/results/stats/default/srvloc-v1.pcapng.out index 105562bd9..ac6b857cb 100644 --- a/test/results/stats/default/srvloc-v1.pcapng.out +++ b/test/results/stats/default/srvloc-v1.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/srvloc.pcap.out b/test/results/stats/default/srvloc.pcap.out index 98029ac26..46a31f6a9 100644 --- a/test/results/stats/default/srvloc.pcap.out +++ b/test/results/stats/default/srvloc.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ssdp-m-search-ua.pcap.out b/test/results/stats/default/ssdp-m-search-ua.pcap.out index 15d5c24f9..e7dc9e231 100644 --- a/test/results/stats/default/ssdp-m-search-ua.pcap.out +++ b/test/results/stats/default/ssdp-m-search-ua.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ssdp-m-search.pcap.out b/test/results/stats/default/ssdp-m-search.pcap.out index 07fbf6771..f550894d7 100644 --- a/test/results/stats/default/ssdp-m-search.pcap.out +++ b/test/results/stats/default/ssdp-m-search.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ssh.pcap.out b/test/results/stats/default/ssh.pcap.out index 37d1c8f69..63b88218d 100644 --- a/test/results/stats/default/ssh.pcap.out +++ b/test/results/stats/default/ssh.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ssl-cert-name-mismatch.pcap.out b/test/results/stats/default/ssl-cert-name-mismatch.pcap.out index 0e0c190fd..4bc566e8d 100644 --- a/test/results/stats/default/ssl-cert-name-mismatch.pcap.out +++ b/test/results/stats/default/ssl-cert-name-mismatch.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/starcraft_battle.pcap.out b/test/results/stats/default/starcraft_battle.pcap.out index 886738a4f..6df51427a 100644 --- a/test/results/stats/default/starcraft_battle.pcap.out +++ b/test/results/stats/default/starcraft_battle.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:379 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:292053 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:292080 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:52 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:26 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:26 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/steam.pcap.out b/test/results/stats/default/steam.pcap.out index 8606916aa..b81899b29 100644 --- a/test/results/stats/default/steam.pcap.out +++ b/test/results/stats/default/steam.pcap.out @@ -1,26 +1,26 @@ -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:266 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:219345 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:55 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:281 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:231787 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:58 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:55 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:58 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:55 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:58 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:2580 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:2666 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:2072 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:55 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:58 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:98 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:101 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:55 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:58 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 @@ -34,7 +34,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interva PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:55 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:58 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 @@ -60,11 +60,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:55 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:58 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:55 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:58 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 @@ -132,9 +132,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:55 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:58 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/steam_datagram_relay_ping.pcapng.out b/test/results/stats/default/steam_datagram_relay_ping.pcapng.out index 8e61e1e82..09190a0f3 100644 --- a/test/results/stats/default/steam_datagram_relay_ping.pcapng.out +++ b/test/results/stats/default/steam_datagram_relay_ping.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/stun.pcap.out b/test/results/stats/default/stun.pcap.out index 73954922f..93a79f7b2 100644 --- a/test/results/stats/default/stun.pcap.out +++ b/test/results/stats/default/stun.pcap.out @@ -1,5 +1,5 @@ -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:54 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:48863 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:55 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:48559 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:4 @@ -7,19 +7,19 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:5 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:8454 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:8768 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:25 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:5 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:8 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:10 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -31,7 +31,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 @@ -40,7 +40,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 @@ -91,8 +91,8 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 @@ -101,7 +101,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 @@ -110,7 +110,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 @@ -132,9 +132,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/stun_classic.pcap.out b/test/results/stats/default/stun_classic.pcap.out index a7cfc2e81..4f9823300 100644 --- a/test/results/stats/default/stun_classic.pcap.out +++ b/test/results/stats/default/stun_classic.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7780 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7815 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -27,7 +27,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 @@ -40,7 +40,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 @@ -132,9 +132,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/stun_dtls_unidirectional_client.pcap.out b/test/results/stats/default/stun_dtls_unidirectional_client.pcap.out new file mode 100644 index 000000000..956c5a902 --- /dev/null +++ b/test/results/stats/default/stun_dtls_unidirectional_client.pcap.out @@ -0,0 +1,142 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:12 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:11527 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:1456 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/stun_dtls_unidirectional_server.pcap.out b/test/results/stats/default/stun_dtls_unidirectional_server.pcap.out new file mode 100644 index 000000000..f06d4e1bb --- /dev/null +++ b/test/results/stats/default/stun_dtls_unidirectional_server.pcap.out @@ -0,0 +1,142 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:12 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:11256 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:1311 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/stun_google_meet.pcapng.out b/test/results/stats/default/stun_google_meet.pcapng.out index f70a0c572..d6cdc0322 100644 --- a/test/results/stats/default/stun_google_meet.pcapng.out +++ b/test/results/stats/default/stun_google_meet.pcapng.out @@ -1,5 +1,5 @@ -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:53 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:45703 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:55 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:48669 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:6 @@ -7,11 +7,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:6 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:10410 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:14309 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:29 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 @@ -19,7 +19,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:8 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -36,11 +36,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interv PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 @@ -91,7 +91,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 @@ -132,9 +132,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/stun_msteams_unidir.pcapng.out b/test/results/stats/default/stun_msteams_unidir.pcapng.out index 89430d1f9..43ff5bf01 100644 --- a/test/results/stats/default/stun_msteams_unidir.pcapng.out +++ b/test/results/stats/default/stun_msteams_unidir.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:11485 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:11416 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/stun_signal.pcapng.out b/test/results/stats/default/stun_signal.pcapng.out index fcb5c847b..ce703f24c 100644 --- a/test/results/stats/default/stun_signal.pcapng.out +++ b/test/results/stats/default/stun_signal.pcapng.out @@ -1,17 +1,17 @@ -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:203 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:164157 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:209 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:172959 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:23 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:23 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:15 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:3 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:22 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:23 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:13408 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:16192 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:18 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:23 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:113 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 @@ -19,7 +19,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:36 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:44 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -36,11 +36,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interv PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:18 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:22 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:18 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:22 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 @@ -91,7 +91,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:22 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:28 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 @@ -132,9 +132,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:23 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:39 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/stun_tcp_multiple_msgs_same_pkt.pcap.out b/test/results/stats/default/stun_tcp_multiple_msgs_same_pkt.pcap.out new file mode 100644 index 000000000..e404e5770 --- /dev/null +++ b/test/results/stats/default/stun_tcp_multiple_msgs_same_pkt.pcap.out @@ -0,0 +1,142 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:11 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:7644 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:168 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/stun_wa_call.pcapng.out b/test/results/stats/default/stun_wa_call.pcapng.out index 966ab1763..b82ba9b9e 100644 --- a/test/results/stats/default/stun_wa_call.pcapng.out +++ b/test/results/stats/default/stun_wa_call.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:110 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:97133 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:96313 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:13 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:13 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/stun_zoom.pcapng.out b/test/results/stats/default/stun_zoom.pcapng.out new file mode 100644 index 000000000..93ca56255 --- /dev/null +++ b/test/results/stats/default/stun_zoom.pcapng.out @@ -0,0 +1,142 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:23 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:22127 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:4671 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:10647 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/syncthing.pcap.out b/test/results/stats/default/syncthing.pcap.out index 956cb4846..10473c365 100644 --- a/test/results/stats/default/syncthing.pcap.out +++ b/test/results/stats/default/syncthing.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/synscan.pcap.out b/test/results/stats/default/synscan.pcap.out index dace315ac..4a09275b0 100644 --- a/test/results/stats/default/synscan.pcap.out +++ b/test/results/stats/default/synscan.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/syslog.pcap.out b/test/results/stats/default/syslog.pcap.out index 90701c437..d521c2af1 100644 --- a/test/results/stats/default/syslog.pcap.out +++ b/test/results/stats/default/syslog.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tailscale.pcap.out b/test/results/stats/default/tailscale.pcap.out index 47d1cb789..6f49a826d 100644 --- a/test/results/stats/default/tailscale.pcap.out +++ b/test/results/stats/default/tailscale.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/targusdataspeed_false_positives.pcap.out b/test/results/stats/default/targusdataspeed_false_positives.pcap.out index ef083b2c9..d5649a396 100644 --- a/test/results/stats/default/targusdataspeed_false_positives.pcap.out +++ b/test/results/stats/default/targusdataspeed_false_positives.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tcp_scan.pcapng.out b/test/results/stats/default/tcp_scan.pcapng.out index e19d3b421..6f7ad3258 100644 --- a/test/results/stats/default/tcp_scan.pcapng.out +++ b/test/results/stats/default/tcp_scan.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/teams.pcap.out b/test/results/stats/default/teams.pcap.out index c168cee38..7767a8700 100644 --- a/test/results/stats/default/teams.pcap.out +++ b/test/results/stats/default/teams.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:680 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:647608 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:646756 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:83 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:17 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:66 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/teamspeak3.pcap.out b/test/results/stats/default/teamspeak3.pcap.out index cef7b50d9..11738c553 100644 --- a/test/results/stats/default/teamspeak3.pcap.out +++ b/test/results/stats/default/teamspeak3.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/teamviewer.pcap.out b/test/results/stats/default/teamviewer.pcap.out index 91b226d32..b26ba2b5f 100644 --- a/test/results/stats/default/teamviewer.pcap.out +++ b/test/results/stats/default/teamviewer.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/telegram.pcap.out b/test/results/stats/default/telegram.pcap.out index 10912c25d..1b9e1ada7 100644 --- a/test/results/stats/default/telegram.pcap.out +++ b/test/results/stats/default/telegram.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:339 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:295421 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:295465 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:48 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:48 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/telegram_videocall.pcapng.out b/test/results/stats/default/telegram_videocall.pcapng.out new file mode 100644 index 000000000..cc79b5b26 --- /dev/null +++ b/test/results/stats/default/telegram_videocall.pcapng.out @@ -0,0 +1,142 @@ +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:256 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:211105 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:34 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:6 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:28 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:9 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:25 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:12 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:59877 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:270358 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:20 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:134 +PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:37 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:26 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_system_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_software_update_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_music_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_video_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_shopping_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_productivity_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_file_sharing_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_mining_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_malware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_advertisment_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_banned_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:31 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:10 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:19 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:3 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_count_sum" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_0_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_5_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-error_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:28 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_9_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_10_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_11_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_12_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_21_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_22_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_23_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_24_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_25_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_26_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_27_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_28_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_29_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_30_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_31_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_32_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_33_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_34_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_35_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_36_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_37_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_38_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_39_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_40_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_41_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:20 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/telnet.pcap.out b/test/results/stats/default/telnet.pcap.out index 2e0217ac6..16600950d 100644 --- a/test/results/stats/default/telnet.pcap.out +++ b/test/results/stats/default/telnet.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/teredo.pcap.out b/test/results/stats/default/teredo.pcap.out index 0ccfb44e2..e2d31bae1 100644 --- a/test/results/stats/default/teredo.pcap.out +++ b/test/results/stats/default/teredo.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tftp.pcap.out b/test/results/stats/default/tftp.pcap.out index e52927363..543acac7e 100644 --- a/test/results/stats/default/tftp.pcap.out +++ b/test/results/stats/default/tftp.pcap.out @@ -1,17 +1,17 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:41 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:37437 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:36415 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:7 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_analyse_count" interval=60 N:1 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_guessed_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detection_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:24888 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_src_total_bytes" interval=60 N:24916 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_dst_total_bytes" interval=60 N:1228 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risky_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-packet_flow_count" interval=60 N:14 PUTVAL "localhost/exec-nDPIsrvd/gauge-init_count" interval=60 N:1 @@ -19,7 +19,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-reconnect_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-shutdown_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-status_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_safe_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_acceptable_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_fun_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unsafe_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_potentially_dangerous_count" interval=60 N:0 @@ -30,7 +30,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:7 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:5 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 @@ -103,7 +103,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_13_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_14_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_15_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_16_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_17_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_18_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_19_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_20_count" interval=60 N:0 @@ -132,9 +132,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_42_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_43_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_44_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_45_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:5 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_46_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_47_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/threema.pcap.out b/test/results/stats/default/threema.pcap.out index bb5c8274e..e138bc95f 100644 --- a/test/results/stats/default/threema.pcap.out +++ b/test/results/stats/default/threema.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/thrift.pcap.out b/test/results/stats/default/thrift.pcap.out index 6ab7003a3..041c62d71 100644 --- a/test/results/stats/default/thrift.pcap.out +++ b/test/results/stats/default/thrift.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tinc.pcap.out b/test/results/stats/default/tinc.pcap.out index 6fdb43351..3e63b6ea1 100644 --- a/test/results/stats/default/tinc.pcap.out +++ b/test/results/stats/default/tinc.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tk.pcap.out b/test/results/stats/default/tk.pcap.out index 52eee5468..bdfee3273 100644 --- a/test/results/stats/default/tk.pcap.out +++ b/test/results/stats/default/tk.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls-appdata.pcap.out b/test/results/stats/default/tls-appdata.pcap.out index 18efc7594..58843a668 100644 --- a/test/results/stats/default/tls-appdata.pcap.out +++ b/test/results/stats/default/tls-appdata.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls-esni-fuzzed.pcap.out b/test/results/stats/default/tls-esni-fuzzed.pcap.out index 61eba437c..b7ae61b37 100644 --- a/test/results/stats/default/tls-esni-fuzzed.pcap.out +++ b/test/results/stats/default/tls-esni-fuzzed.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:15 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:15212 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:15322 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:3 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls-rdn-extract.pcap.out b/test/results/stats/default/tls-rdn-extract.pcap.out index ad9329b4e..e468599b5 100644 --- a/test/results/stats/default/tls-rdn-extract.pcap.out +++ b/test/results/stats/default/tls-rdn-extract.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_2_reasms.pcapng.out b/test/results/stats/default/tls_2_reasms.pcapng.out index 25d1167ca..00476db95 100644 --- a/test/results/stats/default/tls_2_reasms.pcapng.out +++ b/test/results/stats/default/tls_2_reasms.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_2_reasms_b.pcapng.out b/test/results/stats/default/tls_2_reasms_b.pcapng.out index a9f397ec0..1437bbdb1 100644 --- a/test/results/stats/default/tls_2_reasms_b.pcapng.out +++ b/test/results/stats/default/tls_2_reasms_b.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_alert.pcap.out b/test/results/stats/default/tls_alert.pcap.out index 001ec972b..c23f39dbd 100644 --- a/test/results/stats/default/tls_alert.pcap.out +++ b/test/results/stats/default/tls_alert.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_certificate_too_long.pcap.out b/test/results/stats/default/tls_certificate_too_long.pcap.out index abb8eadac..1c3a2aa4e 100644 --- a/test/results/stats/default/tls_certificate_too_long.pcap.out +++ b/test/results/stats/default/tls_certificate_too_long.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_cipher_lens.pcap.out b/test/results/stats/default/tls_cipher_lens.pcap.out index d546057b7..ed84be88c 100644 --- a/test/results/stats/default/tls_cipher_lens.pcap.out +++ b/test/results/stats/default/tls_cipher_lens.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_client_certificate_with_missing_server_one.pcapng.out b/test/results/stats/default/tls_client_certificate_with_missing_server_one.pcapng.out index b0ac87c40..3c7921c23 100644 --- a/test/results/stats/default/tls_client_certificate_with_missing_server_one.pcapng.out +++ b/test/results/stats/default/tls_client_certificate_with_missing_server_one.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_ech.pcapng.out b/test/results/stats/default/tls_ech.pcapng.out index 8bd166be6..f19dda036 100644 --- a/test/results/stats/default/tls_ech.pcapng.out +++ b/test/results/stats/default/tls_ech.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:12 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:9758 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:9768 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_esni_sni_both.pcap.out b/test/results/stats/default/tls_esni_sni_both.pcap.out index ed1ffa5db..5c6509c2c 100644 --- a/test/results/stats/default/tls_esni_sni_both.pcap.out +++ b/test/results/stats/default/tls_esni_sni_both.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_false_positives.pcapng.out b/test/results/stats/default/tls_false_positives.pcapng.out index c658016ad..34d2e64b0 100644 --- a/test/results/stats/default/tls_false_positives.pcapng.out +++ b/test/results/stats/default/tls_false_positives.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_invalid_reads.pcap.out b/test/results/stats/default/tls_invalid_reads.pcap.out index 5a0558d61..dcf8b1598 100644 --- a/test/results/stats/default/tls_invalid_reads.pcap.out +++ b/test/results/stats/default/tls_invalid_reads.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_long_cert.pcap.out b/test/results/stats/default/tls_long_cert.pcap.out index afda47abb..4b79fac54 100644 --- a/test/results/stats/default/tls_long_cert.pcap.out +++ b/test/results/stats/default/tls_long_cert.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_missing_ch_frag.pcap.out b/test/results/stats/default/tls_missing_ch_frag.pcap.out index 44ffca339..9c4e88e26 100644 --- a/test/results/stats/default/tls_missing_ch_frag.pcap.out +++ b/test/results/stats/default/tls_missing_ch_frag.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_multiple_synack_different_seq.pcapng.out b/test/results/stats/default/tls_multiple_synack_different_seq.pcapng.out index c27b22df0..0bfbb5027 100644 --- a/test/results/stats/default/tls_multiple_synack_different_seq.pcapng.out +++ b/test/results/stats/default/tls_multiple_synack_different_seq.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_port_80.pcapng.out b/test/results/stats/default/tls_port_80.pcapng.out index abe1396ed..36da5e3a2 100644 --- a/test/results/stats/default/tls_port_80.pcapng.out +++ b/test/results/stats/default/tls_port_80.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_torrent.pcapng.out b/test/results/stats/default/tls_torrent.pcapng.out index a678e4b9b..e07e1c37b 100644 --- a/test/results/stats/default/tls_torrent.pcapng.out +++ b/test/results/stats/default/tls_torrent.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_unidirectional.pcap.out b/test/results/stats/default/tls_unidirectional.pcap.out index a1d0ff080..7d3a08c6b 100644 --- a/test/results/stats/default/tls_unidirectional.pcap.out +++ b/test/results/stats/default/tls_unidirectional.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tls_verylong_certificate.pcap.out b/test/results/stats/default/tls_verylong_certificate.pcap.out index afad85ef2..20bab0134 100644 --- a/test/results/stats/default/tls_verylong_certificate.pcap.out +++ b/test/results/stats/default/tls_verylong_certificate.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:15 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:19463 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:19577 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:0 @@ -27,11 +27,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_tracker_ads_count" interval=60 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_dangerous_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unrated_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_breed_unknown_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_media_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_vpn_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_email_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_data_transfer_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_web_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 @@ -59,7 +59,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_site_unavail_count" interval PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_allowed_site_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_antimalware_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_crypto_currency_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_unknown_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/toca-boca.pcap.out b/test/results/stats/default/toca-boca.pcap.out index 4146cb44f..4c8aaacf8 100644 --- a/test/results/stats/default/toca-boca.pcap.out +++ b/test/results/stats/default/toca-boca.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tor.pcap.out b/test/results/stats/default/tor.pcap.out index 6a68f1afc..c21f7eaeb 100644 --- a/test/results/stats/default/tor.pcap.out +++ b/test/results/stats/default/tor.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tplink_shp.pcap.out b/test/results/stats/default/tplink_shp.pcap.out index c4289b9c4..37016e3c8 100644 --- a/test/results/stats/default/tplink_shp.pcap.out +++ b/test/results/stats/default/tplink_shp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/trickbot.pcap.out b/test/results/stats/default/trickbot.pcap.out index 5f7be9611..e878652c1 100644 --- a/test/results/stats/default/trickbot.pcap.out +++ b/test/results/stats/default/trickbot.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tumblr.pcap.out b/test/results/stats/default/tumblr.pcap.out index f6c71734a..ccb1482e6 100644 --- a/test/results/stats/default/tumblr.pcap.out +++ b/test/results/stats/default/tumblr.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:318 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:270624 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:270669 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:47 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:46 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tunnelbear.pcap.out b/test/results/stats/default/tunnelbear.pcap.out index 58eaaeab4..285e7dcff 100644 --- a/test/results/stats/default/tunnelbear.pcap.out +++ b/test/results/stats/default/tunnelbear.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/tuya_lp.pcap.out b/test/results/stats/default/tuya_lp.pcap.out index be8ba8555..0b534f03b 100644 --- a/test/results/stats/default/tuya_lp.pcap.out +++ b/test/results/stats/default/tuya_lp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ubntac2.pcap.out b/test/results/stats/default/ubntac2.pcap.out index 0324c824f..3b7c9fad9 100644 --- a/test/results/stats/default/ubntac2.pcap.out +++ b/test/results/stats/default/ubntac2.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/ultrasurf.pcap.out b/test/results/stats/default/ultrasurf.pcap.out index e4bdf253e..206a726b7 100644 --- a/test/results/stats/default/ultrasurf.pcap.out +++ b/test/results/stats/default/ultrasurf.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:32 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:45540 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:46420 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:3 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:4 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/upnp.pcap.out b/test/results/stats/default/upnp.pcap.out index d617ac254..51d720d02 100644 --- a/test/results/stats/default/upnp.pcap.out +++ b/test/results/stats/default/upnp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/viber.pcap.out b/test/results/stats/default/viber.pcap.out index 544a6d5d4..63b966c72 100644 --- a/test/results/stats/default/viber.pcap.out +++ b/test/results/stats/default/viber.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:223 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:188916 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:188947 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:29 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:23 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/vk.pcapng.out b/test/results/stats/default/vk.pcapng.out index 8a5df584a..690275ae5 100644 --- a/test/results/stats/default/vk.pcapng.out +++ b/test/results/stats/default/vk.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/vnc.pcap.out b/test/results/stats/default/vnc.pcap.out index 43786d513..cfbd23083 100644 --- a/test/results/stats/default/vnc.pcap.out +++ b/test/results/stats/default/vnc.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/vrrp3.pcapng.out b/test/results/stats/default/vrrp3.pcapng.out index 5439ef0ab..9bbe27446 100644 --- a/test/results/stats/default/vrrp3.pcapng.out +++ b/test/results/stats/default/vrrp3.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/vxlan.pcap.out b/test/results/stats/default/vxlan.pcap.out index 2979c8788..5a7cf042c 100644 --- a/test/results/stats/default/vxlan.pcap.out +++ b/test/results/stats/default/vxlan.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/wa_video.pcap.out b/test/results/stats/default/wa_video.pcap.out index 2f0090ee9..db1686a9a 100644 --- a/test/results/stats/default/wa_video.pcap.out +++ b/test/results/stats/default/wa_video.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:98 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:86216 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:85759 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:14 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:14 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/wa_voice.pcap.out b/test/results/stats/default/wa_voice.pcap.out index 389b06365..60fed725d 100644 --- a/test/results/stats/default/wa_voice.pcap.out +++ b/test/results/stats/default/wa_voice.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:207 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:180666 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:180209 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:28 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:26 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/waze.pcap.out b/test/results/stats/default/waze.pcap.out index fb9eec539..13a44a592 100644 --- a/test/results/stats/default/waze.pcap.out +++ b/test/results/stats/default/waze.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/webex.pcap.out b/test/results/stats/default/webex.pcap.out index 1174088ea..8687eb311 100644 --- a/test/results/stats/default/webex.pcap.out +++ b/test/results/stats/default/webex.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/websocket.pcap.out b/test/results/stats/default/websocket.pcap.out index 7874d59c5..5fe08e6e7 100644 --- a/test/results/stats/default/websocket.pcap.out +++ b/test/results/stats/default/websocket.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/wechat.pcap.out b/test/results/stats/default/wechat.pcap.out index bc21e3626..fbe2cad76 100644 --- a/test/results/stats/default/wechat.pcap.out +++ b/test/results/stats/default/wechat.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:885 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:765170 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:765228 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:109 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:52 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:57 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/weibo.pcap.out b/test/results/stats/default/weibo.pcap.out index c1f9796db..7ea824ca2 100644 --- a/test/results/stats/default/weibo.pcap.out +++ b/test/results/stats/default/weibo.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:267 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:221471 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:221319 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:44 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:43 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/whatsapp.pcap.out b/test/results/stats/default/whatsapp.pcap.out index caeb5cbf8..733fb54f3 100644 --- a/test/results/stats/default/whatsapp.pcap.out +++ b/test/results/stats/default/whatsapp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/whatsapp_login_call.pcap.out b/test/results/stats/default/whatsapp_login_call.pcap.out index 3dceb0c7e..e64aa9bc2 100644 --- a/test/results/stats/default/whatsapp_login_call.pcap.out +++ b/test/results/stats/default/whatsapp_login_call.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:461 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:389456 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:388164 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:57 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:24 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:33 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/whatsapp_login_chat.pcap.out b/test/results/stats/default/whatsapp_login_chat.pcap.out index f75e20387..9407e2f75 100644 --- a/test/results/stats/default/whatsapp_login_chat.pcap.out +++ b/test/results/stats/default/whatsapp_login_chat.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/whatsapp_voice_and_message.pcap.out b/test/results/stats/default/whatsapp_voice_and_message.pcap.out index 1d1bde01a..ff7ee5738 100644 --- a/test/results/stats/default/whatsapp_voice_and_message.pcap.out +++ b/test/results/stats/default/whatsapp_voice_and_message.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:126 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:107343 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:106775 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:13 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:4 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:9 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/whatsappfiles.pcap.out b/test/results/stats/default/whatsappfiles.pcap.out index 31d4663e9..719b5114a 100644 --- a/test/results/stats/default/whatsappfiles.pcap.out +++ b/test/results/stats/default/whatsappfiles.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/whois.pcapng.out b/test/results/stats/default/whois.pcapng.out index c6d980a55..e086510a8 100644 --- a/test/results/stats/default/whois.pcapng.out +++ b/test/results/stats/default/whois.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:30 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:25679 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:25899 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/windowsupdate_over_http.pcap.out b/test/results/stats/default/windowsupdate_over_http.pcap.out index 29f41b795..74fced03d 100644 --- a/test/results/stats/default/windowsupdate_over_http.pcap.out +++ b/test/results/stats/default/windowsupdate_over_http.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/wireguard.pcap.out b/test/results/stats/default/wireguard.pcap.out index b3b40bfe9..cd69218c6 100644 --- a/test/results/stats/default/wireguard.pcap.out +++ b/test/results/stats/default/wireguard.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/wow.pcap.out b/test/results/stats/default/wow.pcap.out index 9676baf7b..42b5432c8 100644 --- a/test/results/stats/default/wow.pcap.out +++ b/test/results/stats/default/wow.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/xdmcp.pcap.out b/test/results/stats/default/xdmcp.pcap.out index e0b93e247..86e9dc7a8 100644 --- a/test/results/stats/default/xdmcp.pcap.out +++ b/test/results/stats/default/xdmcp.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/xiaomi.pcap.out b/test/results/stats/default/xiaomi.pcap.out index a637a8c2e..bfb00ef0d 100644 --- a/test/results/stats/default/xiaomi.pcap.out +++ b/test/results/stats/default/xiaomi.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/xss.pcap.out b/test/results/stats/default/xss.pcap.out index a4754682e..597aa52c2 100644 --- a/test/results/stats/default/xss.pcap.out +++ b/test/results/stats/default/xss.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/yandex.pcapng.out b/test/results/stats/default/yandex.pcapng.out index 06bafc13b..4d10ae6b3 100644 --- a/test/results/stats/default/yandex.pcapng.out +++ b/test/results/stats/default/yandex.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/youtube_quic.pcap.out b/test/results/stats/default/youtube_quic.pcap.out index c4a057a2e..fd89eb754 100644 --- a/test/results/stats/default/youtube_quic.pcap.out +++ b/test/results/stats/default/youtube_quic.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:28 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:39473 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:39539 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:3 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/youtubeupload.pcap.out b/test/results/stats/default/youtubeupload.pcap.out index 57536143d..e2cf54e83 100644 --- a/test/results/stats/default/youtubeupload.pcap.out +++ b/test/results/stats/default/youtubeupload.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:30 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:40889 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:40933 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:3 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:3 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/z3950.pcapng.out b/test/results/stats/default/z3950.pcapng.out index 5fab1d1de..add9cfa6b 100644 --- a/test/results/stats/default/z3950.pcapng.out +++ b/test/results/stats/default/z3950.pcapng.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/zabbix.pcap.out b/test/results/stats/default/zabbix.pcap.out index 2eeec98c6..2a9fc6be9 100644 --- a/test/results/stats/default/zabbix.pcap.out +++ b/test/results/stats/default/zabbix.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/zattoo.pcap.out b/test/results/stats/default/zattoo.pcap.out index b1625ca6b..d56eaad00 100644 --- a/test/results/stats/default/zattoo.pcap.out +++ b/test/results/stats/default/zattoo.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/zcash.pcap.out b/test/results/stats/default/zcash.pcap.out index 916880b51..31bb1d310 100644 --- a/test/results/stats/default/zcash.pcap.out +++ b/test/results/stats/default/zcash.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:11264 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:10913 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -91,7 +91,7 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_1_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_2_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_3_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_4_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_5_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_7_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_8_count" interval=60 N:0 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/zoom.pcap.out b/test/results/stats/default/zoom.pcap.out index ec5d3bf79..14bff4512 100644 --- a/test/results/stats/default/zoom.pcap.out +++ b/test/results/stats/default/zoom.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:250 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:213555 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:213342 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:33 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:6 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:27 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/zoom2.pcap.out b/test/results/stats/default/zoom2.pcap.out index bb0729fb8..d32c66e95 100644 --- a/test/results/stats/default/zoom2.pcap.out +++ b/test/results/stats/default/zoom2.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/default/zoom_p2p.pcapng.out b/test/results/stats/default/zoom_p2p.pcapng.out index 3e387f6fe..5e874f270 100644 --- a/test/results/stats/default/zoom_p2p.pcapng.out +++ b/test/results/stats/default/zoom_p2p.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:131 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:109249 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:108965 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:13 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:13 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/disable_aggressiveness/ookla.pcap.out b/test/results/stats/disable_aggressiveness/ookla.pcap.out index a0e05c6dc..22b79f53f 100644 --- a/test/results/stats/disable_aggressiveness/ookla.pcap.out +++ b/test/results/stats/disable_aggressiveness/ookla.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/disable_protocols/dns_long_domainname.pcap.out b/test/results/stats/disable_protocols/dns_long_domainname.pcap.out index f120940d3..66e0f2ffc 100644 --- a/test/results/stats/disable_protocols/dns_long_domainname.pcap.out +++ b/test/results/stats/disable_protocols/dns_long_domainname.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/disable_protocols/pluralsight.pcap.out b/test/results/stats/disable_protocols/pluralsight.pcap.out index f709eeb6c..8ec017dfb 100644 --- a/test/results/stats/disable_protocols/pluralsight.pcap.out +++ b/test/results/stats/disable_protocols/pluralsight.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/disable_protocols/quic-mvfst-27.pcapng.out b/test/results/stats/disable_protocols/quic-mvfst-27.pcapng.out index 57ea360e3..5641ce282 100644 --- a/test/results/stats/disable_protocols/quic-mvfst-27.pcapng.out +++ b/test/results/stats/disable_protocols/quic-mvfst-27.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:10 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:15857 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:15883 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/disable_protocols/soap.pcap.out b/test/results/stats/disable_protocols/soap.pcap.out index 379be079e..652fcdf40 100644 --- a/test/results/stats/disable_protocols/soap.pcap.out +++ b/test/results/stats/disable_protocols/soap.pcap.out @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/disable_stun_monitoring/lru_ipv6_caches.pcapng.out b/test/results/stats/disable_stun_monitoring/lru_ipv6_caches.pcapng.out index a7b4a61f0..58edfe806 100644 --- a/test/results/stats/disable_stun_monitoring/lru_ipv6_caches.pcapng.out +++ b/test/results/stats/disable_stun_monitoring/lru_ipv6_caches.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:83 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:84393 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:84105 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:12 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:12 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/enable_doh_heuristic/doh.pcapng.out b/test/results/stats/enable_doh_heuristic/doh.pcapng.out index 0b1bd0706..62390addd 100644 --- a/test/results/stats/enable_doh_heuristic/doh.pcapng.out +++ b/test/results/stats/enable_doh_heuristic/doh.pcapng.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:13 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:11865 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:12305 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:1 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:2 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/enable_payload_stat/1kxun.pcap.out b/test/results/stats/enable_payload_stat/1kxun.pcap.out index 3b8024a23..7452be13c 100644 --- a/test/results/stats/enable_payload_stat/1kxun.pcap.out +++ b/test/results/stats/enable_payload_stat/1kxun.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:1284 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:1544013 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:1544141 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:197 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:9 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:188 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 diff --git a/test/results/stats/enable_stun_monitoring_with_subproto/wa_voice.pcap.out b/test/results/stats/enable_stun_monitoring_with_subproto/wa_voice.pcap.out index 729760047..46c48c46d 100644 --- a/test/results/stats/enable_stun_monitoring_with_subproto/wa_voice.pcap.out +++ b/test/results/stats/enable_stun_monitoring_with_subproto/wa_voice.pcap.out @@ -1,5 +1,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-json_lines" interval=60 N:207 -PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:186669 +PUTVAL "localhost/exec-nDPIsrvd/gauge-json_bytes" interval=60 N:186212 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_new_count" interval=60 N:28 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_end_count" interval=60 N:2 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_idle_count" interval=60 N:26 @@ -138,3 +138,5 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_48_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_49_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_50_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_51_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_52_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_53_count" interval=60 N:0 |